Find Admin Pages on website -- Perl Script( tool)

1) Download Active Perl  and Install ( assuming C:\ drive).
2) Download Admin Finder
3)Copy Admin Finder to C:\Perl\bin( assuming that you have installed Acitve Perl on C:\drive)
4) open command prompt , Navigate to C:\perl\bin
5) Run C:\Perl\bin>admin_CP_finder.pl
    Hit Enter.

The Browser Exploitation Framework

Working on it, will post it soon.

Saba

Use Firefox as Hack tool - 2

Source & Credit

Enjoy reading and testing.

Tamper Data tutorial

Tamper Data is a Firefox Extension which gives you the power to view, record and even modify outgoing HTTP requests. This is extremely useful when trying to answer questions like:

• What cookies are being sent to the browser, and what is the browser returning?
• Are the Cookies marked "secure"?
• When a redirect happens, is it an HTTP 302?
• What kind of HTTP Authentication is happening?

Use Firefox as Hack tool

Hi All,

Sorry to delay the post .. I was quite busy with my ITIL examination Last week and Good news is that I have completed ITIL V3 Foundation. My next target is achieve CISM by August 2012.

Today I am posting about Firefox add-ons.

I assume every one Is aware of Fire fox add-on installation procedure.

as per above statement below are links for add-on and usage respectively.

XSS Me

Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.


Xss Me :- https://addons.mozilla.org/en-US/firefox/addon/xss-me/

Sites that crack md5 hashes

* www.tmto.org
* md5.noisette.ch
* md5decryption.com
* www.c0llision.net
* www.netmd5crack.com
* www.md5decrypter.com
* md5hashcracker.appspot.com
* www.hashhack.com
* isc.sans.edu
* www.md5crack.com
* passcracking.com
* authsecu.com
* md5.rednoize.com
* md5.web-max.ca
* www.cmd5.com
* md5.thekaine.de
* www.shell-storm.org
* www.md5this.com
* www.hashchecker.com
* hashcrack.com
* md5pass.com
* md5pass.info
* cmd5.org

ITIL V3 certification.

Hi All,

Happy to inform you that I successfully achieved ITIL V3 2012 certification.

Regards

Saba

Vulnerability Scanner CMS Drupal

Vulnerability Scanner CMS Drupal

The scanner written in PHP, frontend created with ExtJS 3.0. 

Demo here: http://raz0r.name/drupalscan/

pick up the source code here .

fbpwn - Hack tool for Facebook (Profile Dumper)

fbpwn A cross-platform Java based Facebook social engineering framework

A cross-platform Java based Facebook social engineering framework, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder. Extensible module interfaces and built-in modules for advanced social engineering trick

WEB Security -Slides - Google Code University

What Every Web Programmer Needs To Know About Security -Slides - Google Code University

Details:-http://code.google.com/edu/submissions/daswani/index.html

Download all Slides click Here

Source

Credit

Disclaimer :- All the content presented here is adapted from various blogs and forums, so all credits goes to original authors and people who uploaded the actual content. 

Web Application Exploits and Defenses (Want to beat the hackers ?- repost)

Web Application Exploits and Defenses 

• Learn how hackers find security vulnerabilities!
• Learn how hackers exploit web applications!
• Learn how to stop them!
• 
  

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:

• How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
• How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

Full Details

Instructors guide  

Sql Injection Cheat Sheet

Common SQL Injection Commands for Backend Databases
MS-SQL
Grab version	@@version
Users	name FROM master..syslogins
Tables	name FROM master..sysobjects WHERE xtype = ‘U’
Database	name FROM master..sysdatabases;
Columns	name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘<TABLENAME’)
Running User	DB_NAME()
Oracle
Grab version	table v$version compare with ‘Oracle%’
Users	* from dba_users
Tables	table_name from all_tables
Database	distinct owner from all_tables
Columns	column_name from all_tab_columns where table_name=‘<TABLENAME>
Running User	user from dual
IBM DB2
Grab version	Versionnumber from sysibm.sysversions;
Users	user from sysibm.sysdummy1
Tables	name from sysibm.systables
Database	schemaname from syscat.schemata
Columns	name, tbname, coltype from sysibm.syscolumns
Running User	user from sysibm.sysdummy1
MySQL
Grab version	@@version
Users	* from mysql.user
Tables	table_schema,table_name FROM information_schema.tables WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’
Database	distinct(db) FROM mysql.db
Columns	table_schema, column_name FROM information_schema.columns WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ AND table_name == ‘<TABLENAME>’
Running User	user()
PostgreSQL
Grab version	version()
Users	* from pg_user
Database	datname FROM pg_database
Running User	user;

ThunderBird -Cheat Sheet

MOZILLA THUNDERBIRD CHEAT SHEET

BASIC
Home: http://www.mozilla.com/thunderbird/ Extensions & Themes: https://addons.mozilla.org/ Support Forum: http://forums.mozillazine.org/

GENERAL KEYBOARD SHORTCUTS
Caret Browsing	F7
Exit	Ctrl + Q
Get New Messages for Current Account	Ctrl + T
Get New Messages for All Accounts	Ctrl + Shift + T
Print	Ctrl + P
Reply to All Recipients of Message	Ctrl + Shift + R
Reply to Sender of Message	Ctrl + R
Save Message as File	Ctrl + S
Send and Receive All Messages	Ctrl + T
Send Message Later	Ctrl + Shift + Enter
Send Message Now	Ctrl + Enter
Stop	Esc
Toggle Message Pane	F8

MESSAGE KEYBOARD SHORTCUTS
Edit as New	Ctrl + E
Forward Message	Ctrl + L
Label: None	0
Label: Important	1
Label: Work	2
Label: Personal	3
Label: ToDo	4
Label: Later	5
Mark All Read	Ctrl + Shift + C
Mark All Read by Date	C
Mark as Junk	J
Mark as Not Junk	Shift + J
Mark Message as Read/Unread	M
Mark Thread as Read	R
New Message	Ctrl + N

NAVIGATION KEYBOARD SHORTCUTS
Close Window	Ctrl + W
Collapse All Threads	\
Expand All Threads	*
Go to Next Message	F
Go to Next Unread Message	N
Go to Next Unread Thread	T
Go to Previous Message	B
Go to Previous Unread Thread	P
Move to Next Mail Pane	F6
Open Message in New Window	Ctrl + O

SEARCH KEYBOARD SHORTCUTS
Find Again	F3
Find Link As You Type	'
Find Previous	Shift + F3
Find Text in This Message	Ctrl + F
Search Bar	Ctrl + K
Search Messages	Ctrl + Shift + F

TEXT KEYBOARD SHORTCUTS
Copy	Ctrl + C
Cut	Ctrl + X
Delete	Del
Paste	Ctrl + V
Redo	Ctrl + Y
Select All	Ctrl + A
Text Size Decrease	Ctrl + -
Text Size Increase	Ctrl + +
Text Size Default	Ctrl + 0
Undo	Ctrl + U

MOUSE SHORTCUTS
Decrease Text Size	Ctrl + Scroll Up
Increase Text Size	Ctrl + Scroll Down
New Plain Text Message	Shift + Create a New Message
Plain Text Reply	Shift + Reply
Plain Text Reply All	Shift + Reply All
Plain Text Forward	Shift + Forward

LOCATIONS
Profile Manager
Close Thunderbird and from the "Start" menu, select "Run" and type "thunderbird.exe -profilemanager"
User Profile Folder
C:\Documents and Settings\[username]\Local Settings\Application Data\Thunderbird\Profiles\xxxxxxxx.default\
Advanced Configuration
Tools -> Options -> Advanced -> General -> Config Editor

TIPS/TRICKS
Customize Toolbars
Right click on a toolbar and chose customize toolbar. To add icons drag and drop them on the toolbar. To subtract icons drag them from the toolbar to the "Customize Toolbar" window.
Make Thunderbird Default Email Client or RSS Reader
Tools -> Options -> General -> Make Thunderbird the Default Application For
Save Drafts Automatically
Tools -> Options -> Composition -> General -> Auto Save every X minutes

nmap 4.03 Qt4-based Graphical User Interface

NmapSi is a complete Qt-based Gui with the design goals to provide a complete nmap interface for Users, in order to menagement all option of this power security net scanner!

Features & Bug list

Download

Source