HexorBase - The Database Hacker Tool - MySql, Oracle, PostgreSQL, SQLlite, MS-Sql

HexorBase - The Database Hacker Tool ( MySql, Oracle, PostgreSQL, SQLlite, MS-Sql )

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.
It works on Linux and Windows running the following:

Requirements:
python
python-qt4
cx_Oracle
python-mysqldb
python-psycopg2
python-pymssql
python-qscintilla2


To install simply run the following command in terminal after changing directory to the path were the downloaded package is:

root@host:~# dpkg -i hexorbase_1.0_all.deb

Icons and Running the application:
Software Icon can be found at the application Menu of the GNOME desktop interfaces
Icon can also be found at /usr/share/applications for KDE and also GNOME:
There you find "HexorBase.desktop"

To get the source code for this project from SVN, here's the checkout link:
root@host:~# svn checkout http://hexorbase.googlecode.com/svn/

Fully Automated Mass WPA / WEP Hacker with Wifite ( wifite.py ) and cracking key with oclHashcat

Fully Automated Mass WPA / WEP Hacking with Wifite ( wifite.py )
converting the .cap File and resolving the WPA Key with oclHashcat-64

In this Tutorial you learn how to Capture a WPA2 Handshake with a GUI Powered Tool ( wifite.py );
later we upload the capture file to http://hashcat.net/cap2hccap/ to generate a .hccap file which we will crack with oclHashCat-64.


Some Informations about the Tools:

Wifite:


This project is available in French: all thanks goto Matt² for his excellent translation!
sorts targets by power (in dB); cracks closest access points first
automatically deauths clients of hidden networks to decloak SSIDs
numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
"anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
all WPA handshakes are backed up to wifite.py's current directory
smart WPA deauthentication -- cycles between all clients and broadcast deauths
stop any attack with Ctrl+C -- options: continue, move onto next target, skip to cracking, or exit
switching WEP attack methods does not reset IVs
intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
SKA support (untested)
displays session summary at exit; shows any cracked keys
all passwords saved to log.txt
built-in updater: ./wifite.py -upgrade

Requirements

linux operating system (confirmed working on Ubuntu 8.10 (BT4R1), Ubuntu 10.04.1)
tested working with python 2.4.5 and python 2.5.2; might be compatible with other versions,
wireless drivers patched for monitor mode and injection: backtrack4 has many pre-patched drivers,
aircrack-ng (v1.1) suite: available via apt: apt-get install aircrack-ng or by clicking here,
xterm, python-tk module: required for GUI, available via apt: apt-get install python-tk
macchanger: also available via apt: apt-get install macchanger
pyrit: not required, optionally strips wpa handshake from .cap files

oclHashcat-plus

Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker
Worlds first and only GPGPU based rule engine
Free
Multi-GPU (up to 16 gpus)
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch movies or play games while cracking
Focuses highly iterated, modern hashes
Focuses single dictionary based attacks
Supports pause / resume while cracking
Supports reading words from file
Supports reading words from stdin
Integrated thermal watchdog
20+ Algorithms implemented with performance in mind

If you have any question, leave a note.

Adobe.com Cross Site Scripting Problem

AdobeTV seems to have a little Cross Site Scripting Problem =)

https://tv.adobe.com/login/login?redirect=index.cfm

Router Hacking with Hydra - Very Fast

Update: New Video Version


In this short video you can see how effectiv hydra/xhydra works with a passwordlist against routers,
weblogins and other authentication forms.

THC-Hydra - the best parallized login hacker:

• Samba, FTP, POP3,
• IMAP, Telnet, HTTP Auth,
• LDAP,NNTP, MySQL, VNC,
• ICQ, Socks5, PCNFS,
• Cisco and more. Includes SSL support and is part of Nessus.

SIOCSIFFLAGS: Unknown error 132 message

If you are using Backtrack 5 or Backtrack 5 R1 within a Vmware while using USB Wifi Devices like the RTL8187 Chipset ( ALFA AWUS 036H ) you run probably into this Error Message:

airmon-ng start wlan0

SIOCSIFFLAGS: Unknown error 132 message

To solve this issue, use the following commands:

prepare-kernel-sources

cd /usr/src/linux/drivers/net/wireless/rtl818x/rtl8187/

wget http://backtrack-linux.org/silly-rfkill-patch.patch

patch -p0 < silly-rfkill-patch.patch

cd /usr/src/linux

make drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko

cp drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko /lib/modules/2.6.39.4/kernel/drivers
/net/wireless/rtl818x/rtl8187/rtl8187.ko

After that reboot your vmware/backtrack, and your issue is solved.

Reaver 1.2 WPS Brute Force Cracker to recover Passphrase

NEW VIDEO - NEW VIDEO

NEW Reaver 1.4 Tutorial


http://maurisdump.blogspot.com/2012/01/reaver-14-wps-bruteforcing-tool-upgrade.html








Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases

On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Prerequisites

You must be running Linux
You must have a wireless card capable of raw injection
You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite.

Basic Usage

First, make sure your wireless card is in monitor mode:

# airmon-ng start wlan0

To run Reaver, you must specify the BSSID of the target AP and the name of the monitor mode interface (usually 'mon0', not 'wlan0', although this will vary based on your wireless card/drivers):

# reaver -i mon0 -b 00:01:02:03:04:05

You will probably also want to use -vv to get verbose info about Reaver's progress:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv

Speeding Up the Attack

By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0

Easy Apache / IIS Slow Header Attack

Slow Header Attack

The Slow Header attack works by exploiting the Client idle timeout value on the server side. This timeout is configured on server side to drop a client connection if a client was found idle during the time interval. The Slow header attack finds the approximate timeout value set in Server side and then chooses a value which is lower than the configured value. The attack then initiates a Http Request with Partial header to the server. It keeps sending one header based on the chosen value and this way Client idle timeout will not be triggered on the server side and Request will not be complete

In essence you can send a Denial Of Service attack to website using one laptop over a proxy.

Phishing Attacks with GUI powered Ghost Phisher Fake DNS, Fake DHCP, Fake Webserver

Phishing Attacks with GUI powered Ghost Phisher Fake DNS, Fake DHCP, Fake Webserver


Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot , could be used to service DHCP request , DNS requests or phishing attacks.