Hacking Tricks

An Indian security researcher Shadab Siddiqui has found some big website vulnerable to XSS attack. He shown some screenshot of the attack on the websites, he got vulnerable.


Shadab found vulnerabilities in Red Hat, Udemy, NEC websites. I personally know this indian talent who possesses several global certifications such as CEH and ECSA. Shadab has also works some Indian companies on security related works. He do not believe on defacing websites and works hard to make websites and server secure from hackers.




He had shown XSS vulnerabilities on a sub domain of Red hat, official sites of NEC (nec.com) and Udemy (udemy.com).


The site owned by NEC, the company supplying government agencies and private sector companies with IT services, equipment and products for platforms and carrier networks, turns out to be highly vulnerable. While Udemy is a growing hub for online education.


“It’s quite vulnerable. It had many other vulnerabilities like directory listing, file upload vulnerability etc, but after I informed them about the vulnerability they patched it, but didn’t even had the courtesy to reply me with a thanks,” Siddiqui told me about the Udemy vulnerability.


He also mentioned some vulnerabilities on Ask and AOL which was also shown by TeamHav0k.
“XSS vulnerabilities are both unsurprisingly common and usually quite easy to spot(in most cases). Despite the situation, XSS isn’t often concerned as a dangerous security risk. There are different types of XSS like non-persistent, persistent, DOM based,” he explained.


Shadab also told me that there are many indian government websites which are very vulnerable but no one in India cares. He also contacted to many government agencies like DOAECC about the security issues. According to him, Indian software companies which works on government projects do not care for security but they get the work with the power of many and profile. He do not want to mention the name of any government vulneraable website because it may give hackers a chance to attack.


He also promised to come up with some more security related issues in the near future.

The PacketFence development team has published version 3.2.0 of its open source network access control (NAC) system. PacketFence allows organisations to increase control over their network by enforcing authentication and registration for newly connected devices. It also enables abnormal network activity detection and the isolation of troublesome devices.


New features in 3.2.0
OpenVAS Vulnerability Assessment integration for client-side policy compliance
Bandwidth violations based on RADIUS accounting information
Billing engine integration for allowing the use of a payment gateway to gain network access.
PacketFence 3.2.0 fix Reflected Cross-site scripting (XSS) in Web Admin printing system. Further information about the update, including a full list of changes, can be found 


Download Here

xSQL scanner is nice SQL security audit tool which allows users to check the weak passwords and vulnerabilities on MS-SQL and MySQL database servers. This tool aims to provide a powerful security audit for MS SQL servers and MySQL servers.
Features

1. Test for weak password fast;
2. Test for wear/user passwords;
3. Wordlist option;
4. Userlist option;
5. Portscanner
6. Range IP Address audit and more.

Download for Linux


READ MORE

The Social Engineering Toolkit is a python based tool kit which focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.


This release has been one of the most challenging ones thus far with the largest changelog, code rehaul, and features!  


1. Support for Windows – Tested on XP, Windows 7, and Windows Vista. Note that the Metasploit-based payloads to not work yet – when SET detects Windows they will not be shown only RATTE and SET Shell 
2. New attack vector added – QRCode Attack – Generates QRCodes that you can direct to SET and perform attacks like the credential harvester and Java Applet attacks 
3. Improved A/V avoidance on the SETShell and better performance. I’ve also fixed the non-encrypted communications when AES was not installed 
4. Added a number of improvements and enhancements to all aspects of SET including major rehauls of the coding population and moved from things like subprocess.Popen(“mv etc.”) to shutil.copyfile(“etc”) 
5. Rehauled SET Interactive Shell and RATTE to support Windows 
6. New Metasploit exploits added to SET 

Tenable network security has announced the latest verison of nessus 5.0. This latest build has introduced many new features and improvements.

Installation and management (for enhanced usability) - Nessus 5.0 simplifies the installation and configuration for non-technical users. Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI
Scan policy creation and design (for improved effectiveness) - Users now enjoy improved effectiveness when creating scan policies. Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerability database ID (OSVDB, Bugtraq, CERT Advisory, and Secunia), Plugin type (local or remote), information assurance vulnerability alert (IAVA), and more, to quickly identify easily-exploitable vulnerabilities.Scan for all easily remotely-exploitable vulnerabilities for which there is an exploit published in your favorite exploit framework.
Scan execution (for improved efficiency) - Users can take advantage of real-time scan results, on-the-fly filtering and sorting, and streamlined results navigation. A new vulnerability summary and redesigned host summary make it easy to see risk level without even running a report. As the scan is being run, not only can you see the results as they are being gathered, but navigate and filter on them as well. This allows you to easily act upon the vulnerability data while the scan is happening.
Report customization and creation (for improved communication with all parts of the organization) - New reporting features allow for improved communication of vulnerability results with all parts of the organization:Results filtering and report creation: Results filtering and report creation is more flexible than ever before. Users can apply multiple result filtering criteria, and targeted reports can be generated against the filtered results. Reports can be generated in native Nessus formats, HTML, and now PDF formats, Multiple report templates can be combined into one report.

installation guide

Download Here:

A new SQL injection tool SQLI Hunter has been released which is simpe tool to scan SQL Injection vulnerabilities in web applications. This tool use Google Dorks to search for the websites that are vulnerable to the SQL injection. This tool is also able to find admin page but the power is limited. Because tool uses a list of admin pages to search.


Download Here (Requires .NET Framework 3.5) OR
Download Portable


SOURCE


Some other SQL Injection tools:
Havij
Pangolin
bsqlhacker
SQL ninja

Arachni is a nice Web Vulnerability Scanning tool see the Video Tutorial and learn how to use this tool to know the vulnerability of a web application

The latest version of NoScript Add on is available now. This new version, NoScript 2.3 comes with one new feature.
New stuff available in this release is a new blob: “about:memory” and “about:support” to the automatic whitelist.
Those who do not know about this add-On, must know that this add on one of best security tool to protect yourself from various type of malicicus websites online. No Script add-on helps user to secure their system by blocking various types of malicious javascript, flash and java based scripts. User can select the trusted website from which they want to execute those scripts. 

What's New in This Release:

1. Fixed about:newtab not considered as a local origin by ABE
2. Added blob:, about:memory and about:support to the automatic whitelist
3. Added reflected script inclusion check exception for intensedebate.com
4. Fixed CSS issues on Gecko 1.8

THC Hydra is one of the most famous network logon cracking tool. This tool gets an updated and released  THC-HYDRA 7.2. This tool supports  Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more.


Changelog v7.2

• Speed-up http modules auth mechanism detection
• Fixed -C colonfile mode when empty login/passwords were used (thanks to will(at)configitnow(dot)com for reporting)
• The -f switch was not working for postgres, afp, socks5,
• firebird and ncp, thanks to Richard Whitcroft for reporting!
• Fixed NTLM auth in http-proxy/http-proxy-url module
• Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at
• Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com
• Fix http form module: optional headers and 3xx status redirect, thx to Gash
• Fix in configure script for –prefix option, thanks to dazzlepod
• Update of the dpl4hydra script by Roland Kessler, thanks!
• Small fix for hydra man page, thanks to brad(at)comstyle(dot)com

Download THC-Hydra v7.2

Ani Shell is a simple PHP script which has some nice features which is really helpful in perfoming some web attack. See the list of attacks which you can perform with this script.


Features:
Shell
Mass Mailer
DDos
Web-Server Fuzzer
Uploader
Design
Login
Mass Code Injector (Appender and Overwriter)
Encoded Title
Back Connect
Bind Shell
Lock Mode Customisable
Tracebacks (email alerts)
PHP Evaluate
PHP MD5 Cracker
Anti-Crawler
Mass Defac


login : lionaneesh
pass : lionaneesh

Sniffinf attack is one of the common attack against Android devices. There are various sniffes available which are used to attack on Android devices and intercept the data which includes FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep and NetCut. But a smart app is also available which can protect you from these attacks. This app is called WiFi protector.


Features
- Uses very few resources
- Uses no resources if Wi-Fi is disabled
- Nearly zero battery consumption
- Requires very few permissions. Requests only absolutely necessary permissions
- Undetectable by the bad guy
- 100% silent and passive inside the network. Generates no noise
- Highly customizable notifications
- Plays ringtone on attack (optional)
- Vibrates in a given pattern on attack (optional)
- Easy to use one-click-interface as well as detailed network view for experts
- "Immunity" protects you without disabling Wi-Fi (root required)
- Can also disable Wi-Fi if you don't have root access to your phone
- Logging of all spoofing attempts with details about the network and the attacker
- Works in complex wireless LANs, like vWLAN and WDS (please see FAQ)
- Detects networks already under attack


Download Here: