«
Expand/Collapse
73 items tagged "don"
Related tags:
hackaday [+],
robot [+],
home [+],
list [+],
robots [+],
holiday [+],
web [+],
stinkin badges [+],
stinkin [+],
shawn merdinger [+],
security event [+],
physical security [+],
nbsp [+],
misc [+],
input systems [+],
hacking [+],
google [+],
fabian mihailowitsch [+],
entertainment [+],
company [+],
chaos communication congress [+],
badges [+],
arduino [+],
application intelligence [+],
BackTrack [+],
hacks [+],
usa [+],
transistor gates [+],
tool [+],
threat [+],
tablet [+],
social engineering [+],
security [+],
read [+],
rants [+],
printers [+],
print [+],
presentation slides [+],
patrick mccabe [+],
owasp [+],
office [+],
news [+],
modeling [+],
microcontrollers [+],
may [+],
links [+],
ipad [+],
digital [+],
code [+],
cloud [+],
clock [+],
cameras [+],
anyone [+],
android [+],
andrew [+],
ambilight [+],
Wireless [+],
Howto [+],
3d printer [+],
zigbee [+],
year [+],
wxf [+],
wreath [+],
world scenarios [+],
work [+],
wireless doorbell [+],
wifi [+],
whitepaper [+],
whistles [+],
wheel button [+],
wheel [+],
website penetration [+],
webfilter [+],
web filter [+],
way [+],
watering [+],
wardriving [+],
want [+],
wanna [+],
vulnerability scanners [+],
vulnerability assessments [+],
vulnerability assessment [+],
vulnerability [+],
voltage source [+],
vnc server [+],
visco fuse [+],
visco [+],
video [+],
version [+],
utter failure [+],
utopia [+],
utah [+],
use [+],
usb joystick [+],
usb enclosure [+],
usb [+],
uav [+],
two colors [+],
tutorial [+],
tuna fish [+],
tuna [+],
travis goodspeed [+],
trashed [+],
transportation [+],
transistor [+],
transfer protocol ftp [+],
training [+],
traffic [+],
toy [+],
toolkit [+],
tom scott [+],
todd harrison [+],
todd [+],
time lapse camera [+],
time don [+],
time [+],
three strings [+],
test reports [+],
television [+],
target [+],
system [+],
switch [+],
studio photography [+],
studio [+],
string [+],
street fighter [+],
stockholm [+],
sticky note [+],
sterilization requirements [+],
steering wheel [+],
sprinkler [+],
springfield [+],
sparkfun [+],
source [+],
sophos [+],
softbox [+],
soft [+],
social engineer [+],
simon inns [+],
shoulder [+],
share activities [+],
several times [+],
set [+],
server message block [+],
server [+],
serial protocol [+],
self tuning [+],
script kiddy [+],
scott [+],
saturday [+],
salted [+],
safety fuse [+],
rock [+],
robot pal [+],
richard thieme [+],
rfid reader [+],
rfid [+],
research [+],
reprap [+],
repeater [+],
red light camera [+],
reason [+],
reader [+],
rant [+],
rain barrels [+],
rain barrel [+],
rain [+],
radio [+],
quinn dunki [+],
qr code [+],
pumping station [+],
prototyping [+],
protocol [+],
projector [+],
printer [+],
power supply [+],
power adapter [+],
power [+],
post [+],
poker odds [+],
poker game [+],
poker [+],
plethora [+],
playstation [+],
playing chess against the computer [+],
play station 3 [+],
play station [+],
play ground [+],
piano [+],
photos [+],
photography [+],
phil [+],
personality [+],
personal experience [+],
peripherals [+],
pentest [+],
penetration [+],
pen [+],
pdf [+],
pcb [+],
patrick [+],
party conversation [+],
party [+],
parameter names [+],
page [+],
overuse of antibiotics [+],
oscilloscope [+],
open source version [+],
open source implementation [+],
old tv [+],
old miser [+],
office mates [+],
office internet [+],
offering [+],
occifer [+],
o matic [+],
nyan [+],
nut shell [+],
nothing [+],
not [+],
nixie tube clock [+],
nixie [+],
new york city [+],
new york [+],
new mexico [+],
need [+],
mysql oracle [+],
my website [+],
my web [+],
my name [+],
musical [+],
music [+],
multitouch [+],
motion [+],
mixing colors [+],
mixing [+],
missouri [+],
mindflex [+],
mileage [+],
midwest [+],
middle [+],
messagepad [+],
maze [+],
malware [+],
makerfaire [+],
makerbot [+],
maker [+],
make [+],
machine [+],
macbook [+],
mac os [+],
mac [+],
low water pressure [+],
lost keys [+],
liu [+],
linux os [+],
linux [+],
link [+],
lib [+],
level languages [+],
lego pieces [+],
leds [+],
led [+],
leavers [+],
lawn [+],
las vegas [+],
larry [+],
laptops [+],
krakow [+],
korek [+],
kinect [+],
kilo [+],
killswitch [+],
keyword list [+],
keyword [+],
keypad [+],
joystick [+],
john [+],
japan [+],
jailbreak [+],
iterations [+],
irf520 [+],
ipwraw [+],
ipod [+],
ipads [+],
international benchmark [+],
intermediate [+],
inductor [+],
i.s.e [+],
hunting [+],
htpc [+],
household penetration [+],
home entertainment system [+],
holiday wreath [+],
hobby store [+],
high voltage [+],
high frequency [+],
hexapod [+],
helmet [+],
header [+],
head [+],
hashes [+],
hand bell [+],
hand [+],
halloween decor [+],
halloween [+],
hadouken [+],
grub [+],
green [+],
grass roots level [+],
gloomy predictions [+],
gentle slope [+],
gadget [+],
g page [+],
fuse [+],
full adder [+],
framework [+],
foot [+],
fog machine [+],
fog [+],
fob [+],
file transfer protocol [+],
file [+],
filament [+],
fiber [+],
fax machines [+],
fax machine [+],
fax [+],
everything [+],
eric [+],
engineer [+],
electrical fuse [+],
eio [+],
drive [+],
doors [+],
doorbell [+],
doody [+],
don gilmore [+],
diy [+],
disk [+],
disembodied voice [+],
dirty fingers [+],
digital logic [+],
dennis adams [+],
delta theta [+],
defecating [+],
dave kennedy [+],
daniel [+],
cyber [+],
crn [+],
creation functions [+],
crank arm [+],
country [+],
countermeasure [+],
costumes [+],
core module [+],
copter [+],
conversation [+],
contests [+],
contest winner [+],
contest [+],
concepts [+],
computer [+],
command [+],
colored balloons [+],
coffee [+],
cnc [+],
clone [+],
clock kit [+],
cktricky [+],
chess against the computer [+],
chess [+],
change [+],
cellphones [+],
cat [+],
cassandra [+],
careful driver [+],
car puccino [+],
can [+],
camera module [+],
camera [+],
caleb [+],
bypass [+],
button presses [+],
button [+],
burning car [+],
burning [+],
building [+],
bsides [+],
broadband [+],
breathalyzer [+],
box [+],
bot [+],
board [+],
blood [+],
bell [+],
bad traffic [+],
audio [+],
attack [+],
atlanta [+],
apple filing [+],
animated holiday [+],
andrew gibiansky [+],
and [+],
ancient wisdom [+],
amy gelpey [+],
amplifier [+],
amp [+],
amazing toys [+],
aluminum [+],
alex [+],
alchohol [+],
aircrack [+],
afp [+],
admin [+],
access panel [+],
Supporto [+],
Software [+],
Pentesting [+],
HackIt [+],
Fixes [+],
Bugs [+],
3d printing [+],
3d mapping [+]
-
-
12:01
»
Hack a Day
[Dennis Adams'] wreath lights project looks pretty good. But he did some amazing coding to produce a whole set of interesting animated patterns that really seal the deal for the project. Don’t miss the video after the break where he shows off all of his hard work. He started with a string individually addressable LEDs. [...]
-
-
6:44
»
Carnal0wnage
All too often, we at Attack Research have found that students are not being taught, or are not allowed, to properly perform real-world scenarios. For example, they want to run vulnerability scanners on penetration tests! When we say they are not allowed to perform real-world scenarios, some would say it’s the government or the company that doesn't want the real-world scenario. This might be very true, but those governments and companies received the understanding somewhere that running vulnerability scanners on a penetration test was a good idea, and this understanding came through some form of education. Think of network security back in the late 90's to early 2000's: Real-world attacks really did combine scanning for a vulnerability and then exploiting it. Sasser came along and changed the game, and we then had firewalls, improvements in host configurations, etc. In the early 2000's, we started to see what we currently recognize as training in the industry. This training was based upon the attacks in that time period. Well, the evolution of attack has changed, and so has the defense.
Don't get me wrong; the training industry has also evolved, but not at the rate it did when it first started back in the late 90's and 2000's. Back then, there really wasn't a standard for delivering attack-based training. We have certainly had our fair share of standards since then, but when there is no set standard, it is easier to create a new one than it is to change the current one. Well, it’s time to change that!
Classes at Attack Research are designed to help students with real-world problems. We hope to work at a grass roots level and a management level to change the way governments and companies approach network security. This is why our classes are designed to teach technical-level, real-world content. Not only from an offensive perspective but a defensive one as well. Students will come out of our classes ready to use the skills they learned. They will learn not only how a certain tool is used but the fundamentals behind it so that when they have differing results from the tools, they will know how to handle it or, better yet, they will not use the tool and write their own!
We are proud to announce that Attack Research will be at a number of conferences and locations in 2013. Last week, we announced our partnership with
Trail of Bits to offer training in the New York City area in January, April, and June.
Along with our annual training at Black Hat Las Vegas, we have joined with
Source Conference to provide training at all their conferences. At Source Boston, we will be offering a 2-day version of our Offensive Techniques training. We will also be at
BruCON in September!
Attack Research can transport any of its classes around the world or at your own company. If you are interested in private trainings, please drop us a line at
training@attackresearch.com Starting in 2013, we will hold trainings at Attack Research headquarters in New Mexico, where we will be offering reduced rates for all classes. The majority of our classes will be offered at this location, and they are scheduled to begin January 29-30. We will debut our brand new class,
Operational Post Exploitation. You can register for this class
here.
Our list of available classes is:
Offensive Techniques – Offensive Techniques offers students the opportunity to learn real offensive cyber-operation techniques. The focus is on recon, target profiling and modeling, and exploitation of trust relationships. The class will teach students non-traditional methods that follow closely what advanced adversaries do, rather than compliance-based penetration testing, and will also teach students how to break into computers without using exploits.
Operational Post-Exploitation – This class explores what to do after a successful penetration into a target, including introducing vulnerabilities rather than back doors for persistence.
Operational Post-Exploitation covers such techniques as data acquisition, persistence, stealth, and password management on many different operating systems and using several scenarios.
Rapid Reverse Engineering –
Rapid Reverse Engineering is a must these days with APT-style attacks and advanced adversaries. This class combines deep reverse engineering subjects with basic rapid triage techniques to provide students with a broad capability when performing malware analysis. This course will take the student from 0 to 60, focusing on learning the tools and key techniques of the trade for rapidly reverse engineering files. Students will understand how to assess rapidly all types of files.
Attacking Windows —
Attacking Windows is Attack Research’s unique approach to actually securing Windows. Students will become proficient in attacking Windows systems, learning the commands that are available to help move around systems and data, and examining and employing logging and detection. It will also cover authentication mechanisms, password storage and cracking, tokens, and the domain model. Once finished with this course, students will have a foundation on how attack models on Windows actually happen and how to secure against them.
Attacking Unix —
Attacking Unix is Attack Research’s unique approach to actually securing Unix. Students will become proficient in attacking Unix systems, focusing mostly on Linux, Solaris and FreeBSD. SSH, Kerberos, kernel modules, file sharing, privilege escalation, home directories, and logging all will be covered in depth. Once finished with this course, students will have a foundation on how attack models on Unix actually happen and how to secure against them.
Web Exploitation — The web is one of the most prevalent vectors of choice when attacking targets because websites reside outside the firewall.
Web Exploitation will teach the basics in SQL injection, CGI exploits, content management systems, PHP, asp, and other back doors, as well as the mechanics of exploiting web servers.
MetaPhishing –
MetaPhishing is a class designed to teach the black arts for targeted phishing operations, file format reverse engineering and infection, and non-attributable command and control systems. Once completing this class, students will have a solid foundation for all situations of phishing.
Basic Exploit Development — In order to use the tools, one must have an understanding of the basics of how they work. Basic Exploit Development will cover the step-by-step basics, tools, and methods for utilizing buffer/heap overflows on Windows and Unix.
Advanced Exploitation - Reliable exploitation on newer Windows systems requires advanced techniques such as heap layout manipulation, return oriented programming, and ASLR information leaks. In addition, robust exploitation necessitates repairing the heap and continuing execution without crashing the process. Advanced Exploitation focuses on teaching the principles behind these advanced techniques and gives the students hands-on experience developing real-world exploits.
This full listing is available on our website as well under the
services/training section. Along with each class, there is a place to allow for notification of when the class will be offered next, either at Attack Research HQ or at a different location.
I will be releasing some example modules from some of our classes over the next few weeks so you can get a feel for what we are offering. If you have any questions, please don't hesitate to contact us at
training@attackresearch.com
-
-
13:01
»
Hack a Day
[Andrew Gibiansky] has just started a tutorial series called Computing with Transistors. It’s purpose is to pull back the many veiled layers between high level languages and the controlling of electrons. And fittingly this first post starts off by explaining voltage source, load, and current. Don’t be thrown by its simplicity though. [Andrew] quickly moves [...]
-
-
12:01
»
Hack a Day
Don’t get us wrong, we love these Rock ‘Em Sock ‘Em Robot costumes. But as with that Samus Helmet it must make party conversation a bit weird. And how do you hold on to your beer? But you’ve got to commend [EyeHeartInk] and his friend for their commitment. Not only did they wear them to [...]
-
-
11:01
»
Hack a Day
Poor [Todd Harrison] spent all of Saturday and Sunday trying to make some ground-hugging fog for his Halloween decor. His fog machine hack turned out to be an utter failure. But he admits it and reports that he still had a lot of fun. Don’t feel bad [Todd], this happens to everyone from time to [...]
-
-
4:01
»
Hack a Day
Don’t get us wrong, we drive very carefully as it’s the most dangerous thing we do on a regular basis. But even a careful driver can get caught by bad traffic and a red light camera. These are devices that monitor intersections. If you get caught in the middle when the light goes red they [...]
-
-
6:01
»
Hack a Day
Looking for an artistic way to build circuits? Don’t want to design a PCB? The Lethal Nixie Tube Clock is a free form circuit that gives you the time one digit at a time. It uses a IN-1 Nixie tube to display the digits. This is driven by ten MPSA42 high voltage transistors. A IRF520 N-FET, inductor, and a [...]
-
-
6:21
»
Hack a Day
Woo we’re home from Maker Faire! The Hackaday boss man [Caleb] and [Scott], [Phil], and [Andrew] from Squidfoo are back in Springfield, Missouri. I’m safely back in the bosom of Appalachia in Pensyltucky, and we hope every one else at Maker Faire NYC 2012 made it back home safely. Don’t think this is the end of our coverage of [...]
-
-
14:23
»
Carnal0wnage
I was reading an article recently about how some of the sterilization requirements in factory farms actually encourage more damaging infections which then led me to think about antibiotic resistant strains of diseases popping up due to overuse of antibiotics. This finally led me to think about similarities in computer security.
Since I started officially working in security around 1996 a number of us have suffered from a Cassandra complex; providing warnings and gloomy predictions, which have usually come true, and being generally ignored. Now, over a decade later, it's too late to do some of what we should have done back then. Everything is owned. We have to retrofit now instead of building security in from the ground up. Its MUCH more expensive and difficult today than if we would have started then.
One of those predictions I was making back in the early 2000's was the following:
- We should move away from standardized IT environments where everything is centralized and the same
- We should stop trying so hard to stop the 80% of low sophistication attackers and focus on the 20% of attackers we really care about and who can really hurt us
Recently I have been doing a lot of incident response work and every organization I have dealt with is suffering from bullet number one. Everything centrally authenticates, everyone is running the same OS image, usernames are conventionalized and standardized, networks are flat and everything is hacked. I consistently see an attacker take over an entire network because once they had 1 machine, they had them all. Does a scientist need the same environment as a secretary? Should the sales department windows desktop be able to touch the production SQL database? Don't know, don't care, everyone gets the standard image. (And the spread of an attack is massively higher)
That the industry has tried hard to solve the low hanging 80% attacks is obvious from looking at the "solutions" that are provided such as IDS, AV, Firewalls, failure logging, scan-exploit-report penetration tests etc. These have done a decent job of stopping scans, worms and mass malware for the most part and have failed miserably at stopping the remaining 20%. So why is this a problem? 80% is pretty good right?
Well lets look at what the differences between the two types of attackers are:
80%
- Goals
- Might steal your SSN or CC
- Might use your system as a bot in a DDOS
- Might redirect you to advertisements
- Might strip your WoW character
- Might deface your website / embarrass you
- Techniques
- Mass scans
- 1day exploits (often available patch)
- Exploiting poor web coding
- SQLinjection
- Mass malware
20%
- Goals
- Will try to steal your intellectual property and us it for strategic advantage
- Will gather intelligence against you to gain an edge in negotiations, legislation, bids, etc.
- Will destroy the master boot record of all your desktops to financially damage your country
- Will use you to attack your customers to achieve the above
- Will steal your source code to find 0day, insert backdoors or sell it to competitors
- Techniques
- 0day
- Targeted spear phishing
- Sophisticated post exploitation & persistence
- Covert channels
- Anti-analysis & evasion
- Malicious insiders, supply chain, implanted hardware
- Mass data exfiltration
- Crypto key stealing
- Trust relationship hijacking
So what we have effectively done is build an environment where all target hosts are uniformly the same, and ensure that the only "germs" who can get in are the ones who we can't detect, can't stop and can't deal with. Superbugs.
Whats worse is the more we get compromised and hurt by the 20% the more money and resources we throw at trying to solve the 80% and the more we put our head in the sand about the attackers that really want to hurt us and are good at doing it. We've pushed the motivated attackers way from using the easy to deal with techniques towards the ones we can't solve very well and are very expensive.
There are a few possible solutions:
- Build active response capabilities (offense). This is messy and will cause a lot of problems but no one ever won a war with high walls and defense only. (Maginot line?)
- Start throwing money and resources at the 20% problem. PCI is not going to do it. Compliance pen tests are not going to do it. Researching virtualizing every process, location aware document formats, degradation of service for anomalous connections, better intelligence, data sharing and correlation, in short making it increasingly expensive for the sophisticated attacker is what we should be looking at.
We have to stop popping antibiotics and figure out how to cut out the flesh eating bacteria.
V.
-
-
9:01
»
Hack a Day
This is a fuse making machine that operates nearly as well as a factory machine would. Have you figured out what exactly this is yet? It’s not an electrical fuse, it’s a Visco Fuse. Still not totally clear? Don’t worry, we had to look it up too. Visco Fuse is a high-quality safety fuse used [...]
-
-
14:01
»
Hack a Day
“Nothing happens in the midwest”. I won’t say who said it, but it absolutely makes my blood boil. I’ve heard this several times during my time at Hackaday. Aside from being so insanely arrogant and dismissive, it is also completely inaccurate. Some people believe you absolutely have to be on a coast to be part of [...]
-
-
16:07
»
Hack a Day
Internet blocked at your office and feel like you’re just not getting your fix of Nyan Cat? Don’t worry, you can now use the fax machine to get your fix. [Tom Scott] put together the project to our delight, which will work best if you can find one of those fax machines that uses the [...]
-
9:01
»
Hack a Day
This could easily be called “the year of the 3d printer”. They are in the news, in every hackerspace, and at every event. This last one is the one I’m going to focus on here. All the coverage we’ve seen as well as our personal experience shows that MakerFaires are filled with 3d printers. At [...]
-
-
15:01
»
Hack a Day
Don’t want dogs pooping on the front lawn? You could put up a sign, your could chase them away like a crotchety old miser, or you could build a motion detecting sprinkler system. It’s pretty hard to line up for a doody when you’re getting sprayed in the face (or worse) with cold water. The setup is [...]
-
-
6:00
»
Hack a Day
Don’t have anyone to share activities with? Forget Siri, she’s just a disembodied voice in a box. You need to get yourself a shoulder-mounted robot pal. The idea behind this design actually has something to do with telepresence. Let’s say you and your best friend want to go check out the local Hackerspace. The problem is [...]
-
-
5:01
»
Hack a Day
3d printing has come huge strides in ability to construct detailed objects. Unfortunately, color is still a considerable limitation. Here, some people at the Reprap blog are having fun coming up with an extruder head that actually mixes two colors as it deposits them. Don’t confuse this with the dual head that Makerbot is touting [...]
-
-
8:01
»
Hack a Day
Amazing ass… for a robot Yep, Japan still has the creepy robotics market cornered. Case in point is this robotic posterior. Don’t worry, they’ve included a dissection so you can see how the insides work too. [via Gizmodo] Time-lapse camera module results As promised, [Quinn Dunki] sent in a link to the photo album from [...]
-
-
5:00
»
Carnal0wnage
Several (tm) months back I did my talk on "From LOW to PWNED" at
hashdays and
BSides Atlanta.
The slides were published
here and the video from hashdays is
here, no video for BSides ATL.
I consistently violate
presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
Post [1] Exposed Services and Admin Interfaces
Exposed Services:An example of exposed services and making sure you check for default and common passwords. so first example is a VNC server with no password. This gives us a HIGH severity finding
The following is a VNC server with a password of "password"
see the problem? Same thing goes for SSH, Telnet, FTP, etc. Don't forget about databases as well, MS SQL, MySQL, Oracle, Postgres listening out to the Internet at large.
Admin Interfaces:Admin interfaces can be gold. the problem is 1) you have to find them on the random ass port they are running on and 2) you have to get eyes on them. this can be a hassle/problem/hard to do.
So to bring the "low" to it. some random HTTP server gets you this in Nessus
Now, to be fair this could be totally accurate, but the point is you need to look at what is being served on this HTTP server, could be something could be nothing, no way to know unless you look. Finding useful HTTP pages on all the random ports can be challenging.
Here is a possible methodology for doing it:
- Nmap your range
- Import your nmap results into metasploit
- Use the db_ searches to pull out a list of hosts & ports
- With the magic of scripting languages make that list into an html page(s)
- Use linky to open all those links
Kinda goes like this:
after you have imported your nmap results, uses the services option.
If its populated you'll get a list or results like the below
Output that stuff to a CSV
msf > services -o /tmp/demo.csv
Take that CSV and run some ruby on it
The above code will output an html file that you can open with
linky
linky will open each link in a new tab allowing you a way to get eyes on each of those random HTTP(S) services.
You can now start intelligently trying default passwords or viewing exposed content.
Thoughts?
-CG
-
-
18:05
»
Hack a Day
Remember the times before the iPad existed? When a tablet PC was actually a full computer in a tablet form factor? Yeah, those days we were all so very optimistic about the future of tablet computing. Don’t think we don’t appreciate the new amazing toys that we’ve got around with the plethora of tablets to [...]
-
-
15:21
»
Hack a Day
Don’t mind me, I’m just listening to some tunes during our poker game. Well, that and getting some electronic coaching about poker odds. This board lets you wiggle your toes to input the upcards, and those in your hand. After each entry the gadget will tell you your odds of winning the hand. Take it [...]
-
-
6:01
»
Hack a Day
Don’t get your dirty fingers on the glass [Poke] sent in a video of him using Android devices with a wiimote and PS3 controller. The build uses the Joystick2Touch and the USB Joystick Center app. Root is required, but this will be very useful when tv-sized Android devices start showing up. Wonderful restoration work [John] sent in [...]
-
-
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
-
14:16
»
Hack a Day
Wardriving started out as a search for unprotected WiFi access points before hot spots were prevalent. And so this ZigBee protocol wardriving hardware which [Travis Goodspeed] put together really gives us a sense of nostalgia for that time. Don’t get us wrong, we love our pervasive WiFi access and don’t wish to go back to simpler [...]
-
-
9:33
»
Packet Storm Security Recent Files
These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.
-
9:33
»
Packet Storm Security Misc. Files
These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.
-
-
14:45
»
Hack a Day
At Hack a Day, we don’t throw the term genius around lightly. We’re obligated to bestow that title on [Don Gilmore] for his amazingly simple self-tuning piano. To appreciate [Don]‘s build, you need to realize that just because a piano has 88 keys, that doesn’t mean it has 88 strings. Treble notes have three strings per [...]
-
-
5:53
»
Hack a Day
So your hard drive quit working. Don’t despair, with a “little” work your disk can be repurposed into a clock like the one seen above. I made this clock after several iterations of various success, including the first revision, which was simply the platter with a clock kit from a hobby store screwed into the [...]
-
-
20:23
»
Hack a Day
There was a recent announcement that G+ opened the doors to businesses and organizations for g+ pages. This means we can have an official G+ page with google’s blessing. We’ve opened one up here. We plan on having “hangouts” from time to time so people can show off what they’ve done. Don’t worry if you’re [...]
-
-
15:01
»
Hack a Day
Finally, the USB port on the back of your television can be tapped for something useful. [Don] is using this add-on device to automatically cut the power to his Ambilight clone. Initially, he got tired of unplugging the power adapter each time he shut off the television, so he added a switch. But laziness overcame [...]
-
-
7:01
»
Hack a Day
Don’t you hate that feeling, the one you get when you have just realized that you have no clue where you may have left your keys? If you are unlucky enough to have lost them in a public place, odds are they are as good as gone. Pumping Station One member [celtwolf] thought it would [...]
-
-
11:01
»
Hack a Day
[Don] put together a guide that will help you build your own Ambilight Clone for about $40 plus the cost of an Arduino. He’s using it with the HTPC seen above, and utilized modular concepts in building it so that you can easily disconnect your Arduino board when you want to use it for prototyping. For RGB [...]
-
-
15:53
»
Hack a Day
If you’ve always wanted a 3D printer, here’s your chance to win one. Makerbot Industries wants the Internets to design a new mascot for them. The contest winner will receive a Makerbot Thing-o-matic. Don’t worry about a chicken or egg situation with this contest. You don’t actually need to print your design (although printability is [...]
-
-
9:01
»
Hack a Day
When [Liu] decided he wanted one of the new iPads, rather than fork out the cash he decided to build his own tablet Mac. His creation functions just as you would expect any tablet PC with some nice extra features such as running on Windows XP for any of you Microsoft lovers. [Lui’s] tablet apparently [...]
-
-
12:42
»
Hack a Day
Softboxes are often considered a must-have piece of equipment when doing any sort of portrait or studio photography. While they are not the most expensive photography accessory, they can be built far cheaper than you would pay for an off the shelf model. [Don] needed a softbox for his studio, and he ended up constructing [...]
-
-
5:55
»
Carnal0wnage
I've created a video on how to use the latest module addition to the buby family of modules in wXf. The purpose behind the module is to search Burp's history and seek out parameters in requests to an application which match our list of keywords. The keywords are basically parameters that might warrant manual analysis.
Consider we've made the following requests:
http://www.example.com/welcome.php
http://www.example.com/resource.php?accountid=
http://www.example.com/help.php?page=1
Most folks would agree that the request with a parameter of
accountid warrants some manual analysis. On a larger scale (think thousands of requests), this can be tedious to search and then send to intruder or repeater. So the idea is that we have a keyword list to help speed things up, when a match is found, an alert is sent to burp and the request is sent over to repeater & intruder for manual analysis.
As of now the keyword list in wXf isn't huge but I plan on adding to it over the next few days. If you'd like to utilize GitHub's fork/edit/merge function to contribute interesting parameter names please fork the following
file.
If you have a personal keyword list that you'd like to use privately that is okay too. The video shows you how to add a file under the datum directory and reload the list of "lfiles" (files under the datum directory).
Don't forget that if you have questions on usage, installation or anything else we've provided documentation
here .
Lastly, here is the video:
wXf module buby/keyword_search_send from cktricky on Vimeo.
-
-
5:11
»
Hack a Day
[Patrick McCabe] enjoys the challenge of playing chess against the computer but he wasn’t satisfied with the flat experience of on-screen gaming. No problem, he just built his own gantry-style chess robot that he can play against. Don’t be confused, he still doesn’t have to touch the pieces, but instead uses the dedicated control board [...]
-
-
4:00
»
Hack a Day
Hackaday reader [Danukeru] sent us a video featuring a box-based robot with an interesting personality. The box is fairly simple and from the outside seems to consist only of a switch and an LED. When the switch is flipped however, the box comes to life. When the box is activated, the lid opens, and a [...]
-
-
8:01
»
Hack a Day
[Patrick McCabe's] latest offering is a well-built maze-solving bot. This take on the competitive past-time is a little more approachable for your common mortal than the micro-bot speed maze solving we’ve seen. Don’t miss seeing the methodical process play out in the clips below the fold. The playing field that [Patrick's] robot is navigating is made up [...]
-
-
19:14
»
Carnal0wnage
So first a disclaimer, i didnt listen to the referenced podcast, this is based solely of this blog post:
http://newschoolsecurity.com/2011/04/data-driven-pen-testsSo I’m listening to the “Larry, Larry, Larry” episode of the Risk Hose podcast, and Alex is talking about data-driven pen tests. I want to posit that pen tests are already empirical. Pen testers know what techniques work for them, and start with those techniques.
What we could use are data-driven pen test reports. “We tried X, which works in 78% of attempts, and it failed.”
We could also use more shared data about what tests tend to work.
Thoughts?
Dre's response to the post was surprising to me, he listed a bunch of tools that seem to do correlating of pentest results into a portal so you can trend over time. Cool idea, i'll give the people that. But to me when we start jumping into repeatable metrics driven stuff we are in Vulnerability Assessment land, not pentesting land.
Here is the comment I left:
I like the idea and i think it could be useful.However, they need to drop the pentest part. you are solidly into the vulnerability assessment part of things when you are talking about “ok, i tried 1,2,3,4,5 and 1 & 3 worked” ok on to the next set of tests… thats vulnerability assessment (with exploitation if you want to get technical) and not pentesting.
pentesting is about that human looking at the problem and figuring out how to break it, not some scanner, thats going to be very hard to standardize and put hard numbers on and i dont think its going to be possible without tying up your tester’s time with bullshit.
I'm all for "repeatable" pentests. You should have a methodology for each type of test, but when you are paying for human's time you should be paying for them to go after the site like a human would and not how a scanner would or not in a way where i'm worried about religiously following some checklist because if i don't the metrics get all fucked up. Your pentest should come after you have thrown the kitchen sink at it scanner wise.
as an added bonus this post was right below the new school post in my Google reader:
http://coding-insecurity.blogspot.com/2011/04/developing-good-methodology-part-3.htmlThis post and really any methodology document you will ever read or write will have gaps, because no document on this subject can ever really be 100% all inclusive of every vulnerability and the myriad of variations that exist for many of these.
I think it drives the point home as well.
-CG
-
-
6:05
»
Hack a Day
Don’t get us wrong, printable whistles are cool and all, but these printable header shrouds make us think that filament printers like the Makerbot and RepRap might just be worth their salt. This utilitarian purpose is a departure from the souvenirs, toys, and art that we’re used to seeing from the expensive development toys tools. The six and [...]
-
-
6:05
»
Hack a Day
In need of an amplifier for his home entertainment system [Afroman] decided to build an amp rather than buying one. If nothing else, doing it himself allowed for a form factor that can’t just go out and buy. He designed the project on two separate boards, one for the power supply and the other for [...]
-
-
7:54
»
Hack a Day
You can make those buttons on your steering wheel much more functional if you have a way of monitoring them. Don’t even think of cracking open the factory finish to get to the solder points, just tap into the CAN bus and monitor the data traffic. The small board seen above is the result of [...]
-
-
4:03
»
Hack a Day
Need an oscilloscope? Want to see the music? Don’t have money, but do have a old TV? Then this TV to oscilloscope mod may be right up your alley. Now don’t go running off just yet, when you’re working inside of a CRT device you are exposed to mains current, high voltage, and high frequency, [...]
-
-
11:01
»
Hack a Day
The latest robot out of Nolebotic is Al.I.S.E, or Aluminum, Infrared Scanning Entity. Don’t let the name fool you, its a pretty simple take on the classic hexapod walking platform using a crank arm and leavers made into the legs. The body of the robot is made out of aluminum which is pretty easy to [...]
-
-
12:00
»
Hack a Day
Don’t just build a UAV, use it to blow things up. In this case a tri-copter seeks out colored balloons and pops them using low-grade fireworks. We’ve seen this type of flying armament before, but not in a ‘copter form factor. It looks like the targeting and firing is done by an operator, and is [...]
-
-
7:03
»
Hack a Day
Don’t reach for a sticky note when you need to leave a message for your office mates, write it down on a 12 foot LED marquee. [Kitesurfer1404] built this for his home office, but we’re sure he’ll find fun stuff to use it for. The display has 512 LEDs driven by plain old 595 shift [...]
-
-
5:00
»
Hack a Day
[Simon Inns] has put together a lesson in digital logic which shows you how to build your own gates using transistors. The image above is a full-adder that he fabricated, then combined with other full adders to create a 4-bit computer. Don’t know what a full adder is? That’s exactly what his article is for, [...]
-
-
13:40
»
Hack a Day
[Don't stop the clock] is doing some work with a projector, a camera, and the Kinect. What he’s accomplished is quite impressive, combining the three to manipulate light with your body. The image above is a safer rendition of the Hadouken from the Street Fighter video games, throwing light across the room instead of fire. [...]
-
-
12:00
»
Hack a Day
It turns out that hacking together a security keypad is remarkably simple if you know what you’re doing. [Don] needed to add a keypad with an RFID reader on it. He had previously built a USB RFID reader and thought he could integrate those concepts into the new unit. He once again started with a [...]
-
-
10:00
»
Hack a Day
Tired of hearing that flat sounding wireless doorbell when visitors happen to come by? Don’t get rid of it, improve it by adding a real bell. This hack rigs up a small hand bell to the wireless doorbell receiver. It was prototyped using LEGO pieces to shake the sound out of the bell, but the [...]
-
6:30
»
SecDocs
Authors:
Dave Kennedy Tags:
social engineering Event:
Hack3rCon 2010 Abstract: The Social-Engineer Toolkit (SET) has become a standard when it comes to social-engineering attacks and new and innovative ways in attacking the end-user. This talk will cover SET and its capabilities as well as introduce some new features and a new release. SET combines multiple attack vectors into an easily drivable interface that allows the attacker to perform advanced social-engineering attacks and compromise the intended host. Metasploit browser exploits, Custom-built Java Applet attacks, E-Mail Spear-Phishing, and much more is all integrated into the toolkit. Don't miss this talk on how to hack the human mind and utilize one of the most powerful social-engineer tools ever made.
-
-
21:06
»
SecDocs
-
-
9:33
»
Hack a Day
Don’t steal. It’s a lesson that children are taught from the youngest age and a core principle in every society. The PSGroove sets out to follow this mantra in several ways. It is an open source implementation of the PSJailbreak hardware we covered a couple of weeks back. It’s difficult to find a definitive source [...]
-
-
23:31
»
remote-exploit & backtrack
What is the name of the tool/feature
REMOTE PENETRATION OS
What is the URL of the home page of the tool/feature
LINK IS NOT ABLE TO POST BECAUSE I HAVE NOT 15 POST BUT TYPE MY NAME ASHIKALI IN GOOGLE YOU WILL FIND MY WEBSITE OR JUST ATTACH .COM BEHIND MY NAME THAT IS MY WEBSITE
What is the link to the source of the tool/feature
LINK IS NOT ABLE TO POST BECAUSE I HAVE NOT 15 POST JUST GO ON MY WEB THERE IN OPERATING SYSTEM SECTION YOU WILL BE ABLE TO FIND THIS TOOL
Why should we include this tool/feature
REASON 1> RPOS IS GIVING TOTAL WEBSITE PENETRATION TESTING CONCEPT
REASON 2> RPOS IS THE TOOL WHICH IS WORKING BASED ON PROPAR PENETRATION TESTING SYSTEM
REASON 3> EASY AND FAST PENETRATION TESTING OF WEB APPLICATION VULNERABILITY
REASON 4> EASY TO USE
REASON 5> 116 DIFFERENT TASK FOR PENETRATION TESTING
REASON 6> A COMBINATION OF TOOL
REASON 7> CAN INSTRUCT TO OS
REASON 8> FULLY CUSTOMIZABLE
REASON 9> 11 HIDDEN TASK FOR 11 TYPES OF USERS
REASON 10> GENERATE PENETRATION REPORT
REASON 11> COVERED ALL MOST ALL THE WEB HACKING TECHNIQUES
REASON 12> FAST PROCESS BECAUSE OF THREADING
Is there already a tool which provides the same functionality
I DON'T THINK THAT THERE IS ANY TOOL IS AVAILABLE ON INTERNET WHICH ARE PROVIDE SAME FUNCTIONALITY OF THIS TOOL THIS IS UNIQUE TOOL
What sort of licensing does the tool have
GPL V3
Can we contact the author if needed for questions/patch's
YOU MAY CONTACT ME AT ASHIKALI1208[AT]YAHOO[D0T]COM
Is the tool still maintained? Does the site look active?
THE TOOL IS COMPLETED AND SITE IS ACTIVE
FOR MORE INFORMATION AND TOOLS FUNCTION READ HERE
NEW FEATURES [UPDATES] [CHANGE LOG]
-----------------------------
1> NOW TOOL HAS JUMPING PROXY SUPPORT SO ONCE YOU ACTIVATE THIS TASK AFTER EACH OF THE TASK WILL BE USE DIFFERENT PROXY YOU NO NEED TO CHANGE ITS MANUALLY.
2> NEW FUNCTION ADDED FOR REMOTE DESKTOP BRUTE FORCING NOTE: THIS TASK IS PERFORMED BY TSGRIENDER
3> THE COOLEST FUNCTION IS THAT IT HAS ADDED RDP BRUTE FORCING FROM RANGE OF IP. FIRST TOOL WILL COLLECT ALL THE IP WHICH HAVE PORT3389 IS OPEN AND THEN IT WILL BRUTE FORCE IT
4> NOW YOU CAN CRACK ENCRYPTION USING 2 MORE METHODS , ONLINE AND ALSO BY AUTO WORDS PATTERN
5> NOW ALL THE OUTPUT WILL BE STORED IN FILE
6> I HAVE FILTERED FEW OUTPUT
7> CREDIT SECTION UPDATED
8> HELP SECTION UPDATED
9> OS FINGERPRINTING, SSL FINGERPRINTING, AND DATABASE FINGERPRINTING ADDED.
10> AUTO UPDATE MESSAGE WILL DISPLAY IF UPDATES ARE AVAILABLE.
11> FIXED FEW ERRORS
11> BELOW TUTORIAL UPDATED
OLD FEATURES []
-------------------------
SO WHAT IS RPOS? RPOS IS THE TOOLS OF MANY SCRIPTS. BASICALLY IF YOU ARE NEW IN HACKING OR PENETRATION TESTING THEN THIS TOOL CAN BE VERY HELP FULL TO YOU. BECAUSE THIS TOOL FOLLOW PROPER SEQUENCE OF PENETRATION TESTING METHODS. THIS IS POWERFUL SECURITY SHELL WHICH CAN BE PENETRATE ANY OF THE WEB APPLICATION. BUT IF YOU ARE EXPERIENCED HACKER OR PENETRATION TESTER THEN USING THIS TOOL YOU CAN MAKE YOUR PENETRATION PROCESS MORE FAST AND EASY. THIS TOOL IS COVERING ALMOST ALL THE HACKING AND PENETRATION TECHNIQUES
FUNCTION
PROXY
1> Getproxy
2> Testproxylist
3> Testproxy
4> Autoproxy
5> Jumping
6> Loadproxy
7> removing
8>Changing
FOOT PRINTING
9> ip getting
10> smtp address grabbing
11> tracing the rough
12> identifying technology of server (header information)
13> full server header info gathering
14> crawling emails from search engines (capability to track tricky emails too)
15> website crawling (fussing links of same directory)
16> login page finder (support for asp,aspx,php,cfm,jsp,html,htm with no of payloads)
17> sub domain enumeration
18>host name qualification from ip range
19> web server service analysis
20> website structure fingerprinting
21> who is look up
22> reversing
23> enumerates server users
24> daemon foot printing
25> operating system foot printing
26> SSLcheck (by this task you can test ssl cipher)
27> DBcheck (by this task you can test database)
28> web server monitoring
ANALYSIS
29> getting port information +service info (using thread so very fast)
30> sql injection scan
30.1-> auto scanning url
30.2->auto creating exploitable url
30.3->auto cheacking version
30.4-> auto fuzing table
31> blind injection scan
32>lfi scan
33> rfi scan
34> rce scan
35> xss scan (support HTTPS also)
36> cgi scan (more vuln paths)
37> cms scan (support joomla, membo etc...)
38> custom scan
39> full scan
BRUTE FORCING
40> bruiting ftp (first will check for anonymous login)
41> bruiting smtp
42> bruiting imap
43> bruiting nntp
44> bruiting pop3
45> bruting RDP
46> Bruting rdp from ip range
ENCRYPTION
47> Hashid
48> Onlinehash
49> Autohash
50> Md5
51> Sha1
52> Sha256
53> Sha384
54> Sha512
55> Base64enc
56> Base64dec
SUPPORT
57> wordlist builder using custom combination
58> extracting ip addresses from files
59> extracting emails from files
60> crawling words from any of the web which is given by you
61> wget utility
SERVER TASK
62> getting port information +service info (using thread so very fast)
63> sql injection scan
63.1-> auto scanning url
63.2->auto creating exploitable url
63.3->auto cheacking version
63.4-> auto fuzing table
64> blind injection scan
65> lfi scan
66> rfi scan
67> rce scan
68> xss scan (support HTTPS also)
69> cgi scan (more vuln paths)
70> cms scan (support joomla, membo etc...)
71> custom scan
72> full scan
VERBOUS TASK
73> getting port information +service info (using thread so very fast)
74> sql injection scan
74.1-> auto scanning url
74.2->auto creating exploitable url
74.3->auto cheacking version
74.4-> auto fuzing table
75> blind injection scan
76>lfi scan
77> rfi scan
78> rce scan
79> xss scan (support HTTPS also)
80> cgi scan (more vuln paths)
81> cms scan (support joomla, membo etc...)
82> custom scan
83> full scan
FORENSIC
84> maleware analysis
85> trojan analysis (very stupid task)
86> exe to batch
87> Fileanalysis
88> Iptrace
PENTEST (WORKING ON FEW TASK)
89> Penmysql
90> Penpostgray
91> Penmssql
92> Penoracle
93> Penaccess
EXPLOIT (NOT TESTED ALL)
94> Expsearch
95> Milexpgrab
96> Pacexpgrab
97> Mad
98> Boa
99> Buletftp
100> Cesarftp
101> Efs
GOOGLE DORK (FEW TASK HAS PROBLEM WORKING ON IT)
102> Dorkscan
103> Subscan
104> Gvscan
105> Shellscan
106> Ranker
107> Usergrab
108> Dorkcreator
109> Cmsscan
ROOT (UNDER DEVELOPMENT)
110> Bandtest
111> Flooding
112> Honeypot
113> Chat
114> Games
115> Ids
116> Automachine
REQURENMENT
INTERNET CONNECTION : MORE THEN 256 K.B.P.S
ONLY TESTED ON WINDOWS X.P CANT SAY ABOUT OTHER OS BUT IT SHOULD BE RUN I THINK
TUTORIAL:
FOR HELP TYPE -H
FOR ENTERING ANY DIRECTORY ENTER "in <directory name>." FOR EXAMPLE "in proxy"
FOR EXECUTING ANY FILE ENTER exe <file name> FOR EXAMPLE "exe getproxy"
FOR CREDITS TYPE -C
more function
all penetration out put will be log into a file name pentest.txt you can
change this file how? see in help by typing "-h"
FOR VIEW DIRECTORY ENTER "show"
FEATURES
1> fake user agent
2> proxy support
3> verbose mode option
SIZE 8.04 MB
FILE TYPE : RAR (WINDOWS COMFORTABLE BINARY)
and after downloading enter this command "i am the root" don't worry you need do enter this command only one it will activate all the hidden features LIKE ROOT, SERVERTASK, VERBOUSTASK ETC...
NOTE :- THIS TOOL CONTAIN TSGRIENDER WHICH WAS DETECTED AS A VIRUS BY MY AV. OTHER ALL FILE ARE VIRUS RESISTANCE YOU MAY USE IT WITHOUT ANY OF THE FEAR.
SCREEN SHOTS
-
-
3:06
»
remote-exploit & backtrack
Hi
Would anyone care to explain to me how web filter Work and i go about it to bypass them... Anyone have a Video link or a tutorial...
But i don't only want a quick fix... I would like to understand it and grasp the concept... Don't wanna be another Script kiddy on the play ground.
Thank you:D
-
-
14:19
»
Hack a Day
Reader [Eric] sent us a powerfully informative, yet super simple hack for the MindFlex toy. Don’t worry, it’s not another worthless shock ‘game’, And it’s using an actual interface instead of the built-in LEDs.
With two wires for the serial protocol, and an Arduino, you’ll be able to view “signal strength, attention, meditation, delta, theta, low [...]
-
-
6:42
»
remote-exploit & backtrack
Salve a tutta la comunità,da un pò di tempo a questa parte,il toolkit social engineering mi da qualke errore e di conseguenza il mancato corretto funzionamento ! cerco di creare un clone di un sito web,iniettando un applet java,quindi scelgo di caricare il payload,poi scelgo il metodo per bypassare le difese di un computer(shingata ganai),ed infine scelgo la porta da mettere in ascolto,subito dopo digitando la porta e dando conferma mi compaiono queste scritte :
/pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
from /pentest/exploits/framework3/msfpayload:36
ciò ke prima non comparivano,vabbè poi vado avanti:
[-] Encoding the payload 4 times to get around pesky Anti-Virus. [-]
/pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
from /pentest/exploits/framework3/msfencode:157
************************************************** ******
Do you want to create a Linux/OSX reverse_tcp payload
in the Java Applet attack as well?
************************************************** ******
Enter choice yes or no: no
e POI questo :
************************************************** *
Web Server Launched. Welcome to the SET Web Attack.
************************************************** *
[--] Tested on IE6, IE7, IE8 and FireFox [--]
[*] Launching MSF Listener...[*] This may take a few to load MSF...[*] Don't tase me bro!
/pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
from /pentest/exploits/framework3/lib/msf/ui/console/driver.rb:96:in `initialize'
from /pentest/exploits/framework3/msfconsole:92:in `new'
from /pentest/exploits/framework3/msfconsole:92
in conclusione,il webserver non parte e ritorna automaticamente al menù,ho provato ad aggiornare il toolkit ma niente da fare ! qualcuno ha qualke suggerimento?
-
-
11:00
»
Hack a Day
[Dmritard96] built this automated watering system to keep his garden growing while he’s out-of-town. It uses rain barrels, which capture and store rainwater, as a source. These barrels provide very low water pressure so he’s added a battery-powered pump along with a solar array for recharging. Don’t worry, if the rain barrels run dry there’s [...]
-
-
14:29
»
Hack a Day
We can only imagine how amazing this coffee burning car smells at it speeds down the highway at a maximum of 60mph. Don’t jump out of your seat so quick to get your own, while the idea sounds fantastic, the mileage will bring you back to earth rather quick. At 3 miles per kilo of [...]
-
-
15:37
»
Hack a Day
[Daniel] wrote up a quick tutorial on interfacing with the MQ-3, or better known Breathalyzer from SparkFun with Arduino. While we would have used perhaps an op-amp/comparator based system and kept it in a much smaller package, the idea was so quick and simple and enjoyable we hoped an article might keep some hackers from [...]
-
-
8:12
»
Wirevolution
Google announced that it is going to wire a select few communities with gigabit broadband connections. This could be huge.
Something is wrong with broadband access in the US. It was ranked 15th in the world in 2008 on a composite score of household penetration, speed and price.
Google is setting out to demonstrate a better way, though other countries already offer such demonstrations. The current international benchmark for price and speed is Stockholm at $11 per month for 100 mbps. There are similar efforts in the US, for example Utopia in Utah. One of the key features of these implementations of fiber as a utility is that the supplier of the fiber does not supply content, since this would impose a structural conflict of interest.
Google does supply content, so it will be interesting to see how it deals with this conflict. I doubt there will be any problems in the short term, but in the long term it will be very hard to resist the impulse to use all the competitive tools available; “Don’t be evil” isn’t a useful guideline to a long, gentle slope.
OK, it’s easy to be cynical, but at least Google is trying to do something to improve the broadband environment in the US, and it may be a long time before the short term allure of preferred treatment for its own content outweighs the strategic benefit of improved national broadband infrastructure. And this initiative will undoubtedly help to accelerate the deployment of fiber to the home, if only by goading the incumbents.
I touched on the issue of municipal dark fiber a while back.
-
-
7:53
»
remote-exploit & backtrack
First of all I would like to excuse myself if I'm double posting but I realized I was posting in a 3 year old thread so it probably hasn't as many views as it will have here.
In a nut shell the title of this post says it all.
I used to be able to use the -3 attack in aircrack in BT3, no other method used to work, for example Korek complained about Centrino chipset
Steps that I tried:
Code:
aireplay-ng -9 wlan0
Reports injection capable (same for mon0 interface)
Wifi card is "Intel 3495 ABG" or similar name
I even tried to install old ipwraw drivers from BT3 but when I to load them with
Code:
modprobe ipwraw
It returns that ipwraw.ko is invalid format or something like that.
I reported this in the aircrack forum but they thought it would be better to post where....:eek::eek::D:D... my thoughts exactly... lol
I've stumbled in every wall, and every wall that I climb another one appears...
Can anyone help? Don't tell me I'm the only one that came across this dificulty...
Thanks everyone.
-
-
12:01
»
remote-exploit & backtrack
OK so I was heading away on holidays and I wanted to keep my luggage to a minimum. I didn't want to bring my laptop with me, but I still wanted to have full access to all my files, my programs, my entire operating system.
So I figured hey, I can take the hard disk out of my laptop, stick it in a USB enclosure, and then just bring the hard disk around with me. The idea was I could take my hard disk and connect it into any computer and then just boot off it.
Before I went away, my Grub entry for booting Linux was as follows:
Code:
title Main Linux OS
root (hd0,2)
kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sda3 ro quiet splash
initrd /boot/initrd.img-2.6.31-17-generic
quiet
So I went away on holidays and I hooked my hard disk up to a computer via USB and then booted off it. The Grub menu appeared, and I simply hit Enter to boot into Linux. It booted up fine and everything worked.
But with some computers, there was complications.
If you look at my Grub entry above, you'll see that it makes two references to the partition on which Linux resides:
Reference 1: (hd0,2)
Reference 2: /dev/sda3
The first reference never seems to cause any problems, reason being that "hd0" will always refer to the hard disk which Grub has just booted off (or at least that's how it seems).
The second reference however can cause problems. On some of the computers I used, the Grub menu appeared, I hit Enter, and then Linux failed to load. The problem was that my own hard disk was being given the designation of
sdb instead of
sda. I had a workaround for this. When the Grub menu appeared, I would press E to edit the entry, and I would change the following line:
Code:
kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sda3 ro quiet splash
to:
Code:
kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sdb3 ro quiet splash
After I made that change, I pressed B to boot up Linux, and it booted up fine. (I didn't need to change
root (hd0,2) to
root (hd1,2)).
Here's what my
fstab file looked like:
Code:
proc /proc proc defaults 0 0
/dev/sda3 / ext3 relatime,errors=remount-ro 0 1
As you can see, my Linux partition was referred to as "/dev/sda3" in my fstab file. Even on the computers where my hard disk was designated as
sdb at boot-time, this fstab entry didn't cause any problems (you'd think I would have had to change it to
sdb!). Even though my own Linux partition was designated as
sdb3 at boot-time, it appears as though it was known as
sda3 by the time it came to mounting the root filesystem. (Don't ask me, I haven't got a clue either).
I wanted to find the best way of making my Linux installation fully portable so that I could bring my hard disk around and boot it on different computers.
...and that's when I discovered UUID's :cool:
UUID's solve the problem of hard disks being given different designations on different systems (e.g. sda VS sdb VS sdc). Every Linux partition (e.g. ext2 ext3 ext4) has its own unique UUID. You can use this UUID to refer to the partition instead of using "/dev/sda3". To make use of UUID's, I had to change two files on my hard disk: my Grub file and my fstab file. I changed them as follows.
Here's my Grub file:
Code:
title Main Linux OS
uuid 8c5055d5-75e5-5f57-9585-5a5525551524
kernel /boot/vmlinuz-2.6.31-17-generic root=UUID=8c5055d5-75e5-5f57-9585-5a5525551524 ro quiet splash
initrd /boot/initrd.img-2.6.31-17-generic
quiet
And here's my fstab:
Code:
proc /proc proc defaults 0 0
UUID=8c5055d5-75e5-5f57-9585-5a5525551524 / ext3 relatime,errors=remount-ro 0 1
After I made those changes, it booted every time on every computer. Notice, in these two files, that there's no reference to the hard disk number or even the partition number. You can move this Linux partition around however you like, you can change the partition order on your current hard disk, or you can move the Linux partition to a different hard disk. Your Linux installation should still boot right away without a problem because it's working off the UUID of the partition.
Anyway I thought this was pretty cool when I got it working right, and I just had to share it... this is the kind of stuff that makes me really love Linux :rolleyes:
If you wanna find out the UUID's of your partitions, do the following:
Code:
sudo blkid | sort
Also, another little cool thing I found is the "/dev/disk" folder. Navigate into that folder and take a look around!
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
