Friday, 28 August 2015

Hack iCloud Activation Lock

 
iCloud Apple iD BruteForcer 

This tool is released by "Pr0x13" at GitHub. Attackers to break into any iCloud account, potentially giving them free access to victims’ iOS devices.

How to Install: 
Put in HtDocs Folder in your Xampp installation.
Install cUrl for your OS
Navigate to http://127.0.0.1/iDict/ in your web browser (preferably Firefox, Chrome, or Safari).

Wordlist.txt is from iBrute and it satisfies iCloud password Requirements
It's been reported if icloud server responds with an error restart xampp or 
your computer

-=Reports coming in that Server is now Patched with Rate Limiter=-
-=Server Fully Patched, Discontinue use if you don't want to lock your account!!=-

What is this?
A 100% Working iCloud Apple ID Dictionary attack that bypasses 
Account Lockout restrictions and Secondary Authentication on any account.

What this isn't:
A bypass or fully automated removal

Why? 
This bug is painfully obvious and was only a matter of time before it was 
privately used for malicious or nefarious activities, I publicly disclosed it so apple will patch it.

 
 
 
 
How to Unlock iCloud Activation Lock

First is need to Download the hack tool on your pc. Go on Download Button below and get this software. We give this for free, not is need to pay.

Unlock iCloud Lock Download BypassTool


Step 1. Download and Unzip the file on your PC.
Step 2. Start this hack tool on your PC. Connect your iPhone via USB cable.
Step 3. Then click on Start button to process bypass icloud lock service.
Step 4. Wait five min to be complete this process. When will be done click OK.

The finaly process is when this will be complete to install the latest versizon on iTunes on your PC. Then make Restore Update on your device and icloud lock will be permanent removed from your apple device. This is official factory unlock on iCloud lock directly from Apple Database Servers.

Many services in the world talk for this on net, but be careful, many of them is scam. We this service give you for free, and not like to give money to us. Only Download this hack tool and enjoy.

Dear Readers if like to Unlock for Not free in five min your iCloud Lock on your iPhone go here on this Factory Unlock iPhone company. This is safely service we test. – iPhoneOfficialUnlock

 
Posted by at No comments:
Labels: , , ,

Google Hacking

Google queries for locating various Web servers
“Apache/1.3.28 Server at” intitle:index.of
Apache 1.3.2
“Apache/2.0 Server at” intitle:index.of
Apache 2.0
“Apache/* Server at” intitle:index.of
any version of Apache
“Microsoft-IIS/4.0 Server at” intitle:index.of
Microsoft Internet Information Services 4.0
“Microsoft-IIS/5.0 Server at” intitle:index.ofMicrosoft Internet Information Services 5.0
“Microsoft-IIS/6.0 Server at” intitle:index.of
Microsoft Internet Information Services 6.0
“Microsoft-IIS/* Server at” intitle:index.of
any version of Microsoft Internet Information Services
“Oracle HTTP Server/* Server at” intitle:index.of
any version of Oracle HTTP Server
“IBM _ HTTP _ Server/* * Server at” intitle:index.of
any version of IBM HTTP Server
“Netscape/* Server at” intitle:index.of
any version of Netscape Server
“Red Hat Secure/*” intitle:index.of
any version of the Red Hat Secure server
“HP Apache-based Web Server/*” intitle:index.of
any version of the HP server
Queries for discovering standard post-installation
intitle:”Test Page for Apache Installation” “You are free”
Apache 1.2.6
intitle:”Test Page for Apache Installation” “It worked!” “this Web site!”
Apache 1.3.0 – 1.3.9
intitle:”Test Page for Apache Installation” “Seeing this instead”
Apache 1.3.11 – 1.3.33, 2.0
intitle:”Test Page for the SSL/TLS-aware Apache Installation” “Hey, it worked!”
Apache SSL/TLS
intitle:”Test Page for the Apache Web Server on Red Hat Linux”
Apache on Red Hat
intitle:”Test Page for the Apache Http Server on Fedora Core”
Apache on Fedora
intitle:”Welcome to Your New Home Page!”
Debian Apache on Debian
intitle:”Welcome to IIS 4.0!”
IIS 4.0
intitle:”Welcome to Windows 2000 Internet Services”
IIS 5.0

intitle:”Welcome to Windows XP Server Internet Services”
IIS 6.0
Querying for application-generated system reports
“Generated by phpSystem”

operating system type and version, hardware configuration, logged users, open connections, free memory and disk space, mount points
“This summary was generated by wwwstat”
web server statistics, system file structure
“These statistics were produced by getstats”
web server statistics, system file structure
“This report was generated by WebLog”
web server statistics, system file structure
intext:”Tobias Oetiker” “traffic analysis”
systemperformance statistics as MRTG charts, network configuration
intitle:”Apache::Status” (inurl:server-status | inurl:status.html | inurl:apache.html)
server version, operating system type, child process list, current connections
intitle:”ASP Stats Generator *.*” “ASP Stats Generator” “2003-2004 weppos”
web server activity, lots of visitor information
intitle:”Multimon UPS status page”
UPS device performance statistics
intitle:”statistics of” “advanced web statistics”
web server statistics, visitor information
intitle:”System Statistics” +”System and Network Information Center”

system performance statistics as MRTG charts, hardware configuration, running services
intitle:”Usage Statistics for” “Generated by Webalizer”
web server statistics, visitor information, system file structure
intitle:”Web Server Statistics for ****”
web server statistics, visitor information
nurl:”/axs/ax-admin.pl” -script
web server statistics, visitor information
inurl:”/cricket/grapher.cgi”
MRTG charts of network interface performance
inurl:server-info “Apache Server Information”
web server version and configuration, operating system type, system file structure
“Output produced by SysWatch *”
operating system type and version, logged users, free memory and disk space, mount points, running processes, system logs



dork for finding admin page
admin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
phpSQLiteAdmin/
server_admin_small/
database_administration/
system_administration/
Update Imp. Dorks.
Dork : "inurl:dettaglio.php?id="

Exploit :www.victim.com/sito/dettaglio.php?id=[SQL]

Example :http://www.cicloposse.com/dettaglio.php?id=61'
----------------------------------------------------------------------------------------------------------------
Dork: inurl:prodotto.php?id)

Exploit:
www.victim.com/prodotto.php?id=[SQL]

Example:http://www.poderimorini.com/en/prodotto.php?id=14'

sql injection dorks
allinurl: \”index php go buy\”
allinurl: \”index.php?go=sell\”
allinurl: \”index php go linkdir\”
allinurl: \”index.php?go=resource_center\”
allinurl: \”resource_center.html\”
allinurl: \”index.php?go=properties\”
allinurl: \”index.php?go=register\”

Error message queries
“A syntax error has occurred”filetype:ihtml
Informix database errors, potentially containing function names, filenames, file structure information, pieces of SQL code and passwords
“Access denied for user” “Using password”
authorisation errors, potentially containing user names, function names, file structure information and pieces of SQL code
“The script whose uid is ” “is not allowed to access”

access-related PHP errors, potentially containing filenames, function names and file structure information
“ORA-00921: unexpected end of SQL command”
Oracle database errors, potentially containing filenames, function names and file structure information
“error found handling the request” cocoon filetype:xml
Cocoon errors, potentially containing Cocoon version information, filenames, function names and file structure information
“Invision Power Board Database Error”

Invision Power Board bulletin board errors, potentially containing function names, filenames, file structure information and piece of SQL code
“Warning: mysql _ query()” “invalid query”
MySQL database errors, potentially containing user names, function names, filenames and file structure information
“Error Message : Error loading required libraries.”

CGI script errors, potentially containing information about operating system and program versions, user names, filenames and file structure information
“#mysql dump” filetype:sql
MySQL database errors, potentially containing information about database structure and contents
Dork for locating passwords
http://*:*@www” site
passwords for site, stored as the string “http://username:password@www…”
filetype:bak inurl:”htaccess|passwd|shadow|ht users”
file backups, potentially containing user names and passwords
filetype:mdb inurl:”account|users|admin|admin istrators|passwd|password”
mdb files, potentially containing password information
intitle:”Index of” pwd.db
pwd.db files, potentially containing user names and encrypted passwords
inurl:admin inurl:backup intitle:index.of
directories whose names contain the words admin and backup
“Index of/” “Parent Directory” “WS _ FTP.ini”
filetype:ini WS _ FTP PWD
WS_FTP configuration files, potentially containing FTP server access passwords
ext:pwd inurl:(service|authors|administrators |users) “# -FrontPage-”
files containing Microsoft FrontPage passwords
filetype:sql (“passwd values ****” | “password values ****” | “pass values ****” )
files containing SQL code and passwords inserted into a database
intitle:index.of trillian.ini
configuration files for the Trillian IM
eggdrop filetype:user

user configuration files for the Eggdrop ircbot
filetype:conf slapd.conf
configuration files for OpenLDAP
inurl:”wvdial.conf” intext:”password”
configuration files for WV Dial
ext:ini eudora.ini
configuration files for the Eudora mail client
filetype:mdb inurl:users.mdb
Microsoft Access files, potentially containing user account information
Searching for personal data and confidential documents
filetype:xls inurl:”email.xls”
email.xls files, potentially containing contact information
“phone * * *” “address *” “e-mail” intitle: “curriculum vitae”
CVs
“not for distribution”

confidential documents containing the confidential clause
buddylist.blt
AIM contacts list
intitle:index.of mystuff.xml
Trillian IM contacts list
filetype:ctt “msn”
MSN contacts list
filetype:QDF

QDF database files for the Quicken financial application
intitle:index.of finances.xls
finances.xls files, potentially containing information on bank accounts, financial summaries and credit card numbers
intitle:”Index Of” -inurl:maillog maillog size
maillog files, potentially containing e-mail
Network Vulnerability Assessment Report”
“Host Vulnerability Summary Report”
filetype:pdf “Assessment Report”
“This file was generated by Nessus”
reports for network security scans, penetration tests etc
dork for locating network devices
“Copyright (c) Tektronix, Inc.” “printer status”
PhaserLink printers
inurl:”printer/main.html” intext:”settings”
Brother HL printers
intitle:”Dell Laser Printer” ews
Dell printers with EWS technology
intext:centreware inurl:status
Xerox Phaser 4500/6250/8200/8400 printers
inurl:hp/device/this.LCDispatcher
HP printers
intitle:liveapplet inurl:LvAppl
Canon Webview webcams
intitle:”EvoCam” inurl:”webcam.html”
Evocam webcams
inurl:”ViewerFrame?Mode=”

Panasonic Network Camera webcams
(intext:”MOBOTIX M1″ | intext:”MOBOTIX M10″) intext:”Open Menu” Shift-Reload
Mobotix webcams
inurl:indexFrame.shtml Axis
Axis webcams
intitle:”my webcamXP server!” inurl:”:8080″
webcams accessible via WebcamXP Server
allintitle:Brains, Corp.
camera webcams accessible via mmEye
intitle:”active webcam page”
Posted by at 1 comment:
Labels: , , ,

Game CheatCodes

Clash of Clans Hack v1.72 for Gold, Elixier and Gems

working on Android and iOS - without Jailbreak - no Survey.

http://loadsnake.com/coc-hack/

FOR HITMAN

when you run the game if it shows this message
 Fatal error  Direct3D:Unable to create device. Try changing resolution or color depth

SOLUTION

Open the Hitman2.ini file on your hard drive and change the line
which reads DrawDll RenderD3D.dll to DrawDll RenderOpenGL.dll.
Your game error will be fixed.. :)
NFS WORLD CHEATCODES

Make Money A Little Bit Faster
The best way to get money faster is to enter a tier 1 team escape. Yeah, the cops are annoying but it's more fun and you get roughly $500 more!

Easy Money
In NFS:W, play team escape. It gets you $2000-$3000 each escape. So you can earn money quickly and easily.

Easily Evade Spots
The first 2 are in little cubby holes by the docks to the awy south (the lobster shacks). The third one is by the shipyard, it is behind a glitch wall, you can pass through but for some reason they cant. The fourth is between the other locations, there is a garage type thing with a fish above it, go in here and you wont get caught. All of these locales have cooldowns as well.

Car Gone Mad
At the stadium in riverfront the box thing if you put your front tire off it will start going crazy if you wait and if done correct.

GTA Sandreas Cheat Codes
Armor, Health, And Money

hesoyam
Complete Pilot School With All Bronze Medals

Enter rustler as a code.
Never Get A Star Rating

To never get a star rating type AEZAKMI
Make All Traffic Fast Cars

Enter everyoneisrich as a code.
Get An Invisible Car

Enter wheelsonlyplease as a code.
Weapon Sets 1

lxgiwyl
Drive The Train

If you want to drive the train type 'lockit'
Spawn Rancher 4x4

jqntdmh
Never Get Hungry

Type in AEDUWNV.
Perform A Mega-jump

Enter kangaroo as a code.
Get Max Sex Appeal

Enter helloladies as a code.
Maxed Out On All Vehicle Skill Statistics

Enter naturaltalent as a code.
Pedestrians Attack With Guns

bgluawml
Max Respect

worshipme
Flying Cars

Unlike previous GTA Games, this allows you to stay in the air and go any where you want. But be careful landing, the car goes at least 500mph in the air. But I thought it was a big improvement. Anyway, onto the code, chittychittybangbang.
Spawn Army Tank

aiwprton
Sunny Weather

pleasantlywarm
Create A Sandstorm

Type in CWJXUOC.
CJ Is A Slut Magnet

Type in BEKKNQV.
Complete The Driving School With All Gold Medals

Enter hotknife as a code.
Make All Traffic Cheap Cars

Enter everyoneispoor as a code.
Commit Suicide

Enter goodbyecruelworld as a code.
Achieve Perfect Vehicle Handling

Enter sticklikeglue as a code.
While On A Bike To Perform A Huge Bunny Hop (ala E.T.)

Enter cjphonehome as a code.
Be At The Hitman Level In All Weapons Statistics

Enter professionalkiller as a code.
Six Star Wanted Level

bringiton
Raise Wanted Level

turnuptheheat
Pedestrians Riot

stateofemergency
Unlimited Health

baguvix
Speed Up Time

ysohnul
Spawn Parachute

aiypwzqp
Spawn Dozer

itsabull
Max Muscle

buffmeup
Max Stamina

vkypqcf
Spawn Stretch Limo

celebritystatus
Spawn Hearse

wheresthefuneral
Spawn Hydra (Fighter Jet), Spawn Monster

Tired of just driving on stupid cars and also having to wait to pass a test to get the Hydra well type in JUMPJET and the Hydra will appear. Also want a monster truck; Type in MONSTERMASH and you will get the MONSTER.
Lose All Body Fat

Type in KVGYZQK.
Maximum Body Fat

Type in BTCDBCB.
Have Infinite Air For Swimming Underwater

Type in CVWKXAM.
Have A Beach Party

Type in CIKGCGX.
Contract On CJ

Type in BAGOWPG.
Get VERY Sunny Weather

Enter toodamnhot as a code.
Spawn A Dozer

Enter itsallbull as a code.
Severely Reduce Traffic

Enter ghosttown as a code.
Recruit Anyone And Have Them Equipped With Rockets

Enter rocketmayhem as a code.
Remake The Hood In A Ninja Theme

Enter ninjatown as a code.
Make Gangs Take Over The Streets

Enter bifbuzz as a code.
Remake The 'hood In A Funhouse Theme

Enter crazytown as a code.
Accelerate Gameplay

Enter speeditup as a code.
Make Cars Float Away When Hit

Enter bubblecars as a code.
Make Boats Fly

Enter flyingfish as a code.
Permanent Midnight

Enter nightprowler as a code.
Suicide

SZCMAWO
Gang Members Everywhere

MROEMZH
Spawn Bloodring Banger

oldspeeddemon
Slow Motion

slowitdown
Pedestrians Have Weapons

foooxft
Pedestrians Are Elvis

bluesuedeshoes
Weapon Sets 2

professionalskit
Weapon Sets 3

uzumymw
Unlimited Ammo

fullclip
Super Punches

iavenjq
Rainy Weather

auifrvqs
Stormy Weather

scottishsummer
Sunny Weather

pleasentlywarm
Spawn 4xWheeler

fourwheelfun
Spawn Monster Truck

monstermash
Spawn Jetpack

rocketman
Spawn Hydra

jumpjet
Spawn Hunter

ohdude
Spawn Caddy

rzhsuew
Max Lung Capacity

cvwkxam
Lower Wanted Level

turndowntheheat
Destroy All Cars

cpktnwt
Cloudy Weather

alnsfmzo
Spawn Vortex

kgggdkp
Spawn Trashmaster

truegrime
Spawn Tanker

amomhrer
Spawn Stunt Plane

flyingtostunt
Note: Stunt Plane can do backflips, barrel rolls, and sky diving.

Spawn Racecar #2

vpjtqwv
Spawn Racecar #1

vrockpokey
Adrenaline Effects

anoseonglass
All Cars Have Nitrous

speedfreak
Aggressive Traffic

ylteicz
Posted by at No comments:
Labels: , , ,

Forensic Tools

Unhide : To find processes hidden by rootkits:

Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques:

    Compare /proc vs /bin/ps output
    Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
    Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
    Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version
    Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version
    Reverse search, verify that all thread seen by ps are also seen in the kernel.
    6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version.
    Unhide-TCP

PhotobucketDownload

Hashbot Online Forensic Web Tool

Hashbot is a forensic web tool to acquire and validate, over time, the status of an individual web page or web document.
Acquire: Insert the URL to acquire, select your favorite user agent (default is Firefox) and click on submit. Wait for creating process finish and download the zip archive.

Validate: Unzip the archive downloaded by the creation service, open the <code>-code.txt file and use the "Validate Info" section to fill in the validation form. Click on submit and wait for the server response.
HashBot

Registry Decoder - Digital Forensics Tool


Digital forensics deals with the analysis of artifacts on all types of digital devices.
 One of the most prevalent analysis techniques performed is that of the registry
hives contained in Microsoft Windows operating systems.

Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents.


PhotobucketDownload

Rifiuti v1.0

A Recycle Bin Forensic Analysis Tool.

Many important files within Microsoft Windows have structures that are
undocumented.
One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they must have an acceptable margin of error. Currently, there are a lack of open source methods and tools that forensic analysts
can rely upon to examine the data found in proprietary Microsoft files.

Many computer crime investigations require the reconstruction of a subject's
Recycle Bin. Since this analysis technique is executed regularly, we researched the structure of the data found in the Recycle Bin repository files (INFO2 files). Rifiuti,
the Italian word meaning "trash", was developed to examine the contents of the INFO2 file in the Recycle Bin.
The foundation of Rifiuti's examination methodology is presented in the white paper located here. Rifiuti will parse the information in an INFO2 file and output the results
in a field delimited manner so that it may be imported into your favorite spreadsheet program. Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X,
Linux, and *BSD platforms.

Usage:
rifiuti [options] <filename>
-t Field Delimiter (TAB by default)

Example Usage:
[kjones:rifiuti/rifiuti_20030410_1/bin] kjones% ./rifiuti INFO2 > INFO2.txt

Open INFO2.txt as a TAB delimited file in MS Excel to further sort and filter your
results.

PhotobucketDownload
NetSleuth

Its identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files.
NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).  It is a free network monitoring, cyber security and network forensics analysis (NFAT) tool

PhotobucketDownload

Bug TraQ


Bugtraq system offers the most comprehensive distribution, optimal, stable and automatic security to date. Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can be installed from a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel. The kernel has been patched for better performance to recognize a variety of hardware, including wireless injection patches pentesting that other distributions do not recognize.
Features:
  • Patching the kernel 2.6.38 to recognize 4 gigs of RAM in 32-bit.
  •  Tools perfectly configured, automated installation scripts and tools like Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira, BitDefender, ClamAV, Avast, AVG, etc...
  • Unique Scripts from Bugtraq-Team (SVN updates tools, delete tracks, backdoors, Spyder-sql, etc.

PhotobucketDownload

Hex Workshop


The Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft
Windows, combining advanced binary editing with the ease and flexibility of a word processor. With Hex Workshop you can
Edit, cut, copy, paste, insert, and delete of Hex Script.
Hex values can be grouped by 1, 2, 4, 8 or 16 bytes.
Search using Hex Strings (including wildcards).
Find and replace by Hex Strings, Text, Strings or values.
Sector edit partitions or physical disks.
Checksum either entire document or a selection.
Arithmetic operations: +, -, *, /, %, ().
C/C++ Plug-in API.
Hex/Decimal calculator supporting: +,-,*,/,|,&,^,<<,>>, ~


PhotobucketDownload

Helix

Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

PhotobucketDownload

Hiren’s BootCD 14.1

All in One Bootable CD which has all utilities..


PhotobucketDownload

Posted by at No comments:
Labels: , , ,

Firefox Imp. Addons.....

FOX TAB:
3D in your browser! FoxTab brings innovative 3D functionality to your Firefox.



New! Top Sites for FoxTab (aka Speed Dial).
Now you can access your most favorite sites from the familiar FoxTab interface.

FoxTab is a popular 3D tab management extension.
FoxTab powers Firefox with the following main features:
  ✔ Top Sites (aka Speed Dial) for quickly accessing your favorite web sites.
  ✔ Tab Flipper – to easily flip between opened tabs using mouse or keyboard gestures.
  ✔ Recently Closed Tabs – for reopening a tab that was recently closed.

Choose between 6 attractive 3D layouts.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/8879/


GREASE MONKEY:



Allows you to customize the way a webpage displays using small bits of JavaScript. ...!!

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/748/

TAMPER DATA:

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters...


Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.

Trace and time http response/requests.

Security test web applications by modifying POST parameters.

FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/966/

XSS ME:
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/7598/
Posted by at No comments:
Labels: , , ,

Email Hacking...........




Do U Think If Your Email Can Not Been Hackable, Then You Are Wrong...
Ur Email-ID Can Be Hack... But Its Can Be Hack Only Fault by User.. Most Of The Peoples Think That Their Has A Software to Hack A Email- ID's But Truth Is Their Is No Software Present For Hacking Ur Mail ID's..

Email Hacking can be possible to many ways like:-
 
 1. Social Engineering

2.Phishing Attacks

3. Cookie Hijacking

4. By Keyloggers


Social Engineering:
This Process is defined as Hack the human mind without any tools...
This has become one of the hottest topics today and it seems to work out most of the times. Social Engineering doesn’t deal with the network security issues, vulnerabilities, exploits, etc. It just deals with simple Psychological tricks that help to get the information we want.
This really works!! But it requires a lot of patience.
We are all talking about network security and fixing the vulnerabilities in networks.
 But what happens if some internal person of a network accidentally gives out the passwords. After all we are all humans; we are also vulnerable and can be easily
 exploited and compromised than the computers.
Social Engineering attacks have become most common during the chat sessions.
With the increase in use of Instant Messengers, any anonymous person may have a
chat with another any where in the world. The most crucial part of this attack is to
win the trust of the victim.

Phishing Attack:
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surroundering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

Cookie Hijacking:
In cookie hijacking we can hack email accounts very easily.. This trick is very
 dangereous because whenever user change a password then there is no need to
 attacker for again hack Email- ID of victim. And it would take you to inbox of victim's yahoo account without asking for any password of victim account.

Keyloggers:
Keylogger is a software program or hardware device that is used to monitor and log
each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because
these programs and hardware devices monitor the keys typed in a user can easily
find user passwords and other information a user may not wish others to know about.
Keyloggers, as a surveillance tool, are often used by employers to ensure employees
 use work computers for business purposes only. Unfortunately, keyloggers can also
 be embedded in spyware allowing your information to be transmitted to an unknown third party.
Posted by at No comments:
Labels: , , ,

Tuesday, 18 August 2015

Phlashing-PDOS......

A permanent Denial Of Service (PDOS), also known as "Phlashing". It's an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Phlashing used for hardware attack. Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware image a process which when done legitimately is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.

The PDOS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacker communities. PhlashDance is a tool created by Rich Smith (an employee of Hewlett-Packard's Systems Security Lab) used to detect and demonstrate PDoS vulnerabilities at the 2008 EUSecWest Applied Security Conference in London. Smith said remotely abusing firmware update mechanisms with a Phlashing attack, for instance, is basically a one-shot attack. “Phlashing attacks can achieve the goal of disrupting service without ongoing expense to the attacker; once the firmware has been corrupted, no further action is required for the DOS condition to continue,”

An attacker could use remote firmware update paths in network hardware, which are often left unprotected, to deliver corrupted firmware and flash this to the device. As a result, the device would become unusable.
Posted by at No comments:
Labels: , , ,

Saturday, 15 August 2015

Botnets

Botnet 


A botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.

Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander.

A botnet may be small or large depending on the complexity and sophistication of the bots used. A large botnet may be composed of ten thousand individual zombies. A small botnet, on the other hand may be composed of only a thousand drones. Usually, the owners of the zombie computers do not know that their computers and their computers’ resources are being remotely controlled and exploited by an individual or a group of malware runners through Internet Relay Chat (IRC)

There are various types of malicious bots that have already infected and are continuing to infect the internet. Some bots have their own spreaders – the script that lets them infect other computers (this is the reason why some people dub botnets as computer viruses) – while some smaller types of bots do not have such capabilities.

Different Types of Bots


Here is a list of the most used bots in the internet today, their features and command set.

XtremBot, Agobot, Forbot, Phatbot


These are currently the best known bots with more than 500 versions in the internet today. The bot is written using C++ with cross platform capabilities as a compiler and GPL as the source code. These bots can range from the fairly simple to highly abstract module-based designs. Because of its modular approach, adding commands or scanners to increase its efficiency in taking advantage of vulnerabilities is fairly easy. It can use libpcap packet sniffing library, NTFS ADS and PCRE. Agobot is quite distinct in that it is the only bot that makes use of other control protocols besides IRC.

UrXBot, SDBot, UrBot and RBot


Like the previous type of bot, these bots are published under GPL, but unlike the above mentioned bots these bots are less abstract in design and written in rudimentary C compiler language. Although its implementation is less varied and its design less sohisticated, these type of bots are well known and widely used in the internet.

GT-Bots and mIRC based bots


These bots have many versions in the internet mainly because mIRC is one of the most used IRC client for windows. GT stands for global threat and is the common name for bots scripted using mIRC. GT-bots make use of the mIRC chat client to launch a set of binaries (mainly DLLs) and scripts; their scripts often have the file extensions .mrc.
Malicious Uses of Botnets

Types Of Botnet Attack


Denial of Service Attacks


A botnet can be used as a distributed denial of service weapon. A botnet attacks a network or a computer system for the purpose of disrupting service through the loss of connectivity or consumption of the victim network’s bandwidth and overloading of the resources of the victim’s computer system. Botnet attacks are also used to damage or take down a competitor’s website.

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.
Any Internet service can be a target by botnets. This can be done through flooding the website with recursive HTTP or bulletin-board search queries. This mode of attack in which higher level protocols are utilized to increase the effects of an attack is also termed as spidering.

Spyware Adware Spamming and Traffic Monitoring


 Its a software which sends information to its creators about a user's activities – typically passwords, credit card numbers and other information that can be sold on the black market. Compromised machines that are located within a corporate network can be worth more to the bot herder, as they can often gain access to confidential information held within that company. There have been several targeted attacks on large corporations with the aim of stealing sensitive information, one such example is the Aurora botnet.

Its exists to advertise some commercial entity actively and without the user's permission or awareness, for example by replacing banner ads on web pages with those of another content provider.


A botnet can also be used to take advantage of an infected computer’s TCP/IP’s SOCKS proxy protocol for networking appications. After compromising a computer, the botnet commander can use the infected unit (a zombie) in conjunction with other zombies in his botnet (robot network) to harvest email addresses or to send massive amounts of spam or phishing mails.

Moreover, a bot can also function as a packet sniffer to find and intercept sensitive data passing through an infected machine. Typical data that these bots look out for are usernames and passwords which the botnet commander can use for his personal gain. Data about a competitor botnet installed in the same unit is also mined so the botnet commander can hijack this other botnet.

Access number replacements are where the botnet operator replaces the access numbers of a group of dial-up bots to that of a victim's phone number. Given enough bots partake in this attack, the victim is consistently bombarded with phone calls attempting to connect to the internet. Having very little to defend against this attack, most are forced into changing their phone numbers (land line, cell phone, etc.).

Keylogging and Mass Identity Theft



An encryption software within the victims’ units can deter most bots from harvesting any real information. Unfortunately, some bots have adapted to this by installing a keylogger program in the infected machines. With a keylogger program, the bot owner can use a filtering program to gather only the key sequence typed before or after interesting keywords like PayPal or Yahoo mail. This is one of the reasons behind the massive PayPal accounts theft for the past several years.

Bots can also be used as agents for mass identity theft. It does this through phishing or pretending to be a legitimate company in order to convince the user to submit personal information and passwords. A link in these phishing mails can also lead to fake PayPal, eBay or other websites to trick the user into typing in the username and password.

Botnet Spread



Botnets can also be used to spread other botnets in the network. It does this by convincing the user to download after which the program is executed through FTP, HTTP or email.

Pay-Per-Click Systems Abuse



Botnets can be used for financial gain by automating clicks on a pay-per-click system. Compromised units can be used to click automatically on a site upon activation of a browser. For this reason, botnets are also used to earn money from Google’s Adsense and other affiliate programs by using zombies to artificially increase the click counter of an advertisement.
Posted by at No comments:
Labels: , , ,

Anonymous Surfing

HOLA VPN

Hola is a peer to peer network that provides everyone on the planet with freedom to
access all of the Web! It works through the community of its users - Hola users help you 
to access the web.



JonDo

JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers.

What is JonDo?
JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X.
It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.

PhotobucketDownload

TOR


Tor is very useful for online anonymity, its protect your privacy, defend against a form
 of network traffic analysis. Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic
allows others to track your behavior and interests.

 Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create
new communication tools with built-in privacy features.

Tor to keep websites from tracking them and their family members, or to connect to
news sites, instant messaging services, or the like when these are blocked by their
local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site.
Posted by at No comments:
Labels: , , ,

Best Android Hacking Tools


  

APKInspector : 

The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps. Download

Burp Suite: 

 

  It is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing

Download


 Androguard:  

Create your own static analysis tool,; Analysis a bunch of android apps,; Analysis . Open source database of android malware.
Download

Android Framework for Exploitation :

Smartphone Pentest Framework: Rather this tool allows you to assess the security of the smartphones in your environment in the manner you’ve come to expect with modern penetration testing tools.

Download

Android Network Toolkit (ANTI)

This app is capable of mapping your network, scanning for vulnerable devices or configuration issues. It is for use by the amateur security enthusiast home user to the professional penetration tester, ANTI provides many other useful features such as:
easy connection to open ports, visual sniffing (URLs & Cookies) and - establishing
MiTM attacks (using predefined and user-defined filters), Server Side / Client Side Exploits, Password cracker to determine password’s safety level, Replace Image as
visual in demos and Denial of Service attacks. All this is packed into a very user-friendly and intuitive Android app (and soon to be released iOS app).

Download

 

Andro Rat

 
AndroRat is a remote administration Android tool.
you can bind this spyware tool with the other android application and ask the victim to download this app.  It can read all messages, contacts, records and acall without knowing of the user.

Download

Droid Pentest: 

 Its help you to find all android apps for penetration testing and hacking so you can make complete penetration test platform . This Tool developed by Nikhalesh Singh.

Download


Android SDK:  

A software development kit that enables developers to create applications for the Android platform. The Android SDK includes sample projects with source code.

Download


DroidBox:  

Its developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended:

•    Hashes for the analyzed package

•    Incoming/outgoing network data

•    File read and write operations

•    Started services and loaded classes through DexClassLoader

•    Information leaks via the network, file and SMS

•    Circumvented permissions

•    Cryptography operations performed using Android API

•    Listing broadcast receivers

•    Sent SMS and phone calls

Additionally, two images are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.

Download

Dex2jar

 dex2jar is a lightweight package that provide you with four components in order to work with .dex and java .class files. dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM.

Download


Jd-gui: 

 JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.

Download


Wifi Protector - Protect Your Android From Wi-Fi Sniffing Attacks

 The only app that is able to countermeasure "Man In The Middle" attacks on    Android  platform - Wifi Protector. No other app provides this type of high network security. Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, Ettercap, DroidSheep,  
NetCut,and all others that try to hijack your session via "Man In The Middle" through ARP spoofing / ARP poisoning.

YouTube Video

Download

-> Free Avast Antivirus For Android Security

  Full-featured Antivirus and Anti-Theft security for your Android phone.

   By using Avast Mobile Security in your Android phone, your cell phone will be  protected  by virus, threat, hacker, even it’s able to minimize your loss if your Android       cell phone is stolen. The antivirus component supports real-time protection and                    automatic updates. Updates can be configured to only be downloaded over certain
  types  of connections and the interface can be protected with a password.

Protect personal data with automatic virus scans and infected-URL alerts. Stop hackers by adding a firewall (rooted phones). Control anti-theft features with remote SMS commands for: history wipe, phone lock, siren activation, GPS tracking, audio monitoring, and many other useful tools.

  Call and SMS filtering can help device owners block annoying advertising calls or spam   text messages. Users can define groups of phone numbers and configure the blocking intervals for them.The firewall component is only available for rooted devices because it requires special system-level access to enforce its rules. Device owners can use it to block individual applications from accessing the Internet over certain types of connections.

  Video:

Download

Wi-Fi Key Recovery

 ->You need root to use this application.

 ->You need to have connected to the network in the past.

 -> This app cannot "hack" into an unknown/new network.

Have you ever forgotten the password of your home WiFi network, or the one you setup for your parents a few months back?

This application will help you recover the password of a wireless network you have connected to with your device in the past.

You can then either tap on an entry to copy it, or export the list to SD, or share it using the standard Android sharing facilities.

  It does not crack the network, or use the MAC/SSID address to deduce the password. It    simply reads it from the device itself.

Download

 


Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)

Ads Inside Post

Flickr User ID

Comments system

Disqus Shortname