Web Application Exploiter (WAppEx)

WAppEx is an integrated platform for performing penetration testing and exploiting of web applications on Windows or Linux. It can automatically check for all type of security vulnerabilities in the given target and then let you to run various payloads to exploit and take advantages of the vulnerability.

WAppEx is a multi platform application and it is executable in Linux and Windows.

WAppEx's database which includes hundreds of exploits provides an automated, comprehensive and reliable exploit for penetration testers and security professionals worldwide.

Regular database update is available. Top priorities are high-risk and zero-day vulnerabilities.

Payloads for using in exploits are reliable payloads which contains connect-back, listener shell, arbitrary code execution, arbitrary file upload,...

WAppEx's script based engin let experienced users write their own scripts and payloads to test and exploit any vulnerability in web applications.

Software and vulnerability updates are available at any time and a daily support is available via phone or email.

WAppEx can exploit the following web application vulnerabilities:

SQL Injection:

The most dangerous vulnerability in web applications. WAppEx uses Havij - Advanced SQL Injection Tool engine to find and exploit this vulnerability.

Remote File Inclusion:

It allows an attacker to include a remote file. WAppEx can check for this vulnerability and run various payloads to execute commands on web server.

Local File Inclusion:

It allows an attacker to include a local file. Just like RFI WAppEx tests and exploits this vulnerability.

OS Commanding:

It let the attacker to execute OS commands on server. WAppEx tests and exploits this vulnerability to execute custom commands to get a reverse shell.

Script injection:

It can be used by an attacker to introduce (or "inject") script into a web application. WAppEx automatically tests and exploit this vulnerability to escalate access to web server and get a reverse shell.

Local File Disclosure:

as the name says it disclosure content of local files on the web server. WAppEx can exploit this vulnerability to read sensitive files on the server.

WAppEx

Download

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ mardi 7 août 2012 0 commentaires

Advance SQL Injection Tool - Havij

SQL injection is the biggest threat for web applications, there are so many hackers group on the Internet involve on website defacement. The main bugs on application is SQL error based so that an intruder use some sort of tools and even manual techniques to get the administrator information from database.

Securing a database is not a big problem but first of all the need is to find out the SQL vulnerability that can be inject and exploit by a hacker, find SQL injection vulnerability on your web application by doing a small penetration testing. There are different tools can used to find the vulnerability for both Windows and Linux operating system. Some of the best tools and SQL-injection tutorial as follows:

• Sqlninja- A SQL Injection Tool
• Safe3SI- Automatic SQL Injectection Tool
• SQL Power Injector- Tutorial
• Sqlmap- Automatic SQL Injection Tool

Beside these wonderful tools there is Havij also.

-->

Introduction to SQL Injection Using Havij

Havij is an advanced and automatic SQL injection tool that provides a variety of features for exploiting the SQL vulnerability. It helps penetration tester to exploit SQL vulnerability so that the web administrator fix them soon.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

Havij can run on windows based operating system however if you are using Linux than you can use Wine to get havij, there are two version available first one is free havij and the other is commercial also called Havij pro. Below is the list of some supportive database, however the list is not completed there are more features are available.

MsSQL 2000/2005 with error

MsSQL 2000/2005 no error union based

MsSQL Blind

MySQL time based

MySQL union based

MySQL Blind

MySQL error based

-->

-->

Download Havij

Havij is a wonderful tool that will really help you to measure the security of your web applications, havij tutorial is normally not needed because it is easy to use, more user friendly than other SQL injection tool. If you have any question regarding the usage than ask.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Other Readings:

• Five Things You Need to Know About MySQL (pcworld.com)
• Give Your Website A Thorough Security Check With HackerTarget (makeuseof.com)
• TimesofMoney/Remit2India Database Hacked Through SQL Injection - HDFC Bank Vulnerable Too (techie-buzz.com)

Read more

by Malik korrich ~ mardi 9 août 2011 0 commentaires