'Penetration Testing'에 해당되는 글 11건
“BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.“
This is the official BackTrack 5 R1 change log:
- This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
- The kernel was updated to 220.127.116.11 and includes the relevant injection patches.
According to the guys at OffSec, this release is their best one yet! Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.
We’ve have Gnome and KDE ISO images for 32 and 64 bit (no arm this release), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed.
We are mighty excited and are already downloading this release just as we speak!
Download BackTrack 5 R1:
Torrents only until the 20th August!
BT5R1-GNOME-VM-32.torrent, BT5r1-GNOME-64.torrent, BT5r1-KDE-64.torrent, BT5r1-KDE-32.torrent – http://www.backtrack-linux.org/downloads/
Here are the highlights of top features of SmartftpPasswordDecryptor
- Instantly decrypt and recover all stored FTP login passwords from SmartFTP..
- Comes with both GUI interface as well as Command-line version.
- Useful for Penetration testers as well as Forensic investigators.
- Recover password of any length and complexity.
- Save the recovered password list to HTML file for transferring to other system or for future use.
- Easier and faster to use with its enhanced user friendly GUI interface.
- Support for local Installation and uninstallation of the software.
SmartftpPasswordDecryptor comes with Installer so that you can install it locally on your system for regular usage. It has intuitive setup wizard (as shown in the screenshot below) which guides you through series of steps in completion of installation. At any point of time you can use Uninstaller to remove the software from the system.
Using Command-line Version
Here are the screenshots of SmartftpPasswordDecryptor
Screenshot 2: Command line usage of SmartftpPasswordDecryptor showing various examples.
Screenshot 3: Exported list of of recovered ftp login passwords by SmartftpPasswordDecryptor in HTML format.
출처 : securityxploded.com
“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.“
This is the change log:
- Rewritten SQL injection detection engine (Bernardo and Miroslav).
- Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
- Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
- Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
- Implemented support for Firebird (Bernardo and Miroslav).
- Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
- Extended old ‘–dump -C‘ functionality to be able to search for specific database(s), table(s) and column(s), –search switch (Bernardo).
- Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
- Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
- Added support to enumerate roles on Oracle, –roles switch (Bernardo).
- Added support for SOAP based web services requests (Bernardo).
- Added support to fetch unicode data (Bernardo and Miroslav).
- Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
- Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
- Support to test and inject against HTTP Referer header (Miroslav).
- Implemented HTTP(s) proxy authentication support, –proxy-cred switch (Miroslav).
- Implemented feature to speedup the enumeration of table names (Miroslav).
- Support for customizable HTTP(s) redirections (Bernardo).
- Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, –replicate switch (Miroslav).
- Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
- Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns. Useful for instance when system table ‘information_schema‘ is not available on MySQL (Miroslav).
- Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav).
- Added safe URL feature, –safe-url and –safe-freq (Miroslav).
- Added –text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content (Miroslav).
- Implemented few other features and switches (Bernardo and Miroslav).
- Over 100 bugs fixed (Bernardo and Miroslav).
- Major code refactoring (Bernardo and Miroslav).
- User’s manual updated (Bernardo).
Download sqlmap 0.9
출처 : www.pentestit.com