The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Sqlmap v.0.9 - automatic SQL injection and database takeover tool ! sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Change Log : * Rewritten SQL injection detection engine (Bernardo and Miroslav). * Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav). * Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav). * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). * Implemented support for Firebird (Bernardo...

RawCap sniffer for Windows released We are today proude to announce the release of RawCap, which is a free raw sockets sniffer for Windows. Here are some highlights of why RawCap is a great tool to have in your toolset: Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback) RawCap.exe is just 17 kB No external libraries or DLL's needed No installation required, just download RawCap.exe and sniff Can sniff most interface types, including WiFi and PPP interfaces Minimal memory and CPU load Reliable and simple to use Usage RawCap takes two arguments; the first argument is the IP address or interface number to sniff from, the second is the path/file to write the captured packets to. C:\Tools>RawCap.exe 192.168.0.23 dumpfile.pcap You can also start RawCap without any arguments, which will leave you with an interactive dialog where you can select NIC and filename: C:\Tools>RawCap.exe Network interfaces: 0. 192.168.0.23 ...

WiFite The WEP/WPA Cracker version r68 released ! Designed for Backtrack4 RC1 distribution of Ubuntu. Linux only; no windows or osx support. Purpose : to attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. wifite can be trusted to run without supervision. Feature : this project is available in French: all thanks goto Matt² for his excellent translation! sorts targets by power (in dB); cracks closest access points first automatically deauths clients of hidden networks to decloak SSIDs numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc) customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc) “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete all WPA handshakes are backed up to wifite.py’s current directory smart WPA deauthentic...

Anonymous Plans Sony Boycott on April 16 Say you're a hacker trying to cripple a major electronics company for suing its own users: how do you launch a cyberattack without harming the people you're trying to protect? In the case of hactivist group 'Anonymous,' which has spent the week targeting Sony to retaliate against Sony's ongoing lawsuits against PlayStation 3 modifiers, you take it offline. Anonymous is staging a 24-hour, in-store boycott at Sony stores around world on Saturday, April 16. So far over 1,000 people have RSVP'd through Facebook. On Monday, Anonymous launched a DDoS attack on Sony that rendered the PlayStation Network (PSN) inaccessible for most of the day (while an Anonymous offshoot calling itself "SonyRecon" targeted individual Sony employees). But after consumers complained that the takedown was doing more harm than good to gamers, Anonymous reversed the hack and took down the Sony Careers page instead. Sony has remained...

PenTBox 1.4 – Penetration Testing Security Suite Download PenTBox, a security framework written in Ruby and multiplatform (actually working even on iOS and Android!). Tools & Features (Updated) Technical features - GNU/GPLv3 License. Free in freedom and in price. - Multi-platform (Ruby: GNU/Linux, Windows, Mac OS, *BSD, iOS, Android, …). - Compatible with Ruby and JRuby. - Multithreading (native threads in Ruby >= 1.9 and JRuby). - Doesn’t require additional libraries (non standard are included). - Modular (easy to expand and customize). Tools (SVN Version) - Cryptography tools Base64 Encoder & Decoder Multi-Digest (MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD-160) Hash Password Cracker (MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD-160) Secure Password Generator - Network tools Net DoS Tester TCP port scanner Honeypot Fuzzer DNS and host gathering - Web HTTP directory bruteforce HTTP common files bruteforce A moderate number of people are using it...

Pakistan Air Force Vulnerable to SQLi By Lionaneesh Vulnerable Link :  http://www.joinpaf.gov.pk/ page.php?pageid='149 Hacked Database :  http://pastebin.com/yNZ4UrNH