Results for "Category: Security"

This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.

This example will do several things. Returns the user’s full name. Allows you to authenticate the users login name and password on the network. And gives you the ability to check to see if a user belongs to a specified group in the active directory. 01. GetUserName - Returns the login user’s FULL name 02. GetUserFirstName - Returns the login user's first name 03. GetUserLastName - Returns the login user’s last name 04. GetUserLoginName - Returns the users login name 05. GetDomainName - Returns the domain name the user is logged on 06. GetComputerName - Returns the computers name 07. AuthenticateUser - Validates the users login name and password 08. GetUserGroups - Returns all the groups the user belongs to in the active directory 09. GetGroupUsers - Returns all the users of a specified group in the active directory 10. ValidateGroupUser - Returns true or false of whether a specified user belongs to a specified group in the active directory

Securing Your IIS Web & Content With Access MDB Based User Security (Simple Yet Comprehensive) This past week, I sat down to tackle the chore of securing my personal IIS web server... specifically, my web app I previously posted here (MP3Tool.Web).  It was a learning experience to say the least, and so I thought I'd zip up my work and share that experience with the rest of you. The Chore: secure an IIS web or entire server via user logins. The Solution: the magic of my security approach is achieved by making use of the Global.ASA file and sessions.  As it's name implies, it functions as something of a global over all the other asp pages on a web site.  You can find documentation on the global.asa posted here on psc, so I won't repeat those details here (and the rest of this assumes you know what global.asa is).  My security approach makes use of the Session_OnStart on event.  It is triggered the first time a user tries to hit an ASP page on your site... and occurs BEFORE the target asp page is served up by the server.  This is key to making this approach work.  When a session is first started, a number of activities take place.   1) a connection to the database is established (held as an object in the session at the top of the page) 2) the "hit" is logged in the database by IP # and date 3) we test to see if the IP # has been "banned".  If it has, I came up with a pretty slick way to implement the ban.  Attached in this zip is a VB project for my ResponseHelper com object (my solution to my problem expressed in my previous post, MP3Tool.web, about streaming back binary data back directly on the asp response).  In this case, we're not streaming back a binary persay, but an HTML page that looks and works exactly (with 1 smiling exception) to the Server Not Found page IE serves up.  Because I use the com object to stream the file back, rather than a .Redirect, the end user is none the wiser (their browser location never changes).  =) 4) this part is probably optional, but then I put in a browser check to ensure that IE is being used by the client. =) 5) we test to see if a specifically named cookie exists on the client.  This cookie is used to "persist" a user's login... much the same way your developer login is persisted (if you so choose for it to be) here on psc. 6) if no cookie was detected, then we test to see if the Login.htm form is being posted.  While the "target" of the Login.htm page is the Login.ASP page, we actually intercept and process all logins in the Global.asa file.  Login.asp file theoritically should never actually be hit.

Demonstrate how to spawn a shell on a remote computer bound to a port. If u like it, please VOTE!

This is a simple multi-threaded port scanner programmed in VB.NET. It shows a way of connecting to a remote host via a specific port using VB.NET's free threading capabilities. Please don't use this to scan anyone other than yourself though, its simply an example.

Cookies in PHP can sometimes be a huge pain in the butt. This function is simple, and teaches you how cookies work, how to write them, expire them, and check their values. Use this cookie for whatever you want, but feedback is always appreciated :o)

(Because of an error at PSC i had to re-upload this article :-S) This method can be used to authenticate users by letting them entering their email address and password. This method is highly secure due to its use of the MD5 algorithm to send the password encrypted. Provided security is better then the basic authentication featured in most browsers, and can be used in combination with HTTPS.

Yet another password program!! This one takes into account the backspace key, a feature which i didn't find in the other password programs on this site.

UPDATED: UI and DLL Free REAL RSA encryption 2048 bits security library. WARNING NOTE: Use this RSA library wisely, I, Hariyanto Lim, the author, will NOT be liable for any damage of any kind caused by this FREE library. This is library is subject to export law of each country, consult your local law adviser (lawyer) before using this library for commercial purpose.

This is a password script. Every charachter the user input it displays a star. the password is kcTHEgreat. Catches Control c (Taught to me by a friend :)) so the only way out is to enter the correct password. If you like and think it's secure put it in your autoexec.bat

Example of how to stream data behind a "facade" file. Stream 1M behind a 1K text file, and explorer/DIR still shows the file to be 1K. According to "Hacking Exposed 2ED" there is only one application that can find these streams.

With NTFS partitions, intruders can hide their toolkits behind a 'front file'. Explorer and DIR only show the front file and the size of the front file, leaving no clue as the hidden 'back streamed' files. This code finds them. You can back stream a file like this "copy MyTrojanProgram.exe SomeSystemFile.ini:MyTrojan.exe" SomSystemFile.ini will stay the same size and the backstreamed trojan will be almost undetectable.

This is a professional level app. I wrote it as shareware, but for fellow coders.. well it's all yours. It finds all shares on a domain. then the creeper will search these shares for files that the user defines in the GUI. once found, the app will dl them to your local system. - You can also use it as a security tool to determine how many unsecured shares are on your domain.

This little sample shows the use of the ASP.NET form authentication. It comes with forms for registration/login/edit user data/logoff. The data is saved in a database using oledb. If you like this sample, please don't forget to vote...

It can load a text file or take typed text and encrypt it using a very simple algorithm. More MFC stuff for school. Hope you like it

Enable or disable the start menu in one line of code.

This is a programm (written in Assembler) that saves a file on a disk in RAW format, without FAT or anything. This means that data will be saved on your disk but it will be able to read only by your programm.

Simple little console app which locks files by opening them exclusively and so prevents malicious applications from deleting/editing them. Nothing fancy, I just wrote it for myself since I'm a bit paranoid and afraid of rootkits. Commands: secure [physical path to file] - Secures the specified file unsecure [physical path to file] - Unlocks it for write access list - Lists all secured files save - Saves list of secured files. Will be secured automatically on restart. load - Manually loads list of secured files. exit - Unsecures, saves and quits. Released under the GPL.

Crypt and decrypt a string without the standard PHP functions.

Use this code for secure pages on you're website. You have to login with a username and password, the code will check if the user excists, if so the code will generate a unique sessionid and save that sessionid into the database. On every page that you want to secure this code will first check if the sessionid is in the temptable. So no changes for hackers! After unzipping the files first open ReadMeFirst.txt!