X11 penetration testing.pdf
1.8 MB
Penetration Testing on X11 Server Full tutorial
enjoyβ€οΈππ»
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MSF Exploits List :
Http://www.nessus.org/plugins/index.php?view=single&id=12204 Http://www.nessus.org/plugins/index.php?view=single&id=11413 Http://www.nessus.org/plugins/index.php?view=single&id=18021 Http://www.nessus.org/plugins/index.php?view=single&id=26918 Http://www.nessus.org/plugins/index.php?view=single&id=34821 Http://www.nessus.org/plugins/index.php?view=single&id=22194 Http://www.nessus.org/plugins/index.php?view=single&id=34476 Http://www.nessus.org/plugins/index.php?view=single&id=25168 Http://www.nessus.org/plugins/index.php?view=single&id=19408 Http://www.nessus.org/plugins/index.php?view=single&id=21564 Http://www.nessus.org/plugins/index.php?view=single&id=10862 Http://www.nessus.org/plugins/index.php?view=single&id=26925 Http://www.nessus.org/plugins/index.php?view=single&id=29314 Http://www.nessus.org/plugins/index.php?view=single&id=23643 Http://www.nessus.org/plugins/index.php?view=single&id=12052 Http://www.nessus.org/plugins/index.php?view=single&id=12052 Http://www.nessus.org/plugins/index.php?view=single&id=34477 Http://www.nessus.org/plugins/index.php?view=single&id=15962 Http://www.nessus.org/plugins/index.php?view=single&id=42106 Http://www.nessus.org/plugins/index.php?view=single&id=15456 Http://www.nessus.org/plugins/index.php?view=single&id=21689 Http://www.nessus.org/plugins/index.php?view=single&id=12205 Http://www.nessus.org/plugins/index.php?view=single&id=22182 Http://www.nessus.org/plugins/index.php?view=single&id=26919 Http://www.nessus.org/plugins/index.php?view=single&id=26921 Http://www.nessus.org/plugins/index.php?view=single&id=21696 Http://www.nessus.org/plugins/index.php?view=single&id=40887 Http://www.nessus.org/plugins/index.php?view=single&id=10404 Http://www.nessus.org/plugins/index.php?view=single&id=18027 Http://www.nessus.org/plugins/index.php?view=single&id=19402 Http://www.nessus.org/plugins/index.php?view=single&id=11790 Http://www.nessus.org/plugins/index.php?view=single&id=12209 Http://www.nessus.org/plugins/index.php?view=single&id=10673
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MSF Exploits List :
Http://www.nessus.org/plugins/index.php?view=single&id=12204 Http://www.nessus.org/plugins/index.php?view=single&id=11413 Http://www.nessus.org/plugins/index.php?view=single&id=18021 Http://www.nessus.org/plugins/index.php?view=single&id=26918 Http://www.nessus.org/plugins/index.php?view=single&id=34821 Http://www.nessus.org/plugins/index.php?view=single&id=22194 Http://www.nessus.org/plugins/index.php?view=single&id=34476 Http://www.nessus.org/plugins/index.php?view=single&id=25168 Http://www.nessus.org/plugins/index.php?view=single&id=19408 Http://www.nessus.org/plugins/index.php?view=single&id=21564 Http://www.nessus.org/plugins/index.php?view=single&id=10862 Http://www.nessus.org/plugins/index.php?view=single&id=26925 Http://www.nessus.org/plugins/index.php?view=single&id=29314 Http://www.nessus.org/plugins/index.php?view=single&id=23643 Http://www.nessus.org/plugins/index.php?view=single&id=12052 Http://www.nessus.org/plugins/index.php?view=single&id=12052 Http://www.nessus.org/plugins/index.php?view=single&id=34477 Http://www.nessus.org/plugins/index.php?view=single&id=15962 Http://www.nessus.org/plugins/index.php?view=single&id=42106 Http://www.nessus.org/plugins/index.php?view=single&id=15456 Http://www.nessus.org/plugins/index.php?view=single&id=21689 Http://www.nessus.org/plugins/index.php?view=single&id=12205 Http://www.nessus.org/plugins/index.php?view=single&id=22182 Http://www.nessus.org/plugins/index.php?view=single&id=26919 Http://www.nessus.org/plugins/index.php?view=single&id=26921 Http://www.nessus.org/plugins/index.php?view=single&id=21696 Http://www.nessus.org/plugins/index.php?view=single&id=40887 Http://www.nessus.org/plugins/index.php?view=single&id=10404 Http://www.nessus.org/plugins/index.php?view=single&id=18027 Http://www.nessus.org/plugins/index.php?view=single&id=19402 Http://www.nessus.org/plugins/index.php?view=single&id=11790 Http://www.nessus.org/plugins/index.php?view=single&id=12209 Http://www.nessus.org/plugins/index.php?view=single&id=10673
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
Tenable
MS04-011: Microsoft Windows SSL Library Malformed Message Remo...
Arbitrary code can be executed on the remote host. (Nessus Plugin ID 12204)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NET SCANNERS AND SCRIPTS
Http://nmap.org/
Http://asturio.gmxhome.de/software/sambascan2/i.html
Http://www.softperfect.com/products/networkscanner/
Http://www.openvas.org/
Http://tenable.com/products/nessus
Http://www.rapid7.com/vulnerability-scanner.jsp
Http://www.eeye.com/products/retina/community
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NET SCANNERS AND SCRIPTS
Http://nmap.org/
Http://asturio.gmxhome.de/software/sambascan2/i.html
Http://www.softperfect.com/products/networkscanner/
Http://www.openvas.org/
Http://tenable.com/products/nessus
Http://www.rapid7.com/vulnerability-scanner.jsp
Http://www.eeye.com/products/retina/community
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
nmap.org
Nmap: the Network Mapper - Free Security Scanner
Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool. Download open source software for Linux, Windows, UNIX, FreeBSD, etc.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NETCAT Tools & Resources
Http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
Http://www.radarhack.com/tutorial/ads.pdf
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
Http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
Http://www.dest-unreach.org/socat/
Http://www.antionline.com/archive/index.php/t-230603.html
Http://technotales.wordpress.com/2009/06/14/netcat-tricks/
Http://seclists.org/nmap-dev/2009/q1/581
Http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
Http://gse-compliance.blogspot.com/2008/07/netcat.html
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NETCAT Tools & Resources
Http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
Http://www.radarhack.com/tutorial/ads.pdf
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
Http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
Http://www.dest-unreach.org/socat/
Http://www.antionline.com/archive/index.php/t-230603.html
Http://technotales.wordpress.com/2009/06/14/netcat-tricks/
Http://seclists.org/nmap-dev/2009/q1/581
Http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
Http://gse-compliance.blogspot.com/2008/07/netcat.html
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TRAINING/CLASSES SEC/HACKING :
Http://pentest.cryptocity.net/
Http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
Http://www.cs.ucsb.edu/~vigna/courses/cs279/
Http://crypto.stanford.edu/cs142/
Http://crypto.stanford.edu/cs155/
Http://cseweb.ucsd.edu/classes/wi09/cse227/
Http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
Http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
Http://cr.yp.to/2004-494.html
Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
Http://stuff.mit.edu/iap/2009/#websecurity
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TRAINING/CLASSES SEC/HACKING :
Http://pentest.cryptocity.net/
Http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
Http://www.cs.ucsb.edu/~vigna/courses/cs279/
Http://crypto.stanford.edu/cs142/
Http://crypto.stanford.edu/cs155/
Http://cseweb.ucsd.edu/classes/wi09/cse227/
Http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
Http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
Http://cr.yp.to/2004-494.html
Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
Http://stuff.mit.edu/iap/2009/#websecurity
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
trailofbits.github.io
Introduction Β· CTF Field Guide
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TRAINING/CLASSES SEC/HACKING :
Http://pentest.cryptocity.net/
Http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
Http://www.cs.ucsb.edu/~vigna/courses/cs279/
Http://crypto.stanford.edu/cs142/
Http://crypto.stanford.edu/cs155/
Http://cseweb.ucsd.edu/classes/wi09/cse227/
Http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
Http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
Http://cr.yp.to/2004-494.html
Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
Http://stuff.mit.edu/iap/2009/#websecurity
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TRAINING/CLASSES SEC/HACKING :
Http://pentest.cryptocity.net/
Http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
Http://www.cs.ucsb.edu/~vigna/courses/cs279/
Http://crypto.stanford.edu/cs142/
Http://crypto.stanford.edu/cs155/
Http://cseweb.ucsd.edu/classes/wi09/cse227/
Http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
Http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
Http://cr.yp.to/2004-494.html
Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
Http://stuff.mit.edu/iap/2009/#websecurity
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
trailofbits.github.io
Introduction Β· CTF Field Guide
Malicious Input_ How Hackers Use Shellcode.pdf
1 MB
Malicious Input_ How Hackers Use Shellcode FullTutorial for beginers
#Rquested
#Rquested
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB VECTORS SQLI Tools & Resources :
Http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
Http://isc.sans.edu/diary.html?storyid=9397
Http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
Http://www.evilsql.com/main/index.php
Http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-
injection-pwnage.html
http://securityoverride.com/articles.php?
article_id=1&article=The_Complete_Guide_to_SQL_Injections
Http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
Http://sqlzoo.net/hack/
Http://www.sqlteam.com/article/sql-server-versions
Http://www.krazl.com/blog/?p=3
http://www.owasp.org/index.php/Testing_for_MS_Access
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.archive.org/web/20080822123152/http://
www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://www.youtube.com/watch?v=WkHkryIoLD0
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
Http://vimeo.com/3418947
Http://sla.ckers.org/forum/read.php?24,33903
Http://websec.files.wordpress.com/2010/11/sqli2.pdf
Http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
Http://ha.ckers.org/sqlinjection/
http://lab.mediaservice.net/notes_more.php?id=MSSQL
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB VECTORS SQLI Tools & Resources :
Http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
Http://isc.sans.edu/diary.html?storyid=9397
Http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
Http://www.evilsql.com/main/index.php
Http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-
injection-pwnage.html
http://securityoverride.com/articles.php?
article_id=1&article=The_Complete_Guide_to_SQL_Injections
Http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
Http://sqlzoo.net/hack/
Http://www.sqlteam.com/article/sql-server-versions
Http://www.krazl.com/blog/?p=3
http://www.owasp.org/index.php/Testing_for_MS_Access
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.archive.org/web/20080822123152/http://
www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://www.youtube.com/watch?v=WkHkryIoLD0
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
Http://vimeo.com/3418947
Http://sla.ckers.org/forum/read.php?24,33903
Http://websec.files.wordpress.com/2010/11/sqli2.pdf
Http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
Http://ha.ckers.org/sqlinjection/
http://lab.mediaservice.net/notes_more.php?id=MSSQL
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
SANS Internet Storm Center
Internet Storm Center Diary 2024-04-01 - SANS Internet Storm Center
Internet Storm Center Diary 2024-04-01, Author: Johannes Ullrich
Forwarded from WEB UNDERCODE - PRIVATE
XSS Filter Evasion Cheat Sheet.pdf
904.9 KB
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Improper infrastructure configuration caused dozens of corporate database sources to run naked on the Internet :
> Developer and reverse engineer Tillie Kottmann discovered through recent data collection: due to improper configuration of the infrastructure, the source code of the public database of dozens of companies from the technology, finance, retail, video, e-commerce, manufacturing and other industries has been Be exposed on the Internet.
> The leaked code in public repositories has spread to well-known companies such as Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, HiSilicon (owned by Huawei), MediaTek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls, etc.
π¦Improper infrastructure configuration caused dozens of corporate database sources to run naked on the Internet :
> Developer and reverse engineer Tillie Kottmann discovered through recent data collection: due to improper configuration of the infrastructure, the source code of the public database of dozens of companies from the technology, finance, retail, video, e-commerce, manufacturing and other industries has been Be exposed on the Internet.
> The leaked code in public repositories has spread to well-known companies such as Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, HiSilicon (owned by Huawei), MediaTek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls, etc.
> With the help of developer tools, Tillie Kottmann collected the aforementioned leaked source code. Even if some are marked as "confidential and proprietary," they can still be found in large numbers on code hosting and public repository platforms such as GitLab.
> Bank Security, which focuses on research on banking threats and fraud incidents, pointed out that the library contains source code from more than 50 companies. Although not all folders were exposed, in some cases sensitive credentials were leaked.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
> Bank Security, which focuses on research on banking threats and fraud incidents, pointed out that the library contains source code from more than 50 companies. Although not all folders were exposed, in some cases sensitive credentials were leaked.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PROGRAMMING Python :
Http://code.google.com/edu/languages/google-python-class/index.html
http://www.swaroopch.com/notes/Python_en: Table_of_Contents
http://www.thenewboston.com/?cat=40&pOpen=tutorial
Http://showmedo.com/videotutorials/python
Http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
π¦PROGRAMMING Ruby :
Http://www.tekniqal.com/
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PROGRAMMING Python :
Http://code.google.com/edu/languages/google-python-class/index.html
http://www.swaroopch.com/notes/Python_en: Table_of_Contents
http://www.thenewboston.com/?cat=40&pOpen=tutorial
Http://showmedo.com/videotutorials/python
Http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
π¦PROGRAMMING Ruby :
Http://www.tekniqal.com/
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
catonmat.net
Learning Python Programming Language Through Video Lectures
One of the upcoming projects I am doing (I will reveal it in one of the next blog posts.) is going to be written entirely in Python. I have a good understanding of Python but, same as I had with JavaScript, I have little experience doing projects from theβ¦
Forwarded from WEB UNDERCODE - PRIVATE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Garmin was asked to pay a ransom of $10 million,a bad Russian hacker may be behind the scenes :
> Garmin suffered a ransomware attack last Thursday, which caused its service to be interrupted. Garmin is still working to restore the service. More information now shows who is responsible for the entire incident. Garmin admitted to being hacked five days ago. Garmin explained in a vague announcement on Twitter that it is experiencing a service outage and the company is working to fix it.
> Garmin said it is currently experiencing a failure that affects Garmin.com and Garmin Connect. The outage also affected the call center. Service personnel are currently unable to receive any phone calls, emails or online chat services. Garmin is working hard to resolve this issue as quickly as possible and apologizes for the inconvenience caused. According to various reports, Garmin internally announced two days of maintenance in some factories, possibly to recover after the attack. The company has never confirmed that the ransomware attack was the cause of the failure. However, reports from the "Daily Mail" show that Garmin was required to pay a ransom of $10 million to unlock the computer. Ransomware infection will encrypt all files on the device, and the victim needs to pay a ransom to decrypt it.
> Needless to say, Garmin refused. It is believed that the company is now working to restore the backup and bring all services back online. But it turns out that even if Garmin agrees to pay, this kind of thing is impossible. This is because the hacker organization behind this attack is believed to be Evil Corp. This is a Russian organization that has previously cooperated with multiple malicious attacks against the U.S. banking system. Action related. Last year, the US Treasury Department officially announced a series of sanctions against Evil Corp. Therefore, in law, Garmin is not allowed to make any payments to the organization.
> The man behind Evil Corp is Maksim Yakubets. He is a 33-year-old hacker. The FBI is offering a reward of $5 million. It is believed that he has recently launched large-scale attacks on dozens of other US companies. According to relevant sources, Yakubets is still living in Russia. He made a fortune through malicious activities. He is the owner of the famous Lamborghini Huracan. He had previously purchased a tiger as his pet and used a custom number plate with "thief" written on the car. As of now, the Garmin service is still paralyzed, and the company declined to comment on any claims about ransomware attacks.
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Garmin was asked to pay a ransom of $10 million,a bad Russian hacker may be behind the scenes :
> Garmin suffered a ransomware attack last Thursday, which caused its service to be interrupted. Garmin is still working to restore the service. More information now shows who is responsible for the entire incident. Garmin admitted to being hacked five days ago. Garmin explained in a vague announcement on Twitter that it is experiencing a service outage and the company is working to fix it.
> Garmin said it is currently experiencing a failure that affects Garmin.com and Garmin Connect. The outage also affected the call center. Service personnel are currently unable to receive any phone calls, emails or online chat services. Garmin is working hard to resolve this issue as quickly as possible and apologizes for the inconvenience caused. According to various reports, Garmin internally announced two days of maintenance in some factories, possibly to recover after the attack. The company has never confirmed that the ransomware attack was the cause of the failure. However, reports from the "Daily Mail" show that Garmin was required to pay a ransom of $10 million to unlock the computer. Ransomware infection will encrypt all files on the device, and the victim needs to pay a ransom to decrypt it.
> Needless to say, Garmin refused. It is believed that the company is now working to restore the backup and bring all services back online. But it turns out that even if Garmin agrees to pay, this kind of thing is impossible. This is because the hacker organization behind this attack is believed to be Evil Corp. This is a Russian organization that has previously cooperated with multiple malicious attacks against the U.S. banking system. Action related. Last year, the US Treasury Department officially announced a series of sanctions against Evil Corp. Therefore, in law, Garmin is not allowed to make any payments to the organization.
> The man behind Evil Corp is Maksim Yakubets. He is a 33-year-old hacker. The FBI is offering a reward of $5 million. It is believed that he has recently launched large-scale attacks on dozens of other US companies. According to relevant sources, Yakubets is still living in Russia. He made a fortune through malicious activities. He is the owner of the famous Lamborghini Huracan. He had previously purchased a tiger as his pet and used a custom number plate with "thief" written on the car. As of now, the Garmin service is still paralyzed, and the company declined to comment on any claims about ransomware attacks.
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β