pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: Mallory MiTM Proxy as a Wireless Access Point (Part 1 of 2)
http://pentesterconfessions.blogspot.com/2012/04/mallory-mitm-proxy-as-wireless-access.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. Mallory MiTM Proxy as a Wireless Access Point (Part 1 of 2). There are a ton of ways to setup and configure Mallory. The easiest is as a VPN but I feel the wireless access point is more robust and easier to get your devices proxing through it once you have it set up. Create a Virtual Machine Wireless Access Point. Your driver ...
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: December 2007
http://pentesterconfessions.blogspot.com/2007_12_01_archive.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. Visio's Built in Web Spider. This could be very useful for both blackbox and white box testing. It may even uncover parts of the site you missed during your initial investigation of your audit target. I just started looking into it so i don't know how much it will assist me but. Labels: penetration testing tools. BufferedWrite...
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: December 2008
http://pentesterconfessions.blogspot.com/2008_12_01_archive.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. WebLogic and Non-English Character Sets. I want to discuss more in depth about the vulnerability Matt Presson. To actually do all of its output encoding. If your use StringEscapeUtils.escapeHtml(). From apache commons lang. Then the data will be encoding the same as with encodeURIComponent. To perform this expoit!
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: October 2007
http://pentesterconfessions.blogspot.com/2007_10_01_archive.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. W3AF Tutorial (Part 2). From the previous article we started a basic audit with w3af. Create a file named anything. I will call mine basic.w3af. you write the script the same way that you would actually navigate through w3af to set the settings. So the script below will set all out audit, discovery, and output ...W3af –s...
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: April 2011
http://pentesterconfessions.blogspot.com/2011_04_01_archive.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. Hacking 101 with Tracer-T. This makes me laugh every time I watch it. I still cannot figure out if the kid is joking or serious. Subscribe to: Posts (Atom). Pen Test Collaboration and Vulnerability Management Software. Hacking 101 with Tracer-T. FuseSoft.co Security Assessment Software. Weighing the Cost of Security.
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: DB2 SQL Injection : Select the Nth row without cursors
http://pentesterconfessions.blogspot.com/2011/09/db2-sql-injection-select-nth-row.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. DB2 SQL Injection : Select the Nth row without cursors. Select * from (. 160; select * from systables order by name asc fetch first 1 rows only. As G order by name desc fetch first 1 rows only. Select * from (. 160; select * from systables order by name asc fetch first 2 rows only. Select * from (. Select * from (.
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: September 2007
http://pentesterconfessions.blogspot.com/2007_09_01_archive.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. Lets talk about hacking your kids! Here are the security threats I found relevant recently. Scenario 1 (Your kids are the back door). Scenario 2 (Babies are bugging my house! I know quite alot of people with babies right now. Its my age bracket for sure. They are everywhere! Be careful what you say around the baby monitor base...
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: June 2008
http://pentesterconfessions.blogspot.com/2008_06_01_archive.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. There are a few different response handlers that you can set in the csrfguard.properties for CSRFGuard to automatically add your token to your html. They are:. Orgowasp.csrfguard.handlers.HTMLParserHandler. Will automatically parse the html response for a urls to attach the csrf token. This is performed server side. Page langu...
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: September 2011
http://pentesterconfessions.blogspot.com/2011_09_01_archive.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. DB2 SQL Injection : Select the Nth row without cursors. Select * from (. 160; select * from systables order by name asc fetch first 1 rows only. As G order by name desc fetch first 1 rows only. Select * from (. 160; select * from systables order by name asc fetch first 2 rows only. Select * from (. Select * from (.
pentesterconfessions.blogspot.com
Confessions of a Penetration Tester: March 2011
http://pentesterconfessions.blogspot.com/2011_03_01_archive.html
Confessions of a Penetration Tester. This blog is mostly for my own archiving of vulnerabilities I have discovered and defensive techniques. Hopefully it will serve others as well. All of this is cool and I can’t wait to make my own channel but the other really cool trick it can do is act as a network sniffer! The channel code is written in BrightScript which is completely new to me. It looks alot, well exactly, like VB Script. I have never been a big fan of languages that don’t end lines i...I have just...
SOCIAL ENGAGEMENT