Skip to main content

Posts

Showing posts from May 25, 2011

Hack Tools

SQLMap 0.9 Released – SQL Injection Tool After a year of hardcore development, sqlmap 0.9 is out! Introduction: sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. New Features: Rewritten SQL injection detection engine Support to directly connect to the database without passing via a SQL injection, -d switch Added full support for both time-based blind SQL injection and error-based SQL injection techniques Implemented support for SQLite 2 and 3 Implemented support for Firebird Implemented support for Microsoft Access, Sybase and SAP MaxDB Added s...

Download all trojans

Download all trojans   Spy-Net [RAT] v1.7   Download : http://www.mediafire.com/?5sqm3s5uwfsfllj   Nuclear RAT 2.1.0   * Programmed by: Caesar2k * Date added / updated: September 4th 2007 * Downloads : 80685 * File size: 1.26MB * Coded in: Delphi * Section: Remote Administration Tools & Spy * Compatibility: Windows NT, 2K, XP, Vista Download : http://www.nuclearwintercrew.com/Products-View/21/Nuclear_RAT_2.1.0/ Turkojan 4   Features : * Reverse Connection * Remote Desktop(very fast) * Webcam Streaming (very fast) * Audio Streaming * Thumbnail viewer * Remote passwords * MSN Sniffer * Remote Shell * Web-Site Blocking * Chat with server * Send fake messages * Advanced file manager * Zipping files&folders * Find files * Change remote screen resolution * Mouse manager * Information about remote computer * Clipboard manager * IE options * Running Process * Service Manager * Keyboard Manager * Online keylogger * Off...

SQL injection attack

SQL injection attack The Target Intranet This appeared to be an entirely custom application, and we had no prior knowledge of the application nor access to the source code : this was a "blind" attack. A bit of poking showed that this server ran Microsoft's IIS 6 along with ASP.NET, and this suggested that the database was Microsoft's SQL server: we believe that these techniques can apply to nearly any web application backed by any SQL server. The login page had a traditional username-and-password form, but also an email-me-my-password link; the latter proved to be the downfall of the whole system. When entering an email address, the system presumably looked in the user database for that email address, and mailed something to that address. Since my email address is not found, it wasn't going to send me anything. So the first test in any SQL-ish form is to enter a single quote as part of the data: the intention is to see if they construct an SQL...

Session Hijacking

What is Session Hijacking? Session Hijacking Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress. Detailed Description HTTP is stateless, so application designers had to develop a way to track the state between multiple connections from the same user, instead of requesting the user to authenticate upon each click in a Web application. A session is a series of interactions between two communication end points that occurs during the span of a single connection. When a user logs into an application a session is created on the server in order to maintain the state for other requests originating from the same user. Applications use sessions to store parameters which are relevan...

Address Spoofing

HowStuffWorks.com Address spoofing is the most common trick phishers use to gain information. The more complex a Web browser or e-mail client is, the more loopholes and weaknesses phishers can find. This means that phishers add to their bags of tricks as programs get more sophisticated. For example, as spam and phishing filters become more effective, phishers get better at sneaking past them. The most common trick is address spoofing . Many e-mail programs allow users to enter their desired information into the "From" and "Reply-to" fields. While convenient for people who use multiple e-mail address, this makes it easy for phishers to create messages that look like they came from a legitimate source. Some e-mail servers also allow computers to connect to the simple mail transfer protocol (SMTP) port without the use of a password. This allows phishers to connect directly to the e-mail server and instruct it to send messages to victims. Other tr...

Protect Your Identity from Koobface Attack

Koobface is not just a pun on Facebook. It is a deadly virus that is affecting not only Facebook, but creating havoc also on MySpace, Twitter, Bebo, and other social networking websites. The process of infection is quite simple. You get a link from your friend claiming some sensational material asking you to click on that— generally it is some youtube.pl or ru link. Afterward, you are asked to install a newer version of flash, which is not what it claims to be. That is a virus. The latest variant of this virus claims to show you “Barack Obama Hillary Clinton – Sex Scandal”. Technically, it is not a virus. It is a worm that is used to steal your personal information, primarily your credit card. Safeguarding yourself against this should be your top identity protection strategy. Variants of Koobface worm   There are several variants of Koobface virus. The identified ones are: Variants Attacks Net-Worm.Win32.Koobface.a MySpace Net-Worm.Win32.Koobface...

Do You Know How Phishing Works?

How Phishing Works ? Phising Attack   It is always safer to deal with a known devil — no matter how dangerous it is — than is to deal with an unknown demon. Just the knowledge of the devil is enough to trigger a response mechanism inside of us, which in due time help us form a strategy to defeat the devil in the battle. I believe in this, and that is the reason why I have decided to first inform you about the workings of phishing scamsters. The mere knowledge of their working will save you more often than you can care to imagine. So let’s get started with reading mind of a phishing scamster. How phishing works   The phishing net used by the scamsters consist of three things: A cooked up story enticing you to take action. A link to a website that looks similar to the one phishing email claim to be. A landing page that looks entirely like the website of the company a phishing mail claims to originate from.  How each of the elements is used?   To make...