MasterCard’s Gonna Let You Pay With Your Face - Do you like your face? Then you’re going to love MasterCard’s new ID Check security system. The experimental feature uses your camera’s front-facing came...
Friday, July 15, 2011
Thursday, July 14, 2011
I’ve just installed Linux on PC and I’m already having fun with it.
So today I’ll be showing you how to use Nmap to scan and suck the information of the target
usingthe tools commands.
First of all you’ll need:
1) A Linux OS (Any Distro)(I’m using Mint Linux)
If you don’t have Nmap installed don’t worry, Just open the terminal and type the command:
sudo apt-get install nmap
This will install Nmap. Now open a second tab and launch Nmap by typing “nmap”.
This will open a whole list of useful information read them line by line and understand the function of each command.
Now to the tutorial. First choose your target, it can be a Remote PC of your friend or a Web Server about which you want to get information about.
Now if you want to find out what type of OS your target is using then, Open a new Tab in the Terminal and type the following command:
nmap -v -A -O Target IP
Actually this command carries more then one function. It detects all the open Ports, The server OS, which is the “-O”
Now when you are done typing the command and the target, Press enter and let Nmap do it’s magic.
After the work is done you’ll get a similar output:
Don’t worry with the images. I’ve split them into three parts actually they are the result of the same scan.
Now as you can see in the pictures that Nmap has generated alot of useful information that might help a hacker exploit the site as well as help a security dude save his site by observing the open ports and restricting their access. You can see that Nmap has also given the OS of the server which in the above picture is “Linux”. It has also listed many open and vulnerable ports + SSH and SSL secure ports.
This ends my Nmap tutorial. Next time I’ll be posting a tutorial on hacking a remote PC with Nmap + Metasploit.
Wednesday, July 13, 2011
SIM cloning is the process in which a legitimate SIM card is duplicated. When SIM cloning is completed, the cloned SIM card's identifying information is transferred onto a separate, secondary SIM card. The secondary card can then be used in a different phone while having all calls and associated charges attributed to the original SIM card. The phrase SIM clone is often used to refer to the SIM card that has been successfully duplicated.
A successful duplication hinges on the a user's ability to extract the SIM card's IMSI (International Mobile Subscriber Identifier) and Authentication key (Ki). While a IMSI is relatively easy to identify, finding the Ki can prove to be much more difficult for the novice user. Separate devices and software programs may have to be used to decrypt the Ki.
DOWNLOAD SIM CLONING Instructions in PDF
This has been a busy spring and early summer in Amarok-land. Developers met up in Randa, Switzerland and sprinted with a lot of other KDE teams, including KDE Multimedia. Besides lots of good times, much coding progress and bugfixing was done too. You will immediately notice a new streamlined look, and some nice background graphics. The other big change is in dynamic playlists.
One we have been waiting for: drag and drop on Collections, to copy or move within Local Music, and also directly from the Playlist. We also got patches for various bugs and wishes: one can now configure the names of Podcast episodes, thanks to Sandeep Raghuraman, and automatic scrolling in the Lyrics applet is possible, thanks to Jan Gerrit Marker. Good news for classical music listeners, you now have the option to scrobble the composer as artist in Last.fm, thanks to Nicholas Wilson.
We also have an updated dynamic playlist which should be easier to understand. Some of the functionality changes are: New AlbumPlay example playlist, a Quiz-play bias that will pick a song that starts with the same character the last one ended with, preventing duplicate tracks.
And of course we have quite a few bug-fixes, and changes under the skin. The changelog below gives a fairly complete overview of the changes in this beta release. Please help us test it and get it ready for prime-time.
- Made Amarok compile with the Clang LLVM frontend.
- Enable drag and drop on collections to copy/move within Local Music and directly from the playlist.
- Added KNotify scripting interface.
- Make podcast episodes download filename configurable. Patch by Sandeep Raghuraman.
- Automatic scrolling in lyrics applet (Thanks to Jan Gerrit Marker)
- Option to scrobble composer as artist to Last.fm (Thanks to Nicholas Wilson)
- Option to hide the OSD if another window is taking the full screen
- Again write back ratings only if option is selected.
- Moved the queue-editor action to the main menu under playlist to save space. Queue editor now has a shortcut: Meta+U.
- Removed the redo action from the playlist toolbar to make it less wide.
- Made some playlist toolbar actions collapse into a menu button for use on small screens.
- Removed the statusbar. Moved progress info & messages to the Media Sources dock.
- Removed the preview button and checkbox from the organize collection dialog.
- General user interface cleanup (addition of browser widget backgrounds, etc.)
- Removed the add button in the context toolbar. Applet explorer is opened on config.
- Easier to understand Dynamic playlists
- Made Amarok depend ffmpeg-0.6 or newer.
- Use KImageCache if possible (kdelibs 4.5.0 and later), which should reduce the number of cache-related crashes.
- Don't let the album applet freeze Amarok for ages on track change.
- Fixed cover fetching from Google Images.
- Fixed a crash in the equalizer dialog when selecting "Off".
- Fix finalization of track copy process to media device collections.
- Fixed crash on MusicBrainz search.
- Avoid crash in ContextView when accessing Plasma::Applet::view().
- Fixed playlist tooltip getting too tall for multiline comments.
- Made equalizer keywords (dB,kHz,...) translatable.
- Made equalizer preset names translatable.
- Fixed runtime error reporting of scripts.
- Fixed "Happy" moodbar theme.
- Fixed crash for invalid scripts trying to be stopped by the manager.
- Fixed collection menu items ordering.
- Fixed top level podcast location setting.
- Fixed double-clicking in collection using left-handed mouse setting.
Sunday, July 10, 2011
SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.
For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Indeed, the normal mode is basically the SQL command that someone will put in the parameter sent to the server.
If the aspect of inline SQL injection is powerful in itself, its main strength dwells in the multithreaded automation of the injection. Not only there is a possibility to automate tedious and time consuming queries but you can also modify the query to get only what you want. It is obviously more useful in the blind SQL injection since the other ways to exploit the SQL injection vulnerability is more effusive and much faster when the results are displayed on the web page (union select in a HTML table and generated 500 error for instance).
The automation can be realized in two ways: comparing the expected result or by time delay. The first way is generally compared against an error or difference between positive condition with a negative one and the second way will turn out positive if the time delay sent to the server equals to the one parameterized in the application.
The main effort done on this application was to make it as painless as possible to find and exploit a SQL injection vulnerability without using any browser. That is why you will notice that there is an integrated browser that will display the results of the injection parameterized in a way that any related standards SQL error will be displayed without the rest of the page. Of course, like many other features of this application, there are ways to parameterize the response of the server to make it as talkative to you as possible.
Supported on Windows, Unix and Linux operating systems
SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
Load automatically the parameters from a form or a IFrame on a web page (GET or POST)
Detect and browse the framesets
Option that auto detects the language of the web site
Detect and add cookies used during the Load Page process (Set-Cookie detection)
Find automatically the submit page(s) with its method (GET or POST) displayed in a different color
Can create/modify/delete loaded string and cookies parameters directly in the Datagrids
Single SQL injection
Blind SQL injection
Comparison of true and false response of the page or results in the cookie
Response of the SQL injection in a customized browser
Can view the HTML code source of the returned page in HTML contextual colors and search in it
Fine tuning parameters and cookies injection
Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
Create/edit ASCII characters preset in order to optimize the blind SQL injection number of requests/speed
Multithreading (configurable up to 50)
Option to replace space by empty comments /**/ against IDS or filter detection
Automatically encode special characters before sending them
Automatically detect predefined SQL errors in the response page
Automatically detect a predefined word or sentence in the response page
Real time result
Save and load sessions in a XML file
Feature that automatically finds the differences between the response page of a positive answer with a negative one
Can create a range list that will replace the variable (<<@>>) inside a blind SQL injection string and automatically play them for you
Automatic replaying a variable range with a predefined list from a text file
Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context (parameters and cookies)
Two integrated tools: Hex and Char encoder and MS SQL @options interpreter
Can edit the Referer
Can choose a User-Agent (or even create one in the User-Agent XML file)
Can configure the application with the settings window
Support configurable proxies
Click here to download the tutorial
Download Version 1.2
Installation file MSI
Source code in C# and .Net 1.1
Same document as the one of the tutorial and Databases "Aide Memoire" Help file (chm)
Plugin Firefox (XPI Plugin Installation file)
BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).
It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits.
SQL Injection Wizard
Automated Attack Support (database dump)
Fast and Multithreaded
4 Different SQL Injection Support
Blind SQL Injection
Time Based Blind SQL Injection
Deep Blind (based on advanced time delays) SQL Injection
Error Based SQL Injection
Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
RegEx Signature support
Console and GUI Support
Load / Save Support
Token / Nonce / ViewState etc. Support
Session Sharing Support
Advanced Configuration Support
Automated Attack mode, Automatically extract all database schema and data mode
Update / Exploit Repository Features
Metasploit alike but exploit repository support
Allows to save and share SQL Injection exploits
Custom GUI support for exploits (cookie input, URL input etc.)
Load and Save
Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
Visually view true and false responses as well as full HTML response, including time and stats
Proxy Support (Authenticated Proxy Support)
NTLM, Basic Auth Support, use default credentials of current user/application
SSL (also invalid certificates) Support
Custom Header Support
Injection Points (only one of them or combination)
Post Injection data can be stored in a separated file
XML Output (not stable)
CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)
BSQL Hacker Manual.pdf 1.1 MB
SqlInjector is an application to perform completely blind SQL injection. Currently it only supports MS
SQL Server. It uses time and true/false based inference to conditions to extract data. The key feature
is that it uses a binary search mechanism to reduce the character search address space; this means it
can get each character value within 7 to 8 requests.
Binary search for faster character identification
Completely blind injection using time based inference
Supports MS SQL Server
Extracts database name
Extracts current user
Extracts server version
Extracts table names
Extracts column names
Extracts column data types
Extracts column lengths
Configurable space encoding
Configurable wait timing
Tree view display of enumerated data
Save/Loading of project files
Authentication support (Basic, Negotiate, Digest, NTLM, X509)
All right I've noticed ppl having trouble still with the crack.
Since that last thread has degenerated into incoherent jibber-jabber,
I am posting this here. The culmination of our (My) efforts.
Everyone use THIS as the latest known working version of the crack.
And yes, just in case the 4.2 is deleted from the official site ive decided to mirror it in here. This will contain everything needed to run. Try not to change anything unless you know what you are doing.
Things to remember:
1: Only keep the login server on if you want to generate a server. Once ur finished, feel free to turn it off.
2: Run the login server to be able to login. Type anything you want in that login box. Think of it as a server with no authentication. Its like we're ruining cloud computing here. But we should! If it were up to cloud computing none of us would have PERSONAL computers.
3:When making a server, for this implementation of the crack, SAVE your settings BEFORE you build. If you read the source code ull understand why.
4: Atm you cannot inject the server into other processes. You can only inject the server into itself. Like, say u have a crypter which uses injection. If it injects the server into its own memory image then its ok. If you try to inject into say svchost, it'll be blocked by DEP. Thank god I didnt lose any bots permanently due to that.
5: If you are using like DarkComet and want to migrate to blackshades like I have, and you are foolhardy enuf to have them running on the same ports, when your DarkComet gets few or no connections, it is bcuz the blackshades servers are effectively DoS'ing your DC client. (But its worth moving over. That filemanager is fuckin FAST! AND IT HAS TIMESTAMPS!!! AND REVERSE RELAY! But I digress.) Keep that in mind ad you migrate. The workaround obv uses windows firewall inbound filtering rules. I will not explain how to do that.
6: Keep the msvbvm60.dll file in there, otherwise itll revert back to being uncracked. And it may prompt you to update. In fact it will. 4.3 is released. Doesnt really have any new features that are useful, but since this one is cracked they thought theyd release a new version more secure just to keep their uncrackable RAT title. They can keep their title, and we can keep their RAT ^_^. I mean hey this 4.2 is kickass already. Who needs a steam stealer when you have keylogs eh? And this crack obviously will NEVER prompt for update.
It. Will. Work. FOREVER!!! ... until windows decides to stop supporting vb6 binaries, which is prolly not happening anytime soon. ( I mean it wont literally work yknow... forever... but.... u get the point)
Is that it? I think thats pretty much it. Remember you can run the login server source code in autoit SciTe if you dont rly trust the binary. Hell if you find a better server generation method, like oh i dunno maybe the right way to do it, like the official server does, feel free to patch it into the source!!!