filipesam

## passwords.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                simonwhitaker
                / passwords.md
            
            
              Created
              November 15, 2012 16:23
            
              
                Passwords: Of MD5 and Mistresses
              
          
    By Simon Whitaker
Errata Security have an interesting post on the hacking of a general's mistress. In it, Robert David Graham looks at how long it would take someone to discover Paula Broadwell's Yahoo! email password based on the hashed copy leaked in an email hack last year. He states:

it'll take 17 hours to crack her password using a GPU accelerator trying 3.5-billion password attempts per second, trying all combinations of upper/lower case and digits.

(My emphasis)
I read that and thought: clearly he's making an assumption here about the (maximum) length of the password. I wonder what the assumption was?

  
## AESCipher.py
from Crypto.Cipher import AES
from Crypto import Random

BS = 16
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
unpad = lambda s : s[0:-ord(s[-1])]

class AESCipher:
    def __init__( self, key ):
        """

## hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""

import sys,struct,socket
from argparse import ArgumentParser

## namemash.py
#!/usr/bin/env python3

'''
NameMash by superkojiman

Generate a list of possible usernames from a person's first and last name.

https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''

## plink_socks_proxy.bat
:: plink from here: http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe
:: Guide available here: http://blog.buttewifi.com/2010/01/dynamic-ssh-tunneling-with-putty-to-secure-web-traffic/

:: Connects to 192.168.1.2 on port 5900. Sets up a SOCKS proxy that listens on 127.0.0.1 port 9876 and forwards all connections through the connection to 192.168.1.2.
:: You then need to configure your system to use 127.0.0.1:9876 as a SOCKS proxy.
putty\PLINK.EXE 192.168.1.2 -P 5900 -D 127.0.0.1:9876 -N

:: Gotcha: In Windows, you need to specifically enable it as a SOCKS proxy, and disable all other proxies.

## NetworkCapture.psm1
#requires -version 3

$ErrorActionPreference = 'Stop'

$networkTraceFileName = 'NetworkTrace'

function LaunchSingleRemoteCommand([string][parameter(mandatory)]$ComputerName, [pscredential]$Credential, [System.Management.Automation.Runspaces.AuthenticationMechanism]$Authentication, [scriptblock][parameter(mandatory)]$ScriptBlock)
{
    $args = @{
        ComputerName = $ComputerName

## ubuntu_veil_evasion_setup.sh
#!/bin/bash

sudo apt-get install git
cd /tmp/
git clone https://github.com/darkoperator/MSF-Installer.git
cd MSF-Installer
sudo ./msf_install.sh -i
source ~/.bashrc
sudo chmod 0666 /usr/local/share/metasploit-framework/log/production.log

## tcp_flags.txt
##TCP FLAGS##

Unskilled Attackers Pester Real Security Folks
==============================================
                     TCPDUMP FLAGS
Unskilled =  URG  =  (Not Displayed in Flag Field, Displayed elsewhere)
Attackers =  ACK  =  (Not Displayed in Flag Field, Displayed elsewhere)
Pester    =  PSH  =  [P] (Push Data)
Real      =  RST  =  [R] (Reset Connection)
Security  =  SYN  =  [S] (Start Connection)

## JexBoss.py
#coding: utf-8
'''
   --------------------------------------------------------------------------------------
# [+] JexBoss v1.0. @autor: João Filho Matos Figueiredo (joaomatosf@gmail.com)
# [+] Updates: https://github.com/joaomatosf/jexboss
# [+] SCRIPT original: http://1337day.com/exploit/23507
# [+] Free for distribution and modification, but the authorship should be preserved.
   --------------------------------------------------------------------------------------

   [+] SCRIPT Edited by: [ I N U R L  -  B R A S I L ] - [ By GoogleINURL ]

## http-tomcat-manager.nse
local shortport = require "shortport"
local http = require "http"
local stdnse = require "stdnse"
local brute = require "brute"
local creds = require "creds"

description = [[
Performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages.
]]
	from Crypto.Cipher import AES
	from Crypto import Random

	BS = 16
	pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
	unpad = lambda s : s[0:-ord(s[-1])]

	class AESCipher:
	def __init__( self, key ):
	"""
	#!/usr/bin/env python2
	"""
	Author: takeshix <takeshix@adversec.com>
	PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

	Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
	"""

	import sys,struct,socket
	from argparse import ArgumentParser
	#!/usr/bin/env python3

	'''
	NameMash by superkojiman

	Generate a list of possible usernames from a person's first and last name.

	https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
	'''
	:: plink from here: http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe
	:: Guide available here: http://blog.buttewifi.com/2010/01/dynamic-ssh-tunneling-with-putty-to-secure-web-traffic/

	:: Connects to 192.168.1.2 on port 5900. Sets up a SOCKS proxy that listens on 127.0.0.1 port 9876 and forwards all connections through the connection to 192.168.1.2.
	:: You then need to configure your system to use 127.0.0.1:9876 as a SOCKS proxy.
	putty\PLINK.EXE 192.168.1.2 -P 5900 -D 127.0.0.1:9876 -N

	:: Gotcha: In Windows, you need to specifically enable it as a SOCKS proxy, and disable all other proxies.
	#requires -version 3

	$ErrorActionPreference = 'Stop'

	$networkTraceFileName = 'NetworkTrace'

	function LaunchSingleRemoteCommand([string][parameter(mandatory)]$ComputerName, [pscredential]$Credential, [System.Management.Automation.Runspaces.AuthenticationMechanism]$Authentication, [scriptblock][parameter(mandatory)]$ScriptBlock)
	{
	$args = @{
	ComputerName = $ComputerName
	#!/bin/bash

	sudo apt-get install git
	cd /tmp/
	git clone https://github.com/darkoperator/MSF-Installer.git
	cd MSF-Installer
	sudo ./msf_install.sh -i
	source ~/.bashrc
	sudo chmod 0666 /usr/local/share/metasploit-framework/log/production.log
	##TCP FLAGS##

	Unskilled Attackers Pester Real Security Folks
	==============================================
	TCPDUMP FLAGS
	Unskilled = URG = (Not Displayed in Flag Field, Displayed elsewhere)
	Attackers = ACK = (Not Displayed in Flag Field, Displayed elsewhere)
	Pester = PSH = [P] (Push Data)
	Real = RST = [R] (Reset Connection)
	Security = SYN = [S] (Start Connection)
	#coding: utf-8
	'''
	--------------------------------------------------------------------------------------
	# [+] JexBoss v1.0. @autor: João Filho Matos Figueiredo (joaomatosf@gmail.com)
	# [+] Updates: https://github.com/joaomatosf/jexboss
	# [+] SCRIPT original: http://1337day.com/exploit/23507
	# [+] Free for distribution and modification, but the authorship should be preserved.
	--------------------------------------------------------------------------------------

	[+] SCRIPT Edited by: [ I N U R L - B R A S I L ] - [ By GoogleINURL ]
	local shortport = require "shortport"
	local http = require "http"
	local stdnse = require "stdnse"
	local brute = require "brute"
	local creds = require "creds"

	description = [[
	Performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages.
	]]