542 Notes

Supplementary random and non-comprehensive notes/links from interacting with fellow students in the Sec542 class =)

Sites for students that I’ve mentioned:

Setting up a Webapp Pentesting Lab by Security Aegis
Pentest Framework
http://pentest.cryptocity.net/
Metasploit Unleashed
www.pentesterscripting.com
Netcat-without-Netcat

Good Supplementary  Books:

Web Application Hackers Handbook
Web Security testing Cookbook

Identify shared hosting/ virtual hosts:

Hostmap

Tools to Identify load balancers:

Halberd
lbd

Reporting and collaboration tools:

dradis
omni outliner Mac
vim outliner
Leo

Random:

polypack
google sets
file types

Info gathering:

pipl.com
the revisionist
FOCA
Wyd Password Profiler currently down but can be found here

Analyzing SSL:

SSLScan

Directory Bruteforcing:

Command Line alternative to Dirbuster Wfuzz
yokoso! directories/paths for internal fingerprinting
article by me on Directory Bruteforcing

W3af Walk through and SQLmap Videos with Seth Misenar (another SANS Instructor):

w3af Part 1
w3af Part 2
SQLMap Video

SQLinjection Presentation by joe McCray:

Advanced_SQL_Injection Video and slides

Redspin Firefox Addons Collection for Web Application Testing

Here

Additional Python Resources:

Active State Komodo Edit
BeautifulSoup Library
Grey Hat Python
O’Reilly Python Cookbook
MIT Free Python Class
Dive into Python free (open source) ebook

SQL Injection Resources:

Rsnake’s SQL injection cheatsheet
PentestMonkey’s SQL injection Cheatsheets
OWASP SQL Injection Prevention Cheat Sheet

Web Shells (Ajax, PHP, ASP, etc):

Laudnum – Inguardians Shell collection
Evil1′s paper on modern web shells

BeEF, the browser exploitation framework resources:

MS09-002 Exploit via BeEF
BeEF: Browser Exploitation Framework XSS Fun
Metasploit Autopwn (via BeEF)
Malicious Metasploit Applet (via BeEF)
Executing Browser AutoPWN Through BeEF
NTLM Challenge Credential Theft with BeEF and Metasploit
Java Applet with Meterpreter Payload Use BeEF to deliver this applet, if the user runs it you own the machine, not just the browser anymore. Read more HERE

Reminder: Parse and put up bookmarks.

- If HTTP Response Header time is off could mean no NTP so no kerb auth, could be a VM, etc.

- You can check for UA strings to detect browser malware, they use it t track clicks/referring.

- Use trace method to identify mod _rewrite rules.

- Use myspace and web forums to host code for XSRF attacks

  1. #1 by Michal - February 22nd, 2010 at 05:52

    Hi, I found some interesting informations about file extensions and file formats at file-extensions.org. Michal

    Quote
(will not be published)
  1. No trackbacks yet.