Mysql Bruteforce V1.0 [Penetration Testing Tools]

A small application build to demo the weakness in mysql and networking. This is capable of running login attempts from multiple threads in parallel. The effect of this is instead of attempting to login to the server one at a time which is badly effected by network latency. This little tool will be able to run up to 1024 concurrent connections. An example of the performance difference is with a round trip time of around 50ms it takes around 5 minutes to attempt 1000 logins. With multiple threads it takes around 10 seconds (at basic broadband speeds). What is worse is that locally it is capable of trying 1000’s of password’s a second!

How to use: ./mysql_bruteforce.c [<options>]

-h Print this help and exit
-v Verbose. Repeat for more info
-t <host> host to try
-p <port> port to connect on
-n <num> number of threads to use

Note: usernames / password will be read from stdin
The format for this is username:password

Platform : Linux

Download Source Code : mysql_bruteforce.c

Advertisements

Skypeproxy – Tunneling TCP IP through Skype.

Most network administrators at work, university or school deny access to file sharing, instant messaging or social networks such as facebook or myspace with a firewall or proxy server. If you are constantly getting a message saying “Can’t connect” or something similar, the service you are trying to connect to has probably been blocked by your network administrator.

Skype tunnel works in very similar way as well-known “TCP Tunnel/Monitor“… with only one diff: the transport for it – Skype Network.

For example : how works ssh-client-tunneling from office to home linux

prerequisites:

a) Preinstalled Skipe vv. 2,3,4,5 on Linux, Windows, MacOS.

b) two skypeId ( 1st is server, 2nd is client )

Just run :

1. on server: #java -jar 0.0.X-yyy-zz.jar listen

2. on client: #java -jar 0.0.X-yyy-zz.jar send <to_skypeId_contact> <local_tcp_port> <remote_host> <remote_port>

Proxy, Socks,ICQ, SSH, Windows Remote Desktop, VNC, Radmin, X-server and much much more aplications will be accessible again from any place where you use Skype 😉

For reference : Exploiting P2P Communications to Invade Users’ Privacy

Download :

skypeproxy-0.0.9-SNAPSHOT-jar-with-dependencies.jar [Listen] 2012

skypeproxy-0.0.8-SNAPSHOT-jar-with-dependencies.jar [Listen]

skypeproxy-0.0.5.zip

Read more in here : code.google.com

IT security resources – Beta

IT security resources for ethical hacking & penetration testing.
this collection of most used resources that will help you in ethical hacking and penetration testing. Collection of hacking tools and materials and all major type of attacks and tutorials.
Features

  • hacking tools
  • hacking tutorials,videos,etc.

DownloadITresources_v2.rar (137.6 kB) | Find Other Version

or Read more in here : itsecures

Mutillidae 2.1.15 – is a deliberately vulnerable web application

Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. It is already installed on Samurai WTF. Simply replace existing version with latest on Samurai. Mutillidae contains dozens of vulnerabilities and hints to help the user exploit them; providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software.

Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools.

Please see the documentation folder for installation instructions including information on suppressing PHP errors related to the project using OWASP ESAPI.

Features

  • Installs easily by dropping project files into the “htdocs” folder of XAMPP.
  • Switches between secure and insecure mode
  • Secure and insecure source code for each page stored in the same PHP file for easy comparison
  • Has dozen of vulnerablities and challenges
  • Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010

Download : mutillidae-2.1.15.zip

Find current Release : http://sourceforge.net/

or read more in here http://www.irongeek.com/

SSH Bruteforce [Penetration testing tools]

A small application built to try passwords against sshd

Options currently supported are

Usage: ./brute-ssh.exe [<options>]

-h Print this help and exit
-v Verbose. Repeat for more info
-t <host> host to try
-p <port> port to connect on
-n <num> number of threads to use

Note: usernames / password will be read from stdin
The format for this is username:password

Download Source script : Brute_force.c

Fake sshd – [Penetration testing tools]

This is a fake sshd which can be used to log common login attempts which are typically used by scammers / spammers / script kiddies to attempt to gain access to servers. Here are a few reason why this one is different.

Does not modify OpenSSH. It uses libssh instead.
There is no valid way to login to a shell.
Can be used to tarpit / delay attackers.
Can be used to “steal” the dictionary’s of the attacks.

To get this to work you will need a recent copy of libssh. The one that ships on debian lenny isn’t recent enough. Then compile it using something like this assuming that libssh is installed correctly. Or you will need to add the include dir’s using -I and the lib dir’s using -L

gcc -Wall fake-sshd.c -o fake-ssh -lssh

Options currently supported are

Usage: ./fake-sshd.exe [<options>]

-a <secs> Failed Auth delay
-b <str> Set the banner
-h Print this help and exit
-m <n> Max attempts per connection
-p <port> Port to listen on
-r <file> Path to rsa key
-d <file> Path to dsa key
-s Log to syslog
-t <secs> Timeout
-v Verbose. Repeat for more info
-w <secs> Delay after connection

Download Source Script :  fake-sshd.c

WPSCrackGUI Beta – Graphical interface to the network cracking WPS Reaver.

WPSCrackGUI is a graphical interface for cracking wireless networks with WPS.

Features

  • Graphic User Interface (GUI) WPS encryption cracking.
  • Scan networks.
  • Change MAC Address.
  • Supported in Gt and Gtk.

Original Languages Spanish | Platform Linux

Download Current ReleaseWPSCrackGUI v1.0.6 (29.7 kB)

Or Find In here current version : http://sourceforge.net/