Ethical Hacking Week 2
In this week we learn about the penetration testing methodologies, Undang-undang Informasi dan Transaksi Elektronik, as well as ways to analyze a company’s website.
We learn about a few penetration testing methodologies such as:
- OSSTMM(Open Source Security Testing Methodologies Manual)
- OSSTMM is about operational security
- It is about knowing and measuring how well the security works
- OWASP(Open Web Application Security Project)
- Is focused on improving the security of the software
Next we learn about the law from the UU ITE. Not all places in the world have the same rule, hence we need to understand what is legal and what is illegal in every country. Some countries might consider having the tool to do port scanning is illegal while some countries allow the use of port scanning. Punishment for breaking the law is serious which is why we have to understand what the law is before doing anything wrong.
Next, we learn about ways to analyze a website. There are a few tools that is available to do it such as WhoIs which can be used to gather ip address and domain information. Another tool is the paros proxy, a website reconnaisance/vulnerability scanner used for getting vulnerability for a website.
Whois command
This week i have already downloaded the Kali Linux and have gain access to the paros proxy. I first change the proxy configuration in the browser so that it utilize Paros as a proxy.
I used firefox in kali linux and click on the “preferences” tab of the browser.
Then go to the page above by clicking the Advanced setting and go to Network tab. and click on the “settings” button on the “Connection” part.
You will see the page above and you need to change the proxy setting from auto-detect to manual proxy configuration. and set the setting as above.
After it is done I visited a website, I can then see things like “GET http://www….”, the host, and many other. From the analyse tab i clicked on scan all. It took a while but after it is done, i click on the report tab and click last scan report. fI used the terminal to go to the report directory which is located in /root/paros/session and open the file in firefox by using the command “firefox <filename>”. There I can see the report from the paros scanning.
Lastly, before the class ends, we got a closed-book quiz based on what was taught that day and it was difficult.