Python subdomain bruteforce script

Python subdomain bruteforce script

This script basically tries to bruteforce the subdomains of a given domain name. It includes various options such has min and max length, avoiding scanning when certain character are detected and so on.

Its currently single threaded so it might take awhile when its more than 6 characters. Will try to work on it when i have the time to do so

It is available on github here

Enjoyed the content ? Share it with your friends !

Penetration Testing – Reconnaissance and Information Gathering

Pentration Testing – Reconnassaince and Information Gathering

In penetration testing, the first thing to do is always to do reconnassaince and gather information about your target. Information such as subdomains,  directories, firewall, web server, php version are just few of the many crucial information that you will need

1. Finding subdomains or relating links

There are multiple methods to go about this, and all should be employed when doing reconnaissance.

Subdomain Enumeration
Sometimes a website have data in their subdomain that can be exploited too.

If your target is on the public web, you can use dnsdumpster
If your target is within an intranet, you will have to download tools such as subbrute which is in python. If you need a lightweight version, you can take a look at a python script i made here

Google Crawling
Sometimes a website is publicly available on search engine, and you will be surprised at how well google crawls these websites. GoogleSearch1

2. Finding firewall information
In linux and windows, you can use wafw00f to detect the type of firewall behind a web server, or if there is any at all. There is also a nmap script http-waf-detect that does this

3. Finding website information
To find information about the website such as cms, php version, plugins, … You can use wapplyzer which has both a online version and a browser plugin and whatweb which also has an offline and online version.

 

CONCLUSION

These information are crucial as they tell you possible attack points, and potential flaws and vulnerabilities in the target system. With these information, you are now better prepared to head into the actual penetration testing

Enjoyed the content ? Share it with your friends !

Reverse Engineering Introduction

Reverse Engineering INTRODUCTION

 

What is Reverse Engineering 

Reverse Engineering : the reproduction of another manufacturer’s product following detailed examination of its construction or composition.

Applying the above definition into our context, it would mean breaking a software apart in order to copy it, or reconstruct(modify) it.

Outlook of Reverse Engineering

Reverse Engineering is a tough field and speciality. Knowledge is sparse, experts are scarce. You may have a stackoverflow for programming but there is no comparable equivalent for reverse engineering. Although SO has a reverse engineering sub, it is still a small community whose scale cannot be compared to the community of programmers. Hence, it requires a lot of self-research and independence. Oh and did i mention this ? As you progress in this field, the less people are able to help you. You are on your own !

Use Cases for Reverse Engineering

There are generally 5 use cases for reverse engineering. 3 good ones, 2 bad ones.

Good use case

  1. Software security analysis
  2. Malware analysis
  3. Code recovery (although this is not common but it is a legitimate use)

Bad use case

  1. Cracking
  2. Hacking e.g game hacking

How to Reverse Engineer

Learning how to reverse engineer requires a great deal of patience, perseverance and logical thinking. If you are not passionate about this, you will probably struggle even more, just to give up in the end.

Reverse Engineering requires you to have programming experience, preferably that of a lower-level language like C or Assembly, in order to understand a program’s logic and manipulate it. Also, if you have programming experience, you should have experience with debugging your software – this will come in handy.

For the actual how to reverse engineer, you can see/look out for my various tutorial series that i plan to start on reverse engineering

CONCLUSION

With that, I hope you have a better grasp of what reverse engineering really is. If you are as passionate as I am about this, don’t give up !

 

Enjoyed the content ? Share it with your friends !

Assembly language crash course

Assembly language crash course (Intel x86 Architecture)

The goal of this assembly language crash course is to help you have a quick overview of the assembly language, and transition from a higher-level language to a lower-level one (in this case, it’s assembly). Therefore, it is imperative that you already possess a programming background in order to be understand my explanations or references later on.

A good habit to have when learning assembly language is to convert these low level codes into that of a high level language to better understand the flow, logic and code.

Now, on to the actual assembly language. There are 3 main components that you should take note of when you first begin learning. Namely – Registers, Flags, and the Code itself.

Registers are like global variables which can hold 4 bytes (32 bits). Registers can be used for anything – for calculation, for copying of data, … There are however, standards or common usage for each register though.  There are 8 of these registers – namely,

Eax, Ecx, Ebx, Edx – General purpose registers

Esi, Edi – Index register

Ebp – Pointer to base of current stack frame

Esp – Pointer to the top of the stack

Flags are well, flags … also known as EFLAGS (x86 system) or RFLAGS (x64 system). Like your normal programming flags, they are binary values – either 0 or 1 and are used to signify that an event has happened, which can can be used as part of your code’s decision-making logic.

Zero Flag (ZF) – If an operation has a result of 0, the ZF is set to 1. This flag is checked by conditional jump opcodes(the equivalent of ‘if’, ‘else’, ‘switch’ ..)

Overflow Flag (OF) –  indicate when an arithmetic overflow happened in an operation

Sign Flag (SF) – indicate whether the last mathematical operation resulted in a value in which the most significant bit was set. Or if you interpret the result as two’s complement, the negative flag will be set if the result was negative.

Codes are as you guessed it – codes. One line of assembly code is usually made up of two components – an opcode and operand. An opcode is usually the prefix (or the code at the start of the line) and operand is everything else. Take a look at the example below (It’s alright if you don’t understand it yet)

mov eax, edx // mov is the opcode, eax & edx are operands.

sub ebx, edi// sub is the opcode, ebx & edi are operands

 

Now that you know what Registers, Flags, and Codes are, you will now need to know how assembly does its stuff – calculations, copying of data, calling a function and so on. There will be 3 parts to this.

  1. Data manipulation (calculation, copying of data..)

    mov eax, edx // edx = eax; move the value from edx into eax

    sub eax, edx // eax = eax – edx; // subtract edx with eax, result is in eax

    add eax, edx // eax= eax + edx; // add edx with eax, result is in eax

    note that while i used registers ‘eax’ and ‘edx’ above, they can also be replaced with a hard coded value. For example,

    mov eax, 5

    sub eax, 9

    add eax, A // note : a constant value is usually denoted in hex

  2. Comparing of values
    Now that you know how to do simple calculations in assembly, let’s move on to comparing of values in assembly. This is where the Zero Flag that I have mentioned earlier will come into use.

    cmp eax, edx // if ( eax==edx ) ZF = 1;

    On the surface it may be just comparing values, but underneath it, it does a subtraction of eax and edx. So if eax-edx == 0, the ZF is set to 1. The result of the subtraction is not stored anywhere.

    test eax, eax // if ( eax==0 ) ZF = 1;

    For the ‘test’ opcode, it does not do a subtraction, it instead does a bitwise AND. If the result of the bitwise AND operation is 0, the ZF is set to 1. In code it would look like if( (eax AND eax) == 0 ) ZF=1;

  3. Function calls & conditional jumps
    Now that you know how CMP and TEST works, all that is left are the basic conditional jumps & calls

    JMP location // unconditional jump – Jump regardless of what happens

    JZ location // ‘jump if zero flag set’ – condition ZF=1

    JNZ location // ‘jump if not zero flag set’ – condition ZF=0

    JLE location // ‘jump if less than or equal’ – condition ZF = 1 or SF <> OF

    JG location // ‘jump if greater’ – condition ZF = 0 and SF = OF

    CALL location // nothing special. same as normal programming calls like foobar();

Now that you have a basic grasp of the assembly language, next thing you should do is to practise it ! Be it through programming or using assembly to reverse engineer – practise makes perfect.

 

Enjoyed the content ? Share it with your friends !

5 Tips to keep your computer safe

5 Tips to keep your computer safe

Following these 5 tips to keep your computer safe will go a long way. Although they may be inconvenient at times, it is certainly better than putting your computer at risk to being compromised. Getting your computer compromised by something like Ransomware will be extremely costly.

1. Install security software (aka Antivirus)
This is a very simple way to keep your computer safe. You just got to install the software and usually no other configurations are needed. A good free one is avast which you can get here

2. Avoid torrents or cracked software
Torrents have legitimate uses but are generally used for downloading of pirated contents. Pirated or cracked content software are very risky because there is a great motivation for them to infect the files – if they release the pirated or cracked content for free, they are essentially wasting their efforts cracking that software, which by the way is very very tough to do.

3. Secure software settings
Virus and malware can come through exploits found in various software. For example, there have been past cases of users gerting compromised through microsoft word, adobe flash player, and so on

4. Install security patches or updates
Don’t brush off that notification on the bottom right corner of your screen. It may be an important patch or update. Alternatively, click the flag icon bottom right corner of your taskbar and you will see the critical events at the moment.

5. Backups
Lastly, while keeping your computer safe is important and should be your priority, there is no guarantee it will be compromised one day. It is therefore vital that you make regular backups of whatever documents you deem critical. A 1TB external hard drive goes for less than a $60 these days so it is definitely worth it. Alternatively, use cloud storage solutions such as google drive. Better yet, use both.

Enjoyed the content ? Share it with your friends !