Tools Intro

Sniffing

• tcpdump

tcpdump -i <interface> -n port <port number> and host <ip addr>

• airodump-ng

# "-a" will filter out not associated AP
airodump-ng [--bssid <target AP MAC> -a] [-c <channel id>] [-w <filename>] <interface>
# example
airodump-ng --bssid 00:11:22:33:44:55 -a -c 11 -w captureFile wlan1mon

SQL Injection

• sqlmap

Inject if you have found the injectable url

sqlmap -u <url>

WebService Info Gather

• nikto

Scan, spyder the website to gather interesting information.

nikto -host <host ip> [-p <port>]

Password Cracker

• hydra

Try username and password from a given list. Superscript L/P for list and subscript l/p for a known name/key.

# for post
hydra -V -L fsocity.dic -p testpwd 192.168.1.108 http-post-form '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In'
# for ssh
hydra -l root -P 500-worst-passwords.txt 10.10.10.10 ssh

• John the Ripper

John the Ripper is a dictionary based password cracking tool.

# the file with hashes has contents like (username AZ1, tripleDES of password zWwxIh15Q)
#
# user:AZl.zWwxIh15Q
john -w:<diction> <a file with hashes>

• aircrack

aircrack belongs to aircrack-ng, and this command is used to crack wifi WPA password.

aircrack -w <path to dictionary> <path to the file containing handshake or initial value>

Create Dictionary

• Crunch

Crunch is a perfect tool to create a dictionary.

• cewl

You can use the words/characters from a website to create a wordlist

cewl <url> -w <dictionary file name>