SQLMAP – Introduction & Automation of SQLi
Basic Operation of SQLMAP & enumeration of Server through automatic SQL Injection. SQLMAP is a database pentesting tool used to automate SQL Injection. Practically using sqlmap, we can dump a whole database from a vulnerable server. SQLMap is written in python and has got dynamic testing features. It can conduct tests for various database backends very efficiently. Sqlmap offers a highly...
World Wide Live Attack Map & Analytics
Ever wanted to see live DOS attacks across the globe? There is a website from a security firm that shows live attacks from all over the globe including the protocol information, IP addresses and country. All this information is put together in a wonderful hacker-like map. Live attacks & traffic are shown once you start the live view. The website...
macof
MAC Flooding with MACOF & some major countermeasures Macof is a member of the Dsniff suit toolset and mainly used to flood the switch on a local network with MAC addresses. The reason for this is that the switch regulates the flow of data between its ports. It actively monitors (cache) the MAC address on each port, which helps it...
Stagefright – All you need to know
Find out whether your device is vulnerable & Defend against Stagefright Vulnerability Stagefright is one of the latest large scale vulnerabilities that swept up to a billion android devices all over the world. Basically speaking, stagefright vulnerability is the flaw which allows an attacker to control your android device by sending you an MMS message. It can be through your carrier services...
More Core Changes in Kali Sana (V 2.0)
More Linux Core Changes in Kali Sana are to be noticed. (Also applies to Other Latest Linux Distros) Recently, some core changes & tweaks were introduced to the Linux architecture & Kernel itself. This article gives an introduction to some of them. Although this focuses on Kali Linux, people using other Linux versions also can use this. These updates are...
First Look at Kali Linux 2.0
A rebirth of a penetration testing distribution – Kali Linux 2.0 Codename: Kali Sana On August 11th, Kali Linux Version 2.0 was released. It was codenamed as Sana. After rigorous changes & updates from Kali 1.0 to 1.1, the makers of Kali Linux, Offensive Security have decided to go for version 2.0 with major changes since the release of Kali...
parasite6 – Redirect all IPv6 traffic through your attacker machine
Redirect all IPv6 traffic through your attacker machine with parasite6 Parasite6 is the arpspoof in IPv6 networks and also a part of the THC-IPv6 tools suite. As always they have made it very simple & effective. Parasite6 just spoofs the neighbor advertisement & solicitation packets. Specifically, it advertises that the attacker machine is the router for every neighbor solicitation packet....
smurf6
Perform a Smurf attack and a Distributed Denial of Service (DDoS) attack on a on whole IPv6 network using smurf6 Smurf6 is a tool to perform a smurf attack on IPv6 network. A smurf attack is a type of DOS attack where an attacher pings the Broadcast address with a spoofed address of a victim. Eventually all nodes in the...
fake_router6
Create a rouge ipv6 router in one simple step with fake_router6 fake_router6 is a tool inside THC-IPv6 tools bundled inside Kali linux to test exploit & attack weaknesses & protocol complexity in ipv6 & icmp6 protocols. As the name suggests, it's from the Hackers' Choice. Before we begin the attack, lets get under the hood for a minute. In IPv4,...
Johnny
Lab 2: Test the complexity of a Windows System, Cracking Windows hashes using Johnny When cracking Windows passwords if LM hashing is not disabled, two hashes are stored in the SAM database. SAM is Security Accounts Manager. It stores the LM & NTLM hashes in an encrypted form. So first we have to decrypt or dump the hashes into a...
