Sunday, 23 February 2014

Python language tutorials

[Image: i9oKG.png]

What is Python?
- Python is an interpreted, high-level, programming language. Used in many applications and for many purposes. It was designed to be easy to read and does this by using something that most programming languages don't use, whitespace. Whitespace is the indention of lines code, through tabbing (or manually adding spaces). It supports multiple programming styles, and can be implemented as scripts or through other methods.

Why Python?
- Python has many uses and is easy for beginning programmers to learn. It can be useful if you continue to use it, but also if you're only learning it to understand the mechanics of programming and/or scripting.

What is wxPython?
- wxPython is a GUI tool kit that can be used with the Python programming language. It is used by programmers to easily create functional GUIs that are crossplatform. It is currently supported by 32-bit windows OSes, most Unix and Unix-like systems, and Macintosh. 

What is Tkinter?
- Tkinter is Python's default GUI tool kit. It isn't the only tool kit available for Python, but it is the most widely used. 

Which should I choose?

how to bypass bypass XSS filters

Introduction

XSS is one of the most common web vulnerability, XSS attacks are often overlooked by administrators while there are a lot of way to exploit this vulnerability.
In this tutorial i will explain how to bypass xss filters with few tricks.

Remember first you must know XSS attack vectors because there are different way to attack with Cross Site Scripting and the vulnerability might not be where we think it is. Sometimes the vulnerability is exploited via the $_GET method, but the vulnerability may also be exploited via $_POST, $_COOKIE or $_SERVER.
Required

Saturday, 22 February 2014

Metasploit Ultimate introduction

[Image: wevzP.jpg]

Metasploit is a tool used to exploit vulnerabilities in daemons running on an open port. It is extremely powerful tool that is not easy to control. Many speak of vulnerabilities without defining them first. So:

What is a vulnerability?

A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. Not all vulnerabilities are dangerous and not all of them are exploitable. They can be often found in outdated applications, services or operating systems. Now that we understand what being exploitable means, what is an exploit itself?

What are exploits?
Exploits are highly specialized small programs, whose only purpose is to take advantage of a vulnerability and deliver a payload, which will grant attacker the control. Metasploit is a great tool that has a vast number of exploits. I will cover using some of them later on. So, if it's purpose is to deliver a payload, what is payload?

Buffer Overflow
Buffer Overflow is a common method used to make exploits. How does it work?

Imagine a glass of wine. You're thirsty and you want to drink it. You keep pouring it into the glass, but at one point, the wine will have filled the glass and it will leak outside of it, on your carpet. This is exactly what buffer overflow is. It happens when a program or file writes data to a buffer and overflows it. It leaks into adjacent memory and overrides it. That way we get our malicious part to execute.

What is a payload?

Payload is delivered by exploit and is used to control the remote system.Think of it this way: Exploit is like terrorist that is carrying a bomb in his backpack. He enters the system and leaves his backpack there. Most popular and widely known payload is meterpreter, that has a lot of features. With it you can Browse remote files, downlaod them, upload your own, capture keystrokes, take screenshots, open DOS, and pivot to another machine as well. Through meterpreter, you can pivot and attack machines in networks that are not your own.

The first step to success is a small one. You can not learn without studying. That's why you have to get your hands dirty, and start the quest of searching. But before that, let's just talk a little about Metasploit.

Metasploit 

Metasploit and all of it's exploits are written in Ruby. Metasploit has four interfaces.

  • MsfCli
  • MsfConsole
  • MsfGui
  • Armitage

I will be going in detail about MsfConsole and Armitage.

You can run metasploit in both Windows and Linux.

  • Windows -Download it here.
  • Use BackTrack. BackTrack is linux made entirely for Pentesting purposes. It has a vast number of amazing tools that you will be using. Metasploit is one of them.
[Image: hRZqs.jpg]

Nmap

Nmap uses raw IP packets to determine if host is up or down, if he uses a firewall or not, which ports are open, what services are running on the remote system and their version. Nmap's GUI is called ZenMap. But we will not be using that today. Nmap is built in feature of Metasploit, so you won't have to download anything. Open Metasploit console and type: Nmap (IP Address) -(options that you want)

The Difference Between a DoS and a DDoS Attack

I am getting sick and tired of people making this mistake- I suppose I could understand because the difference in names is so small; but the difference in meanings is huge as far as Data flooding goes, aDoS (Denial of Service) is NOT a DDoS (Distributed Denial of Service)...There IS a Difference, Let me Define both of them: