Results for "Category: Security"

This programm sniffs connection between 2 hosts, and shows the source-ip/port, dest-ip/port, Flags,and the Packetdata(payload). It is a nice example for rawsockets with winsock. Test is and mail me ;=)

Demonstrate how to spawn a shell on a remote computer bound to a port. If u like it, please VOTE!

This is an example how easy it is to manipulate the execution flow of an Pe-file (.exe) This little tool will patch a given file, to run the command 'cmd'. This example is not really usefull but as you can imagine that it is also posible to start a backdoor very stealth with this technic. How it works: 1. it will search for the last section of the exe 2. the it will search in the last section where are 69 NULL-bytes to paste your execution code 3. then it start to search for the position in the exe where the first 5 bytes of the code are. 4. save the bytes which will be overwritten (how much it will be u can define with the offset) 5. it will overwrite the bytes with a jump (E9) to the execution-code 6. generate the execution code thst it will look like this NOP + static code + WinExec address + saved bytes + back jump address 7. paste the exeution code at the postion of 2. End For question about this code please mail me.

Purpose:- Save Time and Labour while clearing CMOS setup password.. Now you donn't need to open your computer and make jumper setting for clearing CMOS setup password. Here is the utility for that purpose. 100% tested on IBM or IBM compatible PC.

This code hides your applicatoin from CTRL+ALT+DEL List. Useful for spying purpose. Plz Do vote Me. or mail me for info , sirdneo@yahoo.com

Encrypts and Decrypts a file. This is not an "uncrackable" type of encryption but once you can understand the basics of this type of file encryption you CAN make better ones than me. This is just a quick example of basic encryption. Highly commented to help beginners. There aren't many good examples on PSC, maybe this one is :), to me, comments are more useful than votes. simple Encrypt / Decrypt.

This program takes a password and replaces it with * while typing it. It features deleting and password length limits.

what this program does is ask for a password then if the password is right it displays the message you want it to if it is wrong it changes the value of the password and asks again this will continue till the correct password is entered.

Need Security on your site. No need for global files or dll's, this DSN-Less Username and Password example is done using JavaScript and ASP. It not only checks for authentication but sets a session for different levels of usergroups. Check it out, very easy to use and to expand upon.

Need Security on your site. No need for global files or dll's, this DSN-Less Username and Password example is done using VBScript and ASP. It not only checks for authentication but sets a session for different levels of usergroups. This code was expanded based on several email received asking how to do more with it. Enjoy!!!

Prevent unauthorized viewing of website javascript and style sheet files. Simply rename all your style and javascript files to the .asp extension. Then include the validate_view.asp file at the top of each file. Open the validate_view.asp file and change the top the constants to those required. Then finally call the procedure name "validate_view" with the current files content type as the parameter.

Simple way of preventing access to your client side javascripts and even style sheets

Users can submit their Username, password, and E-Mail address to register for your site! You can then use a password/username checker from this site to see if the logged in correctly!

Provides your site with security. A login and password, with the ability for the user to change their own password. It uses a DSN-less Access database so that you do not need to set up a DSN on the server.

MyLogin is created entirely in ASP. With just a few simple steps you can password protect any of your pages without knowing how to code ASP (But it Helps!) You can assign individual access levels or you can assign Group access levels. You an also assign Expiration Dates on Groups or Individual Levels. MyLogin uses a DSNLess Access database so you will not have to set up an ODBC. Best of all MyLogin is absolutely FREE!

Requests users to login to website with NT Account.

Authenticates a user to make sure if they have previously logged into the site. Requires Session("UserID") to be populated. This usually represents the Users ID within a data base. (Users.UserID) If a user is not loged in, they are redirected to a page to attempt a login. This is useful when the ability to "Auto-Login" has been enabled to use previously saved login information in the users cookies. When a user is redirected to the login page, The URL they were attempting to view is passed along in the Query String along with the reason why they need to login. If the user was posting data to the protected page (perhaps a session timed out), then the previous page they were posting from is sent as the URL that the user is redirected to after they have successfully logged in. This is done to help reduce errors when visiting a page that expected posted form data.

This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.

Securing Your IIS Web & Content With Access MDB Based User Security (Simple Yet Comprehensive) This past week, I sat down to tackle the chore of securing my personal IIS web server... specifically, my web app I previously posted here (MP3Tool.Web).  It was a learning experience to say the least, and so I thought I'd zip up my work and share that experience with the rest of you. The Chore: secure an IIS web or entire server via user logins. The Solution: the magic of my security approach is achieved by making use of the Global.ASA file and sessions.  As it's name implies, it functions as something of a global over all the other asp pages on a web site.  You can find documentation on the global.asa posted here on psc, so I won't repeat those details here (and the rest of this assumes you know what global.asa is).  My security approach makes use of the Session_OnStart on event.  It is triggered the first time a user tries to hit an ASP page on your site... and occurs BEFORE the target asp page is served up by the server.  This is key to making this approach work.  When a session is first started, a number of activities take place.   1) a connection to the database is established (held as an object in the session at the top of the page) 2) the "hit" is logged in the database by IP # and date 3) we test to see if the IP # has been "banned".  If it has, I came up with a pretty slick way to implement the ban.  Attached in this zip is a VB project for my ResponseHelper com object (my solution to my problem expressed in my previous post, MP3Tool.web, about streaming back binary data back directly on the asp response).  In this case, we're not streaming back a binary persay, but an HTML page that looks and works exactly (with 1 smiling exception) to the Server Not Found page IE serves up.  Because I use the com object to stream the file back, rather than a .Redirect, the end user is none the wiser (their browser location never changes).  =) 4) this part is probably optional, but then I put in a browser check to ensure that IE is being used by the client. =) 5) we test to see if a specifically named cookie exists on the client.  This cookie is used to "persist" a user's login... much the same way your developer login is persisted (if you so choose for it to be) here on psc. 6) if no cookie was detected, then we test to see if the Login.htm form is being posted.  While the "target" of the Login.htm page is the Login.ASP page, we actually intercept and process all logins in the Global.asa file.  Login.asp file theoritically should never actually be hit.

(Because of an error at PSC i had to re-upload this article :-S) This method can be used to authenticate users by letting them entering their email address and password. This method is highly secure due to its use of the MD5 algorithm to send the password encrypted. Provided security is better then the basic authentication featured in most browsers, and can be used in combination with HTTPS.