BackTrack Box

if yesterday i’ve post one issue that present at WHITEHAT 2008 junction at dubai this is the reverse one, this is one issue that BLACKHAT junction at amsterdam 2008, there are some thing different if you read both of the slide from WHITEHAT and BLACKHAT the first is talking about fact on vulnerable,hacking attack possibility and of course how to prevent it.the second one not talking to much, it just show code and the latest exploit that we can use, this is one of code that i get at the slideshow.this one abotu DHCP name poisoning attack , i’ll just post the code here

Read the rest

wow,this must be good isn’t it? this listed by Jeremiah Grossman,Founder & CTO WhiteHat Security on a persentation at Dubai 17thMay2008, i wont list it here, because it a huge list, and picture below is show
the Likelihood that a website has a vulnerability, by Class :

Read the rest

i’m really busy this several day and may be it will keep like this until next month, and i’m sorry i can’t post daily like usual  coz this thing make me really busy and take all my concentrate, but of course i’ll keep post at this site, may be 2 day per post or if i have time i’ll post daily again, on this post i’d like to post some google dork to do information gathering on the net, on some server, this will be contain juicy information just try one by one and if you interested do stop just using dork i give , be more creative, explore guys ! this is list of google dork or Querying for application-generated system reports

Read the rest

like i’ve posted at my previous articles that the XSS era has come, sql injection , rfi and lfi is so last year , now is the xss time! so i decide to do xss walkthrough just want to give us more information about xss. i’ve read all xss articles at xssed.com but i thing very good guide is this one, i got this from milw0rm.com wrote by t0pP8uZz.here is some link to get more information about xss and how to xss

Read the rest

just have little chat with my senior ,this start with a small talk to very long and knowledgeable chat. , first i’d like to describe about this senior, he is really master on networking,he is sourceforge contributor, all poeple at my campus see him as a “guru”, he’s the best in linux and networking, but never tought he is he hackers :D. at the first time i don’t as is he can do hacking or not i just as about middle ware to him, yeah middle ware i get confused with the concept about this one.

Read the rest

i wont tell like “first look find technique”, this some kind trying your luck, i think this is the most common technique used by all hacker,beside using script this more reliable way to find because sometimes we need to edit or explore more. if you want to try simple way to get a xss vulnerable site just put a simple javascript like this :

<script>alert(’Backtrackbox.com’)</script>

or
Read the rest

it’s pretty odd that people still searching where they can get a root shell , i found a lot report from tracking keyword at my site that search c99 download or r57 download , i think i’ve post how to get a root shell here(i’m to lazy to find out). but if i suer that i post how to get rootshell using google dorks,just try to put this at google “inurl:r57″ you can add r57.txt or r57.php if you type the last one , you’ll find a backdoor shell at hacked server. just try it.if you want to download the script  just type the first one, or download it here http://hostfile.org/viewfile.php?file=r57.php

but if you want more cools thing here we go, a script for finding Root Shell such as

r57 - find r57shell
c99 - find c99shell
mys - find MyShell

Read the rest

intitle:index.of passwd
intitle:”Index.of..etc” passwd
intitle:index.of pwd.db passwd
intitle:index.of ws_ftp.ini
intitle:index.of people.lst
intitle:index.of passlist

Read the rest

i’ve post about pimping the command prompt at windows to make it look and have a command like linux, this is very great news if you’re windows users and want to feel how to using linux, you don’t need editing anythings, just get this packages

Read the rest

great tools made by CULT OF THE DEAD COW (cDc) called Goolag, Googlag Scanner is a Web auditing tool. It works by exploiting data- retention practices of popular search engines. We would like to thank everyone who contributed to this project, especially Google, without whom this fearsome software would not be possible.

Goolag Scanner is a standalone windows GUI based application. It uses one xml-based configuration file for its settings. All dorks coming with the distribution of gS are kept inside one file.

Read the rest

Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution.The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone.

Read the rest

i’ll give you the straight explanation here. assume that you have read null byte exploitation article here so you can understand what is null byte is. We will be using the null byte to trick a cgi file into displaying it’s own code! we are able to exploit perl cgi files on the web. The first example shows of a cgi page that uses the following to access .html pages:

Read the rest

Read the rest

i’ve post about this Ssh brute force code (if you dont read it here) another code wrote by d3hydr8 owner of darkc0de.com i see it yesterday, a good script coded using python with some additional that we can brute force the ssh connection for some ip range,it simple to use as you can see below :

Read the rest