Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 05/24/18 in all areas

  1. https://securityonline.info/ciscos-talos-issued-security-alert-new-vpnfilter-malware-affected-500000-networking-devices-worldwide/ https://blacknews.ro/guvernul-rus-pregateste-atac-cibernetic-companii-securitate-cibernetica/
    2 points
  2. Infection Monkey Data center Security Testing Tool Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey is comprised of two parts: Monkey - A tool which infects other machines and propagates to them Monkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data center To read more about the Monkey, visit http://infectionmonkey.com Main Features The Infection Monkey uses the following techniques and exploits to propagate to other machines. Multiple propagation techniques: Predefined passwords Common logical exploits Password stealing using Mimikatz Multiple exploit methods: SSH SMB RDP WMI Shellshock Conficker SambaCry Elastic Search (CVE-2015-1427) Setup Check out the Setup page in the Wiki or a quick getting started guide. Building the Monkey from source If you want to build the monkey from source, see Setup and follow the instructions at the readme files under infection_monkey and monkey_island. Download: monkey-develop.zip or: git clone https://github.com/guardicore/monkey.git Source
    1 point
  3. Tracy A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy can use this data to intelligently find vulnerable instances of XSS, especially with web applications that use lots of JavaScript. tracy is a browser extension and light-weight HTTP proxy that records all user input to a web application and monitors any time those inputs are output, for example in a DOM write, server response, or call to eval. For guides and reference materials about tracy, see the documentation. Installation It is strongly recommended that you use a released version. Release binaries are available on the releases page. Download the appropriate release binary and run it: # Run the proxy server and the tracer API. Pick the binary that works for your host. $ ./tracy-linux-amd64 Then, install the browser extension with Firefox or Chrome using one of the following links: firefox chrome Once tracy is running and the plugin is installed, install the certificate into your browser's certificate store(the certifcate is located in the .tracy folder in the home directory) and configure your browser to use the proxy(the default proxy address is localhost on port 7777) Note: The tracy binary and browser extension work together. Running one without the other will result in unexpected behavior. Download: tracy-master.zip or git clone https://github.com/nccgroup/tracy.git Source
    1 point
  4. When it comes to the security of RDP hosts, experience shows that many organizations rarely replace the default self-signed certificates with certificates signed by their corporate CA. This obviously leaves them vulnerable to Man-in-the-Middle attacks. However, until now no open source proof-of-concept exploit is available to the IT security community, despite the specifications of RDP being freely available. Since many administrators often perform tasks on critical servers such as the domain controller via RDP, usually with highly privileged accounts, RDP is a worthwhile target of potential adversaries. In this talk, we want to analyze the implementation of the relevant parts of RDP in detail and show how to develop a tool that can extract credentials in clear text if the user is careless enough to ignore SSL warnings. The intended audience is system administrators, penetration testers and security enthusiasts. https://www.hacktivity.com
    1 point
  5. airba.sh Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP). Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng. If one or more handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data (if properly configured). After capture, the database can be tested for vulnerable router models using crackdefault.sh. It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for Speedport 500-700 series, Thomson/SpeedTouch and UPC 7 digits (UPC1234567) routers. Requirements WiFi interface in monitor mode aircrack-ng SQLite3 openssl for compilation of modules (optional) wlanhc2hcx from hcxtools In order to log GPS coordinates of handshakes, configure your coordinate logging software to log to .loc/*.txt (the filename can be chosen as desired). Airbash will always use the output of cat "$path$loc"*.txt 2>/dev/null | awk 'NR==0; END{print}', which equals to reading all .txt files in .loc/ and picking the second line. The reason for this way of implementation is the functionality of GPSLogger, which was used on the development device. Calculating default keys After capturing a new handshake, the database can be queried for vulnerable router models. If a module applies, the default keys for this router series are calculated and used as input for aircrack-ng to try and recover the passphrase. Compiling Modules The modules for calculating Thomson/SpeedTouch and UPC1234567 (7 random digits) default keys are included in src/ On Linux: gcc -fomit-frame-pointer -O3 -funroll-all-loops -o modules/st modules/stkeys.c -lcrypto gcc -O2 -o modules/upckeys modules/upc_keys.c -lcrypto If on Android, you may need to copy the binaries to /system/xbin/ or to another directory where binary execution is allowed. Usage Running install.sh will create the database, prepare the folder structure and create shortlinks to both scripts which can be moved to a directory that is on $PATH to allow execution from any location. After installation, you may need to manually adjust INTERFACE on line 46 in airba.sh. This will later be determined automatically, but for now the default is set to wlan0, to allow out of the box compatibility with bcmon on Android. ./airba.sh starts the script, automatically scanning and attacking targets that are not found in the database. ./crackdefault.sh attempts to break known default key algorithms. To view the database contents, run sqlite3 .db.sqlite3 "SELECT * FROM hs" in the main directory. Update (Linux only... for now): Airbash can be updated by executing update.sh. This will clone the master branch into /tmp/ and overwrite the local files. Output _n: number of access points found __c/m: represents client number and maximum number of clients found, respectively -: access point is blacklisted x: access point already in database ?: access point out of range (not visible to airodump anymore) The Database The database contains a table called hs with seven columns. id: incrementing counter of table entries lat and lon: GPS coordinates of the handshake (if available) bssid: MAC address of the access point essid: Name identifier psk: WPA Passphrase, if known prcsd: Flag that gets set by crackdefault.sh to prevent duplicate calculation of default keys if a custom passphrase was used. Currently, the SQLite3 database is not password-protected. Contribuiting Contributions are very welcome, especially additional modules to be able to crack more default keys. A template module is included in modules/. crackdefault.sh contains a template elif statement to include the new module. If you want to contribute, make sure your code is licensed under the MIT License (like this project). When contributing shell code, please make sure it is POSIX-compliant. Other than that, just open up an issue briefly describing the changes and create a pull request! Download: airbash-master.zip or: git clone https://github.com/tehw0lf/airbash.git Source
    1 point
  6. 1. http://jsbeautifier.org/ 2. Inlocuiesti eval cu alert (de exemplu) 3. http://jsbeautifier.org/ 4. Ai din nou eval Nu am timp de mai mult momentan.
    1 point
  7. http://www.ziarulargesul.ro/dus-de-doua-ori-la-reparat-telefonul-apeleaza-singur-la-112/ Acelasi tel ca al tau, scapa de el cat mai repede.
    1 point
  8. Asta e troll, nu? Adica sper did tot sufletul ca e troll. Exista atatea sabloane de CV. Nu poti sa trimiti asa ceva cu intentii serioase, nu?
    1 point
  9. Mda, am gasit si titlul asta, aviz pentru amatori . Download-ul la PDF se face prin TorBrowser. http://www.ytxmrc3pcbv5464e.onion/files/Misc/How_to_hack_like_a_pornstar.pdf
    1 point
  10. Mesajul a venit doar din dorinta de a te razbuna pentru ca ti-am dat down. Nu stiu ce sa cred, dar tot posibilul sa ai multiaccount ori cu ,,prietenii,, tai yoyois si spider. Spamer nu sunt, caut doar sa ajung in ,,Marketplace,, , doar ca mai pe toate forumurile se dau de despteti si inteligenti ca voi. Dar sincer, nu ma doare, asta e viata, primesti un prost, il faci sa inteleaga ca e prost.
    -1 points
  11. Eu sunt Capitanul Burci! Am o pula de 1 metru si o sa va cam fut! Multumesc!
    -1 points
  12. -2 points
×
×
  • Create New...