Jump to content

Versus71

Active Members
  • Posts

    110
  • Joined

  • Last visited

  • Days Won

    5

Versus71 last won the day on February 9 2014

Versus71 had the most liked content!

About Versus71

  • Birthday 03/08/1990

Converted

  • Occupation
    Student [IT]
  • Interests
    Hacking, Black SEO
  • Biography
    hack; Black Hat; Grey Hat; Social Engineering; Ethical Hacking; Event Security; collection database
  • Location
    @himikat

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Versus71's Achievements

Newbie

Newbie (1/14)

157

Reputation

  1. A low-overhead monitoring web dashboard for a linux machine. Installation: Download the zip/repo/package Place it in /var/www/ (for Apache) Secure access to the page via .htaccess or method of your choice Demo: Server Monitoring Dashboard Download: https://github.com/afaqurk/linux-dash/archive/master.zip
  2. Anti-exploit tool What is Sentinel? Sentinel is a command line tool able to protect Windows 32 bit programs against exploits targeted by attackers or viruses. It can protect your programs against 0-day attacks or publicly known bugs. Why Sentinel? When a 0-day attack is used in the wild, nobody knows about the existence of this bug except the attacker himself. Some antiviruses implement heuristics to detect new attacks but usually they are unreliable. Sometimes, your computer is not up to date, in this case you are vulnerable to attacks against public bugs. In both cases, one way to protect your "vulnerable programs" against old or new attacks is adding extra protections (usually, exploit mitigations). What kind of programs can Sentinel protect? Any 32 bit program can be protected by Sentinel. E.g: "Internet Explorer", "Acrobat Reader", "Word", "Excel", your applications, etc .. What kind of exploit attacks can Sentinel stop? Sentinel is able to detect attacks against user mode binary bugs. Binary bugs can be understood as bugs where the instruction pointer (EIP) can be modified. E.g: Stack overflows, Heap overflows, memory corruptions, Use after-free, etc. What kind of exploit attack behavior can Sentinel detect? ROP activity Stack Pivoting Invalid Caller Return Address modification Stack Execution Stack Returning (previous step to stack execution) Base Pointer modification (experimental) Video demonstration: Download: http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=tool&page=sentinel&file=Sentinel.zip
  3. DAVOSET - it is console (command line) tool for conducting DDoS attacks on the sites via Abuse of Functionality vulnerabilities at other sites. Video demonstration: Download: http://websecurity.com.ua/uploads/2014/DAVOSET_v.1.1.6.rar
  4. The SI6 Networks' IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets. List of Tools: addr6: An IPv6 address analysis and manipulation tool. flow6: A tool to perform a security asseessment of the IPv6 Flow Label. frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects. icmp6: A tool to perform attacks based on ICMPv6 error messages. jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms. na6: A tool to send arbitrary Neighbor Advertisement messages. ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets. ns6: A tool to send arbitrary Neighbor Solicitation messages. ra6: A tool to send arbitrary Router Advertisement messages. rd6: A tool to send arbitrary ICMPv6 Redirect messages. rs6: A tool to send arbitrary Router Solicitation messages. scan6: An IPv6 address scanning tool. tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP-based attacks. Download: http://www.si6networks.com/tools/ipv6toolkit/ipv6toolkit-v1.5.2.tar.gz
  5. Versus71

    DNS leak test

    When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity. Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking. Link: https://www.dnsleaktest.com
  6. Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred. In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones, and focus our analysis on the Android password pattern. We first investigate the conditions (e.g., lighting and camera orientation) under which smudges are easily extracted. In the vast majority of settings, partial or complete patterns are easily retrieved. We also emulate usage situations that interfere with pattern identification, and show that pattern smudges continue to be recognizable. Finally, we provide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android password pattern. Link: http://static.usenix.org/events/woot10/tech/full_papers/Aviv.pdf
  7. This inexplicably brief "research" paper presents an interesting physical world attack that may be easily deployed by a determined attacker to compromise many high-security access control systems in use today. Although this paper's findings are hardly groundbreaking (and in some ways, are downright obvious), it includes some cool pictures of what should be most certainly taken into account in risk management, secure zone planning, and when drafting operating procedures for high-risk areas. More info: http://lcamtuf.coredump.cx/tsafe
  8. Versus71

    SurfPatrol

    Protect Yourself From Internet Virus Attacks Browsers and their plug-ins may be insecure. How to protect yourself from viruses? You can check your system with SurfPatrol and prevent attacks via your browser. Press "Check your browser" and follow SurfPatrol recommendations. SurfPatrol will point out those programs that need protection — be sure that your computer is secure. Link: http://www.surfpatrol.ru
  9. Interesting tool. update v.1.4 Post-quantum cryptography: http://pqcrypto.org Official GitHub repository: https://github.com/exaexa/codecrypt
  10. update v.0.12 New features: [v.0.7-0.12] • SIP Scanner (udp or tcp) with administration services detection and information gathering on SIP UA or server • Threads have been implemented in the launcher. Several tools can now be used at the same time. • Scanner: VxWorks debug mode detection • Exploit: Aastra IP Phone hardcode telnet login/password. • Exploit: Polycom HDX telnet authorization bypass (OSVDB 90125) • Tool: Cisco phone: Having fun with SSH • Exploit: Alcatel OXO FTP Denial of service. • Exploit: Mitel ip phone information disclosure. • Exploit: Mitel IP phone XSS vulnerability detection. • Tool: Add Cisco phone SSH server detection. • Tool: Add Cisco phone logout mobility feature abuse. • Tool: Implement a module to detect the use of default Login/password on embedded web interface from Mitel phones. • Exploit: Add Aastra ip phone information disclosure (OSVDB-ID: 72941/EDB-ID 17376). • Exploit: Add Avaya Ip Office Linux voicemail password file data disclosure. • Exploit: Add the script providing phone call and remote taping on SNOM phones. • Exploit: Add Mitel AWC unauthenticated command execution (OSVDB-ID: 69934/EDB-ID 15807). Download: http://www.cedric-baillet.fr/IMG/zip/isme_v0.12.zip Documentation: http://www.cedric-baillet.fr/IMG/pdf/ISME_Documentation_v0.12.pdf
  11. Because of the nature of barcodes, developers may not be expecting attacks from that vector and thus don't sanitize their inputs properly. I had previously written "XSS, Command and SQL Injection vectors: Beyond the Form" so this was right up my alley. I constructed this page that lets you make barcodes in Code 93, Code 39, Code 39ext and Code 128A, B and C. Link: http://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php
  12. P2P Email-Client based on library of Spot-on with Echo Protocol. Features: Secure P2P Email from Friend to Friend without relying on a central server. Key- / Repleo-Exchange. Full decentral Email-Network using the Echo Protocol. Store Email for Offline-Friends in the P2P Network. Chat and Instant Messaging is build in. Define & Add your friends. Strong e2e Multi-Encryption (PGP-kind/AES over SSL: using libgcrypt). Libspoton Integration. Additional Security Layer with the GB-Feature for Emails. Preventing Data Retention (VDS). WoT-less. HTTP & HTTPS Connections. Open Source. BSD License. Download: BitMail - Secure P2P Email Client.
  13. Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won't show up in a pcap. Note: If you can clearly hear the send script working then your speakers may not be high quality enough to produce sounds in the near ultrasonic range. Usage: run python send.py in one terminal window and python listen.py in another. Text you input into the send.py window should appear (after a delay) in the listen.py window. Warning: May annoy some animals and humans. Download: https://github.com/Katee/quietnet/archive/master.zip
  14. Share Only What You Want Microsoft Word (.DOC) files can contain more than just text you see while editing them. Depending on the settings or features you use, they may contain all kinds of additional information that you may not want shared outside your home or company. Doc Scrubber lets you see that information, and scrub it from files before sending them to others. Powerful Features: Analyze Word Documents. And discover hidden or potentially embarrassing data they may contain. Scrub Word Documents. Remove hidden or potentially embarrassing data from your documents. Scrub Multiple Documents at a Time. Scrub selected Word documents in a folder, or all documents in a folder, all at once - saving you time and effort. Tested Compatibility with Word 97, 2000, and XP documents. Doc Scrubber can clean documents from multiple versions of Word. Download: http://www.brightfort.net/downloads/docscrubbersetup12.exe
×
×
  • Create New...