If we are to think what tools security professionals and hackers rely on then there are some all-time favourites which are never outdated. Some of these tools can be found online while others can be carried through a USB pendrive. The common factor is that they’are available to everyone. Each tool has its own way to assess security or mount attacks. Hope you find them hopeful.
Dig Services:
The first step which needs to be taken in mounting an attack or securing an online information resource is an assessment of what’s visible to others over the Internet. Large organisations need to analyse this part mostly as for them more than just the mail and web servers are visible. Sometimes a network administrator is at the fault but sometimes other faults can also be noted. However both these reasons make the internal network quite vulnerable. The best and safest way is to assess what’s visible to use a public Dig service. Dig or ‘Domain Information Groper’ interrogates the global DNS system for details about a target. Using this service you can uncover information, local DNS servers, web servers and mail severs.
To get started with the Dig service you need to enter the name of a domain without www. and click the button marked ‘Dig’. Dig’s output is based on how much information DNS holds about a domain and the output gives a clear overview of the parts of a network which are visible from the internet. The most important part of this information begins after ‘ANSWER SECTION’ and here the fixed IP addresses of servers are provided. You can go to the information returned by selecting the ‘Type’ drop down menu and ‘Network addresses’ returns after the IP addresses can be contacted directly. Most Dig services tries through a zone transfer, especially when netwrok administrators are less focussed on security zone transfers become possible from many DNS name servers. Zone transfer contains a long list of computers and IP addresses which have a direct connection to the internet and are also vulnerable to attack.
NMap:
Next you need to know which hosts are available on a network and which ports are open. The most useful port mapper is Nmap as it’s an essential tool for anyone who is interested in online security. NMap is originally a Linux command line tool but it’s ported to Windows and the underlying Nmap has a huge number of command line options. The GUI front end Zenmap is easier to use.
The installer has a WinPcap driver software which forms the special packets needed to investigate the TCP/IP stacks of remote hosts and gain information identifying the OS running on that host. After completion of installations Zenmap should be run and then the user interface appears. After entering the IP address of a computer in the Target box, select Quick Scan on the Profile menu. After clicking Scan an overview comes up of which ports are getting opened.
For a more comprehensive view select ‘Intense scan, all TCP ports’ and click ‘Scan’. Now a large number of packets are fired at all the ports on the target PC. The machine is also probed and this information determines our next course of action to penetrate the system. Zenmap’s one most useful feature is the ability to scan an entire subnet for targets. This is also a greater way to see if anything has been connected to your network without your knowledge.
NBTEnum:
When we know that targets are available to a hacker and can see through the network the next task is to discover which facilities each machine offers for exploitation. This is an important step as the hacker may interrogate for much more useful information. NBTEnum is a very conventional utility model written by Reed Arvin. It can unveil large amounts of information from an unprotected Windows PC just by asking for it.
After downloading it you need to open the zip file and move the contents to a new folder. NBTEnum is a command line utility so after a command is prompted you should navigate to its directory. Then enter the command NBTEnum -q and if the target accepts connection request via the NetBIOS service then a web page is created detailing about the service. If you know a username and password of the target PC then you can access a huge number of information.
Enter NBTEnum -s . NBTEnum can also recover the open shares, users and groups, enabled accounts, lockout threshold and a full list of services including which ones are currently running on Windows 7. Sometimes finding a network populated by targets running older versions of Windows usually take a day without any username and password. If a Guest account is used to log in then by default it gets enabled and unprotected.
InSSIDer:
The world is too much wireless now but a wireless signal means the information it carries is broadcast over a wide area. There are several tools which can be used to survey the local Wi-Fi zone. The best is the Windows port of InSSIDder 2 by Metageek.
After downloading and running it, InSSIDer starts discovering and enumerating Wi-Fi networks which are within the range. The top half of the interface is filled with details of networks and also the security level. Whoever is using the older WEP protection are potentially more vulnerable to attack as the algorithm is weak and it can be exploited easily. There several Wi-Fi networks in a neighbourhood which are not protected sometimes. InSSIDer’s also displays the Wi-Fi channel used by each router within range.
