lunes, 24 de octubre de 2016

Infernal Twin Updated 2.6.11 – Automated Wireless Hacking Suite - hackear redes inalambricas

Infernal Twin is an automated wireless hacking suite written in Python which automates many of the repetitive tasks involved in security testing for wifi networks.

Infernal Twin Updated 2.6.11 – Automated Wireless Hacking Suite - hackear redes inalambricas by pseudor00t


Originally created to automate the Evil Twin attack, it has grown much beyond that into a comprehensive suite including various wireless attack vectors.

An evil twin attack is when a hacker sets its service identifier (SSID) to be the same as an access point at the local hotspot or corporate wireless network. The hacker disrupts or disables the legitimate AP by disconnecting it, directing a denial of service against it, or creating RF interference around it.

Users lose their connections to the legitimate AP and re-connect to the “evil twin,” allowing the hacker to intercept all the traffic to that device.


Features

WPA2 hacking
WEP Hacking
WPA2 Enterprise hacking
Wireless Social Engineering
SSL Strip
Report Generation
PDF Report
HTML Report
Note Taking
Data saved in Database
Network mapping
MiTM
Probe Request
Latest Changes

Added Log retrieval button for various attack results.
Added BeeF XSS framework Integration
Added HTTP Traffic View within tool
Improved Infenral Wireless Attack
Visual View of some of the panel improved
Improved Basic Authentication during Social engineering assessment over wireless network

You can download Infernal Twin here:
infernal-2.6.11.zip

jueves, 20 de octubre de 2016

Download md5decrypt's wordlist

What's in the wordlist ?

The list you can download here contains all the dictionnaries, and wordlists, I was able to find on the internet for the past two years. While I was using those lists to make my online database (which you can find on this website), I also made a bigger list, and tweaked it, to obtain a very unique and pertinent wordlist for password cracking. This dictionnary not only contains the wordlists that you could find on the internet, I also made my own list, by analyzing first some passwords statistics (thanks to Pipal) to create a very useful list for you to download. Because size matters, but not as much as we could think.

There's no point having a very big list with big words from languages dictionnaries, because people are not likely to use those words as passwords. So I analyzed what people used as passwords, such as surnames, with dates, where are the capital letters, and other stuff. I used those informations and I created a script to make what is for me a very pertinent wordlist.

The wordlist you can download on this page is, thanks to what I did, very unique, you won't find it somewhere else on the internet. Of course I also have passwords that appears in other wordlists (hopefully, I have the word "password" and "123456").

You can try out this wordlist by using the online database on the website,though the online database is larger than the one you can download here, this one was created to be the best mix of storage space and efficiency, it contains exactly 1.844.827.475 different words. This wordlist has been sorted, of course, and all the double words were removed using the unix "sort | uniq" command. If you decide to download this wordlist, please note that you can use it as-is, by feeding your favorite cracking tool. I personnaly use John the Ripper with the argument --wordlist.

If you have any question regarding the wordlist, or troubles with downloading, or anything else, you can contact me through the address : contact (at) md5decrypt.net, I'll answer as soon as possible.



Cracking performance of md5decrypt's wordlist

As always, statistics are better than words. So I took some hours to find as many hashes as I could, by taking all the hashdumps I found (such as eharmony, gamigo, ISW, insidepro, etc) and several big lists of unfound MD5 hashes on great websites such as hashkiller.co.uk, md5online.com, pastebin.com, etc.
As a total, it gave me exactly 191.982.840 different hashes, that were also sorted using "sort | uniq".

I processed those hashes using my wordlist and John the Ripper (1.7.9-jumbo-7_omp), without using any rules, just the wordlist as-is ("john --wordlist=Md5decrypt-awesome-wordlist --format=raw-md5 Hashdump-benchmark" was the exact command). John the Ripper cracked exactly 122.717.140 hashes, which is about 63.92% of the total file. I guess you could go higher than this rate if you use the rules in John the Ripper.
If you want to try your own wordlist against my hashdump file, you can download it HERE (2.9GB compressed, 6.4GB uncompressed). This file wasn't created just to work with my wordlist, I really looked for all the hashes I could find just to try if my list was good.



1rst Step : Pay What You Want

You can download Md5decrypt's wordlist by clicking on the link below. I use to sell it, but I decided to make a pay-what-you-want system. So below you'll find my paypal, bitcoin and litecoin to donate any amount you want. I won't be offended by small and very small payments, and I won't be offended if you download the file for nothing. Just make sure to have people know that this is Md5decrypt.net's wordlist when you share it.
If you want to try the wordlist first, you can also download a sample of 30.000.000 unique words.

Pay What You Want for Md5decrypt's Awesome Wordlist :
.

(Bitcoin Address)
1EvrMvXxxwqnu11z4XUYZwHbAJUxMM66Nd

2nd Step : Download Md5decrypt's wordlist

Md5decrypt's wordlist - 2.3GB compressed, 21.1GB uncompressed (Thank you 7-zip) - Click on the link below :



Checksums for file "Md5decrypt-awesome-wordlist.7z" :

MD5 : 42fa3bb1fde29f70ac31e68b4c4a84f7
SHA1 : 1a7683c5928e3255f99fb14b3e69bd87296257c5
SHA256 : 9e487cf10ba1284bba8b718a8a2637242fcdcf5e27ceb061f644ab873b45b9a3


Download a sample of 30.000.000 different words, from md5decrypt's wordlist - 39MB compressed. 351MB uncompressed :

Checksums for file "Wordlist-sample.7z" :

MD5 : 4352e21ffea3b9b8f11ecf34b1793900
SHA1 : b9d486a4aefef620ecfc83c49a1631b24f363c5e
SHA256 : 539596317e8b5a643d296bd097bafd02e6788640aa49bffb8f26d82e9737f566


Checksums for the hashes file "Hashdump-benchmark.7z" :

MD5 : b0d4b46c3b543e9fede8e7f6ff1783fa
SHA1 : a74327d4c2239b9bb53d427e74112a6f08c99060
SHA256 : 340d07a4216ff4ccd1f799a98acac9bb40497859df01a38d4e7b7b1732b3110b

viernes, 23 de septiembre de 2016

Directorio Tor + enlaces deepweb + links hidden web 2016 + deepweb 2016 + enlaces .onion by pseudor00t

recuerda ser generoso : 


(Bitcoin Address)
1EvrMvXxxwqnu11z4XUYZwHbAJUxMM66Nd


Categorias

Buscadores



  • Candle SEArch
  • SearX
  • TORCH
  • GRAMS
  • Duckduckgo
  • Ahmia
  • MetaGer
  • Onion Link (Surface)
  • Not Evil - Search Tor
  • GooglPQ
  • BTDigg DHT Search Engine
  • Torgle :: Search the Darknet

  • Directorios, Wikis y links



  • Hidden Wiki (Sin Censura)
  • UD UnderDir
  • Onion Wiki
  • All you're Wiki
  • Onion List
  • InserTor
  • Dark Tor
  • Vault43
  • Harri 71
  • Links v0.1
  • Onion Url Repository
  • AHMI.FI
  • AHMIA.FI (Surface)
  • Intel Wiki
  • Onion Soup
  • Onion Dir
  • Anylink Onion
  • TorX

  • Hosting

    ----- Web Hosting -----


  • Freedom Hosting II
  • Fuck you Hosting
  • Hidden Hosting
  • Infernet
  • Home Hosting
  • TorVPS
  • Fuacantan/Sanandreas.labs
  • Real Hosting
  • CYRUSERV

  • ----- Hosting para archivos -----


  • Concrete Action - File Upload
  • ONION UPLOAD
  • TempDrop
  • Obscured Files
  • Free File Hosting
  • UKAZ.cz
  • Onionweb Filehosting #1
  • Onionweb Filehosting #2
  • Onionweb Filehosting #3
  • Onionweb Filehosting #4
  • UPLOAD FILES
  • Rootz file-Server
  • New Yorker StrongBox

  • ----- Hosting para imagenes -----


  • OnionWeb Imagenhosting
  • Matrix Trilogy
  • IMG.BI
  • Rootz file-Server
  • INFOTOMB
  • InfoTomb
  • TorPic - Free Host Image

  • Blogs



  • Necrotown
  • Dark like my soul
  • Crypto Thoughts Blog
  • Alpha-7-Bravo Blog
  • onion soup
  • Bluish Coder
  • Fucker Blog - Pierdol się

  • Foros y sitios Chan



  • LibreChan
  • NyxChan
  • GuroChan
  • 8Chan
  • TorChan
  • FbiChan
  • Site Chan
  • BrazilChan
  • Speak your mind
  • ZUFALL
  • EndChan
  • NICHAN
  • NeBoard
  • EvilChan

  • ----- Foros -----


  • FORO PARA SUICIDAS
  • Thorlauta
  • Hidden Answers
  • Really Hidden Forum
  • Bad Ideas forum
  • Intel Exchange
  • Suicide Apartment

  • ----- OverChan -----


  • OverChan.wowaname
  • Overchan.fargoth
  • Overchan.slamspeech
  • Overchan.oniichan
  • Overchan.lolz

  • --- Foros de mercados de negros ---


  • Agora Forum
  • Nucleus Market forum
  • The Hub forum
  • Evolution Forum
  • Abraxas Foro

  • Email, mesajerias y Redes sociales



  • GAlaxy 2
  • Jappix
  • Darkpub
  • Darkpub
  • Torbox
  • OnionChat Chat Rooms
  • WebChat
  • Torbook
  • Galaxy
  • Galaxy 2
  • Facebook (https)
  • MAil2Tor
  • Multiverse
  • Darknet Socials
  • Chat with strangers

  • Servicios finacieros

    Los sitios reporatados como phishing o scam fueron omitidos.


  • Grams
  • Agora Beta
  • BITGUNS
  • BIT ELEC
  • Black Market
  • Evolution Market
  • Dream Market
  • The Onion Market
  • Market Abraxas
  • BlackBank Bitcoin
  • PANACEA Flawer Santuary
  • Dream Market
  • OUTLAW
  • Nucleus Market
  • The Majestic Garden

  • Descargas, videos y musica



  • Lolicore.ch
  • TorFlix
  • TorTube
  • Pirate Links
  • Torflix
  • DeepTune
  • MP3 Repo
  • http://fbin5tmw4kzijovf.onion
  • DTC H1dd3n page
  • Lossless Audio Files
  • DeepWeb Radio
  • The Pirate Bay

  • Pastebins



  • InserTor
  • PastePad

  • Hacking y Seguridad



  • The Hack Lair
  • HAckerPlace Book
  • Ground Zero
  • Genesis Forum
  • Datenhangar
  • The Tin Hat
  • TheRealDeal Market
  • HELL forum
  • /FBIN/
  • Code Green
  • Information Security and Anti-Forensics
  • Doxbin
  • Hack Canada
  • Cryptoparty Handbook
  • Hack the planet
  • Sitio web I2P /es/
  • JRAT
  • Wikileaks INDEX OF/
  • Wikileaks
  • HackForum
  • Shadow life
  • Index of cisco
  • Cryptome
  • Index of /~eddie666
  • 0dAY'S
  • Hacking Team Files
  • FileListings
  • D3xt3r01 WIKI
  • Ashley Madison Leak Cloaker
  • Ashley Madison Dumps
  • Cyberia2.0
  • Safer Anonymous OS Guide
  • MEGAPACK

  • LIBRERIAS



  • Strategic Intelligence Network - Mirror
  • Tor the Librery
  • La Libreria Oculta
  • ParaZite
  • Rhodium
  • BB Compendium
  • Krystallnacht (Surface)
  • CULTURA biblioteca
  • Negima
  • Bibliomaniac
  • The Torist | Deep Web Literary Journal

  • Sin Clasificar



  • Dog Shit
  • Lol retard!!!
  • Confeciones Virtuales
  • ParaZite
  • Scream, Bitch
  • Animal's Nightmore
  • Onion Cruel Forum
  • Wiki Onion Cruel
  • crime.li
  • m4ftndwsgqaugnsh.onion
  • Windows 8 iso
  • HotelTor /Index of /files
  • Confess your secrets

  • Adultos +18



  • X Nordic
  • onion SHIT & SCAT streams
  • Fappening
  • Banned fetich
  • Girls Released
  • PoFree.RU
  • Fly on the Wall
  • The Fappening Onion Compilation
  • Xcomics
  • Rule 34
  • Index of /
  • Dark Candals
  • Jailbait CAm
  • XPLAY
  • Creep N Peep Voyeurism
  • Bangkok Live Hardcore Shows
  • Camel Toe of the week!
  • Japanese Lady Extermination
  • Teen Sex ::
  • My Porn Bible
  • ujvqlyi5yjxug4yr.onion - Best of Nudism

  • Otros Idiomas

    ---- Español ----


  • UnderChan
  • BlackZNC
  • Cebolla Profunda!
  • DeepWeb Chan Foro
  • Riseup /es/
  • Black Dragon's Blog
  • LA EXTINTA BIBLIOTECA DE PAPYREFB2
  • CIRCO
  • ResisTor
  • ElBinario
  • Security in A Box (ES)
  • HispanoTorBoard
  • HTF Hispano Tor Forum
  • Cebollachan 3.0
  • Babylonia
  • NES web
  • We Fight Censorship
  • OnionChat #spanish
  • GuarangoRadio-Record
  • Policy es
  • Volatile
  • Noticias de argentina
  • ★ Spanish Onion ★
  • Cultura
  • El foro
  • DeepDArk
  • Hispano Market
  • PunPun Topics
  • Lo Paranormal De La Deep Web
  • T O R M E N T O


  • jueves, 8 de septiembre de 2016

    [Exploit] Microsoft Office Word 2007,2010,2013,2016 – Out-of-Bounds Read Remote Code Execution (MS16-099)

    ##########################################
     
    # Application: Microsoft Office Word
    # Platforms: Windows, OSX
    # Versions: Microsoft Office Word 2007,2010,2013,2016
    # Author: Sébastien Morin of COSIG
    # Website: https://cosig.gouv.qc.ca/en/advisory/
    # Twitter: @SebMorin1, @COSIG_
    # Date: August 09, 2016
    # CVE: CVE-2016-3313
    # COSIG-2016-31
     
    ##########################################
     
    1) Introduction
    2) Report Timeline
    3) Technical details
    4) POC
     
    ##########################################
     
    ===================
    1) Introduction
    ===================
     
    Microsoft Word is a word processor developed by Microsoft. It was first released on October 25, 1983[3] under the name Multi-Tool Word for Xenix systems.[4][5][6] Subsequent versions were later written for several other platforms including IBM PCs running DOS (1983), Apple Macintosh running Mac OS (1985), AT&T Unix PC (1985), Atari ST (1988), OS/2 (1989), Microsoft Windows (1989) and SCO Unix (1994). Commercial versions of Word are licensed as a standalone product or as a component of Microsoft Office, Windows RT or the discontinued Microsoft Works suite. Microsoft Word Viewer and Office Online are Freeware editions of Word with limited features.
     
    (https://en.wikipedia.org/wiki/Microsoft_Word)
     
    ##########################################
     
    ===================
    2) Report Timeline
    ===================
     
    2016-05-15: Sébastien Morin of COSIG report the vulnerability to MSRC.
    2016-06-07: MSRC confirm the vulnerability
    2016-08-09: Microsoft fixed the issue (MS16-099).
    2016-08-09: Advisory released.
     
    ##########################################
     
    ===================
    3) Technical details
    ===================
     
    This vulnerability allow remote code execution if a user opens a specially crafted Microsoft Office Word (.doc) with an invalid WordDocumentStream.
    An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
     
    ##########################################
     
    ==========
    4) POC
    ==========
    https://smsecurity.net/wp-content/uploads/2016/08/COSIG-2016-31.doc

    miércoles, 13 de julio de 2016

    PixieScript ataque automatizado Pixie Dust Attack


    Os presento la nueva y mejorada versión de PixieScript.

    CARACTERISTICAS
    – Basado en la nueva versión de PixieWps (1.0) de wiire.
    – Permite atacar de forma automática todos los puntos de acceso al alcance,
    – Permite ataques a un solo AP
    – Detección de procesos que puedan interferir en modo monitor de la tarjeta, los cierra y vuelve a lanzar automáticamente si lo deseas.
    – Contiene base de datos de los BSSIDs vulnerables conocidos, pudiendola consultar desde el script.

    DEPENDENCIAS
    – Es necesario tener instalado airmon-ng
    – Es necesario tener instalado airodump-ng

    PROBADO EN
    – WifiSlax 4.1.10

    ARCHIVOS QUE CONTIENE LA CARPETA PIXIESCRIP v2.3

    – Instalador     : Script que instalará el programa en el sistema y nos creará un módulo xzm si lo queremos.
    – Parche_Reaver_5.1MOD.patch : Parche que se aplicará a reaver-1.4
    – PixieScript.sh : El script a ejecutar
    – database       : script que contiene la base de datos de los modeos conocidos, no teneis que tocarla para nada, la maneja el script principal
    – creditos         : mi agradecimiento y reconocimiento a las personas que han hecho posible este nuevo ataque

    INSTALACION Y USO

    Quote
    Para facilitar las cosas, poner la carpeta descargada en el escritorio y descomprimirla.
    Ahora desde la consola :
    cd PixieScript_v2.4
    chmod +x INSTALADOR
    ./INSTALADOR
    Lo primero que hará es descargar pixiewps y reaver, a continuación aplicará el parche al reaver y lo instalara en el sistema
    ( NOTA : ESTE REAVER ESTA MODIFICADO POR MI, PERO AHORA Y A DIFERENCIA DE VERSIONES ANTERIORES PODREIS UTILIZARLO DE FORMA NORMAL).
    A continuación instalara pixiewps y integrará PixieScript en la suite Wifislax. También nos creará un modulo xzm en el escritorio si así lo deseamos.

    Para lanzar la aplicación:

    Menú WifiSlax -> Wpa Wps -> PixieScript

    En el acceso directo del scritorio a Wireless-Keys encontrareis la carpeta del script que contendrá los datos de las redes que ataquemos con resultado positivo.

    ES NECESARIO TENER CONEXION A INTERNET PARA INSTALAR CORRECTAMENTE EL SCRIPT

    EN MODO LIVE CON EL MODULO EN LA CARPETA MODULES, ES  NECESARIO DAR PERMISOS DE EJECUCION ANTES DE UTILIZARLO.
    SI NO LO HACEIS OS DARA EL MENSAJE DE ERROR : sh: /opt/PixieScript/PixieScript.sh: Permiso denegado

    Code:
    chmod +x /opt/PixieScript/PixieScript.sh
    CAPTURA DEL MOD RE REAVER




    Detienen a dos presuntos 'hackers' de Anonymous y Lulz Security

    copyright @pseudor00t

    la policía británica detuvo a dos presuntos activistas de los grupos de 'hackers' Anonymous y Lulz Security.

    Según Scotland Yard, los sospechos fueron detenidos por separado: uno, de 24 años, en la ciudad de Mexborough, cerca de Doncaster, y otro, también de 24 años, en Warminster, Wiltshire.

    Según la declaración de la Policía, la causa del arresto fue una serie de grandes ataques piratas contra los sitios web de unas compañías transnacionales, y unos establecimientos estatales de Gran Bretaña y EE. UU.

    La búsqueda de los 'hackers' se ha realizado en colaboración con el FBI. Para obtener pruebas de la implicación de los arrestados en la serie de ciberataques, ya se ha confiscado y enviado a pruebas el ordenador de uno de los sospechosos.

    Previamente, en Gran Bretaña fueron detenidos otros cuatro integrantes de Anonymous: Christopher Weatherhead, de 20 años; Ashley Rhodes, de 26 años; Peter David Gibson, de 22 años, y un joven de 17 cuyo nombre se mantiene en secreto. También fue arrestado un activista de 18 años, Jake Davis. Todos enfrentan acusaciones de 'hacking'.

    En agosto de 2011 apareció la información de que Anonymous y Lulz Security realizaban una campaña conjunta con ciberataques a varios sitios gubernamentales y departamentales.

    jueves, 2 de junio de 2016

    Así es OnionIRC, la escuela de hackers de Anonymous

    OnionIRC, un chat en la Deep Web al que sólo podemos acceder con Tor, y en él quieren que se puedan organizar acciones hacktivistas, que sirva de lugar de opinión con libertad de expresión y que se intercambien opiniones e inquietudes sobre privacidad.


    SERVIDOR: onionirchubx5363.onion/6697
    CANALES: /LIST

    Download Hexchat http://hexchat.github.io/downloads.html

    Seguidores