FINANZAS INTERNACIONALES

UNESR

Are you tired of reading endless news stories about ethical hacking and not really knowing what that means? Let's change that!

This Post is for the people that:

Have No Experience With Cybersecurity (Ethical Hacking)
Have Limited Experience.
Those That Just Can't Get A Break

OK, let's dive into the post and suggest some ways that you can get ahead in Cybersecurity.

I receive many messages on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems. Its time to change the color of your hat 😀

I've had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have.

If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.

Let's get this party started.

What is hacking?

Hacking is identifying weakness and vulnerabilities of some system and gaining access with it.

Hacker gets unauthorized access by targeting system while ethical hacker have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s)

There's some types of hackers, a bit of "terminology".
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — person with no technical skills just used pre-made tools.
Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.

Skills required to become ethical hacker.

Curosity anf exploration
Operating System
Fundamentals of Networking

*Note this sites

More articles

UNESR

The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. There are 2 parts. The first is ghdb_scraper.py that retrieves Google Dorks and the second portion is pagodo.py that leverages the information gathered by ghdb_scraper.py.

What are Google Dorks?
The awesome folks at Offensive Security maintain the Google Hacking Database (GHDB) found here: https://www.exploit-db.com/google-hacking-database. It is a collection of Google searches, called dorks, that can be used to find potentially vulnerable boxes or other juicy info that is picked up by Google's search bots.

Installation
Scripts are written for Python 3.6+. Clone the git repository and install the requirements.

git clone https://github.com/opsdisk/pagodo.git
cd pagodo
virtualenv -p python3 .venv  # If using a virtual environment.
source .venv/bin/activate  # If using a virtual environment.
pip install -r requirements.txt

Google is blocking me!
If you start getting HTTP 503 errors, Google has rightfully detected you as a bot and will block your IP for a set period of time. The solution is to use proxychains and a bank of proxies to round robin the lookups.
Install proxychains4

apt install proxychains4 -y

Edit the /etc/proxychains4.conf configuration file to round robin the look ups through different proxy servers. In the example below, 2 different dynamic socks proxies have been set up with different local listening ports (9050 and 9051). Don't know how to utilize SSH and dynamic socks proxies? Do yourself a favor and pick up a copy of The Cyber Plumber's Handbook to learn all about Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss.

vim /etc/proxychains4.conf

round_robin
chain_len = 1
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 127.0.0.1 9050
socks4 127.0.0.1 9051

Throw proxychains4 in front of the Python script and each lookup will go through a different proxy (and thus source from a different IP). You could even tune down the -e delay time because you will be leveraging different proxy boxes.

proxychains4 python3 pagodo.py -g ALL_dorks.txt -s -e 17.0 -l 700 -j 1.1

ghdb_scraper.py
To start off, pagodo.py needs a list of all the current Google dorks. A datetimestamped file with the Google dorks and the indididual dork category dorks are also provided in the repo. Fortunately, the entire database can be pulled back with 1 GET request using ghdb_scraper.py. You can dump all dorks to a file, the individual dork categories to separate dork files, or the entire json blob if you want more contextual data about the dork.
To retrieve all dorks

python3 ghdb_scraper.py -j -s

To retrieve all dorks and write them to individual categories:

python3 ghdb_scraper.py -i

Dork categories:

categories = {      1: "Footholds",      2: "File Containing Usernames",      3: "Sensitives Directories",      4: "Web Server Detection",      5: "Vulnerable Files",      6: "Vulnerable Servers",      7: "Error Messages",      8: "File Containing Juicy Info",      9: "File Containing Passwords",      10: "Sensitive Online Shopping Info",      11: "Network or Vulnerability Data",      12: "Pages Containing Login Portals",      13: "Various Online devices",      14: "Advisories and Vulnerabilities",  }

pagodo.py
Now that a file with the most recent Google dorks exists, it can be fed into pagodo.py using the -g switch to start collecting potentially vulnerable public applications. pagodo.py leverages the google python library to search Google for sites with the Google dork, such as:

intitle:"ListMail Login" admin -demo

The -d switch can be used to specify a domain and functions as the Google search operator:

site:example.com

Performing ~4600 search requests to Google as fast as possible will simply not work. Google will rightfully detect it as a bot and block your IP for a set period of time. In order to make the search queries appear more human, a couple of enhancements have been made. A pull request was made and accepted by the maintainer of the Python google module to allow for User-Agent randomization in the Google search queries. This feature is available in 1.9.3 and allows you to randomize the different user agents used for each search. This emulates the different browsers used in a large corporate environment.
The second enhancement focuses on randomizing the time between search queries. A minimum delay is specified using the -e option and a jitter factor is used to add time on to the minimum delay number. A list of 50 jitter times is created and one is randomly appended to the minimum delay time for each Google dork search.

categories = {
    1: "Footholds",
    2: "File Containing Usernames",
    3: "Sensitives Directories",
    4: "Web Server Detection",
    5: "Vulnerable Files",
    6: "Vulnerable Servers",
    7: "Error Messages",
    8: "File Containing Juicy Info",
    9: "File Containing Passwords",
    10: "Sensitive Online Shopping Info",
    11: "Network or Vulnerability Data",
    12: "Pages Containing Login Portals",
    13: "Various Online devices",
    14: "Advisories and Vulnerabilities",
}

Latter in the script, a random time is selected from the jitter array and added to the delay.

intitle:"ListMail Login" admin -demo

Experiment with the values, but the defaults successfully worked without Google blocking my IP. Note that it could take a few days (3 on average) to run so be sure you have the time.
To run it:

site:example.com

Conclusion
Comments, suggestions, and improvements are always welcome. Be sure to follow @opsdisk on Twitter for the latest updates.

Download Pagodo

via KitPloitRelated word

UNESR

Hello,

My name is David I am a senior staff with a public Bank here in Cambodia. I have a business proposal to share with you.

Contact me back for more details.

Kind Regards,
Mr. David

UNESR

Why vlang? V is a featured, productive, safe and confortable language highly compatible with c, that generates neat binaries with c-speed, the decompilation also seems quite clear as c code.
https://vlang.io/

After open the binary with radare in debug mode "-d" we proceed to do the binary recursive analysis with "aaaa" the more a's the more deep analys.

The function names are modified when the binary is crafted, if we have a function named hello in a module named main we will have the symbol main__hello, but we can locate them quicly thanks to radare's grep done with "~" token in this case applied to the "afl" command which lists all the symbols.

Being in debug mode we can use "d*" commands, for example "db" for breakpointing the function and then "dc" to start or continue execution.

Let's dissasemble the function with "pD" command, it also displays the function variables and arguments as well, note also the xref "call xref from main"

Let's take a look to the function arguments, radare detect's this three 64bits registers used on the function.

Actually the function parameter is rsi that contains a testing html to test the href extraction algorithm.

The string structure is quite simple and it's plenty of implemented methods.

With F8 we can step over the code as we were in ollydbg on linux.

Note the rip marker sliding into the code.

We can recognize the aray creations, and the s.index_after() function used to find substrings since a specific position.

If we take a look de dissasembly we sill see quite a few calls to tos3() functions.
Those functions are involved in string initialization, and implements safety checks.

tos(string, len)
tos2(byteptr)
tos3(charptr)

In this case I have a crash in my V code and I want to know what is crashing, just continue the execution with "dc" and see what poits the rip register.

In visual mode "V" we can see previous instructions to figure out the arguments and state.

We've located the crash on the substring operation which is something like "s2 := s1[a..b]" probably one of the arguments of the substring is out of bounds but luckily the V language has safety checks and is a controlled termination:

Switching the basic block view "space" we can see the execution flow, in this case we know the loops and branches because we have the code but this view also we can see the tos3 parameter "href=" which is useful to locate the position on the code.

When it reach the substr, we can see the parameters with "tab" command.

Looking the implementation the radare parameter calculation is quite exact.

Let's check the param values:

so the indexes are from 0x0e to 0x24 which are inside the buffer, lets continue to next iteration,
if we set a breakpoint and check every iteration, on latest iteration before the crash we have the values 0x2c to 0x70 with overflows the buffer and produces a controlled termination of the v compiled process.

FINANZAS INTERNACIONALES

CONTENIDO PROGRAMÁTICO

sábado, 22 de agosto de 2020

How To Start | How To Become An Ethical Hacker

More articles

Pagodo - Automate Google Hacking Database Scraping And Searching

Business Proposal

Vlang Binary Debugging

Continue reading

UNESR

Contribuyentes

Archivo del blog

Seguidores