Tuesday, July 30, 2019

Merge multipe pdf files in single pdf file

pdfunite - Portable Document Format (PDF) page merger

$ pdfunite 1.pdf 2.pdf 3.pdf 4.pdf 5.pdf 6.pdf 7.pdf application.pdf

http://manpages.ubuntu.com/manpages/bionic/man1/pdfunite.1.html


Monday, July 15, 2019

pyimagesearch

If you’re interested in learning how image search engines, or trying to build one of your own, you should check it out




https://www.pyimagesearch.com/

pyenv installation

Install:

$ curl https://pyenv.run | bash

pyenv.run redirects to the install script in this repository and the invocation above is equivalent to:

$ curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash

Details:
https://github.com/pyenv/pyenv-installer

Monday, July 8, 2019

Cracking wifi passwords with wordlists

Wordlists:

ftp://ftp.openwall.com/pub/wordlists/
http://www.openwall.com/mirrors/
https://github.com/danielmiessler/SecLists
http://www.outpost9.com/files/WordLists.html
http://www.vulnerabilityassessment.co.uk/passwords.htm
http://packetstormsecurity.org/Crackers/wordlists/
http://www.ai.uga.edu/ftplib/natural-language/moby/
http://wordlist.sourceforge.net/
https://github.com/berzerk0/Probable-Wordlists
https://weakpass.com/wordlist
https://pypi.org/project/wordlist/
https://packages.debian.org/jessie/wordlist
 
Use crunch to create a wordlist "on-the-fly" (without wasting storage) - pipe that to john with --session option (you can resume the cracking process) and give that to aircrack (-w - // without password list since crunch is creating it)

crunch 8 8 | john --stdin --session=superwifi --stdout | aircrack-ng -b 00:11:22:33:44:55 -w - handshake-Superwifi.cap

Platform:
https://www.parrotsec.org/download-security.php

About John the ripper session parameter usage:

You do not have to leave John running on a (pseudo-)terminal. If running John on a Unix-like system, you can simply disconnect from the server, close your xterm, etc. John will catch the SIGHUP ("hangup" signal) and continue running. Alternatively, you may prefer to start it in the background right away:
 john --wordlist=all.lst --rules mypasswd &
Obviously, the "&" is specific to Unix shells and will not work on most other platforms.
You may further enhance this by specifying a session name:
 john --session=allrules --wordlist=all.lst --rules mypasswd &
This ensures that you won't accidentally interfere with the instance of John running in the background if you proceed to start other sessions.
To view the status of a running session, use:
 john --status
for the default session or:
 john --status=allrules

Wednesday, June 5, 2019

Tuesday, June 4, 2019

Convert file encoding: Turkish character saving problem

Turkish character saving problem

Solution:
 
$ file -i input.file
$ cat input.file 
$ iconv -f ISO-8859-1 -t UTF-8//TRANSLIT input.file -o out.file
$ cat out.file 
$ file -i out.file 

Wednesday, April 3, 2019

Utility Functions for Resilient (fn_utilities-1.0.6.zip) installation problem

Resilient Functions simplify development of integrations by wrapping each external activity into an individual workflow component. These components can be easily installed, then used and combined in Resilient workflows. The Resilient platform sends data to the function component that performs an activity then returns the results to the workflow. The results can be acted upon by scripts, rules, and workflow decision points to dynamically orchestrate the security incident response activities.

The Utility Functions integration package contains several useful workflow functions for common automation and integration activities in Resilient. These include:

    Function to call generic REST/JSON web service APIs,
    Function to run arbitrary shell scripts (bash and PowerShell),
    Functions to fetch SSL certificates from a server and parse them,
    Functions to work with Excel, HTML, XML, JSON and EML files,
    Functions to work with Resilient attachments: calculate hashes, list and extract ZIP archives, convert to and from base64
    And more.



Problem:

[root@resilient ~]# pip install fn_utilities-1.0.6.zip
Processing ./fn_utilities-1.0.6.zip
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
    IOError: [Errno 2] No such file or directory: '/tmp/pip-req-build-k_Apec/setup.py'
   
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-req-build-k_Apec/

Solution:

[root@resilient ~]# unzip fn_utilities-1.0.6.zip
Archive:  fn_utilities-1.0.6.zip
  inflating: fn_utilities-1.0.6.tar.gz 

[root@resilient ~]# pip install fn_utilities-1.0.6.tar.gz

Wednesday, November 7, 2018

Antivirus Evasion Tools

http://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/

https://github.com/Veil-Framework/Veil

Thursday, November 1, 2018

ollydbg quickstart guide

http://www.ollydbg.de/quickst.htm

phrack: History and Advances in Windows Shellcode

Abstract 

Firewall is everywhere in the Internet now. Most of the exploits released in the public have little concern over firewall rules because they are just proof of concept. In real world, we would encounter targets with firewall that will make exploitation harder. We need to overcome these obstacles for a successful penetration testing job. The research of this paper started when we need to take over (own) a machine which is heavily protected with rigid firewall rules. Although we can reach the vulnerable service but the strong firewall rules between us and the server hinder all standard exploits useless. 

The objective of the research is to find alternative ways which allow penetration tester to take control of a machine after a successful buffer overflow. A successful buffer overflow in a sense that it will eventually leads to arbitrary code execution. These alternative mechanisms should succeed where others fail even in the most rigid firewall rules. 

In our research to find a way to by pass these troublesome firewall rules, we looked into various existing techniques used by exploits in the public and why they fail. Then, we found several mechanisms that will work, but dependence to the vulnerable service. Although we can take over the server using these techniques, we take one step further to develop a more generic technique which is not dependence to any service and can be reuse in most other buffer overflows. 

This paper will start with dissection on a standard Win32 shellcode as an introduction. We will then explore the techniques being used by proof of concept codes to allow attacker to control the target and their limitations. Then, we will introduce a few alternatives techniques which we call "One-way shellcode" and how they may by pass firewall rules. Finally, we also discussed on a possible way to transfer file from command line without breaking the firewall rule.

SEH - Structured Exception Handler EXPLOITATION

Attack:

https://www.exploit-db.com/docs/english/17505-structured-exception-handler-exploitation.pdf


Defense:

https://support.microsoft.com/en-us/help/956607/how-to-enable-structured-exception-handling-overwrite-protection-sehop

References:

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=61000
https://www.rapid7.com/resources/structured-exception-handler-overwrite-explained/ (Watch it)

Wednesday, October 24, 2018

Libssh Authentication Bypass Vulnerability Exploit (CVE-2018-10933)

exploit:
http://www.vulnspy.com/en-libssh-authentication-bypass-cve-2018-10933/libssh_authentication_bypass_vulnerability_exploit_(cve-2018-10933)/

Docker image:
https://github.com/hackerhouse-opensource/cve-2018-10933

Pico CTF 2018 Web Exploitation Writeup

https://s0cket7.com/picoctf-web/

running kali docker image on linode


$ docker pull kalilinux/kali-linux-docker
$ docker run -t -i kalilinux/kali-linux-docker /bin/bash
# apt-get update && apt-get install metasploit-framework


Saturday, October 20, 2018

Wednesday, October 17, 2018

ApateDNS

Control DNS responses
ApateDNS™ is a tool for controlling DNS responses though an easy-to-use GUI. As a phony DNS server, ApateDNS spoofs DNS responses to a user-specified IP address by listening on UDP port 53 on the local machine. ApateDNS also automatically sets the local DNS to localhost. Upon exiting the tool, it sets back the original local DNS settings.

regshot

Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.

PEiD tool

PEiD detects most common packers, cryptors and compilers for PE files.
It can currently detect more than 470 different signatures in PE files.

Contents

1Description
2Installation
2.1PEiD
2.2Signatures
3Interface
3.1Main interface
3.2Section Viewer
3.3PE disassembler
3.4PE details
3.5Extra information
3.6Menu
3.6.1Screenshot
3.6.2Generic OEP Finder
3.7Krypto Analyzer
4Comments


https://www.aldeid.com/wiki/PEiD

Thursday, October 11, 2018

Saturday, October 6, 2018