The dnsenum.pl Perl script as described in its Perl documentation is a multithreaded script to enumerate information on a domain and to discover non-contiguous IP blocks. So the gist of dnsenum is to gather information about a specific domain using various sources. Information gathered about a domain includes sub domains, associated IP ranges, name servers, mx records, reverse DNS records, hostname IP addresses, and potential vulnerabilities via zone transfers. Below we go into detail regarding the switches available with dnsenum as well as what the command returns by default without and CLI switches.

Read the rest of this entry »

The cisco-auditing-tool located in the Backtrack menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) is written in Perl and accomplishes three tasks which include attempting to brute force the telnet password on a Cisco device if telnet is running, attempting to show the iOS history on the Cisco device using a vulnerability which I believe is from the late 90′s, and attempting to brute force the SNMP community strings for the device. The tool is fairly outdated as most Cisco devices in corporate networks should now be using SSH and it would seem surprising unless you are doing an internal audit if SNMP was exposed for any Cisco devices still in service. That being said there is definitely still value if you have a ton of Cisco devices to audit you can feed a list of IP’s or hostnames into the script and check basic SNMP community strings and telnet passwords.

Read the rest of this entry »

Need a quick way to generate a PHP backdoor for a compromised server you want to come back to later, then weevely is your application. I was pleasantly surprised when I started playing around with weevely in more detail as it provides a ton of built in functionality and does a lot more than I initially though that weevely did. The weevely application is built using Python and its current version on Backtrack 5 R3 is weevely v0.7. The weevley.py Python script is located in the /pentest/backdoors/web/weevely directory and some of its uses are described in more detail below.

Read the rest of this entry »

SQLDict servers one purpose which is to brute force Microsoft SQL Server passwords. The easiest way to launch SQLDict is using the Backtrack navigation menu which launches the SQLDict.exe application using wine. The interface is easy to use as shown in the below example images.

Read the rest of this entry »

One of my favorite apps in Backtrack Linux that I recently discovered is wpscan. There are a ton of WordPress sites in the wild and using wpscan is an excellent way to begin an audit on a WP site. There are a couple things that wpscan does that is really amazing such as enumerating logins from WordPress sites and enumerating WordPress plugins that are installed. Below are a couple examples of how wpscan can be useful for WordPress web site analysis.

Read the rest of this entry »