BackTrack Box

i’m sorry not post any articles for a long time. i’m so fucking busy, so many task to do. here some simple articles. for n00b only. coz it is very simple.
this is very simple backdoor script that i always used.just put at the htdocs or where ever the default root path set by the admin. […]

like i’ve posted at my previous articles that the XSS era has come, sql injection , rfi and lfi is so last year , now is the xss time! so i decide to do xss walkthrough just want to give us more information about xss. i’ve read all xss articles at xssed.com but i thing […]

i wont tell like “first look find technique”, this some kind trying your luck, i think this is the most common technique used by all hacker,beside using script this more reliable way to find because sometimes we need to edit or explore more. if you want to try simple way to get a xss vulnerable […]

intitle:index.of passwd
intitle:”Index.of..etc” passwd
intitle:index.of pwd.db passwd
intitle:index.of ws_ftp.ini
intitle:index.of people.lst
intitle:index.of passlist
Related PostsPassword Stealing using Google dorkIn theory, everyone knows that passwords should not reside on post-its stuck to the monitor or under…CGI Exploitationi’ll give you the straight explanation here. assume that you have read null byte exploitation articl…How To Prevent Remote/Local File Inclusion Exploits#1
after wrote how to hack […]

great tools made by CULT OF THE DEAD COW (cDc) called Goolag, Googlag Scanner is a Web auditing tool. It works by exploiting data- retention practices of popular search engines. We would like to thank everyone who contributed to this project, especially Google, without whom this fearsome software would not be possible.
Goolag Scanner is a […]

Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution.The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone.

Related PostsXss Walkthroughlike i’ve posted at my previous articles that the XSS era has come, sql injection , rfi and lfi is s…Step […]

i’ll give you the straight explanation here. assume that you have read null byte exploitation article here so you can understand what is null byte is. We will be using the null byte to trick a cgi file into displaying it’s own code! we are able to exploit perl cgi files on the web. The […]

very good video hacking tutorial i found yesterday, another great stuff on remote-exploit.org it explain how to hack or sniff password from a forums base website. it very simple and have a great explanation. i think this one cannot applied to all forums base site. but this one tell us the concept. how to do […]

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. There are slight differences between SSL and TLS, but they are substantially the same

Sniffing SSL ? wanna try this […]

highly critical issue i found several day ago that wordpress 2.3.3 has vulnerability.and it has posted smackdown.blogsblogsblogs.com, shoemoney.com and even at the wordpress forum. i hope all fixed because wordpress has release the newest version.
but another vulnerability has found by BL4CK an author from milw0rm.com that another wordpress plugin vulnerable can be injected […]

this is continuing my post about step by step hacking website,after discuss about sql injection,xss cookie stealer,cookie manipulation and RFI , now we will discuss about Null Byte, First of all, what is a ‘Null Byte’? A null character/null byte/null terminator is a character with a value of zero that is shown in the ASCII […]

Although Remote File Inclusion (RFI) exploits are very simple and are only found in about 1 in every 10 sites - they are still allot of fun to exploit. In this tutorial i will show you how to take advantage of this coding error and possibly take control of the site.
A Remote File Inclusion […]

first, i’d like to say sory coz i have not write anything for few day. i got fever, and feel really bad man. thanks god i got better now. but i’m still cannot write my own articles coz some bussiness must get done and it make me very busy. so i’ll post the continuing for […]

First technique about SQL Injection Penetration Test is done, and now we’ll discuss about XSS, XSS (or CSS) stands for Cross Site Scripting is how to inject code into a guest book or insecure forum so that the userscookies will be logged.
 
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web […]

This method is one of the more advanced SQL Injection methods. There are three steps.First, we have to generate an error so that we can see the table names (so that we can create a privileged account). Next we have generate a slightly different error to gain another important table name. Finally, we will inject […]