如何恶心钓鱼网站?

今儿群里有人被盗号了,这次闲来无事第一次分析了下钓鱼网站链接的代码。
服务器地址
whois一下发现服务器在HK。再看看里面代码发现也就是最最简单的表单提交:
表单提交部分的代码
于是我就想恶心恶心这帮人,顺手写了个机器人注入僵尸用户。。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
var rest = require('restler');
var generatePassword = require('password-generator');
var minutes = 0.05,
the_interval = minutes * 60 * 1000;
setInterval(function() {
var id = Math.floor(Math.random() * Math.pow(10, 8));
var pw = generatePassword(getRandomInt(6, 15), false);
rest.post('http://xn--a-oda8n.ifcru.org/admin/api.php', {
query: {
user: 'M0Zpp'
},
data: {
username: id,
password: pw
},
}).on('complete', function(data, response) {
if (response.statusCode == 200) {
console.log('success');
}
});
}, the_interval);
function getRandomInt(min, max) {
return Math.floor(Math.random() * (max - min)) + min;
}

第一次写这种东西的代码,水平有限哈。。大家有没有神马更好的恶心人得办法? 欢迎一起讨论!
PS: 目前已经五进程攻击一个晚上了,服务器IP还没换,估计快了~

Learning lo-dash.js

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/**
* Creates an array with all falsey values of `array` removed. The values
* `false`, `null`, `0`, `""`, `undefined` and `NaN` are all falsey.
*
* @static
* @memberOf _
* @category Arrays
* @param {Array} array The array to compact.
* @returns {Array} Returns a new filtered array.
* @example
*
* _.compact([0, 1, false, 2, '', 3]);
* // => [1, 2, 3]
*/
function compact(array) {
var index = -1,
length = array ? array.length : 0,
result = [];
while (++index < length) {
var value = array[index];
if (value) {
result.push(value);
}
}
return result;
}
  1. First we need to know if the input is an array. The code below
= array ? array.length : 0``` detect if the input is not an array, than the length is set to 0 or undefined.
1
2
3
4
2. If the input is not an array or is an empty array, this function will return an empty array.
3. If the input is an unempty array, than iterate the array and use this code

if (value){result.push(value);}`` to put all unfalsey value into an empty array.false,null,0,“”,undefinedandNaN` are all falsey.

Understanding Sockets

Understanding Sockets

  1. The client server model

    • The steps involved in establishing a socket on the client side are as follows:
      1. Create a socket with the socket() system call
      2. Connect the socket to the address of the server using the connect() system call
      3. Send and receive data. There are a number of ways to do this, but the simplest is to use the read() and write() system calls.
    • The steps involved in establishing a socket on the server side are as follows:
      1. Create a socket with the socket() system call
      2. Bind the socket to an address using the bind() system call. For a server socket on the Internet, an address consists of a port number on the host machine.
      3. Listen for connections with the listen() system call
      4. Accept a connection with the accept() system call. This call typically blocks until a client connects with the server.
      5. Send and receive data
  2. Socket types

    When a socket is created, the program as to specify the address domain and the socket type.

    • Domain:
      1. unix domain(local file system)
      2. Internet domain(IP + port number)
    • Socket type:
      1. Stream sockets(TCP):Stream sockets treat communications as a continuous stream of characters
      2. Datagram sockets(UDP):datagram sockets have to read entire messages at once
  3. Best tutorial for sockets

What is base 64 encoding used for?

When you have some binary data that you want to ship across a network, you generally don’t do it by just streaming the bits and bytes over the wire in a raw format. Why? because some media are made for streaming text. You never know — some protocols may interpret your binary data as control characters (like a modem), or your binary data could be screwed up because the underlying protocol might think that you’ve entered a special character combination (like how FTP translates line endings).

So to get around this, people encode the binary data into characters. Base64 is one of these types of encodings. Why 64? Because you can generally rely on the same 64 characters being present in many character sets, and you can be reasonably confident that your data’s going to end up on the other side of the wire uncorrupted.

JavaScript Style Guide

Objects

  • Use the literal syntax for object creation.
1
2
3
4
5
// bad
var item = new Object();
// good
var item = {};
1
2
3
4
5
6
7
8
9
10
11
// bad
var superman = {
default: { clark: 'kent' },
private: true
};
// good
var superman = {
defaults: { clark: 'kent' },
hidden: true
};
  • Use readable synonyms in place of reserved words.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
// bad
var superman = {
class: 'alien'
};
// bad
var superman = {
klass: 'alien'
};
// good
var superman = {
type: 'alien'
};

Arrays

  • Use the literal syntax for array creation
1
2
3
4
5
// bad
var items = new Array();
// good
var items = [];
  • If you don’t know array length use Array#push.
1
2
3
4
5
6
7
8
var someStack = [];
// bad
someStack[someStack.length] = 'abracadabra';
// good
someStack.push('abracadabra');
  • When you need to copy an array use Array#slice. jsPerf
1
2
3
4
5
6
7
8
9
10
11
var len = items.length,
itemsCopy = [],
i;
// bad
for (i = 0; i < len; i++) {
itemsCopy[i] = items[i];
}
// good
itemsCopy = items.slice();
  • To convert an array-like object to an array, use Array#slice.
1
2
3
4
function trigger() {
var args = Array.prototype.slice.call(arguments);
...
}

Strings

  • Use single quotes '' for strings
1
2
3
4
5
6
7
8
9
10
11
// bad
var name = "Bob Parr";
// good
var name = 'Bob Parr';
// bad
var fullName = "Bob " + this.lastName;
// good
var fullName = 'Bob ' + this.lastName;
  • Strings longer than 80 characters should be written across multiple lines using string concatenation.
  • Note: If overused, long strings with concatenation could impact performance. jsPerf & Discussion
1
2
3
4
5
6
7
8
9
10
11
12
13
// bad
var errorMessage = 'This is a super long error that was thrown because of Batman. When you stop to think about how Batman had anything to do with this, you would get nowhere fast.';
// bad
var errorMessage = 'This is a super long error that was thrown because \
of Batman. When you stop to think about how Batman had anything to do \
with this, you would get nowhere \
fast.';
// good
var errorMessage = 'This is a super long error that was thrown because ' +
'of Batman. When you stop to think about how Batman had anything to do ' +
'with this, you would get nowhere fast.';
  • When programmatically building up a string, use Array#join instead of string concatenation. Mostly for IE: jsPerf. Document of join function: MDN.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
var items,
messages,
length,
i;
messages = [{
state: 'success',
message: 'This one worked.'
}, {
state: 'success',
message: 'This one worked as well.'
}, {
state: 'error',
message: 'This one did not work.'
}];
length = messages.length;
// bad
function inbox(messages) {
items = '<ul>';
for (i = 0; i < length; i++) {
items += '<li>' + messages[i].message + '</li>';
}
return items + '</ul>';
}
// good
function inbox(messages) {
items = [];
for (i = 0; i < length; i++) {
items[i] = messages[i].message;
}
return '<ul><li>' + items.join('</li><li>') + '</li></ul>';
}

Variables

  • Use one var declaration for multiple variables and declare each variable on a newline.
1
2
3
4
5
6
7
8
9
// bad
var items = getItems();
var goSportsTeam = true;
var dragonball = 'z';
// good
var items = getItems(),
goSportsTeam = true,
dragonball = 'z';
  • Declare unassigned variables last. This is helpful when later on you might need to assign a variable depending on one of the previous assigned variables.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
// bad
var i, len, dragonball,
items = getItems(),
goSportsTeam = true;
// bad
var i, items = getItems(),
dragonball,
goSportsTeam = true,
len;
// good
var items = getItems(),
goSportsTeam = true,
dragonball,
length,
i;
  • Assign variables at the top of their scope. This helps avoid issues with variable declaration and assignment hoisting related issues.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// bad
function() {
test();
console.log('doing stuff..');
//..other stuff..
var name = getName();
if (name === 'test') {
return false;
}
return name;
}
// good
function() {
var name = getName();
test();
console.log('doing stuff..');
//..other stuff..
if (name === 'test') {
return false;
}
return name;
}
// bad
function() {
var name = getName();
if (!arguments.length) {
return false;
}
return true;
}
// good
function() {
if (!arguments.length) {
return false;
}
var name = getName();
return true;
}

Comments

  • Use /** ... */ for multiline comments. Include a description, specify types and values for all parameters and return values.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// bad
// make() returns a new element
// based on the passed in tag name
//
// @param <String> tag
// @return <Element> element
function make(tag) {
// ...stuff...
return element;
}
// good
/**
* make() returns a new element
* based on the passed in tag name
*
* @param <String> tag
* @return <Element> element
*/
function make(tag) {
// ...stuff...
return element;
}
  • Use // for single line comments. Place single line comments on a newline above the subject of the comment. Put an empty line before the comment.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
// bad
var active = true; // is current tab
// good
// is current tab
var active = true;
// bad
function getType() {
console.log('fetching type...');
// set the default type to 'no type'
var type = this._type || 'no type';
return type;
}
// good
function getType() {
console.log('fetching type...');
// set the default type to 'no type'
var type = this._type || 'no type';
return type;
}

Whitespace

  • Use indentation when making long method chains.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
// bad
$('#items').find('.selected').highlight().end().find('.open').updateCount();
// good
$('#items')
.find('.selected')
.highlight()
.end()
.find('.open')
.updateCount();
// bad
var leds = stage.selectAll('.led').data(data).enter().append('svg:svg').class('led', true)
.attr('width', (radius + margin) * 2).append('svg:g')
.attr('transform', 'translate(' + (radius + margin) + ',' + (radius + margin) + ')')
.call(tron.led);
// good
var leds = stage.selectAll('.led')
.data(data)
.enter().append('svg:svg')
.class('led', true)
.attr('width', (radius + margin) * 2)
.append('svg:g')
.attr('transform', 'translate(' + (radius + margin) + ',' + (radius + margin) + ')')
.call(tron.led);

Type Casting & Coercion

  • Perform type coercion at the beginning of the statement.
  • Strings:
1
2
3
4
5
6
7
8
9
10
11
12
13
// => this.reviewScore = 9;
// bad
var totalScore = this.reviewScore + '';
// good
var totalScore = '' + this.reviewScore;
// bad
var totalScore = '' + this.reviewScore + ' total score';
// good
var totalScore = this.reviewScore + ' total score';
  • Use parseInt for Numbers and always with a radix for type casting.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
var inputValue = '4';
// bad
var val = new Number(inputValue);
// bad
var val = +inputValue;
// bad
var val = inputValue >> 0;
// bad
var val = parseInt(inputValue);
// good
var val = Number(inputValue);
// good
var val = parseInt(inputValue, 10);
  • If for whatever reason you are doing something wild and parseInt is your bottleneck and need to use Bitshift for performance reasons, leave a comment explaining why and what you’re doing.
1
2
3
4
5
6
7
// good
/**
* parseInt was the reason my code was slow.
* Bitshifting the String to coerce it to a
* Number made it a lot faster.
*/
var val = inputValue >> 0;
  • Note: Be careful when using bitshift operations. Numbers are represented as 64-bit values, but Bitshift operations always return a 32-bit integer (source). Bitshift can lead to unexpected behavior for integer values larger than 32 bits. Discussion. Largest signed 32-bit Int is 2,147,483,647:
1
2
3
2147483647 >> 0 //=> 2147483647
2147483648 >> 0 //=> -2147483648
2147483649 >> 0 //=> -2147483647

Naming Conventions

  • Avoid single letter names. Be descriptive with your naming.
1
2
3
4
5
6
7
8
9
// bad
function q() {
// ...stuff...
}
// good
function query() {
// ..stuff..
}
  • Use camelCase when naming objects, functions, and instances
1
2
3
4
5
6
7
8
9
10
11
12
13
14
// bad
var OBJEcttsssss = {};
var this_is_my_object = {};
function c() {}
var u = new user({
name: 'Bob Parr'
});
// good
var thisIsMyObject = {};
function thisIsMyFunction() {}
var user = new User({
name: 'Bob Parr'
});
  • Use PascalCase when naming constructors or classes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
// bad
function user(options) {
this.name = options.name;
}
var bad = new user({
name: 'nope'
});
// good
function User(options) {
this.name = options.name;
}
var good = new User({
name: 'yup'
});
  • Use a leading underscore _ when naming private properties
1
2
3
4
5
6
// bad
this.__firstName__ = 'Panda';
this.firstName_ = 'Panda';
// good
this._firstName = 'Panda';
  • When saving a reference to this use _this.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
// bad
function() {
var self = this;
return function() {
console.log(self);
};
}
// bad
function() {
var that = this;
return function() {
console.log(that);
};
}
// good
function() {
var _this = this;
return function() {
console.log(_this);
};
}
  • Name your functions. This is helpful for stack traces.
1
2
3
4
5
6
7
8
9
// bad
var log = function(msg) {
console.log(msg);
};
// good
var log = function log(msg) {
console.log(msg);
};

Constructors

  • Assign methods to the prototype object, instead of overwriting the prototype with a new object. Overwriting the prototype makes inheritance impossible: by resetting the prototype you’ll overwrite the base!
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
function Jedi() {
console.log('new jedi');
}
// bad
Jedi.prototype = {
fight: function fight() {
console.log('fighting');
},
block: function block() {
console.log('blocking');
}
};
// good
Jedi.prototype.fight = function fight() {
console.log('fighting');
};
Jedi.prototype.block = function block() {
console.log('blocking');
};
  • Methods can return this to help with method chaining.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
// bad
Jedi.prototype.jump = function() {
this.jumping = true;
return true;
};
Jedi.prototype.setHeight = function(height) {
this.height = height;
};
var luke = new Jedi();
luke.jump(); // => true
luke.setHeight(20) // => undefined
// good
Jedi.prototype.jump = function() {
this.jumping = true;
return this;
};
Jedi.prototype.setHeight = function(height) {
this.height = height;
return this;
};
var luke = new Jedi();
luke.jump()
.setHeight(20);
  • It’s okay to write a custom toString() method, just make sure it works successfully and causes no side effects.
1
2
3
4
5
6
7
8
9
10
11
12
function Jedi(options) {
options || (options = {});
this.name = options.name || 'no name';
}
Jedi.prototype.getName = function getName() {
return this.name;
};
Jedi.prototype.toString = function toString() {
return 'Jedi - ' + this.getName();
};

Events

  • When attaching data payloads to events (whether DOM events or something more proprietary like Backbone events), pass a hash instead of a raw value. This allows a subsequent contributor to add more data to the event payload without finding and updating every handler for the event. For example, instead of:
1
2
3
4
5
6
7
8
// bad
$(this).trigger('listingUpdated', listing.id);
...
$(this).on('listingUpdated', function(e, listingId) {
// do something with listingId
});
prefer:
1
2
3
4
5
6
7
8
// good
$(this).trigger('listingUpdated', { listingId : listing.id });
...
$(this).on('listingUpdated', function(e, data) {
// do something with data.listingId
});

jQuery

  • Prefix jQuery object variables with a $.
1
2
3
4
5
// bad
var sidebar = $('.sidebar');
// good
var $sidebar = $('.sidebar');
  • Cache jQuery lookups.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
// bad
function setSidebar() {
$('.sidebar').hide();
// ...stuff...
$('.sidebar').css({
'background-color': 'pink'
});
}
// good
function setSidebar() {
var $sidebar = $('.sidebar');
$sidebar.hide();
// ...stuff...
$sidebar.css({
'background-color': 'pink'
});
}
  • For DOM queries use Cascading $('.sidebar ul') or parent > child $('.sidebar > ul'). jsPerf
  • Use find with scoped jQuery object queries.

    ```javascript
    // bad
    $(‘ul’, ‘.sidebar’).hide();

    // bad
    $(‘.sidebar’).find(‘ul’).hide();

    // good
    $(‘.sidebar ul’).hide();

    // good
    $(‘.sidebar > ul’).hide();

    // good
    $sidebar.find(‘ul’).hide();

Intro to Node.js

1. process

The process object is a global object and can be accessed from anywhere.

  • process.argv: An array containing the command line arguments. The first element will be ‘node’, the second element will be the name of the JavaScript file. The next elements will be any additional command line arguments.`

      // print process.argv
      process.argv.forEach(function(val, index, array) {
        console.log(index + ': ' + val);
      });
    

    This will generate:

      $ node process-2.js one two=three four
      0: node
      1: /Users/mjr/work/node/process-2.js
      2: one
      3: two=three
      4: four
    

2. I/O

  • Synchronous I/O opertion: To perform a filesystem operation we need to use fs module from the Node core library. To load this kind of module, or any other “global” module, use the following incantation:

      var fs = require('fs')
    

    Now you have the full fs module available in a variable named fs.
    All synchronous (or blocking) filesystem methods in the fs module end with ‘Sync’. To read a file, you’ll need to use

      fs.readFileSync('/path/to/file') 
    

    This method will return a Buffer object containing the complete contents of the file.
    Buffer objects are Node’s way of efficiently representing arbitrary arrays of data, whether it be ascii, binary or some other format. Buffer objects can be converted to strings by simply calling the toString() method on them. e.g.

      var str = buf.toString().
    

    An example of basic sync I\O operation: read a file and count the lines:

      var fs = require('fs');
    
      var buffer = fs.readFileSync(process.argv[2]);
      var str = buffer.toString();
      var arr = str.split('\n');
    
      console.log(arr.length - 1);        
    

Javascript tricks

Some basic javascript tricks

  1. Based on your brower you can use:
1
document.documentElement
or
1
document.body
to select the body or html element. You can also write code like this: 
1
var root = /firefox|tridenti.test(navigator.userAgent) ? document.documentElement : document.body
  1. Gets or sets the number of pixels that the content of an element is scrolled upward.
1
root.scrollTop;
  1. Get text rectangle object
1
rectObject = object.getBoundingClientRect();
  1. Get full height of the browser and get the height of the viewpoint.
1
2
root.scrollHeight; //full height of browser
window.innerHeight; //The height of the view point

Some basic notes about php & mysql

apache:

sudo apachectl start
sudo apachectl stop
sudo apachectl restart

php:

  1. urlencode($varable) vs rawurlencode

    • rawurlencode the path:
      • Path is the part before the “?”
      • Spaces must be encoded as %20
    • url encode the query string
      • Query string is the part after the “?” + space are better encoded as “+”
  2. htmlspecialchars(), htmlentities()

    • Reserved words in html: “<”, “>”, “&”, “
    • use htmlspecialchars() to render this reserved words.
    • render some special characters use htmlentities()
  3. include(), require() [when error, halt the execution]

  4. header($string) 必须写在html之前
    • header(“Location: login.php”); //used as redirect to new page.
1
2
3
header("Location: basic.html");
exit; //Prevent render html files
?>

Mysql

  1. basic command:

    • login:

        mysql -u root -p
      
    • Show database:

        SHOW DATABASES;            
      
    • Creat database:

        CREATE DATABASE <name>;
      
    • Use database:

        USE <name>
      
    • Drop database:

        DROP DATABASE <name>    
      
    • Creat new dabase user

        GRANT ALL PRIVILEGES ON db_name.*
        TO 'username'@'localhost'
        IDENTIFIED BY 'password';
      
        SHOW GRANTS FOR 'username'@'localhost';
      
    • TABLE:

      • subject:
        • id
        • menu_name
        • position
        • visible
    • SHOW tables:

        SHOW TABLES;
      
    • Show database schema:

        SHOW COLUMNS FROM <table name>            
      
    • Creat tables:

        CREATE TABLE subjects (   id INT(11) NOT NULL AUTO_INCREMENT,    menu_name VARCHAR(30) NOT NULL,   position INT(3) NOT NULL, visible TINYINT(1) NOT NULL,   PRIMARY KEY(id));
      
    • Show columns:

      SHOW COLUMNS FROM table_name;

    • crud

      • Creat: SQL INSERT

          insert into table (column1, column2, column3)
          VALUES (val1, val2 ,val3);
        
      • Read:SQL SELECT

          SELECT *
          FROM table
          WHERE column1 = 'some text'
          ORDER BY column1 ASC;
        
      • Update

          UPDATE table
          SET column1 = 'some_text'
          WHERE id = 1;
        
      • Delete

          DELETE FROM table
          WHERE id = 1;      
        

PHP & Mysql

  1. Creat database connection

     $dbhost = "127.0.0.1";
     $dbuser = "widght_cms";
     $dbpass = "chuangfu1314";
     $dbname = "widget_corp";
     $connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);    
     if(mysqli_connect_errno()) {
     die("Database connection faild: " . 
         mysqli_connect_error() . 
         " (" . mysqli_connect_errno() . ")");
     }
    
  2. database query

    • Read data:

        $query = "SELECT * FROM subjects";
        $result = mysqli_query($connection, $query);
        if(!$result) {
            die("database query failed.");
        }
      
    • Creat data(return true or false):

        $query = "INSERT INTO subjects ( mean_name, position, visible) VALUES ({$menu_name},{$position},{$visible})"
        $result = mysqli_query($connection, $query);
      
  3. Use returned data

     while($row = mysqli_fetch_assoc($result)) {
         var_dump($row);
         echo "<hr />";
     }
    
  4. Release returned data

     mysqli_free_result($result);
    
  5. close database

     mysqli_close($connection);        
    

Interview questions

  1. How the result set of Mysql be handled in PHP?

    The result set can be handled using mysql_fetch_array, mysql_fetch_assoc, mysql_fetch_object or mysql_fetch_row.

  2. How is it possible to know the number of rows returned in result set?

    The function mysql_num_rows() returns the number of rows in a result set.

  3. What is the difference between mysql_fetch_object() and mysql_fetch_array()?

    The mysql_fetch_object() function collects the first single matching record where mysql_fetch_array() collects all matching records from the table in an array.

  4. How a constant is defined in a PHP script?

    The define() directive lets us defining a constant as follows:

     define (“ACONSTANT”, 123);    
    
  5. How can you pass a variable by reference?

    To be able to pass a variable by reference, we use an ampersand in front of it, as follows $var1 = &$var2

  6. Will a comparison of an integer 12 and a string “13″ work in PHP?

    “13″ and 12 can be compared in PHP since it casts everything to the integer type.

  7. What does $GLOBALS means?

    $GLOBALS is associative array including references to all variables which are currently defined in the global scope of the script.

My notes about penetration testing

1.Reconnaissance

  1. Website copier: HTTrack is a free utility that creates an identical, offline copy of the target website. The copied website will include all the pages, links, pictures, and code from the original website; however, it will reside on your local computer. Utilizing a website-copying tool like HTTrack allows us to explore and thor- oughly mine the website “offline” without having to spend additional time traipsing around on the company’s web server.
    How to install : apt-get install httrack httrack

  2. Google hacking:

    • Serch in specified website:site:domain term to search
    • Search key words in title: allintitle: intitle:
    • Search for sites that contain specific words in the URL: inurl:
    • Search website in cache:cache:
    • Search for certain filetype like .doc, xlsx, ppt, txt:filetype:pdf
    • Combine multiple directives into the same search:site:dsu.edu filetype:pptx
  3. The harvester: This tool allows us to quickly and accurately catalog both e-mail
    addresses and subdomains that are directly related to our target.theharvester -d <domain> -b google

  4. whois: The Whois service allows us to access specific information about our target including the IP addresses or host names of the company’s Domain Name Systems (DNS) servers and contact information which usually contains an address and a phone number.whois target_domain

  5. host: Oftentimes, our reconnaissance efforts will result in host names rather than IP addresses. When this occurs, we can use the “host” tool to perform a translation for us. host target_hostname host ip_adress

  6. Extracting information from DNS

    • nslookup: nslookup is a tool that can be used to query DNS servers and potentially obtain records about the various hosts of which it is aware.
    • dig:

Some notes about Kali linux

1. Some basic linux commands

  • List all the available interfaces for your machine: ifconfig -a
  • Turn up (on) the desired network interface: ifconfig eth0 up 192.168.1.23
  • Assign an IP address through DHCP:dhclient
  • Reboot the machine using the command line interface: reboot
  • Poweroff the machine using the command line interface: poweroff