Friday, March 2, 2018

Other source of public information

Résultat de recherche d'images pour "‫عملية ااختراق‬‎"

Many information that you can benefit from are available publicly about the functionality and content outside the website those information can be reached through search engines and cached copies , a post on development forum or using web archives like the one exist on www.archive.org To be able to use search engines effectively try to use the special search features like the following that can be namely used with google:

Site: www.theExploredSite which return all references indexed by google. Site: www.theExploredSite login that returns all pages containing login Link: www.theExploredSite returns all pages on other websites that has link to that specific site. 

Related: www.theExploredSite returns similar web pages.

 Another valuable source of information is special purpose search engines that embed some intelligence dedicated to retrieve a specific type of information. Melissa Data can help you freely gather information on people associated with a target web application this kind of information sometimes hold higher level of importance to the attacker than technical information.to enrich the retrieved result using an open source tool like Maltego can be irresistible, where Maltego helps visualize the relationships among people, organizations, web sites, Internet infrastructure can aid in information gathering, and it can find affiliations between components within an organization. Even with information as simple as a domain name or an IP address, it can query publicly available records to discover connections.   

Use web server vulnerabilities:

 Lot of software used frequently on web server are deployed with default configuration, folder structure and file locations which makes it good place to dig for some information. Brute force approach is also used in checking vulnerabilities in known set of third party application and web server modules.an example about a good tool for that purpose is WIKTO

Mapping parameters:

 Parameters can be mapped sometimes directly if it was sent through query string like in: http://myWebSite/addUser.php?name=sami&mobile=0987655441 If application is using URLs after rewriting parameters as part of the slash separated string a trial to change or remove values should take place with assessment of generated response. For hidden parameters guessing is the only way as example the assessment of the existence of (debug) parameters that helps developer to test pages and bypass the authentication process.  

Documenting your findings:


When trying to map and profile the application you will get a lot of information specially if you are using multiple tools and approaches, organizing your results and deciding which are relevant is very important in order to be able to analyses that information later on. Using matrix and charts can be very helpful..

Also the usage of diagrams that represent the web site is essential to understand different functionalities.it is also preferable to give different color to static and dynamic pages where static pages are those pages that does not involve and server side executable contents like files with html extension. Include the diagram the structure of web site with available passed parameters Other Information that should be documented in addition to pages’ information are Directory structure, common file extension, any content based on plugin like flash or silver lite or java virtual machine like applet, common cookies and query string and parameters.  

0 comments: