Saturday, 19. May 2012
web-sorrow - Linux
A perl based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. I will build more Functionality in the future. what is's NOT: Vulnerably scanner, inspection proxy, DDoS tool, exploitation framework. It's entirely focused on Enumeration and collecting Info on the target server

EXAMPLES:

basic: perl Wsorrow.pl -host scanme.nmap.org -S

look for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth

CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I

most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e -ua "I come in peace"

Download
http://code.google.com/p/web-sorrow/downloads/list

Permalink

 


ClubHACK Magazine May 2012
Contents:

Tech Gyan: Steganography over converted channels
Security and privacy have been a concern for people for centuries. Whether it is private citizens, governments, military, or business, it seems everyone has information that needs to be kept private and out of the hands of unintended third parties. Information wants to be free but it is necessary to keep information private. That need has come about because governments have sensitive information, corporations send confidential financial records, and individuals send personal information to others and conduct financial transactions online. Information can be hidden so it cannot be seen. The information can also be made undecipherable. This is accomplished using steganography and cryptography.
Legal Gyan: Section 66C – Punishment for identity theft
The term identity theft was coined in 1964. However, it is not literally possible to steal an identity so the term is usually interpreted with identity fraud or impersonation. Identity Theft is a form of stealing someone’s identity by pretending to be someone else typically in order to access resources or obtain credit and other benefits in that person’s name.
Tool Gyan: Kautilya
One liner about Kautilya – Kautilya is a toolkit which makes it easy to use USB Human Interface Device (like Teensy++), in breaking into a system. Now let’s understand what does that mean. First let’s understand Teensy++ (I will use Teensy for Teensy++ from now on). It is a USB HID which could be used as a programmable keyboard, mouse, joystick and serial monitor. What could go wrong? Imagine a programmable keyboard, which when connected to a system types out commands pre-programmed in it. It types faster than you and makes no mistakes. It can type commands and scripts and could use an operating system against itself, that too in few seconds. If you can program the device properly keeping in mind most of the possibilities and quirks it could be a really nice pwnage device.
Matriux Vibhag: How to enable WiFi on Matriux running inside VMWare
One of the most commonly asked question on Matriux forums and IRC is how to enable and work with WiFi on a Matriux instance running inside VMWare or any other virtualization software. This tutorial will take you step by step on how to do that. For this tutorial, I am running VMware® Workstation on a Windows 7 Enterprise N Edition which is my Host machine. The Matriux is (obviously) my guest operating system running “Krypton” v1.2. I am using a D-Link DWA-125 Wireless N 150 USB Adapter for this tutorial.
Mom’s Guide: HTTPS (Hyper Text Transfer Protocol Secure)
Hypertext Transfer Protocol (HTTP) is a protocol where communication happens in clear text. To ensure authenticity, confidentiality and integrity of messages Netscape designed HTTPS protocol. Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol (HTTP) with the SSL (Secure socket layer)/TLS (Transport layer security) protocol. It provides encrypted communication and secure identification of a network web server. HTTPS encrypts and decrypts the page requests and page information between the client browser and the web server using a secure Socket Layer (SSL). HTTPS by default uses port 443 as opposed to the standard HTTP port of 80. URL’s beginning with HTTPS indicate that the connection between client and browser is encrypted using SSL.
Code Gyan: Don’t Get Injected – Fix Your Code
When I began doing security review for web applications, one common issue that I encountered was ‘SQL Injection’. Developers used to pose several questions at me saying that their software is secure as they had followed several measures to mitigate this insidious issue. The main mitigation adopted was to use Stored Procedures or input validation. While this does reduce certain type of Injections, It doesn’t prevent all. In this article, I will explain what SQL Injection is and what one can do to prevent it.

Download
http://chmag.in/issue/may2012.pdf

Permalink