CVE Feeds

Nov 25, 2014

CheatSheet: Windows Incident Response Cheat Sheet


Source:: https://twitter.com/Securityartwork/status/536905910145544193/photo/1


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: get real ip behind CloudFlare

1) Use a Resolver

 
2) Enter URL of your target site here:

3) Click Search

4) This is the plain IP
 
OR
IpLogger is a website which allows you to see traffic on imag files. 

This is a very useful method and can help you get the IP of  practically anyone if you know what to do.
1) Go to http://iplogger.org/getnewid.php and copy the 3rd link in the boxes.
2) Go to any forum where you can change your avatar. Let us use hackforums.net for this example
3) Paste the image url your retrieved from IPLogger earlier and click on change avatar. This will prompt a SQL error because the image file is way too small. Do not worry though, everything worked well. Right before the error, MaDLeeTs.CoM pinged the image and that's all we need!
4) Now, go back to IPLogger and click "View Log." button. This will forward
you to a statistics page where we can find the real IP address
 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: LinEnum - Linux Enumeration Tool

For more information visit www.rebootuser.com
Note: Export functionality is currently in the experimental stage.
General usage:
version 0.5
  • Example: ./LinEnum.sh -k keyword -r report -e /tmp/ -t
OPTIONS:
  • -k Enter keyword
  • -e Enter export location
  • -t Include thorough (lengthy) tests
  • -r Enter report name
  • -h Displays this help text
Running with no options = limited scans/no output file
  • -e Requires the user enters an output location i.e. /tmp/export. If this location does not exist, it will be created.
  • -r Requires the user to enter a report name. The report (.txt file) will be saved to the current working directory.
  • -t Performs thorough (slow) tests. Without this switch default 'quick' scans are performed.
  • -k An optional switch for which the user can search for a single keyword within many files (documented below).
See CHANGELOG.md for further details
High-level summary of the checks/tasks performed by LinEnum:
  • Kernel and distribution release details
  • System Information:
    • Hostname
    • Networking details:
    • Current IP
    • Default route details
    • DNS server information
  • User Information:
    • Current user details
    • Last logged on users
    • List all users including uid/gid information
    • List root accounts
    • Extracts password policies and hash storage method information
    • Checks umask value
    • Checks if password hashes are stored in /etc/passwd
    • Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
    • Attempt to read restricted files i.e. /etc/shadow
    • List current users history files (i.e .bash_history, .nano_history etc.)
    • Basic SSH checks
  • Privileged access:
    • Determine if /etc/sudoers is accessible
    • Determine if the current user has Sudo access without a password
    • Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
    • Is root’s home directory accessible
    • List permissions for /home/
  • Environmental:
    • Display current $PATH
  • Jobs/Tasks:
    • List all cron jobs
    • Locate all world-writable cron jobs
    • Locate cron jobs owned by other users of the system
  • Services:
    • List network connections (TCP & UDP)
    • List running processes
    • Lookup and list process binaries and associated permissions
    • List inetd.conf/xined.conf contents and associated binary file permissions
    • List init.d binary permissions
  • Version Information (of the following):
    • Sudo
    • MYSQL
    • Postgres
    • Apache
    • Checks user config
  • Default/Weak Credentials:
    • Checks for default/weak Postgres accounts
    • Checks for default/weak MYSQL accounts
  • Searches:
    • Locate all SUID/GUID files
    • Locate all world-writable SUID/GUID files
    • Locate all SUID/GUID files owned by root
    • Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
    • List all world-writable files
    • Find/list all accessible *.plan files and display contents
    • Find/list all accessible *.rhosts files and display contents
    • Show NFS server details
    • Locate *.conf and *.log files containing keyword supplied at script runtime
    • List all *.conf files located in /etc
    • Locate mail

 Source:: https://github.com/rebootuser/LinEnum

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 22, 2014

Tools: .NET ExploitRemotingService (c) 2014 James Forshaw

A tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.

Source:: https://github.com/tyranid/ExploitRemotingService

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 20, 2014

CheatSheet: Adb and Android Shell Cheat Sheet

https://github.com/maldroid/adb_cheatsheet/blob/master/cheatsheet.pdf?raw=true


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Slide: Web Architecture - Mechanism and Threats

This slide is my presentation that I present in 2600Thailand Meeting.

https://db.tt/Pu3MeThe


 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 17, 2014

Tools: Hamms - Malformed servers to test your HTTP client


Hamms is designed to elicit failures in your HTTP Client. Connection failures, malformed response data, slow servers, fat headers, and more!

Installation

You can either install hamms via pip:
pip install hamms
Or clone this project:
git clone https://github.com/kevinburke/hamms.git

Usage

  1. Start hamms by running it from the command line:
    python hamms/__init__.py
    
    Or use the HammsServer class to start and stop the server on command.
    from hamms import HammsServer
    
    class MyTest(object):
        def setUp(self):
            self.hs = HammsServer()
            self.hs.start()
    
        def tearDown(self):
            self.hs.stop()
  2. Make requests and test your client. See the reference below for a list of supported failure modes.
By default, Hamms uses ports 5500-5600. In the future, this port range may be configurable.

Source:: https://github.com/kevinburke/hamms

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 15, 2014

Tools: Radare - Forensic Android Tool

Radare project started as a forensics tool, an scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ..
radare2 is portable.

Architectures:
6502, 8051, arm, arc, avr, bf, tms320 (c54x, c55x, c55+), gameboy csr, dcpu16, dalvik, i8080, mips, m68k, mips, msil, snes, nios II, sh, sparc, rar, powerpc, i386, x86-64, H8/300, malbolge, T8200
File Formats:
bios, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-64, MZ, PE, PE+, TE, COFF, plan9, bios, dyldcache, Gameboy and Nintendo DS ROMs
Operating Systems:
Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS
Bindings:
Vala/Genie, Python (2, 3), NodeJS, LUA, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCAM
Features:
  • Multi-architecture and multi-platform
    • GNU/Linux, Android, *BSD, OSX, iPhoneOS, Windows{32,64} and Solaris
    • i8080, 8051, x86{16,32,64}, avr, arc{4,compact}, arm{thumb,neon,aarch64}, c55x+, dalvik, ebc, gb, java, sparc, mips, nios2, powerpc, whitespace, brainfuck, malbolge, z80, psosvm, m68k, msil, sh, snes, gb, dcpu16, csr, arc
    • pe{32,64}, te, [fat]mach0{32,64}, elf{32,64}, bios/uefi, dex and java classes
  • Highly scriptable
    • Vala, Go, Python, Guile, Ruby, Perl, Lua, Java, JavaScript, sh, ..
    • batch mode and native plugins with full internal API access
    • native scripting based in mnemonic commands and macros
  • Hexadecimal editor
    • 64bit offset support with virtual addressing and section maps
    • Assemble and disassemble from/to many architectures
    • colorizes opcodes, bytes and debug register changes
    • print data in various formats (int, float, disasm, timestamp, ..)
    • search multiple patterns or keywords with binary mask support
    • checksumming and data analysis of byte blocks
  • IO is wrapped
    • support Files, disks, processes and streams
    • virtual addressing with sections and multiple file mapping
    • handles gdb:// and rap:// remote protocols
  • Filesystems support
    • allows to mount ext2, vfat, ntfs, and many others
    • support partition types (gpt, msdos, ..)
  • Debugger support
    • gdb remote and brainfuck debugger support
    • software and hardware breakpoints
    • tracing and logging facilities
  • Diffing between two functions or binaries
  • Code analysis at opcode, basicblock, function levels
    • embedded simple virtual machine to emulate code
    • keep track of code and data references
    • function calls and syscall decompilation
    • function description, comments and library signatures
Source:: http://www.radare.org/y/?p=download


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: MeterSSH – Meterpreter over SSH

As penetration testers, it’s continual to identify what types of attacks are detected and what’s not. After running into a recent penetration test with a next generation firewall, most analysis has shifted away from the endpoints and more towards network analysis. While there needs to be a mixture of both, MeterSSH demonstrates how easy it is to circumvent a lot of these signature based “next generation” product lines.
MeterSSH is an easy way to inject native shellcode into memory and pipe anything over SSH to the attacker machine through an SSH tunnel and all self contained into one single Python file. Python can easily be converted to an executable using pyinstaller or py2exe.

Source:: https://www.trustedsec.com/november-2014/meterssh-meterpreter-ssh/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 13, 2014

Tools: Simple-Rootkit - A simple attack against gcc and Python via kernel module, with highly detailed comments.

A simple attack via kernel module, with highly detailed comments.
Here we'll compile a kernel module which intercepts every "read" system call, searches for a string and replaces it if it looks like the gcc compiler or the python interpreter. This is meant to demonstrate how a compromised system can build a malicious binary from perfectly safe source code.
For more information see: http://linux-poetry.com/blog/12/
Also check out: http://memset.wordpress.com/2010/12/03/syscall-hijacking-kernel-2-6-systems/

Instructions

Install your kernel headers
sudo apt-get install linux-headers-$(uname -r)
Run make
cd simple-rootkit && make
Load the module
sudo insmod simple-rootkit.ko
Compile any C or run any Python script and all instances of the string "World!" will now read as Mrrrgn.
gcc hello.c -o hello
./hello 
 
Source:: https://github.com/mrrrgn/simple-rootkit 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |