Category : "Security"

Tutorials on Network Security

Nmap tutorial – port scanning remote hosts

Nmap Nmap (Network Mapper) is the most popular port scanner and network discovery tool used. It is available for all major platforms. In this article we are going to learn the basics about nmap and see how it can be used to scan the network and ports. Project website http://nmap.org/ Install on Ubuntu $ sudo apt-get install nmap The nmap manual is available at http://nmap.org/book/man.html Some nmap commands ...

Proxify applications with tsocks and proxychains on ubuntu

Tsocks There are many network applications that do not have the option to specify a proxy or do not support the use of proxies. In such cases tsocks is a useful tool to wrap all network communication done by a program via a socks proxy. Project website http://tsocks.sourceforge.net/ Install on ubuntu $ sudo apt-get install tsocks Now open the configuration file /etc/tsocks.conf and edit the following ...

Install Tor, Vidalia and Polipo on Ubuntu

TOR is an anonymity solution that can be used as a proxy over the internet. Project website https://www.torproject.org/ Install on Ubuntu $ sudo apt-get install tor vidalia During the installation a configuration screen will come up, asking to select those users who would be using tor. Select the appropriate users on that page and continue. After installing the above programs start Vidalia from the gnome ...

Hacking with nikto – A tutorial for beginners

Nikto Nikto is a vulnerability scanner that scans webservers for thousands of vulnerabilities and other known issues. It is very easy to use and does everything itself, without much instructions. It is included by default in pen testing distros like Kali linux. On other oses/platforms you need to install it manually. Can be downloaded from http://cirt.net/Nikto2. The website describes nikto as follows Nikto ...

Using sqlmap with login forms

In a previous article we saw how to use sqlmap to exploit vulnerable urls of the form http://www.site.com/section.php?id=59 where the id parameter for example is vulnerable to sql injection. Now we shall try to do the same thing with forms, especially login forms. Forms often submit data via post, so the sytanx for launching the sqlmap command would be slightly different. Its important to ...

Hack wordpress blogs with plecost fingerprinting tool

Plecost Plecost is a wordpress fingerprinting tool that can scan wordpress sites and discover what plugins they are using. It also provides the cve links for the known vulnerabilities about the plugins if any. Its written in python Project url http://code.google.com/p/plecost/ Usage Download the files and extract to a directory and open a terminal and get ready to run. Quick example $ python plecost-0.2.2-9-beta.py -i wp_plugin_list.txt -c ...

Sqlmap tutorial for beginners – hacking with sql injection

Sqlmap Sqlmap is one of the most popular and powerful sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read and write files on the remote file system under certain ...

Search network traffic with ngrep | tutorial

Ngrep ngrep or network grep is a command line utility that can be used to search network packets for a given regex pattern or string. ngrep uses the pcap library to capture network packets and gnu regex library to perform regex searches. ngrep is like tcpdump + grep. Project Url http://ngrep.sourceforge.net/ Install ngrep on Ubuntu $ sudo apt-get install ngrep Ngrep on windows The windows version can ...

TCP SYN flood DOS attack with hping

Hping Wikipedia defines hping as : hping is a free packet generator and analyzer for the TCP/IP protocol distributed by Salvatore Sanfilippo (also known as Antirez). Hping is one of the de facto tools for security auditing and testing of firewalls and networks, and was used to exploit the idle scan scanning technique (also invented by the hping author), and now implemented ...

Code a TCP Connect port scanner in PHP

A port scanner is a software application designed to probe a server or host for open ports. We earlier made a TCP Connect port scanner in C here - http://www.binarytides.com/blog/tcp-connect-port-scanner-code-in-c-with-winsock/ and here - http://www.binarytides.com/blog/tcp-connect-port-scanner-with-linux-sockets-bsd/ Now we shall try making the same in PHP. The code is very simple : Using fsockopen <?php /* Simple TCP connect port scanner in php using fsockopen */ //avoid warnings like ...

Pages:«123456»


Connect with us