background preloader

How to Hack a Web Site - Dr. Susan Loveland - Lunchtime Talks in Science and Mathematics

How to Hack a Web Site - Dr. Susan Loveland - Lunchtime Talks in Science and Mathematics

The Elite Hackers Site - By Schiz0id - Learn how to become an elite hacker today! XSS (Cross Site Scripting) Cheat Sheet Last revision (mm/dd/yy): 07/4/2018 This cheat sheet lists a series of XSS attacks that can be used to bypass certain XSS defensive filters. Please note that input filtering is an incomplete defense for XSS which these tests can be used to illustrate. Basic XSS Test Without Filter Evasion This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here): XSS Locator (Polygot) The following is a "polygot test XSS payload." javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> Image XSS using the JavaScript directive Image XSS using the JavaScript directive (IE7.0 doesn't support the JavaScript directive in context of an image, but it does in other contexts, but the following show the principles that would work in other tags as well: No quotes and no semicolon Case insensitive XSS attack vector HTML entities Malformed A tags <! <!

Top 15 Security/Hacking Tools & Utilities 1. Nmap I think everyone has heard of this one, recently evolved into the 4.x series. Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. Can be used by beginners (-sT) or by pros alike (–packet_trace). Get Nmap Here 2. Recently went closed source, but is still essentially free. Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Get Nessus Here 3. Yes, JTR 1.7 was recently released! John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. You can get JTR Here 4. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Get Nikto Here 5. Get SuperScan Here 6. p0f 7. 8.

64 Things Every Geek Should Know « If you consider yourself a geek, or aspire to the honor of geekhood, here’s an essential checklist of must-have geek skills. The term ‘geek’, once used to label a circus freak, has morphed in meaning over the years. What was once an unusual profession transferred into a word indicating social awkwardness. As time has gone on, the word has yet again morphed to indicate a new type of individual: someone who is obsessive over one (or more) particular subjects, whether it be science, photography, electronics, computers, media, or any other field. A techie geek is usually one who knows a little about everything, and is thus the person family and friends turn to whenever they have a question. USB – Universal Serial BusGPU – Graphics Processing UnitCPU – Central Processing UnitSATA – Serial ATAHTML – Hyper-text Markup LanguageHTTP – Hypertext Transfer ProtocolFTP – File Transfer ProtocolP2P – Peer-to-peer sharing (See 2. 1. 3. Here’s what one looks like: 4. 5.

Network Monitoring Tools Les Cottrell, SLAC. Last Update: December 14, 2015 ESnet | ESCC | PinGER Internet monitoring | Tutorial This is a list of tools used for Network (both LAN and WAN) Monitoring tools and where to find out more about them. The audience is mainly network administrators. You are welcome to provide links to this web page. Please do not make a copy of this web page and place it at your web site since it will quickly be out of date. Introduction [Contents] We welcome corrections such as identifying broken links (especially if you can provide an alternate/update), since over the years companies are absorbed by others, disappear, split up, change their web site etc. Suggesting Additions/Corrections etc. This is a volunteer, unfunded effort. Commercial Monitoring Tools, not integrated with an NMP [Contents] Public Domain or Free Network Monitoring Tools [Contents]