Sqlmap

How Penetration Testing Tools Can IT Support Engineers

Photo by Christina @ wocintechchat.com on Unsplash

Nmap

Nmap, short for Network Mapper, is a reconnaissance tool that is widely used by ethical hackers to gather information about a target system. This information is key to deciding the proceeding steps to attack the target system. Nmap is cross-platform and works on Mac, Linux, and Windows. It has gained immense popularity in the hacking community due to its ease of use and powerful searching and scanning abilities.

Using Nmap you can:

  • Audit device security
  • Detect open ports on remote hosts
  • Network mapping and enumeration
  • Find vulnerabilities inside any network
  • Launch massive DNS queries against domains and subdomains

Wireshark

Wireshark is free open-source software that allows you to analyze network traffic in real-time. Thanks to its sniffing technology, Wireshark is widely known for its ability to detect security problems in any network, as well as for its effectiveness in solving general networking problems. While sniffing the network, you’re able to intercept and read results in a human-readable format, which makes it easier to identify potential problems (such as low latency), threats and vulnerabilities.

Main features:

  • Saves analysis for offline inspection
  • Packet browser
  • Powerful GUI
  • Rich VoIP analysis
  • Inspects and decompresses gzip files
  • Reads other capture file-formats including Sniffer Pro, Tcpdump, Microsoft network monitor, Cisco Secure IDS IP log, etc.
  • Exports results to XML, PostScript, CSV, or plain text

Wireshark supports up to 2000 different network protocols, and is available on all major operating systems including:

  • Linux
  • Windows
  • Mac OS X

Wapiti

Wapiti is a free open-source command-line based vulnerability scanner written in Python. While it’s not the most popular ethical hacking tool in this field, it does a good job of finding security flaws in many web applications. Using Wapiti can help you to discover security holes including:

  • XSS attacks
  • SQL injections
  • XPath injections
  • XXE injections
  • CRLF injections
  • Server-side request forgery
November 15, 2024 by Career Building 0

8 Offensive Security Tools for SysAdmins

Photo by ThisisEngineering RAEng on Unsplash

Metasploit Framework Metasploit Framework – an open-source tool for exploit development and penetration testing. Metasploit is well known in the security community. Metasploit has exploited for both server and client-based attacks; with feature-packed communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go-to tool if you want to break into a network or computer system.

Defending against Metasploit :

  • Keep all software updated with the latest security patches.
  • Use strong passwords on all systems.
  • Deploy network services with secure configurations.

Ettercap Ettercap – a suite of tools for man in the middle attacks (MITM). Once you have initiated a man in the middle attack with Ettercap, use the modules and scripting capabilities to manipulate or inject traffic on the fly. Sniffing data and passwords are just the beginning; inject to exploit FTW!

Defending against Ettercap :

  • Understand that ARP poisoning is not difficult in a typical switched network.
  • Lockdown network ports.
  • Use secure switch configurations and NAC if the risk is sufficient.

SSLStrip sslstrip – using HTTPS makes people feel warm, fuzzy, and secure. With sslstrip, this security can be attacked, reducing the connection to an unencrypted HTTP session, whereby all the traffic is readable. Banking details, passwords, and emails from your boss, all in the clear. Even includes a nifty feature where the favicon on the unencrypted connection is replaced with a padlock just to make the user keep that that warm fuzzy feeling.

Defending against sslstrip :

  • Be aware of the possibility of MITM attacks (arp, proxies/gateway, wireless).
  • Look for sudden protocol changes in the browser bar. Not really technical mitigation!

Evilgrade evilgrade – another man in the middle attack. Everyone knows that keeping software updated is the way to stay secure. This little utility fakes the upgrade and provides the user with a not so good update. Can exploit the upgrade functionality on around 63 pieces of software including Opera, Notepad++, VMware, Virtualbox, iTunes, QuickTime and Winamp! It really whips the llama’s ass!

Defending against evilgrade :

  • Be aware of the possibility of MITM attacks (arp attacks, proxy/gateway, wireless).
  • Only perform updates to your system or applications on a trusted network.

Social Engineer Toolkit Social-Engineer Toolkit – makes creating a social engineered client-side attack way too easy. Creates the spear phish, sends the email and serves the malicious exploit. SET is the open-source client-side attack weapon of choice.

Defending against SET:

  • User awareness training around spear phishing attacks.
  • Strong Email and Web filtering controls.

SQLmap sqlmap – SQL Injection is an attack vector that has been around for over 10 years. Yet it is still the easiest way to get dumps of entire databases of information. Sqlmap is not only a highly accurate tool for detecting SQL injection, but also has the capability to dump information from the database and to even launch attacks that can result in operating system shell access on the vulnerable system.

Defending against sqlmap :

  • Filter all input on dynamic websites (secure the web applications).
  • Use mod_proxy or other web-based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF).

Aircrack-NG aircrack-ng – breaking holes in wireless networks for fun and profit. A suite of tools that enables all manner of wireless network attacks.

Defending against aircrack-ng:

  • Never use WEP
  • When using WPA2 with pre-shared keys, ensure passwords are strong (10+ characters non-dictionary based passwords).

oclHashcat oclHashcat – Need to get some passwords from the hashes you grabbed with sqlmap? Use this tool to bust them open. Over 48 different hashing algorithms supported. Will use the GPU (if supported) on your graphics card to find those hashes many times faster than your clunky old CPU.

Defending against oclHashcat:

  • Passwords are the weakest link. Enforce password complexity.
  • Protect the hashed passwords.
  • Salt the hashes.
February 15, 2022 by Cyber Security 0

Recent Comments

No comments to show.