Wednesday, May 27, 2009
Remote File Inclusion is a technique used to attack websites from a remote computer.RFI allow malicious users to run their own PHP code on a vulnerable website.This allows the attacker to use and run any remote file just by editing the URL. Like a webshell can display the files and folders on the server and can add,edit or delete files and folders,send spams and even get hold of root.
More details on PHP Webshell are here.
Saturday, May 23, 2009
Top Ten Web Hacking Techniques 2008 by Jeremiah Grossman,Founder & Chief Technology Officer of WhiteHat Security.
Thursday, May 21, 2009
This is a demonstration of hacking wireless access points networks with Aircrack-NG.Before running airodump we need to find an adaptor driver which can be downloaded from the here.
Please note few points regarding wireless as mentioned below -
Channels are the channel your Access Point is Broadcasting on.
ESSID is the Name of your wireless network.
BSSID is the MAC address of your Access Point.
We will have to put the wireless card in monitor mode before capturing the data.Complete step by step documentation can be found here.
Monday, May 18, 2009
Friday, May 15, 2009
In this video a windows RPC exploit is used with the help of Metasploit on Backtrack.After exploiting the RPC vulnerability in windows,hacker uploads Netcat tool to regain access when ever he wants.
Thursday, May 14, 2009
This Video shows MetaSploit Autopwn tool in action.After identifying a victim's machine using port scanning techniques,Just run the Metasploit framework and connect to sqlite database.Again run a port scan on victim's machine so that the result is saved in the database.Then run the Autopwn tool against the port scan result,Autopwn will automatically run all the exploits against the open port.When the attack completes successfully, we get open sessions. Job Done !!!!
This can also be achived by running Autopwn exploits against the result saved by Nessus in NBE format.
Wednesday, May 13, 2009
This video shows how you can dump the cleartext passwords from a memory dump of a Windows system by using a tool called MDD.