Hacme Bank
From OWASP
Since the Foundstone HacmeBank tool was released with an Open Source License, we can host a copy here and add more tests to it as soon as they are ready (i.e. we don't need to wait for Foundstone's release cycles)
Notes:
Removing 'OnlyAllowLocalAccess' restriction
By default (to prevent accidental exploitation) non-local requests are not allowed (i.e. only http://127.0.0.1 will work).
To allow such accesses, edit the Hacme Bank's website web.config (in HacmeBank_v2_Website folder) and comment out the HttpModule_onlyAllowLocalAccess line in the section.
To also access (and 'unprotect') the Webservices, remove the same line from the web.config file that is in the HacmeBank_v2_WS folder
Installing on non-US English systems
The Hacme Bank v2 available from Foundstone/McAfee only works on systems where the regional settings are set to the United States. Although, it at first appears to work, lots of the application interactions and database calls fail with ugly error messages. The easiest fix is to build a dedicated server using US English settings from the ground-up.
Notes:
Removing 'OnlyAllowLocalAccess' restriction
By default (to prevent accidental exploitation) non-local requests are not allowed (i.e. only http://127.0.0.1 will work).
To allow such accesses, edit the Hacme Bank's website web.config (in HacmeBank_v2_Website folder) and comment out the HttpModule_onlyAllowLocalAccess line in the
To also access (and 'unprotect') the Webservices, remove the same line from the web.config file that is in the HacmeBank_v2_WS folder
Installing on non-US English systems
The Hacme Bank v2 available from Foundstone/McAfee only works on systems where the regional settings are set to the United States. Although, it at first appears to work, lots of the application interactions and database calls fail with ugly error messages. The easiest fix is to build a dedicated server using US English settings from the ground-up.
SQL MAP
Introductionsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Features
Some of the major features implemented in sqlmap include:
* Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server back-end database management systems. Besides these four database management systems software. sqlmap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase.
* Full support for three SQL injection techniques: inferential blind SQL injection, UNION query (inband) SQL injection and batched queries support. sqlmap can also test for time based blind SQL injection.
* Extensive back-end database management system software and underlying operating system fingerprint based upon inband error messages, banner parsing, functions output comparison and specific features such as MySQL comment injection. It is also possible to force the back-end database management system name if you already know it. sqlmap is also able to fingerprint the web server operating system, the web application technology and, in some circumstances, the back-end DBMS operating system.
* Support to retrieve on all four back-end database management system banner, current user, current database, check if the current user is a database administrator, enumerate users, users password hashes, users privileges, databases, tables, columns, dump tables entries, dump whole database management system and run user's own SQL statement.
* Support to read either text or binary files from the database server underlying file system when the database software is MySQL, PostgreSQL and Microsoft SQL Server.
* Support to execute arbitrary commands on the database server underlying operating system when the database software is MySQL, PostgreSQL via user-defined function injection and Microsoft SQL Server via xp_cmdshell() stored procedure.
* Support to establish an out-of-band stateful connection between the attacker box and the database server underlying operating system via:
o Stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux;
o Microsoft SQL Server 2000 and 2005 sp_replwritetovarbin stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;
o SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit on the attacker box.
* Support for database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable.
Microsoft SQL Server
FULL
1 comments
FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
(Spammed From Credit Bureau of USA)
=>Contact 24/7<=
Telegram> @killhacks
ICQ> 752822040
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA AVAILABLE
$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term
PLEASE DON'T ASK ANYTHING FOR FREE
TOOLS & TUTORIALS AVAILABLE FOR SPAMMING, HACKING & CARDING
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
SQL Injector
Bitcoin flasher
Keylogger & Keystroke Logger
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
Php mailer
Server I.P's & Proxies
HQ Emails Combo
*If you need a valid vendor it's very prime chance, you'll never be disappointed*
CONTACT 24/7
Telegram> @killhacks
ICQ> 752822040
Post a Comment