Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 01/28/23 in all areas

  1. CloudBrute A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here At a glance Motivation While working on HunterSuite, and as part of the job, we are always thinking of something we can automate to make black-box security testing easier. We discussed this idea of creating a multiple platform cloud brute-force hunter.mainly to find open buckets, apps, and databases hosted on the clouds and possibly app behind proxy servers. Here is the list issues we tried to fix: separated wordlists lack of proper concurrency lack of supporting all major cloud providers require authentication or keys or cloud CLI access outdated endpoints and regions Incorrect file storage detection lack support for proxies (useful for bypassing region restrictions) lack support for user agent randomization (useful for bypassing rare restrictions) hard to use, poorly configured Features Cloud detection (IPINFO API and Source Code) Supports all major providers Black-Box (unauthenticated) Fast (concurrent) Modular and easily customizable Cross Platform (windows, linux, mac) User-Agent Randomization Proxy Randomization (HTTP, Socks5) Supported Cloud Providers Microsoft: Storage Apps Amazon: Storage Apps Google: Storage Apps DigitalOcean: storage Vultr: Storage Linode: Storage Alibaba: Storage Version 1.0.0 Usage Just download the latest release for your operation system and follow the usage. To make the best use of this tool, you have to understand how to configure it correctly. When you open your downloaded version, there is a config folder, and there is a config.YAML file in there. It looks like this providers: ["amazon","alibaba","amazon","microsoft","digitalocean","linode","vultr","google"] # supported providers environments: [ "test", "dev", "prod", "stage" , "staging" , "bak" ] # used for mutations proxytype: "http" # socks5 / http ipinfo: "" # IPINFO.io API KEY For IPINFO API, you can register and get a free key at IPINFO, the environments used to generate URLs, such as test-keyword.target.region and test.keyword.target.region, etc. We provided some wordlist out of the box, but it's better to customize and minimize your wordlists (based on your recon) before executing the tool. After setting up your API key, you are ready to use CloudBrute. ██████╗██╗ ██████╗ ██╗ ██╗██████╗ ██████╗ ██████╗ ██╗ ██╗████████╗███████╗ ██╔════╝██║ ██╔═══██╗██║ ██║██╔══██╗██╔══██╗██╔══██╗██║ ██║╚══██╔══╝██╔════╝ ██║ ██║ ██║ ██║██║ ██║██║ ██║██████╔╝██████╔╝██║ ██║ ██║ █████╗ ██║ ██║ ██║ ██║██║ ██║██║ ██║██╔══██╗██╔══██╗██║ ██║ ██║ ██╔══╝ ╚██████╗███████╗╚██████╔╝╚██████╔╝██████╔╝██████╔╝██║ ██║╚██████╔╝ ██║ ███████╗ ╚═════╝╚══════╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝ V 1.0.7 usage: CloudBrute [-h|--help] -d|--domain "<value>" -k|--keyword "<value>" -w|--wordlist "<value>" [-c|--cloud "<value>"] [-t|--threads <integer>] [-T|--timeout <integer>] [-p|--proxy "<value>"] [-a|--randomagent "<value>"] [-D|--debug] [-q|--quite] [-m|--mode "<value>"] [-o|--output "<value>"] [-C|--configFolder "<value>"] Awesome Cloud Enumerator Arguments: -h --help Print help information -d --domain domain -k --keyword keyword used to generator urls -w --wordlist path to wordlist -c --cloud force a search, check config.yaml providers list -t --threads number of threads. Default: 80 -T --timeout timeout per request in seconds. Default: 10 -p --proxy use proxy list -a --randomagent user agent randomization -D --debug show debug logs. Default: false -q --quite suppress all output. Default: false -m --mode storage or app. Default: storage -o --output Output file. Default: out.txt -C --configFolder Config path. Default: config for example CloudBrute -d target.com -k target -m storage -t 80 -T 10 -w "./data/storage_small.txt" please note -k keyword used to generate URLs, so if you want the full domain to be part of mutation, you have used it for both domain (-d) and keyword (-k) arguments If a cloud provider not detected or want force searching on a specific provider, you can use -c option. CloudBrute -d target.com -k keyword -m storage -t 80 -T 10 -w -c amazon -o target_output.txt Dev Clone the repo go build -o CloudBrute main.go go test internal in action How to contribute Add a module or fix something and then pull request. Share it with whomever you believe can use it. Do the extra work and share your findings with community ♥ FAQ How to make the best out of this tool? Read the usage. I get errors; what should I do? Make sure you read the usage correctly, and if you think you found a bug open an issue. When I use proxies, I get too many errors, or it's too slow? It's because you use public proxies, use private and higher quality proxies. You can use ProxyFor to verify the good proxies with your chosen provider. too fast or too slow ? change -T (timeout) option to get best results for your run. Credits Inspired by every single repo listed here . Sursa: https://github.com/0xsha/CloudBrute
    1 point
  2. Prowler Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon - HackSmith v1.0. Capabilities Scan a network (a particular subnet or a list of IP addresses) for all IP addresses associated with active network devices Determine the type of devices using fingerprinting Determine if there are any open ports on the device Associate the ports with common services Test devices against a dictionary of factory default and common credentials Notify users of security vulnerabilities through an dashboard. Dashboard tour Planned capabilities Greater variety of vulnerability assessment capabilities (webapp etc.) Select wordlist based on fingerprint Hardware Raspberry Pi Cluster HAT (with 4 * Pi Zero W) Raspberry Pi 3 Networking device Software Stack Raspbian Stretch (Controller Pi) Raspbian Stretch Lite (Worker Pi Zero) Note: For ease of setup, use the images provided by Cluster Hat! Instructions Python 3 (not tested on Python 2) Python packages see requirements.txt Ansible for managing the cluster as a whole (/playbooks) Key Python Package dispy (website) is the star of the show. It allows allows us to create a job queue that will be processed by the worker nodes. python-libnmap is the python wrapper around nmap, an open source network scanner. It allows us to scan for open ports on devices. paramiko is a python wrapper around SSH. We use it to probe SSH on devices to test for common credentials. eel is used for the web dashboard (seperate repository, here) rabbitmq (website) is used to pass the results from the cluster to the eel server that is serving the dashboard page. Ansible Playbooks For the playbooks to work, ansible must be installed (sudo pip3 install ansible). Configure the IP addresses of the nodes at /etc/ansible/hosts. WARNING: Your mileage may vary as these were only tested on my setup shutdown.yml and reboot.yml self-explanatory clone_repos.yml clone prowler and dispy repositories (required!) on the worker nodes setup_node.yml installs all required packages on the worker nodes. Does not clone the repositories! Deploying Prowler Clone the git repository: git clone https://github.com/tlkh/prowler.git Install dependencies by running sudo pip3 install -r requirements.txt on the controller Pi Run ansible-playbook playbooks/setup_node.yml to install the required packages on worker nodes. Clone the prowler and dispy repositories to the worker nodes using ansible-playbook playbooks/clone_repos.yml Run clusterhat on on the controller Pi to ensure that all Pi Zeros are powered up. Run python3 cluster.py on the controller Pi to start Prowler To edit the range of IP addresses being scanned, edit the following lines in cluster.py: test_range = [] for i in range(0, 1): for j in range(100, 200): test_range.append("172.22." + str(i) + "." + str(j)) Old Demos Cluster Scan Demonstration Jupyter Notebook Single Scan Demonstration Jupyter Notebook Try out the web dashboard here Useful Snippets To run ssh command on multiple devices, install pssh and pssh -h pssh-hosts -l username -A -i "command" To create the cluster (in compute.py): cluster = dispy.JobCluster(compute, nodes='pi0_ip', ip_addr='pi3_ip') Check connectivity: ansible all -m ping or ping p1.local -c 1 && ping p2.local -c 1 && ping p3.local -c 1 && ping p4.local -c 1 Temperature Check: /opt/vc/bin/vcgencmd measure_temp && pssh -h workers -l pi -A -i "/opt/vc/bin/vcgencmd measure_temp" | grep temp rpimonitor (how to install): Contribuitors: Faith See Wong Chi Seng Timothy Liu ABSOLUTELY NO WARRANTY WHATSOEVER! Feel free to submit issues though. Download: prowler-master.zip Source
    1 point
  3. Am comandat un Raspberry zero, si o sa incerc sa fac un poc. Va tin la curent cu ce mi se intampla
    1 point
  4. The Backdoor Factory Proxy (BDFProxy) v0.2 For security professionals and researchers only. NOW ONLY WORKS WITH MITMPROXY >= v.0.11 To install on Kali: apt-get update apt-get install bdfproxy DerbyCon 2014 Presentation: About 18 minutes in is the BDFProxy portion. Contact the developer on: IRC: irc.freenode.net #BDFactory Twitter: @Midnite_runr This script rides on two libraries for usage: The Backdoor Factory (BDF) and the mitmProxy. Concept: Patch binaries during download ala MITM. Why: Because a lot of security tool websites still serve binaries via non-SSL/TLS means. Here's a short list: sysinternals.com Microsoft - MS Security Essentials Almost all anti-virus companies Malwarebytes Sourceforge gpg4win Wireshark etc... Yes, some of those apps are protected by self checking mechanisms. I've been working on a way to automatically bypass NSIS checks as a proof of concept. However, that does not stop the initial issue of bitflipping during download and the execution of a malicious payload. Also, BDF by default will patch out the windows PE certificate table pointer during download thereby removing the signature from the binary. Depends: Pefile - most recent ConfigObj mitmProxy - Kali Build .10 BDF - most current Capstone (part of BDF) Supported Environment: Tested on all Kali Linux builds, whether a physical beefy laptop, a Raspberry Pi, or a VM, each can run BDFProxy. Install: BDF is in bdf/ Run the following to pull down the most recent: ./install.sh OR: git clone https://github.com/secretsquirrel/the-backdoor-factory bdf/ If you get a certificate error, run the following: mitmproxy And exit [Ctr+C] after mitmProxy loads. Usage: Update everything before each use: ./update.sh READ THE CONFIG!!! -->bdfproxy.cfg You will need to configure your C2 host and port settings before running BDFProxy. DO NOT overlap C2 PORT settings between different payloads. You'll be sending linux shells to windows machines and things will be segfaulting all over the place. After running, there will be a metasploit resource script created to help with setting up your C2 communications. Check it carefully. By the way, everything outside the [Overall] section updates on the fly, so you don't have to kill your proxy to change settings to work with your environment. But wait! You will need to configure your mitm machine for mitm-ing! If you are using a wifiPineapple I modded a script put out by hack5 to help you with configuration. Run ./wpBDF.sh and enter in the correct configs for your environment. This script configures iptables to push only http (non-ssl) traffic through the proxy. All other traffic is fowarded normally. Then: ./bdf_proxy.py Here's some sweet ascii art for possible phyiscal settings of the proxy: Lan usage: <Internet>----<mitmMachine>----<userLan> Wifi usage: <Internet>----<mitmMachine>----<wifiPineapple>))) Testing: Suppose you want to use your browser with Firefox and FoxyProxy to connect to test your setup. Update your config as follows: transparentProxy = None Configure FoxyProxy to use BDFProxy as a proxy. Default port in the config is 8080. Logging: We have it. The proxy window will quickly fill with massive amounts of cat links depending on the client you are testing. Use tail -f proxy.log to see what is getting patched and blocked by your blacklist settings. However, keep an eye on the main proxy window if you have chosen to patch binaries manually, things move fast and behind the scences there is multi-threading of traffic, but the intial requests and responses are locking for your viewing pleasure. Attack Scenarios (all with permission of targets): -Evil Wifi AP -Arp Redirection -Physical plant in a wiring closet -Logical plant at your favorite ISP Sursa: https://github.com/secretsquirrel/BDFProxy
    1 point
  5. Protecting SCADA From the Ground Up – PDF Detecting Bluetooth Surveillance Systems – PDF Dropping Docs on Darknets: How People Got Caught – PDF Hacking 911: Adventures in Disruption, Destruction, and Death – PDF How to Disclose an Exploit Without Getting in Trouble – PDF Reverse Engineering Mac Malware – PDF NSA Playset: PCIe – PDF The Monkey in the Middle: A pentesters guide to playing in traffic. – PDF Investigating PowerShell Attacks – PDF Is This Your Pipe? Hijacking the Build Pipeline. – PDF Screw Becoming A Pentester – When I Grow Up I Want To Be A Bug Bounty Hunter! – PDF Home Alone with localhost: Automating Home Defense – PDF Meddle: Framework for Piggy-back Fuzzing and Tool Development – PDF Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively – PDF White Paper One Man Shop: Building an effective security program all by yourself – PDF RF Penetration Testing, Your Air Stinks – PDF Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin – PDF USB for all! – PDF ShareEnum: We Wrapped Samba So You Don’t Have To – PDF An Introduction to Back Dooring Operating Systems for Fun and Trolling – PDF Android Hacker Protection Level 0 – PDF Anatomy of a Pentest; Poppin’ Boxes like a Pro – PDF Bug Bounty Programs Evolution – PDF Extras Practical Foxhunting 101 – PDF Client-Side HTTP Cookie Security: Attack and Defense – PDF Bypass firewalls, application white lists, secure remote desktops under 20 seconds – PDF PropLANE: Kind of keeping the NSA from watching you pee – PDF Getting Windows to Play with Itself: A Hacker’s Guide to Windows API Abuse – PDF Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog – PDF Through the Looking-Glass, and What Eve Found There – PDF White Paper Summary of Attacks Against BIOS and Secure Boot – PDF I am a legend: Hacking Hearthstone with machine learning – PDF The Secret Life of Krbtgt – PDF The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns – PDF Hacking US (and UK, Australia, France, etc.) traffic control systems – PDF The Cavalry Year[0] & a Path Forward for Public Safety – PDF NSA Playset: DIY WAGONBED Hardware Implant over I2C – PDF Abuse of Blind Automation in Security Tools – PDF Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go – PDF Steganography in Commonly Used HF Radio Protocols – PDF Extras Saving Cyberspace by Reinventing File Sharing – PDF Empowering Hackers to Create a Positive Impact – PDF Just What The Doctor Ordered? – PDF Check Your Fingerprints: Cloning the Strong Set – PDF Shellcodes for ARM: Your Pills Don’t Work on Me, x86 – PDF Blowing up the Celly – Building Your Own SMS/MMS Fuzzer – PDF Mass Scanning the Internet: Tips, Tricks, Results – PDF Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering – PDF Saving the Internet (for the Future) – PDF Burner Phone DDOS 2 dollars a day : 70 Calls a Minute – PDF Hack All The Things: 20 Devices in 45 Minutes – PDF Stolen Data Markets: An Economic and Organizational Assessment – PDF Raspberry MoCA – A recipe for compromise – PDF White Paper 1 White Paper 2 Girl… Fault-Interrupted. – PDF Extreme Privilege Escalation On Windows 8/UEFI Systems – PDF White Paper NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It – PDF Oracle Data Redaction is Broken – PDF Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What’s Running on Your System – PDF Catching Malware En Masse: DNS and IP Style – PDF White Paper Attacking the Internet of Things using Time – PDF Open Source Fairy Dust – PDF Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment – PDF White Paper Generating ROP payloads from numbers – PDF DEF CON Comedy Jam Part VII, Is This The One With The Whales? – PDF The NSA Playset: RF Retroreflectors – PDF 1 PDF 2 VoIP Wars: Attack of the Cisco Phones – PDF Playing with Car Firmware or How to Brick your Car – PDF Measuring the IQ of your Threat Intelligence feeds – PDF Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring – PDF Abusing Software Defined Networks – PDF NSA Playset : GSM Sniffing – PDF Cyberhijacking Airplanes: Truth or Fiction? – PDF Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance – PDF Detecting and Defending Against a Surveillance State – PDF Acquire current user hashes without admin privileges – PDF You’re Leaking Trade Secrets – PDF Veil-Pillage: Post-exploitation 2.0 – PDF From Raxacoricofallapatorius With Love: Case Studies In Insider Threat – PDF Don’t DDoS Me Bro: Practical DDoS Defense – PDF Advanced Red Teaming: All Your Badges Are Belong To Us – PDF I Hunt TR-069 Admins: Pwning ISPs Like a Boss – PDF The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State – PDF A Journey to Protect Points-of-sale – PDF Impostor — Polluting Tor Metadata – PDF Domain Name Problems and Solutions – PDF White Paper Optical Surgery; Implanting a DropCam – PDF Manna from Heaven: Improving the state of wireless rogue AP attacks – PDF The Open Crypto Audit Project – PDF Practical Aerial Hacking & Surveillance – PDF White Paper From root to SPECIAL: Pwning IBM Mainframes – PDF PoS Attacking the Traveling Salesman – PDF Don’t Fuck It Up! – PDF Source
    1 point
  6. This is a free 12 lesson course which will bend your brain a little, so not for the faint hearted. So long as you like a tough mental challenge this is a bare metal course which will give you a solid understanding of programming basics. 1 Requirements In order to complete this course you will need a Raspberry Pi with an SD card and power supply, as well as another computer running a version of Linux, Microsoft Windows or Mac OS X, capable of writing to the SD card, and installing software. It is helpful, but not necessary, for your Raspberry Pi to be able to be connected to a screen. In terms of software, you require a GNU compiler toolchain that targets ARMv6. Links for downloads are available on the Downloads Page, along with model answers for all of the exercises. http://www.cl.cam.ac.uk/projects/raspberrypi/tutorials/os/
    1 point
×
×
  • Create New...