Pentesting my website

**antichrist** · 12-04-2008, 12:00 PM

Hey guys, i would like to pentest my website (an online RPG). Now i have BT3 as my OS. I want to do it from scratch. Just wondering if you can tell me how to go about this. Iv tried metasploit autopwn but no success. I have permission from the server owner. If you dont believe that the site im doing it on is mine, tell me what you want me to show to prove that its mine.

Thanks, Jesse.

**Thorn** · 12-04-2008, 02:21 PM

Originally Posted by antichrist

Hey guys, i would like to pentest my website (an online RPG). Now i have BT3 as my OS. I want to do it from scratch. Just wondering if you can tell me how to go about this. Iv tried metasploit autopwn but no success. I have permission from the server owner. If you dont believe that the site im doing it on is mine, tell me what you want me to show to prove that its mine.

Thanks, Jesse.

Even if you do own the site, you should take a good STRONG look at the TOS of whatever ISP you will be going through. Most ISPs that provide home service*, do not allow you to do things like port scans over the WAN. In fact, a lot of the ports may be closed. The ISP of the server site may also have objections to you doing this, and you will likely need written clearance from both.

After you clear those hurdles, the answer to "how to go about this?" is "It depends." There isn't a cookbook to Pen Testing. I would suggest download and read the OSSTMM. It should give you some insight on the methodology.

*This is assuming for the moment that you'd be attempting to pen test this server from your home. The amount of inexperience reflected in the question is pretty apparent. Otherwise you'd know how to go about this, and already know about things like TOS restrictions.

**antichrist** · 12-04-2008, 06:30 PM

Thanks, i didnt think about the ISP of the server, might write them an email to see if this is possible. As for my inexperience, well thats a given, i used BT2 a fair while back and decided to give it ago again. Tho im still pretty new to all this, im picking up things quite quickly.

**ktzqbp** · 12-04-2008, 06:45 PM

Originally Posted by antichrist

Hey guys, i would like to pentest my website (an online RPG).

Out of interest, what RPG?

**antichrist** · 12-04-2008, 06:49 PM

Its a car RPG that i made few years back.

**Andy90** · 12-05-2008, 11:23 AM

Are we talking pentest as in the server (ports and payloads).... or the website (as in xss and cross domain request forgery)?

Would the ISP pick up or be AS arsey with the later of the two?

**antichrist** · 12-06-2008, 03:28 AM

Im not sure how to go about it, as someone is able to keep penitrating my server / website to gain admin access to cheat. Changed passwords, emails and so on, had the server checked and nothign is on it that shouldnt be. Nothing on my computer that shouldnt be either. I just have no idea how they would do this. If you have a few ideas, add me on MSN and we can talk off forum about it if it isnt alound on here.

Thanks, Jesse.

**ktzqbp** · 12-06-2008, 06:05 AM

Originally Posted by antichrist

Its a car RPG that i made few years back.

Alright, and a link?

**antichrist** · 12-06-2008, 06:53 AM

Originally Posted by ktzqbp

Alright, and a link?

http://www.streetholden.com

BackTrack Linux - Penetration Testing Distribution

Thread: Pentesting my website

Thread Tools

Search Thread

Display

Pentesting my website

Posting Permissions