Sunday, June 29, 2014

HOWTO : Shellter on PE files

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created.

It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants and/or he chooses Basic Mode), adding an extra section with RWE access,and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application.



That's all! See you.

Saturday, June 28, 2014

HOWTO : The Mole on Kali Linux 1.0.7

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

- Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
- Command line interface. Different commands trigger different actions.
- Auto-completion for commands, command arguments and database, table and columns names.
- Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections through GET/POST/Cookie parameters.
- Developed in python 3.
- Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.

Tutorials

Quick start
Command Usage
Exploiting injections through POST/Cookies
Filters - bypassing IDS/IPS
Exploiting injections that return binary data
Writing custom filters

Installation

apt-get update
apt-get install themole


Run it

themole -h
themole -u "http://www.samiux.com/?id=1" -n "admin"





That's all! See you.

Saturday, June 14, 2014

HOWTO : Fix the half installed package in Kali Linux/Debian

I forgot to delete the Iceweasel on my Kali Linux before installing Firefox. The firefox installation is failed as expected. I removed the sources.list entry of the firefox and conducted "apt-get update". However, I got a message of "the package firefox-mozilla-build needs to be reinstalled, but I can't find an archive for it". The apt-get command does not work properly anymore.

Later, I fixed the problem by issuing the following commands :

sudo dpkg-reconfigure firefox-mozilla-build --force
sudo dpkg --purge --force-all firefox-mozilla-build


After that, I perform "sudo apt-get update", the error message gone.

That's all! See you.

Wednesday, June 11, 2014

sysdig and Attackers

When a system is compromised, attackers usually erase the syslog and other related log files in order to hide his/her intrusion activities.

Nowadays, attackers should also erase one more log file, namely sysdig. sysdig will log all the activities in a file, namely *.scap.gz. Sysadmin can backtrack all the activities of all users (including intruders).

For more details of sysdig, you can refer to Draios Blog - Fishing for Hackers: Analysis of a Linux Server Attack.

That's all! See you.

Sunday, June 01, 2014

Facebook Vulnerability - Name by Phone Number

ubugnu discovered a vulnerability in Facebook that you can search the users in the Facebook by random generated telephone numbers. He also developed a bash script to proof his concept. The script will find all the matching telephone numbers to the owners (Facebook users who have registered their telephone number in their accounts).

For details, please read the developer's GitHub page.

That's all! See you.

BONUS

Facebook Vulnerability - Hidden Friends Crawler