Here is a list of tools and resources we’ve found that will aid us in learning more about Pentesting. Hopefully it will lead to some success in future Capture The Flag competitions:

  • Ciphers
    • is a great tool for cracking ciphers.
    • Quipqqiup is very useful cryptogram solver.
  • General Hacking
  • Networking:
    • Wireshark – network packet scanning tool, it’s a great way to see what’s actually traveling through the network.
    • Nmap and ZenMap – is an awesome tool for crawling a networking and enumerating all the devices attached to it, the OS they are running, and all the applications open on them.
    • SPARTA Network Penetration Testing Tool.
  • Passwords & cracking:
    • John The Ripper – this is a password cracker that takes a clear text dictionary file and a hashed password file as input. It then reports dictionary entries whose hashes align with those in the password file by userid. It’s designed to find weak passwords.
    • THC Hydra – like John the Ripper you pass hydra a clear text dictionary file, then a userid, the application and system you want to break into. Hydra will then leverage what it knows about that application’s retry count, and try all the dictionary passwords against it using the ID provided until it achieves success or runs out of passwords to try.
  • Website hacking:
    • Nikto – is a website vulnerability scanner checking for a wide range of exposures from 6,700 potentially dangerous files/programs, 1,250 outdated server versions, and 270 specific server issues.
    • SQL Injections – Ian found this useful link.