May 13 2009

Pangolin – SQL Injection Tool

Pangolin SQL InjectionPangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Database Support:

* Access: Informations (Database Path; Root Path; Drivers); Data
* MSSql: Informations; Data; FileReader; RegReader; FileWriter; Cmd; DirTree
* MySql: Informations; Data; FileReader; FileWriter;
* Oracle: Inforatmions (Version; IP; Database; Accounts); Data;
* Informix: Informatons; Data
* DB2: Informatons; Data; and more;
* Sybase: Informatons; Data; and more;
* PostgreSQL: Informatons; Data; FileReader;
* Sqlite: Informatons; Data

Download Free Edition: Pangolin v2.1.2.924

More Info: Pangolin – Amazing SQL Injection World

May 07 2009

Swede Charged in Alleged Attacks on NASA, Cisco

Cisco Nasa HackWASHINGTON, May 6 (UPI) — A 21-year-old Swede has been charged with hacking into Cisco Systems Inc’s computers and stealing trade secrets, U.S. officials say.

Philip Gabriel Pettersson, also known as “Stakkato,” was named in a five-count indictment that includes one count of intrusion and two of trade secret misappropriation involving the San Jose, Calif., computer networking giant, the U.S. Department of Justice said in a release Wednesday.

Prosecutors said Pettersson intentionally intruded into Cisco’s network between May 12 and 13, 2004, during which time he allegedly misappropriated Cisco Internetwork Operating System code.

The indictment also charges that Pettersson hacked into National Aeronautics and Space Administration computers at the Ames Research Center and the NASA Advanced Supercomputing Division at Moffett Field, Calif., in 2004.

The Justice Department said Cisco and NASA cooperated in its investigation. Following the incident, Cisco reported that it did not believe that any customer information, partner information or financial systems were affected.

Source: United Press International

May 02 2009

Twitter Hacked Again …!

Someone has been able to access Twitter’s administration area, and they’ve got a bunch of screenshots to prove it.

The URL which leads to Twitter’s admin page is simple enough (and open to everyone): “https://admin.twitter.com/admin/”; of course, without a password you cannot get in, and the source does not disclose the nature of the hack; perhaps someone was able to brute force their way in, or they somehow obtained the username and password from one of Twitter’s real admins.

In any case, the screen shots are quite interesting if you want to find out about the inner workings of Twitter; they could be fake, but they’re quite elaborate and there’s lots of them, so the chances that someone photoshopped them are slim. Check out some of them below -

Twitter Hack
Twitter Hacked

There are several over at the source; one even shows the details about Barack Obama’s Twitter account.

“This week, unauthorized access to Twitter was gained by an outside party. Our initial security reviews and investigations indicate that no account information was altered or removed in any way. However, we discovered that 10 individual accounts were viewed during this unauthorized access.” – Twitter

Twitter’s Full Statement: Unauthorized Access: An Update on Security