Radical Development

Technical Without the Technicalities

Cookie Poisoning: Not Your Grandmother’s Cookies

| 0 comments

Cookie poisoning is a recognized technique mainly for achieving impersonation, breach of privacy, or even modification that could result in lost bossiness through manipulation of session cookies, which maintain the identity of the client. By poisoning these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to poison session cookies stems from the fact that the tokens are not generated in a secure way. Vulnerabilities in web applications are now the largest vector of enterprise security attacks. Stories about exploits that compromise sensitive data frequently mention culprits … Continue reading

Looking For A Password Or Username Cracking Wordlist

| 0 comments

Every good white hat needs a number of solid wordlists in order to perform penetration testing. The list can come in very handy when performing brute force attacks. If you have a worlist that you would like to share, why not leave a comment for everyone to enjoy? Passwords, Dictionaries, and Wordlists CrackStation’s Password Cracking Dictionary: The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of … Continue reading

A Word To The Wise: Secure Your Data Please

| 0 comments

Every day that I continue to use the Internet is another day that becomes more and more painfully clear to me that people or organizations have no idea just how vulnerable they are to possible attacks. Just recently the Washington Post reported that China is likely behind a cyber attack that resulted in obtaining access to a confidential report that contains details on two dozen of advanced weapon system owned by the United States. Now it does not take a rocket scientist to understand the severity of this situation. You may be asking yourself how can I protect myself, employees, networks, … Continue reading

Hacking 103: Attacking Servers And Services With Hydra

| 0 comments

Now that I have covered Hacking 101: Footprinting Using Nothing But A Web Browser and Hacking 102: Active Footprinting With Nmap it is time to move into a physical attack upon the servers and servers that we have found in the course of investigation. There are a number of tools available in Kali Linux which include Medusa and Ncrack, but for the purposes of this article will will be using Hydra which is a very fast network logon cracker which support many different services. In this article we will take a look at the following attacks which are FTP and … Continue reading

Hacking 102: Active Footprinting With Nmap

| 0 comments

This article is a followup of Hacking 101: Footprinting Using Nothing But A Web Browser which served as an introduction to passive footprinting. There are a number of tools that you can use both on a Windows and Linux platform and I prefer to use the Backtrack Linux distro for penetration testers, more specifically I will be using Kali Linux. If Linux is not your cup of tea then you can give the following tools a look and pick and choose what you need. Wireshark which open source multi-platform network protocol analyzer. It allows you to examine data from a … Continue reading

Hacking 101: Footprinting Using Nothing But A Web Browser

| 0 comments

Welcome to this article which is to introduce the idea of foot-printing when it comes to hacking. What foot-printing really means is the act of information gathering and this can be either active or passive or even and combination of both. In order to determine the vulnerabilities of a given target you must first understand the target. To this end the information you can compile over the internet can yield tremendous results and this is known as passive foot-printing. Remember to keep good notes on the information that you are able to find. These notes will come in handy later … Continue reading

Ways To Protect Your Identity On The Internet

| 0 comments

At the time of this article I have an IP Address of 89.239.207.81 and I would ask you if you have any idea where my Internet Service Provider (ISP) resides? I live in the United States and at this moment my Internet connection is coming from Denmark. As demonstrated from the Google Map, I am clearly sitting  in Havdrup, Denmark however this is not true, well at least physically. My internet connection resides in Denmark why my physical location is within the United States. Here is the detailed information: IP Address: 89.239.207.81* City: Havdrup State: 20 Country: Denmark Latitude: 55.5333 … Continue reading