In the second part of the first phase of a penetration test, active information gathering, it’s important to map as accurate as possible the network of you target. To find live hosts there is a technique called ping sweep. Different tools exist to perform that task.


A single ping can give you the ip address of the target, the ttl and the time. However since the method is based on ICMP requests, the target could be configured to block or trash them… With a simple bash script, you can loop throught a range of ip address to test them all:


for ip in $(seq 200 220); do
  ping -c 1 192.168.11.$ip | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f1 &

The -c option is configured to only send 1 request. The grep is used to display only the host who respond to the request (and supposed alive) and finally cut is used for a nice display. Notice the & at the end of the line, it’s very usefull pto paralellize tasks and make the script faster. Here is the result:

ping sweep ping


Captchas are usually used to prevent robots to make an action instead of humans. It should add an extra layer of security but badly configured it could lead to unauthorized access…

When you try to submit the form without providing a captcha code, you get the following error:

dvwa captcha error


Try to submit an empty password and take a look to the HTTP request and her parameters, you can notice the strange variable step:

dvwa captcha low

This variable is the step in the change password functionnality. So if you simply change it to 2 and replay the request with this new value, it works perfectly.


Hacker Test is an online hacker simulation. 20 levels to test your PHP, HTML and Javascript knowledge. Below the solution of the first ten.

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.

Level 1

In the source code we can see the following JavaScript lines:

var a="null";

function check()
  if (document.a.c.value == a) {
  } else {
    alert ("Try again");

The value of the password input named c is compared with the variable a, which has a null value. This is the password: null


I recently worked with a well known web agency in France. They have a good reputation, they were rewarded last year for their good works and they are in the top 40 of the best french agencies. 

However I was terribly surprised to find many basic errors/misconfiguration on their own site: error_reporting enable,  SQL injection and finally a “private” admin section reachable with a simple couple of demo/demo as credentials…

Such vulnerability can be dangerous when using common login/password and it can be even deadly if the discovered user has high privileges. It was true in this situation: mail contact, articles, resumes, photos everything was alterable.

Below the good practice to create a strong password.

The rules

  • must be at least 8 characters
  • must be different than your previous password
  • must NOT be related to your username
  • must NOT contain any recognizable word

While performing a pentest the information gathering phase is the most important, it’s the key of a successful test. The DNS is very great source of informations, whith some simple queries you will be able to grab usefull datas about the domain you are targeting. The host command is a very powerful DNS lookup utility which is present in all Linux distribution.

For the examples, I will use a domain which allows that kind of query at this moment.

Basic usage

As the man says, host is normally used to convert names to IP addresses and vice versa:

DNS enumeration host basic

If the domain doesn’t exist, you will meet that message: Host not found: 3(NXDOMAIN)

If the ip doesn’t point anywhere, you will get this message: Host not found: 3(NXDOMAIN)