Month: September 2018

Multiple Ways to Secure SSH Port

September 23, 2018by Black Hat Sec

Secure Shell (SSH) is defined as a network protocol to operate network services securely over an unsecured network. The standard TCP port for SSH is 22. The best application of SSH is to remotely login into computer systems by users. This article will be explaining about the network securities which help the network administrator to secure the service of SSH on any server through multiple ways. Methods Used: Port Forwarding Disable Password Based Login And Using PGP Key (Public Key) Disable Root Login and…

HackBar – HackBar Plugin For Burpsuite

September 22, 2018by Black Hat Sec

HackBar - HackBar Plugin For Burpsuite V1.0.RequirementsBurpsuiteJavaHow to InstallDownload Jar '' and add in burpsuiteTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Upcoming Features/ModulesCtrl + H (shortcut)WAF bypass (SQLi)Decoder/EncoderSimulate Attack (Automatically test complete cheat sheet with one click)GreetsAn0n 3xPloiTeR for SQLi && XSS payloadsPayloadsAllTheThings HackBar

Deauthentication Attack ⁄ Mac ⁄ MDK3 ⁄ Network-Attacker ⁄ NEW TOOLS ⁄ penetration testing

Network-Attacker – WiFi Stress Testing Beacon Flooding & Deauthentication Attack

September 22, 2018by Black Hat Sec

network-attacker V0.1 is a Wifi Stress Testing Bash Script Program Based on Mdk3 [Beacon Flooding & Deauthentication Attack] Created To Help Beginners And even Professionals For a eacon Flooding Or Deauthentication Attack On NetworksInstallationsudo apt-get install gitsudo git clone network-attackersudo chmod +x install.shsudo chmod +x network_attacker.sh./install.sh./network_attacker.shTested On :Backbox linuxUbuntuDebianKali linuxParrot osContactProgrammed By belahsan ouerghi Contact.Download Network-Attacker

CTF Challenges ⁄ TUTORIALS

Hack the MinU: 1 (CTF Challenge)

September 22, 2018by Black Hat Sec

Hello Friends! Today we are going to solve another CTF challenge “MinU: 1” This boot2root is an Ubuntu Based virtual machine and has been tested using Virtual Box. The network interface of the virtual machine will take its IP settings from DHCP. Your goal is to capture the flag on /root. You can download it from here: Level: Easy/Intermediate Penetrating Methodology Network scanning (Nmap) Web Directory Enumeration (Dirb) Found RCE Vulnerability Digging out JSON Web Token from inside ._pw_ Obtain password by using…

Burp ⁄ Burpcommander ⁄ Command Injection ⁄ NEW TOOLS ⁄ Scan

Burpcommander – Ruby Command-Line Interface To Burp Suite’s REST API

September 21, 2018by Black Hat Sec

Ruby command-line interface to Burp Suite's REST APIUsageburpcommander VERSION: 1.0.1 - UPDATED: 08/29/2018 -t, --target [IP Address] Defaults to 127.0.0.1 -p, --port [Port Number] Defaults to 1337 -k, --key [API Key] If you require an API key specify it here -i, --issue-type-id [String] String to search for. Example: "1048832" -n, --issue-name [String] String to search for. Example: "Command Injection" -D, --DESCRIPTION Returns the description of a requested issue -M, --METRICS Returns the scan_metrics for a given task_id -I, --ISSUES [Optional Number] Returns the issue_events…

Crawler ⁄ Crawling ⁄ Information Gathering ⁄ Mac ⁄ NEW TOOLS ⁄ Photon

Photon v1.1.4 – Incredibly Fast Crawler Designed For Recon

September 21, 2018by Black Hat Sec

Incredibly Fast Crawler Designed For Recon.Key FeaturesData ExtractionPhoton can extract the following data while crawling:URLs (in-scope & out-of-scope)URLs with parameters (example.com/gallery.php?id=2)Intel (emails, social media accounts, amazon buckets etc.)Files (pdf, png, xml etc.)Secret keys (auth/API keys & hashes)JavaScript files & Endpoints present in themStrings matching custom regex patternSubdomains & DNS related dataThe extracted information is saved in an organized manner or can be exported as json.FlexibleControl timeout, delay, add seeds, exclude URLs matching a regex pattern and other cool stuff. The extensive range of options…

AWS ⁄ Burp ⁄ Cobalt Strike ⁄ EC2 ⁄ hideNsneak ⁄ NEW TOOLS

hideNsneak – A CLI For Ephemeral Penetration Testing

September 20, 2018by Black Hat Sec

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.Black Hat Arsenal Video Demo Video - provides a simple interface that allows penetration testers to build ephemeral infrastructure -- one that requires minimal overhead. hideNsneak can: deploy, destroy, and list Cloud instances via EC2 and Digital Ocean (Google Cloud, Azure, and Alibaba Cloud coming soon)API Gateway (AWS)Domain…

Cyber espionage ⁄ Featured ⁄ Industrial control systems ⁄ Industrial threats ⁄ Internet of Things ⁄ Security Feeds ⁄ Targeted Attacks

Threats posed by using RATs in ICS

September 20, 2018by Black Hat Sec

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had used RATs to attack industrial organizations. In some cases, the attackers had stealthily installed RATs on victim organizations’ computers, while in other cases, they had been able to use the RATs that were installed in the organization at the time of the attacks.…

Door404 ⁄ NEW TOOLS ⁄ PHP ⁄ PHP Backdoor

Door404 – PHP Backdoor For Web Servers

September 19, 2018by Black Hat Sec

Door404 is Open Source PHP Backdoor For Web Servers Developed By MrSqar & Rizer This Project Developed For 2 ReasonsFirst" Help Beginners to learn coding . "Second" Help Newbie Servers Managers To Learn New Protection Tricks" Requirements PHPPHP CUrl OS LinuxScreenShots Video : Download Door404