Tutorial: An Intro to Blackbox Web Pentesting

The process of becoming a networker isn’t considered for the faint-hearted. It requires lots of hard work and nice and trustworthy CCNP 300-410 Dumps, like that offered at the ExamClubs, to clear this grueling exam.

Hello Friends,Today I’m gonna explain how to pentest a web application of a website in blackbox mode. The steps:

  1. Find the technology and the kind of? web page language
  2. Find all sub-domains exist for the website and repeat number 1 for them too (very important)
  3. Test every input include header and the body page of the web pages in the site and sub domains for possible vulnerabilities
  4. If security issues were found then retest them with Burpsuite scanner in kali or any famous and reliable web scanner like Acunetix or NetSparker
  5. Exploit the vulnerability for the POC [Proof Of Concept]

So,?let’s start and do a blackbox pentest for the sample vulnerable website of acunetix:

http://testphp.acunetix.com/

For the first step, I usually use the http://builtwith.com/?website as it is an online website for finding the technologies and languages used for a website. It is up to date and I like it more than whatweb script in Kali Linux.

I go to the BuiltWith website and put the http://testphp.acunetix.com/ in the box and click the lookup button. After a second, it shows several useful information options about the given website such as the kind of WebServer it’s run on, the kind of frameworks it uses, etc. What is most important for us is this instance, is the?webserver and framework. ?We can see that the web server is nginx 1.4 and the language of the website is php.

Now for the second step, I will usually use https://dnsdumpster.com/ website or google.com. In Google, we use the query site:*.acunetix.comIn dnsdumpster, we enter acunetix.com and then click “search”.* In my experience, the sub-domains are more likely to have vulnerabilities since the programmers usually don’t pay much attention to the security terms of the sub-domains. This is typically because the sub-domains are commonly less interactive with users.

Although no system is ever 100 percent protected, the ability for differentiating between typical network traffic as well as potentially harmful malware is considered crucial and provides the focus of this associate-level certification path. Also, if you wish to acquire this certification, you should gain the CCNP 350-401 Dumps, which are being offered at the ExamClubs.

ccnp exam

Anyway,in our case, we are not going to test all subdomains but instead just test this sub-domain:?http://testphp.acunetix.com/

Lastly, for step three, I always start by searching in Google for links. For example, if the website is written in PHP I use the?search query: php? site:testphp.acunetix.com/ In this way I can quickly find links that take parameters and test them in random ways for SQli or XSS. If we use this query we can see in the second link from the top: testphp.acunetix.com/listproducts.php?cat=1

Now all of you know how to test forSQLl injection manually. Just add ‘ after cat=1 and boom : the sql error. You can use SQL map simply to exploit this vulnerability?and again for XSS we use this: http://testphp.acunetix.com/listproducts.php?cat=1’>”><img src=x onerror=javascript:prompt(1)> and boom. I typically use hackbar in firefox for manual testing, and I suggest this modified version personally – https://addons.mozilla.org/en-US/firefox/addon/~h3ll4r_h5h-hackmod/

I am not going to explain how to test automatically with Burpsuite as you all know how to do it. I hope you enjoyed this intro to blackbox testing a website. Bye till another OP3N ; )

If you wish to have all the perks of being certified with the exam, you should checkout the CCNP 350-501 Dumps offered in the ExamClubs’s Bootcamp Program.

Leave a Reply

Your email address will not be published. Required fields are marked *