Penetration Testing

[ajay]

Hello friends i am a newbie in the hacking field aaa an a year old  i want the professional guidance and a proper approach towards penetration testing of any vulnerable web sites or any windows or linux system..  because my professional experts or u can say my teachers answers me the only answers to my questions is the GOOGLE which i sometimes feel inadequate to me. thats why i join this forum for my queries n for enhancement of my knowledge. so kindly requested to give me some ur valuable information and share ur valuable hacking experience and case scenarios with this ur small brother thankyou so much guys   

and  my first question is :
how to exploit vulnerabilities in vulnerable websites manually without using noisy automated tools ( i know there is one sql injection but if it is not vulnerable to it and only some known open ports are open like smtp exim 4.82 service;,httpd apache service;,xgnix server1.6.2, mysql 5.x.x on service ) how it can be exploited for example i am sending this vulnerable site link " mha.gov.db " have alook on this vulnerable site n the services running on it.. if u got some way to exploiting it.. u r always welcome to share.. plz 


and my second question will be coming very soon... 

./removed_formatting.phage

[shimomura]

No easy answer.

Learn how to identify some of these vulnerabilities: https://www.owasp.org/index.php/Top_10_2013-Top_10

Research them, and learn how manually exploit them. Check out the ebook section for some good material on things like XSS. Even better learn the languages well and reverse engineering and exploiting apps and networks will come easily.

[ajay]

hi thanks for reply..     i know that owasp but in this website scenario is different.. and i tried that too.  xss , reflected xss , n then there is perl script for privilege escalation.. via exploiting ssh port..  but  m not getting.. u can say its not works for me.. if you know d way to exploitation any of those services running on the open ports of that site.. u r welcome plz..