Search results

Following a court ruling last month that Apple conspired to fix prices of digital books, the Department of Justice on Friday proposed measures "intended to halt Apple's anticompetitive conduct, restore lost competition, and prevent a recurrence of the illegal activities." The measures are still...

In the days following Microsoft's $900 million Surface RT write-down, many have been questioning Microsoft's stated plan to remain committed to Windows RT and Surface RT. Is Microsoft really going to continue to sink resources into an operating system that's different from its core Windows 8...

LAS VEGAS -- What's the difference between building a successful computer security company and going to Mars? If you ask Brian Muirhead, who has been instrumental in building and landing Mars rovers for NASA, there's not much difference at all. Muirhead shared the lessons he's learned about...

Hey it's Sin here again (Hyped up on Coffee lol..)Don't see me as a Blackhat hater, just giving adviceSo.. here we go, i just wanted to explain why i don't recommend defacing real briefly,So, Here are some of the common reasons why people may or may not deface- Attention- To let the Admin know...

What Is DNS Spoofing? DNS spoofing is an attack that can categorize under Man-In-The-Middle-Attack, beside DNS Spoofing MIMA contain: -ARP poisoning -Sessions hijacking -SSL hijacking -DNS Spoofing Ill only be showing u DNS Spoofing , For now .. ! How does it work ? Man in the middle attack...

Today, I'm going to explain you about WEB vulnerability that not everyone knows...but it very popular. This vulnerability is very dangerous and effective. Usually, the vulnerability exploiting never leave evidences. This vulnerability called: Cross Site Request Forgery(CSRF) CSRF and the way to...

Brief Introduction: Ok. This tutorial is going to introduce you with a Backtrack application called Crunch. Most plainly said Crunch itself is a tool for wordlists generation. In this tutorial I’m going to explain some of its main options (not all), the way to use it, charsets, M33 and cons...

Hey guys These are the google dorks discovered by me. Symlink User configs intitle:Priv8 SCR http://www.exploit-db.com/ghdb/3807/ User & Domain || Symlink Using this dork you can find the User and the Domains of the Server... intitle:C0ded By web.sniper...

Full Path Disclosure Tutorial In this little write up today, I am going to try and explain you what 'FPD' is, how to detect it, analyze it, and some pretty good methods of finding it in the wild. /* Note that my write up was intended to PHP-based websites, but some of the methods works for...

When we get a webshell,we can use this script to escalate privileges. However,we need something at first : 1.Mysql root 2.Windows 2k or 2k3 <html> <head><title>Win MOF Shell</title></head> <body> <form action="" method="post"> Host:<br/> <input type="text" name="host"...

What is Source Code Disclosure? This is a kind of exploits that is very easy & tricky .... That you actually exploit the PDF downloading system to download such other suspec. files from the web server! This is a google dork that can be used to capture such Vulnerabilities...

Server Side Includes && General background. Server Side Includes(SSI) is server  language for web pages, designed to make static HTML pages a little more dynamic. SSI meant to make HTML pages similar to dynamic applications, such as those written in ASP, PHP and similar languages​​ and allow...

- Definition - First off, let's start from the very beginning. Lightweight Directory Access Protocol or abbreviated (LDAP) is a protocol from the OSI model that appends to the Application Layer (#7). As of its abbreviation, LDAP is pretty much responsible for the allocation of resources in...

Today I am going to give you a brief introduction to a really great open source web scanner known as the Web Application and Audit Framework, or W3AF for short. It is coded in python, has both a console and GUI version, and is capable of mapping out a target site, testing for vulnerabilities and...

well all know what is WAF (web application firewall) which is used to help block out certian attack queries, we spend days and days hacking websites mostly with SQLI and sometimes we get across some nasty filters. so im asking you, wouldnt be more fun to try to make your OWN WAF and try to...

Introduction: Though, the title is not entirely correct, the actual authentication method is called BA (abbreviated for Basic Access). The form itself requests an HTTP user-agent to supply the credentials. Also there are no active sessions established during your activity within the system. If...

Overview: The whole point of command injection is to inject and execute malicious commands specified by the attacker in the vulnerable application. Most of the time, web applications need to use backend programs or applications to their advantage in order to complete some functionality. This can...

[0x01] Storage Method: Okay so I'm about to explain a very nifty and important way to own a server that your targeting. This is something most young hackers never think of doing but can be very handy when a server is hosting multiple sites. Lets say you target a server, you do a reverse IP...

[0x01] Intro: Okay so today I will be giving some pointers on how to upload your shell to a hacked server via command line if for some reason you dont have write or upload permissions to upload. [0x02] Scenario: Lets say you just exploited a ssh protocol and have logged into the box. Your not...

I wrote this tutorial myself under another nickname "Shirobi" on another forum French (and other) It is even my old username here, thank you for your understanding: p Bypassing a HTACCESS This tutorial will aim to teach you a technique to bypass the HTACCESS. If you know other ways to bypass...