SOLDIERX.COM Nobody Can Stop Information Insemination

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Invoke-ReflectivePEInjection is a PowerShell script which can reflectively load and execute a windows PE file such as an EXE or DLL inside the PowerShell process on a remote computer without writing to disk. This is accomplished by (partially) rewriting the Win32 functionality which loads EXEs/DLLs in PowerShell.

The script allows a penetration tester to:

Execute EXEs/DLLs on remote computers without writing to disk (detection is extremely difficult)
Execute existing tools inside the PowerShell process (potentially bypassing application whitelisting)
Hide reflectively loaded EXEs/DLLs from tools such as ListDLL's which lists all loaded DLL's
Bypass antivirus by never writing anything to disk, everything happens in memory using PowerShell remoting

Note:
A beta version of the script is currently available for download on Github at: https://github.com/clymb3r/PowerShell. The final version will be a part of PowerSploit (and hopefully synced in to Kali linux).

HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.
The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.

Features:
x Multiples modules to execute.
x Save the output to an specify directory.
x HTML Reporting.
x Use multiples wordlist to probe against htaccess bypassing.
x Mode verbose for a full detailed information.
x Recursive crawling engine.

$ python htexploit

H H TTTTTT EEEE l t
H H TT E l ii t
HHHH TT EEE x x ppp l ooo ttt
H H TT E x p p l o o ii t
H H TT EEEE x x ppp l ooo ii tt
p
p v0.77

Usage: htexploit -u [URL] [options]

Options:
-h, --help show this help message and exit
-u URL, --url=URL **REQUIRED** - Specify the URL to scan
-o OUTPUT, --output=OUTPUT
Specify the output directory (Default: Random)
-w WORDLIST, --wordlist=WORDLIST
Specify the wordlist to use (Default: 'res/FullList')
-v, --verbose Verbosity level (Default: 0)

Example Usage:
python htexploit -u somesite.com -w somewordlist_not_included -o folder_to_output

LordPE is a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit, ....
Main features:

* Task viewer/dumper
* Huge PE editor (with big ImportTable viewer, ...)
* Break'n'Enter (break at the EntryPoint of dll or exe files)
* PE Rebuilder

I personally use this tool along with XVI32 and olydbg to add code caves into the PE file so I can manually pack and XOR malicious code into the PE file.

Displays information about and performs functions to manipulate audit policies. Auditpol is used on windows to set, clear, change, and manipulate certain audit polices. This tool is useful for clearing failed security logins, turning off auditing and logging to cover tracks, and many other useful actions.

SDL Regex Fuzzer is a verification tool to help test regular expressions for potential denial of service vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition. SDL Regex Fuzzer integrates with the SDL Process Template and the MSF-Agile+SDL Process Template to help users track and eliminate any detected regex vulnerabilities in their projects.

MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.

Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers. We chose to implement this as a plugin for Fiddler which already provides the proxy framework for HTTP debugging.

This is the Best Buy geek squad repair disc - Code Name MRI - for internal use only, confidential, and a trade secret. The disc has tools to help fix computers - it has AntiVirus, AntiSpyware, Disk Cleaner, Process List, Winsock Fix, etc, all a graphical user interface. Essentially it's a tool that makes removing spyware and other issues with Windows a breeze.

This tool has been cracked by SOLDIERX since version 4.8.1. Ever since 5.0.4.0, all of the geek squad propaganda has been replaced with SX propaganda. The tool was originally cracked by RaT, but 5.0.4.0 and above were cracked by pirrup and edited by RaT.

The latest public SX release is 5.1.1.0. The latest private SX releases are 5.10.10.4, 5.10.8, 5.10.5.21, 5.10.4, 5.10.3 v2 (5.10.3 v1 had serious bugs), 5.10.2, and 5.10.1

Fake Versions:
MRI 5.7.3
MRI 5.8.3
MRI 5.9.2
MRI 5.9.3
MRI 10.0.0

DNS Enumeration Script.