Showing posts with label Hack Tools. Show all posts
Showing posts with label Hack Tools. Show all posts

SecretLayer: Advanced Steganography Software [Pro Version Download Now]

Posted by Avik Sarkar On 10/31/2012 06:08:00 am

SecretLayer: Advanced Steganography Software [Pro Version Download Now]

Hackers, security professionals and also many other people who are involved in this cyber domain must be familiar with the term 'steganography'. I do believe that many of us have used this finest technique many times, may be some times for fun, or may be some nasty jobs. For those who are not so familiar with Steganography, then it is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. In very simple word its one of finest art of deception. For your information, now a days Steganography has been widely used, or I should say misused by many terrorist organizations for transmitting their hidden messages. One of the most dangerous changeless with Steganography is, researcher can detect whether an image or text is containing hidden message, but so far they can't unveil the inside message. 
Today we will talk about an advanced tool which is designed to tweak the color of specific pixels. The tool is named 'SecretLayer' which lets you encrypt your data (so you're no worse off than before) and then hide that encrypted data in ordinary images, like the ones used every day on all websites and email attachments. 

The Pro version of Secret Layer supports encryption of your data: -




  • Encryption type: AES, Key length: 128, 196, 256 (bits)
  • Encryption type: Blowfish, Key length: 128, 196, 256, 384, 448 (bits)
  • Encryption type: Cast-128, Key length: 40, 64, 128 (bits)
  • Encryption type: Cast-256, Key length: 128, 160, 192, 224, 256 (bits)
  • Encryption type: DES, Key length: 64 (bits)
  • Encryption type: IDEA, Key length: 128 (bits)
  • Encryption type: RC5, Key length: 64, 128, 192, 256, 384, 448, 512, 1024, 1536, 2040 (bits)
  • Encryption type: Twofish, Key length: 128, 192, 256 (bits)



    • A container with the encrypted data is hidden inside of an ordinary-looking image. This is all done automatically and in the background: you don't have to do anything extra. To download SecretLayer click Here. Earlier I told you that Steganography is on the finest way of hiding your secrete message, besides it contains many threats, as it has been widely used by criminals for transmitting messages. So far those hidden contains can not be decrypted easily. So now its upto you, that how will you use such tools. Remember one lesson which we have already learnt from a Famous movie SpiderMan, that is 'With greater power there comes greater responsibility...'. So I urge you not to use such tools for negative purposes. 






    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    BackBox Linux 3 Released! To Perform Penetration Tests & Security Assessments

    Posted by Avik Sarkar On 10/26/2012 05:58:00 am

    BackBox Linux 3 Released! To Perform Penetration Tests & Security Assessments

    In past we have discussed many times about BackBox, which is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment. Its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. Now a days along with  BackTrack this Ubuntu based penetration testing distribution has became very popular in hacker communities, even several penetration testers also using BackBox. Like other popular Pen testing distro, BackBox also get updated periodically. This time BackBox developer team has announced a major release BackBox Linux, version 3.0. The major release include features such as the new Linux Kernel 3.2 flower and Xfce 4.8. Apart from the system major upgrade, all auditing tools are up to date as well. 

    What's new:- 
    • System upgrade
    • Bug corrections
    • Performance boost
    • Improved start menu
    • Improved Wi-Fi dirvers (compat-wireless aircrack patched)
    • New and updated hacking tools
    System requirements:- 
    • 32-bit or 64-bit processor
    • 512 MB of system memory (RAM)
    • 4.4 GB of disk space for installation
    • Graphics card capable of 800×600 resolution
    • DVD-ROM drive or USB port
    To Download BackBox Linux Version 3.0 Click Here





    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

    Posted by Avik Sarkar On 10/13/2012 01:26:00 am


    THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

    German hackers group, widely known as THC -The Hacker's Choice released an comprehensive attack toolkit for the IPv6 protocol suite named 'THC-IPv6 Attack Toolkit'. THC is the first group who is releasing such attacking tool for IPv6 protocol. According to the release note this is  a complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. 

    Features at a Glance:- 
    • parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
    • alive6: an effective alive scanng, which will detect all systems listening to this address
    • dnsdict6: parallized dns ipv6 dictionary bruteforcer
    • fake_router6: announce yourself as a router on the network, with the highest priority
    • redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
    • toobig6: mtu decreaser with the same intelligence as redir6
    • detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
    • dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
    • trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
    • flood_router6: flood a target with random router advertisements
    • flood_advertise6: flood a target with random neighbor advertisements
    • exploit6: known ipv6 vulnerabilities to test against a target
    • denial6: a collection of denial-of-service tests againsts a target
    • fuzz_ip6: fuzzer for ipv6
    • implementation6: performs various implementation checks on ipv6
    • implementation6d: listen daemon for implementation6 to check behind a fw
    • fake_mld6: announce yourself in a multicast group of your choice on the net
    • fake_mld26: same but for MLDv2
    • fake_mldrouter6: fake MLD router messages
    • fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
    • fake_advertiser6: announce yourself on the network
    • smurf6: local smurfer
    • rsmurf6: remote smurfer, known to work only against linux at the moment
    • sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice.
    • thcping6: sends a hand crafted ping6 packet [and about 25 more tools for you to discover]
    For detailed information about the usage, library interface & so on click here. To Download THC-IPv6 Attack Toolkit Click Here (Linux Only). For those who are hearing the name THC first time, we want to give you reminder that before this tool, this German hackers group published few other hack tools like Hydra (Fastest Login Cracker), THC SSL Dos and so on. 






    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Nessus 5.0.2 Vulnerability Scanner Released & Available For Download

    Posted by Avik Sarkar On 10/11/2012 03:51:00 am

    Nessus 5.0.2 Vulnerability Scanner Released & Available For Download 

    Earlier we have discussed several times about Nessus, a proprietary comprehensive vulnerability scanning tool. After almost six months, yet again Tenable Network Security officially announced the availability of Nessus 5.0.2. According to surveys done by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey. Tenable estimates that it is used by over 75,000 organizations worldwide. This update is largely a bugfix release, however a new build for Solaris 10 is now available. The major issues addressed in 5.0.2 include enhanced support for UTF8 encoding problems in reports and the detection of network congestion errors during scans more conservatively. 

    Official Change Log for Nessus 5.0.2:- 
    • UTF8 encoding problems would sometimes cause the generation of reports to fail 
    • Fixed a case where generating some compliance checks reports would cause the scanner to hang, using 100% of the CPU 
    • Resolved a resource leak issue occurring when a large number of different users are connected at the same time 
    • Network congestion errors are now detected more conservatively 
    • Upgraded libxml2, libxslt, openssl to their newest versions 
    • Some nessusd.rules directives were not honored by the port scanners 
    • Solaris 10 build
    Other fixes:-
    • Smarter max_hosts and global.max_hosts defaults
    • Added support for named virtual hosts for IPv6
    • Fixed a memory leak when mixing IPv4 and IPv6 targets
    • Fixed the systemd control script (Fedora 16)
    • Fixed a crash in nessus-mkcert on the command-line (Win32)
    • Fixed a crash in localtime(), when passed an invalid argument (Win32)
    • Fixed scratchpad_query() to allow NULL arguments
    • PSSDK fix (Win32)

    To Download Nessus 5.0.2 Click Here



    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

    Posted by Avik Sarkar On 9/23/2012 12:05:00 am

    Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released


    Social Engineer Toolkit also known as SET gets another update. Now we have Social Engineer Toolkit version 4.0 codename “Balls of Steel” is officially available for public consumption. In his official blog; Trusted Sec, the developper of SET has claimed that this version of SET is the most advanced toolkit till today. This version is the collection of several months of development and over 50 new features and a number of enhancements, improvements, rewrites, and bug fixes
    Lets talk about some highlights and the new major features of SET 4.0- the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. All of the payloads have been heavily encrypted with a number of heavy anti-debugging tools put in place. PyInjector is now available on the Java Applet attack natively and deploys shellcode automatically through a byte compiled executable. The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder). A new teensy payload has been added from the Offensive-Security crew – the auto-correcting attack vector with DIP switch and SDcard “Peensy”. The web cloner has been completely rewritten in native python removing the dependency for wget. The new IE zero day has been included in the Metasploit Web Attack Vector. The Java Repeater and Java Redirection has been rewritten to be more reliable. Obfuscation added to randomized droppers including OSX and Linux payloads.

    Full Changelog of The Social-Engineer Toolkit (SET) 4.0:- 

    •  Added a new attack vector to SET called the Dell Drac attack vector under the Fast-Track menu.
    •  Optimized the new attack vector into SET with standard core libraries
    •  Added the source code for pyinjector to the set payloads
    •  Added an optimized and obfuscated binary for pyinjector to the set payloads
    •  Restructured menu systems to support new pyinjector payload for Java Applet Attack
    •  Added new option to SET Java Applet – PyInjector – injects shellcode straight into memory through a byte compiled python executable. Does not require python to be installed on victim
    •  Added base64 encoded to the parameters passed in shellcodexec and pyInjector
    •  Added base64 decode routine in Java Applet using sun.misc.BASE64Decoder – native base64 decoding in Java is the suck
    •  Java Applet redirect has been fixed – was a bug in how dynamic config files were changed
    •  Fixed the UNC embed to work when the flag is set properly in the config file
    •  Fixed the Java Repeater which would not work even if toggled on within the config file
    •  Fixed an operand error when selecting high payloads, it would cause a non harmful error and an additional delay when selecting certain payloads in Java Applet
    •  Added anti-debugging protection to pyinjector
    •  Added anti-debugging protection to SET interactive shell
    •  Added anti-debugging protection to Shellcodeexec
    •  Added virtual entry points and virtualized PE files to pyinjector
    •  Added virtual entry points and virtualized PE files to SET interactive shell
    •  Added virtual entry points and virtualized PE files to Shellcodeexec
    •  Added better obfsucation per generation on SET interactive shell and pyinjector
    •  Redesigned Java Applet which adds heavily obfsucated methods for deploying
    •  Removed Java Applet source code from being public – since redesign of applet, there are techniques used to obfuscate each time that are dynamic, better shelf life for applet
    •  Added a new config option to allow you to select the payloads for the powershell injection attack. By specifying the config options allows you to customize what payload gets delivered via the powershell shellcode injection attack
    •  Added double base64 encoding to make it more fun and better obfuscation per generation
    •  Added update_config() each time SET is loaded, will ensure that all of the updates are always present and in place when launching the toolkit
    •  Rewrote large portions of the Java Applet to be dynamic in nature and place a number of non descriptive things into place
    •  Added better stability to the Java Applet attack, note that the delay between execution is a couple seconds based on the obfuscation techniques in place
    •  Completely obfsucated the MAC and Linux binaries and generate a random name each time for deployment
    •  Fixed a bug that would cause custom imported executables to not always import correctly
    •  Fixed a bug that would cause a number above 16 to throw an invalid options error
    •  Added better cleanup routines for when SET starts to remove old cached information and files
    •  Fixed a bug that caused issues when deploy binaries was turned to off, would cause iterative loop for powershell and crash IE
    •  Centralized more routines into set.options – this will be where all configuration options reside eventually
    •  Added better stability when the Java Applet Repeater is loaded, the page will load properly then execute the applet.
    •  The site cloner has been completely redesigned to use urllib2 instead of wget, long time coming
    •  The cloner file has been cleaned up from a code perspective and efficiency
    •  Added better request handling with the new urllib2 modules for the website cloning
    •  Added user agent string configuration within the SET config and the new urllib2 fetching method
    •  Added a pause when generating Teensy payloads
    •  Added the Offensive-Security “Peensy” multi-attack vector for the Teensy attacks
    •  Added the Microsoft Internet Explorer execCommand Use-After-Free Vulnerability from Metasploit into the Metasploit Browser Exploits Attack vectors
    •  Fixed a bug in cleanup_routine that would cause the metasploit browser exploits to not function properly
    •  Fixed a bug that caused the X10 sniffer and jammer to throw an exceptions if the folder already existed



    To Download The Social-Engineer Toolkit (SET) 4.0 Click Here



    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Fbpwn Version 2.0 Released (Java Based Facebook Social Engineering Framework) Twitter pwn added

    Posted by Avik Sarkar On 9/13/2012 11:56:00 pm

    Fbpwn Version 2.0 Released (A cross-platform Java based Facebook social engineering framework) Twitter pwn added

    Earlier we have discussed about Fbpwn. Now the time has come to update the version as the author - Hussein El Motayam has going to release version 2.0 of Fbpwn -A cross-platform Java based Facebook social engineering framework developed by Team Motayam. The most notable thing of this version is that the author has added 'Twitter pwn' that means you can now also extract Twitter information using Fbpwn Version 2.0. 

    Bug Fix in Beta - 2.0
    • Fixed all Login issues
    • Added a new module: Dictionary builder
    • Added a new module: Close friends finder
    • Added an option to group dumped information by victim's ID
    • Use FBPwn through proxy

    Fbpwn 2.0 is Capable of:
    • Dump friend list
    • Add all victim friends
    • Dump all users album pictures
    • Dump profile information
    • Dump photos
    • Check friends request
    • Dump victim wall
    • Clone the profiles

    FBPwn modules are:

    AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.

    ProfileCloner: A list of all bob's friends is displayed, you choose one of them (we'll call him andy). FBPwn will change mallory's display picture, and basic info to match andy's. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andy's account, but probably it would be too late as all his info are already saved for offline checking by mallory.

    CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.

    DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.

    DumpImages: Accessable images (tagged and albums) are saved for offline viewing including comments under each image and album names. Same limitations of dump friends applies.

    DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.

    DumpWall: Dumps wall posts for offline viewing. Same limitations of dump friends applies.

    DictionaryBuilder: Builds a dictionary using words from comments under photos and wall posts.

    CloseFriendsFinder: Finds the victim's close circle of friends by counting number of comments,likes and tags under photos and wall posts with the ability to change the weights of the ranking criteria.


    To Download Fbpwn Version 2.0 Click Here (Disclaimer- Use this tool at your own risk)




    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    OllyDbg 2.01 Beta 2 Released! (x86 Debugger For Microsoft Windows)

    Posted by Avik Sarkar On 8/23/2012 02:53:00 pm

    OllyDbg 2.01 Beta 2 Released! (x86 Debugger For Microsoft Windows)

    The author, Oleh Yuschuk (also known as Olly), of widely used assembler level debugger 'OllyDbg' has released the Beta 2 version of OllyDbg 2.01. As you all know OllyDbg itself is hardly changed, only minor improvements (like correct reaction on MOV SS,anything; PUSHF or disassembling of JE vs. JZ  etc. depending on the preceding comparison). More important, the developer have removed the nasty crashes that happened on some computers while invoking menu, or pressing ALT, or on similar harmless actions. Last year August got the Alpha 4 of OllyDbg 2.01 since then we have not seen nay upgrades or improvements, so after one year this release includes some of major upgrades and fixes several bugs. Plugin interface is slightly extended. Plugin API includes more than 500 functions, structures and variables. Of these, I have described less than 100, so you will frequently encounter 404 while browsing the help data. But all APIs used by Bookmarks plugin are fully documentedI would also like to describe briefly for those who are not familiar with debugger- OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. In many cases reverse engineers preferred OllyDbg, even this tool is widely used by underground communities for making crack of popular software & games. 


    To Download OllyDbg 2.01 beta 2 Click Here






    SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

    Related Posts Plugin for WordPress, Blogger...

    Site search