rewtdance.blogspot.com
rewt danceA blog about penetration testing, hacking, and security issues.
http://rewtdance.blogspot.com/
A blog about penetration testing, hacking, and security issues.
http://rewtdance.blogspot.com/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Saturday
LOAD TIME
0.1 seconds
16x16
32x32
64x64
128x128
PAGES IN
THIS WEBSITE
16
SSL
EXTERNAL LINKS
24
SITE IP
216.58.216.193
LOAD TIME
0.125 sec
SCORE
6.2
rewt dance | rewtdance.blogspot.com Reviews
https://rewtdance.blogspot.com
A blog about penetration testing, hacking, and security issues.
rewtdance.blogspot.com
rewt dance: Testing Apache Wicket Web Apps (1.4.x)
http://rewtdance.blogspot.com/2013/07/testing-apache-wicket-web-apps-14x.html
Sunday, 14 July 2013. Testing Apache Wicket Web Apps (1.4.x). Is a Java web application framework, and its annoying to test against as it maintains a lot of state server side which makes client side manipulation difficult. Depending on the URLCodingStrategy in use (and whether or not Encryption of the URL is in place*) you may see request containing the following parameter (or similar):. Each subsequent request will increase the sequence number, indicating a different version of the web page:. Its not a ...
rewt dance: July 2012
http://rewtdance.blogspot.com/2012_07_01_archive.html
Tuesday, 31 July 2012. Ubisoft Browser Plugin Exploit. As an exercise in developing for Metasploit myself and a couple of colleagues attempted to port the recent Ubisoft ActiveX Plugin Command Execution Exploit (versions = 2.03) disclosed by Tavis Ormandy: http:/ seclists.org/fulldisclosure/2012/Jul/375. Further feedback from Rapid7's Sinn3r suggested using WebDAV to deliver the payload rather than limiting to just local files, so I butchered webdav dll hijacker.rb to serve exes. Had a few proble...NFTF:...
rewt dance: Is Your SMB Bruteforcer Lying To You?
http://rewtdance.blogspot.com/2012/09/is-your-smb-bruteforcer-lying-to-you.html
Wednesday, 12 September 2012. Is Your SMB Bruteforcer Lying To You? A few weeks back, on a job, I had enumerated a list of domain users from a linux device attached to a windows domain due to anonymous access. Not knowing the lockout policy I gave a quick attempt to enumerate which accounts had a weak password, 'Password1', using Metasploit's smb login module. I tried again with Hydra which picked up a second account,. Looking at the Microsft SMB Error Codes. STATUS PASSWORD MUST CHANGE. STATUS LOGIN TYP...
rewt dance: June 2012
http://rewtdance.blogspot.com/2012_06_01_archive.html
Wednesday, 27 June 2012. Scan SSL Ciphers via Web Proxy. None of my existing tools gave the option of using web proxy to retrieve the SSL cipher strengths supported by a web server. With a bit of googling I came across SSLyze v0.4 which has recently added support for this. Http:/ code.google.com/p/sslyze/. It allows HTTP Web Proxies via the - http tunnel command and has support fot TLS 1.1 and 1.2 -good stuff. It's currently in BackTrack but only v0.3 in /pentest/web/sslyze/. Friday, 22 June 2012. Whilst...
rewt dance: May 2012
http://rewtdance.blogspot.com/2012_05_01_archive.html
Tuesday, 22 May 2012. BMC Remedy Password Descrambling. The BMC Remedy application scrambles the users password with client side javascript on the login.jsp page. This is a very weak encryption cipher and easily decoded, so provides no real protection for your passwords. Ensure your web application is only served over HTTPS to protect your password and do not rely on this functionality. The following proof of concept reverses the cipher:. BMC Remedy Password Descrambler". Subscribe to: Posts (Atom).
TOTAL PAGES IN THIS WEBSITE
16
scriptmonkey – blog.scriptmonkey.eu
http://blog.scriptmonkey.eu/author/scriptmonkey
8211; Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own. NFAL: Episode Two (Point 5) – Breaking out of the Jail. With that and the slight addition that this was going to be NFAL Episode Two. On it’s own so its now kind of NFAL Episode 2.5 The continuing adventures of noddy testing… on with the original post! Recently I did some testing involving the “Remote Application” features of terminal services through a terminal services web gateway. Initially logging in ...
November 2012 – blog.scriptmonkey.eu
http://blog.scriptmonkey.eu/2012/11
8211; Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own. Notes from a lockdown: Episode 1. So I’ve done a few posts in the past about getting command prompts from GPO’d workstations and running what’s known as “mobile code” in locked down environments (VBA, VBS, BAT, Bash, Python, Perl, etc…). I figured I’d try and make a series of sh…. Lesson 1: Just because you can’t run reg edit doesn’t mean you can’t edit reg. VBS – Difficulty: Easy. Dim objReg, keySet.
PeSKy VPNs – A lesson in IPSEC and IKEv1 – blog.scriptmonkey.eu
http://blog.scriptmonkey.eu/pesky-vpns
8211; Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own. PeSKy VPNs – A lesson in IPSEC and IKEv1. So every quarter my company arranges an internal “conference” where the members of my team have to come up with some sort of presentation discussing research or learning that they have done in the past 3 months. My network-fu leaves much to be desired and I will say it is one of my weaker points. So onto the content…. Finding the damn things. IPSEC VPNs traditiona...
July 2015 – blog.scriptmonkey.eu
http://blog.scriptmonkey.eu/2015/07
8211; Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own. So its the day after the conference and I sit here in bits. Unfortunately since friday i’ve been struck down with an attack of sciatica however I downed my ibuprofen along with a few paracetamol for good measure and drove the many hours up’t north and found myself in Sheffield at the best conference I have had the pleasure of attending thus far. A few more talks and a lunch that had more than enough food ...
October 2012 – blog.scriptmonkey.eu
http://blog.scriptmonkey.eu/2012/10
8211; Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own. So after a bit of a drinking session with some lads I’m working with and lots of teasing of a fellow tester attempting to get him to buy a (rather cool in my opinion) domain name, i’ve just gone and got this blog its own proper home on the web. No…. No longer using my personal domain from yonks ago, it now is officially:. Http:/ blog.scriptmonkey.eu. So there you go! PS I use 123-reg for my registrar and ...
blog.scriptmonkey.eu – Page 4 – – Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own.
http://blog.scriptmonkey.eu/page/4
8211; Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own. Leveraging HTML5 in order to turbo-charge clickjacking. You have a website and you’ve proven it’s vulnerable to clickjacking, but what use is fooling a user into submitting a form unless you can specify some of the data that the user is submitting within those fields? We’ve all played games online wher…. It’s all thanks to the drag-and-drop method and in particular the ondragstart method. So users drag th...
October 2014 – blog.scriptmonkey.eu
http://blog.scriptmonkey.eu/2014/10
8211; Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own. PeSKy VPNs – A lesson in IPSEC and IKEv1. So every quarter my company arranges an internal “conference” where the members of my team have to come up with some sort of presentation discussing research or learning that they have done in the past 3 months. My network-fu leaves much to be desired and I will say it is one of my weaker points. So onto the content…. Finding the damn things. IPSEC VPNs traditiona...
Quickie #1: Virtualbox vs VmWare Network Drivers – blog.scriptmonkey.eu
http://blog.scriptmonkey.eu/quickie-1-virtualbox-vs-vmware-network-drivers
8211; Notes, Thoughts and Ramblings of a Penetration Tester based in the UK. My opinions are my own. Quickie #1: Virtualbox vs VmWare Network Drivers. When importing a vulnerable VM a colleague has made and exported using OVF format into virtualbox… even though you have the XP safe “PCNET-FAST III” selected that should work without any need for additional drivers (here’s looking at you intel)…. That’s 30 to 60 minutes of “WTF! 8221; that I’ll never get back. May 1, 2015. Leave a Reply Cancel reply. From ...
TOTAL LINKS TO THIS WEBSITE
24
rewt.com
Rewt.us
Rew T
Automotive customization and fabrication. Suspension upgrades for all vehicles. Lift kits (2 and 4 wheel drive). We specialize in vehicles such as:. Muscle cars * Street rods. Your source in the NW for all things custom. RewT Customization & Fabrication. Is a small family owned and operated automotive customization. Business in western Washington. RewT Customs was started. Because of my passion to work on my own vehicles so I decided. To make it a legacy that I can pass off to my sons, who have that.
rewt dance
Saturday, 9 November 2013. Android Memory Forensics – Step by Step on the Galaxy Nexus I9250. This builds upon the excellent guide given by the Volatility team: https:/ code.google.com/p/volatility/wiki/AndroidMemoryForensics. But provides an example for a physical device. This shows you how to dump the memory, but doesn't go into detail of what to do with it when you have it! Determine Kernel Version and Model. The EAN/UPC code (off barcode on box):. Model: GT-19250 (taken from sticker under battery).
Coming Soon - Future home of something quite cool
Future home of something quite cool. If you're the site owner. To launch this site. If you are a visitor. Please check back soon.
Reviews und Tutorials - rewTech.net
Box 7490 von AVM. Die neue FRITZ Box 7490 des Herstellers AVM gilt als Spitzenmodell unter den High-Speed-Routern. Fritz Box Smart Home - Möglichkeiten für das vernetzte Zuhause. Vollgepackt mit nützlichen Funktionen. Leichtes Gepäck für technische Höhenflüge: Mit dem iPad Air lässt es sich leicht abheben. Mit nur 469 bzw. 478 Gramm belastet das Tablet kaum das Gepäck. Das iPhone 5s gilt als Spitzenkonstruktion der Apple Smartphones und ist in Deutschland seit September 2013 erhältlich.
rewtechy.com - Web Application Development - Andrew Rankin - Vancouver BC - rewtechy.com
November 2012 - present). Any project large or small. Database Admin and Design. Rewtechy.com - Web Application Development. September 2012 - Present). Vice President of Technology. Database / System Administrator. Allura Direct.com Vacations Ltd. May 2004 - August 2012). CMS, Gallery Manager (2011). CMS, XML (2008) * frontend requires flash. This site is powered by the following open source or free technology. Other technology used in building Web Applications. Asper School of Business.
Rewterz - Information Security Company
Next Generation Penetration Testing. Advanced Persistent Threat Assessment. Security Awareness & Training. Next Generation Penetration Testing. Advanced Persistent Threat Assessment. Security Awareness & Training. Talk to a Security Expert. Committed to consistently providing world class professional and managed security services in Pakistan and the Middle East. Next Generation Penetration Testing. What if you could know how attackers think, work, and pull off their biggest heists? Our main goal is to pr...
