Archive | Web Hacking


06 February 2013 | 2,679 views

Weevely – PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox and all the major […]

Continue Reading


06 December 2012 | 2,476 views

TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation

When running web application security assessments it is mandatory to evaluate the security stance of the SSL/TLS (HTTPS) implementation and configuration. OWASP has a couple of references the author strongly recommends taking a look at, the “OWASP-CM-001: Testing for SSL-TLS” checks, part of the OWASP Testing Guide v3, and the Transport Layer Protection Cheat Sheet. […]

Continue Reading


13 November 2012 | 4,078 views

Hack.me – Build, Host & Share Vulnerable Web Application Code

Hack.me is a FREE, community based project powered by eLearnSecurity. The community allows you to build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party […]

Continue Reading


15 October 2012 | 5,142 views

Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool

Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a “safe to run” program, meaning it is not designed to be an exploit or perform any harmful attacks. There’s a couple of other tools that […]

Continue Reading


16 July 2012 | 2,575 views

Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext

There’s been a few HUGE cases of large sites being hacked and exposing either plaintext or extremely poorly encrypted passwords, it happened to LinkedIn not that long ago – and the latest case is of Yahoo!. It wasn’t the main site, but with almost half a million username and password combos exposed – it’s a […]

Continue Reading


17 May 2012 | 1,398 views

Hackers Break Into Bitcoin Exchange Site Bitcoinica

Bitcoin hasn’t been having a great time lately, there have been a few high profile, large dollar amount hacks of Bitcoin Exchange sites (basically the Bitcoin banks). The latest involved $90,000USD and a high likelihood that the user database was compromised too. It seems like Bitcoin, despite all the hype, might die a slow death […]

Continue Reading


25 April 2012 | 5,042 views

creepy – A Geolocation Information Aggregator AKA OSINT Tool

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to […]

Continue Reading


23 April 2012 | 879 views

Anonymous Take Down Official F1 Site As Bahrain Protest

It seems like the latest target for Anonymous is the F1 due to the race that took place in Bahrain and the human rights issues in the country. They DDoSed the official F1 site (formula1.com), which was up and down on Saturday and defaced another related site (f1-racers.net) which also contains some details from ticket […]

Continue Reading


12 April 2012 | 2,774 views

web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)

web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework. Current Functionality -S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language […]

Continue Reading


02 April 2012 | 7,663 views

GooDork – Command Line Google Dorking/Hacking Tool

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking. GooDork offers powerful use of Google’s search directives, by […]

Continue Reading