Hackers the Real Life Vampires!

Well here is a article that I wanted to write from July, finally I am DOING IT! 
Well if you are reading this article then you must be a Hacker or a Vampire-Lover or both like me (though I hate Ian Somerhalder for some PERSONAL reasons). As even a third grader would know that Vampires does not exist apart form myths! So if someone is obsessed with Vampires which is the best possible alternative to look at in real life?


My Answer would be "Hackers". But why?


This is a small argument. I have some comparisons between both and then you people can decide for yourself!


1: Speed
Well here take speed as merely speed, in vampires case it is running speed. Like they run at super human speed and can outrun any car( So I wonder which Edward Cullen had a whole collection of it). In Hackers case the typing speed is superhuman, no body can type faster then them.


2: Image
The one is the most likely thing. See in Vampires case there are Good Vampires and Bad Vampires and same is the case with Hackers, there are Good Hacker and there are Bad Hackers. Bad Vampires hunt humans and Good one just harm the innocent cows, here Bad Hackers hurt the innocent users by hacking there accounts or just Hack a Website for fun on the other hand good ones do not hack any one like that they just experiment with there own computers.


3: Tracking Ability
If you Google for the abilities of the Vampires one of the most common is to track people. They can track any Human with their scent and hunt them down. Same is the case with Hackers they can hunt nearly everyone through the abilities. An interesting example is of Kevin Mitnick who was most wanted person on FBI list but they could not catch him for many years finally another Hacker named Tsutomu Shimomura hunt him down and that resulted in Kevin's arrest!


4: Night
Both of these teams work at night for them Day is the resting time and useless on the other hand the night is for the work and live. Vampires would be killed by the sunlight (do not believe Twilight, the sparkling stuff does not comply with the legends) and Hackers are also in action in Night.


So this is my small argument that Hackers are the real life Vampires, they also comply with the Vampire culture of the small families and groups. They are more in common then in difference. So According to me Being a Hackers is just being a Vampire. This article is also a message for Vampire loving Girls. Look Gals Vampires are not going to come so there are my Hacker brothers out there too, please consider them! lolx ;)

POV: The Travel Photographer Looks Back At 2011

I thought of ending 2011 with various "look-backs" and favorites that appeared on The Travel Photographer's blog.

1. Photo Expedition/Workshops:

I rate the Kolkata's Cult of Durga Photo Expedition/Workshop as the most logistically challenging, but also most rewarding from a documentary standpoint, of my photo expeditions. As I've written in previous posts, the participants (most had no prior knowledge of multimedia) produced highly commendable audio-slideshows during the two weeks spent in Kolkata.

My comprehensive verdict and epilogue of the Kolkata's Cult of Durga Photo Expedition/Workshop was published on October 28.

From the In Search of the Sufis of Gujarat Photo Expedition�, I produced my favorite audio-slideshow and photo essay The Possessed of Mira Datar. It documents the pilgrims who flock daily in their hundreds to the shrine of a renowned Sufi saint in Gujarat.

2. Favorite Photo Essay By Photojournalist:

There's no question that it was the terrific photo essay in The New York Times titled Cairo Undone by Moises Saman. It made me recalibrate my earlier thoughts about photographing in Cairo.

3. Favorite New York Street Photography Event:

In the early days of November, I ventured to Zuccotti Park in Lower Manhattan, and spent a few hours photographing the Occupy Wall Street movement. As I wrote in the blog post, I sympathize with most of the OWS positions. Some of the photographs I took are featured on The Leica File.

4. Favorite Photo Festivals:

I'm not a big photo festival goer, so I only attended two in 2011...but I thoroughly enjoyed participating in the biannual Delhi Photo Festival in October (regrettably for only one day), and attending the annual Angkor Photo Festival in Siem Reap. Both of these festivals were extremely well organized and the attendance was phenomenal!

5. Favorite Photojournalism Workshop:

The Foundry Photojournalism Workshop is my hands-down favorite. Not only because I'm one of the faculty members, but because it's really fantastic. The photographers in the faculty generously share their knowledge and time, its staff, administrators and local volunteers make it wonderful successes year after year, and simply said, the participating photographers "students" are the future...and it's personally rewarding to be part of this.

6. Favorite Short Vimeo Movies:

I loved Miehina, The Kyoto Geisha by Glen Milner. Extremely well produced, and instrumental in shaming me in not having visited Japan yet.

And I also loved A Dos Pasos Del Coraz�n: The Photographer Of Seville by Sergio Caro and Ernesto Villalba. A beautifully produced movie about an elderly wedding photographer.

7. Favorite Photographer "Americana" Category:

Carolyn Beller takes that one with her The Mississippi Delta photo essay, which I imagined viewing with a song by Howlin' Wolf or John Lee Hooker (as only two examples) blaring in the background.

8. (My Very Own) Favorite Prediction:

No one takes my prediction seriously (at least publicly) but I predict the advent of a mirror-less Leica...a $3500 Micro Four Thirds Leica. I know it's wishful thinking, but that's what my Nostradamus crystal ball tells me when I look in it.

And another of my silly predictions was that I'd never take pictures with an iPhone. Yes, I do now.

9. Favorite Love-Hate Relationship:

I have a love-hate relationship with my Leica M9...many photographers share this emotional dichotomy. I imagined it would not last as long, but it has. I love the M9's handling, heft and durability and abhor its shortcomings...and yes, it makes really great pictures when I know what to do.

And my Dumber Than Dumb moment of 2011 is when I exhausted myself polishing my Elmarit 28mm lens because the view through my just acquired M9's viewfinder was smudgy. The more I polished the more it got smudgier...of course, I was polishing the lens with my thumb squarely on the viewfinder window....a rangefinder newbie brain fart.

10. (My) Favorite Street Photograph:

It's really a subway photograph...but is of the trio of women on the F train, which I titled "The Sleepy, The Anxious And The Bored".

11. My Most Popular Blog Post:

The most popular post on The Travel Photographer during 2011 is a POV titled Is Shooting From The Hip Photography?. Many many thousands of views on that one. Wow!

12. My Favorite WTF? Rant:

It's the WTF?! Be A Sucker And Publicize A Book...For Free. The very best of my world famous acerbic rants.

13. Favorite Photographer "Travel" Category:

And here he is...Tim Allen is the The Travel Photographer's favorite travel photographer of 2011. Tim is is a English photographer with a hefty professional background, who has won prestigious awards. He has worked with indigenous communities throughout the world , most extensively in India and South East Asia.

No ambivalence. One of the best there is.

Enric Mestres Illamola: India

Enric Mestres Illamola is a Catalan photographer specialized in portraits, wedding photography and is a photography teacher in various schools in Barcelona (Spain). He traveled to India no less than 6 times, mostly traveling as a tourist, and photographing portraits along his route. He uploaded a series of these portraits, as well as some street scenes, on YouTube.

Sandy Chandler: Videos & Book...Kolkata & Durga Puja

Sandy Chandler has been busy the past few months. No, make that real busy.

She participated in my Kolkata's Cult of Durga Photo~Expedition & Workshop� in October, and having produced a highly commendable black & white audio-slideshow (at top) during the workshop, also returned home with a trove of images and audio tracks recorded live during the two weeks in Kolkata.

Back home, she produced a more light hearted view of the festival which views it from what she calls "Another Side of Durga Puja", and features its mixture of spirituality and commerce.

As she describes it, "the annual Durga Puja festival in Kolkata celebrates Durga, archetype of Great Goddess Mahadevi of the Hindu Pantheon. The festival sees huge, elaborately crafted sculptures installed in homes and public spaces all over the city. At the end of the festival, the idols are paraded through the streets accompanied by music and dancing and then immersed into the Ganges river."

Sandy is currently working towards her MA in Art & Religion at the Dominican School of Philosophy & Theology (Graduate Theology Union) in Berkeley, and these slideshows are part of her projects for this degree.

Others would be resting on their laurels, but she also self-published an 80 pages book titled Durga Puja which can be bought from Blurb.

Sandy Chandler is an award-winning and passionate travel photographer. Her photography captures the souls and spirit of the land, its culture and people.  Her previous photography books are Carnevale: The Fantasy of Venice and Calling the Soul:The Spirit of Bali Cremations.

Evgenia Arbugaeva: Following The Reindeer

Photo � Evgenia Arbugaeva-All Rights Reserved

I think featuring Evgenia Arbugaeva's photo essay Following The Reindeer is timely in view of the season where the children in us perhaps long to see them in the sky being led by a jolly man dressed in red with a white beard...but these reindeers are real, and live in the Republic of Yakutia...not in the North Pole.

Yakutia is located in eastern Siberia and stretches to the Henrietta Islands in the far north and is framed by the Laptev and Eastern Siberian Seas of the Arctic Ocean. It's a region with considerable raw materials. It large reserves of oil, gas, coal, diamonds, gold, and silver. The majority of all Russian diamonds are mined there, accounting for almost a quarter of the world's diamond production.

Evgenia Arbugaeva is of Yakutia, and works as a freelance photographer between Russia and New York. She documented the reindeer herders/breeders of the region, who are the Even, the Evenk, the Yukagir, the Chukchi and the Dolgan.

Angry Birds Seasons.v2.1.0 Full Crack with Serial Key

 
Angry Birds is the Most popular game in the world at this time and really fun! But the only problem with it is that its not free you will have to buy it fr full missions so I am going to Give crack of it to you people and instructions on how to install it! (Note: Game was not cracked by me)

DOWNLOAD:
http://ul.to/sa08nhhh 
http://depositfiles.com/files/iyg4n1r43 
http://www.megaupload.com/?d=Z1ODDG91 
http://www.mediafire.com/?4z7oazy9466zbd7


pass: senseman


INSTRUCTIONS:

After downloading follow the installation steps below 1. Double click on the exe-file to begin installation 2. Click "Next" to begin the installation process 3. Click Next to accept the End User License agreement 4.Select location where you want the game installed. Make sure that you have enough space on the selected hard drive 5. Click Install to begin the installation process 6. Your computer can show you a security prompt. Allow the installation by clicking Yes 7. Wait for the install to Finish 8. Copy cracked exe to install directory,run the game,Register with any key,Have fun

Angry Birds Rio v1.4.0 Full Crack with Serial Key

Angry Birds is the Most popular game in the world at this time and really fun! But the only problem with it is that its not free you will have to buy it fr full missions so I am going to Give crack of it to you people and instructions on how to install it! (Note: Game was not cracked by me)

DOWNLOAD:
http://www.megaupload.com/?d=4Y327EUU 
http://www.mediafire.com/?a83kcioq9tqwag6 
http://depositfiles.com/files/9fafjhx4b 
http://www.wupload.com/file/2623131937/Angry.Birds.Rio.v1.4.0.Cracked.GAME-ErES.senseman.rar 


pass: senseman


INSTRUCTIONS:

After downloading follow the installation steps below 1. Double click on the exe-file to begin installation 2. Click "Next" to begin the installation process 3. Click Next to accept the End User License agreement 4.Select location where you want the game installed. Make sure that you have enough space on the selected hard drive 5. Click Install to begin the installation process 6. Your computer can show you a security prompt. Allow the installation by clicking Yes 7. Wait for the install to Finish 8. Copy cracked exe to install directory,run the game,Register with any key,Have fun

Free Angry Birds v2.0 Cracked with Serial Key

Angry Birds is the Most popular game in the world at this time and really fun! But the only problem with it is that its not free you will have to buy it fr full missions so I am going to Give crack of it to you people and instructions on how to install it! (Note: Game was not cracked by me)

DOWNLOAD:
http://ul.to/quaysx2g 
http://www.filesonic.com/file/DXO9Cw1 
http://depositfiles.com/files/i61w90143 
http://www.megaupload.com/?d=XSFTDY0B 
http://www.mediafire.com/?56866ikth6pcafv 


pass: senseman


INSTRUCTIONS:

After downloading follow the installation steps below 1. Double click on the exe-file to begin installation 2. Click "Next" to begin the installation process 3. Click Next to accept the End User License agreement 4.Select location where you want the game installed. Make sure that you have enough space on the selected hard drive 5. Click Install to begin the installation process 6. Your computer can show you a security prompt. Allow the installation by clicking Yes 7. Wait for the install to Finish 8. Copy cracked exe to install directory,run the game,Register with any key,Have fun

Merry Xmas And Happy 2012!!!

(Click To Enlarge)

I wish a merry Xmas, and happy holidays to all my friends, blog readers, Google and Twitter followers...as well as to some of the hardy photographers who joined, and keep rejoining, The Travel Photographer's Photo Expeditions/Workshops�:

Jim Hudson
Mary Kay Hudson
Jan Lammers
Li Lu Porter
Maria-Christina Dikeos
Felice Willat
Joyce Birkenstock
Ralph Childs
Torie Olsen
Alia Rifaat
Tony Smith
Cathy Scholl
Dan Bannister
Beverly Anderson-Sanchez
Rosemary Sheel
Charlotte Rush-Bailey
Sandra Chandler
Gul Chotrani
Terri Gold
Nuray Jemil
Jenny Jozwiak
Gavin Gough
Larry Larsen
Penni Webb
Laurie Snow-Hein
Pat Demartini
Betsy Gertz
Lee Ann Durkin
Bonny Willet
Wink Willet
Kongkrit Sukying
Ron Mayhew
Rose Schierl
Lynn Padwe
Graham Ware
Kayla Keenan
Bo Jugner
Chris Schaefer
Carlos Amores
Teerayut Chaisarn
Colleen Kerrigan
Sharon Johnson-Tennant
Kim McClellan
Kris Bailey
Zara Bowmar

I'm working on a couple of new destinations for the latter part of 2012 and early 2013...as usual, these will be announced via my newsletter and on this blog.

What is SSL? What the hell is it !

Ok so here we know that the SSL is protocol(set of rules) to make is feel safe, but hey anything that makes things safer is enemy of hackers >:0 So we need to understand what it is and the chop it into pieces!

WIKI SAYS: Secure Sockets Layer (SSL), is cryptographic protocols that provide communication security over the Internet.TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for key exchange,symmetric encryption for privacy, and message authentication codes for message integrity.
Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP). (via[http://en.wikipedia.org/wiki/Secure_Sockets_Layer] )

A MIND BLOWING AND EASY VIDEO TUTORIAL! 

HOW TO CHOP IT!
Here is a article for that http://hackthepc.blogspot.com/2011/12/ssl-strip-video-tutorial.html

SSL Strip - Video Tutorial

What is SSL Strip?

SSL strip is a software that is used to sniff the data over HTTPS. The sniffer read all the data in a network with 9is send between a user and the Router but no a days SSH or "HTTPS" have made it very difficult to get useful data (Like Facebook Password of your brother in other room). So here is a tools that can even intercept the data over HTTPS.

Running sslstrip

• Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
• Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>)
• Run sslstrip. (sslstrip.py -l <listenPort>)
• Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)

That should do it.

How does this work?

First, arpspoof convinces a host that our MAC address is the router�s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).

At this point, sslstrip receives the traffic and does its magic.

VIDEO TUTORIAL

==============

DOWNLOAD

===========

http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz

References: http://www.thoughtcrime.org/software/sslstrip/

Hackers: Outlaws and Angels - Documentary

Here is a very interesting Documentary which i found on-line it tells one about the both sides of a hacker!

This alarming program reveals the daily battle between the Internet�s outlaws and the hackers who oppose them by warding off system attacks, training IT professionals and police officers, and watching cyberspace for signs of imminent infowar.
Through interviews with frontline personnel from the Department of Defense, NYPD�s computer crime squad, private detective firm Kroll Associates, X-Force Threat Analysis Service, and several notorious crackers, the program provides penetrating insights into the millions of hack attacks that occur annually in the U.S. � including one that affected the phone bills of millions and another that left confidential details of the B-1 stealth bomber in the hands of teenagers.
The liabilities of wireless networks, the Code Red worm, and online movie piracy are also discussed.

WATCH HERE! http://topdocumentaryfilms.com/hackers-outlaws-angels/

Metasploit -The Penetration Tester's Guide [pdf] [Free Download]

Metasploit -The Penetration Tester's Guide

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once you've built your foundation for penetration testing, you�ll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You�ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Learn how to:
Find and exploit unmaintained, misconfigured, and unpatched systems
Perform reconnaissance and find valuable information about your target
Bypass anti-virus technologies and circumvent security controls
Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
Use the Meterpreter shell to launch further attacks from inside the network
Harness standalone Metasploit utilities, third-party tools, and plug-ins
Learn how to write your own Meterpreter post exploitation modules and scripts
You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

About the Author
David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.
Jim O'Gorman is a professional penetration tester with CSC�s StrikeForce, a co-founder of Social-Engineer.org, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.
Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.
Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.

Table of Contents
Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Basics
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Scanning
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Exploitation Using Client-side Attacks
Chapter 9: Metasploit Auxiliary Modules
Chapter 10: The Social-Engineer Toolkit
Chapter 11: Fast-Track
Chapter 13: Building Your Own Module
Chapter 14: Creating Your Own Exploits
Chapter 15: Porting Exploits to the Metasploit Framework
Chapter 16: Meterpreter Scripting
Chapter 17: Simulated Penetration Test
Appendix A: Configuring Your Target Machines
Appendix B: Cheat Sheet

LINK:>http://www.megaupload.com/?d=CUX8WIFM

The Travel Photographer's On The Lightbox App

I am pleased to have The Travel Photographer's blog featured on LIGHTBOX, the new and beautifully designed social photo app for Android. This blog, along with National Geographic, 500px, Fotopedia and a few others, is featured under Photography.

The idea behind LIGHTBOX's new photo journal feature is to provide a stream of updates others can follow, share, like and comment on....which TechCrunch describes as a lazy man's Tumblr.

Although my blog has only been recently featured the LIGHTBOX's lineup, The Travel Photographer has already garnered over 600 followers!!

The Ashaninka: Mike Goldwater

Photo � Mike Goldwater-All Rights Reserved

In Focus, the photo blog of The Atlantic magazine, featured The Ashaninka, A Threatened Way of Life; photographs by Mike Goldwater. Be sure to view the photographs in the 1280px option if your monitor allows it.

The Ashaninka are an indigenous people living in the rain forests of Peru and in the State of Acre of Brazil, and are one of the largest indigenous groups in South America. Their number is estimated between 25,000 and 45,000.

Current threats are from oil companies, drug traffickers, colonists, illegal lumberers, illegal roads, conservation groups, missionary groups, and diseases. Roads are being built into the forest to extract mahogany and cedar trees for export to markets in the United States and Europe despite an international embargo. Religious missionary groups are intent on changing Ashaninka culture and belief systems, ignoring the impact on their long term survival.

Mike Goldwater is a photographer, who ran the Half Moon Gallery in London's East End from 1974 to 1980, and who created the magazine "Camerawork". He also co-founded photo agency 'Network Photographers' for photojournalism, documentary photography and corporate work.  He traveled to over 70 countries and his images were published in major magazines around the world.

You may also wish to see Tatiana Cardeal's work on South American indigenous people.

sqlninja - a SQL Server injection.

Introduction

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
Have a look at the flash demo and then feel free to download. It is released under the GPLv3

Features

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:

• Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
• Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
• Privilege escalation to sysadmin group if 'sa' password has been found
• Creation of a custom xp_cmdshell if the original one has been removed
• Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
• TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
• Direct and reverse bindshell, both TCP and UDP
• ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box
• DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works) 
• Evasion techniques to confuse a few IDS/IPS/WAF
• Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection
• Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping
• Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM

Platforms supported

Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:

• Linux
• FreeBSD
• Mac OS X

Sqlninja does not run on Windows and I am not planning a port in the near future

=DOWNLOAD=

Safe3SI- Automatic SQL Injectection Tool

Introduction:

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting 

SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the 

ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database,

to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Screenshot:

Features:

• Full support for http, https website.
• Full support for Basic, Digest, NTLM http authentications.
• Full support for GET, Post, Cookie sql injection.
• Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
• Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
• Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
• Support to enumerate databases, tables, columns and data.
• Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
• Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
• Support to ip domain query,web path guess,md5 crack etc.
• Support for sql injection scan.

Download:

Safe3SI need to download and install:

• .NET Framework 2.0 or above needed to install

• Safe3SI v9.0

Reference: http://code.google.com/p/safe3si/

SQLsus - MySql Injection Tutorial

sqlsus is an open source MySQL injection and takeover tool, written in perl.

Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more...

Whenever relevant, sqlsus will mimic a MySQL console output.

sqlsus focuses on speed and efficiency, optimising the available injection space, making the best use (I can think of) of MySQL functions.

It uses stacked subqueries and an powerful blind injection algorithm to maximise the data gathered per web server hit.

Using multithreading on top of that, sqlsus is an extremely fast database dumper, be it for inband or blind injection.

If the privileges are high enough, sqlsus will be a great help for uploading a backdoor through the injection point, and takeover the web server.

It uses SQLite as a backend, for an easier use of what has been dumped, and integrates a lot of usual features (see below) such as cookie support, socks/http proxying, https..

FEATURES

GENERAL

Both quoted and numeric injections are supported.

Databases names, tables names, columns names, count(*) per table, privileges... On MySQL > 5, the database structure can be grabbed in one command from within sqlsus.

Discovery of the exact injection space, going through all possible restrictions (web server, suhosin patch...), to inject as much as possible at once.

All quoted texts can be translated as their hex equivalent to bypass any quotes filtering (eg: magic_quotes_gpc) (eg : "sqlsus" will become 0x73716c737573).

sqlsus also supports these types of injection :

• inband (UNION w/ stacked subqueries) : the result of the request will be in the HTML returned by the web server
• blind (boolean-based or time-based) : when you can't see the result of the request directly

Support for GET and POST parameters injection vectors.

Support for HTTP proxy and HTTP simple authentication.

Support for HTTPS.

Support for socks proxy.

Support for cookies.

Support for binary data retrieving.

Full SQLite backend, storing queries / results as they come, databases structure, key variables. This allows you to recall a command and its cached answer, even in a later re-use of the session.

Possibility to clone a database / table / column, into a local SQLite database, and continue over different sessions.

If you can't access the information_schema database, or if it doesn't exist, sqlsus will help you bruteforce the names of the tables and columns.

Possibility to change the current database and still use all the commands transparently.

Auto-detection of the length restriction in place, be it the web server or the layer above (eg: suhosin).

INBAND

If your query is likely to return more than one row, sqlsus will use as many subqueries it can use at a time (per query), staying under a configurable limit.

Therefore, it can grab up to thousands of records in just 1 server hit (depending on the available injection space) (cf inband demo)

Once you have found an inband injection, you need to find the correct number of columns for UNION. sqlsus will do the job for you, identifying the needed number of columns, and which of them are suitable for injection.

To speed things up, multithreading (actually, multiple processes (fork)) can be used.

BLIND

Blind injection is supported, using conditional responses, and multithreading (actually, again, multiple processes (fork)).

The engine has been optimised in speed and server hit :

• keep all the threads busy with small relevant tasks.
• match each item against a few regular expressions, prior to bruteforcing, to determine the character space to use, reducing a lot the number of hits required.

TAKEOVER

If the database user has the FILE privilege, and if you can use quotes in your injection (mandatory for a SELECT INTO OUTFILE), then sqlsus will help you place a php backdoor on the remote system, recursively looking for writable directories.

You can use download <file> from sqlsus shell, to download an arbitrary (world readable) file from the remote server. The file will be stored in the local filesystem, rebuilding the path tree to the file in the datadirectory.

sqlsus has the ability to crawl the website at a configurable depth, looking for all the directories it can find, via hypertext links, img links, etc... Then, it tries to upload a tiny php uploader on each candidate directory until it finds one world writable, later used to upload the backdoor itself.

All sqlsus needs (besides what has been said above) is the document_root used server side. You can find it by downloading/reading the relevant files on the web server.

It ships with a PHP backdoor you can upload and a controller, to help you execute system commands, PHP commands, and SQL queries as if you were sitting on a normal direct MySQL connection.

GETTING STARTED

Generate a configuration file with sqlsus --genconf my.cfg, read the comments and adapt it to reflect your target.

Launch sqlsus, with your configuration as a parameter sqlsus my.cfg, you will get a shell.

Type help and follow your instincts :)

=DOWNLOAD=

http://sqlsus.sourceforge.net/download.html

Sources:

http://sqlsus.sourceforge.net/documentation.html