Another handy tool for making DNS queries is DIG. dig domain.domain (This is the default and simplest query, but it will provide you with a treasure trove of DNS info) dig +nocmd domain.domain MX +noall +answer (The nocmd option specifies that the request details should not be in the output, and the trailing part will … Continue reading DIG for DNS Queries
Some good ways to query DNS records: nslookup domain.domain Name: domainserver.domain100.net Address: 188.8.131.520 (This is the most basic method of requesting DNS information and will provide you with the IP address - OR if you used the IP address will provide you with an A record) nslookup -query=mx domain.domain domain.domain mail … Continue reading NSLOOKUP for DNS Queries
For those who do not know: You can use Google to help you search for information on your assigned target. Suppose you want to find out more info on Disney. (just an example 🙂 ) You can search for old web content which Google might be storing in it's cache: cache:disney.com (Or an even better source … Continue reading Some Google Hacking
As in the previous post - this post expands on the process in which you send information entered into a webpage to an attacker hosted site. In this example you are exploiting a DOM based XSS vulnerability which means that the vulnerability is exploited entirely on the user/victim side (before interaction with the site/server). You … Continue reading XSS DOM Exploitation
I've seen many tutorials over the last few months regarding the good old: alert('XSS') piece of XSS, but in essence this does very little for you - it just proves that the site is vulnerable to XSS. So a good way to really exploit and make use of a persistent XSS vulnerability is to do … Continue reading Persistent XSS and how to really exploit it.
This is just an example and can be manipulated and played with as you please, but I keep forgetting the format and would like to quickly reference this when required - so it's for me...it's for you too, but it's for me..too: 🙂 <img src='roadtonowhere' onerror="alert('XSS');" />
Another nice tool in the Kali arsenal is called fierce: fierce -dns website.domain This command will uncover a massive list of DNS entries related to the domain in question. You can also add the target DNS server when making requests: fierce -dns website.domain -dnsserver ns.domain.domain