Follow us on Twitter
  1. sk3tchymoos3 RT @secureslinger: #hacking #security InfoWorld's Windows 7 Security Deep Dive: The expert guide http://t.co/eACUpStE #slingnews 7 minutes
  2. bbslist #bbs #hacking #amiga #c64 #ansi #ascii BBS of The Day : MMN Online Telnet://bbs.mmn.on.ca 12 minutes
  3. injunction_mp #notw #hacking 'Outperforming' NHS does not need radical reform, study concludes: BMJ repor... http://t.co/gxh93Au6 http://t.co/64lJ3Uib 18 minutes
  4. KRTpro_News #People > CHERIE BLAIR: Stars legal proceedings over Phone Hacking http://t.co/KJmLMCWI #PhoneHacking #Hacking 20 minutes
  5. Netzblockierer @MichaelLee2009 do it like the #Iran: #Hacking #drones !!! 23 minutes
  6. codemastersnake youporn logins 2012 - http://t.co/9xl3EUK3 http://t.co/mV1hTfAD | #youporn #logins #hacking 38 minutes
  7. ZerstorenR RT @xoraorg: SQL Injection completa y rápida con Havij y webcruiser http://t.co/Bs6F0GZM #hacking #sincategoría #tutoriales about 1 hour
Most popular
Login

Web hack tools

Free Online Security Vulnerability Assessments

PostDateIconSaturday, 10 December 2011 14:42 | PostAuthorIconWritten by KriekOS | E-mail
User Rating: / 89
PoorBest 

I found a nice site hackertarget.com who offers free automated security scans. These are online scanning tools that are available:

"DISCOVER SECURITY ISSUES ON YOUR SYSTEMS BEFORE THE BAD GUYS DO"

Add new comment
 

Overzicht van online SQL Injection Scanners

PostDateIconSaturday, 10 December 2011 13:23 | PostAuthorIconWritten by KriekOS | E-mail

sql_injectionOverzicht van wat online SQL Injection Scanners. Altijd handig als je even geen beschikking hebt over je tools...

 

 

 

 

 

 

 

 

 

Last Updated (Saturday, 10 December 2011 14:24)

 

Tooling overview December 2011

PostDateIconThursday, 08 December 2011 00:00 | PostAuthorIconWritten by KriekOS | E-mail
User Rating: / 3
PoorBest 

This is the December 2011 'HackInfo Tooling' overview:

hacking_toolsWPScan
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach... more: wpscan-11 

Joomscan
Joomscan is a nice vulnerability scanner for the popular content management platform Joomla. It detects more than 550 vulnerabilities in the website based on the Joomla which includes file inclusion, sql injection, command execution. This was last updated more than 2 years ago in august 2009 with 466 vulnerabilities. Now it has updated with 550... more: joomla-security-scanner-joomscan

Network penetration testing tool
This post is about a nice network penetration testing tool. C-Scan is a penetration testing tool which scans the IP address range or a specific IP to find out network vulnerabilities. This tool is not new and no new updates have been released for years. But you can still find it useful. By using this ...more basic-free-network-vulnerability-scanner

PHP Vulnerability Hunter
PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool which detects almost ll of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin... more: php-vulnerability-hunter-v-1-1-4-6

Advance Port scanner
Advance Port scanner is a small light weight but a powerful port scanner. Only type Ip address of the computer and the scan for all ports. It uses a multithread technique, so on fast machines you can scan ports very fast. Also, it contains descriptions for common ports, and can perform scans on predefined port ... more: download-advance-port-scanner

Automatic SQL injection Tools
I have already posted many automatic SQL injection Tools. Now one more advance automatic sqli tool which is easy to use. It only takes URL and the valid string to detect the injection and exploit. Features: Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command line interface. Different commands trigger different actions. ... more: automatic-sql-injection-sqli-exploitation-tool

Havij SQL Injection
SQL Injection is one of the most found vulnerabilities in the websites and web applications. Developers know how to kow the website but they eaasily forget to filter the date sent to the website in forms and queries. This mistake makes website vulnerable to SQL injection. I have already post many Automatic SQL injection tool ... more: how-to-hack-a-website-with-havij-sql-injection

Cain & Abel
Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords... more: Cain&Abel

Add new comment

Last Updated (Friday, 09 December 2011 13:29)

 

Google hacking database

PostDateIconFriday, 18 November 2011 11:25 | PostAuthorIconWritten by xploit-db.com/google-dorks/ | E-mail
User Rating: / 1
PoorBest 

This is a very helpfulsite to find website exploits. Some recent examples:

DateTitleCategory
2011-10-11 intitle:#k4raeL - sh3LL Vulnerable Servers
2011-10-11 filetype:php~ (pass|passwd|password|dbpass|db_pass... Files containing passwords
2011-09-26 +intext:"AWSTATS DATA FILE" filetype:txt Files containing juicy info
2011-09-26 inurl:ftp "password" filetype:xls Files containing passwords
2011-09-26 inurl:view.php?board1_sn= Vulnerable Servers
2011-09-26 inurl:"amfphp/browser/servicebrowser.swf"... Footholds
2011-09-12 "Powered by SLAED CMS" Advisories and Vulnerabilities
2011-08-25 allinurl:forcedownload.php?file= Vulnerable Files
2011-08-25 filetype:ini "Bootstrap.php" (pass|passw... Files containing juicy info
2011-08-06 intitle:"vtiger CRM 5 - Commercial Open Sourc... Advisories and Vulnerabilities

find more on www.exploit-db.com/google-dorks

Add new comment
 

Poison Ivy Kit Enables Easy Malware Customization for Attackers

PostDateIconFriday, 04 November 2011 14:49 | PostAuthorIconWritten by Brian Prince - securityweek.com | E-mail
User Rating: / 84
PoorBest 

It is no secret malware kits have been the source of many of the infections plaguing users in recent years. This trend is epitomized by Poison Ivy, a remote administration tool (RAT) at the heart of the Nitro attacks targeting the chemical and defense industries.

In a new research paper, Microsoft chronicled how Poison Ivy works and why it continues to be utilized by attackers. For one thing, the tool is available for free.

Poison-Ivy-Kit

“Poison Ivy has an official website from which the kit is distributed. It is also available on a variety of underground websites and forums,” according to the Microsoft report. “This free and open distribution is growing increasingly uncommon as the malware authors of today tend to operate exclusively within their trusted circles and sell their creations to the highest bidders.”

According to Microsoft, Poison Ivy uses a client/server architecture to essentially turn victim machines into “servers” that operators can then connect to and remotely control.

“The malware is considered a kit because operators can configure the server application to their liking before generating a server assembly that is then distributed and covertly installed on victim systems,” the Microsoft researchers wrote in the paper. “These server assemblies are very small (generally between 7 KB and 10 KB). The kit also contains a “client” component that a controller can use to remotely access and control compromised systems.”

Once on an infected system, the malware enables an attacker to download and upload files remotely, log keystrokes, inject malicious code and perform other malicious activities. The malware is distributed in a variety of ways, from software vulnerabilities to phishing e-mails, with the latter being how Poison Ivy infiltrated RSA earlier this year. Poison Ivy was also linked to the GhostNet spy operation uncovered in 2009, as well as the Nitro attacks recently publicized by Symantec.

“With Poison Ivy there's the option to pay the author for customized versions,” Roel Schouwenberg, senior researcher at Kaspersky Lab, told SecurityWeek. “However, we believe that in these APT-style attacks the attackers customize Poison Ivy themselves.”

Officials at Microsoft said the company has removed Poison Ivy from some 16,000 infected machines as of last month. In the report, researchers note the United States has been the hardest hit in 2011, accounting for 12 percent of infections. Second and third on the list are Korea and Spain, which registered nine and seven percent, respectively.

The Microsoft paper can be downloaded here.

Add new comment

Last Updated (Wednesday, 30 November 2011 08:07)

 
More Articles...
Best Rated Content
Archive
Last comments
feed-image

Copyright 2008-2012.
All Rights Reserved.