Lifetime 1Mbit Free Usenet access

Click to visit promo page and register.
http://www.xsusenet.com/en/
Check you mail box.

Free Usenet Newsleecher Final
http://www.newsleecher.com//?id=download&dlinB=nl_b

RogueKiller is a free small program that analyzes the system for rogue software. It works in this regard similar to Fake Antivirus Remover, a program which we have reviewed in the past here on Ghacks. The program scans known rogueware locations, including running processes, the Windows Registry, drivers, the hosts file and the master boot record.
We need to close all other programs running on the system before you start the program. First thing that you may want to do then is to scan the system. Just press 1 on the keyboard and hit enter afterwards to run the scan.

Download
http://www.sur-la-toile.com/RogueKiller/

UniOFuzz version 0.1.2-beta - the universal fuzzing tool for browsers, web services, files, programs and network services/ports

Download
http://www.nullsecurity.net/tools/uniofuzz.py

Homepage
http://www.nullsecurity.net/tools.html

Count Date Title Author

1 378 30.06.11 SQL Injection Scanners List xploit
2 299 20.07.11 winAUTOPWN v2.7 xploit
3 287 07.07.11 The Web Application Hacker's Handbook 2nd: Discovering and Exploiting Security Flaws xploit
4 204 28.08.11 Killapache - DDOS tool - Perl xploit
5 191 24.08.11 Upload a php shell xploit
6 182 03.08.11 Facebook password recovery xploit
7 181 15.09.11 Backtrack 5 Wireless Penetration Testing xploit
8 181 30.06.11 Dictionaries & Wordlists xploit
9 164 23.08.11 BING.COM - XSS xploit
10 162 06.07.11 Wifi Cracker 1.5 - Linux xploit

This issue covers following articles:-

0x00 Tech Gyan - One Line Facebook
0x01 Tool Gyan - SQLMAP – Automated Sql Injection Testing Tool
0x02 Mom's Guide - Social Networking and its Application Security
0x03 Legal Gyan - Powers of Government under the Information Technology
Act, 2000
0x04 Matriux Vibhag - Setting up and Getting started with Matriux Krypton
0x05 Poster - "I shall use strong password"

Download PDF
http://chmag.in/issue/jan2012.pdf

For those that are not familiarized with Exploit Next Generation® SQL
Fingerprint, it is a powerful tool which performs version fingerprinting
for:
1. Microsoft SQL Server 2000;
2. Microsoft SQL Server 2005;
3. Microsoft SQL Server 2008; and
4. Microsoft SQL Server 2012.

The Exploit Next Generation® SQL Fingerprint uses well-known techniques
based on several public tools that are capable to identify the Microsoft
SQL Server version (such as: SQLping and SQLver), but, instead of showing
only the "raw version" (i.e., Microsoft SQL Version 10.00.2746), the
Exploit Next Generation® SQL Fingerprint shows the mapped Microsoft SQL
Server version (i.e., Microsoft SQL 2008 SP1 (CU5)).

Download
http://www.4shared.com/zip/legpj3DI/ESF.html

Key ID: 0x4FFC316C
1983 7E8E D6C9 CAF8 4B4F A8C9 A36D FC5B 4FFC 316C

Info
http://nbrito.4shared.com/

A cross-platform Java based Facebook social engineering framework, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder. Extensible module interfaces and built-in modules for advanced social engineering tricks.

The tool that you can use is FBPwn, this tool will try several attack on FB directly from a user account so it will do the following:

Dump friend list
Add all victim friends
Dump all users album pictures
Dump profile information
Dump photos ( this mean profile pictures)
Check friends request
Dump victim wall (here including poke)
Clone the profiles


Download
http://code.google.com/p/fbpwn/downloads/list

Windows operating system runs many processes that may include unknown services or viruses, one of the strange processes is svchost.exe, sometimes you find several processes under this name and you need to understand what they are doing.

They consume a lot of memory footprint and if you kill them all it will not solve the situation as they allow some necessary services on the operating system such as windows firewall or windows defender, for this situation you can take a look at Svchost Process Analyzer, it’s a free tool that require no installation and will add no entries to registry keys

Download
http://www.neuber.com/free/svchost-analyzer/

SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.

Download
http://www.systemtools.com/download/dumpacl.zip

Patator is a multi-purpose brute-forcer, written in pyton language, with a modular design and a flexible usage. Can be modified and rewritten as per our environment requirement. Patator is licensed GPLv2.

Download
https://code.google.com/p/patator/downloads/list

Modules supported:

ftp_login : Brute-force FTP
ssh_login : Brute-force SSH
telnet_login : Brute-force Telnet
smtp_login : Brute-force SMTP
smtp_vrfy : Enumerate valid users using the SMTP VRFY command
smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
http_fuzz : Brute-force HTTP/HTTPS
pop_passd : Brute-force poppassd (not POP3)
ldap_login : Brute-force LDAP
smb_login : Brute-force SMB
mssql_login : Brute-force MSSQL
oracle_login : Brute-force Oracle
mysql_login : Brute-force MySQL
pgsql_login : Brute-force PostgreSQL
vnc_login : Brute-force VNC
dns_forward : Forward lookup subdomains
dns_reverse : Reverse lookup subnets
snmp_login : Brute-force SNMPv1/2 and SNMPv3
unzip_pass : Brute-force the password of encrypted ZIP files
keystore_pass: Brute-force the password of Java keystore files

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot , could be used to service DHCP request , DNS requests or phishing attacks

Requirements:

python
python-qt4
dhcp3-server
xterm
subversion

Download
http://code.google.com/p/ghost-phisher/downloads/list

To get the source code for this project from SVN, here's the checkout link:
root@host:~# svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
root@host:~# dpkg -i ghost-phisher_1.3_all.deb

Vulnerability is reported in Google by "Ucha Gobejishvili ( longrifle0x )". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.
Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=http://www.something.com

Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com