One-Lin3r v1.1 – Gives You One-Liners That Aids In Penetration Testing Operations

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit.It consists of various one-liners that aids in penetration testing operations:Reverser: Give it IP & port and it returns a reverse shell liner ready for copy & paste.Dropper: Give it an uploaded-backdoor URL and it returns a download-&-execute liner ready for copy & paste.Other: Holds liners with the general purpose to help in penetration testing (ex: Mimikatz, Powerup, etc…) on the trending OSes (Windows, Linux, and macOS) “More OSes can be added too".FeaturesSearch for any one-liner in the database by its full name or partially.You can add your own liners by following these steps to create a ".liner" file. Also, you can send it to me directly and it will be added in the framework and credited with your name .Autocomplete any framework command and recommendations in case of typos (in case you love hacking like movies ).Command line arguments can be used to give the framework a resource file to load and execute for automation.The ability to reload the database if you added any liner without restarting the framework.You can add any platform to the payloads database just by making a folder in payloads folder and creating a ".liner" file there.More…The payloads database is not big now because this the first edition but it will get bigger with updates and contributions.ScreenshotsUsageCommandline argumentsusage: one-lin3r [-h] [-r R] [-x X] [-q]optional arguments: -h, –help show this help message and exit -r Execute a resource file (history file). -x Execute a specific command (use ; for multiples). -q Quit mode (no banner).Framework commandsCommand Description——– ————-help/? Show this help menulist/show List payloads you can use in the attack.search Search payloads for a specific oneuse <payload> Use an available payloadinfo <payload> Get information about an available payloadbanner Display bannerreload/refresh Reload the payloads databasecheck Prints the core version and database version then check for them online.history Display command line most important history from the beginningsave_history Save command line history to a fileexit/quit Exit the frameworkInstalling and requirementsTo make the tool work at its best you must have :Python 3.x or 2.x (preferred 3).Linux (Tested on kali rolling), Windows system, mac osx (tested on 10.11)The requirements mentioned in the next few lines.Installing+For windows : (After downloading ZIP and upzip it)python -m pip install ./One-Lin3r-masterone-lin3r -h+For Linux :git clone https://github.com/D4Vinci/One-Lin3r.gitapt-get install libncurses5-devpip install ./One-Lin3rone-lin3r -hUpdating the framework or the databaseOn Linux while outside the directorycd One-Lin3r && git pull && cd ..pip install ./One-Lin3r –upgradeOn Windows if you don’t have git installed, redownload the framework zipped!Download One-Lin3r

Link: http://feedproxy.google.com/~r/PentestTools/~3/elxDfxPSrg8/one-lin3r-v11-gives-you-one-liners-that.html

Check whether you were hacked in the past

There have been a lot of data breaches over the past few years. We often use the same password on many websites or reuse it after some time. This not only compromises our main social media accounts but also other email accounts.Fol website help us to identify from  email address whether it was part of some data breach or not and help us to patch things up.Mention other websites you know in comment for other people to benefit from.Happy surfing1.    Pwned

Link: http://hackingplayground.blogspot.com/2018/06/check-whether-you-were-hacked-in-past.html

Windows Privilege Escalation – Unquoted Services

So, you’ve popped a user shell on a windows box and now you’re looking to escalate those privileges. Great! In this article we’ll look at one method of elevating your privileges by exploiting unquoted system services. A Windows service is a program that runs in the background similar to a *nix daemon. Often they are automatically started when Windows loads […]
The post Windows Privilege Escalation – Unquoted Services appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/community/windows-privilege-escalation-unquoted-services/

The Modern Day Hacker – A Cautionary Tale

J0hn_D0ugh$ – So there I was once again enjoying my victory. I wasn’t technically done yet, however all of the hard stuff had already been done. I’m not a hacker just for the money. I’ve made enough of that already. Such is the life for a modern day hacker. It’s really more about the challenge. Sadly however, many of these […]
The post The Modern Day Hacker – A Cautionary Tale appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/columns/kron/the-modern-day-hacker-a-cautionary-tale/

Hacking Retro

Bring out your disco ball, your leg warmers, and your VHS tapes!  While a lot of us watch the VH1 hit “I Love the 80s” for pop culture, I’m always drawn to the old tech. As such, let’s focus on bringing old hacking tricks to a new audience of pen testers.  I’m reminded of a quote from George Santayana, “Progress, […]
The post Hacking Retro appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/features/root/hacking-retro/

Poisonous Pi – The Execution of a Raspberry Pi Hacking Workshop

43 years ago, a small team led by Chuck Peddle changed the way society computes today. In 1975, encased in plastic, this 40-pin DIP 8-bit microprocessor, known as the MOS Technology 6502, made its debut. Why should you care? Not only was this the cheapest microprocessor on the shelf, but I believe, without this OG beauty queen of tech, our […]
The post Poisonous Pi – The Execution of a Raspberry Pi Hacking Workshop appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/columns/brown/poisonous-pi-a-raspberry-pi-hacking-workshop/

Parrot Security 4.0 – Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.0 is now available for download. The development process of this version required a lot of time, and many important updates make this release an important milestone in the history of our project.This release includes all the updated packages and bug fixes released since the last version (3.11), and it marks the end of the development and testing process of many new features experimented in the previous releases since Parrot 3.9.Experimental Netinstall ImagesNetinstall images are a powerful tool to install only the bare core of the system or just the software components you really need, you can even use them to install another desktop environment and to build your own system exactly as you want.Parrot 4.0 provide netinstall images too as we would like people to use Parrot not only as a pentest distribution, but also as a framework to build their very own working environment with ease.Docker imagesDocker is a powerful container technology that allows our users to quickly download a Parrot template and immediately spawn unlimited and completely isolated parrot instances on top of any host OS.Parrot on Docker gives you access to all the Parrot containers you need on top of Windows, Mac OS, or any other system supported by docker, no matter if it is just your laptop or a whole docker cluster running on an entire datacenter. You will always have access to all the parrot tools in all the isolated environments you need.Linux Kernel 4.16The introduction of the new Linux 4.16 kernel is a very important step forward for the distro, as newer kernels always introduce many important new features, broader hardware support and important bugfixes.SandboxThe Parrot system is known to be secure and sandboxed thanks to its custom firejail profiles with the underlying apparmor support. Parrot 4.0 is the final result of months of testing on this field, and now the sandboxed applications are stable and reliable.MATE 1.20The MATE Desktop Environment was updated to its 1.20 release, with many graphic bugfixes and new features, like HiDPI support, or the ability to auto-resize windows by dragging them to the corner of the screen and divide them in new layouts.Full list of updated packagesWant to see the full list of packages that were upgraded between 3.11 and 4.0.1?Follow this link https://archive1.parrotsec.org/parrot/iso/4.0.1/updated-packages.txtHow to upgradeIf you have a previous version of Parrot and want to upgrade the system, follow these steps:Open a terminal window and type the following commands:sudo apt updatesudo apt purge tomoyo-toolssudo apt full-upgradesudo apt autoremoveDownload Parrot Security 4.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/KrrCv-US7ZA/parrot-security-40-security-gnulinux.html

Whonow – A “Malicious” DNS Server For Executing DNS Rebinding Attacks On The Fly (Public Instance Running On Rebind.Network:53)

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves.# respond to DNS queries for this domain with 52.23.194.42 the first time# it is requested and then 192.168.1.1 every time after thatA.52.23.194.42.1time.192.168.1.1.forever.rebind.network# respond first with 52.23.194.42, then 192.168.1.1 the next five times,# and then start all over again (1, then 5, forever…)A.52.23.194.42.1time.192.168.1.1.5times.repeat.rebind.networkWhat’s great about dynamic DNS Rebinding rules is that you don’t have to spin up your own malicious DNS server to start exploiting the browser’s Same-origin policy. Instead, everyone can share the same public whonow server running on port 53 of rebind.network.Note: You should include UUIDs (e.g. a06a5856-1fff-4415-9aa2-823230b05826) as a subdomain in each DNS lookup to a whonow server. These have been omitted from examples in this README for brevity, but assume requests to *.rebind.network should be *.a06a5856-1fff-4415-9aa2-823230b05826.rebind.network. See the Gotchas section for more info as to why.Subdomains = Rebind RulesThe beauty of whonow is that you can define the behavior of DNS responses via subdomains in the domain name itself. Using only a few simple keywords: A, (n)times, forever, and repeat, you can define complex and powerful DNS behavior.Anatomy of a whonow requestA..<rule>[.<ip-address>.<rule>[.<ip-address>.<rule>]][.uuid/random-string].example.comA: The type of DNS request. Currently only A records are supported, but AAAA should be coming soon.<ip-address>: an ipv4 (ipv6 coming soon) address with each octet seprated by a period (e.g. 192.168.1.1.<rule>: One of three rules(n)time[s]: The number of times the DNS server should reply with the previous IP address. Accepts both plural and singular strings (e.g. 1time, 3times, 5000times)forever: Respond with the previous IP address forever.repeat: Repeat the entire set of rules starting from the beginning.[uuid/random-string]: A random string to keep DNS Rebind attacks against the same IP addresses separate from each other. See Gotchas for more info.example.com: A domain name you have pointing to a whonow nameserver, like the publicly available rebind.network:53 whonow instance.Rules can be chained together to form complex response behavior.Examples# always respond with 192.168.1.1. This isn’t really DNS rebinding# but it still worksA.192.168.1.1.forever.rebind.network# alternate between localhost and 10.0.0.1 foreverA.127.0.0.1.1time.10.0.0.1.1time.repeat.rebind.network# first respond with 192.168.1.1 then 192.168.1.2. Now respond 192.168.1.3 forever.A.192.168.1.1.1time.192.168.1.2.2times.192.168.1.3.forever.rebind.network# respond with 52.23.194.42 the first time, then whatever `whonow –default-address`# is set to forever after that (default: 127.0.0.1)A.52.23.194.42.1time.rebind.networkLimitationsEach label [subdomain] may contain zero to 63 characters… The full domain name may not exceed the length of 253 characters in its textual representation. (from the DNS Wikipedia page)Additionally, there may not be more than 127 labels/subdomains.GotchasUse Unique Domain NamesEach unique domain name request to whonow creates a small state-saving program in the server’s RAM. The next time that domain name is requested the program counter increments and the state may be mutated. All unique domain names are their own unique program instances. To avoid clashing with other users or having your domain name program’s state inadvertently incremented you should add a UUID subdomain after your rule definitions. That UUID should never be reused.# thisA.127.0.0.1.1time.10.0.0.1.1time.repeat.8f058b82-4c39-4dfe-91f7-9b07bcd7fbd4.rebind.network# not thisA.127.0.0.1.1time.10.0.0.1.1time.repeat.rebind.network–max-ram-domainsThe program state associated with each unique domain name is stored by whonow in RAM. To avoid running out of RAM an upper-bound is placed on the number of unique domains who’s program state can be managed at the same time. By default, this value is set to 10,000,000, but can be configured with the –max-ram-domains. Once this limit is reached, domain names and their saved program state will be removed in the order they were added (FIFO).Running your own whonow serverTo run your own whonow server in the cloud use your domain name provider’s admin panel to configure a custom nameserver pointing to your VPS. Then install whonow on that VPS and make sure it’s running on port 53 (the default DNS port) and that port 53 is accessible to the Internet.# installnpm install –cli -g whonow@latest# run it!whonow –port 53Usage$ whonow –helpusage: whonow [-h] [-v] [-p PORT] [-d DEFAULT_ANSWER] [-b MAX_RAM_DOMAINS]A malicious DNS server for executing DNS Rebinding attacks on the fly.Optional arguments: -h, –help Show this help message and exit. -v, –version Show program’s version number and exit. -p PORT, –port PORT What port to run the DNS server on (default: 53). -d DEFAULT_ANSWER, –default-answer DEFAULT_ANSWER The default IP address to respond with if no rule is found (default: “127.0.0.1"). -b MAX_RAM_DOMAINS, –max-ram-domains MAX_RAM_DOMAINS The number of domain name records to store in RAM at once. Once the number of unique domain names queried surpasses this number domains will be removed from memory in the order they were requested. Domains that have been removed in this way will have their program state reset the next time they are queried (default: 10000000).TestingA whonow server must be running on localhost:15353 to perform the tests in test.js# in one terminalwhonow -p 15353# in another terminalcd path/to/node_modules/whonownpm testDownload Whonow

Link: http://feedproxy.google.com/~r/PentestTools/~3/iR4Phc9032o/whonow-malicious-dns-server-for.html