Tuesday, February 7, 2012

Anonymous - ban banks // #greece #OpGreece



* Bank of Greece-http://pastebin.com/CvGNs3ig

* Alpha Bank-http://pastebin.com/JMLYnSU9


* ATEbank-http://pastebin.com/c3bFdhVV

* Attica Bank-http://pastebin.com/EQK2Jrvj

* Bank of Cyprus-http://pastebin.com/QyPeXi1F

* Citibank -http://pastebin.com/xZwf4zYc

* EFG Eurobank Ergasias-http://pastebin.com/FWFtCdcZ

* Emporiki Bank-http://pastebin.com/ELyqSQ3f

* First Business Bank-http://pastebin.com/SXKHQydU

* Geniki Bank-http://pastebin.com/FwswyHPE

* Hellenic Bank-http://pastebin.com/VyBvkZJ2

* HSBC-http://pastebin.com/EPh8L4mv

* Marfin Egnatia Bank-http://pastebin.com/C5EJP5yH

* Millennium Bank-http://pastebin.com/2aksMA83

* National Bank of Greece-http://pastie.org/3112273

* Panellinia Bank-http://pastie.org/3112282

* Piraeus Bank-http://pastie.org/3112289

* Probank-http://pastie.org/3112293

* Proton Bank-http://pastie.org/3112300

* T Bank-http://pastie.org/3112303

* TT Hellenic Postbank-http://pastie.org/3112305
Posted by @LegionNET LGNSEC INC No comments:
Labels: , , ,

#Anonymous #Defacement #Setup #Tools #Tutorials #Requested

Re: Honorable Chief Judge Beth Ann Gibson #anonymous #own #judge #support
http://cbe001.chat.mibbit.com/?server=69.42.223.245&channel=%23OpFightACTA

IrcChatStopActa From GopherX

7. irc.anonops.pro:6667
8. SSL: irc.anonops.pro:6697
9. irc.anonops.bz:6667
10. SSL: irc.anonops.bz:6697
11. www.anonops.com
12.
13. Welcome anons to #Defacement
14.
15.
16.
17. Here we will cover the basics to get you started.
18.
19. Please do NOT ask us how to hack, how to take down a web site, how to get revenge on someone you know online,
20. this is _NOT_ what we are about and you will not get support. Stay on topic and follow the channel rules.
21.
22. Read this thoroughly before asking questions in the channel, chances are your answer will be either listed or linked to in here.
23.
24.
25. NOTE: VISIT #SETUP AND GET A GOOD VPN BEFORE YOU DO ANYTHING.
26.
27.
28. BackTrack 5 - http://www.backtrack-linux.org/
29. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments
30. in a purely native environment dedicated to hacking. Install BackTrack, and boot it from a Live DVD or thumbdrive.
31. Alternatively you can download the VMWare distribution and run it in VMWare player, inside your current OS.
32. The penetration distribution has been customized down to every package, kernel configuration, script and patch solely for the
33. purpose of the penetration tester.
34.
35. Most commonly used tools in BT5:
36. 1.W3af-gui
37. 2.Nmap
38. 3.Xsser
39. 4.OpenVas
40. 5.Acutenex
41. PDF FILE ON HACKING VIA BACK TRACK http://bit.ly/xmbgxv
42.
43. NOTE ON BACKTRACK: Upon loading, enter username: root password: toor
44.
45. BackTrack 5 is not necessary, just recommended. While defacing can be performed via any Linux system.
46. BT5 provides a full toolset and will save you downloading ountless programs and compiling them yourself.
47. If you do not use BackTrack either Fedora or Ubuntu will fufil the purpose.
48. Ubuntu is better for beginners and is more user friendly, however Fedora is more stable and has less bugs.
49. http://www.backtrack-linux.org/downloads/
50.
51. If you are on Windows there is a free program called Net Tools ( http://mabsoft.com/nettools.htm ) it contains most of the Windows versions of the tools in BackTrack. It is a very powerful tool for defacing in windows.
52.
53. Click DOWNLOAD
54. Select for ISO:
55. Back Track 5 R1
56. GNOME
57. 64/32 - Your preference (64 recommended if your computer can run it)
58. ISO
59. Direct or Torrent. Your choice.
60.
61. For VM:
62. Back Track 5 R1
63. GNOME
64. 32
65. VMWare
66. Either
67.
68. Tools if you do not want or use BackTrack5. These are mostly for Linux, as Linux is the primary OS for hacking.
69. Some can be downloaded in Windows. If it can be downloaded via yum or apt-get I have listed so.
70.If I list the website it is most likely not available via these methods, but might be in the Linux software centre.
71. All tools are free to download and use.
72.
73. Nmap ("Network Mapper") - http://nmap.org/
74. Free Security Scanner For Network Exploration & Hacking.
75. Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles.
76. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more.
77. There is a GUI front end to Nmap if you do not wish to work from the terminal called 'Zenmap'
78.
79. sudo apt-get install Nmap
80. sudo apt-get install Zenmap
81. sudo yum install Nmap
82. In Fedora Zenmap can only be downloaded via the software centre.
83. A full tutorial on Nmap will not be provided, but you need to know your way around the terminal.
84. Zenmap is GUI based, and fairly straightforward to use.
85.
86. Metasploit - http://www.metasploit.com/download/
87. Download metasploit community. Windows/Linux.
88. Metasploit is a program that targets vulnerabilities (that you have previously discovered) and does the exploit.
89. It can plant various programs and provide remote access.
90.
91. HTTrack - http://www.httrack.com/
92. Website copier. Downloads and makes a page by page copy of a website.
93.
94. yum install httrack
95. apt-get httrack
96.
97. TheHarvester - http://www.edge-security.com/
98. A program so scour a website for all email addresses on a given site. Can return admin addresses, which can also be logins etc.
99. Feel free to download any other tools from this site, they are all tools for penetration testers.
100.
101. MetaGooFil - http://code.google.com/p/metagoofil/
102. Extracts metadata from sites, hidden data that can provide intel, eg admin logins.
103.
104. yum install metagoofil
105. apt-get install metagoofil
106.
107. Nessus - http://www.nessus.org/products/nessus
108. Nessus is a vulnerablity sanner available on the Linux software centre.
109.
110. Medusa - http://www.foofus.net/~jmk/medusa/medusa.html
111. Online password brute forcer. Requires you to provide login(s) and a list of passwords to try, or a password dictionary.
112.
113. yum install medusa
114. apt-get medusa
115.
116. Hydra - http://www.thc.org/thc-hydra/
117. Hydra is another brute forcer, that is much more versatile and faster than Medusa, but has a steeper learning curve.
118. However it is worth learning it's functionalities in the long run.
119.
120. FastTrack - http://www.darknet.org.uk/2009/02/fast-track-40-automated-penetration-testing-suite/
121. Fast exploiter. Does the vuln scanning exploiting and everything in one go. If you use this, you will be considered a script kiddie.
122. Permissible if you are pressed for time. Runs on the Metasploit framework. Use google to learn how to install and configure.
123.
124. Nikto - http://cirt.net/nikto2
125. Scans web servers for vulns.
126.
127. yum install nikto
128. apt-get nikto
129.
130. Web Securify - http://www.websecurify.com/
131. Detects SQL, XSS, and more vulns. Very versatile tool.
132.
133. Netcat - http://netcat.sourceforge.net/
134. Provides easy communication between two computers, so installing it on the target computer provides an easy backdoor.
135. It is available on the Linux software centre.
136.
137. OpenVas - http://www.openvas.org/
138. A framework of tools for vulnerability asessment.
139.
140. Xsser - http://xsser.sourceforge.net/
141. A program to detect and exploit XSS vulnerabilities.
142.
143. W3af - http://w3af.sourceforge.net/
144. A program to find and exploit web vulnerabilities.
145.
146. Acunetix - http://www.acunetix.com/
147. Web vulneribility scanner
148.
149. SQLi helper - http://www.4shared.com/zip/i7MRNXyy/SQLi_Helper_30.html
150.
151. In some websites you can directly see the password but most of the websites encrypt them using MD5.
152. So you have to crack the hash to get the password.
153. To crack the password there are three ways
154. 1) Check the net whether this hash is cracked before:
155. Download:
156. http://www.md5decrypter.co.uk
157. 2) Crack the password with the help of a site:
158. Download::
159. http://www.milw0rm.com/cracker/insert.php
160. http://passcracking.com/index.php
161. 3) Use a MD5 cracking software. Use google to find your preferred tool. Try Jack The Ripper (pre installed on BT5)
162.
163. Assuming you have all the tools downloaded, or preferably BackTrack 5, a good resource to read is http://bit.ly/xmbgxv.
164. It is a book on Ethical Hacking, and includes every tool listed above, and teaches you how to use them via the terminal.
165. It also teaches you all the steps of defacing, and is a great point to start before asking unneccesary questions.
166.
167. SQL INJECTION
168. SQL injection involves interacting with improperly made forms on websites to get them to return informationg of value back to you.
169. It involves injecting code into their servers that usually ends the input code of their site, and then executes the code you injected on their server.
170. This can slowly be used to return information about logins and passwords.
171. Very good tutorial on SQL injection: http://pastebin.com/AmFpqTjj
172.
173. XSS
174. XSS involves adding code to the URL of websites to exploit vulnerabilities in the script of the site. XSS makes up roughly 80 percent of all online security breaches. It involves gaining elevated user privileges onto the site to access items such as username and password databases, cookies and more. It can be crafted to add pictures and links that were not originally on the target site. These can then be used to send information to you from the target site resulting in the site being compromised and you gaining access.
175. XSS scripts to run, this is a very extensive list. Includes specific scripts to attack various web elements, and to bypass various filters. Use Ctrl + F to find what you're looking for. http://pastebin.com/GjJFzVy4
176.
177.
178. I am not responsible for any of the actions committed by anyone who reads this, nor do I condone using these tools to intentionally cause harm or damage any websites or servers.
179. I have made this paste to make people aware of the tools out there for testing their own sites and servers, not anything else.
180.
181.
182. For more information and tutorials visit: http://www.anonops.com/tutorials/
183. Quick channel access if you do not have your own IRC client installed.
184. Webchat: http://webchat.anonops.pro/
185. http://search.mibbit.com/networks/AnonOps

Sent to: ******
Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , ,

1000 Peruvian Government Documents Leaked [~200MB of Documents ] #TeaMp0isoN #Anonymous 


=======================================================================  

   _______         __  __        ___  _           _   _
  |__   __|       |  /  |      / _ (_)         |  | |
     | | ___  __ _|   / |_ __ | | | |_ ___  ___ |  | |
     | |/ _ / _` | |/| | '_ | | | | / __|/ _ | . ` |
     | |  __/ (_| | |  | | |_) | |_| | __  (_) | |  |
     |_|___|__,_|_|  |_| .__/ ___/|_|___/___/|_| _|
                       | |
                       |_|      

=======================================================================  

	[ Release: 1000 Peruvian Government Documents ]
	[	         - Part 1 -                   ]
	[ Leaked by MLT     -     Twitter: @_MLT_     ]
	[ TeaMp0isoN: TriCk, iN^SaNe, MLT, Phantom~,  ]
	[ C0RPS3, f0rsaken, aXioM, ap0calypse.        ]       

=======================================================================
This document is Part One of a three-part release. It is a three part
release simply to make things easier for me, as due to the sheer amount
of Government Documents I am going to leak, I have to split this into
different parts. This part contains 1000 Peruvian Government Documents
ranging from PDF files to PowerPoints, from Government Treaties and
Agreements to simple manuals. These documents equate to ~200MB of data
in total and are all taken from government servers.

Part Two will contain some emails from Peruvian Government Officials,
(alongside more government documents waiting to be leaked) including
the Peruvian Prime Minister. Some of you will find the content of these
emails VERY interesting.
=======================================================================
----------------------------------------------------------------------
[ MIRRORS - MIRRORS - MIRRORS - MIRRORS - MIRRORS - MIRRORS - MIRRORS ]
----------------------------------------------------------------------
=======================================================================
http://www.fileserve.com/file/RtjCuVb/1000_Government_Documents.zip
http://turbobit.net/ky6zevtrfx65.html
http://www.mlfat4arab.com/janu2liebzwy/1000_Government_Documents.zip.htm
http://extabit.com/file/28dvf3safje2j?upld=1
http://netload.in/dateiZB71fdTHtm.htm
http://depositfiles.com/files/e017l1lht
=======================================================================
----------------------------------------------------------------------
[ MIRRORS - MIRRORS - MIRRORS - MIRRORS - MIRRORS - MIRRORS - MIRRORS ]
----------------------------------------------------------------------
=======================================================================



 if mirrors die of this or older releases.

post comment lemme know, and they will be reuploaded.

everything is securely back upped.


No Censorship No Hiding.

No Limits


signed


@LegionNET #Anonymous
Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , ,

Anonymous en Undercover op pedojacht (promo) / #Pedo #hunt #darknet #DUTCH



[youtube]https://www.youtube.com/watch?v=VtCHmjYrFCc[/youtube]

Alberto gaat op pedojacht met anonymous

 

http://klokkenluideronline.nl/post/alberto-stegeman-moet-even-schakelen/
Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , , , , ,

Tata Docomo Free GPRS Proxy Server For Opera Mini Handler



 





Tata Docomo Free GPRS Tricks Working Again, First Download Opera Mini Handler Version and Install, Open your Opera mini handler in your tata docomo mobile phone, Set Divein Settings as Default Settings For Opera Mini, Set http in Custom Field in your Opera Mini handler and Socket Server http://203.115.112.5.server4.operamini.com Or http://10.124.72.171.server4.operamini.com and then Proxy Type No Proxy ( Don’t Enter Anything in Proxy Server Field )

Now Connect Free Gprs in your Tata Docomo Mobile Phone , Must Working Your balance above Rs 1/-.

Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , ,

How to bypass Web Application Firewalls while SQL Injecting. #tools



A WAF is a web firewall in order to protect websites against SQL Injections and other critical vulnerabilities. It filters certain malicious requests and/or keywords. Many WAF's are insecure though, they can be bypassed with some of the following methods.

1. Comments


They allow us to bypass alot of the restrictions of Web application firewalls and to kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query. Some comments in SQL:


//; --; /**/; #; -+; -- -;


2. Case Changing


Some WAF's only filter lowercase attacks, so if we change the case, we could bypass it. Example:


http://example.com/index.php?id=1/**/UnIoN/**/SeLeCt/**/1,2/* <- I also implented comments here.


3. Inline comments


Some WAF's filter key words like /unionsselect/ig We can bypass this filter by using inline comments most of the time, More complex examples will require more advanced approach like adding SQL keywords that will further separate the two words:


id=1/*!UnIoN*/SeLeCT


As you can see, our query is between /*!code*/, so between these characters this query will be executed.


Last words



These methods are the most common used and work almost all the time. There are more, but I won't discuss them here. Credits go to: kyle-sandiland.com

Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , , , ,

Airtel Fastest Proxy Free 3G Gprs Internet Tricks



UC Web Browser 8.0 Airtel Fastest Proxy Free 3G Gprs Internet Tricks


Airtel Free 3G Gprs Internet Working in UCweb 8.0 ( UC Browser 8.0) Unofficial Alpha English Version, Download UC Browser 8.0 and Free Airtel Unlimited Surf Browsing and Download using Mobile Office Settings , Access Point APN : airtelgprs.com
Airtel Free Internet In PC Computers Using Opera 11, use following settings and get Airtel fastest proxy with unlimited Downloads
Proxy IP : 75.68.49.100
Port : 80
Home Page : http://122.170.122.214/proxy/index.php
APN : airtelgprs.com
Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , ,

How To Create Proxy Chaining #Example #Tools #Security



Proxy chaining. Everyone needs to stay safe, so here's how.STUFF YOU NEED:
SMAC 2.0: http://www.klcconsulting.net/smac/#Download
Serials:
SMC2U-00C8-5612-1234-2615-5945
SMC2U-00C8-4646-4646-F5BC-E87E
Tor and vidalia:
http://www.torproject.org/torbrowser/dis..._en-US.exe
Be sure to download and install the entire bundle else tor button will not
work.
Hotspot sheild:
http://hotspotshield.com/downloads/thank...=na&p=ftp&
http Proxies:
http://www.samair.ru/proxy/type-07.htm -- goes straight to the page where the proxies are Russian. Be sure to use only proxies that say anonymous or high-anonymous next to the ip and port number.
Web Proxies:
http://www.proxy4free.com/list/webproxy_country1.html -- Be sure to only use proxies in countries like the Netherlands or Eastern europe, or India. The more corrupt and remote the region, and the worse that international relations are with GB and USA, the better.
Socks 5:
http://www.xroxy.com/proxylist.php?port=...ity=#table
Be sure to choose a remote country with high uptime. The higher the uptime the better.

THE METHOD:
Open firefox browser and at the top click on tools > options. Click on
advanced at the top right and then click on the Networks tab, shown below.
[Image: proxyoptions.th.jpg]

Click on Manual proxy configurations, and edit the HTTP Proxy and SSL proxy to the http proxy u have chosen from the list above. Or you can just go here:
http://www.samair.ru/proxy/type-07.htm

Here is the http proxy i chose:

[Image: proxyiused.th.jpg]

Next edit the Socks Host to the socks 5 proxy you chose from the Socks 5 link. Remember to choose somewhere remote, not the USA, and if their government does not particularly get on with UK or US that is better. Or if it is in a country with a reputation for corruption that is also good. NOTE: Always check the uptime. If the uptime is like 1.5% or something like that choose another. The socks5 i chose is shown below:


[Image: socks5iused.jpg]Ok next download all of the above software and install. You must register SMAC before you can use it. Use one of the serials provided above. Run smac and click the dropdown menu highlighted in blue below:


[Image: spoofedmac.jpg]Choose a hardware vendor to spoof and then just make up the last three fields of the MAC and then press update mac above. It may take a minute but then it will show that your hardware address has been spoofed in the network adapter list. Close all open firefox browsers and right click on vidalia on the system tray. If tor is not already activated then start tor. If it is working you will be able to click on the Network Map and it will show you a big list of countries and flags and stuff. If you have installed the entire bundle there should be no problems whatsoever. Next rightclick the hotspot shield icon on the task bar and click Connect/ON. This should start firefox itself and bring up the Hotspot shield search page. Probably rather slowly. If it doesn't connect do not fret just refresh the page because with all of this bouncing around from proxy to proxy it can become unstable and most likely a tad slow. Click on the onion at the bottom right hand side of firefox to turn on the toor button. This will most likely be enough but you can go on and do even more.

Open the web proxy link above, and chose a proxy based on location and uptime. I chose one from the netherlands with 100% uptime! Click on the link for your proxy on the left and then input google.com into
the address bar. Then paste the link for the webproxy's back into the google bar and return to the site once again to choose another webproxy:


[Image: webproxy.jpg]This time instead of clicking on the web proxy copy the url back into the bar of the proxy filter which is above the webpage and is shown in the above image. then type google.co.uk or fr or whichever you use into the box of the second proxy. Shown below:


[Image: 2ndwebproxy.jpg]Once you arrive at google it will look something akin to this:


[Image: 2webproxiesammended.jpg]You are now surfing behind two web proxies, also using hotspot shield and tor. A http and SSL proxy, and a socks 5 server. With a spoofed MAC address. If you are doing anything illigal i still recommend using a public wifi zone in an area that has no cctv cameras operating. I hope this helps.


By Lazmania61


from hacking61.blogspot
Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , , ,

FATCAT – Auto Sql Injection tool #tools



FATCAT Auto Sql Injector is an automatic SQL Injection tool for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability.

The user friendly GUI of FatCat and automatically detect the sql vulnerability and start exploiting vulnerability.  

Features:

  •   Normal SQL Injection

  •   Double Query SQL Injection


In Next Version: 

  • WAF bypass

  • Cookie Header passing

  •  Load File

  •  Generating XSS from SQL


Requirement:  

  • PHP Verison 5.3.0

  • Enable file_get_function  


Download

or

Demo

nsai.it
Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , , ,

THC SSL DDOS Tool - O #tools

oday the German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.

 

The THC-SSL-DOS tool allows a single computer with a modest internet connection to crash a much more powerful server with vastly more bandwidth, but only when the server supports what’s known as SSL renegotiation, Monday’s postings claimed. Renegotiation is used to establish a new secret key securing communications after an encrypted session has already commenced. Renegotiation was at the heart of a flaw in the SSL protocol discovered in 2009 that allowed attackers to inject text into encrypted traffic passing between two endpoints.

 

Technical details can be found at http://www.thc.org/thc-ssl-dos.
THC-SSL-DOS is a tool to verify the performance of SSL.
Establishing a secure SSL connection requires 15x more processing power on the server than on the client.
THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today.
The vendors are aware of this problem since 2003 and the topic has been widely discussed.
This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection. Download: Windows binary:
thc-ssl-dos-1.4-win-bin.zip
Unix Source :
thc-ssl-dos-1.4.tar.gz Use “./configure; make all install” to build.

Usage:
./thc-ssl-dos 127.3.133.7 443 Handshakes 0 [0.00 h/s], 0 Conn, 0 Err
Secure Renegotiation support: yes Handshakes 0 [0.00 h/s], 97 Conn, 0 Err Handshakes 68 [67.39 h/s], 97 Conn, 0 Err Handshakes 148 [79.91 h/s], 97 Conn, 0 Err Handshakes 228 [80.32 h/s], 100 Conn, 0 Err Handshakes 308 [80.62 h/s], 100 Conn, 0 Err Handshakes 390 [81.10 h/s], 100 Conn, 0 Err Handshakes 470 [80.24 h/s], 100 Conn, 0 Err
Comparing flood DDoS vs. SSL-Exhaustion attack:
A traditional flood DDoS attack cannot be mounted from a single DSL connection.
This is because the bandwidth of a server is far superior to the bandwidth of a DSL connection:
A DSL connection is not an equal opponent to challenge the bandwidth of a server.
This is turned upside down for THC-SSL-DOS: The processing capacity for SSL handshakes is far superior at the client side: A laptop on a DSL connection can challenge a server on a 30Gbit link.
Traditional DDoS attacks based on flooding are sub optimal: Servers are prepared to handle large amount of traffic and clients are constantly sending requests to the server even when not under attack.
The SSL-handshake is only done at the beginning of a secure session and only if security is required.
Servers are _not_ prepared to handle large amount of SSL Handshakes.
The worst attack scenario is an SSL-Exhaustion attack mounted from thousands of clients (SSL-DDoS).

Tips & Tricks for whitehats
1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice.
Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, … or the secure database port). Counter measurements: No real solutions exists. The following steps can mitigate (but not solve) the problem: 1. Disable SSL-Renegotiation 2. Invest into SSL Accelerator Either of these countermeasures can be circumventing by modifying THC-SSL-DOS. A better solution is desireable. Somebody should fix this.

www.nsai.it

 

 
Posted by @LegionNET LGNSEC INC No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)