Archive | May, 2009

WarVOX 1.0.1 Released – Telephony Analysis & War Dialing Suite

Your website & network are Hackable


WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours.

Notable Changes since 1.0.0:

  • License changed to BSD, no restrictions on commercial use
  • Support number exclusion lists / black lists (regex based)
  • Support for phone number ranges in addition to masks
  • Support for multiple ranges and masks per job
  • Numerous bug fixes and stability improvements
  • Command line script for exporting dial results (bin/export_list.rb)

You can download Warvox 1.0.1 here:

warvox-1.0.1.tar.gz

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,986,654 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,454,814 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 683,855 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Obama To Create Cyber Security Czar In White House

Find your website's Achilles' Heel


It looks like Obama is taking a serious stance on Cyber Security and Cyber Crime with his introduction of a new position which will be known as the ‘Cyber Czar’.

As a senior White House official this is quite a serious position with the responsibility of protecting both the US government networks and looking out for private companies too.

It’ll be interesting to see who is chosen for the post and what kind of policies or campaigns they will run.

President Obama is expected to announce late this week his decision to create a senior White House official responsible for protecting the nation’s government-run and private computer networks from attack, according to a published report.

The “cyber czar” will probably be a member of the National Security Council but will report to the national security adviser and the senior White House economic advisor, according to The Washington Post, which cited unnamed officials who had been briefed on the plan. As of Friday, Obama had not yet settled on the advisor’s rank and title.

The announcement is to coincide with the release of a 40-page report evaluating the government’s strategy for security government networks and other infrastructure deemed critical to national security. The timing of the report – it was expected to be released a week or two ago – and the details included in the Washington Post report suggest the plan may have run into infighting by advisors to Obama.

Officially the rank and title have not yet been decided but they will be working with the National Security Council and the Economic division of the government.

The strategy will be interesting to see too, what are they going to propose to protect the government networks and what else will they deem critical to national security? I hope it includes power stations and other such resources (Industrial Control Systems for example) as they seem to be massively lacking security.

On his first full day in office, Obama signaled a willingness to have the cyber czar report directly to the president, an arrangement that he promised as a candidate and that was also recommended by a panel of more than 60 government and business computer security experts.

While the idea is whoever is appointed will be someone who can “pick up the phone and contact the president directly, if need be,” the advisor no longer would report directly to Obama, according to the report. What’s more, the czar would now have two bosses, in an attempt to strike a balance between homeland security and economic concerns.

Over the past few months, turf wars have arisen between advisors who want the ultra-secretive National Security Agency to oversee the country’s cybersecurity. Others have said the job is best carried out by the National Cybersecurity Center, an office within the Department of Homeland Security that’s responsible for coordinating the defense of civilian, military and intelligence networks. In March, the government’s cybersecurity chief abruptly resigned amid allegations his office was woefully underfunded and inappropriately controlled by the military.

Seems like there is some infighting going on in the government and a bit of a power struggle as to which department will be controlling the ‘cyber czar’.

It’s looking like the organizational problems regarding cyber security may run deeper than they appear on the surface with claims of underfunding and misuse by the military.

I hope they do sort it out though, the more secure the US government is the safer the rest of the World will be.

Source: The Register


Posted in: General News

Tags: , , , , , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,423 views
- eEye Launches 0-Day Exploit Tracker - 85,635 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,164 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Technitium FREE MAC Address Changer v5 R2 Released for Windows

Your website & network are Hackable


It’s been a while since the last update of Technitium back in June 2008, the latest release is v5 R2 with support for Windows 7 RC.

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box.

Technitium MAC Address Changer is coded in Visual Basic 6.0.

Features

  • Support for Windows 7 RC added.
  • Issues with installer program resolved.
  • Most reported bugs in previous versions removed.
  • Allows you to remove all registry entries corresponding to Network Adapter that is no longer physically installed on the system.
  • Allows you to configure Internet Explorer HTTP proxy settings through configuration presets or command line.
  • Identifies the preset applied to currently selected Network Interface Card (NIC) automatically making it easy to identify settings.
  • Most known issues with Windows Vista removed.
  • Changes MAC address of Network Interface Card (NIC) including Wireless LAN Cards, irrespective of its manufacturer or its drivers.
  • Has latest list of all known manufacturers (with corporate addresses) to choose from. You can also enter any MAC address and know which manufacturer it belongs to.
  • Allows you to select random MAC address from the list of manufacturers by just clicking a button.
  • Restarts your NIC automatically to apply MAC address changes instantaneously.
  • Allows you to create Configuration Presets, which saves all your NIC settings and makes it very simple to switch between many settings in just a click and hence saves lot of time.
  • Allows you to Import or Export Configuration Presets to or from another file, which saves lot of time spent in reconfiguration.
  • Allows you to load any Configuration Presets when TMAC starts by just double clicking on any Configuration Preset File. (*.cpf file extension)
  • Has command line interface which allows you to perform all the tasks from the command prompt or you can even create a DOS batch program to carry out regular tasks.
  • Displays all information you would ever need to know about your NIC in one view like Device Name, Configuration ID, Hardware ID, Connection Status, Link Speed, DHCP details, TCP/IP details etc.
  • Displays total bytes sent and received through the NIC.
  • Displays current data transfer speed per second.
  • Allows you to configure IP Address, Gateway and DNS Server for your NIC quickly and instantaneously.
  • Allows you to enable/disable DHCP instantaneously.
  • Allows you to Release/Renew DHCP IP address instantaneously.

There are some famous, commercial tools available in the market from USD 19.99 to as much as USD 2499, but Technitium MAC Address Changer is available for FREE. They don’t charge for just changing a registry value! Also knowing how this works doesn’t require extensive research as some commercial tool providers claim.

You can download Technitium v5 R2 here:

TMACv5_R2_Setup.zip

Or read more here.


Posted in: Network Hacking, Security Software

Tags: , , , , , , , , , , ,

Posted in: Network Hacking, Security Software | Add a Comment
Recent in Network Hacking:
- fping 3 – Multi Target ICMP Ping Tool
- WOL-E – Wake On LAN Security Testing Suite
- dnmap – Distributed Nmap Framework

Related Posts:

Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,454,814 views
- Wep0ff – Wireless WEP Key Cracker Tool - 514,514 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 328,055 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


DNS DDoS Attack Takes Down China Internet

Find your website's Achilles' Heel


The latest news is a few million Chinese Internet users had trouble accessing any websites yesterday due to a DDoS attack on the DNS system from one of the countries registrars.

It just shows that China has an inherently weak infrastructure if such a large portion of people can be disrupted with an attack to a single location.

I guess the users haven’t heard of OpenDNS either, or perhaps they can’t use it because it’s blocked by the ‘Great Firewall of China‘.

An attack on the servers of a domain registrar in China caused an online video application to cripple Internet access in parts of the country late on Wednesday.

Internet access was affected in five northern and coastal provinces after the DNS (domain name system) attack, which targeted just one company but caused unanswered information requests to flood China’s telecommunications networks, China’s IT ministry said in a statement on its Web site. The DNS is what computers use to find each other on the Internet.

The incident revealed holes in China’s DNS that are “very strange” for such a big country, said Konstantin Sapronov, head of Kaspersky’s Virus Lab in China.

The problems started when registrar DNSPod’s DNS servers were targeted with a DDOS (distributed denial of service) attack, described by the company in an online statement. In such an attack, the attacker orders a legion of compromised computers to try to communicate with a server all at once, which overwhelms the server and crushes its ability to return requests for information.

A DoS attack on the root domain servers of any organisation is always one of the most effective as you don’t have to saturate a large pipe, you just have to make the machine max out it’s CPU/RAM so it can’t serve any more requests.

It’s much better than trying to take a corporate network offline by filling up their main line. Targeted attacks are always the most effecient.

Internet access returned to normal in the late night several hours later, according to the government statement.

China had almost 300 million Internet users at the end of last year, according to the country’s domain registry agency, and streaming online video is as popular among young people as it is in Western countries.

The event, the first of its kind in China, suggests the country needs to improve its rules managing the DNS, said Zhao Wei, CEO of Knownsec, a Beijing security firm.

The original attack transformed into a regional DNS jam essentially because Baofeng is so popular, said Zhao.

Such programs may need smarter code, which could instruct them to withdraw DNS requests that go unanswered, he said. The way unanswered requests are redirected to higher-level servers could also be changed, Zhao said.

An interesting point is that the registrar that was attacked hosted the DNS for the very popular video streaming site Baofeng – the traffic was so high for this site that that unanswered DNS requests turned into another traffic jam having the effective of multiplying the original DDoS attack.

I’m guessing this was an unintended side effect, but it worked out well for the attackers.

Source: PCWorld


Posted in: General News, Network Hacking, Telecomms Hacking

Tags: , , , , , , , , ,

Posted in: General News, Network Hacking, Telecomms Hacking | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,423 views
- eEye Launches 0-Day Exploit Tracker - 85,635 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,164 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


BugSpy – Crawls The Web For Open Source Software Bugs

Find your website's Achilles' Heel


BugSpy is an interesting web site I came across recently, put together using a Python Framework (django) it aggregates bugs from as many open source projects as it can find. Preferably critical bugs.

BugSpy

You can search by tag (e.g java, email or php ) or by product name (e.g Ubuntu, Typo3 or Samba).

http://bugspy.net/


Posted in: Exploits/Vulnerabilities, Web Hacking

Tags: , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- Pompem – Exploit & Vulnerability Finder
- Bug Bounties Reaching $500,000 For iOS Exploits

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,387 views
- AJAX: Is your application secure enough? - 120,194 views
- eEye Launches 0-Day Exploit Tracker - 85,635 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Google Poisoning Attack Gumblar Still Causing Problems

Find your website's Achilles' Heel


I thought this would have been stamped out by now, but sadly it’s still going on. With the advent of cheap web hosting and easy to use CMS systems like WordPress more and more people are managing their own websites (gone are the days of Geocities).

More people with websites means more FTP details to be stolen, and more websites to be spammed up by malware propagators.

With that sentiment, Gumblar is gaining more traction poisoning Google search results.

A Web attack that poisons Google search results is getting worse, according to security researchers.

The attack first relies on compromising normally legitimate website and planting malicious scripts. US CERT reports that stolen FTP credentials are reckoned to be the main technique in play during this stage of the attack but poor configuration settings and vulnerable web applications might also play a part.

Surfers who visit compromised websites are exposed to attacks that rely on well-known PDF and Flash Player vulnerabilities to plant malware onto Windows PCs.

This malware is designed to redirect Google search results as well as to swipe sensitive information from compromised machines, according to early findings from ongoing analysis.

Unsurprisingly the infection vectors are still the same, the recent PDF and Flash exploits. You can bank on the majority of people not installing the updates and still being vulnerable.

As always make sure any networks you manage are updated and the people you know have the latest versions of the software they use to read PDFs and Flash Player.

The SANS Institute’s Internet Storm Centre (ISC) adds that the attack has been around for some time but has intensified over recent days. Initially the malware was served up onto vulnerable Windows clients from the website gumblar.cn, which has been offline since Friday. A second domain – martuz.cn – has taken over this key role in the attack, ISC reports.

Web security scanning firm ScanSafe, which was among the first to warn of the rise of the attack, notes that the reference to martuz.cn in more recent attacks has been obfuscated, possibly in an attempt to thwart rudimentary blacklists. “The URI resulting from the injected script might appear as mar”+”tuz.cn instead of just martuz.cn,” writes ScanSafe researcher Mary Landesman.

ScanSafe reported on Monday that Gumblar more than trebled (up 246 per cent) over the preceding week. It describes Gumblar as a botnet of compromised websites in a series of blog postings on the attack, which can be found here. Sophos reckons the Gumblar-related malware appeared in 42 per cent of all the newly infected websites it detected last week.

From the domains being used it seems probably that this attack originated from China, perhaps they are starting to cash in on the malware distribution/spam/info trading scene online.

If they can from behind “The Great Firewall of China“.

It seems like the Gumblar activity has intensified significantly in recent weeks though so do watch out for it. Make sure anyone who has FTP access to any websites you run has a secure system.

Source: The Register


Posted in: Malware, Spammers & Scammers, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Malware, Spammers & Scammers, Web Hacking | Add a Comment
Recent in Malware:
- Android Malware Giving Phones a Hummer
- Cuckoo Sandbox – Automated Malware Analysis System
- movfuscator – Compile Into ONLY mov Instructions

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,528 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,651 views
- US considers banning DRM rootkits – Sony BMG - 44,996 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Retarded E-mails – Brute Force, Change School Grades, Hack US Military & MORE

Your website & network are Hackable


It’s been a few months since the last Retard Update, and it’s definitely been slower since I posted the disclaimer and link on the Contact Page.

There have been some weird ones, one worders, one liners and stuff in foreign languages.

Anyway let’s get started with a classic ‘script-kiddy I can’t operate my computer‘ type mail.

lloyd wrote:
hey i would like to know how to use brute force pleese

I have absolutely no idea what this means, can someone tell me if it’s retarded? I assume it’s Spanish.

fabricio wrote:
eu quero jogar este jogo

This guys thinks he’s smart, puts other people down in his first sentence then proceeds to do exactly the same thing. Learning how to spell might be a good start.

Manner Pavis wrote:
I understand that a majority of people who contact you have stupid and idiotic questions asking “How do I access myspace at school?” Well I could care less about any of that bull shit. I would just really like to know how to change my grades or how to become an administrator on my schools computer, any help would
be REALLY apriciated. I REALLY want to do this. So if you can tell me how to change my grades or become an administrator(without purchasing any hardware or software(unless it’s completeley neccasary))then it would be very much apriciated.

Any cyberterrorists for hire?

Pat wrote:
Hi, I have a big problem to find somone really good hacker that can help me, I’m looking for an hacker that can help me to hack into the US miletary, it maby sounds redicules but it is verry important, so please can you help me? or do you know enyone else that can help me??

Anyone have any idea at all what he’s on about?

peter davsion wrote:
darknet admin,

i have looked for the registration of the website and could not find it and i was wondering does it have one ???

and if so could you tell me were to register with the website if you can as it has a lot of good advice rather than forums and a lot more detialed ionformation on it well recomend it to anybody excellent website

Use what, what password?

justin wrote:
every time i use it is says password and i dont know what it is

*Yawn* another cheating spouse?

ken wrote:
darknet,

i am very interested on your skills
i know that you are a very intelligent man.to go straight to the point.i need a favor,someone like you that has the knowledge of the internet.i am a father of 3 children and i am married for 8yrs. my wife cheated on us.if you could help me figure out,this problem of mine.i need an evidence about the whereabouts of my
wife,using her email.i want to know how to hack her email ad.to find out what was her plan for my kids.she abandon all my kids with me.this is the only way that i could get some evidence from her emails.i don’t want to go empty handed.last year she fooled us and went to her guy..without a trace.if you can
help me with this,i would be happy together with my kids.
i really need your help
if you can pass through her yahoo mail and know the password that would be my evidence in the court..
thanks and more power to you!!!


There’s a never ending stream of people that seem to think I’m some kind of mentor too, what’s up with that?

eyes rutherford wrote:
hello,
i am not an aspiring password cracker or future convict, i am a young individual who is willing to learn about computer science and security. I promise to utilize anything you teach me within the confines of the law, i am not out to get anyone or anything, please consider my request. thank you for your time.

This needs no description.

ERAGON wrote:
I WANT TO JOIN U GUYS ANY TECHQ TO JOIN U

School grade hacking is ever-popular too, can’t you guys just study like everyone else? And yah, I’m REAL sure you wont change your grades.

JB wrote:
Hi, i got this school website ( where all the grades and shit are collected ) and i need to hack it.
could you tell me some about lining up like, 4-5 proxies? no worry, Im not gonna ask you to hack it or something, I’ll fix the md5 hash myself. and no, i do not have plans to change my grades.

-JB-

Erm ok.

dipesh wrote:
i want lern hack(security testing perpose.)

how??
pls give a replay

And of course this post can’t be complete without a Facebook hacking request!

Robert Tait wrote:
Hi, I am quite a fan of your site. I need to know how to hack Facebook or a console. is there a tool I can use, or can I pay someone from Darknet to hack for me?

Thanks

Keep an eye on the retards here:

http://www.darknet.org.uk/category/retards/


Posted in: Retards

Tags: , , , , , , , , , , ,

Posted in: Retards | Add a Comment
Recent in Retards:
- Retarded E-mails – Damn Interested Hacking, Paid Server Indian Web, Love Hashing & More
- Retarded E-mails – Carding, Coins, Bombs & More!
- Retarded E-mails – Brute Force, Change School Grades, Hack US Military & MORE

Related Posts:

Most Read in Retards:
- Retarded E-mails – Crack Hotmail? Hack Facebook? Boyfriend Cheating? - 64,583 views
- Retarded E-mails – Carding, Coins, Bombs & More! - 33,500 views
- Retarded E-mails – Brute Force, Change School Grades, Hack US Military & MORE - 10,928 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Samurai Web Testing Framework 0.6 Released – Web Application Security LiveCD

Find your website's Achilles' Heel


You may remember we wrote about Samurai being released back in November 2008, it’s been quite a while since the last update.

The authors have updated and fixed a number of issues with the environment as well as improved performance of the java based tools. They have also included a virtual machine of the environment. This VM requires VMWare.

For those that don’t know, Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. There are tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

You can download SamuraiWTF 0.6 here:

samurai-0.6.iso

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,986,654 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,454,814 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 683,855 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Trojan in Counterfeit Copies of Windows 7 Builds Botnet

Your website & network are Hackable


This latest mass infection is through a vector I really don’t understand, see as though you can legitimately download Windows 7 from Microsoft.

I guess people just prefer BitTorrent downloads to HTTP downloads, and whoever had this smart idea capitalized on that.

Microsoft should perhaps do something about that and put out a legitimate BitTorrent copy. I guess the problem is updates, once it’s out there and people are seeding it’s out there for good and it’s not necessarily the latest build.

A Trojan buried within counterfeit copies of Windows 7 RC was used to build a botnet of compromised PCs.

The tactic emerged after researchers from security firm Damballa shut down the command and control servers used to control the system, reckoned to have drafted thousands of Windows PCs into its compromised ranks. Damballa reckons malicious hackers distributed the malware by hiding it within counterfeit copies of pre-release versions of Microsoft’s next operating system on offer through BitTorrent.

Damballa reckons that the pirated package was released around 24 April. By 10 May, when security researchers effectively curtailed the operation, as many as 552 new users were becoming infected per hour as a result of the attack.

It seems like the infection rate for this trojan has been pretty sharp, with 552 new users per hour that’s over 13,000 new infections per day adding up to almost 100,000 in one week.

The Command and Control center for the botnet has been taken offline though on May 10th so it’s rendered pretty useless since then.

I guess they should have built a more robust control mechanism like Conficker.

“Since the pirated package was released on 24 April, my best guess is that this botnet probably had at least 27,000 successful installs prior to our takedown of its CnC [command and control] on 10 May,” Tripp Cox, vice president of engineering at Damballa, told eWeek.

Since Damballa’s intervention, users installing the pirated version of Windows 7 RC are outside the control of the botmaster hackers running the attack. However, users who were compromised prior to 10 May remain within the ranks of the zombie drones controlled by the unidentified hackers.

Trend Micro identifies the Trojan featured in the attack as DROPPER-SPX.

Burying backdoors in counterfeit code is a popular tactic among crackers witnessed many times over the years with pirated copies of Microsoft applications and, more recently, with pirated versions of iWork ’09 for Apple Mac machines. In the case of the latest attack, prospective Windows 7 RC users get infected before they have a chance to install anti-virus tools, many of which are yet to support Windows 7 anyway.

You can check out the details on Trend Micro blog here.

If you want to get hold of Windows 7 you can just go directly to the Microsoft site here.

Source: The Register


Posted in: Malware, Windows Hacking

Tags: , , , , , , , , ,

Posted in: Malware, Windows Hacking | Add a Comment
Recent in Malware:
- Android Malware Giving Phones a Hummer
- Cuckoo Sandbox – Automated Malware Analysis System
- movfuscator – Compile Into ONLY mov Instructions

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,528 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,651 views
- US considers banning DRM rootkits – Sony BMG - 44,996 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Pangolin – Automatic SQL Injection Tool

Find your website's Achilles' Heel


Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Database Support

  • Access: Informations (Database Path; Root Path; Drivers); Data
  • MSSql: Informations; Data; FileReader; RegReader; FileWriter; Cmd; DirTree
  • MySql: Informations; Data; FileReader; FileWriter;
  • Oracle: Inforatmions (Version; IP; Database; Accounts ……); Data; and any others;
  • Informix: Informatons; Data
  • DB2: Informatons; Data; and more;
  • Sybase: Informatons; Data; and more;
  • PostgreSQL: Informatons; Data; FileReader;
  • Sqlite: Informatons; Data

At present, most of the functions are directed at MSSQL and MySql coupled with Oracle and Access. Other small and medium-sized companies are using DB2, Informix, Sybase, PostgreSQL, as well as Sqlite which isn’t so common.

You can download Pangolin here:

pangolin_free_edition_2.1.2.924.rar (Download Page)

Or read more here.


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,885 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,480 views
- SQLBrute – SQL Injection Brute Force Tool - 41,257 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95