Access any album on any Facebook profile Hi everyone, I was creating a presentation last week covering the security risks and weaknesses of social networking websites and I found a few interesting things. The most interesting flaw I found was the poor control around access to users photo albums on Facebook, not the worlds biggest hack by a long way but still interesting. I contacted Facebook last Thursday and I never received a response so I felt it was time to post the full details on my blog. I’m going to explain below the theory behind the hack and some pictures showing it in action. aid= id= l= The aid= parameter is the album id, id= is the userid and the l= value is a random value which serves as a very poor security control. www.facebook.com/addfriend.php? The id= is the id we want, we can use this to begin building the URL to access that users album – remember we don’t need to to add them as a friend to do this. The full URL which gives us access to the album can be seen below: Dave
Eve and the Identity of Women: 7. Eve & Lilith In an effort to explain inconsistencies in the Old Testament, there developed in Jewish literature a complex interpretive system called the midrash which attempts to reconcile biblical contradictions and bring new meaning to the scriptural text. Employing both a philological method and often an ingenious imagination, midrashic writings, which reached their height in the 2nd century CE, influenced later Christian interpretations of the Bible. Inconsistencies in the story of Genesis, especially the two separate accounts of creation, received particular attention. Later, beginning in the 13th century CE, such questions were also taken up in Jewish mystical literature known as the Kabbalah. According to midrashic literature, Adam's first wife was not Eve but a woman named Lilith, who was created in the first Genesis account. Only when Lilith rebelled and abandoned Adam did God create Eve, in the second account, as a replacement. Lilith also personified licentiousness and lust. Lilith?
Challenges - ThisisLegal.com News from India on Technology, Electronics, Computers, Open Source & more: EFYTIMES.COM Hacking tools can be dangerous in the wrong hands. But, they can be just as useful for a good ethical hacker too! Monday, February 03, 2014: Hacking tools have been said to make hacking quite easy as compared to the old days. But, there is still more to being a hacker than just that. Wireless Hacking: These are tools that help you hack into wireless networks. 1. 2. 3. inSSIDer 4. Intrusion Detection Systems: Intrusion detection tools are one of the most important part of any security arrangement. 1. 2. Port Scanners 1. 2. 3. Encryption Tools: In an age where more and more governments are being found spying on their own citizens, encryption is the word of the day. 1. 2. 3. 4. 5. 6. 7. 8. Password Crackers: The name is pretty self explanatory in this case. 1. 2. 3. 4. 5. 6. 7. fgdump 8. 9. 10. 11. Packet Crafting: Packet crafting is the technique through which an attacker finds vulnerabilities or entry points within your firewall. 1. 2. 3. 4. 5. 6. 1. 2. 3. 4. 1. 2. 3. 4. dsniff 5. 1. 4. 5.
Scratch makes programming like playing with LEGO bricks In the past, many computer journalists have tried to explain advanced concepts such as object-oriented programming by comparing the activity to building applications by connecting smaller components in the same way a child assembles LEGO bricks. While early object-oriented programming environments such as Smalltalk were originally intended for children, the reality of programming never quite lived up to the simplicity of the LEGO model. That has all changed now with Scratch, a project developed by Mitchel Resnick and his associates at MIT's Lifelong Kindergarten research group. The group, recently noted by The Chronicle of Higher Education, was previously responsible for creating the popular LEGO Mindstorms series of programmable robotics kits. The designers were inspired to create Scratch because of the difficulties involved in teaching programming to young children—Scratch is designed for kids aged eight and up. The Scratch user interface.
Whitepixel breaks 28.6 billion password/sec - Zorinaq I am glad to announce, firstly, the release of whitepixel, an open source GPU-accelerated password hash auditing software for AMD/ATI graphics cards that qualifies as the world's fastest single-hash MD5 brute forcer; and secondly, that a Linux computer built with four dual-GPU AMD Radeon HD 5970 graphics cards for the purpose of running whitepixel is the first demonstration of eight AMD GPUs concurrently running this type of cryptographic workload on a single system. This software and hardware combination achieves a rate of 28.6 billion MD5 password hashes tested per second, consumes 1230 Watt at full load, and costs 2700 USD as of December 2010. The capital and operating costs of such a system are only a small fraction of running the same workload on Amazon EC2 GPU instances, as I will detail in this post. [Update 2010-12-14: whitepixel v2 achieves a higher rate of 33.1 billion password/sec on 4xHD 5970.] Software: whitepixel Overview of whitepixel That said, speed is not everything.
MSSQL Injection Cheat Sheet Some useful syntax reminders for SQL Injection into MSSQL databases… This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend. This helps to highlight any features which are lacking for each database, and enumeration techniques that don’t apply and also areas that I haven’t got round to researching yet. The complete list of SQL Injection Cheat Sheets I’m working is: I’m not planning to write one for MS Access, but there’s a great MS Access Cheat Sheet here. Some of the queries in the table below can only be run by an admin. Misc Tips In no particular order, here are some suggestions from pentestmonkey readers. From Dan Crowley:A way to extract data via SQLi with a MySQL backend From Jeremy Bae: Tip about sp_helpdb – included in table above. From Trip: List DBAs (included in table above now): select name from master..syslogins where sysadmin = ’1′
How to boost your WiFi signal with a beer can Here you will find very original tips to boost wireless signal to your computer. Good luck and have a fun. Source Top 15 Open Source/Free Security/Hacking Tools | PenTesting | Hacking | Coding 1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. 2. Wireshark is a network protocol analyzer. 3. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. 4. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. 5. John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. 6. ettercap Ettercap is a comprehensive suite for man in the middle attacks. 7. The Nexpose Community Edition is a free, single-user vulnerability management solution. 8. 9. 10. w3af w3af is a Web Application Attack and Audit Framework. 11. hping 13.
Free WiFi in Airports and Public Hotspots By Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA Recently while traveling I noticed a hot spot and wanted to surf the internet. Once I connected to the AP I had seen that they wanted to charge me $8 per day to surf the internet. Disclaimer: This paper and the topics covered in the paper are just for educational purposes and should not be tried on a network without the permission from the owner of the network you plan on testing. Well I got to their splash screen, and it would allow me to surf on that page and the local ISP's home page (the local ISP was their sponsor). Cain & Able Sniffers menu. SoftPerfect Network Scanner Once I received the results of the scanned subnet, I could see all of the other computers along side of me. EtherChange by www.NTSecurity.NU Low and behold this was the key to getting past the content filter firewall, and I am able to surf the internet without the firewall's blocks. Category: Wilson
The hacker's guide to website security 3. Gaining access The next step is gaining access to the web application, database or the server itself, using a selection of the following attacks: cross-site scripting XSS, SQL injections, command injections, cookie/session poisoning, parameter/form tampering, buffer overflow, authentication hijacking, obfuscation attack, platform exploits, application exploits, brute force attacks and web services exploits. Step 1: Software exploits Ethical hacker: "As I'm focusing on information leaks and unauthorised access, I'll concentrate on application exploits, SQL injections, form manipulation and XSS. ● Vbulletin 3.8.6 exploit – lots of them, XSS, remote execution and SQL injections. ● phpmyadmin 3.2.5 exploit – nothing there but I could try a brute force if all else fails. ● Joomla 1.5 – lots of different exploits available. Let's have a look at the websites on the server. "Nothing special on the first two, just static pages. Step 2: Form manipulation There's also a hidden field called promo.
Top 50 Hacking Tools That You Must Have Whether you are a Penetration tester, a hacker or an aspiring newbie trying to learn Cyber Security, you must have a nice catalogue of tools to make your life easier. While these tools do make working simpler but cannot compensate for the vast amount of knowledge required in this field. Ethical hacking and online security involves a lot efforts. Many tools are used to test and keep software secure. The same tools can also be used by hackers for exploitation. A hacking tool is a computer program or software which helps a hacker to hack a computer system or a computer program. In this post i’m going to mention 50 different tools under 9 categories that your ‘Hack Lab’ must have. Intrusion Detection Systems :- These are the tools you must have if you’re building a hack lab for penetration testing or for any security arrangement. SnortNetCop Encryption Tools :- While the above tools do identify any suspicious activity but they can’t protect your data, you need encryption tools for that.