EvilZone
Hacking and Security => Beginner's Corner => : anonwannabe1452 June 01, 2015, 04:38:18 PM
-
Yes my terminology may be incorrect and I probably sound like a skid, which I am... That's beside the point, I'd appreciate it if anyone can tell me some must have softwares for website manipulation and password cracking.
I have been hard at work on www.HackThisSite.com (http://www.HackThisSite.com) www.hackthissite.org, doing the basic and realistic challenges and learning lots of new things... I have John The Ripper and Cain installed for decryption purposes, however I do not know if these programs are useful in the real world.
I understand that I could just Google this. I promise it's not just me being lazy; I feel as though every Google link with the word "hacking" in it is a click-bait.
Thank you for your time.
-just anonther wannabe
-
Mozilla firefox....
And seriously, *hackthisite.org
-
there are many softwares & scripts available on the INTERNET
just google it or read some blogs
i think your should download havij
but tools will not help you in learning u will become lazy
try to learn manual injections
& you can start with SQL injection & XSS are common vul.
& about password cracking , firstly they are of 2 types online & offline
for online password cracking there are many tools for bruteforce
& for offline cracking you can use hashcat or JTR
-
there are many softwares & scripts available on the INTERNET
just google it or read some blogs
i think your should download havij
but tools will not help you in learning u will become lazy
try to learn manual injections
& you can start with SQL injection & XSS are common vul.
& about password cracking , firstly they are of 2 types online & offline
for online password cracking there are many tools for bruteforce
& for offline cracking you can use hashcat or JTR
Cheers! Yes tools will make me lazy I understand, but I'm sure there are tools which you cannot avoid using. But seriously that's really helpful! I'm getting pretty familiar with SQL injections and bruteforce cracking, however there's a lot for me to improve on. Have a nice day.
-
Mozilla firefox....
And seriously, *hackthisite.org
Yep, sarcasm is really going to help me, thanks! And I made a mistake...
[EDIT] DIDN'T SEE YOUR NAME AHAH SORRY. NO SHIT SHERLOCK ;)
-
Mozilla firefox....
And seriously, *hackthisite.org
And while you're at it, you're going to really want firebug.
-
Virtual Box, Damn Vulnerable Web App, WebGoat, Kali Linux.
-
You generally don't need a lot of fancy tools, especially if you can write Python (or bash scripts with curl or something). There are some REST API clients available as browser extensions and standalone programs, which are useful for crafting requests.A cookie editor is sometimes useful as well. There was also a cool Firefox extension I used a while ago that intercepted requests and let you edit request data, but I forget the name. Otherwise, I typically use a Python script for repetitive/sequential tasks. The "requests" module, BeautifulSoup and Scrapy are all useful to that end.
-
heres a list of what i occasionally use, and that helped me before:
since you want to be lazy lol
pentesting:
sqlmap
burp suite
xsser
nmap
whatweb
wafw00f
dirbuster
now for hash cracking:
hashcat - one i usually use
JohnTheRipper
i usually try websites for cracking hashes first then try with my own wordlists heres some of them:
http://hashkiller.co.uk/
https://crackstation.net/
http://md5online.org/
http://www.onlinehashcrack.com
P.S you can find all the tools youll need in KALI linux if you got a good pc you can partion it with w.e os youre using or just load it with a flashdrive or get VMware or a virtual machine app and install kali through there...
-
Tamper data?
For web pentesting Burpsuite is hands down the best IMO.
Yeah, that's it! And I was thinking about Burpsuite at work today. Wireshark is supposedly useful, but frankly I've yet to wrap my head around it. I've used it in some super-specific situations, but otherwise haven't used it much.
-
I think it's probably good for new folks to have Wireshark running while playing with Burp or Tamper, just to reinforce TCP/IP, in case they want to get a job on the defensive side some day.