nagpentest

file 4.2, 25.40 minute tested... #cewl www . ignitetechnologies . in - d 2 - w / root / Desktop / dict . txt cewl <url> -d<depth> -w<path> Cewl – indicated the tool which is being used <url> – here give the URL that you want to use as a foundation of your dictionary. -d<depth> – here, give the number of links you want it to go through while creating your dictionary. -w<path> – here, give the path where you want to store all the possible passwords. For example in the terminal of kali type :[source: http://www.hackingarticles.in/5-ways-create-dictionary-bruteforcing/] $ mkdir /tmp/source $ cd /tmp/soruce $ wget -r -1 [N] [target_website] $ cd.. $ grep -h -r "" source | tr '[:space:]' '\n' | sort | uniq > wordlist.lst $ grep -v '<' wordlst.lst > newlist.lst -r pulls recursive pages from the target website, following links to a depth of N (-1) pages. grep to omit file names  from the ou...

>>  FOR /L %i in (1,1,255) do @ping -n 1 10.10.10.%i | find "Reply" --> is a ping sweep >>  FOR /f %i in (password.lst) do @echo %i & @net use file://target_ip_addr/ %i /u:[username] 2>nul &&  pause --> password guess; instead of pause, we could append our results to a file with : && echo Username: %i >> success.txt >>  FOR /L %i in (1,1,255) do echo %i & ping -n 5 127.0.0.1 & cls --> [command1] & [command2] --> run multiple commands [command1] && [command2] --> run multiple commands only if the prior command is succeeded without error u could use the echo cmd to build a script line by line by running the following cmd several times, varying the line each time you run it c:\ echo [line] << file.bat The FOR loop variable must be changed from %[var] to %%[var] to make in a batch file. Place 2 %age sign infront of each vaiable name ========================= windows>for /L %...

how to move files between 2 systems using nc. works on both linux and windows. on source/sending machine      #nc --lvp 2222 < sending_this_file.txt on target/receiving machine     #nc -nv target_ip_address 2222  > receiving _this_file.txt Building off of the previous example, we can accomplish more useful tasks. Because we are establishing a regular TCP connection, we can transmit just about any kind of information over that connection. It is not limited to chat messages that are typed in by a user. We can use this knowledge to turn netcat into a file transfer program. Once again, we need to choose one end of the connection to listen for connections. However, instead of printing information onto the screen, as we did in the last example, we will place all of the information straight into a file: netcat -l 4444 > received_file On the second computer, create a simple text file by typing: echo "Hello, this is a file" > ...

Nmap scripts will cause nmap to do a port scan so they can find out which ports are open but nmap scipts without a version scan may not properly measure the target's configuration and vulnerabilities specially for services on non-configuration. By default nmap will check the top 100 most used ports for TCP/and or UDP # nmap -PN -sS target_ip_address -p 1-1024 --packet-trace  [ PN = indicates that we dont want to ping the target system, just scan it ;      sS   = do a SYN scan also known as stealth scan or half open scan ;     -p = list of the ports to scan ;      --packet-trace = makes nmap display the status and packet summary information      -PB   = same as default; use ICMP Echo Request; SYN to TCP 433; ACK to TCP 80, and ICMP Timestamp request (if UID 0)      -PE   = formerly -PI; send ICMP echo request (ICMP type 8)     ...

# for i in 'seq 1 255'; do hping3 --count 1 x.x.x.$i; done [hping_an_address_space] # for i in 'seq 1 255'; do hping3 --count 1 x.x.x.$i 2>/dev/null | grep ip=; done [list those that repond, grep output for "ip="; taking the standard rror message and throwing them away ] # hping3 target_IP_address <-- # tcpdump -nn host your_IP_address and host target_IP_address -p -i tap0 <-- (possibly stop iptables on the source linux machine # hping3 -icmp -data 40 -file text.txt target_IP_address -p -i tap0 <-- (payload size of 40 bytes populated with a file called test.txt) # hping3 --icmp --interval 10 --beep target_IP_addres <-- (will continue to beep when  the source could ping the target_IP_address. beep will stop as soon as the network is disconnected) #!/bin/bash if [ "$1" == "" ] then echo "Uaage   /pingweeps.sh [network]" echo "E.g :/pingsweep.sh 102.168.1" else for ip in   `seq 1 254` ...

  Custom user lists • So, lets take some word docs and pull out the user names and first and last names! • What about Web? wget -r -l1 --no-parent -A.doc http://www.somewebsite.com/ | exiftool -r -a -u -Author - LastSavedBy * >users.txt |strings users.txt | cut -d":" -f2 | grep -v "\=" | grep -v "\image files read" | tr '[:space:]' '\n' | sort | uniq >cleanusers.txt • local disk? exiftool -r -a -u -Author -LastSavedBy * >users.txt |strings users.txt | cut -d":" -f2 | grep -v "\=" | grep -v "\image files read" | tr '[:space:]' '\n' | sort | uniq >cleanusers.txt More info at http://www.pauldotcom.com/Metadata_the_Silent_Killer_NS2009.pdf ================================================================ exclude hml, php, asp and cgi extensions # wget -nd -r -R htm,html,php,asp,aspx,cgi -P /home/tools/metadata_from_[website_name] [target_domain] alternatively, we coul have included only ...

whois at the command line $whois [-h whois_server] name (there are many other command line arguments) $man whois ===================== zone transfer for all records for a given domain. It possible could be blocked on the DNS server or firewall. DNS zone transfer r carried over tcp 53 where as dns queries use udp 53 nslookup set type-any server ns1.abc.abc ls -d abc.abc > dnstranfer.abc.abc.txt ===================== What is DNS Authority? What is an Authoritative DNS Server? What is an Authoritative DNS Response? What is a Non-Authoritative DNS Server? What is a Non-Authoritative DNS Server Response? What is DNS Authority? Any DNS server that contains a complete copy of the domain's zone file is considered to be authoritative for that domain. A complete copy of a zone file must have: a valid Start of Authority ( SOA ) record, valid Name Server ( NS ) records for the domain, and the listed NS records should match the servers listed in the SOA record. Servers listed in the ...