Archive | Web Hacking


01 March 2007 | 27,728 views

A Collection of Web Backdoors & Shells – cmdasp cmdjsp jsp-reverse php-backdoor

Michael Daw has collected some WEB backdoors to exploit vulnerable file upload facilities and others. It’s a pretty useful library for a variety of situations, especially for those doing web application security audits and web app security. Understanding how these backdoors work can also help security administrators implement firewalling and security policies to mitigate obvious […]

Continue Reading

20 February 2007 | 11,949 views

Fierce Domain Scanner Released – Domain Reconnaissance Tool

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can […]

Continue Reading

19 February 2007 | 10,289 views

Another 0-day MySpace XSS Exploit

This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for’s a scary thought). Once again an XSS flaw shows up in MySpace. digi7al64 found yet another hole in myspace using non-alpha-non-digit […]

Continue Reading

17 February 2007 | 15,027 views

sqlmap – Automated Blind SQL Injection Tool

sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. […]

Continue Reading

12 February 2007 | 17,232 views

AccessDiver – Web Site Security Testing Tool

AccessDiver is a security tester for WEB sites. It incorporates a set of powerful features which help you find and organize failures and weaknesses from your web site. AccessDiver can detect security failures on your web pages. It has multiple efficient tools which will verify the robustness of your accounts and directories accurately. So, you […]

Continue Reading

09 February 2007 | 5,722 views

Google Fixes Serious Vulnerability in Gmail

Google started the new year by fixing a serious vulnerability in Gmail. This was quite an interesting case and once again (as everything relating to web apps seems to be nowdays) it was an XSS flaw that allowed malicious attackers to steal your contact list, leading to some pretty bad information leakage. Google has fixed […]

Continue Reading

05 February 2007 | 17,517 views

Caecus – Web Brute Forcing Tool with OCR Support

Caecus is a unique tool which can bruteforce some OCR form based protections. As far as we know at Darknet, this is the only publicly available OCR brute forcing tool. These scripts generates a digital image as an extra layer of security called OCR. Some versions of this script also use session id’s to keep […]

Continue Reading

02 February 2007 | 11,277 views

Odysseus Win32 Proxy & Telemachus HTTP Transaction Analysis

Introducing a pair of tools that go well together and give you some good control for HTTP transaction analysis and looking at the security of web applications. Odysseus is a tool designed for testing the security of web applications. Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical […]

Continue Reading

30 January 2007 | 43,084 views

Burp Proxy & Burp Suite – Attacking Web Applications

I love the Burp Suite, I really do. It’s pretty much my favourite local proxy program and my favourite suite of tools for security testing web applications (especially the session investigation and manipulation parts). Another great thing is it’s cross platform, so you don’t have to learn different tools for Windows and Linux. Basically Burp […]

Continue Reading

27 January 2007 | 17,067 views

Introducing WHCC – Web Hack Control Center

Web Hack Control Center is a GUI based web server vulnerability scanner or assessment tool. This application gives you the means to identify which security vulnerabilities exist on your web servers by scanning them for the most popular server exploits. WHCC contains a database of thousands of exploits for a variety of web servers. This […]

Continue Reading