Saturday, April 25, 2020

Resolución De ExpedientesX De Código

Hoy me he topado con algo bastante gracioso que puede liarte unos minutos:

python
>>> import re
>>> a='owjf oasijf aw0oifj osfij 4.4.4.4 oasidjfowefij 192.168.1.1'


ok, pues ahora copy-pasteais cada una de estas:
re.findall('[0-9]̣̣',a)
re.findall('[0-9]',a)

Son exactamente iguales, pero si paseteais una da resultados diferente a si pasteais la otra :)

Pasteamos la primera:
>>> re.findall('[0-9]̣̣',a)
[]

Pasteamos la segunda:
>>> re.findall('[0-9]',a)
['0', '4', '4', '4', '4', '1', '9', '2', '1', '6', '8', '1', '1']


o_O, he repasado caracter a caracter y son visualmente iguales, si mirais en un editor hexa vereis que realmente no lo son, lógicamente no se trata de un expedienteX.

La cuestion es que según la fuente que tengais, debajo de la comilla o debajo del ] hay un punto microscópico :)

Esto es como cuando me emparanoie de que gmail cuando llevas un rato escribiendo un email y se hace auto-save, aparece una especie de acento raro en la pantalla :)

En estos casos, la metodología tipica de copypastear un trozo de la primera sentencia con el resto de la segunda sentencia, te lleva a los 2 caracteres que varían, pero no aprecias (segun la fuente que tengas) la diferéncia.



6572 662e 6e69 6164 6c6c 2728 305b 392d cc5d cca3 27a3 612c 0a29
6572 662e 6e69 6164 6c6c 2728 305b 392d 275d 612c 0a29

Son dígitos unicode, sabe Dios de que pais, y sabe Dios también como los escribí con mi teclado,
se me ocurren bromas de código fuente que se pueden hacer con esto :D, pero vamos, si tenemos metodología de reaccién ante expedientesX, sobretodo aquello de divide y vencerás dicotómico, en pocos minutos se resuelven este tipo de problemas.

Related articles


  1. Hacking Raspberry Pi
  2. Como Convertirse En Hacker
  3. Fake Hacking
  4. Hacking Roblox
Posted by at No comments:

Be like these 2 agents

Pre-S - We only have 4 demo slots left this week for our Pipeline Pro Tools software. If you want to get one before our Next Level deal expires and to take advantage of our 1-free-playbook offer, click here to book one before they're gone.

Today, you get to decide. What approach are you going to take to your business over the next 2-3 months?

In yesterday's email I outlined the 2 options you can choose from:

Option #1 - Play defense. Save, cut expenses, complain about the govt, be scared, hope and pray, refresh CNN and facebook all day. (<-- This is what 80% of agents will do.)

OR

Option #2 - Offense. Attack! Double down on lead gen. Look for new angles. Have your best 8 weeks EVER.

Most agents will choose option 1. It's definitely easier. It shifts responsibility onto someone else (the virus, the govt, the economy, etc).

...or you can be like Kelly.

Kelly joined my "2x your business" workshop earlier this month.

That night, she was restless. She downloaded the calculators and went to work reverse engineering her business. Figuring out how to grow in ANY market.

She calculated her lead number (91), then she got to work on the free marketing playbook we gave her. No excuses, no wasting time. She just took action.

The next morning, she woke up to 3 new leads in her inbox. See below:

Now is she rich yet? No. She will hit her lead number this month (she has generated 25 more leads since that FB post), and the commission checks will follow...

...just like Matt Mouser.

Matt Mouser's practice is in Belmont, Michigan, a suburb of Grand Rapids.

He started out in real estate as the lowest member on a big team -- barely making it from deal to deal.

And because he was completely dependent on his team for leads, his split was brutal. He only kept ~40% of each commission.

But what could he do? He had no traction and no way to consistently get new customers.

That's when Matt and I met. I walked him through the Reverse Engineer process that I taught in the workshop I shared yesterday (and that Kelly went through).

For the first time ever, he was able to answer the question "What should I be focusing on today to grow my business?"

Then he joined Pipeline Pro Tools and ran just 1 of our plug-and-play marketing playbooks to start bringing in leads.

Within 30 days his pipeline was full.

Within 60 days he was working with multiple buyers and took his first listing.

And within 90 days he had closed his first deal.

(Oh, and by the way, he left his team and was now making a full 80%.)

Matt doubled his income two years in a row.

From $30k to $120k+.

But most importantly? He is completely in control of his business. He can turn his leads on or off like a faucet.

If you want to see results like this, don't miss our workshop deal on Pipeline Pro Tools.

Enter promo code "TLRNATION" to get $200 off the yearly option + 6 marketing playbooks + 6-months free enrollment in Elite, our private group coaching (reg. $497/mo.)

>>> Get Pipeline Pro Tools Now <<<

If you still have questions or you just want to see it, get a demo.

>>> Book a Demo <<<

If you book a demo, the deal will automatically be extended thru the day of your demo. If the demos are all gone by the time you see this email, shoot me a text at 910-670-7733.

And feel free to reply to this email if you have any questions!

Thanks,

-Chris Jones

Unsubscribe | Update your profile | 323 Whitney Drive, Suite 1, Fayetteville, North Carolina 28314
Posted by at No comments:

Freefloat FTP Server 1.0 | Remote Buffer Overflow | Exploit

More info


Posted by at No comments:

The RastaLabs Experience

Introduction


It was 20 November, and I was just starting to wonder what I would do during the next month. I had already left my previous job, and the new one would only start in January. Playing with PS4 all month might sound fun for some people, but I knew I would get bored quickly.

Even though I have some limited red teaming experience, I always felt that I wanted to explore the excitement of getting Domain Admin – again. I got my first DA in ˜2010 using pass-the-hash, but that was a loooong time ago, and things change quickly.
While reading the backlogs of one of the many Slack rooms, I noticed that certain chat rooms were praising RastaLabs. Looking at the lab description, I felt "this is it, this is exactly what I need." How hard could it be, I have a whole month ahead of me, surely I will finish it before Christmas. Boy, was I wrong.



The one-time fee of starting the lab is 90 GBP which includes the first month, then every additional month costs 20 GBP. I felt like I was stealing money from Rastamouse and Hackthebox... How can it be so cheap? Sometimes cheap indicates low quality, but not in this case.



My experience


Regarding my previous experience, I already took OSCP, OSCE, SLAE (Securitytube Linux Assembly Expert), and PSP (Powershell for Pentesters), all of which helped me a lot during the lab. I also had some limited red teaming experience. I had more-than-average experience with AV evasion, and I already had experience with the new post-exploit frameworks like Covenant and Powershell Empire. As for writing exploits, I knew how a buffer overflow or a format string attack worked, but I lacked practice in bypassing ASLR and NX. I basically had zero experience with Mimikatz on Windows 10. I used Mimikatz back in 2012, but probably not since. I also had a lot of knowledge on how to do X and Y, on useful tools and hot techniques, but I lacked recent experience with them. Finally, I am usually the last when it comes to speed in hacking, but I have always balanced my lack of speed with perseverance.

RastaLabs starts in 3,2,1 ...


So I paid the initial entry fee, got the VPN connection pack, connected to the lab, and got my first flag after ... 4 days. And there were 17 of them in total. This was the first time I started to worry. I did everything to keep myself on the wrong track, stupid things like assuming incorrect lab network addresses, scanning too few machines, finding the incorrect breadcrumbs via OSINT, trying to exploit a patched web service (as most OSCPers would do), etc. I was also continually struggling with the tools I was using, as I never knew whether they were buggy, or I was misusing them, or this is just not the way to get the flag. I am sure someone with luck and experience could have done this stage in 2-3 hours, but hey, I was there to gain experience.

During the lab, whenever I got stuck with the same problem for more than 30-40 hours and my frustration was running high, I pinged Rastamouse on the official RastaLabs support channel on https://mm.netsecfocus.com/. I usually approached him like "Hi, I tried X, Y, and Z but no luck", then he replied "yeah, try Y harder". This kind of information was usually all I needed, and 2-3 hours later I was back on track again. His help was always enough, but never too much to spoil the fun. The availability and professionalism of Rastamouse was 10/10. Huge multi-billion dollar companies fail to provide good enough support, this one guy here was always there to help. Amazing. I highly recommend joining the Mattermost channel – it will help you a lot to see that you are not the only one stuck with problems. But please do not DM him or the channel if you have not already tried harder.

What's really lovely in the lab is that you can expect real-world scenarios with "RastaLabs employees" working on their computer, reading emails, browsing the web, etc. I believe it is not a spoiler here that at some point in time you have to deliver malware that evades the MS Defender AV on the machine. Yes, there is a real working Defender on the machines, and although it is a bit out of date, it might catch your default payload very quickly. As I previously mentioned, luckily I had recent experience with AV evasion, so this part was not new to me. I highly recommend setting up your own Win10 with the latest Defender updates and testing your payload on it first. If it works there, it will work in the lab. This part can be especially frustrating, because the only feedback you get from the lab is that nothing is happening, and there is no way to debug it. Test your solution locally first.

Powershell Empire turned out to be an excellent solution for me, the only functionality it lacked was Port Forwarding. But you can drop other tools to do this job efficiently.

A little help: even if you manage to deliver your payload and you have a working C&C, it does not mean your task with AV evasion is over. It is highly probable that Defender will block your post-exploit codes. To bypass this, read all the blog posts from Rastamouse about AMSI bypass. This is important.

Lateral movement


When you finally get your first shell back ...



A whole new world starts. From now on, you will spend significant time on password cracking, lateral movement, persistence, and figuring out how Windows AD works.
In the past, I played a lot of CTF, and from time to time I got the feeling "yeah, even though this challenge was fun, it was not realistic". This never happened during RastaLabs. All the challenges and solutions were 100% realistic, and as the "Ars poetica" of RastaLabs states:



...which is sooooo true. None of the tasks involve any exploit of any CVE. You need a different mindset for this lab. You need to think about misconfigurations, crackable passwords, privilege abuse, and similar issues. But I believe this lab is still harder to own than 90% of the organizations out there. The only help is that there are no blue-teamers killing our shells.

About the architecture of the lab: When connecting to the lab with VPN, you basically found yourself in a network you might label as "Internet", with your target network being behind a firewall, just as a proper corporate network should be.
There are a bunch of workstations – Win10 only, and some servers like fileserver, exchange, DC, SQL server, etc. The majority of servers are Windows Server 2016, and there is one Linux server. The two sites are adequately separated and firewalled.

As time passed, I was getting more and more flags, and I started to feel the power. Then the rollercoaster experience started. I was useless, I knew nothing. Getting the flag, I was god. One hour later, I was useless.



For example, I spent a significant amount of time trying to get GUI access to the workstations. In the end, I managed to get that, just to find out I did not achieve anything with it. For unknown reasons, none of the frameworks I tried had a working VNC, so I set up my own, and it was pain.

On December 18, I finally got Domain Admin privileges. So my estimation to "finish the lab" in one month was not that far off. Except that I was far from finishing it, as I still had to find five other flags I was missing. You might ask "you already have DA, how hard could it be to find the remaining five?". Spoiler alert, it was hard. Or to be more precise, not hard, just challenging, and time-consuming. This was also a time when connections on Mattermost RastaLabs channel helped me a lot. Hints like "flag X is on machine Y" helped me keep motivated, yet it did not spoil the fun. Without hints like this, I would not have written this post but would have been stuck with multiple flags.

About exploitation


And there was the infamous challenge, "ROP the night away." This was totally different from the other 16. I believe this image explains it all:


If you are not friends with GDB, well, you will have a hard time. If you don't have lots of hands-on experience with NX bypass - a.k.a ROP - like me, you will have a hard time with this challenge. The binary exploit challenges during OSCP and OSCE exams are nowhere near as complex as this one. If you have OSEE, you will be fine. For this challenge, I used GDB-Peda and Python pwntools – check them out in case you are not familiar with them. For me, solving this challenge took about 40 hours. Experienced CTF people could probably solve it in 4 hours or less.

Conclusion


I would not recommend taking this lab for total beginners *. I also do not recommend doing the lab if you only have limited time per day, which is especially true if you are working on your home computer. I probably would have saved hours or even days if I had set up a dedicated server in the cloud for this lab. The issue was that the lab workstations were rebooted every day, which meant that I always lost my shells. "Persistence FTW", you might say, but if your C&C is down when the workstation reboots, you are screwed. "Scheduled tasks FTW", you might say, but unless you have a strict schedule on when you start your computer, you will end up with a bunch of scheduled tasks just to get back the shell whenever you start your computer. Day after day I spent the first hour getting back to where I had been the day before. And I just figured out at the end of the lab why some of my scheduled tasks were not working ...

I would be really interested to see how much time I spent connected to the lab. Probably it was around 200–250 hours in total, which I believe is more than I spent on OSCP and OSCE combined. But it was totally worth it. I really feel the power now that I learned so many useful things.

But if you consider that the price of the one-month lab is 20 GBP, it is still a very cheap option to practice your skills. 
* It is totally OK to do the lab in 6 months, in case you start as a beginner. That is still just 190 GBP for the months of lab access, and you will gain a lot of experience during this time. You will probably have a hard time reaching the point when you have a working shell, but it is OK. You can find every information on Google, you just need time, patience and willingness to get there.

Anyway, it is still an option not to aim to "get all the flags". Even just by getting the first two flags, you will gain significant experience in "getting a foothold". But for me, not getting all the flags was never an option.



If you are still unconvinced, check these other blog posts:

Or see what others wrote about RastaLabs.


Footnote


In case you start the lab, please, pretty please, follow the rules, and do not spoil the fun for others. Do not leave your tools around, do not keep shared drives open, do not leave FLAGs around. Leave the machine as it was. If you have to upload a file, put it in a folder others won't easily find. This is a necessary mindset when it comes to real-world red teaming. Don't forget to drop a party parrot into the chat whenever you or someone else gets a new flag. And don't forget:
OSCP has no power here. Cry harder!

I will probably keep my subscription to the lab and try new things, new post-exploit frameworks. I would like to thank @_rastamouse for this great experience, @superkojiman for the ROP challenge. Hackthebox for hosting the lab with excellent uptime.
As for @gentilkiwi and @harmj0y, these two guys probably advanced red-teaming more than everyone else combined together. pwntools from @gallopsled was also really helpful. And I will be forever grateful to Bradley from finance for his continuous support whenever I lost my shells.
More articles
  1. Hacking Wifi
  2. Hacking To The Gate Lyrics
  3. Web Hacking 101
  4. Tools Hacking
  5. Hacking Web
  6. Curso De Ciberseguridad Y Hacking Ético
  7. Bluetooth Hacking
  8. Hacking Wifi Android
  9. Master Hacking Etico
Posted by at No comments:

Friday, April 24, 2020

21 call scripts

Have you ever lost a client/deal because you said the wrong thing... only to think of the perfect response later?

(My best comebacks typically come to me at 3am.)
But what if you knew exactly what to say BEFORE you called?
What if you had a briefcase full of proven scripts and responses that were backed by actual results?
We built that exact briefcase, and it's free.
We've collected 21 of the best real estate scripts on earth and put them into one tool. (We'll be adding more every week.)

Here's how it works:

1. Enter your email
2. Choose a scenario
3. Boom! Download your script.

You can use it to...

- Get more appointments using proven scripts
- Know exactly what to say to fsbo/expired leads
- Answer client objections like a Jedi

Check out Callster now.

-Chris Jones

Unsubscribe | Update your profile | 323 Whitney Drive, Suite 1, Fayetteville, North Carolina 28314
Posted by at No comments:

Thursday, April 23, 2020

[Podcast] Discovering the Missing Link to Greatness & The Power of Progression with Growth Expert John Marrone

Posted by at No comments:

How To Download Torrents Files Directly To Your Android Device

Download-Torrent-files-Android-Devices
uTorrent, one of the most popular BitTorrent clients, is now available for Android smartphones and tablets. Its use on mobile devices is very similar to its use in the PC. All you need is to search for torrents using the web browser on your mobile device, then uTorrent will download the files.

Procedure:

Other softwares

More information
  1. Cracker Definicion
  2. Curso Ethical Hacking
  3. Curso De Ciberseguridad Y Hacking Ético
  4. Wargames Hacking
  5. Aprender Hacking Etico
  6. Life Hacking
Posted by at No comments:

Wednesday, April 22, 2020

Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources


About Lockdoor-Framework
    Author: SofianeHamlaoui
   Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

   LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

Lockdoor-Framework installation:
   For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

   Open your Terminal and enter these commands:

You can watch detail here:

Lockdoor Tools contents 🛠️:
 * Information Gathering 🔎:
  • dirsearch: A Web path scanner
  • brut3k1t: security-oriented bruteforce framework
  • gobuster: DNS and VHost busting tool written in Go
  • Enyx: an SNMP IPv6 Enumeration Tool
  • Goohak: Launchs Google Hacking Queries Against A Target Domain
  • Nasnum: The NAS Enumerator
  • Sublist3r: Fast subdomains enumeration tool for penetration testers
  • wafw00f: identify and fingerprint Web Application Firewall
  • Photon: ncredibly fast crawler designed for OSINT.
  • Raccoon: offensive security tool for reconnaissance and vulnerability scanning
  • DnsRecon: DNS Enumeration Script
  • Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
  • sherlock: Find usernames across social networks
  • snmpwn: An SNMPv3 User Enumerator and Attack tool
  • Striker: an offensive information and vulnerability scanner.
  • theHarvester: E-mails, subdomains and names Harvester
  • URLextractor: Information gathering & website reconnaissance
  • denumerator.py: Enumerates list of subdomains
  • other: other Information gathering,recon and Enumeration scripts I collected somewhere.
  • ReconDog: Reconnaissance Swiss Army Knife
  • RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
  • Dracnmap: Info Gathering Framework
 * Web Hacking 🌐:
  • Spaghetti: Spaghetti - Web Application Security Scanner
  • CMSmap: CMS scanner
  • BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
  • J-dorker: Website List grabber from Bing
  • droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
  • Optiva: Web Application Scanner
  • V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • AtScan: Advanced dork Search & Mass Exploit Scanner
  • WPSeku: Wordpress Security Scanner
  • WPScan: A simple Wordpress scanner written in python
  • XSStrike: Most advanced XSS scanner.
  • SQLMap: automatic SQL injection and database takeover tool
  • WhatWeb: the Next generation web scanner
  • joomscan: Joomla Vulnerability Scanner Project
  • Dzjecter: Server checking Tool
 * Privilege Escalation ⚠️:
  • Linux 🐧:linux_checksec.sh
       linux_enum.sh
       linux_gather_files.sh
       linux_kernel_exploiter.pl
       linux_privesc.py
       linux_privesc.sh
       linux_security_test
       Linux_exploits folder
  • Windows Windows:   windows-privesc-check.py
       windows-privesc-check.exe
  • MySql:raptor_udf.c
       raptor_udf2.c
 * Reverse Engineering ⚡:
  • Radare2: unix-like reverse engineering framework
  • VirtusTotal: VirusTotal tools
  • Miasm: Reverse engineering framework
  • Mirror: reverses the bytes of a file
  • DnSpy: .NET debugger and assembly
  • AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
  • DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
  • Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
  • yara: a tool aimed at helping malware researchers toidentify and classify malware samples
  • Spike: a protocol fuzzer creation kit + audits
  • other: other scripts collected somewhere
 * Exploitation ❗:
  • Findsploit: Find exploits in local and online databases instantly
  • Pompem: Exploit and Vulnerability Finder
  • rfix: Python tool that helps RFI exploitation.
  • InUrlBr: Advanced search in search engines
  • Burpsuite: Burp Suite for security testing & scanning.
  • linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
  • other: other scripts I collected somewhere.
 * Shells 🐚:
  • WebShells: BlackArch's Webshells Collection
  • ShellSum: A defense tool - detect web shells in local directories
  • Weevely: Weaponized web shell
  • python-pty-shells: Python PTY backdoors
 * Password Attacks ✳️:
  • crunch : a wordlist generator
  • CeWL : a Custom Word List Generator
  • patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
 * Encryption - Decryption 🛡️:
  • Codetective: a tool to determine the crypto/encoding algorithm used
  • findmyhash: Python script to crack hashes using online services
 * Social Engineering 🎭:
  • scythe: an accounts enumerator

Contributing:
  1. Fork Lockdoor-Framework:
    git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a new Pull Request

Features 📙:
  • Pentesting Tools Selection 📙:
   Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
   what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
   Easy customization: Easily add/remove tools. (Added value)
   Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]
  • Resources and cheatsheets 📙 (Added value):
   Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
   Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Check the Wiki Pages to know more about the tool 📙:
Lockdoor-Framework's screenshots:
First Step
Lockdoor update
ROOT Menu
Information Gathering
Web Hacking
Exploitation
Reverse Engineering
Enc/Dec
Password Attacks
Shells
PrivEsc
Social Engineering
PSAFRT
Walkthroughs
About
Support the author:
   On Paypal: Sofiane Hamlaoui
   BTC Address: 

Related articles
  1. Tools Hacking
  2. Hacking Etico 101 Pdf
  3. Wifi Hacking
  4. Hacking Day
Posted by at No comments:
Subscribe to: Posts (Atom)