Ssh is a secure and popular protocol for managing different type of IT devices like Linux systems, Network devices etc. What makes ssh secure is the encryption of the network traffic. Network traffic is encrypted with different type of encryption algorithms. There is also user authentication done with encryption algorithms. These algorithms needs keys to operate. Keys are generally producedContinue reading
In today IT world everything connected and a lot of data in being downloaded from internet or over networks. This may create some minor problems. The data downloaded may be corrupted or there may be some intruders in network and with man of the middle attack may change our files. There are different solutions for this but simplest and fastestContinue reading
RSA is an algorithm used for Cryptography. It was patented until 2000 in USA (not whole world) where now it can be used freely. RSA has a lot of usage examples but it is mainly used for encryption of small pieces of data like key and Digital signatures. RSA is based integer factorization problem. As it is known that asymmetricContinue reading
I have an application and I have complex requests tot the server. There are a lot of database operations. Managing them can become very hard some times. In this situation how can I prevent sql injection attacks to my application. Use Prepared Statements Prepared statements are the way to bind client side provided values with database queries. Prepared Data ObjectContinue reading
Nessus is very good tool to manage vulnerabilities or vulnerability scanning. How can I install Nessus into my dpkg based pentest box? My distro my Debian, Ubuntu, Kali etc. Get License Key First step is license key. In old days Nessus was provided by Kali distribution as home version. There was no day limit of the Nessus. But the daysContinue reading
VBscan is a security tool used to scan and find vulnerabilities in vBulletin forums. As we know these type of software have a lot of vulnerabilities to exploit and attackers use these very good. Credits goes to Mohammed Reza Espargham Install Installing Vbscan is just getting perl code from github.
$ git clone https://github.com/rezasp/vbscan && cd vbscan
Cloning into 'vbscan'...
remote: Counting objects: 166, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 166 (delta 0), reused 0 (delta 0), pack-reused 163
Receiving objects: 100% (166/166), 75.03 KiB | 0 bytes/s, done.
Resolving deltas: 100% (76/76), done.
Checking connectivity... done.
Start Scan with Vbscan Starting is easy as justContinue reading
During penetration test one of the test component is brute forcing critical data like password, hash, key etc. One way to brute force is using dictionaries or word list. There are a lot of dictionary in the internet and we generally need to merge them. Dymerge is a security tool used to merge different wordlists and dictionaries. Get DyMerge Latest versionContinue reading
There are a lot of different tools that helps us while making security tests, security assessment or hacking ;). These tools are sometimes open source sometimes paid software. Google is one of the tool that is used for security tests. It may seem ridicules but it is correct. We will see how google can be used as information gathering tool.Continue reading