From f4b8b9ad4308b2037810ac7d33675eeef6ca87ac Mon Sep 17 00:00:00 2001 From: bt3gl Date: Wed, 19 Nov 2014 14:46:14 -0500 Subject: [PATCH] readmes --- Cryptography/README.md | 2 + ...erall_protective_measures.md => README.md} | 46 +++++++++++++++++++ .../exploits_and_attacks_gloassary.md | 5 -- .../vulnerability_glossary.md | 22 --------- .../{php_shells => PHP_shells}/exploit_13.php | 0 .../phpprimer_v0.1.pdf | 0 .../{php_shells => PHP_shells}/xor.php | 0 Web_Exploits/Scanners/README.md | 37 +++++++++++++++ .../{scanners => Scanners}/heartbleed.py | 0 9 files changed, 85 insertions(+), 27 deletions(-) rename Vulnerabilities_and_Exploits/{overall_protective_measures.md => README.md} (81%) delete mode 100644 Vulnerabilities_and_Exploits/exploits_and_attacks_gloassary.md delete mode 100644 Vulnerabilities_and_Exploits/vulnerability_glossary.md rename Web_Exploits/{php_shells => PHP_shells}/exploit_13.php (100%) rename Web_Exploits/{php_shells => PHP_shells}/phpprimer_v0.1.pdf (100%) rename Web_Exploits/{php_shells => PHP_shells}/xor.php (100%) create mode 100644 Web_Exploits/Scanners/README.md rename Web_Exploits/{scanners => Scanners}/heartbleed.py (100%) diff --git a/Cryptography/README.md b/Cryptography/README.md index 272b2fc..ca37176 100644 --- a/Cryptography/README.md +++ b/Cryptography/README.md @@ -4,6 +4,7 @@ ## MD5 +- The MD5 hashing algorithm always returns 128 bit values, so the chance that two randomly chosen objects have the same hash is 1:2**128. ### Scripts @@ -32,6 +33,7 @@ $ echo -n password | md5sum ## SHA +- SHA-1 has output size of 160 bits, so chances of collisions are 2**160. ### Scripts - SHA-256 brute force diff --git a/Vulnerabilities_and_Exploits/overall_protective_measures.md b/Vulnerabilities_and_Exploits/README.md similarity index 81% rename from Vulnerabilities_and_Exploits/overall_protective_measures.md rename to Vulnerabilities_and_Exploits/README.md index a0aca44..44d3637 100644 --- a/Vulnerabilities_and_Exploits/overall_protective_measures.md +++ b/Vulnerabilities_and_Exploits/README.md @@ -1,3 +1,49 @@ + +# Tools + +### Keyloggers +* Rin Logger + + +--- + + + +# Vulnerabilities Glossary + +* LD_PRELOAD: hijacking functions to a shared library: you can set this enviroment variable direct to the linker to load a library of your choice. + +### Common Vulnerabilities: + +* Authentication: to not require authentication in a situation that warrants it; information isn't trustworthy (authentication in the client side). + +* Authorization: there are several formal designs for access control: discretionary access control, mandatory access control, role-based access control. Vulnerabilities: missing authorization (webpages). + +* Accountability: expectation that a system can identify and log users' activities. Vulnerabilities: system's failure to log operations in sensitive data; system doesn't protect its data. + +* Confidentiality: expectation that only authorized parties can view data. Vulnerabilities: failure/lack in encryption, homemade encryption, storing sensitive data unnecessarily. + +* Integrity: the expectation that only authorized parties are able to modify the data. Vulnerabilities: failure in access control, failure in confidentiality, bail-and-switch attack. + +* Availability: capability to use a resource when expected. Vulnerability: DoS. + + + + + + + +--- + +# Exploits and Attacks Glossary + +* Denial of Service (DoS): occurs when an attacker can make a system unavailable by performing some unanticipated action. + +* Attack surface: the collection of all entry points that provide access to an asset. Operational vulnerabilities occur when the attack surface is exposed unnecessarily. Minimizing the attack surface is referred to *host hardening*. + + +--- + # Overall Protective Measures: ### Development Measures diff --git a/Vulnerabilities_and_Exploits/exploits_and_attacks_gloassary.md b/Vulnerabilities_and_Exploits/exploits_and_attacks_gloassary.md deleted file mode 100644 index d78f1ee..0000000 --- a/Vulnerabilities_and_Exploits/exploits_and_attacks_gloassary.md +++ /dev/null @@ -1,5 +0,0 @@ -# Exploits and Attacks Glossary - -* Denial of Service (DoS): occurs when an attacker can make a system unavailable by performing some unanticipated action. - -* Attack surface: the collection of all entry points that provide access to an asset. Operational vulnerabilities occur when the attack surface is exposed unnecessarily. Minimizing the attack surface is referred to *host hardening*. diff --git a/Vulnerabilities_and_Exploits/vulnerability_glossary.md b/Vulnerabilities_and_Exploits/vulnerability_glossary.md deleted file mode 100644 index fd5082e..0000000 --- a/Vulnerabilities_and_Exploits/vulnerability_glossary.md +++ /dev/null @@ -1,22 +0,0 @@ -## Vulnerabilities Glossary - -* LD_PRELOAD: hijacking functions to a shared library: you can set this enviroment variable direct to the linker to load a library of your choice. - -### Common Vulnerabilities: - -* Authentication: to not require authentication in a situation that warrants it; information isn't trustworthy (authentication in the client side). - -* Authorization: there are several formal designs for access control: discretionary access control, mandatory access control, role-based access control. Vulnerabilities: missing authorization (webpages). - -* Accountability: expectation that a system can identify and log users' activities. Vulnerabilities: system's failure to log operations in sensitive data; system doesn't protect its data. - -* Confidentiality: expectation that only authorized parties can view data. Vulnerabilities: failure/lack in encryption, homemade encryption, storing sensitive data unnecessarily. - -* Integrity: the expectation that only authorized parties are able to modify the data. Vulnerabilities: failure in access control, failure in confidentiality, bail-and-switch attack. - -* Availability: capability to use a resource when expected. Vulnerability: DoS. - - - - - diff --git a/Web_Exploits/php_shells/exploit_13.php b/Web_Exploits/PHP_shells/exploit_13.php similarity index 100% rename from Web_Exploits/php_shells/exploit_13.php rename to Web_Exploits/PHP_shells/exploit_13.php diff --git a/Web_Exploits/php_shells/phpprimer_v0.1.pdf b/Web_Exploits/PHP_shells/phpprimer_v0.1.pdf similarity index 100% rename from Web_Exploits/php_shells/phpprimer_v0.1.pdf rename to Web_Exploits/PHP_shells/phpprimer_v0.1.pdf diff --git a/Web_Exploits/php_shells/xor.php b/Web_Exploits/PHP_shells/xor.php similarity index 100% rename from Web_Exploits/php_shells/xor.php rename to Web_Exploits/PHP_shells/xor.php diff --git a/Web_Exploits/Scanners/README.md b/Web_Exploits/Scanners/README.md new file mode 100644 index 0000000..1711300 --- /dev/null +++ b/Web_Exploits/Scanners/README.md @@ -0,0 +1,37 @@ +## [Nikto](http://sectools.org/tool/nikto/) + +* Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. + +* Most scanned vulnerabilities are things such as XSS, phpmyadmin logins, +etc. + + +* It's coded in Perl. + +* It is not a stealthy tool. It will test a web server in the quickest time possible, and it is obvious in log files. + +* There is support for LibWhisker's anti-IDS methods. + +* To fire it up in a website: + +``` +$ ./nikto.pl -h -p -output +``` + +* The output file can be open with *Niktorat*. + + +## [W3af](http://w3af.org/) + +* w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. + +* It's coded in Python. + +* It has plugins that communicate with each other. + +* It removes some of the headaches involved in manual web application testing through its Fuzzy and manual request generator feature. + +* It can be configured to run as a MITM proxy. The requests intercepted can be sent to the request generator and then manual web application testing can be perfomerd using variables parameters. + +* It also has features to exploit the vulnerabilities that it finds. w3af supports detection of both simple and blind OS commanding vulnerability. + diff --git a/Web_Exploits/scanners/heartbleed.py b/Web_Exploits/Scanners/heartbleed.py similarity index 100% rename from Web_Exploits/scanners/heartbleed.py rename to Web_Exploits/Scanners/heartbleed.py