Search the Community

Showing results for tags 'attack'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 52 results

  1. ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution. Features Standard tools defined as ansible roles Customizations designed to make security testing easier Variable list to add or remove git repositories, OS packages, or python modules. (threatbox.yml) Version tracking of the deployed instance version and the deploy tool version. This is helpful it meeting compliance rules and can help minimize fear by actively tracking all tools. Threatbox version created at deployment and displayed in desktop wallpaper Deployed software tracked in ~/Desktop/readme SSH port auto-switching. The deployment starts on port 22, but reconfigures the target system to the desired SSH port using the ansible_port variable in threatbox.yml Download and compile several .net toolkits (i.e. SeatBelt.exe from Ghostpack [Hidden Content]) Most python projects installed using pipenv. Use pipenv shell in the project directory to access. See [Hidden Content] for pipenv usage guidance [hide][Hidden Content]]
  2. wifipumpkin3 is a powerful framework for rogue access point attack, written in Python, that allows and offers to security researchers, red teamers, and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. Main Features Rogue access point attack Man-in-the-middle attack Rogue Dns Server Captive portal attack (captiveflask) Intercept, inspect, modify and replay web traffic WiFi networks scanning DNS monitoring service Credentials harvesting Transparent Proxies LLMNR, NBT-NS, and MDNS poisoner (Responder3) and more! Changelog v1.0.9R2 Added added route for get information of plugins and proxies on restAPI added new attribute on plugins and proxies mode class added logger resource API added new command dhcpmode added option for settings dhcp mode pydhcpserver or dhcpd_server added new support to run isc_dhcp_server for dns/ dhcp added support kali linux iptables nf_tables set iptables_legacy as default #140 added format 28 files reformatted black library Changed Deprecated Removed removed support to Rest API controller temporally Fixed fixed cli error when resquest restAPI plugins and proxies fixed restApi error when get exceptions http request fixed wirelesscontroller not started into restAPI mode fixed locale error in docker container fixed logical error dhcpd server implementation #158 fixed logical error when try to get iptables path with nf_tables thanks @cjb900 [hide][Hidden Content]]
  3. Go365 Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the endpoint responds with an Azure AD Authentication and Authorization code. This code is then processed by Go365 and the result is printed to a screen or an output file. * User enumeration is performed in conjunction with a password guess attempt. Thus, there is no specific flag or functionality to perform only user enumeration. Instead, conduct your first password guessing attack, then parse the results for valid users. Read these three bullets! This tool might not work on all domains that utilize o365. Tests show that it works with most federated domains. Some domains will only report valid users even if a valid password is also provided. Your results may vary! The domains this tool was tested on showed that it did not actually lock out accounts after multiple password failures. Your results may vary! This tool is intended to be used by security professionals that are authorized to “attack” the target organization’s o365 instance. Changelog v1.4 Updated Go365 to include the MS “graph” api through the URL login.microsoft.com/common/oauth2/token. Specify -endpoint graph to use this new endpoint. [hide][Hidden Content]]
  4. Disclaimer The author is not responsible for any issues or damage caused by this program. Features User can customize: app_icon - custom icon application app_name - custom name application alert_title - custom alert title alert_desc - custom alert description key_pass - custom key for unlock devices [hide][Hidden Content]]
  5. Disclaimer The author is not responsible for any issues or damage caused by this program. Features User can customize: app_icon - custom icon application app_name - custom name application alert_title - custom alert title alert_desc - custom alert description key_pass - custom key for unlock devices [hide][Hidden Content]]
  6. wifipumpkin3 is a powerful framework for rogue access point attack, written in Python, that allows and offers to security researchers, red teamers, and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. Main Features Rogue access point attack Man-in-the-middle attack Rogue Dns Server Captive portal attack (captiveflask) Intercept, inspect, modify and replay web traffic WiFi networks scanning DNS monitoring service Credentials harvesting Transparent Proxies LLMNR, NBT-NS, and MDNS poisoner (Responder3) and more! Changelog v1.0.8 R2 Added added route for getting information of plugins and proxies on restAPI added new attribute on plugins and proxies mode class added logger resource API Removed removed support to Rest API controller temporally Fixed fixed cli error when request restAPI plugins and proxies fixed restApi error when getting exceptions http request fixed wirelesscontroller not started into restAPI mode fixed locale error in docker container [hide][Hidden Content]]
  7. About this book Cybersecurity – Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book, covering the very latest security threats and defense mechanisms including a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape, with additional focus on new IoT threats and cryptomining. Cybersecurity starts with the basics that organizations need to know to maintain a secure posture against outside threat and design a robust cybersecurity program. It takes you into the mindset of a Threat Actor to help you better understand the motivation and the steps of performing an actual attack – the Cybersecurity kill chain. You will gain hands-on experience in implementing cybersecurity using new techniques in reconnaissance and chasing a user’s identity that will enable you to discover how a system is compromised, and identify and then exploit the vulnerabilities in your own system. This book also focuses on defense strategies to enhance the security of a system. You will also discover in-depth tools, including Azure Sentinel, to ensure there are security controls in each network layer, and how to carry out the recovery process of a compromised system. [Hidden Content] [hide][Hidden Content]]
  8. Carnivore – Microsoft External Attack Tool Overview: Carnivore is an assessment tool for Skype for Business, Exchange, ADFS, and RDWeb servers as well as some O365 functionality. Carnivore includes some new post-authentication Skype for Business functionality. In general, the tabs will unlock in-line with what functionality you can use. Ie – the post auth options will unlock after you have discovered valid credentials. Feature Subdomain Enumeration Username Enumeration Smart Enumeration 9 lists of statistically likely usernames Automatically selects likely format Legacy vs Modern Format Password Spraying Discovered Format Pre-built lists Post Compromise [hide][Hidden Content]]
  9. Features: Custom Captive Portal Spear Phishing Social Engineering Fake AP Bypass 2FA Credential Harvesting Rogue Access Point Evil Twin Attacks DNS Spoofing [hide][Hidden Content]]
  10. The tool is under development. What this tool will explore upon a successful build: Reverse Proxying Sites. Bypassing many limitations during 2FA phishing Capturing POST and JSON request on the fly Forcing Elements in Requests Javascript Injection Cookies Capturing even those from javascript YAML Configuration files. Idea borrowed from evilginx2 Allowing Proxies to be used for each individual upcoming connection Direct DOM element values capturing before form submission or any other event 2FA Bypassed Auto-Cert generation. [hide][Hidden Content]]
  11. Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. Usage is simple, just run Magic Unicorn (ensure Metasploit is installed and in the right path) and it will automatically generate a PowerShell command that you need to simply cut and paste the PowerShell code into a command line window or through a payload delivery system. —–POWERSHELL ATTACK INSTRUCTIONS—- Everything is now generated in two files, powershell_attack.txt and unicorn.rc. The text file contains all of the code needed in order to inject the powershell attack into memory. Note you will need a place that supports remote command injection of some sort. Often times this could be through an excel/word doc or through psexec_commands inside of Metasploit, SQLi, etc.. There are so many implications and scenarios to where you can use this attack at. Simply paste the powershell_attack.txt command in any command prompt window or where you have the ability to call the powershell executable and it will give a shell back to you. This attack also supports windows/download_exec for a payload method instead of just Meterpreter payloads. When using the download and exec, simply put python unicorn.py windows/download_exec url=[Hidden Content] and the powershell code will download the payload and execute. Changelog version 3.15 * AMSI signature fix * added AMSI print decoded to payload output * AMSI bypass signature bypass [hide][Hidden Content]]
  12. h4rpy is an automated WPA/WPA2 PSK attack tool, wrapper of aircrack-ng framework. h4rpy provides clean interface for automated cracking of WPA/WPA2 PSK networks. h4rpy enables monitor mode on selected wireless interface, scans the wireless space for access points, tries to capture WPA/WPA2 4-way handshake for the acess point, and starts a dictionary attack on the handshake. It is also possible to send disassociate packets to clients associated with access point. [hide][Hidden Content]]
  13. Go365 Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the endpoint responds with an Azure AD Authentication and Authorization code. This code is then processed by Go365 and the result is printed to screen or an output file. * User enumeration is performed in conjunction with a password guess attempt. Thus, there is no specific flag or functionality to perform only user enumeration. Instead, conduct your first password guessing attack, then parse the results for valid users. Read these three bullets! This tool might not work on all domains that utilize o365. Tests show that it works with most federated domains. Some domains will only report valid users even if a valid password is also provided. Your results may vary! The domains this tool was tested on showed that it did not actually lock out accounts after multiple password failures. Your results may vary! This tool is intended to be used by security professionals that are authorized to “attack” the target organization’s o365 instance. [hide][Hidden Content]]
  14. wifipumpkin3 is a powerful framework for rogue access point attack, written in Python, that allows and offers to security researchers, red teamers, and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack.wifipumpkin3 Main Features Rogue access point attack Man-in-the-middle attack Rogue Dns Server Captive portal attack (captiveflask) Intercept, inspect, modify and replay web traffic WiFi networks scanning DNS monitoring service Credentials harvesting Transparent Proxies LLMNR, NBT-NS, and MDNS poisoner (Responder3) and more! Changelog v1.0.8 R1 Added added inactivity poll default value to 60 min #67 added check if process hostapd is running before start threads added settings binary path of iptables editable added waitforfinish on Qprocess for add rules iptables added frist restful api implementation added DHCP command to select the dhcp server configuration added stop all modules with the command stop or exit is running added new module for performing dns spoof attack with AP enable Removed removed dependencies that be standard library #105 Fixed fixed hide error object of type QProcess on WorkProcess class #93 fixed settings dhcp for allow to change dhcp configuration fixed error when execute from github actions fixed set restport by default 1337 fixed process init hostapd duplicated fixed clean code and code format improves fixed github actions error when try to run pytests fixed dhcp command for apply configurations on same session [hide][Hidden Content]]
  15. GWTMap is a tool to help map the attack surface of Google Web Toolkit (GWT) based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a modern GWT application’s obfuscated client-side code and attempt to generate example GWT-RPC requests payloads to interact with them. [hide][Hidden Content]]
  16. Bruter19 Advanced Brute Force Attack Tool. This tool has been developed for "ethical hacking course" students don't use it for illegal purposes. ADDED FEATURES IN V2.0 The Tool Supports Turkish Language Now The Tool Is Able To Generate Personalized Wordlist Now The Tool Is A Bit Faster Now FIXED BUGS IN V2.0 The tool was finding the wrong password in the long wordlists. It is fixed, the user is able to use long wordlists now. The tool was finding the wrong password every time you press ctrl+c. That issue is fixed now. The tool was failing when you inputed the wordlist path incorrectly. That issue is fixed now. Anonsurf was failing in the long wordlists. Now torghost is used in the tool. That issue is fixed now. [hide][Hidden Content]]
  17. dEEpEst

    WhatsApp SS7 Attack

    [Hidden Content] Video shows a way of obtaining WhatsApp data by attacking a part of the backbone of telecoms networks known as SS7. Hack shown off here by Positive Technologies and full story on how to protect yourself from SS7 attacks here (this video is not a tutorial on how to hack others, which is illegal):
  18. Wifipumpkin3 wifipumpkin3 is a powerful framework for rogue access point attack, written in Python, that allows and offers to security researchers, red teamers, and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. Main Features Rogue access point attack Man-in-the-middle attack Rogue Dns Server Captive portal attack (captiveflask) Intercept, inspect, modify and replay web traffic WiFi networks scanning DNS monitoring service Credentials harvesting Transparent Proxies LLMNR, NBT-NS and MDNS poisoner (Responder3) and more! Changelog v1.0.7 Added added WorkProcess class for execute comand with Qprocess added correctly package beautifulsoup4 into requirements.txt added command banner: display an awesome wp3 banner added many improvements into system modules added improves module for running in background added command kill: terminate a module in background by id added option on captiveflask to force redirect sucessful template added set ssid with any caracter utf8 Changed moved command info to extensions directory changed more flexible python version into dependencies #36 improves the architecture files extensions commands Deprecated Removed removed folder core/controls from file structure arch removed bs4==0.0.1 Dummy package for Beautiful Soup Fixed fixed improves method setIptables from wirelessmode default mode fixed clear dependencies not used from requirements files fixed include message: the module not found or failed to import. fixed typo name proxys to proxies fixed version of dnslib from pydns_server #49 restricting version module problems fixed description tool on setup.py file fixed mode docker parser command line #56 [hide][Hidden Content]]
  19. Skeleton is a Social Engineering tool attack switcher Type: Phishing Tool Websites languages: English, French Attack Switcher for phishing: Facebook, Linkedin, Twitter, Pinterest, Google, Instagram, Microsoft, Netflix, Paypal, Wordpress, Amazon, Ebay, CyberghostVPN, NordVPN, ExpressVPN, ZenmateVPN, PCS, N26, Roblox, Steam, Binance, Etoro, Bittrex, Coinbase. DISCLAMER: Program for educational purposes!!! Your account security is our top priority! Protect your account by enabling 2FA. Skeleton 1.7 Ver:.....1.7 coder:...KURO-CODE BugFix, Script revision Add: Paypal, Wordpress, Amazon, Ebay, CyberghostVPN, NordVPN, ExpressVPN, ZenmateVPN, PCS, N26, Roblox, Steam, Binance, Etoro, Bittrex, Coinbase [hide][Hidden Content]]
  20. EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA) Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions. [HIDE][Hidden Content]]
  21. Self-XSS - Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code How it works? Self-XSS is a social engineering attack used to gain control of victims' web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attack by blocking pasting javascript tag, I figure out a way of doing that using Bit.ly, so we can create a redirect pointing to "website.com/javascript:malicious_code". If the user is tricked to run the javascript code after "website.com/" the cookies of its authenticated/logged session of website.com will be sent to the attacker. Features: Port Forwarding using Ngrok and shortner using Bitly.com (Register for free) [HIDE][Hidden Content]]
  22. Brute Force Attack on Facebook Accounts Note: EMAIL = ID = PHONE [HIDE][Hidden Content]]
  23. Paradoxia Console Features Multithreaded, You can get multiple sessions. Configuration file BOT information database. Root Shell. Easy to use. Interact with online BOTs in a session. Kill a BOT. Blacklist BOT IP Adresses from connecting. Scan Connected IP if you do not get a session seconds after it connected. Get Desktop Notification if a new BOT connects. Build BOT with Host and Port easily. Enable/Disable and change settings in paradoxia.ini ( verbose, Auto print bot information on connect, BOT password, etc) Paradoxia Windows Bot Features NOTE : Do not upload the BOT to online scanners! Fully Undetectable. View System Information. Persistence. Stealth. Usb Infection. File System Browsing. File Upload. File Download. Command Executing. Powershell Executing. Get PID of Process. Kill a Process. Screenshot. Mic Recording. Paradoxia IRIS Features Mass Emailing with either legitimate or malacious Attachment. Mass Emailing with or without an Email List. Random Brute Force Discovery : Discover Instagram Usernames. Random Brute Force Discovery : Discover Instagram Usernames and do a quick Brute Force on them with weak Passwords to possibly discover the Password. Instagram Brute Force over Tor. Paradoxia LoginDataText Features Get information from ANY 'Login Data' File from Google Chrome. Information such as URLS and Emails. Paradoxia Thawne Features Undetectable. Persistent. Runs in background. A type of Logic Bomb with no harmful effects. Run your file if it's not running on the System. Download your file if it's deleted or not running. Uses Powershell to Download file. [HIDE][Hidden Content]]
  24. Host Header Attack Vulnerability Demonstration | POC | Penetration Testing Video Tutorial [Hidden Content]
  25. U.S Launched Cyber Attack on Iranian Military Computers After U.S Military Drone Shot Down by Iran ️United States Military launched a cyber attack on the Iranian Military computers that used to control the Iran missiles after the $240 million Worth U.S drone shootdown by Iran. ️The attack was mainly targeting the Iran military computer systems with the approval of U.S president Trump and the cyber-attack disabled computer systems controlling rocket and missile launchers.