Greetings comrades! Great leader has ordered that we gain intel on a website owned by the opposition. For all general purposes we will be scanning nmap.org because they really don't care if Big Brother decides to perform a whois on their IP. We will be using Dmitry for the scanning.
Wait who is Dmitry? Dmitry is a 'Deepmagic Information Gathering Tool' that is very basic in comparison to other programs, but it can gather a lot of information.
Start off by firing up Kali and typing dmitry in the console to see the start screen.
Almost none of these flags require anything to be added after them, besides the t and 0 flags.
I'll go ahead and summarize what each flag does.
o :Everything the program gathers will be saved in a file that you name.
i, w, and n :perform lookups on the domain or IP.
s :searches for sub domains, such null-byte.wonderhowto.com.
e :Will look for email addresses on the host.
p :Performs a scan and f is used to provide more verbose output.
b :Reads the banner that the scanned ports have (Pretty much verbose)
t :Just serves as a timeout.
Now it is time to begin our scan based on our needs. We don't necessarily have to scan every single port, but we can later if we want. Right now we just want to see the WHOIS, sub-domains, and possible email addresses.
The command for this is dmitry -wise -o Comrade.txt nmap.org
I chose to order the flags to spell 'wise' which serves as a useful acronym. Technically we could put all the flags but we don't want to come off as too aggressive. Sometimes a passive approach is the best to reconnaissance.
Woa! What happened here? Something went wrong...
Let's try re-running that code, but this time on a sub-domain. For some reason the main nmap site is causing a buffer overflow in our program.
Discussion Why could this be? Post your theories below.
Instead of googling our problem like a normal person, we just took a detour by scanning the sub-domain, scanme.
dmitry -wise -o Comrade.txt scanme.nmap.org
Everything seems to be working fine now!
No buffer overflows? Let's double check the file it was supposed to write out to and make sure it recorded everything we flagged.
Your output should be saved in the home directory.
Hm...everything looks good here. I think our mission is complete.
Comrade dmitry is just one tool in the arsenal of big brother. Join me next week for our next tutorial...which will surely shock you.
--If you find any errors in my tutorials - either technical or grammatical- please let me know.
The ripper has taken another victim
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
3 Comments
So I'm sort of a noob but if there's a buffer flow doesn't that mean that the site is vulnerable to arbitrary command injection?
I have taken a hiatus from ethical hacking but I am pretty sure it has something to do with the program itself.
its working....amazing
Share Your Thoughts