Kaitan.c is an IRC based DDoS client.
It connects to the server specified below and accepts commands via the channel specified.
Syntax : !nick command
For see all commands type : !nick help
You send this message to the channel that is defined later in this code.
You can download kaiten.c from here
If you have a problem or you need some explanations just write under this post!
Thursday, February 14, 2013
Wednesday, February 13, 2013
Cpulimit
Cpulimit is a simple program that attempts to limit the cpu usage of a process.
Cpulimit is pre-installed on a lot of distro but if you don't have you can downlaod from here
Syntax : cpulimit OPTIONS... TARGET
Options :
-l : percentage of cpu allowed from 0 to 200 (required)
-z : exit if there is no target process, or if it dies
-i : don't limit children processes
Target :
-e : name of the executable program file or path name
-p : pid of the process (implies -z)
Example:
cpulimit -l 50 -e firefox
Percentage : 50
Program : Firefox
Limit children process : Yes
cpulimit -l 120 -e firefox -i
Percentage: 120
Program : Firefox
Limit children process : No
cpulimit -l 70 -p 1000 -z
Percentage : 70
Pid : 1000
If you have a problem or you need some explanations just write under this post!
Cpulimit is pre-installed on a lot of distro but if you don't have you can downlaod from here
Syntax : cpulimit OPTIONS... TARGET
Options :
-l : percentage of cpu allowed from 0 to 200 (required)
-z : exit if there is no target process, or if it dies
-i : don't limit children processes
Target :
-e : name of the executable program file or path name
-p : pid of the process (implies -z)
Example:
cpulimit -l 50 -e firefox
Percentage : 50
Program : Firefox
Limit children process : Yes
cpulimit -l 120 -e firefox -i
Percentage: 120
Program : Firefox
Limit children process : No
cpulimit -l 70 -p 1000 -z
Percentage : 70
Pid : 1000
If you have a problem or you need some explanations just write under this post!
Monday, February 11, 2013
Weevely - Php web shell
Weevely is a stealth PHP web shell that provides a telnet-like console.
It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
You can download weevely from here
For run weevely on linux we need python 2.x and :
-Module :file.mount install httpfs
-Module :audit.mapwebfiles install beautifulsoup
For other operating system click here
For generate php backdoor type :
./weevely.py generate password path
Now we upload our php backdoor on server and after we can start ssh-like terminal session :
./weevely.py url password
For more informations about available module and backdoor generators type :
./weevely.py help
To run Weevely through an HTTP proxy set the shell.php proxy parameter in the default rc file:
For example for use weevely with tor:
cat ~/.weevely/weevely.rc
:set shell.php proxy=127.0.0.1:8118
For more informations read tutorial here
If you have a problem or you need some explanations just write under this post!
It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
You can download weevely from here
For run weevely on linux we need python 2.x and :
-Module :file.mount install httpfs
-Module :audit.mapwebfiles install beautifulsoup
For other operating system click here
For generate php backdoor type :
./weevely.py generate password path
Now we upload our php backdoor on server and after we can start ssh-like terminal session :
./weevely.py url password
For more informations about available module and backdoor generators type :
./weevely.py help
To run Weevely through an HTTP proxy set the shell.php proxy parameter in the default rc file:
For example for use weevely with tor:
cat ~/.weevely/weevely.rc
:set shell.php proxy=127.0.0.1:8118
For more informations read tutorial here
If you have a problem or you need some explanations just write under this post!
Thursday, February 7, 2013
Tormail
Tor Mail is a Tor Hidden Service that allows anyone to send and receive email anonymously.
This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
For more information, or to signup for your free @tormail.org account, which includes webmail, smtp, pop3, imap access.
For use tormail Tor hidden service at : http://jhiwjjlqpyawmpjx.onion or click here
For visit onion web site you must use tor, for more informations click here
If you have a problem or you need some explanations just write under this post!
This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
For more information, or to signup for your free @tormail.org account, which includes webmail, smtp, pop3, imap access.
For use tormail Tor hidden service at : http://jhiwjjlqpyawmpjx.onion or click here
For visit onion web site you must use tor, for more informations click here
If you have a problem or you need some explanations just write under this post!
Wednesday, February 6, 2013
Skipfish - Web app scanner
Skipfish is an active web application security reconnaissance tool.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
You can download skipfish from here
After download extract (tar -zxvf skipfish-2.10b.tgz) and move into directory
Type : make
After for run skipfish type : ./skipfish
Syntax : ./skipfish [ options ... ] -W wordlist -o output_dir start_url [ start_url2 ... ]
For all options type : ./skipfish -h
If you have a problem or you need some explanations just write under this post!
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
You can download skipfish from here
After download extract (tar -zxvf skipfish-2.10b.tgz) and move into directory
Type : make
After for run skipfish type : ./skipfish
Syntax : ./skipfish [ options ... ] -W wordlist -o output_dir start_url [ start_url2 ... ]
For all options type : ./skipfish -h
If you have a problem or you need some explanations just write under this post!
Tuesday, February 5, 2013
Knock - Subdomain scan
Knock is a python script, written by Gianni Amato, designed to enumerate subdomains on a target domain through a wordlist.
Knock is targeted to:
-Scan subdomains
-DNS request for zone transfer
-DNS resolver
-Wildcard testing
-Wildcard bypass
For run we need python 2.x
You can download knock from here
For scan type :
./knock.py site.com
For scan with external wordlist type:
./knock.py site.com wordlist
Other options:
-zt : Zone Transfer discovery
-wc : Wildcard testing
-dns : Dns resolving
-bw : Bypass wildcard
If you have a problem or you need some explanations just write under this post!
Knock is targeted to:
-Scan subdomains
-DNS request for zone transfer
-DNS resolver
-Wildcard testing
-Wildcard bypass
For run we need python 2.x
You can download knock from here
For scan type :
./knock.py site.com
For scan with external wordlist type:
./knock.py site.com wordlist
Other options:
-zt : Zone Transfer discovery
-wc : Wildcard testing
-dns : Dns resolving
-bw : Bypass wildcard
If you have a problem or you need some explanations just write under this post!
Friday, February 1, 2013
JoomScan , WpScan - Joomla and Wordpress scan
Wordpress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL.
Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently.
Wordpress and Joomla are serice very common.
There are a vulnerabilty scans for wordpress (wpscan) and for joomla (joomscan)
You can download joomscan from here
For run Joomscan type :
perl joomscan.pl -u url
Options:
-x proxy:port = Proxy to tunnel
-c string = Cookie (name=value;)
-nv = No Version fingerprinting check
-nf = No Firewall detection check
-ot /path/ = Output to Text file
-vu = Verbose (output every Url scan)
-sp = Show completed Percentage
Example :
perl joomscan.pl -u www.site.com -x 127.0.0.1:9050 -ot /home/HackForLulz/result -sp -vu
Target = site.com
Proxy = localhost:9050 <- through by Tor
Output = /home/HackForLulz/result
Show percentage = yes
For more informations type : perl joomscan.pl
You can download wpscan from here
For run type :
ruby wpscan.rb --url url
Options:
--threads numberofthreads
--worldlist wordlist : Do wordlist password brute force on enumerated users
--enumerate p : enumerate plugins
--enumerate t : enumerate themes
--enumerate u : enumerate users
--enumerate tt : enumerate installed timthumbs
--proxy host:port
Example :
ruby wpscan.rb --url www.site.com --threads 16 --enumerate t --enumerate -u
Target = site.com
Threads = 16
Enumerate themes = Yes
Enumerate users = Yes
ruby wpscan.rb --url www.site.com --threads 32 --enumerate t --enumerate -u --enumerate tt --proxy 127.0.0.1:9050
Target = site.com
Threads = 32
Enumerate themes = Yes
Enumerate users = Yes
Enumerate installe timthumbs = Yes
Proxy = localhost:9050 <- Through by Tor
For more informations type : ruby wpscan.rb --help
If you have a problem or you need some explanations just write under this post!
Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently.
Wordpress and Joomla are serice very common.
There are a vulnerabilty scans for wordpress (wpscan) and for joomla (joomscan)
You can download joomscan from here
For run Joomscan type :
perl joomscan.pl -u url
Options:
-x proxy:port = Proxy to tunnel
-c string = Cookie (name=value;)
-nv = No Version fingerprinting check
-nf = No Firewall detection check
-ot /path/ = Output to Text file
-vu = Verbose (output every Url scan)
-sp = Show completed Percentage
Example :
perl joomscan.pl -u www.site.com -x 127.0.0.1:9050 -ot /home/HackForLulz/result -sp -vu
Target = site.com
Proxy = localhost:9050 <- through by Tor
Output = /home/HackForLulz/result
Show percentage = yes
For more informations type : perl joomscan.pl
You can download wpscan from here
For run type :
ruby wpscan.rb --url url
Options:
--threads numberofthreads
--worldlist wordlist : Do wordlist password brute force on enumerated users
--enumerate p : enumerate plugins
--enumerate t : enumerate themes
--enumerate u : enumerate users
--enumerate tt : enumerate installed timthumbs
--proxy host:port
Example :
ruby wpscan.rb --url www.site.com --threads 16 --enumerate t --enumerate -u
Target = site.com
Threads = 16
Enumerate themes = Yes
Enumerate users = Yes
ruby wpscan.rb --url www.site.com --threads 32 --enumerate t --enumerate -u --enumerate tt --proxy 127.0.0.1:9050
Target = site.com
Threads = 32
Enumerate themes = Yes
Enumerate users = Yes
Enumerate installe timthumbs = Yes
Proxy = localhost:9050 <- Through by Tor
For more informations type : ruby wpscan.rb --help
If you have a problem or you need some explanations just write under this post!
Subscribe to:
Comments (Atom)