 |
|||
|
|||
|
|||
|
|||
|
|||
The WebDAV implementation in Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder. |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
This video from John Strand shows how to bypass anti virus tools utilizing the new tricks in Metasploit 3.2 |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
In this video, Bigmac shows how to redirect web traffic and trick users into downloading Meterpreter and running it on their box. |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
In this video IronGeek'll be showing how Cain can pull off a "Man in the Middle" attack against the Remote Desktop Protocol. While RDP versions 6.0 and later are less susceptible to these attacks because of the verification schemes added, there is still a risk since so many users just click yes to all warning messages. |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
John Strand of Black Hills Security sent me another awesome video on using BeEF, cross site scripting and other fun. |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
John Strand of Black Hills Security sent me an awesome video on using Metasploit to create an EXE with the Meterpreter payload that creates a reverse TCP connection outbound, blowing through many NAT boxes and firewalls. This goes great with a previous video I did on EXE Binders/Joiners. |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
John Strand gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. He gives a fascinating talk about why "security in depth" is dead, and lives again. John then goes on to demo Evilgrade, using msfpayload and obscuring it against signature based malware detection, dumping SAM hashes with the Metasploit Meterpreter and using a patched Samba client to pass the hash and compromise a system. I'd like to thank John for letting me record his talk. |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
In this tutorial, I'll be giving an example of why weak hashes are bad. The example I'll be using is the CRC32 hash that Outlook uses to store a PST archive's password with. The CRC32 algorithm as implemented by Microsoft Outlook is easy to generate hash collisions for, so even if you can't find the original password you can find an alternate one that works just as well. |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
The HTTP protocol offers us a challenge-response authentication mechanism which can be used by a Web or proxy server to grant or refuse access to resources on the network. Nowadays, the Net is witness to millions of transactions, as well as providing both public and confidential data. The network makes it all possible, but in order to maintain security we must know who has got access to our sensitive data and who can perform privileged operations. |
|||
|
|||
|
|
|||
|
|||
|
|||
|
|||
|
|||
Google.com is undoubtedly the most popular search engine in the world. It offers multiple search features like the ability to search images and news groups.However it's true power lies in it's powerful commands that can be used and misused.I am writing this article on the basis of my experience using google and trying out ideas when i am bored.Now enough of lecturing...let's get down to business ;) |
|||
|
|||
|
Welcome
Welcome to XNUXER.OR.ID, by visit our site we like to help you to get main information about internet security and opensource so dont forget to update your knowledge every time using our website.
Archives
To access file download or private information here you must register, please register here.
The Best News - Top 10
Site Statistics
| Top Contributors: | |||
| 1 | webmaster | 166 | |
Articles: |
| This Hour: 0 |
| Today: 0 |
| This Month: 0 |
| All Time: 164 |
| Membership: |
| Registered Today :17 |
| This Hour:0 |
| This Month:332 |
| Total:4539 |
| Banned:0 |
Site Survey
| What do you think about our website? |
Security Tracker
Vuln: Pligg CMS 'status' Parameter SQL Injection VulnerabilityPligg CMS 'status' Parameter SQL Injection Vulnerability
Vuln: Joomla! Multiple Information Disclosure Vulnerabilities
Joomla! Multiple Information Disclosure Vulnerabilities
Vuln: QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
Vuln: Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability
Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability
Bugtraq: [ MDVSA-2012:013 ] mozilla
[ MDVSA-2012:013 ] mozilla