A good website that issue guides on how to do a build review of a device or application.
Category Archives: Resources
Webapps
Cisco
Privilege Escalation
dankalia- Hacking Linux Part I: Privilege Escalation
pretentiousname- Windows 7 UAC whitelist
pentestmonkey- Post-Exploitation Without A TTY
pretentiousname- Windows 7 UAC whitelist:Proof-of-concept source code
secmaniac- Bypass Windows 7 x86/x64 UAC Fully Patched
priv- windows-privesc-check
File Include (Local & Remote)
digininja – When All You Can Do Is Read
labs.neohapsis – Tricks of the Trade
inswomniasec – LFI with phpinfo Assistance
websec – Exploiting PHP File Inclusion Overview
Tunnelling & Pivoting
pauldotcom- SSH gymnastics with proxychains
digininja- Nessus Through SOCKS Through Meterpreter
coresec- Reverse Shell Techniques for Linux
pauldotcom- Python One Line Shellcode
gnucitizen- Reverse Shell with Bash
bernardodamele- Reverse shells one-liners
secmaniac- Creating a 13 line backdoor worry free of A/V
hdesser- Get a meterpreter reverse shell through SSH tunnel
pentestmonkey- Reverse Shell Cheat Sheet
Pentesting Lab Resources
Here are some useful links to add to your pen testing lab.
Complete Operating Systems
Kioptrix
Hackademic
De-ICE
pWnOS
(Offline) Web Based
BadStore
Hackme Bank (McAfee)
Hackme Casino (McAfee)
Hackme Books (McAfee)
Hackme Shipping (McAfee)
Hackme Travel (McAfee)
Broken Web Apps Project (OWASP)
Bonsai Moth
Web Security Dojo (Maven)
Webgoat (OWASP)
Damn Vulnerable Web App
SecuriBench (Stanford)
Vicnum (ipsaplus)
(Online) Web Based
PCTechTips – pwn3d the login form
XSS Me
Can You XSS This?
Test x5s
XSS Progphp
XSS Quiz
Wireless
Wireless Defence - Welcome to the Wirelessdefence.org – knowledge-base: A Wireless LAN (WLAN) security site provided for 802.11
Old Software Versions
Old Apps - Download, request, and get information on many old versions of software.
Tools
Default Router Password List - Default password for routers
Top 100 Network Security Tools – List of top security tools
Security Xploded - Useful tools and information
Social Engineer - Social Engineering – Exploiting Human Vulnerabilities.
aircrack-ng – Tool for cracking WEP and WPA
The Hackers Choice – Information and tools
fuzzdb - Lots fuzzing stuff great with dirbuster
Nmap- Nmap nse documentation
LATEST VULNERABILITIES
- [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin May 22, 2013
- [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin May 22, 2013
- Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities May 22, 2013
- VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own) May 22, 2013
- VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own) May 22, 2013
SECURITY NEWS
- Blue Coat gobbles CCTV-for-network-traffic maker Solera May 22, 2013
- Camby cash crypto-coders Cronto chomped on pronto by Vasco May 22, 2013
- Facebook teens' kimonos - basically never closed May 22, 2013
- Aurora attack tried to pinch secret list of Chinese spies May 22, 2013
- Embedded systems vendors careless says Metasploit author May 22, 2013