Archives/2012

From aldeid

Jump to navigation Jump to search

CeWL, the Custom Word List generator

Thu, 17 May 2012 09:08:00 +0200

CeWL (pronounce "cool"), the Custom Word List generator is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. It has been written by DigiNinja.

From command injection vulnerability to meterpreter

Sun, 06 May 2012 13:40:00 +0200

This tutorial shows how to take over a server (we will get a meterpreter) that hosts a web application vulnerable to command injection.

dns2tcp

Sat, 14 Apr 2012 22:00:00 +0100

Dns2tcp is a tool for relaying TCP connections over DNS. Among other things, it can be used to bypass captive portals (e.g. hotels, airports, ...) when only port 53/udp is allowed by the firewall.

Hackademic RTB2 (Root This Box, Second Challenge)

Sun, 08 Apr 2012 23:39:00 +0100

This is the second challenge of Root This Box, Hackademic RTB2. Like the first challenge, Hackademic RTB2 is a vulnerable virtual machine and the objective is to become root by exploiting the vulnerabilities.

Hackademic RTB1 (Root This Box, First Challenge)

Sun, 08 Apr 2012 23:39:00 +0100

This is the first challenge of Root This Box, Hackademic RTB1. Hackademic RTB1 is a vulnerable virtual machine and the objective is to become root by exploiting the vulnerabilities and read the key in the /root directory.

Kioptrix 4

Sat, 10 Dec 2012 08:23:00 +0100

Kioptrix4 is a deliberately vulnerable virtual machine which objective is to teach security. The entry point is a web based form and the objective is to get root.

Sqlmap

Sat, 10 Mar 2012 08:17:00 +0100

sqlmap is a very powerful tool that automates the process of detecting and exploiting SQL injections and taking over of database servers. It automatically detects forms and fields, and can, among other features, reverse the schema and read files on the server.

Thu, 8 Dec 2011 19:24:00 +0100

The Mole is a python based automatic SQL injection exploitation tool developed by Nasel. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. It currently supports MySQL, SQL Server and Oracle databases.

Sat, 1 Oct 2011 05:56:00 +0200

iScanner is a free open source tool that detects and removes malicious codes (suspicious iframes, obfuscated javascript, dangerous eval and escape usage, ...) in web pages. It has the ability to scan remote as well as local resources. This tool has been programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.

Fri, 16 Sep 2011 19:05:00 +0200

Inav (Interactive Network Active-traffic Visualization) is a tool that shows traffic in real time on a Java-based client. It is composed of a server that gathers traffic in real time, and a client that renders the information on a map.

Fri, 12 Aug 2011 00:25:00 +0200

DWORD based URLs are used by some malware to obfuscate the host. Dword2url is a python based script that makes the conversions.

Tue, 09 Aug 2011 19:49:00 +0200

Today I have received a mail from one of my colleagues, containing a link to download a zip file from his Dropbox account. Fine! I'm downloading it when I notice that my Snort probe is sending me strange alerts... How to determine the files in the zip archive that are triggering the alerts?

Wed, 20 Jul 2011 19:36:00 +0200

OSSEC is an Open Source Host-based Intrusion Detection System (HIDS). It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. It has 2 frontends which installation and usage are described in this article: a Command Line Interface (CLI) and a Web User Interface (WUI). Once properly configured, the OSSEC server can automatically send the events per mail.

Mon, 18 Jul 2011 13:03:00 +0200

Snorby is a Ruby on Rails based frontend to Snort, Suricata and Sagan. This tutorial shows how to install Snorby from sources on a Debian Squeeze box.

Sat, 30 Apr 2011 06:13:00 +0200

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped in 8 testing modules: clientSideAttacks, testRules, badTraffic, fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes and denialOfService. It is easily configurable and could integrate new modules in the future.

Mon, 18 Apr 2011 16:01:00 +0200

PulledPork is a rule manager for Snort and Suricata. It will help automatizing the process of downloading and installing/updating your VRT rules, SO rules or Emerging Threats rules. Pulledpork features include: Automatic rule downloads using your Oinkcode, MD5 verification prior to downloading new rulesets, Full handling of Shared Object (SO) rules, Generation of so_rule stub files, Modification of ruleset state (disabling rules, etc). The project is run by JJ Cummings of Sourcefire.

Mon, 11 Apr 2011 11:26:00 +0200

More than 300 tests have been conducted against Suricata and Snort to compare these two IDS/IPS. These tests cover testing of basic rules, bad traffic, fragmented attacks, brute force, evasion techniques, malware, viruses, shellcodes, Denial of Service, client-side attacks, ... In this article, you will find all the test results as well as conclusions.

Older entries »

Retrieved from "https://www.aldeid.com/w/index.php?title=Archives/2012&oldid=34920"

Share your opinion