Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner

Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner

Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner 




As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

Sample runs

$ python dsss.py -h
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
by: Miroslav Stampar (@stamparm)

Usage: 

dsss.py [options]

Options:

  --version          show program's version number and exit
  -h, --help         show this help message and exit
  -u URL, --url=URL  Target URL (e.g. "http://www.target.com/page.php?id=1")


--data=DATA        POST data (e.g. "query=test")
  --cookie=COOKIE    HTTP Cookie header value
  --user-agent=UA    HTTP User-Agent header value
  --referer=REFERER  HTTP Referer header value
  --proxy=PROXY      HTTP proxy address (e.g. "http://127.0.0.1:8080")
$ python dsss.py -u "http://testphp.vulnweb.com/artists.php?artist=1"
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
 by: Miroslav Stampar (@stamparm)

* scanning GET parameter 'artist'
 (i) GET parameter 'artist' could be error SQLi vulnerable (MySQL)
 (i) GET parameter 'artist' appears to be blind SQLi vulnerable (e.g.: 'http://t
estphp.vulnweb.com/artists.php?artist=1%20AND%2061%3E60')

scan results: possible vulnerabilities found

Requirements

Python version 2.6.x or 2.7.x is required for running this program.

Download DSSS

NILI: A Tool For Network Scan, Man in the Middle, Protocol Reverse Engineering And Fuzzing

NILI: A Tool For Network Scan, Man in the Middle, Protocol Reverse Engineering And Fuzzing


NILI: A Tool For Network Scan, Man in the Middle, Protocol Reverse Engineering And Fuzzing



Installing


Here is some Instructions for Installing Prerequisites, Select Proper Instructions for your Operating System.

Unix-like

1- Install Python3 and pip:

$ sudo apt-get install python3
$ sudo apt-get install python3-pip

2- Install Scapy:

$ cd /tmp
$ git clone https://github.com/phaethon/scapy

$ cd scapy
$ sudo python3 setup.py install

3- Install Netzob:

$ git clone https://dev.netzob.org/git/netzob
$ cd ./netzob/
$ sudo apt-get install python3 python3-dev python3-setuptools build-essential
$ python3 setup.py install
$ python3 -m pip install bintrees --upgrade


Windows

1- Install python3

2- Install Scapy:

2-1- Install Winpcap
2-2- Install Scapy3k

python -m pip install scapy-python3

3- Install Netzob

Download


WikiLeaks Website Gets Defaced By Hacking Group OurMine


WikiLeaks Website Gets Defaced By Hacking Group OurMine 


WikiLeaks website wikileaks.org just got defaced by a hacking group OurMine.

OurMine Hacking Group is already known for hacking into high profile social media accounts including Google CEO Sundar Pichai, Facebook CEO Mark Zuckerberg, former Twitter CEOs Dick Costolo and Ev Williams, Netflix, Sony, HBO.

Proper reason has still not been found how this website got hacked but it seems their DNS entries have been compromised using DNS poisoning attack.

As of Today morning, the WikiLeaks.orghomepage displayed a message that read: “Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”

“Anonymous, remember when you tried to dox us with fake information for attacking wikileaks?” the message continues. “There we go! One group beat you all! #WikileaksHack lets get it trending on twitter!”

And here is the screenshot of the message which was shown on the website when it got hacked.

Wikileaks Published New Vault7 Series Project of CIA ExpressLane

Wikileaks Published New Vault7 Series Project of CIA ExpressLane

Wikileaks Published New Vault7 Series Project of CIA ExpressLane


Now Wikileaks Leaked another project of CIA named 'ExpressLane'. The tool is used for information gathering. 


WikiLeaks publishes secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services -- which includes among many others the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world -- with the expectation for sharing of the biometric takes collected on the systems. But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.

ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen.

The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.


Previously Wikileaks leaked projects of CIA


CouchPotato
10 August, 2017
Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader.

Dumbo
3 August, 2017
Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported

Free eBook IT Security 101: Think Like a CyberCriminal

Free eBook IT Security 101: Think Like a CyberCriminal


Free eBook IT Security 101: Think Like a CyberCriminal


Establishing an effective IT security system is a complex undertaking made even more difficult by the threat of new and unknown CyberCriminal behavior.

Don’t make things a lot easier for the bad guys just in order to make things a little easier for yourself.

  • Identifying your weaknesses can be a real eye-opener
  • Thinking like the bad guys can help protect systems and data
  • Get 6 things to consider from the IT security checklist




Google Removes Around 500 Malicious Apps From Play Store

Google Removes Around 500 Malicious Apps From Play Store


Google Removes Around 500 Malicious Apps From Play Store


CyberSecurity Company Lookout researched on Android Apps and found around 500 Malicious apps on Google Play store. Theses apps are being used to Spy on users.



Security research company Lookout said, The Lookout Security Intelligence team has discovered an advertising software development kit (SDK) called Igexin that had the capability of spying on victims through otherwise benign apps by downloading malicious plugins. Over 500 apps available on Google Play used the Igexin ad SDK. While not all of these applications have been confirmed to download the malicious spying capability, Igexin could have introduced that functionality at their convenience. Apps containing the affected SDK were downloaded over 100 million times across the Android ecosystem.

Company observed an app downloading large, encrypted files after making a series of initial requests to a REST API at http://sdk[.]open[.]phone[.]igexin.com/api.php, which is an endpoint used by the Igexin ad SDK.

This sort of traffic is often the result of malware that downloads and executes code after an initially "clean" app is installed, in order to evade detection. The encrypted file downloads and the presence of calls within the com.igexin namespace to Android's dalvik.system.DexClassLoader(used to load classes from a .jar or .apk file) were enough to warrant more in-depth analysis for possible malware hiding in its payload.  

Not all versions of the Igexin ad SDK deliver malicious functionality. The malicious versions implement a plugin framework that allows the client to load arbitrary code, as directed by responses to requests made to a REST API endpoint hosted at http://sdk[.]open[.]phone[.]igexin[.]com/api.php.

By using this SDK, Cybercriminals are developing Malwares to spy on mobile users and other devices by injecting the malicious code into Vulnerable apps.

As soon as Google got to know about these Malicious Apps, Google instantly removed it from Play Store.

And one major issue here was users were not able to identify that they have become victims of this Malvertising.

Company introduced Google Play Protect to secure an Android Application that automatically scans APK before users install it into their devices. Google always keeps trying to keep malicious apps out of the Play Store. Hope the upcoming Google Android Oreo will offer more protection to its users.

Popular Posts