DNS Enumeration

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

Today I will show you how to enumerate DNS using various tools. These freely downloadable from Internet. Every Penetration testers know that By Enumerating DNS it is possible to get some important public (May be sometime Private information too) information such as Server name, Server IP address, Sub-domain etc. Anyway, Lets use some tools.

Tool-1 : dnsenum.pl

Download here: http://code.google.com/p/dnsenum/downloads/detail?name=dnsenum-1.2.2.tar.gz&can=2&q= 

Simply open terminal and cd to the dnspath(cd /pentest/enumeration/dns/dnsenum) . If you enter this simple command “./dnsenum.pl” then you will get all options to be use:

So simply we can use this command to enumerate : ./dnsenum.pl target.com.
I was run against google just to take a screenshot :

Screen shot2:

dnsenum outputted some valuable information. But in last it said “brute force file not specified, bay.” This mean that it can take a wordlist for brute forcing the all sub-domain.

So you just need to do : root@pentest: ./dnsenum.pl -f /your/path/of/dictionary.lst target.com

Just read the output of any tools and try to understand. You will see that you fixed any simple program yourself . Actually learning to use tools you don’t need any teacher.

Another tool : fierce.pl
Simply run

root@pentest: fierce.pl -dns target.net

This tool also capable for taking wordlist for brute forcing :
root@pentest: ./fierce.pl -dns target.net -wordlist /path/word.txt

You can also use nslookup:

rbage@pentest:~$ nslookup
> google.com

Non-authoritative answer:
Name:   google.com
Name:   google.com
Name:   google.com
Name:   google.com
Name:   google.com
> set type=mx
> google.com

Non-authoritative answer:
google.com      mail exchanger = 50 alt4.aspmx.l.google.com.
google.com      mail exchanger = 40 alt3.aspmx.l.google.com.
google.com      mail exchanger = 30 alt2.aspmx.l.google.com.
google.com      mail exchanger = 20 alt1.aspmx.l.google.com.
google.com      mail exchanger = 10 aspmx.l.google.com.

Authoritative answers can be found from:
> set type=ns
> google.com

Non-authoritative answer:
google.com      nameserver = ns4.google.com.
google.com      nameserver = ns1.google.com.
google.com      nameserver = ns2.google.com.
google.com      nameserver = ns3.google.com.

Authoritative answers can be found from:

There are many tools for enumerating dns:
dnswalk : http://sourceforge.net/projects/dnswalk/
host: It is built in with Linux
dnsmap: http://code.google.com/p/dnsmap/

Try them….

Web Hacking tools

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

You can get full list of the hacking tools from Here

Burp suite
Download : http://portswigger.net/burp/download.html

Download: http://code.google.com/p/zaproxy/downloads/list

Download: https://sourceforge.net/projects/dirbuster/
Download: http://www.acunetix.com/vulnerability-scanner/download.htm

Download: http://www.w3af.sourceforge.net

Download: http://www.cirt.net/nikto2 

Download: http://sqlmap.sourceforge.net

Tamper Data
Download: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/ 

Live HTTP Header 
Download: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

Cookie Monster 
Download: https://addons.mozilla.org/en-US/firefox/addon/cookie-monster/

Download: https://addons.mozilla.org/en-US/firefox/addon/hackbar/

Download: http://thc.org/thc-hydra/ 

These are most important tools for attacking website(i think these are enough). If you want to work with only tools then There are lots of tools freely downloadable. Visit: HERE

Gathering Information before hacking website.

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

Before attacking(pentesting) a website we must need to gather some important value and then mapping the attack surface. If we don’t understand how the site is working, what is available on the site, what type of input it takes etc then we will not be able to  make a good attack(Rarely success without passing gathering information). Many skid exist around us who just start looking for SQL injection or start brute forcing the web form and at least fail .
Gathering information and mapping the site is very very important So i will explain(not very details) how to, what looks for etc.

Spidering the web:

Basically i look for links, web form, source code, directory etc.
There are many tools you spider target website. But I prefer a proxy tools such Burp suit,owasp-zap and a downloader wget .

We may find out many important information from spidering the target.

Screen shot of Burp suit:

burp suite spidering

Burp suite spiderd some important link which we nee for later attack(Directory,login page, password forgotten pages, robots.txt etc) .

Configuring the burp suite for spider the web :

1. Open the burp suite .
2. Configure your browser as proxy for burp suite>> Firefox: preference>>Advance>>Network>>Setting>>Manual proxy configuration and enter host: localhost and port: 8080

Screen shot:

3. Now browser your target website. And you will see your target address in the burp suite proxy’s target menu.
4. Now right click on your target host from burp then click on the “Spider this host”

Screen shot:

Now it will spider the website.Note:play more with burp suite.

Now we know to configure browser for burp suite and spidering the target host. So let’s continue gathering information.

It is more good thing downloading the entire website using wget or other downloader so that we can browse it offline see the page source code, comment etc. Besides we may need to brute force the web form or anything and creating word list from the target site. So Simply i use wget :

wget -r www.target.com

And it will download the full website. Now browse all pages, see source code, coment etc and see if you i/you get any good information .

Information Gathering with Google:

Google is very powerful search engine and friend for hackers and penetration testers. We can gather many information by google easily. Such as all public information, email, parameter of the site, name, phone etc.

If we search on google with operator ‘site’ then we get many result :


Click on the link and you will see.

I have searched : site:microsoft.com thats why it discovered subdomain. But if we search “site:www.microsoft.com” then we will see result from only www.microsft.com , not for other sub-domains such as login.microsoft.com

More example :
site:www.targets.com filetype:asp
site:www.targets.com inurl:index.php
site:targets.com error
site:targets.com admin

You will find many Google dork : http://www.exploit-db.com/google-dorks/
Don’t be lazy if you are serious.

There are some tools for automated search but i always prefer manually.

So suppose you found a url like : www.target.com/index.php?id=2 by search engine. So is not easy for quick check for invalid input on the “id” parameter(such as SQLi)?

Finding hidden file and content,default file:
You should browse all pages manually, review behavior for all pages. Here some point you can follow :
1. Brute force/Dictionary attack for hidden directory. You can use Burp suite or owasp DirBuster(I will post later about all tools tutorial).

2. See if you find any link like : www.target.com/login.php then there may be also logout.php, or if there is a www.taget.com/adduser.php then it may also exist www.target.com/deleteuser.php…. So try.

3. See the comment in the pages source for any interesting information.

4. Find out the login pages(admin+users).

5. Find out all url and save in a file for later uses.

6. Find out default file,content(What about www.target.com/phpinfo.php?).

7. I think you better run nikto against the site . Nikto is powerful tool for discovering default content.

Finding other information:
What is other information ?

1. Email(Social Engineering attack).

2. Phone number(Social Engineering).

3. Users and employee name(Social Engineering).

4. Find out the web server version. What version of apache, iis they are using? Perhaps if it is old then you may be lucky to find out some vulnerability on exploit-db,security focus for known vulnerability against the old software.

5. What type of web software are they using? Joomla, MyBB, PhpBB , Vbulletin or other? Do you know what version ? If these are old then you may search for vulnerability which already discovered before. 

I think you got some basic idea how to gather information and why you need to gather information. Without gathering information we can’t map our target. For example , If we don’t know how our victim walk, he knows the kung-fu or not(If  he knows kung-fu then we also need to be more powerful than him such as becoming expert Kung-Fu Fighter).
These are not only techniques for gathering information. You need more research about your target, Learn more techniques of information gathering, Use your powerful friend Google. I don’t think so that it is possible to discover some wealth information within a short time. Personally i spend lot of time for familiarizing with my target, spend a long time for gathering information and mapping the target. If you are skid/script kiddies and want to hack just for fun or it is not important for you then sure you have no patient and time for mapping your targets. But a serious hacker will spend lots of time(most of time) for his targets.   At least i hope that i explained most of important thing you need.


Good Luck

How to learn Hacking or becoming a hacker

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

I don’t know how expert i am but i believe these enough for becoming a hacker and i always try to follow them. So just sharing with you.

A) Programming:

1. Python/perl : Learn Python or Perl programming language. You need one of these two language . Do you know why ? For example , creating exploit, Making Custom tools etc.

2.C/C++: You should know this language. Because this will help you in many way. It is powerful language. Perhaps you already know that most of complex and powerful software coded in C/C++. And The Linux/Unix operating system language is created in C Language. For finding exploit or making some nasty thing you need this language.

3. Assembly Language: AH!!! Worry ? Don’t worry. It is not too hard for learning to read or understanding the code. Really you need asm if you are more serious about hacking. Without assembly language you will not be able to find the 0day against software , because debugger only output in asm code. Actually you don’t need to be coder but you should able to read it, understand it… Also if you want to know how computer internal works then best way to learn asm. So go with Intel Syntax and nasm.

4. PHP/SQL/Java script/html: If you want to move to Web hacking then learn at least 2 languages(PHP and MySQL). For example If you found php code injection vulnerable so how you will exploit it? Clear answer is you need PHP knowledge. And if you want to attack Client side then you need javascript and html knowledge, For example EXPLOITING password protected html pages , cros site scripting, Exploiting CSRF etc  . Have you ever heard about SQL injection ? Guess why i told you to learn SQL.Even If you want to find 0day for other framework like wordpress,joomla etc then you must need to have PHP/MySQL knowledge.

But if you are not serious about hacking and want to hack only for fun then some tools will do the job for you(this called skid and script kiddie), But be aware most of time(85%) you will be failed.

B) Networking:
Hackers hack over network(Internet?). So guess why you need to learn networking. You have to understand  how to connect, get familiar with ports, protocols etc. I suggest you to learn:
1. How network work + TCP/IP.
2. Protocols and port.
3. OSI model
C) Operating System:
Of course without operating system nothing is possible. And you must need to learn about operating system deeply. You should be very good in various OS . Earn some Internal knowledge about operating system. Run all existing tools of an OS. See how it works.
1. Linux: Ah , Linux is My first choice. I love Linux OS. It is Open source. Hacker should choice Open source operating system so that they can see the sources code, can modify , run various open source tools etc. I can’t explain lol, Get it right now!
2. Windows: Favorite target operating system for hackers. A lot of bugs and users over the world. Not open source. So you should learn it well. Still i read Windows assembly language and windows internal books instead Linux.
3.Mac:You may need it. But really i don’t know much about mac.
1. Install 2 targets operating system. Linux(Get Ubuntu,Debain,Fedora,Redhat,OpenSuse etc) and windows. Don’t be fucker as some trainer doing with windows only as it is easy to exploit. So Linux also your target.
1. Install various software and tools. Run them . Learn them. See how it works. Install some security software, attack against your target system(Metasploit, nmap etc).
2. Install various networking software such as http,ftp,pop3,smtp,rdp,ssh,nntp etc and attack them and try to break them. try to find some bug such as BOF by Fuzzers . Even install other software For web hacking such as VB,MyBB,PhpBB , joomla etc and run Various tools against these application.
D) Journey:
Now You know what is going on and it is the time to start the journey. Now read some security/hacking books, Search on Google and you will see most of security hole occur from Programming and for networking problem. You will learn very fast. Just remember journey will not be end. So be careful taking enough food(Programming+Networking+OS+Motivation+patient) before starting the long journey.

Don’t give up!

Hope you will be one more genius !!!