Search
Recent Post
- How To Exploit A Format String Vulnerability
- Playing With Dns And Domain Names
- How To Get A Person Ip Via Msn Or Yahoo Ect.
- CR-LF injection(carriage return- line feed injection)
- [PAPER] Self spreading Malware for Soho Routers
- Assault On Oracle Pl/sql - Injection
- PHP modify PE header
- Safe Mode Bypass PHP 5.2.5 & 5.2.6
- Local File Inclusion Mysql Get Password
- [Video] Acquire root using c99 shell
Recent Comments
- admin:Sure :)
- Reader:Good work! Thank you very much
- Mr WordPress:Hi, this is a comment.To
Popular
- Local File Inclusion Mysql Get Password (02-01-2009)
- 200 Best Hacking Tutorials (01-22-2009)
- Hacking Windows Administrator Password (01-22-2009)
- Top 10 Tricks to exploit SQL Server Systems (01-22-2009)
- Vodafone Hack for Free GPRS (01-22-2009)
- How To Exploit A Format String Vulnerability (02-01-2009)
- Removing Windows Messenger (01-22-2009)
- Safe Mode Bypass PHP 5.2.5 & 5.2.6 (02-01-2009)
- Run Program From Memory And Not File (01-22-2009)
- New Folder.exe Virus remove (01-22-2009)
Full MSSQL Injection PWNage
February 2nd, 2009######
Info
######
Title : Full MSSQL Injection PWNage
Author : ZeQ3uL && JabAv0C
Team : CWH Underground [www.milw0rm.com/author/1456]
Website : cwh.citec.us / www.citec.us
Date : 2009-01-28
##########
Contents
##########
[0x00] - Introduction
[0x01] - Know the Basic of SQL injection
[0x01a] - Introduction to SQL Injection Attack
[0x01b] - How to Test sites that are Vulnerable in SQL Injection
[0x01c] - Bypass Authentication with [...]
How To Exploit A Format String Vulnerability
February 1st, 2009I was writing a paper on format string vulnerabilities, but while doing some additional research i’ve found the following paper which already explains it all, so i decided to stop writing about format string vulnerabilities and put a link to this paper here:
here’s the paper: /http://doc.bughunter.net/format-string/exploit-fs.html
Exploiting Format String Vulnerabilities
Written by : scut / team teso
* [...]
Playing With Dns And Domain Names
February 1st, 2009Introduction
============
Information gathering on a target is a very important step in the process of evaluating the security of a remote host. This article will deal with many details you can get on a host starting from a simple domain name.
Note: This article will only deal with the information gathering part and won’t go in the [...]
How To Get A Person Ip Via Msn Or Yahoo Ect.
February 1st, 2009there are basically 2 methods you can use to get the Ip of the person
1. you need to make a direct connection with the person so you can get the Ip of the . here are the simple steps to follow
first goto command prompt and type in netstat -n it will give you the ips [...]
CR-LF injection(carriage return- line feed injection)
February 1st, 2009CRLF injection:CR (Carriage Return) and LF (Line Feed) are traditionally commands you may recognize from using typewriters and printers. Carriage Return would send the print head back to the start of the current line, whilst Line Feed moved the paper up one line. So, after completing one line of typing/printing both CR and LF commands [...]
[PAPER] Self spreading Malware for Soho Routers
February 1st, 2009_ABSTRACT_
So called Soho (Small home and office) routers have become extremely
popular in the last few years. While the good guys where busy trying to prevent
malware from infiltrating their desktop systems, the bad guys had gone one step
ahead of the game and started to experiment with these devices.
Close to nobody pays attention to the security of [...]
Assault On Oracle Pl/sql - Injection
February 1st, 2009In this paper I will be discussing Injection into Oracle PL/SQL database objects. Like many vulnerabilities PL/SQL Injection is possible because user input is not validated or in other cases the validation is not sufficient and can be bypassed.
This paper will cover a bit of Information on Oracle Application Express (APEX) which I will be [...]
PHP modify PE header
February 1st, 2009<?php
$myFile = “test.exe”;
$fh = fopen($myFile, ‘r’);
$theData = fread($fh, filesize($myFile));
fclose($fh);
$A=chr(0×41);
$str_hex = bin2hex($theData);
$len = count($str_hex);
for ($i=0;$i<12;$i++)
{
$str_hex[$i] = $A;
$str_bin = pack(’H*’, $str_hex);
}
$myFile = “File.exe”;
$fh = fopen($myFile,’w’);
fwrite($fh, $str_bin);
fclose($fh);
?>
Share and Enjoy:
Safe Mode Bypass PHP 5.2.5 & 5.2.6
February 1st, 2009http://asapload.com/204031
Share and Enjoy:
Local File Inclusion Mysql Get Password
February 1st, 2009Watch the Video
http://rapidshare.com/files/171941916/localfileinclusionmysqlgetpassword.rar
This is purely for Educational Purposes only
Share and Enjoy: