Fast-Track
is a python based open source security tool aimed at helping
penetration testers conduct highly advanced and time consuming attacks
in a more methodical and automated way. Fast-Track is now included in
Backtrack version 3 onwards under the Backtrack --> Penetration
category. In this talk given at Shmoocon 2009, the author of Fast-Track Dave Kennedy
runs us through a primer on the tool and demonstrates 7 different
scenarios in which he breaks into systems using the Fast-Track tool.
These scenarios include automated SQL injection, MSSQL brute forcing,
Query string pwnage, Exploit rewrite, Destroying the Client and
Autopwnage.
Reverse DNS lookup
is generally used when we want to resolve an IP address to a hostname.
There are numerous applications such as in spam filters, networking
looking and monitoring tools, where this finds its use.
In
this video, we will use the Domain Information Groper (DIG) tool to do
a reverse DNS on various addresses to find the associalted hostnames.
The technique emplyed in this to simply write the IP address in dotted
notation but in reverse order and then append ".in-addr.arpa." to it
and make a DNS PTR (Pointer Record)
query. As an examlple, if the address is 202.141.80.6, in order to do a
reverse DNS lookup, we need to do a DNS PTR lookup for the host
"6.80.141.202.in-addr.arpa." .We use 2 examples in this video to make
sure the procedure is well understood.
A demonstration of a vulnerable web application being exploited
to hack into a particular user's hotmail account. This demo makes use
of Acunetix WVS which automates the process without requiring any
scripting or programming.
