background preloader

Web Application Exploits and Defenses

Web Application Exploits and Defenses

Phishing with Encoded IP Addresses – Intrepidus Group - Insight I was adding a little special sauce to Phishme.com this past week and thought this might be fun to share. We have a few different ways a user can craft their phishing links. If he/she chooses the IP address option, then there is also the choice of encoding options. This lets you mask the IP address in an attempt to trick the user into thinking part of the sub directory is perhaps the host name. Or as in the case with my mom… she thinks it is just the phone number so the computer knows where to call. And it’s hard to blame her when you see a decimal encoded IP address. The team over at Marshal has put together a good walk through of the encoding so you can follow along. -b3nn Both comments and trackbacks are currently closed.

How Hackers Steal Your Internet & How to Defend Against It How Hackers Steal Your Internet & How to Defend Against It I have had a lot of people ask me, "How does my neighbor keep getting into my wireless?!". Chances are, these people are all using WEP, a deprecated wireless encryption protocol. If someone can access your wireless network that easily, this is NOT a good thing. Proof of Concept The theory behind cracking access points is simple. WPA/2 is a little different. WPA/2 has the fixed a vulnerability that was in WEP and has a required password length of an 8 character minimum. In this Null Byte, I'm going to show you how to break into your own wireless network and assess its security so you can have a impenetrable network! All of the commands in bold are Terminal commands. Step 1 Spoofing a MAC Address Before any smart cracker would attack your AP, they will always spoof their MAC (Media Access Control) address! To spoof a MAC address, open a terminal and use these commands: To make sure your MAC changed, you would do: ifconfig And Ubuntu:

Top 15 Security/Hacking Tools & Utilities 1. Nmap I think everyone has heard of this one, recently evolved into the 4.x series. Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Can be used by beginners (-sT) or by pros alike (–packet_trace). Get Nmap Here 2. Recently went closed source, but is still essentially free. Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Get Nessus Here 3. Yes, JTR 1.7 was recently released! You can get JTR Here 4. Get Nikto Here 5. Powerful TCP port scanner, pinger, resolver. Get SuperScan Here 6. p0f 7. 8.

SQL Injection Walkthrough 1.0 Introduction When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS. This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. 1.1 What is SQL Injection? 1.2 What do you need? 2.0 What you should look for? Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise). 2.1 What if you can't find any page that takes input? hi' or 1=1--

Writing Buffer Overflow Exploits - a Tutorial for Beginners 1. Memory Note: The way we describe it here, memory for a process is organized on most computers, however it depends on the type of processor architecture. This example is for x86 and roughly applies to Sparc. The principle of exploiting a buffer overflow is to overwrite parts of memory that are not supposed to be overwritten by arbitrary input and making the process execute this code. - Code segment, data in this segment are assembler instructions that the processor executes. - Data segment, space for variables and dynamic buffers - Stack segment, which is used to pass data (arguments) to functions and as a space for variables of functions. 2. memory address code 0x8054321 <main+x> pushl $0x0 0x8054322 call $0x80543a0 <function> 0x8054327 ret 0x8054328 leave ... 0x80543a0 <function> popl %eax 0x80543a1 addl $0x1337,%eax 0x80543a4 ret What happens here? In this case, our return address is 0x8054327. 3. End of assembler dump. 3a. 3b. # (ret;cat)|. 4. 4a. 4b. # cc -o code code.S code.c # . 5.

The hacker's guide to website security 3. Gaining access The next step is gaining access to the web application, database or the server itself, using a selection of the following attacks: cross-site scripting XSS, SQL injections, command injections, cookie/session poisoning, parameter/form tampering, buffer overflow, authentication hijacking, obfuscation attack, platform exploits, application exploits, brute force attacks and web services exploits. Step 1: Software exploits Ethical hacker: "As I'm focusing on information leaks and unauthorised access, I'll concentrate on application exploits, SQL injections, form manipulation and XSS. ● Vbulletin 3.8.6 exploit – lots of them, XSS, remote execution and SQL injections. ● phpmyadmin 3.2.5 exploit – nothing there but I could try a brute force if all else fails. ● Joomla 1.5 – lots of different exploits available. Let's have a look at the websites on the server. "Nothing special on the first two, just static pages. Step 2: Form manipulation There's also a hidden field called promo.

Hacker Typer MSSQL Injection Cheat Sheet Some useful syntax reminders for SQL Injection into MSSQL databases… This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend. This helps to highlight any features which are lacking for each database, and enumeration techniques that don’t apply and also areas that I haven’t got round to researching yet. The complete list of SQL Injection Cheat Sheets I’m working is: I’m not planning to write one for MS Access, but there’s a great MS Access Cheat Sheet here. Some of the queries in the table below can only be run by an admin. Misc Tips In no particular order, here are some suggestions from pentestmonkey readers. From Dan Crowley:A way to extract data via SQLi with a MySQL backend From Jeremy Bae: Tip about sp_helpdb – included in table above. From Trip: List DBAs (included in table above now): select name from master..syslogins where sysadmin = ’1′

Eve and the Identity of Women: 7. Eve & Lilith In an effort to explain inconsistencies in the Old Testament, there developed in Jewish literature a complex interpretive system called the midrash which attempts to reconcile biblical contradictions and bring new meaning to the scriptural text. Employing both a philological method and often an ingenious imagination, midrashic writings, which reached their height in the 2nd century CE, influenced later Christian interpretations of the Bible. Inconsistencies in the story of Genesis, especially the two separate accounts of creation, received particular attention. Later, beginning in the 13th century CE, such questions were also taken up in Jewish mystical literature known as the Kabbalah. According to midrashic literature, Adam's first wife was not Eve but a woman named Lilith, who was created in the first Genesis account. Only when Lilith rebelled and abandoned Adam did God create Eve, in the second account, as a replacement. Lilith also personified licentiousness and lust. Lilith?

Hacker Test: A site to test and learn about web hacking

Related: