Hi , i will talking more about CTF(Capture The Flag) Things today.CTF are special kind of information security competition which test your all skills the you have learned over time.
CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues.
we are going to talk more about the approaches towards it here are below listed some .
1) 1st basic things to do is run a nmap scan on the target IP.
Example : nmap -sV 192.11.XXX.XXX
then analyze the output response for useful information.it can be any thing again like open port or open name of the service and all other thing. in ideal case you get Http Service 80,SSH port 22 and 21 ftp these are the basic output that comes many time.
2) Next thing to do is directly go ahead and browse the http services through browser.some time the source/response it self contain useful information.that helps in future. always remember the key to success is enumeration or retrieving as much information you gather the better chances of cracking that machine .
3) ok we talked about the http side so the basic thing that you can directly perform is checking for robots.txt file.
so it could be like http://192.11.XXX.XXX/robots.txt
file many cases this contains information to next step or at least help in making further step.
4) now save the content into a note file .if you are at kali machine the the simple command can be.
wget http://192.11.XXX.XXX/robots.txt
then run a famous tool known as directory buster with this work list ,target is to perform fuzzing activity using the gathered information in order to land at another step. look for the directory where you have clue hidden for next step.
Thats all for today , i will be talking more on this tomorrow
CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues.
we are going to talk more about the approaches towards it here are below listed some .
1) 1st basic things to do is run a nmap scan on the target IP.
Example : nmap -sV 192.11.XXX.XXX
then analyze the output response for useful information.it can be any thing again like open port or open name of the service and all other thing. in ideal case you get Http Service 80,SSH port 22 and 21 ftp these are the basic output that comes many time.
2) Next thing to do is directly go ahead and browse the http services through browser.some time the source/response it self contain useful information.that helps in future. always remember the key to success is enumeration or retrieving as much information you gather the better chances of cracking that machine .
3) ok we talked about the http side so the basic thing that you can directly perform is checking for robots.txt file.
so it could be like http://192.11.XXX.XXX/robots.txt
file many cases this contains information to next step or at least help in making further step.
4) now save the content into a note file .if you are at kali machine the the simple command can be.
wget http://192.11.XXX.XXX/robots.txt
then run a famous tool known as directory buster with this work list ,target is to perform fuzzing activity using the gathered information in order to land at another step. look for the directory where you have clue hidden for next step.
Thats all for today , i will be talking more on this tomorrow
