domingo, abril 26, 2020

Project iKy V2.5.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface


Project iKy is a tool that collects information from an email and shows results in a nice visual interface.

Visit the Gitlab Page of the Project

Installation

Clone repository

git clone https://gitlab.com/kennbroorg/iKy.git

Install Backend

Redis

You must install Redis
wget http://download.redis.io/redis-stable.tar.gz
tar xvzf redis-stable.tar.gz
cd redis-stable
make
sudo make install

Python stuff and Celery

You must install the libraries inside requirements.txt
python3 -m pip install -r requirements.txt

Install Frontend

Node

First of all, install nodejs.

Dependencias

Inside the directory frontend install the dependencies
cd frontend
npm install

Wake up iKy Tool

Turn on Backend

Redis

Turn on the server in a terminal
redis-server

Python stuff and Celery

Turn on Celery in another terminal, within the directory backend
./celery.sh
Again, in another terminal turn on backend app from directory backend
python3 app.py

Turn on Frontend

Finally, to run frontend server, execute the following command from directory frontend
npm start

Screen after turn on iKy


Browser

Open the browser in this url

Config API Keys

Once the application is loaded in the browser, you should go to the Api Keys option and load the values of the APIs that are needed.

  • Fullcontact: Generate the APIs from here
  • Twitter: Generate the APIs from here
  • Linkedin: Only the user and password of your account must be loaded
  • HaveIBeenPwned : Generate the APIs from here (Paid)
  • Emailrep.io : Generate the APIs from here

Wiki



Demo Videos


iKy eko15


iKy Version 2


Testing iKy with Emiliano


Testing iKy with Giba


iKy version 1

iKy version 0

Disclaimer

Anyone who contributes or contributed to the project, including me, is not responsible for the use of the tool (Neither the legal use nor the illegal use, nor the "other" use).
Keep in mind that this software was initially written for a joke, then for educational purposes (to educate ourselves), and now the goal is to collaborate with the community making quality free software, and while the quality is not excellent (sometimes not even good) we strive to pursue excellence.
Consider that all the information collected is free and available online, the tool only tries to discover, collect and display it. Many times the tool cannot even achieve its goal of discovery and collection. Please load the necessary APIs before remembering my mother. If even with the APIs it doesn't show "nice" things that you expect to see, try other e-mails before you remember my mother. If you still do not see the "nice" things you expect to see, you can create an issue, contact us by e-mail or by any of the RRSS, but keep in mind that my mother is neither the creator nor Contribute to the project.
We do not refund your money if you are not satisfied. I hope you enjoy using the tool as much as we enjoy doing it. The effort was and is enormous (Time, knowledge, coding, tests, reviews, etc.) but we would do it again. Do not use the tool if you cannot read the instructions and / or this disclaimer clearly.
By the way, for those who insist on remembering my mother, she died many years ago but I love her as if she were right here.




via KitPloit
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
Related news

posted by sedicereiby at 1:19 p. m. 0 comments

JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan


A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

Features
  • Scanning the Joomla CMS sites in search of components/extensions (database of more than 600 components);
  • Locate the browsable folders of component (Index of ...);
  • Locate the components disabled or protected
  • Locate each file useful to identify the version of a components (Readme, Manifest, License, Changelog)
  • Locate the robots.txt file or error_log file
  • Supports HTTP or HTTPS connections
  • Connection timeout

Next Features
  • Locate the version of Joomla CMS
  • Find Module
  • Customized User Agent and Random Agent
  • The user can change the connection timeout
  • A database of vulnerable components

Usage
usage: python joomlascan.py [-h] [-u URL] [-t THREADS] [-v]
optional arguments:
-h, --help              show this help message and exit

-u URL, --url URL       The Joomla URL/domain to scan.
-t THREADS, --threads   THREADS
                        The number of threads to use when multi-threading
                        requests (default: 10).
-v, --version           show program's version number and exit

Requirements
  • Python
  • beautifulsoup4 (To install this library from terminal type: $ sudo easy_install beautifulsoup4 or $ sudo pip install beautifulsoup4)

Changelog
  • 2016.12.12 0.5beta > Implementation of the Multi Thread, Updated database from 656 to 686 components, Fix Cosmetics and Minor Fix.
  • 2016.05.20 0.4beta > Find README.md, Find Manifes.xml, Find Index file of Components (Only if descriptive), User Agent and TimeOut on Python Request, Updated database from 587 to 656 components, Fix Cosmetics and Minor Fix.
  • 2016.03.18 0.3beta > Find index file on components directory
  • 2016.03.14 0.2beta > Find administrator components and file Readme, Changelog, License.
  • 2016.02.12 0.1beta > Initial release




More articles

posted by sedicereiby at 7:42 a. m. 0 comments

sábado, abril 25, 2020

USE OF CRYPTOGRAPHY IN HACKING

WHAT IS CRYPTOGRAPHY?

The process of transforming information into nonhuman readable form or vice versa is called cryptography.

Cryptography is the science of ciphering and deciphering messages.

                 
                            OR

Cryptography is a method of protecting information and communication through the use of codes so that only those whom the information is intended can read and process it.

In Computer Science, cryptography refers to secure information and communication techniques derived from mathematical concepts , a set of rule based calculations called algorithm to transform message in ways the hard to readable for human.


Information plays a vital role in running of business and organizations etc, information in the wrong hands can leads to loss of business.

To secure communication organizations use cryptology to cipher information .





Related news

  1. Growth Hacking Libro
  2. Hacking Health
  3. Growth Hacking Marketing

posted by sedicereiby at 6:15 p. m. 0 comments

APT Calypso RAT, Flying Dutchman Samples



Reference


 Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.




Download

             Other malware




Hashes




MD5SHA256SHA1FilenameFile TyeeStage
aa1cf5791a60d56f7ae6da9bb1e7f01ed5afa3bfd423ba060207ad025467feaa56ac53d13616ac8782a7f63c9fc0fdb4bdd8b9115d1ae536d0ea1e62052485e5ad10761fMPSSVC.dllpe dllCalypso RAT Payload
1e765fed294a7ad082169819c95d2c85f6a09372156a8aef96576627a1ed9e57f194b008bb77e32ca29ac89505f933f060dda7ccd9ae00701046923b619a1b9c33c8e2acWscntfy.exepe exeCalypso RAT Dropper
17e05041730dcd0732e5b296db16d757b6c21c26aef75ad709f6c9cfa84bfa15b7ee709588382ce4bc3544a04bceb661f3301405d8ad5b160747241d6b2a8d88bf6292e8pe exeCalypso RAT Dropper
1ed72c14c4aab3b66e830e16ef90b37beebff21def49af4e85c26523af2ad659125a07a09db50ac06bd3746483c89f9ddc0d0a34f107d140d9e47582e17a7fec945403eacoal.exepe exeCalypso RAT Dropper
e24a62d9826869bc4817366800a8805cc407c3dde18c9b56ed24492ca257d77a570616074356b8c7854a080823f7ee1753791c9e7c41931a6becb999fee4eb7daf9b1a11data01.binpe dllCalypso RAT Dropper
c9c39045fa14e94618dd631044053824ab39301d45045172ad41c9a89210fdc6f0d3f9dccb567fd733b0dbffbfcfbcc31cda28bc307c09508dbb1f3495a967bbcc29326epe exeCalypso RAT Dropper
69322703b8ef9d490a20033684c28493e6a3b43acdaa824f3280095b10798ea341839f7d43f0460df8989f13c98fa6e0f203680d97705d99f92fe9797691be6177f5fd41RasCon.dllpe dllCalypso RAT Dropper
85ce60b365edf4beebbdd85cc971e84d5dfdee5dd680948d19ab4d16df534cf10aca5fa0b157c59659d6517fe897c62fd9c14f7b6de8e26ae33e41a72ae8e35bb1af4434pe exeCalypso RAT Dropper
6347e42f49a86aff2dea7c8bf455a52a281583aca23f8fd8745dd88a600cbfc578d819859a13957ec022b86c3c1c99f48b2a81af85590e0e36efc1c05aa4f0600ea21545HIDMgr.dllpe dllCalypso RAT Dropper
cb914fc73c67b325f948dd1bf97f57330031c7b63c1e1cd36d55f585d97e2b21a13a19858d5a1aa5455e5cc64b41e6e937ce4d0a3168e3b2f80b3fae38082e68a454aee0pe exeCalypso RAT Dropper
c84df4b2cd0d3e7729210f15112da7ac4e8351ddaff18f7df6fcc27a3c75598e0c56d3b406818d45effb4e78616092c241a0c5a1aad36f405c8755613c732591e3300f97mscorsvw.dllpe dllCalypso RAT Dropper
5199ef9d086c97732d97eddef56591ec511683c8ee62478c2b45be1f782ce678bbe03c4349a1778651414803010b3ee9d19a786adc09dff84642f2c2e0386193fa2a914bdnscache.dllpe dllFlyingDutchman
06c1d7bf234ce99bb14639c194b3b318a9a82099aa812d0c4025bee2b34f3b34c1d102773e36f1d50648815913dbe03d464ab9e11d371bf24de46c98c295d4afe7e957c1fromResource.exepedllFlyingDutchman
617d588eccd942f243ffa8cb13679d9c0664b09a86ec2df7dfe01a93e184a1fa23df66ea82cab39000944e418ec1f7b21b043fdcb582ed13cbf7dabcef6527762b5be93cpe dllHussar
2807236c2d905a0675878e530ed8b1f8314e438198f8cc2ee393c75f8e9f2ebd2b5133fd6f2b7deb1178f82782fc63302f6fe857632a67e87f4f3631bfa93713ccdf168aAeLookupMgr.dllpe dllCalypso RAT Payload
cce8c8ee42feaed68e9623185c3f7fe438cc404437b936660066b71cc87a28af1995248d6d4c471706eb1dd347129b4b9d2235c911b86bb6ad55d953a2f56ea78c5478e5AppCert.dll.crtCalypso RAT Payload
e1a578a069b1910a25c95e2d9450c710413622ded5d344a5a78de4fea22cfdabdeb4cdccf69e9a1f58f668096c32473836087a5b0809dc3f9dc5a77355a88e99af491a88RasCfgMan.dll.crtCalypso RAT Payload
0d532484193b8b098d7eb14319cefcd3f8043d6bfc3e63d8561f7f74e65cb7ff1731577ecf6c7559795d9de21298f0fc31f4c6dc6ce78b4e0439b30c830dfd5d9a3fc4feRasCfgMan.dllpe dllCalypso RAT Payload
974298eb7e2adfa019cae4d1a927ab070461710e681fd6dc9f1c83b57f94a88cd6df9e6432174cbfdd70dfd24577a0f841bc37679ce3caeecc176d10b4f8259918e25807VirtualUMP.dll.crtCalypso RAT Payload
05f472a9d926f4c8a0a372e1a71939988017923cd8169bf951106f053408b425f1eb310a9421685638ead55bb3823db38d909bd3450ebe0cffd0cb17b91bc28d23ef5083EFSProvider.dll.crtCalypso RAT Payload
d1a1166bec950c75b65fdc7361dcdc63f3f38c097b0cc5337b7d2dbec098bf6d0a3bb4a3e0336e7b1c8af75268a0a49d5731350f68a74fb4762c4ea878ecff635588a825RasCon.dllpe dll 64bits assemblyCalypso RAT Payload
e3e61f30f8a39cd7aa25149d0f8af5efc4dc7519bccc24c53794bf9178e4a4d0823875c34479d01cedbb3e9b10f5c7301b75ea494c3ac171c5177bdcc263b89a3f24f207MPSSVC.dllpe dllCalypso RAT Payload

Related news


posted by sedicereiby at 10:21 a. m. 0 comments

jueves, abril 23, 2020

Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources


About Lockdoor-Framework
    Author: SofianeHamlaoui
   Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

   LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

Lockdoor-Framework installation:
   For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

   Open your Terminal and enter these commands:

You can watch detail here:

Lockdoor Tools contents 🛠️:
 * Information Gathering 🔎:
  • dirsearch: A Web path scanner
  • brut3k1t: security-oriented bruteforce framework
  • gobuster: DNS and VHost busting tool written in Go
  • Enyx: an SNMP IPv6 Enumeration Tool
  • Goohak: Launchs Google Hacking Queries Against A Target Domain
  • Nasnum: The NAS Enumerator
  • Sublist3r: Fast subdomains enumeration tool for penetration testers
  • wafw00f: identify and fingerprint Web Application Firewall
  • Photon: ncredibly fast crawler designed for OSINT.
  • Raccoon: offensive security tool for reconnaissance and vulnerability scanning
  • DnsRecon: DNS Enumeration Script
  • Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
  • sherlock: Find usernames across social networks
  • snmpwn: An SNMPv3 User Enumerator and Attack tool
  • Striker: an offensive information and vulnerability scanner.
  • theHarvester: E-mails, subdomains and names Harvester
  • URLextractor: Information gathering & website reconnaissance
  • denumerator.py: Enumerates list of subdomains
  • other: other Information gathering,recon and Enumeration scripts I collected somewhere.
  • ReconDog: Reconnaissance Swiss Army Knife
  • RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
  • Dracnmap: Info Gathering Framework
 * Web Hacking 🌐:
  • Spaghetti: Spaghetti - Web Application Security Scanner
  • CMSmap: CMS scanner
  • BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
  • J-dorker: Website List grabber from Bing
  • droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
  • Optiva: Web Application Scanner
  • V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • AtScan: Advanced dork Search & Mass Exploit Scanner
  • WPSeku: Wordpress Security Scanner
  • WPScan: A simple Wordpress scanner written in python
  • XSStrike: Most advanced XSS scanner.
  • SQLMap: automatic SQL injection and database takeover tool
  • WhatWeb: the Next generation web scanner
  • joomscan: Joomla Vulnerability Scanner Project
  • Dzjecter: Server checking Tool
 * Privilege Escalation ⚠️:
  • Linux 🐧:linux_checksec.sh
       linux_enum.sh
       linux_gather_files.sh
       linux_kernel_exploiter.pl
       linux_privesc.py
       linux_privesc.sh
       linux_security_test
       Linux_exploits folder
  • Windows Windows:   windows-privesc-check.py
       windows-privesc-check.exe
  • MySql:raptor_udf.c
       raptor_udf2.c
 * Reverse Engineering ⚡:
  • Radare2: unix-like reverse engineering framework
  • VirtusTotal: VirusTotal tools
  • Miasm: Reverse engineering framework
  • Mirror: reverses the bytes of a file
  • DnSpy: .NET debugger and assembly
  • AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
  • DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
  • Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
  • yara: a tool aimed at helping malware researchers toidentify and classify malware samples
  • Spike: a protocol fuzzer creation kit + audits
  • other: other scripts collected somewhere
 * Exploitation ❗:
  • Findsploit: Find exploits in local and online databases instantly
  • Pompem: Exploit and Vulnerability Finder
  • rfix: Python tool that helps RFI exploitation.
  • InUrlBr: Advanced search in search engines
  • Burpsuite: Burp Suite for security testing & scanning.
  • linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
  • other: other scripts I collected somewhere.
 * Shells 🐚:
  • WebShells: BlackArch's Webshells Collection
  • ShellSum: A defense tool - detect web shells in local directories
  • Weevely: Weaponized web shell
  • python-pty-shells: Python PTY backdoors
 * Password Attacks ✳️:
  • crunch : a wordlist generator
  • CeWL : a Custom Word List Generator
  • patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
 * Encryption - Decryption 🛡️:
  • Codetective: a tool to determine the crypto/encoding algorithm used
  • findmyhash: Python script to crack hashes using online services
 * Social Engineering 🎭:
  • scythe: an accounts enumerator

Contributing:
  1. Fork Lockdoor-Framework:
    git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a new Pull Request

Features 📙:
  • Pentesting Tools Selection 📙:
   Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
   what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
   Easy customization: Easily add/remove tools. (Added value)
   Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]
  • Resources and cheatsheets 📙 (Added value):
   Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
   Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Check the Wiki Pages to know more about the tool 📙:
Lockdoor-Framework's screenshots:
First Step
Lockdoor update
ROOT Menu
Information Gathering
Web Hacking
Exploitation
Reverse Engineering
Enc/Dec
Password Attacks
Shells
PrivEsc
Social Engineering
PSAFRT
Walkthroughs
About
Support the author:
   On Paypal: Sofiane Hamlaoui
   BTC Address: 

Related word


posted by sedicereiby at 12:46 p. m. 0 comments

SQL Injection Attacks And Defense | By Justin Clarke | Pdf Free

posted by sedicereiby at 7:07 a. m. 0 comments

Brutality: A Fuzzer For Any GET Entries

Brutalitys' Features
  • Multi-threading on demand.
  • Fuzzing, bruteforcing GET params.
  • Find admin panels.
  • Colored output.
  • Hide results by return code, word numbers.
  • Proxy support.
  • Big wordlist.
Screenshots:

Brutality's Installtion

How to use Brutality?

Examples:
   Use default wordlist with 5 threads (-t 5) and hide 404 messages (–e 404) to fuzz the given URL (http://192.168.1.1/FUZZ):
python brutality.py -u 'http://192.168.1.1/FUZZ' -t 5 -e 404

   Use common_pass.txt wordlist (-f ./wordlist/common_pass.txt), remove response with 6969 length (-r 6969) and proxy at 127.0.0.1:8080 (-p http://127.0.0.1:8080) to fuzz the given URL (http://192.168.1.1/brute.php?username=admin&password=FUZZ&submit=submit#):
python brutality.py -u 'http://192.168.1.1/brute.php?username=admin&password=FUZZ&submit=submit#' -f ./wordlist/common_pass.txt -r 6969 -p http://127.0.0.1:8080

ToDo List:
  • Smooth output.
  • Export file report.
  • Modularization.

Related word


posted by sedicereiby at 4:50 a. m. 0 comments

miércoles, abril 22, 2020

Linux Command Line Hackery Series - Part 6


Welcome back to Linux Command Line Hackery series, I hope you've enjoyed this series so far and would have learned something (at least a bit). Today we're going to get into user management, that is we are going to learn commands that will help us add and remove users and groups. So bring it on...

Before we get into adding new users to our system lets first talk about a command that will be useful if you are a non-root user.

Command: sudo
Syntax: sudo [options] command
Description: sudo allows a permitted user to execute a command as a superuser or another user.

Since the commands to follow need root privileges, if you are not root then don't forget to prefix these commands with sudo command. And yes you'll need to enter the root password in order to execute any command with sudo as root.

Command: useradd
Syntax: useradd [options] username
Description: this command is used for creating new user but is kinda old school.
Lets try to add a new user to our box.
[Note: I'm performing these commands as root user, you'll need root privileges to add a new user to your box. If you aren't root then you can try these commands by prefixing the sudo command at the very beginning of these command like this sudo useradd joe. You'll be prompted for your root password, enter it and you're good to go]

useradd joe

To verify that this command has really added a user to our box we can look at three files that store a users data on a Linux box, which are:

/etc/passwd -> this file stores information about a user separated by colons in this manner, first is login name, then in past there used to be an encrypted password hash at the second place however since the password hashes were moved to shadow file now it has a cross (x) there, then there is user id, after it is the user's group id, following it is a comment field, then the next field contains users home directory, and at last is the login shell of the user.

/etc/group  -> this file stores information about groups, that is id of the group and to which group an user belongs.

/etc/shadow -> this file stores the encrypted password of users.

Using our command line techniques we learned so far lets check out these files and verify if our user has been created:

cat /etc/passwd /etc/group /etc/shadow | grep joe



In the above screenshot you can notice an ! in the /etc/shadow, this means the password of this user has not been set yet. That means we have to set the password of user joe manually, lets do just that.

Command: passwd
Syntax: passwd [options] [username]
Description: this command is used to change the password of user accounts.
Note that this command needs root privileges. So if you are not root then prefix this command with sudo.

passwd joe



After typing this command, you'll be prompted password and then for verifying your password. The password won't show up on the terminal.
Now joe's account is up and running with a password.

The useradd command is a old school command, lets create a new user with a different command which is kinda interactive.

Command: adduser
Syntax: adduser [options] user
Description: adduser command adds a user to the system. It is more friendly front-end to the useradd command.

So lets create a new user with adduser.

adduser jane



as seen in the image it prompts for password, full name and many other things and thus is easy to use.

OK now we know how to create a user its time to create a group which is very easy.

Command: addgroup
Syntax: addgroup [options] groupname
Description: This command is used to create a new group or add an existing user to an existing group.

We create a new group like this

addgroup grownups



So now we have a group called grownups, you can verify it by looking at /etc/group file.
Since joe is not a grownup user yet but jane is we'll add jane to grownups group like this:

addgroup jane grownups



Now jane is the member of grownups.

Its time to learn how to remove a user from our system and how to remove a group from the system, lets get straight to that.

Command: deluser
Syntax: deluser [options] username
Description: remove a user from system.

Lets remove joe from our system

deluser joe

Yes its as easy as that. But remember by default deluser will remove the user without removing the home directory or any other files owned by the user. Removing the home directory can be achieved by using the --remove-home option.

deluser jane --remove-home

Also the --remove-all-files option removes all the files from the system owned by the user (better watch-out). And to create a backup of all the files before deleting use the --backup option.

We don't need grownups group so lets remove it.

Command: delgroup
Syntax: delgroup [options] groupname
Description: remove a group from the system.

To remove grownups group just type:

delgroup grownups



That's it for today hope you got something in your head.

More info


posted by sedicereiby at 10:12 p. m. 0 comments