Search:

amolnaik4 · 10-19-2015, 03:34 PM

Hey,
My video takes advancetage of known vulnerability in internal application. If you have same knowledge you can surely use that method. If not, you can still exploit xss to hijack victim's...

amolnaik4 · 09-28-2015, 12:54 PM

As per XEE description (http://projects.webappsec.org/w/page/13247002/XML%20Entity%20Expansion), this vulnerability results in the DoS which consumes all server resources. From your response it...

amolnaik4 · 03-18-2015, 04:15 PM

Hi nullbyte, the question does not provide any information about the scenario. It would be great if you could provide the actual steps you trying and the response you received from the application. I...

amolnaik4 · 12-22-2014, 11:51 AM

the new link to download DVWS:
http://dvws.professionallyevil.com/downloads/dvws.tgz

Thanks to @makash :)

Enjoy!!!

amolnaik4 · 07-24-2014, 11:17 AM

Hi,

Here is the list of online XSS challenges:
http://escape.alf.nu/
http://xss-quiz.int21h.jp/
http://prompt.ml
https://xss-game.appspot.com/

Feel free to add more.

amolnaik4 · 05-26-2014, 12:01 PM

Nice post from Aleksandr Dobkin:
https://plus.google.com/+AleksandrDobkin-Google/posts/JMwA7Y3RYzV

Enjoy!!!

AMol NAik

amolnaik4 · 01-03-2014, 05:49 PM

Many interesting talks here:

http://wtf1.muling.lu/30c3/
http://wtf.muling.lu/30c3/
30c3.ex23.de/fahrplan_d1.html

Enjoy!!!

AMol NAik

amolnaik4 · 12-04-2013, 11:49 AM

Nice paper on SAP Pentesting:
http://information.rapid7.com/rs/rapid7/images/SAP%20Penetration%20Testing%20Using%20Metasploit%20Final.pdf

Enjoy!!!!

AMol NAik

amolnaik4 · 07-02-2013, 06:51 PM

Intelligent bugs I must say :)Well Done, fb1h2s

amolnaik4 · 06-25-2013, 08:52 PM

Welcome to Garage, leganza. Learn & Share !!!

amolnaik4 · 05-10-2013, 10:22 AM

Hello All,

I'm n00b in fuzzing & exploitation field. I wanted to learn the art of analysis of crashes generated from fuzzing.

Can you guide me for the resources which are useful for learning...

amolnaik4 · 05-09-2013, 04:34 PM

Very nice Vinnu.

koi muze analysis sikha do yaar :)
Can't Understand which crash is exploitable and which one not.

amolnaik4 · 04-11-2013, 11:44 PM

i use SOAP client, Live HTTP Headers & REST client ... all Firefox addons for testing web services. Now you'll be able to use IronWASP as well.

amolnaik4 · 04-04-2013, 03:05 PM

Firewalking with nmap:
Firewalking with nmap | DiabloHorn

AMol NAik

amolnaik4 · 04-01-2013, 05:54 PM

PDF:
http://defcon-russia.ru/15/Nokia_reward_recognition.pdf

AMol NAik

amolnaik4 · 02-27-2013, 06:04 PM

I'll be available on Sunday morning, Thursday evening is not possible.

See you all at @nullcon.

AMol NAik

amolnaik4 · 02-25-2013, 10:50 PM

There is no user used. You need to give "SMBUser" as well along with corresponding password hash "SMBPass".

AMol NAik

amolnaik4 · 02-25-2013, 01:15 AM

Welcome to Garage, Dexter. Kepp learning & sharing knowledge. :)

amolnaik4 · 02-18-2013, 06:11 PM

Couple of nice posts about various types CSRF exploitations:

Apps and Security: Stateless CSRF Protection

Advanced CSRF and Stateless Anti-CSRF

AMol NAik

amolnaik4 · 02-11-2013, 05:11 PM

@r00tc0deL: you should search the forum & the Internet before asking for the help.

Here is one cheat sheet:
http://www.garage4hackers.com/f11/flash-xss-cheat-sheet-3093.html

AMol NAik

amolnaik4 · 02-06-2013, 10:27 PM

Here is the HackPra presentations which talks about some file upload techniques:

File in the hole!

AMol NAik

amolnaik4 · 01-23-2013, 11:21 PM

Welcome to garage .... learn & share the knowledge :)

amolnaik4 · 01-06-2013, 12:05 PM

Looks like you need to allow port 4444 on your router from internet. This is callled as Port Natting.

amolnaik4 · 12-18-2012, 12:38 AM

welcome to garage, karthikp. Hope to see you sharing your knowledge here :)

amolnaik4 · 12-18-2012, 12:36 AM

@karthikp: there is an attack called as Cross-Site Tracing (XST). You should read about this and find out is it still applicable to modern browsers. I'm sure after reading about this attack and...

The forum is frozen forever - but it won't die; it'll stay for long in search engine results and we hope it would keep helping newbies in some way or other - cheers!

Search:

Search: Search took 0.02 seconds; generated 42 minute(s) ago.

Thread: [Help] XSS + Sql injection?

Thread: Reporting vulnerabilities

Thread: help to break into very strange sql injection behavior

Thread: Resources for Web Services Testing

Thread: Online XSS challenges

Thread: Reverse Clickjacking

Thread: 30c3 Conference videos

Thread: SAP Penetration Testing using Metasploit

Thread: Article: A weekend with Cisco Meraki Bug Bounty, a tale of few web bugs .

Thread: hi everyone

Thread: Need help to learn Crash Analysis and Exploitation

Thread: Windows 7 64bit exploitation using LdrHotPatchRoutine and bypassing ASLR+DEP

Thread: Hacking Web Services with Burp

Thread: Firewalking with nmap

Thread: Nokia bug bounty program details

Thread: Garage meet post NullCon @Goa

Thread: having trouble in using smb/psexec

Thread: Hello Comrades !

Thread: POST based CSRF attack against Web Applications that use JSON RPC

Thread: Flash Cross Site Scripting[Help me!]

Thread: File upload bypassing techniques in web applications to upload shells

Thread: Newbie from NYC

Thread: msfpayload confusion about the IP

Thread: Hi all

Thread: TRACE method