Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

Bugtraq-II Beta 32 bits Release


Features
Bugtraq system offers the most comprehensive distribution, optimal, and stable with automated services manager in real time. This distribution based on the 3.2 and 3.4 kernel PAE has a huge range of penetration, forensic and laboratory tools. Bugtraq is available with XFCE, Gnome and KDE based on Ubuntu, Debian and OpenSuse. The systems are available in 11 different languages.

Tools
One of the novelties of bugtraq is its wide range of tools in different branches. We can find mobile forensic tools, malware testing laboratories, tools of the Bugtraq-Community, audit tools for GSM, wireless, bluetooth and RFID, integrated Windows tools, tools focused on ipv6, and typical pentesting and forensics tools that should not miss in Bugtraq-II.


Install
You can install our distribution from a Live DVD or USB drive. Depending on your desktop environment, the features vary. The minimum requirements are based on XFCE.

  • 1GHz x86 processor & 512 MB of system memory
  • 15 GB of disk space for installation

Download Bugtraq-II Beta 32 bits

System requirements
  • 1GHz x86 processor
  • 512 MB of system memory (RAM)
  • 15 GB of disk space for installation
  • Graphics card capable of 800x600 resolution
  • DVD-ROM drive or USB port

Download Bugtraq 2 Black Widow Xubuntu available in 11 languages
 MD5: 94e997802dd9286da7acb6faba4b7f34

[SAMHAIN 3.0.9] File Integrity Checker / Host-Based Intrusion Detection System


The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Some build errors have been fixed, as well as the 'probe' command for the server (clients could be erroneously omitted under certain conditions). An option has been added to the Windows registry check to ignore changes if only the timestamp has changed, and full scans requested by the inotify module will now only run at times configured for regular full scans. 


[Stegano 0.4] Python Steganography Module



Stéganô is a Python Steganography module.

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. Consequently, functions provided by Stéganô only hide message, without encryption. Indeed steganography is often used with cryptography.


The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. If you are interested in cryptography have a look at my project pySecret.

Requirements


Tutorial


Methods of hiding

For the moment, Stéganô implements these methods of hiding:
  • using the red portion of a pixel to hide ASCII messages;
  • using the Least Significant Bit (LSB) technique;
  • using the LSB technique with sets based on generators (Sieve for Eratosthenes, Fermat, Mersenne numbers, etc.);
  • using the description field of the image (JPEG).
Moreover some methods of steganalysis are provided:
  • steganalysis of LSB encoding in color images;
  • statistical steganalysis.


License

Stéganô is under GPL v3 license.

Download

[HoneyDrive Desktop] Máquina virtual con varias aplicaciones para correr nuestro propio Honeypot


HoneyDrive Desktop es una máquina virtual con varias aplicaciones preparadas que nos permite de una forma sencilla y rápida correr nuestro propio honeypot.

Corre con Xubuntu Desktop 12.04 32 bits y contiene entre otras, las siguientes aplicaciones:

  • Servidor LAMP con phpMyAdmin
  • Kippo SSH, Kippo-Graph y Kippo2MySQL
  • Dionaea Malware + phpLiteAdmin
  • Honeyd + Honeyd2MySQL y Honeyd-Viz
  • LaBrea, Tiny Honeypot, IIS Emulator, INetSim y SimH
  • Varias utilidades para el análisis de malware, PDFs, etc


La imagen ocupa 2.7 Gb y la puedes descargar desde aquí. Para instalarlo sólo tienes que importar el fichero dentro de tu programa favorito de virtualización. Recomendado Virtual Box.

[AnonTwi 1.0] Twittea Anónimanente


AnonTwi es un software gratuito diseñado para navegar anónimamente en las redes sociales. Es compatible con Identi.ca y Twitter.com. Puedes aprovechar la aleatorización de proxy, enviar datos falsos geolocalización, y más.

+ Cifrado AES + HMAC-SHA1 en Tweets y Mensajes Directos --> [Más Info]
      + Secure Sockets Layer (SSL) para interactuar con la API
+ Proxy Socks (por ejemplo, para conectar a la red TOR)
+ Valores aleatórios para las cabeceras HTTP
+ Enviar mensajes largos que divide de forma automática
+ Descifrado automático a partir de urls de tweets o código cifrado
+ Copia de seguridad de mensajes a disco (máx: 3200)
+ Enviar falsas geolocalizaciones
+ Borrar datos y cerrar cuenta (suicidarse)
+ Ver los Trending Topics globales
+ Soporte UTF-8 + Unicode (chino, árabe, símbolos, etc)
+ Multiplataforma: GNU/Linux, MacOS, Win32
+ Resultados con colores
+ Generar herramientas y módulos
+ Interfaz visual GTK+
+ Un bot de irc


Y otras muchas más opciones que puedes ver detalladas aquí                                                  

hg clone http://hg.code.sf.net/p/anontwi/code anontwi-code

Descargar AnonTwi 1.0


[SQLSentinel] OpenSource tool for sql injection security testing


SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled. 

Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities.



[BeEF] Fake Browser Update Exploitation


How to use BeEF Framework for fake browser update exploitation.

Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to install that exe and other side you will get the meterpreter session. Very easy to perform but very good for social-engineering.

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.


Windows Autologin Password Dumper & Manager

Windows Autologin Password is the free command-line tool to quickly dump and manage the Windows Automatic Logon Password.



Automatic Logon is one of the useful feature in Windows which allows you to login to system automatically without entering the password everytime. This tool helps you to easily dump the current Autologon password as well as quickly change the Autologon settings with just one command.
Here is the complete list of things that you can do with it,

  • Dump the Windows Auto Logon User & Password
  • Enable the Windows Auto Logon
  • Specify your Username & Password for Windows Auto Logon.
  • Disable the Windows Auto Logon

Once you set the Auto Logon username & password, you have to restart and next time you will be logged in automatically.
It is simple & easy to use tool. Also being a command-line based tool makes it perfect for automation.

'Windows Autologin Password' works on both both 32 bit & 64 bit versions and tested successfully on all Windows Platforms starting from Windows XP to latest version, Windows 8.      

Web: http://securityxploded.com/windows-autologin-password.php
Download  [Windows Autologin Password Dumper & Manager]

[SQL Fingerprint] Christmas Release


Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the many ways to possibly determine the version, but most of them require authentication, permissions and/or privileges on Microsoft SQL Server to succeed. 

Instead, ESF.pl uses a combination of crafted packets for SQL Server Resolution Protocol (SSRP) and Tabular Data Stream Protocol (TDS) (protocols natively used by Microsoft SQL Server) to accurately perform version fingerprinting and determine the exact Microsoft SQL Server version. ESF.pl also applies a sophisticated Scoring Algorithm Mechanism (Powered by Exploit Next Generation++ Technology), which is a much more reliable technique to determine the Microsoft SQL Server version. It is a tool intended to be used by: 




This version is a completely rewritten version in Perl, making ESF.pl much more portable than the previous binary

version (Win32), and its original purpose is to be used as a tool to perform automated penetration test. This version also includes the followingMicrosoft SQL Server versions to its fingerprint database:  

        • Microsoft SQL Server 2012 SP1 (CU1)
• Microsoft SQL Server 2012 SP1
• Microsoft SQL Server 2012 SP1 CTP4
• Microsoft SQL Server 2012 SP1 CTP3
• Microsoft SQL Server 2012 SP0 (CU4)
• Microsoft SQL Server 2012 SP0 (MS12-070)
• Microsoft SQL Server 2012 SP0 (CU3)
• Microsoft SQL Server 2012 SP0 (CU2)
• Microsoft SQL Server 2012 SP0 (CU1)
• Microsoft SQL Server 2012 SP0 (MS12-070)
• Microsoft SQL Server 2012 SP0 (KB2685308)
• Microsoft SQL Server 2012 RTM

Download: http://code.google.com
Source: http://adf.ly/146C04

[Hydra v 7.4] Fast Network cracker



One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version.


Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.


Change Log

  • New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!)
  • Added support for win8 and win2012 server to the RDP module
  • Better target distribution if -M is used
  • Added colored output (needs libcurses)
  • Better library detection for current Cygwin and OS X
  • Fixed the -W option
  • Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested
  • Fixed HTTP Form module false positive when no answer was received from the server
  • Fixed SMB module return code for invalid hours logon and LM auth disabled
  • Fixed http-{get|post-form} from xhydra
  • Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz)
  • Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-)
  • Added debug mode option to usage (thanks to Anold Black)


[WiFi Password Decryptor] Free Wireless Password Recovery Software


WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system.

It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager.
For each recovered WiFi account, it displays following information
  • WiFi Name (SSID)
  • Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)
  • Password Type
  • Password in clear text
After the successful recovery you can save the password list to HTML/XML/TEXT file. You can also right click on any of the displayed account and quickly copy the password.
Under the hood, 'WiFi Password Decryptor' uses System Service method (instead of injecting into LSASS.exe) to decrypt the WiFi passwords. This makes it more safer and reliable. Also it makes us to have just single EXE to work on both 32-bit & 64-bit platforms.

It has been successfully tested on Windows Vista and higher operating systems including Windows 8.

How to Use?

WiFiPasswordDecryptor is easy to use with its simple GUI interface. 

Here are the brief usage details
  • Launch WiFiPasswordDecryptor on your system
  • Next click on 'Start Recovery' button and all stored WiFi account passwords will be recovered & displayed as shown in screenshot 1 below.
  • You can right click on any of the displayed account to quickly copy the password
  • Also can generated detailed password recovery report in HTML/XML/Text format by clicking on 'Export' button and then select the type of file from the drop down box of 'Save File Dialog'.
Note that you need to have administrative privileges to run this tool.

Limitations

This tool can recover the WiFi Passwords configured by Windows Wirelss Configuration Manager only. Also it does not work on older operating systems like Windows XP, 2003.It works well with Vista & all the higher versions.
Screenshots

Here are the screenshots of WiFiPasswordDecryptor
Screenshot 1: WiFi Password Decryptor showing all the Recovered WiFi account Passwords.
WiFiPasswordDecryptor showing recovered passwords


Screenshot 2: Detailed HTML report of all the recovered WiFi account Passwords
WiFiPasswordDecryptor

Download WiFi Password Decryptor

[ScanPlanner] Scanner Nmap Online


ScanPlanner is the easiest, fastest way to run NMAP scans and tests from the web. Schedule and track your network scans and vulnerability tests with our intuitive online interface.

WEB: http://scanplanner.com/

[jSQL Injection] Java based automated SQL injection tool


jSQLi is java based free SQL Injection Tool. It is very easy for user to retrieve database information from a vulnerable web server.

SQL Injection features:

  • GET, POST, header, cookie methods
  • normal, error based, blind, time based algorithms
  • automatic best algorithms detection
  • data retrieving progression
  • proxy setting
  • evasion
  • for now supports MySQL

Download it from here:
http://adf.ly/14645Y

[Nmap 6.25] 85 new NSE scripts

Download+Nmap+6.25After five months NMAP team release latest version of open source utility for network exploration or security auditing - NMAP 6.25 .

It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
Updates:
  • integration of over 3,000 IPv4 new OS fingerprint submissions, over 1,500 service/version detection fingerprints, and of the latest IPv6 OS submissions and corrections
  • better IPv6 traceroute support
  • new poll and kqueue I/O engines for improved performance on Windows and BSD-based systems including Mac OS X
  • added support for Unix domain sockets
  • 85 new NSE scripts
  • 12 new protocol libraries
  • Windows 8 improvements
  • targets-sniffer is now capable of sniffing IPv6 addresses
  • a number of bugs affecting the software's security, stability and productiveness fixed.
Download Nmap 6.25

[Xenotix] XSS Exploit Framework 2013 v2 Released


Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

Features: 

  • Built in XSS Payloads
  • XSS Key logger
  • XSS Executable Drive-by downloader
  • Automatic XSS Testing
  • XSS Encoder
  • XSS Reverse Shell (new)
Download Xenotix XSS Exploit Framework 2013 v2

[Network Password Decryptor v3.0] Tool to Recover Network Passwords

Network Password Decryptor is the free tool to instantly recover network passwords stored in the 'Credential Store' of Windows.

Windows 'Credential Store' provides the framework for storing various network authentication based passwords in secure encrypted format.
 
 Not only Windows uses it to store network authentication passwords, but also other applications such as Outlook, Windows Live Messenger, Remote Destktop, Gmail Notifier etc uses it for storing their login passwords. These network passwords are saved only when the user has selected 'Remember Password' option during login time.

These network passwords are stored in encrypted format and even administrator cannot view these passwords. Also some type of passwords cannot be decrypted even by administrators as they require special privileges. In this context, NetworkPasswordDecryptor makes it easy to detect and decrypt all these stored network passwords from Credential Store.

Current version v3.0 supports network password recovery from Windows 8.

NetworkPasswordDecryptor works on wider range of platforms starting from Windows XP to latest operating system, Windows 8.

Screenshots
Here are the screenshots of NetworkPasswordDecryptor
Screenshot 1: NetworkPasswordDecryptor showing all the recovered passwords from Windows 8.

Screenshot 2: Report showcasing all the recovered network passwords on Windows 8 system

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

What's VSD?

VSD (Virtual Section Dumper) is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header, dump a given range of memory or even list and dump every virtual section present in the process.
Usage of VSD can be found here

Screenshots

VSD x86

Main window

Loaded modules


Handles

Threads

Patch

VSD x64



Latest changes

VSD x86

Version: 2.1 (18/11/2012)
  • Added "Ignore unnamed objects" in the window handles.
  • Added "Set Priority" feature in order to set the priority of a given process. issue 8
  • Added "Suspend process" and "Resume process" features. issue 10
  • Added "Suspend all threads before dumping". Using this option you can suspend the execution of a given process before to dump it. issue 5
  • Added updatevsd.exe. More information can be found here
Version: 2.0 (01/04/2012)
  • Added a menu bar.
  • Added a module list viewer.
  • Added Dump Full and Dump Partial over a specific module.
  • Added sorting feature in the module list viewer.
  • Added a handle list viewer.
  • Added sorting feature in the handle list viewer.
  • Added a thread list viewer.
  • Added Resume, Terminate and Suspend functions in the thread list viewer.
  • Added the "Patch" feature.
  • Bugfixes in some functions.
  • Code refactoring in some functions. The code still needs a lot of improvements :P
Version: 1.1
  • Fixed a bug in the PastePEHeader() function when calculating the offset of the original PE Header.
Version: 1.0
  • First stable release (I hope so :)

VSD x64

Version: 1.0
  • First stable release. 

Download Virtualsectiondumper

http://adf.ly/146CHL

[ISME v0.7] IP Phone Scanning Made Easy


ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.

Initially intended as a scanner dedicated to Cisco IP Telephony solution, ISME has evolve in a small framework to test IP Phones from several editors.

Nevertheless, the four goals I had in mind at the beginning are still present:
  • Provide a simple tool to use,
  • Trying to create something new dedicated to ip telephony,
  • Targeting enterprise solutions,
  • Exploiting LAN connexion possibilities.

Download ISME v0.7 (Zip - 5 Mb) 
isme_v0.7 documentation (PDF - 3.4 Mb)





V0.7 – 15/11/2012
· Tool: Add Cisco phone logout mobility feature abuse.
Version follow up

· Tool: Implement a module to detect the use of default Login/password on embedded
web interface from Mitel phones.
· Exploit: Add Aastra ip phone information disclosure (OSVDB-ID: 72941/EDB-ID
17376).
· Exploit: Add Avaya Ip Office Linux voicemail password file data disclosure.
· Exploit: Add the script providing phone call and remote taping on SNOM phones.
· Exploit: Add Mitel AWC unauthenticated command execution (OSVDB-ID:
69934/EDB-ID 15807).
V0.6 – 30/08/2012
· Implement code to exploit Polycom IP Phones data disclosure vulnerability (OSVDBID:
73117).
· Implement code to exploit Polycom IP Phones DoS through web interface (OSVDBID:
70697).
· Implement a module to detect Polycom SoundPoint IP Phones use of default
Login/password and unprotected web interface.
· Add the capacity to scan a full subnet for Aastra & SNOM default login/password
search. Capacity to save results in text files has been added also.
· Add an integrated graphical module for Protos SIP in ISME (need java to work).
· Cisco phone ringer & forwarder support new types of IP Phone:
7914,7915,7916,7920,7921,7925,7985
· Due to some problems met by users at the installation, I finally come back to an install
process mainly based on CPAN.
V0.5 – 06/08/2012
· Add SIP Flooding attacks (Invite, Register, Options)
· Add TCP SYN Flood attack
· Update installer
· Change menu presentation
V0.4 – 12/06/2012
· Add Cisco phone attacks (ringer & forwarder – skinny)
· Add Lan & Servers attacks (DHCP Starvation & DNS Subnet resolver)
V0.3 – 12/02/2012
· All kind of subnets are now support. ISME is no more limited to “/24”. Take care, it is
done with the utilization of a new library. Be sure to install it (or load the installation
script which add been adapted) before launching this new version.
· Add the capacity to detect default password on SNOM IP Phones.
V0.2 – 03/01/2012
· Add an installer for all the perl modules.
· Add the capacity to detect default password on Aastra IP Phones.
V0.1 – 20/12/2011
First release of ISME script.

[VMInjector] DLL Injection tool to unlock guest VMs


Overview: VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation.
Description:
VMInjector is a tool which manipulates the memory of VMware guests in order to bypass the operation system authentication screen.

VMware handles the resources allocated to guest operating systems, including RAM memory. VMInjector injects a DLL library into the VMWare process to gain access to the mapped resources. The DLL library works by parsing memory space owned by the VMware process and locating the memory-mapped RAM file, which corresponds to the guest’s RAM image. By manipulating the allocated RAM file and patching the function in charge of the authentication, an attacker gains unauthorised access to the underlying virtual host.

VMInjector can currently bypass locked Windows, Ubuntu and Mac OS X operation systems.

The in-memory patching is non-persistent, and rebooting the guest virtual machine will restore the normal password functionality.

Attacking Scenarios:
VMInjector can be used if the password of a virtual host is forgotten and requires reset.

Most usually, this tool can be used during penetration testing activities, when access to a VMWare host is achieved and the attacker is looking to gain additional access to the guests running in such host.

Requirements:
  • Windows machine (with administrative access);
  • VMware workstation or player edition;
  • A locked guest VM;
Usage:
VMInjector consists of 2 parts:
  • The DLL injection application (python script or provided converted executable)
  • DLL library (x86 and x64)
The tool supports both x86 and x64 bit architectures by providing both DLLs. One may use his own DLL injector to select the guest virtual machine running on the host.
In order to run the tool, execute the VMInjector (32 or 64) executable provided from the command line as shown in figure 1.

  Figure 1: List of running guest machines running.

VMWare runs each guest in a different process. VMInjector needs to be pointed to the process running the guest which requires bypass. Once the user chooses a process, it will inject the DLL into the chosen target.
Once the DLL is injected, the user will need to specify the OS, so that the memory patching can be accomplished, as shown in Figure 2.
 
 Figure 2: Searching for OS signature in memory and patching.
Tool and Source Code:
The tool executable and source code can be found on GitHub (http://adf.ly/146CVz)

[PwnStar] Version with new Exploits

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.

PwnSTARscreenshot
Changes and New Features
  • “hotspot_3″ is a simple phishing web page, used with basic menu option 4.
  • “portal_simple” is a captive portal which allows you to edit the index.html with the name of the portal eg “Joe’s CyberCafe”. It is used for sniffing.
  • “portal_hotspot3″ phishes credentials, and then allows clients through the portal to the internet
  • “portal_pdf” forces the client to download a malicious pdf in order to pass through the portal
Updated feature list:
  • captive-portal with iptables and php
  • more php scripts added
  • exploits added
  • mdk3 and airdrop deauth
General Features :
  • manage interfaces and MACspoofing
  • set up sniffing
  • serve up phishing or malicious web pages
  • launch karmetasploit
  • grab WPA handshakes
  • de-auth clients
  • manage IPtables

Download Here

[PwnPi v2.0] A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager

Login username and password is root:root
download

Tools List:
list

Download Here

[NetSleuth] Open source Network Forensics And Analysis Tools

NetSleuth-Offline-Varied-2
NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files.

NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).
It also includes a live mode, silently identifying hosts and devices without needing to send any packets or put the network adapters into promiscuous mode ("silent portscanning").
NetSleuth is a free network monitoring, cyber security and network forensics analysis (NFAT) tool that provides the following features:
  • An easy realtime overview of what devices and what people are connected to any WiFi or Ethernet network.
  • Free. The tool can be downloaded for free, and the source code is available under the GPL.
  • Simple and cost effective. No requirement for hardware or reconfiguration of networks.
  • “Silent portscanning” and undetectable network monitoring on WiFi and wired networks.
  • Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and more.
  • Offline analysis of pcap files, from tools like Kismet or tcpdump, to aid in intrusion response and network forensics.

[TXDNS v 2.2.1] Aggressive multithreaded DNS digger

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:
-- Typos: Mised, doouble and transposde keystrokes;
-- TLD/ccSLD rotation;
-- Dictionary attack;
-- Full Brute-force attack: alpha, numeric or alphanumeric charsets.

New features:

  • Support AAAA(IPv6)record queries:
    • -rr AAAA;
  • Rewrite summarizing statistics using a thread-safe algorithm instead mutex.

Bug fixes:

  • Fixed a problem when running under Windows XP;
  • Fixed a problem when parsing a IPv6 address.
  • November 9th, 2012 by Arley Silveira

[SSLsplit 0.4.5] Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections.  Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit.  SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted.  SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6.  For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension.  SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites.  SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones.  SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way.

Requirements

SSLsplit depends on the OpenSSL and libevent 2.x libraries. The build depends on GNU make and a POSIX.2 environment in `PATH`. The (optional) unit tests depend on check.

SSLsplit currently supports the following operating systems and NAT engines:
  •    FreeBSD: pf rdr, ipfw fwd, ipfilter rdr
  •    OpenBSD: pf rdr
  •    Linux: netfilter REDIRECT and TPROXY
  •    Mac OS X: ipfw fwd

Installation

    make
    make test       # optional unit tests
    make install    # optional install

Dependencies are autoconfigured using pkg-config.  If dependencies are not
picked up and fixing `PKG_CONFIG_PATH` does not help, you can specify their
respective locations manually by setting `OPENSSL_BASE`, `LIBEVENT_BASE` and/or
`CHECK_BASE` to the respective prefixes.

You can override the default install prefix (`/usr/local`) by setting `PREFIX`.
Development

SSLsplit is being developed on Github.  For bug reports, please use the Github
issue tracker.  For patch submissions, please send me pull requests.

Download SSLsplit 0.4.5

[Network Database Scanner v1.0] Software to remotely detect the type of Database services running on the network system


Network Database Scanner is the free software to remotely detect the type of Database services running on the network system. It can help you to scan single or multiple systems on your internal network or on the Internet.

It uses smart timer based Connect method which makes the scanning faster than traditional approach.

Current version supports following popular Database Services, 
  •     MySQL
  •     MSSQL
  •     Oracle
  •     DB2
  •     PostgreSQL
After the successful scan, it performs fingerprint verification for few Databases. In case of MySQL, it also detects the current database version.

Penetration Testers can find it useful in remotely detecting the presence of database services on the network. Then based on the type of Database, they can use additional tools such as Mysql Password Auditor, Oracle Password Auditor etc to get greater results.

'Network Database Scanner' works perfectly on 32bit as well as 64 bit systems and supports all Windows platforms starting from Windows XP to Windows 8.

License  : Freeware
Platform : Windows XP, 2003, Vista, Win7, Win
more info



[FTP Password Kracker] Crack FTP password

FTP Password Kracker is a free software to recover your lost FTP password directly from server. It uses brute-force password cracking method based on universal FTP protocol and can recover password from any FTP server.

It automatically detects and alerts you if the target FTP server allows any Anonymous (without password) connections. In case your FTP server is running on different port (other than port 21) then you can easily specify the same in the tool along with server IP address.

By default it includes sample dictionary (password list) file for password cracking. However you can find good collection of password dictionaries (also called wordlists) here & here.
If your password is complex then you can use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'FTP Password Kracker'.


For penetration testers and forensic investigators, it can be very handy tool in discovering poorly configured FTP accounts.
It works on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8.

Here are the main benefits of FTP Password Kracker:

  • Free tool to recover the lost FTP password
  • Works against any FTP server.
  • Automatically remembers last used settings
  • Option to specify non-standard FTP port.
  • Uses siimple & quicker Dictionary Crack method
  • Displays detailed statistics during Cracking operation
  • Stop the password cracking operation any time.
  • Generate Password Recovery report in HTML/XML/TEXT format.
  • Includes Installer for local Installation & Uninstallation.
How to use? 

It is very easy to use tool for any generation of users.

Here are simple steps:
  • Install 'FTP Password Kracker' on any system.
  • Enter the IP Address & Port number (default 21) of the FTP Server.
  • Then enter the username (Example: admin, anonymous etc)
  • Next select the password dictionary file by clicking on Browse button or simply drag & drop it. You can find a sample dictionary file in the installed location.
  • Finally click on 'Start Crack' to start the FTP Password recovery.
  • During the operation, you will see all statistics being displayed on the screen. Message box will be displayed on success.
  • At the end, you can generate detailed report in HTML/XML/Text format by clicking on 'Report' button and then select the type of file from the drop down box of 'Save File Dialog'.

Download FTP Password Kracker
License  : Freeware
Platform : Windows XP, 2003, Vista, Win7, Win8
More Info

[ShowWindows v1.0] Command-line Tool to Manage Open Windows


Show Windows is the command-line tool to manage Windows opened by all running Processes on your system.

In addition to showing open Windows, it does little more. Here are some of the things that you can do with ShowWindows,
  • View all open Windows/Apps
  • Windows opened by particular User
  • Windows opened by particular Process
  • Search for Windows with specified Title
  • Close the Window
  • Kill the selected Process


In Penetration Testing environment, it can help you to discover all kind of activities happening on the target system. Instead of just plain listing of running processes, open Windows list can reveal more interesting details. For example, Files currently opened by the user, what songs/videos being played, what websites being watched etc.


'Show Windows' is available in both 32 bit & 64 bit versions. It works on all Windows Platforms starting from Windows XP to latest version, Windows 8.

Examples of ShowWindows
//Show all open windows
ShowWindows.exe

//List all open windows belonging to process id 1000
ShowWindows.exe -p 1000

//List all open windows belonging to user admin
ShowWindows.exe -u "admin"

//Close the Window with title 'Mozilla Firefox'
ShowWindows.exe -c "Mozilla Firefox"

//Kill the Process with PID 1000
ShowWindows.exe -k 1000

//List all open Windows having title Chrome
ShowWindows.exe -s "chrome"


Download ShowWindows 
License : Freeware
Platform : Windows XP, 2003, Vista, Win7, Win8
More info

[Dissy] Graphical frontend to the objdump disassembler


Dissy is a graphical frontend to the objdump disassembler. Dissy can be used for debugging and browsing compiler-generated code. 



Download Dissy

[Patator Brute Forcer] v 0.4

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:
 * ftp_login     : Brute-force FTP
 * ssh_login     : Brute-force SSH
 * telnet_login  : Brute-force Telnet
 * smtp_login    : Brute-force SMTP
 * smtp_vrfy     : Enumerate valid users using the SMTP VRFY command
 * smtp_rcpt     : Enumerate valid users using the SMTP RCPT TO command
 * finger_lookup : Enumerate valid users using Finger
 * http_fuzz     : Brute-force HTTP/HTTPS
 * pop_login     : Brute-force POP
 * pop_passd     : Brute-force poppassd (not POP3)
 * imap_login    : Brute-force IMAP
 * ldap_login    : Brute-force LDAP
 * smb_login     : Brute-force SMB
 * smb_lookupsid : Brute-force SMB SID-lookup
 * vmauthd_login : Brute-force VMware Authentication Daemon
 * mssql_login   : Brute-force MSSQL
 * oracle_login  : Brute-force Oracle
 * mysql_login   : Brute-force MySQL
 * pgsql_login   : Brute-force PostgreSQL
 * vnc_login     : Brute-force VNC
 * dns_forward   : Brute-force DNS
 * dns_reverse   : Brute-force DNS (reverse lookup subnets)
 * snmp_login    : Brute-force SNMPv1/2 and SNMPv3
 * unzip_pass    : Brute-force the password of encrypted ZIP files
 * keystore_pass : Brute-force the password of Java keystore files

The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo

Patator is NOT script-kiddie friendly, please read the README inside patator.py before reporting. 


Patator Brute Forcer 0.4

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Read Policy and Logs for:

Checkpoint FW1 (in odumper.csv / logexport format),
Netscreen ScreenOS (in get config / syslog format),
Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

TRY: 'print' mode. One command, and spreadsheet for your audit needs!

Features

  • WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES - IS ONE FILE
  • .
  • Easy to Edit Menu Driven Text Interface
  • Capable of manipulating tens of thousands of rules, objects and groups
  • Handles infinitely deep groups
  • Capable of CIDR filtering connectivity in/out of policy rulebases.
  • Capable of merging rulebases.
  • Identifies existing connectivity in rulebases and policies
  • Automatically performs cleanup if a log file is provided.
  • Keeps DR connecitvity via any text or IP tag
  • Encryption rules can be added during policy moves to remove the "merge from" rules for traffic that would be encrypted by the time it reached the firewall on which the "merge to" policy is to be installed - sounds complicated but its not in practice - apropriate ike and esp rules should be added manually
  • Runs consistency checks on its own objects and rule definitions
  • Extendable via a simple elsif in the user interaction loop section.
  • .
  • EASY TO EXECUTE:
  • ./360-faar.pl <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats>
  • .
  • CONFIG TYPES: - cisco soon!
  • od = logexported logs, object dumper format config, fwdoc format nat rules csv
  • ns = syslog format logs, screenos6 format config, nats are included in policy but not processed fuly yet, fwdoc format nats can be used though
  • cs = cisco asa syslog file, cisco ASA format config, - not ready yet
  • .
  • OUTPUT TYPES:
  • od = output an odumper/ofiller format config to file, and print the dbedit for the rulebase creation to screen
  • ns = outputs netscreen screenos6 objects and policies (requires a netscreen config or zone info)
  • cs = cisco asa format config - not ready yet
  • .
  • By default 360-FAAR accepts exactly 3 configs on the command line.
  • Make an empty file called "fake" and and use this as the file name, for log config and nats if you want to process less than 3 configs at once.
  • Log file headders in fw1 logexported logs are found automatically so many files can be cated together
  • .
  • FUTHER PROCESSING AND MANUAL EDITING:
  • Output odumper/ofiller format files and make them more readable (watchout for spaces in names) using the numberrules helper script
  • Edit these csv's in Openoffice or Excell using any of the object or group definitions from the three loaded configs.
  • You can then use this file as a template to translate to many different firewalls using the 'bldobjs' mode


Screens