Home > del.icio.us > Bookmarks for May 20th through May 27th

Bookmarks for May 20th through May 27th

May 27th, 2010 admin Leave a comment Go to comments

These are my links for May 20th through May 27th:

  • WebCruiser – Web Security – WebCruiser – Web Vulnerability Scanner, a compact but powerful web security scanning tool that will aid you in auditing your site! It has a Vulnerability Scanner and a series of security tools.<br />
    <br />
    It can support scanning website as well as POC( Prooving of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, a XPath injection tool, and a Cross Site Scripting tool!
  • Stealing a photo from remote webcam | nullpointer.dk – Ever wanted to capture a photo from a remote webcam? Like from one of your friends perhaps. Probably if you've a little hacker in your belly.. This is another demonstration of the use of Metasploit like I did in my previous article Exploiting SMB on Windows. Therefore, I won't talk about installing the framework and running the supplied program msfconsole.
  • PaulDotCom: Archives – Metasploit has A LOT of exploits, but from time to time you will very likely need to use exploits that are not part of the framework. Whether it is an exploit from www.exploit-db.com that spawns a shell or a netcat listener you can still use the framework to control the host. As long as you have a shell bound to a TCP port you can use metasploit to interact with that victim. What's more, you can upgrade that shell to a meterpreter session so you can benefit from the full power of the framework.
  • Tenable Network Security: Common Platform Enumeration (CPE) with Nessus – Recently a Nessus plugin (and associated library) was developed that includes CPE information about supported targets. If no entry exists in the CPE database, the plugin will attempt to create one and apply all of the appropriate information in the CPE defined format. I ran a scan against my test network and then filtered for CPE entries:
  • security.crudtastic.com » Test Lab Version 1.0
  • Dailymotion – Practical Exploitation – Null Session Enum – a College video – 3 tools that do enumeration using null sessions
  • SkullSecurity » Blog Archive » Defeating expensive lockdowns with cheap shellscripts – Recently, I was given the opportunity to work with an embedded Linux OS that was locked down to prevent unauthorized access. I was able to obtain a shell fairly quickly, but then I ran into a number of security mechanisms. Fortunately, I found creative ways to overcome each of them.

Related posts:

  1. Bookmarks for February 17th through March 3rd
  2. Bookmarks for November 20th through November 25th
  3. Bookmarks for August 27th from 14:11 to 14:17
  4. Bookmarks for January 20th through January 28th
  5. Bookmarks for February 7th through February 14th
Categories: del.icio.us Tags:
blog comments powered by Disqus