dns2proxy – Offensive DNS server

Keep on Guard!


dns2proxy is an offensive DNS server that offers various features for post-exploitation once you’ve changed the DNS server of a victim.

dns2proxy - Offensive DNS server

It’s very frequently used in combination with sslstrip.

Features

  • Traditional DNS Spoofing
  • Implements DNS Spoofing via Forwarding
  • Detects and corrects changes for sslstrip to work

Usage

Using the spoof.cfg config file with the format:

Or you can use domains.cfg file to spoof all hosts of a domain (wildcard):

Hostnames at nospoof.cfg will not be spoofed.


Config Files

domains.cfg – resolve all hosts/subdomains for the listed domains with the given IP.

spoof.cfg – Spoof a single host with a given IP.

nospoof.cfg – Send always a legit response when responding for these hosts.

nospoofto.cfg – Don’t send fake responses to the IPs listed there.

victims.cfg – If not empty, only send fake responses to these IP addresses.

resolv.conf DNS server to forward legitimate queries to.

You can download dns2proxy here:

dns2proxy-master.zip

Or read more here.


Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment

icmpsh – Simple ICMP Reverse Shell

Outsmart Malicious Hackers


icmpsh is a simple ICMP reverse shell with a win32 slave and a POSIX-compatible master in C, Perl or Python. The main advantage over the other similar open source tools is that it does not require administrative privileges to run onto the target machine.

icmpsh - Simple ICMP Reverse Shell

The tool is clean, easy and portable. The slave (client) runs on the target Windows machine, it is written in C and works on Windows only whereas the master (server) can run on any platform on the attacker machine as it has been implemented in C and Perl by and this port is in Python.

Features

  • Open source software.
  • Client/server architecture.
  • The master is portable across any platform that can run either C, Perl or Python code.
  • The target system has to be Windows because the slave runs on that platform only for now.
  • The user running the slave on the target system does not require administrative privileges.

Running the master

The master is straight forward to use. There are no extra libraries required for the C and Python versions. The Perl master however, has the following dependencies:

  • IO::Socket
  • NetPacket::IP
  • NetPacket::ICMP

When running the master, don’t forget to disable ICMP replies by the OS. For example:

If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive commands send from the master.

Running the slave

The slave comes with a few command line options as outlined below:

In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer.

You can download icmpsh here:

icmpsh-master.zip

Or read more here.


Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment

Free Manual Pen-Testing Tools

Outsmart Malicious Hackers


Not long after releasing v11 of their scanner, Acunetix has decided to deliver free manual pen-testing tools. Previously these tools were only available to paying Acunetix customers, now anyone can use them to make their manual web application testing easier.

Free Manual Pen Testing Tools

Penetration testers can make use of an HTTP Editor to modify or craft HTTP requests and analyse responses; intercept and modify HTTP traffic on the fly using the integrated HTTP Sniffer; fuzz test HTTP requests using the HTTP Fuzzer and test Blind SQL Injection vulnerabilities further using the Blind SQL Injector, among others.

The Tools

  • HTTP Editor: Allows you to create, analyze and edit client HTTP requests; as well as inspect server responses. It also includes an encoding and decoding tool to encode/decode text and URL’s to MD5 hashes, UTF-7 and other formats.
  • HTTP Sniffer: A proxy that allows you to analyse HTTP requests and responses, and edit these while they are in transit. The HTTP sniffer can also be used to manually crawl a site, and use the manual crawl to seed an Acunetix scan.
  • HTTP Fuzzer: A tool which allows you to automatically send a large number of HTTP requests including invalid, unexpected and random data to a website, to test input validation and handling of invalid data by the web application.
  • Blind SQL Injector: An automated database data exfiltration tool. By using Blind SQL injection vulnerabilities discovered when scanning a website, it is possible to demonstrate the serious impact a Blind SQL injection vulnerability can have on the website. Used to enumerate databases, tables, fields and dump data from the vulnerable web application.
  • Subdomain Scanner: Scans a top-level domain to discover subdomains configured in its hierarchy, by using the target domain’s DNS server, or any other DNS server specified by the user. While scanning, this tool will also automatically identify and inform the user if the domain being scanned is using some kind of wildcard characters, such as *.domain.com.
  • Target Finder: An IP range / port scanner which can be used to discover running web servers on a given IP or within a specified range of IPs. The list of ports on which the web servers are listening can also be configured. The default ports the scanner will scan are port 80 for HTTP and port 443 for SSL.
  • Authentication Tester: Used to test the strength of both usernames and passwords within HTTP and web forms authentication environments via a dictionary attack.

Acunetix Free Manual Pen Testing Tools

There are also detailed documents with examples for:

You can download the tools here:

Acunetix Free Manual Pen Testing Tools

You can read more here:

Acunetix Release Web Site Security Pen Testing Tools Free


Tags: , , , , , , ,

Posted in: Advertorial | Add a Comment

ZGrab – Application Layer Scanner For ZMap

Outsmart Malicious Hackers


ZGrab is a Go-based application layer scanner that operates with ZMap and supports multiple protocols and services including TLS, IMAP, SMTP, POP3 etc.

ZGrab - Application Layer Scanner For ZMap

It also stores TLS version and can detect Heartbleed.

Building

You will need to have a valid $GOPATH set up, for more information about $GOPATH, see https://golang.org/doc/code.html.

Once you have a working $GOPATH, run:

This will install zgrab under $GOPATH/src/github.com/zmap/zgrab

Usage

Example:

You can download ZGrab here:

zgrab-v0.0.1.zip

Or read more here.


Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
p0wnedShell - PowerShell Runspace Post Exploitation Toolkit

p0wnedShell – PowerShell Runspace Post Exploitation Toolkit

p0wnedShell is an offensive PowerShell Runspace Post Exploitation host application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a PowerShell run space environment (.NET). It has a lot of offensive PowerShell modules and binaries included making the process of Post Exploitation easier. What the author tried was […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment
MongoDB Ransack - Over 33,000 Databases Hacked

MongoDB Ransack – Over 33,000 Databases Hacked

Ah our favourite database in the news again, being hailed as the MongoDB Ransack a whole bunch of people have turned the insecure MongoDB default configuration into a ransom opportunity. They are deleting/stealing databases and soliciting bitcoin payments to return the data. With multiple actors doing the same stuff though it’s hard to know who […]

Tags: , , , , , , , , ,

Posted in: Database Hacking, Privacy | Add a Comment
Fluxion - Automated EvilAP Attack Tool

Fluxion – Automated EvilAP Attack Tool

Fluxion is an automated EvilAP attack tool for carrying out MiTM attacks on WPA Wireless networks written in a mix of Bash and Python. Fluxion is heavily based off Linset the Evil Twin Attack Bash Script, with some improvements and bug-fixes. How it Works Scan the networks. Capture a handshake (can’t be used without a […]

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Password Cracking, Wireless Hacking | Add a Comment
Exitmap - Tor Exit Relay Scanner

Exitmap – Tor Exit Relay Scanner

Exitmap is a fast and modular Python-based Tor exit relay scanner. Exitmap modules implement tasks that are run over (a subset of) all exit relays. If you have a background in functional programming, think of exitmap as a map() interface for Tor exit relays. Modules can perform any TCP-based networking task; fetching a web page, […]

Tags: , , , , , , ,

Posted in: Network Hacking, Privacy | Add a Comment
DAVScan - WebDAV Security Scanner

DAVScan – WebDAV Security Scanner

DAVScan is a quick and lightweight WebDAV security scanner designed to discover hidden files and folders on DAV enabled web servers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities. The scanner attempts to fingerprint the target server and then spider the server […]

Tags: , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Wycheproof - Test Crypto Libraries Against Known Attacks

Wycheproof – Test Crypto Libraries Against Known Attacks

Project Wycheproof is a tool to test crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product. At Google, they rely on many third party cryptographic software libraries. Unfortunately, in cryptography, subtle mistakes can have catastrophic consequences, and they found that […]

Tags: , , , , , , , ,

Posted in: Countermeasures, Cryptography, Programming | Add a Comment