Stealth2
-
Posts
347 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Stealth2
-
-
Nu e bug cunoscatorule.
-
Dark.... VIP members Au ei rezerve.
-
Hey there web pentesting enthusiasts! For today’s post, I decided to share my very own lists of common vulnerable web applications that are built by man and tested by nature for web penetration testing and hacking:
DVWA (Dam Vulnerable Web Application) - this vulnerable PHP/MySQL web application is one of the famous web applications used for or testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst a.k.a ethicalhack3r and is part of RandomStorm OpenSource project. Link: http://www.dvwa.co.uk
Mutillidae - is a free and open source web application for website penetration testing and hacking which was developed by Adrian “Irongeek” Crenshaw and Jeremy “webpwnized” Druin. It is designed to be exploitable and vulnerable and ideal for practicing your Web Fu skills like SQL injection, cross site scripting, HTML injection, Javascript injection, clickjacking, local file inclusion, authentication bypass methods, remote code execution and many more based on OWASP (Open Web Application Security) Top 10 Web Vulnerabilties Link: http://sourceforge.net/projects/mutillidae
SQLol - is a configurable SQL injection testbed which allows you to exploit SQLI (Structured Query Language Injection) flaws, but furthermore allows a large amount of control over the manifestation of the flaw. This application was released at at Austin Hackers Association meeting 0x3f by Daniel “unicornFurnace” Crowley of Trustwave Holdings, Inc. – Spider Labs. Link: https://github.com/SpiderLabs/SQLol
Hackxor - a web application hacking game developed by albino. It is a game where players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting(XSS), Cross Site Request Forgery(CSRF), Structured Query Language Injection (SQLi), Remote Command Injection(RCE), and many more. It’s also a web application running on Fedora 14. Link: http://sourceforge.net/projects/hackxor
The BodgeIt Store - is an open source and vulnerable web application which is currently aimed at people who are new to web penetration testing. It is easy to install and requires requires java and a servlet engine, e.g. Tomcat. It includes vulnerabilities like Cross Site Scripting, SQL injection, Hidden (but unprotected) content, Debug Code, Cross Site Request Forgery, Insecure Object References, and Application logic vulnerabilities. Link: http://code.google.com/p/bodgeit
Exploit KB / exploit.co.il Vulnerable Web App - is one of the most famous vulnerable web app designed as a learning platform to test various SQL injection Techniques and it is a functional web site with a content management system based on fckeditor. This web application is also included in the BackTrack Linux 5r2-PenTesting Edition lab. Link: http://exploit.co.il/projects/vuln-web-app
WackoPicko - is a vulnerable web application written by Adam Doupé. It contains known and common vulnerabilities for you to harness your web penetration skills and knowledge like XSS vulnerabilities, SQL injections, command-line injections, sessionID vulnerabilities, file inclusions, parameters manipulation, Reflected XSS Behind JavaScript, Logic Flaw, Reflected XSS Behind a Flash Form, and Weak usernames or passwords. It was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners. Link: https://github.com/adamdoupe/WackoPicko
WebGoat -is an OWASP project and a deliberately insecure J2EE web application designed to teach web application security lessons and concepts. What’s cool about this web application is that it lets users demonstrate their understanding of a security issue by exploiting a real vulnerability in the application in each lesson. Link: http://code.google.com/p/webgoat
OWASP Hackademic Challenges Project - is another OWASP Project that helps you test your knowledge on web application security. You can use it to attack web applications in a realistic but also controlable and safe environment. Currently, there are 10 web application security scenarios available for you to hack. Link: https://code.google.com/p/owasp-hackademic-challenges
XSSeducation – is a set of Cross Site Scripting attack challenges for people just learning about XSS to people who just want a good place to practice their already awesome skills. Various realistic challenges have been included for practice and it is still under development by AJ00200 but can already be dowloaded.
Link: http://wiki.aj00200.org/wiki/XSSeducation
Poate v? ajut? s? nu mai face?i prostii.
- 1
-
Ba ? Ce p mea e aici? terminati cu prostiile astea. Nu mai poate omul sa doarma pana la ora 14 ca faceti voi 14.000 de threaduri. Ati facut bataturi de la laba, acum vreti sa faceti si de la scris
-
Nu ma
Pax nu mai e cum era inainte.
Dar cum e? Lamureste-ma! Sunt curios.
-
Dupa modul de exprimare a astora de la antisecRO seamana foarte mult cu paxnWo. Poate ma insel!
-
Incetati cu Flamming-ul & Offtopic-ul in thread-ul asta ca incep sa dau BAN-uri!
-
Ce pula mea faci ma? Imi futusi si mie un XSS.
-
si care e show-off-ul?
-
Am zis special 'approved'. Adica e OK 'concursul'. Nu ma interesa / intereseaza.
-
Approved.
-
3. Alt prost.
-
Faci ce vrea pula ta. Nu ne pasa daca vrei sau nu sa iti pierzi conturile.
-
Ar fi bine cum zici tu, eu stiu mai bine ce spun. Vei fi platit numai daca e ceva foarte evident, adica ca la prosti. Chiar si asa, iti pot spune ca a fost gasita / raportata de altcineva inaintea ta.
-
O sa-si i-a maxim o pula. Am explicat de N ori ca nu o sa primiti ceva decat daca sunteti mai "publici".
-
Am in sfarsit si eu cont pe FaceBook: TinKode (Lazy but Smart) | Facebook -
Nu cred ca am sa ma ocup eu de el avand in vedere ca urasc site-ul asta! Sa vedem unde ajunge!
Da-ti Like dinala sau cum pula mea e...
-
Rezolvat. Thread closed.
-
Cred ca m-am inselat. E aia.
-
e in 98-2000. era tanara si putin cunoscuta.
-
Dami un site unde sal urc...
megaupload.
-
Til descarc eu acum...dami Pm cu id tau de mess
Urca-l undeva si da-mi PM.
-
L-am gasit: Uložto - Adriana Bahmuteanu la Snagov - Porno.avi
Care il poate descarca?
-
Am nevoie. Restul nu conteaza.
-
Era odata un film porno cu adriana bahmuteanu pe hub-urile de dc++ cand era mai tanara. Filmul parca e filmat in snagov la o vila. Il mai are careva ca am nevoie de el cat mai repede.
Romania, te iubesc! - Hackerville [Emisiune Full]
in Stiri securitate
Posted · Edited by Stealth2
Am a?teptat pu?in s? ar?t ce efect de turm? poate exista pe RST. P?rerea mea personal? ar fi aceea ca ?ia care nu au f?cut mai nimic, care critic? c? sunt o nonvaloare, care î?i permit s? îmi dea mie lec?ii de via?? despre ce ar trebui s? fac, c? ei ?tiu programare, c? au de zeci de ori mai multe cuno?tin?e ca mine, sau c? nu trebuia s? caut faim?... le-a? trasmite s? se uite în oglind?.
Voi ??tia care sunte?i în umbr?, ce a?i realizat? Cu ce a?i ie?it în eviden??? A?i creat voi ceva revolu?ionar de v? sim?i?i capabili s? jigni?i ?i s? aduce?i injurii? Nu cred. Sunte?i doar ni?te copii plini de invidie. A fost pur ?i simplu o emisiune cu persoane care au f?cut anumite lucruri ?i care au primit o ofert? de a lua parte la reportaj s? î?i spun? povestea. Da. Eu am una. TU AI?
Acum o s? vin? unu, si o s? spun? c? eu îmi doresc ca to?i s? m? pupe în "pe obraz", dar sincer, aici o face vreunul? Adic? e anormal s? fii mândru c? cineva ?i-a pus ?ara pe hart? într-un domeniu, dar e normal s? îl jignim, s? ne d?m noi to?i super de?tep?i. În loc s? existe sus?inere între voi, s? face?i România cât mai cunoscut?, s? v? mândri?i c? sunte?i români, voi v? înjura?i s? p?re?i ni?te vulturi, dar defapt sunte?i doar ni?te g?ini. Sunt dezgustat maxim.
Acum, ElGriffin sau Benny_Loppa, cum ?i-am mai repetat de c?teva ori. De ce tot încerci s? ar??i lumii ceva ce nu e adev?rat? Ce ai de câ?tigat? Te sim?i în al nou?lea cer c? î?i dau dreptate cei care posteaz? de pe alte conturi c? nu au curaj de pe cel oficial?
Sincer mai exist? ?i www.archive.org... ca s? se verifice dac? ai dreptate sau nu.
MSN - Nu am g?sit doar XSS. Am luat access la servere de ale lor. La baze de date. La Yahoo, acela?i lucru, am avut peste 4 subdomenii. În HoF Google, nu am ajuns pentru XSS, sau vulnerabilit??i derivate din XSS. Youtube. Da a fost un XSS. Dar acea vulnerabilitate de tip XSS (permanent) a fost numit? cea mai grav? din istoria YouTube-ului. Iar la Apple.com - Aveam access la DB, sau Root access!
?i ca s? evit?m din nou reply-urile în care spui c? mint, verific? cu site-ul subliniat anterior vechiile mele bloguri.
Sincer, înceta?i s? mai fi?i penibili.