Wednesday, 16 April 2014

Web analysis with Backtrack  by UrduSec

Web Analysis with Backtrack - Urdusecurity

------------------------------------

Web Analysis

------------------------------------

Web Analysis is Actually a Process to Analyze the website and getting the specific information about website that might contain the application name and version that website is using , Some times we also get the Webmaster's email Which later on can be used for Client side attacks, Sometimes we get Some open ports Which can be used to DOS & Ddos Attacks also We Analyze the coding of the application to find out the flaws in the application which can give access to an attacker to That WebSite.

------------------------------------

What We are Presenting??

------------------------------------

So Gentelmen What is the Moto of UrduSecurity? You guys know that we Wanna provide Quality yet education to the community free of charge so for this purpose we are going to give this information to use guys which can tell u guys that how Actually attacks work and if a Person knows the mechanism behind the Working Principle of a specific technique then he can Obviously find a way to get rid of that Annoying Problem/Attack , So after Covering this Information You'll be Able to Fight with common attack which Can be done by using a Simple attacker Machine i.e Backtrack

------------------------------------

What is Backtrack

------------------------------------

BackTrack was a Linux distribution, superseded by Kali Linux, that focused on security based on the Ubuntu Linux distribution aimed at digital forensics and penetration testing use.In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.(Wikipedia)

------------------------------------

The Harvester

------------------------------------

The Harvester is a Python Based tool that is Used to find Juicy information about our target , it can be helpful for finding Information about Target host, and emails of the Specific Organizations also it can give a lot of other enumeration informations to attacker.

------------------------------------

JoomScan - Joomla Scanner

------------------------------------

Joomla Scanner is Perl Based tool Specially for finding Information and exploits about the Joomla Based Websites and is Highly Recomended while Pentesting a Site that is Joomla Based.

------------------------------------

XSSER

------------------------------------

XSSER is a tool That can be used for Attacking with Cross site Scripting vulnerabilities as it is clear from the name of the tool and xss is actually standing for cross site scripting vulnerability , Usae of this tool is simply Given in Picture Below.

------------------------------------

Wafw00f Waf detector

------------------------------------

Wafw00f is a python based tool available in backtrack that is used to find if our target is behind any firewall or no , and it have basically a number of waf providers alreasy in it which can be seen with following command

./waafw00f.py --list

and Finally it gives up a useful info regardin our target.

------------------------------------

SQLMap

------------------------------------

SqlMap is another python based tool that is very powerful injector and is used to inject SQLinjection vulnerable websites , and don't forget that SQLinjection is the TOP 1 vulnerability and highly riskable which can lead to database Disclosure and so on..

------------------------------------

Nikto

------------------------------------

Nikto is a Vulnerability Scanner Which Finds out the Famous one vulnerabilities and Also vulns in database of Ossensive security Db (osvdb) , it is One of the Powerful and Best friends of an attacker.

------------------------------------

Weevely Web Backdoor

------------------------------------

Weevely is a tiny but powerful Web Backdoor and commonly used in rooting and Backdooring Attacks.

------------------------------------

MsfConsole

------------------------------------

Metasploit Framework you guys are Already familiar with it and i've Left a complete Primer of 10 videos Detailed left on UrduSecurity so You Can get That and Play with this Awesome tools aswell and Don't forget to Update Your Metasploit Daily Because A Number of Exploits are Being Added in it on Daily Bases.

------------------------------------

Vega Scanner

------------------------------------

Vega is a Vulnerability Scanner in Backtrack and it Can Scan A Handsome Number of Vulnerabilities so it is Very Iseful and Noob Friendly tool for Attacker and Webmasters to Search for Specific Vulnerabilities in their Webpages.

------------------------------------

Nmap

------------------------------------

Nmap scripting Engine is Also One of the Powerful tool that is added in Backtrack and I've Left a tutorial on Nmap at UrduSecurity aswell So Watch it too.

------------------------------------

WebSploit

------------------------------------

WebSploit is another Powerful tool that is Used in directory Scanning , Web Admin finding and A lot of Other Stuff Like Backdooring and Some Networking attacks too.


and Obviously a lot of other Stuff is Present in Backtrack For web analysis , Watch video for More Explanation and clearance if You Didnt Get idea that stuff Have to WOrk.

See Video Demonstration Below

This video was Uploaded on Youtube So if You Can't See Video then Use Proxy and Go to this Link Web Analysis with Backtrack - UrduSec

Web Analysis With Backtrack - UrduSec

Description: Web analysis with Backtrack Linux Demonstrated in video and Paper aswell by Muhammad Adeel(UrduSec)
  • Uploaded by: Adeel Chaudhary
  • Views:
  • Share

    0 comments:

    Post a comment

     
    Copyright © HACK | Designed by Muhammad Adeel | Founder UrduSecurity