EvilZone
Hacking and Security => Hacking and Security => : forummailpk December 09, 2015, 10:38:07 PM
-
What is Hackers Toolkit?
Quickly encode or decode string with a certain encryption or get the query for a certain web hacking method.
https://chrome.google.com/webstore/detail/hackers-toolkit/gnniaejgfdelaafcjopndjdebjfnkljf
Extension features:
[ 1 Encoders one-way ]
- 1.1 MD5 Encode
- 1.2 SHA-1 Encode
- 1.3 SHA-256 Encode
- 1.4 SHA-384 Encode
- 1.5 SHA-512 Encode
- 1.6 DES Encode
[ 2 Encoders ]
- 2.1 Base-64 Encode
- 2.2 URL Encode
- 2.3 HTMLEntities Encode
- 2.4 ASCII-85 Encode
- 2.5 ROT-13 Encode
[ 3 Decoders ]
- 3.1 Base-64 Decode
- 3.2 URL Decode
- 3.3 HTMLEntities Decode
- 3.4 ASCII-85 Decode
- 3.5 ROT-13 Decode
[ 4 Bruteforcers ]
- 4.1 MD5 Bruteforce
- 4.2 SHA1 Bruteforce
[ 5 Converters ]
- 5.1 ASCII to Decimal
- 5.2 Decimal to ASCII
- 5.3 ASCII to Binary
- 5.4 Binary to ASCII
- 5.5 ASCII to HEX
- 5.6 HEX to ASCII
- 5.7 Binary to HEX
- 5.8 HEX to Binary
[ 6 String tools ]
- 6.1 Reverse string
- 6.2 Remove spaces
- 6.3 String Length
- 6.4 String to uppercase
- 6.5 String to lowercase
[ 7 SQL injection tools ]
- 7.1 Column count generator
- 7.2 Mixed case bypass
- 7.3 SQLi WAF bypass (union)
- 7.4 SQLi WAF bypass (tables)
- 7.5 SQLi WAF bypass (columns)
- 7.6 SQLi WAF bypass (data)
- 7.7 Error based SQLi (version)
- 7.8 Error based SQLi (database)
- 7.9 Error based SQLi (tables)
- 7.10 Error based SQLi (columns)
- 7.11 Error based SQLi (data)
- 7.12 Blind SQLi (database count)
- 7.13 Blind SQLi (database name length)
- 7.14 Blind SQLi (database name)
- 7.15 Blind SQLi (tables count)
- 7.16 Blind SQLi (table name length)
- 7.17 Blind SQLi (table name)
- 7.18 Blind SQLi (column count)
- 7.19 Blind SQLi (column name length)
- 7.20 Blind SQLi (column name)
- 7.21 Blind SQLi (data)
[ 8 Other hacking tools ]
- 8.1 LFI (etc/passwd)
- 8.2 LFI (proc/self/environ)
- 8.3 LFI bypass (url encode)
- 8.4 XSS bypass (String.fromCharCode)
-
Do you have the source code for this?
-
Do you have the source code for this?
Yes, i'm the author
-
Yes, i'm the author
We would love to take a look, mind to link us to Github or post it on here ?
-
I used this website (http://chrome-extension-downloader.com/) to download the extension crx and this website/extension (https://github.com/Rob--W/crxviewer) to view the JavaScript source:
function sendRequest() {
var request;
var browser = navigator.appName;
request = new XMLHttpRequest;
request.onreadystatechange = function() {
if (request.readyState != 4) {
document.getElementById("result")
.style.display = "none";
document.getElementById("waiting")
.style.display = "block";
} else {
document.getElementById("waiting")
.style.display = "none";
document.getElementById("result")
.style.display = "block";
document.getElementById("result")
.innerHTML = request.responseText;
}
}
request.open("GET", "http://programming.rs/hackers-toolkit/action.php?" + "type=" + document.getElementById("type")
.value + "&hash=" + encodeURIComponent(btoa(document.getElementById("hash")
.value)), true);
request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
request.send();
}
document.addEventListener("click", function(event) {
if (event.target.type == "button") {
var type = document.getElementById("type")
.value;
var hash = encodeURIComponent(btoa(document.getElementById("hash")
.value));
if ((type.length + hash.length) < 6000) {
sendRequest();
} else {
document.getElementById("waiting")
.style.display = "none";
document.getElementById("result")
.style.display = "block";
document.getElementById("result")
.innerHTML = "Request too long.";
}
} else if (event.target.id == "result") {
var div = document.createRange();
div.setStartBefore(event.target);
div.setEndAfter(event.target);
window.getSelection()
.addRange(div);
} else if (event.target.id == "homepage" || event.target.id == "help" || event.target.id == "author") {
window.open(event.target.href);
}
}, false);
It strikes me as odd that you would do something so simple server side and use your bandwidth, processor time, your users' time waiting for the server response, require network connectivity, have it depend on an external service (what happens when the website goes down?), and expose their input both to the server and the network... is JavaScript just that painful? :P
-
@khofo, i want yo send you a pm with code, but i can't get a code from IRC
@fur, you could've just go right click inspect element and get the code :) Yes, javascript is painful for me since i'm more of a backend developer then frontend, and PHP has better support for needed functions :)
-
I feel like this kit is not that useful... If you just wanted to do sql injection automatically why not just use sqlmap? There already BASE 64 encoders/decoders and etc for firefox and probably chrome. Also sorta don't trust this maybe it is just me but this looks sketchy.
-
@khofo, i want yo send you a pm with code, but i can't get a code from IRC
@fur, you could've just go right click inspect element and get the code :) Yes, javascript is painful for me since i'm more of a backend developer then frontend, and PHP has better support for needed functions :)
You can Obin.net it and then pm me the link on IRC, I have a bouncer so I'll receive the link at anytime no problem just /query khofo <insert link here>
-
Where is the tool's source code?I'm not satisfaction with closed source software :P
-
Thanks for this mate.