The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Amul's site is vulnerable to sql injection ! Angel 4k4 4d0r4b13  Found vulnerability on Amul's Websites, whole database is hackable ! Server Info: Host IP:             59.163.170.113 Web Server:       Apache/2.2.11 (Fedora) Powered-by:       PHP/5.2.13 DB Server:          MySQL >=5 Tables of vidya_new: Dummy_maharani Dummy_school School_mst School_mst_0506 School_mst_0708 bldgrp_mst depot_address depot_dist_map depot_mst depot_mst_14072010 depot_mst_29072010 depot_mst_new hoard_image parlour_mst phplist_admin phplist_admin_attribute phplist_admin_task phplist_adminattribute phplist_attachment phplist_attribute phplist_bounce phplist_bounceregex phplist_bounceregex_bounce Hacked Site :  https://www.amul.com/

DRIL : Domain Reverse IP Lookup Tool Download DRIL ( Domain Reverse IP Lookup ) Tool is a Reverse Domain Tool that will really useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which use the Bing API key.DRIL has a simple user friendly which will be helpfull for penetration tester to do there work fast without a mess .this is only tested on linux still , been java it should work on windows to. There are online tools available, But many times due to slow internet connectivity we intend to get frustrated while audits. this tool is small and handy will not consume harddisk space So, its simply an good and fast altenative. How to run DRIL java -jar example java -jar "/home/treasure/DomainReverseIPLookup.jar" and it should open the application Download DRIL

The Social-Engineer Toolkit v1.3.2 , New version Download ! The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. This is the change log: Added a new feature to the SET interactive shell, grabsystem. Will allow you to elevate permissions on victi machine. Does not work on XP SP2 and below. Fixed a bug where if grabsystem was called on with UAC bypass, the UAC-Safe shell would hang Added better error handling of sockets and addresses in the socket handlers in the interactive shell Updated the code base in the shell.binary to add the new grabsystem and add better error handling Added default handling if listener port was nothing, defaults to port 443 now Fixed a bug in how third party handlers responded to certain character sets Slo...

Cain & Abel 4.9.40 released , Download now ! Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Changes in this version: Added Proxy support for Cain's Certificate Collector. Added the ability to specify custom proxy authentication credentials for Certificate Collector. Added ProxyHTTPS Man-in-the-Middle Sniffer (TCP port 8080). HTTP, APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated. Added progress bar indicator in the off-line capture file function. Bug fixed in ProxyHTTPS Man-in-the-Middle Sniffer parsing "Connection Established" string. Bug fixed in VoIP Sniffer creating MP3 Mono files. Bug fixed in RTP Sniffer processing off-line capture files. Wi...

A new exploit for IE9 bypasses all security measures in even the latest fully patched version of Windows 7, according to a French security company Vupen. The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year. Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9. "The exploit uses two distinct vulnerabilities. The first one allows execution of arbitrary code within the IE9 sandbox. The second one allo...