Versus71

Very old bug. Original: thehackernews.com/2012/01/url-redirection-vulnerability-in-google.html

Re-upload please

Predator Locks and Unlocks Your PC with a USB Thumb Drive PREDATOR locks your PC when you are away, even if your Windows session is still opened. It uses a regular USB flash drive as an access control device, and works as follows: you insert the USB drive you run PREDATOR (autostart with Windows is possible) you do your work... when you're away from your PC, you simply remove the USB drive: once it is removed, the keyboard and mouse are disabled and the screen darkens when you return back to your PC, you put the USB flash drive in place: keyboard and mouse are immediately released, and the display is restored It's easier and faster than closing your Windows session, since you do not have to retype your password when you return. Screenshot: Download: http://www.predator-usb.com/predator/dl/free/InstallPredator.zip [x86] http://www.predator-usb.com/predator/dl/free/InstallPredator_x64.zip [x64]

Text dump websites are used by programmers and system administrators to share and store pieces of source code and configuration information. Two of the most popular text dump websites are pastebin and pastie. Day by day more and more programmers, amateur system administrators and regular users are captivated by the attractive functional features of these web tools and use them in order to share large amounts of configuration and source code information. Therefore, like happening in each famous web platform, sensitive information sharing is inevitable. Potential attackers use these web platforms to gather information about their targets, while on the other side penetration testers search into these sites to prevent critical information leakage. Most of the text dump web platforms offer a searching mechanism and therefore anyone can manually query the database for matching strings. Although an automated script/tool capable to query all these text dump websites and generate an overall searching report, would be very useful for the reconnaissance phase of a penetration test. Pen-testers can use such an automate tool, in order to efficiently search for potential configuration and login credentials information leakage that will help an attacker to profile the victim system and find a security hole. Recently I came across in the web with such a script, pastenum. Pastenum is a ruby script written by Nullthreat member of the Corelan Team. It can query pastebin, pastie and github for user defined strings and generate an overall html report with the searching results. Installation information: http://redmine.corelan.be:8800/projects/corelan-pastenum/wiki Download: http://redmine.corelan.be:8800/attachments/download/477/Pastenum2.zip

Author: Versus71 aka HIMIKAT Time: 14:58 Used software: Piratebay Top100 Name List Leecher MyGrabber 1.5 Fusion Warez Grabber atGrabber

The script for spam mailing server through sendmail. In the tests showed good results, especially when a large number of servers. Description: Random, intellectual generation fields Subscribe to the attach Plain and html format Download: http://madnet.name/files/download/2_madspamer.php

Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only. It was first presented at Black Hat 2011. Download: http://ldap-blind-explorer.googlecode.com/files/Ldap%20Blind%20Explorer%201.0.zip

Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only. It was first presented at Black Hat 2011. Download: http://xpath-blind-explorer.googlecode.com/files/Xpath%20Blind%20Explorer%201.0.zip

SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap. SIP Inspector Tutorial - SIP Inspector Download SIP Inspector from SourceForge.net

Original source: http://sourceforge.net/projects/l337cmsscaner/ [v.0.4]

FiletypeID is a tool designed to identify file types from their binary signatures. This simple application can help you to: identify what kind of file was sent to you via e-mail, aid in forensic analysis, support in file recovery, etc. FiletypeID is written in Python, based on PyQt4, TrIDLib and hachoir-metadata. +4697 file type definitions Download: https://filetypeid.googlecode.com/files/FiletypeID-0.2.1.zip https://filetypeid.googlecode.com/files/FiletypeID-0.2.1.7z [source code]

Remove Fake Antivirus is used to remove the most popular fake antiviruses. What is fake antivirus? This is a type of virus/malwares which disguises itself to be an antivirus. It infects your computer when you accidentally click a link in a website which will download the malware into your computer and run automatically when your windows boot. It scan the infected computer and produces fake alert warnings. It convinces you that your computer is in danger and urge you to purchase a useless copy of the fake antivirus. These fake antiviruses must be removed immediately. List: Windows Smart Warden Home Malware Cleaner Strong Malware Defender AV Security 2012 Data Recovery Wolfram Antivirus Security Protection Windows Antivirus 2011 Mega Antivirus 2012 AVG Antivirus 2011 PC Security 2011 ThinkPoint ThinkSmart Antivirus 8 Security Tool My Security Shield Antivirus 7 Antivirus GT Defense Center Protection Center Sysinternals Antivirus Security Master AV CleanUp Antivirus Security Toolbar Digital Protection XP Smart Security 2010 Antivirus Suite Vista Security Tool 2010 Total XP Security Security Central Security Antivirus Total PC Defender 2010 Vista Antivirus Pro 2010 Your PC Protector Vista Internet Security 2010 XP Guardian Vista Guardian 2010 Antivirus Soft XP Internet Security 2010 Antivir 2010 Live PC Care Malware Defense Internet Security 2010 Desktop Defender 2010 Antivirus Live Personal Security Cyber Security Alpha Antivirus Windows Enterprise Suite Security Center Control Center Braviax Windows Police Pro Antivirus Pro 2010 PC Antispyware 2010 FraudTool.MalwareProtector.d Winshield2009.com Green AV Windows Protection Suite Total Security 2009 Windows System Suite Antivirus BEST System Security Personal Antivirus System Security 2009 Malware Doctor Antivirus System Pro WinPC Defender Anti-Virus-1 Spyware Guard 2008 System Guard 2009 Antivirus 2009 Antivirus 2010 Antivirus Pro 2009 Antivirus 360 MS Antispyware 2009 IGuardPC or I Guard PC Additional Guard Download: http://olzen.info/RemoveFakeAntivirus.exe

TCHunt is a small portable application that can be used to find encrypted TrueCrypt volumes on the system. It has been specifically designed to demonstrate the possibility of finding TrueCrypt volumes even if they are not mounted and well disguised by the user. http://16s.us/TCHunt/downloads/TCHunt.exe [v.1.6] http://dl.dropbox.com/u/55144650/t00lz/TCHunt-1.5-en.exe [v.1.5; GUI]

yceman This is the original name: http://www.hackfromacave.com/projects/blueranger.html I did not add anything extra.

BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory). Use a Bluetooth Class 1 adapter for long range location detection. Switch to a Class 3 adapter for more precise short range locating. The precision and accuracy depend on the build quality of the Bluetooth adapter, interference, and response from the remote device. Fluctuations may occur even when neither device is in motion. Installation: This script can run from any directory. Resources: BlueZ hcitool l2ping Usage: Provide the local interface and Device Address of the device you are trying to locate. # blueranger.sh hci0 6C:D6:8A:B1:30:BC Download: http://www.hackfromacave.com/download/blueranger.sh

Amon is a self-hosted, lightweight web application and server monitoring toolkit. It provides you with straightfrorward visualisation of essential server data. It helps you manage the errors that occur in your web applications and makes logging complex datastructures and searching in your log data easy. Site: http://amon.cx/ Demo: http://live.amon.cx/ Install: http://amon.cx/#install

The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make penetration testing more efficient. The purpose of this tool is to automate the manual, uncreative part of penetration testing. ChangeLog: + Inclusion of fuzzdb -allowed by licence- thanks! + Inclusion of HashCollision-DOS-POC by Christian Mehlmauer (@_FireFart_) thanks! Location: owtf_dir/tools/dos/web/HashCollision-DOS-POC More info: [url]https://github.com/FireFart/HashCollision-DOS-POC[/url] + Installation script cleanup: tools/bt5_install.sh courtesy of Michael Kohl (@citizen428), thanks! + Minor fixes to scripts/setrubyenv.sh also courtesy of Michael Kohl @citizen428), thanks! + "set fuzzFormComboValues all" removed from scripts/run_w3af.sh because it may make w3af scans slow, thanks to Adi Mutu (am06) and Andrés Riancho (@w3af)! More info: [url=http://sourceforge.net/mailarchive/forum.php?thread_name=CA%2B1Rt67bN3-2OpB%2B7SOGO7%3D92KWXBMdbaztpa885f%3Du2GzjcFg%40mail.gmail.com&forum_name=w3af-users]SourceForge.net: w3af-users[/url] + Created an initial basic targeted phising plugin to send anything via SMTP: aux/se/Targeted_Phishing@OWTF-ASEP-002.py + Created the concept of "OWTF Agents": Small listeners that establish communication channels that allow to perform actions remotely (i.e. in a victim machine) - Added sbd-based shared-password OWTF Agent for persistent shell access to other machines to be used during a test (i.e. victim emulation) - Added ssh-based trusted-public-key OWTF Agent for an alternative to shared passwords (basic instructions to set this up with ssh) - Added initial auxiliary plugins to communicate with OWTF agents: SBD_CommandChainer is working, the others in rce are WIP (see plugins/aux/rce) - Added imapd OWTF agent: This checks email with a predefined account and loads the configured plugin to process the message. Example: 1) OWTF sends a targeted phising attack via aux/se/Targeted_Phishing@OWTF-ASEP-002.py 2) An OWTF imapd Agent processes any new email that arrives and emulates a user click for all links found in the message + Added initial SMB handler to the framework and a related plugin: aux/smb/SMB_Handler@OWTF-SMB-001.py + Added an Interactive Shell handler useful to interact with remote and local shells run in a subprocess + Significant SET integration improvements: new OWTF SET handler + spear_phising modules and plugin/configurability tweaks + Added hopefully better comments in several places + Started to use Eclipse and Fixed indentation on many framework files + Bug fix: Commented out goohost shell one liners in profiles/general/default.cfg: When goohost is not installed cat hangs (Thanks to Sandro Gauci) + Bug fix: Grep plugins were no longer showing links to Text, HTML, etc findings + Added CAPTCHA breaker tool links to external plugin to assist manual exploitation: PWNtcha - captcha decoder, Captcha Breaker + Added vulnerability search box to the CAPTCHA external plugin + Added links to the "Session managament schema" external plugin: Gareth Hayes' HackVertor, Raul Siles' (Taddong) F5 BIG IP Cookie Decoder + Added link to the "SSI Injection" external plugin: webappsec.org SSI Injection info + Moved HTTP-Traceroute back into rev_proxy to avoid config changes Download: https://github.com/7a/owtf/tree/master/releases

.ac Ascension Island .ad Andorra .ae United Arab Emirates .af Afghanistan .ag Antigua and Barbuda .ai Anguilla .al Albania .am Armenia .an Netherlands Antilles .ao Angola .aq Antarctica .ar Argentina .as American Samoa .at Austria .au Australia .aw Aruba .az Azerbaijan .ba Bosnia and Herzegovina .bb Barbados .bd Bangladesh .be Belgium .bf Burkina Faso .bg Bulgaria .bh Bahrain .bi Burundi .bj Benin .bm Bermuda .bn Brunei Darussalam .bo Bolivia .br Brazil .bs Bahamas .bt Bhutan .bv Bouvet Island .bw Botswana .by Belarus .bz Belize .ca Canada .cc Cocos (Keeling) Islands .cf Central African Republic .cg Congo .ch Switzerland .ci Cote d'Ivoire .ck Cook Islands .cl Chile .cm Cameroon .cn China .co Colombia .cr Costa Rica .cu Cuba .cv Cap Verde .cx Christmas Island .cy Cyprus .cz Czech Republic .de Germany .dj Djibouti .dk Denmark .dm Dominica .do Dominican Republic .dz Algeria .ec Ecuador .ee Estonia .eg Egypt .eh Western Sahara .er Eritrea .es Spain .et Ethiopia .fi Finland .fj Fiji .fk Falkland Islands (Malvina) .fm Micronesia, Federal State of .fo Faroe Islands .fr France .ga Gabon .gd Grenada .ge Georgia .gf French Guiana .gg Guernsey .gh Ghana .gi Gibraltar .gl Greenland .gm Gambia .gn Guinea .gp Guadeloupe .gq Equatorial Guinea .gr Greece .gs South Georgia and the South Sandwich Islands .gt Guatemala .gu Guam .gw Guinea.Bissau .gy Guyana .hk Hong Kong .hm Heard and McDonald Islands .hn Honduras .hr Croatia/Hrvatska .ht Haiti .hu Hungary .id Indonesia .ie Ireland .il Israel .im Isle of Man .in India .io British Indian Ocean Territory .iq Iraq .ir Iran (Islamic Republic of) .is Iceland .it Italy .je Jersey .jm Jamaica .jo Jordan .jp Japan .ke Kenya .kg Kyrgyzstan .kh ?Cambodia .ki Kiribati .km Comoros .kn Saint Kitts and Nevis .kp Korea, Democratic People's Republic .kr Korea, Republic of .kw Kuwait .ky Cayman Islands .kz Kazakhstan .la Lao People's Democratic Republic .lb Lebanon .lc Saint Lucia .li Liechtenstein .lk Sri Lanka .lr Liberia .ls Lesotho .lt Lithuania .lu Luxembourg .lv Latvia .ly Libyan Arab Jamahiriya .ma Morocco .mc Monaco .md Moldova, Republic of .mg Madagascar .mh Marshall Islands .mk Macedonia, Former Yugoslav Republic .ml Mali .mm Myanmar .mn Mongolia .mo Macau .mp Northern Mariana Islands .mq Martinique .mr Mauritania .ms Montserrat .mt Malta .mu Mauritius .mv Maldives .mw Malawi .mx Mexico .my Malaysia .mz Mozambique .na Namibia .nc New Caledonia .ne Niger .nf Norfolk Island .ng Nigeria .ni Nicaragua .nl Netherlands .no Norway .np Nepal .nr Nauru .nu Niue .nz New Zealand .om Oman .pa Panama .pe Peru .pf French Polynesia .pg Papua New Guinea .ph Philippines .pk Pakistan .pl Poland .pm St. Pierre and Miquelon .pn Pitcairn Island .pr Puerto Rico .ps Palestinian Territories .pt Portugal .pw Palau .py Paraguay .qa Qatar .re Reunion Island .ro Romania .ru Russian Federation .?? Russian Federation .rw Rwanda .sa Saudi Arabia .sb Solomon Islands .sc Seychelles .sd Sudan .se Sweden .sg Singapore .sh St. Helena .si Slovenia .sj Svalbard and Jan Mayen Islands .sk Slovak Republic .sl Sierra Leone .sm San Marino .sn Senegal .so Somalia .sr Suriname .st Sao Tome and Principe .sv El Salvador .su USSR .sy Syrian Arab Republic .sz Swaziland .tc Turks and Caicos Islands .td Chad .tf French Southern Territories .tg Togo .th Thailand .tj Tajikistan .tk Tokelau .tm Turkmenistan .tn Tunisia .to Tonga .tp East Timor .tr Turkey .tt Trinidad and Tobago .tv Tuvalu .tw Taiwan .tz Tanzania .ua Ukraine .ug Uganda .uk United Kingdom .um US Minor Outlying Islands .us United States .uy Uruguay .uz Uzbekistan .va Holy See (City Vatican State) .vc Saint Vincent and the Grenadines .ve Venezuela .vg Virgin Islands (British) .vi Virgin Islands (USA) .vn Vietnam .vu Vanuatu .wf Wallis and Futuna Islands .ws Western Samoa .ye Yemen .yt Mayotte .yu Yugoslavia .za South Africa .zm Zambia .zw Zimbabwe

The goal of IP-Link is to see the relationships between different IP from network traffic capture, thus quickly for a given address with the IP that communicates the most. Video: http://www.youtube.com/watch?v=C69XBhH2AF8 Gallery - IP-Link Download - IP-Link

Fake?

Version: 1.0.1 Site: DigiFAIL.com - Bluelog Download: ftp://ftp.digifail.com/downloads/software/bluelog/bluelog-1.0.1.tar.gz

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice. http://dl.packetstormsecurity.net/wireless/bluelog-1.0.0.tar.gz

A hackerspace or hackspace (also referred to as a hacklab, makerspace or creative space) is a location where people with common interests, often in computers, technology, science, or digital or electronic art (but also in many other realms) can meet, socialise and/or collaborate. Hackerspaces can be viewed as open community labs incorporating elements of machine shops, workshops and/or studios where hackers can come together to share resources and knowledge to build and make things. Many hackerspaces participate in the use and development of free software, open hardware, and alternative media. They are often physically located in infoshops, social centers, adult education centers, or on university campuses, but may relocate to industrial or warehouse space when they need more room. Hackerspaces List of Hacker Spaces Prominent hackerspace of the world ?-base Site:c-base.org Where the: Germany, Berlin Membership:+300 Monthly membership dues: €17 London Hackspace [LHC] Site: london.hackspace.org.uk Where the: UK, London Membership: +300 Monthly membership dues: minimum £5 NYC Resistor Site: nycresistor.com Where the: USA, New York Membership: +30 Monthly membership dues: $75-115 Kiberpipa Site: kiberpipa.org Where the: Slovenia, Ljubljana Membership: 20 active and 40 former, which are involved in the life of the hackspace Monthly membership dues: no Metalab Site: www.metalab.at Where the: Austria, Vienna Membership: +130 Monthly membership dues: £20

NiX API is a powerful anti-proxy, anti-fraud, and IP reputation lookup API. It uses the NiX database at cli.nixapi.com to determine IP country/region/city, data center details, satellite provider details, open proxy details, and Tor network association. Download

...is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research. Categories: Hacker Media Blogs Worth It Forums Magazines Video Methodologies OSINT Presentations People and Organizational Infrastructure Exploits and Advisories Cheatsheets and Syntax Agile Hacking OS and Scripts Tools Distros Labs ISOs and VMs Vulnerable Software Test Sites Exploitation Intro Reverse Engineering & Malware Passwords and Hashes Wordlists Pass the Hash MiTM Tools OSINT Metadata Google Hacking Web Attack Strings Shells Scanners Burp Social Engineering Password Metasploit MSF Exploits or Easy NSE Net Scanners and Scripts Post Exploitation Netcat Source Inspection Firefox Addons Tool Listings Training/Classes Sec/Hacking Metasploit Programming Python Ruby Other Misc Web Vectors SQLi Upload Tricks LFI/RFI XSS Coldfusion Sharepoint Lotus JBoss VMWare Web Oracle App Servers SAP Wireless Capture the Flag/Wargames Conferences Misc/Unsorted Bookmarks List