Tag: application

Detection, Firewall

How to detect Web Application Firewalls

WAFW00F – Web Application Firewall Detection Tool – identifies and fingerprints Web Application Firewall (WAF) products. To do its magic, WAFW00F does the following: > Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. > If that is not successful, it sends a number of (potentially malicious) HTTP …

Injection, PHP, Vulnerabilities

PHP Command Injection Vulnerability in Web applications

Create a new PHP file, name it test_command_injection.php, and save it inside Apache’s htdocs directory: <?php if(isset($_GET[’filename’])) { $filename = $_GET[’filename’]; if(file_exists($filename)) { unlink($filename); } }<?php if(isset($_GET[‘filename’])) { $filename = $_GET[‘filename’]; if(file_exists($filename)) { unlink($filename); } } Open your favorite browser and open url: http://localhost/test_command_injection.php?filename=path_to_file_4_deletion As you can see you could delete any file in the …

Detection, Probing, WEB

Web Application Fingerprinter – Discover Web Application

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. Sourceforge Project Page: https://sourceforge.net/projects/blindelephant/ Discussion and Forums: http://www.qualys.com/blindelephant License: LGPL …

General, Linux, Programming, Ubuntu

First Official Pro Linux Laptop Released!

First official pro notebook that is released with Linux: DELL XPS 13, Developers Edition. Enjoy Ubuntu 12.04 LTS on up to 8GB RAM, 256GB SSD HD, full HD 1080p display on less than 1.40kg. Congrats to DELL for stepping forward on offering the Linux world to the IT/Engineering-Pro world with such nice specs!

Programming, Tools

Optimize your application’s memory resource usage

VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process’s committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Besides graphical representations of memory usage, VMMap also shows summary information and a detailed process memory …

Detection, Enumeration, Penetration Testing, Scanners, Security Software, Vulnerabilities, WEB

Testing your web application for vulnerabilities | Part 1

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It is developed using Python to be easy to use and extend, and licensed under GPLv2.0. w3af is fully extensible and if you …

C#

Allow only one instance of C# application

To allow only one once of your application to run, do the following: namespace my_namespace { class Program { static Mutex mutex;   static void Main(string[] args) { bool fi; mutex = new Mutex(true, "my_app", out fi); if (!fi) { Environment.Exit(0); } } } }namespace my_namespace { class Program { static Mutex mutex; static void …

C#

Hide console Window in C#

To hide console window in a C# console application your Program.cs file should be similar to this: namespace mynamespace { class Program { [DllImport("kernel32.dll")] static extern IntPtr GetConsoleWindow();   [DllImport("user32.dll")] static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);   const int SW_HIDE = 0; const int SW_SHOW = 5;   static void Main(string[] args) { var …

Java

Save user settings in Java application

Class: import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.util.Properties;     public class configManager { private Properties _properties; private final String _filename = "my.properties";   public configManager(){ this._properties = new Properties(); File file=new File(this._filename);   if (!file.exists()) { try { file.createNewFile(); } catch (IOException ex) { System.err.println(ex.toString()); } }   try { this._properties.load(new …

Brute-force, Enumeration, Network, Tools

Brute force directories and files names on web application

OWASP DirBuster is a multi threaded java application designed to brute force directories and files names on web application servers. DirBuster will attempt to find hidden pages and directories with a web application. Comes with a total of 9 different lists and it is extremely effective at finding hidden files and directories. It also has …