Average Method for Finding Vulns

[sn0wm4n]

I've learned a fair amount of a lot of different vulns but I've been wondering if there was a general way that most people go about cracking some target that they happen upon.


Like does it usually start with an nmap or nikto scan or something like that? Or a full fledged vuln scanner like openVAS or Nessus? That seems like it would simplify a lot of searching through the site but it seems like a full fledged scanner over the internet would put you in hot water because of the traffic it would generate. And same thing with spidering through a site.
Or are most sites cracked through problems with the service itself like buffer overflows
Then that brings SQLi, RFI, and XSS stuff...


There seems to be a long list of things that *can* be attacked but is there general list of things to try before others?

[vezzy]

Usually most professional penetration tests follow a detailed guide, which tries to account for a large number of attack vectors.

One such guide for web applications is the OWASP Testing Guide: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents

It'll give you some ideas that you likely haven't considered before, and which need to be done for a complete web application security audit.

Otherwise, in all honesty, being a hacker is all about thinking outside of the box no matter what you specialize in. Automated tools help to make menial tasks easier and scanners can help you find certain common vulnerabilities right away, but the rest is all up to you as the tester. In general, one decent approach is to enumerate every single technology that a web application uses and target them all one by one.

[ande]

Have at this thread: http://evilzone.org/tutorials/hacking-start-to-finish-(quick-list)/

I think vezzy covered it pretty well so I wont go into any more detail.