Sunday 23 October 2011

Tool Of Hacking Website With SQL






1. SQLi Helper 2.7 by reiluke

Very useful tool. Just type vun website link and hit inject.

DOWNLOAD

2. darkMySQLi.py by rsauron from darkc0de.com

DOWNLOAD

To use this program, you will need python. 

DOWNLOAD 

How to use? 

1. Install Python to C:\ (or other drive, wocares)
2. Unrar darkMySQLi.py to Python25 folder
3. Go to: Start --> Run --> cmd
4. In cmd type cd C:\Python25\
5. It looks like C:\Python25. Now type python darkMySQLi.py and hit enter.
6. You will see program notes in command line. Type "--help" and program will show you all options.



This program helps you to find admin login page. Remember, then you type Website URL, always add / on URL end.

DOWNLOAD

4. Blind SQLi by reiluke

Helps to dump data when you using blind SQLi.

DOWNLOAD

5. Diamondhack vuln scanner

Scanning websites and shows vuns. Type dork, and wait a few minutes.

DOWNLOAD

Posted by Unknown at 22:22 1 comments

Labels:

PhonixXx Exploit


At below here is a some define about Phoenix Exploit Kit.

The Phoenix Exploit Kit is a good example of exploit packs used to exploit vulnerable software on the computers of unsuspecting Internet users. Often, cybercriminals drive traffic to the exploit kit by compromising legitimate sites and by inserting iframes that point to the exploit kit or by poisoning search engine results that take users to the exploit kit.

When users land on a page injected with the exploit kit, it detects the user’s Web browser and OS version then attempts to exploit either the browser or a browser plug-in. The latest version of the Phoenix Exploit Kit currently has payloads for nine different system configurations, including:

    * XPIE7: Internet Explorer 7 and either Windows XP, Windows XP SP2, or Windows 2003
    * VISTAIE7: Internet Explorer 7 and Windows Vista
    * XPIE8: Internet Explorer 8 and either Windows XP, Windows XP SP2, or Windows 2003
    * VISTAIE8: Internet Explorer 8 and Windows Vista
    * IE: Versions of Internet Explorer that are not IE7 or IE8
    * WIN7IE: Internet Explorer and Windows 7
    * XPOTHER: Browsers other than Internet Explorer on Windows XP, Windows XP SP2, or Windows 2003
    * VISTAOTHER: Browsers other than Internet Explorer on Windows Vista
    * WIN7OTHER: Browsers other than Internet Explorer on Windows 7

Once users are directed to a payload page, the kit attempts to exploit vulnerabilities in versions of Adobe Acrobat Reader, Adobe Flash Player, Internet Explorer, and Java.

Java has become the leading exploit vector for a variety of exploit packs. In fact, Phoenix Exploit Kit 2.5 has been updated to include three additional Java exploits, namely:

     JAVA RMI
     JAVA MIDI
     JAVA SKYLINE

The administration panel of Phoenix Exploit Kit 2.5 contains an option to switch modes, which changes the Java exploit delivered to users. It allows the administrator to choose from among TC (CVE-2010-0840), RMI, or MIDI. This indicates that exploits for Java have become very attractive to malware distributors.


Download

Posted by Unknown at 22:20 1 comments

Labels:

Collection Of Web Hacking Tools


Tool List:
Apache Hacking Tools Directory:
Apache Chunked Scanner
Apache Hacker Tool v 2.0
Apache H4x0r Script

Remote File Inclusion And Remote Command Execution Directory :
IIS 5 Dav Scanner & Exploiter
PHP Attacker
PHP Injection Scanner & Exploiter
XML-RPC Scanner & Exploiter

Databases & SQL Injection & XSS Tools Directory :
Casi 4.0
ForceSQL
Mssql BruteForce TooL
SQL Ping 2
SQL Recon
SQL Vuln Scanner
SQL & XSS TooL

PHP Shells :
rootshell v2.0
c99shell #16
Backdoor php v0.1
r57shell
ajan
casus15
cmd (asp)
CyberEye (asp)
CyberSpy5 (asp)
Indexer (asp)
Ntdaddy (asp)
News Remote PHP Shell Injection
PHP Shell
phpRemoteView
nstview php shell

Download

Posted by Unknown at 22:19 1 comments

Labels:

Scanner




Feature:


  • As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists.
  • Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases.
  • Firewalls, SSL and locked-down servers are futile against web application hacking!
  • Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right in to the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.
  • Acunetix - a world-wide leader in web application security
  • Acunetix has pioneered the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in web site analysis and vulnerability detection.
  • Acunetix Web Vulnerability Scanner includes many innovative features:
  •  AcuSensor Technology
  •  An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications
  •  Industries' most advanced and in-depth SQL injection and Cross site scripting testing
  •  Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer  
  •  Visual macro recorder makes testing web forms and password protected areas easy
  •   Extensive reporting facilities including VISA PCI compliance reports
  •   Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
  •   Intelligent crawler detects web server type and application language
  •   Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
  •   Port scans a web server and runs security checks against network services running on the server
  • AcuSensor details are now exported in the report as well.
Bug Fixes:
Fixed a bug in cross domain check script.
Fixed 2 crashes in the scanner software.
Fixed a bug in DOM XSS security check.
DOWNLOAD PDF file


Acunetix Web Vulnerability Scanner Ver 7-20110406 Enterprise DOWNLOAD 

Posted by Unknown at 22:18 1 comments

Labels:

sql-poizon-v11-sqli-exploit-scanner

The Exploit Scanner Tool, I am hereby introducing you with the new release which is more handy. It has new features as well as bug fixes from the older release. Please take a look for it below:





Sql Crawler
Scan for vulnerable sites using error against responses list.
Export list to file.
Search Highlighting


Injection Builder
To make malicious sqli strings.
Contains lots of functions.











New Features
"Look n Feel" is more attractive now.
Rich "Context Menu" items.
"Results" contain check boxes to enable selection.
"Selected Dork" box is editable now for user convenience.
Built-in Browser for "Injection Builder" to check the impact of injection.
"Text Bucket" available for "Injection Builder" to save extra data.
"Insert Order By" button is added to "Injection Builder".
"Internet Browser" with Snapshot and HTML DOM Tree.


Bug Fixes
It wont get stucked after pressing the stop button. Just a minor wait can occur which is okay.
Progress bar for "Crawler" has been fixed. It will show correct progress now.
Error on importing file is fixed now. You can import files from other directories as well.
"Searchqu" shows invalid results. It is fixed now.

Posted by Unknown at 22:08 0 comments

Labels:

Power SQL Injector


BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits. 


Key Features

Easy Mode
SQL Injection Wizard
Automated Attack Support (database dump)
ORACLE
MSSQL
MySQL (experimental) 
General
Fast and Multithreaded
4 Different SQL Injection Support
Blind SQL Injection
Time Based Blind SQL Injection
Deep Blind (based on advanced time delays) SQL Injection
Error Based SQL Injection 
Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
RegEx Signature support
Console and GUI Support
Load / Save Support
Token / Nonce / ViewState etc. Support
Session Sharing Support
Advanced Configuration Support
Automated Attack mode, Automatically extract all database schema and data mode 

Update / Exploit Repository Features
Metasploit alike but exploit repository support
Allows to save and share SQL Injection exploits
Supports auto-update
Custom GUI support for exploits (cookie input, URL input etc.) 

GUI Features
Load and Save
Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
Visually view true and false responses as well as full HTML response, including time and stats 

Connection Related
Proxy Support (Authenticated Proxy Support)
NTLM, Basic Auth Support, use default credentials of current user/application
SSL (also invalid certificates) Support
Custom Header Support 

Injection Points (only one of them or combination)
Query String
Post
HTTP Headers
Cookies 

Other
Post Injection data can be stored in a separated file
XML Output (not stable)
CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.) 


BSQL Hacker Manual.pdf 1.1 MB


Download

Posted by Unknown at 22:03 0 comments

Labels:

Subscribe to: Posts (Atom)