Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Main Page"

From NetSec
Jump to: navigation, search
 
 
(50 intermediate revisions by 7 users not shown)
Line 1: Line 1:
= Misconceptions =
+
<center><table style="border:.5em solid #aaaaaa; border-radius:.9em; -o-border-radius:radius|.9em; -icab-border-radius:.9em; -khtml-border-radius:.9em; -moz-border-radius:.9em; -webkit-border-radius:.9em; background-color:background|#dddddd; width:100%;"><tr><td>
 +
<center><big>'''Articles'''</big>
  
The common misconception about computer security related problems in today's age is that the [[Hackers]] are the ones responsible for [[Security]] holes.  This should in fact be corrected, for dangerous [[security]] holes would not exist if it were not for the [[programmer]] of the vulnerable application creating a weakness that could be exploited.  Usually the [[programmer]] does this by accident out of lack of care or out of ignorance, or even perhaps just a simple place where he or she "missed a spot".
+
----
 +
''[[shellcode]] &bull; [[countermeasures]] &bull; [[administration]] &bull; [[exploitation]] &bull; [[programming]]''
  
Many times vulnerabilities are also the result of [[Network Administrators]], either for configuring a system with a configuration that is known to be insecure, for installing [[vulnerability|vulnerable]] [[applications]] themselves, or for ignorance and/or laziness.  When systems go [[un-patched]], they become more and more [[vulnerability|vulnerable]].  This is also the Administrator's fault. Sometimes, in fact, administrators are tricked into giving away a [[password]] by a phone call from the remote attacker himself, which introduces [[Social Engineering]].
 
  
= Preface =
 
  
This assumes that you have a basic understanding of most generic [[MS-DOS]]. A quick reference of commands can be found here; however typing the command name with -help after the command may [[help]] you a bit more. This also assumes that you have a basic understanding of [[MS-DOS]], [[FTP]], [[HTTP]], [[MSSQL]], [[NetBIOS]], and mmc.exe, see all attached links for references.
+
'''[[Compiled language]]s'''
  
Most of the code within [http://www.blackhatacademy.org Security 101] will not actually work. It has been abridged for readability as well as optimal learning speed.
+
[[assembly]] &bull; [[linux assembly]] &bull; [[C]] &bull; [[CPP|C++]]  
  
[[Buffer Overflows]]
 
  
[[Cryptography]]
+
'''[[application|Software]] [[Exploitation]]'''
  
[[Social Engineering]]
+
[[Buffer overflow|Stack overflows]] &bull; [[Shellcode/Loaders|shellcode loaders]] &bull; [[null-free shellcode]] &bull; 32-bit [[ascii shellcode]] &bull; 64-bit [[Shellcode/Alphanumeric|alphanumeric shellcode]] &bull; [[unsafe string replacement]] &bull; [[Shellcode/Self-modifying|Self-modifying shellcode]] &bull; [[Shellcode/Dynamic|dynamic shellcode]] &bull; [[Shellcode/Socket-reuse|socket reuse]]
  
[[Fuzzing]]
 
  
[[Network Security]]
+
'''[[Interpreted languages]]'''
  
[[Web Exploitation]]
+
[[Perl]] &bull; [[Python]] &bull; [[PHP]] &bull; [[Ruby]] &bull; [[LUA]] &bull; [[Bash book|The bash book]] &bull; [[SQL Orientation]] &bull; [[Polymorphic|Examples of polymorphism]]
  
[[Design Flaws]]
 
  
[[Wireless Security]]
+
'''[[Web Exploitation]]'''
  
[[Physical Security]]
+
[[SQL injection]] &bull; [[XSS]] &bull; [[Cookies]] &bull; [[File inclusion]] &bull; [[Command Injection|Command injection]] &bull; [[CSRF]] &bull; [[XSRF]] &bull; [[XSCF]] &bull; [[Cold Fusion Hacking|Coldfusion hacking]] &bull; [[SQL Backdoors]]
 +
 
 +
 
 +
<small>([[:Category:Indexing|The Index]]) ([[:Category:Requested_maintenance|Contribute]])</small></center></td></tr></table></center>
 +
 
 +
 
 +
 
 +
{|style="border:.5em solid #aaaaaa; border-radius:.9em; -o-border-radius:radius|.9em; -icab-border-radius:.9em; -khtml-border-radius:.9em; -moz-border-radius:.9em; -webkit-border-radius:.9em; background-color:background|#dddddd; width:100%;"
 +
!colspan="6" align="center"|<big>'''Tools</big>
 +
----
 +
|-
 +
|valign="top"|'''[[Vanguard]]'''
 +
|valign="top"|''[[Web Exploitation|web application vulnerability]] testing engine written in [[perl]] with LibWhisker2 support''
 +
|
 +
|valign="top"|'''[[Jynx2]]'''
 +
|valign="top"|''Version 2.0 of the classic [[LD_Preload]] userland rootkit written in [[C]]''
 +
|-
 +
|valign="top"|'''[[Bleeding Life]]'''
 +
|valign="top"|''[[PHP]] and [[MySQL]] based browser [[buffer overflow]] exploit pack''
 +
|
 +
|valign="top"|'''[[Kolkata]]'''
 +
|valign="top"|''Configurable [[perl]] scanner that analyzes [[cryptography|checksums]] to perform fingerprinting on web applications with static file analysis''
 +
|-
 +
|valign="top"|'''[[GScrape]]'''
 +
|valign="top"|''Google scraper written in [[perl]] for rapidly identifying vulnerable websites and generating statistics''
 +
|
 +
|valign="top"|'''[[Lfi_autopwn.pl]]'''
 +
|valign="top"|''Given a [[File inclusion|file inclusion]] vulnerability, this [[Perl]] script will spawn a shell''
 +
|-
 +
|valign="top"|'''[[MySql 5 Enumeration|Mysql5 enumerator]]'''
 +
|valign="top"|''Automatically map contents or query a remote database given a URL vulnerable to [[SQL injection]] with this [[perl]] script''
 +
|
 +
|valign="top"|'''[http://chokepoint.net/?id=5 Social Network Redirection Utility]'''
 +
|valign="top"|''Rickroll your friends with [[XSCF|content-forged]] image redirects''
 +
 
 +
|}

Latest revision as of 03:10, 4 June 2015

Articles

shellcodecountermeasuresadministrationexploitationprogramming


Compiled languages

assemblylinux assemblyCC++


Software Exploitation

Stack overflowsshellcode loadersnull-free shellcode • 32-bit ascii shellcode • 64-bit alphanumeric shellcodeunsafe string replacementSelf-modifying shellcodedynamic shellcodesocket reuse


Interpreted languages

PerlPythonPHPRubyLUAThe bash bookSQL OrientationExamples of polymorphism


Web Exploitation

SQL injectionXSSCookiesFile inclusionCommand injectionCSRFXSRFXSCFColdfusion hackingSQL Backdoors


(The Index) (Contribute)


Tools
Vanguard web application vulnerability testing engine written in perl with LibWhisker2 support Jynx2 Version 2.0 of the classic LD_Preload userland rootkit written in C
Bleeding Life PHP and MySQL based browser buffer overflow exploit pack Kolkata Configurable perl scanner that analyzes checksums to perform fingerprinting on web applications with static file analysis
GScrape Google scraper written in perl for rapidly identifying vulnerable websites and generating statistics Lfi_autopwn.pl Given a file inclusion vulnerability, this Perl script will spawn a shell
Mysql5 enumerator Automatically map contents or query a remote database given a URL vulnerable to SQL injection with this perl script Social Network Redirection Utility Rickroll your friends with content-forged image redirects