hexon Posted June 7, 2010 Report Share Posted June 7, 2010 Hexjector Version 1.0.7.3SE (5/6/2010)Changes Made from previous release :-Special Edition-Disclaimer added.-Hexjector Official Documentation for Win32 released.-MySQL Injection v5 Full Database Enumeration (There was a few bugs in past releases that is fixed in this version and Data Retrieved is checked one by one.).-Persistent XSS is patched by filtering the $url2. (For the Patch, you can find it at Exploitdb or email me if it has still not posted at exploitdb) -Html Dump temporary removed due to 0day Vulnerablity found by me.-Video regarding 0day Exploit is made and uploaded at youtube.-Non-Persistent XSS is patched. -Another Non-persistent XSS is patched (Hexdumper).-Yet Another Non-persistent XSS is patched (Hexafind).-Every input is filtered to prevent XSS.-cURL is modified to reduce HTTP Request Time Usage.-Type of Injection(Numeric,String Based) added.-Changes in Query according to Numeric or String Based Detection is added.-Total Queries Generated for Information_schema,phpmyadmin and mysql is 359.-Error in Hexdumper fixed. (wafdetect($dumpstr))-Filenames had been modifed to make it more professional.-Error in Column Count is patched.-Coalesce() is added.-Error on conditional matching is fixed. ($str_col=true)-Now I will focus on MySQL Injection v4.-MySQL Injection v4 is temporary disabled as I never refined the code since made and it is kind of buggy. -You may notice some performance slow down.(Reason is located at the below).-Problem on if there is too many columns ,only partial of the data will be extracted is patched.-Interface changed to aid users in finding the data wanted(Data are in bold).-SiXSS Added.-Custom Header is added.-Server Information is added.-Connect4.php editted to make it more error-proof.-Processes of Hexafind,Hexoutfile and Hexdumpfile has been changed to make it more real-time.-Hexoutfile(Into OutFile) added.-New File Created : hexoutfile.php-Hexdumpfile(Into DumpFile) added .-New File Created : hexdumpfile.php-Load_File added.-New File Created : hexloader.php-Custom Back Parameter added.-Update Check Module is added.-Version Comment added.-Operating System Detection added.-Operating System Architecture Detection added.-Temporary Directory Retrieval Added.-New File added : HexacURL.php-HexacURL is a cURL based webbrowser with Header Enumeration to ease Professional Pentesters to solve the sql query problems.-Non-persistent XSS is expected if the site has XSS.It is more or less like a browser so this is normal.-Testers can use it to find the unique parameter input it in Custom Parameter of Hexjector so Hexjector can execute.-Custom Whitespace added.-To Hexadecimal added.-Url_encode added.-Url_decode added.Download Link :Windows : https://sourceforge.net/projects/hexjector/files/Hexjector%20%28Win32%29/Hexjector%20v1.0.7.3SE.zip/downloadUnix : https://sourceforge.net/projects/hexjector/files/Hexjector%20%28Unix%29/Hexjector%20v1.0.7.3SE.tar/downloadMac :https://sourceforge.net/projects/hexjector/files/Hexjector%20%28Mac%29/Hexjector%20v1.0.7.3SE.tar/download 1 Quote Link to comment Share on other sites More sharing options...
chomu Posted March 31, 2011 Report Share Posted March 31, 2011 any video tutorials or pictures Quote Link to comment Share on other sites More sharing options...