Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Talk:Hacking index"
From NetSec
(→sql injection) |
(→sql injection) |
||
| Line 169: | Line 169: | ||
* [[sql injection filter evading version fingerprint]] | * [[sql injection filter evading version fingerprint]] | ||
* [[sql injection with regular expressions]] | * [[sql injection with regular expressions]] | ||
| − | * [[sql injection timing attack with boolean enumeration]] | + | * [[sql injection timing attack with boolean enumeration]] [[Sql_injection_with_regular_expressions#Expert:_Timing_attacks_for_automated_boolean_enumeration]] |
| − | [[ | + | * [[mysql injection timing attack with boolean enumeration]] [[SQL_injection#MySQL_boolean_timing_attacks]] |
| − | + | * [[postgresql injection timing attack with boolean enumeration]] [[SQL injection#PostgreSQL Boolean Timing Attacks]] | |
| − | + | * [[sql injection byte extraction]] [[SQL injection#Expert: Automated Single-byte exfiltration]] | |
| − | + | * [[sql injection precomputation]] [[SQL injection#The comparative precomputation attack]] | |
| − | + | * [[sql injection time based byte extraction]] [[SQL injection#Timing-based single-byte exfiltration]] | |
| − | + | * [[privilege escalation using sql injection]] [[SQL injection#Further penetration]] | |
| − | + | * [[sql injection cheat sheets]] [[SQL injection#Cheat Sheets]] | |
| − | + | * [[sql injection test cheat sheet]] [[SQL injection#Vulnerability testing]] | |
| − | + | * [[mysql injection cheat sheet]] [[SQL injection#MySQL syntax reference]] | |
| − | + | * [[postgresql injection cheat sheet]] [[SQL injection#PostgreSQL syntax reference]] | |
| − | + | * [[mssql injection cheat sheet]] [[SQL injection#Microsoft SQL syntax reference]] | |
| − | + | * [[patch sql injection]] [[SQL injection#Patching SQL Injection Vulnerabilities]] | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
== Out of Order Code Execution == | == Out of Order Code Execution == | ||
Revision as of 10:02, 22 May 2012
Contents
- 1 intermediate shellcode stuff
- 2 Bitwise math
- 3 coldfusion
- 4 dns
- 5 Jynx Rootkit/2.0
- 6 Lfi autopwn.pl
- 7 MySql 5 Enumeration
- 8 Network Recon
- 9 Null-free shellcode
- 10 Port Knocking
- 11 sql orientation
- 12 sql injection
- 13 Out of Order Code Execution
- 14 Social Engineering
- 15 Subnetting
- 16 Anonymity
- 17 Bleeding Life
- 18 Buffer Overflows
- 19 C
- 20 Cookies
- 21 Cryptography
- 22 File Inclusion
- 23 IPtables
- 24 LUA
- 25 MySQL
- 26 NGINX
- 27 Nmap
- 28 Perl
- 29 Routing
- 30 SMTP
- 31 SQL Backdoor
- 32 Tor
- 33 Unsafe String Replacement
- 34 Vanguard
- 35 Whois
- 36 XSS
- 37 CPP
- 38 Command Injection
- 39 Dmcrypt
- 40 Forensic chain of custody
- 41 Gentoo
- 42 Irssi Tutorial
- 43 Jynx Rootkit/1.0
- 44 Linux Assembly
- 45 MySQL Troubleshooting
- 46 Physical Security
- 47 Polymorphic
- 48 Python
- 49 RoR Patching
- 50 Snort
- 51 Static ARP Configuration
- 52 web exploitation
intermediate shellcode stuff
most of this stuff goes to the Category:Indexing .
- introduction to printable 32-bit x86 polymorphic shellcode
- alphanumeric x86_64 instructions
- intercompatible alphanumeric x86 instructions
- alphanumeric x86 architecture detection
- alphanumeric x86_64 data manipulation
- converting x86_64 shellcode to alphanumeric shellcode
Bitwise math
coldfusion
Coldfusion hacking
1 Injection
1.1 Adobe ColdFusion
1.1.1 Remote File Disclosure of Password Hashes
1.1.2 Issues
1.1.3 Logging In
1.1.4 Writing Shell to File
1.1.5 Issues
1.2 Railo
2 Privilege Escalation
3 Patching
4 Resources
Computer Forensics
1 Cybercrime
1.1 Investigation
1.2 Preserving the evidence
1.3 Where to find evidence
1.3.1 Hardwarewise
1.3.2 Softwarewise
2 Forensic Imaging
2.1 HardDisk Imaging
Cyberlaw
1 Australian Cyberlaw
1.1 Acts Applying to Cybercrime in Australia
1.2 Cybercrime Act 2001 Offences
1.3 Case Study: First Cybercrime Conviction in Australia
2 European Cyberlaw
2.1 Definititons of Cybercrime as per the Budapest Convention
dns
DNS
1 DNS Basics
1.1 DNS Recon
2 Records
2.1 MX Record
2.2 CNAME Record
2.3 DNAME Record
2.4 A Record
3 DNS Server Software
4 DNS Utilities
1 Overview
2 History
3 FQL
4 Content Forgery
4.1 Screenshots & Video
4.2 CIDR
4.2.1 Websense
4.2.2 Facebook
4.3 Proof of Concept
Jynx Rootkit/2.0
- jynx rootkit
- jynx features
- jynx contents
- jynx rootkit configuration
- jynx magic string
- jynx magic uid
- jynx magic gid
- jynx reality path
- jynx config file
- jynx multi factor authentication
- jynx authentication
- jynx access control
- jynx libc_path
- jynx libc
- jynx env_variable
- jynx env variable
- jynx environmental variable
- jynx rootkit download
- jynx download install
- jynx rootkit install
- jynx rootkit usage
- using jynx rootkit
Lfi autopwn.pl
MySql 5 Enumeration
1 Info
1.1 Example
1.2 Description
1.3 Disclaimer
2 Source
Network Recon
1 IP Addressing 2 Subnet Masks 3 Ports 4 Routing 5 Theory 6 Tools
Null-free shellcode
- convert assembly to shellcode
- remove null bytes from shellcode
- shellcode arguments not working
- testing shellcode
Port Knocking
1 Introduction to Port Knocking 2 Knocking Sequences 3 Windows 4 Example 5 Single Packet Port Knock Example - Based on SYN/ACK Values
sql orientation
SQL orientation
- navigate a sql database
- navigate a mysql database
- navigate a postgresql database
- basic sql queries
- sql select query
- sql update query
- sql insert query
- sql delete query
sql injection
- cause of sql injection
- mysql injection database map
- postgresql injection database map
- mssql injection database map
- sql injection information_schema
- prevent sql injection
- basic sql injection
- bypass sql injection filter
- sql injection without quotes
- sql injection without whitespace
- sql injection without tags
- sql injection without commas
- automating sql injection
- union select injection
- limit clause injection
- error based sql injection
- blind sql injection with boolean enumeration
- blind sql injection version fingerprint
- sql injection filter evading version fingerprint
- sql injection with regular expressions
- sql injection timing attack with boolean enumeration Sql_injection_with_regular_expressions#Expert:_Timing_attacks_for_automated_boolean_enumeration
- mysql injection timing attack with boolean enumeration SQL_injection#MySQL_boolean_timing_attacks
- postgresql injection timing attack with boolean enumeration SQL injection#PostgreSQL Boolean Timing Attacks
- sql injection byte extraction SQL injection#Expert: Automated Single-byte exfiltration
- sql injection precomputation SQL injection#The comparative precomputation attack
- sql injection time based byte extraction SQL injection#Timing-based single-byte exfiltration
- privilege escalation using sql injection SQL injection#Further penetration
- sql injection cheat sheets SQL injection#Cheat Sheets
- sql injection test cheat sheet SQL injection#Vulnerability testing
- mysql injection cheat sheet SQL injection#MySQL syntax reference
- postgresql injection cheat sheet SQL injection#PostgreSQL syntax reference
- mssql injection cheat sheet SQL injection#Microsoft SQL syntax reference
- patch sql injection SQL injection#Patching SQL Injection Vulnerabilities
Out of Order Code Execution
1 What is it? 2 Shellcode 3 Detecting Breakpoints
Social Engineering
1 Methods
1.1 Email
1.2 Telephone
1.3 Examples
1.4 Lesson 1
1.4.1 - Preface by Wikipedia
1.4.2 - Outline of Social Engineering
1.4.3 - Analysing and Creating Milestones
1.4.4 - Mantras for Social Engineering
1.4.5 - Example
1.4.6 - Other Uses
1.5 Lesson 2 - Politeness
1.5.1 - Introduction
1.5.2 - Things To Keep in Mind
1.5.3 - Putting Social Engineering to Work
1.5.4 - Protecting Yourself From Social Engineering
Subnetting
1 General Subnetting 2 Real Life Example of Subnetting
Virtual machines
1 Subsystems
1.1 Hardware Virtualization
1.2 Host Machine
1.3 Guest Machine
2 Virtualization Tools
3 Creating Vulnerable VMs for Penetration Testing
Kolkata
1 Description
1.1 Dependencies
1.2 Usage
2 Source
3 Signature Bundles
3.1 Wordpress
3.2 Joomla
3.3 MediaWiki
API
1 API technologies
1.1 The Web
1.1.1 Web services
1.1.2 Remote Procedure Calls
1.2 General software
1.2.1 Software Libraries
1.2.2 COM objects (Windows)
Anonymity
1 General Services
1.1 Virtual Private Servers
1.2 Virtual Private Networks
1.3 SSH Tunneling
1.3.1 Basic Example of SSH Tunneling
1.4 Shell Accounts
1.5 FTP / Telnet
2 Web-Browsing
2.1 General
2.1.1 Best Practices
2.2 Firefox
2.2.1 Recommended Extensions
2.3 TODO
3 Email Privacy
3.1 PGP / GNUPG Encryption
3.2 Anonymous Remailers
3.3 Throw-away Accounts
4 IM & Chat
4.1 Instant Messaging
4.1.1 Pidgin
4.1.1.1 Using OTR
4.1.2 TorChat
4.1.3 TorPM
4.1.4 ICQ
4.2 Chat
4.2.1 IRC
4.2.1.1 Using OTR
4.2.2 SILC
4.2.2.1 Key based authentication
4.2.3 Utilising IRC Bouncers
5 Files & Hard-Disk Encryption
6 Possible Downfalls
6.1 Network Performance
6.2 Personal Information
6.3 IP Leaks
6.4 DNS Leaks
Assembly
1 Introduction
2 Binary
3 Number handling
4 Data storage
5 Memory Addressing
6 Instructions
6.1 Syntaxes
6.2 Data manipulation basic primitives
6.3 Basic arithmetic
6.4 Bitwise mathematics operators
6.5 Shifts and rotations
6.6 Control flow operators
6.7 Taking it further
Bleeding Life
1 Bleeding Life
1.1 Disclaimer
1.2 Features
1.2.1 Exploits
1.2.1.1 Adobe
1.2.1.2 Java
1.2.2 Statistics
1.3 Server Requirements
1.4 Installation & Configuration
1.5 Download
Buffer Overflows
- buffer overflow protection buffer overflow#Defenses
- cause of buffer overflow buffer overflow#Causes
- example buffer overflow buffer overflow#Example
- disable aslr buffer overflow#Disabling ASLR
- vulnerable overflow application buffer overflow#Test application
- bof.c buffer overflow#Test application
- disable compiler stack protection buffer overflow#Solution for test application
- buffer overflow test buffer overflow#Testing
- buffer overflow testing for x86 buffer overflow#On x86
- buffer overflow testing for x86_64 buffer overflow#On x86-64
- disable execstack buffer overflow#Disabling DEP
- return address for buffer overflow buffer overflow#Finding the return address
5.5 Debugging
5.5.1 Shellcode analysis
5.5.1.1 On x86
5.5.1.2 On x86-64
5.5.2 Finding the return address
5.5.2.1 On x86
5.5.2.2 On x86-64
5.6 Exploitation
5.6.1 On x86
5.6.2 On x86-64
C
1 Overview
1.1 Basic Formatting
1.1.1 Includes
1.1.2 The main() Function
1.2 Variables
1.3 Loops
1.4 If/Else
1.5 Compilation
1.6 Example Program
Cookies
- setting a cookie Cookies#Setting_a_cookie
- setting cookies direct http programming Cookies#Direct_HTTP_programming
- setting cookies with php (server side) Cookies#PHP_.28server_side.29
- setting cookies with javascript (client side) Cookies#Javascript_.28client_side.29
- accessing a cookie Cookies#Accessing_a_cookie
- accessing a cookie with direct http programming (server side) Cookies#Direct_HTTP_programming_.28server_side.29
- accessing a cookie with php Cookies#PHP
- accessing a cookie with javascript Cookies#Javascript
- deleting a cookie Cookies#Deleting_a_cookie
- deleting a cookie with direct http programming Cookies#Direct_HTTP_programming_2
- deleting a cookie with php Cookies#PHP_2
- deleting a cookie with javascript Cookies#JavaScript_2
- cookie flags Cookies#Flags
- cookie secure flags Cookies#Secure
- cookie httponly flags Cookies#HttpOnly
- cookie path flags Cookies#Path
- cookie domain flags Cookies#Domain
- cookie attacks Cookies#Attacks
- stealing cookies through xss Cookies#Stealing_cookies_through_XSS
- steal cookies Cookies#Stealing_cookies_through_XSS
Cryptography
1 Cryptography
1.1 History
1.2 Salting
1.3 Type of encryption
1.4 Encryption Attack Methods
1.5 Commandline Tools
1.5.1 Linux Tools
1.5.2 Windows Tools
1.6 Algorithms
1.6.1 Ciphers
1.6.2 Hashes
1.6.3 Modes
DDoS Attack
1 Three way handshake and Connect State
2 TCP Attacks
2.1 Synflood
2.1.1 Spoofed Synflood
2.1.2 Dealing with Synfloods
2.2 Advanced Attacks
2.2.1 Optimistic ACK Floods
2.2.2 Duplicate ACK Spoofing
3 UDP Attacks
3.1 Dealing with UDP floods
4 ICMP Attacks
4.1 ICMP Smurf
4.2 ICMP Redirect
File Inclusion
- remote file inclusion File Inclusion#Remote File Inclusion
- local file inclusion File Inclusion#Local File Inclusion
IPtables
1 iptables
1.1 1.0 - Introduction
1.2 1.1 - Example
1.3 1.2 - Side Note - IPtables Module
LUA
1 Comments 2 Variables
- variable types in lua
2.1 Global Variables vs Local Variables 3 Functions
- list of functions used by lua
4 Tables
- using tables in lua
4.1 Declaring an empty Table
4.2 Declaring, and populating a Table
4.3 Indexing Tables
MySQL
- how to setup mysql MySQL#MySQL Setup
- install mysql MySQL#Installing MySQL
- list of mysql commands MySQL#MySQL Commands
- backup a mysql database MySQL#Create a backup of a database
- restore a mysql database MySQL#Restore a single table
NGINX
1 Nginx
1.1 Basic HTTP Features
1.2 Additional HTTP Features
1.3 Mail Proxy Server Features
1.4 Architecture and Scalability
2 Nginx Configuration Directives
2.1 error_log
2.1.1 Disabling error logging
2.2 access_log
2.3 proxy_pass
2.4 root
2.5 Location Block
2.5.1 Case-Insensitive
2.5.2 Case-Sensitive
2.5.3 Match "/"
2.5.4 Match everything
2.5.5 Regex Matching
3 VirtualHost Equivalents
4 Main Configuration
4.1 Log Format
4.2 Timeouts
4.3 Socket settings
4.4 Character Encoding
4.5 Security
4.6 Performance
4.7 GZIP Compression
4.8 Output Buffering
4.9 DirectoryIndex Equivalent
4.10 Upstream Example
5 NGINX & CloudFlare
5.1 HttpRealIpModule
6 Troubleshooting
6.1 .xml ISE 500
6.2 Status Page
6.2.1 Status Page Details
6.2.2 Status Stub Variables
7 Reverse Proxy & Load Balancer
7.1 Upstream (proxy/load_balancer)
7.2 LimitZone (DoS Prevention)
7.3 Apache Rewrites to NGINX Rewrites
7.3.1 Examples
7.4 SpawnFCGI Script
Nmap
1 Correct Usage 2 Scan Types 3 Options 4 Evasion Techniques 5 Target Specification 6 Script Scanning 7 Conclusion
Perl
1 Basics
1.1 Development Environment
1.1.1 Linux & Unix
1.1.2 Windows
1.1.3 CPAN
1.2 Your first program
1.2.1 Code
1.2.2 Analysis
1.3 Variables & Data Types
1.3.1 Scalars
1.3.2 Arrays
1.3.2.1 Helper Functions
1.3.2.1.1 join()
1.3.2.1.2 split()
1.3.2.1.3 push()
1.3.2.1.4 pop()
1.3.2.1.5 unshift()
1.3.2.1.6 shift()
1.3.3 Hashes
1.3.3.1 Introduction
1.3.3.2 Helper Functions
1.3.3.2.1 each()
1.3.3.2.2 keys
1.3.4 References
1.3.4.1 Hash References
1.3.4.2 Callback References
1.3.5 Casting
1.4 Boolean Logic
1.4.1 Operators
1.4.1.1 Mathematical
1.4.1.2 Regular Expression
1.4.2 Statements
1.4.2.1 if
1.4.2.2 unless
1.4.2.3 AND an OR
1.4.2.4 switch
1.4.2.5 Golfing
1.4.3 Helper Natives
1.4.3.1 exists
1.4.3.2 defined
1.4.3.3 undef
1.4.4 Bitwise Manipulations
1.4.4.1 AND
1.4.4.2 NOT
1.4.4.3 OR
1.4.4.4 XOR
1.4.4.5 Bit Shifting
1.4.4.6 Bit Rotation
1.5 Loops
1.5.1 While
1.5.2 Until
1.5.3 For
1.5.4 Foreach
1.6 User Input
1.6.1 Command Line Arguments
1.6.1.1 Getopt::Std
1.6.1.1.1 Code
1.6.1.1.2 Analysis
1.6.1.2 Getopt::Long
1.6.1.2.1 Code
1.6.1.2.2 Analysis
1.6.2 STDIN (Standard Input)
1.7 User-Defined Functions
2 Application configurations, logging, & Network Services
2.1 Throughput
2.1.1 Download
2.1.2 Usage
2.1.2.1 Config.pm
2.1.2.2 Log.pm
2.1.2.3 Server.pm
Routing
1 Subnetting Schemes 2 Real World Examples 3 Back to Subnetting 4 Extras
SMTP
1 Overview
1.1 What is SMTP
1.2 Port Information
1.3 Applications that use SMTP
SQL Backdoor
1 Concept
1.1 Subprocedures
1.2 Event Procedures
2 Implementation
2.1 MySQL
2.1.1 Syntax
2.1.2 Example A: phpBB3 backdoor (UPDATE hook)
2.1.2.1 Code
2.1.2.2 Analysis
2.1.3 Example B: Wordpress backdoor (INSERT hook)
2.1.3.1 Code
2.1.3.2 Analysis
2.2 Backdoor Installation
2.2.1 Access/Configuration Requirements
2.2.2 Writing to file and using "source"
2.2.3 Writing directly into the command line
3 Mitigation
4 Taking it further
Tor
1 How It Works
2 Common Pitfalls
3 Getting Tor and Extra Uses
3.1 Proxychains and Tor-Resolve
4 Hidden services
5 External Links
Unsafe String Replacement
1 Overview
2 Examples
2.1 PHP
2.2 PCRE
3 Defense
3.1 PHP
3.2 PCRE
3.3 Whitelisting using PCRE
Vanguard
- vanguard description - Vanguard#Description
- vanguard features - Vanguard#Features
- vanguard limitations - Vanguard#Limitations
- using vanguard - Vanguard#Usage
- install vanguard - Vanguard#Installation
- configuring vanguard modules - Vanguard#Configuration
- download vanguard - Vanguard#Download
1 Description
1.1 Features
1.2 Limitations
1.3 Usage
1.4 Installation
1.4.1 Application Dependencies
1.4.2 Perl Dependencies
1.5 Configuration
1.5.1 Main Configuration
1.5.2 WebCrawler
1.5.3 Nmap Module
1.5.4 Local File Inclusion
1.5.5 LDAP
1.5.6 Remote File Inclusion
1.5.7 Command Injection
1.5.8 SQL injection
2 Download
Whois
1 Lesson
1.1 0.0 - Intro to Whois
1.2 1.0 - Picking a Server
1.3 2.0 - Getting the information that you want
1.4 3.0 - Domain Whois Example
XSS
Zombies
1 Definition 2 Exploitation 3 Types of Attacks 4 Staying Safe 5 Evolution
BGP
1 Lesson 1
1.1 Network Discovery with BGP
2 Lesson 2
2.1 ASN/BGP/RIP
2.1.1 1.0 - Introduction
2.1.2 2.0 - Example
2.1.3 3.0 - RIP
Bcrypt
1 Lesson 2 1.0 - Introduction 3 2.0 - Running bcrypt 4 3.0 - General Talk 5 4.0 - Further Reading
CPP
- c++ include CPP#Includes
- c++ main CPP#Main function
- c++ variable CPP#Variables and Data Types
- c++ data type CPP#Variables and Data Types
- c++ math CPP#Arithmetic
- c++ operators CPP#Operators
- c++ if CPP#If & Else
- c++ else CPP#If & Else
1 Syntax
1.1 Includes
1.2 Main function
1.3 Variables and Data Types
1.4 Operators
1.4.1 Assignment
1.4.1.1 Compound Assignment
1.4.2 Arithmetic
1.4.3 Relational
1.4.4 Logical
1.4.5 Increment/Decrement
1.5 If & Else
1.6 Functions
1.7 Loop Functions
1.8 Classes
2 Your first program: Hello World
2.1 The code
2.2 Compiling the Hello World
3 Example Program: Functions
3.1 The code
3.2 Compiling Example Program
4 Example Program: Classes
4.1 The code
4.2 Output
5 Integrated Development Environment
Command Injection
- test for command injection Command Injection#Testing for Injection
- command injection vulnerability Command Injection#Example Vulnerability
- command injection exploit Command Injection#Exploitation
- command injection with perl Command Injection#Perl
- command injection on unix Command Injection#Unix
1 Overview
1.1 Testing for Injection
1.2 Example vulnerability
1.3 Exploitation
1.4 UNIX
1.5 Perl
Dmcrypt
1 Getting Started
2 Encryption Ciphers and Algorithms
2.1 Hashing Algorithms
2.2 Ciphers
3 Setting Up a Block Device
3.1 Creating a Partition
3.2 Creating a Flat File
4 LVM and the Device Mapper
4.1 Obtaining Support
4.2 Creating Encrypted LVM Partitions
5 Encrypting the Flat File
6 Starting and Stopping the Service
7 External Links
Forensic chain of custody
1 Forensic Chain of Custody
1.1 Acquisition
1.2 Witnesses and Documentation
1.3 Active Memory Snapshots
Gentoo
1 Virtual Machine Setup
2 Hard Drive Setup
3 Base installation and Configuration
4 CHROOT
5 Installing Software
6 Encrypted Home Dir
7 Kernel
8 Final Configurations
9 Bootloader
10 X Server
11 BASH
11.1 Part 1: Reading files
11.2 Part 2: Navigation
11.3 Other useful commands
11.4 Directing output
12 Screen
13 Services
14 Network Services
15 Debugging Services
16 Permissions and Security Basics
17 Getting Help
18 Troubleshooting
Irssi Tutorial
1 Getting Irssi
1.1 Debian/Ubuntu
1.2 Gentoo
1.3 Slackware
1.4 Frugalware
1.5 Solaris
1.6 Arch Linux
2 Connecting to the IRC
3 Sample config file
4 References
Jynx Rootkit/1.0
1 Jynx
1.1 Introduction
1.2 Configuration & Features
1.3 Exercise & Installation
1.4 Usage
Linux Assembly
1 32 bit syscall table
1.1 Introduction
1.2 Unlinked System Calls for 32bit systems
1.3 Linked System Calls for 32bit systems
1.4 Other Code Comparisons
2 64 bit syscall table
2.1 Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);
MySQL Troubleshooting
1 MySQL Troubleshooting
1.1 InnoDB Disabled
1.2 Locked Tables
1.3 Post-Upgrade - MySQL does not start
1.4 MySQL Top Resources Script
1.5 MySQL Datadir Migration
1.5.1 If /var is full
1.6 Post-migration
1.7 Database Repair
1.7.1 Repair Corrupted Database (REPAIR)
1.7.2 Repair Corrupted Database (With FRM)
1.7.3 Repair ALL Databases and Reindex Tables
1.8 InnoDB Thread Issues
1.9 Slow Query Log
2 Optimization Scripts
2.1 MySQL Tuning Primer
2.2 MySQL Tuner
3 Downgrading
3.1 Downgrading MySQL
4 Upgrading MySQL
5 Configuration File Formulas
5.1 Calculating Minimum Memory Needed
5.2 Configuration Variables
6 Premade Configs
6.1 VPS
6.2 Server with 1G-2G RAM
6.3 Server with 3G-8G RAM
6.4 Server with 8G+ RAM
Physical Security
1 Overview
2 Execution
2.1 Prevention
2.2 Attack Vectors
Polymorphic
Python
1 Strengths and Weaknesses of Python
2 Installation
3 Basic Application
3.1 Python Operators
3.2 Variable Definition
3.3 Printing and Receiving Input
3.4 Commenting
4 Modules
4.1 Third-Party and Custom Modules
4.2 Calling on a function within a module
5 Variable Operation
5.1 List Operations
5.1.1 Advanced List Operations
5.1.1.1 append()
5.1.1.2 insert()
5.1.1.3 index()
5.2 String Operations
5.2.1 strip()
5.2.2 split()
5.2.3 find()
5.3 Typecasting
6 Statements and Loops
6.1 If Statement
6.1.1 If
6.1.2 If-Else
6.1.3 If-Elif
6.2 While Loop
6.3 For Loop
7 Functions
8 Classes
9 File Handling
9.1 Opening and closing a file
9.2 Reading from a file
9.2.1 read()
9.2.2 readline()
9.2.3 readlines()
10 Socket Programming
10.1 Creating a Socket
10.2 Connecting a Socket
10.3 Binding and Accepting
10.3.1 Binding
10.3.2 Listening
10.3.3 Accepting
10.4 Sending and Receiving
10.4.1 Encoding
10.4.2 Sending and Receiving
10.5 SSL
11 Ctypes
11.1 Loading a Shared Object
11.2 Calling a function from a loaded Shared Object
11.2.1 readlines()
RoR Patching
1 RoR Patching
1.1 Vulnerabilities
1.2 XSS
1.3 Params Injection & Mass Assignment Abuse
Snort
1 Basic Packet Sniffing Utilities
2 Rules
2.1 Rule Headers
2.2 Rule Option Section
2.3 Example Rule
Static ARP Configuration
1 Reading your ARP Tables
2 Prevention
2.1 ProxyARP
2.1.1 Uses
2.1.2 Advantages
2.1.3 Disadvantages
2.1.4 Further reading
2.2 Bonding
TCP Traceroute
1 Overview
1.1 vs. UDP/ICMP
1.2 What you can do
1.2.1 Windows
1.2.2 Linux
Traceroute
1 Performing a Traceroute 2 Example of Tracert 3 Options for Tracert 4 Example of Traceroute 5 Options for Traceroute
Wireless Security
1 Basics 2 Wired Equivalent Privacy (WEP) 3 Wi-Fi Protected Access (WPA / WPA2-PSK) 4 Tools 5 Reaver
--Hatter 03:23, 21 May 2012 (MSK)
web exploitation
- language vulnerable to web exploit Web Exploitation#Affected Languages
- web exploit type Web Exploitation#Types of Exploitation
- web attack vector Web Exploitation#Attack Vectors
- web fingerprint Web Exploitation#Fingerprinting
- web exploit tools Web Exploitation#Web Exploitation Tools
- web exploitation tools Web Exploitation#In House
1 Affected Languages
2 Types of Exploitation
3 Attack Vectors
4 Fingerprinting
5 Web Exploitation Tools
5.1 In House
5.2 Third party:
