Monday, 18. July 2011
Wordlist Generator
This a a pretty pimp little tool that will help you build effiencent password cracking dictionaries:

http://code.google.com/p/l517/

Permalink

 


TinyBrowser - Code Execution
-------------------------
Affected products:
-------------------------

Vulnerable are TinyBrowser v1.42 and previous versions (and all web
applications which are using it, such as TinyMCE). Developer fixed these
holes in the next version 1.43 already in February, after my informing, but
this version still was not released. So contact developer for new version.

----------
Details:
----------

Code Execution (WASC-31):

Execution of arbitrary code is possible due to bypass of program's security
filters (on web servers IIS and Apache).

Code will execute via file uploading. Program is vulnerable to three methods
of code execution:

1. Via using of symbol ";" (1.asp;.txt) in file name (IIS).

2. Via "1.asp" in folder name (IIS).

3. Via double extension (1.php.txt) (Apache with special configuration).


by
MustLive

Permalink

 


CryptoBin - Secure Pastebin
"CryptoBin is a secure pastebin service with origins dating back to 2005 as a privately used project. After noticing the lack of a public secure, stable and clean pastebin service, CryptoBin was re-coded and launched publicly in May 2011."

Source
https://cryptobin.org/

Permalink

 


Damn Small SQLi Scanner - Python
Source
http://pastebin.com/dRe1wn3g

Permalink

 


4shared.com, Multiupload, Fileserve, Speedyshare..... – XSS
4shared.com does not filter their filename input which allows us to inject HTML code into the filename variable, being shown on the “Upload succes” page. This page is (by going to the page’s URL) viewable for other people as well. I’m not sure how long this page remains visible.

This kind of XSS probably works at a lot more upload services (as proven below)!

Source
http://pastebin.com/Yx8qihha

Permalink

 


Blackhole exploit - Java
Blackhole exploit kit domain generation algorithm of SInowal

Source
http://pastebin.com/p7DAvPAj

Permalink

 


OWASP Appsec Tutorial Series - Cross Site Scripting (XSS)

Permalink

 


Security Concepts - online Book
"This is an online book about computer, network, technical, physical, information and cryptographic security. It is a labor of love, incomplete until the day I am finished."

Book
http://www.subspacefield.org/security/security_concepts/index.html

Permalink

 


A summary of PDF tricks
This is a summary of PDF tricks, either based on data encodings, JavaScript, or PDF structure.

Source
http://code.google.com/p/corkami/wiki/PDFTricks

Permalink

 


AntiSecShell - PHP SHELL
"AntiSecShell(ASS) was built by the underground hacking communityand groups like h0no, ac1db1tch3z and others who wish to remain anonymous, have helped altogether to create this new shell. It has many functions but most important of all - it bypasses ALL security of web servers. It is not only a php shell it is a symbol of
freedom and the anti-sec movement which we, the hacking underground, approve and support. Await more news from us,wh173h475 ph33r u5"

Source
http://pastebin.com/aWenLZxr

Permalink

 


NMapSi4 v0.2.86 Alpha2
“NmapSi4 is a complete Qt-based Gui with the design goals to provide a complete nmap interface for users, in order to management all options of this powerful security net scanner!“

Download
http://code.google.com/p/nmapsi4/downloads/list

Nmap Free Security Scanner For Network Exploration & Hacking
http://nmap.org/

Permalink

 


Windows XP die in 1000 days
Finally, the count down begins for Windows XP. The software giant Microsoft said that it will stop support for Windows XP, the world's most popular operating system, after three years.

Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.

Permalink

 


Picture Editor - Online
Source
http://pixlr.com/editor/

Permalink

 


How to write an Exploit
Part 1
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part1.pdf
Part 2
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part2.pdf
Part 3
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part3.pdf
Part 4
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part4.pdf
Part 5
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part5.pdf
Part 6
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part6.pdf
Part 7
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part7.pdf
Part 8
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part8.pdf

by corelanc0d3r

Permalink

 


Blind Sql Injection with Regular Expressions
Download PDF
http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf

by IHTeam

Permalink

 


Generator XSS
Source
http://translate.googleusercontent.com/translate_c?hl=en&rurl=translate.google.com&sl=uk&tl=en&u=http://websecurity.com.ua/xss_generator/&usg=ALkJrhh699gbDJD7X7rSoHNSC4_gIbxn6Q

Permalink

 


Javascript html redirection - Java
Source
http://pastebin.com/EMY6RJK3

Permalink