OSX has multiple clipboards that allow you to do fairly user friendly actions such as drag and drop various files, fonts, text, etc. Among these clipboards is the global "Find Pasteboard". This has been by far the stupidest and more shortsighted idea i have ever seen implemented by apple.
At first it seems like a great idea, select text somewhere, hit cmd+e and search for it in a completely separate application just by hitting cmd+g. I'm sure certain people find that very useful. But there is a problem with this. A problem that makes me want to punch babies.
For example:
if you search for text in chrome on a webpage, and you switch to sublime text 2 to search for something in your code, it automatically inputs the text that you typed into chrome, into the sublime "find" box. ok...thats odd, i'll just backspace and start typing my search. Ah damn, i forgot the syntax to that one perl regex. When you switch back to chrome to search the page, IT COMPLETELY WIPES OUT/REPLACES YOUR SEARCH IN SUBLIME. so that big long regex i was typing in sublime? gone. Thanks apple, your "feature" wiped out the last 30 minutes of research i was doing.
oh.my.god. this is the type of thing that creates serial killers.
The absolute worst part about all of it, the part where apple's arrogance and unbelievable big head ruins everything, is in the fact that THERE IS NO WAY TO DISABLE IT. AT ALL. ZILCH. NADA. They simply say that "this is intended behavior" which is the equivalent of them giving you the finger and saying "deal with it".
The entire idea of the find clipboard itself is stupid. It's a feature thats hardly known, and much more likely to cause frustration and issues than the problems it solves. The probability that you need to search for two different strings in different applications is obscenely higher than the few situations in which you want to search text from one app in another.
I'm not saying take this feature out, as i'm sure someone might be using it, i'm simply asking for a way to disable it.
This issue is more evidence of what i believe to be apple's worst quality, the arrogance of their imposed "user experience" on the consumer. I'm done with apple, this issue is on top of the dozens of other things that have driven me mad by them. I'm doing back to linux. At least then i have %100 control over my computer.
Saturday, January 26, 2013
Thursday, January 24, 2013
Barracuda SSH Backdoors
Today i learned of an advisory posted on reddit regarding Barracuda and certain "support" ssh backdoors installed on many of their products. Unfortunately i dont have a Barracuda product to test the specific attack strings on, but i have been able to gather quite a bit of information on it:
Here is the reddit netsec article on it:
http://www.reddit.com/r/netsec/comments/176p7z/critical_ssh_backdoor_in_multiple_barracuda/
Here is the Neohapsis copypasta from SEC-consult:
http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0221.html
Here is the original advisory:
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt
Barracuda released several "tech alerts" about this vuln:
https://www.barracudanetworks.com/support/techalerts
Here is a full disclosure post in 2011 where someone suspected Barracuda had a backdoor (for lolz)
http://seclists.org/fulldisclosure/2011/Apr/460
Here is a blog post from 2009 (seriously) of a guy that got root access from the console and revealed overlapping details about the advisory:
http://blog.shiraj.com/2009/09/barracuda-spam-firewall-root-password/
Summary of the situation:
The following products:
Barracuda Spam and Virus Firewall
Barracuda Web Filter
Barracuda Message Archiver
Barracuda Web Application Firewall
Barracuda Link Balancer
Barracuda Load Balancer
Barracuda SSL VPN
(all including their respective virtual "Vx" versions)
vulnerable version: all versions less than Security Definition 2.0.5
All have preinstalled (undocumented) support accounts with SSH access in /etc/passwd.
The "product" support account drops you to shell without requiring SSH keys. Which also has access to the MySQL database that can modify the list of users who can log in...
Only hosts coming from certain IPs can access this ssh daemon:
192.168.200.0/24
192.168.10.0/24
205.158.110.0/24
216.129.105.0/24
There are certain reports that the "product" user requires no password.
If anyone can get me the user hashes, i can run it through my (pretty big/extensive) wordlists with rulesets.
Here is the reddit netsec article on it:
http://www.reddit.com/r/netsec/comments/176p7z/critical_ssh_backdoor_in_multiple_barracuda/
Here is the Neohapsis copypasta from SEC-consult:
http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0221.html
Here is the original advisory:
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt
Barracuda released several "tech alerts" about this vuln:
https://www.barracudanetworks.com/support/techalerts
Here is a full disclosure post in 2011 where someone suspected Barracuda had a backdoor (for lolz)
http://seclists.org/fulldisclosure/2011/Apr/460
Here is a blog post from 2009 (seriously) of a guy that got root access from the console and revealed overlapping details about the advisory:
http://blog.shiraj.com/2009/09/barracuda-spam-firewall-root-password/
Summary of the situation:
The following products:
Barracuda Spam and Virus Firewall
Barracuda Web Filter
Barracuda Message Archiver
Barracuda Web Application Firewall
Barracuda Link Balancer
Barracuda Load Balancer
Barracuda SSL VPN
(all including their respective virtual "Vx" versions)
vulnerable version: all versions less than Security Definition 2.0.5
All have preinstalled (undocumented) support accounts with SSH access in /etc/passwd.
The "product" support account drops you to shell without requiring SSH keys. Which also has access to the MySQL database that can modify the list of users who can log in...
Only hosts coming from certain IPs can access this ssh daemon:
192.168.200.0/24
192.168.10.0/24
205.158.110.0/24
216.129.105.0/24
There are certain reports that the "product" user requires no password.
If anyone can get me the user hashes, i can run it through my (pretty big/extensive) wordlists with rulesets.
Tuesday, January 22, 2013
Edit Text Without Using Files
Lots of times on engagements i'll have to take a big chunk of data, for example user credentials, and parse/format them a particular way. Typically it can be done quickly by placing the text into a small temp file, and then parsing the contents that way.
The problem is that you are then left with a bunch of crap files you dont need. Granted, i could just put everything in the /tmp folder, or create another temp folder alltogether, but i didnt want to have to deal with files at all.
In come here documents. Here documents are awesome for stuff like this. Take this example:
Now all i need to do is just paste the text once it spits back the '>' prompt.
The problem is that you are then left with a bunch of crap files you dont need. Granted, i could just put everything in the /tmp folder, or create another temp folder alltogether, but i didnt want to have to deal with files at all.
In come here documents. Here documents are awesome for stuff like this. Take this example:
cat <<EOFMEOW | awk '{print $3}'
>ZOMG THE TEXT
>IT GOES HERE
>WHERE?
>IT GOES HERE LOLZ
>EOFMEOW
TEXT
HERE
HERE
Now all i need to do is just paste the text once it spits back the '>' prompt.
Wednesday, January 16, 2013
Windows Network Service Internals - IPC/RPC
http://www.hsc.fr/ressources/articles/win_net_srv/index.html
Here are the core MSRPC functions/capabilities. It includes things like interacting with the SAM, the registry, the event log, the service control manager and much more:
http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_core.html
Here are the core MSRPC functions/capabilities. It includes things like interacting with the SAM, the registry, the event log, the service control manager and much more:
http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_core.html
Saturday, January 5, 2013
Pentest Bookmarks - Single Links
Here is a list of the pentest-bookmarks grabbed from http://code.google.com/p/pentest-bookmarks/
I needed to parse them for a project, so i modified it to be a one-line-per-link format. I figured someone else might be able to use it for something so I'm posting it here.
EDIT: here is the line i used:
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
http://addictomatic.com/
http://andlabs.org/tools.html#dser
http://andlabs.org/tools.html#sotf
http://arachni.segfault.gr/news
http://archangelamael.blogspot.com/
http://articles.manugarg.com/arp_spoofing.pdf
http://asturio.gmxhome.de/software/sambascan2/i.html
http://avondale.good.net/dl/bd/
http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
http://bernardodamele.blogspot.com/
http://blindelephant.sourceforge.net/
http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
http://blog.0x3f.net/tool/keimpx-in-action/
http://blog.andlabs.org/
http://blog.c22.cc/
http://blog.commandlinekungfu.com/
http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
http://blog.metasploit.com/
http://blog.metasploit.com/2010/03/automating-metasploit-console.html
http://blog.metasploit.com/2010/05/introducing-metasploitable.html
http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
http://blog.ombrepixel.com/
http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
http://blog.portswigger.net/
http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
http://blog.sipvicious.org/
http://blog.skeptikal.org/
http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
http://blog.spiderlabs.com/
http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
http://bright-shadows.net/
http://capture.thefl.ag/calendar/
http://carnal0wnage.attackresearch.com/node/410
http://carnal0wnage.attackresearch.com/node/436?utm_source=twitterfeed&utm_medium=twitter
http://carnal0wnage.blogspot.com/
http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
http://centralops.net/co/
http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
http://cirt.net/passwords
http://cirt.net/ports_dl.php?export=services
http://clez.net/
http://code.google.com/edu/languages/google-python-class/index.html
http://code.google.com/p/fimap/wiki/WindowsAttack
http://code.google.com/p/fm-fsf/
http://code.google.com/p/fuzzdb/
http://code.google.com/p/it-sec-catalog/wiki/Exploitation
http://code.google.com/p/javasnoop/
http://code.google.com/p/keimpx/
http://code.google.com/p/msf-hack/wiki/WmapNikto
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
http://code.google.com/p/pinata-csrf-tool/
http://code.google.com/p/pyrit/
http://code.google.com/p/skipfish/
http://code.google.com/p/wavsep/downloads/list
http://contest.korelogic.com/wordlists.html
http://cr.yp.to/2004-494.html
http://crackme.cenzic.com/Kelev/view/home.php
http://crypto.stanford.edu/cs142/
http://crypto.stanford.edu/cs155/
http://cseweb.ucsd.edu/classes/wi09/cse227/
http://ctf.hcesperer.org/
http://cve.mitre.org/
http://cvedetails.com/
http://demo.testfire.net/
http://dev.tangocms.org/issues/237
http://deviating.net/
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
http://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://entitycube.research.microsoft.com/
http://esploit.blogspot.com/
http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
http://exploit.co.il/
http://feoh.tistory.com/22
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://flack.hkpco.kr/
http://forum.intern0t.net/
http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
http://gnacktrack.co.uk/download.php
http://gse-compliance.blogspot.com/2008/07/netcat.html
http://gynvael.coldwind.pl/
http://h.ackack.net/cheat-sheets/netcat
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://ha.ckers.org/sqlinjection/
http://hackerfantastic.com/
http://hackme.ntobjectives.com/
http://hakin9.org/
http://hashcrack.blogspot.com/
http://heideri.ch/jso/#javascript
http://heorot.net/livecds/
http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
http://i8jesus.com/
http://ictf.cs.ucsb.edu/
http://infond.blogspot.com/2010/05/toturial-footprinting.html
http://informatica.uv.es/~carlos/docencia/netinvm/
http://intrepidusgroup.com/insight/mallory/
http://intruded.net/
http://isc.sans.edu/diary.html?storyid=1229
http://isc.sans.edu/diary.html?storyid=2376
http://isc.sans.edu/diary.html?storyid=9397
http://jeremiahgrossman.blogspot.com/
http://junker.org/~tkh16/ncat-for-netcat-users.php
http://lab.mediaservice.net/notes_more.php?id=MSSQL
http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
http://laramies.blogspot.com/
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
http://lcamtuf.coredump.cx/strikeout/
http://marc.info/?l=john-users&m=121444075820309&w=2
http://mariano-graziano.llab.it/docs/report.pdf
http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
http://memset.wordpress.com/
http://meterpreter.illegalguy.hostzi.com/
http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
http://milo2012.wordpress.com/2009/09/27/xlsinjector/
http://msdn.microsoft.com/en-us/library/aa478971.aspx
http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
http://myne-us.blogspot.com/
http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
http://mywiki.wooledge.org/BashPitfalls
http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
http://nmap.org/
http://nmap.org/ncrack/
http://nmap.org/nsedoc/
http://nvd.nist.gov/
http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
http://ophcrack.sourceforge.net/
http://osvdb.org/
http://packetstormsecurity.org/Crackers/wordlists/
http://packetstormsecurity.org/UNIX/scanners/lfi-rfi2.txt
http://packetstormsecurity.org/UNIX/scanners/rfiscan2.py.txt
http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
http://packetstormsecurity.org/files/view/95399/dotdotpwn-v2.1.tar.gz
http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
http://pastie.org/840199
http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
http://pentest.cryptocity.net/
http://pentestmonkey.net/blog/
http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
http://picfog.com/
http://pipl.com/
http://preachsecurity.blogspot.com/
http://punter-infosec.com/
http://pynstrom.net/holynix.php
http://r00tsec.blogspot.com/2011/03/pr10-08-various-xss-and-information.html
http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
http://ref.x86asm.net/index.html
http://resources.infosecinstitute.com/
http://reusablesec.blogspot.com/
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
http://rubular.com/
http://samsclass.info/124/124_Sum09.shtml
http://samurai.inguardians.com/
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
http://secdocs.lonerunners.net/
http://seclists.org/fulldisclosure/2006/Jun/508
http://seclists.org/metasploit/
http://seclists.org/nmap-dev/2009/q1/581
http://seclists.org/pen-test/2002/Nov/43
http://secunia.com/
http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
http://security.ucla.edu/pages/Security_Talks
http://securityandrisk.blogspot.com/
http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
http://securityoverride.com/forum/index.php
http://securityreliks.wordpress.com/
http://securitytube.net/Deploying-Metasploit-as-a-Payload-on-a-Rooted-Box-video.aspx
http://securitytube.net/Nmap-Scripting-Engine-Primer-video.aspx
http://shelldorado.com/shelltips/beginner.html
http://showmedo.com/videotutorials/python
http://shsc.info/FileUploadSecurity
http://sickness.tor.hu/
http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
http://sirdarckcat.blogspot.com/
http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
http://skipease.com/
http://sla.ckers.org/forum/index.php
http://sla.ckers.org/forum/list.php?2
http://sla.ckers.org/forum/read.php?24,33903
http://smashthestack.org/
http://socialmention.com/
http://sourceforge.net/projects/ajaxshell/
http://sourceforge.net/projects/belch/files/
http://sourceforge.net/projects/hashkill/
http://sourceforge.net/projects/lampsecurity/files/
http://sourceforge.net/projects/rips-scanner/
http://sourceforge.net/projects/thebutterflytmp/
http://sourceforge.net/projects/virtualhacking/files/
http://sourceforge.net/projects/websecuritydojo/
http://sourceforge.net/projects/ws-attacker/files/
http://sourceforge.net/projects/yokoso/
http://sqid.rubyforge.org/#next
http://sqlmap.sourceforge.net/
http://sqlzoo.net/hack/
http://ss64.com/nt/
http://stuff.mit.edu/iap/2009/#websecurity
http://sumolinux.suntzudata.com/
http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
http://taosecurity.blogspot.com/
http://technotales.wordpress.com/2009/06/14/netcat-tricks/
http://tenable.com/products/nessus
http://testasp.vulnweb.com/
http://testaspnet.vulnweb.com/
http://testphp.vulnweb.com/
http://theultimates.com/
http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
http://tools.securitytube.net/index.php?title=Main_Page
http://toorcon.org/pres12/3.pdf
http://trac.happypacket.net/
http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
http://twapperkeeper.com/index.php
http://tweepsearch.com/
http://tweepz.com/
http://uptime.netcraft.com/
http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
http://vimeo.com/16852783
http://vimeo.com/16925188
http://vimeo.com/3418947
http://vimeo.com/user2720399
http://visi.kenshoto.com/
http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
http://w3af.sourceforge.net/
http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
http://websec.files.wordpress.com/2010/11/sqli2.pdf
http://websec.wordpress.com/
http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
http://websecuritytool.codeplex.com/documentation?referringTitle=Home
http://wepma.blogspot.com/
http://whatthefuckismyinformationsecuritystrategy.com/
http://whois.webhosting.info/
http://wirewatcher.wordpress.com/
http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://www.123people.com/
http://www.12robots.com/index.cfm/2010/9/14/Whats-Possible-with-XSS--Security-Series-81
http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
http://www.acunetix.com/cross-site-scripting/scanner.htm
http://www.alphaonelabs.com/
http://www.antionline.com/archive/index.php/t-230603.html
http://www.attackvector.org/
http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
http://www.backbox.org/
http://www.backtrack-linux.org/
http://www.backtrack-linux.org/forums/
http://www.badstore.net/
http://www.binary-auditing.com/
http://www.bindshell.net/tools/beef
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
http://www.bonsai-sec.com/en/research/moth.php
http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
http://www.cheat-sheets.org/
http://www.commonexploits.com/
http://www.contextis.co.uk/resources/tools/clickjacking-tool/
http://www.corelan.be/
http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
http://www.cs.sjtu.edu.cn/~kzhu/cs490/
http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
http://www.cs.ucsb.edu/~vigna/courses/cs279/
http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
http://www.darknet.org.uk/
http://www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/
http://www.darkoperator.com/
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://www.dest-unreach.org/socat/
http://www.digininja.org/
http://www.digininja.org/blog/when_all_you_can_do_is_read.php
http://www.divineinvasion.net/authforce/
http://www.domaintools.com/
http://www.dvwa.co.uk/
http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
http://www.edge-security.com/metagoofil.php
http://www.edge-security.com/theHarvester.php
http://www.eeye.com/products/retina/community
http://www.elitehackers.info/forums/
http://www.ericheitzman.com/passwd/passwords/
http://www.ethicalhacker.net/
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
http://www.ethicalhacker.net/content/view/122/2/
http://www.evilsql.com/main/index.php
http://www.exploit-db.com/
http://www.exploit-db.com/google-dorks/
http://www.exploit-db.com/webapps/
http://www.fastandeasyhacking.com/
http://www.fiddler2.com/fiddler2/
http://www.foofus.net/?page_id=63
http://www.foofus.net/jmk/medusa/medusa.html
http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
http://www.gdssecurity.com/l/b/
http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
http://www.giac.org/certified_professionals/practicals/gsec/0810.php
http://www.glassdoor.com/index.htm
http://www.gnucitizen.org/blog/
http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+gnucitizen+%28GNUCITIZEN%29&utm_content=Twitter
http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
http://www.governmentsecurity.org/forum/
http://www.grmn00bs.com/
http://www.hackernews.com/
http://www.hackersforcharity.org/ghdb/
http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
http://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
http://www.hackthissite.org/forums/index.php
http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
http://www.iana.org/assignments/port-numbers
http://www.iexploit.org/
http://www.ikkisoft.com/stuff/SMH_XSS.txt
http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://www.irongeek.com/i.php?page=videos/aide-winter-2011
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://www.irongeek.com/i.php?page=videos/password-exploitation-class
http://www.jigsaw.com/
http://www.justanotherhacker.com/projects/graudit.html
http://www.kioptrix.com/blog/
http://www.krazl.com/blog/?p=3
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://www.linuxfromscratch.org/
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://www.linuxsurvival.com/
http://www.madirish.net/?article=470
http://www.madirish.net/index.html
http://www.matriux.com/
http://www.mavetju.org/unix/dnstracer-man.php
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
http://www.mcgrewsecurity.com/
http://www.md5this.com/list.php?
http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav
http://www.mindcenter.net/uploads/ECCE101.pdf
http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
http://www.mozilla.com/en-US/about/
http://www.mozilla.com/en-US/firefox/central/
http://www.mozilla.com/en-US/firefox/community/
http://www.mozilla.com/en-US/firefox/customize/
http://www.mozilla.com/en-US/firefox/help/
http://www.my-ip-neighbors.com/
http://www.nessus.org/plugins/index.php?view=single&id=10404
http://www.nessus.org/plugins/index.php?view=single&id=10673
http://www.nessus.org/plugins/index.php?view=single&id=10862
http://www.nessus.org/plugins/index.php?view=single&id=11413
http://www.nessus.org/plugins/index.php?view=single&id=11790
http://www.nessus.org/plugins/index.php?view=single&id=12052
http://www.nessus.org/plugins/index.php?view=single&id=12204
http://www.nessus.org/plugins/index.php?view=single&id=12205
http://www.nessus.org/plugins/index.php?view=single&id=12209
http://www.nessus.org/plugins/index.php?view=single&id=15456
http://www.nessus.org/plugins/index.php?view=single&id=15962
http://www.nessus.org/plugins/index.php?view=single&id=18021
http://www.nessus.org/plugins/index.php?view=single&id=18027
http://www.nessus.org/plugins/index.php?view=single&id=19402
http://www.nessus.org/plugins/index.php?view=single&id=19408
http://www.nessus.org/plugins/index.php?view=single&id=21564
http://www.nessus.org/plugins/index.php?view=single&id=21689
http://www.nessus.org/plugins/index.php?view=single&id=21696
http://www.nessus.org/plugins/index.php?view=single&id=22182
http://www.nessus.org/plugins/index.php?view=single&id=22194
http://www.nessus.org/plugins/index.php?view=single&id=23643
http://www.nessus.org/plugins/index.php?view=single&id=25168
http://www.nessus.org/plugins/index.php?view=single&id=26918
http://www.nessus.org/plugins/index.php?view=single&id=26919
http://www.nessus.org/plugins/index.php?view=single&id=26921
http://www.nessus.org/plugins/index.php?view=single&id=26925
http://www.nessus.org/plugins/index.php?view=single&id=29314
http://www.nessus.org/plugins/index.php?view=single&id=34476
http://www.nessus.org/plugins/index.php?view=single&id=34477
http://www.nessus.org/plugins/index.php?view=single&id=34821
http://www.nessus.org/plugins/index.php?view=single&id=40887
http://www.nessus.org/plugins/index.php?view=single&id=42106
http://www.net-security.org/insecuremag.php
http://www.ngssoftware.com/papers/hpoas.pdf
http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
http://www.nirsoft.net/articles/saved_password_location.html
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://www.nosec.org/2010/0809/629.html
http://www.notsosecure.com/folder2/
http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
http://www.nubuntu.org/
http://www.nullbyte.org.il/Index.html
http://www.nullthreat.net/
http://www.oact.inaf.it/ws-ssri/Costa.pdf
http://www.offensive-security.com/metasploit-unleashed/
http://www.offensivecomputing.net/
http://www.oldapps.com/
http://www.oldversion.com/
http://www.onapsis.com/research.html#bizploit
http://www.onlinehashcrack.com/
http://www.openvas.org/
http://www.openwall.com/john/
http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
http://www.owasp.org/index.php/Owasp_SiteGenerator
http://www.owasp.org/index.php/Testing_for_MS_Access
http://www.owasp.org/index.php/Testing_for_Oracle
http://www.packetstormsecurity.org/
http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
http://www.packetstormsecurity.org/tools100.html
http://www.paterva.com/web5/
http://www.pauldotcom.com/
http://www.peekyou.com/
http://www.pentest-standard.org/index.php/Main_Page
http://www.pentesterscripting.com/
http://www.pentestit.com/
http://www.phenoelit-us.org/dpl/dpl.html
http://www.phenoelit-us.org/whatSAP/index.html
http://www.phx2600.org/archive/2008/08/29/metacab/
http://www.piotrbania.com/all/kon-boot/
http://www.radare.org/y/
http://www.radarhack.com/tutorial/ads.pdf
http://www.rapid7.com/vulnerability-scanner.jsp
http://www.ravenphpscripts.com/article2974.html
http://www.reddit.com/r/xss/
http://www.robvanderwoude.com/ntadmincommands.php
http://www.room362.com/
http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
http://www.searchbug.com/default.aspx
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
http://www.secmaniac.com/
http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+Sectechno+%28SecTechno%29&utm_content=Twitter
http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
http://www.securityexperiment.com/se/documents/Overlooked%20SQL%20Injection%2020071021.pdf
http://www.securityexperiment.com/se/documents/SQLInjectionCommentary20071021.pdf
http://www.securityfocus.com/bid
http://www.securityforest.com/wiki/index.php/Main_Page
http://www.securityninja.co.uk/
http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools
http://www.securitytube.net/
http://www.sensepost.com/blog/
http://www.sensepost.com/blog/4552.html
http://www.sensepost.com/labs/tools/pentest/reduh
http://www.serversniff.net/index.php
http://www.shodanhq.com/
http://www.skullsecurity.org/blog/
http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.slideshare.net/Laramies/tactical-information-gathering
http://www.smashingpasswords.com/
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://www.social-engineer.org/
http://www.softperfect.com/products/networkscanner/
http://www.spoke.com/
http://www.spokeo.com/
http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
http://www.spylogic.net/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%e2%80%93-part-2-blogs-message-boards-and-metadata/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.sqlteam.com/article/sql-server-versions
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
http://www.swaroopch.com/notes/Python_en:Table_of_Contents
http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
http://www.technicalinfo.net/papers/CSS.html
http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
http://www.tekniqal.com/
http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.thenewboston.com/?cat=40&pOpen=tutorial
http://www.tineye.com/
http://www.tssci-security.com/
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
http://www.ustream.tv/recorded/12777183
http://www.ustream.tv/recorded/13396511
http://www.ustream.tv/recorded/13397426
http://www.ustream.tv/recorded/13398740
http://www.virus.org/default-password
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.vupen.com/english/advisories/2009/3634
http://www.webappsec.org/projects/articles/071105.shtml
http://www.webappsec.org/projects/threat/
http://www.webscantest.com/
http://www.websecurify.com/
http://www.woodmann.com/TiGa/idaseries.html
http://www.workrobot.com/sansfire2009/561.html
http://www.xing.com/
http://www.yasni.com/
http://www.youtube.com/user/ChRiStIaAn008
http://www.youtube.com/user/HackingCons
http://www.youtube.com/watch?v=WkHkryIoLD0
http://www.zabasearch.com/
http://www.zonbi.org/?p=253
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
http://xs-sniper.com/blog/
http://xsser.sourceforge.net/
http://xsser.sourceforge.net/#intro
http://zastita.com/02114/Attacking_ColdFusion..html
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
http://zoominfo.com/
https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
https://addons.mozilla.org/en-US/firefox/addon/osvdb/
https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
https://github.com/koto/squid-imposter
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
https://pentoo.ch/
https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
https://www.ssllabs.com/ssldb/analyze.html
I needed to parse them for a project, so i modified it to be a one-line-per-link format. I figured someone else might be able to use it for something so I'm posting it here.
EDIT: here is the line i used:
grep -E -o '<A HREF=\"http.*?\"' <(curl http://pentest-bookmarks.googlecode.com/files/bookmarksv1.5.html) | sort -u | cut -d \" -f 2
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
http://addictomatic.com/
http://andlabs.org/tools.html#dser
http://andlabs.org/tools.html#sotf
http://arachni.segfault.gr/news
http://archangelamael.blogspot.com/
http://articles.manugarg.com/arp_spoofing.pdf
http://asturio.gmxhome.de/software/sambascan2/i.html
http://avondale.good.net/dl/bd/
http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
http://bernardodamele.blogspot.com/
http://blindelephant.sourceforge.net/
http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
http://blog.0x3f.net/tool/keimpx-in-action/
http://blog.andlabs.org/
http://blog.c22.cc/
http://blog.commandlinekungfu.com/
http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
http://blog.metasploit.com/
http://blog.metasploit.com/2010/03/automating-metasploit-console.html
http://blog.metasploit.com/2010/05/introducing-metasploitable.html
http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
http://blog.ombrepixel.com/
http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
http://blog.portswigger.net/
http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
http://blog.sipvicious.org/
http://blog.skeptikal.org/
http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
http://blog.spiderlabs.com/
http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
http://bright-shadows.net/
http://capture.thefl.ag/calendar/
http://carnal0wnage.attackresearch.com/node/410
http://carnal0wnage.attackresearch.com/node/436?utm_source=twitterfeed&utm_medium=twitter
http://carnal0wnage.blogspot.com/
http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
http://centralops.net/co/
http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
http://cirt.net/passwords
http://cirt.net/ports_dl.php?export=services
http://clez.net/
http://code.google.com/edu/languages/google-python-class/index.html
http://code.google.com/p/fimap/wiki/WindowsAttack
http://code.google.com/p/fm-fsf/
http://code.google.com/p/fuzzdb/
http://code.google.com/p/it-sec-catalog/wiki/Exploitation
http://code.google.com/p/javasnoop/
http://code.google.com/p/keimpx/
http://code.google.com/p/msf-hack/wiki/WmapNikto
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
http://code.google.com/p/pinata-csrf-tool/
http://code.google.com/p/pyrit/
http://code.google.com/p/skipfish/
http://code.google.com/p/wavsep/downloads/list
http://contest.korelogic.com/wordlists.html
http://cr.yp.to/2004-494.html
http://crackme.cenzic.com/Kelev/view/home.php
http://crypto.stanford.edu/cs142/
http://crypto.stanford.edu/cs155/
http://cseweb.ucsd.edu/classes/wi09/cse227/
http://ctf.hcesperer.org/
http://cve.mitre.org/
http://cvedetails.com/
http://demo.testfire.net/
http://dev.tangocms.org/issues/237
http://deviating.net/
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
http://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://entitycube.research.microsoft.com/
http://esploit.blogspot.com/
http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
http://exploit.co.il/
http://feoh.tistory.com/22
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://flack.hkpco.kr/
http://forum.intern0t.net/
http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
http://gnacktrack.co.uk/download.php
http://gse-compliance.blogspot.com/2008/07/netcat.html
http://gynvael.coldwind.pl/
http://h.ackack.net/cheat-sheets/netcat
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://ha.ckers.org/sqlinjection/
http://hackerfantastic.com/
http://hackme.ntobjectives.com/
http://hakin9.org/
http://hashcrack.blogspot.com/
http://heideri.ch/jso/#javascript
http://heorot.net/livecds/
http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
http://i8jesus.com/
http://ictf.cs.ucsb.edu/
http://infond.blogspot.com/2010/05/toturial-footprinting.html
http://informatica.uv.es/~carlos/docencia/netinvm/
http://intrepidusgroup.com/insight/mallory/
http://intruded.net/
http://isc.sans.edu/diary.html?storyid=1229
http://isc.sans.edu/diary.html?storyid=2376
http://isc.sans.edu/diary.html?storyid=9397
http://jeremiahgrossman.blogspot.com/
http://junker.org/~tkh16/ncat-for-netcat-users.php
http://lab.mediaservice.net/notes_more.php?id=MSSQL
http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
http://laramies.blogspot.com/
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
http://lcamtuf.coredump.cx/strikeout/
http://marc.info/?l=john-users&m=121444075820309&w=2
http://mariano-graziano.llab.it/docs/report.pdf
http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
http://memset.wordpress.com/
http://meterpreter.illegalguy.hostzi.com/
http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
http://milo2012.wordpress.com/2009/09/27/xlsinjector/
http://msdn.microsoft.com/en-us/library/aa478971.aspx
http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
http://myne-us.blogspot.com/
http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
http://mywiki.wooledge.org/BashPitfalls
http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
http://nmap.org/
http://nmap.org/ncrack/
http://nmap.org/nsedoc/
http://nvd.nist.gov/
http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
http://ophcrack.sourceforge.net/
http://osvdb.org/
http://packetstormsecurity.org/Crackers/wordlists/
http://packetstormsecurity.org/UNIX/scanners/lfi-rfi2.txt
http://packetstormsecurity.org/UNIX/scanners/rfiscan2.py.txt
http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
http://packetstormsecurity.org/files/view/95399/dotdotpwn-v2.1.tar.gz
http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
http://pastie.org/840199
http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
http://pentest.cryptocity.net/
http://pentestmonkey.net/blog/
http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
http://picfog.com/
http://pipl.com/
http://preachsecurity.blogspot.com/
http://punter-infosec.com/
http://pynstrom.net/holynix.php
http://r00tsec.blogspot.com/2011/03/pr10-08-various-xss-and-information.html
http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
http://ref.x86asm.net/index.html
http://resources.infosecinstitute.com/
http://reusablesec.blogspot.com/
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
http://rubular.com/
http://samsclass.info/124/124_Sum09.shtml
http://samurai.inguardians.com/
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
http://secdocs.lonerunners.net/
http://seclists.org/fulldisclosure/2006/Jun/508
http://seclists.org/metasploit/
http://seclists.org/nmap-dev/2009/q1/581
http://seclists.org/pen-test/2002/Nov/43
http://secunia.com/
http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
http://security.ucla.edu/pages/Security_Talks
http://securityandrisk.blogspot.com/
http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
http://securityoverride.com/forum/index.php
http://securityreliks.wordpress.com/
http://securitytube.net/Deploying-Metasploit-as-a-Payload-on-a-Rooted-Box-video.aspx
http://securitytube.net/Nmap-Scripting-Engine-Primer-video.aspx
http://shelldorado.com/shelltips/beginner.html
http://showmedo.com/videotutorials/python
http://shsc.info/FileUploadSecurity
http://sickness.tor.hu/
http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
http://sirdarckcat.blogspot.com/
http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
http://skipease.com/
http://sla.ckers.org/forum/index.php
http://sla.ckers.org/forum/list.php?2
http://sla.ckers.org/forum/read.php?24,33903
http://smashthestack.org/
http://socialmention.com/
http://sourceforge.net/projects/ajaxshell/
http://sourceforge.net/projects/belch/files/
http://sourceforge.net/projects/hashkill/
http://sourceforge.net/projects/lampsecurity/files/
http://sourceforge.net/projects/rips-scanner/
http://sourceforge.net/projects/thebutterflytmp/
http://sourceforge.net/projects/virtualhacking/files/
http://sourceforge.net/projects/websecuritydojo/
http://sourceforge.net/projects/ws-attacker/files/
http://sourceforge.net/projects/yokoso/
http://sqid.rubyforge.org/#next
http://sqlmap.sourceforge.net/
http://sqlzoo.net/hack/
http://ss64.com/nt/
http://stuff.mit.edu/iap/2009/#websecurity
http://sumolinux.suntzudata.com/
http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
http://taosecurity.blogspot.com/
http://technotales.wordpress.com/2009/06/14/netcat-tricks/
http://tenable.com/products/nessus
http://testasp.vulnweb.com/
http://testaspnet.vulnweb.com/
http://testphp.vulnweb.com/
http://theultimates.com/
http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
http://tools.securitytube.net/index.php?title=Main_Page
http://toorcon.org/pres12/3.pdf
http://trac.happypacket.net/
http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
http://twapperkeeper.com/index.php
http://tweepsearch.com/
http://tweepz.com/
http://uptime.netcraft.com/
http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
http://vimeo.com/16852783
http://vimeo.com/16925188
http://vimeo.com/3418947
http://vimeo.com/user2720399
http://visi.kenshoto.com/
http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
http://w3af.sourceforge.net/
http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
http://websec.files.wordpress.com/2010/11/sqli2.pdf
http://websec.wordpress.com/
http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
http://websecuritytool.codeplex.com/documentation?referringTitle=Home
http://wepma.blogspot.com/
http://whatthefuckismyinformationsecuritystrategy.com/
http://whois.webhosting.info/
http://wirewatcher.wordpress.com/
http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://www.123people.com/
http://www.12robots.com/index.cfm/2010/9/14/Whats-Possible-with-XSS--Security-Series-81
http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
http://www.acunetix.com/cross-site-scripting/scanner.htm
http://www.alphaonelabs.com/
http://www.antionline.com/archive/index.php/t-230603.html
http://www.attackvector.org/
http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
http://www.backbox.org/
http://www.backtrack-linux.org/
http://www.backtrack-linux.org/forums/
http://www.badstore.net/
http://www.binary-auditing.com/
http://www.bindshell.net/tools/beef
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
http://www.bonsai-sec.com/en/research/moth.php
http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
http://www.cheat-sheets.org/
http://www.commonexploits.com/
http://www.contextis.co.uk/resources/tools/clickjacking-tool/
http://www.corelan.be/
http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
http://www.cs.sjtu.edu.cn/~kzhu/cs490/
http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
http://www.cs.ucsb.edu/~vigna/courses/cs279/
http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
http://www.darknet.org.uk/
http://www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/
http://www.darkoperator.com/
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://www.dest-unreach.org/socat/
http://www.digininja.org/
http://www.digininja.org/blog/when_all_you_can_do_is_read.php
http://www.divineinvasion.net/authforce/
http://www.domaintools.com/
http://www.dvwa.co.uk/
http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
http://www.edge-security.com/metagoofil.php
http://www.edge-security.com/theHarvester.php
http://www.eeye.com/products/retina/community
http://www.elitehackers.info/forums/
http://www.ericheitzman.com/passwd/passwords/
http://www.ethicalhacker.net/
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
http://www.ethicalhacker.net/content/view/122/2/
http://www.evilsql.com/main/index.php
http://www.exploit-db.com/
http://www.exploit-db.com/google-dorks/
http://www.exploit-db.com/webapps/
http://www.fastandeasyhacking.com/
http://www.fiddler2.com/fiddler2/
http://www.foofus.net/?page_id=63
http://www.foofus.net/jmk/medusa/medusa.html
http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
http://www.gdssecurity.com/l/b/
http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
http://www.giac.org/certified_professionals/practicals/gsec/0810.php
http://www.glassdoor.com/index.htm
http://www.gnucitizen.org/blog/
http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+gnucitizen+%28GNUCITIZEN%29&utm_content=Twitter
http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
http://www.governmentsecurity.org/forum/
http://www.grmn00bs.com/
http://www.hackernews.com/
http://www.hackersforcharity.org/ghdb/
http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
http://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
http://www.hackthissite.org/forums/index.php
http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
http://www.iana.org/assignments/port-numbers
http://www.iexploit.org/
http://www.ikkisoft.com/stuff/SMH_XSS.txt
http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://www.irongeek.com/i.php?page=videos/aide-winter-2011
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://www.irongeek.com/i.php?page=videos/password-exploitation-class
http://www.jigsaw.com/
http://www.justanotherhacker.com/projects/graudit.html
http://www.kioptrix.com/blog/
http://www.krazl.com/blog/?p=3
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://www.linuxfromscratch.org/
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://www.linuxsurvival.com/
http://www.madirish.net/?article=470
http://www.madirish.net/index.html
http://www.matriux.com/
http://www.mavetju.org/unix/dnstracer-man.php
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
http://www.mcgrewsecurity.com/
http://www.md5this.com/list.php?
http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav
http://www.mindcenter.net/uploads/ECCE101.pdf
http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
http://www.mozilla.com/en-US/about/
http://www.mozilla.com/en-US/firefox/central/
http://www.mozilla.com/en-US/firefox/community/
http://www.mozilla.com/en-US/firefox/customize/
http://www.mozilla.com/en-US/firefox/help/
http://www.my-ip-neighbors.com/
http://www.nessus.org/plugins/index.php?view=single&id=10404
http://www.nessus.org/plugins/index.php?view=single&id=10673
http://www.nessus.org/plugins/index.php?view=single&id=10862
http://www.nessus.org/plugins/index.php?view=single&id=11413
http://www.nessus.org/plugins/index.php?view=single&id=11790
http://www.nessus.org/plugins/index.php?view=single&id=12052
http://www.nessus.org/plugins/index.php?view=single&id=12204
http://www.nessus.org/plugins/index.php?view=single&id=12205
http://www.nessus.org/plugins/index.php?view=single&id=12209
http://www.nessus.org/plugins/index.php?view=single&id=15456
http://www.nessus.org/plugins/index.php?view=single&id=15962
http://www.nessus.org/plugins/index.php?view=single&id=18021
http://www.nessus.org/plugins/index.php?view=single&id=18027
http://www.nessus.org/plugins/index.php?view=single&id=19402
http://www.nessus.org/plugins/index.php?view=single&id=19408
http://www.nessus.org/plugins/index.php?view=single&id=21564
http://www.nessus.org/plugins/index.php?view=single&id=21689
http://www.nessus.org/plugins/index.php?view=single&id=21696
http://www.nessus.org/plugins/index.php?view=single&id=22182
http://www.nessus.org/plugins/index.php?view=single&id=22194
http://www.nessus.org/plugins/index.php?view=single&id=23643
http://www.nessus.org/plugins/index.php?view=single&id=25168
http://www.nessus.org/plugins/index.php?view=single&id=26918
http://www.nessus.org/plugins/index.php?view=single&id=26919
http://www.nessus.org/plugins/index.php?view=single&id=26921
http://www.nessus.org/plugins/index.php?view=single&id=26925
http://www.nessus.org/plugins/index.php?view=single&id=29314
http://www.nessus.org/plugins/index.php?view=single&id=34476
http://www.nessus.org/plugins/index.php?view=single&id=34477
http://www.nessus.org/plugins/index.php?view=single&id=34821
http://www.nessus.org/plugins/index.php?view=single&id=40887
http://www.nessus.org/plugins/index.php?view=single&id=42106
http://www.net-security.org/insecuremag.php
http://www.ngssoftware.com/papers/hpoas.pdf
http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
http://www.nirsoft.net/articles/saved_password_location.html
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://www.nosec.org/2010/0809/629.html
http://www.notsosecure.com/folder2/
http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
http://www.nubuntu.org/
http://www.nullbyte.org.il/Index.html
http://www.nullthreat.net/
http://www.oact.inaf.it/ws-ssri/Costa.pdf
http://www.offensive-security.com/metasploit-unleashed/
http://www.offensivecomputing.net/
http://www.oldapps.com/
http://www.oldversion.com/
http://www.onapsis.com/research.html#bizploit
http://www.onlinehashcrack.com/
http://www.openvas.org/
http://www.openwall.com/john/
http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
http://www.owasp.org/index.php/Owasp_SiteGenerator
http://www.owasp.org/index.php/Testing_for_MS_Access
http://www.owasp.org/index.php/Testing_for_Oracle
http://www.packetstormsecurity.org/
http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
http://www.packetstormsecurity.org/tools100.html
http://www.paterva.com/web5/
http://www.pauldotcom.com/
http://www.peekyou.com/
http://www.pentest-standard.org/index.php/Main_Page
http://www.pentesterscripting.com/
http://www.pentestit.com/
http://www.phenoelit-us.org/dpl/dpl.html
http://www.phenoelit-us.org/whatSAP/index.html
http://www.phx2600.org/archive/2008/08/29/metacab/
http://www.piotrbania.com/all/kon-boot/
http://www.radare.org/y/
http://www.radarhack.com/tutorial/ads.pdf
http://www.rapid7.com/vulnerability-scanner.jsp
http://www.ravenphpscripts.com/article2974.html
http://www.reddit.com/r/xss/
http://www.robvanderwoude.com/ntadmincommands.php
http://www.room362.com/
http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
http://www.searchbug.com/default.aspx
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
http://www.secmaniac.com/
http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+Sectechno+%28SecTechno%29&utm_content=Twitter
http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
http://www.securityexperiment.com/se/documents/Overlooked%20SQL%20Injection%2020071021.pdf
http://www.securityexperiment.com/se/documents/SQLInjectionCommentary20071021.pdf
http://www.securityfocus.com/bid
http://www.securityforest.com/wiki/index.php/Main_Page
http://www.securityninja.co.uk/
http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools
http://www.securitytube.net/
http://www.sensepost.com/blog/
http://www.sensepost.com/blog/4552.html
http://www.sensepost.com/labs/tools/pentest/reduh
http://www.serversniff.net/index.php
http://www.shodanhq.com/
http://www.skullsecurity.org/blog/
http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.slideshare.net/Laramies/tactical-information-gathering
http://www.smashingpasswords.com/
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://www.social-engineer.org/
http://www.softperfect.com/products/networkscanner/
http://www.spoke.com/
http://www.spokeo.com/
http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
http://www.spylogic.net/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%e2%80%93-part-2-blogs-message-boards-and-metadata/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.sqlteam.com/article/sql-server-versions
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
http://www.swaroopch.com/notes/Python_en:Table_of_Contents
http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
http://www.technicalinfo.net/papers/CSS.html
http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
http://www.tekniqal.com/
http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.thenewboston.com/?cat=40&pOpen=tutorial
http://www.tineye.com/
http://www.tssci-security.com/
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
http://www.ustream.tv/recorded/12777183
http://www.ustream.tv/recorded/13396511
http://www.ustream.tv/recorded/13397426
http://www.ustream.tv/recorded/13398740
http://www.virus.org/default-password
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.vupen.com/english/advisories/2009/3634
http://www.webappsec.org/projects/articles/071105.shtml
http://www.webappsec.org/projects/threat/
http://www.webscantest.com/
http://www.websecurify.com/
http://www.woodmann.com/TiGa/idaseries.html
http://www.workrobot.com/sansfire2009/561.html
http://www.xing.com/
http://www.yasni.com/
http://www.youtube.com/user/ChRiStIaAn008
http://www.youtube.com/user/HackingCons
http://www.youtube.com/watch?v=WkHkryIoLD0
http://www.zabasearch.com/
http://www.zonbi.org/?p=253
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
http://xs-sniper.com/blog/
http://xsser.sourceforge.net/
http://xsser.sourceforge.net/#intro
http://zastita.com/02114/Attacking_ColdFusion..html
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
http://zoominfo.com/
https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
https://addons.mozilla.org/en-US/firefox/addon/osvdb/
https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
https://github.com/koto/squid-imposter
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
https://pentoo.ch/
https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
https://www.ssllabs.com/ssldb/analyze.html
Friday, January 4, 2013
John The Ripper Sample Password Hashes
http://openwall.info/wiki/john/sample-hashes
A better list of example hashes are here:
http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
A better list of example hashes are here:
http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
Thursday, January 3, 2013
Credit Card Test Numbers
Here is a list of credit card test numbers copied from http://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm
| Credit Card Type | Credit Card Number |
| American Express | 378282246310005 |
| American Express | 371449635398431 |
| American Express Corporate | 378734493671000 |
| Australian BankCard | 5610591081018250 |
| Diners Club | 30569309025904 |
| Diners Club | 38520000023237 |
| Discover | 6011111111111117 |
| Discover | 6011000990139424 |
| JCB | 3530111333300000 |
| JCB | 3566002020360505 |
| MasterCard | 5555555555554444 |
| MasterCard | 5105105105105100 |
| Visa | 4111111111111111 |
| Visa | 4012888888881881 |
| Visa | 4222222222222 Note : Even though this number has a different character count than the other test numbers, it is the correct and functional number. |
| Processor-specific Cards | |
| Dankort (PBS) | 76009244561 |
| Dankort (PBS) | 5019717010103742 |
| Switch/Solo (Paymentech) | 6331101999990016 |
Tuesday, January 1, 2013
Display Unicode in Bash
Sometimes you want to use certain characters that only exist in unicode, unfortunately bash doesnt make it super easy to actually output it.
Here are the steps to manually include unicode in ascii bash scripts.
Here are the steps to manually include unicode in ascii bash scripts.
- Go find the actual unicode character online that you want to use.
- run this: echo -ne 'paste_unicode_here' | hexdump
- The result is the hex output of the unicode
- Take the output, place \x before the bytes and use it in your script.
So, for example, if i wanted to use the "┡" character in something, this is what i'd run:
$echo -ne '┡' | hexdump 0000000 e2 94 a1 0000003 $echo -ne '\xe2\x94\xa1' ┡
Subscribe to:
Posts (Atom)