BurpSuite Introduction & Installation

What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.

Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.

You need to install compatible version of java , So that you can run BurpSuite.

Read more

1. How To Pentest A Website With Kali
2. Pentest Owasp Top 10
3. Hacking Programs
4. Pentest Enumeration
5. Hacker Anonymous
6. Hacker Box
7. Pentest Tools
8. Hacker Tools
9. Hacking Page
10. Pentest Xss
11. Pentest Dns Server
12. Hacking Gif
13. Hacking Websites
14. Pentest +
15. Pentest With Kali Linux
16. Pentest

How To Control Android Phone From Another Phone Remotely

How to control Android phone From another phone Remotely

If you wish to remotely control Android phone from another phone, then you have come to the right place. It might sound surprising, but now you can easily control Android from Android by using the right kinds of applications. This can let you keep a strict eye on your kids, spouse, or anyone else remotely. In this informative post, we will make you familiar with different Android to Android remote control apps. Also, we will provide a stepwise solution to use an Android tracking app as well. Let's uncover them by taking one step at a time.

Control Android Phone from Another Phone Remotely

There could be numerous reasons to control Android from Android remotely. In most of the cases, it is used by professionals to access a device over the air. Also, parents like to use an Android to Android remote control at times to get a complete access to their kid's smartphones. Sometimes, it can help us transfer files from one device to another. You can also use it to access your partner's or employee's phone at the time of needs too. In the next section, we will let you know how to remotely control Android phone from another phone.

How to remotely control Android phone from another phone?

There are different readily available applications that can be used to remotely control Android phone from another phone. We have picked the 3 best tools here.

1. TeamViewer for Remote Control

TeamViewer is one of the most widely known solutions that can provide a remote access to computer and smartphone remotely. It has a dedicated solution for Android as well that can perform the same function without any trouble. You can try its free version and later buy the premium subscription if you wish to.

• Smart screen sharing with a complete control of the device
• Control Android from Android by bypassing a security access (a one-time code should be matched).
• 256 Bit AES session encoding and 2048 Bit RSA key exchange supported for advanced security
• File transfer is also supported

Compatibility; Android 4.0 and later versions

Get it here >>

2. RemoDroid

RemoDroid is another smart and lightweight Android to Android remote control that you can use. Besides controlling an Android phone, you can also use this tool to control a TV and other smart devices from your Android device as well.

• Easy screen sharing provision
• You can remotely control Android phone from another phone and other smart devices (like a TV)
• It supports screen sharing between multiple users
• Password protected and supports one-time authentication
• Advanced features require root access

Compatibility: Android 4.0 and up

Get it here >>

3. Inkwire Screen Share and Assist

Inkwire is a highly useful app that every Android user should have installed on their device. This freely available tool can let you share your screen with another user. After sharing the screen, you can provide assistance by marking the screen as well. It is particularly used by users to guide other how to use a certain feature on the device.

• Once connected, you can easily draw on the screen and guide the other user on a real-time basis.
• It is extensively used to provide customer support for Android apps.
• Voice chat option is also included

Compatibility: Android 5.0 and later versions

Get it here >>

@£√£RYTHING NT

Read more

• Hacking Forums
• Pentest Meaning
• Pentest Services
• Hacking The Art Of Exploitation
• Hacking Tools
• How To Pentest A Website
• Pentest Smtp
• Hacking Meaning
• Hacking Wifi
• Hacking Names
• Pentest Tools
• Pentest Practice
• Pentest Ios
• Pentest Online Course
• Hacking Google
• Hackerrank
• Hacking Tools
• Pentestbox

Freefloat FTP Server 1.0 | Remote Buffer Overflow | Exploit

More information

1. Hacker Keyboard
2. Hacking Jacket
3. Hacker Website
4. Hacker Kevin Mitnick
5. Pentest Distro
6. Pentest Owasp Top 10
7. Pentest Distro
8. Hacker Website
9. Hacking Resources
10. Hacking Programs
11. Hacking Script
12. Hacking Box
13. Hacking Gif
14. Pentest Tools
15. Hackerx
16. Hacking Typer

Administración Remota De Servidores Desde Android

Sería muy util poder administrar todos nuestros servidores desde la palma de la mano.

Sin embargo una shell linux, no es viable en el teclado de un teléfono incluso de un tablet, sobretodo porque hay que escribir muchos símbolos, por ejemplo el guión, y estos teclados están pensados más bien para texto.

Pues bien, de esta necesidad surgió la aplicación SSHControl:


SSHControl

Esta problematica la he solucionado a base de utilizar nevegadores y estructurar los outputs para no acumular excesiva información en la pantalla.

- Navegador de ficheros
- Navegador de procesos
- Navegador de conexiones
- Navegador de logs
- Navegador de drivers de kernel

Esto permite administrar múltiples servidores con un solo dedo :)

Controlar la seguridad de sus servidores ahora es bastante sencillo y ágil, por ejemplo con solo hacer un "tap" encima de un usuario, podemos ver sos procesos asociados, con hacer otro tap en un proceso podemos kilearlo, ver mas info etc ..
Con hacer un tap encima de una apliacción, vemos sus conexiónes, con un tap en una conexión podemos agregar una regla de filtrado en el firewall, etc ..


En la siguiente versión habilitaré la opción de "Custom Commnands", la cual es muy util,
cada administrador o usuario linux, tiene una serie de comandos que repite con mucha frecuencia,
bien pues esta opción permite pre-programar estos comandos habituales, de manera que puedes lanzarlos con un simple tap.

En el roadmap tengo pensadas nuevas funcionalidades muy útiles :)

Aqui os dejo algunas capturas de pantalla:







Related posts

1. Pentest Book
2. Pentest Vpn
3. Hacker Kevin Mitnick
4. Pentest Red Team
5. Pentest Red Team
6. Pentest Vs Red Team
7. Pentest Ubuntu
8. Pentest +
9. Hacker
10. Pentest Gear
11. Pentest Red Team
12. Pentest Plus
13. Pentest Report Generator
14. Hackerrank Sql
15. Hacking Online Games

HTML5 Games On Android

On my last hollidays, I made two HTML5 games, and published on android market. Nowadays javascript has powerful libraries for doing almost everything, and also there are several compilers from java or c code to javascript, converting opengl c code to html5 canvas, but definitely, javascript execution is slower than dalvik applications, and of course much slower than arm c libs. For improving the speed of sounds and images loader, I have used javascript asynchronous execution and scheduling priority has been controlled with setTimeout/setInterval which deprioritize or priorize a code block. This games are published on the android market here: Android Planets and here: Far Planet

Related posts

• Pentest Companies
• Hacking Language
• Hacking The System
• Hacker Prank
• Hacking Linux
• Hacking Browser
• Pentest Services
• Hackerrank
• Pentest Wiki
• Hacking Language
• Hacking To The Gate
• Pentest Android App
• Pentest Practice
• Pentest Security

ANNOUNCEMENT: Submitters Of Papers And Training For Global AppSec DC 2019 (Formerly AppSec USA)

We had an overwhelming turnout out of submissions for Call for Papers and Call for Training for the OWASP Global AppSec DC 2019 (formerly AppSec USA)  We want to give each submission the time deserved to evaluate each before choosing.  Keeping that in mind the notifications of acceptance and thanks will be CHANGED to July 1, 2019.  We appreciate your understanding and patience in this matter.

https://dc.globalappsec.org/

Related news

1. Hacking Gif
2. Pentest +
3. Pentest Report Generator
4. Hacking Health
5. Hacking Page
6. Pentest Active Directory
7. Pentest Active Directory
8. Pentest As A Service
9. Hackerx
10. Pentest Linux

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.

Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:

There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:

The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.

The equation:

cmd[0] = 69

cmd[1] = 78

cmd[1] + cmd[2] = 154

cmd[2] + cmd[3] = 202

cmd[3] + cmd[4] = 241

cmd[4] + cmd[5] = 233

cmd[5] + cmd[6] = 217

cmd[6] + cmd[7] = 218

cmd[7] + cmd[8] = 228

cmd[8] + cmd[9] = 212

cmd[9] + cmd[10] = 195

cmd[10] + cmd[11] = 195

cmd[11] + cmd[12] = 201

cmd[12] + cmd[13] = 207

cmd[13] + cmd[14] = 203

cmd[14] + cmd[15] = 215

cmd[15] + cmd[16] = 235

cmd[16] + cmd[17] = 242

The solution:

cmd[0] = 69

cmd[1] = 75

cmd[2] = 79

cmd[3] = 123

cmd[4] = 118

cmd[5] = 115

cmd[6] = 102

cmd[7] = 116

cmd[8] = 112

cmd[9] = 100

cmd[10] = 95

cmd[11] = 100

cmd[12] = 101

cmd[13] = 106

cmd[14] = 97                    

cmd[15] = 118

cmd[16] = 117

cmd[17] = 125

The flag:

EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor

More articles

1. Pentest Tools For Windows
2. Hackerrank Sql
3. Hacker Types
4. Hacker Attack
5. Pentesting Tools
6. Hacking Gif
7. Pentest Vs Ceh
8. Pentest Blog
9. Hacking The System
10. Pentest Usb
11. Hackerrank
12. Pentest Security

How To Install And Run Backtrack On Android

Guide you step by step to How to install and run Backtrack on android. As the Backtrack is also available with ARM architecture which makes it possible to run Backtrack on an ARM machine such as mobiles or tablets.

Recently, We are discussed Install and Run BackTrack on Windows. Android is the best OS for penetration testing. It designed for digital forensics and penetration testing or hacking tool. It comes with many more updated tools. As the Backtrack is also available with ARM architecture which makes it possible to run Backtrack on an ARM machine such as mobiles or tablets.

How To Install and Run Backtrack On AndroidRequirements

• A Rooted Device [ Root Simple Android Phone Without Pc ]
• Backtrack ARM [ Download ]
• BusyBox [ Download ]
• Android Terminal and Android VNC
• If you are using PC then you need 7zip for extraction otherwise you can use zarchiver on your android phone. [ Download ]

Step to Install and Run Backtrack On Android:

First of all extract the BT5-GNOME-ARM.7z. and copy the "BT5" folder and then put in your phone's root directory. Here mine phone is /sdcard. The root directory is different for different mobile devices.

• Now install all the above apps Busybox, Android Terminal, Android Vnc.
• After installing BusyBox application open it and wait until it finishes loading and then click on Smart install.
• Now open the android terminal and type the following command:
  su cd /sdcard/BT5sh bootbtNOTE :- When you type su in terminal it will ask you for superuser request and you have to tap on Grant.
  
• After this, type the following commands in terminal.
  export USER=rootvncpasswd
• After entering vncpasswd the terminal will ask you to enter the password. Enter the desired password and hit enter.
• Now type the following commands.
  tightvncserver -geometry 1280×720
• The terminal emulator will create the localhost to connect it to VNC server. Now note the localhost port marked red below. Now minimize the terminal emulator.
• Open the Android VNC and type the following settings.

Nickname : BT5
Password : your password here which you entered in terminal (step no.6)
Address : localhost
Port : 5906

NOTE: Make sure that your localhost's port matches with terminal's localhost. Here mine New 'X' desktop is localhost:6. You may be different. So, in VNC type Port 590X where the "X" is the localhost in the android terminal.

That's it now just tap on connect to run the Backtrack on your android. So in this way you successfully install and run backtrack 5 on android. If you face any problem feel free to discuss in below comments!

More information

1. How To Pentest A Website
2. Pentest Tools Free
3. Hacker
4. Hacking Health
5. Pentest Smtp
6. Hacking Forums
7. Hacking Vpn
8. Hacking Names
9. Pentest Linux
10. Pentest Vpn
11. Pentest Free
12. Hacker Videos
13. Pentest Web Application
14. Hacking Typer

Steghide - A Beginners Tutorial

All of us want our sensitive information to be hidden from people and for that we perform different kinds of things like hide those files or lock them using different softwares. But even though we do that, those files  attractive people to itself as an object of security. Today I'm going to give you a slight introduction to what is called as Steganography. Its a practice of hiding an informational file within another file like you might have seen in movies an image has a secret message encoded in it. You can read more about Steganography from Wikipedia.

In this tutorial I'm going to use a tool called steghide, which is a simple to use Steganography tool and I'm running it on my Arch Linux. What I'm going to do is simply encode an image with a text file which contains some kind of information which I don't want other people to see. And at the end I'll show you how to decode that information back. So lets get started:

Requirements:
1. steghide
2. a text file
3. an image file

After you have installed steghide, fire up the terminal and type steghide

It will give you list of options that are available.

Now say I have a file with the name of myblogpassword.txt which contains the login password of my blog and I want to encode that file into an Image file with the name of arch.jpg so that I can hide my sensitive information from the preying eyes of my friends. In order to do that I'll type the following command in my terminal:

steghide embed -ef myblogpassword.txt -cf arch.jpg

here steghide is the name of the program
embed flag is used to specify to steghide that we want to embed one file into another file
-ef option is used to specify to steghide the name (and location, in case if its in some other directory) of the file that we want to embed inside of the another file, in our case its myblogpassword.txt
-cf option is used to specify the name (and location, in case if its in some other directory) of the file in which we want to embed our file, in our case its an image file named arch.jpg

After typing the above command and hitting enter it will prompt for a password. We can specify a password here in order to password protect our file so that when anyone tries to extract our embedded file, they'll have to supply a password in order to extract it. If you don't want to password protect it you can just simply hit enter.

Now myblogpassword.txt file is embedded inside of the image file arch.jpg. You'll see no changes in the image file except for its size. Now we can delete the plain password text file myblogpassword.txt.

In order to extract the embedded file from the cover file, I'll type following command in the terminal:

steghide extract -sf arch.jpg -xf myblogpass.txt

here steghide is again name of the program
extract flag specifies that we want to extract an embedded file from a stego file
-sf option specifies the name of the stego file or in other words the file in which we embedded another file, in our case here its the arch.jpg file
-xf option specifies the name of the file to which we want to write our embedded file, here it is myblogpass.txt
(remember you must specify the name of file with its location if its somewhere else than the current directory)

After typing the above command and hitting enter, it will prompt for a password. Supply the password if any or otherwise just simply hit enter. It will extract the embedded file to the file named myblogpass.txt. Voila! you got your file back but yes the image file still contains the embedded file.

That's it, very easy isn't it?

It was a pretty basic introduction you can look for other things like encrypting the file to be embedded before you embed it into another file and so on... enjoy :)

Continue reading

• Pentest With Metasploit
• Pentest Os
• Pentest Active Directory
• Hacking Browser
• Pentest Tools Github
• Hacking Network
• Pentestmonkey Cheat Sheet
• Pentest Partners
• Pentest Linux
• Pentest Certification
• Hacking Network
• Hacker Typer
• Pentest Stages
• Pentest Cheat Sheet

How To Start | How To Become An Ethical Hacker

Are you tired of reading endless news stories about ethical hacking and not really knowing what that means? Let's change that!

This Post is for the people that:

• Have No Experience With Cybersecurity (Ethical Hacking)
• Have Limited Experience.
• Those That Just Can't Get A Break

OK, let's dive into the post and suggest some ways that you can get ahead in Cybersecurity.

I receive many messages on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems. Its time to change the color of your hat 😀

 I've had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have.

If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.

Let's get this party started.

•  What is hacking?

Hacking is identifying weakness and vulnerabilities of some system and gaining access with it.

Hacker gets unauthorized access by targeting system while ethical hacker have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s)

 There's some types of hackers, a bit of "terminology".
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — person with no technical skills just used pre-made tools.
Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.

•  Skills required to become ethical hacker.

1. Curosity anf exploration
2. Operating System
3. Fundamentals of Networking

*Note this sites

• hackquest.de
• hacktissite.org
• www.trythis0ne.com
• www.hackchallenge.net
• hacking-lab.com

Related posts

• Hacking Meaning
• Pentest Windows
• Pentest Tutorial
• Pentest Report Generator
• Hacking Hardware
• Pentest Jobs
• Hacking Apps

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice,

via The Hacker News

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

More articles

• Hacking System
• Software Hacking
• Hacking Simulator
• Portatil Para Hacking
• Mind Hacking
• Hacking Iphone
• Growth Hacking Barcelona
• Hacking Wifi Android
• Informatico Hacker
• Cosas De Hackers
• Whatsapp Hacking
• Paginas Para Hackear

Fragroute

"fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour." read more...

Website: http://monkey.org/~dugsong/fragroute

More articles

• Como Aprender A Hackear
• Hardware Hacking Tools
• Password Hacking
• Amiibo Hacking
• Como Aprender A Ser Hacker
• Hacking Smart Tv
• Hacking Linux Distro
• Brain Hacking
• Udemy Hacking
• Hacking Desde Cero
• Programa Hacker
• 101 Hacking
• Hacking Food

USE OF CRYPTOGRAPHY IN HACKING

WHAT IS CRYPTOGRAPHY?

The Cryptography is derived from the Greek words "Kryptos". This is the study of secure communication techniques that allow only the sender and recipient of a message to view it's contents of transforming information into nonhuman readable form or vice versa is called cryptography.

As we know that information plays a vital role in running of any business and organizations etc, sensitive details in the wrong hands can leads to loss of business.

Cryptography is the science of ciphering and deciphering messages.To secure communication organizations use cryptology to cipher information .

                            Or

Cryptography is a method of protecting information and communication through the use of codes so that only those whom the information is intended can read and process it.

In Computer Science, Cryptography refers to secure information and communication techniques derived from mathematical concepts , a set of rule based calculations called algorithm to transform message in ways the hard to readable for human.

This is one of the secure way of communications for a hacker with the help of virtual private network(VPN) like Tor Browser which is also very helpful to change the IP Address(Location of the sender ) for illegal purpose to perform crime in cyberspace . I will discuss in brief about the VPN .

How to Encrypt and Decrypt the text in Cryptography?

Open this website with the help of internert surfing for encryption-"http://wwwmd5online.org" 

Open the link for Decrypt the code text-"http://www.md5online.org/md5-decrypt.html"

Type whatever you want for encryption and it will crypt in the code form, copy that code and forward to the intended person whom you want for secure communication and then he/she will Decrypt in the real form.

               
       

Related word

• Hacking Tools
• Hacker Etico
• Hacking Simulator
• Curso Growth Hacking
• Blackhat Hacking
• Javascript Hacking
• Tutoriales Hacking
• Libros Hacking
• Pagina Hacker
• Hacking Growth Sean Ellis

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related word

• Hacking Google Home Mini
• Tutoriales Hacking
• Funnel Hacking Live
• Curso Hacking Gratis
• Hacking Significado
• Hacking Wikipedia
• Viral Hacking
• Growth Hacking Libro
• Hacker Seguridad Informática
• Hacking Articles
• Libro De Hacking
• Hacking Meaning
• Hacking Pdf
• Hacking Academy
• Hacking Mac