operat0r_001
-
Posts
327 -
Joined
-
Last visited
-
Days Won
1
Posts posted by operat0r_001
-
-
UPDATED : YouTube Forced HTML5 player that broke adblock
-
From what I can tell there is no 'easy' way to set file associations in windows. It has always been a pain because you have system level associations and user level associations for EVERY USER on the system... anyway lets stop Windows Media Player for GOOD.
Sick of Windows Media Player always popping up when you click any media? Maybe you have more than one login or app that constantly tries to take over your file associations? Use this script to set them right!
Run as administrator to reset Windows Media Player extensions it hijacks:
http://rmccurdy.com/scripts/ ftype_wipe.exe
These include: .MMS,.WTV,.3G2,.3GP,.ADTS,.AIFF,.ASF,.ASX,.AU,.AVI,.CDA,.M2TS,.m3u,.M4A,.MIDI,.mov,.mp3,.mp4,.MPEG,.TTS,.WAV,.WAX,.wma,.WMD,.WMS,.WMV,.WMZ,.WPL,.WVX
Example of command line I use to set file associations:
http://rmccurdy.com/scripts/ acc.bat.txt
Source code to the binary that is just a 7-zip SFX Self Extracting zip with a Windows Batch file in it :
http://rmccurdy.com/scripts/ ftype_wipe.bat.txt -
-
So ya duh .. updated to kill firefox first before it does anything as if flash is in use you can't delete it ..
the ping 123.123.123.123 is lazy way to do a sleep or timer back in my day :) so I still use it today
-
Here we go again! Updated Flash or Firefox at some point it broke blocking ads. What I found is that YouTube was forcing HTML5 and not flash.
Plugin to fix HTML5 on YouTube:
https://addons.mozilla.org/en-us/firefox/addon/youtube-flash-player/
Grease Monkey script to block YouTube ads and Annotations (YousableTubeFix):
http://userscripts-mirror.org/scripts/show/13333
My FU-LASH update script (Portable Firefox users) :
http://rmccurdy.com/scripts/ FU-LASH.EXE
Post on blocking ADS and Annotations on YouTube for ANDROID:
-
-
* I can't get it to open just decompile/recompiling the APK
* http://nzb360.com/apk/nzb360.apk
* I set it to 4.0 and 4.0.3 get the same errors .. ( based on targetSdkVersion and sdkVersion ) see : developer.android.com/reference/android/os/Build.VERSION_CODES.html
* all I like to try is replace url accountstatus.php in \sabconnect\helpers\NZB360LicenseAPI to something else for POC testing
* may need more then just URL patch.. I would assume .. lots of stuff the APK around license etc ..
Here is a dump of the APK info:
aapt dump badging c:\delete\nzb360.apk package: name='com.kevinforeman.sabconnect' versionCode='70' versionName='8.2' uses-permission:'android.permission.INTERNET' uses-permission:'android.permission.ACCESS_NETWORK_STATE' uses-permission:'android.permission.WRITE_EXTERNAL_STORAGE' uses-permission:'android.permission.WAKE_LOCK' uses-permission:'android.permission.ACCESS_WIFI_STATE' uses-permission:'android.permission.GET_ACCOUNTS' sdkVersion:'10' targetSdkVersion:'15' application: label='NZB 360' icon='res/drawable-hdpi/sabconnect_icon.png' launchable activity name='com.kevinforeman.sabconnect.StartupLauncher'label='NZB 360' icon='' uses-feature:'android.hardware.wifi' uses-feature:'android.hardware.touchscreen' main other-activities other-services supports-screens: 'small' 'normal' 'large' 'xlarge' supports-any-density: 'true' locales: '--_--' 'ja' 'de' 'he' 'zh' 'fi' 'nl' 'pl' 'ko' 'ro' 'ar' 'fr' 'cs' 'es' 'it' 'pt' 'ru' 'iw' 'pt_BR' densities: '120' '160' '240' '320'
Here is a dump of the errors on crash:
E/AndroidRuntime(9364): FATAL EXCEPTION: main E/AndroidRuntime(9364): Process: com.kevinforeman.sabconnect, PID: 9364 E/AndroidRuntime(9364): java.io.IOException: Resource not found: "org/joda/time/tz/data/ZoneInfoMap" ClassLoader: dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.kevinforeman.sabconnect-1.apk"],nativeLibraryDirectories=[/data/app-lib/com.kevinforeman.sabconnect-1, /vendor/lib, /system/lib]]] E/AndroidRuntime(9364): at org.joda.time.tz.ZoneInfoProvider.openResource(ZoneInfoProvider.java:211) E/AndroidRuntime(9364): at org.joda.time.tz.ZoneInfoProvider.<init>(ZoneInfoProvider.java:123) E/AndroidRuntime(9364): at org.joda.time.tz.ZoneInfoProvider.<init>(ZoneInfoProvider.java:82) E/AndroidRuntime(9364): at org.joda.time.DateTimeZone.getDefaultProvider(DateTimeZone.java:462) E/AndroidRuntime(9364): at org.joda.time.DateTimeZone.setProvider0(DateTimeZone.java:416) E/AndroidRuntime(9364): at org.joda.time.DateTimeZone.<clinit>(DateTimeZone.java:115) E/AndroidRuntime(9364): at org.joda.time.chrono.GregorianChronology.<clinit>(GregorianChronology.java:71) E/AndroidRuntime(9364): at org.joda.time.chrono.ISOChronology.<clinit>(ISOChronology.java:66) E/AndroidRuntime(9364): at org.joda.time.DateTimeUtils.getChronology(DateTimeUtils.java:253) E/AndroidRuntime(9364): at org.joda.time.convert.AbstractConverter.getChronology(AbstractConverter.java:82) E/AndroidRuntime(9364): at org.joda.time.base.BaseDateTime.<init>(BaseDateTime.java:170) E/AndroidRuntime(9364): at org.joda.time.DateTime.<init>(DateTime.java:241) E/AndroidRuntime(9364): at com.kevinforeman.sabconnect.helpers.NZB360LicenseAPI.UpdateLicense(NZB360LicenseAPI.java:49) E/AndroidRuntime(9364): at com.kevinforeman.sabconnect.helpers.NZB360LicenseAPI.UpdateLicense(NZB360LicenseAPI.java:35) E/AndroidRuntime(9364): at com.kevinforeman.sabconnect.helpers.NZB360Activity.onResume(NZB360Activity.java:314) E/AndroidRuntime(9364): at com.kevinforeman.sabconnect.NZBView.onResume(NZBView.java:546) E/AndroidRuntime(9364): at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1192) E/AndroidRuntime(9364): at android.app.Activity.performResume(Activity.java:5310) E/AndroidRuntime(9364): at android.app.ActivityThread.performResumeActivity(ActivityThread.java:2798) E/AndroidRuntime(9364): at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:2837) E/AndroidRuntime(9364): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2270) E/AndroidRuntime(9364): at android.app.ActivityThread.access$800(ActivityThread.java:145) E/AndroidRuntime(9364): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1206) E/AndroidRuntime(9364): at android.os.Handler.dispatchMessage(Handler.java:102) E/AndroidRuntime(9364): at android.os.Looper.loop(Looper.java:136) E/AndroidRuntime(9364): at android.app.ActivityThread.main(ActivityThread.java:5081) E/AndroidRuntime(9364): at java.lang.reflect.Method.invokeNative(Native Method) E/AndroidRuntime(9364): at java.lang.reflect.Method.invoke(Method.java:515) E/AndroidRuntime(9364): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:781) E/AndroidRuntime(9364): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:597) E/AndroidRuntime(9364): at dalvik.system.NativeStart.main(Native Method) W/ActivityManager(808): Force finishing activity com.kevinforeman.sabconnect/.NZBView
More notes:
const-string v8, "http://rmccurdy.com/nzb360.php?accountid=" http://nzb360.com/latestversion.html http://nzb360.com/apk/nzb360.apk http://www.djkev.com/android/sabconnect/emailFeedback.php http://nzb360.com/payment/payment_verify.php
-
err CMGShield even ..
-
Looking for more security chans that are not DEAD to hang out in..Hak5 is ok and 2600 but im looking for 2 more
-
Kills all unknown processes to quickly free up memory! tested XP/Win7
* you need admin
* exclates to SYSTEM
* runs psexec to dump a list processes not in the whitelist
* kills all the task that are not in the whitelist
http://rmccurdy.com/scripts/quickkill.exe
c: cd C:\quickkill wmic process list brief | gawk "{print "PsExec" $2}"| egrep -vi "(conhost\.exe|explorer\.exe|winlogon|Name|System|UI0Detect|WMIC|svchost|lsass|lsm|spoolsv|cmd|smss|csrss|wininit|services\.exe|wdm|cmgshieldsvc|emsservice|emservice)" > out.txt FOR /F "delims==" %%A IN ('type out.txt') DO cax /killall %%A shutdown -a shutdown -a shutdown -a shutdown -a -
root@ubuntu:/usr/share/rssdler042/config# cat config.txt
[global]
downloadDir = /usr/share/rssdler042/config/
workingDir = /usr/share/rssdler042/config
log = 5
logFile = /usr/share/rssdler042/config/downloads.log
verbose = 5
cookieFile = /usr/share/rssdler042/config/cookies.txt
cookieType = MozillaCookieJar
scanMins = 10
sleepTime = 2
runOnce = True
urllib = True
[somesite]
link = http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true
regExTrue = \d[^\d]+\d
regExFalse = (nrg|ccd)
download1 = .
download1True = False
Example .rtorrent.rc rtorrent file :
cat ~/.rtorrent.rc
schedule = watch_directory,5,5,load_start=/home/mythtv/downloads/complete/RTORRENT/*.torrent
session = ~/.session
upload_rate = 70
port_range = 55556-55660
directory = /home/mythtv/downloads/complete/RTORRENT/
Example loop Script:
#rm downloads.log savedstate.dat daemon.info
rssdler -r -c /usr/share/rssdler042/config/config.txt
chmod 755 *.torrent
move *.torrent /home/mythtv/downloads/complete/RTORRENT/
Example output:
root@ubuntu:/usr/share/rssdler042/config# rssdler -r -c /usr/share/rssdler042/config/config.txt
INFO --- RSSDler 0.4.2
DEBUG writing daemonInfo
INFO [Waking up] Mon Apr 1 18:02:45 2013
DEBUG checking working dir, maybe changing dir
INFO Scanning threads
INFO finding new downloads in thread somesite
DEBUG encoding url http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true
DEBUG testing cookieFile settings
DEBUG attempting to load cookie type: MozillaCookieJar
DEBUG building and installing urllib opener without cookies
DEBUG grabbing page at url http://showrss.karmorra.info/rss.php?user_id=126337&hd=1&proper=1&namespaces=true
DEBUG setting ttl
DEBUG unQuoteReQuote http://showrss.karmorra.info/r/6f4892260da9069324c94ae5d8d79a38.torrent
DEBUG already downloaded http://showrss.karmorra.info/r/6f4892260da9069324c94ae5d8d79a38.torrent
DEBUG unQuoteReQuote http://showrss.karmorra.info/r/373406b558b5c4f8710ad2d259ffa9dc.torrent
DEBUG already downloaded http://showrss.karmorra.info/r/373406b558b5c4f8710ad2d259ffa9dc.torrent
DEBUG unQuoteReQuote http://showrss.karmorra.info/r/da4397ed9df9f2475d36609c66205a26.torrent
DEBUG already downloaded http://showrss.karmorra.info/r/da4397ed9df9f2475d36609c66205a26.torrent
DEBUG unQuoteReQuote http://showrss.karmorra.info/r/e2bf65b44ac8da445b6080c15466fb9a.torrent
DEBUG already downloaded http://showrss.karmorra.info/r/e2bf65b44ac8da445b6080c15466fb9a.torrent
DEBUG unQuoteReQuote http://showrss.karmorra.info/r/15ab8999ac01fc4b7a75a9ced74e8127.torrent
DEBUG already downloaded http://showrss.karmorra.info/r/15ab8999ac01fc4b7a75a9ced74e8127.torrent
INFO Processing took 2 seconds
INFO [Complete] Mon Apr 1 18:02:48 2013
-
So looking for nzb indexer ? email freeload101@REMOVETHISPARTyahoo.com I only have 2 active users including myself :)
-
Update ccleaner MRU registry paths and file paths ... ya I ripped ccleaner
http://www.rmccurdy.com/scripts/quickclean.exe ( SFX you can open with 7-zip.org etc .. )
source: http://www.rmccurdy.com/scripts/quickclean.bat
info:
rem 12:05 PM 11/26/2012 : updated ccleaner REG and FILE clean urls/paths the ccleaner forms blocked my post on this script ;) rem * open ccleaner.exe with notepad++ and copy all the bits for regkeys and file checks etc ..( at the bottom of the exe ) and save as tmp.txt rem * make reg patch : rem echo REGEDIT4 > ccleaner.reg rem grep HK tmp.txt| grep -v '|' | grep -v Detect | sed -e 's/.*HK/HK/g' -e 's/.*/[-&]/g'|sort|uniq >> ccleaner.reg rem * make file patch: rem grep "^File" tmp.txt | sed -e 's/.*=//g' -e 's/|/\\/g' -e 's/RECURSE//g' -e 's/\\REMOVESELF//g' -e 's/\*\\/\*/g' -e 's/\\$//g' -e 's/^/sdelete -s -p %pass% \"/g' -e 's/$/\"/g' > ccleaner.bat rem 3:20 PM 7/15/2009: removed rd c:\WINDOWS\Installer this broke stuff in office I think rem 9:22 PM 8/2/2007: fixed firefox clean script added c:\WINDOWS\Installer rem 1:37 AM 7/29/2007: no gawk needed thanks to jabzor@binrev ! rem 7:04 PM 7/28/2007: fixed issues woth spaces in login name ( used gwak and dir2.bat ) rem 7:04 PM 7/28/2007: added firefox clean ( see :firefoxclean ) rem 2:12 PM 7/25/2007: fixed run/mtu rem 7:09 AM 5/16/2007: added set passes var,ccleaner ini and delete $ntuninstall rem 5:01 PM 10/21/2005 : fixed %temp% issue recreates %temp% after delete no reboot required rem 1:01 AM 4/25/2006 : added sdelete.exe ( secure delete ) cls echo ============================== echo THE QUICK SECURE CLEANER :: rmccurdy.com :: 3.0 echo UPDATED : 11/26/2012 echo ============================== echo WARNING DO NOT RUN THIS IN SAFE MODE !!! echo Here are some of the files this program will delete echo * deletes %USERNAME% common MTU or history paths ( Run the ccleaner.reg as different user if you like to clean a different users reg keys ) echo * deletes c:\temp echo * Internet explorer temp files for ALL USERS echo * firefox cookies,saved,cache passwords etc for ALL USERS echo * temp folders for ALL USERS echo * old windows updates echo * recycle bin echo * %SystemRoot%\$ntuninstallK ( old windows updates ) echo * %SystemRoot%/$hf_mig$ ( old windows updates ) echo * OPTIONAL: all startup items for ALL USERS echo * OPTIONAL: all outlook mailbox data and everything under 'Local Settings' for ALL USERS pause cls
-
* sqlninja
* Havij 1.15 - Advanced SQL Injection (windows )
* DbVisualizer 7.1.2 best tool ever for windows / sql servers supports mysql oracle db2 sqlite3 and mssql all without installing a bunch of crap ! (85 megs built with thinapp )
-
<insert flame here>
* if you have a computer with the wifi password saved you can recover it google nirsoft wifi
* if you do not have the password you can reset it .. duh .. or https://www.cloudcracker.com
* mass deauth untill you have to reset the AP
* wifi wps hack or what ever the easy connect code button thing is ,,,
* you can also setup rouge AP and hijack a probe root the remote host and recover the pass with nirsoft util etc ..
now if you are talking about windows password (some talk about NT offline soooo not sure WTF you guys are asking ) use :
* mimikatz or WCE.exe or WCE32.exe
https://dl.dropbox.com/sh/llw7unn0hlptigj/aC5YSuyosX/masspwdumper.exe?dl=1 ( example input script for mimikatz )
-
http://g0tmi1k.blogspot.com/ has a post and :
http://www.owasp.org/index.php/Phoenix/Tools
=========================
LiveCDs
Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/
DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/
Test sites / testing grounds
SPI Dynamics (live) - http://zero.webappsecurity.com/
Cenzic (live) - http://crackme.cenzic.com/
Watchfire (live) - http://demo.testfire.net/
Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
WebMaven / Buggy Bank - http://www.mavensecurity.com/webmaven
Foundstone SASS tools - http://www.foundstone.com/us/resources-free-tools.asp
Updated HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator
Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/
HTTP proxying / editing
WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp - http://www.portswigger.net/
Paros - http://www.parosproxy.org/
Fiddler - http://www.fiddlertool.com/
Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
Suru - http://www.sensepost.com/research/suru/
httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/
Charles - http://www.xk72.com/charles/
Odysseus - http://www.bindshell.net/tools/odysseus
Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/
Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/
JS Commander - http://jscmd.rubyforge.org/
Ratproxy - http://code.google.com/p/ratproxy/
RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools
Wfuzz - http://www.edge-security.com/wfuzz.php
ProxMon - http://www.isecpartners.com/proxmon.html
Wapiti - http://wapiti.sourceforge.net/
Grabber - http://rgaucher.info/beta/grabber/
XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py
CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
JBroFuzz - http://sourceforge.net/projects/jbrofuzz
XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/
WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/
Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
[TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz
RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter
screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html
SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml
RFuzz - http://rfuzz.rubyforge.org/
WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999
TestMaker - http://www.pushtotest.com/Docs/downloads/features.html
ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/
WSTool - http://wstool.sourceforge.net/
Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/
Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/
Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/
PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743
HTTP general testing / fingerprinting
Wbox: HTTP testing tool - http://hping.org/wbox/
ht://Check - http://htcheck.sourceforge.net/
Mumsie - http://www.lurhq.com/tools/mumsie.html
WebInject - http://www.webinject.org/
Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/
JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/
OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/
Load-balancing detector - http://ge.mine.nu/lbd.html
HMAP - http://ujeni.murkyroc.com/hmap/
Net-Square: httprint - http://net-square.com/httprint/
Wpoison: http stress testing - http://wpoison.sourceforge.net/
Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml
hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/
rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp
Nikto - http://www.cirt.net/code/nikto.shtml
twill - http://twill.idyll.org/
DirBuster - http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
[ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip
[ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html
HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - http://sf.net/projects/hackfox
Browser-based HTTP tampering / editing / replaying
TamperIE - http://www.bayden.com/Other/
isr-form - http://www.infobyte.com.ar/developments.html
Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/
Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/
UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/
TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/
DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/
LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/
Cookie editing / poisoning
[TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz
Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/
CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/
CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/
CookieSpy - http://www.codeproject.com/shell/cookiespy.asp
Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx
Ajax and XHR scanning
Sahi - http://sahi.co.in/
scRUBYt - http://scrubyt.org/
jQuery - http://jquery.com/
jquery-include - http://www.gnucitizen.org/projects/jquery-include
Sprajax - http://www.denimgroup.com/sprajax.html
Watir - http://wtr.rubyforge.org/
Watij - http://watij.com/
Watin - http://watin.sourceforge.net/
RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/
SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/
Firebug Lite - http://www.getfirebug.com/lite.html
firewaitr - http://code.google.com/p/firewatir/
RSS extensions and caching
LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/
rss-cache - http://www.dubfire.net/chris/projects/rss-cache/
SQL injection scanning
0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php
SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/
JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html
BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
sqlmap - http://sqlmap.sourceforge.net/
Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/
FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas
PRIAMOS - http://www.priamos-project.com/
Web application security malware, backdoors, and evil code
W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/
Jikto - http://busin3ss.name/jikto-in-the-wild/
XSS Shell - http://ferruh.mavituna.com/article/?1338
XSS-Proxy - http://xss-proxy.sourceforge.net
AttackAPI - http://www.gnucitizen.org/projects/attackapi/
FFsniFF - http://azurit.elbiahosting.sk/ffsniff/
HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/
BeEF - http://www.bindshell.net/tools/beef/
Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/
What is my IP address? - http://reglos.de/myaddress/
xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm
SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/
Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval
Technika - http://www.gnucitizen.org/projects/technika/
Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet
MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/
Web application services that aid in web application security assessment
Netcraft - http://www.netcraft.net
AboutURL - http://www.abouturl.com/
The Scrutinizer - http://www.scrutinizethis.com/
net.toolkit - http://clez.net/
ServerSniff - http://www.serversniff.net/
Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/
Webmaster-Toolkit - http://www.webmaster-toolkit.com/
myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
PHP charset encoding - http://h4k.in/encoding
data: URL testcases - http://h4k.in/dataurl
Browser-based security fuzzing / checking
Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/
Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/
TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html
PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
COMRaider - http://labs.idefense.com
bcheck - http://bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects
LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp
BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/
Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php
Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7
Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html
Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm
Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/
Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/
Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324
About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/
Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1
WebPageFingerprint - Light-weight Greasemonkey Fuzzer - http://userscripts.org/scripts/show/30285
PHP static analysis and file inclusion scanning
PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/
Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php
FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25
PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit
PHP Defensive Tools
PHPInfoSec - Check phpinfo configuration for security - http://phpsec.org/projects/phpsecinfo/
A Greasemonkey Replacement can be found at http://yehg.net/lab/#tools.greasemonkey
Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip
PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic
http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip
http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip
php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. http://code.google.com/p/ddos-shield/
PHPMySpamFIGHTER - http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar
Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources
APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS
PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/
dotnetids - http://code.google.com/p/dotnetids/
Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html
Remo: whitelist rule editor for mod_security - http://remo.netnea.com/
GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules
The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/
mod_security rules generator - http://noeljackson.com/tools/modsecurity/
Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3
[TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz
AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99
Akismet: blog spam defense - http://akismet.com/
Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/
Web services enumeration / scanning / fuzzing
WebServiceStudio2.0 - http://www.codeplex.com/WebserviceStudio
Net-square: wsChess - http://net-square.com/wschess/index.shtml
WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm
iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html
Web application non-specific static source-code analysis
Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/
Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1
Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/
A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html
A smaller, but also good list - http://spinroot.com/static/
Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. http://www.yasca.org/
Static analysis for C/C++ (CGI, ISAPI, etc) in web applications
RATS - http://www.securesoftware.com/resources/download_rats.html
ITS4 - http://www.cigital.com/its4/
FlawFinder - http://www.dwheeler.com/flawfinder/
Splint - http://www.splint.org/
Uno - http://spinroot.com/uno/
BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net
Valgrind - http://www.valgrind.org/
Java static analysis, security frameworks, and web application security tools
LAPSE - http://suif.stanford.edu/~livshits/work/lapse/
HDIV Struts - http://hdiv.org/
Orizon - http://sourceforge.net/projects/orizon/
FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/
PMD - http://pmd.sourceforge.net/
CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/
EMMA - http://emma.sourceforge.net/
JLint - http://jlint.sourceforge.net/
Java PathFinder - http://javapathfinder.sourceforge.net/
Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/
Checkstyle - http://checkstyle.sourceforge.net/
Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver
tinapoc - http://sourceforge.net/projects/tinapoc
jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
Solex - http://solex.sourceforge.net/
Java Explorer - http://metal.hurlant.com/jexplore/
HTTPClient - http://www.innovation.ch/java/HTTPClient/
another HttpClient - http://jakarta.apache.org/commons/httpclient/
a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html
Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET
* Visual Studio 2008 Code Analysis, available in:
o VSTS 2008 Development Edition (http://msdn.microsoft.com/vsts2008/products/bb933752.aspx) and
o VSTS 2008 Team Suite (http://msdn.microsoft.com/vsts2008/products/bb933735.aspx)
* Visual Studio 2005 Code Analyzer, available in:
o Visual Studio 2005 Team Edition for Software Developers (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)
o Visual Studio 2005 Team Suite (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)
* Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx
* FxCop:
o (blog) http://blogs.msdn.com/fxcop/
o (download) http://code.msdn.microsoft.com/codeanalysis
* Microsoft internal tools you can't have yet:
o http://www.microsoft.com/windows/cse/pa_projects.mspx
o http://research.microsoft.com/Pex/
o http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf
Threat modeling
Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php
Octotrike - http://www.octotrike.org/
Add-ons for Firefox that help with general web application security
Web Developer Toolbar - https://addons.mozilla.org/firefox/60/
Plain Old Webserver (POW) - https://addons.mozilla.org/firefox/3002/
XML Developer Toolbar - https://addons.mozilla.org/firefox/2897/
Public Fox - https://addons.mozilla.org/firefox/3911/
XForms Buddy - http://beaufour.dk/index.php?sec=misc&pagename=xforms
MR Tech Local Install - http://www.mrtech.com/extensions/local_install/
Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html
IE Tab - https://addons.mozilla.org/firefox/1419/
User-Agent Switcher - https://addons.mozilla.org/firefox/59/
ServerSwitcher - https://addons.mozilla.org/firefox/2409/
HeaderMonitor - https://addons.mozilla.org/firefox/575/
RefControl - https://addons.mozilla.org/firefox/953/
refspoof - https://addons.mozilla.org/firefox/667/
No-Referrer - https://addons.mozilla.org/firefox/1999/
LocationBar^2 - https://addons.mozilla.org/firefox/4014/
SpiderZilla - http://spiderzilla.mozdev.org/
Slogger - https://addons.mozilla.org/en-US/firefox/addon/143
Fire Encrypter - https://addons.mozilla.org/firefox/3208/
Add-ons for Firefox that help with Javascript and Ajax web application security
Selenium IDE - http://www.openqa.org/selenium-ide/
Firebug - http://www.joehewitt.com/software/firebug/
Venkman - http://www.mozilla.org/projects/venkman/
Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/
Greasemonkey - http://www.greasespot.net/
Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/
User script compiler - http://arantius.com/misc/greasemonkey/script-compiler
Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/
Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/
Bookmarklets that aid in web application security
RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html
BMlets - http://optools.awardspace.com/bmlet.html
Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/
Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - http://www.blummy.com/
Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html
Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/
OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/
SSL certificate checking / scanning
[ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip
[ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/
Honeyclients, Web Application, and Web Proxy honeypots
Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/
HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/
Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/
Google Hack Honeypot - http://ghh.sourceforge.net/
PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/
SpyBye - http://www.monkey.org/~provos/spybye/
Honeytokens - http://www.securityfocus.com/infocus/1713
Blackhat SEO and maybe some whitehat SEO
SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/
SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html
SEOQuake (Firefox Add-on) - http://www.seoquake.com/
Footprinting for web application security
Evolution - http://www.paterva.com/evolution-e.html
GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/
Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/
Edge-Security tools - http://www.edge-security.com/soft.php
Fierce Domain Scanner - http://ha.ckers.org/fierce/
Googlegath - http://www.nothink.org/perl/googlegath/
Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/
Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/
CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/
BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/
TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/
DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/
Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/
Database security assessment
Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/
Browser Defenses
DieHard - http://www.diehard-software.org/
LocalRodeo (Firefox Add-on) - http://databasement.net/labs/localrodeo/
NoMoXSS - http://www.seclab.tuwien.ac.at/projects/jstaint/
Request Rodeo - http://savannah.nongnu.org/projects/requestrodeo
FlashBlock (Firefox Add-on) - http://flashblock.mozdev.org/
CookieSafe (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2497
NoScript (Firefox Add-on) - http://www.noscript.net/
FormFox (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1579/
Adblock (Firefox Add-on) - http://adblock.mozdev.org/
httpOnly in Firefox (Firefox Add-on) - http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html
SafeCache (Firefox Add-on) - http://www.safecache.com/
SafeHistory (Firefox Add-on) - http://www.safehistory.com/
PrefBar (Firefox Add-on) - http://prefbar.mozdev.org/
All-in-One Sidebar (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1027/
QArchive.org web file checker (Firefox Add-on) - https://addons.mozilla.org/firefox/4115/
Update Notified (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2098/
FireKeeper - http://firekeeper.mozdev.org/
Greasemonkey: XSS Malware Script Detector - http://yehg.net/lab/#tools.greasemonkey
Browser Privacy
TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/
Privacy Bird - http://www.privacybird.com/
Application and protocol fuzzing (random instead of targeted)
Sulley - http://fuzzing.org/
taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/
zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/
autodaf¨¦: an act of software torture - http://autodafe.sourceforge.net/
EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html
Subject: Infosec Learning
Free Information Security Learning
http://hackademy.hackaserver.com/login/index.php
Learning Sheet
http://pentest.cryptocity.net/careers/
Compiled List of vuln os
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
http://bailey.st/blog/2010/11/30/linux-penetration-testing-distributions-list/
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
vuln os
http://forums.heorot.net/viewtopic.php?f=15&t=189
http://exploit.co.il/projects/vuln-web-app/
http://sourceforge.net/projects/virtualhacking/?source=recommended
http://sourceforge.net/projects/null-gameover/?source=recommended
http://sourceforge.net/projects/holynix/?source=directory
http://sourceforge.net/projects/lampsecurity/?source=directory
http://sourceforge.net/projects/matriux/
http://sourceforge.net/projects/torbox/?source=directory
http://sourceforge.net/projects/remnux/?source=directory
http://sourceforge.net/projects/vicnum/?source=recommended
http://sourceforge.net/projects/livehacking/
http://sourceforge.net/projects/samurai/
http://sourceforge.net/projects/nodezero/
http://sourceforge.net/projects/blackbuntu/
http://sourceforge.net/projects/virtualhacking/files/os/de-ice/
http://sourceforge.net/projects/lampsecurity/files/
Onlne Labs
https://www.hacking-lab.com/Remote_Sec_Lab/livecd.html
http://www.hellboundhackers.org/
http://www.hackerslab.org/eorg/index.html
https://www.pentesterlab.com/exercises
Online CTF's
-
use ulrtavnc's repeater i setup two ports and use single click server exe example rmccurdy.com/scripts/quickvnc.exe open with 7-zip.org its a SFX it has hidden persistent connectoins etc ..
* setup repater on port 21 and 80
* run vnc single click to route to 80
* then run android VNC client to port 21 and put in the repeater IP::PORT and the ID:##### ( in my case the ID is randomly generated )
* exampe repeater config : http://rmccurdy.com/scripts/uvncrepeater.ini
useing a repeater or "gateway based" VNC connectoin you dont need to do any port forwardiong on the client or server side it all gos over your server on two ports you set..
contact me if you need any help setting it up
-
Mimikatz works but I have been also useing wce.exe and wce32.exe with the -w switch
http://www.ampliasecurity.com/research/wcefaq.html#curversion
09/26/2012 - split up fu and fu ripp ... fu.txt and fu_ripp.txt. also updated masspwdumper.exe to include wce.exe (windows credential editor)
08/27/2012 - fu.txt oclHashcat-plus fu .. I know right... my fu.txt is getting out of hand.
08/19/2012 - quickkill.exe Kills all unknown processes to quickly free up memory! tested XP/Win7
BEFORE 80 .. after 48
07/3/2012 - BREAKOUT This app will atempt to BREAK OUT of protected networks by using input IP,PORT as HTTP and SOCKS proxies
06/10/2012 - 650KB/s over open proxies with downloadthemall/rmccurdy.com/scripts/proxy/proxychains.conf
I will update the proxycheck script to include thist bit later.
05/22/2012 - some command line fu
# set power profile via command line
Powercfg.exe /SETACTIVE "Always On"
Powercfg.exe /SETACTIVE "Max Battery"
#Remove the .NET Credentials (Stored User names and Passwords)
Control keymgr.dll
04/24/2012 - Client_Enumeration_Java_Adobe_Reader_flash.zip Client side HTML/Java code to enumerate Java, Adobe Reader and Flash Versions
04/24/2012 - Openvas in Ubuntu
echo 'GSA_HTTP_ONLY=1' >> /etc/default/greenbone-security-assistant
/etc/init.d/greenbone-security-assistant
[ "$GSA_HTTP_ONLY" ] && [ "$GSA_HTTP_ONLY" = 1 ] && DAEMONOPTS="$DAEMONOPTS --http-only"
remove src from sources list along with matching the /etc/lsb-release ver too
add-apt-repository "deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.XX/ ./"
grep -ia open /etc/apt/sources.list deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/ ./ #deb-src http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/ ./
if you still have issues just run 'killall gsad;sleep 5;gsad --http-only --listen=127.0.0.1 -p 9392
watch -d 'ps axuwww|grep nasl|grep -v grep'
view source omp -h 127.0.0.1 -p 9390 -u admin -w password -X "$RANDOM`cat in|sed 's/$/,/g'|tr -d '\n'`"
04/18/2012 - update_nmap_oracle_sids_userpass.exe
# sid enum using nmap and metasploits sid.txt 1307 sids in ~8 seconds
nmap -n --script=oracle-sid-brute -p 1521-1560 192.168.1.141
# try 1255 user/pass
# requires valid SID ( default is XE )
# Performed 1245 guesses in 3 seconds, average tps: 415
nmap --script oracle-brute -p 1521-1560 --script-args oracle-brute.sid=XE -n 192.168.1.141
# oracle shell using OAT Oracle Audit Tool
ose.bat -s 192.168.1.141 -u SYS -p CHANGE_ON_INSTALL -d XE -t Windows
04/17/2012 - Metasploit with Oracle !
-------------------------------------------------------------------------------------
following :http://www.metasploit.com/redmine/projects/framework/wiki/OracleUsage
2:10 PM 4/17/2012
-------------------------------------------------------------------------------------
# Remove ruby using apt or synaptic etc ..
apt-get remove ruby
# update and install 1.9.1 dev
apt-get update
apt-get install ruby1.9.1-dev -y
mkdir /opt
mkdir /opt/oracle
# copy zips to /opt/oracle
cp *.zip /opt/oracle
cd /opt/oracle
unzip basic-10.2.0.5.0-linux.zip
unzip sdk-10.2.0.5.0-linux.zip
unzip sqlplus-10.2.0.5.0-linux.zip
cd instantclient_10_2/
ln -s libclntsh.so.10.1 libclntsh.so
# add this to ~/.bashrc and also type it in current shell
export PATH=$PATH:/opt/oracle/instantclient_10_2
export SQLPATH=/opt/oracle/instantclient_10_2
export TNS_ADMIN=/opt/oracle/instantclient_10_2
export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2
export ORACLE_HOME=/opt/oracle/instantclient_10_2
# wget http://rubyforge.org/frs/download.php/65896/ruby-oci8-2.0.3.tar.gz
tar xvzf ruby-oci8-2.0.3.tar.gz
cd ruby-oci8-2.0.3/
LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2/
export LD_LIBRARY_PATH
make
make install
# download msf .run bin installer
# I had to edit the /pentest/exploits/framework/.svn/entries and add www. to the file so you could run svn update
cd /pentest/exploits/framework/
svn update
# run MSFconsole from /pentest/exploits/framework/ not the init scipt this will allow for use of YOUR env and not the static one for MSF binary
cd /pentest/exploits/framework/
./msfconsole
#from msfconsole install ruby-oci8 gem
gem install ruby-oci8
If you still get the missing OCI error it is all ruby the oracle client loads after
# oracle_login needs nmap > 5.50 !
wget http://nmap.org/dist/nmap-5.51.tgz
tar -xvf nmap-5.51.tgzm
cd nmap-5.51
./configure
make
make install
ln -s /usr/local/bin/nmap /usr/bin/nmap
--------------- msf stuff ---------
# as always you can spool log.log to save logfile or use screen -L
# brutes ~576 sids will eat targets file
use auxiliary/scanner/oracle/sid_brute
set RHOSTS file://home/rmccurdy/oracle
run
back
# This module attempts to authenticate 568 line USERPASS_FILE list
# requires SID
use auxiliary/scanner/oracle/oracle_login
set RPORTS 1521
set RHOSTS file://home/rmccurdy/oracle
set SID XE
run
back
# needs oci !!!
# This module uses a ~598 line list of well known default authentication credentials to discover easily guessed accounts.
use auxiliary/admin/oracle/oracle_login
set RHOSTS file://home/rmccurdy/oracle
set RPORTS 1521
run
back
# needs oci !!!
# needs full login/password/sid audits database and or user
# https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/oraenum.rb
use auxiliary/admin/oracle/oraenum
set RHOST 127.0.0.1
set DBPASS TIGER
set DBUSER SCOTT
set SID ORCL
run
back
04/17/2012 - Configuring the Scrollback Buffer
By default, the scrollback buffer only keeps the last 100 lines of text, which is not enough for my typical interaction with Screen. I’ve found a setting of 5000 lines to be more than adequate for my usage. The number of scrollback lines can be configured in your $HOME/.screenrc file, by adding the following line:
defscrollback 5000
04/16/2012 - Block Facebook with Adblock Plus! :
Make new custom filter and add these three filters:
||facebook.com$domain=~www.facebook.com
||facebook.net$domain=~www.facebook.com
||fbcdn.net$domain=~www.facebook.com
-
06/10/2012 - 650KB/s over open proxies with downloadthemall/rmccurdy.com/scripts/proxy/proxychains.conf
I will update the proxycheck script to include thist bit later.
-
11:10 AM 7/19/2012
*New Disney Pirates game I played for two days before this 'testing'
*Using DROIDPROXY ( type HTTP ) / burpesuite CA per host
*Set phone in airplane mode ( just in case it forces 3G etc )
*In Firefox downloaded generated CA and imported into phone via ‘adb push www.google.com.crt /excad/’ ( not sure if it even matters in this case.. as the post seem to be going over HTTP !?! )
*Rooted android phone
Replaing a HTTP POST from unlocking chest I get “ users request is old”:
Changing HTTP POST PostStamp numbers I get “NON VALID SIGNATURE”
Replace response from the HTTP POST from the server to 999:
WINNING !
I will most likely get banned shortly .. ( I was ban about 20min after ;/) … most online games ban for this type of “PUSHING” when a high level pushes or gives items/currency to low level user…
-
Does anyone has a pack of portable apps? Some of the apps you think are essential on your USB...
google uber 1337 portable 2012
-
650KB/s over open proxies with downloadthemall / rmccurdy.com/scripts/proxy/proxychains.conf
I will update the proxycheck script to include this bit later.
like always rmccurdy.com/scripts/proxy/good.txt should include these.
-
Soo I randomly clicked this bookmark I have not posted here in ages ..
last time I posted 'updates' was ... well even more random !!
ohh and my .htaccess is even more 1337 now .. I basically 301 redirect 404's back to the remote host IE .. you end up hacking yourself :)
http://rmccurdy.com/scripts/htaccess
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^/?.*$ http://%{REMOTE_ADDR}/$1 [R=301,L]here some more updates. Back to 2009 last time I posted!
---
orig rmccurdy.com news ..
ohh and mimikatz "Tool To Recover Cleartext Passwords From Lsass" yes no more cracking hashes !
04/24/2012 - Client_Enumeration_Java_Adobe_Reader_flash.zip Client side HTML/Java code to enumerate Java, Adobe Reader and Flash Versions 04/24/2012 - Openvas in Ubuntu echo 'GSA_HTTP_ONLY=1' >> /etc/default/greenbone-security-assistant /etc/init.d/greenbone-security-assistant [ "$GSA_HTTP_ONLY" ] && [ "$GSA_HTTP_ONLY" = 1 ] && DAEMONOPTS="$DAEMONOPTS --http-only" remove src from sources list along with matching the /etc/lsb-release ver too add-apt-repository "deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.XX/ ./" grep -ia open /etc/apt/sources.list deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/ ./ #deb-src http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_11.04/ ./ if you still have issues just run 'killall gsad;sleep 5;gsad --http-only --listen=127.0.0.1 -p 9392 04/18/2012 - update_nmap_oracle_sids_userpass.exe # sid enum using nmap and metasploits sid.txt 1307 sids in ~8 seconds nmap -n --script=oracle-sid-brute -p 1521-1560 192.168.1.141 # try 1255 user/pass # requires valid SID ( defualt is XE ) # Performed 1245 guesses in 3 seconds, average tps: 415 nmap --script oracle-brute -p 1521-1560 --script-args oracle-brute.sid=XE -n 192.168.1.141 # oracle shell using OAT Oracle Audit Tool ose.bat -s 192.168.1.141 -u SYS -p CHANGE_ON_INSTALL -d XE -t Windows 04/17/2012 - Metasploit with Oracle ! ------------------------------------------------------------------------------------- following :http://www.metasploit.com/redmine/projects/framework/wiki/OracleUsage 2:10 PM 4/17/2012 ------------------------------------------------------------------------------------- # Remove ruby using apt or synaptic etc .. apt-get remove ruby # update and install 1.9.1 dev apt-get update apt-get install ruby1.9.1-dev -y mkdir /opt mkdir /opt/oracle # copy zips to /opt/oracle cp *.zip /opt/oracle cd /opt/oracle unzip basic-10.2.0.5.0-linux.zip unzip sdk-10.2.0.5.0-linux.zip unzip sqlplus-10.2.0.5.0-linux.zip cd instantclient_10_2/ ln -s libclntsh.so.10.1 libclntsh.so # add this to ~/.bashrc and also type it in current shell export PATH=$PATH:/opt/oracle/instantclient_10_2 export SQLPATH=/opt/oracle/instantclient_10_2 export TNS_ADMIN=/opt/oracle/instantclient_10_2 export LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2 export ORACLE_HOME=/opt/oracle/instantclient_10_2 # wget http://rubyforge.org/frs/download.php/65896/ruby-oci8-2.0.3.tar.gz tar xvzf ruby-oci8-2.0.3.tar.gz cd ruby-oci8-2.0.3/ LD_LIBRARY_PATH=/opt/oracle/instantclient_10_2/ export LD_LIBRARY_PATH make make install # download msf .run bin installer # I had to edit the /pentest/exploits/framework/.svn/entries and add www. to the file so you could run svn update cd /pentest/exploits/framework/ svn update # run MSFconsole from /pentest/exploits/framework/ not the init scipt this will allow for use of YOUR env and not the static one for MSF binary cd /pentest/exploits/framework/ ./msfconsole #from msfconsole install ruby-oci8 gem gem install ruby-oci8 If you still get the missing OCI error it is all ruby the oracle client loads after # oracle_login needs nmap > 5.50 ! wget http://nmap.org/dist/nmap-5.51.tgz tar -xvf nmap-5.51.tgzm cd nmap-5.51 ./configure make make install ln -s /usr/local/bin/nmap /usr/bin/nmap --------------- msf stuff --------- # as always you can spool log.log to save logfile or use screen -L # brutes ~576 sids will eat targets file use auxiliary/scanner/oracle/sid_brute set RHOSTS file://home/rmccurdy/oracle run back # This module attempts to authenticate 568 line USERPASS_FILE list # requires SID use auxiliary/scanner/oracle/oracle_login set RPORTS 1521 set RHOSTS file://home/rmccurdy/oracle set SID XE run back # needs oci !!! # This module uses a ~598 line list of well known default authentication credentials to discover easily guessed accounts. use auxiliary/admin/oracle/oracle_login set RHOSTS file://home/rmccurdy/oracle set RPORTS 1521 run back # needs oci !!! # needs full login/password/sid audits database and or user # https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/oraenum.rb use auxiliary/admin/oracle/oraenum set RHOST 127.0.0.1 set DBPASS TIGER set DBUSER SCOTT set SID ORCL run back 04/17/2012 - Configuring the Scrollback Buffer By default, the scrollback buffer only keeps the last 100 lines of text, which is not enough for my typical interaction with Screen. I’ve found a setting of 5000 lines to be more than adequate for my usage. The number of scrollback lines can be configured in your $HOME/.screenrc file, by adding the following line: defscrollback 5000 04/16/2012 - Block Facebook with Adblock Plus! : Make new custom filter and add these three filters: ||facebook.com$domain=~www.facebook.com ||facebook.net$domain=~www.facebook.com ||fbcdn.net$domain=~www.facebook.com 04/13/2012 - cygwin_portable.zip * NESSUS_PARSE.BAT ( parse Nessus .nessus XML files to CSV ) * NMAP.BAT ( scans top 20 ports from targets file and then does full scan/automatic parse to CSV ) * NMAP_PARSE.BAT ( parse NMAP xml scans from -oA output ) * FIND_ROUTERS.bat ( automated search for routers to find other networks on 192. , 172. and 10. when you have no scope or want to find other networks/hosts in a LAN 'in development' ) * WEBDUMP in /bin (This script will quickly download a large number of websites first page then remove duplicates to find potential targets for attack http://rmccurdy.com/scripts/web_dump.sh ) * Bash_Shell.bat (PERL RUBY and PYTHON support in a Cygwin Bash Shell ) Here is the download link ( tested in XP and WIN7 ) https://dl.dropbox.com/s/hwp8uqfdm7lxavb/cygwin_portable.zip?dl=1 04/12/2012 - masspwdumper.exe This is a pack/script to run a suite of password/cached credentials utility. You get anything from saved internet cookies to plain text passwords to network/local resources ! * DISABLE UAC FIREWALL AND AV for best results * YOU NEED TO HAVE GUI FOR MPR Multi Password Recover.exe,Password Recovery Bundle.exe and sometimes some of the carrot.exe options /ieco /ff INCLUDES: * mimikatz ( DUMP CLEAR TEXT PASSWORDS ! ) * MPR Multi Password Recover.exe ( GUI tool ) * Password Recovery Bundle.exe ( GUI tool ) * fgdump.exe ( Dump password hash ) * carrot.exe ( Suite of tools most of them are nirsoft.net ) https://dl.dropbox.com/sh/llw7unn0hlptigj/aC5YSuyosX/masspwdumper.exe?dl=1 04/10/2012 - News [Tool update] - Gason: sqlmap plugin for burpsuite proxy http://code.google.com/p/gason/ CIntruder: Cracking captcha from url http://www.youtube.com/watch?v=0UoVV3Oxq8g Free malware scanning and blacklist monitoring for websites http://siteinspector.comodo.com/ 01/17/2012 - UPDATED: proxycheck.sh 01/17/2012 - UPDATED: feeds.rmccurdy.com # sonofsamy.wordpress.com # exploit-db.com # securinfos.info # vupen.com # professionalsecuritytesters.org # info # securitytracker.com # news.securitytracker.com # taosecurity.blogspot.com # gossamer-threads.com # net-security.org # kb.cert.org # cert.org # milw0rm.com # seclists.org # us-cert.gov # f-secure.com # securityvulns.com # osvdb.org # securityfocus.com # wordpress.com # blogspot.com # twitter.com 12/30/2011 - I.m bringing sexy back !! well .. 1989 ... After Dark screensaver Flying Toasters After Dark screensaver Flying Toasters.exe No midi thank god !!! bit wonkey you can look at the install.bat and .reg files. for some reason it needs full R/W to its HKLM install path in the registry. Tested on XP and WIN7 ! 12/15/2011 - Disable Metasploit / Enable Metasploit in windows. # disable stop script net stop "Metasploit Pro Service" net stop "Metasploit Thin Service" net stop metasploitPostgreSQL sc config metasploitProSvc start= disabled sc config metasploitThin start= disabled sc config metasploitPostgreSQL start= disabled # enable start script sc config metasploitProSvc start= auto sc config metasploitThin start= auto sc config metasploitPostgreSQL start= auto net start "Metasploit Pro Service" net start "Metasploit Thin Service" net start metasploitPostgreSQL 11/01/2011 - UDDATED Proxycheck.sh good.txt is updated weekly over 5K proxies tested ~500 HTTP 06/23/2011 - Here are some MSF/SET and NMAP notes for brute force (for MSF for M$ ),VNC bypass and Airbase : ## MSF auxiliary/scanner/smb/pipe_auditor normal SMB Session Pipe Auditor auxiliary/scanner/smb/pipe_dcerpc_auditor normal SMB Session Pipe DCERPC Auditor auxiliary/scanner/smb/smb2 normal SMB 2.0 Protocol Detection auxiliary/scanner/smb/smb_enumshares normal SMB Share Enumeration auxiliary/scanner/smb/smb_enumusers normal SMB User Enumeration (SAM EnumUsers) auxiliary/scanner/smb/smb_enumusers_domain normal SMB Domain User Enumeration auxiliary/scanner/smb/smb_login normal SMB Login Check Scanner auxiliary/scanner/smb/smb_lookupsid normal SMB Local User Enumeration (LookupSid) # vnc bypass oneliner nmap -sV -sC -iL c:\temp\vnc.txt -p 5900 # ssh logins use auxiliary/scanner/ssh/ssh_login set RHOSTS 127.0.0.1 set USER_FILE "C:/wordlist/password_small.txt" set RHOSTS_FILE "C:/wordlist/targests.txt" run back use auxiliary/gather/dns_enum set DOMAIN domain.com run #smb set RHOSTS 10.21.1.37 use auxiliary/scanner/smb/smb_login set RHOSTS 127.0.0.1 set USER_FILE "C:/wordlist/users.txt" set PASS_FILE "C:/wordlist/2.txt" set VERBOSE false set THREADS 16 run # http use auxiliary/scanner/http/http_login set AUTH_URI /folder?dcPath=ha-datacenter set RHOSTS 127.0.0.1 127.0.0.1 127.0.0.1 set VERBOSE true run back # telnet use auxiliary/scanner/telnet/telnet_login set RHOSTS 127.0.0.1,49,50 set PASS_FILE "C:/wordlist/password_small.txt" set THREADS 254 run back # mssql use auxiliary/scanner/mssql/mssql_login set RHOSTS 127.0.0.1 set PASS_FILE "C:/wordlist/password_small.txt" set USERNAME sa set VERBOSE false run back #ftp use auxiliary/scanner/ftp/ftp_login set RHOSTS 127.0.0.1 set PASS_FILE "C:/wordlist/password_small.txt" run #snmp use auxiliary/scanner/snmp/snmp_login set RHOSTS 127.0.0.1 set PASS_FILE "C:/wordlist/snmp_default_pass.txt" set VERBOSE false run ## SET https://docs.google.com/document/d/11QDLxgCxc2mBEOe8gEPTooQ1zD_KvzuuThRCMLKeE80/edit?hl=en_US 08/10/2011 - Updated iKAT . Interactive Kiosk Attack Tool http://console.rmccurdy.com 06/23/2011 - Information Leakage FOCA . Document meta-data retrieval and analysis, domain enumeration Maltego . Transform/processing engine for correlation and linking objects Creepy . Geo-location information gatherer http://ilektrojohn.github.com/creepy Shodan . Web server search engine Metagoofil . Document meta-data command-line tool Wikto . web server vulnerability and folder enumeration Bespoke scripts . contact me offline for some quick and dirty bash scripts which automate some tasks u = Number of usernames enumerated nf = Number of network folders enumerated e = Number of email addresses vs = Number of vulnerable internal software versions wv = Number of known vulnerabilities in version of web server ev = Number of vulnerabilities in version of mail server gg = Number of Google Groups postings r = Number of robots.txt entries Exposure = u+nf+e+vs+wv+ev+gg+r / 9 RSA = (3+3+2+2+1+1+4+1)/8 = 17/9 = 2 Problem with such calculations is lack of account for context Un disclosed source 06/23/2011 - Nice technique for opening cmd: 1) Open MSPaint and change image attributes to: Width=6 and Height=1 pixels. 2) Set pixels values to (from left to right): 1st: R: 10, G: 0, B: 0 2nd: R: 13, G: 10, B: 13 3rd: R: 100, G: 109, B: 99 4th: R: 120, G: 101, B: 46 5th: R: 0, G: 0, B: 101 6th: R: 0, G: 0, B: 0 3) Save it as 24-bit Bitmap (*.bmp;*.dib) 4) Change it's extension from bmp to bat and run. Source: http://www.digitalwhisper.co.il/0x26/ 06/02/2011 - theHarvester.py email Harvester https://github.com/laramies/theHarvester ./theharvester.py -d microsoft.com -l 50 -b google ./theharvester.py -d microsoft.com -l 50 -b bing ./theharvester.py -d microsoft.com -l 50 -b pgp ./theharvester.py -d microsoft.com -l 50 -b linkedin ./theharvester.py -d microsoft.com -l 50 -b google-profiles ./theharvester.py -d microsoft.com -l 50 -b exalead 05/18/2011 - Malware Analysis Also been messing with Malware Analysis tools. Let me know if you want any more info on these. Still a total noob doing crackmes. · Portable IDA Pro with IDAPython/stealth plug-in · Portable Reflector a Class browser and analysis tool for .NET >=4 Decompile · malware_analyser 3.0 · yara exe with sigs ( needs more work.. ) · DeFixed_Edition_v2 ( olly / ton plug-in etc ) http://www.openrce.org/downloads/ http://tuts4you.com http://crackmes.de http://www.youtube.com/watch?v=zvWc-XsBKrA http://www.youtube.com/watch?v=jIaImASmto4 http://blip.tv/carolinacon/yara-and-python-the-malware-detection-dynamic-duo-mjg-michael-goffin-5123342 http://www.pentestit.com/2011/03/08/cuckoo-malware-analysis-sandbox/ http://www.pentestit.com/2011/04/20/update-malware-analyzer-v30/ http://www.pentestit.com/2011/03/23/update-yara-v15/ http://www.malwareanalyser.com/home/ As a free service: * Norman SandBox (http://www.norman.com/security_center/security_tools/) * Anubis (http://anubis.iseclab.org) * CWSandbox (http://www.mwanalysis.org/) * ThreatExpert (http://www.threatexpert.com) * Comodo Camas (http://camas.comodo.com) * MalBox (http://malbox.xjtu.edu.cn) Commercial products: * Norman SandBox (http://www.norman.com/products/sandbox_malware_analyzers/en) * GFI Sandbox (http://www.sunbeltsoftware.com/Malware-Research-Analysis-Tools/Sunbelt-CWSandbox/) * Joe Sandbox (http://www.joesecurity.com) * ThreatExpert ? Freeware: * Buster's Sandbox Analyzer (http://bsa.isoftware.nl) Open Source: * Cuckoo Sandbox (http://www.cuckoobox.org) * Truman Sandbox (http://www.secureworks.com/research/tools/truman/) * ZeroWine (http://sourceforge.net/projects/zerowine/) * ZeroWine Tryouts (http://zerowine-tryout.sourceforge.net/) 04/26/2011 - Updated Yahoo movies feed movies.html 04/12/2011 - Yay mod_bw BandwidthModule On ForceBandWidthModule On LargeFileLimit * 1000 10000 MaxConnection all 3 03/28/2011 - Sick of setting file associations ? this is what I use on my portable apps ! acc.bat.txt 03/06/2011 - Portable virtual windows !?!? http://fcportables.blogspot.com/2011/01/portable-microxp-2011.html using QEMU to load ISO files http://milky.manishsinha.net/2008/07/10/using-qemu-on-windows/ 03/1/2011 - Updating flash in firefox the right way.... http://www.varesano.net/blog/fabio/installing%20flash%20player%20plugin%20firefox%20without%20having%20administrator%20access%20or%20premissions also neat is http://ninite.com 02/28/2011 - Normal cygwin/ruby/perl 400megs 22K files .. Cameyo packaged 121 megs Portable Cygwin http://db.tt/qp2nKi5 Run the EXE and wait a long time if you still have errors wait close and reopen contains ruby/perl/make/c++/automake/screen 02/28/2011 - Go away bots .. I have no PHP here .. RewriteCond %{QUERY_STRING} ^.*\&.*$ [NC] 02/26/2011 - Fixed my Hacker Safe logo 02/26/2011 - Proxbrute Proxmark3 Brute force RFID http://www.proxmark.org/forum/topic/713/proxbrute/ 02/23/2011 - Updated yahoo pipe for comics http://comics.rmccurdy.com 01/21/2011 - Updated http://feeds.rmccurdy.com twitter.com blogspot.com wordpress.com securityfocus.com osvdb.org securityvulns.com f-secure.com us-cert.gov seclists.org milw0rm.com cert.org kb.cert.org net-security.org gossamer-threads.com taosecurity.blogspot.com news.securitytracker.com securitytracker.com professionalsecuritytesters.org vupen.com securinfos.info exploit-db.com rmccurdy.com sonofsamy.wordpress.com 01/21/2011 - john 1337 speak worlist gen: The default john.conf includes some rules like that, enabled for "single crack" mode only by default. You may copy the lines between these two comments: # The following 3l33t rules are based on original Crack's dicts.rules l/asa4[:c] l/ese3[:c] l/lsl1[:c] l/oso0[:c] l/sss$[:c] ... l/asa4/ese3/lsl1/oso0/sss$[:c] # Now to the prefix stuff... into the [List.Rules:Wordlist] section to have them enabled for wordlist mode as well. usage: john -w=wordlist --stdout --rules 11/13/2010 - FLoP's fpg false positive generator for IDS: Static BIN for BT4 : FPG.zip Fpg: http://www.geschke-online.de/doc/c2398.html Fpg src : http://www.geschke-online.de/FLoP/src/FLoP-1.6.1.tar.gz 11/10/2010 - Full Update Guide - Fender/1.2 32A (myTouch 3G 1.2 / Fender LE (3.5mm jack) version) I can't bring myself to mod it yet but I did get root with Universal Androot 1.6.2 beta 5 apk temp root for the current T-mobile build 10/05/2010 - RS links are all dead and gave up on yahoo pipes regex is hit or miss for 3 weeks ... movies.html 10/02/2010 - lighttpd FTW : # limit max connections per ip and limit bandwidth server.kbytes-per-second = 10 evasive.max-conns-per-ip = 2 connection.kbytes-per-second = 10 09/13/2010 - Sipdroid / sip.sipdiscount.com \+*1*(.*),1\1 08/01/2010 - Creative Loafing: week http://rmccurdy.com/scripts/clatl.com.html weekend http://rmccurdy.com/scripts/clatl.com_ss.html Atlanta Events Calendar - Search Upcoming Events in Atlanta: http://feed43.com/atlantanetrmccurdydotcom.xml Atlanta Motor Speedway | Events http://feed43.com/atlantamotor_rmccurdydotcom.xml Atlanta, GA Events and Attractions by Citysearch http://feed43.com/citysearch_rmccurdydotcom.xml funny farm comedy club http://feed43.com/funnyfarmcomedyclubatlanta.xml The Punchline - Atlanta's premier comedy club! http://feed43.com/thepunchlineatlanta.xml 07/14/2010 - Tutorial WIM image files wimfltr.sys Windows Image File Filter Driver command line install I have an H drive ( using junction to link C:\users\internet\Documents\my dropbox to h:\ ) I wanted to easily update files that triggerd AV so I zipped them up. I update the zip often and was testing for other options and this is what I tried. * h:\junction.exe -s "C:\users\internet\Documents\my dropbox" h: this is howto change location of dropbox sync :) * google for the drivers ImageX_x86 * install the driver rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 .\ImageX_x86\wimfltr.inf * create an image of a DRIVE ( cannot be mapped drive OR junction 'ln for windows' ) .\ImageX_x86\imagex.exe /capture d:\ c:\twf.wim "WIM Compress" /compress maximum * umount image .\ImageX_x86\imagex.exe /unmount /commit c:\cygwin * mount image .\ImageX_x86\imagex.exe /mountrw .\cygwin.wim 1 c:\mount * even with 'maximum' compresstion images are larger then the source files in most cases... ??? * 80meg zip of Cygwin ~300 unzipped becomes 600 WIM file ??? * requires admin rights to install drivers but still beats zipping and unzipping items that trigger AV reference: http://technet.microsoft.com/en-us/library/cc749447%28WS.10%29.aspx 06/12/2010 - low on disk space android G1 find / -name traces.txt -exec rm -Rf {} \; something kept crashing while I was AFK and caused this traces.txt file to get huGe 06/05/2010 - *lix/windows full disk encryption 'part crypt' on the cheap ! 06/03/2010 - http://comics.rmccurdy.com huge mashup of comics! http://pipes.yahoo.com/pipes/pipe.run?_id=ccd5e025249a09a9358ede1d3e238eab&_render=rss 05/30/2010 - yahoo new dvd A or B after 2009 > nzbindex.nl search 05/27/2010 - Android stream ripper http://www.greencode.me/imusic apk: http://tinyurl.com/imusic1 04/30/2010 - QuranReciter http://www.ShaPlus.com Friend was asking about the software so justa re-visit 04/29/2010 - Dropbox portable any path without "my dropbox" in M$ ... DropboxDataWrapper DropboxPath FAILSAUSE Requirements: * Administrator ( possibly for dropbox advanced options ) * NTFS on the host computer ! * BACKUP BEFORE YOU DO ANYTHING !!! Setup: * Download DROPBOX Recommended using the potable dropbox ICE because it has (UsbGuard (0.5.3) - Prevents Data Loss by killing DropBox.exe if you accidentally unplug your usb drive (included) DropBox Portable ICE 0.5.3 -SuPPoRT aLL DRoPBoX VeRSioNs | Updated : 11-04-2010 http://dl.dropbox.com/u/5313411/Portable%20DropBox%20ICE%200.5.3.3%20%2B%20DropBox%200.8.32.rar * Download Junction v1.05 from sysinternals “symbolic links, where a directory serves as a symbolic link to another directory on the computer.” * Start dropbox * Get the link to your dropbox folder path * Create the sym link to whatever path you like example rd /q/s "C:\Documents and Settings\internet\My Documents\My Dropbox" Junction.exe "C:\Documents and Settings\internet\My Documents\My Dropbox" h:\ To delete a sym link use this command: Junction.exe -d "C:\Documents and Settings\internet\My Documents\My Dropbox" NOTES: there is a time tradeoff the dropbox.cache folder get queried a LOT and other I/O is sent to the target I would say for 16K files ~2gigs it took ~20-30min where as if it was just a read from the flash disk it would be under 10min 04/26/2010 - ROUTER DIED server was down for about 5hrs today if anybody but bots noticed ... 04/23/2010 - Metasploit meterpreter cheat sheet reference.html All the meterpreter commands I could find / create 04/19/2010 - sprint login script curl .php.txtSprint login script using php / curl 04/16/2010 - UDDATED http://feeds.rmccurdy.com 04/15/2010 - UDDATED Proxycheck.sh good.txt is updated weekly 04/14/2010 - konika script users scan to email for 353 and 350.sh.txtbash/curl script to parse XLS contact list and add it to konika 353 and 350 printers :) 04/14/2010 - movamp.zip Portable AMP Portable apache / php / phpmyadmin / MySQL only 10megs ! change the httpd.conf paths and wala ! 03/30/2010 - FIXED Yahoo rotten tomatoes newzbin nzb DVD sabnzbd downloader 03/01/2010 - To set up Yahoo E-Mail in Android: log-in to your yahoo mail go to Options, then Account, followed by “Add or edit an account” select “Account Information” on the left on the " Preferred Content," change it to Yahoo Asia 1. Make sure Wi-Fi is turned off 2. Press the E-Mail icon (the default Android E-Mail application) 3. Enter your Yahoo E-Mail address and password 4. Press “Manual Setup” in the lower left hand corner 5. For “Incoming Server Settings” set the IMAP server to “imap.mail.yahoo.com” and the Port to 143 6. For “Outgoing Server Settings” set the SMTP Server to “smtp.mobile.mail.yahoo.com” and the Port to 587 7. Check “Require sign-in” and press Next 8. Select how often your phone will check for Email, and choose default options 9. Give the account a name and set your display name for outgoing messages 02/23/2010 - Yahoo rotten tomatoes newzbin nzb DVD sabnzbd downloader Rss feed of 'good' movies to aim at SABnzbd 02/18/2010 - quickbaksmali.zip * requires java ! in %PATH% ! * just place the java_ee_sdk-5 folder to make it portable ! * put the APKS files in the folder APKS * you (can) edit the job2.bat with your keytool/key info etc .. * run the baksmali.bat * make your changes etc * run the smali.bat you should see the updated \META-INF folder in the 'new' apk and the classes.dex should be new. 02/18/2010 - NMAP FOR ANDROID CROSS COMPILE ARM 02/18/2010 - chsh: entry inconsistent or change shell in FreeBSD `vipw;chsh -s /bin/PATHTOSHELL` vipw != vi /etc/passwd ... 02/04/2010 - Updated LFI.txt http://ha.ckers.org/weird/rfi-locations.dat 01/07/2010 - Full Update Guide - G1/Dream Firmware to CyanogenMod - CyanogenMod Wiki 01/07/2010 - MYTHTV ON UBUNTU 9.10 1TB RAID1 12/08/2009 - Portable Metasploit 3.4-dev svn r7752 Portable_Metasploit_3.4-dev_svn_r7752.exe 12/01/2009 - FreeBSD rtld Lets Local Users Gain Root Privileges http://rmccurdy.com/scripts/downloaded/localroot/freebsd/ binary for 7.2 11/30/2009 - HD on the Mythbox ! Thank you Kimball ! * Panasonic TC - P50X1 - 50" plasma panel - 720p * VGA compatible controller: nVidia Corporation NV40 [GeForce 6800 GT] (rev a1) * Intel(R) Pentium(R) 4 CPU 3.00GHz * WinTV-PVR-500 MC-Kit Tuner * MemTotal: 512572 kB 11/20/2009 - android busybox nmap G1 android port scanner ...sort of The busybox I have on my phone does not have pscan here is one to download: * keep it the same name and COPY to /data/local/bin cp /sdcard/busybox /data/local/bin/ chmod 775 /data/local/bin/busybox pscan.sh 192.168.0 http://rmccurdy.com/stuff/G1/busybox http://rmccurdy.com/stuff/G1/pscan.sh more android stuff : http://delicious.com/operat0r/android * this is by no means NMAP ! still waiting for a nmap for android 11/12/2009 - UPDATED/FIXED feeds.rmccurdy.com - 30 feeds ( to be added secunia.com if I can ) http://www.securityfocus.com/rss/vulnerabilities.xml http://seclists.org/rss/bugtraq.rss http://seclists.org/rss/fulldisclosure.rss http://seclists.org/rss/pen-test.rss http://seclists.org/rss/incidents.rss http://seclists.org/rss/dailydave.rss http://seclists.org/rss/webappsec.rss http://seclists.org/rss/vulnwatch.rss http://feeds.feedburner.com/HelpNetSecurity http://www.us-cert.gov/channels/alerts.rdf http://www.us-cert.gov/channels/techalerts.rdf http://www.kb.cert.org/vuls/atomfeed?OpenView&start=1&count=30 http://milw0rm.com/rss.php http://www.net-security.org/dl/bck/vuln.rss http://news.securitytracker.com/server/affiliate?61D319BD39309004 http://feeds.feedburner.com/darknethackers http://feeds.feedburner.com/schneier/fulltext http://www.professionalsecuritytesters.org/backend.php http://www.f-secure.com/weblog/weblog.rss http://www.gossamer-threads.com/lists/fulldisc/full-disclosure.xml http://feeds.feedburner.com/Vitalsecurity-org http://taosecurity.blogspot.com/feeds/posts/default http://securityvulns.com/informer/rss.asp http://www.vupen.com/exploits.xml http://osvdb.org/feed/vulnerabilities/latest.rss http://rmccurdy.com/scripts/vupen-security.rss http://rmccurdy.com/scripts/vupen-linux.rss http://feeds.feedburner.com/SansInstituteAtRiskAll?format=xml http://feedity.com/rss.aspx/ath-cx/UldUWlFU http://www.securinfos.info/english/security-advisories-alerts/security-advisories.xml 11/11/2009 - ettercap + echo www.google.com A 75.131.195.228 > etter.dns = easy rickroll 11/11/2009 - FIXED limit max number of connections in apache ${fwcmd} add 10 allow tcp from any to any 80 out via dc0 limit dst-addr 2 ( I had issues with huge number of FIN_WAIT_2 ) 11/11/2009 - Server boot drive (80gig) failed clean 7.2 freebsd install ! 11/11/2009 - UPDATED SNORTUPDATE.sh script fixed some of syntax errors etc .. 10/03/2009 - UPDATED the nikto_v20 and nikto_v10 files takes a webinspect > privoxy log and downloads latest nikto and combines with urls.txt a RFI list I update and converts them all to nikto 2 and nikto 1 db formats.. to be used with w3af,nikto and wikto etc .. 16339 lines 1.6 megs 09/26/2009 - G1 T-mobile Root 08/26/2009 - FIXED quickvnc.exe Fixed now only looks for established connection running winvnc.exe to fix strange issues not showing the remote host ... 08/26/2009 - FIXED OEM.EXE overwrites system and system32 ini and bmp files OEMLOGO.BMP and OEMINFO.INI 08/21/2009 - UPDATED http://tw.rmccurdy.com Script to ripp any army in MTW2 can be adapted to use in MTW/RTW etc .. 07/24/2009 - DONATE http://www.ihackcharities.org -
from what I understand it creates its own SAM DB so any changes you do dont get saved last time I checked ... if you have admin just run mimikatz ... also included in masspwdumper.exe
04/12/2012 - masspwdumper.exe This is a pack/script to run a suite of password/cached credentials utility. You get anything from saved internet cookies to plain text passwords to network/local resources ! * DISABLE UAC FIREWALL AND AV for best results * YOU NEED TO HAVE GUI FOR MPR Multi Password Recover.exe,Password Recovery Bundle.exe and sometimes some of the carrot.exe options /ieco /ff INCLUDES: * mimikatz ( DUMP CLEAR TEXT PASSWORDS ! ) * MPR Multi Password Recover.exe ( GUI tool ) * Password Recovery Bundle.exe ( GUI tool ) * fgdump.exe ( Dump password hash ) * carrot.exe ( Suite of tools most of them are nirsoft.net ) https://dl.dropbox.com/sh/llw7unn0hlptigj/aC5YSuyosX/masspwdumper.exe?dl=1
How to exploit %23 in an URL?
in Questions
Posted
likly a false positive ...
https://websec.ca/kb/sql_injection
I like to start with fuzzdb's https://raw.githubusercontent.com/ethicalhack3r/fuzzdb/master/attack-payloads/all-attacks/interesting-metacharacters.txt with ZAP and burp as a proxy for ZAP ;P