Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

Showing posts with label NoSQL. Show all posts
Showing posts with label NoSQL. Show all posts

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

3:15 PM  , , , , , , , , , ,  


A FrameWork For NoSQL Scanning, Enumeration and Exploitation.
NoSQL Databases are schema less databases. They were invented to store data easily and flexibly.
NoSQL Databases have gained popularity and its security has always been under the scanner.
The NoSQL Exploitation Framework focuses scanning,enumerating and exploiting these databases.
The tool has support for over 5 databases MongoDB,CouchDB,Redis,H-Base and Cassandra.

Added Features:

  • First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
  • Support For NoSQL WebAPPS
  • Added payload list for JS Injection,Web application Enumeration.
  • Scan Support for Mongo,CouchDB and Redis
  • Dictionary Attack Support for Mongo,Cocuh and Redis
  • Enumeration Module added for the DB's,retrieves data in db's @ one shot.
  • Currently Discover's Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo,Couch and Redis

Installation

  • Run chmod+x install.sh nosqlmap.py
  • ./install.sh
  • nosqlexp.py -h (For Help Options)

Sample Usage

  • nosqlexp.py -ip localhost -scan
  • nosqlexp.py -ip localhost -dict mongo -file b.txt
  • nosqlexp.py -ip localhost -enum couch
  • nosqlexp.py -ip localhost -enum redis
  • nosqlexp.py -ip localhost -clone couch
  • nosqlexp.py -ip localhost -webapp "web_app_link"

Read More

[NOSQLMap] NoSQLMap-Automated NoSQL Database pwnage

8:53 AM  , , , , ,  

What is NoSQLMap?

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database.  It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool SQLmap, and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".  Presently the tool's exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases; right now the goal is to provide a proof of concept tool to debunk the premise that NoSQL is impervious to SQL injection attacks.

Features
  • Automated MongoDB database enumeration and cloning attacks.
  • PHP application parameter injection attacks against MongoClient to return all database records.
  • Javascript function variable escaping and arbitrary code injection to return all database records.
  • Timing based attacks similar to blind SQL injection to validate Javascript injection vulnerabilities with no feedback from the application.
  • More coming soon!

Read More
Subscribe to: Posts (Atom)