Tech Directions
Havij v1.15 Advanced SQL InjectionHavij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
 |
| Download |
Intercepter is a sniffer tool which offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/
WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/
AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/
AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
 |
| Download |
Features: >> Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
>> Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).
>> Creation of a custom xp_cmdshell if the original one has been removed
>> Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed).
>> TCP/UDP portscan from the target SQL Server to the attacking machine, in order
to find a port that is allowed by the firewall of the target network
and use it for a reverse shell.
>> Direct and reverse bindshell, both TCP and UDP
>> ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse
shell but the DB can ping your box.>> DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for
a direct/reverse shell, but the DB server can resolve external hostnames
(check the documentation for details about how this works).>> Evasion techniques to confuse a few IDS/IPS/WAF.
>> Integration with Metasploit3, to obtain a graphical access to the remote DB
server through a VNC server injection.
>> Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).
>> Creation of a custom xp_cmdshell if the original one has been removed
>> Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed).
>> TCP/UDP portscan from the target SQL Server to the attacking machine, in order
to find a port that is allowed by the firewall of the target network
and use it for a reverse shell.
>> Direct and reverse bindshell, both TCP and UDP
>> ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse
shell but the DB can ping your box.>> DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for
a direct/reverse shell, but the DB server can resolve external hostnames
(check the documentation for details about how this works).>> Evasion techniques to confuse a few IDS/IPS/WAF.
>> Integration with Metasploit3, to obtain a graphical access to the remote DB
server through a VNC server injection.
ARPwner – ARP & DNS Poisoning Attack Tool
ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and
a plugin system to do filtering of the information gathered, also has a implementation of SSLstrip and is coded in python.
ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and
a plugin system to do filtering of the information gathered, also has a implementation of SSLstrip and is coded in python.
 |
| Download |
cyb3r-sh3ll is a advanced PHP shell with some unique features like Cpanel Cracker , Port Scanner, Security Scanner, Proxy, Whois,Dictionary Maker, Hash Cracker etc. cyb3r-sh3ll is a hybrid version of all most powerfull shells. cyb3r-sh3ll has around 40 distinct features and yet to be updated in next versions. This shell has immense capabilities and have been written with some concepts and tools in mind, which are mostly required during penetration testing.
 |
| Download |
Customisation
1. Email Trace back is set to Off as default and emails will not be sent , If you are setting
this feature on make sure you change the default email address (lionaneesh@gmail.com)
to Your email address , Please Change it before using.
2. Username and Passwords are set to lionaneesh and lionaneesh respectively , Please change them for better
security.
3. As a default Lock Mode is set to on! This should not be change unless you want your shell exposed.
Default Login
Username : lionaneesh
Password : lionaneesh
Features
Shell
Platform Independent
Mass - Mailer
Small Web-Server Fuzzer
DDoser
Design
Secure Login
Deletion of Files
Bind Shell
Back Connect
Fixed Some Coding errors!
Rename Files
Encoded Title
Traceback (Email Alerts)
PHP Evaluate
Better Command Execution (even supports older version of PHP)
Mass Code Injector (Appender and Overwriter)
Lock Mode Customization
Latest Version Addition
Mail Bomber (With Less Spam detection feature)
PHP Decoder
Better Uploader
Fixed some Coding errors
Post a Comment