Code tools, encoders/decoders, HASH Calculators, CHECKSUM Calculators
Yazılımların hayatımızdaki yeri ve öneminin gün geçtikçe artması yazılımlara ilişkin çalışmaları hızlandırmakta, bu durum yeni yazılım geliştirme yöntemleri, programlama kuralları veya programlama dilleri ve araçları ortaya çıkarmaktadır. Tüm bu gelişmelere rağmen yazılım projelerinde tasarlanan zamanın gerisinde kalma, bütçeyi aşma, düşük kalite, sürekliliği ve güvenilirliği sağlayamama, kullanıcı taleplerinin karşılanmasında yetersizlik gibi problemlerle sıkça karşılaşılmaktadır. Gartner araştırmasına göre bilişim güvenliği ihlallerinin yazılım güvenliği problemlerinden kaynaklananlarının oranı %80’dir [1]. Genel olarak problemlerin çoğu, yazılım geliştirme sürecinin en başında gereksinim ve sistem analizlerinin doğru ve yeterli yapılmamasından kaynaklanmaktadır. Analiz konusunda yetersiz kalan yazılımlar güvenlik riski oluşturmakta, bu durum bilgiye yönelik tehditlerin ortaya çıkmasında önemli bir açıklık oluşturmaktadır.
Bilginin gizliliği, bütünlüğü ve erişilebilirliğini, kısaca bilgi güvenliğini hedefleyen tehditlerle mücadele için yazılımlarda bilgi güvenliğinin sağlanmış olması gerekmektedir. Bilgi güvenliği; karşılaşılabilecek tehditlerin farkında olunması, işlerin devamlılığını sağlama, yaşanabilecek her türlü problemlerde kayıpları en aza indirme, firmaların varlıklarının her koşulda gizliliği, erişebilirliği ve bütünlüğünü korunma amaçları taşımaktadır. Bu kapsamda ortaya çıkartılan ve sürekli geliştirilmekte olan bir süreç de “Bilgi Güvenliği Yönetim Sistemi (BGYS)” dir.
Formlarda robotları ayırt etmek için yaygın olarak kullanılan zorluk derecesi yüksek olmayan resimleri (captcha) 26 satır kodla metine çevirin…
http://www.bonsai-sec.com/blog/index.php/breaking-weak-captcha-in-26-lines-of-code/
from PIL import Image img = Image.open('input.gif') img = img.convert("RGBA") pixdata = img.load() # Clean the background noise, if color != black, then set to white. for y in xrange(img.size[1]): for x in xrange(img.size[0]): if pixdata[x, y] != (0, 0, 0, 255): pixdata[x, y] = (255, 255, 255, 255) img.save("input-black.gif", "GIF") # Make the image bigger (needed for OCR) im_orig = Image.open('input-black.gif') big = im_orig.resize((116, 56), Image.NEAREST) ext = ".tif" big.save("input-NEAREST" + ext) # Perform OCR using pytesser library from pytesser import * image = Image.open('input-NEAREST.tif') print image_to_string(image)
#1
Cain and Abel : The top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented.
Also categorized as: packet sniffers
#2
John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find here, here, or here.
#3
THC Hydra : A Fast network authentication cracker which supports many different services
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC.
#4
Aircrack : The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).
Also categorized as: wireless tools
#5
L0phtcrack : Windows password auditing and recovery application
L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, then re-acquired by the original L0pht guys and reborn as LC6 in 2009. For free alternatives, consider Ophcrack, Cain and Abel, or John the Ripper.
#6
Airsnort : 802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.
Also categorized as: wireless tools
#7
SolarWinds : A plethora of network discovery/monitoring/attack tools
SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.
Also categorized as: traffic monitoring tools
#8
Pwdump : A window password recovery tool
Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.
#9
RainbowCrack : An Innovative Password Hash Cracker
The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called “rainbow tables”. It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished.
#10
Brutus : A network brute-force authentication cracker
This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC Hydra.
SSH tunneling firewall bypass belgesi eklendi. Belgede özetle SSH tunneling nedir? Nasıl çalışır? gibi soruların cevaplarını bulabilirsiniz. PuTTY kullanılarak SSH tunneling uygulamasının nasıl yapıldığı ekran görüntüleriyle anlatılmıştır. Güvenlik duvarları tarafından gerçekleştirilen paket içeriğiyle ilgili engellemeleri bu yöntemi kullanarak aşabilirsiniz.
Sansürü çözüm zanneden faşistlerin bilgiye ulaşmamıza karşı yapmış oldukları engellemeler için de bu yöntemi kullanabilirsiniz.
The MSRT detected malware on 20.0 out of every 1,000 computers scanned in Turkey during 2H09 (a CCM score of 20.0—down from 32.3 in 1H09 but still significantly higher than the average worldwide CCM of 7.0). Figure 146 and Figure 147 list the malware and potentially unwanted software categories and families detected by all Microsoft desktop anti-malware products in Turkey in 2H09.
Havij
—–
Version 1.08
Copyright © 2009-2010
By r3dm0v3
http://r3dm0v3.persianblog.ir
r3dm0v3[4t]yahoo[.]com
Please tell me your offers and report bugs.
Check for updates!
Licence
——-
This program is free software. I hope it be useful for you.
This software is provided “as is” without warranties.
Feel free to share and distribute it anywhere but please keep the files original!
Disclaimer
———-
I am NOT responsible for any damage or illegal actions caused by the use of this program. So don’t blame me.
What’s New?
———–
-MySQL Blind Injection
-Auto injection type detection
-Admin list, Table list and Column list improved.
-Some errors fixed.
Features
——–
Data Bases: MsSQL 2000/2005 with error, MsSQL 2000/2005 no error, MySQL, MysqlBlind Oracle, MsAccess
Find admin page
Getting Information
Auto type detection (string or integer)
Getting Tables, Columns, Data
Command Executation (mssql only)
Reading Files (mysql only)
insert/update/delete data
Proxy support
Guessing tables and columns in mysql<5
Fast getting tables and columns for mysql.
Checking different injection syntaxes.
Changing http headers
Bypass illegal union.
Avoid using strings.
