Kali linux Kali Linux comes with a hacked version of the gnome 3 desktop. It has been made to look like gnome 2 but lacks many features of the old version. If you want other desktops then can install kde, xfce or lxde from the repository. However if you want to get the good old gnome 2 desktop then install the mate desktop. Mate desktop is not available in the kali repositories but since kali [...]

Wireshark Wireshark, the most powerful packet sniffer and protocol analyser can be used to sniff data out of the captured packets for various protocols. Network communication takes place in packets and any request like http get/post is broken down into multiple packets and then transmitted to the remote webserver. Wireshark has the ability to reconstruct a communication stream using separate packets to show the actual conversation that took place. This feature can be used to [...]

Java Applet JMX Remote Code Execution Java exploits are client side exploits that mostly target browsers to run arbitrary command on the system. These exploits are put up on a webpage in the form of a java applet. When a victim visits the url and allows the applet to run, the java runtime or JRE is exploited to execute arbitrary command on the system and get control. The “JMX Remote Code Execution” exploit is a [...]

Adsl Routers Adsl routers are very common now a days as the primary hardware device used to connect to broadband connections. The modems connect to the broadband service using the username/password. Then the pcs connect to this router to form a local area network. The pcs use the router as the primary gateway to connect to the internet. So it is only the router that is directly connected to the internet and not the individual [...]

Password Cracking John the ripper is a popular dictionary based password cracking tool. It uses a wordlist full of passwords and then tries to crack a given password hash using each of the password from the wordlist. In other words its called brute force password cracking and is the most basic form of password cracking. It is also the most time and cpu consuming technique. More the passwords to try, more the time required. John [...]

Learn web penetration testing PentesterLab is an easy and great way to learn penetration testing. PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. Pentesterlab.com provides multiple kinds of vulnerable system images that can be used to practise penetration testing. Each system is based on a different set of vulnerability and is a separate exercise. Check out the available exercises. Each exercise comes with an iso image of the system in [...]

Repeat request in a loop Burp Intruder can do various kinds of fuzzing attacks with provided payloads. And the Burp repeater can repeat requests. However if you need to repeat a certain request in a loop again and again then here is the technique to do it. This is done through the Burp Intruder with “Null payloads”. 1. Select your request in the Proxy tab and click “Send to Intruder”. 2. In Intruder, in the [...]

Crackstation Defuse Security have released the biggest wordlist of passwords used in their Crackstation project. Contains around 1,493,677,782 words (1.5 billion) and the size is around 15GB. It is available for download for free. The website describes it as The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved [...]

Brute force password cracking Hydra is a popular password cracking tool that can be used to brute force many services to find out the login password from a given wordlist. It is included in kali linux and is in the top 10 list. On ubuntu it can be installed from the synaptic package manager. For brute forcing hydra needs a list of passwords. There are lots of password lists available out there. In this example [...]

When you start Kali, the grub boot menu comes up which waits for around 5 seconds before booting. Now if there are other oses alongside kali then the grub menu is useful. However if kali is the only os on the system, or for example kali is running inside virtualbox then it is of little use for the grub menu to wait. So to remove the grub menu waiting and boot instantly, edit the file [...]