Tuesday, August 30, 2011

Xcode SQL Injection / LFI / XSS & Webshell Vulnerability Scanner

XCODE Exploit: Vulnerable and Webshell Scanner.Once downloaded, extract all the files and run XCodeXploitScanner.exe, Dork Click It and a tool will collect links from Dork you enter and displays the list is. after displaying List, you will be able to conduct SQL injection vulnerability scanning / Local File Inclusion / Cross Site Scripting on the web that is in the list.

This tool will send the injection parameters to the web as' - * /../../../../../../../../../../../../. . / .. / etc / passwd% 00 "> alert (" XXS Xcode Exploit Scanner Detected ").

If the Web has a bug then the status will appear:

SQLi Vulnerablitiy: www.target.com?blabla.php?=1234:
LFI Vulnerablity: www.target.com?blabla.php?=1234/../../../../../../../../../../../../. . / .. / etc / passwd% 00
XSS Vulnerablity: www.target.com?blabla.php?=1234 "> alert (" XXS Xcode Exploit Scanner Detected ")

At the status list is detected, you can click Open Vuln links with a web browser to display on your browser

This tool also adds webshell hunter, where you can search the web shell C99, R57, C100, ITsecteam_shell, b374k, which had been uploaded by the hackers.

Continue   Reading>>

xdos.c: A Simple HTTP DoS Tool! ~ C programming Code

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

Continue   Reading>>

Sunday, August 28, 2011

INSECT Pro 2.7 ~ Penetration security auditing and testing Tool

INSECT Pro 2.7 - This penetration security auditing and testing software solution is designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications.

INSECT can help to build a strong security posture that is easy to use so both professional penetration testers and less experienced security pros will have all the tools they need to reduce costs, proactively find vulnerabilities, assess risk, and check the effectiveness of security defenses.

 This is a partial list of the major changes implented in version 2.7
  • Available targets now has a submenu under right-click button
  • Check update function added in order to verify current version
  • Project saved on userland - Application Data special folder
  • 50 Remote exploits added
  • AgentConnect now use telnetlib
Supported Platforms and Installations
– Windows XP, 2003, Vista, 2008 Server, and Windows 7 (requires Python and .NET)

Download From Here

Video Demo Here:
Continue   Reading>>

How to Recover Windows 7 Password~Windows Password Killer Tool

I have explained how to recover the lost password using Backtrack Password Cracking. Here i am going to introduce a new tool named as Windows Password Killer. It enables you remove windows 7 password to reset the administrator, standard user and guest passwords easily without any data losing or file damage.

There is 3 different editions - the Lite, Pro and Ultimate, here we take the Pro edition as an example for the password remove process with USB drive (CD/DVD also supported too).

1. Any Accessible Computer.
2.USB Drive or CD/DVD

Step 1: Install Password Killer
Download the Windows Windows Password Killer from Here. 
Install the windows Password Killer in your friends or any accssible computer.
Step 2:Burn a bootable CD/DVD or an USB drive
  1. Insert the USB Drive or CD/DVD.
  2. Run the Windows Password Killer.
  3. Select the USB drive or CD/DVD.
  4. click the Create button.
  5. It will ask you to verify whether you select correct disk or not. Click "Yes" button.

Step 3: Boot from USB Drive OR CD/DVD 
Now let us come to our locked computer.
  • Insert your USB Drive before turn on the system(if you are using CD/DVD, you have to turn on and insert). 
  • Now turn on the system, press F10 or F12(it may vary for your system) to choose the booting device. 
  • Select the USB drive or CD/DVD.
It will boot into Windows Password Killer.

Step4 : Reseting Password
After program starts, select Windows 7 system on the start page, click 'Next'.

Select your target user accounts, and then click 'Next' to proceed the Windows 7 password recovery/unlock process.

The Windows 7 Administrator password or other user accounts password is reset successfully now. Take out the password reset CD/DVD, click 'Reboot' to restart your computer.

Want to say thanks?!
Sorry i don't need your thanks, i just want your like in my Facebook Fan page.
or Just follow us in twitter: http://twitter.com/eHackerNews
or Just share this with your friends.
Thank you from BreakTheSec, if you did.

Continue   Reading>>

ERPScan WEBXML Checker- Security Testing for SAP J2EE applications

ERPScan WEBXML checker is a freeware tool that is intended for checking security configuration of SAP J2EE applications by scanning a WEB.XML file . It is intended to checking WEB.XML files for different vulnerabilities and missconfigurations like Verb Tampering, Invoker servlet bypass and other missconfigurations. Detailed information about that vulnerabilities can be found in whitepaper “Architecture and program vulnerabilities in SAP’s J2EE engine” presented at BlackHat conference.

Continue   Reading>>

Snort v 2.9.1~Network intrusion prevention and detection system (IDS/IPS)

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS. 

It is  capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Download it From Here:
Continue   Reading>>

WebSurgery v6.0 ~security testing for web applications

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), Brute force for login forms, identification of firewall-filtered rules, DOS Attacks and WEB Proxy to analyze, intercept and manipulate the traffic between your browser and the target web application.
Screenshot fo Tool:

WEB Crawler
WEB Crawler was designed to be fast, accurate, stable, completely parametrable and the use of advanced techniques to extract links from Javascript and HTML Tags. It works with parametrable timing settings (Timeout, Threading, Max Data Size, Retries) and a number of rules parameters to prevent infinitive loops and pointless scanning (Case Sensitive, Dir Depth, Process Above/Below, Submit Forms, Fetch Indexes/Sitemaps, Max Requests per File/Script Parameters). It is also possible to apply custom headers (user agent, cookies etc) and Include/Exclude Filters. WEB Crawler come with an embedded File/Dir Brute Forcer which helps to directly brute force for files/dirs in the directories found from crawling.

WEB Bruteforcer
WEB Bruteforcer is a brute forcer for files and directories within the web application which helps to identify the hidden structure. It is also multi-threaded and completely parametrable for timing settings (Timeout, Threading, Max Data Size, Retries) and rules (Headers, Base Dir, Brute force Dirs/Files, Recursive, File’s Extension, Send GET/HEAD, Follow Redirects, Process Cookies and List generator configuration).
By default, it will brute force from root / base dir recursively for both files and directories. It sends both HEAD and GET requests when it needs it (HEAD to identify if the file/dir exists and then GET to retrieve the full response).

WEB Fuzzer
WEB Fuzzer is a more advanced tool to create a number of requests based on one initial request. Fuzzer has no limits and can be used to exploit known vulnerabilities such (blind) SQL Inections and more unsual ways such identifing improper input handling, firewall/filtering rules, DOS Attacks.

WEB Editor
A simple WEB Editor to send individual requests. It also contains a HEX Editor for more advanced requests.

WEB Proxy
WEB Proxy is a proxy server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies.

Download Setup from Here
Download Portable Version from Here
Continue   Reading>>

How to install Backtrack 5 R1 on Pendrive with Persistent Memory -BackTrack Linux Tutorials

Let me explain you how to install backtrack linux(pentertation testing distribution) on Pendrive/Flash drive persistent Memory(to store changes). Without persistent memory, you can not install new software or copy files in your backtrack.  

Continue   Reading>>

New DDOS Tool(Killapache)-65% of Internet(websites) is vulnerable |Apache Killer

Apache server announced 65% websites are vulnerable to DDOS tool.
Hash: SHA1

          Apache HTTPD Security ADVISORY

Title:    Range header DoS vulnerability Apache HTTPD 1.3/2.x

CVE:      CVE-2011-3192: 
Date:     20110824 1600Z
Product:  Apache HTTPD Web Server
Versions: Apache 1.3 all versions, Apache 2 all versions


A denial of service vulnerability has been found in the way the multiple 
overlapping ranges are handled by the Apache HTTPD server:

An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server. The default Apache HTTPD installation is vulnerable. There is currently no patch/new version of Apache HTTPD which fixes this vulnerability. This advisory will be updated when a long term fix is available. A full fix is expected in the next 48 hours. Mitigation: ============ However there are several immediate options to mitigate this issue until a full fix is available: 1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request. Option 1: (Apache 2.0 and 2.2) # Drop the Range header when more than 5 ranges. # CVE-2011-3192 SetEnvIf Range (,.*?){5,} bad-range=1 RequestHeader unset Range env=bad-range # optional logging. CustomLog logs/range-CVE-2011-3192.log common env=bad-range Option 2: (Also for Apache 1.3) # Reject request when more than 5 ranges in the Range: header. # CVE-2011-3192 # RewriteEngine on RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) RewriteRule .* - [F] The number 5 is arbitrary. Several 10's should not be an issue and may be required for sites which for example serve PDFs to very high end eReaders or use things such complex http based video streaming. 2) Limit the size of the request field to a few hundred bytes. Note that while this keeps the offending Range header short - it may break other headers; such as sizeable cookies or security fields. LimitRequestFieldSize 200 Note that as the attack evolves in the field you are likely to have to further limit this and/or impose other LimitRequestFields limits. See: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize 3) Use mod_headers to completely dis-allow the use of Range headers: RequestHeader unset Range Note that this may break certain clients - such as those used for e-Readers and progressive/http-streaming video. 4) Deploy a Range header count module as a temporary stopgap measure: http://people.apache.org/~dirkx/mod_rangecnt.c Precompiled binaries for some platforms are available at: http://people.apache.org/~dirkx/BINARIES.txt 5) Apply any of the current patches under discussion - such as: http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e Actions: ======== Apache HTTPD users who are concerned about a DoS attack against their server should consider implementing any of the above mitigations immediately. When using a third party attack tool to verify vulnerability - know that most of the versions in the wild currently check for the presence of mod_deflate; and will (mis)report that your server is not vulnerable if this module is not present. This vulnerability is not dependent on presence or absence of that module. Planning: ========= This advisory will be updated when new information, a patch or a new release is available. A patch or new apache release for Apache 2.0 and 2.2 is expected in the next 48 hours. Note that, while popular, Apache 1.3 is deprecated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iEYEARECAAYFAk5VI+MACgkQ/W+IxiHQpxsz4wCgipR6nQmd45hAgFmI/8dHULLF BtoAmQGsi2efZKibpaSMI+aCt8fQgWgS =11BG -----END PGP SIGNATURE-----

Continue   Reading>>

Friday, August 26, 2011

Multi-Tabbed PuTTY(MTPuTTY) released by TTY PLUS

PuTTY is the most popular SSH client for Windows. One, and probably the only one, of PuTTY drawbacks is that you need to start a new copy of PuTTY every time you open a new connection. So if you need e.g. 5 active connections you run 5 PuTTY instances and you have 5 PuTTY windows on the desktop.

MTPuTTY (Multi-Tabbed PuTTY) is a small *FREE* utility enabling you to wrap unlimited number of PuTTY applications in one tabbed GUI interface. You are still continue using your favorite SSH client, but you are no longer messing around with PuTTY windows - each window will be opened in a separate tab.

MTPuTTY Features
All PuTTY features
Supports all PuTTY protocols - SSH, Telnet, Rlogin, Raw. Supports PuTTY session. You can control and change PuTTY command line parameters. You can run PuTTY configuration from within the program.

Can automatically login the remote servers and "type" your passwords. Can run any script after login. Can "type" a script in several PuTTY tabs simultaneously.

Easy to use
Clear tabbed user interface. Servers are grouped in a sidebar. Taskbar to quick access to basic program tasks. Any PuTTY tab can be detached and converted into a general PuTTY window.

Smart code
Native Win32 code - no need to have any libraries (like .NET, VB etc). Multithreaded automation tasks - freezing in one PuTTY tab will not freeze the other ones.


Download From Here:
Continue   Reading>>

Sunday, August 21, 2011

What is Pharming Attack? -DNS Poisoning

I hope you know about Phishing attacks. In phishing attack, the user will be tricked to visit a fake page by sending scam emails.  If you clever to notice the url of the site, you will find the url is not original one.  So , it is possible for a user to detect the phishing attack by verifying the url. But hacker can bring the phishing attack to the next level with the pharming attack.

What is Pharming?
Pharming attack will redirect to the fake(phishing) page even though user enter the correct address. For Eg: facebook.com will show the fake page instead.The term pharming is a derived from farming and phishing. In recent years both pharming and phishing have been used for online identity theft information. Pharming has become of major concern to businesses hosting ecommerce and online banking websites
How does it works?
Method 1: DNS Poisoning: 

1. Attacker hacks into the DNS server and changes the IP address for www.targetsite.com to IP of www.targetsite1.com (Fake page).

2. So if the user enter the URL in address bar, the computer queries the DNS server for the IP address of www.targetsite.com. 

3. Since the DNS server has already been poisoned by the attacker, it returns the IP address of www.targetsite1.com(fake page).

4. The user will believe it is original website but it is phishing page. 

Method 2: HOSTS file Modification:
This method is local DNS poisoning. 
What is host file?
     The host file contains Domain Name and IP address associated with them.  Your host file will be in this path:
It will change the fields of hosts so that original website will point to some other fake page.  Please read this article to know more about this method: Use original Domain for phishing using hosts file

Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting you to a fraudulent website when you type in a legitimate address.

Instances of Pharming:
In January 2005, the domain name for a large New York ISP, Panix, was hijacked to point to a site in Australia. No financial losses are known.

In January 2008, Symantec reported a drive-by pharming incident directed against a Mexican bank in which the DNS settings on a customer's home router were changed after receipt of an e-mail that appeared to be from a legitimate Spanish-language greeting card company

In a poisoning attack in early March 2010, requests from more than 900 unique Internet addresses and more than 75,000 e-mail messages were redirected, according to log data obtained from compromised Web servers that were used in the attacks, says PC Mag.

Prevention over Pharming:
  • Use some Anti Phishing Addons for Mozilla to detect phishing webpages.
  • Use spoostick Addon that will detect the fake pages
  • Use Internet Security Software(kaspersky, BullGuard Internet Security)

Continue   Reading>>

How to Change the ICON of .EXE file or any program files icon ?

You can change the icon of exe files or any other program files using Icon Changer. 

1. Download the Icon Changer Trial Version from here:
Using Trial Version , you can change the icon for only 3 times.

2. Right Click on the .EXE file  and Click Change Icon option. It will open the Icon changer application
3.   Click on Search Button. Icon changer will now search for all the ICONS on your system
3.  Now select the ICON of your choice and click on set
4.Now a pop-up window will appear and ask you to select from either of two options. From these select Change embeded icon.

You have successfully Changeed the ICON of your exe file.


Continue   Reading>>

Advanced Tabnabbing -Phishing Attack simplified

What is Tabnabbing ? 
Tabnabbing is Phishing attack that simplifies the phishing.The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert.  This will reload the inactive tabs with fake page .

How The Attack Works ?
  • A user navigates to your normal looking site.
  • A malicious code detect when the page has lost its focus and hasn’t been interacted with for a while.
  • Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
  • As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
  • After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

Targeted Attacks:

Using my CSS history miner you can detect which site a visitor uses and then attack that site (although this is no longer possible in Firefox betas). For example, you can detect if a visitor is a Facebook user, Citibank user, Twitter user, etc., and then switch the page to the appropriate login screen and favicon on demand.

Even more deviously, there are various methods to know whether a user is currently logged into a service. These methods range from timing attacks on image loads, to seeing where errors occur when you load an HTML webpage in a script tag*. Once you know what services a user is currently logged in to, the attack becomes even more effective.

You can make this attack even more effective by changing the copy: Instead of having just a login screen, you can mention that the session has timed out and the user needs to re-authenticate. This happens often on bank websites, which makes them even more susceptible to this kind of attack.

You can get this code from here:

How to protect yourself from this hack?
  • You can use a safe browser that uses anti-javascript plugins (Firefox with noscript). Note: Advanced Tabnabbing will work even javascript is not enabled. 
  • Check the url in the address bar.
  • If you got link in emails, enter the url in address bar instead of clickin it.
  • You can use some Anit Phishing add ons like(Don't Phish me,Netcraft,FirePhish) .

Continue   Reading>>

ProRat ~Best and Free Remote Administration Tools~Backdoor Trojan Horse

Prorat is one of the Remote Administration Tool[RAT].  If you don't know what is Remote Administration Tool, please read this article: What is RAT?

ProRat is maded by PRO Group and free to use for everyone.  The Latest version is  ProRat_v1.9_Fix2.

  • Full control over files
  •  Drive formatting
  • Key Logging and Screenshots
  • Stealing passwords
  • Open/close CD tray
  • Hide taskbar, desktop, and start button
  • Writing on-screen
  • Movement of cursor
  • View system information
  • Access webcam
  • Download & run files

Infection Method:
ProRat creates a server(undetected by antivirus and firewall software).  This server is able to run stealthily in the background. After server is created, it will be send to victim. Once the server is started to run in victim system, it wil bring the control to the Attacker.  The software runs completely (including rootkit) in Windows, and such features include killing security software, removing and disabling system restore points, and displaying a fake error message to mislead the victims. 


ProGroup produced some of their programs to all users (Public Edition) and some of their programs are produced for special users (Special Edition). You can download programs which are Public Edition from their download page for free. To use theirSpecial Edition programs you must buy the product and be their registered user

Download ProRat From Here:
Continue   Reading>>

Saturday, August 20, 2011

Bikini-clad women and photo tags | Facebook scammers

I have explained about Facebook scamming in my previous posts.  Still people believe that "Facebook will provide Facebook visitors tracker".  If you believe also, please read this article.  This is not only for Facebook users but also for twitter users.

Continue   Reading>>

Friday, August 19, 2011

TheHarvester v2.1 Blackhat Edition Upgraded

TheHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

This is the official change log for theHarvester:

  • DNS Bruteforcer
  • DNS Reverse lookups
  • DNS TDL Expansion
  • SHODAN DB integration
  • HTML report
  • DNS server selection
Download it From Here:
Continue   Reading>>

THC-ipv6 Toolkit – Attacking the IPV6 Protocol

A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project.

Tools Included :

  • parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
  • alive6: an effective alive scanng, which will detect all systems listening to this address
  • dnsdict6: parallized dns ipv6 dictionary bruteforcer
  • fake_router6: announce yourself as a router on the network, with the highest priority
  • redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
  • toobig6: mtu decreaser with the same intelligence as redir6
  • detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
  • dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
  • trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
  • flood_router6: flood a target with random router advertisements
  • flood_advertise6: flood a target with random neighbor advertisements
  • fuzz_ip6: fuzzer for ipv6
  • implementation6: performs various implementation checks on ipv6
  • implementation6d: listen daemon for implementation6 to check behind a FW
  • fake_mld6: announce yourself in a multicast group of your choice on the net
  • fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
  • fake_advertiser6: announce yourself on the network
  • smurf6: local smurfer
  • rsmurf6: remote smurfer, known to work only against linux at the moment
  • sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy.
Continue   Reading>>

BackTrack 5 R1 released- Penetration Testing Distribution-Linux

Backtrack-Linux released Backtrac 5 R1 Linux Distribution. This release contains over 120 bug fixes, 30 new tools and 70 tool updates.The kernel was updated to and includes the relevant injection patches.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.

Get Backtrack-Linux From here:
Continue   Reading>>

Tuesday, August 16, 2011

Tips and Tricks |BreakThesecurity Index

Continue   Reading>>

Cracking Tutorial |BreakTheSecurity Index

Continue   Reading>>

Facebook and Account Hacking| BreakThesecurity Index

Continue   Reading>>

Hacking Basics | Hacking and Security Tutorials Index

Continue   Reading>>

Matriux Krypton |Pen Testing Tool

The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.

Continue   Reading>>

Sunday, August 14, 2011

Google allows C and C++ code to run in Chrome web browser

SOFTWARE DEVELOPER Google has integrated a native client into its latest Chrome beta allowing for complex applications to run within the web browser.

Google's decision to integrate a native client into its Chrome web browser enables it to run C and C++ code natively in the web browser, meaning full programs, not just Javascript code, can be run within Chrome. Obviously this could pose pretty serious security risks so Chris Rogers, a software engineer at Google was quick to say that all code would be run under the same restrictions as Javascript.

Continue   Reading>>

Saturday, August 13, 2011

Facebook Status Update With XFBML Injection-Facebook Hacking Tweaks

In my last post, i explained how to insert HTML button in faecbook status. Now we are going to see some other Facebook Tricks using XFBML Injection.
Login to your Facebook
Paste the one of following code in address bar and hit enter.
Press the Share button.  Now go to your profile.

Continue   Reading>>

Friday, August 12, 2011

Facebook Button Hacking Trick

You can share a html button in walls as a statuts.  Can you believe it?  This hacking trick found by Acizninja DeadcOde.

  • Login to Your Facebook Account.
  • Copy the following code and paste in the Address bar:

Continue   Reading>>

Certified Ethical Hacker v7 Training Course Discount

Receive up to a $500 discount on the Certified Ethical Hacker v7 course offered by Global Knowledge through the ISLAND TRADEWINDS program - Prepare for the CEH certification while learning the latest ethical hacking techniques.

Continue   Reading>>

Thursday, August 11, 2011

FireCAT 2.0 Released-Firefox Catalog of Auditing exTensions

What is FireCAT?
FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners.

Continue   Reading>>

Wednesday, August 10, 2011

List of Online SQL Injection Scanner Websites

Continue   Reading>>

Tuesday, August 9, 2011

How to Re-Enable Task Manager,System Restore,cmd,run,Registry? Fixed

Hi friends, today i faced a problem.  A virus attacked my XP. I was unable to use Task Manager, System Restore,cmd,run,Registry.

This malware disabled important windows features(task manager, system restore,.......)

Continue   Reading>>

How does your Website becomes vulnerable to SQL Injection?

Developer is the one and only reason for the SQL Injection Vulnerability. While developing the Web Application, he fails to handle some vulnerability(because he doesn't know about it. Don't be one of them. If you are Web Application developer, then you must read these security techniquest in order to overcome the SQL Injection Vulnerability.

Continue   Reading>>

Sunday, August 7, 2011

How to Login in Facebook without Getting the Security Question?

You got someone facebook id and password.  If you try to login to that account from your your system, it will ask to answer security question.  You can bypass this security.

Victim IP address(there are some lot of ways, you can find in this blog).

  • Go to www.ip2location.com
  • and enter the IP address.
  • It will show the country of victim.
  • Now visit:
  • www.samair.ru/
  • Find the proxy IP address based on the victim's Counry.
  • Set the proxy IP in mozilla(read How to set proxy ip?)
  • Now login to facebook with id you got. you won't get Security Question now.

Continue   Reading>>

Saturday, August 6, 2011

How to Install Teamviewer -Backtrack Tutorials and Tricks

Backtrack has all required tools for PenTesting. you can install Teamview in Backtrack also.

Teamviewer is legal Remote Administration Tool[RAT].  Using Teamview you can control  your friend's system from your computer.
Visit Teamviewer official site:
Download .deb file
Copy it to desktop.
Open the Terminal
and type the following command:
sudo dpkg -i /root/teamviewer_linux.deb
It will install the Team viewer. Enjoy.

Having doubts? Feel free to comment. 
Continue   Reading>>

Install Movie Players in GNOME Backtrack 5

I like to hear songs while workign.  If you are also like that, this article is for you.  While using backtrack, you can use players.

For installing Totem media player,
Open the terminal(if you don't know how to open terminal, better don't use backtrack Linu).
Type the following command:
sudo apt-get install totem-gstreamer
and hit enter, it will start to download files and install it.
If you are using it from pen drive, verify you set enough persistence memory.
Continue   Reading>>

Friday, August 5, 2011

Blackbuntu CE v0.3! is Released

What is Blackbuntu?
“Blackbuntu is a Linux distribution for penetration testing which is specially designed for training security students and practitioners of information security. It is currently built on Ubuntu 10.10 with the Gnome desktop environment. Blackbuntu will also include the KDE desktop in the final release of Blackbuntu Community Edition 0.3. It is not included in 0.1, 0.2 or the current 0.3 betas.“

Continue   Reading>>

How to Install Firefox using tarHow to Install Firefox using tar.bz file? Manual instllation on Ubuntu LInux

1.Download firefox-5.0.1.tar.bz2 file.
2.Extract the File(just right click and select Extract here)
3. Move the folder to your Home folder(/home).  Just cut and paste inside your  home folder.
Continue   Reading>>

A Guide to Online Anonymity - How can i be completely untraceable ?

The act of keeping your identity hidden online by using connection methods and encryption methods, to make yourself untraceable to a person, website, company, school or whatever else you are doing/connecting to.

Continue   Reading>>

Thursday, August 4, 2011

OllyDbg 2.01 alpha 4 Released

 This is the last alpha release.

This is the official change log: 

Patch manager, similar to 1.10
- Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven't tested it on Win7, please report any found bugs and incompatibilities!
Continue   Reading>>

UPDATE: Safe3 Sql Injector v8.6

Safe3 developers have brought us the updated Safe3 Sql Injector version 8.3. We have discussed about Safe3 Sql Injector in detail here.

Continue   Reading>>

Mini PHP Shell 27.9 V2 Released

Continue   Reading>>

Secmaniac released Social-Engineering Toolkit Version 2.0

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Continue   Reading>>

How to Use Premium Cookies in Google Chrome?

In my previous post i explained how to hack the Premium File sharing websites (hotfile,rapidshare,megaupload ...) using the Mozilla Firefox browser add on.

For Chrome browser you have to follow this link and install the Web Developer Add on.
Open the  Google Chrome and Enter the following link
 Install the add on.

Same procedure for chrome also. So no need to worry at all.  Follow the steps mentioned in this article.
How to use Premium Cookies?

Continue   Reading>>

How to Add Premium Cookies Using Javascript?

Here i am going to explain how to add premium cookies using Javascript.

  • First of all visit corresponding file sharing website.
  • Copy and paste script in the address bar and hit enter
  • It will prompt to enter the Cookie.
  • Paste the cookie and enter.  
  • It reload. Enjoy

javascript:mu="http://www.megaupload.com/";if(location.href.indexOf(":\/\/www.megaupload.com")==-1){g=confirm("You are not on www.megaupload.com, redirecting as soon as you press ok, then please run this script again.");if(g)location.href=mu;void(0);}else{c=prompt("Enter megaupload cookie string","cookie%20megaupload");if(c){d=new%20Date();nd=new Date(d.getFullYear()+1,2,11);void(document.cookie="user="+c+";domain=.megaupload.com;path=/;"+"expires="+nd);location.href=mu}void(0)}

For Filesonic the code is:
javascript:fsc="http://www.filesonic.com/";if(location.href.indexOf(":\/\/www.filesonic.com")==-1){g=confirm("You are not on http://www.filesonic.com, redirecting as soon as you press ok, then please run this script again.");if(g)location.href=fsc;void(0);}else{c=prompt("Enter filesonic cookie string","cookie%20Filesonic");if(c){d=new%20Date();nd=new Date(d.getFullYear()+1,2,11);void(document.cookie="PHPSESSID="+c+";domain=.filesonic.com;path=/;"+"expires="+nd);location.href=fsc}void(0)}

For Rapidshare:
javascript:rs="http://rapidshare.com/";if(location.href.indexOf(":\/\/rapidshare.com")==-1){g=confirm("You are not on http://rapidshare.com, redirecting as soon as you press ok, then please run this script again.");if(g)location.href=rs;void(0);}else{c=prompt("Enter rapidshare cookie string","cookie%20rapidshare");if(c){d=new%20Date();nd=new Date(d.getFullYear()+1,2,11);void(document.cookie="enc="+c+";domain=.rapidshare.com;path=/;"+"expires="+nd);location.href=rs}void(0)}

For DepositFile:
javascript:df="http://depositfiles.com/";if(location.href.indexOf(":\/\/depositfiles.com")==-1){g=confirm("You are not on http://depositfiles.com, redirecting as soon as you press ok, then please run this script again.");if(g)location.href=df;void(0);}else{c=prompt("Enter depositfiles cookie string","cookie%20Depositfiles");if(c){d=new%20Date();nd=new Date(d.getFullYear()+1,2,11);void(document.cookie="autologin="+c+";domain=.depositfiles.com;path=/;"+"expires="+nd);location.href=df}void(0)}

For Uploaded.to

For wupload:

javascript:fs="http://www.fileserve.com/";if(location.href.indexOf(":\/\/www.fileserve.com")==-1){g=confirm("You are not on http://www.fileserve.com, redirecting as soon as you press ok, then please run this script again.");if(g)location.href=fs;void(0);}else{c=prompt("Enter fileserve cookie string","cookie%20Fileserve");if(c){d=new%20Date();nd=new Date(d.getFullYear()+1,2,11);void(document.cookie="cookie="+c+";domain=.fileserve.com;path=/;"+"expires="+nd);location.href=fs}void(0)}


For Netload:
javascript:nl="http://netload.in/";if(location.href.indexOf(":\/\/netload.in")==-1){g=confirm("You are not on http://netload.in, redirecting as soon as you press ok, then please run this script again.");if(g)location.href=nl;void(0);}else{c=prompt("Enter netload cookie string","cookie%20Netload");if(c){d=new%20Date();nd=new Date(d.getFullYear()+1,2,11);void(document.cookie="cookie_user="+c+";domain=.netload.in;path=/;"+"expires="+nd);location.href=nl}void(0)}

Continue   Reading>>

How to Install John The Ripper On Ubuntu Linux? -Works for All Linux

This article will guide you how to install John The Ripper Tool(Password Cracker) in your ubuntu or Any other Linux and Unix Based System.

1. John The Ripper: Download the Latest and Free Version from here:

 It will be in tar.gz format, namely john-1.7.7.tar.gz 

Continue   Reading>>

John The Ripper Tutorial-Password Cracking Softwares

What is John the Ripper?
John the Ripper is a fastest and Best Password Cracking software. It is compatible with many flavours of Unix, Windows, DOS, BeOS, and OpenVMS.

Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus many more with contributed patches

Info about John The Ripper:
  • It is command Line Password Cracker(Don't worry , i will guide how to use John the Ripper?).
  •  John The Ripper is available for free
  • JohnTheRipper is pre Installed in Backtrack Linux
  • You can download it for other Linux Versions or any other operating system(Eg:windows xp).  
  • Supports Both Brute Force and Dictionary Attack Methods
  • Fast and Best password Cracker.
Download John The Ripper From Here:
More Articles About John The Ripper:
How to Install John The Ripper on Linux and Windows?

Continue   Reading>>

Wednesday, August 3, 2011

Different Types of Hash Codes-How to Find Which Hash types?

You have hashes but don't know which type it is.  Don't worry, here i listed different types of Hash codes.

Example: IvS7aeT4NzQPM
Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters; in our example the salt is the string "Iv"), then there follows the actual hash.
Notes: [1] [2]

Continue   Reading>>

How to Hack Premium Accounts using Cookies? | Free Hacking Video Tutorials

We are to glad to say, We are releasing our First Free Hacking Video Tutorials. If you wan this tutorial in plain text with Screen shots, Please Follow this link:

How to Use Premium Cookies?

Continue   Reading>>

Hash Code Cracker Video Tutorial-Free Hacking Video Tutorials

This is video about our Hashcode Cracker Tool.  This video will explain how to recover your forgotten passwords from MD5 Hash code.

Text Tutorial:What is Hash Code Cracker
Continue   Reading>>

How to Setup your own Proxy Server For Free using Hamachi and Privoxy?

Read this post to know  What is proxy server?

Why should i use Proxy server?

Open Wi-Fi Connections:
It is possible for anyone to monitor everything you do on an Open Wi-Fi Network. Not all sites that you visit may use HTTPS Encryption. Sometimes even sites that do use HTTPS only do so for certain actions and then revert to regular unencrypted HTTP connections, which are visible by anyone on the network. Using a proxy server will direct all web traffic through a secure and encrypted tunnel making all of your browsing safe and unseeable.

Bypass Firewalls and Corporate Web Filtering:
Users who wish to bypass web monitoring and restrictions imposed by their employer may utilize Proxy Servers. This is great for users and dangerous for IT Professionals as it may pose a danger to network security.

How to Set up the proxy server using Hamachi and Privoxy? 

  1. 2 computers. One works proxy server. Other one use the proxy server(client). Both system should have Internet connection.
  2. Hamachi: A free (for non-commercial use), cross-platform VPN service that, gives you secure access to your home network no matter where you are. Download it from here:
  3. Privoxy: A free, Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks. Download it from here:
Installing Hamachi and Set up the Server
Step 1: 
 Decide which Computer is going to work as Proxy Server.  Install the Hamachi in that computer.
Step 2:
Once you installed, run the application.  It will open small Hamachi application window with thanks message.

Step 3:
Click the Power Button.  It will automatically detect the host name and ask you to register the client.

Once you registered, it will show some IP address like 5.xx.xxx.xxx near to the power button.  Note this is our proxy ip Address.

Step 4:
Now you will get two options. 1. Create New Network 2.Join an existing Network.
This is server Computer, we have to create network to used by client.
So click the Create a New Network button.

Step 5:
It will ask you to enter network id and password(i entered id as proxy_BreakTheSecurity).   Enter your desire id and password(Should be strong password).
Click the Create button.

That's all your server is ready to be used.

Using Our Proxy Server in client Side
Now move to your client system( i mean any other computer).  Install Hamachi in your that system.
Follow the first three step mentioned above.
Step 4:
Now you will get two options. 1. Create New Network 2.Join an existing Network.
This is Client System, right? so Click the Join an Existing network.

Step 5:
Enter the Network id and password that you used to create network.  (in my case, network id i entered is proxy_BreakTheSecurity)

You can rinse and repeat this on every machine you want to do this with, for up to 16 clients (that’s the limit for Hamachi’s free-for-non-commercial-use version)

Installing the Privoxy in the client system:
Install the privoxy and run.
Step 1:
In system tray, you can see P icon. right click on the P
and select Edit->Main Configuration.

Step 2:
It will open the config.txt file in notepad.
Search for the "listen-address"
Replace the with our proxy ip address(address that displayed in server hamachi apps) created in server side.
For example listent-address 5.xx.xxx.xxx:8118
Save the file.

That's all you finished.  Restart the privoxy.
Now we have to use the Proxy server.

Set Up Your Web Browser to Use Your New Secure Proxy:
Open the Mozilla Firefox
Open Tools->Preferences.
It will open the preference window of Firefox.
Select Advanced->Network tab.
Click the Settings button near to the "Configure how Firefox connects to the Internet”
Select the Manual proxy configuration.
Enter our Server Proxy Address(5.xx.xxx.xx) and port as 8118.
click ok.

Test the Proxy Server.
Now we have to test whether our proxy is working or not.

Visit http://config.privoxy.org/. It will detect whether you use proxy or not.

If proxy is used, you’ll see a message like “This is Privoxy 3.0.17 on Windows (5.xxx.xxx.xx), port 8118, enabled.”

If not, you’ll see a page that reads “Privoxy is not being used”.

Also, if you’re on a public Wi-Fi connection and you navigate to something like WhatIsMyIP.com with your proxy turned off, you should see a different IP when you reload the page with your proxy turned on.
(Essentially, when turned on, your home’s public IP address should be showing.)

Even though your proxy is running over an HTTP connection, Hamachi is encrypting everything that runs between your computers, so it’s still a secure option
Continue   Reading>>

Sniperspy-Best and Advanced Remote Keylogger Download

Sniperspy is best and Advanced Keylogger.   It allows you to monitor your victim remotely like a television.  No physical installation contact is needed.

No physical access to your remote PC is needed to install the monitoring software. Once installed you can view the screen LIVE and browse the file system from anywhere anytime. You can also view chats, websites, keystrokes in any language and more, with screenshots.

This software remotely installs to your computer through email. Unlike the other remote monitoring titles on the market, SniperSpy is fully and completely compatible with any firewall including Windows XP, Windows Vista and add-on firewalls.

The program then records user activities and sends the data to your online account. You login to your account SECURELY to view logs using your own password-protected login. You can access the LIVE control panel within your secure online account.

What you can do with sniperspy keylogger?

  • Live Screen View(View the victim Desktop lively).
  • Log keystrokes
  • Browse inside the victim system and download files
  • Run or kill any appliactions
  • View Browser History and cookies ,Load any websites
  • View System Information and Locations on a Map
  • Send Notifications as message
  • Turn off or Restart the computer
  • Freeze or unfreeze the system.
  • Run the Screensave.
  • Records All chat conversation like gmail,facbeook

How SniperSpy Keylogger Works?

First Step: Make Purchase
In order to purchase you must first acknowledge and agree that you are the owner of the remote PC you wish to install the software onto OR you have proper written consent from the PC owner. We DO NOT condone or promote the use of our software for illegal purposes.

If you qualify and are ready to purchase, go to the Order Page and complete all required sections and agree to the SniperSpy Legal Requirements. Click Next and then enter your billing information. Then complete the order and check your email.

Second Step: Create Module
After the order is complete, you will be instantly emailed a receipt with your Username/Password and a link to download the Module Creator program. You will download this program to your local computer in order to create the module to send to your remote computer.

Run the module creator program and enter your Username/Password into the fields. Then follow the screens to adjust the settings to your needs. Once the module wizard is finished, your module EXE file will be created in the location and name you selected. Some people choose unique names for the module such as funpics.exe or hilarious.exe.

Third Step: Deploy Module
To deploy the module you can attach the exe file to many regular email services and send to the remote PC. Your child or employee will need to run the module in order for the software to install. It is not our responsibility to get the remote user to execute the module.

Modules can be dropped into a Word, Wordpad or Works document, or even a ZIP file. When the module is executed it will not display anything on the screen if you chose the "Do Not Alert User" option during module creation.

Fourth Step: Login to Your SniperSpy Account
After you have sent the email, wait until the remote child or employee checks their email and executes the module. After the module is executed, activity will begin recording immediately. After activity starts recording it will then be uploaded to your personal SniperSpy web space.

Wait about fifteen minutes after the module has been executed. Then login to your online account. You will be able to view any recorded activity there using a secure https connection. Logs are updated every six minutes. No matter where you are, you can log into your SniperSpy account from any Internet connection.

Some Screenshots of sniperspy keylogger:

Continue   Reading>>

Hacking Facebook passwords-Facebook Bruteforcer softwares[for n00b]

Are you searching for Facebook or gmail Hacking Software?  if your answer is yes,  you come to the right place.

You may read  somewhere else as "use this hacking software to hack facebook accounts". And some hacking blogs has some post like this with procedure:
Continue   Reading>>

Tuesday, August 2, 2011

Top 10 Google +plus Tips for Beginners-Google plus Tricks

Invited by Google + , what is the next step? Here is the list Top 10 google + tips for Beginners.

Google plus Tips 1: Style the Text
*(star) for bold a word. For Example: *Google*=Google
For Italic: _Google+=Google
For Strike: -Google-=Google
Continue   Reading>>

10 ways to Handle problems yourself instead of System Administrator-Organization Tips

When you are working in organisation , you may need system administrator to solve the some of your problems.  Don't call System Administrator for your simple silly mistakes.  Try to solve yourself and reduce the work load of System Administrator.  Here is the list of top 10  tips to solve the problems yourself.

Continue   Reading>>

Which Social Networking Sites Are Secure? -Social Network Attacks

Zone Alarm released(1month back, sorry for late report) the top social network list based on the privacy. Also they report malware attacks in those social networks. see the following the image for the complete report.
Continue   Reading>>

How to Use Premium Cookies?edit cookies in any websites

In my last post i have explain how to hack the hotfile cookies and download like a premium account user(this article is example of cookie editing).  Here is the general tutorial to add or edit premium cookies. 

  • Web Developer Add on

Step 1: Install Web Developer Add on
Install the Web developer add on.  Using this add on we are going to edit the cookies

Restart the browser. now you can see the web developer toolbar. It consist of Disbale, cookies,css,forms....etc.

Step 2: Visit website
Visit the appropriate website corresponding to your premium cookies.

 Step 3:
Now click the Cookies option in the Web developer tool bar. and select View Cookies information.  It will show list of cookies.

For adding cookies click the "Add the cookie" in the toolbar instead. then skip to the step 6.

Step 4: Find the cookie
 Find the cookie that you want to edit.  Some website store login cookie as "auth" cookie.  So find the auth cookie.

Step 5: Edit the cookie
click the edit the cookie link.
this will popup the cookie window

Step 6:

paste the premium cookies in the value field

If you are adding cookies manually, cookie name will be blank. So you have to set the correct cookie name also. usually it will be "auth"

Continue   Reading>>
New Post Older Post Home

© Break The Security. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com