[HACK]IN(SIGHT) - VOL 1 NO.15
We are happy to announce releasing the first special issue: Best of 2013.
This time we prepared 177 pages concerning 9 technical articles for you. Let's have a look at the contents:
- Page 7: Cracking Wi-Fi - Almost everything is wireless these days. Wireless networks, or WLANs, came and made everything easier - easy to set up, easy to use and fun to play with, and, of course, no more cables lying around. They conquered private and business sector with simplicity and flexibility. This is where one more “easy and simple” feature of the WLANs presents itself – easy and simple to compromise.
- Page 36: Seek and Destroy – from Vulnerability Assessment to PenTest - What is the best way to improve our PenTest skills? What is the best way to find vulnerabilities during a PenTest? And the best way to minimize the risk of service disruption? I think the correct answer is the use of a good vulnerability assessment tool. In my opinion the best Vulnerability Assessment (VA) tools are Nessus and Backtrack (has all you need on-board).
- Page 46: How to Hack Facebook - Facebook/Twitter, where people share their day to day activities with their friends and family from all across the world, where Entertainment has its own meaning, where there is the FREEDOM of speech. Where you tend to be a totally different person, than you really are. Like everything else in this universe there is its ups and downs i.e. like in real life you get “mugged / robbed” in Facebook You get “HACKED”. In this article we are going to get deep into how you can be “robbed / mugged” in Facebook.
- Page 61: You Print... I Hack... - I print and you hack? Is that what you are trying to say Sameh? Am I in danger having a printer close to me? The answer to the above-mentioned questions is “YES”. A Vulnerability in the Print Spooler Service could allow Remote Code Execution whereby a computer could be fully and remotely compromised!
- Page 65: Metasploit Tutorial - The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
- Page 82: Exploitation of Android with Metasploit Framework
- Page 88: Java Applet JMX 0day Remote Code Execution with Metasploit
- Page 95: Exploitation of Apache Tomcat
- Page 112: iOS Insight: iPhone Vulnerabilities - The security and vulnerability issue is a very common subject regarding mobile devices. Usually the focus is on the Android based devices and his several problems regarding with malware. Meanwhile, a new study shown that the iOS, the iPhone operating system, has more security vulnerabilities that the Google, Windows Phone and BlackBerry all together.
- Page 124: Web Application Penetration Testing - Complete How To - The intent of this article is to demonstrate complete Web Application Security testing covering both technical as well as procedural checks. This article is not aimed at teaching how to find only limited bunch of technical vulnerabilities (like SQL Injection, XSS) using free automated tools. This article would help your thought process mature by getting into insights of Web Application Security Testing and also make you aware about challenges you may face during testing.
- Page 137: Combining Nessus and Metasploit (and other frameworks) to make our job easier! - Want to Increase your productivity, shorten the time it takes to 'pop a box', and overall just simplify your life? Then keep reading! I spend a lot of time performing Penetration Tests for all sorts of clients. One of my biggest challenges is timing as there are never enough hours in the day. So I am constantly on the lookout for ways to simplify my life. To do so I try and find ways to make the steps that I perform for each and every client simpler, shorter, and easier. Today I'm going to share a few of these with you.
- Page 165: Snort - Hacker's Handbook - Snort is an open source network-based intrusion detection system (NIDS). That can analyses the real-time traffic and can log packets on Internet Protocol (IP) networks. Snort can perform protocol analysis, content searching, and content matching. It also can be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans.
Special thanks for Zeronights Conference and Smart Soft - Hack Insight's official Partners!
Enjoy the hacking!
Hack Insight Team
This publications is available in Hack Insight annual subscription.