... neuere Einträge
Friday, 10. February 2012
Indianapolis Superbowl 2012 - SQL
Am Friday, 10. Feb 2012 im Topic 'Vulnerabilities'
Details:
========
1.1
A SQL Injection vulnerability is detected on the official website of Indianapolis Superbowl 2012 (US).
Remote attackers can execute own sql commands via remote orber by sql injection.
Vulnerable Modul(s):
[+] downloadRelease.php?id=
1.2
A blind SQL Injection vulnerability is detected on the official website of Indianapolis Superbowl 2012 (US).
Remote attackers can execute own sql commands via remote blind sql injection.
Vulnerable Modul(s):
[+] event-detail/?id=
by
Alexander Fuchs (f0x23)
========
1.1
A SQL Injection vulnerability is detected on the official website of Indianapolis Superbowl 2012 (US).
Remote attackers can execute own sql commands via remote orber by sql injection.
Vulnerable Modul(s):
[+] downloadRelease.php?id=
1.2
A blind SQL Injection vulnerability is detected on the official website of Indianapolis Superbowl 2012 (US).
Remote attackers can execute own sql commands via remote blind sql injection.
Vulnerable Modul(s):
[+] event-detail/?id=
by
Alexander Fuchs (f0x23)
androguard - Android
Am Friday, 10. Feb 2012 im Topic 'Android'
Androguard (Android Guard) is a tool written in python which helps us to analyze, display, modify and save your apps easily and statically by creating your own software (by using the API), or by using the tool (androlyze) in command line. This tool is useful when you would like to do reverse engineering on a specific application (e.g : malware).
Download
http://code.google.com/p/androguard/downloads/list
Download
http://code.google.com/p/androguard/downloads/list
(IN)SECURE Magazine Issue 33
Am Friday, 10. Feb 2012 im Topic 'Books change the World'
Securing Android: Think outside the box
Interview with Joe Sullivan, CSO at Facebook
White hat shellcode: Not for exploits
Using mobile device management for risk mitigation in a heterogeneous environment
Metasploit: The future of penetration testing with HD Moore
Using and extending the Vega open source web security platform
Next-generation policies: Managing the human factor in security
Download PDF
http://www.net-security.org/dl/insecure/INSECURE-Mag-33.pdf
Interview with Joe Sullivan, CSO at Facebook
White hat shellcode: Not for exploits
Using mobile device management for risk mitigation in a heterogeneous environment
Metasploit: The future of penetration testing with HD Moore
Using and extending the Vega open source web security platform
Next-generation policies: Managing the human factor in security
Download PDF
http://www.net-security.org/dl/insecure/INSECURE-Mag-33.pdf
ClubHACK Magazine February 2012
Am Friday, 10. Feb 2012 im Topic 'Books change the World'
Tech Gyan: Exploiting Remote System without Being Online
This paper demonstrates unique kind of communication technique between attacker machine and victim machine during the exploitation of any victim system. Usually, while an attacker exploits the remote system and gets the remote command prompt (remote shell), attacker is only able to execute commands till the session from the remote machine is opened (established). While exploiting the system in a normal way, attacker and the victim system both should be online, if attacker wants to execute some commands in remote machine (Victim Machine).
Legal Gyan: Liability of Intermediaries under the Information Technology Act
Recently Delhi high court has summoned Google, Facebook and Twitter to remove objectionable content from their website within the prescribed time period failing to which may result into blocking of the websites in India. I will be a fool to copy this from pentestit. So the question which triggers is What is the liability of the intermediaries like Google, Facebook and Twitter under Indian law?
Tool Gyan: Cain and Abel – The Black Art of ARP Poisoning
Cain and Abel is windows based password recovery tool available as a freeware and maintained by Massimiliano Montoro. It supports wide features to recover passwords varying from Local Area Network to various routing protocols as well as provides intelligent capability to recover cached passwords and encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks.
Matriux Vibhag: Introduction to Skipfish
Skipfish is an active web application security reconnaissance tool written and maintained by Michal Zalewski (@lcamtuf). Skipfish is one of the fastest webscanners available which spiders using the wordlists, a very powerful web scanning tool with a simple implementation. In Matriux Skipfish can be found in the arsenal under Arsenal ->Framework -> Skipfish
Mom’s Guide: Firewall 101
Today we are exposed to innumerable threats online. Firewalls act as the first line of defense for securing our network against these threats. Firewall could be a program or a device or group of devices used to control the traffic flow. The basic principle that Firewall uses to control this communication is ‘Access Rules’. It maintains an access rule table and every time a packet comes in or goes out, Firewall refers to this table. It only allows authorized traffic and blocks the unwanted packets.
Download PDF
http://chmag.in/issue/feb2012.pdf
This paper demonstrates unique kind of communication technique between attacker machine and victim machine during the exploitation of any victim system. Usually, while an attacker exploits the remote system and gets the remote command prompt (remote shell), attacker is only able to execute commands till the session from the remote machine is opened (established). While exploiting the system in a normal way, attacker and the victim system both should be online, if attacker wants to execute some commands in remote machine (Victim Machine).
Legal Gyan: Liability of Intermediaries under the Information Technology Act
Recently Delhi high court has summoned Google, Facebook and Twitter to remove objectionable content from their website within the prescribed time period failing to which may result into blocking of the websites in India. I will be a fool to copy this from pentestit. So the question which triggers is What is the liability of the intermediaries like Google, Facebook and Twitter under Indian law?
Tool Gyan: Cain and Abel – The Black Art of ARP Poisoning
Cain and Abel is windows based password recovery tool available as a freeware and maintained by Massimiliano Montoro. It supports wide features to recover passwords varying from Local Area Network to various routing protocols as well as provides intelligent capability to recover cached passwords and encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks.
Matriux Vibhag: Introduction to Skipfish
Skipfish is an active web application security reconnaissance tool written and maintained by Michal Zalewski (@lcamtuf). Skipfish is one of the fastest webscanners available which spiders using the wordlists, a very powerful web scanning tool with a simple implementation. In Matriux Skipfish can be found in the arsenal under Arsenal ->Framework -> Skipfish
Mom’s Guide: Firewall 101
Today we are exposed to innumerable threats online. Firewalls act as the first line of defense for securing our network against these threats. Firewall could be a program or a device or group of devices used to control the traffic flow. The basic principle that Firewall uses to control this communication is ‘Access Rules’. It maintains an access rule table and every time a packet comes in or goes out, Firewall refers to this table. It only allows authorized traffic and blocks the unwanted packets.
Download PDF
http://chmag.in/issue/feb2012.pdf
Wifi Protector - Android
Am Friday, 10. Feb 2012 im Topic 'Android'
Wifi Protector protects our phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via “Man In The Middle” through ARP spoofing / ARP poisoning.
Download
https://market.android.com/details?id=com.gurkedev.wifiprotector
Download
https://market.android.com/details?id=com.gurkedev.wifiprotector
THC-HYDRA - Network login Bruteforcer
Am Friday, 10. Feb 2012 im Topic 'Tools'
Hydra is best for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus.
Download
http://www.thc.org/releases/hydra-7.2-src.tar.gz
Download
http://www.thc.org/releases/hydra-7.2-src.tar.gz
Trixd00r - TCP/IP based backdoor
Am Friday, 10. Feb 2012 im Topic 'Tools'
It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP.
Download
http://www.nullsecurity.net/tools/trixd00r-0.0.1.tar.gz
Download
http://www.nullsecurity.net/tools/trixd00r-0.0.1.tar.gz
... ältere Einträge