Here are some screenshots of it in action!
About to scan...
Scan complete, bug found!
It has no crawler as of yet, but should have one in the next release!
Monday 29 August 2011
PyXSSer v0.3 Released!
Quick post about a new tool I noticed today named PyXSSer. It can be found at darkpy.net and is a XSS testing tool in Python. It is still in development and I am told it should have a new version out soon :)
Here are some screenshots of it in action!
About to scan...
Scan complete, bug found!
It has no crawler as of yet, but should have one in the next release!
Here are some screenshots of it in action!
About to scan...
Scan complete, bug found!
It has no crawler as of yet, but should have one in the next release!
Saturday 20 August 2011
Quick Update
Quick analysis and sample of some new FB spreading malware to come tomorrow...
If I can be bothered :P
Also, more Linux malware dissection to come - I have gotten a MASSIVE collection to rip apart. If you have any, send it my way :D
Sorry about lack of content, I am addicted to Death Note (Anime) ever since I downloaded the entire fucking thing.
Review of the latest SS Rat and DarkComet to come as soon as possible also!
If I can be bothered :P
Also, more Linux malware dissection to come - I have gotten a MASSIVE collection to rip apart. If you have any, send it my way :D
Sorry about lack of content, I am addicted to Death Note (Anime) ever since I downloaded the entire fucking thing.
Review of the latest SS Rat and DarkComet to come as soon as possible also!
Thursday 18 August 2011
Some tools I felt like sharing :)
This post is just so I can share a bundle of tools :) I was gonna make just two tarballs, but instead made them all different so you can select what ones you want.
Hydrogen.tgz - this is the Hydrogen backdoor written by Immunity. Look through it, it is very interesting. Client runs on Linux, the backdoor is for windows but IIRC it can be compiled to be used on Linux hosts too. I will be writing a much longer article about this in a later instalment...
Hydrogen
QuadNX - Linux HTTP botnet, pain in the ass to set up. But works fine. I use it in VM's for stress testing apps on other VM's - botnet simulations :D
QuadNX
sshdoor.tgz - Bindshell that uses secure SSH protocol things to make it a secure backdoor. Was "new" when it came out, now backdoors are a lot more secure.
SSHdoor
websh-0.1a.tar.bz2 - shell script and php script, php script goes on the pwned server, shell script is the client. Gives a terminal like access. Have not played with it too much and cannot recall where I got the fucker...
WebSH
dorker.pl - This is a perl script that uses a google API key to search for SQLi vuln sites and then sorts them checking which ones are vulnerable :D
Dorker
sql2rce.pl - This is a perl script to automate the process of getting remote code execution via SQL injection vulns and the apache log injection method.
SQL2RCE
lfi2rce.pl - This is a perl script to automate the process of getting remote code execution via Local File Inclusion vulns and the log injection method.
LFI2RCE
sqlier-0.8.2b.sh - This is a shell script that automates some SQL injection attacks.
SQLier
shbrute.sh (in netcatscripts.tar.gz) - This tool uses netcat to check for anonymous FTP access allowed, if not, it brute forces the FTP
shwebscan.sh (in netcatscripts.tar.gz) - This tool can scan for admin, or exploit both LFI and RFI vulns to inject a malicious PHP script like a C99.
netcatscripts.tar.gz
gwee-1.36.tar.gz - this is a powerful tool for getting reverse shells using CGI-BIN exploits. It needs work to compile on *nix, but the windows binary works with wine.
SOURCE (and compiled Windows bin) Gwee-Source
Compiled Linux bin GWEE-Unix bin
Kingcopes SSH 0day remote root for FreeBSD (old but fun!)
ssh_0day.tar.gz
And finally, something I found in my travels and plan to dissect - Linux malware called the "LinuQ Sploit Pack"
Linux malware <--Warning. Do not run. Breaks things :(
That is all for now, though I am thinking of having every second link being an ad-fly link or something to make some money and get more storage from Dropbox, but I dont want to do that yet... Donations are welcome ;)
Hydrogen.tgz - this is the Hydrogen backdoor written by Immunity. Look through it, it is very interesting. Client runs on Linux, the backdoor is for windows but IIRC it can be compiled to be used on Linux hosts too. I will be writing a much longer article about this in a later instalment...
Hydrogen
QuadNX - Linux HTTP botnet, pain in the ass to set up. But works fine. I use it in VM's for stress testing apps on other VM's - botnet simulations :D
QuadNX
sshdoor.tgz - Bindshell that uses secure SSH protocol things to make it a secure backdoor. Was "new" when it came out, now backdoors are a lot more secure.
SSHdoor
websh-0.1a.tar.bz2 - shell script and php script, php script goes on the pwned server, shell script is the client. Gives a terminal like access. Have not played with it too much and cannot recall where I got the fucker...
WebSH
dorker.pl - This is a perl script that uses a google API key to search for SQLi vuln sites and then sorts them checking which ones are vulnerable :D
Dorker
sql2rce.pl - This is a perl script to automate the process of getting remote code execution via SQL injection vulns and the apache log injection method.
SQL2RCE
lfi2rce.pl - This is a perl script to automate the process of getting remote code execution via Local File Inclusion vulns and the log injection method.
LFI2RCE
sqlier-0.8.2b.sh - This is a shell script that automates some SQL injection attacks.
SQLier
shbrute.sh (in netcatscripts.tar.gz) - This tool uses netcat to check for anonymous FTP access allowed, if not, it brute forces the FTP
shwebscan.sh (in netcatscripts.tar.gz) - This tool can scan for admin, or exploit both LFI and RFI vulns to inject a malicious PHP script like a C99.
netcatscripts.tar.gz
gwee-1.36.tar.gz - this is a powerful tool for getting reverse shells using CGI-BIN exploits. It needs work to compile on *nix, but the windows binary works with wine.
SOURCE (and compiled Windows bin) Gwee-Source
Compiled Linux bin GWEE-Unix bin
Kingcopes SSH 0day remote root for FreeBSD (old but fun!)
ssh_0day.tar.gz
And finally, something I found in my travels and plan to dissect - Linux malware called the "LinuQ Sploit Pack"
Linux malware <--Warning. Do not run. Breaks things :(
That is all for now, though I am thinking of having every second link being an ad-fly link or something to make some money and get more storage from Dropbox, but I dont want to do that yet... Donations are welcome ;)
Tuesday 9 August 2011
SS-RAT 2.0 Alpha 2 release!
SS-RAT 2.0 Alpha-2 is out!
With a lot more functionality than the first alpha, SS-RAT v2 is now available to download. It is totally open source like all of Slayers projects, and is available from the google code repo here...
https://code.google.com/p/schwarzesonenrat/
I am refraining from writing more detailed stuff on it until its final release:)
BT5 Revision 1 is out tomorrow :D
With a lot more functionality than the first alpha, SS-RAT v2 is now available to download. It is totally open source like all of Slayers projects, and is available from the google code repo here...
https://code.google.com/p/schwarzesonenrat/
I am refraining from writing more detailed stuff on it until its final release:)
BT5 Revision 1 is out tomorrow :D
LokiRAT leaked source code
Just a quick post - LokiRAT, a little known PHP RAT (as in, controlled by a PHP script that acts as a proxy between commander and slave) has had its C# source leaked.
http://dl.dropbox.com/u/36983782/Source.rar
Converting to C++ and adding some/removing some features is a project I am working on in my free time - I want to remove useless crap and add a Hijack Proxy feature.
http://dl.dropbox.com/u/36983782/Source.rar
Converting to C++ and adding some/removing some features is a project I am working on in my free time - I want to remove useless crap and add a Hijack Proxy feature.
Friday 5 August 2011
BackTrack Linux and ExploitDB under DDoS or something?
See the video, note the date and time, I just recorded it there and converted it.
I think someones being an arsehole again to the OffSec team :(
DDoS is no fun!
I think someones being an arsehole again to the OffSec team :(
DDoS is no fun!
Thursday 4 August 2011
Remember - sudo as an access control is UNIVERSALLY STUPID!
Hi, this is Darren again, showing how poorly set SUDO privs can REALLY ruin your day.
We have made a user (fuck) with a password of (fuck) and given the silly fucker access to "less" via SUDO.
Now lets REALLY ruin the sysadmins life, by giving FUCK root with a few commands!
See the video - it shows how it works :D
Remember - sudo as an access control is UNIVERSALLY STUPID! Use it as an AUDIT tool for logs instead!
~I take no responsibility for use of this here infodox. Use wisely
We have made a user (fuck) with a password of (fuck) and given the silly fucker access to "less" via SUDO.
Now lets REALLY ruin the sysadmins life, by giving FUCK root with a few commands!
See the video - it shows how it works :D
Remember - sudo as an access control is UNIVERSALLY STUPID! Use it as an AUDIT tool for logs instead!
~I take no responsibility for use of this here infodox. Use wisely
Wednesday 3 August 2011
Tutorials by Hex - WEP cracking (GERIX) and MAC Spoofing
Seeing as Hex cannot be fucked mantaining a blog, and I can, and we are working together on writing tutorials, making videos, etc... We decided that I would republish his manuals here :)
http://dl.dropbox.com/u/36983782/WEPcrackingforidiots.pdf
That is his WEP cracking guide...
http://dl.dropbox.com/u/36983782/macspoofingforidiots.pdf
That is the MAC spoofing guide...
Enjoy, and remember - dont be malicious!
http://dl.dropbox.com/u/36983782/WEPcrackingforidiots.pdf
That is his WEP cracking guide...
http://dl.dropbox.com/u/36983782/macspoofingforidiots.pdf
That is the MAC spoofing guide...
Enjoy, and remember - dont be malicious!
Remote Admin Tools: DarkComet Tutorial/Overview
Get it here: http://dl.dropbox.com/u/36983782/darkcomet-tut.pdf
Now thing is, some people are going to say "LOL Dudes a skid RATS are for skids".
Ok, sure, whatever. Just remember: Poison Ivy is a RAT. Poison Ivy is an OLD RAT and it was SUCCESSFULLY used to pwn RSA.
Backdoors, malware, keyloggers, all that jazz, are actually a core feature in todays threat landscape, and therefore, I believe they CAN be useful in a penetration test - especially for mantaining access.
The PDF I link to is a primer on using one of the more common ones available. Try it - it is shocking how much one can do with em.
Now thing is, some people are going to say "LOL Dudes a skid RATS are for skids".
Ok, sure, whatever. Just remember: Poison Ivy is a RAT. Poison Ivy is an OLD RAT and it was SUCCESSFULLY used to pwn RSA.
Backdoors, malware, keyloggers, all that jazz, are actually a core feature in todays threat landscape, and therefore, I believe they CAN be useful in a penetration test - especially for mantaining access.
The PDF I link to is a primer on using one of the more common ones available. Try it - it is shocking how much one can do with em.
Monday 1 August 2011
Minor setback - SSD drive sais no
Ok, I was GOING to post about integrating BeEF (Browser Exploitation Framework) and Metasploits Browser Autopwn to create a horrible mess of browser-based evilness... I was half way through writing it up when suddenly, everything ceased working. So I tried a reboot. "No bootable media". WTF.
So I cracked the Acer open and found that indeed, my SSD drive had seemingly *cooked* itself, and it was fucking ROASTING hot. It was removed for the sake of safety, and I am booting from USB now.
I am waiting to get a replacement hard disc (later today) and then will do TWO writeups, one on WEP cracking the lazy mans way (Gerix) and another on either BeEF or some features of SET or something. I will also retake some screenshots of browser-autopwn, fun with those Netopia Routers (what does this command do?) and a few other things.
Also, photos of insides of the Acer for the hell of it lol, and a shot of my toolkit I used to pry it open in College.
So I cracked the Acer open and found that indeed, my SSD drive had seemingly *cooked* itself, and it was fucking ROASTING hot. It was removed for the sake of safety, and I am booting from USB now.
I am waiting to get a replacement hard disc (later today) and then will do TWO writeups, one on WEP cracking the lazy mans way (Gerix) and another on either BeEF or some features of SET or something. I will also retake some screenshots of browser-autopwn, fun with those Netopia Routers (what does this command do?) and a few other things.
Also, photos of insides of the Acer for the hell of it lol, and a shot of my toolkit I used to pry it open in College.
Subscribe to:
Posts (Atom)