cyber_idiots

Stressing tools are used to create DoS attacks or to create the stress test for different applications so as take appropriate measures for the future. All the Stress testing tools are found in Applications → 02-Vulnerability Analysis → Stress testing. All Stress testing test will be done on metsploitable machine which has IP of 192.168.1.102 Slowhttptest Slowhttptest is one of the DoS attacking tools. It especially uses HTTP protocol to connect with the server and to keep the resources busy such as CPU and RAM. Let’s see in detail how to use it and explain its functions. To open slowhttptest, first open the terminal and type  “slowhttptest –parameters” . You can type “slowhttptest –h” to see all the paramenters that you need to use. In case you receive an output, ‘Command not found’ you have to first type  “apt-get install slowhttptest” . Then after installation, again type  slowhttptest –h Type the following command − slowhttptest -c 500 -H -g -o outputfile -i 10 -r 200 -t GET –u htt

Social Engineering Toolkit Usage The  Social-Engineer Toolkit  (SET) is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of time. These kind of tools use human behaviors to trick them to the attack vectors. Let’s learn how to use the Social Engineer Toolkit. Step 1  − To open SET, go to Applications → Social Engineering Tools → Click “SET” Social Engineering Tool. Step 2  − It will ask if you agree with the terms of usage. Type  “y”  as shown in the following screenshot. Step 3  − Most of the menus shown in the following screenshot are self-explained and among them the most important is the number 1 “Social Engineering Attacks”. Step 4  − Type  “1”  → Enter. A submenu will open. If you press the  Enter  button again, you will see the explanations for each submenu. The Spear-phishing module allows you to specially craft email messages and send them to your targ

p0f p0f  is a tool that can identify the operating system of a target host simply by examining captured packets even when the device in question is behind a packet firewall. P0f does not generate any additional network traffic, direct or indirect; no name lookups; no mysterious probes; no ARIN queries; nothing. In the hands of advanced users, P0f can detect firewall presence, NAT use, and existence of load balancers. Type  “p0f – h”  in the terminal to see how to use it and you will get the following results. It will list even the available interfaces. Then, type the following command:  “p0f –i eth0 –p -o filename” . Where the parameter  "-i"  is the interface name as shown above.  "-p"  means it is in promiscuous mode.  "-o"  means the output will be saved in a file. Open a webpage with the address 192.168.1.2 From the results, you can observe that the Webserver is using apache 2.x and the OS is Debian. pdf-parser pdf-parser is a tool that parses a PDF do

Metasploit As we mentioned before, Metasploit is a product of Rapid7 and most of the resources can be found on their web page  www.metasploit.com . It is available in two versions - commercial and free edition. The differences between these two versions is not much hence, in this case we will be using the Community version (free). As an Ethical Hacker, you will be using “Kali Ditribution” which has the Metasploit community version embedded, along with other ethical hacking tools which are very comfortable by saving time of installation. However, if you want to install as a separate tool it is an application that can be installed in the operating systems like Linux, Windows and OS X. First, open the Metasploit Console in Kali. Then, go to Applications → Exploitation Tools → Metasploit. After it starts, you will see the following screen, where the version of Metasploit is underlined in red. In the console, if you use help or ? symbol, it will show you a list with the commands of MSP alon