Methods of Web Application Information Gathering Process

Methods of Web Application Information Gathering Process : in this article you will learn about Methods of Web Application Information Gathering Process. and if this article helpful for you please like and share its to your friends and all your groups.

Methods of Web Application

Ethical Hacking and Cyber Laws are two interconnected fields that play a crucial role in the modern digital landscape. Ethical hacking, also known as penetration testing or white-hat hacking, involves authorized and legal attempts to identify vulnerabilities and weaknesses in computer systems and networks. It aims to safeguard digital assets by employing the same techniques and tools used by malicious hackers, but with the consent and knowledge of the system owner.

Web Technologies

—————-

These are the technologies which are there through which we can design the front end of the website.

• PHP
• ASP
• JAVA
• HTML
• and so on..

Scripting Languages

——————-

• Java Script
• RUBY
• PYTHON
• PERL

Digital Footprinting and Information Gathering

———————————————-

Information Gathering : Information gathering is process of extracting as much as information about our target or victim. More information we have more easy we can penetrate the target.

Why info gathering is required

—————————–

1. Maximum information about ther target maximum reliablity in the attack.
2. When we have a structured info plan its easy to attack with more accuracy.

Network Information Gathering

—————————–

Simple Info Gathering

– IP addresses

– MAC address

– Host Name

– Sharing Vulnerability

– Peripehral Devices

Software : Softperfect Network Scanner or Angry IP scanner (Windows)

Requirement : Softperfect Network Scanner.

Intelligent Info Gathering: Its a process of gathering information which more deep tech towards the machine or target can be a website can be an network device.

Information we gather in intelligent phase

——————————————-

1. IP Address
2. Operating System
3. Ports (Open Closed Filtered)
4. Services running on each open or filtered port
5. Version of the service running on port

Requirement : nmap and Kali Linux.

Step 1: Open terminal

Step 2: type nmap 192.168.235.188(Your Victim IP)

Step 3: Wait for the scan to complete.

Vmware : Install Mac or Windows

1. Windows 7

2. Kali Linux -> LIVE

3. Windows XP

Web Application Information Gathering

————————————-

Target : snu.edu.in

Name

Date It was Created

Expiry of the domainAddress

Phone Number

Email Address <—- IMP

Registrar Information <– Who registered this domain service.

Example: whois.domaintools.com

Email: abuse@registraradomain

Subject: Report Abuse on Domain ID:1322

Mail Body: Dear Team, as this domain is hosting bad contet or bla bla .

Regards

Anonymous

Send

People Information Gathering

—————————-

www.jantakhoj.com

Remote IP Grabbing

——————

Method 1: Via URL

www.whatstheirip.com – Home Work

Method 2: IP Grabbing via image
http://fuglekos.com/ip-grabber

OS Login Bypassing

——————

Target OS

Windows Platform : Windows XP , WIndows 7 , Windows 8.1 and 10

Linux Platform : Ubuntu 14.5 LTS

Mac OS Platform : L Capital Latest from Apple

Hack a Mac in 10 Seconds

————————-

• Step 1: Restart
• Step 2: Press Command + R
• Step 3: Utilities
• Step 4: Open Terminal
• Step 5: Type resetpassword
• Step 6: select new password and confirm password
• Step 7: Click ok and Cheers!!

Windows 7/8 – Ultimate

———————

Windows hold their password in a file known as Sam ( Security Accounts Manager), having hash in nature with custom AES algo from microsoft.

SAM file path : c:/windows/system32/config/sam

Online Cracking : When you change the active system’s password without knowing the current password.

Offline Cracking : When system is switched off mode and os is not in active state then we have to apply offline cracking.

HirenBootCD – Disaster Recovery Toolkit

– Active Password Changer

System Hacking

System Haking is a technique in which we try to change the tradional behaviour of the OS as per our requirements. Via change in settings, firewalls settings, or bypasisng login authentication.

-> Windows Password: Windows holds its login password in a file known as SAM(Securiy Accounts Manager) which is at path.

c:/windows/system32/config/sam

Online Cracking/Resetting the Password

This we can execute when teh system is in online mode i,e its already logged in. And we try to reset the password of the admin.

• Step 1: Right click on my computer and selet manage
• Step 2: On left you will see an option known as local users and group expant the + and click on users.
• Step 3: Select the admin account or any other account which is password protected and right click.

Offline Cracking / Resetting the password

In this attack we will try to reset the password by resetting the value of SAM file to its origin.

Requirements

————–

Step 1: Download the iso image HirenBootCD :www.hirensbootcd.org/download/

Now See Only!!

To make bootable pendrive : pendrive linux or unetboot

Universal USB Installer – Boot from USB

Others options

————–

L0phtcrack

Kon-BOot

-> Hack Kali Linux / Ubuntu

Bypassing Login of Kali Linux

Linux :Bypassing Kali Linux Password

• Step 1: Select Recovery MODe Press E
• Step 2: Change ro to rw and add init=/bin/bash at the end of line and Press F10
• Step 3: Reset password by typing passwd root and press enter
• Step 4: Type new password and restart the system

Bypassing Ubuntu System Password

• Step 1: Go to Safe mode
• Step 2: Recover Mode
• Step 3: Select the second last option from the list i.e SHELL
• Step 4: type passwd root
• Step 6: Give the new password and confirm password and restart the machine.
• Step 7: Fill the new password and enjoy 🙂