Search the Community
Showing results for tags 'set'.
-
;Copy code into your mIRC remote scripts ;Syntax is /rvnc <ip.ip.ip.ip> <port> ;ex: /rvnc 192.168.0.0 5900 ;above command will scan from 192.168.0.0 to 192.255.255.255 then halt. ;Illegal if you decide to scan IP addresses not in your network ;Education purposes only. Please keep undetected from antiviruses as this code is CLEAN!!! on *:sockopen:vncscan*:{ if ($sockerr) { return } } on *:sockread:vncscan*:{ :nextread sockread &vnc if ($sockbr == 0) return echo @vnc VNC Scan halted. | .timerRANGE off | halt } } press Alt + R and paste source: secret-zone.net
-
EN: This is a php script that uses a pre-defined set of possible passwords and tries them against a given ssh server. RO: Acesta este un script php care foloseste un set predefinit de posibile parole ?i le încearc? impotriva unui server ssh dat P.S dac? e am s? il testez ?i am s? revin cu mai multe informa?ii despre el. Download: Download: T35T-SSH Password Cracker / Scanner ? Packet Storm
-
Or anything new will not open, but as a useful tip to create vpn own hands will be useful. The generation of certificates and keys are not considered, the key can be a maximum length of 4096. Configuration for Linux: Settings for OpenVZ host machine. If you do not have access to the hypervisor, you can skip block OpenVZ-HN CTID = 101 $ vzctl set CTID --devnodes net / TUN: rw --save vzctl set $ CTID --devices C: 10: 200: rw --save vzctl set $ CTID --capability net_admin: on --save vzctl Exec $ mkdir -p CTID / dev / net vzctl Exec $ CTID mknod / dev / net / TUN C 10,200 vzctl exec $ CTID chmod 600 / dev / net / tun Proxy, Socks, which help the user to maintain their anonymity online. What is it for a single user - the reasons may be many, at the same time we will not focus. Consider the process of creating OpenVPN-server, which is connected with another OpenVPN-server, wherein the user traffic goes through the first server, then the second and further to have the desired resource. Traffic returns the chain into the same sequence in reverse. Many owners of such a scheme called her «double» (double) OpenVPN. Schematically, such a scheme can be displayed as follows: Client -> OpenVPN-server_1 -> OpenVPN-server_2 -> Internet Return traffic on the reverse pattern: Client <- OpenVPN-server_1 <- OpenVPN-server_2 <- Internet to create such a scheme requires two VPS / VDS (as a rule, VDS is used for large loads (volume of traffic)). At the same time, if it is used with the type of VPS OpenVZ virtualization or other, in which containers of virtual machines share a common nucleus of the host system, you must check with the host, whether to enable the module loading tun for virtual machines. The implementation of the scheme involves the connection setup via the OpenVPN client and OpenVPN-Server 1, between the two OpenVPN-Server, configure NAT on the OpenVPN-Server 2 and the routing configuration on the two OpenVPN-servers. Set on both servers OpenVPN. Let us, for example, the installation process for OS CentOS. In the standard repositories CentOS openvpn package is missing, so connect the appropriate sources (consider arhiterkutu version and OS) rpm -ihv [URL='http://mirror.yandex.ru/epel/6/x86_64/epel-release-6-7.noarch.rpm']http://mirror.yandex...-6-7.noarch.rpm[/URL] rpm -ihv [URL='http://centos.alt.ru/repository/centos/6/x86_64/centalt-release-6-1.noarch.rpm']http://centos.alt.ru...-6-1.noarch.rpm[/URL] Install OpenVPN yum -y install openvpn Check whether the module is loaded tun lsmod | grep tun If the output of the previous command is empty Loading tun module modprobe tun How to organize the automatic download OpenVPN and tun module at startup depends on the operating system, in this case, CentOS chkconfig openvpn on To create a connection between two servers using the settings OpenVPN point-to-point. To do this, OpenVPN-Server 2 /etc/openvpn/server.conf create a configuration file with this content: dev tun proto tcp-server ifconfig 10.0.2.1 10.0.2.2 tls-server comp-lzo daemon ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem tls-auth /etc/openvpn/keys/tls.key 0 cipher AES-256-CBC port 1195 user nobody group nobody max-clients 1 persist-key persist-tun verb 3 status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log script-security system 3 route-up "ip route add 10.0.1.0/24 via 10.0.2.2 dev tun0" Keys and certificates that are located in the / etc / openvpn / keys / create according to the FAQ from the developers of OpenVPN using easy-rsa. The contents of the command route-up depends on the customer's network configuration and connection settings between servers. Turn forwarding packets. To /etc/sysctl.conf net.ipv4.ip_forward value changes from 0 to 1 net.ipv4.ip_forward = 1 Loading variables from the updated kernel sysctl.conf file sysctl -p Also on the second server is configured NAT using iptables: iptables -t nat -A POSTROUTING --src 10.0.1.0/24 -o eth0 -j SNAT --to-source 1.1.1.1, where 1.1.1.1 - external IP server 2. On the first server and install OpenVPN and create a configuration file vi /etc/openvpn/s2s.conf: dev tun0 remote 1.1.1.1 port 1195 proto tcp-client ifconfig 10.0.2.2 10.0.2.1 tls-client comp-lzo daemon script-security system 3 ns-cert-type server ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/s2s.crt key /etc/openvpn/keys/s2s.key dh /etc/openvpn/keys/dh1024.pem tls-auth /etc/openvpn/keys/tls.key 1 cipher AES-256-CBC user nobody group nobody persist-key persist-tun verb 3 route-up "ip route add default via 10.0.2.1 dev tun0 table 10 && ip rule add from 10.0.1.0/24 lookup pref 10 10" mute 10 status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log Also includes the forwarding of packets. Configuring OpenVPN-Server 1 for connecting clients. To do this, create a configuration file /etc/openvpn/server.conf: port 1194 local 2.2.2.2 proto tcp dev tun1 server 10.0.1.0 255.255.255.0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem tls-auth /etc/openvpn/keys/tls.key 0 cipher AES-256-CBC user nobody group nobody status /var/log/openvpn/openvpnserver-status.log log-append /var/log/openvpn/openvpnserver.log verb 3 max-clients 30 keepalive 10 120 tls-server comp-lzo persist-key persist-tun push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" Certificates and keys for client connections also create according FAQ from the developers OpenVPN using easy-rsa. After the settings on each server run OpenVPN /etc/init.d/openvpn start If the launch fails, look in the error log files and eliminate them. To be able to connect to the client requires the following files: ca.crt client01.crt client01.key dh1024.pem tls.key need to pass them along with the configuration parameters. On the client side in Depending on the OS you need to perform these actions. For OS linux: Install openvpn. Check whether the module is loaded tun. Create a configuration file /etc/openvpn/client01.conf client remote 2.2.2.2 1194 proto tcp dev tun ca ca.crt dh dh1024.pem cert client01.crt key client01.key tls-auth tls.key 1 cipher AES-256-CBC verb 3 mute 20 keepalive 10 120 comp-lzo persist-key persist-tun resolv-retry infinite nobind Copy the files (ca.crt, client01.crt, client01.key, dh1024.pem, tls.key) in the / etc / openvpn /. Zapusit openvpn: /etc/init.d/openvpn start Check to see if the interface tun0. For Windows: Install OpenVPN to windosw ( OpenVPN - Open Source VPN ). Copy the files (ca.crt, client01.crt, client01.key, dh1024.pem, tls.key) in C: \ Program Files \ OpenVPN \ config \ client01. In the same directory create a configuration file client01.ovpn (identical in content with client01.conf for linux). Connect. Once connected, check how is the traffic. Both servers must appear in the track: traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 10.1.0.1 (10.1.0.1) 165.178 ms 329.870 ms 329.807 ms 2 10.2.0.1 (10.2.0.1) 493,908 ms 658.640 ms 824.653 ms Configuration for FreeBSD : ########################### #Server #FREEDBSD - Openvpn config, redirect traffic ########################### dev ovpns2 # - interface name dev-type tun # - type tun / tap (tun faster) tun-ipv6 dev-node / dev / tun2 # - device name writepid /var/run/openvpn_server2.pid # - where to put the process #user nobody # - from any user to run #group nobody # - from a group run script-security 3 daemon # - work as a service keepalive 10 60 # - how to keep the connection if fallen off ping-timer-rem persist-tun persist-key proto tcp-server # - on which protocol to use tcp / udp (here TCP) cipher AES-128-CBC # - any type of encryption that is available to the system (openvpn --show-ciphers) up / usr / local / sbin / ovpn-linkup down / usr / local / sbin / ovpn-linkdown local xxxx # - static external address tls-server # - used tls encryption server 172.172.11.0 255.255.255.0 # - what subnet used inside the tunnel client-config-dir / var / etc / openvpn-csc # - Client Configuration (ccd in Linux) lport # 443 - the port on which the VPN server will be available for a connection management /var/etc/openvpn/server2.sock unix # - process control and monitoring connections max-clients # 2 - the maximum number of clients push "dhcp-option DNS 192.168.1.1" # - dns server sends to the client push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "redirect-gateway def1" # - sends the client the default gateway, which is the server itself client-to-client # - allow communication between clients (for example between two RDP client connection) ca /var/etc/openvpn/server2.ca # - key server cert /var/etc/openvpn/server2.cert # - server certificate key /var/etc/openvpn/server2.key # - key dh /etc/dh-parameters.1024 # - dh comp-lzo # - traffic compression persist-remote-ip float push "route 192.168.1.0 255.255.255.0" # - adds the route in the network where the server itself server-poll-timeout 20 # - connection time (20 seconds if the client does not connect it resets) IMPORTANT: For the initial setup required logs after they can be turned off. With logs: status openvpn-status.log log /var/log/openvpn.log verb 3 mute 20 Without logs: log / dev / null Have fun..
-
XP is a little more complicated than newer systems due to the use of a single driver for both port and miniport; however, getting the original pointers is fairly straight forward depending on how you do it. IRP_MJ_SCSI & DriverStartIo - Method 1 (Windows XP) A common method is to programmatically disassemble the miniport's DriverEntry, looking for the code which initializes the driver's object, then you can extract and calculate the addresses from "mov [esi+30h], offset" and "mov [esi+74h], offset" for DriverStartIo and IRP_MJ_SCSI respectively. The obvious problem with this method is the initialization code may not be in DriverEntry, but a sub function called from it (it may even be necessary to follow jumps). It's also not guaranteed that the instruction will use esi as the pointer to the driver object or an immediate for the function address, in fact you're probably going to have to account for quite a few different instructions. IRP_MJ_SCSI & DriverStartIo - Method 2 (Windows XP) In my tests, it was possible to simply call the DriverEntry of the miniport driver with the parameters from your own driver entry, thus having the miniport set up your driver's object as if it were its own. The only issue with this method is if the driver uses GsDriverEntry (it usually does), the entry point will be invalidated after the driver is initialized, so you cannot call it. To deal with GsDriverEntry you'd first need to load the original image from disk, then search until you reach an unconditional relative jump (this is the offset to real entry point and you can use it to calculate the same address within the loaded driver). IRP_MJ_SCSI (Windows Vista+) On newer systems, things are wonderfully easier: There's no DriverStartIo field and you can initialize all the major functions in your DriverObject with a call to AtaPortInitialize, ScsiPortInitialize, or StorPortInitialize which are all exported from the relevant port drivers (ataport.sys, scsiport.sys, or storport.sys). Bypassing Inline Hooks Although not many bootkits actually perform inline hooking on miniports, it's worth taking care of. You'll need to read a the original miniport or port driver's file into memory, then do a bit of pointer math to calculate the addresses of IRP_MJ_SCSI or DriverStartIo within the clean image. I'm not too sure of the best way to call the clean functions, but here are 2 viable methods to chose from. Trampoline Usually a hook is placed within the first few bytes of a function, so you can simply read and relocate the first few bytes from the clean function into a buffer, then append it with a jump to the same offset within the real driver(this is the same way a hooking engine would call the unhooked version of a function). Manual Mapping A more difficult but effective method is to manually map a clean copy of the driver into memory, then relocate it so that all absolute instructions will reference the real driver, meaning you don't have to worry about initializing any global variables or such. Creating a Clean Call Path Due to the fact a lot of bootkits run persistence threads for replacing any driver object hooks which get removed, you don't want to unhook the real driver but instead create a parallel one, so you can maintain your own hook-free call path. Step 1 (XP & Vista) Get the device object for the boot disk miniport, this is usually \Device\Harddisk0\Dr0 Use the size field of the device object to allocate some non paged memory and copy the entire object (this is your clean miniport). Set the DriverObject field to point to your own driver's object, in which you've set the IRP_MJ_SCSI and DriverStartIo field appropriately (DriverStartIo can be skipped on Vista+). Step 2 (XP Only) Set the DeviceExtension field of your clean miniport device object to point to directly after its device object (DeviceObject + sizeof(DEVICE_OBJECT)). Get the address stored at offset 0x5C into your clean miniport's device extension and check it's valid (this is the address of the corresponding port's device extension). Read the addresses stored at offset 0x0C into the port's device extension (this is the address of the port's device object). Use the size field of the port's device object to allocate some non paged memory and copy the entire object (this is your clean port). Set the DeviceExtension field of your clean port's device object to point to directly after its device object (DeviceObject + sizeof(DEVICE_OBJECT)). Set the DriverObject field of your clean port's device object to point to your own driver's object, in which you've set the IRP_MJ_SCSI field appropriately. Change offset 0x5C into your clean miniport's device extension to contain the address of the clean port's device extension. Set offset 0x0C into the clean port's device extension to contain the address of the clean port's device object. Using the Clean Path You're going to need to build a raw SCSI request which is pretty complicated; however, the Chinese are already a step ahead, so you can look to this example for help (This request can be issued by passing the clean miniport device object and the IRP to IofCallDriver). It's important to note that miniport drivers are PnP, so if you don't create any devices (IoCreateDevice): the driver will be unloaded as soon as DriverEntry returns, if you do: the driver can't be unloaded at all. Although it's not recommended, you can set the driver back to a legacy driver by setting the AddDevice pointer within the driver's extension to 0, allowing the driver to be unloaded normally. Conclusion This concludes my 3 part series, any feedback in the comments would be greatly appreciated and will be taken into consideration when I create a whitepaper version of the series in a few weeks. Other resources of note Debugging TDL4 Subverting Bootkits using the Crash Dump Driver Stack Exposing Bootkits With BIOS Emulation Source
-
import re , urllib2 , sys, urllib lista = [] backup = ['wp-config.php~','wp-config.php.bak','wp-config.bak','wp-config.php-bak','/wp-content/uploads/blog-backup.txt'] def unique(seq): seen = set() return [seen.add(x) or x for x in seq if x not in seen] def grabwp(ip): try: s = ip page = 1 print('\n') while page <= 21: bing = "http://www.bing.com/search?q=ip%3A"+s+"+?page_id=&count=50&first="+str(page) openbing = urllib2.urlopen(bing) readbing = openbing.read() findwebs = re.findall('<h2><a href="(.*?)"' , readbing) for i in range(len(findwebs)): wpnoclean = findwebs[i] findwp = re.findall('(.*?)\?page_id=', wpnoclean) lista.extend(findwp) page = page + 10 except IndexError: pass def searchbackup(site, config): try : read = urllib2.urlopen(site + "/" + config).read() rs = re.findall("USER",read) if rs : print "BACKUP FILE > " + site + "/" + config except : pass def scan(): final = unique(lista) for site in final : for config in backup : searchbackup(site, config) print "\!/ Server Wordpress Backup Files Scanner By YASSINOX.TN !/" print '' ip = raw_input("Server Ip Adress : ") grabwp(ip) final = unique(lista) print "Done ! Grabbed " + str(len(final) ) + " Wordpress Sites On This Server" print "---------------------------------------------------" scan() print "---------------------------------------------------"
-
The Social-Engineer Toolkit is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time. SET is a product of TrustedSec, LLC - An Information Security consulting firm located in Cleveland, Ohio. Download: https://github.com/trustedsec/social-engineer-toolkit