Friday, September 12, 2008

Google Chrome (BETA) for Windows

Google Chrome (BETA) for Windows
Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.

Google says Chrome will provide more speed, stability and security for Web users, and combined with Google Gears, which allows users to take Web-based applications offline.

Chrome also is fuelling talk about where Google itself is headed. Some say Google's effort may be as much proof-of-concept as future product in terms of showing Microsoft, Mozilla, Apple and others what can be done, and prodding them to upgrade their own browser software.

Still others believe there will eventually be a showdown with Microsoft and a Google end-run at building an enterprise computing business. Clearly Chrome could not have been timed better to coincide with Microsoft's Beta 2 release of Internet Explorer 8, a juxtaposition that Google explained as a inadvertent leak of a comic book trumpeting the browser's virtues.

"Google has generated a lot of excitement," says Forrester analyst Sheri McLeish." But it is a beta and from an enterprise perspective it is not ready for serious consideration as a replacement for IE."

Download Google Chrome

IPNetInfo v1.16 - Retrieves IP Address Information

IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.

This utility can be very useful for finding the origin of unsolicited mail. You can simply copy the message headers from your email software and paste them into IPNetInfo utility. IPNetInfo automatically extracts all IP addresses from the message headers, and displays the information about these IP addresses.

How does it work ?

The IP address information is retrieved by sending a request to the whois server of ARIN. If ARIN doesn't maintain the information about the requested IP address, a second request is sent to the whois server of RIPE, APNIC, LACNIC or AfriNIC.
After the IP address information is retrieved, IPNetInfo analyzes the Whois record and displays it in a table.

Wednesday, September 10, 2008

Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

if web applications are not secure, then your entire database of sensitive information is at serious risk. Why?

  • Websites and related web applications must be available 24 x 7 to provide the required service to customers, employees, suppliers and other stakeholders
  • Firewalls and SSL provide no protection against web application hacking, simply because access to the website has to be made public
  • Web applications often have direct access to backend data such as customer databases and, hence, control valuable data and are much more difficult to secure
  • Custom applications are more susceptible to attack because they involve a lesser degree of testing than off-the-shelf software
  • Hackers prefer gaining access to the sensitive data because of the immense pay-offs in selling the data.


Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

You can download Zenmap (often packaged with Nmap itself) from the Nmap download page. Zenmap is quite intuitive, but you can learn more about using it from the Zenmap User's Guide or check out the Zenmap man page for some quick reference information. 

Thursday, September 4, 2008

John the Ripper

John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find

Wednesday, September 3, 2008

Preventing SQL Injection Attacks

Keep your code secure against intruders. In this article we provide examples of SQL injection attacks and how you can write code to prevent them. Stop people from getting information from your database.

In a previous article we provided some examples of how intruders will try to attack your site using Cross-site Scripting (XSS) attacks. In an XSS attack, the attacker tries to use client-side methods of injecting client-side script and then high-jacking a user's session. Now, we're going to provide some examples of a server-side attack where an intruder will try to obtain information from within your database. After the examples, we will go through methods of securing your code against these types of attacks.

SQL injection attacks take advantage of code that does not filter input that is being entered directly into a form. Susceptible applications are applications that take direct user input and then generate dynamic SQL that is executed via back-end code. For example say you have a logon form that accepts a user name and password. Once authenticated against the database, the application then sets a session value, or some other token for allowing the user to access the protected data.

Take a logon form for example, here you have two basic form elements, a textbox for accepting a user name, and a password box for the password.

Then in the code behind:

Dim SQL As String = "SELECT Count(*) FROM Users WHERE UserName = '" & _
username.text & "' AND Password = '" & password.text & "'"
Dim thisCommand As SQLCommand = New SQLCommand(SQL, Connection)
Dim thisCount As Integer = thisCommand.ExecuteScalar()

In the previous code block it executes the built SQL script directly, if count is greater than one, then you know the values entered in for the user name and password were the ones matching the database.

Now with that code in the previous example, suppose someone entered the following string into your username text box:

' or 0=0 --

The apostrophe will close the username value being sent to the SQL query, then pass another argument to the SQL query, after the last argument it then comments out the rest of the query using the "--". Since the second argument they entered into your texbox is an "or" statement, the first check on the user name doesn't matter, and since 0 is always going to equal 0 the script will execute successfully and return a positive logon. Guess what? Your intruder now has access to your application.

Ok so maybe they can logon into your application, but what else can they do? Let's take another example of SQL injection, as in the previous example of using the apostrophe to terminate the value, and proceed on to another argument, lets do this, but using something that can really ruin your application's data and day:

'; drop table users --

Definitely something that can ruin your day. Of course this type of an attack you'll probably notice pretty quick. Other SQL commands can then be entered to determine your database's structure, and return all user names and passwords from the database. You make it even easier for the attacker if you do not provide some ambiguous error message and provide the error message returned from .NET. This error message can provide critical information they need to determine what to enter in your form in order to obtain information.

SQL Injection Prevention

One method of preventing SQL injection is to avoid the use of dynamically generated SQL in your code. By using parameterized queries and stored procedures, you then make it impossible for SQL injection to occur against your application. For example, the previous SQL query could have been done in the following way in order to avoid the attack demonstrated in the example:

Dim thisCommand As SQLCommand = New SQLCommand("SELECT Count(*) " & _
"FROM Users WHERE UserName = @username AND Password = @password", Connection)
thisCommand.Parameters.Add ("@username", SqlDbType.VarChar).Value = username
thisCommand.Parameters.Add ("@password", SqlDbType.VarChar).Value = password
Dim thisCount As Integer = thisCommand.ExecuteScalar()

By passing parameters you avoid many types of SQL injection attacks, and even better method of securing your database access is to use stored procedures. Stored procedures can secure your database by restricting objects within the database to specific accounts, and permitting the accounts to just execute stored procedures. Your code then does all database access using this one account that only has access to execute stored procedures. You do not provide this account any other permissions, such as write, which would allow an attacker to enter in SQL statement to executed against your database. Any interaction to your database would have to be done using a stored procedure which you wrote and is in the database itself, which is usually inaccessible to a perimeter network or DMZ.

So if you wanted to do the authentication via a stored procedure, it may look like the following:

Dim thisCommand As SQLCommand = New SqlCommand ("proc_CheckLogon", Connection)
thisCommand.CommandType = CommandType.StoredProcedure
thisCommand.Parameters.Add ("@username", SqlDbType.VarChar).Value = username
thisCommand.Parameters.Add ("@password", SqlDbType.VarChar).Value = password
thisCommand.Parameters.Add ("@return", SqlDbType.Int).Direction = ParameterDirection.ReturnValue
Dim thisCount As Integer = thisCommand.ExecuteScalar()

Finally, ensure you provide very little information to the user when an error does occur. If there is database access failure, make sure you don't dump out the entire error message. Always try to provide the least amount of information possible to the users. Besides, do you want them to start helping you to debug your code? If not, why provide them with debugging information?

By following these tips for your database access you're on your way to preventing unwanted eyes from viewing your data.

By: Patrick Santry, Microsoft MVP (ASP/ASP.NET), developer of this site, author of books on Web technologies, and member of the DotNetNuke core development team. If you're interested in the services provided by Patrick, visit his company Website at

Tuesday, September 2, 2008

Crack Windows Password With Back|track

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

It's evolved from the merge of the two wide spread distributions - Whax and Auditor Security Collection. By joining forces and replacing these distributions, BackTrack has gained massive popularity and was voted in 2006 as the #1 Security Live Distribution by Security professionals as well as new comers are using BackTrack as their favorite toolset all over the globe.

BackTrack has a long history and was based on many different linux distributions until it is now based on a Slackware linux distribution and the corresponding live-CD scripts by Tomas M. ( . Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a neat and ready-to-go environment.

After coming into a stable development procedure during the last releases and consolidating feedbacks and addition, the team was focused to support more and newer hardware as well as provide more flexibility and modularity by restructuring the build and maintenance processes. With the current version, most applications are built as individual modules which help to speed up the maintenance releases and fixes.

Because Metasploit is one of the key tools for most analysts it is tightly integrated into BackTrack and both projects collaborate together to always provide an on-the-edge implementation of Metasploit within the BackTrack CD-Rom images or the upcoming distributed and maintained virtualization images (like VMWare images appliances).

Being superior while staying easy to use is key to a good security live cd. We took things a step further and aligned BackTrack to penetration testing methodologies and assessment frameworks (ISSAF and OSSTMM). This will help our professional users during their daily reporting nightmares.

Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished. New technologies and testing techniques are merged into BackTrack as soon as possible to keep it up-to-date From : Remote-Exploit.

Now we Crack Windows Password With Back|track.

Step one boot with cd backtrack and login:

User : root
Password : toor

and open terminal with command :

bt~# mount

this command for check windows partation.. backtrack can read windows partation or not

and now look line 5 [ /dev/hda1 on /mnt/hda1 type ntfs (ro, noatime) ]
the meaning is, partation NTFS has been mount to directory /mnt/hda1 and now we cant acces windows file
with backtrack. this partation has mount with acces "read only" [ro] the meaning...we cannot change or
write in this directory.

and now we acces password windows directory [ \WINDOWS\system32\config\ ]

bt~# ls -l /mnt/hda1/WINDOWS/system32/config/sam

and now our mission to got syskey! for got this syskey we can use bkhive program.
bt~# bkhive /mnt/hda1/WINDOWS/system32/config/system my_syskey

bt~# ls -l

windows has put password in sam file....this password has been encrypt with windows system
and now we try to got hash from windows sam file
what program we use? we can use "samdump2"....this program has been packed in backtrack

bt~# samdump2 /mnt/hda1/WINDOWS/system32/config/sam my_syskey

look this screen shot.... we got the hash value from windows password...
and we must crack again with program ophcrack aor john the Ripper.. on this case im use a john the Ripper for cracking :)

first we must save the password hash to txt file.. with command:

bt~# samdump2 /mnt/hda1/WINDOWS/system32/config/sam my_syskey > hash.txt

bt~# ls -l

and now has save the hash in txt file with name "hash.txt"

Now John the Ripper ready to cracking...

bt~# /pentest/password/Jhon-1.7.2/run/John hash.txt

bt~# /pentest/password/Jhon-1.7.2/run/John.pot

oops the password found [ POTONGAN ]... but i dont understand why John the Ripper separated
the end alphabet [ N ]

but we can show the password again with command:

bt~# /pentest/password/Jhon-1.7.2/run/John --show hash.txt

done...happy cracking :) and sorry about my bad engglish !


Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Powered by TadPole