Devilz Linux

at is most likely to work against that site or network. In this tutorial, we will looking at FOCA's ability to find, download, and retrieve files from websites with the file's metadata. This metadata can give us insight into such information as the users (could be critical in cracking passwords), operating system (exploits are OS-specific), email addresses (possibly for social engineering), the software used (once again, exploits are OS-, and more and more often, application-specific), and if we are really lucky, passwords. Step 1 Downlaod FOCA for Windows First, let's download FOCA Free 3.0 for Windows . Step 2 Choose Where You Save Results When you install FOCA, you will greeted with a screen like that below. The first task we need to do is to start a new project and then tell FOCA where we want to save our results. Click on image to enlarge. I created a new directory at c:\foca and will save all my results there. Of course, you can save y

Why Passive Recon? Reconnaissance can be divided into at least two categories, active and passive. Active reconnaissance requires that you interact with the target computer system to gain information about it. Although this can be very useful and accurate, it risks detection. If you're detected doing reconnaissance on a system, the system admin may choose to block your IP address and you'll leave a trail to your subsequent activity. If possible, we would prefer to gather the essential information without ever interacting with the system, thus leaving no trail to trace back to us. That's what passive reconnaissance is. Although there are a number of ways to conduct passive recon, one of the best ways is to use a website like Netcraft . Step 1 Navigate a Browser to Netcraft Let's open a browser and navigate to the Netcraft website. We should see a webpage that looks like this. Netcraft is a UK company that tracks virtually every webs

Welcome back, my hacker noviates! In a recent post, I introduced you to Shodan , the world's most dangerous search engine. Shodan crawls the globe from IP to IP address, attempting to pull the banners of each web-enabled device and server it finds. These banners are what the web servers and devices "advertise" to the world as to who they are. By searching these web banners, we can find the log-in interface for nearly every web-enabled device on planet earth. Shodan Doesn't Index Content, It Indexes Banners It's important to note that unlike Google, Bing, Yahoo, and other search engines, Shodan does not index the content of a website, rather it indexes the information in the banner. These banners will tell us whether the device is a webcam, a router, a VOIP phone system, or whatever, along with something about the underlying technology. To do a specific search in Shodan, you need to understand what is in these banners and how we can use it to se

NMAP is an essential tool in any hacker's arsenal. Originally written by Gordon Lyon aka Fydor, it's used to locate hosts and services and create a map of the network. NMAP has always been an incredibly powerful tool, but with it's newest release, which dropped mid-November of last year, they've really out done themselves. NMAP version 7 comes equipped with a ton of new scripts you can use to do everything from DoSing targets to exploiting them (with written permission, of course). The scripts cover the following categories Auth: Use to test whether you can bypass authentication mechanism Broadcast: Use to find other hosts on the network and automatically add them to scanning que. Brute: Use for brute password guessing. Discovery: Use to discover more about the network. Dos: Use to test whether a target is vulnerable to DoS Exploit: Use to actively exploit a vulnerability Fuzzer: Use to test how server responds to unexpected or randomized fields

In this tutorial, we'll look at active reconnaissance of a target with one of the best network scann ing tools, nmap . The risk with active scanning is that you will be detected and the security hardware or security admin will block any further attempts by you to pwn the site, or worse—report you to law enforcement. Nmap has multiple modes of scanning a potential target and many ways of evading detection. Step 1 Open Nmap Step 2 Using Nmap When you select nmap, you'll open a screen that looks like the screenshot below. Note that it opens a Linux terminal with the help screen for nmap. Whenever you want to see the help screen, you can simply type at the command prompt: bt > nmap -h You can also get the manual for nmap by typing: bt > man nmap Nmap is a delightful tool for gathering information on a network or site. For instance, if we want to gather information on ESPN.com , we can type: bt > nmap -sT espn.com

I encourage you to start with these reconnaissance tools and others before even considering hacking/exploitation. In recent years, a brand new reconnaissance framework has become available to us that leverages many of the tools we are already using, but makes them far more powerful. This tool, Recon-ng , was developed by Tim Tomes while at Black Hills Information Security. He developed it as a Python script and tried to model its usage after Metasploit, making it easy for a pentester with Metasploit skills to use Recon-ng. It is built into Kali, so there's no need to download or install anything. Let's explore its many and powerful capabilities a bit here. Step 1 Starting Recon-Ng Fire up Kali, open a terminal, and type: kali > recon-ng This will open a splash screen like below. Note that the splash screen lists the number of modules by type. Unlike SET, but rather like Metasploit, we use commands and not numbers to use Recon-ng. Step 2 Vi