exploit:
http://www.vulnspy.com/en-libssh-authentication-bypass-cve-2018-10933/libssh_authentication_bypass_vulnerability_exploit_(cve-2018-10933)/
Docker image:
https://github.com/hackerhouse-opensource/cve-2018-10933
Wednesday, October 24, 2018
running kali docker image on linode
$ docker pull kalilinux/kali-linux-docker
$ docker run -t -i kalilinux/kali-linux-docker /bin/bash
# apt-get update && apt-get install metasploit-framework
Saturday, October 20, 2018
Wednesday, October 17, 2018
ApateDNS
Control DNS responses
ApateDNS™ is a tool for controlling DNS responses though an easy-to-use GUI. As a phony DNS server, ApateDNS spoofs DNS responses to a user-specified IP address by listening on UDP port 53 on the local machine. ApateDNS also automatically sets the local DNS to localhost. Upon exiting the tool, it sets back the original local DNS settings.
ApateDNS™ is a tool for controlling DNS responses though an easy-to-use GUI. As a phony DNS server, ApateDNS spoofs DNS responses to a user-specified IP address by listening on UDP port 53 on the local machine. ApateDNS also automatically sets the local DNS to localhost. Upon exiting the tool, it sets back the original local DNS settings.
regshot
Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.
PEiD tool
PEiD detects most common packers, cryptors and compilers for PE files.
It can currently detect more than 470 different signatures in PE files.
Contents
1Description
2Installation
2.1PEiD
2.2Signatures
3Interface
3.1Main interface
3.2Section Viewer
3.3PE disassembler
3.4PE details
3.5Extra information
3.6Menu
3.6.1Screenshot
3.6.2Generic OEP Finder
3.7Krypto Analyzer
4Comments
https://www.aldeid.com/wiki/PEiD
It can currently detect more than 470 different signatures in PE files.
Contents
1Description
2Installation
2.1PEiD
2.2Signatures
3Interface
3.1Main interface
3.2Section Viewer
3.3PE disassembler
3.4PE details
3.5Extra information
3.6Menu
3.6.1Screenshot
3.6.2Generic OEP Finder
3.7Krypto Analyzer
4Comments
https://www.aldeid.com/wiki/PEiD
Sunday, October 14, 2018
macOS: Mojave - vmware fushion keyboad and mouse is not working
Solution:
Allow VMware Fushion Application on System Preferences -> Security & Privacy -> Privacy tab -> Accessibility section.
Thursday, October 11, 2018
Building Beautiful Command Line Interfaces with Python
https://codeburst.io/building-beautiful-command-line-interfaces-with-python-26c7e1bb54df
Saturday, October 6, 2018
Windows System Call Table (NT/2000/XP/2003/Vista/2008/7/8/10)
https://j00ru.vexillium.org/syscalls/nt/32/
https://j00ru.vexillium.org/syscalls/nt/64/
https://j00ru.vexillium.org/syscalls/nt/64/
Friday, October 5, 2018
Google dorks: SQL injection
inurl:db_mysql.php
inurl:sql.php?table=wp_users
inurl:sql.php?table=group
inurl:sql.php?table=phpMyAdmin
inurl:sql.php?table=users
inurl:sql.php?table=login
inurl:/phpMyAdmin/sql.php
inurl:sql.php?table=customer
inurl:sql.php?table=member
inurl:sql.php?table=account
inurl:sql.php?table=admin
inurl:sql.php?table=tblwhoislog
inurl:/usr/local/apache/htdocs
inurl:sql.php?table=jos_users
inurl:sql.php?table=mybb_users
inurl:sql.php?table=log
inurl:sql.php?table=pass
inurl:sql.php?table=information_schema
inurl:sql.php?table=wp_users
inurl:sql.php?table=group
inurl:sql.php?table=phpMyAdmin
inurl:sql.php?table=users
inurl:sql.php?table=login
inurl:/phpMyAdmin/sql.php
inurl:sql.php?table=customer
inurl:sql.php?table=member
inurl:sql.php?table=account
inurl:sql.php?table=admin
inurl:sql.php?table=tblwhoislog
inurl:/usr/local/apache/htdocs
inurl:sql.php?table=jos_users
inurl:sql.php?table=mybb_users
inurl:sql.php?table=log
inurl:sql.php?table=pass
inurl:sql.php?table=information_schema
Cross-platform post-exploitation tool mainly written in python
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Wednesday, October 3, 2018
Hide Apache ServerSignature / ServerTokens / PHP X-Powered-By
httpd.conf or apache.conf rows:
ServerSignature Off
ServerTokens Prod
php.ini row:
php.ini row:
expose_php = Off
The Art of Subdomain Enumeration
Rapid7 DNS dataset
https://opendata.rapid7.com/sonar.fdns_v2/
https://censys.io/certificates?q=.example.com
https://crt.sh/?q=%25.example.com
https://github.com/aboul3la/Sublist3r
https://github.com/laramies/theHarvester
Google Dorking:
site:example.com
Kaynak:
https://blog.sweepatic.com/art-of-subdomain-enumeration/
https://opendata.rapid7.com/sonar.fdns_v2/
https://censys.io/certificates?q=.example.com
https://crt.sh/?q=%25.example.com
https://github.com/aboul3la/Sublist3r
https://github.com/laramies/theHarvester
Google Dorking:
site:example.com
Kaynak:
https://blog.sweepatic.com/art-of-subdomain-enumeration/
Monday, October 1, 2018
popcorn-time: Watch torrent movies instantly
Watch torrent movies instantly
This Popcorn Time service will never be taken down. Download and enjoy.
This Popcorn Time service will never be taken down. Download and enjoy.
Using websockets to easily build GUIs for Python programs
Websocket teknolojisinin kullanımı ile alakalı faydalı bir örnek.
https://gist.github.com/jsomers/d32dd3507e5406c56e47b4cd6f28c60e
https://gist.github.com/jsomers/d32dd3507e5406c56e47b4cd6f28c60e
nmap options/ideas to avoid Firewall
Packet fragmentation
-f
Modify default MTU:
--mtu 24
Random number of decoys
-D RND:10
Change Source port:
--source-port 80
Append Random Data to Packet:
--data-length 25
MAC Address Spoofing
--spoof-mac Dell/Apple/3Com
Subscribe to:
Posts (Atom)