online (hacking challenge / practice / fun )

Found this on Google search...tested few sites ..... working and good.

Test you skills online, hack the site , vulnerable sites, Live hacking.. etc :)



Offline :
Online
More Realistic Demonstration
This is an old list I grabbed from somewhere, some of them can be down right now.
Challenge sort of examples

Web Application Security Check List

Web Application Security Check List



Web Application Security Check List is a documentation project of OWASP Turkey. It provides 61 security controls that need to be integrated within web applications. It targets mainly auditors but is helpful for application developers, IT-architects, project managers, system administrators and database administrators as well. The security controls are integrated within an Excel-tool with graphical representation support.
The first version of the check list was published in 2010 in Turkish whereas the second and current version of the check list was published with many enhancements in January 2012 in Turkish and English.





Security Cheat Sheets

Security Cheat Sheets


Hi friends, I found below post "complete set of cheat sheets" @ one place(http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/)

I appreciate idea of have all cheat sheets @ once place.. full credit to author/blog owner( above link).



TitleSourceDescription
SQL Injection Cheat SheetMichael DawReference
Linux Security Quick Reference GuideLinuxSecurityPDF
SQL Injection Cheat SheetFerruh MavitunaReference
Security Architecture Cheat SheetOWASPReference
SQL Injection Prevention Cheat SheetOWASPReference
Transport Layer Protection Cheat SheetOWASPReference
XSS (Cross Site Scripting) Prevention Cheat SheetOWASPReference
SQL Injection Cheat SheetRSnakeReference
XSS (Cross Site Scripting) Cheat SheetRSnakeReference
Forensic Analysis Cheat SheetSANSPDF
Google Hacking and Defense Cheat SheetSANSPDF
IEEE 802.11SANSPDF
IPv6 TCP/IP and tcpdumpSANSPDF
Linux Intrusion Discovery Cheat SheetSANSPDF
Misc Tools Cheat SheetSANSPDF
Netcat Cheat SheetSANSPDF
TCP/IP and tcpdumpSANSPDF
Windows Command Line Cheat SheetSANSPDF
Windows Intrusion Discovery Cheat SheetSANSPDF
NMAP and NessusSecGuruPDF
Hping3José A. GuaschPDF
NMAP5Alejandro RamosPDF
Web ApplicationSecGuruPDF
Netcat Cheat SheetEd SkoudisPDF
Useful Attack ToolsEd SkoudisPDF
Windows commandline toolsEd SkoudisPDF
Analyzing Malicious Documents Cheat SheetLenny ZeltserReference
Critical Log Review Checklist for Security IncidentsDr. Anton Chuvakin and Lenny ZeltserPDF
Information Security Assessment RFP Cheat SheetLenny ZeltserPDF
Initial Security Incident Questionnaire for RespondersLenny ZeltserPDF
Network DDoS Incident Response Cheat SheetLenny ZeltserPDF
Reverse-Engineering Malware Cheat SheetLenny ZeltserPDF
Security Architecture Cheat Sheet for Internet ApplicationsLenny ZeltserPDF
Security Incident Survey Cheat Sheet for Server AdministratorsLenny ZeltserPDF
Troubleshooting Human CommunicationsLenny ZeltserPDF
ASP.NET Security Architecture

Nmap - Windows - CMD- Scan- Options - Example


Nmap
Nmap is network exploration tool and port scanner. It was created by Fyodor and can be downloaded from www.insecure.org free of charge. I have always had issues with the Win32 port of Nmap so I have only used it from Linux. Nmap is available for most Linux distributions.
A few things to be aware of when using Nmap is it will ping the target before it scans to see if it is up. If the target is blocking ICMP the scan may fail. This initial ping can be prevented by using the -P0 switch which will then allow Nmap to continue the port scan.
When specifying a target the following syntax can be used:

nmap target option

The target is the host or network to be scanned and the options are the list of ports and type of scan. target can be entered as a hostname (www.yahoo.com), the IP address (87.248.113.14), or CIDR addressing (192.168.1.1/24). Nmap can also be told to use an input file for target specification. There are additional methods of target specification listed in the Nmap man pages.

Options can be the scan type (SYN scan, ACK scan, list scan etc..), can be turning off certain functions such as DNS resolution or ping, can be setting the options for output such as to XML or text file, can be setting OS or version detection, can be setting up scanning through a FTP server or another host, or can be selecting the ports to be scanned. Ports can be entered in as a list (-p 21,23,80) or as a range (-p 1-1024,3389,5000) or by port type for UDP or TCP (-p U:161,53 T:80,443).

The following are some basic examples of Nmap scans.
1. Ping Scan (ping sweep)
nmap -sP 10.20.2.1/24

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-29 14:23 GMT
Host 10.20.2.4 appears to be up.
MAC Address: 00:0C:F1:5E:0B:05 (Intel)
Host 10.20.2.6 appears to be up.
MAC Address: 00:30:C1:21:0B:9C (Hewlett-packard)
Host 10.20.2.69 appears to be up.
MAC Address: 00:E0:81:6C:94:53 (Tyan Computer)
Host 10.20.2.70 appears to be up.
MAC Address: 00:60:B0:20:D0:C0 (Hewlett-packard CO.)
Host 10.20.2.71 appears to be up.
MAC Address: 00:00:84:AE:70:BF (Ricoh Company)
Nmap finished: 256 IP addresses (5 hosts up) scanned in 5.398 seconds


This scan was used to quickly identify host that are up on a particular range of IP addresses.

2. Basic Host Scan
nmap 10.20.2.41
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-29 14:13 GMT
Interesting ports on 10.20.2.41:
(The 1666 ports scanned but not shown below are in state: closed)
PORT
 STATE SERVICE
21/tcp
 open ftp
23/tcp
 open telnet
80/tcp
 open http
280/tcp
 open http-mgmt
443/tcp
 open https
515/tcp
 open printer
631/tcp
 open ipp
9100/tcp open
 jetdirect
MAC Address: 00:0E:7F:E2:E5:93 (Hewlett Packard)
This scan picks a performs a TCP connect scan of a selected host. This scan would likely be picked up by an IDS. The basic scan would scan all ports including 1024 and below and certain high numbered ports listed in the nmap-services file. This file can be customised for your own environment. To peform a fast scan use the -F switch. This will just scan ports listed in the nmap-services file. Nmap will also automatically randomise the ports to be scanned, this can be disabled with the -r switch.

3. Version Scan
nmap 10.20.2.41 -sV -p 23
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-29 14:14 GMT
Interesting ports on 10.20.2.41:
PORT
 STATE SERVICE VERSION
23/tcp open
 telnet HP JetDirect printer telnetd (No password)
MAC Address: 00:0E:7F:E2:E5:93 (Hewlett Packard)
Service Info: Device: printer
Nmap finished: 1 IP address (1 host up) scanned in 2.059 seconds
This scan picked a particular port and attempted to enumerate the service listening on that port.

4. OS Scan
nmap 10.20.2.41 -O -p 23,81
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-29 14:16 GMT
Interesting ports on 10.20.2.41:
PORT
 STATE SERVICE
23/tcp open
 telnet
81/tcp closed hosts2-ns
MAC Address: 00:0E:7F:E2:E5:93 (Hewlett Packard)
Device type: print server
Running: HP embedded
OS details: HP printer w/JetDirect card
Uptime 74.890 days (since Wed Aug 15 16:55:33 2007)
Nmap finished: 1 IP address (1 host up) scanned in 2.579 seconds
This scan performed an OS scan on the host and correctly identified it as a HP Printer.

5. SYN Scan (Half-Open Scan)
nmap 10.20.2.41 -sS -p 23,80
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-29 14:17 GMT
Interesting ports on 10.20.2.41:
PORT
 STATE SERVICE
23/tcp open
 telnet
80/tcp open
 http
MAC Address: 00:0E:7F:E2:E5:93 (Hewlett Packard)
Nmap finished: 1 IP address (1 host up) scanned in 0.440 seconds
This scan performed a half-open scan (-sS) on ports 23 & 80. Half-open means that a full TCP connect scan was not completed. A SYN packet was sent from Nmap followed by a RST packet if a SYN/ACK was received (indicating an open port). If a RST packet was received by Nmap the port will be listed as closed. You must have root permissions to perform a SYN scan otherwise the scan will drop down to a full TCP Connect scan. SYN scans are relatively stealthy and are very fast for the reasons already mentioned. If Nmap receives no response or if an ICMP unreachable is received by Nmap the port is marked as filtered.

6. Stealthy Scan
nmap 10.20.2.41 -sS -p 23,80 -T 1
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-29 14:22 GMT
Interesting ports on 10.20.2.41:
PORT
 STATE SERVICE
23/tcp open
 telnet
80/tcp open
 http
MAC Address: 00:0E:7F:E2:E5:93 (Hewlett Packard)
Nmap finished: 1 IP address (1 host up) scanned in 45.422 seconds
This scan performs a half-open scan but the packets are sent at a very slow rate (-T 1). This is to avoid detection by an IDS. Note the time that Nmap took to scan compared to the previous examples.

7. Idle Scan (Zombie Scan)
nmap 10.20.2.41 -p 23 -T 2 -sI 10.20.2.70 -P0
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-10-29 14:29 GMT
Idlescan using zombie 10.20.2.70 (10.20.2.70:80); Class: Incremental
Interesting ports on 10.20.2.41:
PORT
 STATE SERVICE
23/tcp open
 telnet
MAC Address: 00:0E:7F:E2:E5:93 (Hewlett Packard)
Nmap finished: 1 IP address (1 host up) scanned in 7.650 seconds
In this example Nmap has used another host (-sI 10.20.2.70) to perform the scan on behalf of the attacker. The way this works is Nmap sends a packet to the Zombie to check the IP ID and then sends it’s scan to Target but spoofs the IP ofthe Zombie (10.20.2.70). Nmap then checks the IP ID of the Zombie to see how much it has increased by. This tells Nmap whether the port was open or closed due to response (ACK or RST) sent from the real target to the zombie. It has also prevented nmap from pinging the host (-P0) at the beginning of the scan.

Useful Nmap Options
-sT: Full TCP connect scan.
-sS: SYN scan. Stealthier than a TCP connect scan.
-sFFIN scan. Stealthy. A RST indicates the port is closed
-sR: Scans RPC services and attempts to identify listening programs.
-sI: Idle scan.
-bBounces the scan of a FTP server.
-sX: Xmas tree scan. All flags are set. A RST indicates a port is closed, no response may mean the port is open.
-sU: Scan for status of UDP ports.
-sL: Performs a list scan. Will attempt to perform a reverse lookup of hosts
-sPPing scan, not a scan as such but can be used initially to locate alive hosts.
-OOS Fingerprinting.
-sVIdentifies the service and version in some cases.
-ABoth version and OS fingerprinting.
-T 1: Timing is slow (1). Can be increased to 2, 3, 4 or 5 (5 being the fastest)
-sA: TCP ACK scan. This may get through certain packet filtering devices.
-iL : Input from list of hosts/networks
-sP: Ping Scan - go no further than determining if host is online
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
-p : Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
-r: Scan ports consecutively - don't randomize
-D: : Cloak a scan with decoys
-S: : Spoof source address
-e: : Use specified interface
-g/--source-port : Use given port number
OUTPUT:
-oN/-oX/-oS/-oG : Output scan in normal, XML, s|
and Grepable format, respectively, to the given filename.
-oA: : Output in the three major formats at once
-v: Increase verbosity level (use twice for more effect)
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES


ScanLine (sl)
ScanLine does not have anywhere near the same amount of functionality as a tool such as Nmap. But it can be used to quickly identify if a port is open, a host is up . To perform a basic scan with ScanLine (sl) use the following syntax:
Sl 192.168.1.1 
This will ping the host and perform a basic scan of known ports below is the result.
ScanLine (TM) 1.01
Copyright (c) Foundstone, Inc. 2002
http://www.foundstone.com
Scan of 1 IP started at Thu Oct 25 21:51:36 2007
--------------------------------------------------------
192.168.1.1
Responded in 0 ms.
0 hops away
Responds with ICMP unreachable: No
TCP ports: 21 80 1723
UDP ports:
We can see from the result that it has found open TCP ports 21, 80, 1723
As some devices are configured to drop ICMP sl may assume the host is not up if it get’s no response and quit. To prevent this use the –p option. The –t or –u option can also be specified followed by port numbers to address only certain ports.Below is an example of this.
sl -vpbt 80 192.168.1.1
ScanLine (TM) 1.01
Copyright (c) Foundstone, Inc. 2002
http://www.foundstone.com
Adding IP 192.168.1.1
Banner grabbing enabled.
No pinging before scanning.
Scan of 1 IP started at Thu Oct 25 22:01:16 2007
Scanning 1 IP...
------------------------------------------------------
192.168.1.1
Responds with ICMP unreachable: No
TCP ports: 80
TCP 80:
[HTTP/1.0 401 Unauthorized Access Denied]
------------------------------------------------------
Scan finished at Thu Oct 25 22:01:16 2007
1 IP and 1 port scanned in 0 hours 0 mins 0.05 secs
Above you can see that I have discovered a web server listening on port 80.
You can also specify a range of ports or addresses to sl such as:
sl –pt 21,23,80-250 192.168.1.1-10
The output of scan can also be output to a file using the –o switch followed by a filename.
For additional info on the other switches available use sl /?


Netcat
Netcat can pretty much do anything from being a proxy, transfer files, a chat client, a backdoor and yes, port scanning.Now, it’s not fast and it’s not pretty but it’ll do it. The syntax is below.
nc -vv -z -n -w1 192.168.1.1 23 80 34
And the output is……..
(UNKNOWN) [192.168.1.1] 23 (?): connection refused
(UNKNOWN) [192.168.1.1] 80 (?) open
(UNKNOWN) [192.168.1.1] 34 (?): TIMEDOUT
sent 0, rcvd 0: NOTSOCK
So I can see that I have open ports 23 and 80.

Links

Port Scanning - what is-


What is Port Scanning?
Port scanning is where a port or a range of ports are scanned to find out I they are open or closed and what service or program is listening on that port.

I should also point out that port scanning can cause the devices to crash or may have other unintentional effects. a service may hang or become unresponsive or a printer may print out garbage. So always get permission, be aware of the effects if scanning production systems and know your tools.


Why Port Scan?

A good port scanner such as nmap will often be able to identify the port is open or closed or is filtered by a firewall, and if open, details of the program listening on that port. This information is very useful to both a systems administrator and an attacker. From a system administration point of view you may want to test firewall rules. Or if you were to discover a unauthorised program such as a trojan on your network that is listening on a port you may want to see if other hosts are also affected. Also when hardening hosts a port scan of that host is very useful to look for open ports.

From an attackers point of view, he may want to discover what programs or services are on a host to identify it’s role or to see if these programs are vulnerable to a known exploit.

What is a Port?

Often the analogy used to describe a port is that of a window in a house. Think of your computer as a house and each window or door as a port. Now, the port can either be open or closed, if it’s closed nothing can get in through that port, if it’s open, it will have a program listening that will accept connections through the port. There are 2 types of port, TCP and UDP and each type there are 65536 (0-65535) ports of each type.

Port scanning is akin to rattling the windows and doors to see if any of them are open.

Common Ports

Certain programs and services have standard ports they listen on, such as web servers listening on TCP port 80. This is so your browser knows where to go to by default when just browsing to a web page with HTTP. DNS knows to listen on UDP port 53 and Telnet knows to use TCP port 23. The range of ports between 0-1024 are reserved for use by the computer for standard programs such as FTP, Telnet, DNS, SNMP, SMTP etc…. and ports above this range, known as ephemeral ports, can then be set up with other services such as MSRDP on port 3389 or MSSQL on 1334. It is useful to note that almost any service can be set up to listen on almost an port and in almost all cases the port that a packet is destined for (destination port) is not the port it will go out on (source port).


The link below provides details of known port assignments:

http://www.iana.org/assignments/port-numbers

Knowledge of the standard port assignments is very useful when port scanning as it will help you to recognise the ports you are interested in and prevent scanning an entire range which may trigger an IDS or IPS. However, it should be noted that in some situations it may be necessary to scan the entire range because as i said, most services can be set to listen on non-standard ports.

How does Google index?


How does Google index?


To feed the Google index base, robots, called "bots" on pages regularly patrol the Internet looking for new links, enabling them to discover new pages will be added to the Google index.
In addition, Google also provides a database archive, called "cache". When a website is inaccessible, for example, or a page has been deleted from a website, you can still access them through the cache function of Google search results.

"The" Google bots " are programs, hosted on Google servers, which run through the web pages in search of new content, new links. The passage of these "bots" is called "Google dance".
"The Google index is based on information fed back by "bots". Google is the search engine with the largest index in the world (several billion pages: see http://www.worldwidewebsize.com/ ). For each page indexed, Google combines similar content, and calculates each field poiur a PR (Page Rank), a formula partially guarded secret by the publisher. This is the position of PR which allows positioning the pages in the results of a Google search.
"Cache: For each page covered, Google keeps its database of "cache" 101k of text data (also HTML, DOC, PDF, PPT, ...)
"The Google API is a small external program offered by Google, and allows developers to integrate functionality of remote interrogation of the search engine. To use, you must have a free license key (supplied by Google). Each key can query 1000 searches per day.

- Saba

Utility to remove OS/process locks on files while copying, renaming or deleting


Utility to remove OS/process locks on files while copying, renaming or deleting

LockHunter is a foolproof file unlocker
It is a free tool to delete files blocked by something you do not know. LockHunter is useful for fighting against malware, and other programs that are blocking files without a reason. Unlike other similar tools it deletes files into the recycle bin so you may restore them if deleted by mistake.

Key Features

  • Shows processes locking a file or folder
  • Allows to unlock, delete, copy or rename a locked file
  • Allows to kill locking process
  • Allows to remove locking processes from hard drive
  • Can unload DLLs from processes
  • Integrates in to Explorer menu
  • It deletes files into the recycle bin, so you may restore them if deleted by mistake
  • Supports both 32 and 64bit Windows


Bulk Rename Utility - Windows-Freewaree


Bulk Rename Utility


Introduction

Bulk Rename Utility is a free file renaming software for Windows. Bulk Rename Utilityallows you to easily rename files and entire folders based upon extremely flexible criteria.
Add date/time stamps, replace numbers, insert text, convert case, add auto-numbers, process folders and sub-folders....plus a whole lot more!

- Rename multiple files quickly, according to many flexible criteria.
- Rename files in many ways: add, replace, insert text into file names. Convert case, add numbers. Remove or change file extensions.
- Check the detailed preview before renaming.
- Rename photos using EXIF meta data (i.e. "Date Picture Taken", "Resolution" and other information embedded in all JPG photo files) Rename your holiday pictures from a meaningless dsc1790.jpg to NewYork1.jpg in a flash.
- Rename MP3 files using ID3 tags (a.k.a. MP3 ID3 tag renaming).
- Change files' creation and modification time stamps.
- It's free. Easy to Install. Download and start renaming your files now!