Blog di AlùK: 06/01/2020

30 giu 2020

re: Cheap Facebook Traffic

hi
12901514635702356429noreply

here it is, social website traffic:
http://www.mgdots.co/detail.php?id=113

Full details attached

Regards
Theron Traverso

Unsubscribe option is available on the footer of our website

16 giu 2020

re: Rank 1st in google with Content Marketing Strategy

hi
Get your business to the next level with a solid Content Marketing strategy
http://www.str8-creative.io/product/content-marketing/

Regards
Pamila Papineau

Unsubscribe option is available on the footer of our website

12 giu 2020

Top 5 Most Useful Linux Tools For Programmers

Linux is a free and open-source software operating systems built around the Linux kernel. It typically packaged in a form known as a Linux distribution for both desktop and server use. It is a great development environment for programmers and developers. However, without the development tools, that would be impossible. Fortunately, plenty of Linux tools are available. Here are the top 5 most useful Linux tools for programmers.

Also Read;- How To Clone One Android To Another

5 Most Useful Linux tools for Programmers

1. VIM

VIM is a free and open source software written by Bram Moolenaar in 1991. It is designed for use both from a command-line interface and as a standalone application in a graphical user interface. It comes standard with almost every Linux distribution and is also known as "the programmer's editor". VIM is great for coding and can also be used for editing things like configuration files and XML documents.

Vim has been developed to be a cross-platform that supports many other platforms. In 2006, it was voted as the most popular editor amongst Linux Journal readers. In 2015, Stack Overflow developer survey found it to be the third most popular text editor while in 2016, the Stack Overflow developer survey found it to be the fourth most popular development environment.

Read more;- How To Use WhatsApp without Mobile No

2. Zsh

Zsh is written in C and initially released in 1990. It is a Unix shell that can be used as an interactive login shell and as a powerful command interpreter for shell scripting. Zsh is an extended version of Bourne shell (BASH) with a large number of improvements, including some features of Bash, ksh, and tcsh. Zsh gives a user-friendly experience on the command line. It also gives better auto-completion, Vim key bindings, and smart guesses when you write a command wrong.

Its features include (but not limited to):

Programmable command-line completion,
Sharing of command history among all running shells
Extended file globbing
Improved variable/array handling
Editing of multi-line commands in a single buffer
Spelling correction
Various compatibility modes,
Themeable prompts, and
Loadable modules.

3. Byobu

It was initially released in 2009 written in Sh and Python. Byobu can be used to provide on-screen notification or status and tabbed multi-window management. Thus, it is intended to improve terminal sessions when users connect to remote servers with an operating system Linux and Unix-like. It is is an enhancement for the GNU Screen terminal multiplexer or tmux used with the GNU/Linux computer operating system.

4. GIT

Git was initially released on April 7, 2005. It is a version control system to track changes in computer files and to coordinate work on those files among multiple people. It is primarily used for source code management in software development and can be used to keep track of changes in any set of files available in the English language. It is aimed at speed, data integrity, and support for distributed, non-linear workflows. It is free and open source software distributed under the terms of the GNU General Public License version 2.

Moreover, Linus Torvalds was the creator of GIT for the development of the Linux kernel. On the other hand, its current maintainer since then is Junio Hamano. Thus, every Git directory on every computer is a full-fledged repository with complete history and full version tracking abilities, independent of network access or a central server.

Read more;- How To change Facebook Default Theme

5. Docker

Written by Solomon Hykes in 2013, it is a computer program that performs operating-system-level virtualization, the containerization, which is developed by Docker, Inc. Primarily, Docker was developed for Linux to use as the resource isolation features of the Linux kernel. It is a tool that can package an application and its dependencies in a virtual container that can run on any Linux server. This helps enable the flexibility and portability on where the application can run, whether on premises, public cloud, private cloud, bare metal, etc. Moreover, it accesses the Linux kernel's virtualization features either directly using the libcontainer library.

11 giu 2020

Vlang Binary Debugging

Why vlang? V is a featured, productive, safe and confortable language highly compatible with c, that generates neat binaries with c-speed, the decompilation also seems quite clear as c code.
https://vlang.io/

After open the binary with radare in debug mode "-d" we proceed to do the binary recursive analysis with "aaaa" the more a's the more deep analys.

The function names are modified when the binary is crafted, if we have a function named hello in a module named main we will have the symbol main__hello, but we can locate them quicly thanks to radare's grep done with "~" token in this case applied to the "afl" command which lists all the symbols.

Being in debug mode we can use "d*" commands, for example "db" for breakpointing the function and then "dc" to start or continue execution.

Let's dissasemble the function with "pD" command, it also displays the function variables and arguments as well, note also the xref "call xref from main"

Let's take a look to the function arguments, radare detect's this three 64bits registers used on the function.

Actually the function parameter is rsi that contains a testing html to test the href extraction algorithm.

The string structure is quite simple and it's plenty of implemented methods.

With F8 we can step over the code as we were in ollydbg on linux.

Note the rip marker sliding into the code.

We can recognize the aray creations, and the s.index_after() function used to find substrings since a specific position.

If we take a look de dissasembly we sill see quite a few calls to tos3() functions.
Those functions are involved in string initialization, and implements safety checks.

tos(string, len)
tos2(byteptr)
tos3(charptr)

In this case I have a crash in my V code and I want to know what is crashing, just continue the execution with "dc" and see what poits the rip register.

In visual mode "V" we can see previous instructions to figure out the arguments and state.

We've located the crash on the substring operation which is something like "s2 := s1[a..b]" probably one of the arguments of the substring is out of bounds but luckily the V language has safety checks and is a controlled termination:

Switching the basic block view "space" we can see the execution flow, in this case we know the loops and branches because we have the code but this view also we can see the tos3 parameter "href=" which is useful to locate the position on the code.

When it reach the substr, we can see the parameters with "tab" command.

Looking the implementation the radare parameter calculation is quite exact.

Let's check the param values:

so the indexes are from 0x0e to 0x24 which are inside the buffer, lets continue to next iteration,
if we set a breakpoint and check every iteration, on latest iteration before the crash we have the values 0x2c to 0x70 with overflows the buffer and produces a controlled termination of the v compiled process.

DSploit

After playing with the applications installed on the Pwn Pad, I found that the most important application (at least for me) was missing from the pre-installed apps. Namely, DSploit. Although DSploit has tons of features, I really liked the multiprotocol password sniffing (same as dsniff) and the session hijacking functionality.

The DSploit APK in the Play Store was not working for me, but the latest nightly on http://dsploit.net worked like a charm.

Most features require that you and your target uses the same WiFi network, and that's it. It can be Open, WEP, WPA/WPA2 Personal. On all of these networks, DSploit will sniff the passwords - because of the active attacks. E.g. a lot of email clients still use IMAP with clear text passwords, or some webmails, etc.

First, DSploit lists the AP and the known devices on the network. In this case, I chose one victim client.

In the following submenu, there are tons of options, but the best features are in the MITM section.

Stealthiness warning: in some cases, I received the following popup on the victim Windows:

This is what we have under the MITM submenu:

Password sniffing

For example, let's start with the Password Sniffer. It is the same as EvilAP and DSniff in my previous post. With the same results for the popular Hungarian webmail with the default secure login checkbox turned off. Don't forget, this is not an Open WiFi network, but one with WPA2 protection!

Session hijack

Now let's assume that the victim is very security-aware and he checks the secure login checkbox. Another cause can be that the victim already logged in, long before we started to attack. The session hijacking function is similar to the Firesheep tool, but it works with every website where the session cookies are sent in clear text, and there is no need for any additional support.

In a session hijacking attack (also called "sidejacking"), after the victim browser sends the authentication cookies in clear text, DSploit copies these cookies into its own browser, and opens the website with the same cookies, which results in successful login most of the time. Let's see session hijacking in action!

Here, we can see that the session cookies have been sniffed from the air:

Let's select that session, and be amazed that we logged into the user's webmail session.

Redirect traffic

This feature can be used both for fun or profit. For fun, you can redirect all the victim traffic to http://www.kittenwar.com/. For-profit, you can redirect your victim to phishing pages.

Replace images, videos

I think this is just for fun here. Endless Rick Rolling possibilities.

Script injection

This is mostly for profit. client-side injection, drive-by-exploits, endless possibilities.

Custom filter

If you are familiar with ettercap, this has similar functionalities (but dumber), with string or regex replacements. E.g. you can replace the news, stock prices, which pizza the victim ordered, etc. If you know more fun stuff here, please leave a comment (only HTTP scenario - e.g. attacking Facebook won't work).

Additional fun (not in DSploit) - SSLStrip

From the MITM section of DSploit, I really miss the SSLStrip functionality. Luckily, it is built into the Pwn Pad. With the help of SSLStrip, we can remove the references to HTTPS links in the clear text HTTP traffic, and replace those with HTTP. So even if the user checks the secure login checkbox at freemail.hu, the password will be sent in clear text - thus it can be sniffed with DSniff.

HTML source on the client-side without SSLstrip:

HTML source on the client-side with SSL strip:

With EvilAP, SSLStrip, and DSniff, the password can be stolen. No hacking skillz needed.

Lessons learned here

If you are a website operator where you allow your users to login, always:

Use HTTPS with a trusted certificate, and redirect all unencrypted traffic to HTTPS ASAP
Mark the session cookies with the secure flag
Use HSTS to prevent SSLStrip attacks

If you are a user:

Don't trust sites with your confidential data if the above points are not fixed. Choose a more secure alternative
Use HTTPS everywhere plugin
For improved security, use VPN

Because hacking has never been so easy before.
And last but not least, if you like the DSploit project, don't forget to donate them!

Related articles

iCloudBrutter - AppleID Bruteforce

iCloudBrutter is a simple python (3.x) script to perform basic bruteforce attack againts AppleID.

Usage of iCloudBrutter for attacking targets without prior mutual consent is illegal. iCloudBrutter developer not responsible to any damage caused by iCloudBrutter.

Installation

$ git clone https://github.com/m4ll0k/iCloudBrutter.git
$ cd iCloudBrutter
$ pip3 install requests,urllib3,socks
$ python3 icloud.py

Download iCloudBrutter

More information

Android SSHControl V1.0 Relased!!!

Hoy sabado 15, he subido al Market de Android la versión 1.0 de SSHControl, con nuevas funcionalades y la esperada opción "Custom Commands".

Esta aplicación permite controlar tus servidores linux, bsd y unix con solo un dedo, mediante esta app Android.
Y soluciona las siguientes problemáticas:
- Manejar una shell desde el pequeño teclado de un móvil es engorroso.
- Leer todos los resultados de un comando en la pantalla del móvil, nos dejamos la vista.

Esta app permite interactuar con servidores remotos simplemente haciendo pulsaciones en la pantalla, mediante un explorador de ficheros, de conexiones, etc..

Las funcionalidades nuevas de esta versión 1.0 son:

- Administración del Firewall Iptables.
- Opción de Custom Commands, tal como había prometido.

Las funcionalidades ya presentes en la v0.8 son:

- escalada a root mediante su y sudo
- gestor de procesos
- explorador de ficheros, editor de ficheros, editor de permisos.
- monitorización y baneo de conexiones
- Visualizadores de logs
- administrador de drivers
- estadisticas de disco

Para la versión 2.0 preveo:

- Escuchar música remota
- Descarga de ficheros (wget)
- Transferencia segura de ficheros entre servidores (scp)
- Gestures, para administrar los sitemas en plan minority report :)

App disponible en el market para 861 tipos de dispositivos y pronto disponible en tablets.

https://market.android.com/details?id=net.ssh.SSHControl

Cualquier sugerencia de mejora: sha0 [4t] badchecksum [d0t] net

More information

10 giu 2020

HOW TO BECOME A CERTIFIED ETHICAL HACKER

7 Tips to become a hacker?

It is very important for a hacker to learn different types of programming language such as C,C++,Python,Java,PHP etc and it is also necessary to learn hardware and networking for a good hacker because these skill are very useful to become a successful hacker.

1-Programming Language are essential to becoming a good hacker

2-Networking skills is important to becoming an effective hacker.

3-SQL language are essential to becoming an effective hacker

4-Internet surfing is also essential for becoming a hacker for gathering information.

5-Cryptography is essential to becoming a certified hacker from which a hacker can share his/her readable data to other person in a nonreadable form with the help of Cryptography.

6-Penetration testing is also important for a hacker.

7-experiment a lot is also very useful to becoming a ethical hacker.

Follow me on insta_anoymous_adi

More information

Discover: A Custom Bash Scripts Used To Perform Pentesting Tasks With Metasploit

About discover: discover is a custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit Framework. For use with Kali Linux, Parrot Security OS and the Penetration Testers Framework (PTF).

About authors:

Lee Baird: @discoverscripts
Jay "L1ghtn1ng" Townsend: @jay_townsend1
Jason Ashton: @ninewires

discover Installation and Updating

About RECON in discover
Domain

RECON


 1. Passive

2. Active
3. Import names into an existing recon-ng workspace
4. Previous menu

Passive uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit Framework, URLCrazy, Whois, multiple websites, and recon-ng.

Active uses dnsrecon, WAF00W, traceroute, Whatweb, and recon-ng.
[*] Acquire API keys for Bing, Builtwith, Fullcontact, GitHub, Google, Hashes, Hunter, SecurityTrails, and Shodan for maximum results with recon-ng and theHarvester.

API key locations:

recon-ng
show keys
keys add bing_api <value>

theHarvester
/opt/theHarvester/api-keys.yaml

Person: Combines info from multiple websites.

RECON


First name:

Last name:

Parse salesforce: Gather names and positions into a clean list.

Create a free account at salesforce (https://connect.data.com/login).
Perform a search on your target company > select the company name > see all.
Copy the results into a new file.

Enter the location of your list:

About SCANNING in discover
Generate target list: Use different tools to create a target list including Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep.

SCANNING

1. Local area network
2. NetBIOS
3. netdiscover
4. Ping sweep
5. Previous menu

CIDR, List, IP, Range, or URL

Type of scan:


1. External

2. Internal
3. Previous menu

External scan will set the nmap source port to 53 and the max-rrt-timeout to 1500ms.
Internal scan will set the nmap source port to 88 and the max-rrt-timeout to 500ms.
Nmap is used to perform host discovery, port scanning, service enumeration and OS identification.
Matching nmap scripts are used for additional enumeration.
Addition tools: enum4linux, smbclient, and ike-scan.
Matching Metasploit auxiliary modules are also leveraged.

About WEB in discover
Insecure direct object reference

Using Burp, authenticate to a site, map & Spider, then log out.
Target > Site map > select the URL > right click > Copy URLs in this host.

Paste the results into a new file.

Enter the location of your file:

Open multiple tabs in Firefox

Open multiple tabs in Firefox with:


1. List

2. Directories from robots.txt.
3. Previous menu

Use a list containing IPs and/or URLs.
Use wget to pull a domain's robot.txt file, then open all of the directories.

Nikto

Run multiple instances of Nikto in parallel.

1. List of IPs.
2. List of IP:port.
3. Previous menu

SSL: Use sslscan and sslyze to check for SSL/TLS certificate issues.

Check for SSL certificate issues.


Enter the location of your list:

About MISC in discover
Parse XML

Parse XML to CSV.


1. Burp (Base64)

2. Nessus (.nessus)
3. Nexpose (XML 2.0)
4. Nmap
5. Qualys
6. revious menu

Generate a malicious payload

Malicious Payloads

1. android/meterpreter/reverse_tcp
2. cmd/windows/reverse_powershell
3. java/jsp_shell_reverse_tcp (Linux)
4. java/jsp_shell_reverse_tcp (Windows)
5. linux/x64/meterpreter_reverse_https
6. linux/x64/meterpreter_reverse_tcp
7. linux/x64/shell/reverse_tcp
8. osx/x64/meterpreter_reverse_https
9. osx/x64/meterpreter_reverse_tcp
10. php/meterpreter/reverse_tcp
11. python/meterpreter_reverse_https 12. python/meterpreter_reverse_tcp
13. windows/x64/meterpreter_reverse_https
14. windows/x64/meterpreter_reverse_tcp
15. Previous menu

Start a Metasploit listener

Metasploit Listeners

1. android/meterpreter/reverse_tcp
2. cmd/windows/reverse_powershell
3. java/jsp_shell_reverse_tcp
4. linux/x64/meterpreter_reverse_https
5. linux/x64/meterpreter_reverse_tcp
6. linux/x64/shell/reverse_tcp
7. osx/x64/meterpreter_reverse_https
8. osx/x64/meterpreter_reverse_tcp
9. php/meterpreter/reverse_tcp
10. python/meterpreter_reverse_https
11. python/meterpreter_reverse_tcp
12. windows/x64/meterpreter_reverse_https
13. windows/x64/meterpreter_reverse_tcp
14. Previous menu

Download discover

Read more

Structure Part I: The Basics

Today we are going to go through Structures from defining structures to using structures.
Structures are just a collection of different types under one roof (you can even put one type only!). So that means they give you flexibility of grouping different data types (like int, char, or even char[]) under one name.
So let us start with obviously defining a Structure. In `C` we declare a structure as simply as this:-
struct dob {
    int day;
    int month;
    int year;};
1: In the above code segment struct is a keyword which defines structure.
2: Followed by struct keyword (dob) is the name of our structure.
3: Elements of struct are defined inside braces '{}' as we did (int day; etc).
4: After ending brace we place a terminator ';' to end the declaration.
So now you know how to define a structure but how to create its instances now?
To create a variable of our structure we just need to do this:
struct dob date;
This now declares date as a structure variable of type dob.
1: Here 'struct dob' is our above declared structure.
2: date is a variable of type dob.
So ok we have a structure and a variable of that type but how can i access its parts?
well we can access it and assign it so simply like this:-
date.day = 19;date.month = 10;date.year = 1990;
Note here we use the dot (.) operator to access the fields (parts) of our structure.
ok everything looks nice so for but how in the world can i read data into this structure variable? Again no worries its again simple:-
scanf("%d", &date.day);scanf("%d", &date.month);
that was pretty easy but I was wondering how can i print its data?
Just do it like this:-
printf("Day: %d", date.day);printf("Month: %d",date.month);printf("Year: %d", date.year);
Again remember we use dot (.) operator to access members of a structure.
So we now know how to define and declare a structure, how to access its members, how to read data in it, and how to print data of a structure. Oh that was a tough job..!
Now let us put it together in a single C Program.

/***********************************************/
#include <stdio.h>
struct dob {
   int day;
   int month;
   int year;
};
int main(void) {
struct dob date;
date.day = 19;
date.month = 10;
date.year = 1990;
printf("Day is : %d, Month is: %d, and Year is %d\n",
           date.day,date.month, date.year);
printf("Enter Day, Month, and Year separated by spaces: ");
scanf("%d %d %d", &date.day,&date.month,&date.year);
printf("Your entered Date is: %d/%d/%d",
date.day,date.month,date.year);
return 0;
}