ShellNoob – Shellcode Writing Toolkit

Keep on Guard!


ShellNoob is a Python-based Shellcode writing toolkit which removes the boring and error-prone manual parts from creating your own shellcodes.

ShellNoob - Shellcode Writing Toolkit

Do note this is not a shellcode generator or intended to replace Metasploit’s shellcode generator, it’s designed to automate the manual parts of shellcode creation like format conversion, compilation and testing, dealing with syscalls and constants and so on.

Features

  • Convert shellcode between different formats and sources. Formats currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty, safeasm, completec, shellstorm.
  • Interactive asm-to-opcode conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode.
  • Support for both ATT & Intel syntax. Check the –intel switch.
  • Support for 32 and 64 bits (when playing on x86_64 machine). Check the –64 switch.
  • Resolve syscall numbers, constants, and error numbers (now implemented for real! :-)).
  • Portable and easily deployable (it only relies on gcc/as/objdump and python).
  • It is just one self-contained python script, and it supports both Python2.7+ and Python3+.
  • In-place development: you run ShellNoob directly on the target architecture!
  • Built-in support for Linux/x86, Linux/x86_64, Linux/ARM, FreeBSD/x86, FreeBSD/x86_64.
  • “Prepend breakpoint” option. Check the -c switch.
  • Read from stdin / write to stdout support (use “-” as filename)
  • Uber cheap debugging: check the –to-strace and –to-gdb option!
  • Use ShellNoob as a Python module in your scripts! Check the “ShellNoob as a library” section.
  • Verbose mode shows the low-level steps of the conversion: useful to debug / understand / learn!
  • Extra plugins: binary patching made easy with the –file-patch, –vm-patch, –fork-nopper options! (all details below)

Usage

You can download ShellNoob here:

shellnoob-v2.1.zip

Or read more here.


Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment

crackle – Crack Bluetooth Smart Encryption (BLE)

Outsmart Malicious Hackers


crackle is a tool to crack Bluetooth Smart Encryption (BLE), it exploits a flaw in the pairing mechanism that leaves all communications vulnerable to decryption by passive eavesdroppers.

crackle - Crack Bluetooth Smart Encryption (BLE)

crackle can guess or very quickly brute force the TK (temporary key) used in the pairing modes supported by most devices (Just Works and 6-digit PIN). With this TK, crackle can derive all further keys used during the encrypted session that immediately follows pairing.

The LTK (long-term key) is typically exchanged in this encrypted session, and it is the key used to encrypt all future communications between the master and slave. The net result: a passive eavesdropper can decrypt everything. Bluetooth Smart encryption is worthless.

Modes of Operation

Crack TK

This is the default mode used when providing crackle with an input file using -i.

In Crack TK mode, crackle brute forces the TK used during a BLE pairing event. crackle exploits the fact that the TK in Just Works(tm) and 6-digit PIN is a value in the range [0,999999] padded to 128 bits.


Decrypt with LTK

In Decrypt with LTK mode, crackle uses a user-supplied LTK to decrypt communications between a master and slave. This mode is identical to the decryption portion of Crack TK mode.

Usage

You can download crackle here:

crackle-0.1.zip

Or read more here.


Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment

ONIOFF – Onion URL Inspector

Keep on Guard!


ONIOFF is basically an Onion URL inspector, it’s a simple tool – written in pure python – for inspecting Deep Web URLs (or onions). It takes specified onion links and returns their current status along with the site’s title.

ONIOFF - Onion URL Inspector


It’s compatible with Python 2.6 & 2.7.

Usage

To view all available options run:

NOTE: In order for ONIOFF to work, Tor must be correctly configured and running.

Installation

You can download ONIOFF by cloning the Git Repo and simply installing its requirements:

You can download ONIOFF here:

onioff-v0.1.zip

Or read more here.


Tags: , , , , , , , , , , , ,

Posted in: Cryptography, Privacy | Add a Comment
Why Are Hackers Winning The Security Game?

Why Are Hackers Winning The Security Game?

A lot of people and companies get complacent and don’t believe the hackers are winning, but trust me they are. So we have to ask, why are hackers winning the security game? What’s putting them ahead of the security teams and CISOs inside organizations. It’s an old story anyway, the Hackers always win in some […]

Tags: , , , , , , , ,

Posted in: Countermeasures, General Hacking | Add a Comment
hashID - Identify Different Types of Hashes

hashID – Identify Different Types of Hashes

hashID is a tool to help you identify different types of hashes used to encrypt data, especially passwords. It’s written in Python 3 and supports the identification of over 220 unique hash types using regular expressions. hashID is able to identify a single hash, parse a file or read multiple files in a directory and […]

Tags: , , , , , , , ,

Posted in: Cryptography, Hacking Tools, Password Cracking | Add a Comment
Stitch - Python Remote Administration Tool AKA RAT

Stitch – Python Remote Administration Tool AKA RAT

Stitch is a cross-platform Python Remote Administration Tool, commonly known as a RAT. This framework allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Malware | Add a Comment
160,000 Network Printers Hacked

160,000 Network Printers Hacked

It’s a pretty simple hack (in a rather grey-hat fashion), but it’s getting a LOT of media coverage and 160,000 network printers hacked just goes to show once again the whole Internet of Things chapter we are entering is pretty scary. Definitely a neat hack tho, utilising the mass scanning power of Zmap and scanning […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking, Network Hacking | Add a Comment
Abbrase - Abbreviated Passphrase Password Generator

Abbrase – Abbreviated Passphrase Password Generator

Abbrase is an abbreviated passphrase password generator. An ‘abbrase’ is one of the passwords it produces. It generates a password and a phrase like “phyeigdolrejutt” and “physical eight dollars rejected utterly”. Creating secure passwords is easy. Remembering them is hard. Pwgen makes them memorable though pronounceability. XKCD suggests using a series of random common words, […]

Tags: , , , , , , ,

Posted in: Password Cracking, Security Software | Add a Comment
Webbies Toolkit - Web Recon & Enumeration Tools

Webbies Toolkit – Web Recon & Enumeration Tools

Webbies Toolkit is a pair of tools that enable asynchronous web recon & enumeration including SSL detection, banner grabbing and presence of login forms. Webbies Features Respects scope (including redirects) Uses same DNS resolver for enumeration and retrieval by patching aiohttp TCPConnector Cached DNS requests by wrapping aiodns SSLContext can be modified for specific SSL […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment