[ Projects ]

[ Android | Misc | Exploits | x86 Shellcode ]

[ Android ]

Bruteforce 4 digit Android PINs using a Teensy Kit
Video: Teeny Kit 2.0 Cracking Galaxy S3 Brute Force Tool
MiTMDroid - 11.2014
Simple tool turning a pre-rooted android device with dnsmasq and iptables 
into a rdnis device, ie badUSB to create a MiTM Proxy. 


Phone Requirements: USB Debugging enabled, Pre-Rooted, Busybox Installed: 
Stericson Busybox or (Recommended) armeabi/busybox
	
  NOTE:
  	USB debugging must be enabled Android.
	Once installed on a phone or other android device, simply plug the 
	phone into the USB port on the target machine. Works against Windows-
	/Linux/Mac.
	

[ Misc Tools ]

Arduino Pwn Tool is a tool similar to a Teensy Kit, for the purpose of emulating a 
HID device / Keyboard, with features useful to an offensive penetration tester.
	
Using a 5 pin DIP switch, APT has the ability to launch attacks against 
different platforms, Selecting and launching attacks on the fly...
		
ReverseShell(); - Linux
This function uses netcat or standard utilities for creating a reverse shell 
connection from a Linux target. 
	
addUser(); - Windows
This function will add a new user to the local windows administrator group. 
	
DownloadExec(); - OSX
This function will download shellcode from a defined url and then execute	
it on the target OSX system.

BruteForcePIN(); - Android
This function will allow you to connect APT to an Android Phone/Tablet via OTG 
cable and brute force 4 digit PINs & Passwords.
WiFiLocator - 03.2015
The WiFiLocator infusion package adds GPS support to the already existing 
kismet package. As well as the ability to use an Android device as the GPS. 

Giving the ability to use the WiFiPineapple and a gps device to track wire-
less SSIDS and map them out with Google Earth

mwInventory.pl - 02.2011
Tool for processing log files produced by clamscanLogParse.pl, fprotLog-Parse.pl 
and bdLogParser.pl storing the results into a SQL database.

This is a utility to parse a BitDefender, ClamAV or F-Prot Anti Virus log file, 
sorting the results into an archive by detections

GauntletFW 2.1.0 - README - 02.08.2008
Gauntlet Firewall is a tool to implement a secure & statefull firewall using 
IPTables. Gauntlet is meant to run on the host serving to be the gateway 
machine for the rest of the network. 

IPTables Firewall Functionality & Protection Features:
	
++++++++++++++++++++++++++++++++++++
* Dynamic or Static addressing    
* Full NAT Support
* Fixups for MTU/MSS Issues      
* DoS/DDoS proection
* SYN Flood Protection            
* Packet Spoofing Protection
* Invalid packet blocking        
* Fragmented packet blocking
* Hide from traceroutes
* Portscan Blocking             
  (FIN/URG/PSH)  (SYN/FIN)
  (SYN/RST)      (nmap FIN Stealth)
  (ALL/ALL Scan) (nmap Null Scan)
  (XMAS Scan)
  ** Port scans will be dropped with a log rate of 1 per second. **
  
	
hAudit 1.2 - README - 01.23.2007
hAudit is a forensic utility to aid in the time consuming process of 
collecting information to be analyzed from a compromised, or suspected 
to-be compromised system for further forensic auditing.

Alexa 0x1 - 09.10.2006
Alexa will monitor your log files for a user defined amount of failed SSH login 
attempts, then take action.

Features:
- User definable login threshold limits
- Ability to ignore specific hosts
- Plus more...

SysChk3.1 - 01.16.2006
SysChk will monitor a list of files for changes to ensure the integrity of 
files and directories using on the system running SysChk. 
	        
SysChk watches for changes of the following:
   -User  Ownership.
   -Group Ownership.
   -File Permissions.
   -Modified Time.
   -Md5 Hash.
   
A simple linux password cracker for testing your own passwords against 
dictionary attacks.

This tool will hash a dictionary file then compare the results to the 
actual password file. Thus speeding up the process of cracking with a 
memory vs time trade off...

wh0re.txt - ?.2003
wh0re is a tool to create a reverse shell. 

Timewarp - ?.2003
Timewarp is a utility that will allow you to edit a file using any editor 
without changing the access & modified times. 

Perl & C Version. 

Simple and fast forking port scanner written in perl. Can only scan on host 
at a time, the forking is done on the specified port range. Default range 
of 1-65535. 

[ Exploits ]

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 
9.4.3-P3, .5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as 
a master server, allows remote attackers to cause a denial of service 
(assertion failure and daemon exit) via an ANY record in the prerequisite 
section of a crafted dynamic update message.

ssl-injector.c - Ettercap anyone??

locale.c - 2000-2001
old GLIBC exploit - worked against  su to get r00t. Multiple Vendor Locale 
Subsystem Format String Vulnerability.

A security vulnerability in McAfee VirusScan Enterprise allows local attac-
kers to escalate their privileges.

[ x86 Shellcode ]

multi-os-reboot.s.txt - (Linux / BSD ) - 2004
The shellcode executes syscall 39 without any args and verifies if an error 
is returned. 
	
NOTE:
On Linux this syscall is mkdir so it will expect an argument and 
returns with an error. On FreeBSD this syscall is getppid which doesn't 
require an argument and will return with the process ID.

Shell code executing for ipchains -F 

Shell code executing for iptables -F