Пропускане към основното съдържание

Публикации

Показват се публикации от 2015

Nikto web application security scanner

Nikto is sponsored by Netsparker, a false positive free web application security scanner.

sqlmap® Automatic SQL injection and database takeover tool

Social-Engineer Toolkit - TrustedSec

Common Vulnerabilities and Exposures

Using Perl 6 "Christmas present"

Perl for System Administration & Automation System Administration with Perl

NOTE!








List of TCP and UDP port numbers

This is a list of Internet socket port numbers used by protocols of the transport layer of the Internet Protocol Suite for the establishment of host-to-host connectivity. Originally, port numbers were used by the Network Control Program (NCP) in the ARPANET for which two ports were required for half-duplex transmission. Later, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full-duplex, bidirectional traffic. The even-numbered ports were not used, and this resulted in some even numbers in the well-known port number range being unassigned. The Stream Control Transmission Protocol (SCTP) and the Datagram Congestion Control Protocol (DCCP) also use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses. However, many unoff…

GMANE

Offensive Security Exploit Database

Kali Linux 2.0 Released

Still TL; Still DR. How Do I Upgrade to Kali 2.0?
Yes, you can upgrade Kali 1.x to Kali 2.0! To do this, you will need to edit your source.list entries, and run a dist-upgrade as shown below. If you have been using incorrect or extraneous Kali repositories or otherwise manually installed or overwritten Kali packages outside of apt, your upgrade to Kali 2.0 may fail. This includes scripts like lazykali.sh, PTF, manual git clones in incorrect directories, etc. – All of these will clobber existing files on the filesystem and result in a failed upgrade. If this is the case for you, you’re better off reinstalling your OS from scratch.
Otherwise, feel free to:


1: cat << EOF > /etc/apt/sources.list 2: deb http://http.kali.org/kali sana main non-free contrib 3: deb http://security.kali.org/kali-security/ sana/updates main contrib non-free 4: EOF 5: apt-get update 6: apt-get dist-upgrade # get a coffee, or 10. 7: reboot

SSH: More than secure shell

postfix, dovecot and spamassassin & more...

What is Postfix? It is Wietse Venema's mail server that started life at IBM research as an alternative to the widely-used Sendmail program. Now at Google, Wietse continues to support Postfix.
Postfix attempts to be fast, easy to administer, and secure. The outside has a definite Sendmail-ish flavor, but the inside is completely different.

Dovecot is among the highest performing IMAP servers while still supporting the standard mbox and Maildir formats. The mailboxes are transparently indexed, which gives Dovecot its good performance while still providing full compatibility with existing mailbox handling tools.

Since SpamAssassin is a Perl script, it may be necessary on busy servers to use the binary SpamAssassin daemon (spamd ) and the client application (sp amc). Configuring SpamAssassin this way, however, requires ro o t access to the host.
Frequently Asked Questions About Fetchmail
proctips
Book of IMAP
Managing IMAP read online...
next...
Resolution for POODLE SSLv3.0 vulnerab…

h@cker_r1ngt0n€$

Configuring of GRUB 2.02~beta2-22 "grub.cfg" from Kali Linux 2.0 kernel-4.0.0 , to dual booting with CentOs 6.7 kernel-4.1.1- manual installed

1: # 2: # DO NOT EDIT THIS FILE 3: # 4: # It is automatically generated by grub-mkconfig using templates 5: # from /etc/grub.d and settings from /etc/default/grub 6: # 7: ### BEGIN /etc/grub.d/00_header ### 8: if [ -s $prefix/grubenv ]; then 9: set have_grubenv=true 10: load_env 11: fi 12: if [ "${next_entry}" ] ; then 13: set default="${next_entry}" 14: set next_entry= 15: save_env next_entry 16: set boot_once=true 17: else 18: set default="0" 19: fi 20: if [ x"${feature_menuentry_id}" = xy ]; then 21: menuentry_id_option="--id" 22: else 23: menuentry_id_option="" 24: fi 25: export menuentry_id_option 26: if [ "${prev_saved_entry}" ]; then 27: set saved_entry="${prev_saved_entry}" 28: save_env saved_entry 29: set prev_saved_entry= 30: save_env prev_saved_entry 31: set boot_once=true 32: fi 33…

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues).


For the final time, let's pretend we do not know any credentials for DVWA.... Let's play dumb and brute force DVWA... once and for all!
TL;DR: Quick copy/paste
1: CSRF=$(curl -s -c dvwa.cookie "192.168.1.44/DVWA/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2) 2: SESSIONID=$(grep PHPSESSID dvwa.cookie | cut -d $'\t' -f7) 3: curl -s -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "192.168.1.44/DVWA/login.php…