Scrubbr is a BSD-licensed database scanning tool that checks numerous database technologies for the presence of possible stored cross-site scripting attacks. The tool was partially inspired by "Scrawlr", a trimmed-down version of HP’s WebInspect which was released for free after the so-called "asprox" mass-SQL injection bot exploited hundreds of thousands of insecure ASP sites.
Download XSS Scanning Tool Here
Saturday, November 20, 2010
BlackSheep: Way to Avoid FireSheep!
This is an intelligent tool in a sense that you get to know the IP address of the attacker who is running FireSheep. Suitably, BlackSheep is also a Firefox plugin, that is designed to combat FireSheep. It does so by dropping ‘fake’ session IDs on the wire and then monitoring traffic to see if it has been hijacked. BlackSheep identifies FireSheep via a request to a domain that it identifies session information. Using this hijacked session information, FireSheep contacts the targeted host in order to obtain the name of the hijacked user along with an image of the person, if available. When identified, the user will be receive the following warning message:
FireSheep and BlackSheep can not co-exist on the same Firefox profile as they share a lot of common code. If you need to use them on the same machine, use different Firefox profiles.
Download BlackSheep v1.0.0 (blacksheep-latest.xpi) here.
FireSheep and BlackSheep can not co-exist on the same Firefox profile as they share a lot of common code. If you need to use them on the same machine, use different Firefox profiles.
Download BlackSheep v1.0.0 (blacksheep-latest.xpi) here.
Hack Facebook/Twitter Or Any Email Account With Session Hijacking
When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.
Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.
After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.
As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:
Double-click on someone, and you're instantly logged in as them.
As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:
Double-click on someone, and you're instantly logged in as them.
That's it.
Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.
Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.
By Codebutler..
PHP Programming Video Tutorial: Basics Tutorials PHP Programming
What This Course Covers (02:14)
What You Will Need (02:41)
Resources - Using PHP.net Pt.1 (04:51)
Resources - Using PHP.net Pt.2 (04:17)
Other PHP Resources (03:10)
Hosting Resources (06:23)
Starting with PHP
What is PHP (04:10)
PHP Programming Standards (04:07)
Embedding PHP in HTML (05:27)
Embedding HTML in PHP (05:15)
The All Important Semi-colon (01:38 )
Your First PHP Script (05:34)
Comments (02:24)
Chapter 2 Challenge (07:57)
PHP Basics
Variables (04:04)
PHP Statements (00:45)
Values and Value Types Part 1 (07:48 )
Values and Value Types Part 2 (02:43)
Referencing Variables and Constants (03:00)
Superglobals (05:04)
Variable Variables (03:56)
Basic Operators Part 1 (04:21)
Basic Operators Part 2 (04:35)
Advanced Operators (05:52)
Chapter 3 Challenge (06:08 )
PHP Conditionals and Loops
The "IF" Statement (04:45)
Extending "IF" (03:02)
"SWITCH" Statements (04:40)
The "WHILE" Structure (03:18 )
The "DO-WHILE" Structure (02:29)
The "FOR" Loop (04:41)
Chapter 4 Challenge (02:28 )
Applying What You Know
INCLUDE and REQUIRE (03:42)
Setting up Your File Structure (04:53)
Global Headers and Footers (03:16)
A Functional Website Example Pt.1 (06:23)
A Functional Website Example Pt.2 (04:18 )
A Functional Website Example Pt.3 (04:32)
A Functional Website Example Pt.4 (04:49)
A Functional Website Example Pt.5 (04:30)
A Functional Website Example - Addendum (06:09)
PHP and functions
Why use functions (03:12)
Variable Scope (02:58)
Creating and using Functions (03:12)
Functions with Parameters (06:28 )
Returning Values (04:05)
Chapter 6 Challenge (05:59)
PHP Arrays
What is an Array (02:09)
Creating Arrays (06:03)
Multidimensional Arrays (03:23)
"FOREACH" looping - basic (03:18 )
"FOREACH" looping - advanced (04:19)
Navigating Arrays (02:21)
Manipulating Keys (03:56)
Sorting Arrays (02:41)
Serialization (02:20)
Challenge (07:56)
Starting with MYSQL
Getting Information: mysql.com (02:49)
Other MYSQL Resources (02:00)
What is a relational database? (03:27)
Accessing MYSQL - the command line (04:36)
MYSQL Basics
Configuring Users in MYSQL - Part 1 (03:59)
Configuring Users in MYSQL - Part 2 (03:02)
Creating Databases and Tables (02:24)
MYSQL Data Types - Numeric Types (04:04)
MYSQL Data Types - Date Types (02:17)
MYSQL Data Types - String Types (02:58)
EXAMPLE: Creating A Table Statement - Part 1 (05:27)
EXAMPLE: Creating A Table Statement - Part 2 (03:47)
Basic MYSQL commands - INSERT (02:46)
Basic MYSQL commands - SELECT and UPDATE (05:46)
Basic MYSQL commands - DELETE and DROP (02:32)
Setting Up phpMyAdmin (05:43)
Using phpMyAdmin (06:06)
Using MYSQL with PHP
Connecting to MYSQL (02:28 )
Choosing a database (01:49)
Querying a database (03:53)
Retrieving results (05:38 )
Useful MySQL functions in PHP (03:55)
PHP and Sessions
What is a session (01:39)
set_cookie vs session_start (05:36)
Session Tracking With Built in PHP Functions (03:54)
Session Tracking With Databases Pt.1 (04:36)
Session Tracking With Databases Pt.2 (04:40)
Final Words
Where to go from here (03:02)
Credits
About the Author (02:04)
DOWNLOAD
hotfile.com
http://hotfile.com/dl/82631826/af976c0/VTC.p.h.p.part1.rar.html
http://hotfile.com/dl/82631917/f4c4373/VTC.p.h.p.part2.rar.html
fileserve.com
http://www.fileserve.com/file/tZErwTZ/VTC.p.h.p.part1.rar
http://www.fileserve.com/file/mWPEjEr/VTC.p.h.p.part2.rar
filesonic.com
http://www.filesonic.com/file/32308259/VTC.p.h.p.part1.rar
http://www.filesonic.com/file/32308093/VTC.p.h.p.part2.rar
What You Will Need (02:41)
Resources - Using PHP.net Pt.1 (04:51)
Resources - Using PHP.net Pt.2 (04:17)
Other PHP Resources (03:10)
Hosting Resources (06:23)
Starting with PHP
What is PHP (04:10)
PHP Programming Standards (04:07)
Embedding PHP in HTML (05:27)
Embedding HTML in PHP (05:15)
The All Important Semi-colon (01:38 )
Your First PHP Script (05:34)
Comments (02:24)
Chapter 2 Challenge (07:57)
PHP Basics
Variables (04:04)
PHP Statements (00:45)
Values and Value Types Part 1 (07:48 )
Values and Value Types Part 2 (02:43)
Referencing Variables and Constants (03:00)
Superglobals (05:04)
Variable Variables (03:56)
Basic Operators Part 1 (04:21)
Basic Operators Part 2 (04:35)
Advanced Operators (05:52)
Chapter 3 Challenge (06:08 )
PHP Conditionals and Loops
The "IF" Statement (04:45)
Extending "IF" (03:02)
"SWITCH" Statements (04:40)
The "WHILE" Structure (03:18 )
The "DO-WHILE" Structure (02:29)
The "FOR" Loop (04:41)
Chapter 4 Challenge (02:28 )
Applying What You Know
INCLUDE and REQUIRE (03:42)
Setting up Your File Structure (04:53)
Global Headers and Footers (03:16)
A Functional Website Example Pt.1 (06:23)
A Functional Website Example Pt.2 (04:18 )
A Functional Website Example Pt.3 (04:32)
A Functional Website Example Pt.4 (04:49)
A Functional Website Example Pt.5 (04:30)
A Functional Website Example - Addendum (06:09)
PHP and functions
Why use functions (03:12)
Variable Scope (02:58)
Creating and using Functions (03:12)
Functions with Parameters (06:28 )
Returning Values (04:05)
Chapter 6 Challenge (05:59)
PHP Arrays
What is an Array (02:09)
Creating Arrays (06:03)
Multidimensional Arrays (03:23)
"FOREACH" looping - basic (03:18 )
"FOREACH" looping - advanced (04:19)
Navigating Arrays (02:21)
Manipulating Keys (03:56)
Sorting Arrays (02:41)
Serialization (02:20)
Challenge (07:56)
Starting with MYSQL
Getting Information: mysql.com (02:49)
Other MYSQL Resources (02:00)
What is a relational database? (03:27)
Accessing MYSQL - the command line (04:36)
MYSQL Basics
Configuring Users in MYSQL - Part 1 (03:59)
Configuring Users in MYSQL - Part 2 (03:02)
Creating Databases and Tables (02:24)
MYSQL Data Types - Numeric Types (04:04)
MYSQL Data Types - Date Types (02:17)
MYSQL Data Types - String Types (02:58)
EXAMPLE: Creating A Table Statement - Part 1 (05:27)
EXAMPLE: Creating A Table Statement - Part 2 (03:47)
Basic MYSQL commands - INSERT (02:46)
Basic MYSQL commands - SELECT and UPDATE (05:46)
Basic MYSQL commands - DELETE and DROP (02:32)
Setting Up phpMyAdmin (05:43)
Using phpMyAdmin (06:06)
Using MYSQL with PHP
Connecting to MYSQL (02:28 )
Choosing a database (01:49)
Querying a database (03:53)
Retrieving results (05:38 )
Useful MySQL functions in PHP (03:55)
PHP and Sessions
What is a session (01:39)
set_cookie vs session_start (05:36)
Session Tracking With Built in PHP Functions (03:54)
Session Tracking With Databases Pt.1 (04:36)
Session Tracking With Databases Pt.2 (04:40)
Final Words
Where to go from here (03:02)
Credits
About the Author (02:04)
DOWNLOAD
hotfile.com
http://hotfile.com/dl/82631826/af976c0/VTC.p.h.p.part1.rar.html
http://hotfile.com/dl/82631917/f4c4373/VTC.p.h.p.part2.rar.html
fileserve.com
http://www.fileserve.com/file/tZErwTZ/VTC.p.h.p.part1.rar
http://www.fileserve.com/file/mWPEjEr/VTC.p.h.p.part2.rar
filesonic.com
http://www.filesonic.com/file/32308259/VTC.p.h.p.part1.rar
http://www.filesonic.com/file/32308093/VTC.p.h.p.part2.rar
Sunday, November 14, 2010
Computer Scientist, Student Design Software to Combat Hacking Using Keystroke Anti-Spoofing Technique
One of the serious threats to a user's computer is a software program that might cause unwanted keystroke sequences to occur in order to hack someone's identity. This form of an attack is increasing, infecting enterprise and personal computers, and caused by "organized malicious botnets," said Daphne Yao, assistant professor of computer science at Virginia Tech.
To combat the "spoofing attacks," Yao and her former student, Deian Stefan, now a graduate student in the computer science department at Stanford University, developed an authentication framework called "Telling Human and Bot Apart" (TUBA), a remote biometrics system based on keystroke-dynamics information.
Their work won a best paper award at CollaborateCom '10, the 6th International Conference on Collaborative Computing, held in Chicago and sponsored by the Institute of Electrical and Electronic Engineers' Computer Society, Create-Net, and the Institute for Computer Sciences.
Tuesday, November 9, 2010
A PRACTICAL WAY TO FIND ADMINISTRATOR WEB PAGE
Administrator web page is the most important pages in a web. Because, from here a web control facilities. One of the hacking technique which is still popular is trying to find the administrator account on this page through a variety of techniques such as exploits, bruteforce, SQL Injection and also include requesting assistance with a number of software password hacking.
Regardless of any technique, hackers agree if the administrator page is one of the most essential web pages and the most search for exploitation. Typically, the administrator page url address is http://www.sitename.com/admin.php, http://www.sitename.com/admin.html and so forth.
Because of the susceptibility of admin pages, its url address recently deliberate in secret by using the unique url address to make difficult to guess, at least give a little trouble on the hackers to find it.
The groups of Indian hackers (Indian Cyber Army), released a site called Admin finder that can help us to find administrator page. The web address is: http://adminfinder.cyberarmy.in/.
On a black background sites, we only are asked to enter the url address of a target site with the end slash mark (/), then press the Submit Site Bottom. AdminFinder will look for administrators pages. administrators web pages will be displayed with a description in the left column. If found, will be given a description "Found!" with Red color. While that does not exist, will be given a "Not Found!" description with yellow color. The red color with the description "Found!" is the administrator page. It’s easy right?.
Regardless of any technique, hackers agree if the administrator page is one of the most essential web pages and the most search for exploitation. Typically, the administrator page url address is http://www.sitename.com/admin.php, http://www.sitename.com/admin.html and so forth.
Because of the susceptibility of admin pages, its url address recently deliberate in secret by using the unique url address to make difficult to guess, at least give a little trouble on the hackers to find it.
The groups of Indian hackers (Indian Cyber Army), released a site called Admin finder that can help us to find administrator page. The web address is: http://adminfinder.cyberarmy.in/.
On a black background sites, we only are asked to enter the url address of a target site with the end slash mark (/), then press the Submit Site Bottom. AdminFinder will look for administrators pages. administrators web pages will be displayed with a description in the left column. If found, will be given a description "Found!" with Red color. While that does not exist, will be given a "Not Found!" description with yellow color. The red color with the description "Found!" is the administrator page. It’s easy right?.
Computer Scientist, Student Design Software to Combat Hacking Using Keystroke Anti-Spoofing Technique
One of the serious threats to a user's computer is a software program that might cause unwanted keystroke sequences to occur in order to hack someone's identity. This form of an attack is increasing, infecting enterprise and personal computers, and caused by "organized malicious botnets," said Daphne Yao, assistant professor of computer science at Virginia Tech.
Subscribe to:
Posts (Atom)