SUB DOMAIN ENUMERATION WITH FEIRCE TOOL

Introduction

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains.  It’s really meant as a pre-cursor to nmap, unicorn scan, Nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately.  It is meant specifically to locate likely targets both inside and outside a corporate network.  Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That’s especially useful in targeted malware

USAGE:

• To open it go to Backtrack >> Information Gathering >> Network Analysis >> DNS Analysis >> fierce.Or you can open it through Terminal, type “cd /pentest/enumeration/dns/fierce”. Hit Enter.

To use this tool we have to use this command, ./fierce.pl –dns <domain>

DNS enumeration is the process of locating all DNS servers in order to yield information such as username, computer names, IP etc.

How to create Wi-Fi Hotspot with PC?

Hello guys today in this tutorial I will show you how to create wifi hotspot with PC. Here we use connectify Pro to spread its own hotspot just like we used to spread a hotspot in Android mobile or devices, like that connectivity is used for windows OS. Connectify software is developed to connect one computer with other over a network. These product is launched for Microsoft Windows. It is for multiple Internet connections simultaneously. Now I will show you how its work..

  Step 1 :- First download and install it from the given link..

 http://www.connectify.me/download/

Step 2 :- After successful install now open Connectify Pro and set the user id and password.. and then click start hotspot

What is Wireshak?

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.^[4]

Wireshark is cross-platform, using the GTK+ widget toolkit in current releases, and Qt in the development version, to implement its user interface, and using pcap to capture packets; it runs on Linux, OS X, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.

What is XSS ?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.^[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.

Windows Security Bypass 10 With One Bit

In the last set of patches from Microsoft for February 2015 was closed not only notorious JASBUG , but also the vulnerability CVE-2015-0057 with the same maximum risk rating (total in the February set three critical bug).

Hacker Udi Jawo (Udi ​​Yavo), who found this bug now described in detail the method of operation and has published a video . Article Udi called “protection bypass Windows XP-10 by one bit.”

The vulnerability allows for escalation of privileges to gain complete control over a victim’s computer and bypass all security mechanisms Windows. The bug is in the GUI-component core – module Win32k.sys. Namely, in the structure information about the scroll bars in windows on the screen.

There is a function xxxEnableWndSBArrows , which determines whether to display a scroll bar or show the scroll bar. This is where the hidden “bug”, which is found by static code analysis. At some point freed memory bits, where he kept the flags of states scrollbars. These bits we use (Use After Free).

At first glance it seems a minor vulnerability. But if it is right unleash a chain, it’s in your hands full control of any system from Redmond. Exploit reliably works in all versions of Windows, from Windows XP and up to 10, with all the included security mechanisms.

The author believes that the attackers will be successfully exploit this vulnerability for a long time.

Creating Wordlist with Crunch

Many times in penetration testing engagements you will discover authentication forms that you will need to bypass in order to gain access to an application or to a remote system. Having a big and a good wordlists always help but as a penetration tester you must be able to create your own custom wordlists depending on the situation. There are a variety of tools that can assist you on this but here we will focus on Crunch

Of course instead of just letters we can create a wordlist that will include only numbers with the command:

./crunch 5 5 12345 -o numbers.txt

The same method applies and if we want to create a wordlist mixed with letters and numbers.

./crunch 5 5 pentestlab123 -o numbersletters.txt

Special Characters

For special characters like !$% you will need to execute something like the following:

./crunch 5 5 pentestlab\%\@\!

This is because some special characters need escaping and the \ is used before the character.

String Permutations

Here there are two options.First options is when we will want to generate something based on the characters of a word.For example ./crunch 1 1 -p abc  will produce the following list:

The second option is when we will want to create a list based on different words.For example the words blue and red can be bluered or redblue.We can achieve this with the command ./crunch 1 1 -p pen test lab

Splitting Wordlists

If we use the -b option we will instruct crunch to create a wordlist which will be divided into multiple files.Another option that we can combine with that command is to choose the size of our wordlist.For example:

./crunch 6 6 0123456789 -b 1mb -o START

This will generate wordlists which will be 1Mb each and with 6 characters size and it will include the characters 0123456789.

Specify the number of words

Crunch allows us to specify the number of words in each wordlist. This will create a wordlists that it will contain 20 words maximum by taken a specific charset of lalpha which is [abcdefghijklmnopqrstuvwxyz].

./crunch 3 3 -f charset.lst lalpha -o START -c 20

Alternatively you can use any other charset from the list that comes with crunch if you don’t want to use a custom charset.

Prefix Wordlists

Now lets say that we want to create a wordlist that will contains the word pentestlab followed by 3 random characters.The command for that will be:

./crunch 13 13 -f charset.lst lalpha -t pentestlab@@@

which will produce the following output:

Alternatively if we want the word admin to be in the middle we can modify the command like this:

./crunch 9 9 -f charset.lst -t @@admin@@

Compression

You can compress your wordlist with the -z option using either bzip,gzip or lzma. Zip

According to survey lzma is best cpmpression but decompression is slower.

Example: ./crunch 4 4 -f charset.lst lalpha -o wordlist -z gzip

 

Conclusion

Creating wordlists can facilitate your needs when performing a penetration test. Crunch of course offers a variety of options and combinations that a user can play with. Trying to brute force of course an application or a system with a wordlist can of course lock you out depending on the account lockout policy but it always helps if you can have your own custom wordlists that may be help you to obtain access.

Happy Pen-testing guys 😀

What is FTP?

The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet.
FTP is built on a client server architecture and uses separate control and data connections between the client and the server.FTP users may authenticate themselves using a clear text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS). SSH File Transfer Protocol (SFTP) is sometimes also used instead, but is technologically different.
FTP may run in active or passive mode, which determines how the data connection is established.In both cases, the client creates a TCP control connection from a random unprivileged port N to the FTP server command port 21. In active modes, the client starts listening for incoming data connections on port N+1 from the server (the client sends the FTP command PORT N+1 to inform the server on which port it is listening). In situations where the client is behind a firewall and unable to accept incoming TCP connections, passive mode may be used. In this mode, the client uses the control connection to send a PASV(PASV is an alternative mode for establishing FTP connections. PASV mode is designed for FTP clients behind firewalls.)command to the server and then receives a server IP address and server port number from the server.

CMS:

A content management system (CMS) is a computer application that allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface.Such systems of content management provide procedures to manage workflow in a collaborative environment.These procedures can be manual steps or an automated cascade. CMSs have been available since the late 1990s.

CMSs are often used to run websites containing blogs, news, and shopping. Many corporate and marketing websites use CMSs. CMSs typically aim to avoid the need for hand coding, but may support it for specific elements or entire pages

What is plesk?

The Parallels Plesk Panel (ex: Parallels Plesk Control Panel, Plesk Server Administrator, PSA,or just Plesk) software package is a commercial web hosting automation program. Originally released under the U.S. company Plesk Inc. and designed in Novosibirsk, Russia, Plesk was acquired by SWSoft in July 2003. SWSoft renamed themselves under the Parallels name (a brand which had been acquired by SWSoft) in 2008.
Parallels Plesk Panel allows a server administrator to set up new websites, reseller accounts, e-mail accounts, and DNS entries through a web-based interface. The administrator can create client and site templates, which predetermine resource-allocation parameters for the domains and/or clients.
Parallels Plesk Panel for Linux/Unix supports multiple POSIX platforms, including Debian, Fedora, FreeBSD, Red Hat Linux, SUSE and Ubuntu. Parallels Plesk Panel for Windows supports Windows Server 2003, Windows Server 2008 and Windows Server 2012 operating systems.

What is botnet?

A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks.The word botnet is a combination of the words robot and network. The term is usually used with a negative connotations.The term botnet is widely used when several IRC bots have been linked and may possibly set channel modes on other bots and users while keeping IRC channels free from unwanted users.