LFT – Layer Four Traceroute and WhoB

LFT LFT, short for Layer Four Traceroute, is a sort of ‘traceroute’ that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What […]

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment

Serious XSS Flaw in Google Desktop Allows Data Theft

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs. A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment. […]

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment

Why Blurring or Mosaicing Important Information is a BAD Idea

I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information. The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured. […]

Tags: , , , , , ,

Posted in: General Hacking, Privacy | Add a Comment
Fierce

Fierce Domain Scanner Released – Domain Reconnaissance Tool

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can […]

Tags: , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment

Another 0-day MySpace XSS Exploit

This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought). Once again an XSS flaw shows up in MySpace. digi7al64 found yet another hole in myspace using non-alpha-non-digit […]

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

sqlmap – Automated Blind SQL Injection Tool

sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. […]

Tags: , , , , , , ,

Posted in: Hacking Tools, Security Software, Web Hacking | Add a Comment

The RFID Song from Monochrom

A pretty cool song about RFID and RFID hacking from Monochrom.at. Written and first performed at 23C3 (23rd Chaos Communication Congress) in December 2006 in Berlin as part of monochrom’s ‘Proto-Melodic Comment Squad’. Users, there’s trouble ahead I said users, it is totally sad But users, the future lies in your hand Cause it’s all […]

Tags: , , , , , ,

Posted in: General Hacking | Add a Comment
THC-Hydra

THC-Hydra – The Fast and Flexible Network Login Hacking Tool

THC-Hydra rocks, it’s pretty much the most up to date and currently developed password brute forcing tool around at the moment. It supports a LOT of services and protocols too. Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallelized login cracker which supports numerous protocols […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Password Cracking | Add a Comment

0-day Vulnerability Effects Solaris – Disable Telnet NOW!

Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994. Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS. The following will give you root on a lot of Solaris systems:

Cool eh? The Internet Storm Center is urging system administrators to disable or […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Network Hacking, UNIX Hacking | Add a Comment
AccessDiver

AccessDiver – Web Site Security Testing Tool

AccessDiver is a security tester for WEB sites. It incorporates a set of powerful features which help you find and organize failures and weaknesses from your web site. AccessDiver can detect security failures on your web pages. It has multiple efficient tools which will verify the robustness of your accounts and directories accurately. So, you […]

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment