Monday, February 2, 2009

Hacking -Ebooks Collection

Ebook - Computer) Hacking The Windows Registry.pdf
(eBook - PDF) Hugo Cornwall - The Hacker's Handbook .pdf
(eBook pdf) Hacking into computer systems - a beginners guide.pdf
(ebook_-_pdf)_Hacking_IIS_Servers.pdf
A Beginners Guide To Hacking Computer Systems.pdf
amazon-hacks.chm
Attacking the DNS Protocol.pdf
Auerbach.Practical.Hacking.Techniques.and.Countermeasures.Nov.2006.pdf
bsd-hacks.pdf
Certified Ethical Hacker (CEH) v3.0 Official Course.pdf
Computer - Hackers Secrets - e-book.pdf
cracking-sql-passwords.pdf
Crc Press - The Hacker'S Handbook.pdf
Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru].pdf
DangerousGoogle-SearchingForSecrets.pdf
database hacker handbook.chm
Dummies - Hack How To Create Keygens (1).pdf
ebay-hacks-100-industrial-strength-tips-and-tools.pdf
eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm
ethical hacking, student guide.pdf
excel-hacks.chm
google-hacks.pdf
Guide-to-Hacking-with-sub7 (1).doc
Hack IT Security Through Penetration Testing.pdf
Hack Proofing - Your Network - Internet Tradecraft.pdf
Hack Proofing Linux A Guide to Open Source Security - Stangler, Lane - Syngress - ISBN 1-928994-34-2.pdf
Hack Proofing Sun Solaris 8.pdf
Hack Proofing Your E-Commerce Site.pdf
Hack Proofing Your Identity In The Information Age.pdf
Hack Proofing Your Network Second Edition.pdf
Hack Proofing Your Network_First Edition.pdf
Hack Proofing Your Web Applications.pdf
Hacker Disassembling Uncovered.chm
hacker ethic.pdf
Hacker Linux Uncovered.chm
Hacker Web Exploitation Uncovered.chm
Hacker'S.Delight.chm
Hackers Beware.pdf
Hackers Secrets Revealed.pdf
Hackers Secrets.pdf
Hackers, Heroes Of The Computer Revolution.pdf
Hackers_Secrets.pdf
Hacker_s_Guide.pdf
Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf
Hacking - The Art of Exploitation.chm
Hacking Cisco Routers.pdf
Hacking Exposed - Network Security Secrets & Solutions, 2nd Edition.pdf
Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf
Hacking For Dummies 1.pdf
Hacking For Dummies 2.pdf
Hacking For Dummies.pdf
Hacking GMail.pdf
Hacking IIS Servers.pdf
Hacking into computer systems - a beginners guide.pdf
hacking the windows registry .pdf
Hacking Windows XP.pdf
Hacking-ebook - CIA-Book-of-Dirty-Tricks1.pdf
Hacking-Hacker's Guide.pdf
Hacking-Hackers Secrets Revealed.pdf
Hacking-Hugo Cornwall-The Hacker's Handbook .pdf
Hacking-The Hacker Crackdown.pdf
Hacking.For.Dummies.Access.To.Other.People's.System.Made.Simple.pdf
Hacking.Guide.V3.1.pdf
Hacking.nfo
Hacking.sfv
Hackproofing Oracle Application Server.pdf
Hack_Attacks_Revealed_A_Complete_Reference_With_Custom_Security_Hacking_Toolkit.
chm
Hack_IT_Security_Through_Penetration_Testing.chm
haking.txt
Halting.The.Hacker.A.Practical.Guide.To.Computer.Security.chm
How to Crack CD Protections.pdf
John Wiley & Sons - Hacking For Dummies.pdf
John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook-DDU.pdf
linux-server-hacks.pdf
little_black_book_oc_computer_viruses.pdf
mac-os-hacks.chm
McGraw-Hill - Hacking Exposed, 3rd Ed - Hacking Exposed Win2.pdf
McGraw.Hacking.Exposed.Cisco.Networks.chm
McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eB.pdf
McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-.pdf
McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eB.pdf
Mind Hacks - Tips & Tricks for Using Your Brain.chm
network-security-hacks.chm
No.Starch.Press.Hacking.The.Art.Of.Exploitation.chm
O'Reilly - Online Investing Hacks.chm
O'Reilly.-.Network.Security.Hacks.chm
O'Reilly.Windows.Server.Hack.chm
O'Reilly.Windows.Server.Hack.rar
online-investing-hacks.chm
OReilly Google Hacks, 1st Edition2003.pdf
OReilly - Google Hacks.pdf
Oreilly, Paypal Hacks (2004) Ddu.chm
OReilly,.IRC.Hacks.(2004).DDU.chm
OReilly.SQL.Hacks.Nov.2006.chm
OSB.Ethical.Hacking.and.Countermeasures.EC.Council.Exam.312.50.Student.Coursewar
e.eBook-LiB.chm
O_Reilly_-_Windows_XP_Hacks.chm
PC Games - How to Crack CD Protection.pdf
Security and Hacking - Anti-Hacker Tool Kit Second Edition.chm
SoTayHacker1.0.chm
spidering-hacks.chm
SQL Hacks.chm
SQLInjectionWhitePaper.pdf
Syngress - Hacking a Terror Network. The Silent Threat of Covert Channels.pdf
Syngress -- Hack Proofing Your Wireless Network.pdf
Syngress Hack Proofing Your Identity in the Information Age.pdf
Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf
Syngress.Hack.the.Stack.Oct.2006.pdf
The Little Black Book Of Computer Virus.pdf
The_20Little_20Black_20Book_20of_20Computer_20Viruses.pdf
tivo-hacks.100-industrial-strength-tips-and-tools.pdf
u23_Wiley - Hacking GPS - 2005 - (By Laxxuss).pdf
Wiley.The.Database.Hackers.Handbook.Defending.Database.Servers.chm
Win XP Hacks oreilly 2003.chm
Windows Server Hacks.chm
WinXP SP1 Hack.pdf
Xbox-hack - AIM-2002-008.pdf
Yahoo.Hacks.Oct.2005.chm

Quote

Tuesday, January 27, 2009

CeWL - Custom Word List Generator Tool for Password Cracking

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.

This application is more towards creating custom word lists from a specific domain by crawling it for unique words. Basically you give the application a spidering target website and it will collect unique words. The application is written in Ruby and is called CeWL, the Custom Word List generator. The app can spider a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

IF you combine the info output by CeWL and AWLG with the standard wordlists for password cracking - you should have a fairly comprehensive set.

By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.

Installation

CeWL needs the rubygems package to be installed along with the following gems:

  • http_configuration
  • mime-types
  • mini_exiftool
  • rubyzip
  • spider

You can download CeWL here:

Download

Thursday, December 18, 2008

sqlmap 0.6.3 Released - Automatic SQL Injection Tool

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more..

Changes

Some of the new features include:

  • Major enhancement to get list of targets to test from Burp proxy requests log file path or WebScarab proxy ‘conversations/’ folder path with option -l;
  • Major enhancement to support Partial UNION query SQL injection technique;
  • Major enhancement to test if the web application technology sup ports stacked queries (multiple statements) by providing option –stacked-test which will be then used someday also by takeover functionality;
  • Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option –time-test;
  • Major bug fix to correctly enumerate columns on Microsoft SQL Server;
  • Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM
    there is no database name specified;
You can download sqlmap 0.6.3 here:

sqlmap-0.6.3.tar.gz (Linux)
sqlmap-0.6.3_exe.zip (Windows)

Friday, December 5, 2008

The Most Dangerous Hack Tools Ready For Download

Trojan Horses

- Yuri RAT v1.2
- MofoTro v1.7 BETA
- Charon
- Beast v2.0.7
- Omerta v1.3
- Theef v2.10
- Combined Forces R.A.T
- MoSucker v3.0
- ProRat v1.9 Fix2
More...

Keyloggers

- Elite Keylogger v1.0
- SKL v0.1
- KeySpy v2.0
- A++++
- Curiosity
- Keylogger
- KeyCopy

Binders

- Daemon Crypt Public v2
- NT Packer v2.1
- EES binder v1.0
- File Injector v3
- Bytes Adder
- FreshBind v2.01
- YAB v2.01
- NakedBind v1.0
- Amok Joiner

WebHacks/WordLists

Brute Forcers
- Munga Bunga 's Official
- Brutus - Authentication Engine Test 2
- wwwHack v1.946
- FTP Brute Hacker
- FTP Brute Forcer.tar.gz - Unix
- Wbrute.tar.gz - Unix
- Shadow Scanner-Brute Forcer
- Hackers Utility v1.5
- POP3 brute forcer.tar.gz - Unix

CGI-Bug Scanners

- NStealth HTTP Scanner v5.8
- Attack Toolkit v4.1 & source code included
- Scanarator
- Legion NetBios Scanner v2.1
- NetView v1.0
- CGI Vulnerability Scan
- CGI Scanner v4.0
- VoidEye CGI scanner

Viruses

- Hippi virus
- Sasser
- W32. Blaster .Worm
- Midnight Massacre
- 00001
- Nimda
- Loveletter virus
- Happy '99
- MXZ

Virus Builders

- DR VBS
- VBSwg 2 beta - Virus builder
- p0ke's WormGen 2.0
- RESIDUO - DoS Virus

MSN Hacks & Bots

- HoaX Toolbox 1.1
- MSN Extreme 3.0
- MessenPass v1.06
- Advanced Blood Scroller
- Nudge Madness
- Advanced Instant Messengers
- Contact Spy
- Msn Explosion
- Encrypted

Port & IP Scanners

- Blues Port Scanner
- ProPort v2.2
- SuperScan v3.0
- Net Scan Tools v4.2
- LanSpy v2.0
- Bitchin Threads v3.1
- Trojan Hunter v1.5
- SuperScan v4.0
- Neotrace PRO v3.25 trial&crack

Nukers And Flooders

- Rocket v1.0
- RPCNuke v1.0
- Panther Mode1 - 56k
- Panther Mode2 - ISDN +
- Final Fortune v2.4
- Battle Pong - Technophoria
- Assault v1.0
- ICMP Nuker
- CLICK v2.2

EXTRA!
- Telnet Tutorial

Download

Be Careful As There is Alot of Very Dangerous Tools in That Pack

Password = crazy-coderz.net

Metasploit Framework



Metasploit is an open-source toolkit widely used by both hackers and security admins to test for website vulnerabilities. But visitors to the site on Monday were redirected to a page announcing the site was "hacked by sunwear ! just for fun", as recorded by Sunbelt Software.

Download

The World’s Fastest MD5 Cracker - BarsWF

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers

Changes in 0.8

  • Added checks for errors when calling CUDA kernel.
  • Now you can specify custom characters for charset using -X switch.
  • You may specify minimal password length using -min_len.
  • Save/restore feature added. State is being stored to barswf.save every 5 minutes or on exit. You may continue computation using -r switch. You may manually edit .save file to distribute job on several computers (but this is up to you - it is quite simple and non-documented ). BarsWF will also write found password into barswf.save at the end.
  • Improved speed for cards GTX260, GTX280, 8800GT, 9600GSO, 8800GS, 8800GTS - by approximately 10%, all other cards will get just 1-2%.

System Requirements

  • CUDA version only:nVidia GeForce 8xxx and up, at least 256mb of video memory.
  • LATEST nVidia-driver with CUDA support.Standard drivers might be a bit older (as CUDA 2.0 is still beta)
  • CPU with SSE2 support (P4, Core2Duo, Athlon64, Sempron64, Phenom).
  • Recommended 64-bit OS (WinXP 64 or Vista64). 32-bit version is also available.

Download BarsWF 0.8 here:

CUDA:

BarsWF CUDA x64

BarsWF CUDA x32

SSE2:

BarsWF SSE x64

BarsWF SSE x32

Tuesday, December 2, 2008

Microsoft Baseline Security Analyzer - Free Windows Tool

Recently we mentioned MSAT - Microsoft Security Assessment Tool and I recalled another tool which came out originally years and years ago and I’ve personally found useful in a few situations.

It’s good when you’re working on a Domain/Group Policy and you want to lock down one machine nice and tight, it can give some pretty good pointers as to how you can secure it further.

What is MBSA?

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS).

In order to provide support for Windows Vista, Windows Server 2008, 64-bit scan tool and vulnerability assessment check support, new Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) Microsoft Baseline Security Analyzer (MBSA) 2.1 is now available.

New Features found in MBSA 2.1:

  • Support for Windows Vista and Windows Server 2008
  • Updated graphical user interface
  • Full support for 64-bit platforms and vulnerability assessment (VA) checks against 64-bit platforms and components
  • Improved support for Windows XP Embedded platform
  • Improved support for SQL Server 2005 vulnerability assessment (VA) checks
  • Automatic Microsoft Update registration and agent update (if selected) using the graphical interface or from the command-line tool using the /ia feature
  • New feature to output completed scan reports to a user-selected directory path or network share (command-line /rd feature) Windows Server Update Services 2.0 and 3.0 compatibility

You can download MBSA 2.1 here:

Download