SSH is a network protocol which allows you to connect the remote computer securely, SSH is just like telnet but telnet is not secure while SSH is a secure channel for communication. We have already discussed SSH before and in this tutorial I will show you how to crack a SSH to get the password because if you know the username and password then it is very for an attacker to get the remote shell of the victim.
Archive for July 2012
Posted in: EH Security, Exploit, Hacking, Iframe, Infosec, Pen-Testing, Tutorial, Vulnerability, Web Security
Web application security is always an important topic to discuss because websites seem to be the first target of malicious hackers. Hackers use websites to spread their malwares and worms, and they use the compromised websites for spamming and other purposes. OWASP has created an outline to secure a web application from the most dangerous vulnerabilities in web application, but it is always good to be actively learning about the new weaknesses and the new ways that an attacker might use to hack into a web application.
The basic idea we (the spt project) had was that wouldn’t it be cool if there were a simple, effective, easy to use and free (most importantly!) tool that information security professionals could use to evaluate and train what we all know is the weakest link in any security minded organization: the people. Since the founders of the spt project are themselves information security professionals by day (and possibly either LOL cats or zombies by night), they themselves faced the frustration of dealing with people within their own organizations that claimed to know better, but 9 times out of 10 fell for the most absurdly obvious phishing emails ever seen.
OWASP has categorized the top 10 vulnerability for web application, website hacking is very common now a days so the security testing on a web application is very important because it seems to be very difficult to recover a data after a hacking attack. OWASP top 10 is a standard to conduct a penetration testing on a web server, we have discussed the first part of this article before and this article will discuss the remaining part.
Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks.
We have previously discussed the Penetration testing Linux distribution Bugtraq and the bugtraq team has released the final version called bugtraq-1 final, the team offers the most comprehensive distribution, optimal, stable and automatic security to date. Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can install from a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel and the kernel has been patched for better performance and to recognize a variety of hardware, including wireless injection patches pentesting other distributions do not recognize.
Posted in: EH Security, EH Tips, Guest Post, Hacking, Infosec, OWASP, Pen-Testing, Tutorial, Web Security
Once upon a time there was no Internet and there was no concept of the Web. But time has passed and today we have a technology called the Internet.
In earlier versions of the Internet there were only static web pages with limited ability to interact with users. Today every business has its own identity on the Internet and there is advance commerce taking place online. Businesses depend on the Internet because of its high flexibility and speed. The main point I want to discuss is the importance of web applications. The era of static web pages is over and now we have user-friendly web pages that built from multiple types of scripts (Perl, PHP, ASP, etc.).
There was a challenge has been published on the blog to find the secret message(s) hidden on the images, the challenge contain the brief information of the background story and the requirements it was a small practice so that everyone can evaluate their knowledge and skills. So in this article I will show you the technique to find the hidden message and I will announce the name of the people who has successfully found the messages.
Certifications are very important in the field of information security. There are various organizations out there who provide different certificates that measure an individual’s skills from beginner to advance and which even include qualifications for the managerial aspects of information security. You might have heard about different certifications like skill sets such as ethical hacking, computer forensics, and most definitely, CISSP. A Certified Information Systems Security Professional (CISSP) is an individual who has acquired a skill set recognized internationally by the International Information Systems Security Certification Consortium; formally known as (ISC)2.
CrystalAEP is designed to provide frontline protection against Internet-borne threats such as viruses and malware. Unlike the typical anti-virus program, Crystal does not attempt to recognise threats based on signatures, and does not require constant updating to protect against the latest threats. Crystal works instead by manipulating at-risk software while it runs to help form an environment which is hostile to Internet worms, malware and other types of malicious code.
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.