Results 1 to 9 of 9

Thread: Pentesting my website

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    63

    Default Pentesting my website

    Hey guys, i would like to pentest my website (an online RPG). Now i have BT3 as my OS. I want to do it from scratch. Just wondering if you can tell me how to go about this. Iv tried metasploit autopwn but no success. I have permission from the server owner. If you dont believe that the site im doing it on is mine, tell me what you want me to show to prove that its mine.

    Thanks, Jesse.

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by antichrist View Post
    Hey guys, i would like to pentest my website (an online RPG). Now i have BT3 as my OS. I want to do it from scratch. Just wondering if you can tell me how to go about this. Iv tried metasploit autopwn but no success. I have permission from the server owner. If you dont believe that the site im doing it on is mine, tell me what you want me to show to prove that its mine.

    Thanks, Jesse.
    Even if you do own the site, you should take a good STRONG look at the TOS of whatever ISP you will be going through. Most ISPs that provide home service*, do not allow you to do things like port scans over the WAN. In fact, a lot of the ports may be closed. The ISP of the server site may also have objections to you doing this, and you will likely need written clearance from both.

    After you clear those hurdles, the answer to "how to go about this?" is "It depends." There isn't a cookbook to Pen Testing. I would suggest download and read the OSSTMM. It should give you some insight on the methodology.

    *This is assuming for the moment that you'd be attempting to pen test this server from your home. The amount of inexperience reflected in the question is pretty apparent. Otherwise you'd know how to go about this, and already know about things like TOS restrictions.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Junior Member
    Join Date
    Jun 2006
    Posts
    63

    Default

    Thanks, i didnt think about the ISP of the server, might write them an email to see if this is possible. As for my inexperience, well thats a given, i used BT2 a fair while back and decided to give it ago again. Tho im still pretty new to all this, im picking up things quite quickly.

  4. #4
    Junior Member ktzqbp's Avatar
    Join Date
    Nov 2008
    Posts
    25

    Default

    Quote Originally Posted by antichrist View Post
    Hey guys, i would like to pentest my website (an online RPG).
    Out of interest, what RPG?

  5. #5
    Junior Member
    Join Date
    Jun 2006
    Posts
    63

    Default

    Its a car RPG that i made few years back.

  6. #6
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Are we talking pentest as in the server (ports and payloads).... or the website (as in xss and cross domain request forgery)?

    Would the ISP pick up or be AS arsey with the later of the two?
    wtf?

  7. #7
    Junior Member
    Join Date
    Jun 2006
    Posts
    63

    Default

    Im not sure how to go about it, as someone is able to keep penitrating my server / website to gain admin access to cheat. Changed passwords, emails and so on, had the server checked and nothign is on it that shouldnt be. Nothing on my computer that shouldnt be either. I just have no idea how they would do this. If you have a few ideas, add me on MSN and we can talk off forum about it if it isnt alound on here.

    Thanks, Jesse.

  8. #8
    Junior Member ktzqbp's Avatar
    Join Date
    Nov 2008
    Posts
    25

    Default

    Quote Originally Posted by antichrist View Post
    Its a car RPG that i made few years back.
    Alright, and a link?

  9. #9
    Junior Member
    Join Date
    Jun 2006
    Posts
    63

    Default

    Quote Originally Posted by ktzqbp View Post
    Alright, and a link?
    http://www.streetholden.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •