Learn How To Hack - Ethical Hacking and security tips

Metasploit Framework Post Exploitation - Windows Security Center

noreply@blogger.com (Adnan Anjum) — Fri, 13 Jan 2012 20:21:06 PST

Quick demo as part of post exploitation phase with Metasploit Framework and some tips about the Windows Security Center and the system notifications

DEFT Linux 7 Computer Forensic Live Cd - Released

noreply@blogger.com (Adnan Anjum) — Fri, 13 Jan 2012 20:15:20 PST

DEFT (Digital Evidence & Forensic Toolkit) is a customised distribution of the Lubuntu live Linux CD. It is an easy-to-use system that includes excellent hardware detection and some of the best open-source applications dedicated to incident response and computer forensics. New features: - Based on Lubuntu 11.10 - Installable Distro - Linux kernel 3.0.0-12, USB 3 ready - Libewf 20100226 -

Hack Windows 7 with Metasploit

noreply@blogger.com (Adnan Anjum) — Thu, 12 Jan 2012 17:23:01 PST

In this tutorial i will exploit a Windows 7 Sp1 OS using Metasploit. i will be using the exploit/multi/handler module which “provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework“ Before we fire up Metasploit, we need to create a payload in order to gain a meterpreter shell. To create a payload type this in the terminal without

MS11-100 DoS PoC exploit published

noreply@blogger.com (Adnan Anjum) — Mon, 09 Jan 2012 14:34:58 PST

If you have not patched yet for vulnerability MS11-100 you might want to do it ASAP, because the DoS PoC exploit for this vulnerability has been published three days ago. More information about the vulnerability and patches at http://technet.microsoft.com/en-us/security/bulletin/ms11-100

Simple Mail Server - SMTP Authentication Bypass Vulnerability

noreply@blogger.com (Adnan Anjum) — Mon, 09 Jan 2012 14:30:02 PST

Title: Simple Mail Server - SMTP Authentication Bypass Vulnerability Software : Simple Mail Server Software Version : 2011-12-30 Vendor: http://simplemailsvr.sourceforge.net/ Class: Origin Validation Error CVE: Remote: Yes Local: No Published: 2012-01-08 Updated: CVSS2 Base: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) Impact : Medium (4 < 6.4 < 8) Bug Description : Simple

Perform Smart SSL Cipher Enumeration:SSL Smart

noreply@blogger.com (Adnan Anjum) — Fri, 06 Jan 2012 07:55:02 PST

SSLSmart, a highly flexible and interactive tool aimed at improving efficiency and reducing the false positives during SSL testing. Among other things, SSLSmart simply an advanced and highly flexible Ruby based smart SSL cipher enumeration tool. It is an open source, cross platform, free tool. It was programmed because a number of tools on the Windows platform allow users to test for supported

Bypass Intrusion Detection/Prevention Signatures

noreply@blogger.com (Adnan Anjum) — Sat, 31 Dec 2011 13:24:47 PST

*Please note that this does not include the multitude of configuration errors (disabled by default checks like POST search/bad preprocessor configurations like minimum fragment length) nor network vs. host-based issues like fragment reassembly.For configuration errors by default, please check http://cvs.snort.org....cgi/snort/doc/ and read appropriate preproc documents for disabled checks. By

Writing Shell Code On/For Windows

noreply@blogger.com (Adnan Anjum) — Sat, 31 Dec 2011 13:17:16 PST

IntroductionThis article/tutorial assumes you have some common sense and some knowledge.I won't be explaining what shell code, DLL's, Memory Adresses etc...You should know that before starting on this.EnvironmentInitially we will be focusing on creating Windows Assembly; however, Linux is reallygood for developing assembly and shell code. But because we are on windows we'lluse Cygwin.Download the

Password Security Scanner v.1.00

noreply@blogger.com (Adnan Anjum) — Sat, 31 Dec 2011 13:10:07 PST

This utility scans the passwords stored by popular Windows applications (Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more...) and displays security information about all these passwords. The security information of every stored password includes the total number of characters, number of numeric characters, number of lowercase/uppercase characters, number of repeating characters,

How To Hack Facebook

noreply@blogger.com (Adnan Anjum) — Mon, 28 Nov 2011 13:18:14 PST

After watching this video you are now able to build keylogger server with default options for some advance options you can explore various builder functions. Last Update Date: 10/11/2011 (Curing update.) Latest Version: v1.78 Project Neptune (1.7 MiB ) Project Neptune includes many features that separate it from other programs and simply make it the best. Each of it,s functions are entirely

Free Comodo Internet Security Pro 2012 one year license key

noreply@blogger.com (Adnan Anjum) — Fri, 21 Oct 2011 12:30:04 PDT

Comodo Internet Security Pro 2012 which is priced at $49.99. This promo will allow users to use the latest pro version completely free for a year. Free Comodo Internet Security Pro 2012 Comodo Internet Security Pro comes with powerful cloud based Antivirus, Antispyware, and an excellent award winning firewall with defense plus technology that provides high-level of protection. The 2012

Official GNOME Shell Extensions

noreply@blogger.com (Adnan Anjum) — Mon, 17 Oct 2011 05:30:10 PDT

Official GNOME Shell Extensions Available In The WebUpd8 GNOME 3 PPA For Ubuntu 11.10The latest official GNOME Shell Extensions (version 3.2.0) are now available in the WebUpd8 GNOME 3 PPA for Ubuntu 11.10 Oneiric Ocelot. This PPA is an attempt to have all the stable GNOME 3.2 packages that aren't available in the official Ubuntu 11.10 repositories in a single place. Please note that I did not

Bypassing Windows 7 Kernel ASLR

noreply@blogger.com (Adnan Anjum) — Sat, 15 Oct 2011 06:41:24 PDT

Windows 7 has a nice security about kernel space Many checks of size, integrity controls and access restrictions are available.For example the “security check” protect our stack if a string is used, many functions like “strcpy()” are deprecated (and some are disallowed) to force developers to have a secure coding.This is why, some attacks were presented as heap overflows in local

A Code Execution Vulnerability in Google App Engine SDK for Python

noreply@blogger.com (Adnan Anjum) — Sat, 15 Oct 2011 01:53:46 PDT

Google App Engine is a great technology allowing web developers to develop their own web applications,test them in their internal framework, and deploy them to Google’s appspot.com domain.The Google App Engine framework allows developers to write their web site logic in Python, and offers several frameworks specially created for this. In addition, Google App Engine provides an SDK Console

WebBackdoors , Attack, Evasion and Detection

noreply@blogger.com (Adnan Anjum) — Sat, 15 Oct 2011 01:39:22 PDT

This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. Paper explains few techniques that could be used to render undetectable and unnoticed backdoor inside web applications. This paper is mainly an update for an old paper of ours Effectiveness of Antivirus in Detecting Web Application Backdoors, which mainly

Advanced SQL Injection - Defcon 17 - john Mccray

noreply@blogger.com (Adnan Anjum) — Mon, 22 Aug 2011 22:26:27 PDT

According to OWASP top 10 vulnerabilities of 2010, SQL injection is the most dangerous and most common vulnerability around, A SQL Injection vulnerability occurs due to improper input validation or no input validation at all, what I mean by improper or no input validation is the user input is not filtered(for escape characters) before it gets passed to the SQL database, A Sql injection

BackTrack 5 R1 Released - Penetration Testing Distribution

noreply@blogger.com (Adnan Anjum) — Thu, 18 Aug 2011 22:58:36 PDT

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and

Reverse Engineering Hacking Tutorial- Introduction to assembly language

noreply@blogger.com (Adnan Anjum) — Thu, 11 Aug 2011 03:39:42 PDT

Hello friends, lets continue our tutorial on reverse engineering. Today i will teach you assembly language basic that are necessary for learning reverse engineering. As we all know assembly language is very important for reverse engineering and we must know, what are registers and which register serves for what. How the assembly language instruction work and how can we relate them with normal

Best Password Hacking Breaking Tools 2011 Link Updated

noreply@blogger.com (Adnan Anjum) — Thu, 11 Aug 2011 03:28:39 PDT

Hello Friends , Today I am sharing with you my latest Collection of "Best Password Hacking Tools 2011". Using this password hacking kit you will be able to crack a lot of passwords like Windows Admin password, pdf passwords, zip files passwords, document passwords, rar passwords and much more.. I am sure you will like this post. This Password Hacking Kit Consists of following

Reverse Engineering Hacking Tutorial

noreply@blogger.com (Adnan Anjum) — Thu, 11 Aug 2011 03:28:59 PDT

Today i will teach you basics of Reverse Engineering and in further hacking classes we will discuss it in depth with practical reverse engineering examples. Today we will discuss what is reverse engineering? How its useful for ethical hacks? Common terms used in reverse engineering. In next post i will share the best reverse engineering software's and tools that i normally use to reverse engineer

winAUTOPWN v2.7 Released - Vulnerability Testing on Windows

noreply@blogger.com (Adnan Anjum) — Thu, 11 Aug 2011 03:29:15 PDT

winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi- threaded portscan for TCP ports 1 to 65535. Exploits capable of giving Remote Shells, which are released publicly over the Internet by active contributors and exploit writers are

WebsiteDefender – Ensure Your Website Security

noreply@blogger.com (Adnan Anjum) — Wed, 03 Aug 2011 07:18:15 PDT

WebsiteDefender is an online service that monitors your website for hacker activity, audits the security of your web site and gives you easy to understand solutions to keep your website safe. With WebsiteDefender you can: Detect Malware present on your website Audit your web site for security issues Avoid getting blacklisted by Google Keep your web site content & data safe

Online SQLi Scanners

noreply@blogger.com (Adnan Anjum) — Mon, 25 Jul 2011 06:36:11 PDT

http://scanner.drie88.tk/ http://wolfscps.com/gscanner.php http://cattuong.net/ http://www.sunmagazin.com/tools/hack/SQLI-Scan/ http://www.be007.gigfa.com/scanner/scanner.php http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan/ Regards Adnan Anjum

Browser Based Hacking Framework - Mantra Security Toolkit 0.6.1 Released

noreply@blogger.com (Adnan Anjum) — Fri, 15 Jul 2011 10:09:28 PDT

Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. The software is intended to be lite, flexible, portable and user friendly with a nice graphical user

WordPress Security/Vulnerability Scanner - WPScan

noreply@blogger.com (Adnan Anjum) — Thu, 14 Jul 2011 10:02:12 PDT

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc). Features Username enumeration (from author querystring and location header) Weak password cracking (multithreaded) Version enumeration (from generator meta tag) Vulnerability enumeration (based