Pular para o conteúdo principal

Postagens

MKBRUTUS – Brute Force para MikroTik e dispositivos com RouterOS

O MKBRUTUS é uma ferramenta desenvolvida em Python 3 que realiza ataques de força bruta em sistemas (baseados em dicionário) contra RouterOS (ver. 3.x ou superior), que têm a porta 8728/TCP aberto. O MKBRUTUS é uma ferramenta desenvolvida em Python 3 que realiza ataques de força bruta em sistemas (baseados em dicionário) contra RouterOS (ver. 3.x ou superior), que têm a porta 8728/TCP aberto. Desenvolvedores: Ramiro Caire  | ramiro.caire@gmail.com | Twitter: @rcaire Federico Massa | fgmassa@vanguardsec.com | Twitter: @fgmassa Projeto:   github.com/mkbrutusproject/mkbrutus 01 Passo Verifique a versão atual do python em seguida realiza a instalação da versão 3 root@kali:~# python –version (Exibe a versão do Python) root@kali:~# apt-get install python3 (Realiza a instalação do Python 3) 02 Passo Execute o comando de verificação da versão do Python novamente e observe que a versão não mudou mas a instalação da versão 3 foi realizada com suce

SMB Zero-Day vulnerability in Windows 8.1/10/Server

The United States Computer Emergency Readiness Team (US-CERT) has releases an official Advisory yesterday. Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system. Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys. In short – some Windows versions (clients an servers) contains a memory corruption bug in the code to handle SMB data traffic. The bug is contained within the kernel file mrxsmb20.sys. US-CERT writes, that the bug may be used by unauthenticated attacker to cause a denial of service (aka B

python_gdork_sqli: Automatically Finding and Exploiting SQL injection

Find SQL injections This python script is developed to show, how many vulnerables websites, which are laying around on the web. The main focus of the script is to generate a list of vuln urls. Please use the script with causing and alert the webadmins of vulnerable pages. The SQLmap implementation is just for showcasing. Installing git clone https://github.com/ThomasTJdev/python_gdork_sqli.git apt-get install python3-dev python3-pip pip3 install bs4 psutil cd python_gdork_sqli python3 findsqlinj.py Usage On section 1: In this section you’ll have to provide a search string, which ‘connects’ to the websites database, e.g. ‘php?id=’. The script then crawls Bing or Google for urls containing it. All of the urls can then be saved into a file. (Please be aware that you might get banned for crawling to fast, remember an appropriate break/sleep between request). Example of searchs: php?bookid=, php?idproduct=, php?bookid=, php?catid=, php?action=, php?cart_id=, php?title=, php?item

Prompt de comando do Windows: 10 comandos que você provavelmente não conhecia

O prompt de comando do Windows (CMD) pode também ser extremamente útil, assim como acontece no Linux. Aliás, no sistema operacional do pinguim, usuários mais experientes e/ou administradores geralmente preferem utilizá-lo, ao invés de interfaces gráficas repletas de “firulas”. A linha de comando é poderosa, precisa e prática, capaz de fornecer resultados de forma muito mais rápida, inúmeras vezes. Temido por uns, amado por outros e desconhecido por muitos, o prompt de comando, entretanto, tem sua razão de ser, e pode, com certeza, ser seu amigo. Vamos agora apresentar 10 comandos que você provavelmente não conhecia. Dez comandos muito úteis, aliás, para você utilizar no prompt de comando do Windows. Esqueça por um momento os já conhecidos e batidos “dir”, “ipconfig”, “cd” e “cls”, e vamos lá. Como abrir o prompt de comando no Windows Para abrir rapidamente o prompt de comando, simplesmente clique no menu “Iniciar”, digite “cmd” (sem aspas) e tecle <ENTER>.

SQLMap with Tor for Anonymity

In a previous tutorial, I had demonstrated how to use SqlMap to carry out Sql Injection on a website . In this tutorial, I will show you how to use Tor to add a layer of obscurity between you and the target website. Installing Tor Getting tor for Kali Linux is as simple as typing a single line in the terminal- apt-get instal tor If you have any problems installing, then do an apt-get update first. Start Tor This is also quite simple tor You'll see something like this- Root@kali: Sep 04 02:41:25.806 [notice] Tor v0.2.8.7 (git-cc2f02ef17899f86) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h and Zlib 1.2.8. Sep 04 02:41:25.806 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Sep 04 02:41:25.806 [notice] Read configuration file "/etc/tor/torrc". Sep 04 02:41:25.811 [notice] Opening Socks listener on 127.0.0.1:9050 Sep 04 02:41:25.000 [notice]

toriptables2g for GUI Desktop with notification

Tor Iptables script is an anonymizer that sets up iptables and tor to route all services and traffic including DNS through the tor network. Dependencies: tor python-notify sudo apt-get install tor python-notify Usage: toriptables2g.py -h Screenshots: Parrot Security OS Kali Linux, Rolling Edition Ubuntu 16.04.1 LTS (Xenial Xerus) Tor IPTables rules loaded To test: What is my IP address Check Tor Project Witch proxy checker IP leak test DNS leak test To change IP w/o reload: Refresh Check Tor project webpage sudo kill -HUP $( pidof tor ) Distro Specific Fix: Notification error sudo apt-get install mate-notification-daemon >>> https://bitbucket.org/ruped24/toriptables2g/src/

Simple Man-in-the-Middle Script: For Script Kiddies

This Is for the Script Kiddies: This tutorial is about a script written for the How to Conduct a Simple Man-in-the-Middle Attack written by the one and only OTW. Hello script kiddies, Just running a script doesn't give you the understanding of what's going on under the hood. Hence it's not hacking. Please read the the well written tutorial by the OTW before continuing. You will get a good understanding of what's going on under the hood and the tools that are used and why. What This Script Do: It will scan for victims, auto detect local interface and default gateway. Also set up the MitM attack for the victim, router, ipforward, and restore the victim when done. All you need to do is enter the victim's IP Address. That's it. What Tools Are Needed: Kali Linux or any pentesting distro Screenshot: Usage: Read the README.Md sudo ./mitm.py After Target Poisoned: Run sniffers in external terminals Note: Your local interface may differ