Tutorial: An Intro to Blackbox Web Pentesting
- Find the technology and the kind of web page language
- Find all sub-domains exist for the website and repeat number 1 for them too (very important)
- Test every input include header and the body page of the web pages in the site and sub domains for possible vulnerabilities
- If security issues were found then retest them with Burpsuite scanner in kali or any famous and reliable web scanner like Acunetix or NetSparker
- Exploit the vulnerability for the POC [Proof Of Concept]
For the first step, I usually use the http://builtwith.com/ website as it is an online website for finding the technologies and languages used for a website. It is up to date and I like it more than whatweb script in Kali Linux.
I go to the BuiltWith website and put the http://testphp.acunetix.com/ in the box and click the lookup button. After a second, it shows several useful information options about the given website such as the kind of WebServer it's run on, the kind of frameworks it uses, etc. What is most important for us is this instance, is the webserver and framework. We can see that the web server is nginx 1.4 and the language of the website is php.
Now for the second step, I will usually use https://dnsdumpster.com/ website or google.com. In Google, we use the query site:*.acunetix.comIn dnsdumpster, we enter acunetix.com and then click "search".* In my experience, the sub-domains are more likely to have vulnerabilities since the programmers usually don't pay much attention to the security terms of the sub-domains. This is typically because the sub-domains are commonly less interactive with users. Anyway,in our case, we are not going to test all subdomains but instead just test this sub-domain: http://testphp.acunetix.com/
Lastly, for step three, I always start by searching in Google for links. For example, if the website is written in PHP I use the search query: php? site:testphp.acunetix.com/ In this way I can quickly find links that take parameters and test them in random ways for SQli or XSS. If we use this query we can see in the second link from the top: testphp.acunetix.com/listproducts.php?cat=1
I am not going to explain how to test automatically with Burpsuite as you all know how to do it. I hope you enjoyed this intro to blackbox testing a website. Bye till another OP3N ; )