MultiInjector - Automated Stealth SQL Injection Tool

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing - or a bad thing.

But well here it is anyway.



Features

• Receives a list of URLs as input


• Recognizes the parameterized URLs from the list


• Fuzzes all URL parameters to concatenate the desired payload once an injection is successful


• Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun


• OS command execution - remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user


• Configurable parallel connections exponentially speed up the attack process - one payload, multiple targets, simultaneous attacks


• Optional use of an HTTP proxy to mask the origin of the attacks

The author highly recommend running a HTTP sniffer such as IEInspector HTTP Analyzer in order to see all attack requests going out to the targets.

Requirements

• Python >= 2.4


• Pycurl (compatible with the above version of Python)


• Psyco (compatible with the above version of Python)

You can download MultiInjector v0.2 here:

MultiInjector.py

Or read more here.

Read More

Free ISO Creator Makes Disk Images Fast and Painless

Windows only: Create ISO-format disk images quickly and easily with Free ISO Creator. After downloading and installing the software, all you have to do is click Add File(s) or Add Folder to choose the data you want included in the image, select a name and location for the ISO file with "Save ISO As..." and click Convert. You can even create a bootable disk image by clicking Options and selecting the appropriate IMG file. Now you can burn the image to disk with ISO Recorder or mount the image as a virtual drive in Windows with the Virtual CD-ROM Control Panel, Clonedrive or Daemon Tools. Free ISO Creator is a free download for Windows.

Free ISO Creator [via Download Squad]

Read More

How to enable color profiles & color management in Firefox 3

Photographers and photo enthusiasts will be happy to hear this. Firefox 3 now supports color management. No more viewing flickr using Safari. You have to explicitly enable it though. Read on to know how.



Here is the link to the official test site for ICC v4. Go ahead and open it in a new window.



If your browser does not support color profiles or has it disabled, here is what you'll get:





If your browser does support color profiles, this is what you'll get:





Here is how to enable Color Management on Firefox 3:

1) Open Firefox 3 browser.

2) On the address bar type the following:



about:config



3) On the search bar type the following:



gfx.color_management.enabled



4) Confirm it is now set to true, then restart firefox.



That's it! Go back to the test site and confirm that you get the proper image.



Now, if only they had turned this on by default...

Read More

Securing Ubuntu

ProShield is a system administration/security program for Ubuntu/Debian GNU/Linux. It helps insure that your system is secure and up-to-date by checking many different aspects of your system. Whether you are a Linux novice or a system administrator with a dozen servers, ProShield is designed to be usable by all. Its main goal is to help secure a newly installed computer, as well as maintain the security of an existing machine. It's part security and part security administration.



The main features of ProShield are:

    * Helps you backup your system weekly.

    * Checks for new software releases, in order to see if installed software is reasonably up to date.  Smart-suggestion to upgrade if an important package is released.

    * Disk-space check to find any partitions that are 70% full or more.

    * Checks for extra root accounts.

    * Checks account & password files for correct access control permissions.

    * Makes sure a few security-hazardous packages are not installed.

    * Checks to make sure a packet sniffer is not running.

    * Removes unneeded packages from the local package archive.

    * Checks to see if 'apt' is fetching unnecessary information when checking for software updates.

    * Makes sure system time is accurate.

    * Checks to make sure the user isn't logged into the system (GUI) as root.

    * Checks the configuration of the ssh server ([sshd] if installed) for insecure settings.

    * At runtime, ProShield will also check to see if there has been a new version released, and can download and install it at the user's preference.



When the program is done analyzing your system, it displays an "advisory report", and then (if necessary), guides you through a series of interactive questions to help you solve any problems it found.

ProShield is released as a Debian package, ready for easy installation.  After installation, type "proshield" to start the program (you need to do this in a shell/terminal).



Download the latest version: ProShield v3.8.19



Easy Install:

If you don't know what a Debian package is, or you'd just like to install ProShield painlessly right now, you can paste this command into a shell/terminal: (you should also use this if you intend to install the ProShield package from the command line, as this method will resolve dependencies)



wget http://proshield.sf.net/ps-install 

sudo sh ps-install

rm ps-install

Read More

Hacking arrests doubled in Japan in 2007

Arrests associated with unauthorized access to computers more than doubled in Japan in 2007 compared to the previous year, according to figures released by Japan's Ministry of Justice.

During 2007 a total of 1,442 arrests were made, up 703 arrests a year earlier, reported the ministry in its annual White Paper on Crime. The figure is 10 times the number of arrests made in 2003 for violations of the same law.





The country also saw a rise, although a much more modest one, in the number of crimes involving computers. There were a total of 3,918 arrests for such crimes, up 9% on the year.

Within this category arrests relating to violations of the copyright law jumped 11 percent to 165, while arrests for distribution of obscene literature climbed 6 percent to 203. There was a drop in child pornography-related arrests from 251 to 192, but arrest for child prostitutes soliciting or solicited online rose from 463 to 551.



The figures come against a backdrop of increasing broadband and cell phone penetration in Japan but generally lower crime.

At the end of 2007 there were 28.3 million broadband connections and 100.5 million cell phone subscriptions. Those figures are up respectively 10 percent and 6 percent on the beginning of the year.

Overall reported cases dropped 7% compared to last year. It was the fifth year in a row that the number of cases dropped. They stood at 2.7 million in 2007 against the record high of 3.7 million hit in 2002.

Read More

Firefox hits 20% share as testers tickle 'pr0n mode'

Popular browser Firefox has snatched more than 20 per cent market share during two separate weeks in October, according to new statistics.

Net Applications, which compiled the data, claimed that Mozilla’s web browser crossed the significant threshold for the week starting 5 October, and, since then, has continued to float around the 20 per cent mark.

At the same time, Microsoft’s Internet Explorer has lost ground. It now holds around 71 per cent market share in the hotly contested browser wars. Whether that will change when the firm brings out IE8 remains to be seen, however.

Mozilla released Firefox 3 into an enthusiastic market in June this year. Meanwhile, IE8 is expected to land sometime in January 2009.

Opera also recently brought an updated version of its browser into play, and internet kingpin Google even got in on the act in September with the launch of Chrome.

In related news, Mozilla released its new private browsing porn mode feature to testers fiddling with beta versions of Firefox 3.1 earlier this week.

Microsoft spurted out a second beta of IE8 in late August that included the controversial “InPrivate Browsing” tool. The feature, when enabled, will switch off cookies, browsing and search history, and it won't save form data and passwords. In addition, it will automatically clear the cache at the end of the browser session.

Now, the latest Firefox 3.1 beta comes loaded with a similar wipe clean tool.

Firefox programmer Ehsan Akhgar explained in a blog post yesterday why Mozilla has done a sudden U-turn by adding the porn mode to Firefox 3.1.

"Private browsing aims to help you make sure that your web browsing activities don't leave any trace on your own computer," he said.

Mozilla previously shied away from adopting a “porn mode” feature in its browser. But in September it responded to challenges from browser rivals Apple, Microsoft and Google by reviving private browsing features in Firefox.



source: Register

Read More

How to Change Google Chrome Theme Easily

Google Chrome has received a good response despite of the criticizes it got.It is quite fast and uses less memory.But still it has not much support for customization and other things in its beta stage.So here’s a Google Chrome Theme manager which will allow you to change Google Chrome Themes easily.

You can download xChrome theme manager from http://elitehudson.com/XChromeP5.zip .XChrome is a theme manager for Googles Chrome browser, it allows users to install a skin in seconds without having to move default.dll around and it allows you to view the author and various other details before installing.



                                                                     XChrome also allows users who do not have XChrome install to install themes by double clicking the themes .exe file, they are prompted to install the theme, they agree the theme is copied to Chromes Default.dll .You can install a theme by selecting the theme and clicking install button.



You can get xChrome Theme Manager from here

Read More