Social Icons

Friday, August 22, 2014

FOCA : Extracting website Meta data

1.    Metadata is "data about data". It provides info about a certain item's content like for example, an image may include metadata that describes when was the picture clicked,which camera was used to click the image,the resolution etc. A text document's metadata may contain information about how long the document is, who the author is, when the document was written, and a short summary kind of document.Metadata can be useful to Penetration Testers,because it contains information about the system where the file was created, such as Name of users logged into the system,Software that created the document and OS of the system that created the document.This post will introduce to a tool know as FOCA ...that stands for

Once the project is named and u locate to store the project files, click on the Create button, as shown below :

Next thing to do is save the project file and click on the Search All button so FOCA will use search engines to scan for documents.


Right-click on the file and select the Download option, as shown below:

Right-click on the file and select the Extract Metadata option, as shown below :

Right-click on the file and select the Analyze Metadata option, as shown above :
 One can see the user who created and used this document as seen below :
You can also see what all software’s have been used to create the document.
In many cases, attackers will be able to see much more information and gather intelligence about a target, the network, usernames, etc… by using this tool.Though the tool is available with Kali but with newer versions it is only available with Windows....


Sunday, August 17, 2014

Zenmap:GUI for NMAP@Kali Linux

1.     Most of us would have heard of the pretty famous Nmap ("Network Mapper") ,a free and open source (license) utility for network discovery and security auditing.It uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Designed to rapidly scan large networks Nmap runs on all major computer operating systems.Official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).In this post the focus will be to introduce Zenmap...a kind of GUI for running NMAP commands which is otherwise terminal based.

2.   To open Zenmap, go to the Backtrack menu. Navigate to Information Mapping - DNS Analysis, and click Zenmap.


3.   Notice that under the Profile menu that there are several options to determine what type of scan you would like to run, as shown in the following screenshot:

4.    The first step is creating a new profile. A profile in Zenmap allows a Penetration Tester to create what type of scan to execute and what different options to include.Navigate to the Profile menu and select New Profile as shown in the following screenshot:




5.   When you select New Profile, the profile editor will launch. You will need to give your profile a descriptive name. For example, you can call the profile testscan as I have named here.Optionally, you can give the profile a description. During your course of using Zenmap you will probably create many profiles and make multiple scans.








6.    Zenmap is the best way to get output from Nmap scans. Zenmap offers a rich graphical user interface that displays scans that can be exported into different formats, such as text or Microsoft Excel.

Saturday, August 16, 2014

Maltego : Open source Intelligence and Forensics Application

1.  In this post I am giving a stepped screen shot for installing and using the application MALTEGO that comes inbuilt to Kali Linux.Maltego, is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of information in a meaningful way. Coupled with its graphing libraries, Maltego, allows  to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics.security and intelligence fields.

2.   Maltego permits creating custom entities, allowing it to represent any type of information in addition to the basic entity types which are part of the software. The basic focus of the application is analyzing real-world relationships between people, groups, websites, domains, networks, internet infrastructure, and affiliations with online services such as Twitter and Facebook.

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

Sunday, August 10, 2014

DD-WRT : Linux based Alternative OpenSource Firmware

1.   After we have heard and seen over last few years the rise of Open Source and their imminent threat to Mac and Windows!!!!,now I read about  , a Linux based alternative Open Source firmware suitable for a great variety of WLAN routers and embedded systems.
2.    This open-source firmware was developed for specific router models and is used as a replacement for the factory default firmware. This modification lifts restrictions built-in to the default firmware, providing advanced capabilities to make Internet and Home Network more controllable and versatile.Manufacturers develop routers for non-technical users in mind, making them simple and easy to use, while limiting their effectiveness as a web-access gateway. DD-WRT transforms a personal-class router with limited functionality into a powerful, multi-use, business-class router. With DD-WRT, a router's enterprise potential can be unlocked at a home user's price.


3.    The advantages offered are bought out below :

    - Stability of running a linux-based, non-proprietary firmware.
    - VPN (Virtual Private Network) passthrough capabilities.
    - Software support for the SD-Card hardware modification.
    - Advanced QoS (Quality of Service) controls for bandwidth allocation.
    - NAT (Network Address Translation) support.
    - Cycle router from the Administration settings.
    - Built-in DNS caching
    - Configure the router as a Wi-Fi hotspot using the integrated Chillispot          
    - Radius Authentication for additional wireless security.
    - VLAN (Virtual Local Area Network) Support.
    - Create unique SSIDs (service set identifiers) when using multiple routers.

4.   But it is not a win win situation always,while flashing a router with DD-WRT is highly beneficial , the risks that are involved can sometimes outweigh the benefits . Flashing a router with DD-WRT can be risky and when done improperly, it may "brick" the router. For devices mainly used for private purposes, DD-WRT is freely available. Platforms used for commercial purposes require a paid license. Compared to the freely available version, the professional version also allows for configuration of the WLAN parameters, thus opening up the opportunity of creating e.g. reliable and powerful network infrastructures. Special demands can be fulfilled by specifically tailored versions of DD-WRT.


Sunday, August 03, 2014

Fierce Domain Scan by FIERCE @ Kali Linux

1.   This post gives a stepped screen shot version of a relatively unknown but powerful tool known as Fierce. It is a perl script written by rsnake. Fierce tries multiple techniques to find all the IP addresses and hostnames used by a target. Fierce is meant specifically to locate likely targets both inside and outside a corporate network.A very detailed explanation with ease is given at http://ha.ckers.org/fierce/

2.  To use Fierce, navigate to Information Gathering | DNS Analysis | Fierce.
Fierce will load into a terminal window as shown in the following screen shot.



DOMAIN INFORMATION GROPER : DIG@Kali LINUX

1.    Most high-value targets have a DNS name associated to an application. DNS names make it easier for users to access a particular service and add a layer of professionalism to their system. For example, if you want to access Google for information, you could open a browser and type in 74.125.68.138 or type www.google.com

(Click on image to enlarge)
2.  DNS information about a particular target can be extremely useful to a Penetration Tester. DNS allows a Penetration Tester to map out systems and subdomains. To use Dig, open a command prompt and type dig and hostname, where hostname represents the target domain. 

3.  Dig lookups will show the DNS records for the given host or domain. This gateway allows lookups for network address, mail exchanger, name servers, host information, arbitrary strings and zone of authority records. Please leave the server field blank to query a properly configured internet DNS cache.Dig will use your operating systems default DNS settings to query the hostname.You can also configure Dig to query custom DNS servers by adding @ to the command. The example in the following screen shot illustrates using Dig on http://www.hacklabs.com/

 
4.   The -t option in Dig will delegate a DNS zone to use the authoritative name
servers. We type dig -t ns http://www.hacklabs.com/ in the example in the
following screen shot:

5.  We see from the results we have two authoritative DNS servers for the domain http://www.hacklabs.com/; they are ns51.domaincontrol.com and ns51.domaincontrol.com

6.   Thanks to book Web Penetration Testing with Kali Linux by Joseph Muniz & Aamir Lakhani
Powered By Blogger