tag:blogger.com,1999:blog-2773536350893785230.comments2023-12-27T22:41:33.117+01:00TaddongRaul Sileshttp://www.blogger.com/profile/06709503832135757060noreply@blogger.comBlogger72125tag:blogger.com,1999:blog-2773536350893785230.post-69109841415229137652013-11-19T19:14:01.623+01:002013-11-19T19:14:01.623+01:00nice, so this means that anyone with an ID from DN...nice, so this means that anyone with an ID from DNIe can do MITM with ssl with secure certificates! I still feel insecure!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-32787594553458831732013-11-16T09:27:23.905+01:002013-11-16T09:27:23.905+01:00good luck to all and thank you very much!good luck to all and thank you very much!Anonymoushttps://www.blogger.com/profile/01922172335041835117noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-31986692367723906252013-10-18T20:56:24.631+02:002013-10-18T20:56:24.631+02:00Thanks a lot, Raul
I am still learning Thanks a lot, Raul <br /><br />I am still learning Anonymoushttps://www.blogger.com/profile/01922172335041835117noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-33259464905050127362013-09-03T22:36:58.940+02:002013-09-03T22:36:58.940+02:00Pentesterlab also has quite a few ISO images:
htt...Pentesterlab also has quite a few ISO images:<br /><br />https://www.pentesterlab.com/exercises/m0wglinoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-4416810339481415902013-09-03T22:19:40.470+02:002013-09-03T22:19:40.470+02:00Another offline addition, OWASP bricks:
http://se...Another offline addition, OWASP bricks:<br /><br />http://sechow.com/bricks/index.html<br /><br />m0wglinoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-49247677035512816322013-05-31T15:23:58.818+02:002013-05-31T15:23:58.818+02:00Sorry but I have not seen that behavior before. Tr...Sorry but I have not seen that behavior before. Try to test it with a different VM in order to troubleshoot if it is a general VMware issue, ensure VMware Tools have been properly installed in SamuraiWTF, and/or contact me by e-mail.Raul Sileshttps://www.blogger.com/profile/06709503832135757060noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-49676058661504717682013-05-31T10:11:28.529+02:002013-05-31T10:11:28.529+02:00This post has been translated into Spanish here: h...This post has been translated into Spanish here: <a href="http://www.webhostinghub.com/support/es/misc/de-archivos-smb" rel="nofollow">http://www.webhostinghub.com/support/es/misc/de-archivos-smb</a>Jose Picohttps://www.blogger.com/profile/11351143259307490487noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-74171090619921213652013-05-29T10:59:27.986+02:002013-05-29T10:59:27.986+02:00Thanks for the post, I have an issue where on both...Thanks for the post, I have an issue where on both my mac and my pc the vmware keyboard and mouse functions do not work. Did you see this at all when you set this up or since?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-6193156511623931472013-05-27T13:21:16.240+02:002013-05-27T13:21:16.240+02:00As you can read from slide 23 of my RootedCON pres...As you can read from slide 23 of my RootedCON presentation, I agree we should get rid off 802.11 hidden networks.<br /><br />Mobile devices tend not to send probe requests for visible networks, but it is not always the case (slide 24)... :)Raul Sileshttps://www.blogger.com/profile/06709503832135757060noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-63779033044069296082013-05-24T12:17:29.059+02:002013-05-24T12:17:29.059+02:00IMHO hidden SSID is the insecurity worth mentionin...IMHO hidden SSID is the insecurity worth mentioning for probe request have to be send by the client when trying to connect to them.<br /><br />Both iOS and Android do not send PR for visible networks anymore, so they are improving.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-13931223212151515462013-05-21T20:12:05.710+02:002013-05-21T20:12:05.710+02:00So, this post just helped me a TON with JBoss/Torq...So, this post just helped me a TON with JBoss/Torquebox. THANKS!Anonymoushttps://www.blogger.com/profile/01478563289695896844noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-33838633064993330992013-04-12T15:23:52.818+02:002013-04-12T15:23:52.818+02:00Thanks for your efforts. They're really helpfu...Thanks for your efforts. They're really helpful for vulnerability scanning. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-49472205527616997442013-04-02T05:07:17.247+02:002013-04-02T05:07:17.247+02:00There is a partial list of phones that have this f...There is a partial list of phones that have this feature here, although obviously firmware version and other customisations may render it invalid in some cases.<br /><br />http://security.osmocom.org/trac/wiki/WillMyPhoneShowAnUnencryptetConnectionAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-55640762626280387712013-02-20T15:09:07.669+01:002013-02-20T15:09:07.669+01:00seems really great, thx !seems really great, thx !David Maciejakhttps://www.blogger.com/profile/02707325519272048403noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-33634403621988980712013-02-12T21:21:07.620+01:002013-02-12T21:21:07.620+01:00Hi everyone! I have not added to the list some sug...Hi everyone! I have not added to the list some suggestions I've received (like the one above) as they are wargames or challenges for multiple disciplines, and not only or related with web-apps. <br /><br />Though, I will keep the interesting ones here in the comments section.Raul Sileshttps://www.blogger.com/profile/06709503832135757060noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-53156448053778560052013-02-11T22:42:03.983+01:002013-02-11T22:42:03.983+01:00Hi guys,
Also this is very interesting:
http://w...Hi guys,<br /><br />Also this is very interesting:<br /><br />http://www.overthewire.org/wargames/<br /><br />salu2!albonthenethttps://twitter.com/albonthenetnoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-51772302396429614832013-01-17T18:57:01.384+01:002013-01-17T18:57:01.384+01:00Danijel, as the post details, it uses the default ...Danijel, as the post details, it uses the default Ubuntu 12.04 LTS hard drive requirements. The installer suggest 15GB, but the default VMware disk of 20GB works well (unless you really want to store huge amounts of information inside the VM).Raul Sileshttps://www.blogger.com/profile/06709503832135757060noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-1033006862315478262012-12-23T12:22:39.350+01:002012-12-23T12:22:39.350+01:00Theres also the Hack.me project available online:
...Theres also the Hack.me project available online:<br /><br />https://hack.me/<br /><br />m0wglinoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-10744806095925121572012-12-23T01:39:33.227+01:002012-12-23T01:39:33.227+01:00What are Samurai2 System hardware requirements for...What are Samurai2 System hardware requirements for hdd primary os instalation?Danijelhttps://www.blogger.com/profile/05888188987149903219noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-85490182802967847352012-10-24T14:56:49.017+02:002012-10-24T14:56:49.017+02:00Nokia Asha 302 shows an "opened lock" ic...Nokia Asha 302 shows an "opened lock" icon when you have an unencrypted connection.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-10353490990678225202012-09-17T18:53:53.151+02:002012-09-17T18:53:53.151+02:00Hi Bilbo, definitely I *hope* this is the main rea...Hi Bilbo, definitely I *hope* this is the main reason for the less than 2% of downloads (still very low IMHO), although I'm used to download the files with the hashes too, so that I can distribute together both the ISO image file plus hashes files to other people (such as in training events).<br /><br />Thanks for your comment!Raul Sileshttps://www.blogger.com/profile/06709503832135757060noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-22034412551048340242012-09-17T14:53:08.041+02:002012-09-17T14:53:08.041+02:00Perhaps people arent downloading the MD5 file as M...Perhaps people arent downloading the MD5 file as MD5 and SHA1 are calculated by sourceforge and available by clicking on the little "i" icon on the download page.<br /><br />If you want to add value to what sourceforge has, add a pgp signature.Bilbo Fragginshttps://www.blogger.com/profile/04112162930659042936noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-24789663150860270752012-05-12T23:16:58.830+02:002012-05-12T23:16:58.830+02:00Very nice!!Very nice!!Matthew Pascuccihttps://www.blogger.com/profile/07395762527897221899noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-54828227974383932872012-05-04T14:45:18.331+02:002012-05-04T14:45:18.331+02:00Anonymous, yes, it looks like we could be talking ...Anonymous, yes, it looks like we could be talking about the same vulnerability but only that single fact does not ratify it. I recommend you to fully test it! Use a couple of web browsers, one acting as a client and the other one as an attacker.<br /><br />Connect to the target web-app running Joomla 2.5 with the attacker browser, record the session ID, authenticate with a legitimate user ("attacker"), and check the session ID again (it should be the same, as you have already mentioned).<br /><br />Then, connect to the target web-app with the client browser while intercepting his traffic. Modify the initial request to set the session ID the attacker obtained previously, authenticate with a different legitimate user ("victim"), and recheck that the session ID has not been changed.<br /><br />Both browsers should be using the same session ID at this point. Now, go back to the attacker browser and interact with the application. Verify if the attacker gets access to his session ("attacker") or to the victim's user session ("victim"). If the latter, then it is vulnerable.Raul Sileshttps://www.blogger.com/profile/06709503832135757060noreply@blogger.comtag:blogger.com,1999:blog-2773536350893785230.post-51009103519782112442012-05-03T13:24:24.827+02:002012-05-03T13:24:24.827+02:00If i describe this as "the session token is s...If i describe this as "the session token is set prior to authentication and does not change following authentication" are we talking about the same vulnerability ?<br /><br />If so, it looks like its still in the current version Joomla 2.5.Anonymousnoreply@blogger.com