Extreme Hacking

We work in Dark, to serve the Light

Extreme Hacking /

OWASP Mth3l3m3nt Framework: A Penetration Testing Aiding And Exploitation Framework Tool

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

OWASP Mth3l3m3nt Framework: A Penetration Testing Aiding Tool And Exploitation Framework
It fosters a principle of attack the web using the web as well as pentest.

Modules Packed in so far are:

Payload Store
Shell Generator (PHP/ASP/JSP/JSPX/CFM)
Payload Encoder and Decoder (Base64/Rot13/Hex/Hexwith \x seperator/ Hex with 0x […]

By |November 14th, 2016|Papers|

A Simple Static Malware Analyzer SSMA Tool Written in Python 3

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

SSMA is a simple malware analyzer written in Python 3.

Features:

Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.)
Searches for possible domains, e-mail addresses, IP addresses in […]

By |November 14th, 2016|Papers|

PWND.SH: Post-Exploitation Framework (and an interactive shell) Developed In Bash Shell Scripting

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

It aims to be cross-platform (Linux, Mac OS X, Solaris etc.) and with little to no external dependencies.
Install:
$ cd bin/
$ ./compile_pwnd_sh.sh
This will generate a file called pwnd.sh

$ ls -la pwnd.sh
-rw-r–r–@ 1 ikotler  staff  7823 Oct 19 16:55 pwnd.sh

Now let’s get pwnd!

$ source pwnd.sh
Pwnd v1.0.0, Itzik […]

By |November 14th, 2016|Papers|

VolatilityBot – An Automated Memory Analyzer For Malware Samples And Memory Dumps

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

VolatilityBot – An Automated Memory Analyzer For Malware Samples And Memory Dumps
VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis […]

By |November 14th, 2016|Papers|

Nathan: Android Emulator for Mobile Security Testing Tool

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Nathan is a 5.1.1 SDK 22 AOSP Android emulator customized to perform mobile security assessment.

Supported architectures:

x86
arm (soon)

The emulator is equipped with the Xposed Framework and the following pre-installed modules:

SSLUnpinning, to bypass SSL Certificate pinning.
Inspeckage, to perform the dynamic analysis of an […]

By |November 14th, 2016|Papers|

Avira Antivirus 15.0.21.86 – ‘.zip’ Directory Traversal / Command Execution Exploit

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credit: R-73eN

# Title :  Avira Antivirus >= 15.0.21.86 Command Execution (SYSTEM)

# Tested on: Avira Antivirus 15.0.21.86 in Windows 7
# Vendor : https://www.avira.com/
# Disclosure Timeline:
# 2016-06-28 – Reported to Vendor through Bugcrowd.
# 2016-06-29 – Vendor Replied.
# 2016-07-05 – Vendor Replicated the vulnerability.
# 2016-09-02 – Vendor released updated […]

By |November 13th, 2016|Exploits|

Droid4X Privilege Escalation Vulnerability

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: CT-Zer0 Team
# Exploit Title: Droid4X Unquoted Service Path Privilege Escalation

# Category: local
# Vendor Homepage: http://www.droid4x.com/
# Software Link: http://dl.haima.me/download/DXDown/win/Z001/Droid4XInstaller.exe
# Tested on: Windows 7 x86/x64

1. Description

Droid4XService (Droid4XService.exe) installs as a service with
an unquoted service path running with SYSTEM privileges.
This could potentially allow an authorized but non-privileged […]

By |November 13th, 2016|Exploits|

DLink ADSL Router DSL-2750E SEA_1.07 Remote File Disclosure Vulnerability

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Todor Donev
#!/bin/sh
#
#  D-Link ADSL ROUTER DSL-2750E SEA_1.07
#  Remote File Disclosure
#
#  Modem Name:               DSL-2750E
#  Firmware Version:         SEA_1.07

#
#  Disclaimer:
#  This or previous programs is for Educational
#  purpose ONLY. Do not use it without permission.
#  The usual disclaimer applies, especially the
#  fact that Todor […]

By |November 13th, 2016|Exploits|

Linux Kernel – TCP Related Read Use-After-Free Exploit

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Marco Grassi

#include <unistd.h>
#include <sys/syscall.h>
#include <string.h>
#include <stdint.h>
#include <pthread.h>
#include <stdio.h>
 
#ifndef SYS_mmap
#define SYS_mmap 9
#endif
#ifndef SYS_socket
#define SYS_socket 41
#endif
#ifndef SYS_bind
#define SYS_bind 49
#endif
#ifndef SYS_sendto
#define SYS_sendto 44
#endif
#ifndef SYS_setsockopt
#define SYS_setsockopt 54
#endif
#ifndef SYS_dup
#define SYS_dup 32
#endif
#ifndef SYS_sendmsg
#define SYS_sendmsg 46
#endif
#ifndef SYS_recvfrom
#define SYS_recvfrom 45
#endif
#ifndef SYS_write
#define SYS_write 1
#endif
 
long r;
 
 
int main(int argc, char **argv)
{
    while (1) {
        pid_t pid = fork();
 
        if […]

By |November 13th, 2016|Exploits|

Microsoft Windows Server 2008 / 2012 – LDAP RootDSE Netlogon Denial Of Service (PoC)

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credit: Todor Donev
#!/usr/bin/perl
#
#  MS Windows Server 2008/2008 R2/ 2012/2012 R2/ AD LDAP RootDSE Netlogon
#  (CLDAP “AD Ping”) query reflection DoS PoC
#

#
#  MS Windows Server 2016      
#
#  Description:
#  The attacker  sends a simple query to a vulnerable reflector
#  supporting the Connectionless LDAP […]

By |November 13th, 2016|Exploits|