Most of the people have autorun issues with their flash/hard drives.It is because of the modification of the autorun.inf file in the root directory which is in most cases hidden and cant be seen. So you just have to create a bat file with the following syntax as mentioned below. Copy and paste this into Notepad and save it as AV.bat or whatever.bat ..
Clean Area...
A lot of them may have experienced leechers or have leeched themselves through an open network. An easy way to prevent that from happening is to encrypt your network traffic. One of these methods is by use of WEP or Wired Equivalent Privacy. I’m going to talk about why you shouldn’t use WEP and how easy it is to crack....
A virtual private network (VPN) is a secure way of connecting to a private Local Area Network at a remote location, using the Internet or any insecure public network to transport the network data packets privately, using encryption. The VPN uses authentication to deny access to unauthorized users, and encryption to prevent unauthorized users from reading the private network packets...
Parameter manipulation
* Arbitary File Deletion
* Code Execution
* Cookie Manipulation ( meta http-equiv & crlf injection )
* CRLF Injection ( HTTP response splitting )
* Cross Frame Scripting ( XFS )
* Cross-Site Scripting ( XSS )
* Directory traversal
* Email Injection
* File inclusion
* Full path disclosure
* LDAP Injection
* PHP code injection
* PHP curl_exec() url is controlled by user
* PHP invalid data type error message
* PHP preg_replace used on user input
* PHP unserialize() used on user input
* Remote XSL inclusion
* Script source code disclosure
* Server-Side Includes (SSI) Injection
* SQL injection
* URL redirection
* XPath Injection vulnerability
* EXIF
This list below fits in category MultiRequest parameter manipulation
* Blind SQL injection (timing)
* Blind SQL/XPath injection (many types)
This list below fits in category File checks
* 8.3 DOS filename source code disclosure
* Search for Backup files
* Cross Site Scripting in URI
* PHP super-globals-overwrite
* Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )
This list below fits in category Directory checks
* Cross Site Scripting in path
* Cross Site Scripting in Referer
* Directory permissions ( mostly for IIS )
* HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
* Possible sensitive files
* Possible sensitive files
* Session fixation ( jsessionid & PHPSESSID session fixation )
* Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
* WebDAV ( very vulnerable component of IIS servers )
This list below fits in category Text Search Disclosure
* Application error message
* Check for common files
* Directory Listing
* Email address found
* Local path disclosure
* Possible sensitive files
* Microsoft Office possible sensitive information
* Possible internal IP address disclosure
* Possible server path disclosure ( Unix and Windows )
* Possible username or password disclosure
* Sensitive data not encrypted
* Source code disclosure
* Trojan shell ( r57,c99,crystal shell etc )
* ( IF ANY )Wordpress database credentials disclosure
This list below fits in category File Uploads
* Unrestricted File Upload
This list below fits in category Authentication
* Microsoft IIS WebDAV Authentication Bypass
* SQL injection in the authentication header
* Weak Password
* GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )
This list below fits in category Web Services - Parameter manipulation & with multirequest
* Application Error Message ( testing with empty, NULL, negative, big hex etc )
* Code Execution
* SQL Injection
* XPath Injection
* Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
* Stored Cross-Site Scripting ( XSS )
* Cross-Site Request Forgery ( CSRF )
Friday, November 9, 2012
All Application Hacking Methods - Wide Range
Subscribe to:
Post Comments (Atom)
0 Connection:
Post a Comment