Category Archives: Uncategorized
Nmap
Nmap is a free, open-source tool for vulnerability scanning and network discovery. first, it needs open nmap in Kali Linux and type nmap -l team2.pentest.id : based on that figured, it get the informations about which port is open. and … Continue reading
Lab 4 DNS and ARP spoofing
First, it needs to open the SET tool. It will appear like this and choose number 1: Next, choose number 2: After that, choose number 3: Furthermore, choose the clone site: And it will ask to type the IP address … Continue reading
Social Engineering Toolkit
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. In this case, it will make a clone website to get the username and password from thee target. Open Kali Linux in VM. After that … Continue reading
Maltego
Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. This tool for gathering the information. Maltego is a program that can be used to determine the relationships and … Continue reading
DHCP
Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to dynamically assign an IP address to any new node entering the network. DHCP is an automated method by which any newly added or transferred node in a network … Continue reading
The Harvester
The harvester is a tool for gathering the information about email account, email subdomain, and hostname. This tool designed to help the penetration tester on an earlier step. the sources support are: Google – emails, subdomain Bing Search – emails, … Continue reading
Shellshock
Shellshock is vulnerability to get information of the target data and metasploit is the tool. First of all, it needs two virtual machine which are kali Linux as the attacker and kali Linux backtrack as the target. After that, the … Continue reading
WPSCAN
Wpscan is a tool of vulnerability scanner that finds the security issue. Usually, this tool used to get some data in WordPress which is the username. This tool also could get the vulnerability and fingerprint of WordPress. first of all, … Continue reading
Arp Spoofing
Arp spoofing is a technique to get the information between two computers which is the password and username when the victim sign in with another website. First of all, it needs two virtual machines which are two Kali Linux and … Continue reading
Burp Suite Certificate
First, Open the terminal and type “openssl req –x509 –days 730 –nodes –newkey rsa:2048 –outform des –keyout server.key –out ca.der” After that, we need the RSA and type in the terminal “openssl rsa –in server.key –inform pem –outform der” and … Continue reading