Oct 12, 2012

dSploit - an Android network analysis

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device.
Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc .
This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue here on GitHub.

Source: https://github.com/evilsocket/dsploit


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 10, 2012

Safe3 sql injector - Powerful penetration testing tool for SQL Injection


Features

  • Full support for http, https website.
  • Full support for Basic, Digest, NTLM http authentications.
  • Full support for GET, Post, Cookie sql injection.
  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
  • Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
  • Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
  • Support to enumerate databases, tables, columns and data.
  • Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
  • Support to ip domain query,web path guess,md5 crack etc.
  • Support for sql injection scan.
Source: http://sourceforge.net/projects/safe3si/

If you like my blog, Please Donate Me

Or Click The Banner For Support Me.

Oct 8, 2012

Disabling UAC confirmation messages - UAControl

UAControl is a small tool to customize the UAC (User Account Control) settings. You can turn the confirmation messages on and off or if required you can even disable the whole UAC system. As a consequence when your account has administrator privileges everything is executed as administrator and no confirmation of the procedure is asked.  

Source: http://www.megapanzer.com/2012/10/06/uacontrol-disabling-uac-confirmation-messages/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: see PHP source code in a file inclusion

RT: @brutelogic: How to see PHP source code in a file inclusion #vulnerability: ?file=php://filter/convert.base64-encode/resource=index.php 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: SOCKS Proxy over SSH with OpenSSH By Cuong

If you want more details, please visit the Source.

1. In the remote machine, use the ssh command with options.
ssh -NCf -o "ServerAliveInterval 300" -D 1080 username@hostname

2. Back to the ssh client, Use your PuTTy connection to SSH Server. And config "Forwarded Port" from SSH -> Tunnels -> Set the "Source port" to "1080" and choose destination to "Dynamic"; click on "Add" button.

3. Set the keepalive connection from "Connection" -> "Seconds between keepalive" to 3-5 seconds.

4. Connect it to SSH Server.

5. Set your web browser to use proxy [ localhost:1080]. Now you're ready to surfing the net via SSH Server.

Source: http://blog.cuongnv.com/2012/08/socks-proxy-over-ssh-with-opensshputty.html?spref=tw



If you like my blog, Please Donate Me
Or Click the banner. 

Oct 7, 2012

Kernel Rootkit On Mac OSX 64Bit

64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion & below. It uses a combination of syscall hooking and DKOM to hide activity on a host. String resolution of symbols no longer works on Mountain Lion as symtab is destroyed during load, this code is portable on all Lion & below but requires re-working for hooking under Mountain Lion.

description
===========
64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the
BSD subsystem in all OS-X Lion & below. It uses a combination of syscall
hooking and DKOM to hide activity on a host. String resolution of
symbols no longer works on Mountain Lion as symtab is destroyed during
load, this code is portable on all Lion & below but requires re-working
for hooking under Mountain Lion.

currently supports:

* works across multiple kernel versions (tested 11.0.0+)
* give root privileges to pid
* hide files / folders
* hide a process
* hide a user from 'who'/'w'
* hide a network port from netstat
* sysctl interface for userland control
* execute a binary with root privileges via magic ICMP ping


Source: www.nullsecurity.net/backdoor.html

If you like my blog, Please Donate Me
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |