Home / Archives for August 2011

download AnDOSid - DOS tool for android

Posted by Deepanker Verma Wednesday, August 31, 2011 0 comments

download AnDOSid - DOS tool for android

A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners.

Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device.

AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolve.

Features:
Requires Internet access to send the http post data
Requires phone state to access the IMEI (one of the two identifiers sent with each post)

Download Here:
https://market.android.com/details?id=com.scott.herbert.AnDOSid&feature=featured-apps

WebSurgery v.0.6 Released - Web application testing suite

Posted by Deepanker Verma Monday, August 29, 2011 0 comments

WebSurgery v.0.6 Released

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), Brute force for login forms, identification of firewall-filtered rules, DOS Attacks and WEB Proxy to analyze, intercept and manipulate the traffic between your browser and the target web application.

download Here:
http://www.surgeonix.com/blog/index.php/archives/117

Nokia developer forum databse hacked

Posted by Deepanker Verma 0 comments

Database of Nokia's developer forum had been hacked and members information has been accessed. Nokia said that it had taken website offline.

The nick name of the hacker was pr0tect0r and he also defaced the website. Hacker had also posted a deface message on the website.
"Owned by pr0tect0r AKA mrNRG
LOL. Worlds number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!"

Serious XSS vulnerabilities in shopping.Indiatimes.com discoverd by deepanker and shadab

Posted by Deepanker Verma 0 comments

Serious XSS vulnerabilities in Online shopping websites

website: Indiatimes.com

URL: http://shopping.indiatimes.com/

Alexa: 149

Service: Online shopping

IndiaTimes shopping website has some serious XSS vulnerabilities which can lead to cookie stealing of users. And this may cause some serious loss to users. After going through some pages of the website, we (Shadab and me ) have found that the website is vulnerable to XSS injections and malicious scripts can be injected on the website.

See the snap below..

Its login page of the website

another javascript injection on the website

now its on products page.. it is also vulnerable.

Need cookies from the pages... here it is

Then load an iframe and see the website hackingtricks on the page..

This website is seriously vulnerable to XSS..

THE website owners are not serious in patching this so i am exposing this to you all.

Packet Sniffer for Android phones

Posted by Deepanker Verma Sunday, August 28, 2011 0 comments

Packet Sniffer for Android phones

This is a nice app to capture and display WiFi and bluetooth traffic on Android phones. But for using this app, you have to root your phone and have "su" command install.

This app is based on the tcpdump package therefor it have to be installed manually.
1. Download and Install PacketSniffer App from the market or from the following link.
http://dl.dropbox.com/u/3775726/PacketSniffer/PacketSniffer.apk
2. Copy the precompiled TCPDUMP file to the "/data" library on your phone:
first make sure your "/data" library has READ and WRITE privileges. if not use: "chmod 777 data"
in order to copy use the following command if you have ADB :"adb push c:\locationOfTheTcpdumpFile /data"
in case you don't have ADB you can copy the tcpdump file to the SD card and do: "cat /sdcard/tcpdump > /data/tcpdump
3. Give the tcpdump file Read Write and Exec privileges : "chmod 777 /data/tcpdump"

Before you start to capture you can pick weather to save the captured data on a local SQL DB on the device
or on to a file on the SD card.

Read More on
https://sites.google.com/site/androidarts/packet-sniffer

How to Hack Facebook, Twitter, Gmail password using Winspy Keylogger

Posted by Deepanker Verma Thursday, August 25, 2011 7 comments

Do you want to hack Facebook, Gmail or Twitter account, but do not know any kind of coding? Don't worry. I have the simplest and effective way of hacking

Keylogger is a software that can record key strokes of a system and stores it into a log file. Remote keyloggers comes with an extra feature that it can send this log file to the hacker via email. The ability to record keystroke and send it to the specified email makes it a big hacking tool.

Keylogger is also one of the best ways to hack password of Facebook, Gmail or any other website account. In this post I am going to show how to hack passwords using winspy keylogger. Winspy is a nice remote keylogger which can prevent it self from being detected by any antivirus.

Yes, Winspy runs on a system in hidden mode without any kind of antivirus detection. In this way, victim will never be able to know that you are getting the keylogs of his system

Read the steps given below:

1. First of all get your Winspy keylogger. Download it from the link given below

download Here

This is the best keylogger available. For all those who want it for free, I want to say that the free version of this can be found in underground forums and file hosting websites. But those free cracked versions are binded with Trojans. If you get a download link of any file hosting website, you are going to waste your time and taking a risk of your own accounts. Never run after these free versions of Winspy and grab a genuine version of Winspy from the link above.

2. After downloading, run the keylogger program and create the user id and pasword. Remember this password and also note it at a separate place. This password will be required each time you start Winspy and even while uninstalling it from the system.
3. Then a new dialog box will open to show you the hotkey (Ctrl + Shift + F12 ) to start keylogger.
4. Now press the hot key written in last step to go to the login form and enter login details to login.
5. Now you are on main screen of the software. CLink on remote at top and then remote install.

user – type in the victim’s name
file name – Name the file to be sent. Use the name such that victim will love to accept it.
file icon – keep it the same
picture – select the picture you want to apply to the keylogger.

In the textfield of “Email keylog to” , enter your email address.
6.click on “Create Remote file”.

After these steps, a new file will be generated by the Winspy. The only thing you need to do is send this file to the person you want to hack. This is up to you. If the victim runs this file in his/her system, winspy will start running on that system and will send you the keylogs daily. You can find all the passwords victim types on various web accounts.

A-ddos - Kernel solution to prevent ddos attack

Posted by Deepanker Verma 0 comments

A-ddos - Kernel solution to prevent ddos attack

a-ddos is a kernel patch in order to prevent DDos attack at the low-hardware-level. It works well on a netbridge.

DDos is short for distributed denial-of-service,it becomes a serious threat nowadays. There hasn't been a perfect solution yet. a-ddos uses 512M(128M in current version) memory to keep tracks of every ipv4 address and a kernel-level timmer to record connections pre-second. While under attack, only the available IPs are allowed to be connected to the server.

Highlighted features
Fast
In order to determine every connection, only one memory-access is needed.

Stable
The implementation is simple and fast, while under syn-flood attack a-ddos takes less than 10% cpu time to handle.

Flexible
It's easy to extend the memory usage, nevertheless 4G/8 bit = 512MB can handle the whole IPV4 space!

Download
http://code.google.com/p/a-ddos/downloads/list

Read more:
http://code.google.com/p/a-ddos/wiki/PreviewWiki

DarkComet-RAT v.4.0 released

Posted by Deepanker Verma Tuesday, August 23, 2011 0 comments

DarkComet-RAT v.4.0 released

DarkComet-RAT (Remote Administration Tool) is the most complete and one of the most stable RAT in the scene.this software is design for people that have a very good knowledge in computer security, it can be userfull in many case.

Remote control your network computers (LAN / WAN)
Remote assist your clients if you manage a company
Find your lost passwords in your computers
Spy your home networks (For your childs,Wife,Husband...)
Test the security of your computers or your company
To develop your knowledge in RAT softwares

Change log:
DarkComet-RAT is now compiled on Delphi XE instead of Delphi 2010.
Synthax highlighter added in remote keylogger.
Get hard drive information added in file manager
Bot logs in main form had change, it is more efficient / fast and user friendly
Whole system parser is now far stable and faster
No-IP was moded and is now better ;)
Flags manager has been ported to the main client settings form
Now you can change the default size Width and Height of the users thumbnails
No more menu in the top of the SIN (Main Window - Users list)so it is more clear
and much more

Download Here:
http://www.darkcomet-rat.com/process_download.php?id=5

Uniscan 4.0 Released - vulnerability scanner

Posted by Deepanker Verma 0 comments

Uniscan 4.0 Released

The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3). The Uniscan was developed using the Perl programming language to be easier to work with text, has an easy to use regular expressions and is also multi-threaded.

Uniscan Features

Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests (HTTPS).
Proxy support.

Official Change Log :

Uniscan is now Modularized.
Added directory checks.
Added file checks.
Added PUT method enabled check.
Bug fix in crawler when found ../ directory.
Crawler support POST method.
Configuration by file uniscan.conf.
Added checks for backup of files found by crawler.
Added Blind SQL-i checks.
Added static RCE, RFI, LFI checks.
Crawler improved by checking /robots.txt.
improved XSS vulnerability detection.
improved SQL-i vulnerability detection.

Download Here:
http://sourceforge.net/projects/uniscan/files/4.0/uniscan.tar/download

download Sniffjoke - Anti-sniffing Framework & Tool For Session Scrambling

Posted by Deepanker Verma Monday, August 22, 2011 0 comments

download Sniffjoke - Anti-sniffing Framework & Tool For Session Scrambling

SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer).

An Internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis like sniffing, interception and low level information theft. No server support is needed!

The internet protocols have been developed to allow two elements to communicate, not some third-parts to intercept their communication. This will happen, but the communication system has been not developed with this objective. SniffJoke uses the network protocol in a permitted way, exploiting the implicit difference of network stack present in an operating system respect the sniffers dissector.

How Does It Work?
It works only under Linux (at the moment), creates a fake default gateway in your OS (the client or a default gateway) using a TUN interface check every traffic passing thru it, tracks every session and
applyies two concepts: the scramble and the hack.

The scramble is the technology to bring:

A sniffer to accept as true a packet who will be discarded by the server, or
A sniffer to drop a packet who will be accepted by the server.
The scramble technology brings in desynchronisation between the sniffer flow and the real flow.

The bogus packet accepted by the sniffer is generated by the “plugin” is a C++ simple class, which in a pseudo statefull tracking will forge the packet to be injected inside the flow. is pretty easy to develop
anew one, and if someone wants to make research on sniffers attack (or fuzzing the flow searching for bugs) need to make the hand inside its.

The configuration permits to define blacklist/whitelist ip address to scramble, a degree of aggressivity for each port, which plugin will be used.

download here:
http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/

How to avoid risk with strange shortened URLs

Posted by Deepanker Verma Sunday, August 21, 2011 0 comments

How to avoid risk with strange shortened URLs

URL shortening service is getting more popular. Google also has a URL shortner service. But TinyURL.com and Bit.ly are more famous. Now days attackers are using these URL shortner services to reach their targets.
URL shortening service was developed to protect urls from damage in emails. Using these service is very simple. Just go to any url shortner service and enter your URL which you want to short and click shorten. The website will generate a short URL for the corresponding URL.

Risks involved in Short URLs
One thing i want to make clear that all short URLs are not harmful. But some may be. So you need to know how to know which is good one and which is harmful. Most of the attackers use short URLs to send phishing page. In short URL it is not easy to recognize the original URL. Short URLs easily bypass anti-spam filters.

How to protect:
If you think that the URL is suspicious, go the URL shortener service used to short the URL. Then Enter the short URL there to see the preview of that page. You can easily get the original URL there.

Advice : Never open shortened URLs directly without previewing

Tutorial on Arbitrary File uploading Vulnerability

Posted by Deepanker Verma 0 comments

Tutorial on Arbitrary File uploading Vulnerability

Arbitrary File uploading vulnerabilities are the type of vulnerabiliy which occurs in web applications in which there is a file uploading form but file format is not checked or filtered during file upload.
Now you are thinking that what is the problem in that. Now think that the website has a uploader form which do not check for file type and you have a malicious PHP, ASP script. You can upload the script using this form and then you can execute your malicious script on the website server. You can run any kind of commands on the server using your script which would lead to a full compromise of the server.
If you do not know how to create a malicious script, you can simly download those scripts from internet and use it on any server having this type of vulnerability.

Some PHP Shells :-

Ani-Shell
R57 Shell
C99 Shell

Note: This tutorial and script is only for educational purpose. Use of these scripts on web servers in illegal.

Spyeye Toolkit Has Been Leaked onto the Internet

Posted by Deepanker Verma Friday, August 19, 2011 0 comments

Spyeye Toolkit Has Been Leaked onto the Internet

According to the report, the source code of the Spyeye toolkit has been leaked onto the Internet. This kit has been incorporating functionality of the Zeus malware builder kit since early 2011. the Spyeye toolkit, which includes the Zeus malware builder, was leaked by an infamous French security researcher named Xyliton, who is part of the Reverse Engineers Dream Crew (RED Crew).
Now the security researchers can analyse the code to know the actual working of the kit and modify it t make it more powerful. They can also get the info obout the working of this team.
Now it will be interesting to see the next updates of this kit by other security researchers..

Read More:
http://blog.damballa.com/?p=1357

Backtrack 5 R1 released

Posted by Deepanker Verma 1 comments

Backtrack, the operating system for pnetration testers, 5R1 released.

This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.

The company posted on the blog, "We are really happy with this release, and believe that as with every release, this is our best one yet. Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.
We’ve released Gnome and KDE ISO images for 32 and 64 bit (no arm this release, sorry!), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed."

Download Here:
http://www.backtrack-linux.org/downloads/

Intrusion detection system (IDS)

Posted by Deepanker Verma Thursday, August 18, 2011 0 comments

Intrusion detection system (IDS)

Intrusion detection system is a set of methods that are used to monitor system or network activities and detect malicious activities. Intrusion detection is the act of detecting unwanted traffic on a network or a device. It use to detect the intruder who is attempting to gain unauthorized access. An IDS can be a piece of installed software or a physical appliance that monitors network traffic in order to detect unwanted activity and events such as illegal and malicious traffic, traffic that violates security policy, and traffic that violates acceptable use policies.

Intrusion detection provides the following:
· Monitoring and analysis of user and system activity
· Auditing of system configurations and vulnerabilities
· Assessing the integrity of critical system and data files
· Statistical analysis of activity patterns based on the matching to known attacks
· Abnormal activity analysis
· Operating system audit

Many IDS tools will also store a detected event in a log to be reviewed at a later date or will combine events with other data to make decisions regarding policies or damage control. The most popular Open Source intrusion Detection System (IDS) is Snort, developed by SourceFire. Snort can detect thousands of worms, vulnerability exploit attempts, port scans, and other suspicious activities. Snort is available for both Linux and Windows platforms as source files and binaries. Click the following link to download Snort.
http://www.snort.org/snort-downloads?

Network based IDS: A network monitor (eg: the Dragon Sensor) watches live network packets and looks for signs of computer crime, network attacks, network misuse and anomalies. Once the attack is identified, or abnormal behavior is sensed, the alert can be send to the administrator. Example of the NIDS would be installing it on the subnet where you firewalls are located in order to see if someone is trying to break into your firewall.

Host based IDS: A host monitor (eg: the Dragon Squire) looks at system logs for evidence of malicious or suspicious application activity in real time. It also monitors key system files for evidence of tampering.

Read More Here:
http://www.sans.org/reading_room/whitepapers/detection/understanding-intrusion-detection-systems_337

How to use megaupload as premium user

Posted by Deepanker Verma 0 comments

If you want to enjoy megaupload as premium usr, download this tool and install. I got this tool on the website www.egyhacks.net and the reviews were good. The name of the tool is Megakey

Features.
1) It removes limitations on megaupload and megavideo.
2) It provides happy hour premium access to all mega sites.
3) It allows for ultra fast up & downloads thanks to multiplexing technology.
4) It identifies music files on your PC and make them available in your megabox.
5) It gives you a direct connection to mega servers.
6) No delays and availability. In the future you get free access to movies, music and games licensed by mega.

Download Here:

I am not the uploader of this tool and will not be responsible for this.. download at your own risk

Hire hackers - DDOS and hacking services on sale

Posted by Deepanker Verma 0 comments

You want to hack some one but do not know how to hack. Don't be worry. Now you can hire hackers for your work. Independent security researcher Daniel Krebs reported on 2 Aug 2011 that hackers have started giving their service such as DDOS and hacking. several secret forums exist on which subscribers canvass their skills for carrying out devastating DDoS assaults in return for a payment.
Kerbes wrote that the prices are fixed and affordable for a common person too. The prices for DDoS attack services are $5-$10 every hour; $40-$50 daily; $350 to $400 every week; and $1,200 and above every month.
Hacker serve DDOS service by using a network of infected computers in which they have installed their botnets.
Krebs writes that one DDoS gangsters’ group, which has been around for no less than 3-years, has a DIY DDoS toolkit for sale, teaching how one can make his own network of bots, while the kit contains one bot builder along with an admin panel that’s web-based.

How to access blocked website to school, colleges and office with ultrasurf

Posted by Deepanker Verma Tuesday, August 16, 2011 1 comments

How to access blocked website to school, colleges and office with ultrasurf

Ultrasurf is a nice tool to enable users to visit any public website in the world safely and freely. You can also use it your internet privacy and security.

Download this software from my older post
download

Settings:

Run software
Click on option at top of the tool
In new windows, click on proxy settings in the bottom
Click on Auto-Detect Proxy Option as shown above
Click OK and close all windows.
Reopen the software by clicking in the .exe
Wait for few seconds to connecting the server.
Once the ultrasurf connected to server, it will show- Successfully connected to server
The right side speed bar will auto generated after connected to server.
IE will open automatically. Close this IE.
Download GOOGLE CHROME INTERNET BROWSER. This is my recommendation because this software is best compatible with google chrome.
PLS DNT TRY ULTRASURF WITH MOZILLA FIREFOX.

Once you successfully connected check the settings in your IE. The Address will show 127.0.0.1 and port 9666. It means you are ready to open blocked websites.

Install Google chrome and open it. NOW OPEN ANY WEBSITE AND ENJOY.

Mass deface of indian websites by ZCompany Hacking Crew

Posted by Deepanker Verma Monday, August 15, 2011 0 comments

Mass deface of indian websites by ZCompany Hacking Crew

Pakistani hackers group ZCompany Hacking Crew has defaced more than 100 websites of India including many government, educational and corporate websites. The mirror of this mass defacement is listed here
http://pastie.org/2373455

They also posted a deface message of indian people. The message is, "This message is not for Indian government but common Indian people who dont know what their government hides. For those of your politicians who boast of Kashmir being an integral part of India read your own law books:" Indian Penal Code(Act No. 45 of 1860) CHAPTER-II SEC 18: “India”.- “India” means the territory of India excluding the State of Jammu and Kashmir."The 15th of August is special for you because you got freedom on this day yet you should think that do you really deserve to celebrate this freedom if you do not stop the wrong doings in Kashmir. Everyday people are not only being humiliated but killed as well. Fake encounters and rape is the order of the day in Kashmir. Kashmiris have protested time and again against Indian occupation and many people were killed mostly teenagers. When media tried to show it they were banned ( eg PRESS TV ), people were arrested for even protesting on Facebook and still India claims to be the largest democracy in the world. We ZHC will reveal what Your Govt try to conceal, if you really want to be proud of your nation rise for what is right. Support Kashmiris in their dream to achieve Freedom which is everyone's basic human right.We are ZHC - UNITED WE STAND DIVIDED WE FALL .."

This attack was on the day of indian and pakistani independence day.

Footprinting tutorial - Information gathering

Posted by Deepanker Verma Sunday, August 14, 2011 0 comments

Footprinting tutorial - Information gathering

This tutorial is those who are appearing for the CEH exam. They can use it as a study material for their exam studies.
Footprinting is the first phase of hacking. It involves information gathering about the victim. Here Victim may be a computer system, network or website. This part of hacking is very important because to hack a computer system, hacker needs to know much about the target. The data gathered in this phase is used to hack the victim or system. Footprinting can reveal system vulnerabilities and identify the ease with which they can be exploited.

Generally, a hacker spends 90 percent of the time profiling and gathering information on a target and 10 percent of the time launching the attack.

Suppose a hacker want to intrude in the network of a company. Then he use the website of that company to get the list of employee and then they can use facebook or Google to get their email adresss, phone number and other data. This email address can be used for Phishing attack to get the password of email account which will surely have the account details of company network account. This is the simple attack example but it depends on the hacker, how he is using this to get information about the victim.
Google is the friend of hackers to perform footprinting. Because it helps hacker to find information about any individual person, any website and a company network. Google hacking tricks are best way to explore more data from google. Use my older post on Google hacking and operators used on Google hacking.

Some of the common sources used for information gathering include the following:
Domain name lookup
Whois
Nslookup
Sam Spade

These are not the only tools used for footprinting. These may change according to the victim. A hacker want to get all the information needed to hack the victim. So Hacker should decide what he can do to get effective information about the target.

Steps of information gathering or Footprinting

Unearth Initial Information
Locate the Network Range
Ascertain Active Machines
Discover Open Ports/Access Points
Detect Operating Systems
Uncover Services on Ports
Map the Network

download bsqlhacker | Advanced SQL Injection Framework

Posted by Deepanker Verma Friday, August 12, 2011 0 comments

download bsqlhacker | Advanced SQL Injection Framework

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits.

Key Features

Easy Mode
SQL Injection Wizard
Automated Attack Support (database dump)
ORACLE
MSSQL
MySQL (experimental)
General
Fast and Multithreaded
4 Different SQL Injection Support
Blind SQL Injection
Time Based Blind SQL Injection
Deep Blind (based on advanced time delays) SQL Injection
Error Based SQL Injection
Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
RegEx Signature support
Console and GUI Support
Load / Save Support
Token / Nonce / ViewState etc. Support
Session Sharing Support
Advanced Configuration Support
Automated Attack mode, Automatically extract all database schema and data mode
Update / Exploit Repository Features
Metasploit alike but exploit repository support
Allows to save and share SQL Injection exploits
Supports auto-update
Custom GUI support for exploits (cookie input, URL input etc.)
GUI Features
Load and Save
Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
Visually view true and false responses as well as full HTML response, including time and stats
Connection Related
Proxy Support (Authenticated Proxy Support)
NTLM, Basic Auth Support, use default credentials of current user/application
SSL (also invalid certificates) Support
Custom Header Support
Injection Points (only one of them or combination)
Query String
Post
HTTP Headers
Cookies
Other
Post Injection data can be stored in a separated file
XML Output (not stable)
CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)

http://bsql.uservoice.com/

Download Here:

http://code.google.com/p/bsqlhacker/downloads/list

xss-assistant Greasemonkey script for finding XSS holes in web applications

Posted by Deepanker Verma 0 comments

xss-assistant Greasemonkey script for finding XSS holes in web applications

The goal of this script is to allow users to easily test any web for cross-site-scripting flaws. The script aims to do this by providing an easy to use menu by any form.

In order to effectively test for XSS the script loads up two "Cheat Sheets", one created and managed by RSnake, the other by .mario. RSnake's Cheat Sheet is widely regarded to be a pretty definitive list is terms of what may show an XSS hole on a site. The list managed by .mario was made to be more concise yet cover more topics (I'll let you see what he covers yourself). A user can easily edit what XML files are loaded to provide the XSS vectors available for injection, but they must all follow a set schema (look at either XML file to see the structure).

Download Here:
http://code.google.com/p/xss-assistant/downloads/list

How to improve system performance with windows 7 tips

Posted by Deepanker Verma 2 comments

How to improve system performance with windows 7 tips


 A guest post by Kevin.

If you are looking to improve your system performance then you can implement reliable and high quality windows 7 tweaks. There are many tweaks available for all operating systems and their versions. You can simply apply these performance teaks to get desired results. Windows 7 is one of the finest and highly recommended operating system. It has been used on regular basis all around the world. There are some programs in windows 7 which are annoying and they can decrease the performance of your system. You can simply remove these programs and apps in order to get high quality system performance. Hard disk maintenance is also very important for proper speed of your computer. If you are not getting desired speed then you must check out your hard disk and troubleshoot to get rid of complications. Hard disk should be maintained on regular basis and it has been recommended that you must delete such files and programs which are not necessarily required in your windows. 

Complete hard disk optimization is required to get high quality performance from your system. You have to make sure that your data is organized properly and it has been arranged in systematic order. You can use defragmentation tool for this perspective and it can help you to optimize and arrange your data in a much excellent manner. You must know how to improve your system performance and how you will be able to get high quality output. Windows 7 includes numbers of features which may not be required in your tasks and they can be removed to improve system performance. Disabling power management in your window will help you to speed up your computer because it utilizes massive memory. You can even disable some other unwanted features from your windows to improve system performance. Aero is a very good addition in windows 7 and good one for windows vista as well though there are a few people who find this feature a bit annoying. If you are one of those people then it has been recommended that you must get rid of this feature by disabling Aero in your windows.

 Aero snap can be disabled to boast your computer and get everything done according to your requirements without any problems. There is a special feature in windows 7 which consumes some part of your memory. It can also be removed to speed up your computer. It is the program compatibility assistant available in windows 7 and it is suggested by experts that you must get rid of this additional feature. There are some programs in windows 7 which are consuming huge disk space and they can be very bad for the overall performance of your computer. You need to make sure that all of such programs have been disabled to avoid extra consumption of computer hardware resources. You need to free up your memory and hard disk to obtain enough space in order to run multiple programs on it. All you have to do is to figure out these programs which are consuming memory and disk space of your computer and get rid of them. You should make sure that you are not going to remove such programs which are essential requirements of your windows and your windows can not run without those apps and programs. 

System restore is such a good utility and it is considered to be very helpful to get rid of unwanted programs from your computer. One of the major drawbacks of this utility is that it consumes massive hard disk space and it is only operational in the specific drive of your windows where the windows have been installed. You can disable this program to get additional space for your windows drive and get desired results. UAC is a very annoying feature of windows 7 and it can create some severe complications for the users as well. If you are experiencing some problems due to UAC then you must disable this feature. UAC can be disabled with ease though you must have administrative privileges in order to throw this out of your enabled program list. There are a few more annoying apps and programs which can be one of the reasons behind computer’s slowness and they can also interrupt in between your tasks. There are some specific errors in windows 7 which are observed during networking and file sharing. Errors regarding potential security risks during file sharing are really annoying and they can disturb you in between your tasks. You can disable this error to reduce complications in windows 7. There are a few users who are not satisfied with thumbnail previews. You can apply Windows 7 tips to disable them in order to get desired results. Reliable and quality Windows 7 tips and hacks are highly recommended by most of the windows 7 experts.

This article is written by Kevin Moor, who also writes for top-registry-cleaner.org, a site emphasizing on  registry cleaner  reviews.

Anonymous plans to destroy facebook by a video | leader denies

Posted by Deepanker Verma Wednesday, August 10, 2011 0 comments

The hacktivist group Anonymous uploaded on YouTube in which they claimed to destroy social networking website faceabook which shares users data with government and law enforcement agencies. They claimed to destroy this social networking website on november 5.

The group calls people to join with them by the message,"If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill Facebook for the sake of your own privacy."
After the launch of this video, the leader of Anonymous denied this fake operation via tweet He wrote that the Operation facebook is fake. He wrote,"To Press: Medias of the world stop lying! #opFacebook is just another fke! we dont "Kill" The Messenger. That's not our style"

Although the group has done a lot of hacking activities in recent days but i do not think they can destroy the facebook. They can only denial the access from the users only for some hours. But may be they are planning some thing unknown
We can not say the truth about this claim but the tweet came after the launch of that video says that some one is trying to use anonymous name to spread false stories..

Source:

Wfuzz v.2.0 released | Web application bruteforcer

Posted by Deepanker Verma Tuesday, August 9, 2011 0 comments

Wfuzz v.2.0 released | Web application bruteforcer

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

It's very flexible, here are some functionalities:

Multiple Injection points capability with multiple dictionaries
Recursion (When doing directory bruteforce)
Post, headers and authentication data brute forcing
Output to HTML
Colored output
Hide results by return code, word numbers, line numbers, regex.
Cookies fuzzing
Multi threading
Proxy support
SOCK support
Time delays between requests
Authentication support (NTLM, Basic)
All parameters bruteforcing (POST and GET)
Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (Many dictionaries are from Darkraver's Dirb, www.open-labs.org)

Highlights in this version:

- Infinite payloads. You can now define as many FUZnZ words as you need .
- Multiple encoders per payload. You can now define as many encoders as you need for each payload independently.
- Payload combination. You can now combine your payloads in different ways by specifying iterators.
- Increased flexibility. You can now define in an easy way new payloads,iterators,encoders and output handlers and they will be part of wfuzz straight away.
- Baseline support. You can now define a default value for each payload and compare the results against them.

Download Here:
http://code.google.com/p/wfuzz/downloads/list

Hacking Tricks

download AnDOSid - DOS tool for android

WebSurgery v.0.6 Released - Web application testing suite

Nokia developer forum databse hacked

Serious XSS vulnerabilities in shopping.Indiatimes.com discoverd by deepanker and shadab

Packet Sniffer for Android phones

How to Hack Facebook, Twitter, Gmail password using Winspy Keylogger

A-ddos - Kernel solution to prevent ddos attack

DarkComet-RAT v.4.0 released

Uniscan 4.0 Released - vulnerability scanner

download Sniffjoke - Anti-sniffing Framework & Tool For Session Scrambling

How to avoid risk with strange shortened URLs

Tutorial on Arbitrary File uploading Vulnerability

Spyeye Toolkit Has Been Leaked onto the Internet

Backtrack 5 R1 released

Intrusion detection system (IDS)

How to use megaupload as premium user

Hire hackers - DDOS and hacking services on sale

How to access blocked website to school, colleges and office with ultrasurf

Mass deface of indian websites by ZCompany Hacking Crew

Footprinting tutorial - Information gathering

download bsqlhacker | Advanced SQL Injection Framework

xss-assistant Greasemonkey script for finding XSS holes in web applications

How to improve system performance with windows 7 tips

Anonymous plans to destroy facebook by a video | leader denies

Wfuzz v.2.0 released | Web application bruteforcer

Security Tools

Popular Posts

About Me

Partners

Blog Archive