CVE Feeds

Dec 17, 2014

Howto: Install Parallel Tools 10 in Kali

1. In Parallel Menu, Action -> Install Parallel Tools

2. In Kali, Copy CDROM to /tmp
# cp -pvr /media/cdrom/ /tmp/parallel

3. Go to folder
# cd /tmp/parallel

4. Run Install
# ./install

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Install aircrack-ng on Ubuntu14.04


1. Install required lib
# apt-get install libnl1 libnl-dev libssl-dev

2.  Download Aircrack-ng source
# wget "http://download.aircrack-ng.org/aircrack-ng-1.2-rc1.tar.gz"

3. Unzip
# tar xzvf aircrack-ng-1.2.rc1.tar.gz

4. Compile and install
# make
# make install

5. Update
# airodump-ng-oui-update 

6. Update path
# export PATH=$PATH:/usr/local/sbin/




If you like my blog, Please Donate Me

Or Click The Banner For Support Me.

Howto: Install AWUS036NHR on Ubuntu 14.04

1. Download driver from "https://github.com/pvaret/rtl8192cu-fixes.git"
# git clone https://github.com/pvaret/rtl8192cu-fixes.git

2. Add module
# sudo dkms add ./rtl8192cu-fixes

3. Install module
# sudo dkms install 8192cu/1.9

4. Modify Blacklist.conf
# echo "blacklist rtl8192cu" | sudo tee -a /etc/modprobe.d/blacklist.conf

Source:: https://github.com/pvaret/rtl8192cu-fixes
 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 16, 2014

Video: BalCCon2k14 Video

https://www.youtube.com/playlist?list=PLyHRd2YK1T4wUf0iuLNT77D4h5Ne3xBPW 


 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Video: Defcon 22 (2014) Video and Slide

https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20video%20and%20slides/



 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Collected data with SSH Honeypots by Andrew-Morris

collected data over the past several months using a network of 10-20 SSH honeypots by andrew-morris



Source: https://github.com/andrew-morris/threat_research

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 10, 2014

Tools: PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands.

PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an internal penetration test when you already have access to a sysadmin’s machine who has a Putty session open to a Linux server. You can use PuttyRider to take control of the remote server using the existing SSH session.

Download: https://github.com/seastorm/PuttyRider

Source:: http://seclists.org/fulldisclosure/2014/Dec/42


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 9, 2014

Tools: InsomniaShell - ASP.NET Reverse Shell Or Bind Shell

InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either an ASP.NET reverse shell or a bind shell.
ASP.NET is an open source server-side Web application framework designed for Web development to produce dynamic Web pages. It was developed by Microsoft to allow programmers to build dynamic web sites, web applications and web services.
It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft’s Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language.

Source:: http://www.darknet.org.uk/2014/12/insomniashell-asp-net-reverse-shell-bind-shell/



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: AutoScan-Network - Network Scanner

AutoScan-Network is a network scanner (discovering and managing application). No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network.

System Requirements :
•Mac OS X 10.5 or later
•Microsoft Windows (XP, Vista)
•GNU/Linux
•Maemo 4
•Sun OpenSolaris

Features:
• Fast network scanner
 • Automatic network discovery
 • TCP/IP scanner
 • Wake on lan functionality
 • Multi-threaded Scanner
 • Port scanner
 • Low surcharge on the network
 • VNC Client
 • Telnet Client
 • SNMP scanner
 • Simultaneous subnetworks scans without human intervention
 • Realtime detection of any connected equipment
 • Supervision of any equipment (router, server, firewall...)
 • Supervision of any network service (smtp, http, pop, ...)
 • Automatic detection of known operatic system (brand and version), you can also add any unknown equipment to the database
 • The graphical interface can connect one or more scanner agents (local or remote)
 • Scanner agents could be deployed all over the network to scan through any type of equipment (router, NAT, etc)
 • Network Intruders detection (in intruders detection mode, all new equipments blacklisted)
 • Complete network tree can be saved in a XML file.
 • Privileged account is not required
 
 




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: THC-SmartBrute - Finds undocumented and secret commands implemented in a smartcard.

This tool finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class (CLA), Instruction-Number (INS) and the parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible values of CLA and INS to find a valid combination.

Command line arguments

--verbose
        prints a lot of debugging messages to stderr *FIXME*
--undoconly
        only prints found instruction if its not element of the standard
        instruction list
--fastresults
        before iterating through all possible combinates of class and
        instruction-number typical class/instruction-values are verified for
        availability.
        After that the classes 0x00, 0x80 and 0xA0 (GSM) are tried first.
--help
        prints out the usage
--chv1 pin1
        a VERIFY CHV1 instruction with pin1 as argument is executed
--chv2 pin2
        a VERIFY CHV2 instruction with pin2 as argument is executed

--brutep1p2
        finds valid parameter p1 and p2 combinations for the instruction
        the user defined with --cla and --ins .
        For parameter p1 the value 0x00 is assumed.

--brutep3
        find valid p3 values for given --cla, --ins, --p1 and --p2

--cla CLASS
        sets the instruction class to CLASS
--ins INS
        sets the instruction-number to INS
--p1 P1
        sets parameter p1 to P1
--p2 P2
        sets parameter p2 to P2
--p3 P3
        sets parameter p3 to P3


  [0x04] Examples

1. ~$ ./thc-smartbrute
        run thcsmartbrute without any arguments to brute force for valid instructions
2. ~$ ./thc-smartbrute --undoconly
        find valid instructions but only print out non-standard instructions

3. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --brutep1p2
        find the first two arguments for the GSM instruction SELECT FILE

4. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --p1 0x00 --p2 0x00 --brutep3
        find the 3rd argument for the already found first two arguments 
        for the GSM instruction SELECT FILE
        


Source:: https://www.thc.org/thc-smartbrute/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |