... neuere Einträge
Saturday, 1. October 2011
PowerFuzzer v1
Am Saturday, 1. Oct 2011 im Topic 'Pentest'
Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and other
Download
http://narod.yandex.ru/disk/22405899001/powerfuzzer_v1_beta_patched_binary_installer_complete.exe
Download
http://narod.yandex.ru/disk/22405899001/powerfuzzer_v1_beta_patched_binary_installer_complete.exe
Squeeza - Linux
Am Saturday, 1. Oct 2011 im Topic 'Pentest'
squeeza is a tool that helps exploit SQL injection vulnerabilities in broken web applications. Its functionality is split into creating data on the database (by executing commands, copying in files, issuing new SQL queries) and extracting that data through various channels (dns, timing, http error messages)
Download
http://www.sensepost.com/cms/resources/labs/tools/pentest/squeeza/squeeza-0.22.tar.gz
Download
http://www.sensepost.com/cms/resources/labs/tools/pentest/squeeza/squeeza-0.22.tar.gz
HP WebInspect
Am Saturday, 1. Oct 2011 im Topic 'Pentest'
The HP application security solution includes tools for automating and managing application security testing, including static testing of source code in development and dynamic testing of applications running in QA or production. These tools enable you to protect your data, systems, and information from attack by building application security into development and then testing continuously for vulnerabilities. They also help you achieve and demonstrate compliance with government and industry regulations. Now part of the HP IT Performance Suite.
Download
https://download.hpsmartupdate.com/webinspect/WebInspectSetupPrereq.exe
Download
https://download.hpsmartupdate.com/webinspect/WebInspectSetupPrereq.exe
Priv3 Firefox Extension
Am Saturday, 1. Oct 2011 im Topic 'Tools'
Priv3 protects your privacy by blocking trackers, but still shows social snippets like Facebook Comments, +1, like buttons so you don’t miss any content. Once you interact with the social snippet, it reloads the cookies and tracking starts again, so unless and until you interact with the snippet, the addon keeps blocking the trackers.
Download
http://priv3.icsi.berkeley.edu/
Download
http://priv3.icsi.berkeley.edu/
Hacking Your Android
Am Saturday, 1. Oct 2011 im Topic 'Tutorials'
JonDo 00.16.001
Am Saturday, 1. Oct 2011 im Topic 'Tools'
JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X. It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.
Download
http://anonymous-proxy-servers.net/en/jondo.html
Download
http://anonymous-proxy-servers.net/en/jondo.html
Busting-Windows
Am Saturday, 1. Oct 2011 im Topic 'Vulnerabilities'
Thursday, 29. September 2011
Joomla 1.7.0 - XSS
Am Thursday, 29. Sep 2011 im Topic 'Vulnerabilities'
VULNERABILITY DESCRIPTION
Several parameters (searchword, extension, asset, author ) in Joomla!
Core components are not properly sanitized upon submission to the
/index.php url, which allows attacker to conduct Cross Site Scripting
attack. This may allow an attacker to create a specially crafted URL
that would execute arbitrary script code in a victim's browser.
Source
http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29
Several parameters (searchword, extension, asset, author ) in Joomla!
Core components are not properly sanitized upon submission to the
/index.php url, which allows attacker to conduct Cross Site Scripting
attack. This may allow an attacker to create a specially crafted URL
that would execute arbitrary script code in a victim's browser.
Source
http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29
Wednesday, 28. September 2011
Wpscan And Metasploit's Meterpreter
Am Wednesday, 28. Sep 2011 im Topic 'Tutorials'
Trend Micro Titanium Internet Security 2011 - Free
Am Wednesday, 28. Sep 2011 im Topic 'News'
Click here "http://jowdones.com/download/security/TTi_MR_32-64bit_ML.7z" to download Trend Micro Titanium Internet Security Multilingual Installer Size 77 MB.
During installation, select “Trial Version”, then accept the terms and conditions.
This is a special build that will automatically activate your subscription for 1 year. No serial/license is required to activate your subscription
During installation, select “Trial Version”, then accept the terms and conditions.
This is a special build that will automatically activate your subscription for 1 year. No serial/license is required to activate your subscription
Zscaler Likejacking Prevention
Am Wednesday, 28. Sep 2011 im Topic 'News'
The Zscaler Likejacking Prevention keeps you safe from Facebook scams that hide widgets such as ‘Like’ buttons on third party pages, using a technique known as clickjacking. With Likejacking, attackers exploit the Facebook Like button and other Facebook widgets, to spread spam and propagate scams by tricking users into advertising the malicious content via their own Facebook profiles.
Download
http://www.zscaler.com/research/plugins/firefox/likejacking/zscaler-likejaking-prevention-latest.xpi
Download
http://www.zscaler.com/research/plugins/firefox/likejacking/zscaler-likejaking-prevention-latest.xpi
Cyber Security Evaluation Tool (CSET)
Am Wednesday, 28. Sep 2011 im Topic 'Tools'
CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.
Download
http://us-cert.gov/control_systems/csetdownload.html
Download
http://us-cert.gov/control_systems/csetdownload.html
iScanner - Linux
Am Wednesday, 28. Sep 2011 im Topic 'Tools'
iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files.
Download
http://iscanner.isecur1ty.org/download/iscanner.tar.gz
Download
http://iscanner.isecur1ty.org/download/iscanner.tar.gz
TransformTool
Am Wednesday, 28. Sep 2011 im Topic 'Tools'
TransformTool currently supports the following transformations:
HTML Encode/Decode
XML Escape/Unescape
URL Encode/Decode
URL Encode Unicode
URL Encode/Decode raw bytes
Base 64 Encode/Decode
HEX Encode/Decode
Charsets (ASCII, Latin-1, UTF-8, UTF-16)
Deflate/Inflate
GZip/GUnzip
Common hash functions (MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160)
Download
http://transformtool.codeplex.com/releases/view/73662
HTML Encode/Decode
XML Escape/Unescape
URL Encode/Decode
URL Encode Unicode
URL Encode/Decode raw bytes
Base 64 Encode/Decode
HEX Encode/Decode
Charsets (ASCII, Latin-1, UTF-8, UTF-16)
Deflate/Inflate
GZip/GUnzip
Common hash functions (MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160)
Download
http://transformtool.codeplex.com/releases/view/73662
Tuesday, 27. September 2011
Mysql.com Hacked
Am Tuesday, 27. Sep 2011 im Topic 'News'
How Does The Injection Works
Step 1: http://www.mysql.com
Causes the visiting browser to load the following:
Step 2: http://mysql.com/common/js/s_code_remote.js?ver=20091011 ( Don't Visit Now )
This is the injection point. you can find the entire content of the .js file here.
The Infection Section
http://4.bp.blogspot.com/-WSOXkhEDLQU/ToCO-q6jLkI/AAAAAAAACfU/abyQ5I7fqus/s1600/mysql%2Bhacked%2Bserving%2Bmalware%2B2.png
Step 3: http://falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/
Shows out a 302 redirect to Step 4.
Step 4: http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php
This domain hosts the BlackHole exploit pack. It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.
Source
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html
Step 1: http://www.mysql.com
Causes the visiting browser to load the following:
Step 2: http://mysql.com/common/js/s_code_remote.js?ver=20091011 ( Don't Visit Now )
This is the injection point. you can find the entire content of the .js file here.
The Infection Section
http://4.bp.blogspot.com/-WSOXkhEDLQU/ToCO-q6jLkI/AAAAAAAACfU/abyQ5I7fqus/s1600/mysql%2Bhacked%2Bserving%2Bmalware%2B2.png
Step 3: http://falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/
Shows out a 302 redirect to Step 4.
Step 4: http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php
This domain hosts the BlackHole exploit pack. It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.
Source
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html
Monday, 26. September 2011
Findmyhash - Python
Am Monday, 26. Sep 2011 im Topic 'Source Code'
Cracking services supported
Schwett.com
Netmd5crack.com
MD5-Cracker.tk
tools.BenRamsey.com
md5.Gromweb.com
md5.HashCracking.com
victorov.su
md5.thekaine.de
tmto.org
md5-db.de
md5.my-addr.com
md5pass.info
md5decryption.com
md5crack.com
md5online.net
md5-decrypter.com
authsecu.com
hashcrack.com
objectif-securite.ch
c0llision.net
md5.rednoize.com
cmd5.org
cacin.net
ibeast.com
password-decrypt.com
bigtrapeze.com
hashchecker.com
md5hashcracker.appspot.com
passcracking.com
askcheck.com
cracker.fox21.at
crackfoo.nicenamecrew.com
joomlaaa.com
md5-lookup.com
sha1-lookup.com
sha-256.sha1-lookup.com
ripemd-lookup.com
md5.com.cn
md5.digitalsun.pl
md5.drasen.net
md5.myinfosec.net
md5.net
md5.noisette.ch
md5hood.com
stringfunction.com
xanadrel.99k.org
isc.sans.edu
bokehman.com
Download
http://code.google.com/p/findmyhash/downloads/list
Schwett.com
Netmd5crack.com
MD5-Cracker.tk
tools.BenRamsey.com
md5.Gromweb.com
md5.HashCracking.com
victorov.su
md5.thekaine.de
tmto.org
md5-db.de
md5.my-addr.com
md5pass.info
md5decryption.com
md5crack.com
md5online.net
md5-decrypter.com
authsecu.com
hashcrack.com
objectif-securite.ch
c0llision.net
md5.rednoize.com
cmd5.org
cacin.net
ibeast.com
password-decrypt.com
bigtrapeze.com
hashchecker.com
md5hashcracker.appspot.com
passcracking.com
askcheck.com
cracker.fox21.at
crackfoo.nicenamecrew.com
joomlaaa.com
md5-lookup.com
sha1-lookup.com
sha-256.sha1-lookup.com
ripemd-lookup.com
md5.com.cn
md5.digitalsun.pl
md5.drasen.net
md5.myinfosec.net
md5.net
md5.noisette.ch
md5hood.com
stringfunction.com
xanadrel.99k.org
isc.sans.edu
bokehman.com
Download
http://code.google.com/p/findmyhash/downloads/list
... ältere Einträge