Posts

Showing posts from May, 2009

Greasemonkey Script: WebPageFingerprint Series

Greasemonkey Script: WebPageFingerprint Series Description: Six nice video series of how a very little Greasemonkey Script can do - Web Page fingerprinting, JS fingerprinting, Vulnerability/Backup file scanning, XSS/SQL/Command Injection fuzzing ...etc. Date: July 2008

WebScarab Demonstration Series

WebScarab Demonstration Series Description: See how WebScarab is useful in web application security assessment. - Spidering - Finding Hidden Clues - Session Analysis - XSS Hunting - Dir Enumeration - Backups Enumeration Date: August 2008

Passive Vulnerability Scanning with RatProxy

Passive Vulnerability Scanning with RatProxy Description: See how a google security guy's RatProxy is good at Web Application Security Assessment. Date: August 2008

Attack Log Analysis with Scalp!

Attack Log Analysis with Scalp! Description: Scalp is a very great apache log attacker analyzer using php-ids IDS pattern file. If you scan your web site logs weekly or daily, you will see attacks are coming to your site on a regular basis. People tend to check their logs only after compromise is accomplished. It is too late. Attackers have 0wned their sites and manipulated log files! Date: Sept 2008

HTTP Form Brute Forcing With JHijack

HTTP Form Brute Forcing With JHijack Description: The Initial reason for JHijack is to use it in numeric Session Hijacking but its uses depend only on who use it. We've given yet another example in Blind SQL Injection. This time, it can also be used as HTTP Form Cracker like an old school - Brutus. Date: Nov 2008

Why JS Malwares are still prevelent and bypassing AV Scanners

Why JS Malwares are still prevelent and bypassing AV Scanners Description: Even up to now due to today's AV Scanner's Poor Defense against web worms, we'll never be secure. This movie shows you how JS malwares can easily bypass AV Scanners using stupid string manipulation techniques. Date: May 2009

Session Strength Analysis With Stompy

Session Strength Analysis With Stompy Description: Stompy performs NIST FIPS statistical tests on session generation and checks for correlations between arbitrary bits. A truly random token never exhibits correlation between the stage of one bit and the state of another. In this movie, I'll show you how to download, extract, compile, and run Stompy and analyze session tests for failure or pass. Ref: WAHH . Size: 10 MB Date: May 2008

Checking Weak SSL Ciphers With THCSSLCheck

Checking Weak SSL Ciphers With THCSSLCheck Description: If any weak or obsolete SSL ciphers are being used in particular web sites, then a suitably positioned attacker may be able to perform an attack to downgrade or decipher the SSL communications gaining access to user sensitive data. Ref: WAHH . Size: 2.05 MB Date: May 2008

Discovering Browser Plugin Vulnerabilities

Discovering Browser Plugin Vulnerabilities Description: See how attacker find flaws in web browser plugins to install malware to your computer. For example, if a plugin has vulnerable readFile/loadFile function, then he can read/load any files from your computer and then send them to his sever. Similarly, for saveFile function, he can overwrite any files on your disk with malicious content. Size: 9.38 MB Date: May 2008

Owning the box via Web Browser Flaw

Owning the box via Web Browser Flaw Description: You'll never think of how dangerous a link you've clicked! Generally exploiting browser vulnerabilities to gain remote access may bypass firewalls that are protecting your workstation. Firewalls typically block new, inbound connection attempts but allow users behind the firewall to create outbound connections, which allow both parties of that established connection to communicate freely in both directions over that channel. If an attacker wants to attack your firewall-protected computer, he will normally be blocked by your firewall. However, if the attacker instead hosts the domain evil.com and entices you to browse to www.evil.com, he now has a communication channel to interact with your computer. Ref: GHHB . Size: 11.3 MB Date: May 2008

XSS in phpMyAdmin 2.11.7

XSS in phpMyAdmin 2.11.7 Description: A recorded XSS hunting movie in phpMyAdmin 2.11.7. Date: June 2008

OWASP WebGoat Web Hacking Simulation Series [over 40 Movies]

OWASP WebGoat Web Hacking Simulation Series [over 40 Movies] Description: A Series of Full-Featured Web Hacking WalkThrough Simulations played in OWASP WebGoat v5.1 environment. General - Code Quality - Concurrency - Unvalidated Parameters - Access Control Flaws - Authentication Flaws - Session Management Flaws - Cross-Site Scripting (XSS) - Buffer Overflows - Injection Flaws - Improper Error Handling - Insecure Storage - Denial of Service - Insecure Configuration - Web Services - AJAX Security - Challenge. New movies will be added whenever WebGoat is updated. Size: N/A Date: April 2008

Trusting The Vulnerability Scanner: Danger of False Negative Sign

Trusting The Vulnerability Scanner: Danger of False Negative Sign Description: This movie is to educate developers who put their entire trust on security/vulnerability scanners. False Negative means "Scanner says it doesn't find any X vulnerability". But there actually exists X vulnerability. Be sure to read "About Movie.txt" file. Size: 2.05 MB Date: April 2008

Owning the box Via Web Application Flaw

Owning the box Via Web Application Flaw Description: See how an attacker can use our recent discovery of File-Upload vulnerability in Gmail-Lite to 0wn the entire box. This is to teach developers how a flaw in web application is evil. Size: 6.39 MB Date: April 2008

Performing Directory Brute-Force Attack

Performing Directory Brute-Force Attack Description: There are dozens of tools that let us brute-forcing directories names for sensitive information digging. In this movie, we illustrated Directory Brute-Forcing with the tool called 'JBroFuzz'. The reason why we like it is that it can brute force a large number of directories. As of this writing,the latest version JBroFuzz 0.8 has 58658 directories names that are commonly used by today's web sites. The only defense is you must not place/protect sensitive information in server-side (.htaccess). Just wanna show you - Security Through Obscurity is broken. Size: 3.51 MB Date: March 2008

Evading Firefox XSS-Warning Addon Filter

Evading Firefox XSS-Warning Addon Filter Description: Just one example of how attackers can easily bypass today's security controls. We shouldn't too much reply on security products which have their own weaknesses. Size: 169 KB Date: March 2008

Exploiting Logic Flaw

Exploiting Logic Flaw Description: This demonstration shows you on how a flaw in coding reveals sensitive information! Size: 2.75 MB Date: Feb 15, 2008

Finding XSS with Automated Tool [Interactive]

Finding XSS with Automated Tool Description: This training is an interactive version of the above training. It simulates you how to automate finding xss holes with fuzzers in quick and easy manner yourself . Size: 150 KB Date: Feb 6, 2008

Finding XSS with Automated Tool

Finding XSS with Automated Tool Description: This training shows you how to automate finding xss holes with fuzzers in quick and easy manner. Size: 1.18 MB Date: Jan 04, 2008

How Bad Guys Steal your Login Info Smartly

How Bad Guys Steal your Login Info Smartly Description: This demonstration shows you how bad guys or malicious web sites steal your login accounts info of your daily visited sites by exploiting via web browser's autoComplete feature . Size: 886.98 KB Date: Jan 11, 2008

Desirable Input Validation Baseline Check

Desirable Input Validation Baseline Check Description: This demonstration shows you on how you should implement baseline acceptable input filtering on visitors' inputs. Filtering inputs are the most important because 100% injection attacks (XSS,SQL,XPATH,OS CMD ...etc) come from inputs where filtering is weak or none. Developers should always be aware of inputs as well as outputs! You know Garbage In Garbage Out but for attackers, Garbage In Gold Out! Size: 4.09 MB Date: Jan 15, 2008

Attacking The Spammers with PhpMySpamFighter

Attacking The Spammers with PhpMySpamFighter Description: Spammers use email collectors programs to grap our site visitors' emails. See our phpMySpamFighter Dos-attacks their programs. We hope there will be less spammers if this technique is used widely. In fact, it fights not only spammers but also your attackers who use the similar tools to probe your web sites. Size: 3.65 MB Date: March 2008

WFuzzFE

Download WFuzzFE Description: WFuzz FrontEnd (WFuzz UI) is what we just wrap GUI to the all-time famous wfuzz.py by Carlos del ojo & Christian Martorella ( Edge-security.com ). WFuzz is known as a Web Brute Forcer. It's a tool that got its fame thanks to its multithreading and flexibility to show only desired results based on HTTP Response Code, No. of Lines/Words. When fuzzing is done, firefox will open and show the result. Requirements: Python, JRE 1.5 >= Date: Oct 2008

Web Firewall Detector

Download Web Firewall Detector Typical Web Firewalls use a mechanism to classify anomaly traffics. This tool submits an old-school malicious (not dangerous) request, and tells you the type of firewall a particular web site use (if any). Mainly useful for blackbox security assessment. Coded years ago. Ref: Web Hacking Exposed 2nd Edition, ISBN:9780072262995 [REQUEST] <----> | Web Firewall | <----> [WebServer] Requirements: Perl Date: Nov 2008 No longer updated. We've contributed this wafd's signatures to w3af finger_WAF.py plugin.

Web Firewall Stress Tester

Download Web Firewall Stress Tester A tool to be used for newly created OSS web firewall/proxy/servers 'coz I found vulnerability in this way. Submit (GET/POST/HEAD) user-defined packets to web firewall to test its security strength. Tell you at which packet length a firewall will crash. Good for Heap/buffer overflow hunting. [REQUEST] <----> | Web Firewall | <----> [WebServer] Requirements: Perl Date: Nov 2008

Joomla! Security/Vulnerability Scanner

Download Joomla! Security/Vulnerability Scanner A regularly-updated scanner that can detect file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. Requirements: Perl Start-Date: Dec 2008

Ultimate Hackerfox Addons

We've found it impossible to run Portable Firefox with several security addons thanks to our contributing testers (Ko Soe Min, http://soemin.net & Ko Phyo, http://myanmaritpros.com ). To work around this problem, we zip-bundle hacking addons with runnable invokers (run.exe in Windows, run.pl in Linux). You must have firefox installed in your system. Make sure you already close any Firefox beforehand. Our Greasemonkey scripts Included . Download: version-1-light MD5: 80AED846164A1AECEB5AFE0759473DF2 version-2 MD5: 68C581305E2C16E9D51E41C7D75ED501 Requirement: Firefox Browser Date: Auguest 2008

NiktoFE

Download NiktoFE Nikto FrontEnd (Nikto UI) is what we just wrap GUI to the all-time famous nikto.pl by Sullo ( CIRT Inc ).It usually takes several minutes(even hours) for a complete scan. When it's done, firefox will open and show the result. Requirements: Perl, JRE 1.5 >= Date: Oct 2008

phpMyAdmin Configuration Security Checker

Download phpMyAdmin Configuration Security Checker Thousands of web servers are running phpMyAdmin in more or less insecure settings. This configuration script will check user-defined configuration values against pre-defined secure values. Set config file path. Run it and save the test result and then delete this script. Coded for: phpMyAdmin 2.11.7 Date: July 2008

PHP Login Info Checker (LIC) v.01

Download PHP Login Info Checker (LIC) v.01 In your web applications wherever user/admin registration is required, use this checker script to strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. You can extend it stricter/stronger passwords easily. It has also built-in smoke test page via url loginfo_checker.php?testlic . Demonstration: PHP Login Info Checker Demo Compatibility: PHP 4/5 Date: April 2008

Php-Brute-Force-Attack Detector

Download Php-Brute-Force-Attack Detector (Former name: Php Attack Detection Engine) to detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. This helps you quickly identify probable probing by bad guys who's wanna dig possible security holes. For more info... Requirements: PHP5, MySQL 4> Date: June 2008

Apache mod_rewrite security rules

Download Apache mod_rewrite security rules These rules act as a baseline web application firewall built on common attack strings. If you get banned during legitimate traffic, you'll have to remove troubled keywords. If you can't, post'em to us. We'll send you finer version that suits your site. It's a must for all web servers. Remember it cannot help most web application attacks such as Information Leakage, Insufficent Authentication/Authorization, Bruteforcing, Predicatable Resource Location, Logic flaws. Requirements: Apache with mod_rewrite module enabled Date: March 2009

PHPMySpamFIGHTER

Download PHPMySpamFIGHTER It makes/fills email extractors/spammers' programs with thousands of fake email addresses endlessly dynamically generated by phpMySpamFighter. So even if your site visitors post their email addresses in plain format, spammers will give up searching for correct ones. It may cause Denial-Of-Service attack back to their programs.In fact, it fights not only spammers but also your attackers who use the similar tools to probe your web sites. Compatibility: PHP 4/5 Resources: Demonstration

php-DDOS-Shield

Download php-DDOS-Shield Php-Distributed Denial-of-Server Preventor. Nothing can stop DDOS? Don't be amazed. This is a tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. Installation is to just do include. Requirement: PHP 4 > Date: July 30 2008

GoogleHacker

GoogleHacker A lightweight Windows HTA Application useful as your regular google hacking tool on Windows platform.A comprehensive search form bundled with sensitive keywords. It's capable of saving searches on disk and directly modifying keyword files. Started: Sept 2007

HackerFirefox

Download HackerFirefox Description: Portable Firefox With Web Hacking Tools Bundled Started: Dec 2007 Featured @ at OWASP

JHijackv.01 beta

Download JHijackv.01 beta Description: A simple Java Fuzzer mainly used for numeric session hijacking and parameter enumeration. Requirement: JRE/JDK 1.4 or above Demonstrations: Session Hijacking BlindSQLInjection HTTP Form Brute Forcing Date: April 2008

GreaseMonkey:: Web Security Toolkit

A collection of our Greasemonkey scripts that aim to provide security for you and your site. We love to write Greasemonkey scripts than Browser Addons because Greasemonkey is more flexible. Any one can view and edit source codes with ease. They will forever be compatible with any versions of Gecko browsers while most security addons are no longer compatible with new versions unless their authors take pains to modify codes for compatibility. Send suggestions and bugs via our contact form at our home page. Feel free to modify codes to adapt your need. phpinfo() Security Checker Description: Whenver the script detects a phpinfo() page, it fingerprints it for how much secure that phpinfo page. It's a combination of my security thoughts and phpinfosec.com's project. Use it for security and performance issues. Ideal for web masters and web server admins who are a bit confused with phpinfo() page's numberous configuration items. Date: July 2008 WebPageFingerPrint (aka. Hackin

Web Application Security Papers Archived (WASPA)

Download Web Application Security Papers Archived (WASPA) This project is a collection of web application security related documents, presentations, cheetsheets, guides and the like. As for always, those resources are scattered among thousands of resources on the web. Some are really worth to read but are sadly unknown by a whole large. The only noble aim of Security students, professionals, or researchers is to bring reliable security and countermeasures to our next-generation IT communication. I attempt to support this aim by collecting resources altogether in one place which can be downloaded by those who're eager for stronger security. Started: June 2008

Multiple vulnerabilities in PhpMyAdmin

Multiple vulnerabilities in PhpMyAdmin <= 2.11.7 - XSS in setup Cross-site Framing XSRF:ConvertCharset XSRF:CreateDatabase July, 2008

Gmail-Lite XSS Hole

View Gmail-Lite XSS Hole Jan, 2008

CodeIgniter Global XSS Filtering Bypass Vulnerability

View CodeIgniter Global XSS Filtering Bypass Vulnerability December, 2007

Ning.Com Captcha Protection Bypass Vulnerability

View Ning.Com Captcha Protection Bypass Vulnerability April, 2008

Input Flood Vulnerability in burglish chat

Input Flood Vulnerability in burglish chat Feb 23, 2006

XSS Archive Screenshots

View XSS Archive Screenshots Jan 03, 2008

Apache Security Bypass Vulnerability in DOMPDF

View Apache Security Bypass Vulnerability in DOMPDF Dec, 2007

Gmail-Lite Shell Code Execution Vulnerability

View Gmail-Lite Shell Code Execution Vulnerability March, 2008

XSS-Warning Addon Filtering Bypass Vulnerability

View XSS-Warning Addon Filtering Bypass Vulnerability See demo movie March, 2008

Hacker Web Search Aggregator

Hacker Web Search Aggregator - Collection of site searches for Information Gathering phase.

Resource Directory

Image
This is our ongoing project to maintain the most live ever-updated comprehensive links repository. We take pains to make the HWD sure for quality links resources. Click the logo below to enter into hwd.

Web App Security Assessment Report Generator (WA-SARG)

To generate assessment report, the following famous two methodologies are used as framework or checklists. Practical skills on tools and knowledge are required to perform the assessments accurately according to defined methodology. Carrying out assessments that satisfy all tasks mentioned in these methodologies ensures reasonable level of security. They provide pentesters baseline checklists so as not to miss anything. For more information, please buy "Web Application Hacker's Handbook" for Portwigger and download OWASP Testing Guide from owasp.org . If you'd like to propose hybrid methodologies combined with your own experience, don't hesitate to contact us. Over time, these methodologies need to be updated to cope with evolving attack vectors and threats. PortSwigger OWASP Testing Guide v2 OWASP Testing Guide v3 Privacy Policy: No data is sent to our server. Purely generated by JavaScript alone. Some words: Avoid using it as a checklist if you have

What a perfect whitehat!

What a perfect whitehat! [ @SlideShare.net ]

Better Study Strategies

Better Study Strategies [ @SlideShare.net ]

A Dark Intro To Google Hacking

A Dark Intro To Google Hacking [ @SlideShare.net ]

Php5 Built-in String Filter Functions For Security

Php5 Built-in String Filter Functions For Security [ @SlideShare.net ]

Introducing Malware Script Detector

Introducing Malware Script Detector [ @SlideShare.net ]

An Apache Trick to protect sensitive/backup files

An Apache Trick to protect sensitive/backup files Nov 2008

Ongoing Web Application Security Model (OWA-SM)

Ongoing Web Application Security Model (OWA-SM) May 2008

An Apache Trick to prevent Shell File Attack

An Apache Trick to prevent Shell File Attack Nov 2008

Directory Bruteforce Attack

Directory Bruteforce Attack Jan 09, 2008

Security Professional How to

Security Professional How to Jan 28, 2008

Why Session Protection Fails

Why Session Protection Fails Jan 29, 2008

Ways to Protect Sensitive Files & Directories

Ways to Protect Sensitive Files & Directories Jan 29, 2008

Web Browser Plugins Vulnerabilities

Web Browser Plugins Vulnerabilities => [ Download controller.php ] Feb 7, 2008

Hunting for Backdoor Scripts

Hunting for Backdoor Scripts March 27, 2008

Things to do When you got hacked

Things to do When you got hacked Nov 2008

Causes Of Security Flaws 101

Causes Of Security Flaws 101 Jan 07, 2008

What XSS Can Do

What XSS Can Do Jan 02, 2008

Defeating X-Rummer Spam Bot

Defeating X-Rummer Spam Bot Feb 19, 2007

Disclosure Vulnerability:phpinfo

Download Disclosure Vulnerability:phpinfo Jul 16, 2006

Disclosure Vulnerability:robots.txt

Download Jul 16, 2006

A Nice Approach to IT Certifications

Download Jan 07 , 2006

Next-Generation Phishing Attack

Download May 13, 2006