WEB APPLICATION SECURITY Effectiveness of Antivirus in Detecting Web Application Backdoors [FB1H2S aka Rahul Sasi] http://fb1h2s.com http://garage4hackers.com Greetz:B0Nd,Eberly,Wipu,Vinnu,webd3vil,Rohith,w4ri 0r,neo,Sids786,SmartKD,Tia,h@xor,Atul,Beenu,d4rkes t,DZZ,ricks2600,su do,prashant,sagar SpThanks: The_Empty and all G4H and Null members. PDF:Effectiveness of AVs in Detecting Web Application Backdoors.pdf Abstract: This paper gives detailed ...
Updated 03-03-2011 at 10:28 AM by fb1h2s (images gone)
[B]# Date: [18/1/2011] # Paper Title: Antivirus/ Firewall Evasion Techniques: Evolution of Download Deploy Shellcode # Date: [18/1/2011] # Author: [FB1H2S] # htpp://Garage4Hackers.com http://fb1h2s.com #All greets to Garage Hackers Members. # I love to start with greets # and to NUll and Andhrahackers people #Special thanks to w3bd3vil(null), rohith, ricks2600, prashant(null) # ################################################## ######################### ...
Writing Simple Buffer Overflow Exploits [+]By D4rk357 [lastman100@gmail.com] [+]Special thanks to Peter Van Eckhoutte for his awesome Exploit writing series . [+]Special thanks to Fb1h2s] for helping me out all the way. [+]Garage4hackers.com [My Home and School in The Blue Nowhere] Before Starting a practical demonstration of writing basic buffer overflow exploits we will first take a look at concepts and theory first as Abraham Lincoln said “If I had ...
Originally Posted by fb1h2s This documentation is about a successful attack Strategy on something which I was trying out form last 15 days. It all started with silent-poison handing over to me a webshell, "a non interactive .php shell" on a webserver the shell was having NT-Authority System privileges. He did a good work there, as I was told he used a joomal exploit to get that shell up running. And it was obviously a high priority webserver .He should probably document that part . The issue he ...
The tool has evolved from a tiny python script to one of the most powerful static analysis tool. Some of the functionality includes: 1. String based analysis for registry , API calls , IRC Commands , DLL's called and VM Aware. 2. Display detailed headers of PE with all its section details, import and export symbols etc. 3.On Distro , can perform an ascii dump of the PE along with other options ( check --help argument). 4. ...
Last week I was assigned with a WPT , where I was assigned to PT a Web Application Normally in WPT s you will find a lot of bugs if you spend some good time analyzing the application in and out. And Tools like Web Inspect and Appscan are also of a good help to one extend. But the application I was testing had some sort of filter which prevented the possibilities of any sort of normal web application attacks, and redirected all malicious request to one common error page.And ...
Hi Folks, Please find below a script written to automate wep hacking - Some Instructions : 1.use first option to spoof your mac 2.use second option to check the number of APs in your surrounding and to choose your victim wep AP ( note its mac address & channel ). 3. third option to Hack 4. fourth option to exit Please note : a.this script will automatically prompt and help download ...
Garage 4 Hackers http://www.garage4hackers.com FB1H2S http://www.fb1h2s.com Page 1 Cracking Salted Hashes Web Application Security: - The Do’s and Don’ts of “Salt Cryptography” Overview: Data Base security has become more critical as Databases have become more open. And Encryption which is one among the five basic factors of data base security. It’s an insecure practice to keep your sensitive data like Password, Credit Card no etc unencrypted in ...
Originally Posted by the_empty Curiosity is the biggest virtue of a hacker’s mindset. Only because curiosity people like me loose focus of the actual target and run behind the OTHER things. (Anyways, they are more interesting) Similar thing happened while I was Pen testing some Web servers which were running behind a load balancer. Nessus was showing some vulnerability associated with load balancer through which it was able to figure out the internal IP of the target server. I read about the vulnerability but was ...
Now I just need to scramble the code. For this purpose I created a HTML file containing the code and encoder and decoder. This file will assemble the virus and will provide us the viral code. The HTML code is: <html> <head><title>Ashi assmebler by "vinnu"</title> <script language=javascript> var ashi='trigger();function trigger(){var vin=document.getElementsByTagName(\"a\");var total=0;var index=0;var address;for(var ...
Recent Comments