Eve and the Identity of Women: 7. Eve & Lilith In an effort to explain inconsistencies in the Old Testament, there developed in Jewish literature a complex interpretive system called the midrash which attempts to reconcile biblical contradictions and bring new meaning to the scriptural text. Employing both a philological method and often an ingenious imagination, midrashic writings, which reached their height in the 2nd century CE, influenced later Christian interpretations of the Bible. Inconsistencies in the story of Genesis, especially the two separate accounts of creation, received particular attention. Later, beginning in the 13th century CE, such questions were also taken up in Jewish mystical literature known as the Kabbalah. According to midrashic literature, Adam's first wife was not Eve but a woman named Lilith, who was created in the first Genesis account. Only when Lilith rebelled and abandoned Adam did God create Eve, in the second account, as a replacement. Lilith also personified licentiousness and lust. Lilith?
What is a portable app? | PortableApps.com - Portable software for USB drives portable - carried or moved with easeapp - a computer program like a web browser or word processor Portable App Definition (permalink) A portable app is a computer program that you can carry around with you on a portable device and use on any Windows computer. No Special Hardware - Use any USB flash drive, portable hard drive, iPod/MP3 player, etc No Additional Software - Just download, run the portable installer and go No Kidding - It's that easy Portable App Guidelines (permalink) Consider the Possibilities... Your favorite web browser with all your bookmarks close at handYour presentation AND the required software ready to go for that big meetingYour important passwords and account information securely encrypted and always with youYour antivirus program and other utilities ready to fix PC problemsYour calendar with all your appointmentsYour own email client with all your contacts and settingsYour instant messenger and your buddy listYour whole office suite along with all your documents
MSSQL Injection Cheat Sheet Some useful syntax reminders for SQL Injection into MSSQL databases… This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend. This helps to highlight any features which are lacking for each database, and enumeration techniques that don’t apply and also areas that I haven’t got round to researching yet. The complete list of SQL Injection Cheat Sheets I’m working is: I’m not planning to write one for MS Access, but there’s a great MS Access Cheat Sheet here. Some of the queries in the table below can only be run by an admin. Misc Tips In no particular order, here are some suggestions from pentestmonkey readers. From Dan Crowley:A way to extract data via SQLi with a MySQL backend From Jeremy Bae: Tip about sp_helpdb – included in table above. From Trip: List DBAs (included in table above now): select name from master..syslogins where sysadmin = ’1′
HOWTO bypass Internet Censorship, a tutorial on getting around filters and blocked ports Hacker Typer Techcrunch The hacker's guide to website security 3. Gaining access The next step is gaining access to the web application, database or the server itself, using a selection of the following attacks: cross-site scripting XSS, SQL injections, command injections, cookie/session poisoning, parameter/form tampering, buffer overflow, authentication hijacking, obfuscation attack, platform exploits, application exploits, brute force attacks and web services exploits. Step 1: Software exploits Ethical hacker: "As I'm focusing on information leaks and unauthorised access, I'll concentrate on application exploits, SQL injections, form manipulation and XSS. ● Vbulletin 3.8.6 exploit – lots of them, XSS, remote execution and SQL injections. ● phpmyadmin 3.2.5 exploit – nothing there but I could try a brute force if all else fails. ● Joomla 1.5 – lots of different exploits available. Let's have a look at the websites on the server. "Nothing special on the first two, just static pages. Step 2: Form manipulation There's also a hidden field called promo.
DNStunnel.de - free DNS tunneling service Writing Buffer Overflow Exploits - a Tutorial for Beginners 1. Memory Note: The way we describe it here, memory for a process is organized on most computers, however it depends on the type of processor architecture. This example is for x86 and roughly applies to Sparc. The principle of exploiting a buffer overflow is to overwrite parts of memory that are not supposed to be overwritten by arbitrary input and making the process execute this code. - Code segment, data in this segment are assembler instructions that the processor executes. - Data segment, space for variables and dynamic buffers - Stack segment, which is used to pass data (arguments) to functions and as a space for variables of functions. 2. memory address code 0x8054321 <main+x> pushl $0x0 0x8054322 call $0x80543a0 <function> 0x8054327 ret 0x8054328 leave ... 0x80543a0 <function> popl %eax 0x80543a1 addl $0x1337,%eax 0x80543a4 ret What happens here? In this case, our return address is 0x8054327. 3. End of assembler dump. 3a. 3b. # (ret;cat)|. 4. 4a. 4b. # cc -o code code.S code.c # . 5.
CSS Styles Tutorial - Learn how to use CSS Styles to format text in your web site What is CSS Cascading Style Sheets (CSS) are .css files that contain a collection of formatting rules that control the appearance of content in a web page. They are very useful for maintaining a web site since its appearance (controlled by properties of HTML tags) can be managed from just one file. CSS Styles also enhance your site's look, accessibility and reduces file size. Another main advantage is reusability - instead of defining the properties of fonts, backgrounds, borders, bullets, uniform tags, etc. each time you use them you can just assign the corresponding css style in the class property. You can store CSS styles directly in each document or, for more control and flexibility, in an external style sheet. Prerequisite Knowledge None. You Are Here ::: Home >> Free Tutorials >> Dreamweaver Tutorials >> CSS Styles Tutorial Types of CSS Styles There are 4 types of CSS Styles: Class - Custom CSS style: creates a customized style with the set attributes. Using CSS Styles
SQL Injection Walkthrough 1.0 Introduction When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS. This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. 1.1 What is SQL Injection? 1.2 What do you need? 2.0 What you should look for? Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise). 2.1 What if you can't find any page that takes input? hi' or 1=1--
Upside-Down-Ternet My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun. I'm starting here by splitting the network into two parts, the trusted half and the untrusted half. The trusted half has one netblock, the untrusted a different netblock. /etc/dhcpd.conf IPtables is Fun! Suddenly everything is kittens! /sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -j DNAT --to-destination 64.111.96.38 For the uninitiated, this redirects all traffic to kittenwar. For more fun, we set iptables to forward everything to a transparent squid proxy running on port 80 on the machine. /sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1 That machine runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of its local webserver. The redirection script Then the internet looks like this! I made xkcd - how cool is that ?