This a a pretty pimp little tool that will help you build effiencent password cracking dictionaries:

http://code.google.com/p/l517/

-------------------------
Affected products:
-------------------------

Vulnerable are TinyBrowser v1.42 and previous versions (and all web
applications which are using it, such as TinyMCE). Developer fixed these
holes in the next version 1.43 already in February, after my informing, but
this version still was not released. So contact developer for new version.

----------
Details:
----------

Code Execution (WASC-31):

Execution of arbitrary code is possible due to bypass of program's security
filters (on web servers IIS and Apache).

Code will execute via file uploading. Program is vulnerable to three methods
of code execution:

1. Via using of symbol ";" (1.asp;.txt) in file name (IIS).

2. Via "1.asp" in folder name (IIS).

3. Via double extension (1.php.txt) (Apache with special configuration).


by
MustLive

"CryptoBin is a secure pastebin service with origins dating back to 2005 as a privately used project. After noticing the lack of a public secure, stable and clean pastebin service, CryptoBin was re-coded and launched publicly in May 2011."

Source
https://cryptobin.org/

Source
http://pastebin.com/dRe1wn3g

4shared.com does not filter their filename input which allows us to inject HTML code into the filename variable, being shown on the “Upload succes” page. This page is (by going to the page’s URL) viewable for other people as well. I’m not sure how long this page remains visible.

This kind of XSS probably works at a lot more upload services (as proven below)!

Source
http://pastebin.com/Yx8qihha

Blackhole exploit kit domain generation algorithm of SInowal

Source
http://pastebin.com/p7DAvPAj

"This is an online book about computer, network, technical, physical, information and cryptographic security. It is a labor of love, incomplete until the day I am finished."

Book
http://www.subspacefield.org/security/security_concepts/index.html

This is a summary of PDF tricks, either based on data encodings, JavaScript, or PDF structure.

Source
http://code.google.com/p/corkami/wiki/PDFTricks

"AntiSecShell(ASS) was built by the underground hacking communityand groups like h0no, ac1db1tch3z and others who wish to remain anonymous, have helped altogether to create this new shell. It has many functions but most important of all - it bypasses ALL security of web servers. It is not only a php shell it is a symbol of
freedom and the anti-sec movement which we, the hacking underground, approve and support. Await more news from us,wh173h475 ph33r u5"

Source
http://pastebin.com/aWenLZxr

“NmapSi4 is a complete Qt-based Gui with the design goals to provide a complete nmap interface for users, in order to management all options of this powerful security net scanner!“

Download
http://code.google.com/p/nmapsi4/downloads/list

Nmap Free Security Scanner For Network Exploration & Hacking
http://nmap.org/

Finally, the count down begins for Windows XP. The software giant Microsoft said that it will stop support for Windows XP, the world's most popular operating system, after three years.

Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.

Source
http://pixlr.com/editor/

Part 1
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part1.pdf
Part 2
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part2.pdf
Part 3
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part3.pdf
Part 4
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part4.pdf
Part 5
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part5.pdf
Part 6
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part6.pdf
Part 7
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part7.pdf
Part 8
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part8.pdf

by corelanc0d3r

Download PDF
http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf

by IHTeam

Source
http://translate.googleusercontent.com/translate_c?hl=en&rurl=translate.google.com&sl=uk&tl=en&u=http://websecurity.com.ua/xss_generator/&usg=ALkJrhh699gbDJD7X7rSoHNSC4_gIbxn6Q

Source
http://pastebin.com/EMY6RJK3

XSS aka Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code which is then executed within the victim's browser when the target site vulnerable to and injected with XSS is viewed. The script-code can be any language supported by the browser but mostly HTML and Javascript is used along with embedded Flash, Java or ActiveX.

In some cases where the XSS vulnerability is persistent as described further below, the attacker will not have to craft a link as the injected script is inserted directly into the target site and / or web application. The target user(s) still has to view the affected site / page where the injected code is located though.

Source
http://pastebin.com/X35W0tkD

by
MaXe

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation

Download
https://github.com/ilektrojohn/creepy/downloads

This is a simple perl script that enumerates various possible directories on a given website in order to determine whether or not a phpMyAdmin instance may be installed.

Source
http://pastebin.com/1cbN2Yfm

WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).

Download
http://tools.salvatorefresta.net/WiRouter_KeyRec_1.0.8.zip

This is the official change log for the updated release:

Added ThreatExpert for online scanning option
Packed libraries onto single executable
Improved Traces signatures
Bug Fixes

Link
http://securityxploit.blogger.de/stories/1848885/

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.

Download
http://packetstormsecurity.org/files/view/101683/w3af-1.0-stable.tar.bz2

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of Spidermonkey and Libemu it provides Javascript and shellcode analysis wrappers too. It's also able to create new PDF files and to modify existent ones.

Download
http://code.google.com/p/peepdf/downloads/list

“Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.“

Download
http://www.fastandeasyhacking.com/download

Metasploit
http://securityxploit.blogger.de/stories/1846661/

The Hacker's Choice announced a security problem with Vodafone's Mobile Phone Network today. An attacker can listen to any UK Vodafone customer's phone call. An attacker can exploit a vulnerability in 3G/UMTS/WCDMA - the latest and most secure mobile phone standard in use today. Vodafone released its femto cell to the general public. This means anyone can run his own UMTS network in his house. The box connects back via your DSL connection into their mobile network. This is an initial project to gather information about the technology and verify the security.

http://wiki.thc.org/vodafone?action=AttachFile&do=get&target=femto-backend.jpg

Skype suffers from a persistent Cross-Site Scripting vulnerability due to a lack
of input validation and output sanitization of the "mobile phone" profile entry.
Other input fields may also be affected.

Source
http://www.noptrix.net/advisories/skype_xss.txt

The bootable Live RFID Hacking System contains a ready-to-use set of hacking tools for breaking and analyzing MIFARE Classic RFID cards and other well known card formats. It is built around PCSC-lite, the CCID free software driver and libnfc that gives you access to some of the most common RFID readers.

Download
http://live.openpcd.com/Fedora-15-x86_64-Live-Desktop-RFID.iso

The Chaos Computer Club has released a first draft schedule of the presentations that are planned for the Chaos Communication Camp from 10 to 14 August in Finowfurt, Germany. The "flight schedule" for the presentations at the former Russian military airport's Kourou and Baikonur hangars is still rudimentary, but it does indicate where the journey is set to go: over the coming 23 years, hackers will conquer space and rebalance the flow control between the hacker metaverse and the harsh reality of life.

Presentations on rocket technology, on building solid rocket and hybrid rocket engines, on satellite communication and on research into the security of TETRA radio, demonstrate that the hackers are setting out to conquer more than just the noosphere as a communication membrane.

Another group of earth-related presentations discusses the consequences of the changes in energy policy. From the correct recyling procedure for unwanted gadgets and open source photovoltaics to building wind turbinesGerman language, creative hackers will be presented with a whole range of new research topics. The whole event is rounded off with such summery topics as sports for nerdsGerman language and the sudorific material presented by the "Post Privacy Spackeria"German language. Conventional hackers with a tendency towards security consultancy will enjoy the presentation by the OpenLeaks project, which will be tested for security vulnerabilities by every trick in the book during the camp.

On the camp site, the hackers will be staying in currently 70 villages structured along the lines of the global villages envisioned by centenarian Marshall McLuhan. Tickets for the open air event are 175 euros, reduced to only 140 euros when booked before 20 July. Those who are less than 18 earthling years of age can get in for 50 euros. A total of 3,500 tickets is available. Special rates are also available when travelling to the event by train.

(Detlef Borchers / ehe)

Add your comment

1
https://secure.elance.com/r/jobs/
2
http://www.workingbase.com/

RootRepeal is currently in public beta. Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed. There is always some risk when scanning for rootkits. Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.

Download
http://ad13.geekstogo.com/RootRepeal.rar