via The Hacker News
sexta-feira, 22 de maio de 2020
New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks
Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice,
via The Hacker News
via The Hacker News
Fragroute
"fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour." read more...
Website: http://monkey.org/~dugsong/fragroute
More articles
USE OF CRYPTOGRAPHY IN HACKING
WHAT IS CRYPTOGRAPHY?
Related wordThe Cryptography is derived from the Greek words "Kryptos". This is the study of secure communication techniques that allow only the sender and recipient of a message to view it's contents of transforming information into nonhuman readable form or vice versa is called cryptography.
As we know that information plays a vital role in running of any business and organizations etc, sensitive details in the wrong hands can leads to loss of business.
Cryptography is the science of ciphering and deciphering messages.To secure communication organizations use cryptology to cipher information .
Or
Cryptography is a method of protecting information and communication through the use of codes so that only those whom the information is intended can read and process it.
In Computer Science, Cryptography refers to secure information and communication techniques derived from mathematical concepts , a set of rule based calculations called algorithm to transform message in ways the hard to readable for human.
This is one of the secure way of communications for a hacker with the help of virtual private network(VPN) like Tor Browser which is also very helpful to change the IP Address(Location of the sender ) for illegal purpose to perform crime in cyberspace . I will discuss in brief about the VPN .
How to Encrypt and Decrypt the text in Cryptography?
Open this website with the help of internert surfing for encryption-"http://wwwmd5online.org"
Open the link for Decrypt the code text-"http://www.md5online.org/md5-decrypt.html"
Type whatever you want for encryption and it will crypt in the code form, copy that code and forward to the intended person whom you want for secure communication and then he/she will Decrypt in the real form.
The Pillager 0.7 Release
I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code. However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released.. As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.
For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go. If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.
http://consolecowboys.org/pillager/pillage_0.7.zip
Ficti0n$ python pillager.py
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]
Release Notes:
--Fixed bugs and optimized code
--Added Docstrings
--Fixed Named and Data searches from config files
About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.
Supported Platforms:
--------------------
-Oracle
-MSSQL
-MYSQL
-PostGreSQL
Usage Examples:
************************************************************************
For Mysql Postgres and MsSQL pillaging:
---------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password]
For Oracle pillaging you need a SID connection string:
------------------------------------------------------
python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
Grab some hashes and Hipaa specific:(Default is PCI)
------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa
Drop into a SQL CMDShell:
-------------------------
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q
Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D
Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N
Switch Options:
---------------------
-# --hashes = grab database password hashes
-l --limit = limit the amount of rows that are searched or when displaying data (options = any number)
-s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
-u --user = Database servers username
-p --pass = Password for the database server
-a --address = Ipaddress of the database server
-d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
-r --report = report format (HTML, XML, screen(default))
-N --nameSearch = Search via inputFiles/tables.txt
-D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
Prerequisites:
-------------
python v2 (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
cx_oracle (cx-oracle.sourceforge.net)
psycopg2 (initd.org/psycopg/download/)
MySQLdb (should be on BT by default)
pymssql (should be on BT by default)
For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go. If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.
http://consolecowboys.org/pillager/pillage_0.7.zip
Ficti0n$ python pillager.py
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]
Release Notes:
--Fixed bugs and optimized code
--Added Docstrings
--Fixed Named and Data searches from config files
About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.
Supported Platforms:
--------------------
-Oracle
-MSSQL
-MYSQL
-PostGreSQL
Usage Examples:
************************************************************************
For Mysql Postgres and MsSQL pillaging:
---------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password]
For Oracle pillaging you need a SID connection string:
------------------------------------------------------
python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
Grab some hashes and Hipaa specific:(Default is PCI)
------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa
Drop into a SQL CMDShell:
-------------------------
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q
Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D
Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N
Switch Options:
---------------------
-# --hashes = grab database password hashes
-l --limit = limit the amount of rows that are searched or when displaying data (options = any number)
-s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
-u --user = Database servers username
-p --pass = Password for the database server
-a --address = Ipaddress of the database server
-d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
-r --report = report format (HTML, XML, screen(default))
-N --nameSearch = Search via inputFiles/tables.txt
-D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
Prerequisites:
-------------
python v2 (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
cx_oracle (cx-oracle.sourceforge.net)
psycopg2 (initd.org/psycopg/download/)
MySQLdb (should be on BT by default)
pymssql (should be on BT by default)
Related word
How To Create Fake Email Address Within Seconds
How To Create Fake Email Address Within Seconds
The method of creating a fake email address is very simple and easy as these are based on online websites that will provide you a free email address without taking any personal details from you.
#1 10 Minute Mail
10 Minute Mail will provide you a temporary e-mail address. Any e-mails sent to that address will show automatically on the web page. You can read them, click on links, and even reply to them. The email address will expire after 10 minutes.
#2 GuerrillaMail
It is one of the most user-friendly ones out there, with this, you can get disposable email ID easily. You need to enter the details, and the fake email ID will be generated. Moreover, this also lets you send emails with attachment up to 150MB. You will be provided with a temporary email address which you can use to verify some websites which require the email address.
#3 Mailinator
Mailinator is a free, Public, Email System where you can use any inbox you want. You will be given a Mailinator address which you can use anytime a website asks for an email address. The public emails you will receive will be auto-deleted after few hours of receiving.
#4 MailDrop
Maildrop is a great idea when you want to sign up for a website but you are concerned that they might share your address with advertisers. MailDrop is powered by some of the spam filters created by Heluna, used in order to block almost all spam attempts before they even get to your MailDrop inbox. This works the same way like Mailinator in which you will be given a temporary Email address which you can use to verify sites etc.
#5 AirMail
AirMail is a free temporary email service, you are given a random email address you can use when registering to new websites or test-driving untrusted services. All emails received by AirMail servers are displayed automatically in your online browser inbox.
- Portatil Para Hacking
- Hacking Gif
- Hacking Linux Distro
- Que Hay Que Estudiar Para Ser Hacker
- Kali Linux Hacking
- Start Hacking
- Blackhat Hacking
- Escuela De Hacking
- Hacking Wifi Kali Linux
- Growth Hacking Examples
- Un Hacker
- Como Aprender A Ser Hacker
- Hardware Hacking
- Hacking Traduccion
- Hacking Gif
- Cracker Definicion
Assinar:
Postagens (Atom)