webapps in first package with issues:
ashnews 0.83
aspsitem 1.83
duclassified
core news 2.0.1
crafty image gallery
dcp portal 6.01
edqkp
foing 0.70
intercative Sofware
Invision Power Board v1.1.2
Invision Power Board v2.1.5
deluxebb
Minerva
NetBios 139 Port
2.Package [Doar userii inregistrati pot vedea linkurile. ]
webapps in second package with issues:
phpbb 2.0.6
phpkit
php list pro
phpnuke
phpnuke 1
simplog 0.93
sub 7 config
UBB Threads
vwar
wordpress
xoops
Lesson 1
[Doar userii inregistrati pot vedea linkurile. ]
This lesson focuses on SQL Injection, a common attack that allows for a malicious attacker to inject their own specially crafted SQL queries into a vulnerable application. This lesson focuses on a simple SQL Injection attack that allows the attacker to bypass Hacme Bank’s authentication mechanism as well as a much more advanced attack that culminates in the attacker inserting a record into the Hacme Bank database.
Lesson 2
[Doar userii inregistrati pot vedea linkurile. ]
focuses on exploiting Authorization flaws in Hacme Bank. The lesson focuses on two types of authorization flaws. The first type is Horizontal Privilege escalation, which allows a user to access data they should not be able to access, in an functionality available in Hacme Bank they can typically access. Vertical Privilege escalation is the other type of authorization flaw exploited. This allows a user to access functionality in Hacme Bank they should not be able to access.
Lesson 3
[Doar userii inregistrati pot vedea linkurile. ]
The third lesson details cross-site scripting (XSS) and how the Hacme Bank application is vulnerable to it. Cross-site scripting vulnerabilities allow a malicious attacker to implant malicious scripts and HTML that is then served by Hacme Bank and executed by Hacme Bank’s end users. This enables the attacker to perform attacks such as session hijacking. The demonstrated functionality shows how the malicious attacker can obtain the session identifier.
Lesson 4
[Doar userii inregistrati pot vedea linkurile. ]
The fourth lesson focuses on Data Validation and how Hacme Bank’s lack of data validation can result in serious problems. This attack leads the viewer through using Paros Proxy to capture a HTTP request and modify it to circumvent client side validation. Once the client side validation is circumvented the attacker uses the lack of server side validation to enter negative values for transactions and instead of debiting their account it allows the attacker to credit their account.
Lesson 5
[Doar userii inregistrati pot vedea linkurile. ]
The fifth lesson deals with cookie manipulation. The Paros Proxy is used once again to manipulate client side data to gain access to the Hacme Bank application via a brute force login. The user is led through the process of manipulating cookie data in Paros to successfully execute the attack.
Lesson 6
[Doar userii inregistrati pot vedea linkurile. ]
This lesson is a new take on Vertical Privilege escalation. This shows what can happen when secret information is accidentally or intentionally sent to the client. Using an ASP.NET ViewState decoder the client side secrets are revealed, and authorization mechanisms in Hacme Bank are circumvented.
Lesson 7
[Doar userii inregistrati pot vedea linkurile. ]
The final video lesson is about attacking web services. This lesson describes the attack in detail, and uses Foundstone’s WSDigger to explore the web services available in Hacme Bank. This attack exploits a weakness in the session identifier usage in the services and shows how web services are vulnerable to the same classes of security problems as web applications. The final result of this attack is that the attacker is capable of gaining critical data from the Hacme Bank application.
Nmap Ack: [Doar userii inregistrati pot vedea linkurile. ]
This video demonstrates how to perform a ACK portscan using Nmap.
Nmap TCP: [Doar userii inregistrati pot vedea linkurile. ]
This video demonstrates how to perform a TCP portscan using Nmap.
Nmap Fin: [Doar userii inregistrati pot vedea linkurile. ]
This video demonstrates how to perform a Fin portscan using Nmap.
Nmap Xmas: [Doar userii inregistrati pot vedea linkurile. ]
This video demonstrates how to perform a Xmas portscan using Nmap.
Nmap Null: [Doar userii inregistrati pot vedea linkurile. ]
This video demonstrates how to perform a NUllscan using Nmap.
Nmap SYN: [Doar userii inregistrati pot vedea linkurile. ]
This video demonstrates how to perform a SYNscan using Nmap.
Irongeek's Guide to Buying a Used Laptop
Cracking Windows Passwords with BackTrack and the Online Rainbow Tables at Plain-Text.info
Adding Modules to a Slax or Backtrack Live CD from Windows
Anonym.OS: LiveCD with build in Tor Onion routing and Privoxy
Make your own VMs with hard drive for free: VMware Player + VMX Builder
Using VMware Player to run Live CDs (Bootable ISOs)
SSH Dynamic Port Forwarding
WMF File Code Execution Vulnerability With Metasploit
Using VirtualDub and a cheap webcam as a camcorder
Firewalls with Sarah: Campus Computer Security Series Episode 2
Updates and Patches with Anna: Campus Computer Security Series Episode 1
Infonomicon TV Ep 7
Metasploit Flash Tutorial
Nmap Video Tutorial 2: Port Scan Boogaloo
Finding Rogue SMB File Shares On Your Network
WiGLE, JiGLE and Google Earth: Mapping out your wardrive
Droop's Box: Simple Pen-test Using Nmap, Nikto, Bugtraq, Nslookup and Other Tools
Quick Tour of Irongeek's Office and Security Lab
Fun with Ettercap Filters: The Movie
MAC Bridging with Windows XP and Sniffing (very useful with my Cain/VoIP tutorial below)
Sniffing VoIP Using Cain
Installing Knoppix 3.8 to Your Hard Drive
A Quick and Dirty Intro to Nessus using the Auditor Boot CD
Local Password Cracking Presentation for the
Indiana Higher Education Cybersecurity Summit 2005
Basic Nmap Usage
Cracking Syskey and the SAM on Windows Using Samdump2 and John
Basic Tools for Wardriving
Making The Default XP Interface Look More Like Windows 2000
Look for deleted data on the slack space of a disk
Recover deleted cookies or other files using Restoration
Some of my gear
Using NetworkActiv to sniff webpages on a Wi-Fi network 2:00
Boot from Phlak and run Chkrootkit to detect a compromise
Use Brutus to crack a box running telnet
Cain to ARP poison and sniff passwords
Install VNC Remotely
Start a session and get interactive commandline access to a remote Windows box
How to sniff around switches using Arpspoof and Ngrep
Tracing an E-mail and finding out more about the host that sent it
Fonte: [Doar userii inregistrati pot vedea linkurile. ]
Phreaknic
Dolemite Opening Remarks
Professional WiFii
Outbound Content Compliance
Web Security 101
A Security Analysis of Skype
Blender
Artificial Life
Extending Web Apps in Interesting Ways
Drunken DDR
Dr. Cablelove
Hacker to Professional
Identity Theft
MythTV
Information Warfare for The People
Smoke and Mirrors
Wifi Panel
Croquet.
Still Big Brother
Rant
Awards
C0m3dy Phr3@k$ $t@Nd#p c0M3dy Sh0W
Fonte: [Doar userii inregistrati pot vedea linkurile. ]
Pentru imperativul afirmativ (fii cuminte!) si pentru conjunctiv (sa fii punctual) n-am argumente, dar asa e. Imperativul negativ se formeaza întotdeauna cu nu + infinitivul verbului: nu veni, nu pleca, nu uita.
CORECT-GRESIT:
Fii cuminte!-Fi cuminte!
Nu fi fraier!-Nu fii fraier!
07-22-2006, 09:24 AM
~ Hacking VIDEOS ~
iNd0z_
