Paper about exploiting web vulns

Pepelux has wrote a paper about exploiting web vulnerabilities to gain access to the system.

There are a lot of vulnerabilities that allow us to exploit a website, all of them are old and documented. We can found LFI, RFI, SQL, XSS, SSI, ICH and other attacks. For that reason this paper is centered only in attacks that allow us access to the system and to execute commands remotely.

Download (English) | Descargar (Castellano)

BlindSQL v1.0

Pepelux has made a bash script to make blind attacks SQL injection again databases, usually MySQL. It attacks with bruteforce gaining configuration data, tables, fields and data from DB. It uses lynx navigator.

Download

[eNYeSec] Monitor v1.0

Pepelux has made a windows utility to capture all traffic from net card, as a sniffer (promiscuous mode). It is configurable with filters, and captures TCP, UDP, ICMP and ARP protocols. It can export data, and has a login plain text detection mode (ftp, pop3, etc.). It is multilanguage (english + spanish).

Download | See screenshot

Playing with sockets (port scan)

Pepelux has wrote a paper about port scanning at low level. It explains anonymous port scan, playing with net packet headers using raw sockets. It shows most used scan techniques (xmas, fin, etc.), through own raw sockets code and examples. It also explains a little about SO’s detection.

Download (English) | Descargar (Castellano)

eNYe Sec  |  Computer Security · Green Hope Theme by Sivan & schiy · Powered by WordPress