Monday, December 9, 2019
ubuntu: dpkg remove without dependencies
# dpkg -r --force-depends tixati
https://linux.die.net/man/1/dpkg
Sunday, October 20, 2019
ufonet: a toolkit for ddos simulations
Homepage:
https://ufonet.03c8.net/
It is a toolkit designed to launch DDoS and DoS attacks.
What is a DDoS attack?
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service
unavailable by overwhelming it (for example, with traffic...) from multiple sources.
What is a DoS attack?
A Denial of Service (DoS) attack is an attempt to make an online service
unavailable by overwhelming it (for example, with traffic...) from a single source.
What is a Botnet?
A Botnet is a collection of computers often referred to as "zombies" that allows an attacker
to control them. It is commonly used to make DDoS attacks.
What is the philosophy behind UFONet?
"On a samurai sword or even any tool, what matters is who goes to use it and for what,
not who builds it and when..."
Why can UFONet be more special, than for example, other botnets previously built?
Because UFONet tries not living traces (IPs, etc...) from the origin of the attack. And
of course, because it is free/libre. ;-)
How does UFONet work technically?
UFONet is a tool designed to launch Layer 7 (HTTP/Web Abuse) DDoS attacks, using 'Open Redirect'
vectors, generally located on third part-y web applications (a botnet) and other
powerful DoS attacks, some including different OSI model layers, as for example
the TCP/SYN flood attack, which is perform on Layer 3 (Network).
This schema shows you how the architecture of the requests are made when performing
a simple DDoS attack.
Is UFONet a "strong" botnet?
Well!. It depends on how you understand a botnet as "strong". If you understand it as;
* 'privacy'; UFONet is the best -ninja- DDoS/DoS tool...
* 'traffic volume'; it depends on; 'zombies', bandwidth, target's conf, etc...
With UFONet it's not about having a lot of 'zombies', it's more about those you have
work properly. If they are nice, you can 'defeat' a 'small' webserver just with
a 'couple of dozens'.
Or for example, in a scenario in which a target is using a VPS service with some limited
bandwidth rate (ex: 1GB/month) for the attacker is just a matter of time to run the tool
and wait until traffic (noise) reaches the maximum limit that closes the service.
Commonly people understand a botnet as an individual tool but UFONet is also a P2P/darknet,
that can be used to connect others machines and to run complex schemas involving other people
working cooperatively: sharing 'zombies', reporting statistics (with rankings, clans)...
Therefore, UFONet can also be defined fundamentally, as: a botnet of botnets, which is
obviously a harder and effective way to overwhelm an objective, than when a single person
tries it individually.
What's the difference between: 'zombies', 'aliens', 'droids', 'ucavs'...?
* Zombie: HTTP GET 'Open Redirect' bot
ex: https://ZOMBIE.com/check?uri=$TARGET
* Droid: HTTP GET 'Open Redirect' bot with params
ex: https://ZOMBIE.COM/css-validator/validator?uri=$TARGET&profile=css3
* Alien: HTTP POST 'Open Redirect' bot
ex: https://ZOMBIE.com/analyze.html;$POST;url=$TARGET
* Drone: HTTP 'Web Abuse' bot
ex: https://www.isup.me/$TARGET
* X-RPC: XML-RPC Vulnerability
ex: https://ZOMBIE.COM/xmlrpc.php
Is it possible to stress target's database using UFONet?
Yes, it is. For example, you can order to your 'zombies' to submit random valid requests
on a target's search input form. This floods database with queries.
ex(wordpress): ./ufonet -a 'http://TARGET.com' --db '?s='
Is there a LOIC connected to UFONet?
Yes, hehe... It has implemented an advanced version of that software that supports proxies.
ex: ./ufonet -a 'http://TARGET.com' --loic 500
And a LORIS?
Yes, of course. You can connect one to make requests leave open threads on the target too,
making the web server work slower:
ex: ./ufonet -a 'http://TARGET.com' --loris 100
How works UFOSYN?
It is a script to launch a powerful TCP-SYN (DoS) flood attack (it requires 'root' access):
ex: sudo ./ufonet -a 'http://TARGET.com' --ufosyn 100
And SPRAY?
This script is used to launch a TCP-SYN reflector (DDoS) flood attack (it requires 'root' access):
ex: sudo ./ufonet -a 'http://TARGET.com' --spray 100
What is a SMURF?
This other script is used to launch an ICMP echo (DDoS) flood attack (it requires 'root' access):
ex: sudo ./ufonet -a 'http://TARGET.com' --smurf 100
And XMAS?
With this script you can launch a complex TCP-XMAS (DoS) flood attack (it requires 'root' access):
ex: sudo ./ufonet -a 'http://TARGET.com' --xmas 100
How works a NUKE?
With this script you can launch a TCP-STARVARTION (DoS) socking attack (it requires 'root' access)
that will knock down your target in seconds, if it does not have a minimum level of protection:
ex: sudo ./ufonet -a 'http://TARGET.com' --nuke 10000
And TACHYON?
With this script you can perform a distributed amplification of DNS traffic:
ex: sudo ./ufonet -a 'http://TARGET.com' --tachyon 1000
How should a powerful attack that combines all the techniques (DDoS+DoS)?
sudo ./ufonet -a 'http://TARGET.com' --loic 100 --loris 100 --ufosyn 100 /
--spray 100 --smurf 100 --xmas 100 --nuke 10000 --tachyon 1000
How can I start with UFONet; for example using GNU/Linux (ex: Kali)?
You can try to install automatically all required libs by using this command (as root):
% sudo python setup.py install
https://ufonet.03c8.net/
ddos test aracı
What is UFONet?It is a toolkit designed to launch DDoS and DoS attacks.
What is a DDoS attack?
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service
unavailable by overwhelming it (for example, with traffic...) from multiple sources.
What is a DoS attack?
A Denial of Service (DoS) attack is an attempt to make an online service
unavailable by overwhelming it (for example, with traffic...) from a single source.
What is a Botnet?
A Botnet is a collection of computers often referred to as "zombies" that allows an attacker
to control them. It is commonly used to make DDoS attacks.
What is the philosophy behind UFONet?
"On a samurai sword or even any tool, what matters is who goes to use it and for what,
not who builds it and when..."
Why can UFONet be more special, than for example, other botnets previously built?
Because UFONet tries not living traces (IPs, etc...) from the origin of the attack. And
of course, because it is free/libre. ;-)
How does UFONet work technically?
UFONet is a tool designed to launch Layer 7 (HTTP/Web Abuse) DDoS attacks, using 'Open Redirect'
vectors, generally located on third part-y web applications (a botnet) and other
powerful DoS attacks, some including different OSI model layers, as for example
the TCP/SYN flood attack, which is perform on Layer 3 (Network).
This schema shows you how the architecture of the requests are made when performing
a simple DDoS attack.
Is UFONet a "strong" botnet?
Well!. It depends on how you understand a botnet as "strong". If you understand it as;
* 'privacy'; UFONet is the best -ninja- DDoS/DoS tool...
* 'traffic volume'; it depends on; 'zombies', bandwidth, target's conf, etc...
With UFONet it's not about having a lot of 'zombies', it's more about those you have
work properly. If they are nice, you can 'defeat' a 'small' webserver just with
a 'couple of dozens'.
Or for example, in a scenario in which a target is using a VPS service with some limited
bandwidth rate (ex: 1GB/month) for the attacker is just a matter of time to run the tool
and wait until traffic (noise) reaches the maximum limit that closes the service.
Commonly people understand a botnet as an individual tool but UFONet is also a P2P/darknet,
that can be used to connect others machines and to run complex schemas involving other people
working cooperatively: sharing 'zombies', reporting statistics (with rankings, clans)...
Therefore, UFONet can also be defined fundamentally, as: a botnet of botnets, which is
obviously a harder and effective way to overwhelm an objective, than when a single person
tries it individually.
What's the difference between: 'zombies', 'aliens', 'droids', 'ucavs'...?
* Zombie: HTTP GET 'Open Redirect' bot
ex: https://ZOMBIE.com/check?uri=$TARGET
* Droid: HTTP GET 'Open Redirect' bot with params
ex: https://ZOMBIE.COM/css-validator/validator?uri=$TARGET&profile=css3
* Alien: HTTP POST 'Open Redirect' bot
ex: https://ZOMBIE.com/analyze.html;$POST;url=$TARGET
* Drone: HTTP 'Web Abuse' bot
ex: https://www.isup.me/$TARGET
* X-RPC: XML-RPC Vulnerability
ex: https://ZOMBIE.COM/xmlrpc.php
Is it possible to stress target's database using UFONet?
Yes, it is. For example, you can order to your 'zombies' to submit random valid requests
on a target's search input form. This floods database with queries.
ex(wordpress): ./ufonet -a 'http://TARGET.com' --db '?s='
Is there a LOIC connected to UFONet?
Yes, hehe... It has implemented an advanced version of that software that supports proxies.
ex: ./ufonet -a 'http://TARGET.com' --loic 500
And a LORIS?
Yes, of course. You can connect one to make requests leave open threads on the target too,
making the web server work slower:
ex: ./ufonet -a 'http://TARGET.com' --loris 100
How works UFOSYN?
It is a script to launch a powerful TCP-SYN (DoS) flood attack (it requires 'root' access):
ex: sudo ./ufonet -a 'http://TARGET.com' --ufosyn 100
And SPRAY?
This script is used to launch a TCP-SYN reflector (DDoS) flood attack (it requires 'root' access):
ex: sudo ./ufonet -a 'http://TARGET.com' --spray 100
What is a SMURF?
This other script is used to launch an ICMP echo (DDoS) flood attack (it requires 'root' access):
ex: sudo ./ufonet -a 'http://TARGET.com' --smurf 100
And XMAS?
With this script you can launch a complex TCP-XMAS (DoS) flood attack (it requires 'root' access):
ex: sudo ./ufonet -a 'http://TARGET.com' --xmas 100
How works a NUKE?
With this script you can launch a TCP-STARVARTION (DoS) socking attack (it requires 'root' access)
that will knock down your target in seconds, if it does not have a minimum level of protection:
ex: sudo ./ufonet -a 'http://TARGET.com' --nuke 10000
And TACHYON?
With this script you can perform a distributed amplification of DNS traffic:
ex: sudo ./ufonet -a 'http://TARGET.com' --tachyon 1000
How should a powerful attack that combines all the techniques (DDoS+DoS)?
sudo ./ufonet -a 'http://TARGET.com' --loic 100 --loris 100 --ufosyn 100 /
--spray 100 --smurf 100 --xmas 100 --nuke 10000 --tachyon 1000
How can I start with UFONet; for example using GNU/Linux (ex: Kali)?
You can try to install automatically all required libs by using this command (as root):
% sudo python setup.py install
aws ec2 on linux command line
Prerequisites:
-An Amazon AWS account.(Free or Paid account)
-An IAM user with Access Key and secret access key.
–Pre-configured VPC, Subnets, Routes, Internet gateways, Security policy.
-Any Linux Machine with aws cli utlity installed.
aws cli installation:
Requirements:– Linux.
– Python 2.6.5 or higher.
[Tested on Linux Mint with bash shell. should work on Ubuntu as well.]
Update your system and its packages:
sudo apt update && sudo apt upgrade -y
Install Pip:
sudo apt install python-pip -y
sudo pip install --upgrade pip
Install the following modules:
sudo pip install setuptools
sudo pip install wheel
Install AWS CLI:
sudo pip install awscli
To verify that the installation went well, you can run the following command.
aws --version
If the output shows the aws version, then you are all set.
Enable AWS commands Auto completion:
-To enable auto completion of sub commands, run the following to check where your “aws” and “aws_completer” are located.
which aws
which aws_completer
-Copy the output of “which aws_completer”. This would the path.
Most used aws ec2 commands for shell scripts:
aws ec2 describe-instances
aws ec2 start-instances --instance-ids i-dddddd70
aws ec2 stop-instances --instance-ids i-5c8282ed
aws ec2 terminate-instances --dry-run --instance-ids i-dddddd70
aws ec2 create-tags --resources i-dddddd70 --tags Key=Department,Value=Finance
aws ec2 describe-volumes
aws ec2 attach-volume --volume-id vol-1d5cc8cc --instance-id i-dddddd70 --device /dev/sdh
aws ec2 run-instances --dry-run --image-id ami-08111162 --count 1 --instance-type t1.micro --key-name MyKeyPair --security-groups my-ami-security-group
aws ec2 reboot-instances --instance-ids i-dddddd70
aws ec2 modify-instance-attribute --instance-id i-44a44ac3 --instance-type "{\"Value\": \"m1.small\"}"
aws ec2 create-image --instance-id i-44a44ac3 --name "Dev AMI" --description "AMI for development server"
aws ec2 describe-images --image-ids ami-2d574747
aws ec2 deregister-image --image-id ami-2d574747 && aws ec2 delete-snapshot --snapshot-id snap-4e665454
aws ec2 delete-snapshot --snapshot-id snap-4e665454
aws ec2 modify-instance-attribute --instance-id i-44a44ac3 --disable-api-termination
aws ec2 modify-instance-attribute --instance-id i-44a44ac3 --no-disable-api-termination
aws ec2 get-console-output --instance-id i-44a44ac3
aws ec2 monitor-instances --instance-ids i-44a44ac3
aws ec2 unmonitor-instances --instance-ids i-44a44ac3
aws ec2 describe-key-pairs
aws ec2 create-key-pair --key-name dev-servers
aws ec2 delete-key-pair --key-name dev-servers
Tuesday, July 30, 2019
Merge multipe pdf files in single pdf file
pdfunite - Portable Document Format (PDF) page merger
$ pdfunite 1.pdf 2.pdf 3.pdf 4.pdf 5.pdf 6.pdf 7.pdf application.pdf
http://manpages.ubuntu.com/manpages/bionic/man1/pdfunite.1.html
$ pdfunite 1.pdf 2.pdf 3.pdf 4.pdf 5.pdf 6.pdf 7.pdf application.pdf
http://manpages.ubuntu.com/manpages/bionic/man1/pdfunite.1.html
Monday, July 15, 2019
pyimagesearch
https://www.pyimagesearch.com/
pyenv installation
Install:
$ curl https://pyenv.run | bash
pyenv.run redirects to the install script in this repository and the invocation above is equivalent to:
$ curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
Details:
https://github.com/pyenv/pyenv-installer
$ curl https://pyenv.run | bash
pyenv.run redirects to the install script in this repository and the invocation above is equivalent to:
$ curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
Details:
https://github.com/pyenv/pyenv-installer
Monday, July 8, 2019
Cracking wifi passwords with wordlists
Wordlists:
crunch 8 8 | john --stdin --session=superwifi --stdout | aircrack-ng -b 00:11:22:33:44:55 -w - handshake-Superwifi.cap
Platform:
https://www.parrotsec.org/download-security.php
About John the ripper session parameter usage:
You do not have to leave John running on a (pseudo-)terminal. If running John on a Unix-like system, you can simply disconnect from the server, close your xterm, etc. John will catch the SIGHUP ("hangup" signal) and continue running. Alternatively, you may prefer to start it in the background right away:
You may further enhance this by specifying a session name:
To view the status of a running session, use:
ftp://ftp.openwall.com/pub/wordlists/
http://www.openwall.com/mirrors/
https://github.com/danielmiessler/SecLists
http://www.outpost9.com/files/WordLists.html
http://www.vulnerabilityassessment.co.uk/passwords.htm
http://packetstormsecurity.org/Crackers/wordlists/
http://www.ai.uga.edu/ftplib/natural-language/moby/
http://wordlist.sourceforge.net/
https://github.com/berzerk0/Probable-Wordlists
https://weakpass.com/wordlist
https://pypi.org/project/wordlist/
https://packages.debian.org/jessie/wordlist
Use crunch to create a wordlist "on-the-fly" (without wasting
storage) - pipe that to john with --session option (you can resume the
cracking process) and give that to aircrack (-w - // without password
list since crunch is creating it)crunch 8 8 | john --stdin --session=superwifi --stdout | aircrack-ng -b 00:11:22:33:44:55 -w - handshake-Superwifi.cap
Platform:
https://www.parrotsec.org/download-security.php
About John the ripper session parameter usage:
You do not have to leave John running on a (pseudo-)terminal. If running John on a Unix-like system, you can simply disconnect from the server, close your xterm, etc. John will catch the SIGHUP ("hangup" signal) and continue running. Alternatively, you may prefer to start it in the background right away:
john --wordlist=all.lst --rules mypasswd &Obviously, the "&" is specific to Unix shells and will not work on most other platforms.
You may further enhance this by specifying a session name:
john --session=allrules --wordlist=all.lst --rules mypasswd &This ensures that you won't accidentally interfere with the instance of John running in the background if you proceed to start other sessions.
To view the status of a running session, use:
john --statusfor the default session or:
john --status=allrules
Wednesday, June 5, 2019
How to install CA certificates in Ubuntu server
https://www.techrepublic.com/article/how-to-install-ca-certificates-in-ubuntu-server/#ftag=RSS56d97e7
10 Best Cyber Security Penetration Testing Tools
1. Kali Linux
2. nmap
3. Metasploit
4. Wireshark
5. John the Ripper
6. Hydra
7. Burp Suite
8. Zed Attack Proxy
9. sqlmap
10. aircrack-ng
Reference:
https://www.csoonline.com/article/2943524/17-penetration-testing-tools-the-pros-use.html#tk.rss_all
2. nmap
3. Metasploit
4. Wireshark
5. John the Ripper
6. Hydra
7. Burp Suite
8. Zed Attack Proxy
9. sqlmap
10. aircrack-ng
Reference:
https://www.csoonline.com/article/2943524/17-penetration-testing-tools-the-pros-use.html#tk.rss_all
Tuesday, June 4, 2019
Convert file encoding: Turkish character saving problem
Turkish character saving problem
Solution:
Solution:
$ file -i input.file $ cat input.file $ iconv -f ISO-8859-1 -t UTF-8//TRANSLIT input.file -o out.file $ cat out.file $ file -i out.file
Wednesday, April 3, 2019
Utility Functions for Resilient (fn_utilities-1.0.6.zip) installation problem
Resilient Functions simplify development of integrations by wrapping each external activity into an individual workflow component. These components can be easily installed, then used and combined in Resilient workflows. The Resilient platform sends data to the function component that performs an activity then returns the results to the workflow. The results can be acted upon by scripts, rules, and workflow decision points to dynamically orchestrate the security incident response activities.
The Utility Functions integration package contains several useful workflow functions for common automation and integration activities in Resilient. These include:
Function to call generic REST/JSON web service APIs,
Function to run arbitrary shell scripts (bash and PowerShell),
Functions to fetch SSL certificates from a server and parse them,
Functions to work with Excel, HTML, XML, JSON and EML files,
Functions to work with Resilient attachments: calculate hashes, list and extract ZIP archives, convert to and from base64
And more.
Problem:
[root@resilient ~]# pip install fn_utilities-1.0.6.zip
Processing ./fn_utilities-1.0.6.zip
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 1, in <module>
IOError: [Errno 2] No such file or directory: '/tmp/pip-req-build-k_Apec/setup.py'
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-req-build-k_Apec/
Solution:
[root@resilient ~]# unzip fn_utilities-1.0.6.zip
Archive: fn_utilities-1.0.6.zip
inflating: fn_utilities-1.0.6.tar.gz
[root@resilient ~]# pip install fn_utilities-1.0.6.tar.gz
The Utility Functions integration package contains several useful workflow functions for common automation and integration activities in Resilient. These include:
Function to call generic REST/JSON web service APIs,
Function to run arbitrary shell scripts (bash and PowerShell),
Functions to fetch SSL certificates from a server and parse them,
Functions to work with Excel, HTML, XML, JSON and EML files,
Functions to work with Resilient attachments: calculate hashes, list and extract ZIP archives, convert to and from base64
And more.
Problem:
[root@resilient ~]# pip install fn_utilities-1.0.6.zip
Processing ./fn_utilities-1.0.6.zip
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 1, in <module>
IOError: [Errno 2] No such file or directory: '/tmp/pip-req-build-k_Apec/setup.py'
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-req-build-k_Apec/
Solution:
[root@resilient ~]# unzip fn_utilities-1.0.6.zip
Archive: fn_utilities-1.0.6.zip
inflating: fn_utilities-1.0.6.tar.gz
[root@resilient ~]# pip install fn_utilities-1.0.6.tar.gz
Tuesday, April 2, 2019
log samples
Sample log messages; these logs can be used for SIEM rule testing.
https://ossec-docs.readthedocs.io/en/latest/log_samples/
https://ossec-docs.readthedocs.io/en/latest/log_samples/
Subscribe to:
Posts (Atom)