Technitium v5 R2

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box.

Technitium MAC Address Changer is coded in Visual Basic 6.0.

Features

  • Support for Windows 7 RC added.
  • Issues with installer program resolved.
  • Most reported bugs in previous versions removed.
  • Allows you to remove all registry entries corresponding to Network Adapter that is no longer physically installed on the system.
  • Allows you to configure Internet Explorer HTTP proxy settings through configuration presets or command line.
  • Identifies the preset applied to currently selected Network Interface Card (NIC) automatically making it easy to identify settings.
  • Most known issues with Windows Vista removed.
  • Changes MAC address of Network Interface Card (NIC) including Wireless LAN Cards, irrespective of its manufacturer or its drivers.
  • Has latest list of all known manufacturers (with corporate addresses) to choose from. You can also enter any MAC address and know which manufacturer it belongs to.
  • Allows you to select random MAC address from the list of manufacturers by just clicking a button.
  • Restarts your NIC automatically to apply MAC address changes instantaneously.
  • Allows you to create Configuration Presets, which saves all your NIC settings and makes it very simple to switch between many settings in just a click and hence saves lot of time.
  • Allows you to Import or Export Configuration Presets to or from another file, which saves lot of time spent in reconfiguration.
  • Allows you to load any Configuration Presets when TMAC starts by just double clicking on any Configuration Preset File. (*.cpf file extension)
  • Has command line interface which allows you to perform all the tasks from the command prompt or you can even create a DOS batch program to carry out regular tasks.
  • Displays all information you would ever need to know about your NIC in one view like Device Name, Configuration ID, Hardware ID, Connection Status, Link Speed, DHCP details, TCP/IP details etc.
  • Displays total bytes sent and received through the NIC.
  • Displays current data transfer speed per second.
  • Allows you to configure IP Address, Gateway and DNS Server for your NIC quickly and instantaneously.
  • Allows you to enable/disable DHCP instantaneously.
  • Allows you to Release/Renew DHCP IP address instantaneously.

There are some famous, commercial tools available in the market from USD 19.99 to as much as USD 2499, but Technitium MAC Address Changer is available for FREE. They don’t charge for just changing a registry value! Also knowing how this works doesn’t require extensive research as some commercial tool providers claim.

You can download Technitium v5 R2 here:

TMACv5_R2_Setup.zip

Or read more here.

Labels: ,

Samurai Web Testing Framework 0.6 – Web Application Security LiveCD

The authors have updated and fixed a number of issues with the environment as well as improved performance of the java based tools. They have also included a virtual machine of the environment. This VM requires VMWare.

For those that don’t know, Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. There are tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

You can download SamuraiWTF 0.6 here:

samurai-0.6.iso

Or read more here.

Labels: ,

Pangolin – Automatic SQL Injection Tool

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Database Support

  • Access: Informations (Database Path; Root Path; Drivers); Data
  • MSSql: Informations; Data; FileReader; RegReader; FileWriter; Cmd; DirTree
  • MySql: Informations; Data; FileReader; FileWriter;
  • Oracle: Inforatmions (Version; IP; Database; Accounts ……); Data; and any others;
  • Informix: Informatons; Data
  • DB2: Informatons; Data; and more;
  • Sybase: Informatons; Data; and more;
  • PostgreSQL: Informatons; Data; FileReader;
  • Sqlite: Informatons; Data

At present, most of the functions are directed at MSSQL and MySql coupled with Oracle and Access. Other small and medium-sized companies are using DB2, Informix, Sybase, PostgreSQL, as well as Sqlite which isn’t so common.

You can download Pangolin here:

pangolin_free_edition_2.1.2.924.rar (Download Page)

Or read more here.

Labels: , ,

Durzosploit v0.1 – JavaScript Exploit Generation

Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites.

Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use.

At present there aren’t many exploits:

  • twitter.com/update_status – Updates a target’s status
  • twitter.com/update_settings – Updates your target’s settings
  • facebook.com/what_is_on_your_mind – Write your message in your target’s mind
  • drupal/edit_user_profile – Drupal 6.x – edit the profile of the user
  • drupal/logout – Drupal 6.x – makes target logout

So far the author’s focus has been on the framework itself; allowing people to quickly write their exploits and adding some automated obfuscators.

Durzosploit provides some obfuscators to automatically pack/minify your generated exploit.

You can download the latest version from the Durzosploit SVN here:

svn co svn://www.engineeringforfun.com/svn/durzosploit/trunk

Or read more here.

Labels: , ,

Fiddler – Web Debugging Proxy For HTTP(S)

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.


Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.

If you want some info on how to use Fiddler for debugging you can check here:

Fiddler Can Make Debugging Easy

You can download Fiddler here:

Fiddler2Setup.exe

Or read more here.

Labels: , ,
Subscribe to: Posts (Atom)