Quick post about a new tool I noticed today named PyXSSer. It can be found at darkpy.net and is a XSS testing tool in Python. It is still in development and I am told it should have a new version out soon :)
Here are some screenshots of it in action!
About to scan...
Scan complete, bug found!
It has no crawler as of yet, but should have one in the next release!
/dev/urandom
Nothing is secure.
Monday 29 August 2011
Saturday 20 August 2011
Quick Update
Quick analysis and sample of some new FB spreading malware to come tomorrow...
If I can be bothered :P
Also, more Linux malware dissection to come - I have gotten a MASSIVE collection to rip apart. If you have any, send it my way :D
Sorry about lack of content, I am addicted to Death Note (Anime) ever since I downloaded the entire fucking thing.
Review of the latest SS Rat and DarkComet to come as soon as possible also!
If I can be bothered :P
Also, more Linux malware dissection to come - I have gotten a MASSIVE collection to rip apart. If you have any, send it my way :D
Sorry about lack of content, I am addicted to Death Note (Anime) ever since I downloaded the entire fucking thing.
Review of the latest SS Rat and DarkComet to come as soon as possible also!
Thursday 18 August 2011
Some tools I felt like sharing :)
This post is just so I can share a bundle of tools :) I was gonna make just two tarballs, but instead made them all different so you can select what ones you want.
Hydrogen.tgz - this is the Hydrogen backdoor written by Immunity. Look through it, it is very interesting. Client runs on Linux, the backdoor is for windows but IIRC it can be compiled to be used on Linux hosts too. I will be writing a much longer article about this in a later instalment...
Hydrogen
QuadNX - Linux HTTP botnet, pain in the ass to set up. But works fine. I use it in VM's for stress testing apps on other VM's - botnet simulations :D
QuadNX
sshdoor.tgz - Bindshell that uses secure SSH protocol things to make it a secure backdoor. Was "new" when it came out, now backdoors are a lot more secure.
SSHdoor
websh-0.1a.tar.bz2 - shell script and php script, php script goes on the pwned server, shell script is the client. Gives a terminal like access. Have not played with it too much and cannot recall where I got the fucker...
WebSH
dorker.pl - This is a perl script that uses a google API key to search for SQLi vuln sites and then sorts them checking which ones are vulnerable :D
Dorker
sql2rce.pl - This is a perl script to automate the process of getting remote code execution via SQL injection vulns and the apache log injection method.
SQL2RCE
lfi2rce.pl - This is a perl script to automate the process of getting remote code execution via Local File Inclusion vulns and the log injection method.
LFI2RCE
sqlier-0.8.2b.sh - This is a shell script that automates some SQL injection attacks.
SQLier
shbrute.sh (in netcatscripts.tar.gz) - This tool uses netcat to check for anonymous FTP access allowed, if not, it brute forces the FTP
shwebscan.sh (in netcatscripts.tar.gz) - This tool can scan for admin, or exploit both LFI and RFI vulns to inject a malicious PHP script like a C99.
netcatscripts.tar.gz
gwee-1.36.tar.gz - this is a powerful tool for getting reverse shells using CGI-BIN exploits. It needs work to compile on *nix, but the windows binary works with wine.
SOURCE (and compiled Windows bin) Gwee-Source
Compiled Linux bin GWEE-Unix bin
Kingcopes SSH 0day remote root for FreeBSD (old but fun!)
ssh_0day.tar.gz
And finally, something I found in my travels and plan to dissect - Linux malware called the "LinuQ Sploit Pack"
Linux malware <--Warning. Do not run. Breaks things :(
That is all for now, though I am thinking of having every second link being an ad-fly link or something to make some money and get more storage from Dropbox, but I dont want to do that yet... Donations are welcome ;)
Hydrogen.tgz - this is the Hydrogen backdoor written by Immunity. Look through it, it is very interesting. Client runs on Linux, the backdoor is for windows but IIRC it can be compiled to be used on Linux hosts too. I will be writing a much longer article about this in a later instalment...
Hydrogen
QuadNX - Linux HTTP botnet, pain in the ass to set up. But works fine. I use it in VM's for stress testing apps on other VM's - botnet simulations :D
QuadNX
sshdoor.tgz - Bindshell that uses secure SSH protocol things to make it a secure backdoor. Was "new" when it came out, now backdoors are a lot more secure.
SSHdoor
websh-0.1a.tar.bz2 - shell script and php script, php script goes on the pwned server, shell script is the client. Gives a terminal like access. Have not played with it too much and cannot recall where I got the fucker...
WebSH
dorker.pl - This is a perl script that uses a google API key to search for SQLi vuln sites and then sorts them checking which ones are vulnerable :D
Dorker
sql2rce.pl - This is a perl script to automate the process of getting remote code execution via SQL injection vulns and the apache log injection method.
SQL2RCE
lfi2rce.pl - This is a perl script to automate the process of getting remote code execution via Local File Inclusion vulns and the log injection method.
LFI2RCE
sqlier-0.8.2b.sh - This is a shell script that automates some SQL injection attacks.
SQLier
shbrute.sh (in netcatscripts.tar.gz) - This tool uses netcat to check for anonymous FTP access allowed, if not, it brute forces the FTP
shwebscan.sh (in netcatscripts.tar.gz) - This tool can scan for admin, or exploit both LFI and RFI vulns to inject a malicious PHP script like a C99.
netcatscripts.tar.gz
gwee-1.36.tar.gz - this is a powerful tool for getting reverse shells using CGI-BIN exploits. It needs work to compile on *nix, but the windows binary works with wine.
SOURCE (and compiled Windows bin) Gwee-Source
Compiled Linux bin GWEE-Unix bin
Kingcopes SSH 0day remote root for FreeBSD (old but fun!)
ssh_0day.tar.gz
And finally, something I found in my travels and plan to dissect - Linux malware called the "LinuQ Sploit Pack"
Linux malware <--Warning. Do not run. Breaks things :(
That is all for now, though I am thinking of having every second link being an ad-fly link or something to make some money and get more storage from Dropbox, but I dont want to do that yet... Donations are welcome ;)
Tuesday 9 August 2011
SS-RAT 2.0 Alpha 2 release!
SS-RAT 2.0 Alpha-2 is out!
With a lot more functionality than the first alpha, SS-RAT v2 is now available to download. It is totally open source like all of Slayers projects, and is available from the google code repo here...
https://code.google.com/p/schwarzesonenrat/
I am refraining from writing more detailed stuff on it until its final release:)
BT5 Revision 1 is out tomorrow :D
With a lot more functionality than the first alpha, SS-RAT v2 is now available to download. It is totally open source like all of Slayers projects, and is available from the google code repo here...
https://code.google.com/p/schwarzesonenrat/
I am refraining from writing more detailed stuff on it until its final release:)
BT5 Revision 1 is out tomorrow :D
LokiRAT leaked source code
Just a quick post - LokiRAT, a little known PHP RAT (as in, controlled by a PHP script that acts as a proxy between commander and slave) has had its C# source leaked.
http://dl.dropbox.com/u/36983782/Source.rar
Converting to C++ and adding some/removing some features is a project I am working on in my free time - I want to remove useless crap and add a Hijack Proxy feature.
http://dl.dropbox.com/u/36983782/Source.rar
Converting to C++ and adding some/removing some features is a project I am working on in my free time - I want to remove useless crap and add a Hijack Proxy feature.
Friday 5 August 2011
BackTrack Linux and ExploitDB under DDoS or something?
See the video, note the date and time, I just recorded it there and converted it.
I think someones being an arsehole again to the OffSec team :(
DDoS is no fun!
I think someones being an arsehole again to the OffSec team :(
DDoS is no fun!
Thursday 4 August 2011
Remember - sudo as an access control is UNIVERSALLY STUPID!
Hi, this is Darren again, showing how poorly set SUDO privs can REALLY ruin your day.
We have made a user (fuck) with a password of (fuck) and given the silly fucker access to "less" via SUDO.
Now lets REALLY ruin the sysadmins life, by giving FUCK root with a few commands!
See the video - it shows how it works :D
Remember - sudo as an access control is UNIVERSALLY STUPID! Use it as an AUDIT tool for logs instead!
~I take no responsibility for use of this here infodox. Use wisely
We have made a user (fuck) with a password of (fuck) and given the silly fucker access to "less" via SUDO.
Now lets REALLY ruin the sysadmins life, by giving FUCK root with a few commands!
See the video - it shows how it works :D
Remember - sudo as an access control is UNIVERSALLY STUPID! Use it as an AUDIT tool for logs instead!
~I take no responsibility for use of this here infodox. Use wisely
Subscribe to:
Posts (Atom)