Jump to content

operat0r_001

Active Members
  • Posts

    327
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by operat0r_001

  1. w00t the old alert was triggering on ANY 8152 (realtek) Device ... these added modload triggers will minimize false positives tested with only windows 10 q=modload:rassstp.sys modload:rtux64w10.sys (regmod:enum\usb\vid_0bda&pid_8152) added modload:rassstp.sys to confirmed use of LAN turtle to reduce false positives
  2. likly a false positive ... https://websec.ca/kb/sql_injection I like to start with fuzzdb's https://raw.githubusercontent.com/ethicalhack3r/fuzzdb/master/attack-payloads/all-attacks/interesting-metacharacters.txt with ZAP and burp as a proxy for ZAP ;P
  3. UPDATE: looks like as far as USB everything else is dynamic... I used USBDeview.exe from sysinternals to sort out the bits. I plan to look at what drivers it uses with process monitor and go from there. The issue there is it may be different from win 7 to 10 or builds of windows etc...
  4. I wanted to ask around before I create my own for the LAN Turtle but the current OIC we have is for ANY realtek device with PID 8152. Basically looking for out of the box file paths or if anybody has a Process monitor log or created OIC's for it before. I also wanted to know if there any different revs I am missing (the one I got was in a little envelope lily about 1-3 yers old. So I can add IOC's for them. (regmod:enum\usb\vid_0bda&pid_8152)
  5. From what I can tell there is no 'easy' way to set file associations in windows. It has always been a pain because you have system level associations and user level associations for EVERY USER on the system... anyway lets stop Windows Media Player for GOOD. Sick of Windows Media Player always popping up when you click any media? Maybe you have more than one login or app that constantly tries to take over your file associations? Use this script to set them right! Run as administrator to reset Windows Media Player extensions it hijacks: http://rmccurdy.com/scripts/ ftype_wipe.exe These include: .MMS,.WTV,.3G2,.3GP,.ADTS,.AIFF,.ASF,.ASX,.AU,.AVI,.CDA,.M2TS,.m3u,.M4A,.MIDI,.mov,.mp3,.mp4,.MPEG,.TTS,.WAV,.WAX,.wma,.WMD,.WMS,.WMV,.WMZ,.WPL,.WVX Example of command line I use to set file associations: http://rmccurdy.com/scripts/ acc.bat.txt Source code to the binary that is just a 7-zip SFX Self Extracting zip with a Windows Batch file in it : http://rmccurdy.com/scripts/ ftype_wipe.bat.txt
  6. So ya duh .. updated to kill firefox first before it does anything as if flash is in use you can't delete it .. the ping 123.123.123.123 is lazy way to do a sleep or timer back in my day :) so I still use it today
  7. Here we go again! Updated Flash or Firefox at some point it broke blocking ads. What I found is that YouTube was forcing HTML5 and not flash. Plugin to fix HTML5 on YouTube: https://addons.mozilla.org/en-us/firefox/addon/youtube-flash-player/ Grease Monkey script to block YouTube ads and Annotations (YousableTubeFix): http://userscripts-mirror.org/scripts/show/13333 My FU-LASH update script (Portable Firefox users) : http://rmccurdy.com/scripts/ FU-LASH.EXE Post on blocking ADS and Annotations on YouTube for ANDROID: https://www.linkedin.com/pulse/block-ads-android-youtube-tubemate-adblock-edge-luck-patcher-mccurdy?trk=mp-reader-card
  8. Well ya but I just decompile/recomple the apk so it shoudl just RUN ... IE I did nothing to the APK just recompiled it ..how do I include whats missing in VTS before I compile ... also why is this all missing I guess because it only decomiles what it uses or something ?
  9. operat0r_001

    NZB 360

    * I can't get it to open just decompile/recompiling the APK * http://nzb360.com/apk/nzb360.apk * I set it to 4.0 and 4.0.3 get the same errors .. ( based on targetSdkVersion and sdkVersion ) see : developer.android.com/reference/android/os/Build.VERSION_CODES.html * all I like to try is replace url accountstatus.php in \sabconnect\helpers\NZB360LicenseAPI to something else for POC testing * may need more then just URL patch.. I would assume .. lots of stuff the APK around license etc .. Here is a dump of the APK info: aapt dump badging c:\delete\nzb360.apk package: name='com.kevinforeman.sabconnect' versionCode='70' versionName='8.2' uses-permission:'android.permission.INTERNET' uses-permission:'android.permission.ACCESS_NETWORK_STATE' uses-permission:'android.permission.WRITE_EXTERNAL_STORAGE' uses-permission:'android.permission.WAKE_LOCK' uses-permission:'android.permission.ACCESS_WIFI_STATE' uses-permission:'android.permission.GET_ACCOUNTS' sdkVersion:'10' targetSdkVersion:'15' application: label='NZB 360' icon='res/drawable-hdpi/sabconnect_icon.png' launchable activity name='com.kevinforeman.sabconnect.StartupLauncher'label='NZB 360' icon='' uses-feature:'android.hardware.wifi' uses-feature:'android.hardware.touchscreen' main other-activities other-services supports-screens: 'small' 'normal' 'large' 'xlarge' supports-any-density: 'true' locales: '--_--' 'ja' 'de' 'he' 'zh' 'fi' 'nl' 'pl' 'ko' 'ro' 'ar' 'fr' 'cs' 'es' 'it' 'pt' 'ru' 'iw' 'pt_BR' densities: '120' '160' '240' '320' Here is a dump of the errors on crash: E/AndroidRuntime(9364): FATAL EXCEPTION: main E/AndroidRuntime(9364): Process: com.kevinforeman.sabconnect, PID: 9364 E/AndroidRuntime(9364): java.io.IOException: Resource not found: "org/joda/time/tz/data/ZoneInfoMap" ClassLoader: dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.kevinforeman.sabconnect-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.kevinforeman.sabconnect-1, /vendor/lib, /system/lib]]] E/AndroidRuntime(9364): at org.joda.time.tz.ZoneInfoProvider.openResource(ZoneInfoProvider.java:211) E/AndroidRuntime(9364): at org.joda.time.tz.ZoneInfoProvider.<init>(ZoneInfoProvider.java:123) E/AndroidRuntime(9364): at org.joda.time.tz.ZoneInfoProvider.<init>(ZoneInfoProvider.java:82) E/AndroidRuntime(9364): at org.joda.time.DateTimeZone.getDefaultProvider(DateTimeZone.java:462) E/AndroidRuntime(9364): at org.joda.time.DateTimeZone.setProvider0(DateTimeZone.java:416) E/AndroidRuntime(9364): at org.joda.time.DateTimeZone.<clinit>(DateTimeZone.java:115) E/AndroidRuntime(9364): at org.joda.time.chrono.GregorianChronology.<clinit>(GregorianChronology.java:71) E/AndroidRuntime(9364): at org.joda.time.chrono.ISOChronology.<clinit>(ISOChronology.java:66) E/AndroidRuntime(9364): at org.joda.time.DateTimeUtils.getChronology(DateTimeUtils.java:253) E/AndroidRuntime(9364): at org.joda.time.convert.AbstractConverter.getChronology(AbstractConverter.java:82) E/AndroidRuntime(9364): at org.joda.time.base.BaseDateTime.<init>(BaseDateTime.java:170) E/AndroidRuntime(9364): at org.joda.time.DateTime.<init>(DateTime.java:241) E/AndroidRuntime(9364): at com.kevinforeman.sabconnect.helpers.NZB360LicenseAPI.UpdateLicense(NZB360LicenseAPI.java:49) E/AndroidRuntime(9364): at com.kevinforeman.sabconnect.helpers.NZB360LicenseAPI.UpdateLicense(NZB360LicenseAPI.java:35) E/AndroidRuntime(9364): at com.kevinforeman.sabconnect.helpers.NZB360Activity.onResume(NZB360Activity.java:314) E/AndroidRuntime(9364): at com.kevinforeman.sabconnect.NZBView.onResume(NZBView.java:546) E/AndroidRuntime(9364): at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1192) E/AndroidRuntime(9364): at android.app.Activity.performResume(Activity.java:5310) E/AndroidRuntime(9364): at android.app.ActivityThread.performResumeActivity(ActivityThread.java:2798) E/AndroidRuntime(9364): at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:2837) E/AndroidRuntime(9364): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2270) E/AndroidRuntime(9364): at android.app.ActivityThread.access$800(ActivityThread.java:145) E/AndroidRuntime(9364): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1206) E/AndroidRuntime(9364): at android.os.Handler.dispatchMessage(Handler.java:102) E/AndroidRuntime(9364): at android.os.Looper.loop(Looper.java:136) E/AndroidRuntime(9364): at android.app.ActivityThread.main(ActivityThread.java:5081) E/AndroidRuntime(9364): at java.lang.reflect.Method.invokeNative(Native Method) E/AndroidRuntime(9364): at java.lang.reflect.Method.invoke(Method.java:515) E/AndroidRuntime(9364): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:781) E/AndroidRuntime(9364): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:597) E/AndroidRuntime(9364): at dalvik.system.NativeStart.main(Native Method) W/ActivityManager(808): Force finishing activity com.kevinforeman.sabconnect/.NZBView More notes: const-string v8, "http://rmccurdy.com/nzb360.php?accountid=" http://nzb360.com/latestversion.html http://nzb360.com/apk/nzb360.apk http://www.djkev.com/android/sabconnect/emailFeedback.php http://nzb360.com/payment/payment_verify.php
  10. Kills all unknown processes to quickly free up memory! tested XP/Win7 * you need admin * exclates to SYSTEM * runs psexec to dump a list processes not in the whitelist * kills all the task that are not in the whitelist http://rmccurdy.com/scripts/quickkill.exe c: cd C:\quickkill wmic process list brief | gawk "{print "PsExec" $2}"| egrep -vi "(conhost\.exe|explorer\.exe|winlogon|Name|System|UI0Detect|WMIC|svchost|lsass|lsm|spoolsv|cmd|smss|csrss|wininit|services\.exe|wdm|cmgshieldsvc|emsservice|emservice)" > out.txt FOR /F "delims==" %%A IN ('type out.txt') DO cax /killall %%A shutdown -a shutdown -a shutdown -a shutdown -a
  11. root@ubuntu:/usr/share/rssdler042/config# cat config.txt [global] downloadDir = /usr/share/rssdler042/config/ workingDir = /usr/share/rssdler042/config log = 5 logFile = /usr/share/rssdler042/config/downloads.log verbose = 5 cookieFile = /usr/share/rssdler042/config/cookies.txt cookieType = MozillaCookieJar scanMins = 10 sleepTime = 2 runOnce = True urllib = True [somesite] link = http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true regExTrue = \d[^\d]+\d regExFalse = (nrg|ccd) download1 = . download1True = False Example .rtorrent.rc rtorrent file : cat ~/.rtorrent.rc schedule = watch_directory,5,5,load_start=/home/mythtv/downloads/complete/RTORRENT/*.torrent session = ~/.session upload_rate = 70 port_range = 55556-55660 directory = /home/mythtv/downloads/complete/RTORRENT/ Example loop Script: #rm downloads.log savedstate.dat daemon.info rssdler -r -c /usr/share/rssdler042/config/config.txt chmod 755 *.torrent move *.torrent /home/mythtv/downloads/complete/RTORRENT/ Example output: root@ubuntu:/usr/share/rssdler042/config# rssdler -r -c /usr/share/rssdler042/config/config.txt INFO --- RSSDler 0.4.2 DEBUG writing daemonInfo INFO [Waking up] Mon Apr 1 18:02:45 2013 DEBUG checking working dir, maybe changing dir INFO Scanning threads INFO finding new downloads in thread somesite DEBUG encoding url http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true DEBUG testing cookieFile settings DEBUG attempting to load cookie type: MozillaCookieJar DEBUG building and installing urllib opener without cookies DEBUG grabbing page at url http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true DEBUG setting ttl DEBUG unQuoteReQuote http://showrss.karmorra.info/r/6f4892260da9069324c94ae5d8d79a38.torrent DEBUG already downloaded http://showrss.karmorra.info/r/6f4892260da9069324c94ae5d8d79a38.torrent DEBUG unQuoteReQuote http://showrss.karmorra.info/r/373406b558b5c4f8710ad2d259ffa9dc.torrent DEBUG already downloaded http://showrss.karmorra.info/r/373406b558b5c4f8710ad2d259ffa9dc.torrent DEBUG unQuoteReQuote http://showrss.karmorra.info/r/da4397ed9df9f2475d36609c66205a26.torrent DEBUG already downloaded http://showrss.karmorra.info/r/da4397ed9df9f2475d36609c66205a26.torrent DEBUG unQuoteReQuote http://showrss.karmorra.info/r/e2bf65b44ac8da445b6080c15466fb9a.torrent DEBUG already downloaded http://showrss.karmorra.info/r/e2bf65b44ac8da445b6080c15466fb9a.torrent DEBUG unQuoteReQuote http://showrss.karmorra.info/r/15ab8999ac01fc4b7a75a9ced74e8127.torrent DEBUG already downloaded http://showrss.karmorra.info/r/15ab8999ac01fc4b7a75a9ced74e8127.torrent INFO Processing took 2 seconds INFO [Complete] Mon Apr 1 18:02:48 2013
  12. So looking for nzb indexer ? email freeload101@REMOVETHISPARTyahoo.com I only have 2 active users including myself :)
  13. Update ccleaner MRU registry paths and file paths ... ya I ripped ccleaner http://www.rmccurdy.com/scripts/quickclean.exe ( SFX you can open with 7-zip.org etc .. ) source: http://www.rmccurdy.com/scripts/quickclean.bat info: rem 12:05 PM 11/26/2012 : updated ccleaner REG and FILE clean urls/paths the ccleaner forms blocked my post on this script ;) rem * open ccleaner.exe with notepad++ and copy all the bits for regkeys and file checks etc ..( at the bottom of the exe ) and save as tmp.txt rem * make reg patch : rem echo REGEDIT4 > ccleaner.reg rem grep HK tmp.txt| grep -v '|' | grep -v Detect | sed -e 's/.*HK/HK/g' -e 's/.*/[-&]/g'|sort|uniq >> ccleaner.reg rem * make file patch: rem grep "^File" tmp.txt | sed -e 's/.*=//g' -e 's/|/\\/g' -e 's/RECURSE//g' -e 's/\\REMOVESELF//g' -e 's/\*\\/\*/g' -e 's/\\$//g' -e 's/^/sdelete -s -p %pass% \"/g' -e 's/$/\"/g' > ccleaner.bat rem 3:20 PM 7/15/2009: removed rd c:\WINDOWS\Installer this broke stuff in office I think rem 9:22 PM 8/2/2007: fixed firefox clean script added c:\WINDOWS\Installer rem 1:37 AM 7/29/2007: no gawk needed thanks to jabzor@binrev ! rem 7:04 PM 7/28/2007: fixed issues woth spaces in login name ( used gwak and dir2.bat ) rem 7:04 PM 7/28/2007: added firefox clean ( see :firefoxclean ) rem 2:12 PM 7/25/2007: fixed run/mtu rem 7:09 AM 5/16/2007: added set passes var,ccleaner ini and delete $ntuninstall rem 5:01 PM 10/21/2005 : fixed %temp% issue recreates %temp% after delete no reboot required rem 1:01 AM 4/25/2006 : added sdelete.exe ( secure delete ) cls echo ============================== echo THE QUICK SECURE CLEANER :: rmccurdy.com :: 3.0 echo UPDATED : 11/26/2012 echo ============================== echo WARNING DO NOT RUN THIS IN SAFE MODE !!! echo Here are some of the files this program will delete echo * deletes %USERNAME% common MTU or history paths ( Run the ccleaner.reg as different user if you like to clean a different users reg keys ) echo * deletes c:\temp echo * Internet explorer temp files for ALL USERS echo * firefox cookies,saved,cache passwords etc for ALL USERS echo * temp folders for ALL USERS echo * old windows updates echo * recycle bin echo * %SystemRoot%\$ntuninstallK ( old windows updates ) echo * %SystemRoot%/$hf_mig$ ( old windows updates ) echo * OPTIONAL: all startup items for ALL USERS echo * OPTIONAL: all outlook mailbox data and everything under 'Local Settings' for ALL USERS pause cls
  14. * sqlninja * Havij 1.15 - Advanced SQL Injection (windows ) * DbVisualizer 7.1.2 best tool ever for windows / sql servers supports mysql oracle db2 sqlite3 and mssql all without installing a bunch of crap ! (85 megs built with thinapp )
  15. <insert flame here> * if you have a computer with the wifi password saved you can recover it google nirsoft wifi * if you do not have the password you can reset it .. duh .. or https://www.cloudcracker.com * mass deauth untill you have to reset the AP * wifi wps hack or what ever the easy connect code button thing is ,,, * you can also setup rouge AP and hijack a probe root the remote host and recover the pass with nirsoft util etc .. now if you are talking about windows password (some talk about NT offline soooo not sure WTF you guys are asking ) use : * mimikatz or WCE.exe or WCE32.exe https://dl.dropbox.com/sh/llw7unn0hlptigj/aC5YSuyosX/masspwdumper.exe?dl=1 ( example input script for mimikatz )
  16. http://g0tmi1k.blogspot.com/ has a post and : http://www.owasp.org/index.php/Phoenix/Tools ========================= LiveCDs Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/ DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/ Test sites / testing grounds SPI Dynamics (live) - http://zero.webappsecurity.com/ Cenzic (live) - http://crackme.cenzic.com/ Watchfire (live) - http://demo.testfire.net/ Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com WebMaven / Buggy Bank - http://www.mavensecurity.com/webmaven Foundstone SASS tools - http://www.foundstone.com/us/resources-free-tools.asp Updated HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/ SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/ HTTP proxying / editing WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Burp - http://www.portswigger.net/ Paros - http://www.parosproxy.org/ Fiddler - http://www.fiddlertool.com/ Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/ Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Suru - http://www.sensepost.com/research/suru/ httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/ Charles - http://www.xk72.com/charles/ Odysseus - http://www.bindshell.net/tools/odysseus Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/ Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/ JS Commander - http://jscmd.rubyforge.org/ Ratproxy - http://code.google.com/p/ratproxy/ RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools Wfuzz - http://www.edge-security.com/wfuzz.php ProxMon - http://www.isecpartners.com/proxmon.html Wapiti - http://wapiti.sourceforge.net/ Grabber - http://rgaucher.info/beta/grabber/ XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm JBroFuzz - http://sourceforge.net/projects/jbrofuzz XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/ WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/ Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/ [TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml RFuzz - http://rfuzz.rubyforge.org/ WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999 TestMaker - http://www.pushtotest.com/Docs/downloads/features.html ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/ WSTool - http://wstool.sourceforge.net/ Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/ Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/ HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/ Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/ PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743 HTTP general testing / fingerprinting Wbox: HTTP testing tool - http://hping.org/wbox/ ht://Check - http://htcheck.sourceforge.net/ Mumsie - http://www.lurhq.com/tools/mumsie.html WebInject - http://www.webinject.org/ Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/ JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/ OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/ Load-balancing detector - http://ge.mine.nu/lbd.html HMAP - http://ujeni.murkyroc.com/hmap/ Net-Square: httprint - http://net-square.com/httprint/ Wpoison: http stress testing - http://wpoison.sourceforge.net/ Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/ rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp Nikto - http://www.cirt.net/code/nikto.shtml twill - http://twill.idyll.org/ DirBuster - http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project [ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip [ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - http://sf.net/projects/hackfox Browser-based HTTP tampering / editing / replaying TamperIE - http://www.bayden.com/Other/ isr-form - http://www.infobyte.com.ar/developments.html Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/ Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/ UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/ TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/ DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/ LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/ Cookie editing / poisoning [TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/ CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/ CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/ CookieSpy - http://www.codeproject.com/shell/cookiespy.asp Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx Ajax and XHR scanning Sahi - http://sahi.co.in/ scRUBYt - http://scrubyt.org/ jQuery - http://jquery.com/ jquery-include - http://www.gnucitizen.org/projects/jquery-include Sprajax - http://www.denimgroup.com/sprajax.html Watir - http://wtr.rubyforge.org/ Watij - http://watij.com/ Watin - http://watin.sourceforge.net/ RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/ SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/ Firebug Lite - http://www.getfirebug.com/lite.html firewaitr - http://code.google.com/p/firewatir/ RSS extensions and caching LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/ rss-cache - http://www.dubfire.net/chris/projects/rss-cache/ SQL injection scanning 0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/ JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html sqlmap - http://sqlmap.sourceforge.net/ Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/ FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas PRIAMOS - http://www.priamos-project.com/ Web application security malware, backdoors, and evil code W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/ Jikto - http://busin3ss.name/jikto-in-the-wild/ XSS Shell - http://ferruh.mavituna.com/article/?1338 XSS-Proxy - http://xss-proxy.sourceforge.net AttackAPI - http://www.gnucitizen.org/projects/attackapi/ FFsniFF - http://azurit.elbiahosting.sk/ffsniff/ HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/ BeEF - http://www.bindshell.net/tools/beef/ Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/ What is my IP address? - http://reglos.de/myaddress/ xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/ Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval Technika - http://www.gnucitizen.org/projects/technika/ Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/ Web application services that aid in web application security assessment Netcraft - http://www.netcraft.net AboutURL - http://www.abouturl.com/ The Scrutinizer - http://www.scrutinizethis.com/ net.toolkit - http://clez.net/ ServerSniff - http://www.serversniff.net/ Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/ Webmaster-Toolkit - http://www.webmaster-toolkit.com/ myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address PHP charset encoding - http://h4k.in/encoding data: URL testcases - http://h4k.in/dataurl Browser-based security fuzzing / checking Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/ Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/ TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html COMRaider - http://labs.idefense.com bcheck - http://bcheck.scanit.be/bcheck/ Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/ Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7 Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/ Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/ Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324 About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/ Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1 WebPageFingerprint - Light-weight Greasemonkey Fuzzer - http://userscripts.org/scripts/show/30285 PHP static analysis and file inclusion scanning PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/ Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25 PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit PHP Defensive Tools PHPInfoSec - Check phpinfo configuration for security - http://phpsec.org/projects/phpsecinfo/ A Greasemonkey Replacement can be found at http://yehg.net/lab/#tools.greasemonkey Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. http://code.google.com/p/ddos-shield/ PHPMySpamFIGHTER - http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/ dotnetids - http://code.google.com/p/dotnetids/ Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html Remo: whitelist rule editor for mod_security - http://remo.netnea.com/ GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/ mod_security rules generator - http://noeljackson.com/tools/modsecurity/ Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3 [TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99 Akismet: blog spam defense - http://akismet.com/ Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/ Web services enumeration / scanning / fuzzing WebServiceStudio2.0 - http://www.codeplex.com/WebserviceStudio Net-square: wsChess - http://net-square.com/wschess/index.shtml WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html Web application non-specific static source-code analysis Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/ Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1 Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/ A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html A smaller, but also good list - http://spinroot.com/static/ Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. http://www.yasca.org/ Static analysis for C/C++ (CGI, ISAPI, etc) in web applications RATS - http://www.securesoftware.com/resources/download_rats.html ITS4 - http://www.cigital.com/its4/ FlawFinder - http://www.dwheeler.com/flawfinder/ Splint - http://www.splint.org/ Uno - http://spinroot.com/uno/ BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net Valgrind - http://www.valgrind.org/ Java static analysis, security frameworks, and web application security tools LAPSE - http://suif.stanford.edu/~livshits/work/lapse/ HDIV Struts - http://hdiv.org/ Orizon - http://sourceforge.net/projects/orizon/ FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/ PMD - http://pmd.sourceforge.net/ CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/ EMMA - http://emma.sourceforge.net/ JLint - http://jlint.sourceforge.net/ Java PathFinder - http://javapathfinder.sourceforge.net/ Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/ Checkstyle - http://checkstyle.sourceforge.net/ Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver tinapoc - http://sourceforge.net/projects/tinapoc jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html Solex - http://solex.sourceforge.net/ Java Explorer - http://metal.hurlant.com/jexplore/ HTTPClient - http://www.innovation.ch/java/HTTPClient/ another HttpClient - http://jakarta.apache.org/commons/httpclient/ a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET * Visual Studio 2008 Code Analysis, available in: o VSTS 2008 Development Edition (http://msdn.microsoft.com/vsts2008/products/bb933752.aspx) and o VSTS 2008 Team Suite (http://msdn.microsoft.com/vsts2008/products/bb933735.aspx) * Visual Studio 2005 Code Analyzer, available in: o Visual Studio 2005 Team Edition for Software Developers (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx) o Visual Studio 2005 Team Suite (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx) * Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx * FxCop: o (blog) http://blogs.msdn.com/fxcop/ o (download) http://code.msdn.microsoft.com/codeanalysis * Microsoft internal tools you can't have yet: o http://www.microsoft.com/windows/cse/pa_projects.mspx o http://research.microsoft.com/Pex/ o http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf Threat modeling Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php Octotrike - http://www.octotrike.org/ Add-ons for Firefox that help with general web application security Web Developer Toolbar - https://addons.mozilla.org/firefox/60/ Plain Old Webserver (POW) - https://addons.mozilla.org/firefox/3002/ XML Developer Toolbar - https://addons.mozilla.org/firefox/2897/ Public Fox - https://addons.mozilla.org/firefox/3911/ XForms Buddy - http://beaufour.dk/index.php?sec=misc&pagename=xforms MR Tech Local Install - http://www.mrtech.com/extensions/local_install/ Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html IE Tab - https://addons.mozilla.org/firefox/1419/ User-Agent Switcher - https://addons.mozilla.org/firefox/59/ ServerSwitcher - https://addons.mozilla.org/firefox/2409/ HeaderMonitor - https://addons.mozilla.org/firefox/575/ RefControl - https://addons.mozilla.org/firefox/953/ refspoof - https://addons.mozilla.org/firefox/667/ No-Referrer - https://addons.mozilla.org/firefox/1999/ LocationBar^2 - https://addons.mozilla.org/firefox/4014/ SpiderZilla - http://spiderzilla.mozdev.org/ Slogger - https://addons.mozilla.org/en-US/firefox/addon/143 Fire Encrypter - https://addons.mozilla.org/firefox/3208/ Add-ons for Firefox that help with Javascript and Ajax web application security Selenium IDE - http://www.openqa.org/selenium-ide/ Firebug - http://www.joehewitt.com/software/firebug/ Venkman - http://www.mozilla.org/projects/venkman/ Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/ Greasemonkey - http://www.greasespot.net/ Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/ User script compiler - http://arantius.com/misc/greasemonkey/script-compiler Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/ Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/ Bookmarklets that aid in web application security RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html BMlets - http://optools.awardspace.com/bmlet.html Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/ Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - http://www.blummy.com/ Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/ OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/ SSL certificate checking / scanning [ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip [ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/ Honeyclients, Web Application, and Web Proxy honeypots Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/ HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/ Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/ Google Hack Honeypot - http://ghh.sourceforge.net/ PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/ SpyBye - http://www.monkey.org/~provos/spybye/ Honeytokens - http://www.securityfocus.com/infocus/1713 Blackhat SEO and maybe some whitehat SEO SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/ SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html SEOQuake (Firefox Add-on) - http://www.seoquake.com/ Footprinting for web application security Evolution - http://www.paterva.com/evolution-e.html GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/ Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/ Edge-Security tools - http://www.edge-security.com/soft.php Fierce Domain Scanner - http://ha.ckers.org/fierce/ Googlegath - http://www.nothink.org/perl/googlegath/ Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/ Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/ CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/ BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/ TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/ DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/ Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/ Database security assessment Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/ Browser Defenses DieHard - http://www.diehard-software.org/ LocalRodeo (Firefox Add-on) - http://databasement.net/labs/localrodeo/ NoMoXSS - http://www.seclab.tuwien.ac.at/projects/jstaint/ Request Rodeo - http://savannah.nongnu.org/projects/requestrodeo FlashBlock (Firefox Add-on) - http://flashblock.mozdev.org/ CookieSafe (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2497 NoScript (Firefox Add-on) - http://www.noscript.net/ FormFox (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1579/ Adblock (Firefox Add-on) - http://adblock.mozdev.org/ httpOnly in Firefox (Firefox Add-on) - http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html SafeCache (Firefox Add-on) - http://www.safecache.com/ SafeHistory (Firefox Add-on) - http://www.safehistory.com/ PrefBar (Firefox Add-on) - http://prefbar.mozdev.org/ All-in-One Sidebar (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1027/ QArchive.org web file checker (Firefox Add-on) - https://addons.mozilla.org/firefox/4115/ Update Notified (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2098/ FireKeeper - http://firekeeper.mozdev.org/ Greasemonkey: XSS Malware Script Detector - http://yehg.net/lab/#tools.greasemonkey Browser Privacy TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/ Privacy Bird - http://www.privacybird.com/ Application and protocol fuzzing (random instead of targeted) Sulley - http://fuzzing.org/ taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/ zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/ autodaf¨¦: an act of software torture - http://autodafe.sourceforge.net/ EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html Subject: Infosec Learning Free Information Security Learning https://class.coursera.org/inforiskman-2012-001/auth/welcome?type=logout&visiting=%2Finforiskman-2012-001%2Fclass%2Findex http://blackhatacademy.net/ http://hackademy.hackaserver.com/login/index.php Learning Sheet http://pentest.cryptocity.net/careers/ Compiled List of vuln os http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/ http://bailey.st/blog/2010/11/30/linux-penetration-testing-distributions-list/ http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/ vuln os https://www.pentesterlab.com/ http://forums.heorot.net/viewtopic.php?f=15&t=189 http://pentestlab.org/ http://www.kioptrix.com/blog/ http://exploit.co.il/projects/vuln-web-app/ http://sourceforge.net/projects/virtualhacking/?source=recommended http://sourceforge.net/projects/null-gameover/?source=recommended http://sourceforge.net/projects/holynix/?source=directory http://sourceforge.net/projects/lampsecurity/?source=directory http://sourceforge.net/projects/matriux/ http://sourceforge.net/projects/torbox/?source=directory http://sourceforge.net/projects/remnux/?source=directory http://sourceforge.net/projects/vicnum/?source=recommended http://sourceforge.net/projects/livehacking/ http://sourceforge.net/projects/samurai/ http://sourceforge.net/projects/nodezero/ http://sourceforge.net/projects/blackbuntu/ http://sourceforge.net/projects/virtualhacking/files/os/de-ice/ http://sourceforge.net/projects/lampsecurity/files/ Onlne Labs https://www.hacking-lab.com/Remote_Sec_Lab/livecd.html http://www.enigmagroup.org/ http://www.hackthissite.org/ http://www.hellboundhackers.org/ http://www.hackerslab.org/eorg/index.html http://haxme.org/ http://www.dareyourmind.net/ http://www.try2hack.nl/ http://www.astalavista.com/ https://www.pentesterlab.com/exercises Online CTF's http://hackergames.net/ http://www.overthewire.org/wargames/ http://www.zeroidentity.org/ http://www.smashthestack.org/index.php
  17. use ulrtavnc's repeater i setup two ports and use single click server exe example rmccurdy.com/scripts/quickvnc.exe open with 7-zip.org its a SFX it has hidden persistent connectoins etc .. * setup repater on port 21 and 80 * run vnc single click to route to 80 * then run android VNC client to port 21 and put in the repeater IP::PORT and the ID:##### ( in my case the ID is randomly generated ) * exampe repeater config : http://rmccurdy.com/scripts/uvncrepeater.ini useing a repeater or "gateway based" VNC connectoin you dont need to do any port forwardiong on the client or server side it all gos over your server on two ports you set.. contact me if you need any help setting it up
  18. Mimikatz works but I have been also useing wce.exe and wce32.exe with the -w switch http://www.ampliasecurity.com/research/wcefaq.html#curversion 09/26/2012 - split up fu and fu ripp ... fu.txt and fu_ripp.txt. also updated masspwdumper.exe to include wce.exe (windows credential editor) 08/27/2012 - fu.txt oclHashcat-plus fu .. I know right... my fu.txt is getting out of hand. 08/19/2012 - quickkill.exe Kills all unknown processes to quickly free up memory! tested XP/Win7 BEFORE 80 .. after 48 07/3/2012 - BREAKOUT This app will atempt to BREAK OUT of protected networks by using input IP,PORT as HTTP and SOCKS proxies 06/10/2012 - 650KB/s over open proxies with downloadthemall/rmccurdy.com/scripts/proxy/proxychains.conf I will update the proxycheck script to include thist bit later. 05/22/2012 - some command line fu # set power profile via command line Powercfg.exe /SETACTIVE "Always On" Powercfg.exe /SETACTIVE "Max Battery" #Remove the .NET Credentials (Stored User names and Passwords) Control keymgr.dll 04/24/2012 - Client_Enumeration_Java_Adobe_Reader_flash.zip Client side HTML/Java code to enumerate Java, Adobe Reader and Flash Versions 04/24/2012 - Openvas in Ubuntu echo 'GSA_HTTP_ONLY=1' >> /etc/default/greenbone-security-assistant /etc/init.d/greenbone-security-assistant [ "$GSA_HTTP_ONLY" ] && [ "$GSA_HTTP_ONLY" = 1 ] && DAEMONOPTS="$DAEMONOPTS --http-only" remove src from sources list along with matching the /etc/lsb-release ver too add-apt-repository "deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.XX/ ./" grep -ia open /etc/apt/sources.list deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/ ./ #deb-src http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/ ./ if you still have issues just run 'killall gsad;sleep 5;gsad --http-only --listen=127.0.0.1 -p 9392 watch -d 'ps axuwww|grep nasl|grep -v grep' view source omp -h 127.0.0.1 -p 9390 -u admin -w password -X "$RANDOM`cat in|sed 's/$/,/g'|tr -d '\n'`" 04/18/2012 - update_nmap_oracle_sids_userpass.exe # sid enum using nmap and metasploits sid.txt 1307 sids in ~8 seconds nmap -n --script=oracle-sid-brute -p 1521-1560 192.168.1.141 # try 1255 user/pass # requires valid SID ( default is XE ) # Performed 1245 guesses in 3 seconds, average tps: 415 nmap --script oracle-brute -p 1521-1560 --script-args oracle-brute.sid=XE -n 192.168.1.141 # oracle shell using OAT Oracle Audit Tool ose.bat -s 192.168.1.141 -u SYS -p CHANGE_ON_INSTALL -d XE -t Windows 04/17/2012 - Metasploit with Oracle ! ------------------------------------------------------------------------------------- following :http://www.metasploit.com/redmine/projects/framework/wiki/OracleUsage 2:10 PM 4/17/2012 ------------------------------------------------------------------------------------- # Remove ruby using apt or synaptic etc .. apt-get remove ruby # update and install 1.9.1 dev apt-get update apt-get install ruby1.9.1-dev -y mkdir /opt mkdir /opt/oracle # copy zips to /opt/oracle cp *.zip /opt/oracle cd /opt/oracle unzip basic-10.2.0.5.0-linux.zip unzip sdk-10.2.0.5.0-linux.zip unzip sqlplus-10.2.0.5.0-linux.zip cd instantclient_10_2/ ln -s libclntsh.so.10.1 libclntsh.so # add this to ~/.bashrc and also type it in current shell export PATH=$PATH:/opt/oracle/instantclient_10_2 export SQLPATH=/opt/oracle/instantclient_10_2 export TNS_ADMIN=/opt/oracle/instantclient_10_2 export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2 export ORACLE_HOME=/opt/oracle/instantclient_10_2 # wget http://rubyforge.org/frs/download.php/65896/ruby-oci8-2.0.3.tar.gz tar xvzf ruby-oci8-2.0.3.tar.gz cd ruby-oci8-2.0.3/ LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2/ export LD_LIBRARY_PATH make make install # download msf .run bin installer # I had to edit the /pentest/exploits/framework/.svn/entries and add www. to the file so you could run svn update cd /pentest/exploits/framework/ svn update # run MSFconsole from /pentest/exploits/framework/ not the init scipt this will allow for use of YOUR env and not the static one for MSF binary cd /pentest/exploits/framework/ ./msfconsole #from msfconsole install ruby-oci8 gem gem install ruby-oci8 If you still get the missing OCI error it is all ruby the oracle client loads after # oracle_login needs nmap > 5.50 ! wget http://nmap.org/dist/nmap-5.51.tgz tar -xvf nmap-5.51.tgzm cd nmap-5.51 ./configure make make install ln -s /usr/local/bin/nmap /usr/bin/nmap --------------- msf stuff --------- # as always you can spool log.log to save logfile or use screen -L # brutes ~576 sids will eat targets file use auxiliary/scanner/oracle/sid_brute set RHOSTS file://home/rmccurdy/oracle run back # This module attempts to authenticate 568 line USERPASS_FILE list # requires SID use auxiliary/scanner/oracle/oracle_login set RPORTS 1521 set RHOSTS file://home/rmccurdy/oracle set SID XE run back # needs oci !!! # This module uses a ~598 line list of well known default authentication credentials to discover easily guessed accounts. use auxiliary/admin/oracle/oracle_login set RHOSTS file://home/rmccurdy/oracle set RPORTS 1521 run back # needs oci !!! # needs full login/password/sid audits database and or user # https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/oraenum.rb use auxiliary/admin/oracle/oraenum set RHOST 127.0.0.1 set DBPASS TIGER set DBUSER SCOTT set SID ORCL run back 04/17/2012 - Configuring the Scrollback Buffer By default, the scrollback buffer only keeps the last 100 lines of text, which is not enough for my typical interaction with Screen. I’ve found a setting of 5000 lines to be more than adequate for my usage. The number of scrollback lines can be configured in your $HOME/.screenrc file, by adding the following line: defscrollback 5000 04/16/2012 - Block Facebook with Adblock Plus! : Make new custom filter and add these three filters: ||facebook.com$domain=~www.facebook.com ||facebook.net$domain=~www.facebook.com ||fbcdn.net$domain=~www.facebook.com
  19. 06/10/2012 - 650KB/s over open proxies with downloadthemall/rmccurdy.com/scripts/proxy/proxychains.conf I will update the proxycheck script to include thist bit later.
  20. 11:10 AM 7/19/2012 *New Disney Pirates game I played for two days before this 'testing' *Using DROIDPROXY ( type HTTP ) / burpesuite CA per host *Set phone in airplane mode ( just in case it forces 3G etc ) *In Firefox downloaded generated CA and imported into phone via ‘adb push www.google.com.crt /excad/’ ( not sure if it even matters in this case.. as the post seem to be going over HTTP !?! ) *Rooted android phone Replaing a HTTP POST from unlocking chest I get “ users request is old”: Changing HTTP POST PostStamp numbers I get “NON VALID SIGNATURE” Replace response from the HTTP POST from the server to 999: WINNING ! I will most likely get banned shortly .. ( I was ban about 20min after ;/) … most online games ban for this type of “PUSHING” when a high level pushes or gives items/currency to low level user…
  21. google uber 1337 portable 2012
  22. 650KB/s over open proxies with downloadthemall / rmccurdy.com/scripts/proxy/proxychains.conf I will update the proxycheck script to include this bit later. like always rmccurdy.com/scripts/proxy/good.txt should include these.
×
×
  • Create New...