[php] md5/sha1 rainbow table maker | sp1r1t |  |
submitted by sp1r1t on 6/17/2009[php] md5/sha1 rainbow table maker | sp1r1t
author: sp1r1t
site: www.security-shell.ws
This script is rainbow table maker script that support 2 hash algorithms, md5 and sha1.
It has few nice options which you edit/configure at the beginning of the script.
1) choose hash between md5 or sha1
2) insert the delimiter (if you put : then file will be hash:string)
3) stealth option for keeping CPU usage low
4) character number, this will determent how long strings your rainbow table will have
5) add-remove arrays (example, you can add upper, remove numbers)
More info and better explanations in the script.
When you run the script, file called rainbowtable.txt will appear.
download link:
http://uploadmirrors.com/download/1SGVYSBJ/md5-sha1_rainbowtable.zipReply to this Entry
HackSec - Digg for Security | |
submitted by Lime on 6/16/2009HackSec is a site dedicated to having the top hacking and security news. It's like digg.com, but for security.
HackSec is hosted on a open news sharing community driven network thats free and easy to use called Blisque.
Check it out at http://hacksec.blisque.com/Reply to this Entry
Buffer Overflow Basics Video Series! | |
submitted by vivek.ramachandran on 6/10/2009In this video series we will learn the basics of Buffer Overflow attacks and demonstrate how one can exploit Buffer Overflows in programs for fun and profit. The pre-requisite for this video series is that you are familiar with Assembly language. If you are not familiar with Assembly language, no worries, I have created detailed video tutorials for Assembly language here - Assembly Language Primer for Hackers.
1. Smashing the Stack
In Part 1 of the Buffer Overflow series we will look at why buffer overflow attacks happen. We will discuss how the program stack is laid out when a function call happens, then how a buffer can be overwritten if proper bounds checking does not happen and finally how a hacker could take control of the program by overwriting the return address stored on the stack to an arbitrary value.
http://securitytube.net/Buffer-Overflow-Primer-Part-1-(Smashing-the-Stack)-video.aspx
2. Writing Exit Shellcode
In this video we will look at how to create Shellcode which we can use as payload while exploiting a buffer overflow vulnerability.
http://securitytube.net/Buffer-Overflow-Primer-Part-2-(Writing-Exit-Shellcode)-video.aspx
3. Executing Shellcode
In the last video we saw how to create shellcode from assembly language code, this video will concentrate on how to execute the shellcode from within a C program to check that it is working properly.
http://securitytube.net/Buffer-Overflow-Primer-Part-3-(Executing-Shellcode)-video.aspx
4. Disassembling Execve
In this video we will look at how to create shellcode for the Execve() syscall. We will first create a C program to spawn a shell using Execve(), then we will disassemble the program to understand how the syscall works and the kind of inputs it expects.
http://securitytube.net/Buffer-Overflow-Primer-Part-4-(Disassembling-Execve)-video.aspx
5. Shellcode for Execve
In this video we will learn how to convert the shellcode created in the previous video to a more usable format. It is important to note that the shellcode in the previous video cannot be used as-is becuase it contains NULLs and hardcoded addresses. Thus we need to convert it into something which can be injected into a buffer - i.e. we need to remove the NULLs and setup relative addressing. This video will show how we can replace the NULLs in the shellcode with instructions which results in non-NULL shellcode. Also, we discuss in detail how we can setup relative addressing within the shellcode and modify it at runtime to make it work.
http://securitytube.net/Buffer-Overflow-Primer-Part-5-(Shellcode-for-Execve)-video.aspx
6. Exploiting a Program
In this video we will understand how to use the shellcode created in the previous video to exploit an actual program.
http://www.securitytube.net/Buffer-Overflow-Primer-Part-6-(Exploiting-a-Program)-video.aspx
7. Exploiting a Program Demo
In this video we will do a buffer overflow exploitation demo using HackYou.c and ExploitMe.c
http://www.securitytube.net/Buffer-Overflow-Primer-Part-7-(Exploiting-a-Program-Demo)-video.aspx
8. Return to Libc Theory
In this video we will look at how to subvert the NX protection mechanism. The NX protection mechanism basically marks the stack, heap etc. as Non-Executable. This means the processor will not execute any instruction which is on them. From a stack overflow standpoint, this is a problem as our entire shellcode is on the stack, which now has been marked "Non-Executable". The way we counter this problem, is by using a technique called "Return to Libc".
http://www.securitytube.net/Buffer-Overflow-Primer-Part-8-(Return-to-Libc-Theory)-video.aspx
9. Return to Libc Demo
In this video we will do a hands on demo of exploiting a stack protected by NX using the Return to Libc exploitation process. We use GDB and attach it to the vulnerable program to find the address of "/bin/bash" in it's memory. Once this address is found, we modify Ret2libc.c and launch the attack on the vulnerable program. The successful exploitation leads to spawning of a shell.
http://www.securitytube.net/Buffer-Overflow-Primer-Part-9-(Return-to-Libc-Demo)-video.aspx
Thanks,
Vivek
Reply to this Entry
[php] md5/sha1 bruteforcers + stealth mode | sp1r1t | |
submitted by sp1r1t on 6/9/2009[php] md5/sha1 bruteforcer | sp1r1t
author: sp1r1t
site: https://security-shell.ws/
here's a script i made for bruteforcing md5 hashes with stealth mode.
about:
- bruteforcing md5 hash
- bruteforcing sha1 hash
- up to 10 characters
- a-z A-Z 0-9 (but you can easily add !@#$%... to array)
- Stealth mode
- result will be written in Cracked.txt after it is done (if bruteforcing fails, in the file will be written "hash not found")
WTF is Stealth mode?
normally when you run any bruteforcing script, cpu usage is 100%, well i added this thing into script, so if you turn stealth mode ON, the cpu usage will be very low (tested on my pc, and it was less then 15%) BUT the bruteforcing is slower.
WHY do we use Stealth mode?
since we are don't like to wait for the script to finish bruteforcing and we don't want to look at blank screen and wait, i made this little option that is perfect for running the script on remote servers. you upload this script on some remote web server that has php installed, insert your hash, turn stealth mode ON, run the script and that's it. you can go and do some other things, while this is being bruteforced. the script will run with low cpu usage so no one will know it's there and you just return after few days and check the logs.
have fun using it and learning from it.
download link MD5 BRUTEFORCER:
http://uploadmirrors.com/download/05O7MRMD/md5_bruteforcer.zip
download link SHA1 BRUTEFORCER:
http://uploadmirrors.com/download/1IHHJDSZ/sha1_bruteforcer.zipReply to this Entry
Beaver's SMS Bomber | |
submitted by Beaver on 6/8/2009Full Feature List:
Custom SMTP Server (Make Sure You Type It Right)
Custom Carrier Gateway (If Your Victims Gateway Is Not In The Large List You May Find And Enter it Yourself)
Custom Number Of SMS To Send (Finally Have Where You Can Enter Any Amount To Send) *NEW*
Save/Load Settings (Will Save Everything You Enter In The Fields, Restarting Your Computer Will Lose The Saved Settings)
Fixed XP GUI Issues
Stop Bombing At Any Time *New*
Watch The Number Of SMS Sent In The Title Bar *New*
No Longer Freezes While Sending *New*
GMail Is The Default SMTP Server That Is Used Which Has A Limit On The Number That Can Be Sent
Has A Lot Of Carriers Already Pre-Entered For You.
SMS Looks Like
FRM: Senders Email
SUBJ: Subject
MSG: Message
Video:
http://www.youtube.com/watch?v=GNDgm-FBdj8
Download:
http://rapidshare.com/files/242388190/Beaver_s_SMS_Bomber.exeReply to this Entry
Beaver's Mass Mailer | |
submitted by Beaver on 5/28/2009From the creator of Beaver's Text Message Bomber comes Beaver's Mass Mailer It is quite simple 1. Custom SMTP (Default Is Gmail) 2. Subject,Body, Optional Attachments 3. Load Email List (Make Sure There Is Only 1 Email per line) 4. Multi-threaded to reduce CPU load 5. Shows The # Of Emails Loaded & When Sending Shows The # Sent 6. Stop Sending At Any Time 7. Save/Load Settings  Download: http://sharebee.com/10d289143 replies, Read / Reply
EliteNova.com | |
submitted by dv on 5/21/2009with EliteNova.com you can find all the best torrents online in real-time! EliteNova.com is a BitTorrent search engine that lets you search a dozen sites including Mininova and The Pirate Bay.
Search all the best torrent sites simultaneously all from under one roof!
1 replies, Read / Reply
ExplodingEmails.com | |
submitted by dv on 5/21/2009This website provides you with "exploding" temporary e-mail addresses which "self-destruct" after 20 Minutes. You can read and reply to e-mails that are sent to the temporary e-mail address within the given time frame. Good, if you want to sign-up for stuff without revealing your real e-mail address to a might-be spammer.
Are they who they say they are?
Are they trustworthy? Who really knows, until it's too late - with Explodingemails.com your privacy is protected.
Reply to this Entry
lost door v 3.2 Stable (Build 2) | |
submitted by oussamio on 5/20/2009lost door v 3.2 Stable (Build 2)
lost door v 3.2 Stable (Build 2) done at 21 May my birthday date (happy birthday to me :lol: )
Lost door Official Website www.lostdoor.cn
download http://www.lostdoor.cn/download.html
Whats New :
-----------
# [+] Remote Nat viewer
# [+] Rmote Resotr Manager
# [+] Added Some Graphics
# [+] Some minor Bugs fixed
# [+] Some Forms Has Been Modified
# [+] News Navigator was Added
Pictures :
------------------------
 Reply to this Entry
|