Tag: tools
Various Online Password Crackers (carnal0wnage)
by dominee on Jan.12, 2010, under security
Just a list of online (mostly) md5 crackers but some with do others
This post over on pcsec got me thinking about them.
http://www.pcsec.org/archives/MD5Seacrh-v18-by-mass.html
Of course not all those are working, least not for me.
So here is that list with links and a few others thanks to my twitter homies
passcracking.ru http://passcracking.ru/
md5crack http://md5crack.com/
md5decryption: http://md5decryption.com/
TheKaine.de: http://md5.thekaine.de/
AuthSecu: http://authsecu.com/decrypter-dechiffrer-cracker-hash-md5/decrypter-dechiffrer-cracker-hash-md5.php
hackcrack: http://hashcrack.com/index.php
insidepro: http://hash.insidepro.com/
md5decrypter: http://md5decrypter.com/
md5pass.info: http://md5pass.info/
Bonus points for two of the sites from the screen shot just giving you a parallels plesk login.
Sites specifically mentioned to me in no particular order
Plain-Text.info http://plain-text.info/add/ (also has IRC support)
Hashkiller: http://hashkiller.com/password/
Cryptohaze: http://www.cryptohaze.com/addhashes.php
md5rednoize: http://md5.rednoize.com/
milw0rm: http://milw0rm.com/cracker/insert.php
GData: http://gdataonline.com/seekhash.php
c0llision: http://www.c0llision.net/webcrack.php (also has IRC support)
ISC: http://isc.sans.org/tools/reversehash.html
PassCracking http://passcracking.com/
Lastly, for fun, a metasploit module that submits the hash to md5crack.com and displays the password if its found.
msf auxiliary(md5check_md5crack) > run
[*] Sending 098f6bcd4621d373cade4e832627b4f6 hash to md5crack.com…
[*] plaintext md5 is: test
[*] Auxiliary module execution completed
I started to do more than just md5crack but writing regex’s for different sites just seemed like a waste of time.
http://carnal0wnage.attackresearch.com/sites/default/files/md5check_md5c… (rename to .rb)
repost from: http://carnal0wnage.attackresearch.com/node/402
Undele files from NTFS (livecd)
by dominee on Dec.07, 2009, under HOWTO
Tools:
System Rescue CD
Avira rescue CD
NTFS Undelete tool/cd
using sysrescuecd
http://man.linux-ntfs.org/ntfsundelete.8.html
ntfsundelete /dev/hda1 -s -m '*.doc' -d /mnt/usb
yet another webtools
by dominee on Aug.27, 2009, under security
Httpry – HTTP Traffic sniffer
Httpry, is a sniffer specializing in sniffing http traffic. Httpry is used to log and display http traffic by capturing, parsing and logging the traffic for further analysis.
http://www.lifedork.net/httpry-http-traffic-sniffer.html
http://dumpsterventures.com/jason/httpry/httpry-0.1.5.tar.gz
Firefox Addons own ya – Keylogger POC
My small POC consists of a keylogger written in javascript and embedded into Firefox browser in form of extension. This code can be injected into any known/famous addon without even noticing it since it creates no warnings at Antiviruses (it’s just legal javascript) and no warning from Firewalls since the logs of the keystrokes are sent through Firefox on port 80 to a malicious server.
http://blogs.hackerscenter.com/2008/04/firefox-addons-threat.html
http://www.hackerscenter.com/public/Firefox_poc/poc_keylogger.zip
RHEL diagnostic tool configuration and recommendations
by dominee on Aug.25, 2009, under for geeks, HOWTO
RHEL diagnostic tool configuration and recommendations
- Kdump/Netdump
- Sysstat
- Hangwatch
- Ksar
yet another websec reading..
by dominee on Aug.19, 2009, under for geeks, security
An article from nessus team about attacks and securing php +ref
Configuration Auditing php.ini To Help Prevent Web Application Attacks
—
Joomla! auditing tool? yeah
OWASP Joomla Vulnerability Scanner Project
The following features are currently available.
* Exact version Probing (the scanner can tell whether a target is running version 1.5.12)
* Common Joomla! based web application firewall detection
* Searching known vulnerabilities of Joomla! and its components
* Reporting to Text & HTML output
* Immediate update capability via scanner or svn
SQLsus
by dominee on Apr.03, 2009, under security
sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more…
It is designed to maximize the amount of data gathered per web server hit, making the best use (I can think of) of MySQL functions to optimize the available injection space.
sqlsus is focused on PHP/MySQL installations, and integrates some neat features, some of them being really specific to this DBMS.
I have lots of ideas for sqlsus improvements, all I need is time, and feedback 
It is not and won’t ever be a SQL injection scanner, it starts its job on the next step.
-
Hell-0!. Welcome to from.hell!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
Event Calendar
« Jan 
Mar » February 2012 M T W T F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
