Another tool I want to write about is the DNSENUM tool: dnsenum website.domain (This is the most basic of queries) dnsenum website.domain --dnsserver ns.domain.domain (Once you find the ns servers responsible for the domain you can specify them manually with the --dnsserver flag) You can also attempt a brute force enumeration by specifying the brute force… Continue reading DNSENUM for DNS Queries
Another handy tool for making DNS queries is DIG. dig domain.domain (This is the default and simplest query, but it will provide you with a treasure trove of DNS info) dig +nocmd domain.domain MX +noall +answer (The nocmd option specifies that the request details should not be in the output, and the trailing part will… Continue reading DIG for DNS Queries
Some good ways to query DNS records: nslookup domain.domain Name: domainserver.domain100.net Address: 126.96.36.1990 (This is the most basic method of requesting DNS information and will provide you with the IP address - OR if you used the IP address will provide you with an A record) nslookup -query=mx domain.domain domain.domain mail… Continue reading NSLOOKUP for DNS Queries
For those who do not know: You can use Google to help you search for information on your assigned target. Suppose you want to find out more info on Disney. (just an example 🙂 ) You can search for old web content which Google might be storing in it's cache: cache:disney.com (Or an even better source… Continue reading Some Google Hacking
As in the previous post - this post expands on the process in which you send information entered into a webpage to an attacker hosted site. In this example you are exploiting a DOM based XSS vulnerability which means that the vulnerability is exploited entirely on the user/victim side (before interaction with the site/server). You… Continue reading XSS DOM Exploitation
I've seen many tutorials over the last few months regarding the good old: alert('XSS') piece of XSS, but in essence this does very little for you - it just proves that the site is vulnerable to XSS. So a good way to really exploit and make use of a persistent XSS vulnerability is to do… Continue reading Persistent XSS and how to really exploit it.
This is just an example and can be manipulated and played with as you please, but I keep forgetting the format and would like to quickly reference this when required - so it's for me...it's for you too, but it's for me..too: 🙂 <img src='roadtonowhere' onerror="alert('XSS');" />