Poison, Reset, Spoof, Redirect MITM Script - creak

Performs some of the most famous MITM attack on target addresses located in a local network. Among these, deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language, I decline every responsibility for any abuse, including malevolent or illegal use of this code.

Installation

$ git clone https://github.com/codepr/creak.git
$ cd creak
$ python setup.py install

or simply clone the repository and run the creak.py after all requirements are installed:

$ git clone https://github.com/codepr/creak.git

It is required to have installed pcap libraries for raw packet manipulations and dpkt module, for dns spoofing options is required to have installed dnet module from libdnet package, do not confuse it with pydnet (network evaluation tool) module. It can use also scapy if desired, can just be set in the config.py file.

Options

Usage: creak.py [options] dev

Options:
  -h, --help           show this help message and exit
  -1, --sessions-scan  Sessions scan mode
  -2, --dns-spoof      Dns spoofing
  -3, --session-hijack Try to steal a TCP sessions by desynchronization (old technique)
  -x, --spoof          Spoof mode, generate a fake MAC address to be used
                       during attack
  -m MACADDR           Mac address octet prefix (could be an entire MAC
                       address in the form AA:BB:CC:DD:EE:FF)
  -M MANUFACTURER      Manufacturer of the wireless device, for retrieving a
                       manufactur based prefix for MAC spoof
  -s SOURCE            Source ip address (e.g. a class C address like
                       192.168.1.150) usually the router address
  -t TARGET            Target ip address (e.g. a class C address like
                       192.168.1.150), can be specified multiple times
  -p PORT              Target port to shutdown
  -a HOST              Target host that will be redirect while navigating on
                       target machine
  -r REDIR             Target redirection that will be fetched instead of host
                       on the target machine
  -v, --verbose        Verbose output mode
  -d, --dotted         Dotted output mode

Example
Most basic usage: Deny all traffic to the target host

$ python creak.py -t 192.168.1.30 wlan0

Set a different gateway:

$ python creak.py -s 192.168.1.2 -t 192.168.1.30 wlan0

Set a different mac address for the device:

$ python creak.py -m 00:11:22:33:44:55 -t 192.168.1.30 wlan0

Spoof mac address generating a fake one:

$ python creak.py -x -t 192.168.1.30 wlan0

Spoof mac address generating one based on manufacturer(e.g Xeros):

$ python creak.py -x -M xeros -t 192.168.1.30 wlan0

DNS spoofing using a fake MAC address, redirecting ab.xy to cd.xz(e.g. localhost):

$ python creak.py -x -M xeros -t 192.168.1.30 -a www.ab.xy -r www.cd.xz wlan0

Deny multiple hosts in the subnet:

$ python creak.py -x -t 192.168.1.30 -t 192.168.1.31 -t 192.168.1.32 wlan0

Download creak

Read More

Obama expels 35 Russian diplomats in retaliation for US election hacking

The Obama administration on Thursday announced its retaliation for Russian efforts to interfere with the US presidential election, ordering sweeping new sanctions that included the expulsion of 35 Russians.
Syria ceasefire appears to hold after rivals sign Russia-backed deal
Read more

US intelligence services believe Russia ordered cyber-attacks on the Democratic National Committee (DNC), Hillary Clinton’s campaign and other political organizations, in an attempt to influence the election in favor of the Republican candidate, Donald Trump.

In a statement issued two weeks after the president said he would respond to cyber-attacks by Moscow “at a time and place of our choosing”, Obama said Americans should “be alarmed by Russia’s actions” and pledged further action. 

“I have issued an executive order that provides additional authority for responding to certain cyber activity that seeks to interfere with or undermine our election processes and institutions, or those of our allies or partners,” Obama said in the statement, released while he was vacationing with his family in Hawaii.

“Using this new authority, I have sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.

“In addition, the secretary of the treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information.” He also announced the closure of two Russian compounds in the US.

Obama added that more actions would be taken, “some of which will not be publicized”.

On Thursday, Trump, who has previously dismissed reports of Russian interference in the election, said in a statement: “It’s time for our country to move on to bigger and better things.”
Advertisement

He added, however, that “in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation.”

In a conference call with reporters, senior White House officials said the president-elect’s transition team was informed of the sanctions before they were announced on Thursday. Trump and Obama spoke on Wednesday, they said.

The officials added that the actions were a necessary response to “very disturbing Russian threats to US national security”.

“There has to be a cost and a consequence for what Russia has done,” a senior administration official said. “It is in a extraordinary step for them to interfere in the democratic process here in the United States of America. There needs to be a price for that.”

In Moscow, a Putin spokesman said Russia regretted the new sanctions and would consider retaliatory measures.

Diplomatic expulsions are normally met with exactly reciprocal action. In this case, however, Moscow may pause for thought. With Trump, who has spoken positively about Russia and Vladimir Putin, just three weeks away from the White House, Russia may feel it is inadvisable to kick out 35 US diplomats.

However, Russian authorities on Thursday ordered the Anglo-American School of Moscow closed, according to CNN, citing a US official briefed on the matter. The school serves children of US, British and Canadian embassy personnel, and would effectively make a Russian posting difficult for US diplomats with families.

Konstantin Kosachyov, chairman of the international affairs committee in the upper house of the Russian parliament, was quoted by the RIA news agency as saying the US move represented “the death throes of political corpses”.

The Twitter feed of the Russian embassy in London, meanwhile, called the Obama administration “hapless” and attached a picture of a duck with the word “LAME” emblazoned across it.

On the White House call, officials were asked about the prospect of Trump overturning the sanctions. They acknowledged that a future president could reverse course but warned against such an “inadvisable” step.

“We have no reason to believe that Russia’s activities will cease,” a senior official said. “One reason why I think it is necessary to sustain these actions is because there’s every reason to believe Russia will interfere with future US elections.”

On Capitol Hill, Democrats applauded the president’s action, called for further measures and emphasized bipartisan support for a thorough investigation into Russian hacking.

“I hope the incoming Trump administration, which has been far too close to Russia throughout the campaign and transition, won’t think for one second about weakening these new sanctions or our existing regime,” incoming Senate minority leader Chuck Schumer said in a statement.

“Both parties ought to be united in standing up to Russian interference in our elections, to their cyber attacks, their illegal annexation of Crimea and other extra-legal interventions.”

Ben Cardin, the top Democrat on the Senate foreign relations committee, called for further sanctions from the new Congress when it convenes in January.

GOP leaders were quick to frame the new sanctions as too little, too late.

“While today’s action by the administration is overdue,” House speaker Paul Ryan said in a statement, “it is an appropriate way to end eight years of failed policy with Russia. And it serves as a prime example of this administration’s ineffective foreign policy that has left America weaker in the eyes of the world.”

Republican senators John McCain and Lindsey Graham, two of Russia’s fiercest critics, echoed Ryan but also called for tough Congressional sanctions.

“Ultimately, [the sanctions] are a small price for Russia to pay for its brazen attack on American democracy,” the two men said in a joint statement. “We intend to lead the effort in the new Congress to impose stronger sanctions on Russia.”

 The 35 Russian diplomats being expelled are “intelligence operatives”, Obama said. The state department has declared them “persona non grata” and they will be given 72 hours to leave the country.

Starting on Friday at noon, the White House said, Russia will be denied access to compounds in Maryland and New York that have been used for intelligence-related purposes.

A statement from the state department said the diplomatic expulsions were a response not only to hacking but to “a pattern of harassment of our diplomats overseas, that has increased over the last four years, including a significant increase in the last 12 months”.

The statement said the harassment has included “arbitrary police stops, physical assault, and the broadcast on state TV of personal details about our personnel that put them at risk”.

For some time, US diplomats in Russia have anecdotally reported being followed and harassed by police.

In June, a US diplomat was wrestled to the ground by a policeman as he scrambled to get inside the embassy. Russian authorities said the man was a CIA agent operating under diplomatic cover.

Source: theguardian

Read More

Java application for automatic SQL database injection - jSQL Injection v0.77

jSQL Injection is a lightweight application used to find database information from a distant server.

It's is free , open source and cross-platform (Windows, Linux, Mac OS X).

jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions like Pentest Box , Parrot Security OS , ArchStrike and BlackArch Linux.

Installation
Install Java , then download the latest release of jSQL and double-click on the .jar to launch the software.
You can also type java -jar jsql-injection-v0.77.jar in your terminal to start the program.

Screenshots

Roadmap

WAF tamper, HTTP Auth Bruteforce, Translation, SOAP injection, Command line interface, Databases: Access Cassandra MongoDb and Neo4j

Change log

v0.76 Czech translation, 17 Database flavors: SQLite
v0.75 URI injection point, Mavenify, Upgrade to Java 7, Optimized UI
v0.73 Authentication: Basic Digest Negotiate NTLM and Kerberos, Database flavor selection
v0.7 Scan multiple URLs, Github Issue reporter, 16 Database flavors: Cubrid Derby H2 HSQLDB MariaDB and Teradata, Optimized UI
alpha-v0.6 Speed x2: No hex encoding, 10 Database flavors: MySQL Oracle SQLServer PostgreSQL DB2 Firebird Informix Ingres MaxDb and Sybase, JUnit tests, Log4j, Translation
0.5 SQL Shell, Uploader
0.4 Admin page, Hash bruteforce like MD5 and MySQL, Text encoder/decoder like Base64, Hex and MD5
0.3 File injection, Web Shell, Integrated terminal, Configuration backup, Update checker
0.2 Algorithm Time, Multi-thread control: Start Pause Resume and Stop, Log URL calls
0.0-0.1 Method GET POST Header and Cookie, Algorithm Normal Error and Blind, Best algorithm selection, Progression bars, Simple evasion, Proxy settings, MySQL only

jSQL Injection

Read More

Utilities for listing the processes running on remote computers, running processes remotely, rebooting computers, and more - PsTools

The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

Introduction 

 The Windows NT and Windows 2000 Resource Kits come with a number of command-line tools that help you administer your Windows NT/2K systems. Over time, I've grown a collection of similar tools, including some not included in the Resource Kits. What sets these tools apart is that they all allow you to manage remote systems as well as the local one. The first tool in the suite was PsList, a tool that lets you view detailed information about processes, and the suite is continually growing. The "Ps" prefix in PsList relates to the fact that the standard UNIX process listing command-line tool is named "ps", so I've adopted this prefix for all the tools in order to tie them together into a suite of tools named PsTools.

Note: some anti-virus scanners report that one or more of the tools are infected with a "remote admin" virus. None of the PsTools contain viruses, but they have been used by viruses, which is why they trigger virus notifications.

The tools included in the PsTools suite, which are downloadable as a package, are:

• PsExec - execute processes remotely
• PsFile - shows files opened remotely
• PsGetSid - display the SID of a computer or a user
• PsInfo - list information about a system
• PsPing - measure network performance
• PsKill - kill processes by name or process ID
• PsList - list detailed information about processes
• PsLoggedOn - see who's logged on locally and via resource sharing (full source is included)
• PsLogList - dump event log records
• PsPasswd - changes account passwords
• PsService - view and control services
• PsShutdown - shuts down and optionally reboots a computer
• PsSuspend - suspends processes
• PsUptime - shows you how long a system has been running since its last reboot (PsUptime's functionality has been incorporated into PsInfo)

The PsTools download package includes an HTML help file with complete usage information for all the tools.

Download PsTools

Read More