Month: September 2018

penetration testingTUTORIALS

Multiple Ways to Secure SSH Port

Secure Shell (SSH) is defined as a network protocol to operate network services securely over an unsecured network. The standard TCP port for SSH is 22. The best application of SSH is to remotely login into computer systems by users. This article will be explaining about the network securities which help the network administrator to secure the service of SSH on any server through multiple ways.  Methods Used: Port Forwarding Disable Password Based Login And Using PGP Key (Public Key) Disable Root Login and…

Burp ExtensionsBurp PluginBurpsuite ExtenderHackBarNEW TOOLSSQLiXSS

HackBar – HackBar Plugin For Burpsuite

HackBar - HackBar Plugin For Burpsuite V1.0.RequirementsBurpsuiteJavaHow to InstallDownload Jar '' and add in burpsuiteTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Upcoming Features/ModulesCtrl + H (shortcut)WAF bypass (SQLi)Decoder/EncoderSimulate Attack (Automatically test complete cheat sheet with one click)GreetsAn0n 3xPloiTeR for SQLi && XSS payloadsPayloadsAllTheThings HackBar

Deauthentication AttackMacMDK3Network-AttackerNEW TOOLSpenetration testing

Network-Attacker – WiFi Stress Testing Beacon Flooding & Deauthentication Attack

network-attacker V0.1 is a Wifi Stress Testing Bash Script Program Based on Mdk3 [Beacon Flooding & Deauthentication Attack] Created To Help Beginners And even Professionals For a eacon Flooding Or Deauthentication Attack On NetworksInstallationsudo apt-get install gitsudo git clone network-attackersudo chmod +x install.shsudo chmod +x On :Backbox linuxUbuntuDebianKali linuxParrot osContactProgrammed By belahsan ouerghi Contact.Download Network-Attacker


Hack the MinU: 1 (CTF Challenge)

Hello Friends! Today we are going to solve another CTF challenge “MinU: 1” This boot2root is an Ubuntu Based virtual machine and has been tested using Virtual Box. The network interface of the virtual machine will take its IP settings from DHCP. Your goal is to capture the flag on /root. You can download it from here: Level: Easy/Intermediate Penetrating Methodology Network scanning (Nmap) Web Directory Enumeration (Dirb) Found RCE Vulnerability Digging out JSON Web Token from inside ._pw_ Obtain password by using…

BurpBurpcommanderCommand InjectionNEW TOOLSScan

Burpcommander – Ruby Command-Line Interface To Burp Suite’s REST API

Ruby command-line interface to Burp Suite's REST APIUsageburpcommander VERSION: 1.0.1 - UPDATED: 08/29/2018 -t, --target [IP Address] Defaults to -p, --port [Port Number] Defaults to 1337 -k, --key [API Key] If you require an API key specify it here -i, --issue-type-id [String] String to search for. Example: "1048832" -n, --issue-name [String] String to search for. Example: "Command Injection" -D, --DESCRIPTION Returns the description of a requested issue -M, --METRICS Returns the scan_metrics for a given task_id -I, --ISSUES [Optional Number] Returns the issue_events…

CrawlerCrawlingInformation GatheringMacNEW TOOLSPhoton

Photon v1.1.4 – Incredibly Fast Crawler Designed For Recon

Incredibly Fast Crawler Designed For Recon.Key FeaturesData ExtractionPhoton can extract the following data while crawling:URLs (in-scope & out-of-scope)URLs with parameters ( (emails, social media accounts, amazon buckets etc.)Files (pdf, png, xml etc.)Secret keys (auth/API keys & hashes)JavaScript files & Endpoints present in themStrings matching custom regex patternSubdomains & DNS related dataThe extracted information is saved in an organized manner or can be exported as json.FlexibleControl timeout, delay, add seeds, exclude URLs matching a regex pattern and other cool stuff. The extensive range of options…

AWSBurpCobalt StrikeEC2hideNsneakNEW TOOLS

hideNsneak – A CLI For Ephemeral Penetration Testing

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.Black Hat Arsenal Video Demo Video - provides a simple interface that allows penetration testers to build ephemeral infrastructure -- one that requires minimal overhead. hideNsneak can: deploy, destroy, and list Cloud instances via EC2 and Digital Ocean (Google Cloud, Azure, and Alibaba Cloud coming soon)API Gateway (AWS)Domain…

Cyber espionageFeaturedIndustrial control systemsIndustrial threatsInternet of ThingsSecurity FeedsTargeted Attacks

Threats posed by using RATs in ICS

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had used RATs to attack industrial organizations. In some cases, the attackers had stealthily installed RATs on victim organizations’ computers, while in other cases, they had been able to use the RATs that were installed in the organization at the time of the attacks.…


Door404 – PHP Backdoor For Web Servers

Door404 is Open Source PHP Backdoor For Web Servers Developed By MrSqar & Rizer This Project Developed For 2 ReasonsFirst" Help Beginners to learn coding . "Second" Help Newbie Servers Managers To Learn New Protection Tricks" Requirements PHPPHP CUrl OS LinuxScreenShots Video : Download Door404