Snowden says It's a 'Dark Day for Russia' after Putin Signs Anti-Terror Law

Whistleblower and ex-NSA employee Edward Snowden has criticized a new anti-terror law introduced on Thursday by Russian President Vladimir Putin, referring it as "repressive" and noting that it is a "dark day for Russia."

The new legislation signed by Putin would compel the country's telephone carriers and Internet providers to record and store the private communications of each and every one of their customers for six months – and turn them over to the government if requested.

The data collected on customers would include phone calls, text messages, photographs, and Internet activities that would be stored for six months, and "metadata" would be stored up to 3 years.
Moreover, Instant messaging services that make use of encryption, including WhatsApp, Telegram, and Viber, could face heavy fines of thousands of pounds if these services continue to operate in Russia without handing over their encryption keys to the government.

"Putin has signed a repressive new law that violates not only human rights but common sense. A dark day for Russia," Snowden wrote on Twitter.

Snowden is responsible for revealing global mass surveillance programs by leaking NSA classified documents back in June 2013 before finding asylum in Russia.

The activist explained that the new Russian law, in addition to "political and constitutional consequences," would cost telecommunications providers over $30 Billion to implement the new law, which is more than they can afford.

The CEO of Russia’s second-largest telecom company Megafon told a local newspaper Thursday that he would rather pay the government higher taxes than spend over $3 Billion yearly on infrastructure upgrades.
"Well be unable to fulfill the requirements of law in the way that it exists at present," said Megafon CEO Sergey Soldatenkov, adding that his company only generates an annual profit of $780 Million.

"When we saw the provisions of the bill, we really hoped that it will not be accepted. I believe we have done everything possible to inform deputies, Federation Council [and] the government that the bill in this form is impossible," Soldatenkov added.

A spokesperson for Tele2, another Russian telecom company, said it might have to raise prices threefold or more in order to accommodate the new law, The WSJ reported.

The Russian government will establish the precise requirements of the new legislation, according to the Kremlin website.

This frightening new legislation comes into force on July 20th.

Source: The Hackers News

OffensiveSec 2016

Read More

Anonymous Operating System - Whonix 13

Whonix is a desktop operating system designed for advanced security and privacy. It realistically addresses attacks while maintaining usability. It makes online anonymity possible via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP leaks. Pre-installed applications, pre-configured with safe defaults are ready for use. Additionally, installing custom applications or personalizing the desktop will in no way jeopardize the user. Whonix is the only actively developed OS designed to be run inside a VM and paired with Tor.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. With Whonix, you can use applications and run servers anonymously over the internet. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP.

 Whonix benefits anyone who does sensitive work on their desktop or online. This includes:

• Investigators and whistleblowers whose work threatens the powerful.
  • Within an isolated environment, research and evidence can be gathered without accidental exposure.

• Researchers, government officials, or businesspeople who may be targets of espionage.
  • Anti-malware and anti-exploit modifications lower the threat of trojans and backdoors.

• Journalists who endanger themselves and their families by reporting on organized crime.
  • Compartmentalized, anonymous internet use prevents identity correlation between social media (and other) logins.

• Political activists under targeted surveillance and attack.
  • The usefulness of threatening the ISP in order to analyze a target's internet use will be severely limited. The cost of targeting a Whonix user is greatly increased.

• Average computer users in a repressive or censored environment.
  • Easy Tor setup (and options for advanced setups) gives users in repressive countries full internet access desktop-wide, not just in their browser.

• Average computer users who simply don’t want all or some aspect of their private lives uploaded, saved, and analyzed.
  • Whonix does not silently upload identifying information in the background.

Qubes-Whonix:
Either start with fresh templates. I.e. uninstall qubes-template-whonix-gw and qubes-template-whonix-ws. Then, to install, run in dom0:

sudo qubes-dom0-update --enablerepo=qubes-tempates-community qubes-template-whonix-gw qubes-template-whonix-ws

Or you can also upgrade from Whonix’s repository. Please refer to the following instructions:
https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13


Non-Qubes-Whonix:
https://www.whonix.org/wiki/Download

Or you can also upgrade from Whonix’s repository. Please refer to the following instructions:
https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13

Whonix 12 -> 13 changes:
https://phabricator.whonix.org/maniphest/query/TfpGK0Sq8w1j/#R

Read More

A simple Python CLI to Spoof Emails - SimpleEmailSpoofer

A few Python programs designed to help penetration testers with email spoofing.


SimpleEmailSpoofer.py 

A program that spoofs emails. Currently in development 

spoofcheck.py 

A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. 
Additionally it will alert if the domain has DMARC configuration that sends mail or HTTP requests on failed SPF/DKIM emails. 

Usage: 

./spoofcheck.py [DOMAIN]

Dependencies 

ºdnspython
ºcolorama

Download SimpleEmailSpoofer

Read More

Tool for Injecting Malicious Payloads Into Barcodes - Scansploit

Tool for Injecting Malicious Payloads Into Barcodes 

ºBarcodes (code128)
ºQRCodes
ºDataMatrix
ºEAN13


Requirements 

ºPython3
ºPyStrich

ºpip3 install pystrich
ºIncase of jpeg error: sudo apt-get install libtiff5-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk

Pillow

ºpip3 install pillow

Download Scansploit

Read More

An Exploit Dev Swiss Army Knife - lisa.py

lisa.py
An Exploit Dev Swiss Army Knife.

Installation
Copy lisa.py and .lldbinit to ~/ Use the following commands:

ant4g0nist$ cp lisa.py ~/lisa.py

ant4g0nist$ cp lldbinit ~/.lldbinit

ant4g0nist$ lldb

    lllllll   iiii
    l:::::l  i::::i
    l:::::l   iiii
    l:::::l
    l::::l iiiiiii     ssssssssss     aaaaaaaaaaaaa
    l::::l i:::::i   ss::::::::::s    a::::::::::::a
    l::::l  i::::i ss:::::::::::::s   aaaaaaaaa:::::a
    l::::l  i::::i s::::::ssss:::::s           a::::a
    l::::l  i::::i  s:::::s  ssssss     aaaaaaa:::::a
    l::::l  i::::i    s::::::s        aa::::::::::::a
    l::::l  i::::i       s::::::s    a::::aaaa::::::a
    l::::l  i::::i ssssss   s:::::s a::::a    a:::::a
    l::::::li::::::is:::::ssss::::::sa::::a    a:::::a
    l::::::li::::::is::::::::::::::s a:::::aaaa::::::a
    l::::::li::::::i s:::::::::::ss   a::::::::::aa:::a
    lllllllliiiiiiii  sssssssssss      aaaaaaaaaa  aaaa

    -An Exploit Dev Swiss Army Knife. Version: v-ni

(lisa)target create tests/binaries/abort
(lisa)process launch -s
Process 1660 stopped
* thread #1: tid = 0x10801, 0x00007fff5fc01000 dyld`_dyld_start, stop reason = signal SIGSTOP
    frame #0: 0x00007fff5fc01000 dyld`_dyld_start
dyld`_dyld_start:
->  0x7fff5fc01000 <+0>: pop    rdi
    0x7fff5fc01001 <+1>: push   0x0
    0x7fff5fc01003 <+3>: mov    rbp, rsp
    0x7fff5fc01006 <+6>: and    rsp, -0x10
Process 1660 launched: '/Users/v0id/Documents/Research/lisa.py/tests/binaries/abort' (x86_64)

Commands Available:

**exploitable** : checks if the crash is exploitable
    <!-- run this when the process stops cause of an exception -->

    (lisa)exploitable

**shellcode**: Searches shell-storm for shellcode

    (lisa)shellcode 
    Syntax:   shellcode <option> <arg>

    Options:  -search <keyword>
              -display <shellcode id>
              -save <shellcode id>
    (lisa)shellcode -search osx
    Connecting to shell-storm.org...
    Found 17 shellcodes
    ScId    Size Title
    [312]   300  Osx/ppc - Bind Shell PORT TCP/8000 - encoder OSXPPCLongXOR - 300 bytes
    [127]   222  Osx/ppc - add inetd backdoor - 222 bytes
    [128]   219  Osx/ppc - Add user r00t - 219 bytes
    [761]   131  Osx/x86-64 - reverse tcp shellcode - 131 bytes
    [126]   122  Osx/ppc - create /tmp/suid - 122 bytes
    [129]   72   Osx/ppc - execve(/bin/sh,[/bin/sh],NULL)& exit() - 72 bytes
    [736]   51   Osx/x86-64 - setuid shell x86_64 - 51 bytes
    [130]   32   Osx/ppc - sync(), reboot() - 32 bytes
    [692]   24   Osx/x86 - execve(/bin/sh) - 24 byte
    [121]   n/a  Osx/ppc - remote findsock by recv() key shellcode
    [122]   n/a  Osx/ppc - Single Reverse TCP
    [123]   n/a  Osx/ppc - stager sock find peek
    [124]   n/a  Osx/ppc - stager sock find
    [125]   n/a  Osx/ppc - stager sock reverse
    [120]   n/a  Osx/ppc - shellcode execve(/bin/sh)
    [777]   n/a  Osx/x86-64 - universal ROP shellcode
    [786]   n/a  Osx/x86-64 - universal OSX dyld ROP shellcode  

**extract**: Extract a given architecture from a Universal binary

    (lisa)extract
    Syntax: extract x86_64 /usr/lib/system/libsystem_kernel.dylib ./libsystem_kernel.dylib
    (lisa)extract x86_64 /usr/lib/system/libsystem_kernel.dylib ./libsystem_kernel.dylib
    (lisa)

**pattern_create**: Creates a cyclic pattern of given length

    (lisa)pattern_create 100
    Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A

**pattern_offset**: Finds the offset of a given pattern in cyclic pattern of n length

    (lisa)pattern_offset 100 Ad2A
    Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A
    offsets: [96]
    (lisa)

**ct**: Prints the context of execution

    (lisa)ct
    [*] Disassembly :

    libsystem_kernel.dylib`__pthread_kill:
    ->  0x7fff8f6a4f06 <+10>: jae    0x7fff8f6a4f10            ; <+20>
        0x7fff8f6a4f08 <+12>: mov    rdi, rax

    [*] Stack :

    0x7fff5fbff788: 0x8d36b4ec 0x00007fff 0x00000000 0x00000000
    0x7fff5fbff798: 0x5fbff7d0 0x00000307 0x5fbff7d0 0x00007fff
    0x7fff5fbff7a8: 0x00000000 0x00000000

    [*] Registers   :
           rax = 0x0000000000000000
           rbx = 0x0000000000000006
           rcx = 0x00007fff5fbff788
           rdx = 0x0000000000000000
           rdi = 0x0000000000000307
           rsi = 0x0000000000000006
           rbp = 0x00007fff5fbff7b0
           rsp = 0x00007fff5fbff788
            r8 = 0x0000000000000000
            r9 = 0x00007fff782e90c8  atexit_mutex + 24
           r10 = 0x0000000008000000
           r11 = 0x0000000000000206
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x00007fff76fb8000  libsystem_pthread.dylib`_thread
           r15 = 0x0000000000000000
           rip = 0x00007fff8f6a4f06  libsystem_kernel.dylib`__pthread_kill + 10
        rflags = 0x0000000000000206
            cs = 0x0000000000000007
            fs = 0x0000000000000000
            gs = 0x0000000000000000


    [*] Jumping to  :0x7fff8f6a4f10
    (lisa)

**s**: thread step-in

    (lisa)s
    [*] Disassembly :

    dyld`_dyld_start:
    ->  0x7fff5fc0102d <+45>: lea    r9, [rbp - 0x8]
        0x7fff5fc01031 <+49>: call   0x7fff5fc01076            ; dyldbootstrap::start(macho_header const*, int, char const**, long, macho_header const*, unsigned long*)

    [*] Stack :

    0x7fff5fbff800: 0x00000000 0x00000000 0x00000000 0x00000000
    0x7fff5fbff810: 0x00000000 0x00000000 0x00000001 0x00000000
    0x7fff5fbff820: 0x5fbff9f8 0x00007fff

    [*] Registers   :
           rax = 0x0000000000000000
           rbx = 0x0000000000000000
           rcx = 0x0000000000000000
           rdx = 0x00007fff5fbff820
           rdi = 0x0000000100000000
           rsi = 0x0000000000000001
           rbp = 0x00007fff5fbff810
           rsp = 0x00007fff5fbff800
            r8 = 0x00007fff5fc00000  
            r9 = 0x0000000000000000
           r10 = 0x0000000000000000
           r11 = 0x0000000000000000
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x0000000000000000
           r15 = 0x0000000000000000
           rip = 0x00007fff5fc0102d  dyld`_dyld_start + 45
        rflags = 0x0000000000000246
            cs = 0x000000000000002b
            fs = 0x0000000000000000
            gs = 0x0000000000000000

**si**: thread step-into

    (lisa)si
    [*] Disassembly :

    dyld`_dyld_start:
    ->  0x7fff5fc01031 <+49>: call   0x7fff5fc01076            ; dyldbootstrap::start(macho_header const*, int, char const**, long, macho_header const*, unsigned long*)
        0x7fff5fc01036 <+54>: mov    rdi, qword ptr [rbp - 0x8]

    [*] Stack :

    0x7fff5fbff800: 0x00000000 0x00000000 0x00000000 0x00000000
    0x7fff5fbff810: 0x00000000 0x00000000 0x00000001 0x00000000
    0x7fff5fbff820: 0x5fbff9f8 0x00007fff

    [*] Registers   :
           rax = 0x0000000000000000
           rbx = 0x0000000000000000
           rcx = 0x0000000000000000
           rdx = 0x00007fff5fbff820
           rdi = 0x0000000100000000
           rsi = 0x0000000000000001
           rbp = 0x00007fff5fbff810
           rsp = 0x00007fff5fbff800
            r8 = 0x00007fff5fc00000  
            r9 = 0x00007fff5fbff808
           r10 = 0x0000000000000000
           r11 = 0x0000000000000000
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x0000000000000000
           r15 = 0x0000000000000000
           rip = 0x00007fff5fc01031  dyld`_dyld_start + 49
        rflags = 0x0000000000000246
            cs = 0x000000000000002b
            fs = 0x0000000000000000
            gs = 0x0000000000000000

**so**: thread step-over

    (lisa)so
    [*] Disassembly :

    dyld`_dyld_start:
    ->  0x7fff5fc01036 <+54>: mov    rdi, qword ptr [rbp - 0x8]
        0x7fff5fc0103a <+58>: cmp    rdi, 0x0

    [*] Stack :

    0x7fff5fbff800: 0x00000000 0x00000000 0x8e8765ad 0x00007fff
    0x7fff5fbff810: 0x00000000 0x00000000 0x00000001 0x00000000
    0x7fff5fbff820: 0x5fbff9f8 0x00007fff

    [*] Registers   :
           rax = 0x0000000100000f80  abort`main
           rbx = 0x0000000000000000
           rcx = 0x00007fff8e8765ad  libdyld.dylib`start + 1
           rdx = 0x00007fff5fbff808
           rdi = 0x00007fff5fc406a8  dyld`initialPoolContent + 2264
           rsi = 0x0000000000000001
           rbp = 0x00007fff5fbff810
           rsp = 0x00007fff5fbff800
            r8 = 0x00000000fffffffc
            r9 = 0x00007fff782e90c8  atexit_mutex + 24
           r10 = 0x00000000ffffffff
           r11 = 0xffffffff00000000
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x0000000000000000
           r15 = 0x0000000000000000
           rip = 0x00007fff5fc01036  dyld`_dyld_start + 54
        rflags = 0x0000000000000202
            cs = 0x000000000000002b
            fs = 0x0000000000000000
            gs = 0x0000000000000000


**sf**: thread step-in 'n' number of times

    (lisa)sf 4
    [*] Disassembly :

    dyld`_dyld_start:
    ->  0x7fff5fc0100a <+10>: sub    rsp, 0x10
        0x7fff5fc0100e <+14>: mov    esi, dword ptr [rbp + 0x8]

    [*] Stack :

    0x7fff5fbff810: 0x00000000 0x00000000 0x00000001 0x00000000
    0x7fff5fbff820: 0x5fbff9f8 0x00007fff 0x00000000 0x00000000
    0x7fff5fbff830: 0x5fbffa34 0x00007fff

    [*] Registers   :
           rax = 0x0000000000000000
           rbx = 0x0000000000000000
           rcx = 0x0000000000000000
           rdx = 0x0000000000000000
           rdi = 0x0000000100000000
           rsi = 0x0000000000000000
           rbp = 0x00007fff5fbff810
           rsp = 0x00007fff5fbff810
            r8 = 0x0000000000000000
            r9 = 0x0000000000000000
           r10 = 0x0000000000000000
           r11 = 0x0000000000000000
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x0000000000000000
           r15 = 0x0000000000000000
           rip = 0x00007fff5fc0100a  dyld`_dyld_start + 10
        rflags = 0x0000000000000202
            cs = 0x000000000000002b
            fs = 0x0000000000000000
            gs = 0x0000000000000000


**dump**: Dump's Memory of the process in a given address range

    (lisa)dump
    Syntax: dump outfile 0x6080000fe680 0x6080000fe680+1000
    (lisa)dump memorydump.bin 0x00007fff8e8765ad 0x00007fff8e8765ad+100
    100 bytes written to 'memorydump.bin'
    (lisa)

***rop***:
      rop(ROPgadget) lets you search your gadgets on a binary. It supports several 
      file formats and architectures and uses the Capstone disassembler for
      the search engine.

    (lisa)rop
        description:
          ROPgadget lets you search your gadgets on a binary. It supports several 
          file formats and architectures and uses the Capstone disassembler for
          the search engine.

        formats supported: 
          - ELF
          - PE
          - Mach-O
          - Raw

        architectures supported:
          - x86
          - x86-64
          - ARM
          - ARM64
          - MIPS
          - PowerPC
          - Sparc
          epilog=examples:
          rop --binary ./test-suite-binaries/elf-Linux-x86 
          rop --binary ./test-suite-binaries/elf-Linux-x86 --ropchain
          rop --binary ./test-suite-binaries/elf-Linux-x86 --depth 3
          rop --binary ./test-suite-binaries/elf-Linux-x86 --string "main"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --string "m..n"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --opcode c9c3
          rop --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|ret"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|pop|xor|ret"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --filter "xchg|add|sub"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --norop --nosys
          rop --binary ./test-suite-binaries/elf-Linux-x86 --range 0x08041000-0x08042000
          rop --binary ./test-suite-binaries/elf-Linux-x86 --string main --range 0x080c9aaa-0x080c9aba
          rop --binary ./test-suite-binaries/elf-Linux-x86 --memstr "/bin/sh"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --console
          rop --binary ./test-suite-binaries/elf-Linux-x86 --badbytes "00|7f|42"
          rop --binary ./test-suite-binaries/Linux_lib64.so --offset 0xdeadbeef00000000
          rop --binary ./test-suite-binaries/elf-ARMv7-ls --depth 5
          rop --binary ./test-suite-binaries/elf-ARM64-bash --depth 5
          rop --binary ./test-suite-binaries/raw-x86.raw --rawArch=x86 --rawMode=32     

(As of now, commiting exploitable command. Have to test the remaining code.)
You can test lisa.py against CrashWranglers's test cases

ant4g0nist$ cp lisa.py ~/lisa.py

ant4g0nist$ cp lldbinit ~/.lldbinit

ant4g0nist$ python test.py

Thanks:

- Mona.py : https://github.com/corelan/mona

- Crashwrangler : https://developer.apple.com/library/mac/technotes/tn2334/_index.html

- Metasploit : https://github.com/rapid7/metasploit-framework

- PEDA :    https://github.com/longld/peda

- Phillips : https://www.phillips321.co.uk/2013/04/02/recreating-pattern_create-rb-in-python/

- Jonathan Salwan : http://shell-storm.org/shellcode/

TODO: add support for macho in ropmaker

Download Lisa.Py

Read More

Python Network Pentesting Tool - Pythem

PytheM is a python network/pentesting tool. Same has been developed in the hope that it will be useful and i don't take responsabillity of any misapplication of it. Only for GNU/Linux OS.

Installation

$sudo git clone https://github.com/m4n3dw0lf/PytheM/ 
$cd PytheM 
$sudo pip install -r requirements.txt 
$sudo ./pythem

Features

• [Brute-Force]
• [Man-In-The-Middle]:
• [Remote]:
• [Sniffing]:
• [Scanning]:
• [Web]:
• [Wireless]:

Download Pythem

Read More

Network Logon Cracker - THC-Hydra 8.2

 A very fast network logon cracker which support many different services.

See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows.

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.

It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.

Currently this tool supports the following protocols:

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

CHANGELOG for 8.2

 ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
 
 * Added RTSP module, thanks to jjavi89 for supplying!
 * Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch
 * Added new -O option to hydra to support SSL servers that do not suport TLS
 * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
 * Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!
 * Added support in hydra-http for http-post (content length 0)
 * Fixed important bug in http-*://server/url command line processing
 * Added SSL SNI support
 * Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging
 * Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced)
 * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
 * Fixed for SSL connection to support TLSv1.2 etc.
 * Support for different RSA keylengths, thanks to fann95 for the patch
 * Fixed a bug where the cisco-enable module was not working with the password-only logon mode
 * Fixed an out of memory bug in http-form
 * Fixed imap PLAIN method
 * Fixed -x option to bail if it would generate too many passwords (more than 4 billion)
 * Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting
 * Added --fhs switch to configure (for Linux distribution usage)

Download THC-Hydra 8.2

Read More

Collection Of Tools To Detect, Record And Prevent Attacks On Web Applications - Shadowd

Shadow Daemon is a collection of tools to detect , record and prevent attacks on web application. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.

This is the main component that handles the analysis and storage of requests.

Documentation
For the full documentation please refer to shadowd.zecure.org .

Installation

Preparation
Use cmake to configure and prepare the project. It is a good idea to create a separate directory for this. A typical installation might look like this.

mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_BUILD_TYPE=Release ..

Compilation
If cmake is successful it creates a makefile. Use it to compile and install the project.

make shadowd
make install

Database
Install and configure a database server. At the moment shadowd officially supports PostgreSQL and MySQL. Afterwards create a new user and database for shadowd and import the correct layout.
If you are using PostgreSQL you can use psql to import the layout.

psql -Ushadowd shadowd < /usr/share/shadowd/pgsql_layout.sql

If you are using MySQL you can use mysql to import the layout. The user requires the CREATE ROUTINE privilege.

mysql -ushadowd -p shadowd < /usr/share/shadowd/mysql_layout.sql

Configuration
The installer copies the configuration file to /etc/shadowd/shadowd.ini . The file is annotated and should be self-explanatory.

Download Shadowd

Read More

Ruby In The Middle (HTTP/HTTPS Interception Proxy) - RITM

Ruby in the middle (RITM) is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases.

Installation

    gem install ritm   

Basic usage

1. Write your interception handlers
   

   require 'ritm'
   
   # A single answer for all your google searches
   Ritm.on_request do |req|
     if req.request_uri.host.start_with? 'www.google.'
       new_query_string = req.request_uri.query.gsub(/(?<=^q=|&q=)(((?!&|$).)*)(?=&|$)/, 'RubyInTheMiddle')
       req.request_uri.query = new_query_string
     end
   end
   
   my_picture = File.read('i_am_famous.jpg')
   
   # Replaces every picture on the web with my pretty face
   Ritm.on_response do |_req, res|
     if res.header['content-type'] && res.header['content-type'].start_with?('image/')
       res.header['content-type'] = 'image/jpeg'
       res.body = my_picture
     end
   end

2. Start the proxy server
   

   proxy = Ritm::Proxy::Launcher.new
   proxy.start
   
   puts 'Hit enter to finish'
   gets
   
   proxy.shutdown

3. Configure your browser
   Or whatever HTTP client you want to intercept traffic from, to connect to the proxy in localhost:8080
   
4. Browse the web!
   For the examples above, search anything in google and also visit your favorite newspaper website.
   

Trusting self-signed certificates generated by RITM

With the previous example your client might have encountered issues when trying to access HTTPS resources. In some cases you can add an exception to your browser (or instruct your http client not to verify certificates) but in some other cases you won't be able to add exceptions. The reason for this is that in order to decrypt and to be able to modify SSL traffic, RITM will have to be the one doing the SSL negotiatiation with the client (using its own set of certificates) and then it will establish a separate SSL session towards the server. I.e.:

Client <--- SSL session ---> RITM <--- SSL session ---> Server

For every different server's hostname your client tries to communicate with, RITM will generate a certificate on the fly and sign it with a pre-configured Certificate Authority (CA). So, in order to be able to establish a secure connection you will need to configure your client (e.g. browser) to trust RITM's CA.

For security reasons, every time you start RITM's proxy with the default settings it will generate a new internal Certificate Authority. To use your own CA instead (so it can be loaded and trusted by your browser) perform the following steps:

1. Generate a Certificate Authority PEM and Private Key files
   You can use OpenSSL or RITM to generate these two files. With OpenSSL:
   

   openssl req -new -nodes -x509 -days 365 -extensions v3_ca -keyout insecure_ca.key -out insecure_ca.crt

   Or with RITM:
   

   require 'ritm/certs/ca'
   
   ca = Ritm::CA.create common_name: 'InsecureCA'
   
   File.write('insecure_ca.crt', ca.pem)
   File.write('insecure_ca.key', ca.private_key.to_s)

2. Repeat step 2 from the previous example, this time indicating what CA should be used to sign certificates
   

   proxy = Ritm::Proxy::Launcher.new(ca_crt_path: 'path/to/insecure_ca.crt',
                                     ca_key_path: 'path/to/insecure_ca.key')
   proxy.start
   
   puts 'Hit enter to finish'
   gets
   
   proxy.shutdown

3. Trust the CA certificate into your browser or client
   I'll leave it to you to figure out how this is done in your browser or client.
   
4. Surf the web!
5. When you are done Remove the CA from your trusted authorities!
   Or take really good care of the CA private key since anyone in possession of that key will be capable of decrypting all your traffic! Also notice that when using the proxy every server will be automatically trusted even if the end server certificate is not valid.

Download RITM

Read More