Sunday, August 30, 2020

S2 Dynamic Tracer And Decompiler For Gdb

Decompiling is very useful for understanding srtipped binaries, most dissasemblers like IDA or Hopper have a plugin for decompiling binaries, generating a c like pseudocode.

Static analysis, is very useful in most of cases, specially when the binary is not so big, or when you just have an address where to start to analyze. But some algorithms will be learned in less time by dynamic analysis like tracing or debugging.

In cookiemonsters team, we are working on several tracers with different focus, but all of them mix the concept of tracing and decompiling to generate human-readable traces.

S2 is my tracer & decompiler plugin for gdb, very useful for ctfs.
Some of the features are:

- signed/unsigned detecion
- conditional pseudocode (if)
- syscall resolution
- unroll bucles
- used registers values
- mem states
- strings
- logging



More information
  1. Pentest Tools Website
  2. Pentest Tools Apk
  3. Hacking Tools Windows 10
  4. Top Pentest Tools
  5. Pentest Tools Subdomain
  6. Free Pentest Tools For Windows
  7. Hacker Tools 2020
  8. Computer Hacker
  9. Hacking Tools Usb
  10. Pentest Tools Apk
  11. Pentest Box Tools Download
  12. Hack Tools Online
  13. Blackhat Hacker Tools
  14. Hacker Tools Windows
  15. New Hack Tools
  16. Hacker Tools 2019
  17. Hack Rom Tools
  18. Hacker Hardware Tools
  19. Hacking Tools For Windows 7
  20. Hacker Hardware Tools
  21. Github Hacking Tools
  22. Hacking Tools Windows 10
  23. Pentest Tools List
  24. Pentest Tools Url Fuzzer
  25. Pentest Tools Tcp Port Scanner
  26. Nsa Hack Tools Download
  27. What Is Hacking Tools
  28. Hacking Tools For Mac
  29. Pentest Tools Online
  30. Hacker Tools List
  31. Pentest Tools
  32. Hacker Tools For Windows
  33. Hacker Tools Windows
  34. Pentest Tools Url Fuzzer
  35. Hack Website Online Tool
  36. Hacking Apps
  37. Hacker Tools Mac
  38. Hacker Tools
  39. Pentest Recon Tools
  40. Pentest Tools For Windows
  41. Hak5 Tools
  42. Pentest Box Tools Download
  43. Pentest Tools Framework
  44. Hack And Tools
  45. Easy Hack Tools
  46. Underground Hacker Sites
  47. Hacking Tools Hardware
  48. Pentest Tools
  49. Hacker Security Tools
  50. Hacking Tools Github
  51. Underground Hacker Sites
  52. Hack Apps
  53. Pentest Tools For Mac
  54. Android Hack Tools Github
  55. Hacking Tools And Software
  56. Hacker Tools Mac
  57. Hacking Tools 2019
  58. Pentest Tools Alternative
  59. Hacking Tools For Pc
  60. Hacking Tools For Kali Linux
  61. Pentest Tools For Android
  62. Pentest Recon Tools
  63. Pentest Automation Tools
  64. Pentest Tools Apk
  65. Hacking Tools
  66. Pentest Tools Subdomain
  67. Hacker Tools For Ios
  68. Hacking Tools Windows 10
  69. Free Pentest Tools For Windows
  70. Best Hacking Tools 2020
  71. Blackhat Hacker Tools
  72. Hacking Tools For Windows
  73. Hacker Tools Apk
  74. How To Make Hacking Tools
  75. Hacker Tools Free Download
  76. Pentest Tools Subdomain
  77. Hacking Tools For Windows 7
  78. Hacking Tools For Mac
  79. Hacker Tools For Windows
  80. New Hack Tools
  81. Hack Website Online Tool
  82. Hacker Techniques Tools And Incident Handling
  83. Hacker Tools Github
  84. Pentest Tools Find Subdomains
  85. Hackers Toolbox
  86. Pentest Tools Linux
  87. Pentest Tools Bluekeep
  88. Hack Tools
  89. Hacker Tool Kit
  90. Hacker Tools Free
  91. Wifi Hacker Tools For Windows
  92. Hacking Tools Kit
  93. Pentest Automation Tools
  94. Top Pentest Tools
  95. Pentest Tools For Windows
  96. How To Hack
  97. Pentest Tools Framework
  98. Hackrf Tools
  99. Pentest Tools Bluekeep
  100. New Hacker Tools
  101. Beginner Hacker Tools
  102. Pentest Tools For Ubuntu
  103. Hack Tools For Pc
  104. Pentest Tools For Android
  105. Pentest Tools For Android
  106. Hacking Tools Software
  107. Hacker Tools Windows
  108. Hacking Tools Name
  109. Computer Hacker
  110. Hack Tools 2019
  111. Pentest Reporting Tools
  112. What Are Hacking Tools
  113. Pentest Tools Bluekeep
  114. Pentest Tools Android
  115. Hacking Tools Hardware
  116. Nsa Hacker Tools
  117. Pentest Tools For Android
  118. Hacker Tools Apk Download
  119. Hack Tools Online
  120. Nsa Hack Tools Download
  121. What Is Hacking Tools
  122. Physical Pentest Tools
  123. Pentest Box Tools Download
  124. Hacker Tools For Ios
  125. Nsa Hack Tools Download
  126. How To Make Hacking Tools
  127. Hack Tools Mac
  128. Hacking Tools For Kali Linux
  129. Beginner Hacker Tools
  130. Pentest Tools Windows
  131. Pentest Tools Alternative
  132. Best Hacking Tools 2019
  133. Hacker Tools Free Download
  134. Hacker Tools Software
  135. Hack Tools Pc
  136. Hack Tools
  137. Easy Hack Tools
  138. Pentest Tools Apk
  139. Pentest Reporting Tools
  140. Hack Tool Apk No Root
  141. Pentest Tools For Mac
  142. Hacker
  143. Hacker Hardware Tools
  144. Underground Hacker Sites
  145. Hacking Tools Free Download
  146. Hack Tool Apk
  147. Hack Tool Apk No Root
  148. Hacking Tools Windows
  149. Pentest Tools For Android
  150. Hacker Tools List
  151. Hacker Tools 2019
  152. Android Hack Tools Github
  153. Hack Apps
  154. Hacking Tools For Kali Linux
  155. What Is Hacking Tools
  156. Pentest Reporting Tools

posted by Gopal @ 8:33 PM   0 comments

PentestBox - Opensource PreConfigured Portable Penetration Testing Environment For The Windows

Continue reading


posted by Gopal @ 12:05 PM   0 comments

CertCrunchy - Just A Silly Recon Tool That Uses Data From SSL Certificates To Find Potential Host Names


It just a silly python script that either retrieves SSL Certificate based data from online sources, currently https://crt.sh/, https://certdb.com/, https://sslmate.com/certspotter/, and https://censys.io or given an IP range it will attempt to extract host information from SSL Certificates. If you want to use Censys.io you need to register for an API key.

How to install
git clone https://github.com/joda32/CertCrunchy.git
cd CertCrunchy
sudo pip3 install -r requirements.txt

How to use it?
Very simply -d to get hostnames for a specific domain
-D to get hostnames for a list of domains (just stuff it in a line-delimited text file)
-I to retrieve and parse certificates from hosts in a netblock / IP range (e.g. 192.168.0.0/24)
-T the thread count makes stuff faster, but don't over do it
-o Output file name
-f Output format CSV or JSON, CSV is the default
for the rest, I'm still working on those :)

API keys and configs
All API keys are stored in the api_keys.py file below is a list of supported APIs requiring API keys.
  1. Censys.oi https://censys.io
  2. VirusTotal https://www.virustotal.com/en/documentation/public-api/

More info

posted by Gopal @ 3:37 AM   0 comments

Saturday, August 29, 2020

Vulcan DoS Vs Akamai

In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.

One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.

In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.

There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol

Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.

As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking. 
Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.

I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.

The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.

Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.

And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.

Related articles


posted by Gopal @ 7:10 PM   0 comments

How To Remove Write Protection From USB Drives And Memory Cards

If you've got a USB drive or SD card that can't be formatted and to which you can't copy files, then take a look at our guide to removing write protection.

Sometimes you'll find that it's impossible to format, delete or copy new files to an SD card or USB flash drive. Windows will tell you that it is write protected, even though there is no 'lock' switch or – if there is – you've made sure the switch is set correctly to allow files to be written to the drive.
But just in case this switch is news to you, it is well worth checking that your device has the switch set to 'unlocked'. When set to 'locked' you won't be able to copy any new files on to the memory card or USB stick, and it also stops you from accidentally formatting it.
iemhacker-remove-write-protection-from-usb
You'll still be able to view files which are already stored on the drive, but you can't delete them (they sometimes seem to delete OK, but the next time you check, there they are again!).
ut if this isn't the problem, you might still be able to fix things and continue to use your USB flash drive or SD card – we'll explain how.
Unfortunately, in some cases the device may be corrupt or physically broken and no tricks or software will make it work again. The only solution in this case is to buy a new drive. And if you're just trying to get back lost data, see our guide on How to recover deleted filed for free.
iemhacker
In any version of Windows from XP onwards, run Regedit.exe.
If you're not sure how to find it, searching 'regedit' in the Start menu will usually show the program at the top of the list.
It's a bit like File Explorer, so use the pane on the left to navigate to the following key:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies
Note: if you can't find StorageDevicePolicies, see the next step.
Double-click on the WriteProtect value in the right-hand pane. You can now change the Value data from 1 to 0. Then click OK to save the change. Close Regedit and restart your computer. Connect your USB drive again and, with a bit of luck, you should find it is no longer write protected.
You can now continue to use the drive, but it's worth copying off any files you want to keep and then formatting it by right-clicking on it in the list of drives in File Explorer and choosing Format.

StorageDevicePolicies

If you can't find StorageDevicePolicies, you can create it by right-clicking in the white space in the 'Control' folder and choosing New -> Key and entering the name StorageDevicePolicies.
Now double-click on the new key (it will show as a folder) and right-click once again in the white space and choose New -> DWORD. Name this WriteProtect and set its value to 0. Click OK, exit Regedit and reboot your computer.
If this method doesn't work, go to the next step.

Diskpart

iemhacker
With your USB drive or memory card attached to your computer, launch a command prompt. You can do this by searching for cmd.exe or 'Command Prompt' in the Start menu.
Note: you may need to run cmd.exe with administrator privileges if you see an "access is denied" message. To do this, right-click on Command Prompt in the Start menu and choose 'Run as administrator' from the menu that appears.
If you have Windows 10, simply right-click on the Start button (bottom left of the screen) and choose Command Prompt (admin).
Now, at the prompt, type the following and press Enter after each command:
diskpart
list disk
select disk x (where x is the number of your non-working drive – use the capacity to work out which one it is)
attributes disk clear readonly
clean
create partition primary
format fs=fat32 (you can swap fat32 for ntfs if you only need to use the drive with Windows computers)
exit
That's it. Your drive should now work as normal in File Explorer. If it doesn't, it's bad news and there's nothing more to be done. Your stick or memory card is scrap and fit only for the bin. But the good news is that storage is cheap.
More articles

posted by Gopal @ 10:42 AM   0 comments