Here is a compilation of a few tools that we need to be aware of. The power, the performance and the capabilities of these tools are limited only to the creativity of the attacker. Let’s dig in to the list.
Following the well-defined hacker cycle, let’s start off with reconnaissance tools. Maltego is a very well-known tool for information gathering. The tool comes with personal reconnaissance and infrastructure reconnaissance. With personal reconnaissance, a person is able to obtain another person’s profile from the email address, name, or phone number using the search engines. The Maltego framework comes in two versions – a commercial version and a community edition. Registration is mandatory for using this tool. Only the commercial version allows saving the output from the reconnaisance. With infrastructure reconnaissance a person can get information related to subdomains and servers of a network. This information is gathered using what we call transformations in Maltego. Various transformations give results depending on the way the results are manipulated, grepped, and translated into new search queries.
Following this, we move on to the exploitation tools. The most used exploit development framework is the Metasploit framework by Rapid 7. Initially developed as a game, it has evolved into one of the most powerful exploit development frameworks. It allows using custom exploits by using something called “porting of exploits”.
Porting exploits involves taking a proof of concept exploit which just delivers some particular shellcode, commonly a calc.exe launcher or notepad launcher, and weaponizing it to be used in the framework with features. These features include things like custom payloads, encoders, and other benefits.
The Metasploit framework is not just an exploit delivery vehicle. It also contains some tools for exploit development.
It can also be used for generating offsets, writing exploits, and exploitation of different operating systems and architectures. It has various modules and exploits.
A third party extension that provides a GUI is Armitage. The commercial has its own GUI, which is not included in the community edition.
Backdooring executables can be carried out by a module named as msfpayload.
GHDB stands for Google Hacking DataBase. Google is the most powerful tool for a user to perform attacks. Specially crafted words given as input to Google are named as Dorks or Google dorks. These dorks can be used to reveal vulnerable servers on the Internet. They can be used to use to gather sensitive data, files that are uploaded, sub domains, and more. GHDB can make it easier to find the right Google dorks for your needs.
Offensive Security maintains a collection of Google dorks under a section called GHDB.
4. Social Engineering Toolkit:
This tool is built into Backtrack. It presents the social engineering attacks in an automated fashion. Is it encoding of scripts, binding Trojans to legitimate files, creating fake pages, harvesting credentials? This tool is a one stop shop for all these requirements. It has the ability to use Metasploit based payloads in the attack, making the framework all the more lethal with all professional exploits from the Metasploit framework.
5. HULK – A web server DoS Tool
Brainchild of Barry Steinman, this tool distinguishes itself from many of the other tools out in the wild. According to its creator, the tool was the result of his conclusion that most tools out there produce repeated patterns which can easily be mitigated. The principle behind HULK is to introduce randomness to the requests to defeat cache-ing and host identification technologies. This is to increase the load on the servers as well as evade the IDS/IPS systems.
6. Fear The FOCA
The FOCA is a metadata harvesting tool. It can analyze meta data from various files like doc, pdf, ppt etc. From this data it can enumerate users, folders, emails, software used, operating system, and more. There are customization options available in the tool too. The crawl option allows you to search the related domain website for additional information. The meta data can be extracted from a single file or from multiple files. Thus FOCA is a great tool in the reconnaissance phase to extract information from the meta data.
7. W3af – Web application attack and audit framework
This project is a web application attack framework sponsored by the same company that makes Metasploit. W3af is used to exploit web applications. It presents information regarding the vulnerabilities and supports in the penetration testing process. It is mainly divided into two parts: core and plugins. Currently it’s partnered with Rapid7, the team that maintains the Metasploit framework. There is a plugin for saving reports to disk for later reference. The plugins can be custom written. Communication between plugins can be automated.
8. EXIF Data viewers
Smartphones and digital cameras use a standard to specify additional meta data for images and sounds that are recorded using them. This standard is called Exchangeable Image File Format. Various EXIF data viewers are available. The data recorded can include details about type of camera. More importantly, they can contain the geo-location information within them. In fact, by default all smartphones have the GPS setting switched ON. This can potentially leak your location when the image was taken. The accuracy is such that the latitude and longitude will be provided when extracting the EXIF data, thus leaking possibly private information.
These are a few handy tools that a beginner in info-sec needs to be aware of. Other tools and their capabilities will be followed in the continuing articles.