Saturday, 17 September 2016

Network Questions And Answers


1) What is Routing?
Routing is the process of finding a path on which data can pass from source to destination. Routing is done by a device called routers, which are network layer devices.
2) What is the purpose of the Data Link?
The job of the Data Link layer is to check messages are sent to the right device. Another function of this layer is framing.
3) What is latency?
Latency is the amount of time delay that measures the point from which a network device receives a data frame to the time it sends it out again towards another network segment.
4) What is subnetting?
Subnetting is the process of creating smaller networks from a big parent network. Being a part of a network, each subnet is assigned some additional parameters or identifier to indicate its subnet number.
5) How are internetworks created?
Internetworks are created when networks are connected using routers. Specifically, the network administrator assigns a logical address to every network that connects to the router.
6)  What are packets?
Packets are the results of data encapsulation. These are data that has been wrapped under the different protocols of the OSI layers. Packets are also referred to as datagrams.
7) What are segments?
Segments are sections of a data stream that comes from the upper OSI layers and ready for transmission towards the network. Segments are the logic units at the Transport Layer.

8) Mention what is the size of IP address?
Size of IP address is 32 bit for IPv4 and 128 bit for IPv6.



9)  Mention what is DHCP?
DHCP stands for Dynamic Host Configuration Protocol.  DHCP assigns an IP address automatically to a given workstation client.  You can also make static IPS for machines like printers, servers, routers and scanners.
10)  Mention what is the difference between dynamic IP and static IP addressing?
Dynamically IP addresses are provided by DHCP server and static IP address are given manually.

11) Mention what are the ranges for the private IPS?
Ranges for private IPS are
  • Class A: 10.0.0.0 – 10.0.0.255
  • Class B: 172.16.0.0 – 172.31.0.0
  • Class C: 192.168.0.0 – 192.168.0.255
12) Mention what is the difference between TCP and UDP?
TCP and UDP both are protocols for sending files across computer network
          TCP (Transmission Control Protocol)
             UDP (User Datagram Protocol)
TCP is connection oriented protocol. When connection lost during transferring files, the server would request the lost part.  While transferring a message, there is no corruption while transferring a message
UDP is based on connectionless protocol. When you send data, there is no guarantee whether your transferred message will reach there without any leakage
The message will deliver in the order it is sent
The message you sent may not be in the same order
Data in TCP is read as a stream, where one packet ends, and another begins
Packets are transmitted individually and are guaranteed to be whole if they arrive
Example of TCP includes World Wide Web, file transfer protocol, e-mail,
Example for UDP are VOIP (Voice Over Internet Protocol) TFTP ( Trivial File Transfer Protocol),

13) What is communication and how it is differ to transmission?
Communication means exchanging of data between source and destination. Whereas, transmission refers to only transferring of data from source to receiver.
14 ) What is point-to-point transmission protocol?
It is an industry standard in which the exchange of multiport datagrams is done use of protocol that is providing point-to-point link.  

15) Difference between public IP and private IP?
Public IP should be unique address that is assigned to a company. Private address can be used by anyone on private network because it is not recognized by the internet.

Sunday, 11 September 2016

DDos && DOS Script Tools


How To Use DDOS Tool 



DOS Tool  

GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
GoldenEye is a HTTP DoS Test Tool.
Attack Vector exploited: HTTP Keep Alive + NoCache

How To Use Dos Tool  



Download Tool : http://goo.gl/u4eIAR 

Download Tool : http://goo.gl/LLnKHv

Thursday, 8 September 2016

Findsploit


ABOUT

Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes "copysploit" to copy any exploit-db exploit to the current directory and "compilesploit" to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c).
For updates to this script, use git clone https://github.com/1N3/Findsploit.git

INSTALLATION

./install.sh

How To use 



Download Tool : http://goo.gl/oLWyQM

Wednesday, 7 September 2016

Two functions to attack Web Application Firewalls.


WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool. WAFNinja supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. Also, an intercepting proxy can be set up. 

How to use :  

wafninja.py [-h] [-v] {fuzz,bypass,insert-fuzz,insert-bypass,set-db} ... 


Example Usage: fuzz: python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" -c "phpsessid=value" -t xss -o output.html 

bypass: python wafninja.py bypass -u "http://www.target.com/index.php" -p "Name=PAYLOAD&Submit=Submit" -c "phpsessid=value" -t xss -o output.html

insert-fuzz: python wafninja.py insert-fuzz -i select -e select -t sql

positional arguments: {fuzz,bypass,insert-fuzz,insert-bypass,set-db} Which function do you want to use?   

Demo :  



fuzz                check which symbols and keywords are allowed by the WAF.
bypass              sends payloads from the database to the target.
insert-fuzz         add a fuzzing string
insert-bypass       add a payload to the bypass list
set-db              use another database file. Useful to share the same database with others. 



optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit  

Author : khalilbijjou 
Download Tool :http://goo.gl/DrZv3T