Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'encryption'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 24 results

  1. Hello everyone, I am urgently seeking help with a PHP application from CodeCanyon that has a license security hash. The reason I need help is that I am trying to move the files to a different domain, but the license has been restricted to the localhost domain, and I am unable to proceed. Unfortunately, the author is no longer available to assist me at all despite promising to do so. Whenever I attempt to transfer all the files to a new domain or even a different localhost Apache domain, the website goes completely blank without any errors or anything in logs. I am aware that this is because the license is attached to the localhost domain where I worked on the application. What would be the best solution to bypass this issue? Are there any tools available that can help me locate the encrypted hidden file and crack it to enable the application to accept any license on domain switching, or even function without a license? I would greatly appreciate any help that you can provide. Thank you.
  2. The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass security measures. The extension also offers the ability to customize the encryption and decryption process by writing custom logic using JavaScript and Node.js, making it a highly adaptable tool for various needs. Additionally, it supports both manual and automated testing, as well as custom encryption/decryption plugins, making it a versatile solution for different penetration testing scenarios. Features Encrypt & Decrypt the Selected Strings from Request Response View and Modify the encrypted request in plain text Decrypt Multiple Requests Perform Burp Scanner, Sql Map, Intruder Bruteforce, or any Automation in Plain Text Auto Encrpyt the request on the fly Complete freedom for encryption and decryption logic Ability to handle encryption and decryption even with Key and IV in Request Header or Body [Hidden Content]
  3. Learn to protect your important Data and Identity Description Welcome to the "Introduction to Encryption" course. COURSE LAUNCHED IN FEBRUARY 2023 Beginners welcome: no need to know anything about Encryption! The "Introduction to Encryption" course is your first step into encryption if you want to better secure your data and identity. If you've never had anything to do with encryption before, then this is the course for you. This course "Introduction to Encryption" is one of 4 courses available in the Encryption Academy for Beginners and you will learn three important topics already here. And we'll take a look at these now. In the "Introduction to Encryption" course you will get an introduction to three important topics to better secure your data: "Hard- and Softwareencryption" Nowadays we store important data on our notebooks and often we use portable USB devices to transport data. What happens if you lose these devices? Encryption can protect you from others being able to use your data. I will give you a short introduction to what encryption means and how it works in general. In the practical exercises, I will show you how to use a few small tools to encrypt your data quickly and easily. "Digital Signature" The second big topic is digital signature. For example, when you send emails to your customers, how do they actually know that your emails are authentic? Any email format can be copied these days. In the SPAM folder we often get emails that look like they were sent by real companies but were created by hackers. How do your recipients know that your emails are really from you? In the course "Introduction to Encryption" you will learn how a digital signature works and how any data can be protected against manipulation. In the practical exercise I already show you in the first course how you can calculate hash values over any files. In this course I will also show you how to protect your PDF documents in Adobe Reader with a signed timestamp. With a timestamp you can have your document signed and thereby prove that your document existed at that time. I'll show you how to do that in this tutorial. "Digital Certificate" The third major topic you will learn in this academy is called "Digital Certificate". How can you actually protect your digital identity? When you sign your e-mails or documents, for example, you need a confirmed digital identity. Each of us has an ID card, which we use to authenticate ourselves in the analog world. In the digital world, we can legitimize ourselves with digital certificates. In the course "Introdcution to Encryption" I explain briefly how a digital certificate works. In the practical exercises I already show you how you can get a free digital certificate quickly and easily. This certificate is only for testing purposes. But you will already learn what is actually contained in it. You should already understand what information about you is secured. Additionally, I will show you how to sign a PDF document in Adobe Acrobat with this certificate. Bonus: "Password based Authentication" and "2-Factor Authentication" As a bonus, I added the topics "Password based Authentication" and "2-Factor Authentication" in the first course. When we digitally authenticate ourselves on the Internet, we usually use a password. In this course I show you the disadvantages of passwordbased authentication and how a second factor can improve the security of your access. In the practical exercise, I will show you the USB device YubiKey, which can be used for 2-factor authentication. But the Yubikey can do even more. I'll show you how to store your certificate with key material on it, for example, to digitally sign a PDF document in Adobe Acrobat. ----------------------------------- Encryption Academy for Beginners This course "Introduction to Encryption" is one of 4 courses available in the Encryption Academy for Beginners. The other courses will be available soon. Register in the Facebook Group "Mimaception Academy" and receive coupons. ----------------------------------- Instructor I'm Mike Kurtze, an engineer from Germany and a senior software developer in the area of encryption since 2005. With my Encryption Academy for Beginners I want to show you with my knowledge and experience how encryption works and which tools you can use to protect your sensitive data. --------------------------------- This course also comes with: Lifetime access to all future updates A responsive instructor in the Q&A Section Udemy Certificate of Completion Ready for Download A 30 Day "No Questions Asked" Money Back Guarantee! Join me in this course if you want to learn how encryption works and and which tools you can use to protect your sensitive data. Who this course is for: For anyone who wants to secure their data and identity with encryption. [Hidden Content] [hide][Hidden Content]]
  4. Gilisoft USB Encryption Powerful USB Disk Encryption Tool Protects Data with Password USB Encryption password-protects your USB flash drive, external hard drive, thumb drive, pen drive, memory stick, memory card, and all other portable storage devices in the Windows system. The USB Encryption tool divides USB disk into two areas: a safe area and a public area, through create a password-locked safe area using free hard disk sectors with the industry standard AES encryption algorithm. USB Encryption locks the bad guys out, provides data security for personal, government, and business use. The safe area could be only opened by your password, while the public area would not need anything. USB copy protection is another Gilisoft software solution for anyone to see a file, but no one can copy the file. Copy protect PDF, Doc, XLS files, MP4 video files, MP3 audio files and more. [Hidden Content] [Hidden Content]
  5. Gilisoft USB Encryption Powerful USB Disk Encryption Tool Protects Data with Password USB Encryption password-protects your USB flash drive, external hard drive, thumb drive, pen drive, memory stick, memory card, and all other portable storage devices in the Windows system. The USB Encryption tool divides USB disk into two areas: a safe area and a public area, through create a password-locked safe area using free hard disk sectors with the industry standard AES encryption algorithm. USB Encryption locks the bad guys out, provides data security for personal, government, and business use. The safe area could be only opened by your password, while the public area would not need any. Without installing any extra program on a computer, you can open and read the data on the USB drive just by entering the correct password. [Hidden Content] [Hidden Content]
  6. USB flash drives are a really handy solution that can be used to quickly transfer files, share data or backup important documents, images, video and audio files. The downside to a really portable media such as a USB flash drive is they are physically very small and can easy be lost or stolen. In a worst case scenario, your data could fall into someone else’s hands. This is where a security tool like GiliSoft USB Stick Encryption comes into play. The app uses robust software that can encrypt a portable storage device and then divide it into two parts after it has been encrypted: A Secure Area and a Public Area. Key Features include: Uses 256-bit AES encryption. Password protection. User friendly interface. Supports all* Windows OS Free Lifetime Upgrade [Hidden Content] [hide][Hidden Content]]
  7. Crack legacy zip encryption with Biham and Kocher’s known-plaintext attack. Overview A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based symmetric encryption algorithm referred to as traditional PKWARE encryption, legacy encryption or ZipCrypto. This algorithm generates a pseudo-random stream of bytes (keystream) which is XORed to the entry’s content (plaintext) to produce encrypted data (ciphertext). The generator’s state, made of three 32-bits integers, is initialized using the password and then continuously updated with plaintext as encryption goes on. This encryption algorithm is vulnerable to known plaintext attacks as shown by Eli Biham and Paul C. Kocher in the research paper A known plaintext attack on the PKZIP stream cipher. Given ciphertext and, 12 or more bytes of the corresponding plaintext, the internal state of the keystream generator can be recovered. This internal state is enough to decipher ciphertext entirely as well as other entries which were encrypted with the same password. It can also be used to bruteforce the password with a complexity of nl-6 where n is the size of the character set and l is the length of the password. bkcrack is a command-line tool which implements this known-plaintext attack. The main features are: Recover internal state from ciphertext and plaintext. Change a ZIP archive’s password using the internal state. Recover the original password from the internal state. [hide][Hidden Content]]
  8. Cryptomator is provided free of charge as an open-source project despite the high development effort and is therefore dependent on donations. Cryptomator offers multi-platform transparent client-side encryption of your files in the cloud. Features Works with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud and any other cloud storage service which synchronizes with a local directory Open Source means: No backdoors, control is better than trust Client-side: No accounts, no data shared with any online service Totally transparent: Just work on the virtual drive as if it were a USB flash drive AES encryption with 256-bit key length File names get encrypted Folder structure gets obfuscated Use as many vaults in your Dropbox as you want, each having individual passwords One thousand commits for the security of your data!! 🎉 Privacy 256-bit keys (unlimited strength policy bundled with native binaries) Scrypt key derivation Cryptographically secure random numbers for salts, IVs and the masterkey of course Sensitive data is wiped from the heap asap Lightweight: Complexity kills security Consistency HMAC over file contents to recognize changed ciphertext before decryption I/O operations are transactional and atomic, if the filesystems support it Each file contains all information needed for decryption (except for the key of course), no common metadata means no SPOF Changelog v1.6.7 Update copyright years from 2021 to 2022 to reflect the new year by @httpjamesm in #2015 Update JavaFX to 17.0.2 by @KarlKeu00 in #2031 Add modules required for JFR by @overheadhunter in #2035 Added error message if user tries to mount to occupied drive by @JaniruTEC in #2013 Feature/win installbundle with winfsp by @infeo in #2072 Deduplicate Freedesktop Metadata by @overheadhunter in #2073 Feature/winfsp mountpoint by @infeo in #2082 Update Cryptomator screenshots for flathub, taken of 1.6.5 by @purejava in #2095 Build binary packages in separate workflows by @overheadhunter in #2103 [Snyk] Security upgrade com.auth0:java-jwt from 3.18.3 to 3.19.0 by @snyk-bot in #2110 Simplify async workflows by @overheadhunter in #1983 Show vault locked/unlocked state in the vault title in the tray menu by @kevinstsauveur in #2101 New Crowdin updates by @cryptobot in #1966 [Hidden Content]
  9. The Rohos Disk Encryption program creates hidden and protected partitions on a computer, USB flash drive or cloud storage. It protects/locks access to encrypted partitions with a hardware key replacing your password. When there are megabytes of sensitive files and private data on your computer or USB drive, you cannot imagine life without the hidden partition created with this wonderful tool. [Hidden Content] [hide][Hidden Content]]
  10. Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.9.1 Fix rsa dead loop issue (#16) [hide][Hidden Content]]
  11. Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Key Example Aes Key(UTF8String): abcdefgabcdefg12 Aes IV(UTF8String): abcdefgabcdefg12 Rsa X509 Key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCC0hrRIjb3noDWNtbDpANbjt5Iwu2NFeDwU16Ec87ToqeoIm2KI+cOs81JP9aTDk/jkAlU97mN8wZkEMDr5utAZtMVht7GLX33Wx9XjqxUsDfsGkqNL8dXJklWDu9Zh80Ui2Ug+340d5dZtKtd+nv09QZqGjdnSp9PTfFDBY133QIDAQAB Rsa Modulus: ca27d90f03753cbbc9958011baf701ac99305b63f68e26ab5617593e01d2fb519127fb87bafbe6e0472ec3a038575fa292adadbc79390a955a61b29431f78f4734773048a45dcf100e23cabf2df11a55aa90cd6b024a44eed1096c3b9e1408d46aae54d7291b82fe4b7867c5eaa45e9cc0ba7f7ae3e5593337c7dcbace2d02ed2fbbff26c6df8a32bb26be80603fcd94c6c8dbd67878d77b37fedcf808e3d8f469aaa7c65d033d547a5c8ea9bdd5c89b836c65852f355a5efd9c7137a186a62b5eb0e052c8be3096d3b51133f8a8c108292a296c99d37bad42bcc3f6c39fa5e583582942b4fc4e7ff4b6779fff5bbaddc65b19c7c57d8cdb39b1a994e08d4a2f50793d8f707d069c380baf0f64bfdce3b35d0b5c5c59348a35a082012aaf4991080abf518b55787969ff24186cb95f7e7218c904cf1dcaeb5bed723e305b83f2e85d6f116d2c7400f9e49d904db8a5a3a0701cdb579fbf3128511acd0f789ece1233ed926d705b3b0dfa34bf33f5ae4bdc611a602aa03aaae13400bc7ad3813ea4474dc62de3d0cb1f5aac277d895a75d38f9b920938fa6b1de35bd6132798c122403c685bdb6e5e24bbd70cfb3e968da0b8affd398e539e7c1e7add09891780bcbd278f3900499ae09cee0dc62e3f92e70001bab6d46261d2801a37f80d84d0e39fce6eaedf106a61b5961960641b9db0e4e23c770e6370ac5d61c6c9eb0f07 Rsa Exponent: 010001 Changelog v0.1.9 Fix JS editor can’t activate. add htmlunit JS engine. add jre built-in JS engine. add JS engine switcher. [hide][Hidden Content]]
  12. BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Key Example Aes Key(UTF8String): abcdefgabcdefg12 Aes IV(UTF8String): abcdefgabcdefg12 Rsa X509 Key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCC0hrRIjb3noDWNtbDpANbjt5Iwu2NFeDwU16Ec87ToqeoIm2KI+cOs81JP9aTDk/jkAlU97mN8wZkEMDr5utAZtMVht7GLX33Wx9XjqxUsDfsGkqNL8dXJklWDu9Zh80Ui2Ug+340d5dZtKtd+nv09QZqGjdnSp9PTfFDBY133QIDAQAB Rsa Modulus: ca27d90f03753cbbc9958011baf701ac99305b63f68e26ab5617593e01d2fb519127fb87bafbe6e0472ec3a038575fa292adadbc79390a955a61b29431f78f4734773048a45dcf100e23cabf2df11a55aa90cd6b024a44eed1096c3b9e1408d46aae54d7291b82fe4b7867c5eaa45e9cc0ba7f7ae3e5593337c7dcbace2d02ed2fbbff26c6df8a32bb26be80603fcd94c6c8dbd67878d77b37fedcf808e3d8f469aaa7c65d033d547a5c8ea9bdd5c89b836c65852f355a5efd9c7137a186a62b5eb0e052c8be3096d3b51133f8a8c108292a296c99d37bad42bcc3f6c39fa5e583582942b4fc4e7ff4b6779fff5bbaddc65b19c7c57d8cdb39b1a994e08d4a2f50793d8f707d069c380baf0f64bfdce3b35d0b5c5c59348a35a082012aaf4991080abf518b55787969ff24186cb95f7e7218c904cf1dcaeb5bed723e305b83f2e85d6f116d2c7400f9e49d904db8a5a3a0701cdb579fbf3128511acd0f789ece1233ed926d705b3b0dfa34bf33f5ae4bdc611a602aa03aaae13400bc7ad3813ea4474dc62de3d0cb1f5aac277d895a75d38f9b920938fa6b1de35bd6132798c122403c685bdb6e5e24bbd70cfb3e968da0b8affd398e539e7c1e7add09891780bcbd278f3900499ae09cee0dc62e3f92e70001bab6d46261d2801a37f80d84d0e39fce6eaedf106a61b5961960641b9db0e4e23c770e6370ac5d61c6c9eb0f07 Rsa Exponent: 010001 Changelog v0.1.8 Fix DESede keyspec error (#12) Fix js editor can’t activate. Add des zeropadding. [hide][Hidden Content]]
  13. BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.7 fix rsa data length limit (#10) [hide][Hidden Content]]
  14. BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.6 opt js support. add Get PlainText to all panel. [hide][Hidden Content]]
  15. Gilisoft Full Disk Encryption The Most Advanced and Easiest Disk Encryption Software No Worries of Data Theft by Malicious Behavior No Worries of Data Leak When Computer was Lost What Does Full Disk Encryption Do? GiliSoft Full Disk Encryption is especially useful for laptops and other small computing devices that can be physically lost or stolen. It offers encryption of all disk partitions, including the system partition. Through password protecting a disk, disk partition or operating system launch, the program disables any unauthorized reading/writing activity on your disk or PC, restricts access and launch of specific disks and files. It provides automatic security for all information on endpoint hard drives, including user data, operating system files and temporary and erased files. For maximum data protection, multi-factor pre-boot authentication ensures user identity, while encryption prevents data loss from theft. Tips: This tool does NOT encrypt boot partition on drive with GPT partition table. If have GPT drive and want to encrypt boot partiton with Full Disk Encrytion, please convert GPT drive to MBR first and disable bios UEFI, disable Memory Fast Boot. [Hidden Content] [hide][Hidden Content]]
  16. BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! [hide][Hidden Content]]
  17. BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.4.2 add aes zeropadding. [hide][Hidden Content]]
  18. Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.4.1 fix js engine bugs. [hide][Hidden Content]]
  19. BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! [hide][Hidden Content]]
  20. Using Encryption Via SSL ━━━━━━━━━━━━━ Most legitimate websites use what is called “secure sockets layer” (SSL), which is a form of encrypting data when it is being sent to and from a website. This keeps attackers from accessing that data while it is in transit. Look for the padlock icon in the URL bar, and the “s” in the “[Hidden Content] to make sure you are conducting secure, encrypted transactions online. It’s a good idea to access sites using SSL when: You store or send sensitive data online. If you use the internet to carry out tasks such as filing your taxes, making purchases, renewing your driver’s license, or conducting any other personal business, visiting sites using SSL is a good idea. Your work requires it. Your workplace may have encryption protocols, or it may be subject to regulations that require encryption. In these cases, encryption is a must.
  21. What does it do? The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page, the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place, and (if you use environmental keying) to avoid it being sandboxed. How does it do it? This is achieved by encrypting the HTA file using RC4, and then using navigator.msSaveBlob to "save" the file at runtime - rather than fetching the HTA directly from the server. Meaning that at no point is there any HTTP request/response that contains your HTA file in a plain-text form - the proxy will simply see a text/html file containing your encrypted blob. In the latest version of Edge, this will result in the user being prompted to "run" the HTA. Although not the primary aim of this tool, there are a couple of payload-options for the underlying HTA. Each option uses different techniques as previously documented by Matt Nelson, Matthew Demaske, Ryan Hanson and Etienne Stalmans. The benefit of using these techniques is that your code does not execute as a child of mshta.exe. As mentioned previously, the content of the HTA is not the primary aim of this tool. I'd encourage you to modify the HTA template to contain your own custom code 🙂 How do I run it? Run the demiguise.py file, giving it your encryption-key, payload-type, output file-name and command that you want the HTA run. Example: python demiguise.py -k hello -c "notepad.exe" -p Outlook.Application -o test.hta Environmental Keying In order to evade sandboxes, you shouldn't embed your key directly in the HTA. Instead you should get this dynamically from the environment the target is based in. An example of this may be to use the client's external IP address as a key. The benefit of this is that if the code is run in a 3rd-party sandbox, the HTA will not decrypt. In fact, the file-name will not even decrypt, meaning that nobody will know what your payload is/does 🙂 Some examples of environmental keying are given in examples/externalip.js and examples/virginkey.js. Bonus Since the tool outputs an HTML file containing JavaScript, you can simply take this JS and host it wherever you like. This means that if your client's website is vulnerable to reflected-XSS, you can use this to serve your HTA file from their (highly trusted) domain. Also, Outlook doesn't block .html attachments by default , and neither do some other applications - use your imagination! 🙂 Detection Currently it is not detected on VT: [Hidden Content] Defense Although obfuscation techniques may be hard to signature, one way to defend against HTA attacks is to prevent the HTA itself from being able to run in the first place. This can be achieved either through the use of Software Restriction Policy (SRP), Device Guard (on Windows 10 and Server 2016), or by changing the default file-handler associated with .hta files. Please note that these changes may potentially affect the running of software that relies on HTA execution. Therefore it is recommended that a fix is fully tested in your own environment. Using SRP: Changing the default file-handler: ftype htafile=%SystemRoot%\system32\NOTEPAD.EXE %1 Changing it back (x64): ftype htafile=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A2 Download: [HIDE][Hidden Content]]
  22. Hello, i Need Help GandCrab 5.1 Decryptor if any one Help me..?
  23. MensaMax version 4.3 performs unencrypted transmission and usage of a hardcoded encryption key. View the full article
  24. Symantec Mobile Encryption for iPhone version 2.1.0 suffers from a denial of service vulnerability. View the full article
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.