Monday, 29 August 2011

PyXSSer v0.3 Released!

Quick post about a new tool I noticed today named PyXSSer. It can be found at and is a XSS testing tool in Python. It is still in development and I am told it should have a new version out soon :)

Here are some screenshots of it in action!

About to scan...

Scan complete, bug found!

It has no crawler as of yet, but should have one in the next release!

Saturday, 20 August 2011

Quick Update

Quick analysis and sample of some new FB spreading malware to come tomorrow...
If I can be bothered :P

Also, more Linux malware dissection to come - I have gotten a MASSIVE collection to rip apart. If you have any, send it my way :D

Sorry about lack of content, I am addicted to Death Note (Anime) ever since I downloaded the entire fucking thing.

Review of the latest SS Rat and DarkComet to come as soon as possible also!

Thursday, 18 August 2011

Some tools I felt like sharing :)

This post is just so I can share a bundle of tools :) I was gonna make just two tarballs, but instead made them all different so you can select what ones you want.

Hydrogen.tgz - this is the Hydrogen backdoor written by Immunity. Look through it, it is very interesting. Client runs on Linux, the backdoor is for windows but IIRC it can be compiled to be used on Linux hosts too. I will be writing a much longer article about this in a later instalment...

QuadNX - Linux HTTP botnet, pain in the ass to set up. But works fine. I use it in VM's for stress testing apps on other VM's - botnet simulations :D

sshdoor.tgz - Bindshell that uses secure SSH protocol things to make it a secure backdoor. Was "new" when it came out, now backdoors are a lot more secure.

websh-0.1a.tar.bz2 - shell script and php script, php script goes on the pwned server, shell script is the client. Gives a terminal like access. Have not played with it too much and cannot recall where I got the fucker...
WebSH - This is a perl script that uses a google API key to search for SQLi vuln sites and then sorts them checking which ones are vulnerable :D
Dorker - This is a perl script to automate the process of getting remote code execution via SQL injection vulns and the apache log injection method.
SQL2RCE - This is a perl script to automate the process of getting remote code execution via Local File Inclusion vulns and the log injection method.
LFI2RCE - This is a shell script that automates some SQL injection attacks.
SQLier (in netcatscripts.tar.gz) - This tool uses netcat to check for anonymous FTP access allowed, if not, it brute forces the FTP (in netcatscripts.tar.gz) - This tool can scan for admin, or exploit both LFI and RFI vulns to inject a malicious PHP script like a C99.

gwee-1.36.tar.gz - this is a powerful tool for getting reverse shells using CGI-BIN exploits. It needs work to compile on *nix, but the windows binary works with wine.
SOURCE (and compiled Windows bin) Gwee-Source
Compiled Linux bin GWEE-Unix bin

Kingcopes SSH 0day remote root for FreeBSD (old but fun!)

And finally, something I found in my travels and plan to dissect - Linux malware called the "LinuQ Sploit Pack"
Linux malware  <--Warning. Do not run. Breaks things :(

That is all for now, though I am thinking of having every second link being an ad-fly link or something to make some money and get more storage from Dropbox, but I dont want to do that yet... Donations are welcome ;)

Tuesday, 9 August 2011

SS-RAT 2.0 Alpha 2 release!

SS-RAT 2.0 Alpha-2 is out!
With a lot more functionality than the first alpha, SS-RAT v2 is now available to download. It is totally open source like all of Slayers projects, and is available from the google code repo here...

I am refraining from writing more detailed stuff on it until its final release:)

BT5 Revision 1 is out tomorrow :D

LokiRAT leaked source code

Just a quick post - LokiRAT, a little known PHP RAT (as in, controlled by a PHP script that acts as a proxy between commander and slave) has had its C# source leaked.

Converting to C++ and adding some/removing some features is a project I am working on in my free time - I want to remove useless crap and add a Hijack Proxy feature.

Friday, 5 August 2011

BackTrack Linux and ExploitDB under DDoS or something?

See the video, note the date and time, I just recorded it there and converted it.

I think someones being an arsehole again to the OffSec team :(

DDoS is no fun!

Thursday, 4 August 2011

Remember - sudo as an access control is UNIVERSALLY STUPID!

Hi, this is Darren again, showing how poorly set SUDO privs can REALLY ruin your day.

We have made a user (fuck) with a password of (fuck) and given the silly fucker access to "less" via SUDO.

Now lets REALLY ruin the sysadmins life, by giving FUCK root with a few commands!

See the video - it shows how it works :D

Remember - sudo as an access control is UNIVERSALLY STUPID! Use it as an AUDIT tool for logs instead!

~I take no responsibility for use of this here infodox. Use wisely