Showing posts with label Kali Linux. Show all posts
Showing posts with label Kali Linux. Show all posts

Thursday, November 6, 2014

Harvesting Email Address (Part-1)

Today we will learn about harvesting email address from any domain. For this you need Kali Linux or Backtrack, if you don't have any of this then first install them on your virtual machine (recommended). Refer to my earlier post on how to install Kali Linux or Backtrack.

Step 1: Start your Kali Linux machine.

Step 2: Open terminal.

Step 3: Type:   theharvester
            Here you will come to see many options on using this.

Step 4: To harvest email address from a site: victimsite.com... 
            Type: theharvester -d victimsite.com -b google
            Here we have chosen Google to harvest site. You can choose any other option like Linkedin, Bing, pgp or even all by just typing all.

Step 5: If you want more of the result you can use -l option. It restricts on how many result you want to see. By default its 100 for Google and 50 for Bing. 
            Type: theharvester -d victimsite.com -l 500 -b google

If you are facing any problem then view this video tutorial for complete reference.


Don't forget to subscribe my Youtube channel and Like us on Facebook.

Author: Unpredictable

Feel free to send us your query @ prashantsavior@gmail.com
Posted by at No comments:
Labels: , , , ,

Thursday, October 9, 2014

Install Backtrack 5 in VMware

Hello friends, I hope you all must have enjoyed your holiday. So, lets get back on track and start the show once again. 

When we search for hacking related tutorials in Google, we come across many tutorials which require Backtrack or Kali Linux. But it is not possible for everyone to install Backtrack into their computer. So in that scenario we can install our penetration testing OS onto a Virtual machine. Before we go to the tutorial part lets have a basic idea on Backtrack and Virtual machine.

Q. What is Backtrack?
--> Backtrack is an OS which has all the pre-installed script and repositories required for performing a penetration testing (in layman language required for hacking). It is the Linux based OS. The present stable version of Backtrack is Backtrack 5. There are few other penetration testing OS like Kali Linux, Black Box, etc.
I would recommend you to use Kali Linux, because the online support for Kali Linux is available and is easy to get. Steps of using are some what same. However, here I will be using Backtrack 5, which is very famous in the field.

Q. What is Virtual Machine?
--> A virtual machine (VM) is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both. Some of the Virtual machines are VMware, Virtual Box, etc. Here we will be using VMware.

Lets start with the tutorial --------->

Requirement:
Before we start with our tutorial, download these things:
1. VMware
2. Kali Linux or Backtrack 5

Follow these simple steps to Install:

Step 1: Install VMware.
Step 2: Open Vmware 

Step 3: Click on Create a new virtual machine

Step 4: Click on next and select the iso file from your hardisk.

Step 5: Select Linux and select your version (I have 32 bit iso file so I selected just Ubuntu, if you have got 64 bit then go for 64 bit Ubuntu)

Step 6: Write the name of your machine and click on Next (make sure you have around 12 GB of space in your C drive else choose the path somewhere else where you have got ample of space)

Step 7: Finally click on Finish

Step 8: Press enter and the booting will start then select the first option and press enter


Step 9: To go into the GUI view type startx and press enter

Step 10: Click on install Backtrack and follow the further simple steps to install


Note:

Default username and password are:
username: root
password: toor

For more information feel free to write us @ prashantsavior@gmail.com and don't forget to like us in Facebook.
Posted by at No comments:
Labels: , , , ,

Sunday, May 18, 2014

Website Scanning Through Nikito (in Backtrack 5)

Website Scanning Tutorial Through Nikto

When we talk about scanning website to find the vulnerability, we have many tools in Backtrack 5/ Kali Linux which serves the best and "Nikto" is one of them. These tools are efficiently used to measure the security level of the web applications.

About Nikto:
  • Nikto is an open source.
  • It can check a web server for over 6400 potentially dangerous files/CGIs.
  • It checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.
  • It checks the plug in and un-configured files.
  • Fast & Effective.
  • It finds out the default files and programs.
  • It finds out the insecure files and programs.
Features:


  • Full HTTP proxy support.
  • Apache user name enumeration.
  • Logging to Metasploit.
  • Secure Socket Layer support (SSL).
  • Sub-domain brute forcing (guessing).
  • Easy to update.
  • Save report on multiple format.

Requirements:
  • Backtrack 5 / Kali Linux with Perl installed in it.

Tutorial:


The basic scan requires a host to scan, that means you need a website to scan. You can use a IP of the website or just its website name. Here I have taken the website as http://www.mytargetsite.com/ . You can take the website which you want to scan.


Open Nikto by following this:



1. To scan a website for the vulnerability we type:
$ perl nikito.pl -host http://www.mytargetsite.com/
or
$ perl nikito.pl -h http://www.mytargetsite.com/



2. For help:
$ perl nikto.pl -H http://www.mytargetsite.com/

3. If you want to check different port than use:
$ perl nikto.pl -h http://www.mytargetsite.com/ -p [port number]



4. If you want this test via proxy than you can use by this command:
$ perl nikto.pl -h http://www.mytargetsite.com/ -useproxy http://localhost:8080/

5. Now for updating nikto use:
$ perl nikto.pl -update 

6. To search vulnerability in multiple port within a range (e.g., we are searching port no. 80 to 100):
$ perl nikto.pl -h http://www.mytargetsite.com/ -port 80-100

7. To save the scan result in a text file for later use:
$ perl nikto.pl -h http://www.mytargetsite.com/ -output ./filename.txt


Note: Nikto scans port no. 80 by default. If you want to scan different port then choose another port (step 3).

For any query comment below or write us @ prashantsavior@gmail.com

Article by: Unpredictable



                  Posted by at No comments:
                  Labels: , , , ,
                  Subscribe to: Posts (Atom)