Leaderboard

New tools released 2014. Whatsfree https://github.com/commonexploits/whatsfree Useful for when conducting pentests. Quickly find a live IP address to use. This can be handy when the client says “just pick one that is free” or when they give you a spreadsheet with an IP address to use and you want to ensure it is really free. Quite often typos will occur and you could take out a live box if you set the wrong IP. You do not need to set any IP address on your interface, just run it and it will list what IPs are free in the local subnet you enter. Livehosts https://github.com/commonexploits/livehosts This is a cut down version of LazyMap script I released. It will scan the given local or remote subnet and discover and count which hosts are live. Works very quickly just using some NMAP switches, lists and counts them. Handy for input into Nessus and also to work out how populated the VLANs are. During a pentest typically you will be given a spreadsheet with a list of VLANs and expected number of hosts. I always run this and then make a note of how many hosts were actually there. for example you expect to see 4 hosts and you see 40, this could impact the schedule so is worth alerting people at an early stage. Sonijohn https://github.com/commonexploits/sonijohn Something I created on the spot during a review on some Sonicwall firewalls. I wanted to check the password strength for the users. Sonicwall firewall configs export in a base64 file. This script you just point at the exported config file, it will decode it and extract all usernames and password hashes. It then changes them around in a way that makes them compatible with John the Ripper password cracker. So just then run John at them and it will work. Junijohn https://github.com/commonexploits/junijohn Much like the Sonicwall scipt, this is the same thing for Juniper Firewalls. DTPscan https://github.com/commonexploits/dtpscan This is a PASSIVE VLAN hopping script. I have updated and fixed this as a recent change to the way tshark outputs a summary broke this script. This will sniff a network port (no IP address needed) and look for DTP packets. If it finds DTP it will work out what mode it is in and tell you and indicate if it thinks VLAN hopping will be possible. Then you could run something like Frogger to carry out an ACTIVE attack to hop VLANS. A lot of clients now want to know “can you VLAN hop” this will tell you within 90 seconds if you can or not. WinocPHC (Windows Offline Password Hash Checker) https://github.com/commonexploits/winocphc Simply point at any extract password hashes from Windows operating systems that have been extracted with tools such as FGDump, pwdump, gsecdump etc. It will look through and highlight any user accounts that have the same password set and list the users. Also checks and separates disabled or previously used passwords. This is useful if you have extract domain hashes and find that half the users have the same password, this is likely to indicate an issue in the user creation process where the user is not being forced to change the password at first login. Also is good to highly password history issues, if the user can keep setting the same password it will list that too. LazyMap https://github.com/commonexploits/port-scan-automation Useful for any kind of internal infrastructure testing/VA. This will discover the live hosts, then port scan with NMAP just the live hosts. It then will list out all the unique open ports and then create you a Nessus policy. Then you just import the Nessus policy (which contains just the open ports found) and paste in the live hosts. This will be a much faster and accurate test as it is only scanning the live hosts and open ports. Also records start/stop times etc. Outputs all findings into client folders and auto excludes your own IP address. How many people Nessus the complete range where your tester laptops are and do not exclude? IPGen https://github.com/commonexploits/port-scan-automation A very simple script to generate IP address lists. Just give it a range and any IP addresses to exclude (see above, you want to exclude yourself and any other testers) and it will spit out a list of IP addresses. Then just paste these into Nessus etc. wEAPe https://github.com/commonexploits/weape A wireless network tool for testing managed wireless networks using 802.1x (PEAP/LEAP etc). It will assiocate against the AP and wait and extract any hostnames or domain usernames from the traffic as they authenticate to the wireless network. You do not need the wireless key/cert to do this. Frogger https://github.com/commonexploits/vlan-hopping An ACTIVE VLAN hopping tool. This will abuse the DTP protocol and imitate a trunk port. It will then extract any VLAN information from the switch and allow you to hop onto the other VLANs. Av0id https://github.com/nccgroup/metasploitavevasion handy little script to create Metasploit payloads to shell boxes running various Anti-Virus programs. Unfortunately these has been submitted to online scanners such as VirusTotal which share info with A.V vendors, therefore it doesn’t work too good now and gets flagged! EasyDA https://github.com/nccgroup/easyda A great tool for any Windows based infrastructure test. Insert a Windows password hash or clear text password and range of IPs. It will look for common password reuse within the network. It will also track down and look for where the Domain Administrator account is logged in. If common passwords exist and you find where the DA is, its game over. You are the domain admin, just impersonate the token and job done. Cisc0wn https://github.com/nccgroup/cisco-SNMP-enumeration Cisco SNMP enumeration, brute force, config downloader and password cracking script. Automate SNMP community checking, information extraction and configuration downloads from Cisco devices. Source

Salut am realizat un generator de cnp nu stiu daca este "bun" pentru ceea ce am eu nevoie este de ajuns .Acesta este codul import java.text.DecimalFormat;import java.util.Calendar; import java.util.GregorianCalendar; import java.util.Random; import java.util.Scanner; public class Cnp { public static void main(String args[]) { int sexPersoana = 0; Scanner introduAn = new Scanner(System.in); System.out.println("Introduceti anul: "); int an = introduAn.nextInt(); Scanner introduLuna = new Scanner(System.in); System.out.println("Introduceti luna: "); int luna = introduLuna.nextInt() - 1; Scanner introduZiua = new Scanner(System.in); System.out.println("Introduceti ziua : "); int ziua = introduZiua.nextInt(); System.out.println("Anul , luna si ziua au fost introduse "); System.out.println(); Calendar ziuaNasterii = new GregorianCalendar(); ziuaNasterii.set(an, luna, ziua); System.out.println("Ziua nasterii este " + ziuaNasterii.getTime()); Calendar cal1900 = new GregorianCalendar(); cal1900.set(1900, 0, 1); cal1900.clear(cal1900.MILLISECOND); Calendar cal1999 = new GregorianCalendar(); cal1999.set(1999, 11, 31); cal1999.clear(cal1999.MILLISECOND); Calendar cal1800 = new GregorianCalendar(); cal1800.set(1800, 0, 1); cal1800.clear(cal1800.MILLISECOND); Calendar cal1899 = new GregorianCalendar(); cal1899.set(1899, 11, 31); cal1899.clear(cal1899.MILLISECOND); Calendar cal2000 = new GregorianCalendar(); cal2000.set(2000, 0, 1); cal2000.clear(cal2000.MILLISECOND); Calendar cal2999 = new GregorianCalendar(); cal2999.set(2999, 11, 31); cal2999.clear(cal2999.MILLISECOND); Scanner sex = new Scanner(System.in); System.out.println("Introduceti sexul: "); String sexul = sex.nextLine(); System.out.println(); if (ziuaNasterii.getTime().after(cal1900.getTime()) && ziuaNasterii.getTime().before(cal1999.getTime())) { switch (sexul) { case "masculin": sexPersoana = 1; break; case "feminin": sexPersoana = 2; break; } } if (ziuaNasterii.getTime().after(cal1800.getTime()) && ziuaNasterii.getTime().before(cal1899.getTime())) { switch (sexul) { case "masculin": sexPersoana = 3; break; case "feminin": sexPersoana = 4; break; } } if (ziuaNasterii.getTime().after(cal2000.getTime()) && ziuaNasterii.getTime().before(cal2999.getTime())) { switch (sexul) { case "masculin": sexPersoana = 5; break; case "feminin": sexPersoana = 6; break; } } System.out.println("Sexul persoanei este " + sexPersoana); DecimalFormat formater = new DecimalFormat("00"); int getAn = ziuaNasterii.get(ziuaNasterii.YEAR) % 100; String getAnn = formater.format(getAn); int getZiua = ziuaNasterii.get(ziuaNasterii.DAY_OF_MONTH); String getZiuaa = formater.format(getZiua); int getLuna = ziuaNasterii.get(ziuaNasterii.MONTH) + 1; String getLunaa = formater.format(getLuna); System.out.println("S : " + sexPersoana + " AA " + getAnn + " LL " + getLunaa + " ZZ " + getZiuaa); Scanner introduJudet = new Scanner(System.in); System.out.println("Introduceti judetul : "); String judet = introduJudet.nextLine(); System.out.println(); int nrJudet = 0; switch (judet) { case "GALATI": nrJudet = 17; break; case "BRAILA": nrJudet = 9; break; } String getJudet = formater.format(nrJudet); System.out.println("S : " + sexPersoana + " AA " + getAnn + " LL " + getLunaa + " ZZ " + getZiuaa + " JJ " + getJudet); Random random = new Random(); int min = 1; int max = 999; int nrGenerat = random.nextInt(max - min) + min; DecimalFormat formatare = new DecimalFormat("000"); String getNNN = formatare.format(nrGenerat); System.out.println("S : " + sexPersoana + " AA " + getAnn + " LL " + getLunaa + " ZZ " + getZiuaa + " JJ " + getJudet + " NNN " + getNNN); System.out.println(); // // Inmultire pt cifra de control /////// int S = sexPersoana * 2; int AA1 = (getAn / 10) * 7; int AA2 = (getAn % 10) * 9; int LL1 = (getLuna / 10) * 1; int LL2 = (getLuna % 10) * 4; int ZZ1 = (getZiua / 10) * 6; int ZZ2 = (getZiua % 10) * 3; int JJ1 = (nrJudet / 10) * 5; int JJ2 = (nrJudet % 10) * 8; int NNN1 = (nrGenerat / 100) * 2; int NNN2 = (nrGenerat / 10) * 7; int NNN3 = (nrGenerat % 10) * 9; int cifraControl = S + AA1 + AA2 + LL1 + LL2 + ZZ1 + ZZ2 +JJ1 + JJ2 + NNN1 + NNN2 + NNN3 ; int cifraControlFinal; int rest = cifraControl % 11; System.out.println("restul este " +rest); if(rest == 10) { cifraControlFinal = 1; }else { cifraControlFinal = rest; } String controlFinal = Integer.toString(cifraControlFinal); StringBuilder cnp = new StringBuilder("").append(sexPersoana) .append(getAnn).append(getLunaa).append(getZiuaa) .append(getJudet).append(getNNN).append(controlFinal); System.out.println(cnp); } } Daca aveti vreo metoda prin care sa imbunatesc acest generator astept parerile voastre .Este scris destul de dezordonat din pacate

Vreau sa imi construiesc si eu DC, am nevoie doar de 5k. Banii mi donati prin payal Closed in plm + ban Valium. Pentru ca pot si ca prostia omeneasca e mare

Da, kickstarter.com, sau alte site-uri de crowdfundings ar trebui sa fie ok pentru tine, atata timp cat poti sa prezinti un plan real de afaceri cu costuri, cheltuieli, castiguri si toate celelalte. Exista site-uri de antreprenoriat care doar cu asta se ocupa, conteaza ideea si cat de bine ai gandit planul de afaceri (care la tine cam are lacune)

si stiti la ce ma gandesc eu la cei care nu au bani si ezita la alte destinatii?? la faptul ca doar acum il pot cunoaste pe TEX!!!