Kali Linux on USB Stick has over 600 preinstalled penetration-testing programs. It includes Armitage (a graphical cyber attack management tool). Nmap (a port scanner), Wireshark (a packet analyzer) & John the Ripper password cracker. Aircrack-ng (a software suite for penetration-testing wireless LANs). Burp suite and OWASP ZAP web application security scanners. Kali Linux can run natively when installed on a computer’s hard disk. It can be booted from a live CD or live USB. It can run within a virtual machine. It is a supported platform of the Metasploit Project‘s Metasploit Framework. It is a tool for developing and executing security exploits.”
Default Installation Pages
Most of the careless webmasters leave the default installation page even after the website is up and running. An attacker could search for those websites, and try exploiting them, if they are not properly updated.
For finding default Apache install pages
intitle:"Test Page for Apache Installation" "Seeing this instead".
Similarly, for IIS 4.0, the following Google query would be useful:
> intitle:"welcome to IIS 4.0"
Error pages are often overlooked upon, but from a security point of view, sometimes they could be too revealing. Hackers often look for error pages to find more about the target website and server.
For instance, following SQL error reveals login to databases that were denied for some reason.
"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help –forum
"plugins/wp-db-backup/wp-db-backup.php" [Author: ScOrPiOn : http://www.exploit-db.com/ghdb/3638/]
This Google dork shows the error logs, which gives the attacker an idea of the full server paths including the home directory name. This name is often also used for the login to ftp and shell access, which exposes the system to attack.
Let’s take an example of SQL Injection (we will be reading in detail later in this book) vulnerable websites.
One of the ways to look for it is to Google for SQL error queries.
For ex : inurl:php?id= Warning: mysql_fetch_array():
The result may not be 100% accurate, but 70% of the search results will be SQL Injection vulnerable.