I was leaning methods to find vulnerabilities in a system when I realized most big companies or websites don't actually have many vulnerabilities, or for the matter of fact , none which could be identified(atleast by me). I want to know what would a professional penetration tester or hacker would do to find vulnerabilities which are more hidden or just very hard to find.
- Hot
- Active
-
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
1 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
4 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
5 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
6 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
6 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
9 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
9 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
9 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
9 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
11 mo ago
-
How To: Find Vulnerable Webcams Across the Globe Using Shodan
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
The Hacks of Mr. Robot: How to Use the Shodan API with Python to Automate Scans for Vulnerable Devices
-
How To: Clear the Logs & Bash History on Hacked Linux Systems to Cover Your Tracks & Remain Undetected
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Spy on Traffic from a Smartphone with Wireshark
-
Hack Like a Pro: How to Find Directories in Websites Using DirBuster
-
Steganography: How to Hide Secret Data Inside an Image or Audio File in Seconds
-
How To: Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To: Intercept Images from a Security Camera Using Wireshark
-
How To: Dox Anyone
-
Android for Hackers: How to Turn an Android Phone into a Hacking Device Without Root
-
How To: Play Wi-Fi Hacking Games Using Microcontrollers to Practice Wi-Fi Attacks Legally
-
How To: Tactical Nmap for Beginner Network Reconnaissance
-
How To: Top 10 Things to Do After Installing Kali Linux
-
How To: Phish for Social Media & Other Account Passwords with BlackEye
-
How To: Break into Router Gateways with Patator
-
How To: Install Kali Live on a USB Drive (With Persistence, Optional)
-
Hack Like a Pro: The Ultimate Command Cheat Sheet for Metasploit's Meterpreter
6 Responses
He'll try to pivot. It means that he'll try to find targets which have a link with the target, he'll exploit them, and with these hacked devices, he'll scan the main target again to see if this link between the main target and the hacked target can help him to have more chances to exploit the main target. Besides, he can use social engineering to hack systems. It means he'll try to exploit human vulnerabilities to hack systems. This social engineering can be seen as pivoting too.
You have to know that scanning will actually just try to find well-known vulnerabilities. If you are an expert hacker who know 0day vulnerabilities, you can try to find programs in the target's system which may be vulnerable to your 0day exploit, and use it to gain access.
Thanks alot
People are walking exploits. When there are no exploits, simply use the systems already in place to do something unintended.
Thanks!
is there a way to convert my exe of jar file to .pdf .doc .rar etc in silent mode in kali linux and it will not affect the file in any way.
Ask in a separate thread for more visibility
Share Your Thoughts