-
Posts
110 -
Joined
-
Last visited
-
Days Won
5
Posts posted by Versus71
-
-
New details
According to Brian Krebs, MacRumors representatives have told him that the attacker hacked a moderator’s account which he used to embed JavaScript code in an announcement. When an administrator loaded the announcement page, a plugin was installed in the background allowing the attackers to execute PHP code.Arnold Kim, the owner of MacRumors, has noted that the moderator whose account has been compromised had used the same username and password on vBulletin.com as well.
It remains to be seen if the zero-day is real or not. Krebs says some users have already purchased the exploit sold by Inject0r so we’ll probably find out soon enough.
In the meantime, DEF CON, OVH, and Garage4Hackers have disabled their forums as a precaution.
this vuln at the price of $200 in Bitcoins
krebsonsecurity.com/wp-content/uploads/2013/11/2btcVbseller.png
-
.: Bk:. before on forum Z+ [now dead], sell v.1.5 [30 € or 35 USD]
-
Good information security forum. tbo-s.com ===> tbo-security.net
This forum dead or change domain name?
-
Little information. Need video demonstration use this vuln.
-
Simple ARP/ND spoofing and password sniffing for Windows (and some really basic SSL stripping too). It requires WinPcap and .NET Framework 4 (Client profile) and works best on Vista & Windows 7.
Features:
- ARP spoofing (IPv4) and RA spoofing (IPv6) over local network
- Password sniffing for most common HTML form fields (name-based matching), HTTP basic authentication, FTP, POP3, SMTP, IMAP
- Basic SSL stripping (doesn't work on HTTPS-only sites) and cookie stripping
- Quick attack mode
- Windows Phone application for remote access to sniffer results (HawkWP)
Download:
http://nighthawk.googlecode.com/files/nighthawk-0.9.4-rc.zip
- 2
- ARP spoofing (IPv4) and RA spoofing (IPv6) over local network
-
-
“Google BBS Terminal – What Google would have looked like in the 80s”
Due to high demand the quota of the Google™ Search API may be temporarily exceeded. If your search results in a quota error, please retry after some seconds.
Additional Features: URL Parameters & Special Queries:
- q=query ... search term
- u=username ... login as a specified user
- kbd=1 ... force to show a virtual keyboard
- E.g., the following URL will give your grandmother a search for "masswerk":
Link: http://www.masswerk.at/googleBBS/?u=grandma&q=masswerk
Link:
Google Images BBS Terminal – What Google Images would have looked like in the 80s:
- q=query ... search term
-
-
i cant crack it, please pm for key
Send in PM
-
Morse crypted:
....- -.... ..--- ..... ---.. --... .---- ..--- -....
-
SiteDirSecAre you secure enough?
My vuln db aggregator update
all_exploit_db5 new db, all 19 db
- Exploit-DB
- 1337day
- packetstormsecurity
- vulnerability-lab
- exploit4arab
- zerobox
- rcesecurity
- wpsecure
- securiteam
- securityhome
- bugsearch
- htbridge
- zeroscience
- scip
- vfocus
- securityfocus
- sebug
- cxsecurity
- seclists
- Exploit-DB
-
sqlmapGUI update [Version: 2.4.0]
Overview:
- Multi Platform
- Graphical Interface with almost all the options present
- Checks for any incompatible options
- Gives most possiblities for every option available
- Options from the latest development build
- List of references to study about the SQL injection and its mitigation
- Can be used to generate sqlmap command for use elsewhere [sSH/Command line]
Download:
Win:
http://www.amanhardikar.com/software/sqlmapgui-2.4.0_win-setup_nosqlmap.msi
BT5:
http://www.amanhardikar.com/software/sqlmapgui-2.4.0_qt470_bt5r3.deb
P.S. good tool
- Multi Platform
-
Check Usernames allows you to check the availability of your brand or username on 160 popular Social Networking and Social Bookmarking websites.
-
Checks hashes for their presence in the online database.
Features:
- Multithreading (up to 1000 threads)
- Ability to select the format of input and output data
- Choice "at work" online services
- The ability to scan the buffer file
- Ability to save the results to the clipboard, file
- Convenient GUI, ability to minimize to tray
Hash algorithms:
- MD5
- MD4
- SHA-1/256/384/512
- RIPEMD-128/160
- TIGER-128/160/192
Service decrypt:
c0llision.net
md5.my-addr.com
md5.darkbyte.ru
bigtrapeze.com
hashcracking.com
md5.gromweb.com
md5decryption.com
stringfunction.com
md5.noisette.ch
md5.com.cn
md5online.org
md5rainbow.com
md5-hash.com
md5cracker.org
isc.sans.edu
authsecu.com
md5-lookup.com
md5.net
md5online.net
md5pass.info
md5list.ru
md5pot.com
onlinehashcrack.com
cloudcracker.net
md5.mmkey.com
netmd5crack.com
wordd.org
md5crack.com
md5hood.com
onlinehashcrack.com
md5.rednoize.com
stringfunction.com
sha1-lookup.com
onlinehashcrack.com
cloudcracker.net
askcheck.com
decryptponline.com
leakdb.abusix.com
sha256-lookup.com
md5.mmkey.com
askcheck.com
ripemd-lookup.comDownload:
- Multithreading (up to 1000 threads)
-
Free people search and public information search engine.
What You Get with Zabasearches:
- Telephone Numbers and Addresses Revealed for Free.
- No Registration Required. Instant Results.
- Three Times More Residential Listings than White Pages Phone Directory.
- Other people finders still charge for information available here free.
SearchBug offers people search, fraud prevention and data verification services to professionals in financial services, collections, insurance and other industries. Available batch processing and APIs are used to keep customer lists up-to-date. Consumers using the service to find missing friends, find who was calling them and send free text messaging.
Obtain free published phone and address information, access public records, search for cell phone numbers, verify SSNs, skip trace using restricted data, all in one place - Convenient, Accurate, Fast & Easy.
To use, need US or Canadian proxy.
Skipease is a collection of the best people and public record searches. Each people search engine has its strengths and weaknesses. You can lookup people by name, user ID, address, phone number, email or other personal identifiers. Locating a hard-to-find person usually involves collecting personal information from multiple searches. Free people finders, public records and social network searches are good ways to find someone.
Yasni is a free search engine dedicated to finding people on the web. It pulls together all the publicly available information and search results, including images, videos, social networking Exposés and posts.
Search Sites, Resources, Services, and Tools that allow you to search for people and personal information. Start your Free People Search from Net-Trace today.
Do you really know who these people are? We associate with them and even invite them in our homes. Do they have a criminal background?
Spokeo is a people search engine that organizes White Pages listings, Public Records and Social Network Information to help you safely find & learn about people.
Free online People Search.
- Find out what is on the Internet about you and other people
- Check photos, telephone numbers, social network profiles, links and much more
- Protect your personal data
- Protect yourself from compromising pictures
Find Business Information. Browse structured, hand selected content and relevant feeds to help you find what you need.
- Companies 1.4M
- People 5M
- Topics 40K
We dive into the deep web to bring you results you won't find in any other search engine then we use a powerful identity resolution engine to link those seemingly disparate results into a set of meaningful profiles so you can easily find the person you are looking for.
- Telephone Numbers and Addresses Revealed for Free.
-
-
Features:
- Very simple and easy GUI (no dependencies, standalone EXE)
- Very fast (dump 185 MB: ~ 1-5s, dump 506 MB: ~ 4 s)
- Large dumps that do not fit into memory, can be ripped
- Compatible to the most SQL formats/syntaxes
- All or only specific columns of a table can be ripped
- Tables, columns, and data can be directly in the program searched/filtered
- Export function:
- RIP data to file (for large amounts of data)
- Select all (CTRL + A)
- small design improvements
Download:
- Very simple and easy GUI (no dependencies, standalone EXE)
-
#1 issue hacking e-zine <<Inception>>.
Articles:
- DLL Hijacking in antiviruses
- About AV-checker
- Miracle in a small back office
- VX vs Commerce
- Web security assessment planning
- Polymorphic file virus BEETLE
- The theory of building large p2p botnets
- History of hacking
- Self-rewriting executable code on LPC2388
- Power in simplicity
- Imported Code
- Practical DNS-Amplification
- Review of genetic algorithm for the example of guessing password by MD5-hash
- Reflection: solution of "unconventional" tasks
Members working on the e-zine:
- pr0mix
- Izg0y
- _sheva740
- d3m
- Ar3s
- ALiEN Assault
- pest
- amdf
- FanOfGun
- rgb
- MZh
- XRipper
- KostaPC
- ProudPank
- valentin_p
- Versus71 aka HIMIKAT
Attention:
Folder <<sources>> detected AV. This not malware. It examples and source code for a better understanding of articles. They are completely safe for your PC.
P.S. my article <Notes on InfoSec> only Russian version
Download:
EN:
https://www.dropbox.com/s/9f1wrvpvzblcf25/inception_en.zip
RU:
- 2
- DLL Hijacking in antiviruses
-
In addition to this topic:
Download:
https://www.dropbox.com/s/mja8osyjiqf56t2/BlackShades%205.5.1%20Source%20Code.rar
-
Exploit4Arab™localhostKarma(In)Security
My release
@all_exploit_dbVulnerability Database aggregator. Included 14 most large Exb DB. Soon replenishment.
-
Username : Your Name
Password : Egyptian-Shell-TeaM
Download:
https://www.dropbox.com/s/ohwu8af6ufzxz0d/EgyShell%20Team%20-%20Toolkit%20%5B%20Priv8%20%5D.rar
-
Please, update link to download.
-
Simple Phishing Email Generation Tool
SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails. The tool supports specifying different sending names and email addresses, multiple recipients via TO, CC, BCC, and allows bulk loading with one recipient email address per line in a file. It allows customization of the subject, adding one attachment, and SSL support for SMTP enabled mail servers. One of the popular features with our client is the WYSIWYG HTML editor that allows virtually anyone to use the tool; previewing results as you point and click edit your malicious email body. If you want to add custom XSS exploits, client side attacks, or other payloads such as a Java Applet code generated by the Social Engineer Toolkit (SET), its split screen editor allows more advanced users to edit HTML directly.
Download
-
The Skip Tracing Framework is a directory of information gathering online tools, websites and programs aimed towards situations where one must gather as much information as possible about some individual or company. The main purpose is to offer a checklist anyone can follow to perform a thorough investigation based only on small pieces of input.
TBO-Security
in Off-topic
Posted
blackboy[1337]
Thanks for the information. It was a good forum.