Author Archives: Silver Moon
Find the location of apache configuration file
Apache is a web server that is available for all major platforms. Each OS stores the apache in a different directory or path, due to which it takes some effort to find the configuration file when needed. For example Ubuntu and fedora store it in different locations inspite of both being linux. So here are… Read More »
How to change the theme in kali linux 1.0
Kali Linux Kali Linux is the successor of Backtrack. It follows Backtrack 5rc3 as the next version. Backtrack was based on Ubuntu, but Kali linux is based on Debian. And further more the default desktop that is gnome has been hacked and modified to a large extent. It is gnome 3.4 but is made to… Read More »
Use sqlmap with tor proxy
When trying to exploit some website using sqlmap, its a good idea to be anonymous. Sqlmap has excellent support for using common proxies or tor. First start tor and ensure that it is running the socks5 daemon on port 9050. Then use the socks5 proxy with sqlmap as follows # ./sqlmap.py –tor –tor-type=SOCKS5 -u "http://www.hackable.org/view_section.php?id=10"… Read More »
How to Install and run Sqlmap on Windows
Sqlmap is the most popular tool for automated exploitation of sql injection vulnerability and database takeover. Its written in python is cross platform. If you are using Backtrack then sqlmap comes pre packaged in it. In this post I am going to show you the simple process to setup and run sqlmap on windows. 1…. Read More »
Email harvesting with metasploit | tutorial
Out of the many useful auxiliary modules that metasploit has, one is called search_email_collector which searches google, bing and yahoo for email addresses associated to a particular domain. This is useful in automated information gathering during a penetration test program. The location inside msfconsole is auxiliary/gather/search_email_collector So lets try it out. Launch msfconsole. I am… Read More »
How to Ping Sweep / Scan the Network with Nmap
Ping Sweep Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive. Nmap is an excellent tool to do this quickly and effectively. Here is the command $ nmap -n -vv -sn 192.168.1.1-255 -oG – | grep -i 'up' Host: 192.168.1.1 ()… Read More »
Hack gmail password with social engineering toolkit (SET)
Social Engineering Toolkit Social engineering toolkit is the most powerful tool for performing social engineering attacks. It is the metasploit of social engineering in a way. It provides a very easy user interface to perform attacks like phishing, browser exploitation etc. In this tutorial we are going to see how it can be used to… Read More »
How to Hack Remote Database with Sqlmap
Sqlmap In the previous post on we learnt how to use sqlmap to hack a vulnerable web application and fetch the list of databases, tables, columns and data rows. In this post we shall see how to do some simple fingerprinting on the remote database to find valuable information that can be used to assist… Read More »
Php reverse shell with netcat
Optimise your database design for speed and efficiency – Part 1
Database schemas Databases are present in almost all kinds of application that need to store information in some form or the other. Web applications like blogs, cms, social networking sites or business applications etc all have a database along with the code. The database design or schema determines how the tables and their relationships are… Read More »
Using client side ssl certificates in firefox and chrome
SSL certificates Some websites, specially restricted ones might require you to use a client side ssl certificate to open the pages. The certificate is used as an authentication factor, in place of username/password. When opening such websites in browsers, the browser must provide the ssl certificate. Over here we shall see how to do that… Read More »
Python socket – chat server and client with code example
Socket based chat application In our previous article on we learned about the basics of creating a socket server and client in python. In this post we are going to write a very simple chat application in python that is powered by sockets. The chat application we are going to make will be more like… Read More »
How to Code a simple Telnet Client with Sockets in Python
The telnet client is a simple commandline utility that is used to connect to socket servers and exchange text messages. Here is an example of how to use telnet to connect to google.com and fetch the homepage. $ telnet google.com 80 The above command will connect to google.com on port 80. $ telnet google.com 80… Read More »
How to Code ICMP Ping Flood Program in C with Sockets – Winsock
ICMP Ping Flood A ping flood program sends a large of icmp packets to a remote host to flood the network and system resources on the target system. The target system keeps replying to the icmp packets and its system resources are consumed un-necessarily. In a previous article on we saw how to construct raw… Read More »
ICMP ping flood code using sockets in C on Linux
ICMP Ping Flood Icmp ping flood is a kind of DOS attack that can be performed on remote machines connected via a network. It involves sending a large number of ping echo requests (packets) to the target system such that it is not able to tackle so fast. So the result is that the host… Read More »
How to Code a simple Tcp Socket Server in Winsock
Communication over sockets involves 2 programs running on the same machine or on separate machines across a network. First is a socket server and the other is a socket client. Tcp stands for Transmission control protocol and it is the most common protocol being used for most of the network communication that takes place over… Read More »
How to modify a SoapClient request in PHP
SOAP and PHP SOAP is a protocol to exchange objects over http. It is used to implement apis and the data being exchanged is in xml format. Sometimes it might be required to modify the soap request to add custom http headers for example. Since SoapClient is a class, it can be extended and the… Read More »
Php – Fix “Input is not proper UTF-8, indicate encoding” error when loading xml
When loading xml files in php through simplexml_load_string or domDocument class, sometimes an error like this might popup Warning: DOMDocument::loadXML(): Input is not proper UTF-8, indicate encoding ! OR Warning: simplexml_load_string(): Entity: line 93: parser error : Input is not proper UTF-8, indicate encoding ! The error occurs when the xml has some invalid characters… Read More »
How to Proxify Applications with Tor, Torsocks and Torify
Many applications do not directly support the use of socks proxy. It is not possible to configure them in anyway to use a proxy server. Torsocks enables such applications to use the Tor Socks proxy. It automatically routes all network requests made by a certain application through the Tor proxy. The manual page defines Torsocks… Read More »