What are the various methods of passive OS fingerprinting?
28.09.08  |  SecurityTeam

In passive OS fingerprinting, an attacker installs a sniffer on any third party such as a router on which the victim communicates frequently. Now he studies the sniffer’s log and responses, and receives hints about the remote OS with the help of the following parameters:
* TTL values: This is Time To [...]

What are the various countermeasures to a buffer overflow?
27.09.08  |  SecurityTeam

The countermeasures to a buffer overflow are as follows:
* Perform manual auditing of the code. * Stack execution should be disabled. * Take the support of the functions which are not the cause of the buffer overflow. * * [...]

What are the various features of snort?
26.09.08  |  SecurityTeam

Snort has the following features:
* It detects threats, such as buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, well-known backdoors and system vulnerabilities, and DDoS clients, and alerts the user about them. * It develops a new signature to [...]

What are the user authentications supported by the SSH-2 protocol?
25.09.08  |  SecurityTeam

The SSH-2 protocol supports the following user authentications:
* Public key authentication (DSA, RSA*, OpenPGP) * Host-based authentication * Password-based authentication
Note: SSH-1 supports a wider range of user authentications, i.e., the public-key, RSA only, RhostsRSA, password, Rhosts (rsh-style), TIS, and Kerberos authentications.

What are the steps for security evaluation?
24.09.08  |  SecurityTeam

The ethical hacking project comprises three phases, summarized as follows:
1. Preparation: In this phase, a formal contract that contains a non-disclosure clause as well as a legal clause to protect the ethical hacker against any prosecution that he may face during the conduct phase is signed. The contract also outlines the infrastructure [...]

What are the security holes in the Basic Authentication scheme?
22.09.08  |  SecurityTeam

The Basic Authentication scheme uses the username and password and encrypts the password using base64 encoding. In spite of this, there are still many security holes in the Basic Authentication scheme. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text format [...]

What are the phases of malicious hacking?
20.09.08  |  SecurityTeam

The following are the phases of malicious hacking:
1. Reconnaissance: In this phase, the attacker gathers information about the victim. 2. Scanning: In this phase, the attacker begins to probe the target for vulnerabilities that can be exploited. 3. Gaining Access: In this phase, the attacker exploits a vulnerability [...]

What are the general classes of hackers?
19.09.08  |  SecurityTeam

Hackers are categorized into the following classes:
* Black Hat Hackers (Crackers): These are persons who are computer specialists and use their hacking skills to carry out malicious attacks on information systems. * Gray Hat Hackers: These are persons who sometimes do not break laws and help to defend [...]

What are snort rules?
18.09.08  |  SecurityTeam

Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:
* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some [...]

Shell via LFI
18.09.08  |  Hacking, SecurityTeam

>>>>>>>>>>>>>>> Shell via LFI – proc/self/environ method <<<<<<<<<<<<<<< >>>>>>>>>>>>>>> Author : SirGod <<<<<<<<<<<<<<< >>>>>>>>>>>>>>> www.insecurity-ro.org [...]