Three tools for bruteforcing

Hydra, Ncrack and Medusa (although ncrack is no longer being actively developed and supported): hydra -L /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt ssh:// medusa -h -M ssh -U /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt ncrack -vv -U /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt -p ssh Please make sure that you have a good word and password list for this exercise. It might… Continue reading Three tools for bruteforcing


Performing MitM attacks using arpspoof

In this scenario we will perform a MitM attack though arp spoofing. The concept basically comes down to ensuring that you can poison the arp table of the target machine and also the arp table of it's default gateway. For this example we will use arpspoof with the target's IP set to and it's… Continue reading Performing MitM attacks using arpspoof


WHOIS for gathering more domain information

To find out information pertaining to the owners of a domain you can make use of the whois tool: whois website.domain.domain Of course you do not have to settle for the information returned in the previous request - you can specify the whois server you would like to query to perhaps return even more information:… Continue reading WHOIS for gathering more domain information


DNSENUM for DNS Queries

Another tool I want to write about is the DNSENUM tool: dnsenum website.domain (This is the most basic of queries) dnsenum website.domain --dnsserver ns.domain.domain (Once you find the ns servers responsible for the domain you can specify them manually with the --dnsserver flag) You can also attempt a brute force enumeration by specifying the brute force… Continue reading DNSENUM for DNS Queries

InfoSec, Linux help

DIG for DNS Queries

Another handy tool for making DNS queries is DIG. dig domain.domain (This is the default and simplest query, but it will provide you with a treasure trove of DNS info) dig +nocmd domain.domain MX +noall +answer (The nocmd option specifies that the request details should not be in the output, and the trailing part will… Continue reading DIG for DNS Queries

InfoSec, Linux help, Microsoft help

NSLOOKUP for DNS Queries

Some good ways to query DNS records: nslookup domain.domain Name: Address: (This is the most basic method of requesting DNS information and will provide you with the IP address - OR if you used the IP address will provide you with an A record) nslookup -query=mx domain.domain domain.domain          mail… Continue reading NSLOOKUP for DNS Queries