Showing posts with label Hacking. Show all posts
The best hacking tools collection
Here, i have collect some best hacking tools for you. That are listed below:
Nessus
The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.
Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
Snort
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
Netcat
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol
TCPdump
TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.
Hping
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).
DNSiff
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).
GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.
Ettercap
>Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.
Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.
John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix.
OpenSSH
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
TripWire
Tripwire is a tool that can be used for data and program integrity assurance.
Kismet
Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.
NetFilter
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.
IP Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.
pf
OpenBSD Packet Filter
fport
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.
SAINT
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.
OpenPGP
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.
Update:
Metasploit
Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.
Fast-track
Fast-Track is a python based open source security tool aimed at helping penetration testers conduct highly advanced and time consuming attacks in a more methodical and automated way. Fast-Track is now included in Backtrack version 3 onwards under the Backtrack --> Penetration category. In this talk given at Shmoocon 2009, the author of Fast-Track Dave Kennedy runs us through a primer on the tool and demonstrates 7 different scenarios in which he breaks into systems using the Fast-Track tool. These scenarios include automated SQL injection, MSSQL brute forcing, Query string pwnage, Exploit rewrite, Destroying the Client and Autopwnage.
If you know more, share with me via comment:)
Nessus
The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.
Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
Snort
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
Netcat
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol
TCPdump
TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.
Hping
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).
DNSiff
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).
GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.
Ettercap
>Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.
Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.
John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix.
OpenSSH
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
TripWire
Tripwire is a tool that can be used for data and program integrity assurance.
Kismet
Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.
NetFilter
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.
IP Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.
pf
OpenBSD Packet Filter
fport
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.
SAINT
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.
OpenPGP
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.
Update:
Metasploit
Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.
Fast-track
Fast-Track is a python based open source security tool aimed at helping penetration testers conduct highly advanced and time consuming attacks in a more methodical and automated way. Fast-Track is now included in Backtrack version 3 onwards under the Backtrack --> Penetration category. In this talk given at Shmoocon 2009, the author of Fast-Track Dave Kennedy runs us through a primer on the tool and demonstrates 7 different scenarios in which he breaks into systems using the Fast-Track tool. These scenarios include automated SQL injection, MSSQL brute forcing, Query string pwnage, Exploit rewrite, Destroying the Client and Autopwnage.
If you know more, share with me via comment:)
Tag :
Hacking,
Internet Tricks
Can You Hack Your Own Site? A Look at Some Essential Security Considerations
Maybe that dastardly style sheet just won’t cascade elegantly on browser X. An incomplete comment chucks out some broken mark-up. Maybe you should have persisted those database connections after all. Hey, we all overlook things in the excitement of getting our first version running – but how many of these oversights can we happily stomach, and how many might just leave a bitter taste in ours, and more painfully our client’s mouths…
This article walks through the brainstorming stage of planning for what is in this instance, a hypothetical user-centric web application. Although you won’t be left with a complete project – nor a market ready framework, my hope is that each of you, when faced with future workloads, may muse on the better practices described. So, without further ado…Are you sitting comfortably?
The Example
We’ve been asked by our client to incorporate into an existing site, a book review system. The site already has user accounts, and allows anonymous commentary.
After a quick chat with the client, we have the following specification to implement, and only twenty four hours to do it:
Note: The client’s server is running PHP5, and MySQL – but these details are not critical to understanding the bugbears outlined in this article.
The Processes:
Our client has given us a PHP include to gain access to the database:
We don’t actually need the source to this file to use it. In fact, had the client merely told us where it lived we could have used it with an include statement and the $db variable.
On to authorisation… within the datatable schema we are concerned with the following column names:
- username, varchar(128) – stored as plain text.
- password, varchar(128) – stored as plain text.
Given that we’re working against the clock… let’s write a PHP function as quickly as we can that we can re-use to authenticate our users:
$_REQUEST Variables
In the code above you will notice I’ve highlighted an area amber, and an area red.
Why did I highlight the not-so-dangerous $_REQUEST variables?
Although this doesn’t expose any real danger, what it does allow for is a lax approach when it comes to client side code. PHP has three arrays that most of us use to get our posted data from users, and more often than not we might be tempted to use $_REQUEST. This array conveniently gives our PHP access to the POST and GET variables, but herein lies a potential hang-up…
Consider the following scenario. You write your code client side to use POST requests, but you handover the project while you grab a break – and when you get back, your sidekick has written a couple of GET requests into the project. Everything runs okay – but it shouldn’t.
A little while later, an unsuspecting user types an external link into a comment box, and before you know it, that external site has a dozen username/password combinations in its referrer log.
By referencing the $_POST variables instead of $_REQUEST, we eliminate accidentallypublishing any working code that might reveal a risky GET request.
The same principle applies to session identifiers. If you find you’re writing session variables into URLs, you’re either doing something wrong or you have a very good reason to do so.
SQL Injection
Referring again to the PHP code: the red highlighted line might have leaped out at some of you? For those who didn’t spot the problem, I’ll give you an example and from there see if something strikes you as risky…
This image makes clear the flaw in embedding variables directly into SQL statements. Although it can’t be said exactly what control a malicious user could have – it is guaranteed, if you use this method to string together an SQL statement, your server is barely protected. The example above is dangerous enough on a read-only account; the powers a read/write connection have are only limited by your imagination.
To protect against SQL injection is actually quite easy. Let’s first look at the case of quote enclosed string variables:
The quickest protection is to strip the enclosure characters or escape them. Since PHP 4.3.0 the function mysql_real_escape_string has been available to cleanse incoming strings. The function takes the raw string as a single parameter and returns the string with the volatile characters escaped. However mysql_real_escape_string doesn’t escape all the characters that are valid control characters in SQL… the highlighted elements in the image below shows the techniques I use to sanitise String, Number and Boolean values.
The first highlight, the line that sets $string_b uses a PHP function called addcslashes. This function has been part of PHP since version 4 and as is written in the above example, is my preferred method for SQL string health and safety.
A wealth of information is available in the PHP documentation, but I’ll briefly explain whataddcslashes does and how to it differs to mysql_real_escape_string.
From the diagram above you can see that mysql_real_escape_string doesn’t add slashes to the (%) percent character.
The % is used in SQL LIKE clauses, as well as a few others. It behaves as a wildcard and not a literal character. So it should be escaped by a preceding backslash character in any cases where string literals make up an SQL statement.
The second parameter I pass to addcslashes, which in the image is bold; is the character group PHP will add slashes for. In most cases it will split the string you provide into characters, and then operate on each. It is worth noting, that this character group can also be fed a range of characters, although that is beyond the scope of this article – in the scenarios we’re discussing, we can use alphanumeric characters literally e.g. “abcd1234” and all other characters as either their C-style literal “rnt”, or their ASCII index “x0Ax0Dx09”.
The next highlight makes our number values safe for SQL statements.
This time we don’t want to escape anything, we just want to have nothing but a valid numerical value – be it an integer or floating point.
You might have noticed line 10, and perhaps wondered as to the purpose. A few years ago I worked on a call centre logging system that was using variable += 0; to ensure numerical values. Why this was done, I cannot honestly say… unless prior to PHP 4 that was how we did it?! Maybe somebody reading can shed some light on the subject. Other than that, if you, like I did, come across a line like that in the wild, you’ll know what it’s trying to do.
Moving forward then; lines 11 and 12 are all we need to prepare our numerical input values for SQL. I should say, had the input string $number_i contained any non-numerical characters in front or to the left of the numerical ones… our values $number_a, $number_b and $number_cwould all equals 0.
We’ll use floatval to clean our input numbers; PHP only prints decimal places when they exist in the input value – so printing them into an SQL statement won’t cause any errors if no decimal was in the input. As long as our server code is safe, we can leave the more finicky validating to our client side code.
Before we move on to a final listing for our PHP, we’ll glance at the final code highlight, the Boolean boxing.
Like the C++ equivalent, a Boolean in PHP is really an integer. As in, True + True = Two. There are countless ways to translate an input string to a Boolean type, my personal favourite being:does the lower case string contain the word true?
You each may have you own preferred methods; does the input string explicitly equal “true” or is the input string “1” etcetera… what is important is that the value coming in, whatever it might look like, is represented by a Boolean (or integer) before we use it.
My personal philosophy is simply, if X is true or false, then X is a Boolean. I’ll blissfully write all the code I might need to review later with Booleans and not short, int, tinyint or anything that isn’t Boolean. What happens on the metal isn’t my concern, so what it looks like to a human is far more important.
So, as with numbers and strings, our Booleans are guaranteed safe from the moment we pull them into our script. Moreover our hygienic code doesn’t need additional lines.
Processing HTML
Now that we have our protected our SQL from injections, and we’ve made certain only a POST login can affably work with our script, we are ready to implement our review submission feature.
Our client wants to allow review enabled users to format their contributions as regular HTML. This would seem straightforward enough, but we also know that emails addresses are ten to the penny, and bookstore accounts are created programmatically – so in the better interests of everyone we’ll make sure only the tags we say pass.
Deciding how we check the incoming review might seem daunting. The HTML specification has a rather wholesome array of tags, many of which we’re happy to allow.
As longwinded the task might seem, I eagerly advise everyone – choose what to allow, and never what to deny. Browser and server mark-up languages all adhere to XML like structuring, so we can base our code on the fundamental fact that executable code must be surrounded by, or be part of, angle bracketed tags.
Granted, there are several ways we can achieve the same result. For this article I will describe one possible regular expression pipeline:
These regular expressions won’t produce a flawless output, but in the majority of cases – they should do a near elegant job.
Let’s take a look at the regular expression we’ll be using in our PHP. You’ll notice two arrays have been declared. $safelist_review and $safelist_comment – this is so we can use the same functions to validate reviews and later, comments:
…and here is the main function that we will call to sanitise the review and comment data:
The input parameters, I have highlighted red and blue. $input is the raw data as submitted by the user and $list is a reference to the expression array; $safelist_review or $safelist_commentdepending of course on which type of submission we wish to validate.
The function returns the reformatted version of the submitted data – any tags that don’t pass any of the regular expressions in our chosen list are converted to HTML encoded equivalents. Which in the simplest terms makes < and > into < and > other characters are modified too, but none of these really pose a security threat to our client or the users.
Note: The functions: cleanWhitespace and getTags are included in the article’s source files.
You’d be correct to assume all we have really done is helped survive the aesthetics of our site’s pages, and not done everything to protect the user’s security. There still remains a rather enormous security hole even with the SQL safe, request spoofing cured and mark-up manipulated. The JavaScript injection;
This particular flaw could be fixed by a few more regular expressions, and/or modification to the ones we are already using. Our anchor regular expression only allows “/…”, “h…” and “#…” values as the href attribute – which is really only an example of a solution. Browsers across the board understand a huge variety of script visible attributes, such as onClick, onLoad and so forth.
We have in essence created a thorny problem for ourselves, we wanted to allow HTML – but now we have a near endless list of keywords to strip. There is of course, a less than perfect – but quite quickly written way to do this:
On reflection you’d be absolutely justified in asking, “Why didn’t we just use BBCode or Textile or…?”
Myself, if I were dealing with mark-up processing, I might even go for XML walking. After all the incoming data should be valid XML.
However, this article is not meant to teach us how to regex, how to PHP or how to write anything in one particular language. The rationale behind it simply being, don’t leave any doors ajar.
So let’s finish off then; with quick review of what we’ve looked at:
Although this article hasn’t equipped you with any off the shelf project. A primary purpose of my writing was not to scare away the designers who code, or nitpick the work of coders anywhere – but to encourage everyone to author robust code from the off. That said, I do plan to revisit certain elements of this article in more detail later.
Until then, safe coding!
Tag :
Hacking,
Internet Tricks
Hacking And Cracking Website Using IP.
Your friend or your enemy has made a little shitty website for whatever maybe a private server or anything.. And your feeling devious and want to crash itTOOLS:
Port Scanner
rDos
HotSpotSheild Proxy!
Step One: First we need to find the websites IP Adress. This is very easy todo. Ok so say they URL is http://www.yoursite.com ok now that you have your URL open Up Cmd todo this press Start>Run>cmd Once you have CMD open you type ping http://www.yoursite.com press enter and you will get the ip of the website. (YOU MUST REMOVE HTTP:// AND ANY /’s)
Step Two: Now we must test to see if port 80 is open (it usually is).
This is very easy todo to Ok open up the port scanner you downloaded.
Once in the port scanner type in your Victims ip that you got from step 1.
It will ask you todo a range scan or a full scan (SELECT REANGE SCAN!) It will ask for conformaition you have to use a capital Y or a capital N! Now enter 79 for lowest port and 81 for highest hit enter than hit cap Y.
[X] = Closed
[X] Vulnerable = Open
Step Three ALMOST DONE:
The final and easiest step (IF PORT 80 IS CLOSED PICK A NEW SITE!)
If port 80 is open your on your way to crashing!!
Ok open Up rDos that you download.
Enter your victims ip that we got from step 1.
It will ask you for the port to attack use port 80 that is why we scaned to make sure 80 was open! If it is closed it will not work.
Hit enter.. *=Flooding -=Crashed Or didn’t connect!
Thanks for reading i hope this helps :)
Tag :
Hacking,
Internet Tricks
Can Google Adsense account be Hacked ?
Few days back, my friend’s google adsense got hacked by unknown person. Needless to say that he never reached those phishing sites,neither he gave his secondary email’s password to other. How was his password hacked?
When I tried solving his problem. I asked help for google, by clicking on “can’t access my account” link. After following some instructions,
I was welcomed to this screen
I let him fill out the form with as much information as he had. Then after few hours google replied him in his mail with a link to reset his password.
Thank god then he recovered his password. But again the same problem repeated, the account got hacked once again.
I guess the person who might have hacked his account must be so much clever that he again used the same method to use get back the adsense account.
The game of recovering and recovering is going on an on.
The theif never quits as every time the password is recovered, he applies same technique to recover the password back again. And so does my friend.
I hope there is some better solution to make your adsense account more secure. I wish google to read this post.
Next time be careful folks, who knows next victim might be you.
FaceBook Can Be hacked easily
A friend of mine was outraged and baffled at the same time when several of his Facebook friends called his attention to an indecent photo that was posted on his wall. What was so disgraceful about it was that it was my friend, himself, who supposedly posted it. As a result, he was blocked by some people and was reported to Facebook.
Of course it wasn’t really my friend who posted that photo and eventually he was able to clear his name with Facebook. Nevertheless, he felt very much concerned and violated.
What happened to my friend is the work of a “hacker”, who is someone who uses his computing skills to gain unauthorized access to information. In computing terminology, hacking, or also known as hijacking, is the act of intentionally accessing information without the owner’s permission. Hacking Facebook accounts results to the violation of people’s privacy.
With the popularity of Facebook, millions upon millions of people worldwide have a Facebook account. Most of them do not know that for hackers, hacking Facebook accounts is quite easy. For example, a hacker needs only a particular software, which he can use even on his android phone to get the usernames and passwords of Facebook users in a particular WiFi zone.
The software, known as a sniffer, has the capability to “sniff” information like the username and password of your Facebook account – as long as you are accessing it in the same network as he is, such as in the same WiFi network. The hacker then accesses your account and can do almost anything with it: get your profile info, send private messages to your friends, post on your wall, and even unfriend your friends!
Obviously, no one wants to experience this kind of intrusion. Here are some ways through which you can better protect yourself and your Facebook account from unauthorized access by other people:
Secure Browsing
When you log-in to your account, your username and password are sent to Facebook over the internet using a data transfer protocol known as HTTP (Hypertext Transfer Protocol). In HTTP, usernames and the corresponding passwords are sent in plain text form (readily readable) and thus can easily be used in hacking Facebook accounts once the sniffer software catches/retrieves the transmitted data
A more secure way of transmitting data is through HTTPS (HyperText Transfer Protocol over Secure Socket Layer; don’t worry we will not get into a technical discussion of these terms). In HTTPS, there is an added security because the data that is sent over the internet is encrypted. In other words, the usernames and passwords are not in a readable form.
The default setting in Facebook is HTTP but there is a facility to change it to HTTPS: Go toAccount Settings > Security > Secure Browsing (enable).
Private Browsing
You may not be aware of this but every time you use a computer, your information is stored on that computer. This includes the sites that you visit, online games you play, files you downloaded and even your username and password.
Before you log-in to your Facebook account in a computer that is not your own, such as in an internet cafĂ©, it is advisable that you enable the “Private Browsing” option so that your information will not be saved in that computer (at least for that particular session).
In Mozilla Firefox, click on Tools > Start Private Browsing or press Ctrl+Shift+P.
In Windows Internet Explorer, click on Tools > InPrivateBrowsing or press Ctrl+Shift+P.
In Google Chrome, click on the wrench icon on the toolbar, select New Incognito Window or press Ctrl+Shift+N.
Once you exit your session, the information about that session is completely erased from the computer.
Monitoring Facebook Sessions
Upon logging-in to Facebook, you may have been asked to assign a “device name” to the computer you are using. This would help you monitor your Facebook sessions by identifying devices that you normally use. To see a list of these devices, go to Account Settings > Security > Recognized Devices.
You can also opt to be notified through email or text message if your account is accessed in a device that is not among your recognized devices. Just go to Account Settings > Security > Login Notifications (enable & select your preferred notification method/s)
To monitor your active sessions, go to Account Settings > Security > Active Sessions. From there you will be able to check if someone else is currently accessing your account or if you forgot to log out from another device. You can end a particular session by clicking end activity. This is known as a “remote log out”.
Password Security
An additional security to make hacking Facebook accounts much more difficult for hackers is to have a strong password. Ideally, it should have a combination of upper and lower case letters, numbers and special characters. Of course, it should be something that you can remember.
As a safety precaution, you have to set up your password recovery service by entering a security question and a recovery email account. Also, treat your password as you do your other sensitive information such as credit card number, personal identification number and the likes. As much as possible, do not share or give out your password to others. If there is ever a need to do so, do not send it via Facebook private message or email.
Think Before You Click
As the online saying goes, everything on the net is just a click away. However, some of the nastiest things that can happen to you in the World Wide Web also begin with a click.
There is such a thing called “clickjacking”, in which clicking a link in a Facebook post may automatically install a software in your computer and/or post the same link on the walls of all your friends.
And so, it is wise to “think before you click”. Click on links only from reputable sources.
When you do encounter clickjacking in the form of a post on your wall, report/block the particular post.
Recovering Your Account
If ever your Facebook account gets hacked, you may still recover it by going tohttps://www.facebook.com/hacked/. Simply follow the steps in order to recover your hacked account.
You may also be interested in having a copy of all your Facebook activities. Go to Account Settings > General > Download a copy. It may take a while but this will download a copy to your hard drive of everything that you ever did in Facebook as far back as day one!
As the online world thrives, danger lurks in every corner. We should always be on the alert. Yes, hackers will continue to come up with new ways and develop new tools to carry out their activities. But in the same way, we can come up with new ways and develop new tools by which to thwart their plans. We only need to be a step ahead to prevent them from doing what they do, such as hacking Facebook accounts.
For hackers, it is just a game and we are almost always forced to play defense. But as they say in sports, it is good defense that win games.
You may also visit https://www.facebook.com/safety to learn more about security and safety for Facebook users.
