Hacking Software Techniques

Techniques

• Vulnerabilities scanner
• Reverse engineering
• Password Cracking
• Packet analysis
• Spoofing attack
• Rootkit
• Social engineering
• Malware (trojan horse, virus, worms, keystroke loggers)
• Command injection

Hackable Applications and CTF

These are websites, virtual machines, etc. that are intentionally vulnerable and intended for practice.

• HackThisSite
• Damn Vulnerable Web Application
• Hack the Box
• Google Gruyere
• WebGoat
• Metasploitable 2
• pwnable.tw
• Damn Vulnerable iOS App
• OWASP Mutillidae II
• Web Security Dojo
• W3Calls
• PwnBerryPi: A Pentesting Suite for a Raspberry Pi

Capture the Flag (CTF)

• PicoCTF
  • CTF Primer: learning content
  • PicoGym web-based challenges to progress through
  • Competitions
• CTF101
• CTF Field Guide
• CTF Time
• Live Overflow

CTF Tools

Tools which may have broader use but were developed out of the competitive environment of CTFs

• pwntools
• GEF: A set of commands to assist reverse-engineers when using GDB

Linux Distros

• Kali - The classic distro. There are different versions for hacking, forensics, etc.
• Parrot - A very good Debian based distro, also has multiple versions
• Flare VM - a collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a virtual machine (VM)
• Remnux - a Linux toolkit for reverse-engineering and analyzing malicious software

Windows Tools

• Process Hacker -a collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a virtual machine (VM)
• Process Explorer
• Process Monitor
• Autoruns
• PatchMyPC
• Bloodhound - sniffs out attack pathways through an Active Directory network
• Flare-vm - A collection of scripts that allow one to create a Windows reverse engineering environment on a virtual machine (VM)

Decoding data

• CyberChef a simple web app for analyzing and decoding data - e.g. convert a Base64 string to ASCII, analyze a hash, extract EXIF data from an image, etc.
• Cipher Identifier - an online tool for identifying the cipher used based on patterns in a string
• Cryptii an online tool for enciphering and deciphering data using classic ciphers

Port scanners

• Nmap a free / open source port scanner for network discovery and security auditing.

Mapping

• Spiderpig - a document metadata harvester which actively spiders a site, downloads all documents and parses out useful data. You can also provide a domain instead of a full URL, it will DNS brute force sub-domains before spidering each resolved name, downloading the files and doing the metadata harvesting
• Photon - a fast crawler designed for OSINT
• Feroxbuster - a fast directory brute forcing tool
• Gobuster - another directory brute forcing tool

IP trackers

• grabify
• IP-tracker
• Blasze
• IP logger

IP geolocation

• Info Sniper provides geolocation based on IP address

Reverse Engineering Binaries

Reverse engineering is the process of inferring the behavior of software binaries when source code is unavailable. See Reverse Engineering.

URL Checker

What's this weird URL? These tools will go to a URL for you instead of opening it on your own computer. Note: Just because it passes muster on a site like this does not necessarily mean it is harmless.

• CheckShortURL
• Redirect Detective

Network Monitoring Tools

• Nirsoft WirelessNetView
• Nirsoft Wireless Network Watcher

Packet Capture

• Wireshark
• Nirsoft TCP/IP Sniffer

Firewall

• pfSense

Passwords

• hashcat
• John the Ripper

Password Recovery

• Mimikatz - a Windows credential extractor
• Nirsoft password recovery tools (browsers, network, mail, etc.)

Dictionary Creation

• CUPP (Common User Password Profiler) - a python script used to create wordlists based on information known about a target

• fluxion - WiFi network penetration testing tool

• pastejacker - a python script used to replace a target's clipboard contents with an exploit. Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge.

Web Applications

• Burp Suite Test, find, and exploit vulnerabilities in web applications. Truly necessary for anyone checking the security of a website.

Vulnerability Scanning

• Nikto - a web server scanner which performs comprehensive tests against web servers for multiple items, including over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

Exploit Frameworks

• Metasploit

OSINT

See OSINT