This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Google “Dorking” is the practice of using Google to find vulnerable web applications and servers by using native Google search engine capabilities. Unless you block specific resources from your website using a robots. txt file, Google indexes all the information that is present on any website.

Ex:
Finding misconfigured Laravel Applications
index of ".env"

Finding misconfigured servers that have “ktp” files
index of "ktp"

Finding misconfigured servers that have “kk” files
index of "kk"

Searches for specified term in the URL. 

For example:inurl:register.php

Read More:
Documentation of Google Dorks: https://www.exploit-db.com/google-hacking-database

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Perform a reverse IP lookup to find all A records associated with an IP address. The results can pinpoint virtual hosts being served from a web server. Information gathered can be used to expand the attack surface when identifying vulnerabilities on a server.

Go to https://hackertarget.com/reverse-ip-lookup/

Input the IP address that you want to scan

The list of sites with the same IP address will be displayed. The following are some of the sites that share the same IP address which is 87.98.172.193.

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Zoom is a WordPress vulnerability scanner equipped with subdomain & infinite username enumeration.

Install zoom:

git clone https://github.com/gcxtx/zoom

python zoom.py -u <website> –auto

Usage example:

cd zoom – make sure you are in the zoom directory

python zoom.py -u pentest.id –auto

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

We can create a targeted password dictionary by inputting data and keywords that will be processes into a list of potential passwords.

Usage Example:

$ python3 cupp.py -i

You will have to input the information relating to the user you want to get the password of.

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

theharvester – A tool for gathering e-mail accounts and subdomain names from public sources

Usage Example:

Search from email addresses from a domain (-d kali.org), limiting the results to 500 (-l 500), using Google (-b google):

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

We can try to perform social engineering to get the username and password of the target.

run sudo setoolkit

Choose 1 – Social-Engineering Attacks

Choose 2 – Website Attack Vectors

Choose 3 – Credential Harvester Attack Method

Choose 2 – Site Cloner

Insert you IP address and URL of website to clone

After the credentials are inputted in the cloned website, the input will be captured and displayed.

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Nmap can be used to identify what devices are running on a system, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.

nmap <URL>

Usage Example:

nmap pentest.id

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

We can scan for vulnerabilities to be exploited later using WPScan. This will display all of the vulnerabilities found in the WordPress.

Usage Example:

In this example, we will scan for vulnerabilities in pentest.id

$ wpscan –url https://pentest.id –api-token token

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

We can try to find the correct password for a user using WPScan to try all the potential passwords from our list of passwords that is generated using tools like CeWl, CUPP, etc.

In this example, we will try to get the password of user @apietz from pentest.id using the password list apietz.txt.

$ wpscan –url https://pentest.id/wp-login.php -P apietz.txt –usernames @apietz –force

We can generate a list of potential password to be used for bruteforcing using a tool called CeWL.

Usage Example:

Scan to a depth of 2 (-d 2) and use a minimum word length of 5 (-m 5), save the words to a file (-w docswords.txt), targeting the given URL (https://example.com):