Error: Twitter did not respond. Please wait a few minutes and refresh this page.
Des bits d'information qui enrichissent votre quotidien!
Google hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google. With Google Hack Database tool you can find out if your website has indexed vulnerabilities in Google.
So be sure to scan your public facing web applications frequently and eliminate all vulnerabilities!
Features of the Google Hack DB tool:
These tool is really fast and will help to eliminate most of the known vulnerabilities that web application developers tend to do easily , simply and most important fast and accurate.
Download Google Hack Database Tool v1.0 here
Source : Pentestit
The Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool that that has been available and actively updated for over 10 years, based on the SATAN model, it Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more. It is updated twice a month to address the latest threats :
1-Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’.
2-Integrates the National Vulnerability Database (NVD).
3-Performs SQL injection tests.
4-Performs exhaustive XSS tests.
5-Can adapt to many firewalled environments.
6-Support remote self scan and API facilities.
7-Used for CIS benchmark initiatives.
8-Plug-in facility for third party apps.
9-CVE standards support.
10-Enterprise search module.
11-Standalone or daemon mode.
12Free-use open SATAN oriented license.
To Download it : SARA
Source : packetstormsecurity.org
Il est possible de débloquer les différents modèles du modem huawei cités ci-dessous pour utiliser n’importe quelle carte 3G facilement et gratuitement.
les modems concernés :
Huawei E1550 Kyivstar
Huawei E156 / E156B / E156C / E156G
Huawei E160 / E160G / E160X
Huawei E166 / E166G
Huawei E169 / E169G
A vos clicks:
1- Télécharger HUAWEI CODE WRITER qui va vous permettre de débloquer le modem et d’écrire le code de déblockage sur le modem.
L’extension du ficheir est .jpg, car wordpress ne permet pas d’uploader des fichiers de type .rar ou .exe, telecharger le et changer l’extension en .rar.
Si vous avez des problemes pour le telecherger, penser a clicker dessus avec la touche droite de votre sours, et “enregister la cible du lien sous”.
2- branchez votre Modem et exécutez HUAWEI CODE WRITER.
3- Cliquer sur “Please select Com Port” puis sur la fenêtre qui s’affiche cliquez sur “Detect”, selectionnez votre modem puis “Accept”.
4-Votre modem doit être détecte, a cet instant cliquer sur “Unlock Modem”.
5- une fenêtre apparaitra vous demandant le ” Unlock CODE” et en meme temps certaines informations apparaiteront dans le fenetre centrale de l’application.
6- Recuperer le Phone IMEI et qui va nous servir pour calculer le “Unlock Code”.
7- rendez vous sur ce lien http://www.bb5.at/huawei.php?imei=**************** en remplacant les étoiles par le numero IMEI qui vous avez récupéré .
Vous devez avoir une page du genre :
Bored of using the hosting sites like Rapidshare to share a file with a friend especially when he get obliged to wait a long time to download this file?
Ge.tt is a free solution that help you to share you files (Legal files of course!) with you friends using your browser, all you have to do is access the website, load your file & share the link with your friends, whom can retrieve this file directly from your computer.
Few weeks ago before the launch of visitors series on MBC, An ad was broadcasted thought the MBC’s Group channels, with a woman that show up on a white background after losing signal on TV, and said “We Came in Peace!”.; nothing special about that, it’s just an ad!( especially for the V lovers and people whom were waiting for it), but the strange about that is that Aljazeera Tv replies by a report, that said that the MBC channels were hacked by the MOSSAD ( the national intelligence agency of Israel) to show that message and to communicate with Arabian people and to try to change their minds!
Recently another information was broadcasted by the same channel, this time is about Apple and The Iphone.
The Tv report in the video (Arabic only ) aims to prove that the Iphone is used by Apple to spy on the customers and to collect informations about them, their locations and even to use the front and back cameras, the microphone and the sensors to retrieve instant pictures and conversations.
The report is based on apple patent application that describes methods that may enable the iPhone and iPad to “sense” the user, detecting voice prints, faces, activity patterns and even heartbeats. If unauthorised use is detected, then many security measures could be activated.
But what aljazzera missed up is that the informations and data collected aren’t sent to apple but to the owner’s email, to allow him to track his phone, save data remotely or wipe out the device.
Maybe Aljazeera is going to release another rumor with the lunch of HTC Sense 3 which allow the same thing (not totally!), who could know?!?
I’ll show you in this topic how to run NMAP on your Smartphone, and exactly on Android Phone!!!
Nmap is one of the most wanted software used by pentesters, it help to gather informations about ports and services running on a machine, services fingerprinting, detecting Os version… it can run on android too by followind these steps.
First of all you need to download the cross compiled arm nmap from here.
Then connect your phone to your pc and on adb:
adb push nmap.zip /sdcard/nmap.zip
adb shell (following on shell)
cp /sdcard/nmap.zip .
chmod 755 *
After that you can run nmap (nmap -v -iR 5 -PN -p 80 –n) using the terminal emulator like on a normal pc!
The downloaded version is 4.0 if you want to test the 5.30beta1 have a look at this!
After getting my new phone, an android one (The Samsung Spica i5700), I’ve started looking around on how could I use it as to pentest , the first step was to know the possibilities of the beast, so I started gathering some information about the specifications & the possibilities of The spica.
The spica comes with a 800 Mhz processor with a BCM4329 wifi chipset, which not allow the injection mode for the moment, comparing to the Apple iphone or The N900.
I forgot about the The injection mode to focus on metasploit!,
Metasploit needs to be fully ported to jRuby before it will run on the Android platform.actually We can use it and it can run on android devices offring some Basic operations (Reverse connect shells, meterpreter, etc still don’t work.) but it crashes a lot! HD Moore and his stuff are making serious progress above and maybe we will have a fully ported MSF with the release of the 3.5 metasploit Framework.
Browsing the android market, i found some interesting apps like the Netscan and the Network Discovery wich allows to discover host connected trought the network and get some basic informations like ips,mac addresses, masks… Wifiscanner can help too, to get information about Wifi network and their encryption, and Port scandroid can scan ports but it’s nothing comparing to the Nmap which is avaible and compatible with android (Fully Ported!)
Other tools like ConnectBot(SSh Client) or RemoteVnc are avaible for free on the market.
Pentesting with Android still in his first stages comparing to the iphone and N900, that offers a complete set of fully working pentesting tools that run smoothly; but the high speed growing of the google mobile Os and the next release of android for x86 architecture will offer some interesting stuffs in the near future, and maybe , we gonna witness the birth of a fully compatible pentesting framework on Android.
But for those who don’t want to wait, they can use their android devices without android OS to pentest, by emulating a linux operating system!
How could you do this?!? Stay tuned on moroccangeek and you’ll get the full article Soon!
I was looking around for some stuffs about pentesting and I found an excellent article talking about how to get hired as a pentester.
Being a good (Perfect!) pentester doesn’t mean to just be able to run some tools, exploit some systems, and charge the client, but a good Pentester should have certain criteria and methodology of work and some fluency in communication and listening skills, to explain the problems and recommendations and be understood by the clients.
Master the tools and principles of testing is important, but understanding their approaches and methodologies is paramount, by having perfect knowledge of the OSSTMM (Open Source Security Testing Methodology Manual), the OWASP (Open Web Application Security Project), ISSAF (Information Systems Security Assessment Framework) and the guidelines on Network Security Testing by NIST.
Regarding certifications (CEH, CISM, CISA, MCSE, CCNA, CWNP …), they are not mandatory but favorable and desirable.
In addition to the technical side, the tester will have to meet clients and interact with them, with all confidence and with a professional strength of marketing and business, and should especially understand the value of the service he provide to the customer and respect the Non-Disclosure Agreements.
As there are many tools that perform the exact same function, the pentester must have its own customized list of tools that he had gathered and tested.
Two security researchers From “Spider Labs”, have made the demo of a rootkit for Android At the Defcon, which once installed on a phone (either directly or via an application available on android market) allows the attacker to have a full root remote access to the phone. The connection is established by initiating an outgoing TCP connection via 3G or WiFi. The attacker could steal data, or control the phone.
This rootkit was developed in 2 weeks, and has been distributed on DVD to those who attended the conference, and possibly gonna be avaible on internet in the upcoming weeks, pushing the manufacturers to patch their phones and to focus more on their security.