Long Live Game

In this week, we were asked to utilizing search engine. In this case, we will be using Kali Linux for the hacking. Although to be fair I’ve already used Kali Linux for the previous Week 2.

Our goal is to use tools in Kali Linux and Google to utilizing search engine.

I can’t figure out how to use goorecon… But at least I can figure out how to use theharvester! The harvester is used for looking hostnames with same names. The image I used here is not exactly a good example for it.

This program is used to limited the search of domain names and sees how many websites has the same domain names. For this example I used, apparently wikipedia.net is either not a hostname, or I used the search results number too low.

Then I also try to use Maltego. Too bad I needed an account if I wanted to use the free version which I haven’t make. But at least I can show you what it looks like now.

For Google Hacking… It apparently used for make the search you do in Google is even more specific. You can even search for things that only appear in the url.

It’s actually work! I only don’t know how to specify it to a certain website I want to look into.

Conclusion: You can use this tools and Google to find more information about the website you’re going to hack.

In this week, we were focusing on Target Scoping and Information Gathering. In Week 1, we were only talking about using websites for gathering information. But this one, we will be given web tools to test things out.

Our goal is to learn how to use the tools for Target Scoping and Information Gathering.

The first thing that the the teacher recommend in the slide is Paros Proxy. It isn’t working on Windows anymore. I tried, and it stuck on the loading screen. It never moved past that. In Kali Linux it was working. The problem is, it was too different from the slides. The Spider is not where you put the Website link anymore. That’s why I have to do some configuring before I could even use it. Thanks to this man, I manage to figure it out.

Make sure that both localhost and port in the Firefox ESR and in Paros is the same. After that, just enter a website in Firefox ESR and Paros will automatically working

Next, the Host and Whois. You can use it to gather IP addresses and Domain Information.

Conclusion: We learned how to use the tools for target scoping and information gathering.

Only just today that I have finally manage to download my kali linux in my Virtual Box.

Our goal is to how to download Kali Linux.

I found out that the way I installed my Kali linux is wrong. When I ask my friend, they said that I should just simply import the file I download from www.kali.org into Virtual Box.

I did that, and in a way it was working, but there is still nothing good appear on the screen. So I try something else. I open the Storage settings, and see the Controller: IDE is still empty. So I put in the Kali Linux iso into the Controller:IDE.

It is finally showed this screen:

This showed that the Kali linux is starting to working.

But when I pressed live (amd64):

An error appeared. It said: “This kernel requires an x86-64 CPU, but only detected an i686 CPU. Unable to boot – please use a kernel appropriate for your CPU”. On the most tutorial I found, they told me to change the settings in my BIOS, which will require me to restart my computer. I had never used this before which makes me panicking and I looked for another tutorial.

Thankfully, I found this tutorial: https://askubuntu.com/questions/308937/cannot-install-ubuntu-in-virtualbox-due-to-this-kernel-requires-an-x86-64-cpu

Apparently, the only thing I need to change is the settings in “General”.

Change the Type into Linux and change the Version into Debian (64bit).

Conclusion: I can finally install Kali linux and I documented how I did it.

Update: This is the wrong way of installing it. Don’t try to install it this way. Use this version instead: http://2001586193brigitta.blog.binusian.org/2018/05/17/weekly-journal-for-ethical-hacking-part-8-week-7-1/

I’m learning the program we were going to used tomorrow. I already learn how to use nmap before. With nmap, you can easily sees what port from certain ip address that are opened or closed.

Out goal is to see what kind of vulnerabilities you can find with nmap.

It also count how many closed port the ip address has. It even can see the details for the owner of the IP address like the OS of the owner, NetBIOS name, and more.

Update:

On 25 May, 2018, I tested this nmap with the same IP address and some of the content has changed now.

In this output, it only show one open port which is port 53. Port 53 is Domain Name System or DNS. DNS is a naming system for computers, services, or other resources connected to the internet.

Apparently, other than port 53, port 80 is also open. Port 80 is HTTP or Hypertext Transfer Protocol.

And this is show all about the target details, especially their OS. They are apparently using Linux for their OS and they only have one IP address.

Conclusion:

nmap can be used to see which port is opened or closed. nmap can also be used to see OS devices from your own computer or other computer. You need their ipaddress first.