runnerking Posted October 18, 2016 Share Posted October 18, 2016 Hi, White and Grey Hat friends Please suggest me best SQL injection tool which can be used from windows platform. I also have another concern about network security.I am currently using Kali Linux to do a security check on the wireless network. Last week I came to know that leading professionals are now using some custom hardware to do the same for network penetration. Please help me I am just a newbie on this field. Thanks in advance. Quote Link to comment Share on other sites More sharing options...
runnerking Posted October 20, 2016 Author Share Posted October 20, 2016 On 10/17/2016 at 11:46 PM, runnerking said: I am currently using Kali Linux to do a security check on the wireless network http://nci.ca/dhcp-fingerprinting-with-arubaos/ I found this DHCP fingerprinting but never heard about this before. Please help me on this matter. I had done it previously using Yersinia in Kali Quote Link to comment Share on other sites More sharing options...
runnerking Posted October 20, 2016 Author Share Posted October 20, 2016 As per the article about DHCP fingerprinting This "This technology watches the DHCP requests of wireless clients and identifies the operating system based on the way each device asks for an address " Quote Link to comment Share on other sites More sharing options...
runnerking Posted October 25, 2016 Author Share Posted October 25, 2016 On 10/19/2016 at 11:34 PM, runnerking said: As per the article about DHCP fingerprinting This "This technology watches the DHCP requests of wireless clients and identifies the operating system based on the way each device asks for an address " "BYODs in your environment" what is meant by this BYOD environment mentioned there? Quote Link to comment Share on other sites More sharing options...
kerravon Posted October 25, 2016 Share Posted October 25, 2016 Bring Your Own Device Quote Link to comment Share on other sites More sharing options...
Zylla Posted October 27, 2016 Share Posted October 27, 2016 I highly recommend sqlmap. Quote Link to comment Share on other sites More sharing options...
digip Posted October 28, 2016 Share Posted October 28, 2016 SQLMap is more or less the tool for SQL injection and getting various shells right out of the same session if vulnerable. Wifi tools, depends on what you're trying to do, but breaking WPS over WPA/WPA2, wifite is the tool to use. WEP is pretty much a dead/broken protocol and can be cracked with various tools in a matter of minutes if not seconds. For brute forcing WPA/WPA2, Aircrack suite for handshake capture and/or various password cracking tools such as hashcat for GPU cracking of the handshake. Fingerprinting devices on the LAN, nmap works a treat as well as ping sweeps while capturing packets in wireshark, you will see the ARP replies from live devices. arp -a after a ping of an IP in most cases will show you the nodes MAC address if its on the network too though. As for Fingerprinting via DHCP itself, you could try tools like responder. MDSNrecon also works well for grabbing extended data from nodes on the LAN if they have specific services exposed for AVAHI responses. For example I can see my wifes uBuntu laptop using mdnsrecon and it will give me the model of the printer attached to it, something that isn't on the network itself, but could be abused by proxy if attacking her machine to reach the printer. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.