Sep
6

mysqloit SQL Injection Takeover Tool

Bharath on September 6th, 2009

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Linux, Apache,MySql,PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities
This tool is written to demostrate how remote code execution can be performed on a database connector that do not support stack queries.
Features:

SQL [...]

Continue reading about mysqloit SQL Injection Takeover Tool

Hacking, Tools No comments »
Aug
28

Trafscrambler – Anti-sniffer Tool

Bharath on August 28th, 2009

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD.
Version 0.2 implements following:
-all from version 0.1
-injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences
-userland binary(tsctrl) for controlling trafscrambler NKE
Version 0.1 implements following:
• SYN decoy – sends out number of SYN pkts before the original SYN [...]

Continue reading about Trafscrambler – Anti-sniffer Tool

Forensics, Hacking 1 Comment »
Aug
24

Wordpress 2.8.3 Admin Password Reset Exploit

Bharath on August 24th, 2009

Wordpress is back in news again.  It’s suspected some of the recent high profile breaches have come from Wordpress exploits. Which is in fact very simple but effective flaw.
An attacker could exploit this vulnerability to compromise the admin account of any wordpress/wordpress-mu <= 2.8.3
From what I can tell the vulnerability allows an attacker to reset [...]

Continue reading about Wordpress 2.8.3 Admin Password Reset Exploit

Hacking, Vulnerability 2 Comments »
Apr
8

Russian website claims that Conficker is launching DDoS attacks

Bharath on April 8th, 2009

The Conficker worm has been stepping up its activities with reports made of distributed denial of service (DDoS) attacks on a number of Russian websites.
David Harley, director of malware research at ESET, working with researchers from Arbor Networks, claimed that a Russian newspaper is stating that attacks on tonks.ru, roem.ru and others are evidence of [...]

Continue reading about Russian website claims that Conficker is launching DDoS attacks

Hacking, Vulnerability No comments »
Oct
11

Vodafone Hijacks Airtel's Domain Name

Bharath on October 11th, 2007

There are no ethics in business anymore! Those who thought that MNCs in India would be more ethical are smoking pot! Here is an interesting and a distasteful hijacking of the domain by Vodafone of Airtel’s domain name. Type Airtel.com   and you will be directed to www.vodafone.es ! Domain Squatting in not uncommon but this [...]

Continue reading about Vodafone Hijacks Airtel's Domain Name

Domain squatting, Hacking, Intellectually Property Theft 9 Comments »
Sep
15

Hacker Gained Access To Data On Millions Of TD Ameritrade Customers

Bharath on September 15th, 2007

Online brokerage TD Ameritrade Holding Corp. announced today that a hacker broke into one of its databases and stole personally identifying information for some of its 6.3 million customers. An online advisory and letters to account holders disclosed that names, e-mail addresses, phone numbers and home addresses were taken in the data breach. Client [...]

Continue reading about Hacker Gained Access To Data On Millions Of TD Ameritrade Customers

Hacking, Intellectually Property Theft No comments »