1 / 10

Top 1010 Hacking Tools

Top 1010 Hacking Tools. Knowledge!. milw0rm.org OWASP.org governmentsecurity.org packetstormsecurity.org securiteam.com -A few of these sites are considered “Archive” sites, but many of these older (exploitable) software suites are still in production environments. Reverse Engineering.

madge
Download Presentation

Top 1010 Hacking Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Top 1010 Hacking Tools

  2. Knowledge! • milw0rm.org • OWASP.org • governmentsecurity.org • packetstormsecurity.org • securiteam.com -A few of these sites are considered “Archive” sites, but many of these older (exploitable) software suites are still in production environments

  3. Reverse Engineering • Spices.net • Ollydbg • Trillix -Useful for decompiling entry-point software (custom secure tunnels) -Often poorly designed, leaving weaknesses easily accessible to the code-savvy

  4. Cracking/Bruting/Dict. Attacks • Ophcrack -A livecd, based on a linux distro, which allows the system to use as much resources as possible for bruteforcing. • John the Ripper -DES, DDR1 & DDR2, Kerberos AFS, MD5, Blowfish, Windows LM • Wordlists (plain-text.info)

  5. Fuzzing/Stressing • WSFuzzer • neuroFUZZ -Used to provide “random data” (“fuzz”) to web applications, in order to determine the handling of such information. • QEngine -Can be utilized to perform monotonous tasks at a blazing speed, often resulting in a fail-open mode

  6. Injection • Sqlninja -Uses carefully crafted SQL injection methods to fully expose the structure and entries of a MSSQL database • SQL power injector -Automates the process of crafting sql injection queries, simplifies blind SQL injection • Learn the various languages -just enough to learn how to craft queries

  7. Mirroring|gnirorriM • Wget • Xenu (lol) -Able to download entire structures of websites directly. -If target has not properly enabled security, server-side scripts (php) often come down as well.

  8. Forensic Exploration • PMDump&TestDisk -Allows dumping of an active process' memory to a file without interrupting the process. • Photorec -Recovery of “lost” files, supporting almost all filesystem types, able to piece broken sectors together into known filetypes

  9. MITM/Spoofing • dsniff • Ettercap -Easily manage MITM, allowing you to become an AP or DHCP server. • Karma -Used in “Evil Twin” MITM attacks, which allow all responses sent from external web apps to be sent you the target, as well as the “Evil Twin” (you).

  10. Links

More Related