Enema – tool for SQL injection
Enema is not autohacking software. This is dynamic tool for people, who knows what to do.
Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions.
- Features:
- Multi-platform.
- User-friendly graphical interface.
- Multithreaded.
- Dump.
- Customise your queries
- Plugins to automate attacks
- Supported for today:
- POST, GET, Cookies
- MSSQL >=2000 and MySQL>=5.0
- Injection methods supported for today:
- Error based injection.
- Union based injection (using subquery).
- Blind Time-based MSSQL(waitfor), MySQL(sleep)
Enema is not autohacking software. This is dynamic tool for people, who knows what to do. Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions.
Download here
Joomscan Security Scanner Updated
Joomscan Security Scanner updated recently with new database have 550 vulnerabilities. Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla web site. Last update for this tool was in August, 2009 with 466 vulnerabilities.
In joomscan you can check for new updates with command:
./joomscan.pl check or ./joomscan.pl update.
Download for Windows (141 KB)
Download for Linux (150 KB)
HexorBase – bruteforce SQL servers
HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets. It works on Linux and Windows.
Requirements:
python
python-qt4
cx_Oracle
python-mysqldb
python-psycopg2
python-pymssql
python-qscintilla2
Install
[cc lang="bash"]dpkg -i hexorbase_1.0_all.deb [/cc]
Icon "HexorBase.desktop"can be found at /usr/share/applications for KDE and also GNOME
Download here
SecretSync – client-side encryption for DropBox
How it helps
Now you can safely sync your confidential files. SecretSync uses client-side encryption to give you absolute privacy and control over your data.
How you can use it
Secure synchronization
SecretSync is a great way to easily share proprietary, sensitive information using online synchronization utilities like Dropbox.
Offsite backup
Even if you're not synchronizing, you can still use SecretSync to create an instant, secure, offsite backup. You can use it to backup financials, tax info, or any sensitive personal and business information you may have.
How it works
New! See the Getting started guide for more details.
We add an additional folder to your computer, a SecretSync folder. Anything that gets put in SecretSync is encrypted and then added to Dropbox to be synchronized to your other computers.
Before your files are synchronized by Dropbox to your other computers, they're encrypted with 256-bit AES encryption, using a key to which only you have access. The files are only decrypted on the other end — that is, on your other computers.
Your files are always encrypted when online. This means that before your files leave the computer you physically control and own, they're encrypted. They stay encrypted while being synchronized, until they're back in your physical control.
interesting papers on malware, botnets, antivirus and security
Alex Kirk - Characteristics and detection of HTTP C&C.pptx 25-May-2011 13:12 1.0M
Andrei Saygo and Patrik Vicol - How to stop the Daemon.ppsx 25-May-2011 12:35 640K
Anoirel Issa - Polymorphism and anti anti-virus techniques - A look at recent malware trends.pdf 05-May-2011 08:26 568K
Anthony Bettini - (In)security in URL shortening and redirection services.pptx 23-May-2011 10:13 1.2M
Christine Bejerasco - Building a reputation - A session with a website shrink.pptx 25-May-2011 13:07 2.8M
Chun Feng - The shellcode storm caused by the butterfly effect.pptx 25-May-2011 13:09 3.2M
Daniel Radu and Bruce Dang - Shellcode analysis using dynamic binary instrumentation.pdf 25-May-2011 12:58 521K
DonatoFerrante - Java malware.pdf 03-May-2011 23:14 6.7M
Igor Muttik - Keynote address - Ubiquitous malware and ubiquitous AV.pptx 25-May-2011 13:08 7.2M
Jindrich Kubec and Jiri Sejtko - Grabbing the PDF by the tail.PDF 25-May-2011 12:32 2.6M
Jose Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files.PDF 20-May-2011 10:55 1.1M
Jui-Chieh Wu and Ray Liao - Building world-wide domain reputation.pptx 25-May-2011 13:33 5.3M
Mikel Gastesi - Banking fraud evolution - New techniques in real fraud cases.ppt 25-May-2011 13:21 4.6M
Richard Ford - Hardening the net - Building a new platform for security.pptx 25-May-2011 13:22 725K
Robert Lipovsky, Alexandr Matrosov and Dmitry Volkov - Cybercrime in Russia - Trends and isues.pdf 25-May-2011 13:10 2.5M - must read
Robert Sandilands - Scaling a viruslab.PDF 03-May-2011 02:30 676K
Stephan Chenette - Fireshark v2 - An analysis toolkit for malicious web sites.html
Windows 7 USB/DVD Download Tool
An update to create a windows 7 usb install stick
The official tool from Microsoft link
search for a specific installed hotfix on a windows server
You can search for a specific installed hotfix on a windows server using the following command:
[cc lang="dos"]wmic qfe list full | findstr KB123456[/cc]
change 123456 to fit your needs
Export the full list of install updates to a htm file:
[cc lang="dos"]wmic qfe list full /format:htable >C:hotfixes.htm[/cc]
and get some MAC
[cc lang="dos"]wmic nic get macaddress,description[/cc]
create a windows 7 usb install stick
So you have a crappy laptop with no cd drive and you need to install Windows 7:
so here is what you need to do:
- get a 4 gb usb stick (at least 4 gb)
- get a working windows 7 dvd
OK. format the usb stick:
run command prompt as administrator.
format the stick: (hit enter after each command)
[cc lang="dos"]
diskpart
list disk
select disk 1 (or you're usb disk number)
clean
format fs=NTFS quick
assign
exit[/cc]
type the following and hit enter after each command
[cc lang="dos"]
diskpart
list disk[/cc]
note down the usb disk number. be overcareful with diskpart.
type the following and hit enter after each command
[cc lang="dos"]
select disk 1
clean
create partition primary
select partition 1
active[/cc]
OK. now you have a clean usb stick 
Insert the dvd in the optical driver or mount it with demon tools or whatever and open a command prompt
type the following and press enter:
[cc lang="dos"]
g: (or the letter for your dvd drive)
cd g:boot
bootsect /nt60 H: (h: is the letter for your usb drive)[/cc]
Now copy all the files from the DVD to the usb drive.
Change the bios settings on the machine you want to install windows to boot from usb and lift off.
Install WSUS 3.0 sp2 on Windows 2008 r2
If you cant add the WSUS role on a windows 2008 r2 machine here is how you can do it:
Download WSUS 3.0 sp2 from Microsoft website: link
Download Microsoft Report Viewer Redistributable 2008 from here
if you have IIS already installed don't try to install windows .net framework 3.5 sp1. Its now a feature in windows 2008 server and does not appear in add/remove programs. thanks Microsoft
Now for the gray hair part. If you plan to use windows internal database do the following:
in AD create two domain local groups in users with the following names:
[cc lang="dos"]SQLServer2005MSFTEUser$
SQLServer2005MSSQLUser$
Make sure the NETWORK account has full rights on the root drive where the WSUS database is.
run the installer now.
Yeah pretty dam simple and logic. Thanks MS
The error received when the installation fails:
Error 0x80070643: Fatal error during installation -> wow how generic is that?
what Microsoft tell you to do: http://support.microsoft.com/kb/920660
Windows 2008 R2 SP1 – Dcom errors
You get this in system events?
The description for Event ID 10016 from source Microsoft-Windows-DistributedCOM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
machine-default
Local
Activation
{D9B257A6-C7FC-4B76-9824-599466B69D3B}
{AD65A69D-3831-40D7-9629-9B0B50A93843}
NT AUTHORITY
LOCAL SERVICE
S-1-5-19
LocalHost (Using LRPC) |
open regedit and right click on HKEY_CLASSES_ROOT select find and search for that clsid (in my case D9B257A6-C7FC-4B76-9824-599466B69D3B and AD65A69D-3831-40D7-9629-9B0B50A93843)
Note the the name of the clsid (im my case sms host agent).
Open Component Services. Got oStart --> Control Panel --> Administrative Tools --> Components Services. Expand the Component Services branch then expand Computers, My Computer and DCOM Config. Right-click on "sms agent host" (my case) and click Properties. Click on the Security tab and under “Launch and Activation Permissions” select "edit" and add user Local Service (Local lunch). Click OK, close the Component Services window. The error should vanish.
Do a restart (its a feature of Ms Windows)
Disclaimer
Categories
- android (1)
- antivirus (1)
- backup (1)
- backup exec (2)
- bruteforce (6)
- conference (2)
- CRSF (2)
- DirectAdmin (1)
- DoS (11)
- enumeration (2)
- Fără categorie (2)
- flash (2)
- Fuzzer (2)
- games (1)
- hacking (116)
- how-to (32)
- Information gathering (2)
- lfi (3)
- linux (27)
- mobile (1)
- ms exchange (2)
- News (2)
- Phishing (1)
- php (1)
- rdp (1)
- rfi (5)
- rootkit (1)
- scripts (33)
- seo (1)
- sniff (3)
- social engineering (2)
- source code (33)
- sqli (16)
- ssh (2)
- symantec (3)
- tools (73)
- tutorials (20)
- tutorials (1)
- Uncategorized (7)
- vranger (1)
- windows (12)
- wireless (1)
- wsus (1)
- xpath (1)
- xsrf (1)
- xss (12)
