hacking | Anant Shrivastava's blog

White Paper : Web Application Finger Printing : Methods/Techniques and Prevention

July 17, 2011 / hacking, Technical / 1 minute of reading

Today I am presenting my work for past some days in form of a white paper. This white paper basically outlines the automated finger printing methods, techniques and ideas for prevention automated methods to work on your site. BTW those who are having wappalyzer on there browsers just enjoy visiting my Joomla Powered Website. 😀 …

White Paper : Web Application Finger Printing : Methods/Techniques and Prevention Read More »

Chrome Extensions for Security Professionals

July 10, 2011 / hacking, Technical / 4 minutes of reading

During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of firefox extensions backing it up, we have also custom builds like OWASP Mantra doing the round. …

Chrome Extensions for Security Professionals Read More »

Database protection Techniques : a different prespective

June 28, 2011 / development, hacking, idea, Technical / 3 minutes of reading

Tips for Db Security Disclaimer : This post keeps in mind the web frontends and web applications based attacks on DB Servers in mind. Any Userid used for web application connectivity should be clipped to specific ip addresses that could be localhost in case of same server usage for Db and App server. If two …

Database protection Techniques : a different prespective Read More »

Nullcon CTF BattleUnderground 2011 Walkthrough

May 31, 2011 / hacking, Technical / 1 minute of reading

Finally after nearly 3 months i have been able to compile the complete walkthrough. So presenting the walkthrough for Battle underground. Please keep some notes in mind 1) Most of the stuff is done after servers were shutdown so i have to manage with directions only and not screenshots. 2) Feel free to ask questions …

Nullcon CTF BattleUnderground 2011 Walkthrough Read More »

protection wordpress username enumeration

May 30, 2011 / hacking, howto, idea, Technical / 1 minute of reading

After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it. I am right now using a wordpress plugin : Redirections https://wordpress.org/extend/plugins/redirection/ Inside the plugin page which comes under : tools -> redirections Add a …

protection wordpress username enumeration Read More »

WordPress User Enumeration PoC Shell Script

May 29, 2011 / hacking, scripting / 1 minute of reading

We have recently seen WordPress User name enumeration Vulnerability disclosure here http://seclists.org/fulldisclosure/2011/May/493 Versions Effected are : 2.6, 3.1, 3.1.1, 3.1.3 Here i am enclosing a simple PoC which could be run on Bash Shell. (Note : PoC on python is already available for those who are curious) [github userid=”anantshri” repoid=”script-collection” path=”wp-user-enum.sh” language=”bash”] Code could be …

WordPress User Enumeration PoC Shell Script Read More »

Hack IM Walk Through : Nullcon – 2011

February 24, 2011 / hacking, Technical / 1 minute of reading

After nearly one week of finishing the HackIM challenge, I have finally got the time to finally document the whole process with as much link and screen-shots as possible. However i didn’t went ahead and released the doc at that time coz a lot of users where playing and i don’t wanted to spoil their …

Hack IM Walk Through : Nullcon – 2011 Read More »