Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Neopal

Pages: [1] 2
Hacking and Security / Re: webGOAT a good tool?
« on: March 19, 2013, 05:05:44 pm »
OWASP Bricks is relatively new, and they released a new version today


Hacking and Security / Re: sqli pocket handbook
« on: February 20, 2013, 04:21:29 am »
Nice one.

It's also available online at:

Hacking and Security / Introducing OWASP Bricks
« on: February 20, 2013, 04:17:16 am »
OWASP Bricks is a web application security learning platform built on PHP and MySQL.

The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.

Currently there are four challenges available:
Challenge #1 - A simple log in page vulnerable to SQL injection.
Challenge #2 - A simple file upload page vulnerable to arbitrary file upload.
Challenge #3 - A normal content displaying page with Integer based SQL injection vulnerability in the URL.
Challenge #4 - Another log in page.

Videos are available on OWASP Bricks YouTube channel.

OWASP Bricks website:
OWASP Bricks documentations:

Challenge #4 ( Log in page #2) is open for the public at the moment of writing. All the previous challenges are solved and their docs and videos are available.

Found it on the Webs / What your browser tells about you?
« on: March 06, 2012, 11:57:24 am »

Quote is the place where you can see just how much information your browser reveals about you and your system.


Found it on Galley

Found it on the Webs / Old versions of software
« on: March 05, 2012, 05:55:03 pm »
Old is Gold

Newer is not always better, but that's just one part of the story.
Old versions of software might be suffering from vulnerabilities and it can be a good starting point for beginners for learning process. -
--- Windows -
--- Linux -
--- Mac - -
--- Windows -
--- Linux -
--- Mac -
--- Games -

OldWare.Org -

Old-Versions.Org -

DownloadOldVersion -


Security Tools / BackTrack 5 R2 Released
« on: March 02, 2012, 04:15:28 pm »
BackTrack 5 R2 New Kernel, New Tools

Release notes:

Security Tools / Hardanger - Web Application Penetration Testing Platform
« on: February 25, 2012, 06:29:12 pm »

Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.

Native Windows feel via Windows Presentation Foundation
Can run as a Fiddler2 add-on or standalone
ClickOnce installer with automatic updates (standalone version)
Context tab allowing inspection of full HTTP requests
Server fuzzer tab to configure and launch the server fuzzer
Basic random fuzzer generates random strings of UTF8 characters of random lengths
Non HTTP 200 detection engine
Results window keeping track of successful detections
Ability to review requests/responses in the results details window

Android / Android Tamer
« on: February 21, 2012, 01:15:20 am »
Android Tamer is a one stop tool required to perform any kind of software operations on  Android devices / applications / network.

Security Tools / Hack your router with
« on: February 20, 2012, 11:16:08 am » is a web application that helps you in the exploitation of vulnerabilities in residential routers.

  • It is a compilation of ready to run local and remote web exploits.
  • Programmed in Javascript and HTML in order to run in all "smart phones" and mobile internet devices.
  • It is only one page, so you can store it offline for local exploitation without internet connection.
  • You can change the destination IP by clicking on the [IP] link next to the exploit. To view more info on the exploit like the complete advisory and author you can click the link
Visit now

Hacking and Security / Re: Spoofing Email address?
« on: February 20, 2012, 08:32:30 am »
Handy website, it actually worked, but do you have any knowledge of how this works? If you do, please share. Thanks guys.

Please go through this article: It will give you step by step instructions on how to build such a fake mailer. Including the complete source code.


Matriux is a popular security distribution based on Debian. A new version of it is now available:

Even though there are no official statements made by Offensive Security, it is almost confirmed that that very next versions of Backtrack 5 ( called Backtrack 5 r2) is scheduled to be released on March.

A tweet from Devon Kearns (Offsec instructor, BackTrack developer, Exploit-DB admin and author) to Rob Fuller gives much more details about the release.

@mubix yep, R2 comes out March 1st. New kernel (3.2.4) will hit the repos a few days before that.
This versions is to be called as Backtrack 5 r2
It will get released in March and is actually scheduled to be released on March 1st
Kernel is going to be 3.2.4

You can see the tweet over here

Hacking and Security / Re: Spoofing Email address?
« on: February 20, 2012, 05:52:09 am »
^^ See the E-mail section over there  ;)

By the way, you can customize the "Reply To" address, so that when the victim replies to your mail, it will to your inbox rather than the "From" address.


The third episode in the OWASP Appsec Tutorial Series. This episode describes the #2 attack on the OWASP top 10 - Cross-Site Scripting (XSS). This episode illustrates three version of an XSS attack: high level, detailed with the script tag, and detailed with no script tag, and then recommends resources for further learning.

Pages: [1] 2

Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.