Powershell Tools For Pentester

• PowerMemory: https://github.com/giMini/PowerMemory
  Exploit the credentials present in files and memory
• ReflectiveDLLInjection: https://github.com/stephenfewer/ReflectiveDLLInjection
  Reflective DLL injection is a library injection technique that is primarily used to perform the loading of a library from memory to host processes. The library should therefore be able to load itself by implementing a minimal PE file loader, managed with minimal interaction between the host system and processes.
• ThrowbackLP: https://github.com/silentbreaksec/ThrowbackLP
  Monitor station reverse injection
• Throwback: https://github.com/silentbreaksec/Throwback
  HTTP/S Beaconing Implant
• CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec
  A swiss army knife for pentesting Windows/Active Directory environments
• nishang: https://github.com/samratashok/nishang
  Nishang is a PowerShell-based penetration testing tool. Integration of frameworks, scripts and various payloads. These scripts are written by Nishang’s author in the real penetration testing process, with actual combat value. Including the download and execution, keyboard records, dns, delay commands and other scripts.
• UnmanagedPowerShell: https://github.com/leechristensen/UnmanagedPowerShell
  Executes PowerShell from an unmanaged process. With a few modifications, these same techniques can be used when injecting into different processes (i.e. you can cause any process to execute PowerShell if you want).
• Empire: https://github.com/powershellempire/empire
  Empire is a PowerShell and Python post-exploitation agent. http://www.powershellempire.com/
• Unicorn: https://github.com/trustedsec/unicorn
  Unicorn is a simple tool for PowerShell downgrade attacks and direct injection of shellcode into memory.
• PowerShell: https://github.com/clymb3r/PowerShell
  The tools in this directory are part of PowerSploit and are being maintained there. They are preserved here for legacy, but any bug fixes should be checked in to PowerSploit.
• PSRecon: https://github.com/gfoss/PSRecon
  PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.
• PowerShell: https://github.com/MikeFal/PowerShell
  Powershell scripts for SQL Server database administration
• PowerTools Tools: https//github.com/PowerShellEmpire/PowerTools
  
  PowerTools is a collection of PowerShell projects with a focus on offensive operations.
• PowerShellArsenal: https://github.com/mattifestation/PowerShellArsenal
  PowerShell module for reverse engineering, can be disassembled hosting and unmanaged code, for. NET malware analysis, analysis of memory, parsing file formats and memory structure, access to internal system information.
• PowerShell API Manual: http://www.pinvoke.net/
  PInvoke.net is primarily a wiki that allows developers to find, edit, and add PInvoke’s * signatures, user-defined types, and any other information associated with calling managed code for Win32 and other unmanaged APIs.
• The AD-Recon-PowerShell: https://github.com/PyroTek3/PowerShell-AD-Recon
  A useful PowerShell script
• The PowerCat: https://github.com/secabstraction/PowerCat
  PowerShell TCP / IP Swiss Army Knife for Netcat & Ncat.
• Honeyport: https://github.com/Pwdrkeg/honeyport
  A PowerShell script for creating Windows honeyport
• PowerShellMafia: https://github.com/PowerShellMafia/PowerSploit
  PowerSploit is the set of PowerShell modules in Microsoft that can help Infiltrators evaluate at all stages.
• Secmod-Posh: https://github.com/darkoperator/Posh-SecMod
  PowerShell Module with Security cmdlets for security work
• Harness: https://github.com/Rich5/Harness
  Interactive remote PowerShell Payload

Your Robots.txt File Helps Hackers

As you know, the majority of the webmasters upload a file called robots.txt to their servers in order to give instructions to the crawlers like Google, Yahoo, Bing… about what pages mustn’t be indexed.
Example:

• https://www.linkedin.com/robots.txt
• http://www.bbc.co.uk/robots.txt
• https://www.google.co.uk/robots.txt

Why does the webmaster want to hide some URLs? One of the first things the hackers can do is check these files. Hackers can get a lot of valuable information trying to locate the data, scripts… that the webmaster wants to keep hiding…

Sometimes Google indexes the robots.txt,  giving hackers the oportunity to locate words in this file through Google searches.

For example, if a hacker wants to locate users installations, he could use the robots.txt files indexed in Google to locate them and then try to exploit them.

inurl:.kh/robots.txt- + “Disallow: /user/ “

The hackers could locate WordPress installations by using…

inurl:”.com/robots.txt” + “Disallow: /wp-admin/

The hackers could locate Joomla installations by using…

inurl:”/robots.txt” + “Disallow: joomla”

The hackers could locate Plesk Statisticsin stallations by using…

inurl:”/robots.txt” + “Disallow:  plesk-stat”

The hackers could locate Drupal installations by using…inurl:”.com/robots.txt” + “Disallow: ?q=admin”
The hackers could locate Tinymce installations in order to try to get information about the plugins installed on these servers and then try to exploit them…
inurl:”.com/robots.txt” + “Disallow: tinymce”
Is someone trying to hide their password?.
inurl:”/robots.txt” + “Disallow: passwords.txt”>You should be careful when you are writing your robots.txt because if someone checks it or someone with imagination searches on Google with this types of queries,  you could be a hacker’s target…

How to modify SSH remote login port in Linux

SSH: short for Secure Shell, SSH (developed by SSH Communications Security Ltd.) is a secure protocol for remote logins. Using an SSH client, a user can connect to a server to transfer information in a more secure manner than other methods, such as telnet. Below is an example of how an SSH session, which uses a command line interface, may look. SSH defaults to port 22.

Modify the SSH remote login port to 9999

# vi /etc/ssh/sshd_config
Port 9999
# service sshd restart

Add a port to the firewall

The default iptables only open port 22 for ssh service, the use of additional ports such as 9999 need to add this port to a white list in iptables. If you don’t add this port, you will not connect to the SSH server.

# iptables -I INPUT -p tcp –dport 9999 -j ACCEPT
# iptables -A INPUT -p tcp –dport 9999 -j ACCEPT
#service iptables save

You need to save the command to the iptables configuration file

iptables-save >/etc/sysconfig/iptables

‘OK Google’ is not the only thing that your phone is recording.

According to The Independent, Google’s voice search function doesn’t just turn on when you ask it to. Rather, it records almost everything.

Feeling unnerved yet? Well, it gets even wilder. You see, you can listen to the recordings Google has stored and associated with your name simply by visiting this webpage.

There’s also this webpage that will show you how much Google knows about your every move on the internet.

Both webpages will contain information from not only computers but any Android device you’ve logged in to your Google account.

How to Delete the Recordings

Luckily, if you’re not too happy about Google having potentially hours of your voice in its database, you can delete those files.

Beside each file’s title you’ll see a checkbox.

Just select the three dots top right and select delete    

How to Stop Google from Recording You Again

Now, as The Independent points out, stopping Google from recording you does result in some limited functionality if you’re using an Android phone or the company’s search.

However, you may be someone whose concern for privacy is much greater than finding what you’re looking for easily. If so, begin by never using Google’s voice search functions again. Follow up by disabling Google’s voice search.

1. Navigate to Settings
2. Tap the General tab
3. Under “Personal” find “Language & keyboard”
4. Find “Google voice typing” and tap the Settings button
5. Tap “Ok Google” Detection
6. Under the “From the Google app” option, move the slider to the left. If Google voice is already enabled move the slider to the left of “From any screen” or “Trusted Voice” and the “From the Google app” will appear.

 

List of data breaches and cyber attacks in 2016 – 1.6 billion records leaked

This year’s list of 1.5 billion breaches, I’m already beginning to worry about counting up 2017’s.

By my calculations, which involves the complex process of adding up all of the available numbers on the stories that I’ve reported each month, I’m at 1,654,135,541 leaked records in 2016. It’s very likely that the final number is significantly higher, but we know that there’s been at least 1,654,135,541.

I’d like to point out that I’ve not included the 500 million records exposed in the Yahoo data breach that came to light this year. The breach occurred in 2014 but didn’t become publicly known until earlier this year. Below, is a list of the most significant events of each month.

Note: The total number alongside each month is not definitive; please take it as the minimum number of records leaked in each month, not the total.

January –  57,740,000

US health insurer Centene loses 950,000 people’s records

Asda website leaves customer details vulnerable for 677 days

Etihad Airways investigating data breach dating back to 2013

Wendy’s Probes Reports of Credit Card Breach

Bitcoin Worth $USD 6 Million Stolen

Hackers have stolen €50 million from an aerospace parts manufacturer

February – 428,000

Linux Mint hacked – lone attacker creates botnet

Lincolnshire Council forced to use pen and paper after ransomware attack

@ChileanCrew Hacks, Leaks Details for 300,000 Chilean Citizens Looking for State Benefits

9000+ Department of Homeland Security staff have their details leaked by hacker

March – 20,018,962

3,000 Tidewater Community College workers victimized in W-2 scam

Attacker compromises information of 250K in Bailey’s data breach

Cyber criminals steal $25 million from Russian banks via phishing attack

Rosen Hotel chain was hit by credit card-stealing malware for 17 months

April – 166,687,282

Minecraft community lifeboat suffers data breach affecting seven million members

CoinWallet Bitcoin Trader Shuts Down Following Data Breach

93.4 million Mexicans at risk after voter database breach

BeautifulPeople.com Leaks Very Private Data of 1.1 Million ‘Elite’ Daters — And It’s All For Sale

ShapeShift loses $230,000 in bitcoin data breach – ex-employee to blame

Trump Hotel chain suffers data breach again

May –  117,339,372

MySpace and Tumblr hit by ‘mega breach’

117 million hacked LinkedIn email addresses and passwords put up for sale

Kiddicare customers at risk after data spills from test server

EPISD employee accounts hacked, money stolen

Payroll vendor employee falls for phishing scam, all clients’ W-2 data involved

1.4 Billion Yen Stolen From 1,400 Japanese ATMs

June –  289,150,000

154 million voter records exposed, revealing gun ownership, Facebook profiles, and more

77K accounts of Financial Giant, State Farm, leaked due to DAC Group Hack

Muslim Match dating website hack exposes more than half a million intimate messages

45 million records from over 1100 Verticalscope.com domains and communities hacked and leaked

51 Million iMesh Passwords Dumped Online

Personal info on 7.93 million people feared leaked

July –  34,195,351

King’s counselling department breaches students’ privacy

Athens Orthopedic Clinic to begin notifying patients of hack

WikiLeaks Put Women in Turkey in Danger, for No Reason

10 million customer’s data leaked from online shopping site

‘Warframe’ Hacked, Details on 775,000 Players Traded

Illinois online voter registration portal hacked, information compromised

August –  11,875,817

Omegle, the Popular ‘Chat with Strangers’ Service Leaks Your Dirty Chats and Personal Info

Data for 6 Million Minecraft Gamers Stolen from Leet.cc Servers 

SCAN Health Plan notifying members of unauthorized access to their information

Dominican Hospital notifies patients whose PHI was sent to wrong health plan

Epic’s forums hacked again, with thousands of logins stolen

Turkish Hackers Launch Second Cyber-Attack on Killeen’s Website

Defense university computers hacked, ‘information secure’

Olympics: Hackers attack Russian whistleblower’s doping account

September –  105,400,000

Florida Bar Association hacked, members’ data leaked

6.6 million plaintext passwords exposed as site gets hacked to the bone

Russian hackers leak Simone Biles and Serena Williams files

Russian internet giant Rambler.ru hacked, leaking 98 million accounts

Login details for 800,000 Brazzers users leaked

MarsJoke ransomware targets the government and K-12 educational sector

A single ransomware network has pulled in $121 million

October –  142,160,000

Medical marijuana patients’ personal information found in trash pile

Security Firm Tries Desperate Solution to Alert Company of Data Leak

Hacker grabs over 58 million customer records from data storage firm

Hutchinson Community Foundation falls victim to data breach

DDoS attack against DNS provider knocks major sites offline

Whoops: Pro-Donald Trump super PAC publishes donor credit card numbers

Hackers stole credit card data from Republican website for 6 months

November –  456,403,757

Department of National Defence investigating possible hack of its recruiting site

Over 412 million ‘adult’ accounts exposed – including 15 million deleted ones

Ransomware attack targets Seguin dermatology practice

Report holds Hitachi responsible for debit card data theft

Thieves Use Skimmers on ATMs in Four NYC Hospitals

Madison Square Garden Company Alerts Customers of Payment Card Data Breach

Data of 34 million Keralites leaked in massive breach

December – to be updated

85 million login details stolen from Dailymotion

Joan Jett’s BlackHeart Records leaks thousands of files online

KFC warns 1.2 million Colonel’s Club loyalty scheme members of data breach after website hacked

Japanese hosting company Kagoya hacked; credit card data stolen

ThyssenKrupp secrets stolen in ‘massive’ cyber attack

Well, that’s it for this year – a lot to reflect on over the Christmas period.

Ping Ping Ping Ping Pong

How Ping of Death attack works?
Not all computers can handle data larger than a fixed size. So, when a ping of death packet is sent from a source computer to a target machine, the ping packet gets fragmented into smaller groups of packets.

One fragment is of 8 octets size. When these packets reach the target computer, they arrive in fragments. So, the target computer reassembles the malformed packets which are received in chunks. But, the whole assembled packet causes buffer overflow at the target computer.

This buffer flow often causes the system crash making the system more vulnerable to attack.

Once the system becomes more vulnerable to attack, it allows more attacks like the injection of a trojan horse on the target machine.

A simple tutorial on how to perform DoS attack using ping of death using CMD:

Disclaimer: This is just for educational purposes. It’s nothing great but you can use it to learn.

Here are the steps:

• Open Notepad
• Copy the following text on the notepad

:loop
ping <IP Address> -l 65500 -w 1 -n 1
goto :loop

In the above command, replace <IP Address> with an IP address.

• Save the Notepad with any name. Let’s say dos.txt
• Right click on the dos.txt and click on rename.
• Change the extension from .txt to .bat
• So, now the file name should be dos.bat
• Double click on it and you will see a command prompt running with a lot of pings.

WordPress Password ….. How Good Is Yours ?

 

WordPress is the most popular Content Management System (CMS) used to power digital assets of websites and blogs on the Internet.

In fact, about 75 million sites (representing about 26% of all sites) depend on WordPress to make their online presence known.

Because of its increasing popularity, WordPress powered platforms are normally targeted by malicious hacking attacks and other types of security vulnerabilities.

In early 2016, Wordfence, a site providing security plugin for WordPress users, reported over 6 million password attacks  targeting over 72,000 individual sites within a 16-hour period.

And, what’s the most vulnerable point in the security of any WordPress site?

Yes, you are right, it’s the P A S S W O R D.

If an unauthorized person is able to guess, crack, or retrieve your password, then you could be in for a long, very long day.

Currently, with the modern advancement in technology, password-cracking techniques have equally become better. Some passwords could be very easy for a computer to break and strenuous for a person to keep in memory or type.

One of the most advanced password cracking tools can attempt up to 350 billion password guesses every second.

So, creating unbreakable passwords is key to maintaining the security of your blog.

Here are some useful tips.

1. Keep away from the world’s worst passwords

In the current digital age, having a password to access your online accounts is simply indispensable.

SplashData, which focuses on making password management software, compiled a list of commonly used passwords among Internet users. The company analyzed the data from more than 2 million passwords retrieved in 2015.

If this list contains the password or its related combinations you use for accessing your WordPress site, then move swiftly to a more secure one.

Here is a list of the 25 commonly used passwords:

2. Use a unique and creative password for your WordPress site

Do not make the fatal mistake of using the same password for your email account, social media accounts, and other places for accessing your WordPress website or blog.

Regurgitating your passwords is a risky affair you should avoid as plague. In case a malicious hacker discovers the password you use for one account, he or she could simply make your online life unbearable.

Desist from using names of places and dictionary words in your passwords. Currently, the methods of cracking passwords have advanced such that hackers are able to “brute force“; that is, try out different dictionary words and other common phrases to break the passwords.

Furthermore, to be unique, you can avoid using a password that’s related to your WordPress site and use a creative mixture of upper case and lower case letters, numbers, and symbols. This way, you will be making the work of someone trying to guess your password hard.

For instance, you can choose a random word or phrase and insert letters and numbers throughout it to increase complexity (such as “uTo7pyr$ll0%w4Ge”).

To make such complex passwords easier to remember but difficult for others to guess, you can take a sentence and convert it into a password by abbreviating words and creatively adding other memorable components.

For example, “I and my wife went for a holiday to Singapore for $3,500” could be “Iamww4@h2S4$35”. And, “Woohoo! I Blog Seven times a Week for money and fun” could translate to something like “WOO!IbG7#aWk4$+f”.

Here is how you can substitute some of the alphabets:

A= @

I= 1

L=!

o= 0 (zero)

S=$

Z= 2

Better still, you can use convenience software like LastPass and 1Password for remembering your strong, complex passwords.

As earlier mentioned here at Legit Blogger, avoid using commonly used words or sequential patterns that make the work of hackers easy.

The reason why “1qaz2wsx” made it to the list of the 25 worst passwords of 2015 (though it seems to be strong) is because it’s based on a sequential pattern of the initial two column keys on a standard computer keyboard.

So, better be safe than sorry and inject uniqueness and some creativity into your passwords.

3. Do not fall prey of “phishing” attacks

If you receive an email from your hosting company or another source prompting you to change the login details of your cPanel, update the login details of your site, or provide other sensitive information, be careful before responding to such a message.

Before clicking on any links, ensure that the source is legitimate or you may fall a victim of a “phishing” attack.

If you provide your password details to a malicious website, a hacker could get hold of the information and make you curse, instead of blessing, your blogging life.

4. Consider using WordPress security plugins

• The Force Strong Passwords plugin

It prevents WordPress users with administrative access privileges from entering weak passwords. With this innovative plugin, a user can only publish posts, upload files, or edit posts only with a strong verified password.

• Two-way authentication plugins

These plugins will incorporate an additional layer of security to your WordPress blog by using a combination of two separate security credentials, for example, sending you a unique code to your mobile phone each time you want to log into your site, in addition to requiring you to enter your usual log in details.

• Limit login attempts plugin

As the name suggests, this innovative plugin will restrict the number of times a user can enter a password to gain access to a site. Therefore, someone trying to use a brute force attack to compromise your site has fewer chances.

• Wordfence security plugin

With this powerful plugin, your WordPress site will be protected from malicious attacks by giving you frequent security updates, enforcing strong passwords, and accomplishing several other things.

5. Length of password is key

The longer the password, the more secure it becomes in protecting your digital assets from malicious intrusions. It’s recommended to have passwords of at least 8 characters long. A good way to have longer passwords is to use passphrases.

Passphrases are just like passwords apart from being constructed from an unsystematic mixture of words, instead of just a single word. For example, press demonstrate blog million.

To create a passphrase, simply select a list of random numbers or use the free password creator tool. Thereafter, you can add some extra layer of robustness by a mixture of symbols, upper case letters, and lower case letters. Remember to avoid placing words in an easily predictable pattern and including easily identifiable phrases.

Furthermore, to have longer and stronger passwords, you can consider using a password manager. With such an application, you can safely create strong, lengthy passwords, which are kept in a secure database.

You can use a single passphrase to access the password manager; thereafter, the application will automatically enter your details on the login page of your WordPress site.

Because of the innovative capabilities of the password managers, it will not be necessary to remember your lengthy passwords every time you want to login into your site.

Click here for a list of the best passwords managers you can consider using.

6. Keep your backup password options secure and up-to-date

Since WordPress.com uses your email address as the primary means of identification, you need to ensure that you frequently update your recovery email address.

Failure to keep the details of your email address up-to-date and secure could make an attacker to easily reset your passwords and login to your WordPress site.

Most free email service providers, such as Gmail and Yahoo mail, have a multi-factor authentication process.

When you enable this feature on your email account, you will be required to enter a short code sent to your mobile device and answer a series of security questions before accessing your account from an unrecognized device.

This way, the possibility of your account going into the wrong hands is greatly reduced.

7. Be proactive

• After creating a password, check its strength using this free tool. If it’s weak, you may continue modifying it until you get something solid.
• Change your WordPress login details as frequently as possible. Using “Admin” as username and the name of your site as the password without frequently making improvements could land you into the land controlled by hackers.
• Do not dish your passwords to anyone, even your “close” friends. You may never know how much they are concerned about the security of your site.
• If you have to send your passwords through email, use a secure method of transmission such as com and select the password expiry time. If you send naked passwords through emails, which are rarely encrypted, the bad guys could get old of them.
• When on a public computer, avoid saving your passwords or using the “Remember Me” feature, Further, watch out for people trying to look at your screen over your shoulder and remember to log out or close down your computer after you have finished your work.

Conclusion

Having your site compromised by an attacker is a horror that few webmasters are prepared to endure. Ensuring that your site is up and running normally after a successful attack requires thick skin, patience, and money.

Nonetheless, security issues are vital for the optimal performance of any WordPress website or blog. Therefore, instituting ample security measures beforehand is normally better than tackling the aftermath.

Fortunately, the robust WordPress platform, which is trusted by a large number of site owners, is generally very safe. And, one of the vital ways of keeping a WordPress site free from attackers is by vigilantly using strong and secure passwords.