|
SQLMap for automated SQLInjection |
|
Written by Administrator
|
|
Friday, 15 February 2008 |
SQLMap is a python script written for penetration testers that allows you to automate the exploitation of SQL injection vulnerabilities. It is able to enumerate and dump database names, users, passwords (MySQL), database schema, and even database contents using BlindSQL injection.
The tool is available at sourceforge:
http://sqlmap.sourceforge.net/
Check back soon for a demo of SQLMap in action! |
|
|
zxarps - Chinese Hacking Tool |
|
Written by Administrator
|
|
Wednesday, 21 November 2007 |
|
 | The only english reference I could find for this tool was a McAfee Post. Apparently and not surprisingly, the tool is packaged with a trojan. I had a chinese friend of mine take a look at the tool and translate what he found on a few websites in regards to its useage. If you're looking to play with it for pentesting purposes be sure to install WinPcap on the machine as it is required. You can download the tool (at your own rish) here:
MD5 CHECKSUM:
f1fe2a7bebc4143ed939e5418202c656 zxarps.rar You can grab winpcap here
MD5 CHECKSUM:
2b8f5a693275102ae1d48fc138685c80 WinPcap_4_0_2.exe | | | |
[-------------------------------------------] ---------- Forwarded message ----------
Date: Nov 19, 2007 10:30 PM
Subject: zxarps tool usage
To: XXXXXXXXXXXXXXX
Jeremy,
It take me an hour to translate the tool usage to English. It is an
interesting sniffing and spoofing tool. The bad thing is the tool did
not work in my VMware.
Enjoy
XXXXX zxarps usage:-idx: network adaptive index number
-ip <ip_range>: seperate by ","
-sethost <ip>: default is gateway, can set another host
-port <port>: sniffed ports, commar seperated, sniff all ports in case
of no gateway
-reset: restore target host arp table
-hostname: hostname get during sniffing
-logfilter <filter>: start with "+", "-" or "_", seperate by commar,
mutiple conditions seperate with "|"
"+": packet with keyword will be written to log file
"-": packet with keyword will not be written to log file
"_": packet with keyword and at least has one condition exist will
be written to log file
-save_a: packet saved as ascii format
-save_h: packet saved as hex format
-hacksiet <ip>: the site will be insert code to
-insert <html_code>: the code will be inserted
-postfix <string>: postfix will be checked, only for HTTP/1.1 302
-hackURL <url>: the new URL will be changed to for above condition matching
-filename <name>: new file name in the above URL link
-hackdns <string>: DNS spoofing, only change DNS packet, seperate by commar
format: <domain>|<ip>,<domain2>|<ip2>
-interval <ms>: spoofing interval
-spoofmode <1|2|3>: spoof packet to attacker host, target: 1 for
gateway, 2 for target host, 3 for both
-speed <kb>: network band limitation
...
...
[SEE MAIN FOR MORE INFORMATION AND EXAMPLES]
|
|
Last Updated ( Wednesday, 21 November 2007 )
|
|
Read more...
|
|
|
Welcome to engineeringReversed |
|
Written by Web Master
|
|
Saturday, 12 June 2004 |
|
Welcome to engineeringReversed.com. I use this site as a repository for projects I am working on currently and an archive for things I've done in the past. I've moved from WordPress to a full-fledged CMS with grand hopesd of keeping the content fresh and updated. HA. |
|
Last Updated ( Wednesday, 21 November 2007 )
|
|
Read more...
|
|
|
|
