31/8/18

Tools que me interesaron de la BlackHat 2018

https://github.com/govolution/avet

https://github.com/Ne0nd0g/merlin

https://github.com/threat9/routersploit

https://github.com/syncsrc/MicroRenovator

https://github.com/TeamWalrus/Walrus

https://github.com/hackgnar/ble_ctf

https://github.com/BloodHoundAD/BloodHound

https://github.com/whid-injector/WHID

https://github.com/nao-sec/ektotal

https://github.com/PreOS-Security/fwaudit

https://github.com/objective-see

https://github.com/depthsecurity/armory

https://github.com/aatlasis/Chiron

https://github.com/OpenNetworkingFoundation/DELTA

https://github.com/sensepost/mallet

https://github.com/NetSPI/PowerUpSQL

https://github.com/secgroundzero/warberry

https://github.com/jzadeh/chiron-elk

https://github.com/SecurityFTW/cs-suite

https://github.com/bhdresh/Dejavu

https://github.com/DataSploit/datasploit

https://github.com/dradis/dradis-ce

https://github.com/countercept/snake

https://github.com/djformby/GRFICS

https://github.com/archerysec/archerysec

https://github.com/jtpereyda/boofuzz

https://github.com/airbus-seclab/bta

https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit

https://github.com/s4n7h0/Halcyon

https://github.com/topics/modsecurity

https://github.com/flipkart-incubator/Astra

https://github.com/PortSwigger/replicator

https://github.com/owtf/owtf

https://github.com/rezasp/joomscan

https://github.com/YalcinYolalan/WSSAT


16/7/18

TakeTV

TakeTV permite descubrir dispositivos de red DLNA/UPnP y ayuda a reproducir archivos multimedia en los televisores inteligentes desde nuestra terminal en Linux.

https://github.com/SVelizDonoso/taketv

27/3/18

NSA Codebreaker 2017, Overview

NSA Codebreaker 2017, Overview

Each year NSA puts out a challenge called Codebreaker that requires reverse engineering and exploitation skills. This year it was designed to take the players through some of the phases you might take if you found someone on your network. There were six tasks each one building on the previous and requiring different skills. There were 1098 participants and only three were able to complete all six tasks. I was able to complete five tasks, along with 2.2% of participants.
by: 

Jonathan Armer

https://armerj.github.io/CodeBreaker-Overview/

30/10/17

AhMyth-Android-RAT

AhMyth Android Rat

https://github.com/AhMyth/AhMyth-Android-RAT
Beta Version
It consists of two parts :
  • Server side : desktop application based on electron framework (control panel)
  • Client side : android application (backdoor)

Getting Started

You have two options to install it

1) From source code

Prerequisite :
  • Electron (to start the app)
  • Java (to generate apk backdoor)
  • Electron-builder and electron-packer (to build binaries for (OSX,WINDOWS,LINUX))
  1. git clone https://github.com/AhMyth/AhMyth-Android-RAT.git
  2. cd AhMyth-Android-RAT/AhMyth-Server
  3. npm start

2) From binaries

Prerequisite :


8/10/17

Rancher Server Docker Exploit

Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com. Use `check` with verbose mode to get a list of exploitable Rancher Hosts managed by the target system.


https://packetstormsecurity.com/files/144539/Rancher-Server-Docker-Exploit.html

5/10/17

Vulnerabilidad RCE en Tomcat (CVE-2017-12617): HTTP PUT + bypass jsp upload

El equipo de Apache Tomcat anunció que todas las versiones de Tomcat anteriores a la 9.0.1 (Beta), 8.5.23, 8.0.47 y 7.0.82 en todos los sistemas operativos contienen una vulnerabilidad de ejecución remota de código (RCE) si el servlet por defecto y/o el servlet WebDAV se configura con el parámetro readonly a false.

https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html

http://www.hackplayers.com/2017/10/vulnerabilidad-rce-en-tomcat-cve-2017-12617.html

Para comprobar si un servidor es vulnerable sólo hay que chequear el init-param en el fichero web.xml correspondiente:
    <init-param>
        <param-name>readonly</param-name>
        <param-value>false</param-value>
    </init-param>