Awesome work Jeremy and Adrian. This will help a lot. On Thu, Mar 15, 2012 at 1:05 AM, Adrian Crenshaw <[email protected]>wrote:
> I knew when my homie Jeremy Druin's took over > Mutillidae<http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10>that > he was doing more work on it than I ever did, but I did not realize > the number of videos and subjects he has covered with it! I hope the list > below comes out ok in your email viewer. If not, here is the index: > > http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae > > > > > 1. > > Determine Http Methods Using > Netcat<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-http-methods-using-netcat> > 2. > > Determine Server Banners Using Netcat Nikto And > W3af<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-server-banners-using-netcat-nikto-and-w3af> > 3. > > Bypass Authentication Using SQL > Injection<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#bypass-authentication-using-sql-injection> > 4. > > Using > Menus<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-menus> > 5. > > Bypass Authentication Via Authentication Token > Manipulation<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#bypass-authentication-via-authentication-token-manipulation> > 6. > > Explanation Of HTTPonly Cookies In Presense Of Cross Site Scripting > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#explanation-of-httponly-cookies-in-presense-of-cross-site-scripting> > 7. > > Closer Look At Cache Control And Pragma No Cache > Headers<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#closer-look-at-cache-control-and-pragma-no-cache-headers> > 8. > > Demonstration Of Frame Busting Javascript And X-Frame Options > Header<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#demonstration-of-frame-busting-javascript-and-x-frame-options-header> > 9. > > How To Install And Configure Burp Suite With > Firefox<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-install-and-configure-burp-suite-with-firefox> > 10. > > Basics Of Web Request And Response Interception Using Burp > Suite<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-web-request-and-response-interception-using-burp-suite> > 11. > > Brute Force Authentication Using Burp > Intruder<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#brute-force-authentication-using-burp-intruder> > 12. > > Automate SQL Injection Using SQLMap To Dump Credit Cards > Table<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#automate-sql-injection-using-sqlmap-to-dump-credit-cards-table> > 13. > > Command Injection To Dump Files Start Services Disable > Firewall<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#command-injection-to-dump-files-start-services-disable-firewall> > 14. > > How To Exploit Local File Inclusion Vulnerability Using Burp > Suite<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-exploit-local-file-inclusion-vulnerability-using-burp-suite> > 15. > > HTML Injection To Popup Fake Login Form And Capture > Credentials<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#html-injection-to-popup-fake-login-form-and-capture-credentials> > 16. > > Two Methods To Steal Session Tokens Using Cross Site > Scripting<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#two-methods-to-steal-session-tokens-using-cross-site-scripting> > 17. > > How To Bypass Maxlength Restrictions On HTML Input > Fields<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-bypass-maxlength-restrictions-on-html-input-fields> > 18. > > Two Methods To Bypass Javascript > Validation<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#two-methods-to-bypass-javascript-validation> > 19. > > Three Methods For Viewing Http Request And Response > Headers<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#three-methods-for-viewing-http-request-and-response-headers> > 20. > > Basics Of SQL Injection Timing Attacks > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-sql-injection-timing-attacks> > 21. > > Basics Of SQL Injection Using > Union<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-sql-injection-using-union> > 22. > > Basics Of Inserting Data With SQL > Injection<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-inserting-data-with-sql-injection> > 23. > > Inject Root Web Shell Backdoor Via SQL Injection > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#inject-root-web-shell-backdoor-via-sql-injection> > 24. > > Basics Of Using SQL Injection To Read Files From Operating > System<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-using-sql-injection-to-read-files-from-operating-system> > 25. > > How To Locate The Easter Egg File Using Command Injection > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-locate-the-easter-egg-file-using-command-injection> > 26. > > Injecting Cross Site Script Into Stylesheet Context > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#injecting-cross-site-script-into-stylesheet-context> > 27. > > Introduction To Http Parameter Pollution > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#introduction-to-http-parameter-pollution> > 28. > > Basics Of Injecting Cross Site Script Into HTML Onclick Event > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-injecting-cross-site-script-into-HTML-onclick-event> > 29. > > Basics Of Finding Reflected Cross Site Scripting > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-finding-reflected-cross-site-scripting> > 30. > > Analyze Session Token Randomness Using Burp Suite Sequencer > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#analyze-session-token-randomness-using-burp-suite-sequencer> > 31. > > Using Nmap To Fingerprint Http Servers And Web Applications > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-nmap-to-fingerprint-http-servers-and-web-applications> > 32. > > Spidering Web Applications With Burp Suite > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#spidering-web-applications-with-burp-suite> > 33. > > Basics Of Burp Suite Targets Tab And Scope Settings > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-burp-suite-targets-tab-and-scope-settings> > 34. > > Brute Force Page Names Using Burp Intruder Sniper > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#brute-force-page-names-using-burp-intruder-sniper> > 35. > > Using Burp Intruder Sniper To Fuzz > Parameters<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-burp-intruder-sniper-to-fuzz-parameters> > 36. > > Comparing Burp Intruder Modes Sniper Battering RAM Pitchfork Cluster > Bomb > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#comparing-burp-intruder-modes-sniper-battering-ram-pitchfork-cluster-bomb> > 37. > > Demo Usage Of Burp Suite Comparer Tool > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#demo-usage-of-burp-suite-comparer-tool> > 38. > > Import Custom Nmap Scans Into Metasploit Community > Edition<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#import-custom-nmap-scans-into-metasploit-community-edition> > 39. > > Using Metasploit Community Edition To Locate Web Servers > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-metasploit-community-edition-to-locate-web-servers> > 40. > > XSS DNS Lookup Page Bypassing Javascript Validation > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#xss-dns-lookup-page-bypassing-javascript-validation> > 41. > > Use Burp Suite Sequencer To Compare Csrf Token > Strengths<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#use-burp-suite-sequencer-to-compare-csrf-token-strengths> > 42. > > How To Remove PHP Errors After Installing On Windows > Xampp<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-remove-php-errors-after-installing-on-windows-xampp> > 43. > > Quickstart Guide To Installing On Windows With > Xampp<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#quickstart-guide-to-installing-on-windows-with-xampp> > 44. > > Basics Of Running Nessus Scan On Backtrack 5 R1 > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-running-nessus-scan-on-backtrack-5-r1> > 45. > > How To Import Nessus Scans Into Metasploit Community Edition > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-import-nessus-scans-into-metasploit-community-edition> > 46. > > Basics Of Exploiting Vulnerabilities With Metasploit Community Edition > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-exploiting-vulnerabilities-with-metasploit-community-edition> > 47. > > Sending Persistent Cross Site Scripts Into Web Logs To Snag Web Admin > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#sending-persistent-cross-site-scripts-into-web-logs-to-snag-web-admin> > 48. > > Quick Start Overview Of Useful Pen-Testing Addons For > Firefox<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#quick-start-overview-of-useful-pen-testing-addons-for-firefox> > 49. > > Three Methods For Viewing Javascript Include Files > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#three-methods-for-viewing-javascript-include-files> > 50. > > Reading Hidden Values From HTML5 Dom Storage > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#reading-hidden-values-from-html5-dom-storage> > 51. > > How To Execute Javascript On The Urlbar In Modern Browsers > > <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-execute-javascript-on-the-urlbar-in-modern-browsers> > 52. > > Adding Values To Dom Storage Using Cross Site > Scripting<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#adding-values-to-dom-storage-using-cross-site-scripting> > > > > -- > "The ability to quote is a serviceable substitute for wit." ~ W. Somerset > Maugham > "The ability to Google can be a serviceable substitute for technical > knowledge." ~ Adrian D. Crenshaw > > > > > -- > "The ability to quote is a serviceable substitute for wit." ~ W. Somerset > Maugham > "The ability to Google can be a serviceable substitute for technical > knowledge." ~ Adrian D. Crenshaw > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
