Naman Vohra

Just another Binusian blog site

Ethical Hacking and Penetration Testing

Tools Learned and Implemented in the Penetration Testing Project

WPScan
Cloudfail
WhoIs
Skipfish

WPScan is a WordPress security scanner. It is usually used by bloggers to scan their sites for vulnerabilities. By utilizing this tool, they can get an idea of how secure their website is.

In this project, I have used this tool to get an insight into the target site’s security. The target site is http://pentest.id. Below are the screenshots of the findings and their descriptions.

One of the vulnerabilities is “$wpdb->prepare() potential SQL Injection”. It means that SQL injection may happen through plugins and themes. For those unaware of SQL Injection, it is an attack where harmful queries are inserted into an application via the user’s input data. It is usually done by the hacker so that the application data can be manipulated.

This website has a list of XSS vulnerabilities. This vulnerability allows the attacker to inject harmful code in a Web application. Using this code/script, the attacker can access the user’s cookies which contain session tokens.

According to securityonline.info, CloudFail is a tactical reconnaissance tool that aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server.

While conducting the penetration testing of the target site, I had utilized this tool to get the MX (mail server) record of the site.

This image has an empty alt attribute; its file name is SEqNp46g7s78am19ElH374T1u8r7IvdMRBfLGOMq5LKu0zRyAVDzftbJDTzoD_PCNC-xzhdqZyA_QXtuuzuxX-15vRQ7Ckf6nBdnbBs_Oa-DZDGtOeyF7v5sTeAm4-AVKVd0OEFM

In combination with the WhoIs tool, we can get information about the domain’s owner.

WhoIs is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. With this tool, we can get the data of a domain owner.

SkipFish is an active web application security reconnaissance tool. It gives us an evaluation of our web application’s security.

As seen in the picture above, there seem to be no medium or high levels of vulnerabilities. Unfortunately, in this case, we can’t get much information regarding the site’s weaknesses.

References:

https://www.domaintools.com/support/what-is-whois-information-and-why-is-it-valuable#:~:
https://miloserdov.org/?p=1375
https://tools.kali.org/web-applications/skipfish
https://securityonline.info/cloudfail/
https://www.youtube.com/watch?v=rwUyIXGC3fU&t=168s

Comments are closed.

Back to Top

Valid XHTML 1.0 Transitional | Valid CSS 3