It can perform these tasks:
- generate reverse TCP backdoors
- running Autorun or LNK USB infections
- dumping all USB files remotely on multiple targets at the same time.
Saturday, October 30, 2010
USBsploit 0.3b : USB Backdoor Generator
USBsploit 0.3b is a proof of concept to generate backdoors & transferring files remotely using autorun files.
It can perform these tasks:
It can perform these tasks:
Friday, October 29, 2010
Damn Vulnerable Web App : Learn & Test Web Security.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit, aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Sunday, October 10, 2010
Microsoft SQL Server Fingerprinting Tools
SQL Server fingerprinting is an essential step before performing any kind of penetration testing on database servers. There are two well known tools for Microsoft SQL Server Fingerprinting.
SQLPing 3.0 performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLPing 3.0 is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v2.0 Required.
SQLVer has been built to utilise the same techniques as SQLPing.NET 1.3 beta, however, does not actually use a UDP packet sent to port 1434 packet to enumerate the MS SQL server version info. This tool in fact uses TCP port 1433 instead.
ESF is a modern tool, it help identifying granular level findings to further exploit database. ESF works for these versions:
The strengths of Exploit Next Generation SQL Fingerprint are:
SQLPing 3.0 performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLPing 3.0 is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v2.0 Required.
SQLVer has been built to utilise the same techniques as SQLPing.NET 1.3 beta, however, does not actually use a UDP packet sent to port 1434 packet to enumerate the MS SQL server version info. This tool in fact uses TCP port 1433 instead.
ESF is a modern tool, it help identifying granular level findings to further exploit database. ESF works for these versions:
- Microsoft SQL Server 2000
- Microsoft SQL Server 2005
- Microsoft SQL Server 2008
The strengths of Exploit Next Generation SQL Fingerprint are:
- uses both TCP and UDP protocols
- capable to identify multiple Microsoft SQL Server instances and their TCP communication ports.
- does not require any authentication method to identify the Microsoft SQL Server version.
- uses probabilistic algorithm to identify the Microsoft SQL Server version, combining both TCP and UDP fingerprint.
Subscribe to:
Posts (Atom)