Crypto
pyCryptocat
11 March, 2014 - 04:50 — cisc0ninjapyCryptocat - A Cryptocat standalone python client
Authors and contributors
Simone Margaritelli (evilsocket)
Raffaele Forte
Cryptocat is free software that aims to provide an open, accessible Instant Messaging environment that encrypts your conversations and works right in your browser.
pyCryptocat is a Cryptocat standalone chat client written in Python, using python-webkit package to serve Cryptocat JS and HTML files.
Cryptocat provides multi-user (and private) instant messaging inside chatrooms. It uses the OTR protocol for encrypted two-party chat and the (upcoming) mpOTR protocol for encrypted multi-party chat.
The goal is to provide the easiest, most accessible way to chat while maintaining your privacy online.
Ipdecap
11 March, 2014 - 04:35 — cisc0ninjaIpdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, and can also remove IEEE 802.1Q (virtual lan) header.
It reads packets from an pcap file, removes the encapsulation protocol, and writes them to another pcap file.
Goals are:
Extract encapsulated tcp flow to analyze them with conventional tcp tools (tcptrace, tcpflow, …)
Reduce pcap files size by removing encapsulation protocol
Ipdecap was first written to analyze a strange tcp behavior encapsulated by ESP, without intervention on vpn endpoints.
Installation:
Dependances
Openssl
Libpcap
Compilation
wget https://github.com/lpefferkorn/ipdecap/archive/v0.7.tar.gz
tar xvzf v0.7.tar.gz
cd ipdecap-0.7
sh autogen.sh
./configure
make
make install
Use
Command line:
A source pcap file
An output pcap file
A configuration file to decrypt ESP packets
Maybe a bpf filter to limit packets to process.
Ipdecap 0.5, decapsulate GRE, IPIP, 6in4, ESP packets, remove 802.1Q header - Loic Pefferkorn
Supported encapsulation protocols
GRE
IPIP
6in4 (IPv6 encapsulated within IPv4)
ESP (ipsec, tunnel mode)
ESP algorithms
(crypt) des-cbc 3des-cbc aes128-cbc aes128-ctr null_enc
(auth) hmac_md5-96 hmac_sha1-96 aes_xcbc_mac-96 null_auth any96 any128 any160 any192 any256 any384 any512
Usage
ipdecap [-v] [-l] [-V] -i input.cap -o output.cap [-c esp.conf] [-f ]
Options:
-c, --conf configuration file for ESP parameters (IP addresses, algorithms, ... (see man ipdecap)
-h, --help this help message
-i, --input pcap file to process
-o, --output pcap file with decapsulated data
-f, --filter only process packets matching the bpf filter
-l, --list list availables ESP encryption and authentication algorithms
-V, --version print version
-v, --verbose verbose
CodeCrypt
11 March, 2014 - 04:21 — cisc0ninjaThe post-quantum cryptography tool.
This is a GnuPG-like unix program for encryption and signing that uses only quantum-computer-resistant algorithms:
McEliece cryptosystem (compact quasi-dyadic variant) for encryption
Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures
Why this?
Go read http://pqcrypto.org/
Links
infopage: http://e-x-a.org/codecrypt/
package downloads: http://e-x-a.org/codecrypt/files/
Documentation
There is a complete, UNIXy manual page supplied with the package. You can view it online here: http://e-x-a.org/codecrypt/ccr.1.html
Everything is meant to work mostly like GnuPG, but with some good simplicity margin. Let's play with random data!
ccr -g help
ccr -g fmtseq128-sha --name "John Doe" # your signature key
ccr -g mceqd128 --name "John Doe" # your encryption key
ccr -K #watch the generated keys
ccr -k
ccr -p -a -o my_pubkeys.asc -F Doe # export your pubkeys for friends
#see what people sent us
ccr -ina < friends_pubkeys.asc
#import Frank's key and rename it
ccr -ia -R friends_pubkeys.asc --name "Friendly Frank"
#send a nice message to Frank (you can also specify him by @12345 keyid)
ccr -se -r Frank < Document.doc > Message_to_frank.ccr
#receive a reply
ccr -dv -o Decrypted_verified_reply.doc <Reply_from_frank.ccr
#rename other's keys
ccr -m Frank -N "Unfriendly Frank"
#and delete pukeys of everyone who's Unfriendly
ccr -x Unfri
#create hashfile from a large file
ccr -sS hashfile.ccr < big_data.iso
#verify the hashfile
ccr -vS hashfile.ccr < the_same_big_data.iso
Option reference
For completeness I add listing of all options here (also available from ccr --help)
Usage: ./ccr [options]
Common options:
-h, --help display this help
-V, --version display version information
-T, --test perform (probably nonexistent) testing/debugging stuff
Global options:
PACK - Password Analysis & Cracking Kit
31 January, 2014 - 11:38 — cisc0ninjaPACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.
NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient.
StatsGen
The most basic analysis that you can perform is simply obtaining most common length, character-set and other characteristics of passwords in the provided list. In the example below, we will use 'rockyou.txt' containing approximately 14 million passwords. Launch statsgen.py with the following command line:
$ python statsgen.py rockyou.txt
Using filters
Let's see how RockYou users tend to select their passwords using the "stringdigit" simple mask (a string followed by numbers):
$ python statsgen.py ../PACK-0.0.3/archive/rockyou.txt --simplemask stringdigit -q --hiderare
Saving advanced masks
While the "Advanced Mask" section only displays patterns matching greater than 1% of all passwords, you can obtain and save a full list of password masks matching a given dictionary by using the following command:
$ python statsgen.py rockyou.txt -o rockyou.masks
MaskGen
MaskGen allows you to craft pattern-based mask attacks for input into Hashcat family of password crackers. The tool uses output produced by statsgen above with the '-o' flag in order to produce the most optimal mask attack sorted by mask complexity, mask occurrence or ratio of the two (optimal index).
Let's run MaskGen with only StatGen's output as an argument:
$ python maskgen.py rockyou.masks
Specifying target time
SSH Back
31 January, 2014 - 10:20 — cisc0ninjaSSH Back is a set of shell scripts that assist you in shuffling an ssh connection over socat and ssl.
.-----.-----.| |--.| __ \.---.-.----.| |--.
|__ --|__ --|| || __ <| _ | __|| <
|_____|_____||__|__||______/|___._|____||__|__|
Copyright (C) 2014
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Have you ever needed to have access to an ssh server from behind
a NAT'ed firewall? Now you can. SSHBack allows you to have reverse
ssh connections connect back to you.
Made from 100% FOSS recycled materials, this software is made to
withstand the most demanding conditions, including, but not
limited to: __FILL_IN_BLANK_HERE__
(For amusement purposes only. Do not abuse or misuse this product.
Do not ruin anyone's day with this software, please!)
sshback client machine: has openssh-server on
sshback sever machine: has openssh-client on
NOTE: "Server_Common_Name" must be able to DNS resolve
on the client machine, e.g.
$ host <a href="http://www.servercommonname.com<br />
www.servercommonname.com" title="www.servercommonname.com<br />
www.servercommonname.com">www.servercommonname.com<br />
www.servercommonname.com</a> has address xxx.xxx.xxx.xxx
run
$ ./sshback_make_certs.sh
to make all the certs
then move client.pem, server.crt, and sshback_client.sh to the
machine with openssh-server installed
make sure 'socat' is installed
chmod +x sshback_client.sh
Ip phone Scanning Made Easy (ISME)
16 December, 2013 - 12:24 — cisc0ninjaIp phone Scanning Made Easy (ISME) scans a VOIP environment, adapts to enterprise VOIP, and exploits the possibilities of being connected directly to an IP Phone VLAN. It seeks to get the phone's configuration file directly from a TFTP server, enable SIP/SIPS (TCP/UDP), communicate with an embedded Web server and Web server banner, identify the editor by MAC address, and identify potential default login/password combinations which should be changed.
The following libraries are needed:
· LWP::UserAgent; # http://search.cpan.org/~gaas/libwww-perl-
6.03/lib/LWP/UserAgent.pm
· HTML::Parser; # http://search.cpan.org/dist/HTML-Parser/Parser.pm
· Net::Ping; # http://search.cpan.org/~smpeters/Net-Ping-2.36/lib/Net/Ping.pm
· Net::Netmask; # http://search.cpan.org/dist/Net-Netmask/
· Net::Subnets;
· Net::TFTP; # http://search.cpan.org/~gbarr/Net-TFTP-0.16/TFTP.pm
· Net::DHCP::Packet; # http://search.cpan.org/~djzort/Net-DHCP-
0.69/lib/Net/DHCP/Packet.pm
· Net::DHCP::Constants; # http://search.cpan.org/~djzort/Net-DHCP-
0.69/lib/Net/DHCP/Constants.pm
· Net::Libdnet::Arp;
· Crypt::SSLeay; #http://search.cpan.org/~nanis/Crypt-SSLeay/SSLeay.pm
· LWP::Protocol::https ; #http://search.cpan.org/~gaas/LWP-Protocol-https-
6.02/lib/LWP/Protocol/https.pm
· Mozilla ::CA;#s http://search.cpan.org/~abh/Mozilla-CA-
20111025/lib/Mozilla/CA.pm
· HTTP::Request::Common; # http://search.cpan.org/~gaas/HTTP-Message-
6.02/lib/HTTP/Request/Common.pm
· Net::Subnets
· Tk; #http://search.cpan.org/~ni-s/Tk-804.027/pod/UserGuide.pod
· Net::RawIP; #http://search.cpan.org/~saper/Net-RawIP-0.25/lib/Net/RawIP.pm
· Net::SSH
· SIP/Digest
Take care, even if libraries are not explicitly declared in the script, there are needed
nonetheless.
Java must be installed on the computer if you intend to use Fuzzing SIP – Protos.
MorxCrack
9 December, 2013 - 13:42 — cisc0ninjaMorxCrack is a cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords.
As of version 1.2 MorXCrack supports the following algorithms:
MD5
MD5 (Twice)
MD5 (PasswordSalt)
MD5 (SaltPassword)
SHA1
SHA1 (Twice)
SHA1 (PasswordSalt)
SHA1 (SaltPassword)
SHA2 (256 Bits)
SHA2 (512 Bits)
MySQL (4.1+)
Crypt UNIX (Shadow)
And the following CMS:
Joomla
Wordpress (PHPass)
vBulletin
InvisionPowerBoard
Author:
Simo Ben youssef
Requirements:
Tested on Perl 5 (Might work on older versions).
Required modules:
Digest::MD5
Digest::SHA
Install if missing:
perl -MCPAN -e ‘install Digest::SHA’
perl -MCPAN -e ‘install Digest::MD5?
Usage:
Usage for non-salted passwords:
perl morxcrack.pl <’hash’>
perl morxploit md5 ’83583d2b5ea4078b9b83f82254e5d564? wordlist.txt
Usage for salted passwords:
perl morxcrack.pl <’hash’>
perl morxploit.pl joomla ‘a87248e5fc69972804f5bb93c873ee9d’ wordlist.txt 9W11uZafPxbe9xpL
Example:
Test on a Pentium(R) Dual-Core CPU T4500 @ 2.30GHz * 2 processor using md5 and a 3917096 wordlist (43.4 MB):
perl morxcrack.pl md5 ’83583d2b5ea4078b9b83f82254e5d564? all.txt
[*] Hashed password set to 83583d2b5ea4078b9b83f82254e5d564
[*] Algorithm/CMS set to md5
[*] Wordlist set to all.txt
[+] Cracking …
############################################################
# [+] Your password is morxploit
# [+] found at line 3917096
# [+] Job took 16 seconds
############################################################
TODO:
Add support for more algorithms and CMS
Fasmaes
21 November, 2013 - 15:44 — cisc0ninja# #
# ~ .__ ?.__ 0 o ^ .__ ?__ `? #
# ?____) __ __| | | ?| ______?____ 0 ____ __ _________|__|/ |_ ___.__. #
# / \| | ?\ |?| | ?/ ___// __ \_/ ___\| | ?\_ __ \ o\ __< | | #
# | o?| \ | / |_| |__\___ \\ ___/\ ?\___| o| /| | \/ || |? \___ O| #
# |___| /____/|____/____/____ ?>\___ >\___ >____/ |__|? |__||__| / ____| #
# `??`?\/?`nullsecurity team`?\/`??`?\/`?``?\/ ``?```?```????`?``0_o\/??`?? #
# #
# AES Implementation for Flat Assembler #
# #
# VERSION #
# 1.0 #
# #
# DATE #
# 13/02/2012 #
# #
# AUTHOR #
# belial - <a href="http://www.nullsecurity.net/" title="http://www.nullsecurity.net/">http://www.nullsecurity.net/</a> #
# #
# LICENSE #
# BSD-License #
# #
# DESCRIPTION #
Hyperion
18 November, 2013 - 16:26 — cisc0ninja# #
# ~ .__ °.__ 0 o ^ .__ °__ `´ #
# °____) __ __| | | °| ______°____ 0 ____ __ _________|__|/ |_ ___.__. #
# / \| | °\ |°| | °/ ___// __ \_/ ___\| | °\_ __ \ o\ __< | | #
# | o°| \ | / |_| |__\___ \\ ___/\ °\___| o| /| | \/ || |° \___ O| #
# |___| /____/|____/____/____ °>\___ >\___ >____/ |__|° |__||__| / ____| #
# `´´`´\/´`nullsecurity team`´\/`´´`´\/`´``´\/ ``´```´```´´´´`´``0_o\/´´`´´ #
# #
# Hyperion: A runtime PE-Crypter #
# #
# VERSION #
# 1.0 #
# #
# DATE #
# 25/05/2012 #
# #
# AUTHOR #
# belial - <a href="http://www.nullsecurity.net/" title="http://www.nullsecurity.net/">http://www.nullsecurity.net/</a> #
# #
# LICENSE #
# BSD-License #
# #
# DESCRIPTION #
NetCrypt
1 November, 2013 - 11:41 — cisc0ninjaA proof-of-concept packer for .NET executables, designed to provide a starting point to explain the basic principles of runtime packing.
It is a full implementation of a simple .NET PE file packer, which doesn't use native code.
It can perform the following tasks:
pack itself
packing files packed by itself (up to four layers of packing are tested)
automagically resolve dependencies of the packed EXE
The following downsides/problems are known:
output files are quite big
there is no compression
console applications/DLLs cannot be packed.
Implementation
The packer is implemented in a shared library called netcrypt.dll. If you reference this library you can just use the following code to pack a file:
byte[] arrayOfUnpackedExeBytes;
// ... perform file loading/generation logic
byte[] packedExe = Packer.Pack(arrayOfUnpackedExeBytes);
