Wednesday, September 9, 2020

We are youtubers now

 We here at comics software and other stuff, have created a YouTube channel. We get the latest 30 highlights of fall guys from twitch. We then condense it down into daily, easy to watch clips for you.

please give us a like and a subscribe to Paperclip Bot

Sunday, July 10, 2016

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

They say the best defense is a good offense - and it's no different in the InfoSec world. Use these 15 sites to practice your hacking skills so you can be the best defender you can - whether you're a developer, security manager, auditor or pen-tester. Always remember: Practice makes perfect! What other sites have you used to practice on? Let us know below!

1

Bricks

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | Bricks
Our first OWASP project on the list (but certainly not the last!), Bricks is a deliberately vulnerable web app built on PHP and using a MySQL database, where each "brick" contains a security vulnerability to be mitigated. The project provides a platform for learning and teaching AppSec as well as a way to test web app scanners.
There are three types of 'bricks': login pages, file upload pages and content pages, each with different types of vulnerabilities, common for the area of the application.
Read more about OWASP Bricks on its project page, maintained by Abhi M Balakrishnan.

2

bWAPP

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | bWAPP
bWAPP, which stands for Buggy Web Application, is "a free and open source deliberately insecure web application" created by Malik Messelem, @MME_IT.
Vulnerabilities to keep an eye out for include over 100 common issues derived from the OWASP Top 10.
bWAPP is built in PHP and uses MySQL. Download the project here. For more advanced users, bWAPP also offers what Malik calls a bee-box, a custom Linux VM that comes pre-installed with bWAPP. .
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | Damn Vulnerable iOS App (DVIA)
Recently re-released as a free download by InfoSec Engineer @prateekg147, DVIA was built as an especially insecure mobile app for iOS 7 and above. For mobile app developers the platform is especially helpful, because while there are numerous sites to practice hacking web applications, mobile apps that can be legally hacked are much harder to come by!
Get going with DVIA by watching this YouTube video and reading the 'Getting Started' guide.
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | Damn Vulnerable Web Application (DVWA)
This web security platform was built with both more experienced security professionals as well as developers and students in mind. The site was created with the help of @ethicalhack3r, Ryan Dewhurst, whose also given the open source SCA tool DevBug to the community. Built in PHP/MySQL, vulnerabilities to look out for in DVWA include everything from SQL injection and cross-site scripting to captcha bypassing and malicious file execution.
Get started with DVWA here or through GitHub, and check out this YouTube video for help with installation.
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | ExploitMe Mobile Android Labs
Developers and security professionals building on the Android platform have the chance to act as attackers through the ExploitMe Mobile Android Labs. Focusing on 8 specific vulnerabilities commonly found in Android applications, the labs, developed by Security Compass help those interested in becoming more secure Android developers and defenders.
Lab lessons include:
  • Parameter manipulation of mobile traffic
  • Encryption of traffic
  • Password lock screens
  • File system access permissions
  • Insecure storage of files
  • Insecure logging
Get started with ExploitMe on the website or on Github.
BONUS: There are also ExploitMe Mobile iPhone Labs with fewer labs than their Android version.
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | Game of Hacks
Alright, this one isn't exactly a vulnerable web app - but it's another engaging way of learning to spot application security vulnerabilities, so we thought we'd throw it in. Call it shameless self-promotion, but we've received amazing feedback from security pros and developers alike, so we're happy to share it with you, too! The game is designed to test your AppSec skills and each question offers a chunk of code which may or may not have a security vulnerability - it's up to you to figure it out before the clock runs out. A leaderboard makes Game of Hacks just that much more enticing.
Follow Game of Hacks on Twitter for updates and play the game here.
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | Google Gruyere
This 'cheesy' vulnerable site is full of holes and aimed for those just starting to learn application security. The goal of the labs are threefold:
  • Learn how hackers find security vulnerabilities
  • Learn how hackers exploit web applications
  • Learn how to stop hackers from finding and exploiting vulnerabilities
"'Unfortunately,' Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution," the website states. "The goal of this code lab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general."
Written in Python, Gruyere offers opportunities for both black box and white box testing so "hackers" have the chance to play on both sides of the fence.
Get started here: http://google-gruyere.appspot.com/

8

iGoat

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | iGoat
iGoat is a mobile environment built especially for iOS developers and based off the OWASP WebGoat project, which we'll talk about later.
Developers work through lessons while learning with iGoat, laid out with a short introduction to each vulnerability, a chance to exploit it to verify the issue's presence, a short description of the remediations appropriate for the issue and the chance to fix the issue and "rebuild" the iGoat program.
The project's OWASP site, managed by Kenneth R Van Wyk, @krvw, can be found here.
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | InsecureWebApp
An OWASP project, InsecureWebApp is exactly as described and is perfect for teaching an improving secure coding and design skills. According to the project site, the aim of InsecureWebApp is threefold:
"1) Demonstrate how dangerous application vulnerabilities can be
2) Close the gap between the theory of web application security and the actual code that we design and build
3) Learn how these vulnerabilities can be fixed."
Built for those already familiar with basic application security theory, InsecureWebApp is great for security-minded developers and students and starters in security.
Read more about the project and find the download link here.
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | McAfee HacMe Sites
Foundstone, a practice within McAfee's Professional Services, launched a series of sites in 2006 aimed for pen testers and security professionals looking to increase their InfoSec chops. Each simulated app offers a "real-world" experience, built with "real-world" vulnerabilities. From mobile bank apps to apps designed to take reservations, these projects cover a wide array of security issues to help any security-minded professional stay ahead of the hackers.
The group of sites include:
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | Mutillidae
Yet another OWASP project on our list, Mutillidae is another deliberately vulnerable web application built for Linux and Windows. This project is actually a set of PHP scripts containing all the OWASP Top Ten vulnerabilities and more and is armed with hints to help users get started.
Get started with Mutillidae here, and be sure to check out the projects dedicated YouTube channel and Twitter account, run by Mutillidae's second-generation developer, Jeremy Druin.
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | Security Shepherd
Striving to "herd the lost sheep of the technological world back to the safe and sound ways of secure practices," Security Shepherd is geared towards anyone with an affinity towards making our software more secure.
Armed with lessons and challenges, users have the option to either learn more in depth about vulnerabilities or be tasked at finding them in a very vulnerable web app. Security Shepherd can also be used as the basis for a CTF game, which makes it great for having fun while learning about vital application security principles.
Read more about the project on OWASP or go straight to the download page at SourceForge.
The Butterfly Security Project was designed :to "give insight into common web application and PHP vulnerabilities and how they are created during the development process," says the team behind the project, Pentest Application Security Specialists.
What's unique about this project is that it offers both an insecure version of the app as well as a secure version, meant to mitigate the vulnerabilities found in the insecure version. This makes the Butterfly Project perfect for anyone looking to play the dual roles of defender/attacker.
Download the Butterfly Project for Linux here.

14

Vicnum

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | Vicnum
An OWASP project, Vicnum is a series of basic and obviously web apps based on games "commonly used to kill time." Because of their simple frameworks, the applications can be tailored for different needs, making Vicnum a great choice for security managers looking to help teach developers AppSec in a fun way.
The goal of Vicnum is "to strengthen the security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app, the site says. "And of course it's OK to have a little fun."
Check out the site, developed by Mordecai Kraushar here to find the games and available CTFs for download.

15

WebGoat

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills | WebGoat
One of the most popular OWASP projects is WebGoat. The insecure app offers a realistic teaching and learning environment with lessons designed to teach users about more and more complex application security issues. Aimed for developers looking to learn more about web app security, the name WebGoat is a scapegoat reference: "Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat!"
Installs are available for Windows, OSX Tiger and Linux and has seperate downloads for J2EE and .NET environments. There is an "easy-run" version as well as a "source distribution" version that allows users to modify the source code.
Check out the OWASP project page here or the GitHub page to get started with WebGoat.
For help with the lessons, take a look at this series of videos available for download



This artical was originally posted at https://www.checkmarx.com/2015/04/16/15-vulnerable-sites-to-legally-practice-your-hacking-skills/

SQL VULNERABLE WEBSITES List 2016


SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

##################################################################################
http://www.mygoodact.com/collectiondetailperson.php
http://www.medix.com.hr/aboutbook.php
http://vacationet.com/resort.php
http://www.orascomci.com/index.php
http://www.orascomci.com/index.php
http://www.bible-history.com/subcat.php
http://www.oiwsba.com/oiwsba/memberinfo.php
http://www.ci.bremerton.wa.us/display.php
http://www.pangeaday.org/filmDetail.php
http://www.vst4free.com/free_vst.php
http://www.cideko.com/pro_con.php

http://www.aradergalleries.com/catgallery.php
http://www.catholiccemeterieschicago.org/locations.php
http://www.orillia.com/index.php
http://www.medix.com.hr/aboutbook.php
http://hebron.com/english/gallery.php
http://www.carkitinc.com/carkit2.php
http://www.heavymetal.com/index.php
http://www.sherrihill.com/content.php
http://www.hebron.com/english/article.php
http://www.nickhawkexplicit.com/gallery.php
http://www.suagacollection.com/photo-gallery.php
http://www.daphne-emu.com/site3/faq_entry.php
http://overcomingapartheid.msu.edu/sidebar.php
http://www.myvegancookbook.com/recipes/recipe.php
http://orascomci.com/index.php

http://www.thekenkirchoffteam.com/local_detail.php
http://www.heavymetal.com/index.php
http://www.bia2.com/video/player.php
http://www.bia2.com/video/player.php
http://jokusoftware.cz/file.php
http://www.nichegardens.com/catalog/item.php
http://pokemon.supercheats.com/team.php
http://www.uselitewine.com/index.php
http://www.ellafitzgerald.com/viewheadline.php
http://www.bvfonts.com/fonts/details.php
http://mathman.dreamhosters.com/MathMan/Organization.php
http://www.vf-venieri.com/prodotto.php
http://www.teenmodeling.tv/join.php
http://www.magicwings.com/index.php
http://www.cochraneventilation.com/articledetails.php
http://remewing.118696.com/article.php
http://www.ladirectmodels.com/talent.php

http://www.sherylblais.com/index.php
http://www.southernpowerlifting.com/form.php
http://www.carkitinc.com/carkit2.php
http://cathedralhillpress.com/book.php
http://gazetaonline.globo.com/noticias/radios/litoral/index.php
http://tf2mods.net/mod.php
http://www.bia2.com/video/player.php
http://www.bvfonts.com/fonts/details.php
http://www.bitaraf.com/showlink.php
http://www.carbodydesign.com/goto.php
http://www.type-o-tones.com/fonts.php
http://www.killfromtheheart.com/bands.php
http://www.orascomci.com/index.php
http://www.bmepainolympics2.com/comments/showmore.php

http://www.malcolmx.com/about/viewheadline.php
http://www.kaza-deluxe.com/category.php
http://bostonhigashi.org/about.php
http://www.simplytobago.com/gallery.php
http://www.interplay.com/games/support.php
http://www.mircscripts.org/ramblings.php
http://www.facingthegiants.com/news.php
http://www.nypdangels.com/cop/cop.php
http://www.vf-venieri.com/prodotto.php
http://www.pixheaven.net/galerie_us.php
http://www.ever.be/c_page.php
http://www.irishsanghatrust.ie/news.php
http://ditto3d.com/gallery.php
http://www.goodingproductions.com/shop.php
http://cathedralhillpress.com/book.php
http://www.romanianwriters.ro/s.php
http://www.benayoun.com/projet.php

http://www.karnaticlabrecords.com/cart.php
http://countryfest.ca/page.php
http://www.ath-elite.com.au/trainers.php
http://tjff.com/film-info.php
http://www.rupri.org/dataresearchviewer.php
http://www.snowdonia-society.org.uk/index2.php
http://www.sfu.ac.at/english/index.php
http://www.raahauges.com/view-news.php
http://www.clanwilliam.info/index.php
http://www.cjsf.ca/pguide/grid/description.php
http://www.kitefestpasirgudang.com/Content.php
http://www.kyygames.com/games.php
http://www.sciencedomain.org/page.php
http://www.simplytobago.co.uk/gallery.php
http://www.backstagecommerce.ca/services.php
http://en.swfplay.net/game.php
http://www.imaginenative.org/program.php
http://www.jelco.ca/en/product_detail.php
http://www.bitaraf.com/showlink.php
http://www.sarilocker.com/advice/qa.php

http://lm.inlinkz.com/ar.php
http://www.gamedogped.com/details.php
http://www.bvfonts.com/fonts/details.php
http://www.orascomci.com/index.php
http://www.twitney.co.uk/theme.php
http://www.atavistic.com/albums.php
http://www.drumheadmag.com/web/education.php
http://www.sisterstates.com/statetaxforms.php
http://house.legis.state.ak.us/rep.php
http://www.everyway-medical.com/products.php
http://www.konfor.com.tr/Product.php
http://www.ameliaearhart.com/viewheadline.php
http://www.kjworks.com.tw/productdetail.php
http://www.pixheaven.net/photo_us.php
http://www.pixheaven.net/galerie_us.php
http://www.pixheaven.net/galerie_us.php
http://tjff.com/film-info.php

http://www.sciencedomain.org/page.php
http://learnzone.org.uk/courses/course.php
http://www.tidytowns.ie/interior.php
http://encycl.anthropology.ru/article.php
http://www.cobranet.org/about.php
http://www.trnres.com/ebookcontents.php
http://www.goldencards.com/send1.php
http://www.reklamaru.com/content.php
http://www.prworldwidelive.com/index.php
http://www.polkatheatre.com/event.php
http://www.firstgulf.com/search-details.php
http://www.urldominator.com/ro.php
http://www.colinst.com/brief.php

http://www.kidswithfoodallergies.org/resourcespre.php
http://cjsf.ca/pguide/grid/description.php
http://www.creationcare.org/blank.php
http://www.melbournefineart.com.au/gallery.php
http://www.orillia.com/index.php
http://www.lift.org/staffdetails.php
http://www.imaginenative.org/program.php
http://www.sciencedomain.org/journal-home.php
http://www.jfuinsurance.com/insurance/index.php
http://www.thornbridgebrewery.com/beers.php
http://www.coldexrents.com/price_list.php

Wednesday, March 30, 2016

new WebSite

hello guys i know that i havent writen allot in the recent past. i love you guys but all my new content will be posted to that blog. please come visit me at http://www.ljlabs.co.za id love to see you

Wednesday, November 12, 2014

New Hacking Threat Could Impact Traffic Systems

Motorists drive by traffic lights every day and trust they will work. But NBC 5 Investigates found that as more cities turn to wireless traffic systems, some of those systems are unprotected and open to a cyber-attack.
“We implicitly trust these devices,” said Branden Ghena, a University of Michigan PhD student who studies how easy it is to manipulate electronics. “We drive through the intersection knowing that red means we should stop and green means we should go and there’s not going to be any trouble. The light will work as intended.”
“We could actually make the lights all red,” said Ghena. “We could change the light to be green in our direction. These are clearly not the intended behavior of these systems.”
Ghena and a research team at the University of Michigan discovered that with a basic laptop and a wireless radio it could hack into the software system of a company called Econolite. The research team worked with a road crew to make this happen. And In their experiment, Ghena says they were able to manipulate more than 1,000 traffic lights in one town alone – turning red lights green, and green lights red.
“It was surprisingly easy,” said Ghena.
The reason is simple.
“It doesn’t have passwords on it or encryption on the wireless communications,” said Ghena. “They’re basic things, but they’re not enabled by default because the vendor wasn’t thinking about that and assumed the road agency would do something. And the road agency assumed they were good enough the way they came.”
NBC5 Investigates discovered similar vulnerabilities with another company called Sensys Networks, which controls wireless traffic systems in major hubs including Washington DC, Los Angeles, New York City, San Francisco and Chicago.
Just two months ago the U.S. Department of Homeland Security issued this advisory, warning of these “vulnerabilities” after learning about the research of Argentinian security expert Cesar Cerrudo. Cerrudo used a cheap drone flying hundreds of feet above to show how he could hack into Sensys’s traffic signals below.
“The problem is that it’s not protected information,” said Cesar Cerrudo, Chief Technology Officer for IOActive Labs. “I just programmed it to send fake data to the traffic control system so I can make them do things they are not supposed to do.”
Here’s how a traffic control system works: There are sensors buried in the road that detect cars. That information is then sent to the access point which is connected to the traffic control system and controls the lights. And all of this is done wirelessly.
These Sensys Networks systems are used in 10 countries, 45 states, and throughout Illinois.
“(Cerrudo) did identify an area where we had not encrypted the data stream,” said a Sensys Networks spokesman, during a phone conversation with NBC 5 Investigates. He also explained that the company recently issued a software fix, but that it is up to each city, whether to use the fix - and that some cities across the us could still be vulnerable.
NBC 5 Investigates had a lengthy phone conversation with the spokesman from Sensys Networks. We offered the company the opportunity to answer our questions in an on-camera interview. It declined and instead provided us with this two-page statement.
A spokesman from the Chicago Department of Transportation tells us of the 3,100 intersections in Chicago, only 12 of them utilize Sensys Networks wireless technology. But he could not say whether the city has upgraded the software to make Chicago’s traffic lights more secure.
“They are as vulnerable as any cellphone system,” said Transportation Engineer Erick Rivera, who has worked with both Sensys Networks and Econolite traffic systems
Without passwords or encryption, these systems are only as secure as your basic cell phone.
“If the person is able to hack into one intersection, it could mess up an entire corridor,” said Rivera.
Security researchers say simply using passwords and encrypting the systems could prevent future attacks.
“The real attacks here are where you clog up congestion in a city so you can turn all the lights to red and people will be stuck in traffic jams for hours,” said Ghena.