motorbite: Mei 2020

Jumat, 22 Mei 2020

Hacking Facebook By Using PHP Script | Social Engineering Attack | LAN And WAN (Same Or Different Networks)

This Video is absolutely for Educational Purposes only, please don't do any illegal activity. If you do then I'm not responsible for your illegal activity. The purpose of this video is to show you How hackers can hack your social media by using their own local servers.

Basically these type of attacks known as Social Engineering attacks or Phishing. Attacker just send the duplicate vulnerable HTML page to the victim, when victim enters any type of information to that vulnerable page it'll automatically received by the attacker.

Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.

How phishing works

Phishing attacks typically rely on social networking techniques applied to email or other electronic communication methods, including direct messages sent over social networks, SMS text messages and other instant messaging modes.

Phishers may use social engineering and other public sources of information, including social networks like LinkedIn, Facebook and Twitter, to gather background information about the victim's personal and work history, his interests, and his activities.

Hacking by PHP

As PHP is server side scripting language so first of all you have need to install a local server (WAMP, XAMPP or LAMPP) over your system. Because if there is no any server running on your system then you can't even run your PHP script. So if you wanna do a programming with PHP this is the first step to download and install a server from the Internet. You can easily download and install servers by watching my videos. Just visit my YouTube channel and watch there.

If you're Windows user, follow these steps:

Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
Download OSIF-master zip file.
Then unzip it.
Open CMD or PowerShell at the OSIF folder you have just unzipped and enter these commands:pip install -r requirements.txt python osif.py

Before you use OSIF, make sure that:

Turn off your VPN before using this tool.
Do not overuse this tool.
if you are confused how to use it, please type help to display the help menu or watch the video below.

How to use OSIF?

Download OSIF

Continue reading

Rabu, 20 Mei 2020

Samurai: Web Testing Framework

"The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test." read more...

Website: http://samurai.inguardians.com

Related news

$$$ Bug Bounty $$$

What is Bug Bounty ?

A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.

Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.

Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1. In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.

While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

More info

WHY WE DO HACKING?

Purpose of Hacking?
. Just for fun
.Show-off
.Steal important information
.Damaging the system
.Hampering Privacy
.Money Extortion
.System Security Testing
.To break policy compliance etc

Related links

How To Run Online Kali Linux Free And Any Devices

Related articles

Tricks To Bypass Device Control Protection Solutions

Preface

As I wrote in a previous blog post, I had an engagement last year where my task was to exfiltrate data from a workstation on some sort of storage media. The twist in that task was Lumension Sanctuary Device Control, and the version was 4.3.2, but I am not sure how newer version work and this seems to be a more general problem with device control solution, for example with Symantec products.

But what is a device control solution? In short, they audit I/O device use and block the attempts to use unauthorized devices. This includes hardware such as USB, PS/2, FireWire, CD/DVD so basically every I/O port of a computer. In my opinion, these are pretty good things and they offer a better looking solution than de-soldering the I/O ports from the motherboards or hot-gluing them, but on the other hand, they can be bypassed.

Bypass

OK, so what is the problem? Well the way these device control solutions work is that they load a few kernel drivers to monitor the physical ports of the machine. However... when you boot up the protected computer in safe mode, depending on the device control solution software, some of these drivers are not loaded (or if you are lucky, none of those modules will be loaded...) and this opens up the possibility to exfiltrate data.

In theory, if you have admin (SYSTEM maybe?) privileges, you might as well try to unload the kernel drivers. Just do not forget, that these device control solutions also have a watchdog process, that checks the driver and automatically loads it back if it is unloaded, so look for that process and stop or suspend it first.

In my case with the Lumension Sanctuary Device Control, I have found that when I boot the Workstation protected by the device control software in Safe Mode where, software's key logger protection module is not running... so I was still unable to use a USB stick, or a storage media, but I could plug in a keyboard for example...hmmm :)

As some of you probably already figured it out, now it is possible to use a pre-programmed USB HID, for example a Teensy! : ) I know about three different project, that uses this trick like these two mentioned in a Hackaday post, or this one. Unfortunately, the site ob-security.info no longer seems to be available (well, at least it is no longer related to infosec :D ), but you can still find the blog post and the files with the Wayback Machine.

For the hardware part, the wiring of the Teensy and the SD card adaptor is the same as I showed in the post on Making a USB flash drive HW Trojan or in the Binary deployment with VBScript, PowerShell or .Net csc.exe compiler post, so I will not copy it here again.

I have to note here that there are other ways to bypass these device control solutions, like the method what Dr. Phil Polstra did with the USB Impersonator, which is basically looks for an authorized device VID/PID and then impersonates that devices with the VID/PID.

Mitigation

Most probably, you will not need safe mode for the users, so you can just disable it... I mean, it is not that easy, but luckily there is a great blog post on how to do that. BTW, the first page of the post is for Windows XP, but you are not using XP anymore, aren't you? ;)

Alternatively, as I mentioned at the beginning, you might as well use some physical countermeasure (de-soldering/hot-gluing ports). That shit is ugly, but it kinda works.

Conclusion

Next time you will face a device control solution, try out these tricks, maybe they will work, and if they do, well, that's a lot of fun. :)

But don't get me wrong, these device control solutions and similar countermeasures are a good thing and you should use something like this! I know that they make doing business a bit harder as you are not able to plugin whatever USB stick you want, but if you buy a pile of hardware encrypted flash drives, and only allow those to be plugged in, you are doing it right ;)

Related word

ADVANTAGE OF ETHICAL HACKING

Advantage of Ethical Hacking

Hacking is quite useful in the following purpose-

1-To recover lost information, especially in case you lost your password.

2-To perform penetration testing to strengthen computer and network security.

3-To put adequate preventative measure in place to prevent security breaches.

4-To have a computer system that prevents malicious hackers from gaining access.

5-Fighting against terrorism and national security breaches.

Selasa, 19 Mei 2020

Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources

About Lockdoor-Framework
Author: SofianeHamlaoui

Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

Lockdoor-Framework installation:
For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

Open your Terminal and enter these commands:

You can watch detail here:

Lockdoor Tools contents 🛠️:
* Information Gathering 🔎:

dirsearch: A Web path scanner
brut3k1t: security-oriented bruteforce framework
gobuster: DNS and VHost busting tool written in Go
Enyx: an SNMP IPv6 Enumeration Tool
Goohak: Launchs Google Hacking Queries Against A Target Domain
Nasnum: The NAS Enumerator
Sublist3r: Fast subdomains enumeration tool for penetration testers
wafw00f: identify and fingerprint Web Application Firewall
Photon: ncredibly fast crawler designed for OSINT.
Raccoon: offensive security tool for reconnaissance and vulnerability scanning
DnsRecon: DNS Enumeration Script
Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
sherlock: Find usernames across social networks
snmpwn: An SNMPv3 User Enumerator and Attack tool
Striker: an offensive information and vulnerability scanner.
theHarvester: E-mails, subdomains and names Harvester
URLextractor: Information gathering & website reconnaissance
denumerator.py: Enumerates list of subdomains
other: other Information gathering,recon and Enumeration scripts I collected somewhere.
ReconDog: Reconnaissance Swiss Army Knife
RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
Dracnmap: Info Gathering Framework

* Web Hacking 🌐:

Spaghetti: Spaghetti - Web Application Security Scanner
CMSmap: CMS scanner
BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
J-dorker: Website List grabber from Bing
droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
Optiva: Web Application Scanner
V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
AtScan: Advanced dork Search & Mass Exploit Scanner
WPSeku: Wordpress Security Scanner
WPScan: A simple Wordpress scanner written in python
XSStrike: Most advanced XSS scanner.
SQLMap: automatic SQL injection and database takeover tool
WhatWeb: the Next generation web scanner
joomscan: Joomla Vulnerability Scanner Project
Dzjecter: Server checking Tool

* Privilege Escalation ⚠️:

Linux 🐧:linux_checksec.sh
linux_enum.sh
linux_gather_files.sh
linux_kernel_exploiter.pl
linux_privesc.py
linux_privesc.sh
linux_security_test
Linux_exploits folder
Windows : windows-privesc-check.py
windows-privesc-check.exe
MySql:raptor_udf.c
raptor_udf2.c

* Reverse Engineering ⚡:

Radare2: unix-like reverse engineering framework
VirtusTotal: VirusTotal tools
Miasm: Reverse engineering framework
Mirror: reverses the bytes of a file
DnSpy: .NET debugger and assembly
AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
yara: a tool aimed at helping malware researchers toidentify and classify malware samples
Spike: a protocol fuzzer creation kit + audits
other: other scripts collected somewhere

* Exploitation ❗:

Findsploit: Find exploits in local and online databases instantly
Pompem: Exploit and Vulnerability Finder
rfix: Python tool that helps RFI exploitation.
InUrlBr: Advanced search in search engines
Burpsuite: Burp Suite for security testing & scanning.
linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
other: other scripts I collected somewhere.

* Shells 🐚:

WebShells: BlackArch's Webshells Collection

ShellSum: A defense tool - detect web shells in local directories

Weevely: Weaponized web shell

python-pty-shells: Python PTY backdoors

* Password Attacks ✳️:

crunch : a wordlist generator

CeWL : a Custom Word List Generator

patator : a multi-purpose brute-forcer, with a modular design and a flexible usage

* Encryption - Decryption 🛡️:

Codetective: a tool to determine the crypto/encoding algorithm used
findmyhash: Python script to crack hashes using online services

* Social Engineering 🎭:

scythe: an accounts enumerator

Contributing:

Fork Lockdoor-Framework:
git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git

Create your feature branch

Commit your changes

Push to the branch

Create a new Pull Request

Features 📙:

Pentesting Tools Selection 📙:

Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
Easy customization: Easily add/remove tools. (Added value)
Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]

Resources and cheatsheets 📙 (Added value):

Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Check the Wiki Pages to know more about the tool 📙:

Lockdoor Wiki page Home

Lockdoor Demos

Lockdoor Screenshots

Lockdoor-Framework's screenshots: