Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.


  • Content Count

  • Joined

  • Last visited

  • Days Won

  • Points

    9,953 [ Donate ]

fromage last won the day on March 22 2019

fromage had the most liked content!

Community Reputation

3 Neutral

About fromage

Register Information

  • Experience in years

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. fromage

    Doxing with only an Username

  2. fromage

    OpenBullet 1.0.0

    What are you using it for ? Is is better in any way than burp, let's say in bruteforcing ?
  3. fromage

    NSA tool Ghidra

    There is a nsa ghidra presentation and slides that was made at Blackhat or rsa conf, can't remembrer of find them Did you watch edit: Ghidra extending demo : [Hidden Content] Ghidra 9.1.0 is out thanks to contributors. Theres a thread on zenksec about it
  4. fromage

    python Login page

    I dunno
  5. fromage

    python Login page

    iwannaC EDIT : I made a visual bruteforce based on you app : [Hidden Content]
  6. fromage

    How to dox a username?

    Lol what's the point of showing us your htop ? ? trve h4xXxoR !! btw you gave us so much informations on your machine doing that (nearly full directories tree, libraries, linxu version, cpu architecture and so on)
  7. fromage

    Introduction - tttttyyy

    Is your pseudo related in any way to a tty (teletypewriter) ? Or is is because those were randomly type letters ? (as they are close to each other in many keyboard maps)
  8. fromage

    On SYN cookies

    More satifsying explanations of syn cookies on this thread : [Hidden Content] According to [Hidden Content], this technique may be "a bad idea. The CPU requirement to deliver the mathematics for the function calculation is beyond the capacity of x86 servers". Here is how to activate syn cookies on a linux machine : [Hidden Content]
  9. fromage

    DNS zone transfer

    Hi, moar basic stuff here, DNS zone transfer and associated vulnerability DNS zone transfer DNS zone transfer (axfr query type) is dns server ability to share/replicate their database. Generally used by a slave server asking the primary server so there is a fallback dns server (usually named ns1.domain.tld. and ns2.domain.tld.). So exploit-zone.eu is a zone and forum.exploit-zone.eu might be an other zone. To ensure availability and fault tolerance, one might think it's a good idea to replicate zone among multiple dns servers/databases using a replication system (or when you're adding a dns server in the network). This is what axfr queries are about, zone transfer / replication. Vulnerability The underlying vulnerability performing a zone transfer is the exposure of data it produces. As a sysadmin, you wan't to restrict axfr capabilities to your dns servers. Example [Hidden Content] owner registered the zonetransfer.me domain with axfr enabled so we can test it. ~ > dig -t ns zonetransfer.me ; <<>> DiG 9.13.7 <<>> -t ns zonetransfer.me ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60842 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zonetransfer.me. IN NS ;; ANSWER SECTION: zonetransfer.me. 7194 IN NS nsztm1.digi.ninja. zonetransfer.me. 7194 IN NS nsztm2.digi.ninja. ;; Query time: 5 msec ;; SERVER: ;; WHEN: jeu. mars 21 19:08:09 CET 2019 ;; MSG SIZE rcvd: 96 Name servers responsible for zonetransfer.me are nsztm1.digi.ninja. and nsztme2.digi.ninja. Let's init a zone transfer to that primary name server for the domain zonetransfer.me ~ > dig axfr @nsztm1.digi.ninja zonetransfer.me ; <<>> DiG 9.13.7 <<>> axfr @nsztm1.digi.ninja zonetransfer.me ; (1 server found) ;; global options: +cmd zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2017042001 172800 900 1209600 3600 zonetransfer.me. 300 IN HINFO "Casio fx-700G" "Windows XP" zonetransfer.me. 301 IN TXT "google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA" zonetransfer.me. 7200 IN MX 0 ASPMX.L.GOOGLE.COM. zonetransfer.me. 7200 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM. zonetransfer.me. 7200 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM. zonetransfer.me. 7200 IN MX 20 ASPMX2.GOOGLEMAIL.COM. zonetransfer.me. 7200 IN MX 20 ASPMX3.GOOGLEMAIL.COM. zonetransfer.me. 7200 IN MX 20 ASPMX4.GOOGLEMAIL.COM. zonetransfer.me. 7200 IN MX 20 ASPMX5.GOOGLEMAIL.COM. zonetransfer.me. 7200 IN A zonetransfer.me. 7200 IN NS nsztm1.digi.ninja. zonetransfer.me. 7200 IN NS nsztm2.digi.ninja. _sip._tcp.zonetransfer.me. 14000 IN SRV 0 0 5060 www.zonetransfer.me. 7200 IN PTR www.zonetransfer.me. asfdbauthdns.zonetransfer.me. 7900 IN AFSDB 1 asfdbbox.zonetransfer.me. asfdbbox.zonetransfer.me. 7200 IN A asfdbvolume.zonetransfer.me. 7800 IN AFSDB 1 asfdbbox.zonetransfer.me. canberra-office.zonetransfer.me. 7200 IN A cmdexec.zonetransfer.me. 300 IN TXT "; ls" contact.zonetransfer.me. 2592000 IN TXT "Remember to call or email Pippa on +44 123 4567890 or pippa@zonetransfer.me when making DNS changes" dc-office.zonetransfer.me. 7200 IN A deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf:: dr.zonetransfer.me. 300 IN LOC 53 20 56.558 N 1 38 33.526 W 0.00m 1m 10000m 10m DZC.zonetransfer.me. 7200 IN TXT "AbCdEfG" email.zonetransfer.me. 2222 IN NAPTR 1 1 "P" "E2U+email" "" email.zonetransfer.me.zonetransfer.me. email.zonetransfer.me. 7200 IN A home.zonetransfer.me. 7200 IN A Info.zonetransfer.me. 7200 IN TXT "ZoneTransfer.me service provided by Robin Wood - robin@digi.ninja. See [Hidden Content]/projects/zonetransferme.php for more information." internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me. internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me. intns1.zonetransfer.me. 300 IN A intns2.zonetransfer.me. 300 IN A office.zonetransfer.me. 7200 IN A ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11::c100:1332 owa.zonetransfer.me. 7200 IN A robinwood.zonetransfer.me. 302 IN TXT "Robin Wood" rp.zonetransfer.me. 321 IN RP robin.zonetransfer.me. robinwood.zonetransfer.me. sip.zonetransfer.me. 3333 IN NAPTR 2 3 "P" "E2U+sip" "!^.*$!sip:customer-service@zonetransfer.me!" . sqli.zonetransfer.me. 300 IN TXT "' or 1=1 --" sshock.zonetransfer.me. 7200 IN TXT "() { :]}; echo ShellShocked" staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com. alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me. vpn.zonetransfer.me. 4000 IN A www.zonetransfer.me. 7200 IN A xss.zonetransfer.me. 300 IN TXT "'><script>alert('Boo')</script>" zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2017042001 172800 900 1209600 3600 ;; Query time: 19 msec ;; SERVER: ;; WHEN: jeu. mars 21 19:09:42 CET 2019 ;; XFR size: 48 records (messages 1, bytes 1875) Yay ! We performed the transfer and found many informations. We can check via the SOA entry that nsztm1 was indeed the primary name server. We can find some interesting domains (intns1 and intns2) where we can reperform axfr using these internal domains (under the same SOA) : dig axfr @intns1.zonetransfer.me zonetransfer.me Moar ? - [Hidden Content] - [Hidden Content] nvd (links to cve) - [Hidden Content]
  10. fromage

    On SYN cookies

    Hi there I'm gonna briefly talk about syn cookies. What they are and how they mitigate syn flood attacks. SYN flood attack Syn flood attacks is a ddos performed thanks to the use of tcp syn flags. It violates the tcp three ways handshake (syn, syn-ack, ack). The attackers inits a connection using a syn flag but is not acknoledging the server for it. (no ack from attacker). The attacker can also spoof source ip in the syn packet so the syn-ack is sent from the server to the spoof ip address. The thing is resources are allocated on the server side to track half connections. Theses allocations may exceed the server resources leading that one to crash or at least to fail accepting new clients. (ddos) SYN cookie syn cookies are a way to prevent syn flood attacks (beyond many others, see rfc 4987). The implementation of a cookie using the tcp sequence allows to use the network as a memory storage for the syncookie. This prevents allocating resources for the syn queue on the server side. e.g. server client | | | <------------ | syn:X, ack:0 | | | ------------> | syn:syncookie, ack:X+1 | | (server discards the syn queue entry) | <------------ | syn:X+1, ack:syncookie+1 | | (established connection context, server recreated the syn queue using the syncookie) If client responds the ack (syncookie+1), the server will be able to reconstruct the connection context based on the syncookie value. tldr : syn queue entries are deported as a syn cookie over the network preserving server resources See: - [Hidden Content] tcp syn flooding attacks and common mitigations - [Hidden Content] - [Hidden Content]
  11. fromage

    My next language

    you're welcome mate
  12. fromage

    My next language

    Hard choices imo. Depends on what kind of target you want to pentest. I would definitely recommend that you give asm/c at least a try. This is basics, handy for all kind of low-level stuff, lot of software/tools/exploits are written in C. In a cybersecurity point of vue, I would also recommend rust lang but it's a very strict language, it might be a pain for you coming from python world.
  13. fromage

    Python script Keylogger

    Didnt said you wrote it either. Only provided additional links.
  14. fromage

    Python script Keylogger

    This comment has been removed because its content has not been approved.
  15. fromage


    Accept Read and understood