sqlmap 0.9

We wrote about sqlmap version 0.8 Final being released. Now after an year, we have an update – sqlmap version 0.9.

“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.“

This is the change log:

• Rewritten SQL injection detection engine (Bernardo and Miroslav).
• Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
• Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
• Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
• Implemented support for Firebird (Bernardo and Miroslav).
• Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
• Extended old ‘–dump -C‘ functionality to be able to search for specific database(s), table(s) and column(s), –search switch (Bernardo).
• Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
• Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
• Added support to enumerate roles on Oracle, –roles switch (Bernardo).
• Added support for SOAP based web services requests (Bernardo).
• Added support to fetch unicode data (Bernardo and Miroslav).
• Added support to use persistent HTTP(s) connection for speed improvement,–keep-alive switch (Miroslav).
• Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
• Support to test and inject against HTTP Referer header (Miroslav).
• Implemented HTTP(s) proxy authentication support, –proxy-cred switch (Miroslav).
• Implemented feature to speedup the enumeration of table names (Miroslav).
• Support for customizable HTTP(s) redirections (Bernardo).
• Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, –replicate switch (Miroslav).
• Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
• Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns. Useful for instance when system table ‘information_schema‘ is not available on MySQL (Miroslav).
• Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav).
• Added safe URL feature, –safe-url and –safe-freq (Miroslav).
• Added –text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content (Miroslav).
• Implemented few other features and switches (Bernardo and Miroslav).
• Over 100 bugs fixed (Bernardo and Miroslav).
• Major code refactoring (Bernardo and Miroslav).
• User’s manual updated (Bernardo).

Download sqlmap 0.9 (sqlmap-0.9.tar.gz/sqlmap-0.9.zip) here.

The Bluetooth Spoofer : Spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetoothdevice Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are inDiscoverable Mode (specifically the same Address).
Well normally most of us never intend to audit the Bluetooth stack in any organization. But this tool could be interesting to use in an environment where Bluetooth devices have been paired with important hardware.

Spooftooph presents us the following features:

• Clone and log Bluetooth device information
• Generate a random new Bluetooth profile
• Change Bluetooth profile every X seconds
• Specify device information for Bluetooth interface
• Select device to clone from scan log

Now this is the best part – it also includes a Man-In-The-Middle mode which makes it easier to clone the Device Profile of two targeted devices. You can also randomly generate Bluetooth NAME, CLASS and ADDR fields or you could do that to random devices info in range every X seconds!  Spooftooph has several options for Bluetooth device information modification:

• Option 1: Continuously scan an area for Bluetooth devices. Make a selection on which device in the list to clone. This option also allows for logging of the scanned devices.
• Option 2: Randomly generate and assign valid Bluetooth interface information. The class and address are randomly generated and the name is derived from a list of the top 100 most common names in US and the type of device. For example if the randomly generated class is a phone, SpoofTooph might generate the name “Bob’s Phone”.
• Option 3: Specify the name, class, and address a user wishes for the Bluetooth interface to have.
• Option 4: Read in the log of previous scans and select a device to clone. Users can also manually add Bluetooth profiles to these log files.
• Option 5: Incognito mode. Scan for and clone new devices at user assigned intervals.

A sample command line could be:

1	spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c

Download Spooftooph v0.4 (spooftooph-0.4.tar.gz)here

Best Operating System for Hackers

Hi Friends, Most of my friends and bacomehacking users asked me about which operating system is best for hackers and for doing hacking activities like hacking wireless network passwords, network sniffers,reverse engineering tools, application hacking tools and other encrypting and spoofing hacking tools. Today i will share with you which operating system i use for hacking activities. My favorite operating system is Backtrack Linux and Windows XP not because they are easier to use but because i love their vast functionality and features. But you can also give a try to Matriux Operating System and knoppix , Matriux OS is just awesome but its still under construction as designers are still working on it and patching it. Now lets discuss more about functionality of Backtrack operating system. I will not discuss more about windows XP because its so easy to understand that it needs no explanation.

Backtrack : Best Operating system for Hackers

Best Operating System : Backtrack Linux

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.

Regardless if you’re making BackTrack your primary operating system, booting from a Live DVD, or using your favourite thumb drive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

Back Track is quite possibly the most comprehensive Linux distribution of security tools. Both hackers and crackers can appreciate the features of this distribution. For black-hat hackers, it provides an easy access to software that facilitates exploitations for secured systems and other reverse engineering. For white-hatters, it is a penetration tester that finds holes in a security scheme. See, everybody wins!

 

Major Features of BackTrack Linux

BackTrack features the latest in security penetration software. The current Linux kernel is patched so that special driver installation is unnecessary for attacks. For example, an Atheros-based wireless networking adapter will no enter monitor mode or inject packets without the MadWiFi driver patch. With BackTrack, you don’t need to worry about that. It’s just plug-and-play ready-to-go!

What’s great is that this Linux distribution comes Live-on-CD. So, no installation is needed. However, what you experience BackTrack, you will realize that it is a must to download this operating system and install it on your Laptop. At the very least, download the VMWare Virtual Appliance for Backtrack. Make sure you also install the VMWare Tools for Linux as well. Many features will still work in VMWare mode.

• Based on: Debian, Ubuntu
• Origin: Switzerland
• Architecture: i386
• Desktop: Fluxbox, KDE
• Category: Forensics, Rescue, Live Medium
• Cost: Free

Hacking Tools:

BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.

BackTrack includes many well known security tools including:

• Metasploit integration
• RFMON Injection capable wireless drivers
• Kismet
• Nmap
• Ettercap
• Wireshark (formerly known as Ethereal)
• BeEF (Browser Exploitation Framework)

A large collection of exploits as well as more common place software such as browsers. BackTrack arranges tools into 11 categories:

• Information Gathering
• Network Mapping
• Vulnerability Identification
• Web Application Analysis
• Radio Network Analysis (802.11, Bluetooth, Rfid)
• Penetration (Exploit & Social Engineering Toolkit)
• Privilege Escalation
• Maintaining Access
• Digital Forensics
• Reverse Engineering
• Voice Over IP

Creating the Customized Run Comman

The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.

Creating the Customized Run Command

 

Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.

1. Right click on your Desktop and select New -> Shortcut.

2. You will see a “Create Shortcut” Dialog box as shown below

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.

4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.

5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.

6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.

In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.

To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual. Now just type this short name in the Run dialog box to open the program.

I hope you like this post! Pass your comments.

How to Create Your Own Customized Run Commands

TCP/IP & UDP Attacks Introduction

Hello, Lets explain "TCP/IP & UDP Attacks", Most common and effective Web attacks...Lets Know abt its basic and types...

TCP/IP Attacks
1. TCP SYN or TCP ACK Flood Attack
2. TCP Sequence Number Attack
3. TCP/IP

UDP attacks

1. ICMP Attacks
2. Smurf Attacks
3. ICMP Tunneling

TCP operates using synchronized connections. The synchronization is vulnerable to attack; this is probably the most common attack used today. The synchronization or handshake, process initiates a TCP connection. This handshake is particularly vulnerable to a DoS attack referred to as the TCP SYN Flood attack. The process is also susceptible to access and modification attacks, which are briefly explained in the following sections.

TCP SYN or TCP ACK Flood Attack - This attack is very common... The purpose of this attack is to deny service. The attack begins as a normal TCP connection: the client and the server exchange information in TCP packets. The TCP client continues to send ACK packets to the server, these ACK packets tells the server that a connection is requested. The server thus responds to the client with a ACK packet, the client is supposed to respond with another packet accepting the connection to establish the session. In this attack the client continually send and receives the ACK packets but it does not open the session. The server holds these sessions open, awaiting the final packet in the sequence. This cause the server to fill up the available connections and denies any requesting clients access.

TCP Sequence Number Attack - This is when the attacker takes control of one end of a TCP session. The goal of this attack is to kick the attacked end of the network
for the duration of the session. Only then will the attack be successful. Each time a TCP message is sent the client or the server generates a sequence number. The attacker intercepts and then responds with a sequence number similar to the one used in the original session. This attack can then hijack or disrupt a session. If a valid sequence number is guessed the attacker can place himself between the client and the server. The attacker gains the connection and the data from the legitimate system. The only defense of such an attack is to know that its occurring... There is little that can be done...

TCP Hijacking - This is also called active sniffing, it involves the attacker gaining access to a host in the network and logically disconnecting it from the network. The attacker then inserts another machine with the same IP address. This happens quickly and gives the attacker access to the session and to all the information on the original system.

UDP packets aren't connection oriented and don't require the synchronization process as with TCP. UDP packets, however, are susceptible to interception, thus it can be attacked. UDP, like TCP, doesn't check the validity of an IP address. The nature of this layer is to trust the layer above it (I'm referring to the IP layer). The most common UDP attacks involve UDP flooding. UDP flooding overloads services, networks, and servers. Large streams of UDP packets are focused at a target, causing UDP services on that host to shut down. It can also overload the network and cause a DoS situation to occur.

ICMP Attacks - This occur by triggering a response from the ICMP protocol when it responds to a seemingly legitimate request (think of it as echoing). Ping for instance, that uses the ICMP protocol. sPing is a good example of this type of attack, it overloads te server with more bytes than it can handle, larger connections. Its ping flood.

Smurf Attacks - This attack uses IP spoofing and broadcasting to send a ping to a group of hosts on a network. When a host is pinged it send back ICMP message traffic information indicating status to the originator. If a broadcast is sent to network, all hosts will answer back to the ping. The result is an overload of network and the target system. The only way to prevent this attack is to prohibit ICMP traffic on the router.

ICMP Tunneling - ICMP can contain data about timing and routes. A packet can be used to hold information that is different from the intended information. This allows an ICMP packet to be used as a communications channel between two systems. The channel can be used to send a Trojan horse or other malicious packet. The counter measure is to deny ICMP traffic on your network.

Warning : ICMP can be very dangerous..and Even,as i said ...Don't try such attack from your pc,untill you don't know that how to be invisible on net ! Beccause once you get traced out ...No one can help you from Troubles..