Top Ten Pentesting Tools

Full Article:  Top Ten Pentesting Tools
Credits : Russ McRee and Jonathan Lampe

I am utterly sorry for posting links of the pdf's because of the absence of formatting tools here. Links are perfectly safe as they are directly opened on the Google Storage interface in the browser. You may also wish to save them on your local machines.

BASE 64 Encoding Illustration

Free Online Encoder and Decoder = https://www.base64encode.org/

Intercepting VOIP calls over LAN using Wireshark

1) To understand how and why VOIP calls work, you must first understand what a codec is and what role does it play in VOIP. Although, this may not be necessary to understand VOIP capture but it gives you insight on the working of VOIP.
As you can see, a CODEC samples audio coming into your audio device and using an algorithm converts into a digital output which can be used up in making audio files(.mp3, .m4a), understandable by the computer.
The same mechanism is followed vice versa while displaying some sound through your headphones or speakers.

2) So, VOIP consists of an RTP protocol which is responsible for carrying the audio stream. The RTP header consists of the appropriate CODEC used by the VOIP calling software but Wireshark uses its default set to analyse the stream without us specifying the CODEC. The RTP protocol is built on the UDP protocol.

3) In the following video, I have explained how to use Wireshark to capture the Audio Stream.

VOIP LAN calling software:  http://www.ssuitesoft.com/voippcphonelanchat.htm

Exploiting Windows XP using the Java Signed Applet Attack

Java Applets 

A Java applet is a small application which is written in Java and delivered to users in the form of bytecode. The user launches the Java applet from a web page, and the applet is then executed within a Java Virtual Machine (JVM) in a process separate from the web browser itself. A Java applet can appear in a frame of the web page, a new application window, Sun's AppletViewer, or a stand-alone tool for testing applets.

The Applets are used to provide interactive features to web applications that cannot be provided by HTML alone.They can capture mouse input and also have controls like buttons or check boxes.

An untrusted applet has no access to the local machine and can only access the server it came from. This makes such an applet much safer to run than a standalone executable that it could replace. However, a signed applet can have full access to the machine it is running on if the user agrees.

This attack will create a malicious Java applet hosted on the attacker's machine within a local copy of a famous website (Gmail, Facebook, ...) and start a listener. Once the victim will connect to us, he/she will bind to us and a session will be created on the attacker's machine.

Wordpress Scanner (wpscan)

WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

1. Introduction
2. Prerequisites
3. Setting up a local Wordpress website in Windows
4. Performing wpscan commands on Kali Linux
   
   1. Basic Scan
   2. Enumerating Usernames
   3. Enumerating Plugins
   4. Enumerating Themes
   5. Enumerating Timthumbs
   6. Brute Forcing Passwords
   .
5. Commands List
   
   Full Article : WPScan.pdf

Bastion Hosts

A bastion host is a computer that is fully exposed to attack. The system is on the public side of the DMZ, unprotected by a firewall or filtering router. Frequently the roles of these systems are critical to the network security system. 

Full Article :  Bastion Hosts.pdf