Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 08/09/17 in all areas

  1. Am reusit sa fac rost de mai multe informatii de la o sursa sigura. Aparent baietii au reusit sa extraga date destul de importante dintr-un server MySQL. Informatia era destul de importanta deoarece turneul de Solitaire era in derulare iar baza de date ce au extras-o continea evidenta scorurilor angajatilor. Revin cu update-uri cand mai primesc informatii.
    5 points
  2. "Cu ocazia percheziţiilor efectuate au fost indentificate şi ridicate mai multe sisteme informatice, harduri interne şi externe, smartphone-uri, stick-uri şi carduri de memorie, suporţi optici de tip CD/DVD, utilizate în activitatea infracţională" "harduri", ce limbaj profesional. 2017, CD/DVD, atac informatic... Nu era tocmai muzica buna pe Țedeu. A.S.I.A. - Suna Periculos trebuia sa le dea de gandit...
    5 points
  3. Mi se pare incredibil cat de repede se mobilizeaza toate serviciile DIICOT, SRI si care or mai fi pentru un 'atac informatic'. Daca ar fi asa de prompti si intereasati si in alte situatii care nu sunt 'atacuri' asupra institutilor statului ci atacuri impotriva populatiei gen: diluarea substantelor folosite pt igienizarea spitalelor, ce tara misto am avea. Macar sa ne zica la ce informatii strict secrete au avut acces. Sa intelegem si noi dimensiunea acestui atac. Cate persoane a salvat aceasta operatiune, cate persoane o sa iasa pe strada incepand de azi fara frica de a le fi atacat informatic apartamentul cat timp sunt plecati. Cate persoane a salvat de la infectiile pe care le iei prin spitale. Sa dea numere, rapoarte, costuri, valoarea prejudiciului. Sa intelegem cu toti ce au facut.
    4 points
  4. Bati campii rau de tot cu asta. Stau in aceeasi casa, respira acelasi aer, mananca impreuna, au planuri de viata impreuna. Nu crezi ca ar fi mai ok ca ea sa dea cartile pe fata daca o arde aiurea? Se vede ca esti inca necopt. Stai o viata alaturi de un om si tot nu ajungi sa-l cunosti. Crezi ca la toate dai cu programare cand nu mai merg lucrurile sau cand nu-ti convine ceva? Internetu' nu e viata. Ce vorbeste el acolo, e viata. Mai iesi si tu din casa, du-te si imbata-te, mergi la curve, lasa fitilele astea.
    3 points
  5. De cand e asta informatie secreta? Majoritatea orbitelor satelitilor sunt publice. La fel si cu descriptorii si cu misiunile satelitilor. Daca stii unde sa cauti poti gasi si echipamentul de pe un satelit si frecventele de comunicare. PS: "coordonatele" vor ramane in general aceleasi. Alea nu sunt coordonate geografice, sunt parametrii de orbita. Axa majora, apogee, perigee, inclinatie, (perioada)
    3 points
  6. http://www.mediafax.ro/social/doi-adolescenti-care-au-lansat-atacuri-informatice-asupra-unor-institutii-publice-din-romania-prinsi-de-diicot-16688657
    2 points
  7. Writing my first shellcode - iptables -P INPUT ACCEPT " I've recently started to look into basic application security concepts using the imho excellent material from OpenSecurityTraining.info. In this blogpost I'd like to share my first piece of shellcode executing iptables -P INPUT ACCEPT. **Background** After practically learning how to exploit a simple stackoverflow I wanted to see if I could write my own shellcode. I somehow came across the shellcode repository at shell-storm.org and wanted to develop something that wasn't already in there and is somehow useful. There are multiple entries which execute iptables -F. However, as far as I know, this only flushes all rules from all tables, but doesn't change the default policies. So it may drop all rules, but if a server's default policy is DROP you'll cut the machine off the internet. Mission failed. My idea was to write a piece of shellcode that would change the default policy of the INPUT chain to ACCEPT, i.e. run iptables -P INPUT ACCEPT. Writing shellcode First of all, I'd like to say that I'm not an 1337 sh3llc0d3 3Xp3rt. I read about some basics and tried to understand other people's shellcode and their tricks. So feedback is very welcome! Simply leave a comment or send me an e-mail. The goal is to run /sbin/iptables -P INPUT ACCEPT. At this point we assume that the exploited application has enough privileges to execute this command. Otherwise you might want to add some setuid(0) code or so. " Source: https://0day.work/writing-my-first-shellcode-iptables-p-input-accept/
    2 points
  8. Facand publice informatii de genul asta poti ajunge usor satelit pe orbita si sa iti dai seama ca ai ajuns acolo dar informatiile nu erau secrete sau importante...pune niste poze cu depozitele de armament rusesti din transnistria atunci da nota 10
    2 points
  9. ^ "'au efectuat şi revendicat o serie de atacuri informatice (DDOS) de tip "defacement", unele fiind îndreptate împotriva sistemelor informatice ale unor instituţii publice.''
    2 points
  10. Identifying malicious software executables is made difficult by the constant adaptations introduced by miscreants in order to evade detection by antivirus software. Such changes are akin to mutations in biological sequences. Recently, high-throughput methods for gene sequence classification have been developed by the bioinformatics and computational biology communities. In this paper, we apply methods designed for gene sequencing to detect malware in a manner robust to attacker adaptations. Whereas most gene classification tools are optimized for and restricted to an alphabet of four letters (nucleic acids), we have selected the Strand gene sequence classifier for malware classification. Strand’s design can easily accommodate unstructured data with any alphabet, including source code or compiled machine code. To demonstrate that gene sequence classification tools are suitable for classifying malware, we apply Strand to approximately 500 GB of malware data provided by the Kaggle Microsoft Malware Classification Challenge (BIG 2015) used for predicting nine classes of polymorphic malware. Experiments show that, with minimal adaptation, the method achieves accuracy levels well above 95% requiring only a fraction of the training times used by the winning team’s method. https://jis-eurasipjournals.springeropen.com/articles/10.1186/s13635-017-0055-6
    2 points
  11. burpa: Burp Automator A Burp Suite Automation Tool with Slack Integration Requirements burp-rest-api Burp Suite Professional slackclient Usage: python burpa.py -h ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### usage: burpa.py [-h] [-a {scan,proxy-config}] [-pP PROXY_PORT] [-aP API_PORT] [-rT {HTML,XML}] [-r {in-scope,all}] [--include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]] [--exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]] proxy_url positional arguments: proxy_url Burp Proxy URL optional arguments: -h, --help show this help message and exit -a {scan,proxy-config}, --action {scan,proxy-config} -pP PROXY_PORT, --proxy-port PROXY_PORT -aP API_PORT, --api-port API_PORT -rT {HTML,XML}, --report-type {HTML,XML} -r {in-scope,all}, --report {in-scope,all} --include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]] --exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]] TEST: $ python burpa.py http://127.0.0.1 --action proxy-config ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### [+] Checking the Burp proxy configuration ... [-] Proxy configuration needs to be updated [+] Updating the Burp proxy configuration ... [-] Proxy configuration updated $ python burpa.py http://127.0.0.1 --action scan --include-scope http://testasp.vulnweb.com ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### [+] Retrieving the Burp proxy history ... [-] Found 4 unique targets in proxy history [+] Updating the scope ... [-] http://testasp.vulnweb.com included in scope [+] Active scan started ... [-] http://testasp.vulnweb.com Added to the scan queue [-] Scan in progress: %100 [+] Scan completed [+] Scan issues for http://testasp.vulnweb.com: - Issue: Robots.txt file, Severity: Information - Issue: Cross-domain Referer leakage, Severity: Information - Issue: Cleartext submission of password, Severity: High - Issue: Frameable response (potential Clickjacking), Severity: Information - Issue: Password field with autocomplete enabled, Severity: Low - Issue: Cross-site scripting (reflected), Severity: High - Issue: Unencrypted communications, Severity: Low - Issue: Path-relative style sheet import, Severity: Information - Issue: Cookie without HttpOnly flag set, Severity: Low - Issue: File path traversal, Severity: High - Issue: SQL injection, Severity: High [+] Downloading HTML/XML report for http://testasp.vulnweb.com [-] Scan report saved to /tmp/burp-report_20170807-235135_http-testasp.vulnweb.com.html [+] Burp scan report uploaded to Slack Download burpa-master.zip Source: https://github.com/0x4D31/burpa
    2 points
  12. Va salut, nu am avut niciodata o tangenta reala cu asa ceva, vin cu o intrebare care mi-ar putea limpezi relatia.O banuiesc pe sotia mea de faptul ca e infidela, mascarea de mesaje pretinzand ca se joaca pe telefon de o vreme indelungata de timp imi e destul. Se poate asculta cumva telefonul/citi mesajele fara ?Ce metoda viabila ar fi pentru un novice ca mine, care in afara de a converti o melodie pe youtube/a descarca o aplicatie de pe magazin play, nu mai stie nimic?Mi-ar fi foarte de folos, se pare ca am lasat prea multe pe mana ei si nici asa nu e bine.
    1 point
  13. How the NSA tracks you by William Binney, former NSA & whistleblower Link: https://media.ccc.de/v/SHA2017-402-how_the_nsa_tracks_you Via: https://twitter.com/x0rz/status/894557118992396288 Imi cer scuze daca am gresit sectiunea
    1 point
  14. One of the aspects of ransomware that makes them so effective is the psychological angle: encrypting files in a computer or device plays on the victims' fears – specifically, would they lose their files if they did not pay? A new mobile ransomware called LeakerLocker (Detected by Trend Micro as ANDROIDOS_LEAKERLOCKER.HRX) takes this psychological fear one step further. It does not threaten to encrypt or delete files. Instead, it gathers personal information and threatens to expose this info to the user's contact list. LeakerLocker arrives on an Android device via Google Play. Three applications (which have since been taken down by Google) in particular were found carrying the mobile ransomware: Wallpapers Blur HD, Booster & Cleaner Pro, and Calls Recorder. Figure 1: Calls Recorder app Analysis of the Calls Recorder app shows that LeakerLocker will begin to gather personal information from the device as soon as it's downloaded. The type of data gathered includes contacts, phone calls and photographs, which it then threatens to expose, as seen from the ransom note taken from another application carrying the ransomware: Figure 2: LeakerLocker ransom screen Analyisis of the LeakerLocker code reveals that it isn't capable of actually exposing the information, but the simple threat of having potentially sensitive information exposed could be enough to scare a victim into paying the ransom. In addition to LeakerLocker, here are the other notable ransomware news from this week: SLocker While the world has had enough of Petya and its variants, it seems that cybercriminals are still trying to ride the ransomware’s popularity. In July, the veteran ransomware known as SLockerwas found copying Petya's Graphical User Interface (GUI). Recently, SLocker popped up again with a new variant (Detected by Trend Micro as ANDROIDOS_SLOCKER.OPSCB) combining the use of the China-based social networking website QQ with its screen locking and file encrypting capabilities. Figure 3: SLocker ransom note This variant features a few changes since its first iteration, particularly in how it was created. Notably, it uses the Android integrated development environment (AIDE), which makes it easier for potential attackers to create their own SLocker variants. It does come with a few kinks, and is rather incompetent when it comes to actually encrypting files – including unnecessary file types like temp, cache, and system logs. However, it combines file encryption with screen locking features, making it doubly troublesome for its targets. Cerber While the Cerber ransomware has gone through so many evolutions that it is hardly surprising to see new variants popping up, ransomware with cryptocurrency-stealing features are quite unusual. That relatively uncommon feature is what makes this new Cerber variant (Detected by Trend Micro as RANSOM_HPCERBER.SMALY5A) quite notable. Figure 4: Email containing the Cerber ransomware The new variant specifically steals cryptocurrencies by targeting three kinds of wallets—Bitcoin’s Core wallet and two third-party wallets from Electrum and Multibit—while trying to retrieve password information via files and internet browsers. In addition, Cerber will also delete the actual wallet files once the information is stolen. While this behavior in itself is unlikely to cause wide scale concerns due to the relatively small number of bitcoin users, it's still a significant threat. It's also a sign that ransomware developers are starting to look for more ways to profit, regardless if the victim chooses to avoid paying the ransom. Mobile ransomware highlight this week’s recap. Plenty of users are still unaware that ransomware can also infect mobile devices. Users should always double check any application they download, even if they come from reliable sources such as Google Play. Reading app reviews can help users distinguish legitimate applications from suspicious and potentially malicious ones. Demon Although the Demon ransomware (Detected by Trend Micro as RANSOM_DEMON family) is relatively unremarkable in terms of payload—it doesn't actually encrypt any files—it’s notable because of its unusual ransom note, which is similar to WannaCry’s: Figure 5: Demon ransom note Perhaps even stranger is the “encrypt” button located at the bottom left portion of the ransom note. Why this button exists is not clear, as obviously, no user will want to encrypt their own files. The Chinese characters found in the upper left portion of the note (blurred in the above photograph) is actually the logo of an online bookstore, which adds to the amateurish quality of this ransomware. It all points to an unsophisticated attempt at tricking users through bluffing without having routines that do any damage. Ransomware Solutions End users and enterprises can also benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Android™ (available on Google Play), and Trend Micro™ Mobile Security for Apple devices (available on the App Store). Trend Micro™ Mobile Security for Enterprise provide device, compliance and application management, data protection, and configuration provisioning, as well as protect devices from attacks that leverage vulnerabilities, preventing unauthorized access to apps, as well as detecting and blocking malware and fraudulent websites Enterprises can also benefit from a multi-layered, step-by-step approach in order to best mitigate the risks brought by these threats. Email and web gateway solutions such as Trend Micro™ Deep Discovery™ Email Inspector and InterScan™ Web Security prevent ransomware from ever reaching end users. At the endpoint level, Trend Micro Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimizes the impact of this threat. Trend Micro Deep Discovery Inspector detects and blocks ransomware on networks, while Trend Micro Deep Security™ stops ransomware from reaching enterprise servers–whether physical, virtual or in the cloud. For small businesses, Trend Micro Worry-Free Services Advanced offers cloud-based email gateway security through Hosted Email Security. Its endpoint protection also delivers several capabilities such as behavior monitoring and real-time web reputation in order detect and block ransomware. For home users, Trend Micro Security 10 provides strong protection against ransomware by blocking malicious websites, emails, and files associated with this threat. Users can likewise take advantage of our free tools such as the Trend Micro Lock Screen Ransomware Tool, which is designed to detect and remove screen-locker ransomware; as well as Trend Micro Crypto-Ransomware File Decryptor Tool, which can decrypt certain variants of crypto-ransomware without paying the ransom or the use of the decryption key. Via trendmicro.com
    1 point
  15. Salut, cumpar si eu cont adsense, cu plata in ro. astept pm. Multumesc!
    1 point
  16. La cablurile originale eu am patit sa se duca "dintii" un pic mai in spate si nu mai facea fast charge.
    1 point
  17. Uite ce mi-au recomandat mie băieții când am avut o problemă similară. Treaba a fost doar în capul meu din fericire.
    1 point
  18. @u0m3 @Technetium Multumesc mult pentru ajutor ! Sunt inca la stadul de punere la punct a algoritmului. Adica mai intai vreau sa vad cum ar trebui sa fie si pe urma am de gand sa incerc in python si pe urma transpun eu. Dar cred ca de acum ma descruc. Multumesc inca o data ! O seara faina !
    1 point
  19. June 29, 2017 ~ R3MRUM Over the past year-or-so, there seems to have been an uptick of miscreants password protecting the malicious office documents that they send to their target victims. They do this in an effort to bypass detection and thwart analysis. This blog details a few different tools and methodologies that can be used to analyze such files. Delivery & File Type These malicious documents typically end up making their way to the end point via email. The email message typically consists of some ruse to entice the user to open the document and, conveniently, includes the password needed to decrypt it (Figure 1). Figure 1: Example email with password protected MS Office document attached and password in message body. The ‘m’ at the end of the ‘.dotm’ file extension, shown in Figure 1, tells you that the file attached is macro-enabled. In this instance, it is an MS Office Document Template file but it could have just as easily been a ‘.docm’ file, ‘.xlsm’ file, or any other macro-enabled file type supported by MS Office 2007 or newer. Feel free to read more about these file types on Microsoft’s website. Figure 2 shows the prompt that you are presented with when you open a password protected Office document: Figure 2: Password prompt received when opening a password protected office document. Failed Analysis Method #1: Copy Macros When I first encountered this type of malicious document, my first instinct was to launch the document in an isolated sandbox, enter in the password provided to me in the message body, and then copy the embedded VBA macro code from the document into notepad where I can then perform my analysis. This technically could have worked if the miscreant did not also password protect the Visual Basic Project containing the malicious VBA code with a separate unknown password (Figure 3). Figure 3: Password prompt received when attempting to gain access to macro code. Failed Analysis Method #2: Re-Save Without Password My second thought was: “After I open the document and enter in the initial password, I’ll just re-save the document without a password. Then I’ll be able to use my analysis tools to inspect the file’s contents.” Unfortunately, this doesn’t work either due to the fact that the VB Project within the encrypted document is also password protected. If you attempt this method, the contents of the document (images, text, etc…) will still be present within the unencrypted copy of the document but any embedded macros will be stripped. Successful Analysis Method #1: Decrypt with MSOffice-Crypt & Analyze w/ olevba|ViperMonkey Let me introduce you to a nifty little tool called msoffice-crypt. This bad mama jama enables you to dump a decrypted version of the encrypted office document out to a file. As a bonus, it works in both Windows and Linux! Figure 4: msoffice-crypt options & decrypting of encrypted Office document In Figure 4, I ran msoffice-crypt.exe without any arguments so that you can see the different supported options. Then, in the highlighted section, I ran the following command, which decrypted smith.dotm using the password “6429”: msoffice-crypt.exe -d -p 6429 smith.dotm If you did not provide an output file name, msoffice-crypt will default to appending an “_d” to the file name, like so: smith_d.dotm. Figure 5: Decrypted document created within the current working directory Sure enough, we see in Figure 5 that the decrypted Office document has been created. Now, if we launch this newly created document (in an isolated environment, of course!), you should no longer received the password prompt. Figure 6: Office document decrypted. Password no longer needed to open. Voilà! No password prompt received! (Figure 6) If you didn’t know, MS Office 2007+ documents are OpenXML format which means they are actually just compressed archives that you can decompress using you’re favorite archive extractor (WinZip, 7z, etc..). We can also spot the difference between the encrypted and decrypted documents by comparing the decompressed contents of both. Figure 7: Contents of decompressed encrypted Office document Figure 7 shows the contents of my encrypted Office document whereas Figure 8 shows the contents of my decrypted Office document. Figure 8: Contents of decompressed decrypted Office document The contents depicted in both Figures 7 and 8 are typical and should match what you are seeing in whatever OpenXML formatted Office document you are analyzing; not just this sample. This actually segues nicely into the next step, which is to extract out the VBA Macro code. If you recall, the malware author also password protected the VB Project containing the macro code. While I am not aware of any tool that will strip this protection from the document, it doesn’t matter as existing tools such as oletools, ViperMonkey, etc.. completely bypass it. Back in the day (like 3 months ago), I would have extracted out the VBA code by decompressing the OpenXML archive, locating the OLE binary within the “word” folder (i.e vbaProject.bin), and then using something like OfficeMalScanner (Figures 9 & 10): Figure 9: Running OfficeMalScanner against OLE binary found within OpenXML archive Figure 10: VBA code extracted from OLE binary using OfficeMalScanner … or olevba from the oletools suite (Figure 11): Figure 11: VBA code extracted from OLE binary using olevba But this is old-school. These days, all the kids are using ViperMonkey. ViperMonkey not only extracts the VBA for you but also emulates execution so that if the VBA is heavily obfuscation (in this case, it is not), you can quickly and safely derive what the code is actually doing. Also, it can handle OpenXML files so there is no need to extract the archive and locate the OLE binary. Figure 12: Analysis of the decrypted Office document using ViperMoney Figure 12 shows how ViperMoney not only extracts and displays the embedded VBA macro but it also gives you the execution flow of the malicious code in a quick and easy-to-ingest format. This dramatically reduces analysis time which, in turn, expedites time-to-respond. If I ever meet Philippe Lagadec (@decalage2), I’m going to buy that man a beer! Successful Analysis Method #2: Simply Open w/ LibreOffice Your probably going to hate me for making you step through the entire blog before mentioning – what turns out to be – the most simplest (and laziest) solution for accessing the embedded VBA code within a password protected document/project. Since REMNux doesn’t come packaged with LibreOffice, you’ll need to install it by simply running: sudo apt-get install libreoffice Once installed, open the encrypted Office document in LibreOffice by running: libreoffice smith.dotm Like when you opened the encrypted Office document within MS Office (Figure 2), you will be requested to enter in the document’s password (Figure 13). Figure 13: LibreOffice password prompt When you enter in the password, the document will successfully load. Now, you will be able to access the embedded VBA macro code by navigating to: Tools –> Macros –> Organize Macros –> LibreOffice Basic You will be presented with a pop-up window (Figure 14) where you will need to find the project containing the VBA code and hit the Edit button. Figure 14: LibreOffice’s Macro Editor Dialogue And BOOM! LibreOffice’s Basic Editor opens; giving you direct access to the VBA macro code without needing to also know the VB Project’s password (Figure 15): Figure 15: LibreOffice’s Basic Editor providing access to embedded VBA code. Bypassing password. That’s it! It’s that simple! My personal preference is the first method as I’m a command-line junkie. But, if you are more comfortable with performing your analysis via a GUI, then the LibreOffice method might be a better fit for you! Regardless, knowing multiple methods for solving single problem will only make you a better analyst. References Open XML Formats and file name extensions How to remove a password from a document MSOffice-Crypt: A tool/lib to encrypt/decrypt Microsoft Office Document Wikipedia: Office Open XML OfficeMalScanner Decalage2: oletools GitHub Decalage2: ViperMonkey GitHub LibreOffice Wiki Sursa: https://r3mrum.wordpress.com/2017/06/29/analyzing-malicious-password-protected-office-documents/
    1 point
  20. _ _ _ _ __ _ _ __| (_) ___| |_ ___ _ __ | '_ \| | | |/ _` | |/ __| __/ _ \| '__| | |_) | |_| | (_| | | (__| || (_) | | | .__/ \__, |\__,_|_|\___|\__\___/|_| |_| |___/ Email: LandGrey@qq.com Preface: Q: Why I need to use pydictor ? A: 1.it always can help you You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on; You can use the pydictor built-in tool to safe delete, merge, unique, merge and unique, count word frequency to filter the wordlist, besides, you also can specify your wordlist and use '-tool handler' to filter your wordlist; 2.highly customized You can generate highly customized and complex wordlist by modify multiple configuration files, add your own dictionary, using leet mode, filter by length、char occur times、types of different char、regex, even customized own encryption function by modify /lib/fun/encode.py test_encode function. its very relevant to generate good or bad password wordlist with your customized rules and skilled use of pydictor; 3.powerful and flexible configuration file parsing nothing to say,skilled use and you will love it 4.great compatibility whether you are using Python 2.7 version or Python 3.x version , pydictor can be run on Windows, Linux or Mac; Start: git clone --depth=1 --branch=master https://www.github.com/landgrey/pydictor.git cd pydictor/ chmod 755 pydictor.py python pydictor.py Overview: Quick to use: types of generate wordlist(14 types)and descriptions wordlist type number description base 1 basic wordlist char 2 custom character wordlist chunk 3 permutation and combination wordlist conf 4 based on configuration file wordlist sedb 5 social engineering wordlist idcard 6 id card last 6/8 char wordlist extend 7 extend wordlist based on rules scratch 8 wordlist based on web pages keywords passcraper 9 wordlist against to web admin and users handler 10 handle the input file generate wordlist uniqifer 11 unique the input file and generate wordlist counter 12 word frequency count wordlist combiner 13 combine the input file generate wordlist uniqbiner 14 combine and unique the input file generate wordlist function and scope of support wordlist number function number (wordlist) description len 1 2 3 4 5 6 7 9 10 11 12 14 lenght scope head 1 2 3 4 5 6 7 9 10 11 12 14 add items prefix tail 1 2 3 4 5 6 7 9 10 11 12 14 add items suffix encode 1 2 3 4 5 6 7 9 10 11 12 14 encode the items occur 3 4 5 7 9 10 11 12 14 filter by occur times of letter、digital、special chars types 3 4 5 7 9 10 11 12 14 filter by types of letter、digital、special chars regex 3 4 5 7 9 10 11 12 14 filter by regex level 5 7 9 set the wordlist level leet 5 7 9 1337 mode usage examples: 1: generate the basic wordlsit based on digital lenght of 4 python pydictor.py -base d --len 4 4 --output D:\exists\or\not\dict.txt 2: encode the wordlist python pydictor.py -base L --len 1 3 --encode b64 3: use d(digital) L(lowercase letter) c(capital letter) generating wordlist python pydictor.py -base dLc -o /awesome/pwd 4: use customized characters generating wordlist python pydictor.py -char "abc123._@ " --len 1 3 --tail @site 5: generate permutation and combination wordlist python pydictor.py -chunk abc ABC 666 . _ @ "'" --head a --tail 123 --encode md5 6. extend wordlist based on rules extend function mainly directed against web application administrator to generate password You can put your own weak password wordlist in wordlist/Web,extend function will auto unique them,new wordlist will contains them You can modify funcfg/extend.conf,set prefix, suffix, prefix + suffix and middle word when extended extend function support leet mode,pick by level and pick by lenght function,you can learn more in the following write the following information to '/names.txt' liwell shelly bianji webzhang run command: python pydictor.py -extend /names.txt --leet 0 1 2 11 21 --level 1 --len 4 16 --occur "<=10" ">0" "<=2" -o /possbile/wordlist.lst 7: id card last 6/8 char wordlist pydictor.py -plug pid6 --types ">=0" ">=4" ">=0" --encode b64 note: default sex ='all', it decided by lib/data/data.py default_sex, and 'm' is Male, 'f' is Female 8: using passcraper plugin crawl website generating password wordlist based on plain text found and extend rules the rules of passcraper plug and extend function are the same passcraper plug will generate two wordlist,preffix with SCRATCH is raw wordlist by website plain text, and if you feel that there are a lot of unrelated words in the SCRATCH wordlist, you can remove them, and then use the extend function to specify the new file to generate dictionary again. you can modify the funcfg/passcraper_blacklist.conf file,add or delete useless words that need to be filtered out, and also can modify lib/data/data.py file passcraper_filter argument,change the filter regular expressions with same extend function,you can put your weak password in /wordlist/Web,new wordlist will contains them python pydictor.py -plug passcraper using default file scraper.sites as multi-input file python pydictor.py -plug passcraper http://www.example.com 9. using configuration file build dictionary this function contains all of "-base" and "-char" capacities,and more precise control python pydictor.py --conf using default file funcfg/build.conf build the dictionary python pydictor.py --conf /my/other/awesome.conf using /my/other/awesome.conf build the dictionary note: parsing rules details as following,besides referred to build.conf file configuration parsing rules details: the basic unit of parsing is called an parsing element, an parsing element includes five elements, namely: head, character set, length range, encoding, tail, which can be omitted both head and tail; A standard parsing element:head[characters]{minlength,maxlength}<encode-type>tail,a example parsing element:a[0-9]{4,6}<none>_ Its meaning build a dictionary that prefix is "a" , character set is 0—9, don't encode,length range is 4—6 and suffix is "_" current is support parsing one line one line can contains 10 parsing elements such as:[4-6,a-c,A,C,admin]{3,3}<none>_[a,s,d,f]{2,2}<none>[789,!@#]{1,2}<none>,it contains three parsing elements if annotator "#" in first place, program won't parse this line conf function can build more precise dictionary up to single char about character sets: You can add the "-" in the middle of character sets beginning and ending to join them and can also use "," to separate multiple character sets, or a single character, or a single string, as an element of the character set; supported encoding: none don't encode b64 base64 md5 md5 digest algorithm output 32 char md516 md5 digest algorithm output 16 char sha1 sha1 digest algorithm url urlencode sha256 sha256 digest algorithm sha512 sha512 digest algorithm test interface for customized encode function 10. handle wordlist's tools filter tool handler specify the input file, and output the handled file python pydictor.py -tool handler /wordlist/raw.txt --len 6 16 --occur "" "=6" "<0" --encode b64 -o /wordlist/ok.txt safe delete tool shredder python pydictor.py -tool shredder delete the currently specified output path(default:results) files and all its dictionary files python pydictor.py -tool shredder base delete the files of it's prefix is "BASE" in currently specified output path prefix(case insensitive) range in 14 items: base,char,chunk,conf,sedb,idcard,extend,handler,uniqifer,counter,combiner,uniqbiner,scratch,passcraper besides,you can safe shred files or whole directory as following: python pydictor.py -tool shredder /data/mess python pydictor.py -tool shredder D:\mess\1.zip for improving the security delete speed, the default uses 1 times to erase and rewrite,you can modify lib/data/data.py file's file_rewrite_count and dir_rewrite_count value remove duplicates tool uniqifer python pydictor.py -tool uniqifer /tmp/my.dic word frequency statistics tool counter python pydictor.py -tool counter vs /tmp/mess.txt 100 select 100 words in /tmp/mess.txt file that appear in the most times and output to the terminal and saved to file note: default choose 100 items to print or save;default separator is:"\n",you can modify counter_split value in lib/data/data.py file merge dictionary tool combiner python pydictor.py -tool combiner /my/messdir note: default choose 100 items to print or save;default separator is:"\n",you can modify counter_split value in lib/data/data.py file merge dictionary tool combiner python pydictor.py -tool combiner /my/messdir remove duplicates after merging tool uniqbiner python pydictor.py -tool uniqbiner /my/messdir 11: wordlist filter filter by level function this function is currently only support extend function, passcraper plug, Social Engineering Dictionary Builder default level is 3, the lower level, the lower possibility, the more items modify funcfg/extend.conf file,customized your awesome level rules python pydictor.py -extend bob adam sarah --level 5 use leet mode this function is currently only support extend, passcraper, Social Engineering Dictionary Builder all default unable to use leet mode, when enable, you can use multiple code at one time SEDB can enable leet mode and set code in SEDB interface enable leet mode cannot make wordlist decrease,it will increase wordlist on the basis of unable to use the leet mode default leet table leet char = replace char a = 4 b = 6 e = 3 l = 1 i = 1 o = 0 s = 5 code 0 default,replace all 1 left-to-right, replace all the first encountered leet char 2 right-to-left, replace all the first encountered leet char 11-19 left-to-right, replace the first encountered leet char to maximum code-10 chars 21-29 right-to-left, replace the first encountered leet char to maximum code-20 chars code effection table code old string new string 0 as a airs trees 45 4 41r5 tr335 1 as a airs trees 4s 4 4irs trees 2 as a airs trees a5 a air5 tree5 11 as a airs trees 4s a airs trees 12 as a airs trees 4s 4 airs trees 13 as a airs trees 4s 4 4irs trees 14 as a airs trees 4s 4 4irs trees ... as a airs trees 4s 4 4irs trees 21 as a airs trees as a airs tree5 22 as a airs trees as a air5 tree5 23 as a airs trees a5 a air5 tree5 24 as a airs trees a5 a air5 tree5 ... as a airs trees a5 a air5 tree5 besides,you also can: modify /funcfg/leet_mode.conf, add or delete leet table items; modify /lib/lib/data.py, extend_leet、passcraper_leet、sedb_leet arguments, choose some functions whether default use leet mode; modify /lib/data/data.py,leet_mode_code argument, choose default mode code; filter by occur times of letter、digital、special chars --occur [scope of occur letter times] [scope of occur digital times] [scope of occur special chars times] default occur times "<=99" "<=99" "<=99" filter by types of letter、digital、special chars --types [scope of letter types] [scope of digital types] [scope of special types] default types ">=0" ">=0" ">=0" 12. social engineering dictionary python pydictor.py --sedb _ _ _ _ __ _ _ __| (_) ___| |_ ___ _ __ | '_ \| | | |/ _` | |/ __| __/ _ \| '__| | |_) | |_| | (_| | | (__| || (_) | | | .__/ \__, |\__,_|_|\___|\__\___/|_| |_| |___/ Social Engineering Dictionary Builder Build by LandGrey ----------------------------[ command ]---------------------------- [+]help desc [+]exit/quit [+]clear/cls [+]show option [+]set option arguments [+]rm option [+]len minlen maxlen [+]head prefix [+]tail suffix [+]encode type [+]occur L d s [+]types L d s [+]regex string [+]level code [+]leet code [+]output directory [+]run ----------------------------[ option ]---------------------------- [+]cname [+]ename [+]sname [+]birth [+]usedpwd [+]phone [+]uphone [+]hphone [+]email [+]postcode [+]nickname [+]idcard [+]jobnum [+]otherdate [+]usedchar pydictor SEDB>> command: help reload interface help desc view the meaning for each items exit or quit exit the program clear or cls clear screen show view the current settings set set option value rm remove option value len select the length range head add prefix tail add suffix encode encode items occur set occur times of letter、digital、special chars types set types of letter、digital、special chars regex filter by regex level select the extend level value leet enable leet mode and choose code output set output dictionary or file path run build wordlist if you have some information about someone information items value chinese name 李伟 pinyin name liwei simple name lw simple name Lwei english name zwell birthday 19880916 used password liwei123456. used password liwei@19880916 used password lw19880916_123 used password abc123456 phone number 18852006666 used phone number 15500998080 home phone 76500100 company phone 010-61599000 email account 33125500@qq.com email account 13561207878@163.com email account weiweili@gmail.com email account wei010wei@hotmail.com home postcode 663321 now place postcode 962210 common nickname zlili id card number 152726198809160571 student id 20051230 job number 100563 father birthday 152726195910042816 mother birthday 15222419621012476X boy/girl friend brithday 152726198709063846 friend brithday 152726198802083166 pet name tiger crazy something games of thrones special meaning numbers 176003 special meaning chars m0n5ter special meaning chars ppdog now, use follwing command: python pydictor.py --sedb set cname liwei set sname lw Lwei set ename zwell set birth 19880916 set usedpwd liwei123456. liwei@19880916 lw19880916_123 set phone 18852006666 set uphone 15500998080 set hphone 76500100 61599000 01061599000 set email 33125500@qq.com set email 13561207878@163.com set email weiweili@gmail.com set email wei010wei@hotmail.com set postcode 663321 962210 set nickname zlili set idcard 152726198809160571 set jobnum 20051230 100563 set otherdate 19591004 19621012 set otherdate 19870906 19880208 set usedchar tiger gof gamesthrones 176003 m0n5ter ppdog view the configuration, and build the wordlist show run if you want more items wordlist, use level 1 and, you want to filter some impossible password, set the password lenght len 1 16 at least one letter and at most three special char, occur ">0" "" "<=3" and at most two types of special char in one item, types "" "" "<=2" finaly, specify the output path, build wordlist again output D:\awesome\dict\liwei_pass.txt run note: you can modify funcfg/sedb_tricks.conf file,change the word transform prefix, suffix and prefix+suffix rules you can put your own individual weak password wordlist in wordlist/SEDB, SEDB some little rules contains extend function Destination is just a point of departure,It's your show time Download pydictor-master.zip Source: https://github.com/LandGrey/pydictor
    1 point
  21. A couple of weeks ago I did a test installing a bare Debian 9 VM. Then I started to add top 50 tools from Kali Linux. To be honest, this VM is working like a charm atm without all the other unnecessary bull shit which is coming by default with Kali Linux. Overall, you have to understand this distro was built mainly by an Israeli dude and that should raise some concerns. Don't get me wrong, it is an amazing distro but once its popularity grew among security professionals, some interests into have it "backdoored" probably elevated as well. There is also the BlackArch alternative which overall is way more time consuming from tweaking perspective. Also, personally, I found Arch being slightly unfriendly with VMWARE workstation and very sensitive to different kernel changes. But this is just a personal opinion.
    1 point
  22. Consulta un manual de clasa 10a, geometrie plana in pula mea. Daca vrei te invat eu cum sa trasezi o parabolica
    1 point
  23. Stiu ca nu este un forum despre programare ci mai mult de securitate *daca vreun admin considera ca nu are ce cauta aici il poate sterge* Am facut in c++ SFML Game Of Life. Link aici.
    1 point
  24. WSSAT - Web Service Security Assessment Tool Lydecker Black on 11:30 AM | Post sponsored by Netsparker Web Application Security Scanner WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests against the security vulnerabilities. It also makes information disclosure controls. With this tool, all web services could be analysed at once and the overall security assessment could be seen by the organization. Objectives of WSSAT are to allow organizations: Perform their web services security analysis at once See overall security assessment with reports Harden their web services WSSAT’s main capabilities include: Dynamic Testing: Insecure Communication - SSL Not Used Unauthenticated Service Method Error Based SQL Injection Cross Site Scripting XML Bomb External Entity Attack - XXE XPATH Injection Verbose SOAP Fault Message Static Analysis: Weak XML Schema: Unbounded Occurrences Weak XML Schema: Undefined Namespace Weak WS-SecurityPolicy: Insecure Transport Weak WS-SecurityPolicy: Insufficient Supporting Token Protection Weak WS-SecurityPolicy: Tokens Not Protected Information Leakage: Server or technology information disclosure WSSAT’s main modules are: Parser Vulnerabilities Loader Analyzer/Attacker Logger Report Generator The main difference of WSSAT is to create a dynamic vulnerability management environment instead of embedding the vulnerabilities into the code. This project has been developed as Term Project at Middle East Technical University (METU), Software Management master program. Download WSSAT Sursa: http://www.kitploit.com/2016/09/wssat-web-service-security-assessment.html
    1 point
×
×
  • Create New...