Tag: information

Web Penetration Testing

Web Application Information Gathering

Retrieve HTTP response header curl -I -i -X HEAD –insecure example.comcurl -I -i -X HEAD –insecure example.com echo -e ‘HEAD / HTTP/1.0\r\n\r\n’ | nc example.com 80echo -e ‘HEAD / HTTP/1.0\r\n\r\n’ | nc example.com 80 Malformed requests test GET / HTTP/3.1 Host: hostname User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html Accept-Language: en-US,en;q=0.5 Content-Length: …

Information, Microsoft Windows, Programming, Windows Internals

Browse and query WMI

Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. You can write WMI scripts or applications to automate administrative tasks on remote computers but WMI also supplies management data to other parts of the operating system and products, for example System Center Operations Manager, formerly Microsoft Operations Manager …

C#

Extract executable assembly/version information

Methods we are going to use: GetFileVersionInfo Retrieves version information for the specified file. GetFileVersionInfoSize Determines whether the operating system can retrieve version information for a specified file. If version information is available, GetFileVersionInfoSize returns the size, in bytes, of that information. VerQueryValue Retrieves specified version information from the specified version-information resource. To retrieve the …

Information, Microsoft Servers, Microsoft Windows

Detailed Computer & OS configuration information

systeminfo displays detailed configuration information about a computer and its operating system, including operating system configuration, security information, product ID, and hardware properties, such as RAM, disk space, and network cards. Parameters /s   Computer   : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the …

Information Gathering

Information Gathering with Harvester

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on …

Enumeration

Information Gathering with Metagoofil

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company. Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate …

Linux

Get information about the processor – Linux

Gather all information about your processor: cat /proc/cpuinfocat /proc/cpuinfo Get the number of processors on your system: cat /proc/cpuinfo | grep processor | wc -lcat /proc/cpuinfo | grep processor | wc -l Get the model of your processor/s: cat /proc/cpuinfo | grep -m 1 "model name"cat /proc/cpuinfo | grep -m 1 "model name"

C#

How to drag information from a DataGridView control

Let’s see how we can drag information from a DataGridView control in C#. We need to handle two events, MouseMove and MouseDown. private Rectangle dragbox; private int DragSelectedRow;   private void dgvc_MouseMove(object sender, MouseEventArgs e) { if ((e.Button & MouseButtons.Left) == MouseButtons.Left) { if (dragbox != Rectangle.Empty && !dragbox.Contains(e.X, e.Y)) { DragDropEffects dropEffect = dgvc.DoDragDrop( …

Databases, Microsoft SQL Server

Retrieve useful information from SQL Server

Today we will see how can we retrieve various information from Microsoft SQL Server using SQL queries. Get all users: SELECT * FROM sys.server_principals;SELECT * fROM sys.server_principals; Get database size: USE master GO   EXEC sp_spaceuseduse master go exec sp_spaceused Get user privilleges for current database: USE master GO   SELECT SYSOBJECTS.name AS ‘objectname’, SYSUSERS.name …