In this post I am going to show you, how to discover windows machines online. These windows machines are desktop users connected to the internet. Many windows versions are known to have vulnerabilities that can be exploited with metasploit by just using the ip address of the system. So the first step would be to find out such machines if any. SMB version scanner Metasploit has an auxiliary scanner module for scanning the samba service [...]

Ping Sweep Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive. Nmap is an excellent tool to do this quickly and effectively. Here is the command $ nmap -sP 192.168.1.1-255 Starting Nmap 6.00 ( http://nmap.org ) at 2013-04-16 18:16 IST Nmap scan report for 192.168.1.1 Host is up (0.0079s latency). Nmap scan report for 192.168.1.92 Host is up (0.010s latency). Nmap [...]

Social Engineering Toolkit Social engineering toolkit is the most powerful tool for performing social engineering attacks. It is the metasploit of social engineering in a way. It provides a very easy user interface to perform attacks like phishing, browser exploitation etc. In this tutorial we are going to see how it can be used to perform phishing attack to try to hack the gmail password of someone. Credential Harvester Attack Credential Harvester attack is one [...]

In the previous post on we learnt how to use sqlmap to hack a vulnerable web application and fetch the list of databases, tables, columns and data rows. In this post we shall see how to do some simple fingerprinting on the remote database to find valuable information that can be used to assist in further exploitation of a system. So lets say we have a vulnerable url http://localhost/weak.php?id=10 where the id parameter is not [...]

Once you are able to gain access to a remote website or server such that you can upload any arbitrary file to it, the next thing you want to try out is get a shell on the system. If the system is running php then a php file can be uploaded to it which will give us a reverse shell. There are many web based shell scripts but getting a terminal based shell is far [...]

Database schemas Databases are present in almost all kinds of application that need to store information in some form or the other. Web applications like blogs, cms, social networking sites or business applications etc all have a database along with the code. The database design or schema determines how the tables and their relationships are constructed. Database design is a crucial component in the overall efficiency of a database application. In this series of posts, [...]

SSL certificates Some websites, specially restricted ones might require you to use a client side ssl certificate to open the pages. The certificate is used as an authentication factor, in place of username/password. When opening such websites in browsers, the browser must provide the ssl certificate. Over here we shall see how to do that in firefox. Setup in firefox 1. Open the options/preferences dialog. 2. Go to Advanced section 3. Switch to Encryption tab. [...]

Chat application In our previous article on we learned about the basics of creating a socket server and client in python. In this post we are going to write a very simple chat application in python that is powered by sockets. The chat application we are going to make will be more like a chat room, rather than a peer to peer chat. So this means that multiple users can connect to the chat server [...]

The telnet client is a simple commandline utility that is used to connect to socket servers and exchange text messages. Here is an example of how to use telnet to connect to google.com and fetch the homepage. $ telnet google.com 80 The above command will connect to google.com on port 80. $ telnet google.com 80 Trying 74.125.236.69… Connected to google.com. Escape character is ‘^]’. Now that it is connected, the telnet command can take user [...]

In a previous article on we saw how to construct raw icmp echo packets and send them out in large quantities to remote hosts in an attempt to bomb them. Now we are going to construct the same program for windows using the winsock socket api. The above code can be compiled using Microsoft Visual c++ 2010 express edition. Create a new project and add a c file and then copy paste the code and [...]