About RED_HAWK: RED_HAWK is a all in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all pentesters and hackers.RED_HAWK's features:Basic ScanSite Title (NEW): IP Address Web...
Welcome to my 2nd tutorial of PHP and MYSQL. In the previous video I've discussed How to download and install a server PHP and also How to create databases and How to create tables in the databases in the form of rows and columns.
In this video I've discussed multiple ways to connect database with PHP such as by using variables etc. First of all you have need to install a cool interface software for coding. I suggested you to download any one of them such as Dreamweaver, Notepad++, Sublime Text Editor and Atom etc. I'm using sublime text editor in this series of tutorial.
Syntax of PHP
<?php
//type here the code
?>
How to save the PHP file
You should save your PHP file in the root directory of the server. In XAMPP the "htdocs" is the root directory of the server. In WAMPP "www" is the root directory. Now how to save the file?
Step 1:
Press CTRL + S button to safe the file.
Step 2:
Go to the server location where it has been installed. By default it is installed in Local Disk C. Got C drive.
Step 3:
Go to XAMPP directory.
Step 4:
Go to htdocs diretory.
Step 5:
Save a file there with extension ".php". You can create a different folders for different projects in htdocs directory. So first create the folder in htdocs and then save your files in the folder.
How to Run PHP Script
Step 1:
Open a XAMPP control panel and start Apache and Mysql services.
Step 2:
Open your web browser.
Step 3:
Type localhost/yourFolderName/yourFileName.php and hit enter. For example: localhost/myFolder/index.php.
When it comes to email providers, there's no competitor to Google's awesome features. It is efficient which connects seamlessly with the rest of your Google products such as YouTube, Drive, has a major application called Gmail Inbox, and is overall an extremely powerful email service. However, to use it with a custom domain, you need to purchase Google Apps for either $5 or $10/month, which for casual users is a bit unnecessary. On top of that, you don't even get all of the features a personal account gets, e.g. Inbox. So, here's a free way to use your Gmail account with a custom domain. I am just going to show you hacking Gmail for free custom domain email.
SO, HOW HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL
PASSWORD: EHT
STEPS:
First, register with Mailgun using your Gmail address. Use your Gmail only. Once you have clicked the confirm link, log in to the Mailgun website. Now you're in the dashboard, move on the right under "Custom Domains", click "Add Domain".
Follow the setup instructions and set DNS records with whoever manages your DNS. Once you've done this, click on the "Routes" link on the top to set up email forwarding.
Now move to the Route tab and click on Create New Route.
As you click the button, you will see a page like below. Just enter the information as entered in the following screenshot.
Just replace the quoted email with your desired email in the above-given screenshot.
Next, we'll setup SMTP configuration so we would be able to send emails from an actual server. Go to "Domains" tab, click on your domain name.
On this page, click "Manage your SMTP credentials" then "New SMTP Credential" on the next page.
Type in the desired SMTP credentials. And, go to Gmail settings and click "Add another email address you own". Once you open, enter the email address you wish to send from.
In the next step, set the SMTP settings as follows.
After clicking "Add Account" button, now you're done.
The final step, make sure to set it to default email in the Gmail settings > Accounts.
That's all. Now you got free Gmail custom domain with 10,000 emails per month. Hope it will work for you. If you find any issue, just comment below.
Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.
In Hacking the main focus is over gathering the information about victim or victim's machine. Which will help to find out which type of exploit will works according to the given circumstances. Gathering the network and host information means to find out by which network, the which victim's machine is connected and communicating over the network. Moreover, scanning is also performed for gathering information about open and closed ports. After that they'll able to find the vulnerabilities in the target system and try to get access to the system.
Types Of Scan
As a CEH you should know the scan types and uses:
SYN
SYN scan doesn't complete the TCP three way handshake that is why it is known as a half-open scan. An attacker send a SYN packet to the victim machine if SYN/ACK packet is received back to attacker, then it clarify that the port is listening due to the acknowledgment by the victim that it has completed the connection. While if the attacker is received the RST/ACK packet then it assumed that the port is closed or open.
XMAS
XMAS scan works only on target system that has the RFC 793 development of TCP/IP and it doesn't works against any version of windows. XMAS scan send a packet with by setting up the FIN, URG and PSH flags of the TCP header. The function of this scan is if the port is active there will be no response but if the port is closed the target responds with a RST/ACK packet.
FIN
A FIN scan send a packet by setting up only the FIN flag of the TCP. This scan is similar to XMAS scan. FIN scan receives no response if the port is active while if the port is closed it receives the RST/ACK packet.
NULL
NULL scan is also similar to the XMAS scan. But the only difference is that it sends a packet without setting up the any flag of TCP header. NULL scan receives no response if the port is open but if the port is closed it receives the RST/ACK packet.
IDLE
It is just like spoofing an IP address by sending a SYN packet to the victim's machine to find out which services are available over the system. This scan is completed with the help of another system called as "Zombie" (that is not receiving or transmitting any information).
What is BurpSuite? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.
In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.
Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.
BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.
Requirements and assumptions:
Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed
Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.
on for Firefox from https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.
Video for setup and installation.
You need to install compatible version of java , So that you can run BurpSuite.
About BruteSpray: BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV...
Previously I had gone over a somewhat limited local file include in the Ganglia monitoring application (http://ganglia.info). The previous article can be found here -http://console-cowboys.blogspot.com/2012/01/ganglia-monitoring-system-lfi.htmlI recently grabbed the latest...
After investigating the security of PDF signatures, we had a deeper look at PDF encryption. In cooperation with our friends from Münster University of Applied Sciences, we discovered severe weaknesses...