sqlsus 0.2 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more… It is designed to maximize the amount of […]

Topic: Database Hacking, Hacking Tools, Web Hacking

Indian Credit Card Fraud Exposed – Linked to Symantec

In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions. I guess it’s hard to control a 3rd party call center though and […]

Topic: Legal Issues, Privacy, Spammers & Scammers

Webshag 1.10 Released – Free Web Server Audit Tool

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature […]

Topic: Hacking Tools, Networking Hacking, Web Hacking

New Conficker Variant More Aggressive

Conficker has gotten quite a lot of news recently with it growing so fast and Microsoft offering a bounty for the authors. It seems like the Conficker authors are really serious about retaining control of their botnet and expanding it further without hindrance from the companies trying to stop them. It’s quite likely they are […]

Topic: Malware, Spammers & Scammers

dnsmap 0.22 Released – Subdomain Bruteforcing Tool

dnsmap is a subdomain bruteforcer for stealth enumeration, you could say something similar to Reverse Raider or DNSenum. Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, […]

Topic: Hacking Tools, Networking Hacking

BBC Unleashes Botnet For ‘Investigation’

The BBC has made an odd move recently by buying/seeding a botnet of 22,000 computers under the guise of investigative journalism. They claim it’s not illegal as they caused no harm and only sent spam to e-mail accounts used by themselves. Technically I think it’s still breaking the law under the Computer Misuse Act but […]

Topic: Legal Issues, Malware, Spammers & Scammers