./dev/sda /tmp/backtrack, Ppentest, Win Security

Daftar Aplikasi Hacking. [ada beberapa yang gw PAKEEE] mantaf!!

Batch
– DELmE’s Batch Virus Generator v 2.0
– Power Of Batch [Text File]

Binders
– Bl0b B!nder 0.2.0 + USG
– BlackHole Binder
– F.B.I. Binder
– Predator 1.6
– PureBiND3R by d3will
– Schniedelwutz Binder 1.0
– Simple Binder by Stonedinfect
– sp1r1tus Binder 1.0
– Tool-Store Binder 1.0
– Tool-Store Toasty Binder 1.0
– Yet Another Binder 2.0
– Others

Crypters 
– Bifrost Crypter by ArexX 2
– Cryptable Seduction 1.0 by DizzY
– Crypter by Permabatt
– Crypter bY YoDa
– Cryptic 1.5
– Daemon Crypt 2 Public
– Deception 4 by [RaGe] [Favorite :D]
– Destructor Crypter
– EXECrypt 1 M0d by CARDX
– Fuzz Buzz 1.2 by BulletProof
– OSC-Crypter by haZl0oh M0d
– Poison Ivy Crypt M0d by CARDX
– SaW V1 Mod by LEGIONPR
– Skorpien007 Crypter 3.1
– Stonedinfect Crypter 1.0
– Trojka Crypter 1.1 by tr1p0d

Keyloggers
– Ardamax 2.8
– Ardamax 2.41

Nukers dan Fl00ders
– Ass4ult
– B4ttl3 P0ng
– Click v2.2
– Fortune
– ICMP Fl00d
– Panther Mode 1 & 2
– Rocket v1.0
– RPC Nuke

Port & IP Scanners 
– Advanced IP Scanner
– Advanced Port Scanner
– Bitching Threads
– BluePortScan
– LanSpy
– NeoTracePro
– NetScanTools
– ProPort
– Putty v0.6
– SuperScan
– Trojan Hunter 15
– ZenMap – Nmap v5.21 [Win]

R.A.T.s 
– Apocalypse 1.4.4
– Aryan v0.5
– Bandook RAT 1.35
– Bifrost 1.2.1d
– Cerberus 1.03.4
– All Cybergates from v1.01.8 to v1.04.8
– DarkComet 2 RC3
– Lost Door 4.0 Pro
– MeTuS-Delphi-2.8
– Nuclear RAT 2.1.0
– Optix v1.33
– Poison Ivy 2.3.2
– ProRat 1.9 SE
– SharK 3
– Spy-Net v2.6
– SubSeven 2.3
– Turkojan 4 Gold

Sniffers 
– Cain & Abel Self Installer [WinXP]
– WireShark Self-Installer [Win32]

Stealers 
– 1337 SteamACC Stealer Private
– Allround Stealer
– Armageddon Stealer 1.0 by Krusty
– bl0b Recovery 1.0
– Blade Stealer 1.0 PUBLIC
– Codesoft PW Stealer 0.35
– Codesoft PW Stealer 0.50
– Dark Screen Stealer 2
– Dimension Stealer 2 by Gumball
– FileZilla Stealer 1.0 PUBLIC
– FileZilla Stealer by Stonedinfect
– Firefox Password Stealer – Steamcafe
– Fly Stealer 0.1
– Fudsonly Stealer 0.1
– Hackbase Steam Phisher 1.2 BETA
– spam 0.0.1.4
– spam Stealer
– HardCore Soft 0.0.0.1
– ICQ Steal0r
– IStealer 4.0
– IStealer 6.0 Legends
– LabStealer by Xash
– Multi Password Stealer 1.6
– Papst Steale.NET
– Pass Stealer 3.0
– Pesca Stealer 0.2
– pixel Stealer 1.3.0 SC
– pixel Stealer 1.4.0
– ProStealer
– Public Firefox 3 Stealer
– Pure-Steam 1.0 CS
– Pw Stealer by Killer110
– PWStealer 2.0
– Remote Penetration 2.2
– SC LiteStealer 1
– SimpleStealer 2.1
– SPS Stealer
– SStealer by till7
– Steam Stealer 1.0 by ghstoy
– Steam Stealer by till7
– Stupid Stealer 6 mit PHP Logger
– System Stealer 2
– The Simpsons Stealer 0.2
– Tool-Store FileZilla Stealer 1.0
– Ultimate Stealer 1.0
– Universal1337 – The Account Stealer
– Universal1337 2
– Universal1337 3

Vulnerability Scanner and Exploiter 
– Atk ToolKit 4.1 [Src Code Included]
– Metasploit Framework V3.4.0 [Win]
– Nessus [Win32]

Website Exploit And SLQ Injections
– Admin Finder
– CGI-Bug Scanner
– Exploit Scanner
– ServerAttack
– SQL Helper
– Dork List [Text File]
– Dork [Text File]
– Master Google Hack List [Text File]

Others
– Bruteforcers
– Extra! [From VIP Vince Tool pack]
– ProxyBrowser
– Various Tools

Standard
Google.dork

GoogleDork part1


 Topic

Medium Risk Vivotek Cameras Data Configuration Disclosure
Dork: “/setup/config.html” OR allinurl:”setup/parafile.html”
17.07.2012 Alejandro Leon M…
Medium Risk Elite Bulletin Board 2.1.19 SQL Injection
Dork: intext:”Powered by: Elite Bulletin Board “
16.07.2012 T0x!c
Low Risk Kool Media Converter 2.7.0 Denial Of Service
Dork: N/A
16.07.2012 Kalashinkov3
Medium Risk Gustavo Antunez SQL Injection Vulnerability
Dork: intext:”Desarrollado por Gustavo Antunez”
14.07.2012 TAURUS OMAR
High Risk Ajax Data Uploader Shell Upload
Dork: inurl:plugins/ajaxfilemanager/inc/data.php
14.07.2012 Mr.XpR
High Risk Joomla KSAdvertiser Shell Upload
Dork: inurl:index.php?option=com_ksadvertiser
14.07.2012 D4NB4R
High Risk cyberschool CMS [FCKeditor] Arbitrary File Upload Vulnerability
Dork: intext:”Web Development by IES, Inc”
11.07.2012 Am!r
Low Risk Flogr 1.7 Cross Site Scripting
Dork: inurl:”tag=” “powered by flogr v1.7”
10.07.2012 Nafsh
Medium Risk Digiport SQL Injection
Dork: powered by: Digiport
10.07.2012 POLTERGEISTH4CKE…
Medium Risk digiGALLERY SQL Injection
Dork: Powered by digiGALLERY
10.07.2012 POLTERGEISTH4CKE…
Medium Risk Word Press image-gallery plugin Sql Injection
Dork: inurl:image-gallery/?gallery_id=
07.07.2012 Mr.XpR
High Risk WordPress (wp-insert Plugin) Arbitrary File Upload Vulnerability
Dork: inurl:”wp-content/plugins/wp-insert”
06.07.2012 IrIsT.Ir
Medium Risk Arasism SQL Injection
Dork: “Powered by Arasism.com”
06.07.2012 Ehram.shahmohama…
Medium Risk 7sepehr SQL Injection
Dork: “Powered by 7sepehr.com”
06.07.2012 Ehram.shahmohama…
High Risk Word press flexiweb-form plugin Remote File Uploader
Dork: inurl:plugins/flexiweb-form/
05.07.2012 Mr.XpR
Medium Risk Webify Link Directory / SQL Injection
Dork: allinurl: index.php?page=browse&id=1
04.07.2012 Daniel Godoy
Medium Risk CLscript Classified Script 3.0 SQL Injection
Dork: allinurl: classified-listing.php?catId=
04.07.2012 Daniel Godoy
Medium Risk phpMyVisites SQL Injection
Dork: inurl:”/phpmv2/phpmyvisites.php”
04.07.2012 TAURUS OMAR
Medium Risk Octagono SQL Injection
Dork: intext:”Desenvolvido por Octagono”
03.07.2012 TAURUS OMAR
Medium Risk Geswebs SQL Injection
Dork: intext:”Sitio Web Disenado por: GesWebs”
03.07.2012 TheCyberNuxbie
Standard
Ppentest

Basic Metasploit

Special Thanks to :  Reza Ervani (rezaervani@gmail.com) & Vivek Ramachandran – http://www.vivekramachandran.com/

Memahami Istilah-istilah Dasar

  • Vulnerability/Kerentanan – Ini artinya kelemahan yang ada di sistem
  • Exploit – Itu Kode, yang di sisipin kedalam kelemahan suatu sistem.
  • Payload – kode aktual yang dijalankan pada sistem setelah ekploitasi
Ilustrasi :

Secara diagram, penemuan Vulnerability, perlakuan Exploitasi dan Pemuatan Payload tuh kayak begini.

[ASK] Wew? dari mana gw tau klo sistem/PC itu lemah???

[Answer] itu nanti dibahas dipost selanjutnya ,.

Standard