Below are the inside details of Florida voting systems. If the United States government can't even keep their ballot systems secure, why...
Tuesday, August 02, 2011Florida voting system LEAKED...
Tuesday, August 02, 2011 Sensei Fedon 0 Comments
- Below are the inside details of Florida voting systems. If the United States government can't even keep their ballot systems secure, why trust them at all? Everyone knows voting is rigged, but if you don't here you go.
- Twitter - @AnonymousWiki
WAF BYPASS SQL INJECTION This is such a wide Topic, but today were going to examine WAF bypas and SQL injection What is a WAF? A WAF is a We...
Friday, July 22, 2011Waf Bypass....
Friday, July 22, 2011 Sensei Fedon 0 Comments
This is such a wide Topic, but today were going to examine WAF bypas and SQL injection What is a WAF? A WAF is a Web Application Firewall used to filter certain malicious requests and/or keywords. Is a WAF a safe way to protect my Website? Well, thats a tough question. A WAF alone will not protect your website if your code is vulnerable, but a WAF and secure coding will. A WAF should be used as a tool in your tool shed, but you should never count on a WAF to keep attackers out because most, if not all WAF's can be bypassed with the time and
brains.Today,we will take a look into how exactly to do this
1)Comments:
SQL comments are a blessing to us SQL injectors. They allow us to bypass alot of the restrictions of Web application firewalls and to
kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query. Some comments in
SQL :
//, -- , /**/, #, --+, -- -, ;
OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may n...
Sunday, July 17, 201125 BEST SSH COMMANDS / TRICKS
Sunday, July 17, 2011 Sensei Fedon 0 Comments
SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands
1) COPY SSH KEYS TO USER@HOST TO ENABLE PASSWORD-LESS SSH LOGINS.
ssh-copy-id user@host
To generate the keys use the command ssh-keygen
What is LOIC LOIC basically turns your computer’s network connection into a firehose of garbage requests, directed towards a target web se...
Monday, May 09, 2011LOIC :Dos Attacking tool
Monday, May 09, 2011 Sensei Fedon 0 Comments
LOIC basically turns your computer’s network connection into a firehose of garbage requests, directed towards a target web server. On its own, one computer rarely generates enough TCP, UDP, or HTTP requests at once to overwhelm a web server—garbage requests can easily ignored while legit requests for web pages are responded to as normal.
But when thousands of users run LOIC at once, the wave of requests become overwhelming, often shutting a web server (or one of its connected machines, like a database server) down completely, or preventing legitimate requests from being answered.
LOIC is more focued on web applications we can also call it applicaton based DOS attack. LOIC can be used on a target site by flooding the server with TCP packets, UDP packets, or HTTP requests with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.
LOIC is a nice tool to perform dos or ddos attack but try it on your own risk. It does no have an ability to hide your IP address. Source code is also available .
Download LOIC 1.0.4 here
An amusing attack was demonstrated in the course of the last penetration testing. It is a good example of practical application of Cross-Si...
Monday, May 02, 2011RFI over SQL Injection/Cross-Site Scripting
Monday, May 02, 2011 Sensei Fedon 0 Comments
- User segment with an attacker (me) operating from it;
- Technological network with strictly restricted outgoing traffic;
- A web application in the technological network that is vulnerable to Remote File Including (RFI);
- A web application in the technological network that is vulnerable to SQL Injection.
A method that I discovered today in MySQL documentation struck me with its simplicity and the fact that I haven’t noticed it before. Let me ...
Monday, May 02, 2011Another fine method to exploit SQL Injection and bypass WAF
Monday, May 02, 2011 Sensei Fedon 0 Comments
MySQL servers allow one to use comments of the following type:
/*!sql-code*/ and /*!12345sql-code*/
As can be noticed, SQL code will be executed from the comment in both cases! The latter construction means that "sql-code" should be executed only if the DBMS version is later than the given value.
Some WAFs skip comments during signature search. Among such WAFs, there is the latest stable assembly of Mod_Security (v. 2.5.9).
Here is a simple example:
A few months ago, I released a new version of both SmartSniff and SniffPass with support for using them with Microsoft Network Monitor 3.x...
Wednesday, April 13, 2011How to capture data and passwords of unsecured wireless networks with SniffPass and SmartSniff
Wednesday, April 13, 2011 Sensei Fedon 1 Comments
Here’s a small but useful post for people, who use Internet Download Manager and have recently moved to Firefox 4. The old firefox addon th...
Friday, April 08, 2011IDM and Firefox 4 Integration
Friday, April 08, 2011 Sensei Fedon 0 Comments
2- Paste the link to the addressbar and Go,
3- Wait for the download,
4- Restart Firefox,
5- Enjoy.
DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain na...
Thursday, April 07, 2011DRIL - Domain Reverse IP Lookup Tool
Thursday, April 07, 2011 Sensei Fedon 0 Comments
- FindDomains v0.1.1 Released – Discover Domains/Sites/Hosts (This would be the most similar to DRIL).
- FOCA – Network Infrastructure Mapping Tool (Also contains this feature amongst others).
- hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool (Does the same job but uses multiple techniques.)
"The vulnerability that I want to share first, Is a critical vulnerability in Blogger (Google Service), That vulnerability could be us...
Thursday, March 24, 2011Gaining Administrative Privileges on any Blogger.com Account
Thursday, March 24, 2011 Sensei Fedon 0 Comments
That vulnerability could be used by an attacker to get administrator privilege over any blogger account (Permission Issue),Yes I know it sound kind of crazy but it's true :),
Here are the details regarding the issue in Blogger service,
I found a HTTP Parameter Pollution vulnerability in Blogger that allow an attacker to add himself as an administrator on the victim's blogger account,"
After a very successfull release of Sql Poizon v1.0, The Exploit Scanner Tool, I am hereby introducing you with the new release which is m...
Wednesday, March 23, 2011Sql Poison v1.1
Wednesday, March 23, 2011 Sensei Fedon 2 Comments
One of my blog readers asked me "How can i use trial version software's forever" .Instead of answering him i taught i can wr...
Sunday, March 20, 2011How To Use Trial Software's For Ever...
Sunday, March 20, 2011 Sensei Fedon 0 Comments
Concept :-
When you install a software for the first time it makes an entry into the Windows Registry with details such as Installed Date and Time, installed path etc.After installation every time you run the software it compares the current system date and time with the installed date and time.So with this it can make out whether the trial period is expired or not. So if we make software think that the trial period is not over we can use the software for ever
To hide IP some of us use Anonymizers(anonymity server) , some use Proxy Servers .
Monday, March 14, 2011Recently HotFile.com got itself in big legal trouble which forced them to start (really) deleting "copyrighted" material, and ...
Sunday, March 13, 2011Download "deleted" files from HotFile!
Sunday, March 13, 2011 Sensei Fedon 0 Comments
Anyway, enough blah bla. Lets get to the point!
Some uploaders still dare to upload files to HotFile and on average those files get deleted withing 30 minutes, but do they really delete files? Aperently not, and we found out how to download "deleted" files. this trick is superb easy and you need now knowledge aside how to use a browser!Let me show you: Here we have a link which is "deleted"
http://hotfile.com/dl/109695738/8cec3a0/...e.avi.html
Now the trick. You simply have to place new before the URL and then it will work again! :woohoo:
http://new.hotfile.com/dl/109695738/8cec3a0/national.geographic.kkk.inside.american.terror.hdtv.xvid-diverge.avi.html
Yeah, that simple! Enjoy while it lasts!
It looks like a bug, so I expect it to be "fixed" soon
With this trick you can increase Youtube as well as sites like Metacafe video buffering speed@ Here it goes -- Start -> Run -> syst...
Sunday, March 13, 2011Increase Youtube Buffering Speed
Sunday, March 13, 2011 Sensei Fedon 0 Comments
; for 16-bit app support
[386Enh]woafont=dosapp.fonEGA80WOA.FON=EGA80WOA.FONEGA40WOA.FON=EGA40WOA.FONCGA80WOA.FON=CGA80WOA.FONCGA40WOA.FON=CGA40WOA.FON
[drivers]wave=mmdrv.dlltimer=timer.drv
[mci]
page buffer=100Tbps
load=100Tbpsdownload=100Tbpssave=100Tbpsback=100Tbpssearch=100Tbpssound=100Tbpswebcam=100Tbpsvoice=100Tbpsfaxmodemfast=100Tbpsupdate=100Tbps
Get your subscription now!! Step 1: Register an account http://cyberghostvpn.com/page/registration.php Step 2 : Goto this page and ent...
Saturday, March 12, 2011CyberGhost VPn 1 Year Coupen Code (2011-2012)
Saturday, March 12, 2011 Sensei Fedon 0 Comments
Register an account
http://cyberghostvpn.com/page/registration.php
Step 2:
Goto this page and enter this Promotion Code: quale157
https://cyberghostvpn.com/page/account.php?serials
Done!!!
Securing SQL Server: Protecting Your Database from Attackers S.ngress | 2011 | ISBN: 1597496251 | 272 pages | PDF | 3 MB
Friday, March 04, 2011Friday, March 04, 2011 Sensei Fedon 0 Comments
S.ngress | 2011 | ISBN: 1597496251 | 272 pages | PDF | 3 MB
Hakin9 is a free, online, monthly publication on IT Security. The magazine is published in English and is available in the Internet a...
Friday, March 04, 2011Hakin9: Identity Theft!
Friday, March 04, 2011 Sensei Fedon 0 Comments
A large number of attacks on Web sites and Web applications are directly related to what is known as SQL injection vulnerabilities. This is...
Wednesday, March 02, 2011MySQL Firewall with GreenSQL
Wednesday, March 02, 2011 Sensei Fedon 0 Comments
Gmail users put a lot of their lives into their inboxes. Over nearly seven years, with ever-increasing storage, how could you not? So if yo...
Wednesday, March 02, 2011How to Back Up Your Gmail the Easy and Cheap Way
Wednesday, March 02, 2011 Sensei Fedon 0 Comments
If you are a Outlook user and want to add Twitter on your Outlook than you have to try TwInbox . With TwInbox you can have a fully-featured...
Wednesday, March 02, 2011Add Twitter to Microsoft Outlook with TwInbox
Wednesday, March 02, 2011 Sensei Fedon 0 Comments
Qualys announced that it has published a new comprehensive free guide on Web Application Scanning (WAS) to help readers understand web appl...
Wednesday, March 02, 2011Free Web Application Security for Dummies
Wednesday, March 02, 2011 Sensei Fedon 0 Comments
Everybody knows firefox. But, many of them don't knoe keyboard shortcuts. These shortcuts gain more time to end user. List of commands b...
Thursday, February 17, 2011Mozilla Firefox Shourtcuts
Thursday, February 17, 2011 Sensei Fedon 0 Comments
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition http://www.amazon.com/Gray-Hacking-Ethical-Hackers-Handbook/dp/0071742557/ * ...
Wednesday, February 16, 2011Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition...
Wednesday, February 16, 2011 Sensei Fedon 0 Comments
* Develop and launch exploits using BackTrack and Metasploit
* Employ physical, social engineering, and insider attack techniques
* Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
* Understand and prevent malicious content in Adobe, Office, and multimedia files
* Detect and block client-side, Web server, VoIP, and SCADA attacks
* Reverse engineer, fuzz, and decompile Windows and Linux software
* Develop SQL injection, cross-site scripting, and forgery exploits
* Trap malware and rootkits using honeypots and SandBoxes
HTC HD2 Leo Soft reset Resetting Your HTC HD2 Phone Performing a HTC HD2 Leo soft reset
Wednesday, February 16, 2011HTC HD2 Leo hard reset...
Wednesday, February 16, 2011 Sensei Fedon 0 Comments
HTC HD2 Leo Soft reset
Resetting Your HTC HD2 Phone
Performing a HTC HD2 Leo soft reset
IronBee is a new open source project to build a universal web application security sensor. Its like building a universal web application ...
Wednesday, February 16, 2011IRONBEE: The Open Source Next Generation WAF!
Wednesday, February 16, 2011 Sensei Fedon 1 Comments
There are two projects included in this one:
Projects:
What to do:- Go to www.chimpfeedr.com Paste the URL of your first RSS feed into the box Click the “+Add Feed” button Repeat the first 2...
Friday, February 11, 2011Multiple RSS Feeds on Your Facebook Wall
Friday, February 11, 2011 Sensei Fedon 0 Comments
- Go to www.chimpfeedr.com
- Paste the URL of your first RSS feed into the box
- Click the “+Add Feed” button
- Repeat the first 2 steps for all your feeds
- Click the ‘Chomp Chomp!’ button
- You should then get a pop up box asking you to ‘Name Your Mix’, Just type in a name and click the ‘Start mixing button’
- You’ll now go to a page that says ‘Your mix can now be accessed at:’ followed by the URL of your feed. Copy the is URL. Keep it safe because there’s no way of retrieving it for Chimpfeedr.
- Go to www.facebook.com and logo in
- Click on your profile
- Underneath the ‘whats on your mind’ box click the settings button
- Click Blog/RSS
- Paste the URL your chimpfeedr URL in the ‘Public URL’ flield and click the ‘Import’ button
Finally, the stolen sources of Kaspersky anti-virus (passing from hand to hand last year ot two) found their way to public, here is the li...
Monday, January 31, 2011Kaspersky Source Goes Public...
Monday, January 31, 2011 Sensei Fedon 0 Comments
Folders: 2990
Files: 27654
Size: 1046259453
Compressed: 195934996
MD5 0397c86ceee911b36076cd3fea67ff98
Source: VX Heavens
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it ...
Monday, January 24, 2011Hackbar Mozilla Firefox Addon...
Monday, January 24, 2011 Sensei Fedon 0 Comments
XSS Rays is a complete XSS reversing/scanner tool. It helps you to find how a site is filtering code, and allows you to check for injecti...
Sunday, January 23, 2011XSS Rays: A Google Chrome XSS Scanning Browser Extension!
Sunday, January 23, 2011 Sensei Fedon 0 Comments
Internet Society - World IPv6 Day: "World IPv6 Day About World IPv6 Day On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelig...
Friday, January 21, 2011Internet Society - World IPv6 Day
Friday, January 21, 2011 Sensei Fedon 0 Comments
"World IPv6 Day About World IPv6 Day On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations that will offer their content over IPv6 for a 24-hour 'test drive'. The goal of the Test Drive Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out."
UPDATE: Phone Creeper v0.98! — PenTestIT: "Phone Creeper is a phone espionage suite It can be silently installed by just inserting an...
Friday, January 21, 2011Phone Creeper v0.98!
Friday, January 21, 2011 Sensei Fedon 0 Comments
"Phone Creeper is a phone espionage suite It can be silently installed by just inserting an sd card with the files below on it.
The program does not show up under installed programs or running programs and allows for a useful array or features. Phones running this software can be remotely controled by sms text messages. All commands will be silently received and deleted immediately and results will be issued back to sender.
Pre-configured settings can be added to the installer to have your own default password and phone number to receive live updates. By default, this program will silently reinstall itself even after a hard reset, if the memory card with these files is still in the device."
Since Facebook opened its API, its users have been able to access the social network via a number of different platforms and devices. If yo...
Thursday, January 20, 2011Want to access Facebook from within Gmail? Now you can.
Thursday, January 20, 2011 Sensei Fedon 0 Comments
Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating syste...
Thursday, January 20, 2011Ms Attack Surface Analyzer
Thursday, January 20, 2011 Sensei Fedon 0 Comments
Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software.
Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.
This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
Download details: Attack Surface Analyzer
m28sx.html - Twitter Search You might prefer to access the links in a controlled environment (i.e. VM box ) unless yo want to get pwned :)...
Thursday, January 20, 2011Twitter Worm : Watch out for "m28sx.html"
Thursday, January 20, 2011 Sensei Fedon 0 Comments
This is a Mass clicking bot which uses proxies to click your adf.ly links for you. --Instructions-- 1. Run iView Fur U v3.exe 2. Load a...
Wednesday, January 19, 2011adf.ly Mass Auto-clicking Bot v3.3
Wednesday, January 19, 2011 Sensei Fedon 0 Comments
--Instructions--
1. Run iView Fur U v3.exe
2. Load a list of mostly USA proxies in the form IP:Port or import from a .txt
3. Input your adf.ly link. (Remember to add the http://www part!)
3. Set the delay to 9 to 16 seconds to avoid ban.
4. Start the program.
DOWNLOAD LINK
Virus Total report
http://www.virustotal.com/file-scan/...827-1290158321
I was just checking out my posts on Techotoys and found that I haven't posted any tutorial on how to hack Website. There are many tool...
Tuesday, January 18, 2011LOIC: Hack website using DOS- Denial Of Service Attack
Tuesday, January 18, 2011 Sensei Fedon 2 Comments
Description: Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on ...
Tuesday, January 18, 2011Havij v1.14 Advanced SQL Injection
Tuesday, January 18, 2011 Sensei Fedon 0 Comments
About
Network security blog.
Follow Us
Popular Posts
-
Eternalromance is another SMBv1 exploit from the leaked NSA exploit collection and targets Windows XP/Vista/7 and Windows Server 2003 and 2...
-
A web application firewall (WAF) is an appliance, server plugin, or a software filter that applies a set of rules to an HTTP conversatio...
-
Web Application Firewall Server: Shadow Daemon is a collection of tools to detect , record and prevent attacks on web applicatio...
-
This article aims to introduce the framework that has been disclosed through an article posted by ShadowBrokers , focusing on two...
-
Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. It is available free (no ads / no bundlewar...
-
context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation writeup: https://www.trustedsec.com/blog/equation-group-...
-
WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc (modsecurity event lo...
-
Kali is an awesome distribution for pentesting. But with so many choices, one may find it daunting to find a specific tool for a task witho...
-
DARPA’s Memex search engine touted to be a Google-killer When we look at the history of computing, it features a string of organization...
-
Introduction Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per servic...
Labels
Total Pageviews
Blog Archive
-
▼
2011
(39)
-
►
March
(13)
- Gaining Administrative Privileges on any Blogger.c...
- Sql Poison v1.1
- How To Use Trial Software's For Ever...
- Hiding IP Adress...
- Download "deleted" files from HotFile!
- Increase Youtube Buffering Speed
- CyberGhost VPn 1 Year Coupen Code (2011-2012)
- Securing SQL Server: Protecting Your Database from...
- Hakin9: Identity Theft!
- MySQL Firewall with GreenSQL
- How to Back Up Your Gmail the Easy and Cheap Way
- Add Twitter to Microsoft Outlook with TwInbox
- Free Web Application Security for Dummies
-
►
January
(11)
- Kaspersky Source Goes Public...
- Hackbar Mozilla Firefox Addon...
- XSS Rays: A Google Chrome XSS Scanning Browser Ext...
- Internet Society - World IPv6 Day
- Phone Creeper v0.98!
- Want to access Facebook from within Gmail? Now you...
- Ms Attack Surface Analyzer
- Twitter Worm : Watch out for "m28sx.html"
- adf.ly Mass Auto-clicking Bot v3.3
- LOIC: Hack website using DOS- Denial Of Service At...
- Havij v1.14 Advanced SQL Injection
-
►
March
(13)
Popular Posts
-
This article aims to introduce the framework that has been disclosed through an article posted by ShadowBrokers , focusing on two...
-
A web application firewall (WAF) is an appliance, server plugin, or a software filter that applies a set of rules to an HTTP conversatio...
-
Elite Proxy Switcher The Best Tool That I Ever Find on The Internet For Finding And Checking Huge Proxy Lists You Can Find Elite and A...
-
context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation writeup: https://www.trustedsec.com/blog/equation-group-...
-
Hi guys, today i am goint to tell you a perfect program which makes Effective DoS Attacks Easly :D Name of the Program is DoS-Pro v 2.0 R...
-
It is time to make some attacks which like ddos but from only one PC :D DecFlooder-v1.00 Hack Tools easy to use as you see from the p...
-
Below are the inside details of Florida voting systems. If the United States government can't even keep their ballot systems secure, why...
0 comments: