This week i think is the hardest, since fingerprinting and footprinting is very confusing. I learned that footprinting is more to outer layer of information level and fingerprinting is more to the inner layer. The difference is footprinting is about the social information of the server like their relations, while fingerprinting is more to it’s IP or OS running on the system which is a crucial information to take over the server.

One of the tools for fingerprinting is nmap, it tests the response of the remote system to undefined combinations of TCP flags, TCP Initial Sequence Number (ISN) sampling, determining the default setting of the DF bit, TCP initial windows size, ToS setting, fragmentation handling, types and order of TCP options those such as DF, Tos, ISN is an IPID.

This week is more exciting, since we start to use the tools in Kali Linux. The tools we used are for searching information on our target, these information such as email, phone number, and sub domains related to our target is very useful for further step of pentesting.

The first tool is theHarvester which is very easy to use. to use theHarvester, we just need to type ‘theharvester’ followed by ‘-d’ followed by our target’s domain, then ‘-b’ followed by the source where theHarvester will try to crawl for informations on our target (may be google, facebook, twitter). There’s also additional functions such as ‘-l’ to specify the limit of results we want to display.

Another tool is whois, it is more to get the information on who owns our target and their social information.

Another useful tool with better GUI than theHarvester is maltego, maltego is more graphical than theHarvester due to it’s GUI, but we need to sign up first to use maltego.

This week, my lecturer, Sir Kalpin taught the class more on the procedures of Penetration Testing. In order to not break the law or cause any harm to ourselves and the client’s system, we must first:

• Make a written agreement signed by both party
• Confirm that the system we are going to penetration test is our client’s, or at least confirm that our client have the legal rights over the system

After completing the above steps, then we proceed to target scoping which is also very important. We must make an agreement with our client on what’s going to be tested, this step is important in order to avoid breaking the client’s system due to no backup or recovery. Some examples might be, if the system is a running system and we don’t do target scoping agreement first, then we try to do DDos attack, then the server may breakdown and furthermore, if the client don’t have the backup this will cause many losses.