mwascomz

Saturday 13 September 2014

Web Application Penetration Testing Tool 1

Arachni
Arachni is a feature-full, modular, high-
performance Ruby framework aimed towards
helping penetration testers and
administrators evaluate the security of web
applications.
Arachni is smart, it trains itself by learning
from the HTTP responses it receives during
the audit process.
Unlike other scanners, Arachni takes into
account the dynamic nature of web
applications and can detect changes caused
while travelling
through the paths of a web application’s
cyclomatic complexity.
This way attack/input vectors that would
otherwise be undetectable by non-humans
are seamlessly handled by Arachni.
Finally, Arachni yields great performance due
to its asynchronous HTTP model (courtesy of
Typhoeus).
Thus, you’ll only be limited by the
responsiveness of the server under audit and
your available bandwidth.
Note: Despite the fact that Arachni is mostly
targeted towards web application security, it
can easily be used for general purpose
scraping, data-mining, etc with the addition
of custom modules.
Sounds cool, right?
Features:
Helper audit methods:
For forms, links and cookies auditing.
A wide range of injection strings/input
combinations.
Writing RFI, SQL injection, XSS etc modules
is a matter of minutes if not seconds.
Currently available modules:
Audit:
SQL injection
Blind SQL injection using rDiff analysis
Blind SQL injection using timing attacks
CSRF detection
Code injection (PHP, Ruby, Python, JSP,
ASP.NET)
Blind code injection using timing attacks
(PHP, Ruby, Python, JSP, ASP.NET)
LDAP injection
Path traversal
Response splitting
OS command injection (*nix, Windows)
Blind OS command injection using timing
attacks (*nix, Windows)
Remote file inclusion
Unvalidated redirects
XPath injection
Path XSS
URI XSS
XSS
XSS in event attributes of HTML elements
XSS in HTML tags
XSS in HTML ‘script’ tags
Recon:
Allowed HTTP methods
Back-up files
Common directories
Common files
HTTP PUT
Insufficient Transport Layer Protection for
password forms
WebDAV detection
HTTP TRACE detection
Credit Card number disclosure
CVS/SVN user disclosure
Private IP address disclosure
Common backdoors
.htaccess LIMIT misconfiguration
Interesting responses
HTML object grepper
E-mail address disclosure
US Social Security Number disclosure
Forceful directory listing
http://www.arachni-scanner.com/

Friday 5 September 2014

10+ greatest computer programmer

1. Ada Lovelace It may be seen as a new age
thing with millions of lines of codes and
imensely powerful computers, but one of the
pioneers of programming was a woman
named Ada Augusta King, a.k.a. Ada
Lovelace. She was a mathematician who
worked on Charles Babbage's mechanical
general purpose computer known as the
Analytical Engine.
2. Niklaus Wirth Widely recognised as one of
the pioneer's of programming, this is the
man who created languages like Pascal,
Euler, Algol and many others.
3. Bill Gates A list of influential or greatest
programmers can never be complete without
mentioning the founder and creator of
Microsoft. He has both admirers and haters,
but no one can deny his contribution.
4. James Gosling This is the man who created
the Java programming language, which is
arguably one of the most influential
languages of all time.
5. Guido van Rossum Have you heard of him?
You've definitely heard of the language he
created. This is the man behind the Python
programming language.
6. Kenneth Thompson Call him Ken because
that's what the hacker community calls him.
He has worked for Google and developed the
Go programming language while working
there. He also developed the original Unix
operating system and a programming
language called B, which was the predecessor
to the illustrious C programming language.
7. Donald Knuth This man is known as the
father of anaylsis of algorithms for his
contributions to the field of analysis and
computational complexity of algorithms.
8. Brian Kernighan He is the co-creator and
developer of the Unix, AWK and AMPL
languages.
9. Tim Berners-Lee If you don't know this
name then you should really work on
increasing your awareness. This is the man
who created the World Wide Web and hence
gave us the lives we have today.
10. Bjarne Stroustrup This man created the C
++ programming language. Yes, the language
that gave rise to so many of the best known
programs and programming languages.
11. Linus Torvalds Little needs to be said
about this man. He's the creator of the Linux
kernel, which is the base for so many
operating systems.
12. Dennis Ritchie C++ is an offspring of the
C programming language and Dennis Ritchie
is the man who created C.

web site certificates

web s

Monday 1 September 2014

Introduction to firewalls

Firewalls are computer security systems that
protect your office/home PCs or your network
from intruders, hackers & malicious code.
Firewalls protect you from offensive software
that may come to reside on your systems or
from prying hackers. In a day and age when
online security concerns are the top priority of
the computer users, Firewalls provide you with
the necessary safety and protection.
What exactly are firewalls?
Firewalls are software programs or hardware
devices that filter the traffic that flows into
you PC or your network through a internet
connection. They sift through the data flow &
block that which they deem (based on how &
for what you have tuned the firewall) harmful
to your network or computer system.
When connected to the internet, even a
standalone PC or a network of interconnected
computers make easy targets for malicious
software & unscrupulous hackers. A firewall
can offer the security that makes you less
vulnerable and also protect your data from
being compromised or your computers being
taken hostage.
How do they work?
Firewalls are setup at every connection to the
Internet, therefore subjecting all data flow to
careful monitoring. Firewalls can also be tuned
to follow "rules". These Rules are simply
security rules that can be set up by yourself or
by the network administrators to allow traffic
to their web servers, FTP servers, Telnet
servers, thereby giving the computer owners/
administrators immense control over the
traffic that flows in & out of their systems or
networks.
Rules will decide who can connect to the
internet, what kind of connections can be
made, which or what kind of files can be
transmitted in out. Basically all traffic in & out
can be watched and controlled thus giving the
firewall installer a high level of security &
protection.
Firewall logic
Firewalls use 3 types of filtering mechanisms:
Packet filtering or packet purity
Data flow consists of packets of information
and firewalls analyze these packets to sniff out
offensive or unwanted packets depending on
what you have defined as unwanted packets.
Proxy
Firewalls in this case assume the role of a
recipient & in turn sends it to the node that
has requested the information & vice versa.
Inspection
In this case Firewalls instead of sifting through
all of the information in the packets, mark key
features in all outgoing requests & check for
the same matching characteristics in the inflow
to decide if it relevant information that is
coming through.
Firewall Rules
Firewalls rules can be customized as per your
needs, requirements & security threat levels.
You can create or disable firewall filter rules
based on such conditions as:
IP Addresses
Blocking off a certain IP address or a range of
IP addresses, which you think are predatory.
What is my IP address? Where is an IP
address located?
Domain names
You can only allow certain specific domain
names to access your systems/servers or allow
access to only some specified types of domain
names or domain name extension like .edu
or .mil.
Protocols
A firewall can decide which of the systems can
allow or have access to common protocols like
IP, SMTP, FTP, UDP,ICMP,Telnet or SNMP.
Ports
Blocking or disabling ports of servers that are
connected to the internet will help maintain
the kind of data flow you want to see it used
for & also close down possible entry points for
hackers or malignant software.
Keywords
Firewalls also can sift through the data flow
for a match of the keywords or phrases to
block out offensive or unwanted data from
flowing in.
Types of Firewall
Software firewalls
New generation Operating systems come with
built in firewalls or you can buy a firewall
software for the computer that accesses the
internet or acts as the gateway to your home
network.
Hardware firewalls
Hardware firewalls are usually routers with a
built in Ethernet card and hub. Your computer
or computers on your network connect to this
router & access the web.
Summary
Firewalls are a must have for any kind of
computer usage that go online. They protect
you from all kinds of abuse & unauthorised
access like trojans that allow taking control of
your computers by remote logins or
backdoors, virus or use your resources to
launch DOS attacks.
Firewalls are worth installing. Be it a basic
standalone system, a home network or a office
network, all face varying levels of risks &
Firewalls do a good job in mitigating these
risks. Tune the firewall for your requirements
& security levels and you have one reason less
to worry.
Some of the firewall products that you may
want to check out are:
McAfee Internet Security
Microsoft Windows Firewall
Norton Personal Firewall
Trend Micro PC-cillin
ZoneAlarm Security Suit

Share Remote Screen without any software

As we all knows Windows OS is full of hidden
programs that are only limited to developer
or geeks. Today we are going to learn about
MSRA (windows remote assistance)
executable. MSRA is windows inbuilt remote
assistance program using which you can
control remote pc’s, share remote screens,
provide remote support and much more. Lets
learn how to use MSRA for remote sharing.
Steps to Share or Control Remote PC using
MSRA:
1. First of all click on startup and type
command “MSRA” and press enter or run >
msra
2. Now you will see screen like below having
title “Windows Remote Assistance” , there are
two options displayed:
Invite someone you trust to help you :
Choose this option if you want to share your
screen with someone.
Help someone who invited you : Choose this
option if you want to control someone
others PC remotely.
Click on Option a “Invite someone you trust
to help you”
Now you can see three different options :
Send this invitation as file : On clicking this
option you can save the invitation file and
send it to anyone from which you require
help. After saving the file another window
will open containing the password. You have
to provide that password to person whom
you want to connect to your machine.
Use email to send an invitation: You can send
invitation directly via email but it requires
email client on your machine to send email
like outlook etc.
Use Easy connect: Another method to
directly connect two PC is using Easy connect
but this require some basic settings at your
routers end i.e. If the computer has IPv6
disabled or is behind a NAT router that
blocks Teredo traffic, the Easy Connect
option will be unavailable.
Now once you have send the remote
assistance invitation file to user, he can
connect to your PC by double clicking the
invitation file and then entering the
password.
Note: You need to enable remote assistance
service.
3. Help someone who invited you : By
clicking this option you can provide help to
anyone who has done the above task. You
will need two things : Invitation file and
password to connect remote PC.
Woohooo… Did you know there is another
smart option by which you can directly
connect to any PC using IP address? If not,
well lets learn that too. Yup we can also
provide windows remote assistance support
using IP address too. Here are options.
1. First of all click on startup and type
command “MSRA” and press enter.
2. Now you will see screen where two
options are displayed, Select “Help someone
who invited you”.
3. After that you will see some option, click
on the bottom one “Advanced connection
option for help desk”
After clicking option you see below panel to
enter IP address:
After entering IP address press Next to
connect to IP address.