Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...

Sunday, January 14, 2018

Linux Memory Cryptographic Keys Extractor - CryKeX





CryKeX - Linux Memory Cryptographic Keys Extractor

Properties:
  • Cross-platform
  • Minimalism
  • Simplicity
  • Interactivity
  • Compatibility/Portability
  • Application Independable
  • Process Wrapping
  • Process Injection

Dependencies:
  • Unix - should work on any Unix-based OS
    • BASH - the whole script
    • root privileges (optional)
Limitations:
  • AES and RSA keys only
  • Fails most of the time for Firefox browser
  • Won't work for disk encryption (LUKS) and PGP/GPG
  • Needs proper user privileges and memory authorizations

How it works
Some work has been already published regarding the subject of cryptograhic keys security within DRAM. Basically, we need to find something that looks like a key (entropic and specific length) and then confirm its nature by analyzing the memory structure around it (C data types).
The idea is to dump live memory of a process and use those techniques in order to find probable keys since, memory mapping doesn't change. Thanks-fully, tools exist for that purpose.
The script is not only capable of injecting into already running processes, but also wrapping new ones, by launching them separately and injecting shortly afterwards. This makes it capable of dumping keys from almost any process/binary on the system.
Of course, accessing a memory is limited by kernel, which means that you will still require privileges for a process.
Linux disk ecnryption (LUKS) uses anti-forensic technique in order to mitigate such issue, however, extracting keys from a whole memory is still possible.
Firefox browser uses somehow similar memory management, thus seems not to be affected.
Same goes for PGP/GPG.

HowTo
Installing dependencies:
sudo apt install gdb aeskeyfind rsakeyfind || echo 'have you heard about source compiling?'
An interactive example for OpenSSL AES keys:
openssl aes-128-ecb -nosalt -out testAES.enc
Enter a password twice, then some text and before terminating:
CryKeX.sh openssl
Finally, press Ctrl+D 3 times and check the result.
OpenSSL RSA keys:
openssl genrsa -des3 -out testRSA.pem 2048
When prompted for passphrase:
CryKeX.sh openssl
Verify:
openssl rsa -noout -text -in testRSA.pem
Let's extract keys from SSH:
echo 'Ciphers [email protected]' >> /etc/ssh/sshd_config
ssh [email protected]
CryKeX.sh ssh
From OpenVPN:
echo 'cipher AES-256-CBC' >> /etc/openvpn/server.conf
openvpn yourConf.ovpn
sudo CryKeX.sh openvpn
TrueCrypt/VeraCrypt is also affected: Select "veracrypt" file in VeraCrypt, mount with password "pass" and:
sudo CryKeX.sh veracrypt
Chromium-based browsers (thanks Google):
CryKeX.sh chromium
CryKeX.sh google-chrome
Despite Firefox not being explicitly affected, Tor Browser Bundle is still susceptible due to tunneling:
CryKeX.sh tor
As said, you can also wrap processes:
apt install libssl-dev
gcc -lcrypto cipher.c -o cipher
CryKeX.sh cipher
 wrap
 cipher




Share:

Thursday, January 11, 2018

Mr. Robot Season 3ª - 1080p Full Download




Mr. Robot is an American drama–thriller television series created by Sam Esmail. It stars Rami Malek as Elliot Alderson, a cybersecurity engineer and hacker who suffers from social anxiety disorder and clinical depression. Alderson is recruited by an insurrectionary anarchist known as "Mr. Robot", played by Christian Slater, to join a group of hacktivists called "fsociety". The group aims to destroy all debt records by encrypting the financial data of the largest conglomerate in the world, E Corp.

The pilot premiered on multiple online and video on demand services on May 27, 2015. The first season premiered on USA Network on June 24, 2015, and the second on July 13, 2016. The 10-episode third season premiered on October 11, 2017. In December 2017, Mr. Robot was renewed for a fourth season.


Mr. Robot has received critical acclaim and has been nominated for and won multiple awards, including the Golden Globe for Best Television Drama Series and was recognized with a Peabody Award. In 2016, the series received six Emmy nominations, including Outstanding Drama Series with Malek winning for Outstanding Lead Actor in a Drama Series.



Share:

Tuesday, January 9, 2018

Mr. Robot Season 2ª - 1080p Full Download





Mr. Robot is an American drama–thriller television series created by Sam Esmail. It stars Rami Malek as Elliot Alderson, a cybersecurity engineer and hacker who suffers from social anxiety disorder and clinical depression. Alderson is recruited by an insurrectionary anarchist known as "Mr. Robot", played by Christian Slater, to join a group of hacktivists called "fsociety". The group aims to destroy all debt records by encrypting the financial data of the largest conglomerate in the world, E Corp.

The pilot premiered on multiple online and video on demand services on May 27, 2015. The first season premiered on USA Network on June 24, 2015, and the second on July 13, 2016. The 10-episode third season premiered on October 11, 2017. In December 2017, Mr. Robot was renewed for a fourth season.





Mr. Robot has received critical acclaim and has been nominated for and won multiple awards, including the Golden Globe for Best Television Drama Series and was recognized with a Peabody Award. In 2016, the series received six Emmy nominations, including Outstanding Drama Series with Malek winning for Outstanding Lead Actor in a Drama Series.




Share:

Monday, January 8, 2018

Mr. Robot Season 1ª - 720p Full Download





Mr. Robot is an American drama–thriller television series created by Sam Esmail. It stars Rami Malek as Elliot Alderson, a cybersecurity engineer and hacker who suffers from social anxiety disorder and clinical depression. Alderson is recruited by an insurrectionary anarchist known as "Mr. Robot", played by Christian Slater, to join a group of hacktivists called "fsociety". The group aims to destroy all debt records by encrypting the financial data of the largest conglomerate in the world, E Corp.

The pilot premiered on multiple online and video on demand services on May 27, 2015. The first season premiered on USA Network on June 24, 2015, and the second on July 13, 2016. The 10-episode third season premiered on October 11, 2017. In December 2017, Mr. Robot was renewed for a fourth season.





Mr. Robot has received critical acclaim and has been nominated for and won multiple awards, including the Golden Globe for Best Television Drama Series and was recognized with a Peabody Award. In 2016, the series received six Emmy nominations, including Outstanding Drama Series with Malek winning for Outstanding Lead Actor in a Drama Series.



Share:

Sunday, January 7, 2018

Epix Original Documentary - Deep Web





Deep Web investigates the events surrounding Silk Road, the online marketplace for selling illegal drugs on the dark web that was eventually shutdown by the FBI. At its peak it had over 900,000 registered users and generated over $1.2bn in sales. This documentary covers the trial of Silk Road owner Ross Ulbricht, who operated the site under the pseudonym ‘Dread Pirate Roberts’, and explores the issues of digital and constitutional rights, cryptography, the untraceable Bitcoin currency, and the War on Drugs.









Share:

Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors



















Share:

Infineon RSA Vulnerability - ROC




This tool is related to ACM CCS 2017 conference paper #124 Return of the Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli.

It enables you to test public RSA keys for a presence of the described vulnerability.

Update: The paper of the attack is already online, ACM version.

Currently the tool supports the following key formats:
  • X509 Certificate, DER encoded, one per file, *.der, *.crt
  • X509 Certificate, PEM encoded, more per file, *.pem
  • RSA PEM encoded private key, public key, more per file, *.pem (has to have correct header -----BEGIN RSA...)
  • SSH public key, *.pub, starting with "ssh-rsa", one per line
  • ASC encoded PGP key, *.pgp, *.asc. More per file, has to have correct header -----BEGIN PGP...
  • APK android application, *.apk
  • one modulus per line text file *.txt, modulus can be a) base64 encoded number, b) hex coded number, c) decimal coded number
  • JSON file with moduli, one record per line, record with modulus has key "mod" (int, base64, hex, dec encoding supported) certificate(s) with key "cert" / array of certificates with key "certs" are supported, base64 encoded DER.
  • LDIFF file - LDAP database dump. Any field ending with ";binary::" is attempted to decode as X509 certificate
  • Java Key Store file (JKS). Tries empty password & some common, specify more with --jks-pass-file
  • PKCS7 signature with user certificate
The detection tool is intentionally one-file implementation for easy integration / manipulation.

Pip install
Install with pip (installs all dependencies)
pip install roca-detect

Local install
Execute in the root folder of the package:
pip install --upgrade --find-links=. .

Dependencies
It may be required to install additional dependencies so pip can install e.g. cryptography package.
CentOS / RHEL:
sudo yum install python-devel python-pip gcc gcc-c++ make automake autoreconf libtool openssl-devel libffi-devel dialog
Ubuntu:
sudo apt-get install python-pip python-dev build-essential libssl-dev libffi-dev swig

Usage
To print the basic usage:
# If installed with pip / manually
roca-detect --help

# Without installation (can miss dependencies)
python roca/detect.py
The testing tool accepts multiple file names / directories as the input argument. It returns the report showing how many files has been fingerprinted (and which are those).
Example (no vulnerabilities found):
Running recursively on all my SSH keys and known_hosts:

$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2017-10-16 13:39:21 [51272] INFO Records tested: 92
2017-10-16 13:39:21 [51272] INFO .. PEM certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. DER certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. RSA key files: . 16
2017-10-16 13:39:21 [51272] INFO .. PGP master keys: 0
2017-10-16 13:39:21 [51272] INFO .. PGP total keys:  0
2017-10-16 13:39:21 [51272] INFO .. SSH keys:  . . . 76
2017-10-16 13:39:21 [51272] INFO .. APK keys:  . . . 0
2017-10-16 13:39:21 [51272] INFO .. JSON keys: . . . 0
2017-10-16 13:39:21 [51272] INFO .. LDIFF certs: . . 0
2017-10-16 13:39:21 [51272] INFO .. JKS certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. PKCS7: . . . . . 0
2017-10-16 13:39:21 [51272] INFO No fingerprinted keys found (OK)
2017-10-16 13:39:21 [51272] INFO ################################
Example (vulnerabilities found):
Running recursively on all my SSH keys and known_hosts:

$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] WARNING Fingerprint found in the Certificate
...
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2017-10-16 13:39:21 [51272] INFO Records tested: 92
2017-10-16 13:39:21 [51272] INFO .. PEM certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. DER certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. RSA key files: . 16
2017-10-16 13:39:21 [51272] INFO .. PGP master keys: 0
2017-10-16 13:39:21 [51272] INFO .. PGP total keys:  0
2017-10-16 13:39:21 [51272] INFO .. SSH keys:  . . . 76
2017-10-16 13:39:21 [51272] INFO .. APK keys:  . . . 0
2017-10-16 13:39:21 [51272] INFO .. JSON keys: . . . 0
2017-10-16 13:39:21 [51272] INFO .. LDIFF certs: . . 0
2017-10-16 13:39:21 [51272] INFO .. JKS certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. PKCS7: . . . . . 0
2017-10-16 13:39:21 [51272] INFO Fingerprinted keys found: 1
2017-10-16 13:39:21 [51272] INFO WARNING: Potential vulnerability
2017-10-16 13:39:21 [51272] INFO ################################

PGP key
In order to test your PGP key you can export it from your email client or download it from the PGP key server such as https://pgp.mit.edu/
You can also use gpg command line utility to export your public key:
gpg --armor --export [email protected] > mykey.asc

Advanced use case
Detection tool extracts information about the key which can be displayed:
roca-detect.py --dump --flatten --indent  ~/.ssh/

Advanced installation methods

Virtual environment
It is usually recommended to create a new python virtual environment for the project:
virtualenv ~/pyenv
source ~/pyenv/bin/activate
pip install --upgrade pip
pip install --upgrade --find-links=. .

Separate Python 2.7.13
We tested tool with Python 2.7.13 and it works (see Travis for more info). We have reports saying lower versions (<=2.6) do not work properly so we highly recommend using up to date Python 2.7
Use pyenv to install a new Python version locally if you cannot / don't want to update system Python.
It internally downloads Python sources and installs it to ~/.pyenv.
git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
exec $SHELL
pyenv install 2.7.13
pyenv local 2.7.13

Python 3
Basic testing routine is quite simple and works with Py3 but the rest of the code that processes the different key formats and extracts the modulus for inspection is not yet fully py3 ready.
We are working on Py3 compatible version.

Docker container
Run via Docker container to avoid environment inconsistency. Dockerfile source can be audited at https://hub.docker.com/r/unnawut/roca-detect/.
docker run --rm -v /path/to/your/keys:/keys --network none unnawut/roca-detect
Make sure to use --rm and --network none flags to disable container's network connection and delete the container after running.



Share:

Tool to simulate fake processes of analysis sandbox/VM software - Fake Sandbox Processes (FSP)


This small script will simulate fake processes of analysis, sandbox and/or VM software that some malware will try to avoid. You can download the original script (made by @x0rz ) in the orig directory.

You can also download my slightly optimized script in the main directory. The file is named fsp.ps1.

Script-Features
  • Some (good) spyware will stop spying on you as long as the processes run, which are created by this script.
  • Requirements: Powershell (preinstalled on Win 7 and newer)
  • Runs on every Windows since Vista
  • Tiny size
  • No CPU load
  • Easy to use
  • No network connection required

Installer-Features
  • Automatically install the script to your autostart directory
  • Extremely easy to install
  • Uninstaller to purge all files
  • NO requirements
  • Tiny size
  • Offline package
  • Automatic updater included - only if you want!

Usage:
Open the command line and paste this command (don't forget to adjust the path!):
Powershell -executionpolicy remotesigned -File "Your\Path\fsp.ps1"
After pressing ENTER you will be asked to either start or stop all processes.

Autostart
If you execute the powershell script with the above command, you will have to rerun it after every login or startup. In order to autostart the script I made an easy-to-use installer.
  • Download the fsp-installer.bat file from the release section.
  • Double-click it.
  • Now you will see this cmd window:


  • Choose "i" to start the installer.
  • Now enter "y" to start installing or "n" to abort.
  • If you entered "y" this image will now pop up:


  • Enter "y" to install the auto-updater or "n" to not install it (it'll work anyways, but it is recommended to install the updater).
You can now close the window or press any key to close it. The (un)installation is complete.

Uninstall
If you no longer want this program on your computer, you'll need the fsp-installer.bat file again. Run it and chose "u" to start the uninstallation process. Then enter "y" if you are ready to uninstall it.



If the process was successful, you'll see a confirmation screen.

Successfully tested on the following Windows versions:
  • Win 10 Professional
  • Win 8.1 Home
  • Win 7 Professional




Share:

A CMS Exploit Framework - cmsPoc



A CMS Exploit Framework.

Requirements
  • python2.7
  • Works on Linux, Windows

Usage
usage: cmspoc.py [-h]
 -t TYPE -s SCRIPT -u URL

optional arguments:
  -h, --help            show this help message and exit
  -t TYPE, --type TYPE  e.g.,phpcms
  -s SCRIPT, --script SCRIPT
                        Select script
  -u URL, --url URL     Input a target url

Examples
python cmspoc.py -t phpcms -s v960_sqlinject_getpasswd -u http://10.10.10.1:2500/phpcms960


Scripts
TYPE SCRIPT DESCRIPTION
phpcms v960_sqlinject_getpasswd phpcmsv9.6.0 wap模块 sql注入 获取passwd
icms v701_sqlinject_getadmin icmsv7.0.1 admincp.php sql注入 后台任意登陆
discuz v34_delete_arbitary_files discuz ≤ v3.4 任意文件删除
beecms v40_fileupload_getshell beecms ≤ V4.0_R_20160525 文件上传漏洞


Share:

Mail Header Analyzer - MHA



Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can:
  • Identify hop delays.
  • Identify the source of the email.
  • Identify hop country.

MHA is an alternative for the following:
Name Dev Issues
MessageHeader Google Not showing all the hops.
EmailHeaders Mxtoolbox Not accurate and slow.
Message Header Analyzer Microsoft Broken UI.

Installation
Install system dependencies:
sudo apt-get update
sudo apt-get install python-pip
sudo pip install virtualenv
Create a Python virtual environment and activate it:
virtualenv virt
source virt/bin/activate
Clone the GitHub repo:
git clone https://github.com/lnxg33k/MHA.git
Install Python dependencies:
cd MHA
pip install -r requirements.txt
Run the development server:
python server.py -d
You can change the bind address or port by specifying the appropriate options: python server.py -b 0.0.0.0 -p 8080
Everything should go well, now visit http://localhost:8080.

Docker
A Dockerfile is provided if you wish to build a docker image.
docker build -t mha:latest .
You can then run a container with:
docker run -d -p 8080:8080 mha:latest





Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition