Search the Community

0d1n is a web security tool for fuzzing various HTTP payloads. It's written in C and uses libcurl. Download

XSSYA is a python tool that attempts malicious payloads for bypassing web application firewalls. Changes: Library contains 41 payloads now to enhance detection level. Various other updates. Download

To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network. Download the POC code from Here. Compiling instructions are simple and straight forward. Please follow these: Compile with arm-gcc with the -static flag set Copy to anywhere on the underlying OS that is writable (/data/ is good). Rename /dev/smd0/ to /dev/smd0real/ Start the bot application Kill the radio application (ps | grep rild) The radio will automatically respawn and now the bot proxy will be working The PoC code for smartphone botnet C&C over SMS was presented at the Shmooconheld in January 2011. It seems that the author also has it working for the iPhone platform! For sanity purposes, the PoC code has payloads aka commands removed. So what you see in the demo video will need to be added manually. It however does include logging and a local open port for testing to make developing your own payloads easier! Demo video here Sursa: SomeKnowledge.tk