Megan's Online Guide to The Good Stuff

What is the "Good Stuff?" What is the catch? The good stuff I am talking about is those FREEBIES, SAMPLES, QUIZZES, SURVEYS, AND COUPONS! No catch just pick your samples! Some of the pages WILL require you to either 1) sign up or 2) fill out some information. If you don't like email, set up a different account, you'll get tons! It doesn't bother me. Also some will want you to include your phone number, if you don't want to add your number most will accept 000-000-0000.

Sunday, April 26, 2020

WHO IS ETHICAL HACKER

Who is hacker?
A hacker is a Creative person and a creative Programmer,who have knowledge about Networking,Operating system,hacking & a best creative social engineer who control anyone's mind he is also a knowledgeable person.

Hacker are the problem solver and tool builder.

A hacker is an individual who uses computer, networking and other skills to overcome a technical problem but it often refers to a person who uses his or her abilities to gain unauthorized access to system or networks in order to commit crimes.

Related articles

Spykey - FUD Win32 Keylogger And Reverse Shell

Saturday, April 25, 2020

RapidScan: The Multi-Tool Website Vulnerabilities Scanner With Artificial Intelligence

RapidScan's Features:

One-step installation.
Executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.
Come of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismero etc executes under one entity.
Saves a lot of time, indeed a lot time!
Checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.
Legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed.
Association with OWASP Top 10 2017 on the list of vulnerabilities discovered. (under development)
Critical, high, large, low and informational classification of vulnerabilities.
Vulnerability definitions guides you what the vulnerability actually is and the threat it can pose
Remediations tells you how to plug/fix the found vulnerability.
Executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development)
Artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development)
Detailed comprehensive report in a portable document format (*.pdf) with complete details of the scans and tools used. (under development)

For Your Infomation about RapidScan:

Program is still under development, works and currently supports 80 vulnerability tests.

Parallel processing is not yet implemented, may be coded as more tests gets introduced.

RapidScan supports checking for these vulnerabilities:

DNS/HTTP Load Balancers & Web Application Firewalls.
Checks for Joomla, WordPress and Drupal
SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).
Commonly Opened Ports.
DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).
Sub-Domains Brute Forcing.
Open Directory/File Brute Forcing.
Shallow XSS, SQLi and BSQLi Banners.
Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).

RapidScan's Requirements:

Kali Linux, Parrot Security OS, BlackArch... Linux distros that based for pentesters and hackers.
Python 2.7.x

RapidScan Installation:

RapidScan's screenshots:

RapidScan helping menu

RapidScan Intro

RapidScan Outro

How to contribute? If you want to contribute to the author. Read this.

Download RapidScan

Linux Command Line Hackery Series - Part 4

Welcome back to Linux Command Line Hackery, hope you have enjoyed this series so far. Today we are going to learn new Linux commands and get comfortable with reading text files on Linux.

Suppose that you wanted to view your /etc/passwd file. How will you do that? From what we have learned so far what you'll do is type:

cat /etc/passwd

And there you go, but really did you see all the output in one terminal? No, you just ended up with last few lines and you'll have to cheat (i,e use graphical scroll bar) in order to see all the contents of /etc/passwd file. So is there a command line tool in linux with which we can see all the contents of a file easily without cheating? Yes, there are actually a few of them and in this article we'll look at some common ones.

Command: more
Syntax: more [options] file...
Function: more is a filter for paging through text one screenful at a time. With more we can parse a file one terminal at a time or line by line. We can also go backward and forward a number of lines using more.

So if we're to use more on /etc/passwd file how will we do that? We'll simply type

more /etc/passwd

now we'll get a screenful output of the file and have a prompt at the bottom of terminal. In order to move forward one line at a time press <Enter Key>. Using enter we can scroll through the file one line at a time. If you want to move one screen at a time, you can press <Space Key> to move one screen at a time. There are more functions of more program, you can know about them by pressing <h key>. To exit out of more program simply type <q key> and you'll get out of more program.

Command: less
Syntax: less [options] file...
Function: less is similar to more but less has more functionality than more. less is particularly useful when reading large files as less does not have to read the entire input file before starting, so it starts up quickly than many other editors.

less command is based on more so what you've done above with more can be done with less as well. Try it out yourself.

Command: head
Syntax: head [OPTION]... [FILE]...
Function: head command prints the head or first part of a file. By default head prints out first 10 lines of a file. If more than one file is specified, head prints first 10 lines of all files as a default behavior.

If we want to see only first 10 lines of /etc/passwd we can type:

head /etc/passwd

We can also specify to head how many lines we want to view by using the -n flag. Suppose you want to see first 15 lines of /etc/passwd file you've to type:

head -n 15 /etc/passwd

Ok you can view the first lines of a file what about last lines, is there a tool for that also? Exactly that's what our next command will be about.

Command: tail
Syntax: tail [OPTION]... [FILE]...
Function: tail is opposite of head. It prints the last 10 lines of a file by default. And if more than one file is specified, tail prints last 10 lines of all files by default.

To view last 10 lines of /etc/passwd file you'll type:

tail /etc/passwd

and as is the case with head -n flag can be used to specify the number of lines

tail -n 15 /etc/passwd

Now one more thing that we're going to learn today is grep.

Command: grep
Syntax: grep [OPTIONS] PATTERN [FILE...]
Function: grep is used to search a file for lines matching the pattern specified in the command.

A PATTERN can simply be a word like "hello" or it can be a regular expression (in geek speak regex). If you aren't familiar with regex, it's ok we'll not dive into that it's a very big topic but if you want to learn about it I'll add a link at the end of this article that will help you get started with regex.

Now back to grep say we want to find a line in /etc/passwd file which contains my user if we'll simply type:

grep myusername /etc/passwd

Wohoo! It gives out just that data that we're looking for. Remember here myusername is your username.
One cool flag of grep is -v which is used to look in file for every line except the line containing the PATTERN specified after -v [it's lowercase v].

Take your time practicing with these commands especially grep and more. We'll learn a lot more about grep in other upcoming articles.

References:
https://en.wikipedia.org/wiki/Regular_expression
http://www.regular-expressions.info/
Awesome website to learn Regular expressions - http://www.regexr.com/

Related word

Friday, April 24, 2020

One Reason Why InfoSec Sucked In The Past 20 Years - The "Security Tips" Myth

From time to time, I get disappointed how much effort and money is put into securing computers, networks, mobile phones, ... and yet in 2016 here we are, where not much has changed on the defensive side. There are many things I personally blame for this situation, and one of them is the security tips.

The goal of these security tips is that if the average user follows these easy to remember rules, their computer will be safe. Unfortunately, by the time people integrate these rules into their daily life, these rules either become outdated, or these rules were so oversimplified that it was never true in the first place. Some of these security tips might sound ridiculous to people in InfoSec nowadays, but this is exactly what people still remember because we told them so for years.

PDF is safe to open

This is an oldie. I think this started at the time of macro viruses. Still, people think opening a PDF from an untrusted source is safer than opening a Word file. For details why this is not true, check: https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-497/Adobe-Acrobat-Reader.html

On an unrelated note, people still believe PDF is integrity protected because the content cannot be changed (compared to a Word document).

Image stolen from Kaspersky

Java is secure

One of the best ones. Oracle started marketing Java as a safe language, where buffer overflows, format strings and pointer-based vulnerabilities are gone. Unfortunately, they forgot to tell the world that instead of "unsafe programs developed by others" they installed their unsafe program on 3 billion devices.

Stay away from rogue websites and you will be safe

This is a very common belief I hear from average people. "I only visit some trusted news sites and social media, I never visit those shady sites." I have some bad news. At the time of malvertising and infected websites, you don't have to visit those shady sites anymore to get infected.

Don't use open WiFi

I have a very long explanation of why this makes no sense, see here. Actually, the whole recommendation makes no sense as people will connect to public WiFis, no matter what we (InfoSec) recommend.

The password policy nightmare

Actually, this topic has been covered by myself in two blog posts, see here and here. Long story short: use a password manager and 2-factor authentication wherever possible. Let the password manager choose the password for you. And last but not least, corporate password policy sux.

Sites with a padlock are safe

We tell people for years that the communication with HTTPS sites are safe, and you can be sure it is HTTPS by finding a randomly changing padlock icon somewhere next to the URL. What people hear is that sites with padlocks are safe. Whatever that means. The same goes for WiFi - a network with a padlock is safe.

Use Linux, it is free from malware

For years people told to Windows users that only if they would use Linux they won't have so much malware. Thanks to Android, now everyone in the world can enjoy malware on his/her Linux machine.

OSX is free from malware

It is true that there is significantly less malware on OSX than on Windows, but this is an "economical" question rather than a "security" one. The more people use OSX, the better target it will become. Some people even believe they are safe from phishing because they are using a Mac!

Updated AV + firewall makes me 100% safe

There is no such thing as 100% safe, and unfortunately, nowadays most malware is written for PROFIT, which means it can bypass these basic protections for days (or weeks, months, years). The more proactive protection is built into the product, the better!

How to backup data

Although this is one of the most important security tips which is not followed by people, my problem here is not the backup data advise, but how we as a community failed to provide easy to use ways to do that. Now that crypto-ransomware is a real threat to every Windows (and some OSX) users, even those people who have backups on their NAS can find their backups lost. The only hope is that at least OSX has Time Machine which is not targeted yet, and the only backup solution which really works.

The worst part is that we even created NAS devices which can be infected via worms ...

Disconnect your computer from the Internet when not used

There is no need to comment on this. Whoever recommends things like that, clearly has a problem.

Use (free) VPN to protect your anonimity

First of all. There is no such thing as free service. If it is free, you are the service. On another hand, a non-free VPN can introduce new vulnerablities, and they won't protect your anonymity. It replaces one ISP with another (your VPN provider). Even TOR cannot guarantee anonymity by itself, and VPNs are much worse.

The corporate "security tips" myth

"Luckily" these toxic security tips have infected the enterprise environment as well, not just the home users.

Use robots.txt to hide secret information on public websites

It is 2016 and somehow web developers still believe in this nonsense. And this is why this is usually the first to check on a website for penetration testers or attackers.

My password policy is safer than ever

As previously discussed, passwords are bad. Very bad. And they will stick with us for decades ...

Use WAF, IDS, IPS, Nextgen APT detection hibber-gibber and you will be safe

Companies should invest more in people and less into magic blinking devices.

Instead of shipping computers with bloatware, ship computers with exploit protection software

Teach people how to use a password safe

Teach people how to use 2FA

Teach people how to use common-sense

Conclusion

Computer security is complex, hard and the risks change every year. Is this our fault? Probably. But these kinds of security tips won't help us save the world.

Continue reading

Thursday, April 23, 2020

Nmap: Getting Started Guide

Nmap is a free utility tool for network discovery, port scanning and security auditing, even though we can use it for more than that but in this article we will learn how to do these three things with nmap.

The original author of nmap is Gordon Lyon (Fyodor). Nmap is licensed under GPL v2 and has available ports in many different languages. Nmap is available for Linux, Windows, and Mac OS X. You can download your copy of nmap from their website.

Lets get started with nmap.

When performing pentests we always look for networks we are going to attack. We need to identify live hosts on the network so that we can attack them. There are plenty of tools available for finding live hosts on a network but nmap is one of the best tools for doing this job.

Lets start with simple host (target) discovery scans i,e scans that will tell us which ip address is up on our target network. Those ip addresses which are up on our target network are the ones that are assigned to a device connected on our target network. Every device on the network is going to have a unique ip address.
To perform a simple host discovery scan we use the following command

nmap -v -sn 10.10.10.0/24

flags we used in the above command are
-v for verbose output
-sn to disable port scan (we don't want to scan for ports right now)

Following the flags is the ip address of the target network on which we want to look for live hosts. The /24 at the end of the ip address is the CIDR that specifies the subnet of the network on which we are looking for live hosts.

After running the above command you should get a list of live hosts on your target network.
If you just want to know the list of ip addresses your command is going to scan, you can use the -sL flag of the nmap like this.

nmap -sL 10.10.10.0/24

this command will simply output the list of ip addresses to scan.

We sometimes want to do dns resolution (resolving ip addresses to domain names) when performing our network scans and sometimes we don't want dns resolution. While performing a host discovery scan with nmap if we want to perform dns resolution we use -R flag in our command like this:

nmap -v -sn -R 10.10.10.0/24

And if we don't want to perform dns resolution of hosts during our scan we add the -n flag to our command like this:

nmap -v -sn -n 10.10.10.0/24

After we have discovered the hosts that are up on our target network, we usually put the ip addresses of these hosts into a file for further enumeration.

Next step in our enumeration would be to detect which operating system and which ports are running on these live hosts, for that we run this command:

nmap -O -v 10.10.10.119

here we use -O (capital o not zero) for operating system detection and by default nmap performs SYN Scan for port discovery. However nmap scans for 1000 ports only by default of a particular host.

To make nmap go over a list of ip addresses in a file we use -iL flag like this:

nmap -O -v -iL targetlist

where targetlist is the name of the file which contains ip addresses that we want to perform port scan on.

To make nmap scan all the ports of a target we use the -p flag like this:

nmap -p- -v 10.10.10.121

We can also specify a range of ports using the -p flag like this:

nmap -p1-500 -v 10.10.10.121

here 1-500 means scan all the ports from 1 to 500.

We can use a number of scan techniques to discover open ports on our network but I will only discuss some of them for brevity.

We can perform a TCP SYN scan using nmap with -sS flag like this:

nmap -sS -v 10.10.10.150

We have also flags for TCP connect and ACK scans which are -sT -sA

nmap -sT -v 10.10.10.150

nmap -sA -v 10.10.10.150

We can also perform UDP scan as well instead of TCP scan using -sU flag

nmap -sU -v 10.10.10.150

We can perform TCP Null, FIN, and Xmas scans using the flags -sN, -sF, -sX

nmap -sN -v 10.10.10.150

nmap -sF -v 10.10.10.150

nmap -sX -v 10.10.10.150

If you don't know what these scans are then please visit Port Scanning Techniques and Algorithms for explanation.

After discovering the open ports on our target host, we want to enumerate what services are running on those open ports. To enumerate services and versions information on open ports we use the -sV flag like this:

nmap -sV -v 10.10.10.118

This should give us information about what services are running on what ports and what versions of those services are running on the target host.

nmap has an interesting feature called NSE nmap scripting engine. It allows users to write their own scripts, using the Lua programming language, to automate a wide variety of networking tasks. nmap ships with a diverse set of scripts which are very helpful to enumerate a target. To use the nmap default set of scripts while enumerating the target, we use the -sC flag like this:

nmap -sC -sV -v 10.10.10.118

We can also save the results of our nmap scans to a file using the -o flag like this

nmap -sC -sV -v -oA defaultscan 10.10.10.119

here -oA tells the nmap to output results in the three major formats at once and defaultscan is the name of the file that will be prepended to all the three output files.

This is the end of this short tutorial see you next time.

References:
https://nmap.org/book/scan-methods-null-fin-xmas-scan.html

Related links

Monday, April 20, 2020

Vulnx V2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS {(Wordpress , Joomla , Drupal , Prestashop ...)

Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more ...
Instead of injecting each and every shell manually like all the other tools do, VulnX analyses the target website checking the presence of a vulnerabilitie if so the shell will be Injected.searching urls with dorks Tool.

Features

Detects cms (wordpress, joomla, prestashop, drupal, opencart, magento, lokomedia)
Target informations gatherings
Target Subdomains gathering
Multi-threading on demand
Checks for vulnerabilities
Auto shell injector
Exploit dork searcher
Ports Scan High Level
Dns-Servers Dump
Input multiple target to scan.
Dorks Listing by Name& by ExploitName.
Export multiple target from Dorks into a logfile.

DNS-Map-Results
To do this,run a scan with the --dns flag and -d for subdomains. To generate a map of isetso.rnu.tn, you can run the command vulnx -u isetso.rnu.tn --dns -d --output $PATHin a new terminal.
$PATH : Where the graphs results will be stored.

Let's generates an image displaying target Subdomains,MX & DNS data.

Exploits

Joomla

Wordpress

Drupal

PrestaShop

Opencart

Opencart BruteForce

VulnxMode
NEW vulnx now have an interactive mode. URLSET

DORKSET

Available command line options
READ VULNX WIKI

usage: vulnx [options]

  -u --url              url target
  -D --dorks            search webs with dorks
  -o --output           specify output directory
  -t --timeout          http requests timeout
  -c --cms-info         search cms info[themes,plugins,user,version..]
  -e --exploit          searching vulnerability & run exploits
  -w --web-info         web informations gathering
  -d --domain-info      subdomains informations gathering
  -l, --dork-list       list names of dorks exploits
  -n, --number-page     number page of search engine(Google)
  -p, --ports           ports to scan
  -i, --input           specify domains to scan from an input file 
  --threads             number of threads
  --dns                 dns informations gathering

Docker
VulnX in DOCKER !!.

$ git clone https://github.com/anouarbensaad/VulnX.git
$ cd VulnX
$ docker build -t vulnx ./docker/
$ docker run -it --name vulnx vulnx:latest -u http://example.com

run vulnx container in interactive mode

to view logfiles mount it in a volume like so:

$ docker run -it --name vulnx -v "$PWD/logs:/VulnX/logs" vulnx:latest -u http://example.com

change the mounting directory..

VOLUME [ "$PATH" ]

Install vulnx on Ubuntu

$ git clone https://github.com/anouarbensaad/vulnx.git
$ cd VulnX
$ chmod +x install.sh
$ ./install.sh

Now run vulnx

Install vulnx on Termux

$ pkg update
$ pkg install -y git
$ git clone http://github.com/anouarbensaad/vulnx
$ cd vulnx
$ chmod +x install.sh
$ ./install.sh

CLICK HERE TO SHOW THE RESULT

Install vulnx in Windows

click here to download vulnx
download and install python3
unzip vulnx-master.zip in c:/
open the command prompt cmd.

> cd c:/vulnx-master
> python vulnx.py

example command with options : settimeout=3 , cms-gathering = all , -d subdomains-gathering , run --exploits
vulnx -u http://example.com --timeout 3 -c all -d -w --exploit

example command for searching dorks : -D or --dorks , -l --list-dorks
vulnx --list-dorks return table of exploits name. vulnx -D blaze return urls found with blaze dork

Versions

Warning!
I Am Not Responsible of any Illegal Use

Contribution & License
You can contribute in following ways:

Report bugs & add issues
Search for new vulnerability
Develop plugins
Searching Exploits
Give suggestions (Ideas) to make it better

Do you want to have a conversation in private? email me : Bensaad.tig@gmail.com
VulnX is licensed under GPL-3.0 License

Download Vulnx

via KitPloitRead more

OVER $60 MILLION WORTH OF BITCOINS HACKED FROM NICEHASH EXCHANGE

Over $60 Million Worth of Bitcoins Hacked from NiceHash Exchange. Bitcoin mining platform and exchange NiceHash has been hacked, leaving investors short of close to $68 million in BTC.

As the price of Bitcoin continues to rocket, surging past the $14,500 mark at the time of writing, cyberattackers have once again begun hunting for a fresh target to cash in on in this lucrative industry.

Banks and financial institutions have long cautioned that the volatility of Bitcoin and other cryptocurrency makes it a risky investment, but for successful attackers, the industry potentially provides a quick method to get rich — much to the frustration of investors.

Unfortunately, it seems that one such criminal has gone down this path, compromising NiceHash servers and clearing the company out.

In a press release posted on Reddit, on Wednesday, NiceHash said that all operations will stop for the next 24 hours after their "payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen."

NiceHash said it was working to "verify" the precise amount of BTC stolen, but according to a wallet which allegedly belongs to the attacker — traceable through the blockchain — 4,736.42 BTC was stolen, which at current pricing equates to $67,867,781.

"Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days," NiceHash says. "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency."

"We are fully committed to restoring the NiceHash service with the highest security measures at the earliest opportunity," the trading platform added.

The company has also asked users to change their online passwords as a precaution. NiceHash says the "full scope" of the incident is unknown.

"We are truly sorry for any inconvenience that this may have caused and are committing every resource towards solving this issue as soon as possible," the company added.

Inconvenience is an understatement — especially as so much was left in a single wallet — but the moment those coins shift, we may know more about the fate of the stolen investor funds.