Dear PenTest Readers,
We would like to present you our newest issue, that will mainly focus on Linux pentesting tools. We hope that you will find many interesting articles inside the magazine and that you will have time to read them all.
First, we will start with a real scenario where tools like Nmap, THC-Hydra and Nikto were used. Later you will be shown how to brute force passwords using WPScan and Burp Suite. We have also prepared an article about open source tools and techniques for network pentesting. Moreover you will be shown how to use Maltego for footprinting. We will think about differences between Kali and Parrot. Last but not least you will be introduced to the Airgeddon tool that is a multi-use bash script for Linux systems to audit wireless network.
As always, second part of the magazine has mixed content. You will be shown step-by-step attack for a Microsoft’s Windows network environments to steal valid Active Directory credentials. At the end of the issue you can read about past, present and future of the crypto currency. We will look closer at benefits, limitations and some significant attacks on cryptocurrencies.
Again special thanks to the Beta testers and Proofreaders who helped with this issue. Without your assistance there would not be a PenTest Magazine!
Enjoy your reading,
Table of contents
Open source Linux pentesting tools
by Mohamed Magdy
There are tons of open source tools that can be used during penetration testing projects. You can find multiple tools doing the same function, so you need to test these tools to decide which one is good for you, as it will depend on your use and how much you can discover this tool and its functionality.
Through this article, we will introduce four tools separately and then will consolidate them in one scenario.
Brute forcing passwords
by Tomasz Krupa
In this article we will be testing web security of the popular WordPress engine by simulating a brute force attack using my two favourite Linux Kali tools: WPScan and Burp Suite.
airgeddon. Wireless security
by anonymous author
airgeddon is a multi-use bash script for Linux systems to audit wireless networks. It’s an open-source project under GPLv3+ license.
Open source tools for network pentesting
by Deivison Pinheiro Franco, Daniel Alexandre K. Müller and Roberto Alexandre Silva Monteiro
The high volume of information and the adoption of protocols that use cryptography are the main challenges that the digital pentester will encounter during computer exams. However, the various tools and techniques presented in this article will show how the pentester can overcome some of these obstacles.
Maltego and the Network Enumeration
by Mauricio Harley
One of the initial, but also very important, steps in successful attacks (or professional pentests) is the target enumeration. For this article, I bring you a discussion about Maltego CE (Community Edition) by Paterva. This article is written as a tutorial.
Kali or Parrot?
by Ahmed Mostafa
We will talk in this article about the difference between Kali & Parrot distros in technical & non-technical views. What will be more useful for us in penetration testing, Kali or Parrot?
Classic but still tragic: Own Microsoft Networks with LLMNR, NBT-NS and WPAD poisoning using Responder
by Rafael Libardi and Emanuel Valente
In this article, we will show you a classical attack for Microsoft’s Windows network environments to steal valid Active Directory credentials. Although it is a classic problem, most of the enterprise networks based on Windows are still vulnerable to this type of attack. In this article, we will attack a Windows 10 machine, using the Chrome browser. Both with all the updates and patches applied simulating a real enterprise network environment.
The past, present and future of crypto currency
by David Valles
A crypto currency is a digital currency that is decentralized in nature and uses cryptography for security. To elaborate further, by ‘digital’ it means it is not in physical form of cash but can be converted to physical money in a similar way as one can trade precious metals such as gold or diamonds for money, by ‘decentralized’ it means it is not issued by any government or managed by banks and uses ‘cryptography’ to create, store and secure transactions. Following are some basic concepts that one must understand to know how crypto currency works.