Archive | May, 2008


30 May 2008 | 19,272 views

sqlninja 0.2.3 released – Advanced Automated SQL Injection Tool for MS-SQL

We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features. Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a [...]

Continue Reading


29 May 2008 | 7,320 views

TJX Employee Fired for Trying to Fix Things

Ah TJX in the news again….after previously having the Largest Breach of Customer Data in U.S. History, now they are screwing people over that try to help them and their seemingly ridiculous information security policies. Hello blank passwords? Sounds crazy but I believe it happens, at more places than just TJX. It’s sad that someone [...]

Continue Reading


28 May 2008 | 14,003 views

fgdump 2.1.0 and pwdump 1.7.1 Released – Dump LanMan & NTLM Hashes

The major change is both tools now support 64-bit targets! Good news for us. pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. [...]

Continue Reading


26 May 2008 | 4,112 views

UK to Become Even More Draconian with Privacy Laws

Oh dear, UK going backwards again. A bad case of Big Brother syndrome and once again under the blanket excuse of efforts against terrorism. Please! That’s so old and tired now, do governments seriously think they can keep infringing people’s privacy and rights under the same old guise? Strike terror into the public by continually [...]

Continue Reading


23 May 2008 | 6,883 views

thc-Amap – Application Protocol Detection & Fingerprinting

thc-Amap (Application MAPper) is another excellent tool more towards banner grabbing and protocol detection than OS-fingerprinting. But from the services running on a machine you can get a good idea of the OS and the purpose of the server. Amap is a next-generation scanning tool for pentesters. It attempts to identify applications even if they [...]

Continue Reading


22 May 2008 | 3,584 views

Spammers Target Social Networking Sites

It makes sense, spammers will follow whatever is popular, wherever the social mass is at and reading they will bombard. In the earlier days Myspace was a big target, now they are moving on to other sites such as Facebook. Social networking sites are an ideal place for spammers as they can exploit the trust [...]

Continue Reading


21 May 2008 | 4,871 views

Tmin – Test Case Optimizer for Automated Security Testing

Tmin is a simple utility meant to make it easy to narrow down complex test cases produced through fuzzing. It is closely related to another tool of this type, delta, but meant specifically for unknown, underspecified, or hard to parse data formats (without the need to tokenize and re-serialize data), and for easy integration with [...]

Continue Reading


20 May 2008 | 5,850 views

Three Charged With Hacking Dave & Buster’s Chain

Another big heist in the US netting a whole lot of juicy information on credit and debit cards, over half a million USD lost in this case alone. There’s a whole lot of fraud going on.. Not bad for fiddling with the cash register system of a restaurant chain. It just shows, anyone dealing with [...]

Continue Reading


16 May 2008 | 12,015 views

Xprobe2 – Active OS Fingerprinting Tool

Sometimes I wonder to myself have I mentioned a certain tool on the site, usually one of my favourites…often I search the site to find I have never posted about it. It just goes to show how we often overlook some of the more ‘obvious’ choices, and to many people they may not be that [...]

Continue Reading


15 May 2008 | 8,936 views

New Botnet Malware Spreading SQL Injection Attack Tool

Now this is an interesting turn of events, the Asprox botnet malware is being used to spread SQL Injection tools rather than sending out phishing e-mails as before. It seems to install quite stealthily as well disguising itself as a Windows Service with a fairly convincing file name. It’s certainly interesting to see the evolution [...]

Continue Reading