Donate to us!
Become the change you seek in the world. - Gandhi
Tuesday, September 25, 2018
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 146
Guests Online: 145
Members Online: 1

Registered Members: 106718
Newest Member: DonaldWaf
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Web Penetration

EvialBae1412
Member

Your avatar

Posts: 2
Location:
Joined: 15.03.18
Rank:
Moderate
Posted on 20-03-18 22:58
Hey guys, this is a website from my friend : http://lexel.io
I am doing a pentesting for his request. I found there are 10 ports open and want to do a bruteforce for its ftp port . Anyone has any suggestion for doing the bruteforce ? or better way for
penetrate this website?
Author

RE: Web Penetration

Futility
Member

Your avatar

Posts: 750
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 20-03-18 23:22
EvialBae1412 wrote:
Hey guys, this is a website from my friend : http://lexel.io
I am doing a pentesting for his request. I found there are 10 ports open and want to do a bruteforce for its ftp port . Anyone has any suggestion for doing the bruteforce ? or better way for
penetrate this website?

www.reactiongifs.com/wp-content/uploads/2013/06/I-dont-believe-you.gif

However... I'll ask you some questions that might help lead you down a useful path.

First off, why specifically do you want the FTP port? What do you hope to gain from it? Did you know that there are a subset of port numbers that are commonly assigned to default services? Perhaps FTP is one of them.

Secondly, why were you (presumably?) hired to do this pen-test in the first place? What are you trying to find and why does your friend think you'd be able to find it?

Finally, bruteforce is generally an ugly ugly way to go about attacking something. It's noisy and crude and crass and usually not necessary. Is there a better way to get what you're trying to get in a more discreet way? Can learning about server setup and website administration help you better yourself at doing this kind of work? If so, maybe try setting up your own server in a VM and playing with it to get a sense for the kinds of things that are possible before moving on to black-box testing of live sites.

I'm glad to help people learn new skills (and to learn from them myself), but there aren't any shortcuts. Anything worth learning is worth learning correctly, and learning something correctly takes time. My suggestion is to tell your friend that you can't really help right now but you'd be glad to take a look sometime in the future. Use that time to hone your craft and build your skills. Ask questions here and read as much as you can elsewhere. You'll be ready to rock in no time at all. And remember- you can do it!
(and we can help)

- Futility
Futility91@hotmail.com Futility91
Author

RE: Web Penetration

EvialBae1412
Member

Your avatar

Posts: 2
Location:
Joined: 15.03.18
Rank:
Moderate
Posted on 20-03-18 23:29
Thank you very much for your reply. I'm not hired to do this pentesting. I just start learning the ethical hacking materials and my friend gave his website to let me see what i could explore.
Author

RE: Web Penetration

Futility
Member

Your avatar

Posts: 750
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 21-03-18 02:56
EvialBae1412 wrote:
Thank you very much for your reply. I'm not hired to do this pentesting. I just start learning the ethical hacking materials and my friend gave his website to let me see what i could explore.

That's very kind of them to do. In any case, I stand by my original sentiment: you're probably not ready for a "real" black-box pen-test yet. If you need help with any setup or practice or specific questions regarding techniques or the like, I'm sure anyone here would be willing to help. I've been out of webapp testing for a while and don't really know the landscape as well as I used to so it's tough to suggest anything too solid besides maybe perusing write-ups from CTFs from the past (although those may be a bit complicated as well).

OWASP has a pretty comprehensive listing of web bugs that tend to show up in the wild and is, in my opinion, a solid resource for someone learning the lay of the land.

- Futility
Futility91@hotmail.com Futility91
Author

RE: Web Penetration

T0pspin
Member



Posts: 6
Location:
Joined: 01.05.17
Rank:
Moderate
Posted on 21-03-18 22:11
That won't help 90% of the noobs we get here, as there is no "Help me Bro !!!!!!" section for hacking your girlfriends Facebook and WhatsApp accounts.
Author

RE: Web Penetration

Futility
Member

Your avatar

Posts: 750
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 22-03-18 01:17
T0pspin wrote:
That won't help 90% of the noobs we get here, as there is no "Help me Bro !!!!!!" section for hacking your girlfriends Facebook and WhatsApp accounts.

Maybe someone who reads this thread will be in the other 10%. Just trying to help people as best I can.

Don't be a dick.
- Futility
Futility91@hotmail.com Futility91
Author

RE: Web Penetration

T0pspin
Member



Posts: 6
Location:
Joined: 01.05.17
Rank:
Moderate
Posted on 22-03-18 09:27
Don't be a dick. - Futility

Sorry bro no can do. I am a dick.
Author

RE: Web Penetration

gobzi
Member



Posts: 109
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 22-03-18 09:51
T0pspin wrote:
Sorry bro no can do. I am a dick.


https://www.youtu. . .4x7EXdlpL8


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr
goo.gl/8st1AR
Author

RE: Web Penetration

Futility
Member

Your avatar

Posts: 750
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 22-03-18 17:54
T0pspin wrote:
Sorry bro no can do. I am a dick.

Tragic. Oh well, I suppose you'll probably just have to fade away with the everyone else in your 90% then.

For the rest of us looking to actually improve ourselves as security professionals (and... just... generally as human beings, too, I suppose), I just remembered this site that some friends of mine made. They recently opened it up to the public (used to be behind a paywall) and it serves as a pretty solid standalone introduction to a bunch of webapp security topics. There are a bunch of video lessons supplemented by modern example applications for breaking into. The structure makes for a pretty good learning platform (in my opinion).

- Futility
Futility91@hotmail.com Futility91
Author

RE: Web Penetration

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 23-03-18 02:02
Remember this ya dick ?

From: T0pspin
Date: August 04 2017 -- 07:00:19
Subject: Facebook
Hello and good day Rex,  can I ask if you know how to hack facebook ?


Also, that site looks pretty cool Futility, I'll have to remember to check that out later from home. Thumbs Up
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Web Penetration

T0pspin
Member



Posts: 6
Location:
Joined: 01.05.17
Rank:
Moderate
Posted on 23-03-18 10:51
To be fair, I was a lot younger back then.