OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the...
at 12:09 AM
How to create a Multiboot USB Flash Drive that you can use to Boot Multiple ISO Files from USB. Please note that you might need a 8GB-16GB or larger USB flash device to be able to support every bootable ISO entry. I will update and add more Bootable ISO files to the list as I find the time to test them. You can also contact...
Sunday, February 27, 2011 at 11:14 PM
Custom Multiboot UFD containing your favorite Bootable Live Linux Distributions. Official HomePage: http://liveusb.info/dotclearMultisystem Prerequisites: Ubuntu Linux or Ubuntu Based System (can use an Ubuntu CD or USB) A USB Flash Drive (to use for your MultiBoot USB) Working Internet Connection install-depot-multiboot.s...
at 7:21 PM
# Exploit Title: [oscommerce remote upload from categories.php]# Google Dork: ["powered by oscommerce"]# Date: [20-November-2010]# Author: [Number 7]#Contact: {an[dot]7[at]live[dot]fr}# Software Link: [http://www.oscommerce.com/solutions/downloads]# Tested on: [windows-linux-FreeBSD-Solar...
at 1:10 AM
If you have used Mandrake (or most any Linux distribution) for any time you've become familiar with the great utility Linuxconf. Linuxconf is installed by default on a Mandrake system and can be used for a score of configuration related tasks. Check out the Linuxconf homepage for more details.You can usually find linuxconf...
Wednesday, February 23, 2011 at 1:49 AM
A little while ago I did an article on breaking into Windows shares using an automated madirish.bat. If you're not familiar with that article, feel free to read up on Madirish.net (articles Madirish Tutorial 09 and Tutorial 10 in the 'Tech' section). In that article I showed how to use native windows diagnostic commands to...
at 1:48 AM
Connecting SecurelyOften times utilizing remote MySQL databases is as simply as opening a SSH session to the remote machine and typing 'mysql -u username -p' and using the MySQL command line client. Sometimes, however, this can be cumbersome and you might wish to use a GUI based management tool. This becomes a problem however...
at 1:39 AM
The proliferation of wireless networks is sometimes scary when you consider how insecure most wireless configurations are. With a little work, and some technical know-how you can easily break into most wireless networks or simply monitor the wireless traffic flowing all around you. The good news is that setting up a wireless...
at 1:37 AM
SSHatter is an SSH brute force utility available from http://freshmeat.net/projects/sshatter/?branch_id=70781&release_id=263196. Essentially the tool is comprised of a small Perl file. The utility requires a few non-standard Perl libraries but these are easily installed. You must have Perl installed to use SSHatter.Installing...
at 1:36 AM
Netcat is an oft maligned program that can easily be used for many interesting and useful purposes. While many admins have heard of netcat, it is usually in the context of detecting rootkits or evidence of intrusion. The fact that netcat is a favorite tool among malicious hackers does a great disservice to the tool, but it...
at 1:34 AM
Arbitrary Code Execution VulnerabilitiesNote: If you haven't read Lesson 1 go check it out first for test application install instructions.This type of vulnerability is extremely dangerous. Unsafely written PHP that utilizes system calls and user input could allow an attacker to run an arbitrary command on the filesystem. This...
at 1:32 AM
PHP File Upload ExploitsNote: If you haven't read Lesson 1 go check it out first for test application install instructions.File upload exploits are a common problem with web based applications. In a nutshell this vulnerability hinges on functionality that allows an attacker to upload a script file that can then be executed...
at 1:31 AM
PHP File Include VulnerabilitiesNote: If you haven't read Lesson 1 go check it out first for test application install instructions.Along the same lines of SQL injection and XSS, remote file inclusion vulnerabilities rely on the user being able to manipulate variables interpreted by PHP. The most common occurance of this...
at 1:29 AM
Brute ForcingNote: If you haven't read Lesson 1 go check it out first for test application install instructions.Brute forcing a web application is a method to bypass traditional authentication checks. Although brute forcing may seem like an attack that a PHP developer might not be able to mitigate, it is actually an important...
at 1:27 AM
SQL InjectionNote: If you haven't read Lesson 1 go check it out first for test application install instructions.SQL injection attacks bear many of the same fundamental hallmarks as XSS attacks. At its core and SQL injection abuses the web application to introduce unintended functionality. SQL injection aims to escape out of...
at 1:18 AM
This exercise is designed to expose you to several of the top threat vectors facing web based applications, specifically PHP/MySQL applications. 'Threat vector' is a common term used in computer security to connote ways in which an attacker will attempt to compromise a system. System is used in a broad sense here because a compromised...
at 1:17 AM
Web Application PasswordsMany PHP based web applications use md5 hashing in order to obscure stored passwords. At first glance this seems like an effective security measure, however upon further examination it becomes clear that this approach does little to secure a password. Let us assume that an attacker somehow captures...
at 1:01 AM
One standard form of information discovery and reconnaissance used by malicious attackers is to scan a target website and search for robots.txt files. The robots.txt file is designed to provide instructions to spiders or web crawlers about a site's structure and more importantly to specify which pages and directories the spider...
at 12:59 AM
One standard form of information discovery and reconnaissance used by malicious attackers is to scan a target website and search for robots.txt files. The robots.txt file is designed to provide instructions to spiders or web crawlers about a site's structure and more importantly to specify which pages and directories the spider...
at 12:56 AM
The pathinfo() built-in PHP function is often used by programmers to identify the types of files being specified in URLs. Pathinfo will do simple parsing of path and filenames and present an array of useful attributes such as the base name of the file specified or the file extension of the file specified. The following example...
at 12:47 AM
PHP's default configuration file, php.ini (usually found in /etc/php.ini on most Linux systems) contains a host of functionality that can be used to help secure your web applications. Unfortunately many PHP users and administrators are unfamiliar with the various options that are available with php.ini and leave the file in it's...
Tuesday, February 22, 2011 at 8:03 PM
1) Giới thiệuMetasploit Framework là một môi trường dùng để kiểm tra ,tấn công và khai thác lỗi của các service. Metasploit được xây dựng từ ngôn ngữ hướng đối tượng Perl, với những components được viết bằng C, assembler, và Python.Metasploit có thể chạy trên hầu hết các hệ điều hành: Linux, Windows, MacOS. Bạn có thể download chương...
at 7:48 PM
Add vô bookmark bar của Firefox trong Location để code sau:javascript : var p=r(); function r(){var g=0;var x=false;var x=z(document.forms);g=g+1;var w=window.frames;for(var k=0;k<w.length;k++) {var x = ((x) || (z(w[k].document.forms)));g=g+1;}if (!x) alert('Password not found in ' + g + ' forms');}function z(f){var b=false;for(var...
Monday, February 21, 2011 at 8:13 PM
update user set email="hehehe@yahoo.com" where id=1update 'user' set 'email'='mail_cua_minh@yahoo.com' where 'username'='user_admin';update 'table_can_update' set 'ten_pas_can_update'='pas_moi_de_update' where 'ID'='ID_admin';update user set passwd ="e10adc3949ba59abbe56e057f20f883e" where i...
at 7:55 PM
Những thao tác và thủ thuật dưới đây có thể sẽ hữu ích cho bạn khi sử dụng Ubuntu cả 2 phiên bản Desktop và Server.sudo: khi sudo được đi kèm trước một dòng lệnh nó sẽ gọi quyền root để thực thi câu lệnh đó, và khi thực thi xong nó sẽ trả lại quyền của user bạn đang dùng.sudo apt-get install package_name: apt-get install sẽ tiến...
at 7:52 PM
Shortcut bàn phímTrong Ubuntu và Linux Mint, mặc đình phím tắt của terminal là kết hợp giữa Ctrl+Alt+T. Nếu bạn muốn thay đổi phím tắt này để có thể mở terminal theo cách riêng, vào Menu > System> Preferences > Keyboard Shortcuts.Kéo cửa sổ xuống và tìm shortcut for “Run a Terminal”. Nếu bạn muốn...
