Toolbox

…was man so in der Tasche haben sollte…

The Social-Engineer Toolkit (SET) is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of time. These kind of tools use human behaviors to trick them to the attack vectors.

• Harvester Attack - fake google login
• Fake Facebook
• https://www.tutorialspoint.com/kali_linux/kali_linux_social_engineering.htm#
• Use fake Mails

• https://whois.com/whois/
• whois.domaintools.com

* https://hunter.io → findet un verifiziert Mailadressen

• Keylogging und Keystroke sniffing
• Commandlist

• https://medium.com/rahasak/hacking-with-tshark-44dd5e1a5cef
• https://linoxide.com/network-sniffing-tshark/
• https://allabouttesting.org/tshark-basic-tutorial-with-practical-examples/

Perform Packet Crafting Packet crafting is a method to craft a network packet in a specific manner. Packet crafting has been widely used for testing the firewalls, whether they allow the crafted packets or simply block them. Hping3 is a tool that is used for packet crafting.

There are four stages in packet crafting:

1. Packet Assembly: A packet is fabricated to be sent.
2. Packet Editing: The fabricated packet is tested and tuned if required.
3. Packet Playing: After the packet editing phase, the packet is sent to the network.
4. Packet Analysis: The attacker uses a packet sniffing tool, such as Wireshark, to capture and analyze the packets.

hping3 -F -c 1 -p 80 -s 5150 192.168.0.6

In the output, the target responds with the RST-ACK response. Notice the RA value in the flags field.

hping3 -S -c 1 -p 80 -s 5150 192.168.0.6

Notice that the output is similar to the FIN flag.
Siehe: https://techyrick.com/hping3-full-tutorial-for-dummies-to-pro/

Scant nach OS-Versionen
Siehe:

• https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-new-p0f-3-0-for-os-fingerprinting-forensics-0151703/
• https://www.youtube.com/watch?v=0I1D5SsMbOU

Kali Linux also contains a DNS enumeration tool named DNSRecon. To use DNSRecon, type the following command:

dnsrecon -d practicelabs.com -t axfr

Next, you can also use another tool named DNSEnum, which also provides similar information to the DNSRecon tool. Type the following command:

dnsenum practicelabs.com

scannt eine Webseite ob sie hinter einer waf Firewall steht

wafw00f http://192.168.0.10

To identify the NetBIOS information, you can use the nbtscan command. Type the following command:

nbtscan -r 192.168.0.0/24

To scan a Website for vulnerabilities

nikto -host http://192.168.0.10 -o plab.html

By default, Lynis will perform a local system scan. You have the option to run a normal audit scan or can run the entire system scan. Let’s first run the normal audit scan. Type the following command:

lynis audit system -c

• Scarpy introductions
  

• https://www.hackingarticles.in/a-detailed-guide-on-cewl/

The hydra command takes the following parameters inputs: -t: Defines the number of logins to try simultaneously. -V: Displays each attempt of login and password. -f: Stops the dictionary attack after a suitable match for username and password is found. -l username: Defines a username that needs to be cracked. For example, the bee was the username for the bWAPP application. If you do not know the username, you can use the -L parameter and provide a username list, which is similar to wordlist. -P wordlist: Defines the wordlist containing probable passwords. You can use -p parameter for a single password.The website name or IP address: Defines the Website name or its IP address. Protocol: Defines the services on which the dictionary attack is launched.

hydra -t 5 -V -f -l bee -P /root/Desktop/plab.txt 192.168.0.10 ftp

* https://www.hackingarticles.in/a-detailed-guide-on-hydra/