Information security articles related to Backtrack Linux, information gathering, Windows, exploitation tools, OSX, reverse engineering, Ubuntu, maintaining access, CentOS, vulnerability assessments, etc.
Network stress testing is taken for granted sometimes however it is extremely useful in many aspects of a network. Typically when someone is thinking of stress testing something technology related they are thinking of stress testing a web application of some sort however it is beneficial to also stress test every piece of network hardware…
We received a request for an article for pdgmail which is a Python script that analyzes Windows and Linux browser process dumps where the browser had Gmail open. I was able to test on 32-bit Windows 7, 64-bit Ubuntu 10.04 LTS, and 32-bit Ubuntu 10.04 LTS. Unfortunately the methods I was using did not work…
So many of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting…
The xprobe2 application was built specifically for OS Fingerprinting or being able to accurately guess a servers Operating System. The unfortunate part about xprobe2 is that is extremely outdated and doesn’t even include Windows 7 in its list of OS’s that it can identify. Even though nmap is pretty much the staple for people to…
I remember being so happy about 0trace when I started to write some Backtrack related articles because even though 0trace is fairly simple it is really useful to locate the full path to devices you are investigating. In the article below I will explain the necessary 0trace input from the command line, what needs to…
Previously I wrote a brief article on 0trace in Backtrack 4 which can be located here however in the process of writing an updated article for Backtrack 5 I noticed that 0trace was no longer working. Every single time I would attempt to run an accurate trace through a firewall the results would come back…
OK this article is sort of silly and will be fairly short and to the point but earlier I was trying to find the process name of the OSX Lion firewall. During the process of looking for the OSX Lion firewall process name I learned a bunch of little firewall tidbits such as there are…
Recently I have been doing a lot of testing on a couple of my web sites that run WordPress and realized that securing your site takes a bit of effort. There are some plugins that do a great job at certain things however I wasn’t able to find any that did a great job of…
One of my favorite apps in Backtrack Linux that I recently discovered is wpscan. There are a ton of WordPress sites in the wild and using wpscan is an excellent way to begin an audit on a WP site. There are a couple things that wpscan does that is really amazing such as enumerating logins…
PBNJ is made ip of two commands which are scanpbnj and outputpbnj. The manpages for both scanpbnj and outputpbnj are located in collapsed tables at the bottom of this post in case you want more details. When you run scanpbnj it technically a script that runs nmap and dumps the results to a database. The…