Thursday, December 18, 2008

sqlmap 0.6.3 Released - Automatic SQL Injection Tool

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more..

Changes

Some of the new features include:

  • Major enhancement to get list of targets to test from Burp proxy requests log file path or WebScarab proxy ‘conversations/’ folder path with option -l;
  • Major enhancement to support Partial UNION query SQL injection technique;
  • Major enhancement to test if the web application technology sup ports stacked queries (multiple statements) by providing option –stacked-test which will be then used someday also by takeover functionality;
  • Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option –time-test;
  • Major bug fix to correctly enumerate columns on Microsoft SQL Server;
  • Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM
    there is no database name specified;
You can download sqlmap 0.6.3 here:

sqlmap-0.6.3.tar.gz (Linux)
sqlmap-0.6.3_exe.zip (Windows)

Friday, December 5, 2008

The Most Dangerous Hack Tools Ready For Download

Trojan Horses

- Yuri RAT v1.2
- MofoTro v1.7 BETA
- Charon
- Beast v2.0.7
- Omerta v1.3
- Theef v2.10
- Combined Forces R.A.T
- MoSucker v3.0
- ProRat v1.9 Fix2
More...

Keyloggers

- Elite Keylogger v1.0
- SKL v0.1
- KeySpy v2.0
- A++++
- Curiosity
- Keylogger
- KeyCopy

Binders

- Daemon Crypt Public v2
- NT Packer v2.1
- EES binder v1.0
- File Injector v3
- Bytes Adder
- FreshBind v2.01
- YAB v2.01
- NakedBind v1.0
- Amok Joiner

WebHacks/WordLists

Brute Forcers
- Munga Bunga 's Official
- Brutus - Authentication Engine Test 2
- wwwHack v1.946
- FTP Brute Hacker
- FTP Brute Forcer.tar.gz - Unix
- Wbrute.tar.gz - Unix
- Shadow Scanner-Brute Forcer
- Hackers Utility v1.5
- POP3 brute forcer.tar.gz - Unix

CGI-Bug Scanners

- NStealth HTTP Scanner v5.8
- Attack Toolkit v4.1 & source code included
- Scanarator
- Legion NetBios Scanner v2.1
- NetView v1.0
- CGI Vulnerability Scan
- CGI Scanner v4.0
- VoidEye CGI scanner

Viruses

- Hippi virus
- Sasser
- W32. Blaster .Worm
- Midnight Massacre
- 00001
- Nimda
- Loveletter virus
- Happy '99
- MXZ

Virus Builders

- DR VBS
- VBSwg 2 beta - Virus builder
- p0ke's WormGen 2.0
- RESIDUO - DoS Virus

MSN Hacks & Bots

- HoaX Toolbox 1.1
- MSN Extreme 3.0
- MessenPass v1.06
- Advanced Blood Scroller
- Nudge Madness
- Advanced Instant Messengers
- Contact Spy
- Msn Explosion
- Encrypted

Port & IP Scanners

- Blues Port Scanner
- ProPort v2.2
- SuperScan v3.0
- Net Scan Tools v4.2
- LanSpy v2.0
- Bitchin Threads v3.1
- Trojan Hunter v1.5
- SuperScan v4.0
- Neotrace PRO v3.25 trial&crack

Nukers And Flooders

- Rocket v1.0
- RPCNuke v1.0
- Panther Mode1 - 56k
- Panther Mode2 - ISDN +
- Final Fortune v2.4
- Battle Pong - Technophoria
- Assault v1.0
- ICMP Nuker
- CLICK v2.2

EXTRA!
- Telnet Tutorial

Download

Be Careful As There is Alot of Very Dangerous Tools in That Pack

Password = crazy-coderz.net

Metasploit Framework



Metasploit is an open-source toolkit widely used by both hackers and security admins to test for website vulnerabilities. But visitors to the site on Monday were redirected to a page announcing the site was "hacked by sunwear ! just for fun", as recorded by Sunbelt Software.

Download

The World’s Fastest MD5 Cracker - BarsWF

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers

Changes in 0.8

  • Added checks for errors when calling CUDA kernel.
  • Now you can specify custom characters for charset using -X switch.
  • You may specify minimal password length using -min_len.
  • Save/restore feature added. State is being stored to barswf.save every 5 minutes or on exit. You may continue computation using -r switch. You may manually edit .save file to distribute job on several computers (but this is up to you - it is quite simple and non-documented ). BarsWF will also write found password into barswf.save at the end.
  • Improved speed for cards GTX260, GTX280, 8800GT, 9600GSO, 8800GS, 8800GTS - by approximately 10%, all other cards will get just 1-2%.

System Requirements

  • CUDA version only:nVidia GeForce 8xxx and up, at least 256mb of video memory.
  • LATEST nVidia-driver with CUDA support.Standard drivers might be a bit older (as CUDA 2.0 is still beta)
  • CPU with SSE2 support (P4, Core2Duo, Athlon64, Sempron64, Phenom).
  • Recommended 64-bit OS (WinXP 64 or Vista64). 32-bit version is also available.

Download BarsWF 0.8 here:

CUDA:

BarsWF CUDA x64

BarsWF CUDA x32

SSE2:

BarsWF SSE x64

BarsWF SSE x32

Tuesday, December 2, 2008

Microsoft Baseline Security Analyzer - Free Windows Tool

Recently we mentioned MSAT - Microsoft Security Assessment Tool and I recalled another tool which came out originally years and years ago and I’ve personally found useful in a few situations.

It’s good when you’re working on a Domain/Group Policy and you want to lock down one machine nice and tight, it can give some pretty good pointers as to how you can secure it further.

What is MBSA?

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS).

In order to provide support for Windows Vista, Windows Server 2008, 64-bit scan tool and vulnerability assessment check support, new Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) Microsoft Baseline Security Analyzer (MBSA) 2.1 is now available.

New Features found in MBSA 2.1:

  • Support for Windows Vista and Windows Server 2008
  • Updated graphical user interface
  • Full support for 64-bit platforms and vulnerability assessment (VA) checks against 64-bit platforms and components
  • Improved support for Windows XP Embedded platform
  • Improved support for SQL Server 2005 vulnerability assessment (VA) checks
  • Automatic Microsoft Update registration and agent update (if selected) using the graphical interface or from the command-line tool using the /ia feature
  • New feature to output completed scan reports to a user-selected directory path or network share (command-line /rd feature) Windows Server Update Services 2.0 and 3.0 compatibility

You can download MBSA 2.1 here:

Download

Being Anonymous

I have just stumbled up on this software which claims to keep us anonymous and lets us browse sites banned in a country.


Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Download

Proxy Switcher Pro

Different internet connections do often require completely different proxy server settings and it's a real pain to change them manually. Proxy Switcher offers full featured connection management solution. This includes flexible proxy server list management, proxy server tester and anonymous surfing capabilities.

Proxy Switcher Features:

  • Change proxy settings on the fly
  • Automatic proxy server switching for anonymous surfing
  • Works with Internet Explorer, Firefox, Opera and others.
  • Flexible proxy list management
  • Proxy Server Anonimity testing testing
  • Anonymous proxy server list download