Jump to content

Versus71

Active Members
 View Profile  See their activity

  • Posts

    110

  • Joined

  • Last visited

  • Days Won

    5

 Content Type 

Posts posted by Versus71

  2. vBulletin 5.x.x exploit

    in Exploituri

    Posted

    New details

    According to Brian Krebs, MacRumors representatives have told him that the attacker hacked a moderator’s account which he used to embed JavaScript code in an announcement. When an administrator loaded the announcement page, a plugin was installed in the background allowing the attackers to execute PHP code.

    Arnold Kim, the owner of MacRumors, has noted that the moderator whose account has been compromised had used the same username and password on vBulletin.com as well.

    It remains to be seen if the zero-day is real or not. Krebs says some users have already purchased the exploit sold by Inject0r so we’ll probably find out soon enough.

    In the meantime, DEF CON, OVH, and Garage4Hackers have disabled their forums as a precaution.

    this vuln at the price of $200 in Bitcoins :D

    krebsonsecurity.com/wp-content/uploads/2013/11/2btcVbseller.png

  6. Nighthawk

    in Programe hacking

    Posted

    iG3p0W1OqolPg.png

    iKkkXA6eSqqm5.png

    Simple ARP/ND spoofing and password sniffing for Windows (and some really basic SSL stripping too). It requires WinPcap and .NET Framework 4 (Client profile) and works best on Vista & Windows 7.

    Features:

    • ARP spoofing (IPv4) and RA spoofing (IPv6) over local network
    • Password sniffing for most common HTML form fields (name-based matching), HTTP basic authentication, FTP, POP3, SMTP, IMAP
    • Basic SSL stripping (doesn't work on HTTPS-only sites) and cookie stripping
    • Quick attack mode
    • Windows Phone application for remote access to sniffer results (HawkWP)

    Download:

    http://nighthawk.googlecode.com/files/nighthawk-0.9.4-rc.zip

    • Upvote 2

  8. Google BBS Terminal

    in Linkuri

    Posted

    bbs.png

    “Google BBS Terminal – What Google would have looked like in the 80s”

    Due to high demand the quota of the Google™ Search API may be temporarily exceeded. If your search results in a quota error, please retry after some seconds.

    Additional Features: URL Parameters & Special Queries:

    Link:

    Google BBS Terminal

    Google Images BBS Terminal – What Google Images would have looked like in the 80s:

    Google Images BBS Terminal

  13. sqlmapGUI

    in Programe hacking

    Posted

    sqlmapGUI update [Version: 2.4.0]

    i3G1wUHpE9A61.png

    Overview:

    • Multi Platform
    • Graphical Interface with almost all the options present
    • Checks for any incompatible options
    • Gives most possiblities for every option available
    • Options from the latest development build
    • List of references to study about the SQL injection and its mitigation
    • Can be used to generate sqlmap command for use elsewhere [sSH/Command line]

    Download:

    Win:

    http://www.amanhardikar.com/software/sqlmapgui-2.4.0_win-setup_nosqlmap.msi

    BT5:

    http://www.amanhardikar.com/software/sqlmapgui-2.4.0_qt470_bt5r3.deb

    P.S. good tool

  15. Online Reverse Hash Tool v3.2

    in Programe hacking

    Posted

    i5vAb4GKrtIYE.png

    Checks hashes for their presence in the online database.

    Features:

    • Multithreading (up to 1000 threads)
    • Ability to select the format of input and output data
    • Choice "at work" online services
    • The ability to scan the buffer file
    • Ability to save the results to the clipboard, file
    • Convenient GUI, ability to minimize to tray

    Hash algorithms:

    • MD5
    • MD4
    • SHA-1/256/384/512
    • RIPEMD-128/160
    • TIGER-128/160/192

    Service decrypt:

    c0llision.net
    md5.my-addr.com
    md5.darkbyte.ru
    bigtrapeze.com
    hashcracking.com
    md5.gromweb.com
    md5decryption.com
    stringfunction.com
    md5.noisette.ch
    md5.com.cn
    md5online.org
    md5rainbow.com
    md5-hash.com
    md5cracker.org
    isc.sans.edu
    authsecu.com
    md5-lookup.com
    md5.net
    md5online.net
    md5pass.info
    md5list.ru
    md5pot.com
    onlinehashcrack.com
    cloudcracker.net
    md5.mmkey.com
    netmd5crack.com
    wordd.org
    md5crack.com
    md5hood.com
    onlinehashcrack.com
    md5.rednoize.com
    stringfunction.com
    sha1-lookup.com
    onlinehashcrack.com
    cloudcracker.net
    askcheck.com
    decryptponline.com
    leakdb.abusix.com
    sha256-lookup.com
    md5.mmkey.com
    askcheck.com
    ripemd-lookup.com

    Download:

    http://rghost.net/users/ORHT

  16. Doxing & OSINT site

    in Linkuri

    Posted · Edited by Versus71

    Free people search and public information search engine.

    What You Get with Zabasearches:

    • Telephone Numbers and Addresses Revealed for Free.
    • No Registration Required. Instant Results.
    • Three Times More Residential Listings than White Pages Phone Directory.
    • Other people finders still charge for information available here free.

    SearchBug offers people search, fraud prevention and data verification services to professionals in financial services, collections, insurance and other industries. Available batch processing and APIs are used to keep customer lists up-to-date. Consumers using the service to find missing friends, find who was calling them and send free text messaging.

    Obtain free published phone and address information, access public records, search for cell phone numbers, verify SSNs, skip trace using restricted data, all in one place - Convenient, Accurate, Fast & Easy.

    To use, need US or Canadian proxy.

    Skipease is a collection of the best people and public record searches. Each people search engine has its strengths and weaknesses. You can lookup people by name, user ID, address, phone number, email or other personal identifiers. Locating a hard-to-find person usually involves collecting personal information from multiple searches. Free people finders, public records and social network searches are good ways to find someone.

    Yasni is a free search engine dedicated to finding people on the web. It pulls together all the publicly available information and search results, including images, videos, social networking Exposés and posts.

    Search Sites, Resources, Services, and Tools that allow you to search for people and personal information. Start your Free People Search from Net-Trace today.

    Do you really know who these people are? We associate with them and even invite them in our homes. Do they have a criminal background?

    Spokeo is a people search engine that organizes White Pages listings, Public Records and Social Network Information to help you safely find & learn about people.

    Free online People Search.

    • Find out what is on the Internet about you and other people
    • Check photos, telephone numbers, social network profiles, links and much more
    • Protect your personal data
    • Protect yourself from compromising pictures

    Find Business Information. Browse structured, hand selected content and relevant feeds to help you find what you need.

    • Companies 1.4M
    • People 5M
    • Topics 40K

    We dive into the deep web to bring you results you won't find in any other search engine then we use a powerful identity resolution engine to link those seemingly disparate results into a set of meaningful profiles so you can easily find the person you are looking for.

  18. SQLRip

    in Programe hacking

    Posted

    ibssIwA5syKlEV.png

    Features:

    • Very simple and easy GUI (no dependencies, standalone EXE)
    • Very fast (dump 185 MB: ~ 1-5s, dump 506 MB: ~ 4 s)
    • Large dumps that do not fit into memory, can be ripped
    • Compatible to the most SQL formats/syntaxes
    • All or only specific columns of a table can be ripped
    • Tables, columns, and data can be directly in the program searched/filtered
    • Export function:

    1. RIP data to file (for large amounts of data)
    2. Select all (CTRL + A)
    3. small design improvements

    Download:

    https://www.dropbox.com/s/0vadbm72sqdfsfv/SQLRIP.ZIP

  19. Inception E-Zine

    in Tutoriale in engleza

    Posted

    iQ4CdoTgCXTr7.jpg

    #1 issue hacking e-zine <<Inception>>.

    Articles:

    • DLL Hijacking in antiviruses
    • About AV-checker
    • Miracle in a small back office
    • VX vs Commerce
    • Web security assessment planning
    • Polymorphic file virus BEETLE
    • The theory of building large p2p botnets
    • History of hacking
    • Self-rewriting executable code on LPC2388
    • Power in simplicity
    • Imported Code
    • Practical DNS-Amplification
    • Review of genetic algorithm for the example of guessing password by MD5-hash
    • Reflection: solution of "unconventional" tasks

    Members working on the e-zine:

    • pr0mix
    • Izg0y
    • _sheva740
    • d3m
    • Ar3s
    • ALiEN Assault
    • pest
    • amdf
    • FanOfGun
    • rgb
    • MZh
    • XRipper
    • KostaPC
    • ProudPank
    • valentin_p
    • Versus71 aka HIMIKAT

    Attention:

    Folder <<sources>> detected AV. This not malware. It examples and source code for a better understanding of articles. They are completely safe for your PC.

    P.S. my article <Notes on InfoSec> only Russian version

    Download:

    EN:

    https://www.dropbox.com/s/9f1wrvpvzblcf25/inception_en.zip

    RU:

    https://www.dropbox.com/s/hm6b2pkj5ib8r38/inception_ru.zip

    • Upvote 2

  24. SpearPhisher

    in Programe hacking

    Posted

    Simple Phishing Email Generation Tool

    spearphiser1.png

    SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails. The tool supports specifying different sending names and email addresses, multiple recipients via TO, CC, BCC, and allows bulk loading with one recipient email address per line in a file. It allows customization of the subject, adding one attachment, and SSL support for SMTP enabled mail servers. One of the popular features with our client is the WYSIWYG HTML editor that allows virtually anyone to use the tool; previewing results as you point and click edit your malicious email body. If you want to add custom XSS exploits, client side attacks, or other payloads such as a Java Applet code generated by the Social Engineer Toolkit (SET), its split screen editor allows more advanced users to edit HTML directly.

    Download

    https://www.trustedsec.com/files/SpearPhisherBETA.zip

  25. Skip Tracing Framework

    in Linkuri

    Posted

    The Skip Tracing Framework is a directory of information gathering online tools, websites and programs aimed towards situations where one must gather as much information as possible about some individual or company. The main purpose is to offer a checklist anyone can follow to perform a thorough investigation based only on small pieces of input.

×
×
  • Create New...