UACMe – Defeat Windows User Account Control (UAC)
UACme is a compiled, C-based tool which contains a number of methods to defeat Windows User Account Control commonly known as UAC. It abuses the built-in Windows AutoElevate backdoor and contains 41 methods.
The tool requires an Admin account with the Windows UAC set to default settings.
Usage
Run executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param].
First param is number of method to use, second is optional command (executable file name including full path) to run. Second param can be empty – in this case program will execute elevated cmd.exe from system32 folder.
Examples:
|
1 2 3 4 |
akagi32.exe 1 akagi64.exe 3 akagi32 1 c:\windows\system32\calc.exe akagi64 3 c:\windows\system32\charmap.exe |
Caveats
- This tool shows ONLY popular UAC bypass method used by malware, and reimplements some of them in a different way improving original concepts. There exists different, not yet known to general public methods, be aware of these
- This tool is not intended for AV tests and not tested to work in an aggressive AV environment, if you still plan to use it with installed bloatware AV soft – you use it at your own risk
- Some AV may flag this tool as HackTool, MSE/WinDefender constantly marks it as malware
- If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code
- Most of the methods are created for x64, with no x86-32 support in mind. The author doesn’t see any sense in supporting 32-bit versions of Windows or wow64. However, with small tweaks, most of them will run under wow64 as well
You can download UACMe here:
Or read more here.
Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment
What You Need To Know About Server Side Request Forgery (SSRF)
SSRF or Server Side Request Forgery is an attack vector that has been around for a long time, but do you actually know what it is?
Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network.
Typically Server Side Request Forgery (SSRF) occurs when a web application is making a request, where an attacker has full or partial control of the request that is being sent. A common example is when an attacker can control all or part of the URL to which the web application makes a request to some third-party service.
There are various things you can use SSRF for such as:
- Scanning other machines within the private network of the vulnerable server that aren’t externally accessible
- Performing Remote File Inclusion (RFI) attacks
- Bypassing firewalls and use the vulnerable server to carry out malicious attacks
- Retrieving server files (including
/etc/passwdetc)
This is example code in PHP that is vulnerable to SSRF:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
<?php /** * Check if the 'url' GET variable is set * Example - http://localhost/?url=http://testphp.vulnweb.com/images/logo.gif */ if (isset($_GET['url'])){ $url = $_GET['url']; /** * Send a request vulnerable to SSRF since * no validation is being done on $url * before sending the request */ $image = fopen($url, 'rb'); /** * Send the correct response headers */ header("Content-Type: image/png"); /** * Dump the contents of the image */ fpassthru($image); } |
You can read more from Acunetix here:
Posted in: Advertorial, Web Hacking | Add a Comment
SAML Raider – SAML2 Security Testing Burp Extension
SAML Raider is a Burp Suite extension for SAML2 security testing, it contains two core functionalities – Manipulating SAML Messages and managing X.509 certificates.
The extension is divided into two parts, a SAML message editor and a certificate management tool.
Features
Message Editor
Features of the SAML Raider message editor:
- Sign SAML Messages
- Sign SAML Assertions
- Remove Signatures
- Edit SAML Message (Supported Messages: SAMLRequest and SAMLResponse)
- Preview eight common XSW Attacks
- Execute eight common XSW Attacks
- Send certificate to SAMl Raider Certificate Management
- Undo all changes of a SAML Message
- Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile
- Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding
Certificate Management
Features of the SAML Raider Certificate Management:
- Import X.509 certificates (PEM and DER format)
- Import X.509 certificate chains
- Export X.509 certificates (PEM format)
- Delete imported X.509 certificates
- Display informations of X.509 certificates
- Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)
- Export private keys (traditional RSA Key PEM Format)
- Cloning X.509 certificates
- Cloning X.509 certificate chains
- Create new X.509 certificates
- Editing and self-sign existing X.509 certificates
You can download SAML Raider here:
Or read more here.
Posted in: Hacking Tools, Network Hacking | Add a Comment
faker.js – Tool To Generate Fake Data For Testing
faker.js is a tool to generate fake data in Node.js and in the browser, it has a lot of different data types to enable you to generate very customised and complete sets of fake or mock data for testing purposes.
It also supports multiple languages and locales and can generate a lot of data types to fit your use case.
Data Types
- address
- commerce
- company
- database
- date
- finance
- hacker
- helpers
- image
- internet
- lorem
- name
- phone
- random
- system
Usage
Browser
|
1 2 3 4 5 6 |
<script src = "faker.js" type = "text/javascript"></script> <script> var randomName = faker.name.findName(); // Caitlyn Kerluke var randomEmail = faker.internet.email(); // Rusty@arne.info var randomCard = faker.helpers.createCard(); // random contact card containing many properties </script> |
Node.js
|
1 2 3 4 5 |
var faker = require('faker'); var randomName = faker.name.findName(); // Rowan Nikolaus var randomEmail = faker.internet.email(); // Kassandra.Haley@erich.biz var randomCard = faker.helpers.createCard(); // random contact card containing many properties |
You can download faker.js here:
Or read more here.
Posted in: Hacking Tools, Programming | Add a Comment
Should US Border Cops Need a Warrant To Search Devices?
The answer from me is, OF COURSE, f&ck yes. They can’t search your home, car and anywhere else in the country, they would need a warrant to search devices too. A case by the EFF (Electronic Frontier Foundation) is heading to the Fifth Circuit Court of Appeals in the US to find out what should […]
Posted in: Legal Issues, Privacy | Add a Comment
jSQL – Automatic SQL Injection Tool In Java
jSQL is an automatic SQL Injection tool written in Java, it’s lightweight and supports 23 kinds of database. It is free, open source and cross-platform (Windows, Linux, Mac OS X) and is easily available in Kali, Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux. Features Automatic injection of 23 kinds of databases: Access CockroachDB […]
Posted in: Database Hacking, Hacking Tools | Add a Comment
Jack – Drag & Drop Clickjacking Tool For PoCs
Jack is a Drag and Drop web-based Clickjacking Tool for the assistance of development in PoCs made with static HTML and JavaScript. Jack is web based and requires either a web server to serve its HTML and JS content or can be run locally. Typically something like Apache will suffice but anything that is able […]
Posted in: Hacking Tools, Web Hacking | Add a Comment
US Voting Machines Hacked At DEF CON – Every One
US Voting Machines Hacked, some in minutes at this year’s DEF CON “Voting Village” – not something you want to hear really. Especially with the results of recent elections that the World is currently dealing with the consequences from. Of course with physical access, most machines can be dominated in some way or another – […]
Posted in: Exploits/Vulnerabilities, Hardware Hacking, Legal Issues | Add a Comment
CrackMapExec – Active Directory Post-Exploitation Tool
CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory features/protocols to achieve its functionality and allowing it to evade most endpoint protection/IDS/IPS solutions. CME makes heavy use of […]
Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment
EvilAbigail – Automated Evil Maid Attack For Linux
EvilAbigail is a Python-based tool that allows you run an automated Evil Maid attack on Linux systems, this is the Initrd encrypted root fs attack. An Evil Maid attack is a type of attack that targets a computer device that has been shut down and left unattended. An Evil Maid attack is characterized by the […]
Posted in: Exploits/Vulnerabilities, Hacking Tools, Linux Hacking | Add a Comment