Web Application Security Mode:
(Page 10 of 333)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
Re: hydra and HTTP NTLM 2012-05-24
_ (packetnull gmail com)
what kind of attack have you done so far?

On May 24, 2012, at 6:17 AM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:

> On 24 May 2012 13:06, _ <packetnull (at) gmail (dot) com [email concealed]> wrote:
>> http ntlm is IIS based windows auth.
>
> Yes but I still don't know how to attack it.
>
> Robin
>
>> On May 23, 2012, at 6:1

[ more ]  [ reply ]
Re: [Pauldotcom] hydra and HTTP NTLM 2012-05-24
Robin Wood (robin digininja org)
On 24 May 2012 13:36, Tony Turner <tony_l_turner (at) yahoo (dot) com [email concealed]> wrote:
> Have you tried http://www.foofus.net/~jmk/tools/FPbrute.pl yet? Or is there
> a reason you wanted to use Hydra?

I've tried that but it seems to expect the login request for a simple
GET. I'm testing a FrontPage install which allow

[ more ]  [ reply ]
hydra and HTTP NTLM 2012-05-23
Robin Wood (robin digininja org) (1 replies)
Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
to brute force a MS Front Page login which only asks for
authentication when the OPTIONS method is used as far as I can tell.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Befor

[ more ]  [ reply ]
Re: hydra and HTTP NTLM 2012-05-24
_ (packetnull gmail com) (1 replies)
Re: hydra and HTTP NTLM 2012-05-24
Robin Wood (robin digininja org)
t2'12: Call for Papers 2012 (Helsinki / Finland) 2012-05-11
Tomi Tuominen (tomi tuominen t2 fi)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# t2'12 - Call For Papers #
Helsinki, Finland
October 25 - 26, 2012

We are pleased to announce the annual t2'12 infosec conference, which
will take place in Helsinki, Finland, from October 25

[ more ]  [ reply ]
A survey on web application attacks 2012-05-10
Hannes Holm (Hannes Holm ics kth se)
Hi webappsec subscribers,

I am researching the domain consensus regarding the effectiveness of different web application firewalls (WAF)s and would be glad if you could spare a few minutes of your time to answer a survey on the topic.

By completing this survey you will:

* Help build valuable d

[ more ]  [ reply ]
Abusing Password Managers with XSS 2012-04-25
mastah yeti (mastahyeti gmail com)
New post on abusing password managers through xss.
http://labs.neohapsis.com/2012/04/25/abusing-password-managers-with-xss/

--
-mastahyeti

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthChe

[ more ]  [ reply ]
[HITB-Announce] HITB Magazine Issue 008 (now with print edition!) 2012-04-23
Hafez Kamal (aphesz hackinthebox org)
The 8th issue of the HITB Quarterly Magazine is now available for download!

http://magazine.hitb.org/

This edition is a little bit 'lighter' than previous issues as the
editorial team is busy working on an extra special release for our 10th
year anniversary conference in October, HITBSecConf2012 -

[ more ]  [ reply ]
Ruxcon 2012 Call For Papers 2012-04-19
cfp ruxcon org au
Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the

[ more ]  [ reply ]
Passwords^12 : Call for Presentations 2012-04-15
Per Thorsheim (per thorsheim net)
For the third time I am happy to announce a Call for Presentations for
Passwords^12.

Passwords^12 will be held at the University of Oslo (Norway) on December
3-4, 2012. The 2-day conference will be free and open for anyone to
attend. Please do note that our primary audience will be academics and
se

[ more ]  [ reply ]
winAUTOPWN v3.0 Released 2012-04-17
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 3.0

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a
Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.
C4 - WAST gives users the freedom to select individ

[ more ]  [ reply ]
SEC Consult whitepaper :: The Source Is A Lie 2012-04-17
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab released a new whitepaper titled:
"The Source Is A Lie"

Abstract:
---------
Backdoors have always been a concern of the security community. In
recent years the idea of not trusting the developer has gained momentum
and manifested itself in various forms of source code

[ more ]  [ reply ]
OWASP ZAP 1.4.0 released 2012-04-08
psiinon (psiinon gmail com)
Hi folks,

I'm very pleased to announce that version 1.4.0 of the OWASP Zed
Attack Proxy (ZAP) has now been released.

This release adds the following main features:
* Syntax highlighting
* fuzzdb integration
* Parameter analysis
* Enhanced XSS scanner
* A port of some of the Watcher checks
* Plugab

[ more ]  [ reply ]
Re: Time based Blind SQL injection 2012-03-30
martin mngoma gmail com
Hi guys

Just off the topic, can any of you help me.

I need a vulnerability scanner that can scan WCF web services (silver light technologies )as acunetix does not support wcf yet.

All help will be appreciated

Thanks

Martin

Sent from my BlackBerry® wireless device

-----Original Mess

[ more ]  [ reply ]
Re: Time based Blind SQL injection 2012-03-29
Yiannis Koukouras (ikoukouras gmail com)
So, the only difference, from other tools out there, is the support of TAB(%09)?

Am I missing something?

Thanks for sharing! :)

Cheers,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
---

On

[ more ]  [ reply ]
Re: Time based Blind SQL injection 2012-03-29
Yiannis Koukouras (ikoukouras gmail com)
Cool, I just wanted to be sure I didn't miss anything else...

Again thanx for sharing! :)

Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras

On Thu, Mar 29, 2012 at 4:50 PM, Danux <danuxx@gmail.

[ more ]  [ reply ]
winAUTOPWN v2.9 - As [ C4 - WAST ] 2012-03-21
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

It has been more than 3 YEARS since the first version of winAUTOPWN.
This is to announce release of winAUTOPWN version 2.9

This version introduces an improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS
TRANSGRESSOR GUI [ C4 - WAST ]
C4 - WAST gives the user the freedom to select individ

[ more ]  [ reply ]
FBController - (Facebook Control Utility) version 4.0 { With 0-DAY Features } 2012-03-15
QUAKER DOOMER (quakerdoomer inbox lv) (1 replies)
FBConTroller v4.0 - (Facebook Control Utility) version 4.0 - With 0-DAY Features

After an exile of almost 2 years and 3 months, FBController is back !
FBController - The Ultimate Utility to Control Facebook accounts without the Password is
now version 4.0

Let me clear this again like every time

[ more ]  [ reply ]
[HITB-Announce] HITB2012AMS SIGINT - Call for Submissions 2012-03-08
Hafez Kamal (aphesz hackinthebox org)
This is a call for submissions for the HITB SIGINT sessions at
HITB2012AMS - The third annual HITB conference in Amsterdam taking place
at the Okura from the 21st - 25th of May.

The HITB SIGINT (Signal Intelligence/Interrupt) sessions are designed to
provide a quick 15 - 30 minute overview for mate

[ more ]  [ reply ]
Re: Help with referer issues in XSS 2012-03-07
Yuping Li (lyp20062392 gmail com) (2 replies)
Hi,

Thanks for all your response. The premise of my situation is that
there is a XSS bug in the site, and I want to utilize this vul to do
something more, for example, forge some post requests in my js code,
you may recall the glorious "Samy" story here. But the server is now
checking the referer f

[ more ]  [ reply ]
Re: Help with referer issues in XSS 2012-03-07
Benedetto Nespoli (benedetto nespoli gmail com)
RE: Help with referer issues in XSS 2012-03-07
Alan Tatourian (alan tatourian com)
Help with referer issues in XSS 2012-03-02
Yuping Li (lyp20062392 gmail com) (1 replies)
Hi, all

Suppose there is a reflect XSS vulnerability in a pop SNS, but this
site is "concerned" about security, so they check the referer field of
certain POST request to make sure that they are normal and correct. Is
it possible for me to bypass this check within javascript? It seems
that I can't

[ more ]  [ reply ]
Re: Help with referer issues in XSS 2012-03-06
gorka - (ray bradbury9 gmail com)
Re: [WEB SECURITY] Help with referer issues in XSS 2012-03-05
Stefano Di Paola (stefano dipaola wisec it)
Also check for:

5. www.example.com.attacker.com/.. as the referrer

just in case the referrer checking regexp is broken.

Cheers
Stefano

Il giorno ven, 02/03/2012 alle 18.30 -0800, super evr ha scritto:
> Here's a couple things to try that I've learned in my experience.
>
> First you can find o

[ more ]  [ reply ]
RE: Directory Scanner 2012-02-14
Calderon, Juan Carlos \(GE, Corporate, consultant\) (juan calderon ge com)
Oops one last comment,

If you implement option 2, do not show different error messages when
file exist or when user cannot access it, show a generic "document is
not available for you" or similar message. Otherwise, enumeration is
still possible although you cannot have immediate access to the do

[ more ]  [ reply ]
RE: Directory Scanner 2012-02-14
Calderon, Juan Carlos \(GE, Corporate, consultant\) (juan calderon ge com)
Darn, you are correct Henry, I guess I just read too fast.

Refocusing the answer, There are 2 alternatives I would suggest

1. You can implement HTTP Digest/Challenge authentication (no BASIC
authentication please, unless you have SSL) on the files directory
2. If you have forms authentication, Imp

[ more ]  [ reply ]
Re: Directory Scanner 2012-02-14
Taras (oxdef oxdef info)
IMHO, the topic starter need to answer on the one question: what risk do
I want to reduce? Risk of unathorized access to these *private* PDF
documents? Ok, you need to implement authorization to access these pages.

09.02.2012 16:36, Vedantam Sekhar пиÑ?еÑ?:
> Hi,
>
> Probably you can implemen

[ more ]  [ reply ]
(Page 10 of 333)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus