I came up with this pwn3d zit3 login form challenge, to kind of expose one of the many web application vulnerabilities; it consists of a login form which authenticates against a mysql backend database to give authorized access to the members only part of the web site (you must become a member first—>”REGISTER”). The goal is to login with full administrator rights and get the users list data stored in the mysql database, if you need help or hint on how to come up with the goods use the comments form at the end of the page, hope you find it interesting….
here’s the link to th3 pwn3d zit3 login form challenge
hint #1: the vuln is in the way the cookie is set….take a look at the content of the cookie.
hint #2: read the login page for additional clues.
the complete site is now finish and it contains different vulnerabilities you can find it here
Ok, by now you probably now how much I enjoy hacking, ehm, ehm…sorry!, pentesting. Well for this tutorial I will be pentesting MS SQL Server with SQLat, Freetds, and Cain. Database store and provide access to information and information is power. Sensitive data such as bank account numbers, credit reports, and lots of other important information can be obtained from an insecure database, in this tutorial I will try to explain basic technology about MSSQL, like default install as well as demonstrate tools and techniques that can be use to exploit MSSQL server.
for this tutorial I use some of the tools used most often for pentesting web server and web application; open source tools like Telnet, HTTPrint, Nikto, and Nessus, I will be using this tools to perform: Information Gathering, Scanning, Command Execution Attacks.
A Short Review First…
Pentesting web servers and web applications over the internet has grown over the past few years, chances are that when you are on a server on the internet you are using Hyper Text Transfer Protocol (HTTP), and that 70 percent of the servers visible on the internet today are web servers with tons of services been added on top of HTTP. The web server market has filter down to two mayor players: Apache’s Hyper Text Transfer Protocol Daemon (HTTPD), and Microsoft Internet Information Server (IIS), this two server account for 90 percent of the market share.
In this tutorial I go over the process of cracking wep encryption for wireless network. Here I demonstrate why configuring your network with wep encryption is not such a good idea, as anyone with the right tools can crack it in a manner of minutes
Some history first:
There are two types of WLAN vulnerabilities, vulnerabilities due to poor configuration and vulnerabilities due to poor encryption. WEP was the original security standard used with wireless networks. Unfortunately, when wireless networks first started to gain popularity, researchers discovered that WEP was flawed, in which an attacker could defeat WEP because of flaws in the way WEP employed the underlying RC4 encryption algorithm.
In this tutorial, I show how easy is to intercept clear text password off the network, with cain’s men in the middle (MITM) attack. Cain & Abel is a password recovery tool for windows OS, it allows to recover password off the network by sniffing for later cracking using dictionary, brute force and cryptanalysis attack.
click here to view tutorial
This video shows how to gain access to an unpatched windows xp system, for this demonstration I use the Metasploit framework from the Backtrack live CD, and the Microsoft RPC DCOM exploit, with the win32_reverse payload to gain a reverse shell on the remote box, also I’ll be using PWDump4 to dump the password hashes on the remote system for later cracking with John….this is a good example why system update is so important.
click here to view tutorial
In this video I show how to gain access to a remote windows box, using Hydra GTK launching a dictionary attack against FTP server.
click here to view the tutorial
Subscribe
Designed By :
