HOIC - Another DDOS tool by Anonymous

A new DDOS tool is release by Anonymous called high-orbit ion canon or HOIC. This release is only for windows and has a nice GUI. If the attackers. see the home screen of the software. 

There are two round buttons under the target label. Click on the+ sign to add a website to attack and - sign button is used to remove a website. Set the number of threads and increase it to increase the strength of the attack. 

When you click on the+ button, a new window will open where you can specify following things

• URL - is the target website to attack
• Power -> sets the request velocity.  
• Booster - are config scripts that define the dynamic request attributes

HOIC includes a new feature called 'boosters' which are files you download or add to an attack machine which enables the attacker to manipulate headers such as language, referrer, host, etc.

To launch the attack click on "FIRE TEH LAZER!" button.


HOIC uses some randomization techniques to evade the detection.But there are some requests which can be used to detect. This tool is strictly an HTTP DOS attacking tool while LOIC has TCP, UDP and HTTP attack options.


As compared to LOIC, this tool seems to be more complicated. New Boosters script makes it harder to use. Becauase downloading and then configuring Boosters is not so easy. This new tool only focuses on HTTP attack.

Read More

Havij 1.15 Pro Free crack.

DOWNLOAD

(http://www.mediafire.com/?c239gtiak6i1c5g)

Instruction:

---------------

1:>Run Havij.exe

2:> Once it opens you will see register..

3:> Click Register Make sure you are connected to the internet

4:> Under Name: You write:Your Name or anything
5:>Under File: You select the folder where you are currently running the Havij program from and select Havij Key

6:> Done....

Read More

Automatic SQL Injection Exploitation Tool:The Mole v0.3 Released!!..

Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.


This release has introduced new features compared with the previous one, among these you can find that The Mole is now able to exploit injections thourgh cookie parameters. A new promising feature is that now you can exploit injections that return binary data, to achieve this the mole uses uses HEAD requests and analyzes the headers received (the size of the binary to download usually differs when the query was successful or not) and does not need to download the full binary data.


In this release there has been a major change in the The Mole's architecture, and now allows to easily insert filters in order to bypass IPS/IDS rules or modify the query on runtime. You can see a tutorial on how to write these filters in the tutorial section of the tool's site.


Feature:

Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
Command line interface. Different commands trigger different actions.
Auto-completion for commands, command arguments and database, table and columns names.
Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
Exploits SQL Injections through GET/POST/Cookie parameters.
Developed in python 3.
Exploits SQL Injections that return binary data.
Powerful command interpreter to simplify its usage.
Download The Mole v0.3
Tutorial link: Tutorial

Read More

Tenable Release Nessus 5.0 vulnerability scanner .

Tenable Network Security announced Nessus 5.0 vulnerability and configuration assessment solution for enterprises and security professionals. Nessus version 5.0 introduces key features and improvements, separated into the four major phases of the vulnerability scanning process:

 

• Installation and management (for enhanced usability) - Nessus 5.0 simplifies the installation and configuration for non-technical users. Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI

• Scan policy creation and design (for improved effectiveness) - Users now enjoy improved effectiveness when creating scan policies. Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerability database ID (OSVDB, Bugtraq, CERT Advisory, and Secunia), Plugin type (local or remote), information assurance vulnerability alert (IAVA), and more, to quickly identify easily-exploitable vulnerabilities.Scan for all easily remotely-exploitable vulnerabilities for which there is an exploit published in your favorite exploit framework.
• Scan execution (for improved efficiency) - Users can take advantage of real-time scan results, on-the-fly filtering and sorting, and streamlined results navigation. A new vulnerability summary and redesigned host summary make it easy to see risk level without even running a report. As the scan is being run, not only can you see the results as they are being gathered, but navigate and filter on them as well. This allows you to easily act upon the vulnerability data while the scan is happening.
• Report customization and creation (for improved communication with all parts of the organization) - New reporting features allow for improved communication of vulnerability results with all parts of the organization:Results filtering and report creation: Results filtering and report creation is more flexible than ever before. Users can apply multiple result filtering criteria, and targeted reports can be generated against the filtered results. Reports can be generated in native Nessus formats, HTML, and now PDF formats, Multiple report templates can be combined into one report.

Nessus 5.0 Installation Guide and Download Nessus 5.0

Read More

THC-Hydra v7.2 released :A very fast network logon cracker .

Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and is made available under GPLv3 with a special OpenSSL license expansion.

CHANGELOG for 7.2

=================
* Speed-up http modules auth mechanism detection
* Fixed -C colonfile mode when empty login/passwords were used (thanks to will(at)configitnow(dot)com for reporting)
* The -f switch was not working for postgres, afp, socks5,
* firebird and ncp, thanks to Richard Whitcroft for reporting!
* Fixed NTLM auth in http-proxy/http-proxy-url module
* Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at
* Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com
* Fix http form module: optional headers and 3xx status redirect, thx to Gash
* Fix in configure script for --prefix option, thanks to dazzlepod
* Update of the dpl4hydra script by Roland Kessler, thanks!
* Small fix for hydra man page, thanks to brad(at)comstyle(dot)com

Download it from here:
http://www.thc.org/thc-hydra/

Read More

Trixd00r v0.0.1 - An Invisible TCP/IP based backdoor for UNIX systems.

Trixd00r v0.0.1- An Invisible TCP/IP based backdoor for UNIX systems

NullSecurity Team Releases "Trixd00r v0.0.1" an advanced and invisible TCP/IP based userlandbackdoor for UNIX systems.

It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP.

The client is used to send magic packets to trigger the server and get a shell. You can Download and Use trixd00r-0.0.1.tar.gz from NullSecurity Website.

Vedio Demo:http://www.youtube.com/watch?v=Hs-nRUrnzwE&feature=player_embedded

Read More

How to hack IIS ( internet information server ) FTP password by useing Brute Force Attack.

FTP is an application or service or protocol which can be used to transfer files from one place to another place ,it really comes very handy during transfer of files from a local box to a remote one .Suppose someone get access to your FTP then he/she can cause nightmare for you by uploading unappropriate images or files etc.Here we will discuss how we can crack the password of IIS installed FTP service in Windows.

What is Brute-Force?

Brute-force is a type of attack in which every possible combination of letters, digits and special characters are tried until the right password is matched with the username. The main limitation of this attack is its time factor. The time it takes to find the proper match mainly depends on the length and complexity of the password.Here I will be using this attack to crack the password.So,lets start….
Requirements:

1. The tool we will be using ” BrutusA2”(Download: http://www.hoobie.net/brutus/)
2. You need to know the target suppose “ftp://123.123.xx.xxx”

Procedure:

Step 1.Here I have shown an authentication page of an FTP service in the image below and in the following steps we will crack its password using brutus.

Step 2.Now open up “Brutus” and type your desire target ,select wordlist and select “FTP” from the drop down menu and click start. If you are confused then follow the image below.


Step 3.The time it takes as I mentioned above depends on the complexity and length of the password.So after clicking the start button wait for the time as mentioned in the tool.The password will be displayed as shown above.
Recommendation: I would recommend the readers to try it in a virtual environment as I did and enjoy the trick.It is not advisable to try it on some unknown user without prior permission.

Read More

Key Logger for LINUX UBUNTU.

I am searching for a keylogger for Ubuntu Linux. Finally I found it in sourceforge.net. Here are the simple steps for keylogger in ubuntu

What is Keylogger?

Keystroke logger is the practice of noting (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware- and software-based to electromagnetic and acoustic analysis.


keylogger in Linux
We have an opensource software available for Linux called lkl (Linux Key Logger).
LKL is a userspace keylogger that runs under linux–x86/arch. LKL sniffs and logs everything passes trought the hardware keyboard port (0×60).
Download key logger here

How to Install?

Step 1
Unzip or untar the file you have downloaded
Step 2
Change in to directory by typing cd lkl
Step 3
Give the below command ./confiure
This will check all the required resurces it needs
Step 4
Type `make‘ to compile the package.
Step 5
Optionally, type `make check’ to run any self-tests that come with the package.
Step 6
Type `sudo make install‘ to install the programs
Now you are done with the installation
How to use?
You can send argument with the command lkl
-h help
-l start to log the 0×60 port (keyboard)
-b debug mode
-k <km_file> set a keymap file
-o <o_file> set an output file
-m <email> send logs to <email>
-t <host> hostname for sendmail. Default is localhost
Example: lkl -l -k us_km -o log.file // use USA kb and put logs in ‘log.file’

Please comment on the same if it doesn’t works for you

Read More

What Is Spyware?

                                          
A spyware is a piece of malicious code or program installed in system to monitor activities of a person. A spyware is capable of logging key strokes, it can take screen shots and if there is active Internet connection then it can even mail logs to specified email-address or transfer logs to ftp server.
Beyond just monitoring it can record your computing habits including which site you browse more, at what time you prefer to be on system or amount of time you spend on computer.
                                    
A spyware can be used to track all information about your social-networking habits and IRC(Internet Relay Chat) Clients including all major and minor chat clients example: Google Talk, Rediff Messenger, Yahoo Messenger, Microsoft Live Chat, absolutely every thing related to IRC client is exposed to spyware. On the basis of its commercial use and monitoring capabilities spywares are classified as follows,

On Basis Of Commercial Use: Domestic Spywares and Commercial Spywares
On Basis Of Monitoring: Key Loggers, E-mail Loggers/Chat Recorders, Screen Recorders.

Domestic Spywares: This kind of spywares are purchased and used by common people to monitor their system. Most of the times parents install this type of spyware to monitor their children or network admin or a company to monitor computing activities of their employees. The most widely and most powerful use of these spywares are done for hacking purposes only.
Example: SniperSpy, Winspy, Sentry PC, Spy Agent

Commercial Spywares: Commercial Spywares incude the services included in your Operating System and softwares to monitor event logs and crash reports. The information about software crash is anonymously sent to software vendors, also the reports about user experience, crash, memory dump etc are sent to Operating System Vendor. The only fact is that this type of spying is legal to improve product and provide better and secure service.
Example:Windows and Linux Crash Logs, Virus info in Anti-Virus program, Event Collectors etc.

Key Loggers: Key loggers are spywares specially made to record keystrokes from keyboard. Key Logging can retrieve information about bank account password, online transactions, login passwords etc.

E-mail Loggers/Chat Recorders:These spywares are used to track e-mails and chat report from your IRC. If you use e-mail client like Windows Mail or Mozilla Thunderbird etc. Then these spywares are capable of modifying internal settings to forward mails to attacker's inbox without keeping a track in your Outbox.

Screen Recorders: Screen recorders are capable of capturing screen and send recording using minimum bandwidth. Such monitoring is done by parents on their children to protect them from online pornography.
Example:Spy Agent, Winspy, Sniper Spy

Ok being honest I want to clear that today actually nobody bothers about classification of spyware and reason is quite obvious that spyware manufactures pack their spywares with nearly 90% of features of all types of spywares. So if you don't want to remember classification of spyware then its ok, no problem at all but you must know what is spyware. Sorry forgot you already know that.

Read More

Cell Phone Spy: Software to Spy on Cell Phones

                       How to Spy on Cell Phones

Is Someone Holding Secrets from You?
Reveal them All with the World’s Best Cell Phone Spy Software!


Today, there exists hundreds of cell phone spy softwares on the market, where many of them are nothing more than a crap. Some are good and only a few of them are the best. Also, each SpyPhone software has a different set of features and operating format which makes it hard for novice users (perhaps like you) to make the right choice so as to fit their spying needs.


So, in order to help our readers to find the best spy software, I have decided to give a thorough review of the Top 2 Best Selling SpyPhone softwares on the market.

1. Spy Phone GOLD – (TESTED)


2. Mobile Spy – (TESTED)






SpyPhone GOLD and Mobile Spy are the current leaders in the market which are used by thousands across the globe to spy on cheating spouse, monitor employees and keep an eye on their teens. Here is a complete review of these two products.

1. Spy Phone GOLD Review:



Spy Phone GOLD is is the No.1 spy software on the market which turns any compatible cell phone into a Spy Phone within minutes. It offers every feature that a true cell phone spy software should have. Hence most people choose Spy Phone GOLD for their cell phone spying needs.


How Cell Phone Spying Works?


After your purchase, you can directly download the installation module onto the target cell phone. Installation takes only a few minutes. After installation, each activity on the target phone is recorded and uploaded onto the SpyPhone servers. You can login to your online account from your PC to view the logs at any time. The logs contain Text messages, Contacts List, Call History, GPS Locations and many such information.

Call interception: When the target cell phone is on the conversation, you will receive a secret SMS notification on your phone. At this time you can call the target phone to listen to the live conversation going on. All this process takes place in complete stealth mode and is 100% undetectable!


Spy Phone Top Features:
Call Interception – Listen to the actual calls LIVE on the target cell phone
Environment Listening - Make a spy call to the target cell phone running SPY PHONE and listen in to the phone’s surroundings.
SMS Logging – Records both incoming & outgoing SMS
SIM Change Notification – Get instant notification via SMS when the target cell phone changes it’s SIM
Remote Control – Send secret SMS to the target phone to control all functions
Spy from any location across the world
100% Undetectable


Compatible Cell Phones:

Spy Phone GOLD is fully compatible with the following mobile phones
Nokia, LG, Samsung and Sony Ericsson Phones
BlackBerry Phones
Apple iPhones
Windows Mobile Phones

Click Here to Download Spy Phone GOLD



2. Mobile Spy Review:


Although Mobile Spy is not as feature rich as Spy Phone GOLD, it offers a good bunch of features that every spy software should have. It is a very good choice for those who are looking for a mid-range spy software at an affordable price.



How it Works?
The working of Mobile Spy is exactly same as that of Spy Phone GOLD. However Mobile Spy lacks the feature of call interception.


Mobile Spy Features
Mobile Spy offers every common feature such as recording Call Logs, SMS, GPS Locations, IM Conversations, Web Activities, Emails etc. It is very similar to Spy Phone but lacks the vital features like call recording and call interception. Thus with Mobile Spy you cannot listen to live calls on the target cell phone.


Compatible Cell phones: Mobile Spy is compatible with Nokia, Samsung, LG, Apple iPhones, Blackberry, Android and Windows Mobile Phones.

You can download Mobile Spy from the following link

Click Here Download Mobile Spy



Here is a quick comparison between Spy Phone GOLD and Mobile Spy



Which Cell Phone Spy Software to Choose?


If you want a high-end spy software with top features like call interception and call recording then Spy Phone GOLD is the right choice. Or else, if you’re looking for a mid-range spy software with basic features at an affordable price then go for Mobile Spy. So what are you waiting for? Go grab either of the two from the following links now:

1. Click Here to Download Spy Phone GOLD


2. Click Here to Download Mobile Spy 

Read More

How to Hack Windows Administrator Password

This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.

Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called  Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.

• You do not need to know the old password to set a new one
• Will detect and offer to unlock locked or disabled out user accounts!
• There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.

The download link for both CD and floppy drives along with the complete instructions is given below
Offline NT Password & Reg Editor Download

It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.

Another simple way to reset non-administrator account passwords

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.

1. Open the command prompt (Start->Run->type cmd->Enter)
2. Now type net user and hit Enter
3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name John, then do as follows
4. Type net user John * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.
So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

Read More

FatCal - Automatic SQL Injection tool

FatCat is an automatic SQL injection tool. This tool is useful for testing SQLI vulnerabilities of a web application. This tool can extract whole database data. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability.



Features:  
1)  Normal SQL Injection 
2)  Double Query SQL Injection   


In Next Version:   
1)  WAF bypass 
2)  Cookie Header passing 
3)  Load File 3) Generating XSS from SQL   


Requirement:  
1)  PHP Verison 5.3.0 
2)  Enable file_get_function  


Download:
http://code.google.com/p/fatcat-sql-injector/downloads/list

Read More