Mozilla Firefox 3.6.12 Remote Denial Of Service - Dated 2010-11-12

New vulnerability has been exposed in the  updated version of the Mozilla Firefox browser by the people behind BackTrack Live pentesting operating system. This OS is most preferred among security professionals.

FIRESHEEP - new cookie sniffing hack!

Firefox users now have a new & easier point & click tool to sniff others cookies. It's somewhat easier to implement than sidejacking. Firesheep created a frenzy in social network & email users communities some days ago.

Bugmenot.com -- Bypass registration!

While surfing the net, the inevitable process of registration & the confirming the email might render you bored & jaded. Here is an easy way to avoid it. Enter the url -> http://www.bugmenot.com/ & search the site for used logins for the site you want to surf.

Sending SMS to a mobile no. at a scheduled time (only for India)!

In case you want to send a SMS to a person at a given time (in India) than try this site http://sms7.in. The service is particularly useful when you may be busy at the point of time you want to send the SMS to recipient. Like in case you want to send a "Happy Birthday!" message to a friend at 12'oclock at night but you decided to sleep before 12. At such cases, this site comes at your rescue.

Access internet through email!

At times when your internet connection is slow or you have access to email & no access to the internet from ISP. Still you can access web sites through your email.
The http://www.web2pdfconvert.com/ comes handy. It's a useful site which converts your requested page to pdf & mails back.
So to use the service simple send a mail to submit@web2pdfconvert.com with the body

. The site will send you back the pdf of the page within minutes.   

USBsploit 0.3b : USB Backdoor Generator

USBsploit 0.3b is a proof of concept to generate backdoors & transferring files remotely using autorun files.
It can perform these tasks:

• generate reverse TCP backdoors
• running Autorun or LNK USB infections
• dumping all USB files remotely on multiple targets at the same time.

Damn Vulnerable Web App : Learn & Test Web Security.

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit, aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Microsoft SQL Server Fingerprinting Tools

 SQL Server fingerprinting is an essential step before performing any kind of penetration testing on database servers. There are two well known tools for Microsoft SQL Server Fingerprinting.

• SQLping
• SQLver
• ESF exploit next generation sql fingerprint

SQLPing 3.0 performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLPing 3.0 is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v2.0 Required. 
 
 SQLVer has been built to utilise the same techniques as SQLPing.NET 1.3 beta, however, does not actually use a UDP packet sent to port 1434 packet to enumerate the MS SQL server version info. This tool in fact uses TCP port 1433 instead.

ESF is a modern tool, it help identifying granular level findings to further exploit database. ESF works for these versions:

1. Microsoft SQL Server 2000
2. Microsoft SQL Server 2005
3. Microsoft SQL Server 2008

 
The strengths of Exploit Next Generation SQL Fingerprint are:

1.  uses both TCP and UDP protocols
2. capable to identify multiple Microsoft SQL Server instances and their TCP communication ports.
3. does not require any authentication method to identify the Microsoft SQL Server version.
4. uses probabilistic algorithm to identify the Microsoft SQL Server version, combining both TCP and UDP fingerprint.

BAT to EXE converter!

Executing a bat file may raise alarm when executed in a victims system. In order to have a stealth execution when can convert the bat or cmd file into exe file. which will execute like any other software. Convert bat to exe file by using Advanced Bat To Exe converter which works on all Windows version including Windows 7.

Hide your files in jpeg File without any Software!

This is quite an old trick but still works fine. Its a type of stenography technique where we try to hide a file inside another file.    
You will only need to download WinRAR & install it.