background preloader

Netcraft - Search Web by Domain

Netcraft - Search Web by Domain

Basic search help : Google search basics - Web Search Help Learn a few tips and tricks to help you easily find information on Google. Tip 1: Start with the basics No matter what you're looking for, start with a simple search like where's the closest airport?. If you're looking for a place or product in a specific location, add the location. Tip 2: Search using your voice Tired of typing? . Tip 3: Choose words carefully When you're deciding what words to put in the search box, try to choose words that are likely to appear on the site you're looking for. Tip 4: Don’t worry about the little things Spelling: Google's spell checker automatically uses the most common spelling of a given word, whether or not you spell it correctly. Tip 5: Find quick answers For many searches, Google will do the work for you and show an answer to your question in the search results. Weather: Search weather to see the weather in your location or add a city name, like weather seattle, to find weather for a certain place. Expert Search tips

Wireshark: Determining a SMB and NTLM version in a Windows environment « Knowledge for all (and free) ! The last few days I am playing around with wireshark and I must say I enjoy working with this program. It has saved the day for me a couple of times by giving me information that is only retrieved by looking at packet level. In this article I was looking at SMB and NTLM traffic in a windows environment. I noticed that our XP based network was running NTLMv1 that is considered unsecure. Intro NTLM over a Server Message Block (SMB) transport is one of the most common uses of NTLM authentication and encryption. The NT LAN Manager (NTLM) Authentication Protocol is used in Microsoft Windows Networks for authentication between clients and servers. Step 1 and 2 – The SMB protocol negotiates protocol-specific options using the SMB_COM_NEGOTIATE request and response messages. Step 3 – The client sends an SMB_COM_SESSION_SETUP_ANDX request message. Step 4 – The server responds with an SMB_COM_SESSION_SETUP_ANDX response message within which an NTLM CHALLENGE_MESSAGE is embedded. Wiresharking

More search help : Google search basics - Web Search Help You can use symbols or words in your search to make your search results more precise. Google Search usually ignores punctuation that isn’t part of a search operator. Don’t put spaces between the symbol or word and your search term. A search for site:nytimes.com will work, but site: nytimes.com won’t. Refine image searches Overall Advanced Search Go to Advanced Image Search. Search for an exact image size Right after the word you're looking for, add the text imagesize:widthxheight. Example: imagesize:500x400 Common search techniques Search social media Put @ in front of a word to search social media. Search for a price Put $ in front of a number. Search hashtags Put # in front of a word. Exclude words from your search Put - in front of a word you want to leave out. Search for an exact match Put a word or phrase inside quotes. Search within a range of numbers Put .. between two numbers. Combine searches Put "OR" between each search query. Search for a specific site Search for related sites

Defence in Depth: Attacking LM/NTLMv1 Challenge/Response Authentication In Part 1 of the “LM/NTLMv1 Challenge/Response Authentication” series I discussed how both the LANMAN/NTLMv1 protocols operate and the weaknesses that plague these protocols. In this post I will demonstrate how attackers leverage these weaknesses to exploit the LANMAN/NTLMv1 protocols in order to compromise user credentials. For the remainder of this article I will be focusing on attacking the SMB protocol (Windows file sharing) as this is where LANMAN/NTLMv1 is most commonly used. Capturing the Response In order to capture a client’s LANMAN/NTLMv1 response, attackers will often utilise one of two methods: Force the client host to connect to them Conduct a man-in-the-middle (MITM) attack and “sniff” the client’s response To demonstrate these methods, I will be using the Metasploit Framework or Cain and Abel respectively. Metasploit In order for a client host to connect to us, we first need to create a listening SMB service that will accept incoming connections. 1. 2. 3. 4. msf > run 1. 2. 3.

John The Ripper Hash Formats John the Ripper is a favourite password cracking tool of many pentesters. There is plenty of documentation about its command line options. I’ve encountered the following problems using John the Ripper. These are not problems with the tool itself, but inherent problems with pentesting and password cracking in general. Sometimes I stumble across hashes on a pentest, but don’t recognise the format, don’t know if it’s supported by john, or whether there are multiple “–format” options I should try.The hashes you collect on a pentest sometimes need munging into a different format… but what’s the format john is expecting? These problems can all be sorted with a bit of googling or grepping through the john source code. In the first release of this page I’ve: I haven’t yet done the following: Added reminders on how hashes can be collected.Added information on how to munge the hashes into a format supported by john. This sheet was originally based on john-1.7.8-jumbo-5. afs – Kerberos AFS DES pdf – pdf

Hacking Embedded Devices: UART Consoles - MWR Labs The ‘Hardware Hacking’ scene has exploded recently, thanks largely to the widespread adoption of devices such as the Arduino and Raspberry PI by the hacking community. Applying hardware hacking techniques during product assessments can often give unrivaled levels of access to hidden or undocumented functionality particularly when reviewing embedded devices such as routers, switches and access points. Prior to his employment with MWR, Hacker Fantastic, a Senior Security Consultant with MWR, reviewed the “SAGEM F@ST2504 Sky Broadband router”, at the time a popular consumer broadband device, and documented his findings in a blog post and presentation titled Hacking Embedded Devices: For Fun and Profit. Matthew has since followed up on his prior work by reviewing the “Virgin Media SuperHub” a Cable Modem/Router used by Virgin Media Cable in the UK and re-visited his assessment of the “SAGEM F@ST2504 Sky Broadband router”. UART Hacking Sky Broadband Router Virgin Media SuperHub

Flu Project: Anubis Anubis es una aplicación desarrollada por Juan Antonio Calles en colaboración con Pablo González, del Flu Project Team, diseñada para anexionar gran parte de las herramientas necesarias para los procesos de las Auditorías de Seguridad y Test de Intrusión dedicados a la búsqueda de información, denominados Footprinting y Fingerprinting, en una única herramienta. Con ésta herramienta el auditor no solo conseguirá ahorrar tiempo durante la auditoría, sino que descubrirá nueva información que de manera manual no podría gracias a las automatizaciones que lleva Anubis incorporadas. Entre otras funcionalidades, Anubis permite buscar dominios mediante técnicas basadas en Google Hacking, Bing Hacking, ataques de fuerza bruta contra el DNS, transferencias de zona, etc. Permite identificar el sistema operativo de las máquinas que hay tras los dominios mediante análisis del banner, búsqueda de errores y la integración de la herramienta nmap. Descarga Anubis v1.3 desde AQUÍ.

Intelligence Gathering - The Penetration Testing Execution Standard This section defines the Intelligence Gathering activities of a penetration test. The purpose of this document is to provide a standard designed specifically for the pentester performing reconnaissance against a target (typically corporate, military, or related). The document details the thought process and goals of pentesting reconnaissance, and when used properly, helps the reader to produce a highly strategic plan for attacking a target. Background Concepts Levels are an important concept for this document and for PTES as a whole. It’s a maturity model of sorts for pentesting. The Intelligence Gathering levels are currently split into three categories, and a typical example is given for each one. Level 1 Information Gathering (think: Compliance Driven) Mainly a click-button information gathering process. Acme Corporation is required to be compliant with PCI / FISMA / HIPAA. Level 2 Information Gathering Level 3 Information Gathering What it is Why do it What is it not Corporate Physical

Find Subdomains :: Online Penetration Testing Tools | Ethical Hacking Tools About this tool 'Find Subdomains' allows you to discover subdomains of your target domain and increase your attack surface. Finding subdomains is useful in a penetration test because they point to different applications and indicate different external network ranges used by the target company. For instance, x.company.com points to IP 1.1.1.1 and y.company.com points to IP 2.2.2.2. Furthermore, subdomains sometimes host 'non-public' applications (e.g. test, development, restricted) which are usually less secure than the public applications so they can be the primary attack targets. Parameters Domain name: is the target domain (ex. oracle.com, yahoo.com, etc) Include subdomain details: this option instructs the tool to do DNS resolution for each subdomain discovered and whois queries in order to determine the network owners of the ip addresses How it works

Related: