Monday, 19. March 2012
lshell - coded in Python
lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.

Download - Info
http://lshell.ghantoos.org/

Permalink

 


Dnmap - Nmap Framework - Linux
Dnmap (distributed Nmap) is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it. The framework use a client/server architecture. The server knows what to do and the clients do it. All the logic and statistics are managed in the server. Dnmap stores the Nmap output on both server and client. The only caveat of this whole set up is lack security as the framework will inherently trust the client and will execute any Nmap command sent. So, if you want to protect this setup, you might as well have it secured via ACLs, etc. Yet, the Dnmap server is capable of fighting off command injection attacks.

Download
http://sourceforge.net/projects/dnmap/files/

Permalink

 


(IN)SECURE - Magazine Special
Contents:

News from RSA Conference 2012
Information security within emerging markets
Evolving security trends in smartphone and mobile computing
The biggest problem in application security today
RSA Conference 2012 award winners
Innovation Sandbox

Download PDF
http://www.net-security.org/dl/insecure/INSECURE-Mag-RSA2012.pdf

Permalink

 


ClubHACK Magazine March 2012
Contents :

Tech Gyan: Network Security
Computer Networks are the back bone of all organizations which rely on Information Technology (IT) and are the primary entry point for users to access the Information resources of an organization. Networks today are no longer limited within the physical location of an organization, but are required to be accessible from anywhere in the world which makes it vulnerable to several threats.
Legal Gyan: Section 66A – Sending offensive or false messages
From this article onwards we will look at those sections.
With internet and telecommunication virtually controlling communication amongst people, amendments in the Information Technology Act, 2000 (IT Act) have made it clear that transmission of any text, audio or video that is offensive or has a menacing character can land a sender in jail. The punishment will also be attracted if the content is false and has been transmitted for the purpose of causing annoyance, inconvenience, danger or insult.
Tool Gyan: Who wants to be a Millionaire
Everyone wants to be Millionaire and this article is just going to tell you how you can become one. The Web 2.0 has opened lots of opportunities and possibilities along with lots of security issues. One of the popular technology is “Flash” along with its never ending security issues. People laugh when they hear the terms “Flash” and “Security” together. Industry experts say that Flash is actually moving the ball towards ease of use and functionality and thus compromises on security.
Matriux Vibhag: EtherApe – Graphical Network Monitoring
Hello readers, we are back again with a new release, Matriux Krypton v1.2 at nullcontritiya,Goa 2012. Thank you for your support throughout these years that we are able to bring in the bigger and better security solutions. This version includes some great features with 300 powerful penetration testing and forensic tools. The UI is made more elegant and faster. Based on Debian Squeeze with a custom compiled kernel 2.3.39-krypton Matriux is the fastest distribution of its kind and runs easily on a p-IV with as low as 256MB RAM and just 6GB HDD. Included new tools like reaver-wps, androguard, apkinspector, ssh server and many more.
Mom’s Guide: Protect your privacy online with ’TOR’
Let’s begin with what Tor means: The Onion Router. A router is a device that handles your request to go from your home, office, mobile connection to a website or a web service. If you write in your browser URL bar http://chmag.in and hit return, you’ll send your request to your ISP router, which will send the request to another router and so on, until you reach the CHmag ISP router, and finally get your page back. Every one of these steps is called a “hop”.

Download PDF
http://chmag.in/issue/mar2012.pdf

Permalink

 


scdbg - shellcode analysis application
scdbg is a shellcode analysis application built around the libemu emulation library. When run it will display to the user all of the Windows API the shellcode attempts to call.
Additions include:
100+ new api hooks, 5 new dlls, interactive debug shell, rebuilt PEB, support for file format exploits, support for return address scanners, memory monitor, report mode, dump mode, easily human readable outputs, log after xx capabilities, directory mode, inline analysis of process injection shellcode and more...
The simplest command line you can use is:

scdbg -f shellcode_file.sc

Where shellcode_file.sc is the raw shellcode in binary format.

An example of working with shellcode for a file format exploit might look like:

scdbg -f shellcode.sc -fopen bad.doc_ -s -1 -i



Download
https://github.com/dzzie/VS_LIBEMU

Permalink

 


fbpwn - Java based Facebook social engineering framework
Fbpwn is a cross-platform Java based Facebook social engineering framework that you can use for send invitation for any account you just need to select user id, next when victim just accept the invitation it will start to download user profile information , users pictures account so it will do the following:

Dump friend list
Add all victim friends
Dump all users album pictures
Dump profile information
Dump photos ( this mean profile pictures)
Check friends request
Dump victim wall (here including poke)
Clone the profiles

Download
http://code.google.com/p/fbpwn/downloads/list

Permalink

 


Update: Download DarkComet-RAT v5.1
This new version of the famous darkcomet RAT , a remote management tool created by DarkCoderSc . DarkComet is also considered as the most stable RAT around and it is even regarded more stable than some professional ones.

Download
http://securityxploit.blogger.de/stories/1901179/

Permalink

 


Mutillidae Born to be Hacked
Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.

Features

Installs easily by dropping project files into the "htdocs" folder of XAMPP.
Switches between secure and insecure mode
Secure and insecure source code for each page stored in the same PHP file for easy comparison
Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
System can be restored to default with single-click of "Setup" button
Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools.

Download
http://sourceforge.net/projects/mutillidae/files/latest/download

Permalink