BeEF (Browser Exploitation Framework) is an efficient professional security tool, that provides the experienced pentester with practical client side attack vectors (including mobile clients). BeEF allows the professional penetration tester to assess the actual security posture of a target environment. It examines explotability within the context of web browsers. BeEF works on the base of hooking one or more web browsers as beachhead for the launching of directed command modules.
Obsah kategorie pro 'Exploiting'
AFE is an open source project which aim is to demonstrate the existence of security holes in the popular mobile operating system. It also shows that Android botnet is certainly possible.
Thanks to this framework, it is easy to create automated malware and botnets for Android Platform for your analysis
(which you can even use to check the effeciency of your Antivirus), find vulnerabilities (such as Leaking Content Providers, Insecure File Storage, Directory Traversal and many others), gain access to apps, use exploits, and
execute arbitrary commands on infected devices.
Abhinav Singh, Metasploit Penetration Testing Cookbook – Over seventy recipes to master the most widely used penetration testing framework. Metasploit software helps security and Information Technologies professionals to identify security issues, verify vulnerability alleviations, and manage expert-driven security evaluations. Among its capabilities belong smart exploitation, password auditing, web application scanning, and social engineering.. URL to download section at the end of the text.
From the word compound of evil and grade, you see there will be something evil about this piece of software and upgrades. It is a modular framework for supplying clients with fake updates that can contain a wide scale of payloads. The problem of poorly implemented actualization routines has been well know for quite some time now, but it seems it has been greatly overlooked. In the time of creation Evilgrade (summer 2008), very popular software has been vulnerable to this kind of exploit such as
Nessus is a security scanner of vulnerability. Lately there was a lot of discussion about this topic. First of all little bit of history. Project Nessus was originaly under GPL licence, but somebody smart has closed the source codes and GPL was over. The project continued as Tenable Nessus and free version (GPL licence) under name GNessUs. But this one died out after a year abd the application goes on as OpenVas. Parallel GPL project is based on the last opened source code
After one year of develop the new version of Metasploit Framework released for download. The 3.1 version include a graphical user interface, 450 modules and more than 200 remote exploits. Metasploit runs on Linux, Windows, Mac OS X and BSD. The Windows version of Metasploit includes GUI, console, web interface access, dependencies and networking tools. You can download Metasploit 3.1 version at end of this text. Changelog. Officially using Cygwin for Windows support, Additional stager used for large Windows stages
Cross-Site Scripting is an extensive topic that has been described in the past by several people. Although there is a but. I open a page and start to read a cool text, lots of examples and nice colours all around. But after one hour of reading you are still at the begining. So why after reading AirDump tutorial you should manage XSS in a while? This will be answered in this text called Hacking web applications – XSS. First of all most of the tutorials that can be found on the web are focused on technical and theoretical aspects.
Linux application cracking. What for it is? Primarily the application run can be understund. Not all Linux software is free (Macintos ? :). That could be for someone a challange and he can “converte” the application on freeware.
This experience can be used on other systems (Windows). With this knowledge you will be able to precisely tune applications and gain control on new boxes.