ClsHack:Computer Security Blog    

All antivirus, so if you want to call them, At least that many times small script written in php that scan your files for viruses on the site are very easy to bypass and therefore stupid.
(more…)

My dear friends teensy I can see how dangerous it can be with the usb keyboard designed ad hoc :)

With a po’ fantasy I put on a little script that allows you to open in a few seconds a shell on a linux system with a desktop environment.
In the title I put kde but works perfectly on gnome or xfce.
Where because all the scripts I found online were not why I wrote works well is tested and is very easy to modify.

(more…)

Many app android use the network and it's nice analyze for vulnerabilities.
And with the expansion of the growth in malcius Android app.

Let's see how to put on a Android Pentest Lab.

The first thing is to download the Android SDK:

http://developer.android.com/sdk/index.html

Now unpack the file:
tar xfz android-sdk*
We enter the directory:
cd android-sdk*
E andiamo nella directory tools.
(more…)

I apologize if I have not responded to mail comments or different but are really messed up stuff between work and school and so I am a bit’ staccato :)

In the meantime, I jotted down a bit’ of rows to scan cookies from a package or from a pcap sniff real-time.
To do this decoding * I used my friend scapy :D

cookieGrep will be useful during a arp poisoning to see all the cookies that we pass and make a Session Hijacking using manual extensions firefox / chrome to edit the cookies in our browser :)
(more…)

Very often programmers, not bring into their web applications security for the simple fact that they do not know the risks…

Example:

Table: users(id int, user char(25), password char(25), );

    +---+---------+----------------------------------+
    | 1 | admin    |    password 1                      |
    +---+---------+----------------------------------+
    | 2 | pepelux  |      password2                     |
    +---+---------+----------------------------------+

Table: news(id int, title char(25), text TEXT), );

    +---+---------+----------------------------------+
    | 1   | title     |    content 1                         |
    +---+---------+----------------------------------+
    | 2   | title     |    content 1                         |
    +---+---------+----------------------------------+

Vulnerable code:

<?php
      @include("config.php")
      $id = $_GET['id'];
      $result = mysql_query("SELECT title,text FROM news WHERE id=$id LIMIT 1");
      $row = mysql_fetch_array($result);
    ....
?>

(more…)