It’s a well-known saying that gathering maximum information about the enemy is half the work done in defeating him. The same holds true when you are about to attack a target (a potential victim); the first step is to gather as much information as possible. Information gathering can be broadly classified into two categories –… Read More »
Dear readers!! This is another post on Metasploit and Evading windows firewall. Metasploit is an exploit development framework that facilitates penetration testing of IT systems. This tool initially started off as a game and was taken over by Rapid 7 for maintenance and further development. The main objective of this article is to learn the… Read More »
Greetings! Not long time ago that we saw a Russian hacker post 6.5 million Linked-In password hashes on a Russian hacker forum. After observing the disclosure of the hack, one thing highlighted is that LinkedIn stored passwords using SHA-1 encryption that comes with SSL and TLS protocols. Using hashes to store passwords – Is it… Read More »
Website: www.jabong.com Vulnerability: Session Hijacking VIA XSS Criticality: Moderate to Risky Author: Karthik R a.k.a 3psil0nlambda www.epsilonlambda.wordpress.org ————————————————— Another instance of negligence from the team of Jabong .com after repeated emails. About the site: Jabong.com is a young and vibrant company that aims to provide good quality branded products. Jabong.com caters to the fashion needs… Read More »
Site: http://www.snapdeal.com Threat/Vulnerability: Cross site scripting a.k.a XSS, URL Redirection Severity : Moderate Author: Karthik R a.k.a 3psil0nlambda I have informed the owner (CEO) but got no response, acknowledgement of receipt of the mail. About the Site: India’s fastest growing shopping site. Vulnerability: *XSS a.k.a Cross site scripting *URL Redirection Once found out the Vulnerability,… Read More »
Hey guys, This is an article for WI-fi Pen testers. The must have tools in your arsenal are covered in the form of a photo story on Search-security.IN by me. Image Courtesy: www.clker.com You can read the story here: http://searchsecurity.techtarget.in/photostory/2240146791/10-Wi-Fi-security-tools-for-your-arsenal/1/10-Wi-Fi-security-tools-for-your-arsenal Cheers 🙂 3ps!10nLaMbDa
This was my paper that I presented at Defcon chennai meet held on jan 29, 2012. I hope you people like it. This covers the art of fuzzing, SPIKE and also, the metasploit framework. I have also covered how to code your own exploits into the metasploit framework in this paper. You can view the… Read More »
Hi all, Yet another bug found, in the silverstripe CMS. 🙂 DISCLAIMER: The publisher is in no way responsible if the information is used for any malicious intent. silverstripe CMS persisten XSS vulnerabilties vendor: http://demo.silverstripe.org Author: Karthik R (3psil0nLambDa) Email: Karthik.cupid@gmail.com My blog: epsilonlambda.wordpress.com Google dork: Powered by the SilverStripe Open Source CMS * Persistent… Read More »
Hi all, In recent times, the security aspect of information technology has received considerable attention, and large organizations have dedicated security teams to keep tabs on vulnerabilities in their systems and take preventive or corrective action as appropriate. The same level of commitment to maintaining security may not be seen in most SMBs, but the… Read More »
Hey guys, BackTrack 5, the much-awaited penetration testing framework, was released in May 2011. This third installment of our BackTrack 5 tutorial explores tools for browser exploitation such as theft of credentials, Web privilege escalation and password recovery. This part of our BackTrack 5 tutorial also provides an insight into automated SQL injection using DarkMySQLi.… Read More »
Join the mailing list
Check your email and confirm the subscription
