Information Gathering (target : www.akakom.ac.id)
Information Gathering is the first phase in a web penetration, that is seeking as much information from the application target. From this information would then be determined what kind of penetration we need.
black box testing retrieve robots.txt file from target www.akakom.ac.id then analyze this file
using key cache “cache:akakom.ac.id”to display index.html as cached by google
method : POST
Action URL : http://www.akakom.ac.id/index.php?option=com_user&lang=id&task=remindusername
method : GET
online testing with netcraft (www.netcraft.com)
Result :
Information Gathering is the first phase in a web penetration, that is seeking as much information from the application target. From this information would then be determined what kind of penetration we need.
- Testing : spiders, robot, and crawlers
Find robots.txt file form web target www.akakom.ac.id the purpose of identifying robots file is to look at the structure of web content.
Information from www.akakom.ac.id/robots.txt, it’s about web content structure directory.Result and snapshot:
black box testing retrieve robots.txt file from target www.akakom.ac.id then analyze this file
- Search Engine Discovery / Reconnaissancethis testing for collect information from search engine
using key “site:akakom.ac.id” to find the web content of www.akakom.ac.idResult and snapshot :
using key cache “cache:akakom.ac.id”to display index.html as cached by google
result and snapshot :
- Identify Application Entry Points
this test for collect information when GET are used and where POST request are used.
(i’m used burpsuit)Result :
method : POST
Action URL : http://www.akakom.ac.id/index.php?option=com_user&lang=id&task=remindusername
method : GET
- Testing For Web Application Fingerprint
this test for collect information about the web engine (example : version and type web server)
i’m use netcut :
nc 110.76.151.4 80 : no responsethen i’m use manta browser, and i’m found a little information about version and web serverResult and screenshot :
online testing with netcraft (www.netcraft.com)
- Application Discovery
blackbox testing
using nmap
Result :
- apache http server running on port 80
- apache ssl/http server running on port 443
- openssh running on port 22
- Analysis Of Error Codes
black box testing
root@bt:~# GET www.akakom.ac.id/bella.html HTTP/1.1
<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /bella.html was not found on this server.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at www.akakom.ac.id Port 80</address>
</body></html>
this article taken from one of the team's log, original source: http://mimmoo.wordpress.com/2011/06/02/day-2-information-gathering/
0 comments:
Post a Comment