What is this post?

Today we present a free plugin, developed by me, so you can use thesqlmap from BurpSuite so really comfortable.

Why this plugin?

Almost always we audit a website the first thing we usually do is put an intermediate proxy to have more control over what we send to it. For some reasons I use as a proxy BurpSuite.

https://h4cker.cn/pentest/82.html

While on a penetration test it is sometimes necessary to pull hash files from windows systems to crack weak passwords.  You could easily do this with a Metasploit meterpreter session, but sometimes I like to do it without exploiting the box.  Also doing it remotely over the network without a user’s knowledge is always a big plus.  This method isn’t always usable and available, but in the right situation we can use an NMAP script called pw-dump.nse to do this.

http://www.youtube.com/watch?v=AdIWl0gkynk&feature=player_detailpage

大家可以站在墙头观摩... 顺便注意下最后一秒！

      HTTP（HyperTextTransferProtocol）是超文本传输协议的缩写，它用于传送WWW方式的数据，关于HTTP协议的详细内容请参考RFC2616。HTTP协议采用了请求/响应模型。客户端向服务器发送一个请求，请求头包含请求的方法、URI、协议版本、以及包含请求修饰符、客户信息和内容的类似于MIME的消息结构。服务器以一个状态行作为响应，相应的内容包括消息协议的版本，成功或者错误编码加上包含服务器信息、实体元信息以及可能的实体内容。
　　通常HTTP消息包括客户机向服务器的请求消息和服务器向客户机的响应消息

Presentation slides from here

Oftentimes during a penetration test engagement, a bit of finesse goes a long way. One of the most effective ways to capture the clear-text user password from a compromised Windows machine is through the "keylogrecorder" Meterpreter script. This script can migrate into the winlogon.exe process, start capturing keystrokes, and then lock the user's desktop (the -k option). When the user enters their password to unlock their desktop, you now have their password. This, while funny and

This was one of the newer topics that I covered at BlackHat Abu Dhabi. HTML5 has two APIs for making cross domain calls - Cross Origin Requests and WebSockets. By using them JavaScript can make connections to any IP and to any port(apart from blocked ports), making them ideal candidates for port scanning.

Metasploit 3.4.2 on the iPhone 4

Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET. You need to have a Jailbroken iPhone with SSH access for this. You will also need to install nano and APT 0.7 Strict via Cydia. Getting everything up and ru

/index.php?app=../../../../../../../../etc/passwd%00.

作者：zwell

reDuh最开始是由SensePost在BlackHat USA 2008会议上发表的一个议题中的一部分。它的出现是针对当前Web安全渗透测试经常会面临的一个问题，同时也是Web服务器加固方面一个很重要的部分， 那就是Web服务器对外只开放一个80端口。Web服务器的安全防护可以是操作系统的端口定制或者是网管防火前的端口定制。这时渗透测试人员如果想进一步 测试内网的话必须先拿下目标服务器并拥有一定的控制权限。