... neuere Einträge
Monday, 18. July 2011
Wordlist Generator
Am Monday, 18. Jul 2011 im Topic 'Dictionaries & Wordlists '
This a a pretty pimp little tool that will help you build effiencent password cracking dictionaries:
http://code.google.com/p/l517/
http://code.google.com/p/l517/
TinyBrowser - Code Execution
Am Monday, 18. Jul 2011 im Topic 'Vulnerabilities'
-------------------------
Affected products:
-------------------------
Vulnerable are TinyBrowser v1.42 and previous versions (and all web
applications which are using it, such as TinyMCE). Developer fixed these
holes in the next version 1.43 already in February, after my informing, but
this version still was not released. So contact developer for new version.
----------
Details:
----------
Code Execution (WASC-31):
Execution of arbitrary code is possible due to bypass of program's security
filters (on web servers IIS and Apache).
Code will execute via file uploading. Program is vulnerable to three methods
of code execution:
1. Via using of symbol ";" (1.asp;.txt) in file name (IIS).
2. Via "1.asp" in folder name (IIS).
3. Via double extension (1.php.txt) (Apache with special configuration).
by
MustLive
Affected products:
-------------------------
Vulnerable are TinyBrowser v1.42 and previous versions (and all web
applications which are using it, such as TinyMCE). Developer fixed these
holes in the next version 1.43 already in February, after my informing, but
this version still was not released. So contact developer for new version.
----------
Details:
----------
Code Execution (WASC-31):
Execution of arbitrary code is possible due to bypass of program's security
filters (on web servers IIS and Apache).
Code will execute via file uploading. Program is vulnerable to three methods
of code execution:
1. Via using of symbol ";" (1.asp;.txt) in file name (IIS).
2. Via "1.asp" in folder name (IIS).
3. Via double extension (1.php.txt) (Apache with special configuration).
by
MustLive
CryptoBin - Secure Pastebin
Am Monday, 18. Jul 2011 im Topic 'News'
"CryptoBin is a secure pastebin service with origins dating back to 2005 as a privately used project. After noticing the lack of a public secure, stable and clean pastebin service, CryptoBin was re-coded and launched publicly in May 2011."
Source
https://cryptobin.org/
Source
https://cryptobin.org/
Damn Small SQLi Scanner - Python
Am Monday, 18. Jul 2011 im Topic 'Source Code'
Source
http://pastebin.com/dRe1wn3g
http://pastebin.com/dRe1wn3g
4shared.com, Multiupload, Fileserve, Speedyshare..... – XSS
Am Monday, 18. Jul 2011 im Topic 'Vulnerabilities'
4shared.com does not filter their filename input which allows us to inject HTML code into the filename variable, being shown on the “Upload succes” page. This page is (by going to the page’s URL) viewable for other people as well. I’m not sure how long this page remains visible.
This kind of XSS probably works at a lot more upload services (as proven below)!
Source
http://pastebin.com/Yx8qihha
This kind of XSS probably works at a lot more upload services (as proven below)!
Source
http://pastebin.com/Yx8qihha
Blackhole exploit - Java
Am Monday, 18. Jul 2011 im Topic 'Source Code'
OWASP Appsec Tutorial Series - Cross Site Scripting (XSS)
Am Monday, 18. Jul 2011 im Topic 'Tutorials'
Security Concepts - online Book
Am Monday, 18. Jul 2011 im Topic 'Books change the World'
"This is an online book about computer, network, technical, physical, information and cryptographic security. It is a labor of love, incomplete until the day I am finished."
Book
http://www.subspacefield.org/security/security_concepts/index.html
Book
http://www.subspacefield.org/security/security_concepts/index.html
A summary of PDF tricks
Am Monday, 18. Jul 2011 im Topic 'Pentest'
This is a summary of PDF tricks, either based on data encodings, JavaScript, or PDF structure.
Source
http://code.google.com/p/corkami/wiki/PDFTricks
Source
http://code.google.com/p/corkami/wiki/PDFTricks
AntiSecShell - PHP SHELL
Am Monday, 18. Jul 2011 im Topic 'Source Code'
"AntiSecShell(ASS) was built by the underground hacking communityand groups like h0no, ac1db1tch3z and others who wish to remain anonymous, have helped altogether to create this new shell. It has many functions but most important of all - it bypasses ALL security of web servers. It is not only a php shell it is a symbol of
freedom and the anti-sec movement which we, the hacking underground, approve and support. Await more news from us,wh173h475 ph33r u5"
Source
http://pastebin.com/aWenLZxr
freedom and the anti-sec movement which we, the hacking underground, approve and support. Await more news from us,wh173h475 ph33r u5"
Source
http://pastebin.com/aWenLZxr
NMapSi4 v0.2.86 Alpha2
Am Monday, 18. Jul 2011 im Topic 'Tools'
“NmapSi4 is a complete Qt-based Gui with the design goals to provide a complete nmap interface for users, in order to management all options of this powerful security net scanner!“
Download
http://code.google.com/p/nmapsi4/downloads/list
Nmap Free Security Scanner For Network Exploration & Hacking
http://nmap.org/
Download
http://code.google.com/p/nmapsi4/downloads/list
Nmap Free Security Scanner For Network Exploration & Hacking
http://nmap.org/
Windows XP die in 1000 days
Am Monday, 18. Jul 2011 im Topic 'News'
Finally, the count down begins for Windows XP. The software giant Microsoft said that it will stop support for Windows XP, the world's most popular operating system, after three years.
Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.
Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.
Picture Editor - Online
Am Monday, 18. Jul 2011 im Topic 'Tools'
Source
http://pixlr.com/editor/
http://pixlr.com/editor/
How to write an Exploit
Am Monday, 18. Jul 2011 im Topic 'Tutorials'
Part 1
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part1.pdf
Part 2
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part2.pdf
Part 3
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part3.pdf
Part 4
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part4.pdf
Part 5
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part5.pdf
Part 6
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part6.pdf
Part 7
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part7.pdf
Part 8
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part8.pdf
by corelanc0d3r
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part1.pdf
Part 2
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part2.pdf
Part 3
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part3.pdf
Part 4
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part4.pdf
Part 5
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part5.pdf
Part 6
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part6.pdf
Part 7
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part7.pdf
Part 8
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part8.pdf
by corelanc0d3r
Blind Sql Injection with Regular Expressions
Am Monday, 18. Jul 2011 im Topic 'Tutorials'
Generator XSS
Am Monday, 18. Jul 2011 im Topic 'Vulnerabilities'
Javascript html redirection - Java
Am Monday, 18. Jul 2011 im Topic 'Source Code'
Source
http://pastebin.com/EMY6RJK3
http://pastebin.com/EMY6RJK3
Sunday, 17. July 2011
Guide to XSS
Am Sunday, 17. Jul 2011 im Topic 'Tutorials'
XSS aka Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code which is then executed within the victim's browser when the target site vulnerable to and injected with XSS is viewed. The script-code can be any language supported by the browser but mostly HTML and Javascript is used along with embedded Flash, Java or ActiveX.
In some cases where the XSS vulnerability is persistent as described further below, the attacker will not have to craft a link as the injected script is inserted directly into the target site and / or web application. The target user(s) still has to view the affected site / page where the injected code is located though.
Source
http://pastebin.com/X35W0tkD
by
MaXe
In some cases where the XSS vulnerability is persistent as described further below, the attacker will not have to craft a link as the injected script is inserted directly into the target site and / or web application. The target user(s) still has to view the affected site / page where the injected code is located though.
Source
http://pastebin.com/X35W0tkD
by
MaXe
Creepy Geolocation Gathering Tool 0.1.94
Am Sunday, 17. Jul 2011 im Topic 'Tools'
creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation
Download
https://github.com/ilektrojohn/creepy/downloads
Download
https://github.com/ilektrojohn/creepy/downloads
PHPmyadmin Finder - Perl
Am Sunday, 17. Jul 2011 im Topic 'Source Code'
This is a simple perl script that enumerates various possible directories on a given website in order to determine whether or not a phpMyAdmin instance may be installed.
Source
http://pastebin.com/1cbN2Yfm
Source
http://pastebin.com/1cbN2Yfm
WiRouter KeyRec 1.0.8
Am Sunday, 17. Jul 2011 im Topic 'Web Security'
WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).
Download
http://tools.salvatorefresta.net/WiRouter_KeyRec_1.0.8.zip
Download
http://tools.salvatorefresta.net/WiRouter_KeyRec_1.0.8.zip
UPDATE: Malware Analyzer v3.2
Am Sunday, 17. Jul 2011 im Topic 'News'
This is the official change log for the updated release:
Added ThreatExpert for online scanning option
Packed libraries onto single executable
Improved Traces signatures
Bug Fixes
Link
http://securityxploit.blogger.de/stories/1848885/
Added ThreatExpert for online scanning option
Packed libraries onto single executable
Improved Traces signatures
Bug Fixes
Link
http://securityxploit.blogger.de/stories/1848885/
Saturday, 16. July 2011
w3af Web Application Attack and Audit Framework - Linux
Am Saturday, 16. Jul 2011 im Topic 'Pentest'
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.
Download
http://packetstormsecurity.org/files/view/101683/w3af-1.0-stable.tar.bz2
Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.
Download
http://packetstormsecurity.org/files/view/101683/w3af-1.0-stable.tar.bz2
Peepdf PDF Analyzer
Am Saturday, 16. Jul 2011 im Topic 'Pentest'
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of Spidermonkey and Libemu it provides Javascript and shellcode analysis wrappers too. It's also able to create new PDF files and to modify existent ones.
Download
http://code.google.com/p/peepdf/downloads/list
Download
http://code.google.com/p/peepdf/downloads/list
Friday, 15. July 2011
Armitage 07.12.11
Am Friday, 15. Jul 2011 im Topic 'Vulnerabilities'
“Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.“
Download
http://www.fastandeasyhacking.com/download
Metasploit
http://securityxploit.blogger.de/stories/1846661/
Download
http://www.fastandeasyhacking.com/download
Metasploit
http://securityxploit.blogger.de/stories/1846661/
UK Vodafone Phone Hacking method
Am Friday, 15. Jul 2011 im Topic 'News'
The Hacker's Choice announced a security problem with Vodafone's Mobile Phone Network today. An attacker can listen to any UK Vodafone customer's phone call. An attacker can exploit a vulnerability in 3G/UMTS/WCDMA - the latest and most secure mobile phone standard in use today. Vodafone released its femto cell to the general public. This means anyone can run his own UMTS network in his house. The box connects back via your DSL connection into their mobile network. This is an initial project to gather information about the technology and verify the security.
http://wiki.thc.org/vodafone?action=AttachFile&do=get&target=femto-backend.jpg
http://wiki.thc.org/vodafone?action=AttachFile&do=get&target=femto-backend.jpg
Skype - XSS
Am Friday, 15. Jul 2011 im Topic 'Vulnerabilities'
Skype suffers from a persistent Cross-Site Scripting vulnerability due to a lack
of input validation and output sanitization of the "mobile phone" profile entry.
Other input fields may also be affected.
Source
http://www.noptrix.net/advisories/skype_xss.txt
of input validation and output sanitization of the "mobile phone" profile entry.
Other input fields may also be affected.
Source
http://www.noptrix.net/advisories/skype_xss.txt
Thursday, 14. July 2011
RFID bootable Live Hacking System
Am Thursday, 14. Jul 2011 im Topic 'Computer Forensics'
The bootable Live RFID Hacking System contains a ready-to-use set of hacking tools for breaking and analyzing MIFARE Classic RFID cards and other well known card formats. It is built around PCSC-lite, the CCID free software driver and libnfc that gives you access to some of the most common RFID readers.
Download
http://live.openpcd.com/Fedora-15-x86_64-Live-Desktop-RFID.iso
Download
http://live.openpcd.com/Fedora-15-x86_64-Live-Desktop-RFID.iso
Chaos Computer Club releases schedule for summer camp
Am Thursday, 14. Jul 2011 im Topic 'News'
The Chaos Computer Club has released a first draft schedule of the presentations that are planned for the Chaos Communication Camp from 10 to 14 August in Finowfurt, Germany. The "flight schedule" for the presentations at the former Russian military airport's Kourou and Baikonur hangars is still rudimentary, but it does indicate where the journey is set to go: over the coming 23 years, hackers will conquer space and rebalance the flow control between the hacker metaverse and the harsh reality of life.
Presentations on rocket technology, on building solid rocket and hybrid rocket engines, on satellite communication and on research into the security of TETRA radio, demonstrate that the hackers are setting out to conquer more than just the noosphere as a communication membrane.
Another group of earth-related presentations discusses the consequences of the changes in energy policy. From the correct recyling procedure for unwanted gadgets and open source photovoltaics to building wind turbinesGerman language, creative hackers will be presented with a whole range of new research topics. The whole event is rounded off with such summery topics as sports for nerdsGerman language and the sudorific material presented by the "Post Privacy Spackeria"German language. Conventional hackers with a tendency towards security consultancy will enjoy the presentation by the OpenLeaks project, which will be tested for security vulnerabilities by every trick in the book during the camp.
On the camp site, the hackers will be staying in currently 70 villages structured along the lines of the global villages envisioned by centenarian Marshall McLuhan. Tickets for the open air event are 175 euros, reduced to only 140 euros when booked before 20 July. Those who are less than 18 earthling years of age can get in for 50 euros. A total of 3,500 tickets is available. Special rates are also available when travelling to the event by train.
(Detlef Borchers / ehe)
Add your comment
Presentations on rocket technology, on building solid rocket and hybrid rocket engines, on satellite communication and on research into the security of TETRA radio, demonstrate that the hackers are setting out to conquer more than just the noosphere as a communication membrane.
Another group of earth-related presentations discusses the consequences of the changes in energy policy. From the correct recyling procedure for unwanted gadgets and open source photovoltaics to building wind turbinesGerman language, creative hackers will be presented with a whole range of new research topics. The whole event is rounded off with such summery topics as sports for nerdsGerman language and the sudorific material presented by the "Post Privacy Spackeria"German language. Conventional hackers with a tendency towards security consultancy will enjoy the presentation by the OpenLeaks project, which will be tested for security vulnerabilities by every trick in the book during the camp.
On the camp site, the hackers will be staying in currently 70 villages structured along the lines of the global villages envisioned by centenarian Marshall McLuhan. Tickets for the open air event are 175 euros, reduced to only 140 euros when booked before 20 July. Those who are less than 18 earthling years of age can get in for 50 euros. A total of 3,500 tickets is available. Special rates are also available when travelling to the event by train.
(Detlef Borchers / ehe)
Add your comment
Small Job View
Am Thursday, 14. Jul 2011 im Topic 'Jobs'
RootRepeal – Rootkit Detector v1.3.5
Am Thursday, 14. Jul 2011 im Topic 'Malware Search'
RootRepeal is currently in public beta. Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed. There is always some risk when scanning for rootkits. Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.
Download
http://ad13.geekstogo.com/RootRepeal.rar
Download
http://ad13.geekstogo.com/RootRepeal.rar
... ältere Einträge