Password Cracker Tool Hashkill version 0.3.1 released

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid).

Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases).

Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU support on Nvidia (compute capability 2.1 cards also supported) and ATI (4xxx, 5xxx and 6xxx).

The latest update includes 9 new plugins: bfunix, drupal7, django256, sha256unix, mssql-2012, o5logon, msoffice-old, msoffice, luks. Of them msoffice-old is currently supported on CPU only, the rest are GPU-accelerated. Improved bitmaps handling in non-salted kernels addded, so that huge hashlists would be cracked at faster speeds. Now Thermal monitoring can now be disabled using -T 0 command-line argument.

Download Hashkill 0.3.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Scylla v1 Penetration Testing Tool - Because there's no patch for human stupidity

When there's no technical vulnerability to exploit, you should try to hack what humans left for you, and believe me, this always works.

Scylla provides all the power of what a real audit, intrusion, exclusion and analysis tool needs, giving the possibility of scanning misconfiguration bugs dynamically. Scylla aims to be a better tool for security auditors, extremely fast, designed based on real scenarios, developed by experienced coders and constructed with actual IT work methods.

The words “Configuration Tracer” are the best definition for Scylla, a tool to help on IT audits. Scylla is a tool to audit different online application protocols and configurations, built over a brute-force core.

This tool acts as a tool for unifying auditing techniques, in other words, it does what oscanner, winfingerprint, Hydra, DirBuster, and other tools do, and also what those tools don't do.


Supported Protocols

• Terminal (Telnet, SSH, telnets)
• FTP (FTPS, FTP, SFTP)
• SMB (Also Windows RPC)
• LDAP
• POP3 (POP3S)
• SMTP (SMTPS)
• IMAP
• MySql
• MSSQL
• Oracle (Database and TNS Listener)
• DB2 (Database and DAS)
• HTTP(HTTPS; Basic AUTH Brute Force, Digest AUTH Brute Force, Form Brute Force, Directory and files Brute Force)
• DNS (DNS snooping)
• Postgres SQL

Basic features:

- User, password list based Brute force

- Multiple hosts support

- Multiple session support

- Nmap integration

- Non-synchronized threads (proof to be a bit faster)

- Ability to restore sessions

- Session auto-saving (based on SQL Server CE)

- Easy to use

- Auto configured options

- Hacker oriented

- Free, and always free

- Database browser (who have hacked a DB and don’t have a DB client to connect to it- And worse if you don’t have internet)

- Open source tool

Download Scylla v1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Android Privacy Guard v1.0.8 - OpenPGP for Android

There's no public key encryption for Android yet, but that's an important feature for many of us. Android Privacy Guard is to manage OpenPGP keys on your phone, use them to encrypt, sign, decrypt emails and files.

Change log v1.0.8

• HKP key server support
• app2sd support
• more pass phrase cache options: 1, 2, 4, 8 hours
• bugfixes

Download Android Privacy Gaurd

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

TCHead - TrueCrypt Password Cracking Tool

TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers (preboot authentication).

Brute-force TrueCrypt : However, TrueCrypt passwords go through many iterations and are strengthened. Cracking them takes time. Very strong passwords will not be cracked. Also, in addition to trying multiple passwords an attacker must try each password against each combination of hash and cipher (assuming they do not know what these are beforehand). System encrypted hard drives use only one hash and cipher, so attacking those is faster.

Testing TCHead: Create a TrueCrypt volume using the default hash and cipher (RIPEMD-160 and AES), set the password to "secret", then run TCHead against it like this and it will decrypt the header (provided that the word "secret" is in the word list)

Command : TCHead -f name_of_volume.tc -P words.txt

Decrypt hidden volumes:

Command : TCHead -f name_of_volume.tc -P words.txt --hidden

Multiple passwords (brute-force): Create or download a list of words in a text file (one word per line) using words that you think are likely to decrypt the header, then run TCHead against it like this. If the correct password is found, the header will be decrypted:

Command : TCHead -f name_of_volume.tc -P words.txt

Download TCHead

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Hashkill-0.3.0-pre2 Released - A password recovery tool

Hashkill is an open-source password recovery tool. Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.

• Multi-threaded so that it can benefit from multi-core/multi-CPU systems
• SSE2/AVX/XOP/AES-NI-accelerated algorithms to achieve high speeds on modern x86 CPUs
• Very powerful rule engine plus optimized bruteforce/markov codepaths for fast algos.
• ~ 40 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to WPA, passworded RAR files and private SSL key passphrases)
• Supports session save/restore. Sessions are auto-saved each 3 seconds. Password cracking can resume after the last checkpoint in case the program is stopped/killed/system crashes/power down/etc.
• Multi-hash support
• Very fast GPU support on both Nvidia and AMD. GCN and Kepler architecture supported.
• Multi-GPU support (even AMD+NVidia systems).
• Session save/restore, markov/rule/bruteforce also on GPUs

Download Hashkill

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Hashcat v0.41 released, Now Support AVX and XOP

A new version of oclHashcat is available. oclHashcat is the GPU accelerated version of Hashcat, a MD5 password cracker. oclHashcat is able to use up to 16 GPUs to achieve its job. oclHashcat is available in two versions: OpenCL (oclHashcat) and CUDA (cudaHashcat). Now also Support AVX and XOP.

Main features of Hashcat:

• Free
• Multi-GPU (up to 16 gpus)
• Multi-Hash (up to 24 million hashes)
• Multi-OS (Linux and Windows native binaries)
• Multi-Platform (OpenCL and CUDA support)
• Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
• Fastest multihash MD5 cracker on NVidia cards
• Fastest multihash MD5 cracker on ATI 5xxx cards
• Supports wordlists (not limited to Brute-Force / Mask-Attack)
• Combines Dictionary-Attack with Mask-Attack to launch a Hybrid-Attack
• Runs very cautious, you can still watch movies or play games while cracking
• Supports pause / resume
• The first and only GPU-based Fingerprint-Attack engine
• Includes hashcats entire rule engine to modify wordlists on start

Changes in v0.14

type: feature
file: host programs
desc: optimized word-generator in -a 3 mode

type: feature
file: host programs
desc: change potfile format to hash:password
cred: m4tr1x

type: feature
file: hashcat-cli
desc: added mode -m 122: OS X v10.4, 10.5, 10.6
cred: radix

type: feature
file: hashcat-cli
desc: added mode -m 1722: OS X v10.7
cred: radix

type: feature
file: hashcat-cli
desc: added mode -m 50: HMAC-MD5 (key = $pass)

type: feature
file: hashcat-cli
desc: added mode -m 60: HMAC-MD5 (key = $salt)

type: feature
file: hashcat-cli
desc: added mode -m 150: HMAC-SHA1 (key = $pass)

type: feature
file: hashcat-cli
desc: added mode -m 160: HMAC-SHA1 (key = $salt)

type: feature
file: hashcat-cli
desc: added mode -m 1450: HMAC-SHA256 (key = $pass)

type: feature
file: hashcat-cli
desc: added mode -m 1460: HMAC-SHA256 (key = $salt)

type: feature
file: hashcat-cli
desc: added mode -m 1750: HMAC-SHA512 (key = $pass)

type: feature
file: hashcat-cli
desc: added mode -m 1760: HMAC-SHA512 (key = $salt)

type: feature
file: hashcat-cli
desc: added mode -m 1731: MSSQL 2012
cred: radix

type: bug
file: hashcat-cli
desc: Fixed a bug when using -e with salted sha256 or sha512
cred: Rub3nCT

Download Hashcat v0.41

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

John Of Yogyafree - GUI For John the Ripper Hash Cracker

John Of yogyafree is a GUI tool for John the Ripper hash cracker, which is a very popular on Linux platforms, Windows, UNIX and others. John Of Yogyafree Allows you to run John the Ripper with a simple way on your Windows and easy to understand.

Usage:

In JohnOfYogyafree.zip, there is johntheripper.zip. extract it to C: \. but if you have installed the john the ripper. you do not need to do this. Extract file JohnOfYogyafree.exe, comdlg32.ocx, VSFLEX3.OCX to the folder you want. Run JohnOfYogyafree.exe

Download John Of Yogyafree

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

ZackAttack - Firesheep NTLM Authentication relaying

It is a new toolkit that helps you with NTLM (NT LAN Manager) security protocol relaying. Not pass the hash kinds, but more on the lines of cross protocol relaying and allow clients to get MS Windows clients to automatically authenticate and relay hashes to via cross protocol relaying.

What is NTLM relaying?

It is a mechanism to relay authentication requests to another target. Interestingly, it does not require an administrative access which means it can be done by any client having no previous access on the network or the system – think a “guest” user! Again with almost all protocols, there is no authentication on the part of the client or the server either – think ARP spoofing.

Though, ZackAttack! is not exactly what it aims to be – FireSheep for NTLM authentication, we know it sure will be soon with the amount of efforts Zack Fasel is putting in.

Components of ZackAttack:

• The Rogue Servers - HTTP and SMB. These get the auth requests and keep recycling them
• The Clients - These connect to target servers and request NTLM creds from the Rogue Servers
• The Rules - Define auto actions to perform upon seeing a user.
• The Payloads - Methods to get users to autoauth with Integrated Windows Auth ergo not prompting the user for auth.

Download ZackAttack

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Safe3 sql injector - Powerful penetration testing tool for SQL Injection

Safe3SI is one of the most powerful and easy usage penetration tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a AI detection engine.

Features

• Full support for http, https website.
• Full support for Basic, Digest, NTLM http authentications.
• Full support for GET, Post, Cookie sql injection.
• Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
• Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
• Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
• Support to enumerate databases, tables, columns and data.
• Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
• Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
• Support to ip domain query,web path guess,md5 crack etc.
• Support for sql injection scan.

Download Safe3 sql injector

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Chapcrack - Tool for Cracking MS-CHAPv2

Chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes. In order to use it, a packet with an MS-CHAPv2 network handshake must be obtained. The tool is used to parse relevant credentials from the handshake. In other words, Chapcrack parses the credential information out of MS-CHAPv2 handshakes, sends to Cloudcracker which in turn will return a packet that can be decrypted by Chapcrack to recover the password.

The resulting file (“token”) is then submitted to CloudCracker, an online password cracking service for penetration testers and network auditors, which returns the cracked MD4 hash in under a day. For each handshake, it outputs the username, known plaintext, two known ciphertexts, and will crack the third DES key. Whats interesting to know is that Cloudcracker forwards your handshake information to a Pico Computing’s DES cracking box, which is powered by a FPGA box that implemented DES as a real pipeline, with one DES operation for each clock cycle. With 40 cores at 450mhz, that’s 18 billion keys/second!

The hash is inserted into chapcrack, and the entire network capture is decrypted. Alternatively, it can be used to login to the user’s VPN service or WPA2 Enterprise radius server. All of this is possible only because of the weak protocol architecture that allows MD4 hash of the user’s password to be authenticated as them, as well as to decrypt any of their traffic.

How to use chapcrack?

• Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
• Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
• Submit the CloudCracker token to www.cloudcracker.com
• Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n )

Download chapcrack

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Cryptohaze 1.31a - Crack hashes with speed of 154 Billion/sec

Bitweasil lead developer going to Demonstrate an open source Tool called "Cryptohaze" at DEF CON 20. The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast what she obtained to pastebin scrapers.

Cryptohaze tools are aimed at providing high quality tools that run on any platform - Windows, Linux, or OS X. The tools run on all platforms that support CUDA or OpenCL (currently Windows, Linux, OS X). If you don't have a GPU - the OpenCL code will run just fine on your host CPU!

The releases are now combined into single releases. As an example, on a list of 10 hashes, the Cryptohaze Multiforcer achieves 390M steps per second on a GTX260/216SP@1.24ghz card. On a list of 1.4 million hashes with the same card, performance drops to 380M steps per second. This is the password stepping rate - not the search rate. The search rate is 380M * 1.4M passwords per second!

CHANGELOG:

• Added GTX680 support to the builds.
• Put the right DLL in the Windows build.
• All tools: Build against CUDA 4.2
• Multiforcer: Add IP address cracking scripts
• Multiforcer: Fix issue that could prevent finding all hashes in certain cases

Download Cryptohaze 1.31a

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Quarks PwDump v0.2b Released

Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems. It currently extracts :

• Local accounts NT/LM hashes + history
• Domain accounts NT/LM hashes + history
• Cached domain password
• Bitlocker recovery information (recovery passwords & key packages)
• Supported OS : XP/2003/Vista/7/2008/8

Change log:

• Short command flags are available, check README.txt
• NTDS.dit file could be specified at any position but -nt flag must be used now
• README updated for ntds.dit backup on Win 2003 operating systems

Download Quarks PwDump v0.2b

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Hash Kracker v1.0 - All-in-one Hash Passwaord Recovery Tool

Hash Kracker is our new all-in-one tool to recover the hash password for multiple hash types. Current version supports following popular hash types such as MD5, SHA1, SHA256, SHA384, SHA512.

Most online websites do not directly store the user account password, instead they convert it into one of hash types such as MD5, SHA1, SHA256 and then store it. Same approach is followed by some of the desktop applications.These are one way hash algorithms.

That means you cannot decrypt the hash to get back your original password. In such cases HashKracker can help you to recover your hash password.Hash Kracker uses Dictionary Crack method to keep it simple and easier. However you can use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with Hash Kracker.

Features of Hash Kracker

• Free tool to recover the hash password
• Supports popular hash types such as MD5, SHA1, SHA256, SHA384, SHA512.
• Automatically detects the Hash Type
• Displays detailed statistics during Cracking operation
• Stop the password cracking operation any time.
• Easier and Quicker to use with cool interface.
• Generate Hash Password Recovery report in HTML/XML/TEXT format.
• Fully Portable tool, can run from anywhere.
• Includes Installer for local Installation & Uninstallation.

Installation and Usage Guide 

Download HashKracker

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

AIORemote : Remote Administration Tool (RAT)

RAIORemote is a Remote Administration Tool (RAT) created by uniKornn, it’s purpose is to simply make alot of stuff easier (for those who are too lazy to walk, like me). The operator (client-side) has control over the host (server-side).

Functions:

• Chat – Chat with the user that is currently using the computer.
• Filemanager – Manage all files on all drives of the host, you can also remotly execute (visible or hidden), delete, move, rename and copy files.
• Processmanager – Manage all processes that are active on the computer, you can kill the processes or close their main window. Next to that you also get some information about the process.*
• Host Info – Get various information about the system and user.**
• Script Editor – Create scripts to execute on the host, supported scripts are Visual Basic Script (.vbs) and Batch (.bat, .cmd, [.nt]).
• Remote CMD – A remote Command Prompt, all commands are executed on the host as the Command Prompt is also running on the host.

Download AIORemote

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

John the Ripper 1.7.9-jumbo-6 , adds GPU support in New Release

John the Ripper 1.7.9-jumbo-6 Released earlier today. This is a"Community-enhanced" version, which includes many contributions from JtRcommunity members.

"John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version."

The biggest newthing is integrated GPU support, both CUDA and OpenCL - although for a subset of the hash and non-hash types only, not for all that aresupported on CPU.

Its speeds on Core i7-2600K 3.4 GHz (actually 3.5 GHz due to Turbo Boost) are:

1 thread:
Benchmarking: Traditional DES [128/128 BS AVX-16]... DONE
Many salts: 5802K c/s real, 5861K c/s virtual
Only one salt: 5491K c/s real, 5546K c/s virtual


8 threads (on 4 physical cores):
Benchmarking: Traditional DES [128/128 BS AVX-16]... DONE
Many salts: 22773K c/s real, 2843K c/s virtual
Only one salt: 18284K c/s real, 2291K c/s virtual


1 thread:
Benchmarking: LM DES [128/128 BS AVX-16]... DONE
Raw: 71238K c/s real, 71238K c/s virtual


4 threads:
Benchmarking: LM DES [128/128 BS AVX-16]... DONE
Raw: 108199K c/s real, 27117K c/s virtual

Features Added

• Added optional parallelization of the MD5-based crypt(3) code with OpenMP.
• Added optional parallelization of the bitslice DES code with OpenMP.
• Optimized the DES S-box x86-64 (16-register SSE2) assembly code.
• Added support for 10-character DES-based tripcodes (not optimized yet).
• Added two more hash table sizes (16M and 128M entries) for faster
• processing of very large numbers of hashes per salt (over 1M).
• Made some minor optimizations to external mode function calls and
• virtual machine implementation.

and More..

Download John the Ripper 1.7.9-jumbo-6

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

The GUI Version of SQLMAP - SQL injection exploitation Tool

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

To use it, First install python 2.7 and download the last version of sqlmap-dev:
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

Then Download the file and unzip to sqlmap directory. For more help visit Official site.

Download The GUI Version of SQLMAP

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

GUI Password hash Cracker for MD5, SHA, NTLM

This password cracker was written in Java and is intended for Pen Testers and Security Professionals. This software will crack the MD5, SHA,NTLM(Windows Password),CISCO 7 hash codes.

Download the "Hash Code Cracker v121.jar" file. Method 1: Double click the jar file, it will automatically run with JRE. Method 2: Open the Terminal and navigate to the jar file path. Type this command "java -jar HashCodeCracker v121.jar".

Download GUI password Cracker

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Patator :Multi-purpose bruteforce Python Script

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:

• ftp_login : Brute-force FTP
• ssh_login : Brute-force SSH
• telnet_login : Brute-force Telnet
• smtp_login : Brute-force SMTP
• smtp_vrfy : Enumerate valid users using the SMTP VRFY command
• smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
• finger_lookup : Enumerate valid users using Finger
• http_fuzz : Brute-force HTTP/HTTPS
• pop_passd : Brute-force poppassd (not POP3)
• ldap_login : Brute-force LDAP
• smb_login : Brute-force SMB
• mssql_login : Brute-force MSSQL
• oracle_login : Brute-force Oracle
• mysql_login : Brute-force MySQL
• pgsql_login : Brute-force PostgreSQL
• vnc_login : Brute-force VNC
• dns_forward : Forward lookup subdomains
• dns_reverse : Reverse lookup subnets
• snmp_login : Brute-force SNMPv1/2 and SNMPv3
• unzip_pass : Brute-force the password of encrypted ZIP files
• keystore_pass : Brute-force the password of Java keystore files

Get Help and Syntax to use this tool from official page.

Download Parator Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

DroidSheep - Android tool for web session hijacking

DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.

DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only)

How does that work this simple?

There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.

Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.

Video demonstration

Download Droidsheep

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WPSCRACKGUI V-1.1.8 - Graphical tool for cracking WPS Wireless Pin

Graphical interface to the network cracking WPS Reaver.

Features :

• Graphic User Interface (GUI) WPS encryption cracking.
• Advanced Attack with Generic Dictionary.
• Advanced Dictionary Attack with Enhanced.
• Updated Assisted Reaver-WPS.
• Database with PINs.
• Change MAC Address.
• Supported in Gt and Gtk.
• Scan networks.

DOWNLOAD WPSCRACKGUI V-1.1.8

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email