Tuesday, 30 December 2014

Book My Show Rs.250 Off By Just Paying Rs.79 Instead Of Rs.99

Here is Loot offer from Shopclues. You can buy Rs.250 voucher of Book My Show by just paying Rs.99 in Shopclues. Its a superb gift from Shopclues cause as we all know blockbuster movie PK is on the way so its a great opportunity to grab this offer. There are some terms & conditions for this voucher, scroll down below and read all terms and conditions carefully. Firstly, you have to purchase this voucher from Shopclues and payment option must be as a PayUmoney.

Read below given terms & conditions first before purchasing voucher code. At first create new payUmoney account by clicking Here .

Note : You will get extra 20% discount if you create new payUmoney account so follow above
link to create or if you will use your old account, then you have to pay Rs.99.
                                                         Click To Buy

Terms & Conditions :
(1) The Voucher can be purchased only using PayUMoney as the payment option.
(2) Amaximum of one transaction per user is allowed.
(3) The voucher can be redeemed only on Bookmyshow.com.
(4) At the time of redemption, the Voucher code must be entered by the customer on PayUMoney’s payment page on Bookmyshow.com.
(5) The Voucher is valid only till 11th January, 2015.
(6) The Customer shall be required to make a transaction of a minimum value of Rs. 251 on
bookmyshow.com, in order to redeem the Voucher.
(7) In the event where the customer is unable to utilize the voucher by 11th January, 2015,
PayUMoney will refund Rs. 99/- in the customer’s PayUmoney account.
(8) This Offer cannot be clubbed with any other Promotion and is subject to general terms &
conditions available on PayUMoney, Shopclues and Bookmyshow.
After purchasing above coupon, goto this link and select seat as per your choice.
Finally on payment page, select payment mode as a payUmoney and login your newly created
payUmoney account to get flat Rs.250 discount.

At order Page . Select ĺ Payment Method Cash Card/Wallet ĺ PayuMoney

Note : Minimum you have to purchase tickets worth Rs.251 to avail discount coupon of

what is Spoof

In general, the term spoof refers to hacking or deception that imitates another person, software program, hardware device, or computer, with the intentions of bypassing security measures. One of the most commonly known spoofing is IP spoofing.

IP spoofing

A method of bypassing security measures on a network or a method of gaining access to a network by imitating a different IP address. Some security systems have a method of helping to identifying a user by his or her IP address or IP address range. If the attacker spoofs their IP address to match this criteria it may help bypass security measures. This technique is also used to deceive a web page, poll, or other Internet contest into thinking the user is someone else allowing him or her to get more hits or falsely increase a votes rank.

E-mail or address spoofing

Process of faking a senders e-mail address. This form of spoofing is used to fool the recipient of the e-mail into thinking someone else sent them the message. This is commonly used to bypass spam filters or to trick the user into thinking the e-mail is safe when in reality it contains an attachment that is infected with a virus or spam.

Phone number spoofing

Anyone can fake the number or area code of from where they are calling. This type of spoofing is done by telemarkers to hide their true identity and by hackers to gain access to unprotected phone voicemail messages.

Web page spoof

A fake web page or spoof on another commonly visited page. For example a malicious user may create a spoof page of Microsoft's, eBay, PayPal or Google's home page that looks identical but is hosted on a different server. These pages are commonly used in phishing e-mails to extract information from the user such as usernames and passwords or to send malicious files to them. Web page spoofing may also be done through IP cloaking.

SmS Spoof

SMS Mafia

SmsMafia is a web texting application.
This Service Is Completely Anonymous.Your Mobile No. Will Not Be Shown Anywhere.

go to SmS mafia

SMS Global
Send fake sms from this website..
Make sign up and u will get 25 sms as trial..

Andro Rat:

Andro Rat:
AndroRat is a remote administration Android tool.
you can bind this spyware tool with the other android application and ask the victim to download this app.  It can read all messages, contacts, records and acall without knowing of the user.


Hack Code:

Hack Code:
The hacker's Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc. 


Droid Pentest:

 Its help you to find all android apps for penetration testing and hacking so you can make complete penetration test platform . This Tool developed by Nikhalesh Singh


AVD Clone:

 Clone an Android Virtual Device for easy distribution through the Android SDK Manager. You can create an AVD preinstalled with the apps and settings you need, and distribute it to others by having them point their Android SDK Manager to your repository.  Tool made by Security Compass.


APKInspector :

 The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps.


Android SDK:

 A software development kit that enables developers to create applications for the Android platform. The Android SDK includes sample projects with source code.


Burp Suite:

  It is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing.



 Create your own static analysis tool,; Analysis a bunch of android apps,; Analysis . Open source database of android malware. 


Android Framework for Exploitation :

          Smartphone Pentest Framework: Rather this tool allows you to assess the security of the smartphones in your environment in the manner you’ve come to expect with modern penetration testing tools.


DroidBox: Android tool

Its developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended:
•    Hashes for the analyzed package
•    Incoming/outgoing network data
•    File read and write operations
•    Started services and loaded classes through DexClassLoader
•    Information leaks via the network, file and SMS
•    Circumvented permissions
•    Cryptography operations performed using Android API
•    Listing broadcast receivers
•    Sent SMS and phone calls
Additionally, two images are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.


Dex2jar Android tool

 dex2jar is a lightweight package that provide you with four components in order to work with .dex and java .class files. dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM.


Jd-gui: Android tool

 JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.


Android Network Toolkit (ANTI)

This app is capable of mapping your network, scanning for vulnerable devices or configuration issues. It is for use by the amateur security enthusiast home user to the professional penetration tester, ANTI provides many other useful features such as:
easy connection to open ports, visual sniffing (URLs & Cookies) and - establishing
MiTM attacks (using predefined and user-defined filters), Server Side / Client Side Exploits, Password cracker to determine password’s safety level, Replace Image as
visual in demos and Denial of Service attacks. All this is packed into a very user-friendly and intuitive Android app (and soon to be released iOS app).


Wifi Protector - Protect Your Android From Wi-Fi Sniffing Attacks

 The only app that is able to countermeasure "Man In The Middle" attacks on    Android  platform - Wifi Protector. No other app provides this type of high network security. Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, Ettercap, DroidSheep,  
NetCut,and all others that try to hijack your session via "Man In The Middle" through ARP spoofing / ARP poisoning.


ANONdroid v. 00.00.008 : JonDonym proxy client for Android

ANONdroid is a client application for the AN.ON anonymisation service. This service allows a user to browse the Web anonymously.
ANONdroid acts as a proxy for your internet applications and will forward the traffic
of your internet applications encrypted to the mix cascades.

ANONdroid uses the core libraries of JonDo with a smartphone compatible GUI.


Free Avast Antivirus For Android Security

Full-featured Antivirus and Anti-Theft security for your Android phone.

   By using Avast Mobile Security in your Android phone, your cell phone will be                         protected  by virus, threat, hacker, even it’s able to minimize your loss if your Android       cell phone is stolen. The antivirus component supports real-time protection and                    automatic updates. Updates can be configured to only be downloaded over certain
  types  of connections and the interface can be protected with a password.
Protect personal data with automatic virus scans and infected-URL alerts. Stop hackers by adding a firewall (rooted phones). Control anti-theft features with remote SMS commands for: history wipe, phone lock, siren activation, GPS tracking, audio monitoring, and many other useful tools.
  Call and SMS filtering can help device owners block annoying advertising calls or spam   text messages. Users can define groups of phone numbers and configure the blocking intervals for them.The firewall component is only available for rooted devices because it requires special system-level access to enforce its rules. Device owners can use it to block individual applications from accessing the Internet over certain types of connections.



Wi-Fi Key Recovery Android tool

 ->You need root to use this application.
 ->You need to have connected to the network in the past.
 -> This app cannot "hack" into an unknown/new network.

Have you ever forgotten the password of your home WiFi network, or the one you setup for your parents a few months back?

This application will help you recover the password of a wireless network you have connected to with your device in the past.

You can then either tap on an entry to copy it, or export the list to SD, or share it using the standard Android sharing facilities.

  It does not crack the network, or use the MAC/SSID address to deduce the password. It    simply reads it from the device itself. 

Am I Hacker Proof Android tool

Am I Hacker Proof scans your network, computer or website from the outside as a hacker would, looking for vulnerabilities. Once it finds the vulnerabilities, it will email or text you
 letting you know how many vulnerabilities you have. In addition, in the paid version you can check to see if your voicemail on your cell phone is hacker proof.

This App does not use any resources on your phone. Once you start a scan you will be
notified via email or text your scan started. When your scan is completed you will be notified again that your scan is complete.

Am I Hacker Proof includes these services for free:
- Choose from three types of scans: A “Quick” scan (up to four hours), a “Complete” scan
 (can take up to four days to complete), and a Web site scan (searches for vulnerabilities in certain types of Web sites; currently supports WordPress Web sites).

- You can perform a scan on any Web or IP address.

- You can scan up to 10 times a month.

- Built- in tools – Ping, Traceroute, Whois, ISP/E-mail Service Providers database and real
 time cyber security news feeds.
- Your reports are saved in a PDF file that you can read on your device or forward to any email address you like.

- Your account on your device works on the website www.AmIHackerProof.com so you can have access to more applications.

-> Voicemail Hacking.

- Built-in tools – Ping, Traceroute, Whois, ISP/E-mail Service Providers database and real time cyber security news feeds.

- Search through the scans you performed by address, time, number of vulnerabilities, or status.

- You get an email and text message letting you know the number of vulnerabilities found on that IP address or website.


Spoof Tooph 0.5: To Automate Cloning of Bluetooth devices

SpoofTooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specifically the same Address)
Change Log v0.5:
- Fixed segmentation fault in manual assigning of Device Name and Class of Device
- Modified flags
- Depreciated
     -r: Assign random NAME, CLASS, and ADDR
     -l : Load SpoofTooph CSV logfile
     -d : Dump scan into SpoofTooph CSV logfile
- New
     -w : Write to CSV file
     -r : Read from CSV file
     -R: Assign random NAME, CLASS, and ADDR
     -m: Specify multiple interfaces during selection
     -u: USB delay. Interactive delay for reinitializing interfaces


AnDOSid: DOS Tool For Android Mobile

AnDOSid is designed for security professionals only!
AnDOSid tag’s posts with two unique numbers which relate to the Android device that sent the request.

AnDOSid allows security professionals to simulate a DOS attack (A http post flood
attack to be exact) and of course a dDOS on a web server, from mobile phones.

AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolve.
A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security higher in the minds of web owners.

Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices
that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device.

AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An
http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. 
AnDOSid is actively being developed and I welcome feedback from the
security community as to how you would like the application to evolve.

What's in this version:

  • Requires Internet access to send the http post data
  • Requires phone state to access the IMEI (one of the two identifiers sent with
  • each post)
AnDOSid can be downloaded from the Android Market place and costs just £1 or Rs.74.58/-Only.

More info 

To Find The USB Logs

Go to Run Then Enter Code _|
For window 7

For window Xp


A botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.

Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander.

A botnet may be small or large depending on the complexity and sophistication of the bots used. A large botnet may be composed of ten thousand individual zombies. A small botnet, on the other hand may be composed of only a thousand drones. Usually, the owners of the zombie computers do not know that their computers and their computers’ resources are being remotely controlled and exploited by an individual or a group of malware runners through Internet Relay Chat (IRC)

There are various types of malicious bots that have already infected and are continuing to infect the internet. Some bots have their own spreaders – the script that lets them infect other computers (this is the reason why some people dub botnets as computer viruses) – while some smaller types of bots do not have such capabilities.

Different Types of Bots

Here is a list of the most used bots in the internet today, their features and command set.

XtremBot, Agobot, Forbot, Phatbot

These are currently the best known bots with more than 500 versions in the internet today. The bot is written using C++ with cross platform capabilities as a compiler and GPL as the source code. These bots can range from the fairly simple to highly abstract module-based designs. Because of its modular approach, adding commands or scanners to increase its efficiency in taking advantage of vulnerabilities is fairly easy. It can use libpcap packet sniffing library, NTFS ADS and PCRE. Agobot is quite distinct in that it is the only bot that makes use of other control protocols besides IRC.

UrXBot, SDBot, UrBot and RBot

Like the previous type of bot, these bots are published under GPL, but unlike the above mentioned bots these bots are less abstract in design and written in rudimentary C compiler language. Although its implementation is less varied and its design less sohisticated, these type of bots are well known and widely used in the internet.

GT-Bots and mIRC based bots
These bots have many versions in the internet mainly because mIRC is one of the most used IRC client for windows. GT stands for global threat and is the common name for bots scripted using mIRC. GT-bots make use of the mIRC chat client to launch a set of binaries (mainly DLLs) and scripts; their scripts often have the file extensions .mrc.
Malicious Uses of Botnets

Types Of Botnet Attack

Denial of Service Attacks
A botnet can be used as a distributed denial of service weapon. A botnet attacks a network or a computer system for the purpose of disrupting service through the loss of connectivity or consumption of the victim network’s bandwidth and overloading of the resources of the victim’s computer system. Botnet attacks are also used to damage or take down a competitor’s website.

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.
Any Internet service can be a target by botnets. This can be done through flooding the website with recursive HTTP or bulletin-board search queries. This mode of attack in which higher level protocols are utilized to increase the effects of an attack is also termed as spidering.

Its a software which sends information to its creators about a user's activities – typically passwords, credit card numbers and other information that can be sold on the black market. Compromised machines that are located within a corporate network can be worth more to the bot herder, as they can often gain access to confidential information held within that company. There have been several targeted attacks on large corporations with the aim of stealing sensitive information, one such example is the Aurora botnet.

Its exists to advertise some commercial entity actively and without the user's permission or awareness, for example by replacing banner ads on web pages with those of another content provider.

Spamming and Traffic Monitoring

A botnet can also be used to take advantage of an infected computer’s TCP/IP’s SOCKS proxy protocol for networking appications. After compromising a computer, the botnet commander can use the infected unit (a zombie) in conjunction with other zombies in his botnet (robot network) to harvest email addresses or to send massive amounts of spam or phishing mails.

Moreover, a bot can also function as a packet sniffer to find and intercept sensitive data passing through an infected machine. Typical data that these bots look out for are usernames and passwords which the botnet commander can use for his personal gain. Data about a competitor botnet installed in the same unit is also mined so the botnet commander can hijack this other botnet.

Access number replacements are where the botnet operator replaces the access numbers of a group of dial-up bots to that of a victim's phone number. Given enough bots partake in this attack, the victim is consistently bombarded with phone calls attempting to connect to the internet. Having very little to defend against this attack, most are forced into changing their phone numbers (land line, cell phone, etc.).

Keylogging and Mass Identity Theft
An encryption software within the victims’ units can deter most bots from harvesting any real information. Unfortunately, some bots have adapted to this by installing a keylogger program in the infected machines. With a keylogger program, the bot owner can use a filtering program to gather only the key sequence typed before or after interesting keywords like PayPal or Yahoo mail. This is one of the reasons behind the massive PayPal accounts theft for the past several years.

Bots can also be used as agents for mass identity theft. It does this through phishing or pretending to be a legitimate company in order to convince the user to submit personal information and passwords. A link in these phishing mails can also lead to fake PayPal, eBay or other websites to trick the user into typing in the username and password.

Botnet Spread
Botnets can also be used to spread other botnets in the network. It does this by convincing the user to download after which the program is executed through FTP, HTTP or email.

Pay-Per-Click Systems Abuse
Botnets can be used for financial gain by automating clicks on a pay-per-click system. Compromised units can be used to click automatically on a site upon activation of a browser. For this reason, botnets are also used to earn money from Google’s Adsense and other affiliate programs by using zombies to artificially increase the click counter of an advertisement.

Do you think HTTPS is Secure? But its Not !

Do you think HTTPS is Secure? But its Not !

Do you want to test your Server for BEAST & CRIME Attacks?

Do you want to have an overview on how secure is your encryption also indicating the Supported Suites & Protocols?

TestSSLServer will give you all of them in just one tool!.

All you have to do is visit their main website:

Link: http://www.bolet.org/TestSSLServer/

Then run which package you desire:

-) Java Application

   Link: http://www.bolet.org/TestSSLServer/TestSSLServer.jar

-) Windows Executable Version

   Link: http://www.bolet.org/TestSSLServer/TestSSLServer.exe

Once you will have downloaded it, just drag the app into the Windows Command-Promt and press Enter:

When you are there, you will need to enter the server details, for this use this syntax:

usage: TestSSLServer servername [ port ]

Example: mysubdomain.apple.com 443 **(You can also insert your local address if you have any Server running into it)

As you can see, one of Apple's subdomain is Vulnerable to POODLE Attack since it has SSLv3 Enabled.

It can be attacked from the HTTPS Secure Port - :443 .

We can see that the Vulnerable SSLv3 Cipher Suites are:


...but our Target is also Vulnerable to BEAST Attack as reported below!.

BEAST status: vulnerable

But it's not the end!.

This great Tool also give you relevant informations regarding the Security of your Keys!

My target got it STRONG, it means that a Possible Attacker may concour in some difficulties for Crack the Server Key!.

See Below!:

Minimal encryption strength:    strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)

If is STRONG, The Hacker may be not facilited but NOT unabilited for CRACK your Web-Server Keys.

At the end, this tool also give you the details about the Security Certificate that the server is running!.

Example mine comes from Cupertino, California!.

Definitively, you should try it at all!.

BrakeMan Rails Security Scanner For Ruby Platform Latest Version Released

Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.

Brakeman now supports loading checks that are not run by default. These “nondefault” checks may have high false positive rates or introduce significant slowdowns. Optional checks should be treated as experimental and may experience more breaking changes than default checks.

To run all checks, use -A. To list only the optional checks, try --optional-checks. Optional checks are also listed in --checks. As usual, checks may be specified using -t or --test. At this time there is no way to easily run the default checks plus some optional checks.

On the code side, optional checks are the same except Brakeman::Checks.add self becomes Brakeman::Checks.add_optional self.

It works with Rails 2.x, 3.x, and 4.x.


No Configuration Necessary
Brakeman requires zero setup or configuration once it is installed. Just run it.

Run It Anytime

Because all Brakeman needs is source code, Brakeman can be run at any stage of development: you can generate a new application with rails new and immediately check it with Brakeman.

Better Coverage

Since Brakeman does not rely on spidering sites to determine all their pages, it can provide more complete coverage of an application. This includes pages which may not be ‘live’ yet. In theory, Brakeman can find security vulnerabilities before they become exploitable.

Best Practices
Brakeman is specifically built for Ruby on Rails applications, so it can easily check configuration settings for best practices.

Flexible Testing
Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.

While Brakeman may not be exceptionally speedy, it is much faster than “black box” website scanners. Even large applications should not take more than a few minutes to scan.


Using RubyGems:

gem install brakeman

Using Bundler, add to development group in Gemfile and set to not be required automatically:

group :development do
  gem 'brakeman', :require => false

From source:

gem build brakeman.gemspec
gem install brakeman*.gem

brakeman [app_path]
It is simplest to run Brakeman from the root directory of the Rails application. A path may also be supplied.

Basic Options
For a full list of options, use brakeman --help or see the OPTIONS.md file.

To specify an output file for the results:

brakeman -o output_file
The output format is determined by the file extension or by using the -f option. Current options are: text, html, tabs, json, markdown, and csv.

Multiple output files can be specified:

brakeman -o output.html -o output.json

To suppress informational warnings and just output the report:

brakeman -q
Note all Brakeman output except reports are sent to stderr, making it simple to redirect stdout to a file and just get the report.

To see all kinds of debugging information:

brakeman -d

Specific checks can be skipped, if desired. The name needs to be the correct case. For example, to skip looking for default routes (DefaultRoutes):

brakeman -x DefaultRoutes

Multiple checks should be separated by a comma:

brakeman -x DefaultRoutes,Redirect

To do the opposite and only run a certain set of tests:

brakeman -t SQL,ValidationRegex

If Brakeman is running a bit slow, try

brakeman --faster

This will disable some features, but will probably be much faster (currently it is the same as --skip-libs --no-branching). WARNING: This may cause Brakeman to miss some vulnerabilities.

By default, Brakeman will return 0 as an exit code unless something went very wrong. To return an error code when warnings were found:

brakeman -z

To skip certain files that Brakeman may have trouble parsing, use:

brakeman --skip-files file1,file2,etc

To compare results of a scan with a previous scan, use the JSON output option and then:

brakeman --compare old_report.json

This will output JSON with two lists: one of fixed warnings and one of new warnings.

Brakeman will ignore warnings if configured to do so. By default, it looks for a configuration file in config/brakeman.ignore. To create and manage this file, use:

brakeman -I

Download Brakeman

ODA Online DisAssembler


ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures.
Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections,
strings, symbols, raw hex, and machine level instructions.

ODA is an online Web Based Disassembler for when you don’t have time or space for a thick client.
ODA is a BETA release that is limited by the resource constraints of the server on which it is hosted and the spare time of its creators

  •     Malware analysis
  •     Vulnerability research
  •     Visualizing the control flow of a group of instructions
  •     Disassembling a few bytes of an exception handler that is going off into the weeds
  •     Reversing the first few bytes of a Master Boot Record (MBR) that may be corrupt
  •     Debugging an embedded systems device driver          

Online DisAssembler 

OclHashCat Worlds Fastest Password Cracker

OclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This tool is available for all Windows and Linux versions should work on both 32 and 64 bit.

GPU Driver requirements:
1. NV users require ForceWare 331.67 or later
2. AMD users require Catalyst 14.4 or later

This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite, both very well-known suites at that time, but now deprecated. There also existed a now very old oclHashcat GPU cracker that was replaced w/ plus and lite, which - as said - were then merged into oclHashcat 1.00 again.

Worlds fastest password cracker
Worlds first and only GPGPU based rule engine
Multi-GPU (up to 128 gpus)
Multi-Hash (up to 100 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch movies or play games while cracking
Focuses highly iterated modern hashes
Focuses dictionary based attacks
Supports distributed cracking
Supports pause / resume while cracking
Supports sessions
Supports restore
Supports reading words from file
Supports reading words from stdin
Supports hex-salt
Supports hex-charset
Built-in benchmarking system
Integrated thermal watchdog
100+ Algorithms implemented with performance in mind
... and much more


Straight *
Hybrid dict + mask
Hybrid mask + dict
* accept Rules


SHA-3 (Keccak)
GOST R 34.11-94
HMAC-MD5 (key = $pass)
HMAC-MD5 (key = $salt)
HMAC-SHA1 (key = $pass)
HMAC-SHA1 (key = $salt)
HMAC-SHA256 (key = $pass)
HMAC-SHA256 (key = $salt)
HMAC-SHA512 (key = $pass)
HMAC-SHA512 (key = $salt)
Kerberos 5 AS-REQ Pre-Auth etype 23
AIX {smd5}
AIX {ssha1}
AIX {ssha256}
AIX {ssha512}
OpenBSD Blowfish
OSX v10.4
OSX v10.5
OSX v10.6
OSX v10.7
OSX v10.8
OSX v10.9
Juniper Netscreen/SSG (ScreenOS)
Samsung Android Password/PIN
1Password, cloudkeychain
1Password, agilekeychain
Password Safe SHA-256
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES
TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES
TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + boot-mode
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume + boot-mode
Citrix Netscaler
Apache MD5-APR
Woltlab Burning Board
Half MD5 (left, mid, right)
Double MD5
Double SHA1

OCL Hashcat options:

oclHashcat, advanced password recovery

Usage: oclHashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...


* General:

  -m,  --hash-type=NUM               Hash-type, see references below
  -a,  --attack-mode=NUM             Attack-mode, see references below
  -V,  --version                     Print version
  -h,  --help                        Print help
       --eula                        Print EULA
       --quiet                       Suppress output

* Benchmark:

  -b,  --benchmark                   Run benchmark
       --benchmark-mode=NUM          Benchmark-mode, see references below

* Misc:

       --hex-salt                    Assume salt is given in hex
       --hex-charset                 Assume charset is given in hex
       --force                       Ignore warnings
       --status                      Enable automatic update of the status-screen
       --status-timer=NUM            Seconds between status-screen update

* Markov:

       --markov-hcstat=FILE          Specify hcstat file to use, default is hashcat.hcstat
       --markov-disable              Disables markov-chains, emulates classic brute-force
       --markov-classic              Enables classic markov-chains, no per-position enhancement
  -t,  --markov-threshold=NUM        Threshold when to stop accepting new markov-chains

* Session:

       --runtime=NUM                 Abort session after NUM seconds of runtime
       --session=STR                 Define specific session name
       --restore                     Restore session from --session
       --restore-timer=NUM           Save restore file each NUM seconds
       --disable-restore             Do not write restore file

* Files:

  -o,  --outfile=FILE                Define outfile for recovered hash
       --outfile-format=NUM          Define outfile-format for recovered hash, see references below
  -p,  --separator=CHAR              Define separator char for hashlists and outfile
       --show                        Show cracked passwords only
       --left                        Show un-cracked passwords only
       --username                    Enable ignoring of usernames in hashfile (recommended: also use --show)
       --remove                      Enable remove of hash once it is cracked
       --disable-potfile             Do not write potfile

* Resources:

  -c,  --segment-size=NUM            Size in MB to cache from the wordfile
       --cpu-affinity=STR            Locks to CPU devices, seperate with comma
       --gpu-async                   Use non-blocking async calls (NV only)
  -d,  --gpu-devices=STR             Devices to use, separate with comma
  -n,  --gpu-accel=NUM               Workload tuning: 1, 8, 40, 80, 160
  -u,  --gpu-loops=NUM               Workload fine-tuning: 8 - 1024
       --gpu-temp-disable            Disable temperature and fanspeed readings and triggers
       --gpu-temp-abort=NUM          Abort session if GPU temperature reaches NUM degrees celsius
       --gpu-temp-retain=NUM         Try to retain GPU temperature at NUM degrees celsius (AMD only)

* Rules:

  -j,  --rule-left=RULE              Single rule applied to each word from left dict
  -k,  --rule-right=RULE             Single rule applied to each word from right dict
  -r,  --rules-file=FILE             Rules-file, multi use: -r 1.rule -r 2.rule
  -g,  --generate-rules=NUM          Generate NUM random rules
       --generate-rules-func-min=NUM Force NUM functions per random rule min
       --generate-rules-func-max=NUM Force NUM functions per random rule max
       --cleanup-rules               Saves all working rules to disk and removes the others, while creating a backup file

* Custom charsets:

  -1,  --custom-charset1=CS          User-defined charsets
  -2,  --custom-charset2=CS          Example:
  -3,  --custom-charset3=CS          --custom-charset1=?dabcdef : sets charset ?1 to 0123456789abcdef
  -4,  --custom-charset4=CS          -2 mycharset.hcchr : sets charset ?2 to chars contained in file

* Increment:

  -i,  --increment                   Enable increment mode
       --increment-min=NUM           Start incrementing at NUM
       --increment-max=NUM           Stop incrementing at NUM


* Benchmark Settings:

    0 = Manual Tuning
    1 = Performance Tuning, default

* Outfile Formats:

    1 = hash[:salt]
    2 = plain
    3 = hash[:salt]:plain
    4 = hex_plain
    5 = hash[:salt]:hex_plain
    6 = plain:hex_plain
    7 = hash[:salt]:plain:hex_plain

* Built-in charsets:

   ?l = abcdefghijklmnopqrstuvwxyz
   ?d = 0123456789
   ?a = ?l?u?d?s
   ?s =  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

* Attack modes:

    0 = Straight
    1 = Combination
    3 = Brute-force
    6 = Hybrid dict + mask
    7 = Hybrid mask + dict

* Generic hash types:

    0 = MD5
   10 = md5($pass.$salt)
   20 = md5($salt.$pass)
   30 = md5(unicode($pass).$salt)
   40 = md5($salt.unicode($pass))
   50 = HMAC-MD5 (key = $pass)
   60 = HMAC-MD5 (key = $salt)
  100 = SHA1
  110 = sha1($pass.$salt)
  120 = sha1($salt.$pass)
  130 = sha1(unicode($pass).$salt)
  140 = sha1($salt.unicode($pass))
  150 = HMAC-SHA1 (key = $pass)
  160 = HMAC-SHA1 (key = $salt)
  190 = sha1(LinkedIn)
  300 = MySQL
  400 = phpass, MD5(Wordpress), MD5(phpBB3)
  500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
  900 = MD4
 1000 = NTLM
 1100 = Domain Cached Credentials, mscash
 1400 = SHA256
 1410 = sha256($pass.$salt)
 1420 = sha256($salt.$pass)
 1430 = sha256(unicode($pass).$salt)
 1440 = sha256($salt.unicode($pass))
 1450 = HMAC-SHA256 (key = $pass)
 1460 = HMAC-SHA256 (key = $salt)
 1500 = descrypt, DES(Unix), Traditional DES
 1600 = md5apr1, MD5(APR), Apache MD5
 1700 = SHA512
 1710 = sha512($pass.$salt)
 1720 = sha512($salt.$pass)
 1730 = sha512(unicode($pass).$salt)
 1740 = sha512($salt.unicode($pass))
 1750 = HMAC-SHA512 (key = $pass)
 1760 = HMAC-SHA512 (key = $salt)
 1800 = sha512crypt, SHA512(Unix)
 2100 = Domain Cached Credentials2, mscash2
 2400 = Cisco-PIX MD5
 2500 = WPA/WPA2
 2600 = Double MD5
 3000 = LM
 3100 = Oracle 7-10g, DES(Oracle)
 3200 = bcrypt, Blowfish(OpenBSD)
 5000 = SHA-3(Keccak)
 5100 = Half MD5
 5200 = Password Safe SHA-256
 5300 = IKE-PSK MD5
 5400 = IKE-PSK SHA1
 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
 5600 = NetNTLMv2
 5700 = Cisco-IOS SHA256
 5800 = Samsung Android Password/PIN
 6000 = RipeMD160
 6100 = Whirlpool
 621Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160
 622Y = TrueCrypt 5.0+ PBKDF2-HMAC-SHA512
 623Y = TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool
 624Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 boot-mode
 6300 = AIX {smd5}
 6400 = AIX {ssha256}
 6500 = AIX {ssha512}
 6600 = 1Password
 6700 = AIX {ssha1}
 6800 = Lastpass
 6900 = GOST R 34.11-94
 7100 = OSX v10.8
 7200 = GRUB 2
 7400 = sha256crypt, SHA256(Unix)
 7500 = Kerberos 5 AS-REQ Pre-Auth etype 23

* Specific hash types:

   11 = Joomla
   21 = osCommerce, xt:Commerce
  101 = nsldap, SHA-1(Base64), Netscape LDAP SHA
  111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
  112 = Oracle 11g
  121 = SMF > v1.1
  122 = OSX v10.4, v10.5, v10.6
  131 = MSSQL(2000)
  132 = MSSQL(2005)
  141 = EPiServer 6.x < v4
 1441 = EPiServer 6.x > v4
 1711 = SSHA-512(Base64), LDAP {SSHA512}
 1722 = OSX v10.7
 1731 = MSSQL(2012)
 2611 = vBulletin < v3.8.5
 2711 = vBulletin > v3.8.5
 2811 = IPB2+, MyBB1.2+
 62XY = TrueCrypt 5.0+
   X  = 1 = PBKDF2-HMAC-RipeMD160
   X  = 2 = PBKDF2-HMAC-SHA512
   X  = 3 = PBKDF2-HMAC-Whirlpool
   X  = 4 = PBKDF2-HMAC-RipeMD160 boot-mode
   Y  = 1 = XTS AES

Zeus private crypter (FUD)

pass: cyberaon.com
Название файла: stub
Размер файла: 24660 байт
Дата сканирования: Mon, 23 Dec 13 11:31:12 -0500
MD5-хэш файла: ed69a4927f601cbe2b319fffc6f4104b
Результат: 0 из 36
Ad-Aware: OK
AhnLab V3 Internet Security: OK
ArcaVir: OK
Avast: OK
Avira: OK
Bitdefender/BullGuard: OK
BullGuard Internet Security 2013: OK
Comodo: OK
Dr.Web: OK
Emsisoft Anti-Malware (a-squared Anti-Malware): OK
eScan Internet Security Suite 14: OK
Fortinet 5: OK
F-Prot: OK
F-Secure 2014: OK
G Data: OK
Immunet/ClamAV: OK
K7 Ultimate: OK
Kaspersky Internet Security 2014: OK
McAfee Total Protection 2013: OK
Microsoft Security Essentials: OK
Norman: OK
Norton Internet Security: OK
Outpost Security Suite Pro 8.0: OK
Quick Heal: OK
Sophos: OK
SUPERAntiSpyware: OK
Total Defense Internet Security: OK
Trendmicro Titanium Internet Security: OK
Twister Antivirus 8: OK
VIPRE Internet Security 2013: OK
Virit: OK
Scan report generated by Scanner.FuckAV.ru

New Icepol Malware found by Security Experts

Authorities in Romania have identified new malware that claims to be from police enforcing copyright and anti-porn laws.

Called the Icepol trojan, the ransomware sends a message to victims accusing them of software piracy or downloading illegal porn, then locks the victim’s computer and demands payment to unlock it. It was installed on more than 267,000 computers including in the US, Germany and Australia and responsible for more than 148,000 scam transactions in just five months.

Security vendor Bitdefender said Icepol originated in Romania, the company’s own home country, and was distributed in 25 languages.

After analysing information from servers seized by police, Catalin Cosoi, chief security strategist, Bitdefender, said the scam revealed a larger malware distribution system. Cosoi said the criminal underworld has developed supply-chain networks that work much in the same way as more traditional criminal enterprises – even down to money-making referral and syndication schemes.

Servers were organised in a pyramid scheme where a number of affiliates were connected to a central (command and control) server responsible for delivering the malware. The Romanian-based unit was communicating with a central server in The Netherlands, before it was moved to Germany as authorities closed in.

The findings support claims made late last year by another security firm, FireEye, about common development and logistics centers or a ‘hacking industry’. A spate of seemingly unrelated internet attacks launched from China in 2013 was found to have used similar underlying organised structures. The discovery prompted FireEye to warn of defence contractor-style groups creating the tools hackers buy, trade and use.

Raymond Choo, Australian Institute of Criminology senior security analyst, agreed there was an internet crime ecosystem.

“[A big threat] to cyber-security is the asymmetrical nature of cyberspace that can be leveraged by smaller or less technologically advanced countries to launch [attacks] by buying or renting the services and skills of cybercriminals,” they said.

Many experts say the concept of the ‘darknet’ – the seamy online underbelly used to produce and swap everything from bomb recipes to child pornography – is applicable to the hacking community, allowing organised hacking groups to join, collaborate and disperse.

“The criminal underground is known for having an organised structure that allows actors to specialise,” said Will Pelgrin, chief executive of the US Centre for Internet Security. “In the last several years it’s developed into a fee-for-service model to such an extent there are different layers of organisation. Some malicious actors control the money mules, others control the controllers.”

But as Nigel Phair of Canberra University’s Centre for Internet Safety warned, the existence of such cyber arms dealer-style fraternities doesn’t mean cybercrime will be any easier to combat.

“If cyber criminals make an exploit that works they can join different criminal networks to profiteer from it, but I wouldn’t assume the ‘brains trust’ behind malware is that small,” they says.

“Geographically diverse criminals who never meet may get together based on their expertise and conduct an exploit. Once they’ve completed a particular task and made money they go their separate ways, try something new or try the same exploit in a different industry sector.”

But does something approaching a hacker industry make internet crime any easier to stamp out?
“Unsurprisingly, many of the high-end cyber criminals live in jurisdictions with weak or no cybercrime laws,” said Phair, a former Australian Federal Police officer. “And often, law enforcement doesn’t have the capability or capacity to investigate local criminal elements.”

Still, there are points of weakness the forces of good can exploit. Kyle Creyts, senior threat analyst at US security firm Lastline, said internet criminals need hosts, computers and other traceable supply-chains just like genuine businesses.

“I’d focus on the notion of administrative domain,” they said.

“When a given provider has relatively bad, slow or ineffective response to compromises of their customers, it’s generally known and discussed in the underground community. Some of them even go so far as to offer what’s called ‘bulletproof’ hosting where they publicly acknowledge or advertise that they won’t respond to abuse complaints or law enforcement requests.”

Hacker Takes Down LoL, DoTA 2, Blizzard and EA Servers

The hacker group “DERP” is attacking the servers of games played by popular Twitch streamer James “Phantoml0rd” Varga.

A group or individual going by the Twitter handle DERP has been attacking the servers of several major PC games, including League of Legends, DoTA 2 and Blizzard. The hacker initially took down the LoL EU Servers and Blizzard’s Battle.net, before setting its sights on popular Twitch streamer James “Phantoml0rd” Varga’s favorite games.

It told Phantoml0rd if he lost his current game of DoTA 2, it would bring down the game’s servers. Just as Phantoml0rd’s team took a turn for the worst, the server he was playing on went down. It then proceeded to harass the streamer, taking down the servers for every game he subsequently tried to play, including Club Penguin. It also took down EA.com in the interim.

So far, DERP’s threats have been consistent, with each website or game server that it has targeted going down shortly after its announcement. Phantoml0rd, who believes he was targeted because he was the top streamer at the time, reached out to the group, asking them why they were doing this. “For the lulz,” it replied, adding that it is dismayed with “money hungry companies”.

To make things worse, shortly after all this went down, Phantoml0rd received a visit from the police, most likely believing that he had something to do with the hack attacks. “…just had an automatic pointed at me, put in hand cuffs and sat in the back of a cop car as I watched as 6 policemen go through my whole house.. will keep you all updated,” he posted on his Facebook wall.

So far, there is no word from any of the companies that have been attacked, but we have reached out to Riot, Blizzard, Valve and EA for further comment.

Update1: PhantomL0rd has posted an official reply regarding the DDoS attacks and the raid on his house by police to his Twitch channel. You can watch his reply below:

Update 2: Riot Games has confirmed that League of Legends was affected by the DDoS attacks, although everything seems to be up and running.

First Suspected Heartbleed Hacker Arrested

A Canadian cyber crime unit has arrested and charged a 19-year-old Ontario man for allegedly hacking into the country’s tax agency using the Heartbleed Internet security bug.

The suspect, Stephen Arthuro Solis-Reyes, was arrested Tuesday at his home “without incident,” law enforcement authorities with the Royal Canadian Mounted Police said in a news release. Officials found and seized computer equipment from Solis-Reyes’s home.

Earlier this week, the Canada Revenue Agency said an attacker using Heartbleed stole900 Social Security numbers. It was the first known case of a hacker taking advantage of the security flaw for malicious purposes.

The vulnerability stems from a fault in OpenSSL, a widely used security protocol that encrypts Internet traffic for vast numbers of Web sites.