Archive für Januar 2012

Hacking: SQL Injection tools for free

31.1.2012 von matti.

Hello again,

It might be worth to test your applications for SQL Injection.
Here a list of tools:

Sqlninja ( http://sqlninja.sourceforge.net/ )
sqlmap ( http://sqlmap.sourceforge.net/ )
Pangolin 3.2.3 free edition ( http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip )
Havij v1.14 Advanced SQL Injection – free version ( http://www.itsecteam.com/files/havij/Havij1.14Free.rar )
SQL Power Injector ( http://www.sqlpowerinjector.com/ )
Marathon Tool ( http://www.codeplex.com/marathontool )
Absinthe ( http://www.0×90.org/…inthe/index.php )
pysqlin ( http://code.google.c…source/checkout )
BSQL Hacker ( http://labs.portcull…on/bsql-hacker/ )
SQL Injection digger (SQLID) ( http://sqid.rubyforge.org/#download)
WITOOL ( http://witool.sourceforge.nSQL, Oracle, Microsoft SQL Server and Microsoft Access.et/ )
sqlus ( http://sqlsus.sourceforge.net/ )
DarkMySQLi16.py ( http://vmw4r3.blogspot.com/ )
mySQLenum ( http://sourceforge.n…ects/mysqlenum/ )
PRIAMOS ( http://www.priamos-project.com/ )
FJ-Injector Framework ( http://sourceforge.net/projects/injection-fwk/files/)
Bobcat SQL Injection Tool ( http://www.northern-…pub/bobcat.html )
SQLIer 0.8.2b  ( http://bcable.net/releases.php?sqlier )
bsqlbf-v2 ( http://code.google.com/p/bsqlbf-v2/ )
Safe3 Sql Injector ( http://sourceforge.net/projects/safe3si/)
ExploitMyUnion ( http://sourceforge.n…exploitmyunion/ )Laudanum ( http://sourceforge.n…jects/laudanum/ )
WebRaider ( http://code.google.com/p/webraider/ )
Toolza 1.0 ( http://bug-track.ru/prog/toolza1.0.rar )
SCRT Mini-MySqlat0r (http://www.scrt.ch/attaque/telechargements/mini-mysqlat0r)
SFX-SQLi ( http://www.kachakil.com/ )
DarkMySQL ( http://vmw4r3.blogspot.com/ )
ProMSiD Premium ( http://forum.web-def…02&postcount=15 )
yInjector ( http://y-osirys.com/…-softwares/id10 )
Hexjector ( http://sourceforge.n…ects/hexjector/ )

Happy hacking…

Cheers,
Matti

Geschrieben in hacking | Drucken | Keine Kommentare »

Link: Antivirus stuff

31.1.2012 von matti.

Just as a reminder of different tools to get rid of malware.

Live CDs

Avira AntiVir Rescue System
http://www.avira.com/de/support-download-avira-antivir-rescue-system

F-secure Rescue-cd
http://www.f-secure.com/en/web/labs_global/removal/rescue-cd

BitDefender Rescue CD
http://www.heise.de/software/download/bitdefender_rescue_cd/56298dl_7469f31745ca2bd873d8a959cd9bf6ef_1328034493

Kaspersky Rescue Disk
http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/

G Data BootCD
http://www.gdata.de/support/downloads/tools.html

Dr.Web LiveCD
http://www.freedrweb.com/livecd/

Trinity Rescue Kit
http://trinityhome.org/Home/index.php?content=TRINITY_RESCUE_KIT_DOWNLOAD&front_id=12&lang=en&locale=en

Tools

Malwarebytes
http://www.malwarebytes.org/

Spybot - Search & Destroy 2.0
http://www.safer-networking.org/de/spybotsd2/index.html

Hijackthis
http://www.trendsecure.com/portal/de/tools/security_tools/hijackthis

Keep it clean…
Cheers,
Matti

Geschrieben in link | Drucken | Keine Kommentare »

The SEVER Methodology

31.1.2012 von tugrik.

The “Social Engineering Vulnerability Evaluation and Recommendation (SEVER)” methodology, located at http://www.kgb.to/SEVER_Instructions_Final.pdf , was recently highlighted to me, and also appeared in the darknet.org.uk blog in December 2011, although the document appears to date from April 2011.
The SEVER project hopes to

  1. Provide the fastest means of training novices about complex social engineering concepts.
  2. Provide penetration testers with a methodology that minimizes their effort while increasing their chance of success.

The truth is far from this, and the detail is unnecessary - I started writing references and in the end realised I was referencing at least every page, if not every paragraph.

In summary, the document is an “eighties text file” style rant about the author’s personal irritants; it doesn’t really detail a methodology at all, and concentrates on how to attack a single person rather than an organisation or other goal.  For example as part of a Social Engineering engagement the author appears to advocate the exploitation of phobias, use of lighting to induce migraines in the target, gaining rapport with the target through mutual use of illegal drugs, and torture.  I strongly suggest reading for entertainment purposes only.

In stating the above I’m presuming that Penetration Testers all obey the law, their job being to simulate the effect of criminal acts rather than commit them; also their intention is to show the customer that they are can be trusted with the information and access they’ve been granted. Also that as part of the engagement a Penetration Tester is not permitted nor willing to cause permanent physical and/or psychological damage to their client’s employees. The legal liability incurred by trying out many of the techniques listed would be “interesting.”

Geschrieben in opinion | Drucken | Keine Kommentare »

Humor: Yes, we did it!

30.1.2012 von matti.

Yes folks,

We did it!!!
We are now an official hacking site.
You do not believe us? … Well, see for yourself

the-ssh.jpg

Yea baby ;-)

Cheers,
Matti

Geschrieben in humour | Drucken | 1 Kommentar »

Hacking: Tools

28.1.2012 von matti.

I am sometimes quite surprised of how many web security tools start with a single guy coding something up.

Here is such an example of a really cool tool written by guy from London Royal Holloway University, Anastasios Laskos:

http://arachni.segfault.gr

Really impressed by the high rate and accuracy of issues it discovers…

So thanks for that tool

Cheers,
Matti

Geschrieben in hacking | Drucken | Keine Kommentare »

Hacking: Traces on the Internet

28.1.2012 von matti.

I was having a look at certain sites and tools that are good for finding things out about other people on the Internet.

Not for stalking :-) but for Social Engineering.

Here are some of which I thought where quite useful….

Social Network Search Sites:

http://www.keotag.com/

http://www.howsociable.com/

http://monitter.com/

http://www.samepoint.com/

http://topsy.com/

http://attentio.com/products

http://tweetpsych.com/

http://tweetscan.com/

http://twitrratr.com/

http://www.neoformix.com/Projects/TwitterStreamGraphs/view.php

http://twendz.waggeneredstrom.com/

http://twittermap.appspot.com/

http://spy.appspot.com/

http://socialmention.com/

http://whostalkin.com/

Those might be good as well:

http://twittercounter.com/ (needs twitter account)
http://www.ubervu.com/ (demo must be requested)
http://www.alterian.com/socialmedia/products/sm2/ (demo must be requested)

People Search Sites:

http://namechk.com/

http://www.peekyou.com/

http://com.lullar.com/

http://www.google.de

People Search Tools

http://www.paterva.com/web5/

http://ilektrojohn.github.com/creepy/

http://code.google.com/p/fbpwn/

Exploiting

http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29

http://www.sptoolkit.com/documentation/001-the-spt-framework/

Cheers,

Matti

Geschrieben in hacking | Drucken | Keine Kommentare »

|