Category Archives: Ethical Hacking

May 15 0 comments
Ethical Hacking

DNS Spoofing with Ettercap

What is DNS Spoofing?

DNS spoofing is a part of computer hacking in which searched domain names are diverted to some other incorrect IP address due to which the traffic of the victim’s system is diverted to attacker’s system. Using DNS spoofing poison is injected into the address resolution protocol of the victim.

Consider that an attacker started DNS spoofing on the system of a victim and diverted the IP of facebook.com to the attacker’s own IP address. If the victim tries to open facebook.com,  the DNS will open the attacker’s IP instead of facebook.com. If the attacker does that, there is a big probability of stealing data or cookies from the victim’s system.

Get the whole story »

May 14 0 comments
Ethical Hacking

WPScan Basics

What is WPScan?

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.

Get the whole story »

May 14 0 comments
Ethical Hacking

Nikto Basics

What is Nikto?

Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received.

Get the whole story »

May 13 0 comments
Ethical Hacking

Nmap Basics

What is Nmap?

Network Mapped (Nmap) is a network scanning and host detection tool that is very useful during several steps of penetration testing. Nmap is not limited to merely gathering information and enumeration, but it is also powerful utility that can be used as a vulnerability detector or a security scanner.

Get the whole story »

May 13 0 comments
Ethical Hacking

Maltego Basics

What is Maltego?

Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.

Get the whole story »

May 12 0 comments
Ethical Hacking

Website Cloning with SE Toolkit

What is Website Cloning and SE Toolkit?

Website cloning is an action to create an exact copy of a website, which usually used to find vulnerabilities and develop exploits on the cloned website. In this case, website cloning is used to act as a fake website that will receive input from users such as login credential.

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

Get the whole story »

May 12 0 comments
Ethical Hacking

Android Hacking with MSFvenom

What is Smartphone hacking and MSFvenom?

Smart phone hacking is a practice whereby a third party gains access to an individual’s smartphone through a variety of methods, mostly using a dangerous application that provide remote access to the listener or hacker.

MSFvenom is an instance of Metasploit framework and a combination of Msfpayload and Msfencode. msfvenom replaced both msfpayload and msfencode5.

Get the whole story »

May 11 0 comments
Ethical Hacking

CVE 2014-6271 Exploitation with Metasploit

What is Metasploit?

Metasploit is a penetration testing framework that makes hacking simple. It’s an essential tool for many attackers and defenders. Point Metasploit at your target, pick an exploit, what payload to drop, and hit Enter.

Metasploit Framework is a software platform for developing, testing, and executing exploits. It can be used to create security testing tools and exploit modules and also as a penetration testing system.

The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development.

Get the whole story »

May 11 0 comments
Ethical Hacking

Using Custom Certificate with Burp Proxy

What is Burp Proxy?

Burp Proxy lies at the heart of Burp’s user-driven workflow. It operates as a web proxy server between your browser and target applications, and lets you intercept, inspect and modify the raw traffic passing in both directions.

Burp Suite Proxy also gives you a direct view into how your target application works “under the hood”. It operates as a web proxy server, and sits as a man-in-the-middle between your browser and destination web servers. This lets you intercept, inspect and modify the raw traffic passing in both directions.

If the application employs HTTPS, Burp breaks the SSL connection between your browser and the server, so that even encrypted data can be viewed and modified within the Proxy.

Get the whole story »

May 10 0 comments
Ethical Hacking

Credential Sniffing with TCPDump

What is TCPDump?

Tcpdump is a type of packet analyzer software utility that monitors and logs TCP/IP traffic passing between a network and the computer on which it is executed, or more technically a packet sniffer.

Using tcpdump command we can capture the live TCP/IP packets and these packets can also be saved to a file. Later on these captured packets can be analyzed via tcpdump command. tcpdump command becomes very handy when it comes to troubleshooting on network level.

Get the whole story »