sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, and should also work with interfaces in monitor mode. It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. In this way, in contrast to tools like the middler, it doesn’t require any additional configuration, and makes it easy to simultaneously own multiple logins to the same site.
For example, if multiple clients on the open or WEP-encrypted wireless network you are on are on Facebook (or yahoo mail or just about any site you log into), you can:
A.Start the program
B.Select your interface
C.Hit watch
D.Select a request from each of them to facebook, and click the session button.
The program will start a new instance of firefox for each session hacked, and let you control the login of all of them at once. It compiles and runs on linux and windows depending on the pcap and wxwidgets libraries.
You can download sessionthief from below location:
Download
More Informations
10/5/10
Advanced Automated SQL Injection Tool - Havij
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injection vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
There is a free version available and also a more fully-featured commercial edition available also.
You can download Havij v1.12 Free Edition from below location:
Download
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injection vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
There is a free version available and also a more fully-featured commercial edition available also.
You can download Havij v1.12 Free Edition from below location:
Download
Mass Wifi WEP/WPA Key Cracking Tool -wifite
wifite is created to to attack multiple WEP and WPA encrypted networks at the same time. This tool is customizable to be automated with only a few arguments and can be trusted to run without supervision.
List of Features
◦sorts targets by power (in dB); cracks closest access points first
◦all WPA handshakes are backed up (to wifite.py’s working directory)
◦mid-attack options: stop during attack with Ctrl+C to use (continue, move onto next target, skip to cracking, exit)
◦numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
◦very customizable settings (timeouts, packets/sec, etc)
◦SKA support (untested)
◦finds devices in monitor mode; if none are found, prompts for selection
◦all passwords saved to log.txt
◦switching WEP attacks does not reset IVS
◦displays session summary at exit; shows any cracked keys
You can download Hydra from below location:-
Download
List of Features
◦sorts targets by power (in dB); cracks closest access points first
◦all WPA handshakes are backed up (to wifite.py’s working directory)
◦mid-attack options: stop during attack with Ctrl+C to use (continue, move onto next target, skip to cracking, exit)
◦numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
◦very customizable settings (timeouts, packets/sec, etc)
◦SKA support (untested)
◦finds devices in monitor mode; if none are found, prompts for selection
◦all passwords saved to log.txt
◦switching WEP attacks does not reset IVS
◦displays session summary at exit; shows any cracked keys
You can download Hydra from below location:-
Download
Extremely Fast Multi-Threaded Login/Password Cracker -THC-Hydra 5.8
The number one biggest security hole is passwords, as every password security study shows. Hydra is a parallelized (multi-threaded) login cracker which supports attacking/cracking numerous protocols. New modules are easy to add, beside that, it is flexible and very fast.
Currently this tool supports follows:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL,
MYSQL, REXEC,RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5,
VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3,
Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, LDAP2,
Cisco AAA (incorporated in telnet module).
Recent changes for v5.8
◦Added Apple Filing Protocol (thank to “never tired” David Maciejak @ gmail dot com)
◦Fixed a big bug in the SSL option (-S)
Additions prior to public release (v5.7 and before)
◦Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
◦Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
◦Removed unnecessary compiler warnings
◦Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
◦Fixed small local defined overflow in the teamspeak module. Does it still work anyway??
◦Moved to GPLv3 License (lots of people wanted that)
◦Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for the 0.2 basis)
◦Added firebird support (by David Maciejak @ GMAIL dot com)
◦Added SIP MD5 auth patch (by Jean-Baptiste Aviat jba [at] hsc [dot] `french tld’)
◦Removed Palm and ARM support
◦Fix for cygwin which falsely detected postgres library when there was none.
You can download Hydra from below location:-
Download
Currently this tool supports follows:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL,
MYSQL, REXEC,RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5,
VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3,
Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, LDAP2,
Cisco AAA (incorporated in telnet module).
Recent changes for v5.8
◦Added Apple Filing Protocol (thank to “never tired” David Maciejak @ gmail dot com)
◦Fixed a big bug in the SSL option (-S)
Additions prior to public release (v5.7 and before)
◦Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
◦Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
◦Removed unnecessary compiler warnings
◦Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
◦Fixed small local defined overflow in the teamspeak module. Does it still work anyway??
◦Moved to GPLv3 License (lots of people wanted that)
◦Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for the 0.2 basis)
◦Added firebird support (by David Maciejak @ GMAIL dot com)
◦Added SIP MD5 auth patch (by Jean-Baptiste Aviat jba [at] hsc [dot] `french tld’)
◦Removed Palm and ARM support
◦Fix for cygwin which falsely detected postgres library when there was none.
You can download Hydra from below location:-
Download
How to Change JKS KeyStore Private Key Password
Use following keytool command to change the key store password >keytool -storepasswd -new [new password ] -keystore [path to key stor...
-
AIX Environment Procedures The best way to approach this portion of the checklist is to do a comprehensive physical inventory of the server...
-
Java Keytool Commands for Creating and Importing keystore files: These commands allow you to generate a new Java Keytool keystore file, crea...