
Week 2

There are different sources of network evidence, which includes DHCP Server, DNS server, routers, switches, and others.

DHCP (dynamic host configuration protocol) Servers that assign IP addresses to LAN station instantly.

Domain Name System (DNS) server is where names of websites are stored, to direct to a specific IP , without having to enter the difficult IP Addresses. It is much simpler to enter a website name rather than typing in the IP address.

Switch is in the OSI Layer 2, whereas router is in the OSI Layer 3. A switch is capable of getting Mac address of the devices, whereas routers are able to get the IP address.

Written by kks101 in: Network Forensics |

Week 1

Network forensics is the analysis and report of network traffic that is being monitored. Usually it is for information gathering, evidence gathering, and also detection/prevention of an attack.

There are 2 types of investigative methods. One example is OSCAR which stands for Obtain information, Strategize, Collect evidence, Analyze, Report. Another example is TAARA which stands for Trigger, Acquire, Analyze, Report, Act.

Written by kks101 in: Network Forensics |


Nikto is a website scanner that scan websites for outdated server, dangerous files, directories, etc. It performs many tests against a website to gather and report back security vulnerabilities that can be exploited. It is a popular tool among system admin and security professionals as it can detect difficult problems.

To scan a target website, use the command in kali linux: nikto -host <target>. In the target space, it can either be a domain or an IP address.

Example : nikto -host

In this example, we are able to find information regarding the server which is cloudflare, and multiple IP addresses are found.

Written by kks101 in: Ethical Hacking |

WPS Enumerate User

A method to get access into someone’s account is to brute force the username and passwords. However, we need a real and valid username first before brute force the password. Hence, we use WPS enumerate user

The command in kali linux : wpscan –url target –enumerate u

We will test on

On the above example, there are some usernames found such as admin-2.

Written by kks101 in: Ethical Hacking |

Brute Force Password using WPScan

WPScan is a brute force attack to find a password that matches the username of the user.

Command line in kali linux : wpscan –url target -P passwordlist -U username

In this example, we will test on

Then we hit enter

It will brute force password on the file that you had put, and return any results. If it succeeded, it will show what is the correct password

Written by kks101 in: Ethical Hacking |

Creating Possible Passwords List using CUPP

CUPP or Common User Passwords Profiler is a wordlist generator for all passwords possible by asking for basic information about the target such as their first name, last name, birthday, spouse, children, pets, occupation, etc.

To use CUPP, run the command in kali linux : cupp -i

Enter information about the target: full name, birthdays, company name, etc. You can press enter if you do not want to fill a specific field.

After you fill the information, CUPP will generate you a file ‘john.txt; that contains the wordlist for all possible passwords. This word list can be used for brute force password.

Written by kks101 in: Ethical Hacking |

Social Engineering Toolkit (SEToolkit) Website Cloning

Social engineering is the act of manipulating people so they give up confidential information. These information could be in the form of bank account information, website passwords, and other sensitive information.

There are a lot of methods to do Social Engineering, and even a phone call can get sensitive information. In this example, we will use setoolkit in kali linux, which is social engineering tool kit. We will be cloning a website that looks similar to the real website in an attempt to get the user to input their account credentials.

To start, open kali linux terminal, and type ‘setoolkit and choose the option number 1.

Then , choose option number 2.

Then, choose option number 3.

Then, choose option number 2.

Next, enter the IP address of the attacking virtual machine. IP address can be found by using ifconfig command. Then, enter the website you want to clone, in which in this example is

Next, a clone of will be shown and displayed via the IP address. If you type the IP address in the virtual machine now, a clone website of will appear.

If you input email and password and submit, the credentials will be shown on your kali linux terminal.

This is an example of the website attack vector, part of the social engineering attack. Users who visit this cloned website will not be aware and assume this is the real website, and input their credentials, not knowing that it will be sent to attackers.

Written by kks101 in: Ethical Hacking |

Google Hacking

Google had become a popular search engines. However, not only you can search for photos, videos, websites, and other information in google, but also google can be used as a hacking tool.

The act of using google as a hacking tool is called ‘Google Dorking’. Google Dorking has a lot of queries that you can type in the google search engine and can display sensitive information a normal search query will not.

For example, typing ‘ index of /ktp’ will show a lot of websites containing a person’s ID card.

There are a lot of queries to run, such as ‘inurl’ and ‘intext’. More information can be found at :

Written by kks101 in: Ethical Hacking |

Creating Custom SSL Certificate using BurpSuite

When you are performing interception of network using BurpSuite, users may receive an error message stating that the connection is not secure. Websites may partially load or may not even load at all, and the padlock beside the URL may have a warning sign. In order to prevent this from happening, you can create a self-made certificate that appear as a legitimate certificate.

To create a self-made certificate, there are three main commands to run on the kali linux terminal:

First thing is the command:

openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der

In this command, openSSL will ask you to enter a few information regarding the certificate, such as country name, state/province name, locality name, organization name (in this case Verisign Corp), organizational unit name, common name, and email address. After those field have been filled , there are two more commands to run:

Second command is :

openssl rsa -in server.key -inform pem -out server.key.der -outform der

Third command is :

openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrpyt

Now when you see the file manager, these files should appear:

Now open BurpSuite and under Proxy -> Intercept click on import/export CA Certificate and then select Import certificate and private key in DER Format.

Select ca.der as the CA certificate and server.key.pkcs8.der for the private key.

Now open your browser (preferably Mozilla Firefox) and then open preferences, and search “cert” and select “view certificates”

Next, import CA Certificate and choose the previous ca.der file and tick on “Trust this CA to identify websites.

Now you will see Verisign Corp is part of trusted certificates:

Lastly, now when you open websites the certificate will be Verisign Corp:

Written by kks101 in: Ethical Hacking |


Maltego is a built in application in kali linux. Maltego focuses on providing a library of transforms for discovery of data from open sources, such as information from a data and visualizing that information in a graph format, suitable for link analysis and data mining.

In this example, we will be using maltego to find information about a website

First, open and sign up to maltego if you have not made an account.

On the top left, click on the add sign button.

On the left side of the app, search for ‘domain’ at entity palette and then click and drag to the empty white screen on the middle.

A globe shaped figure should appear on the white screen. Next, you can change the word ‘’ to any website that you want to find information. In this example, we will be changing it to

Next, right click on the figure , and click on the double arrow on the word all transforms.

Next, it will show information about the website.

It shows you the domain, subdomains, the same domain name but with different extensions, location of the server, mail sever, and the DNS security which is cloudflare.

Written by kks101 in: Ethical Hacking |

Powered by WordPress. Theme: TheBuckmaker. Zinsen, Streaming Audio