Jump to content




IMPORTANT
We are happy to let you know that SIRUMIUM (ex crimeclub) is back online.
If you are old vendor here you will have one month bonus on your advertise and free banner in rotation.

ADVERTISE

Dark

Administrator
  • Content count

    78
  • Joined

  • Last visited

Community Reputation

0 Neutral

5 Followers

About Dark

Recent Profile Visitors

1747 profile views
  1. Enjoy. https://mega.nz/file/GlcgXC7K#dO2InKil0btGFc7xNOIZp-ncJlZg4Isrjap1wQrhlmU
  2. Full source: https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474 Using the browser to scan a LAN isn’t a new idea. There are many implementations that use XHR requests, websockets, or plain HTML to discover and fingerprint LAN devices. But in this blog, I’ll introduce a new scanning technique using WebRTC ICE servers. This technique is fast and, unlike the other methods, bypasses the blocked ports list. Unfortunately, it only works when the victim is using Chrome. You can skip my explanation and go straight to the code or the demo page. Otherwise, let’s start with a proof of concept video. Here I am scanning my 192.168.88.0/24 network. https://www.youtube.com/watch?v=M6lBVhkzUmM&feature=emb_logo What’s an ICE Server? As I said, the scanning technique uses WebRTC ICE servers. An ICE server is a STUN or TURN server considered by a WebRTC RTCPeerConnection for self discovery, NAT traversal, and/or relay. A list of servers can be passed into the RTCPeerConnection’s constructor. Here’s an example constructor being provided one of Google’s public STUN servers: When the above RTCPeerConnection enters the ICE gathering state it will attempt to connect to the provided server. Protocols Matter ICE servers can be bound to either UDP or TCP ports. However, unless instructed otherwise, Chrome appears to only attempt communication over UDP. Below is a Wireshark screenshot of the packets Chrome sends to a non-existent TURN server. Everything is UDP. You can force Chrome to reach out over TCP if you know something about the ICE server URLs. The URLs passed to the RTCPeerConnection’s constructor must conform to RFC 7064 (STUN) or RFC 7065 (TURN). The TURN URI scheme follows: Most important for scanning purposes is the optional “?transport=” field. Chrome can be forced to use ICE over TCP by using a TURN URI that ends with “?transport=tcp”. We now have a way to initiate a TCP connection with any IP and port we choose. However, since almost all the hosts we’ll scan won’t be TURN servers, how can we determine if a host is alive or not? Determining If a Host Is Alive The following JSFiddle generates 256 TURN URI in order to find an active address in the range of 192.168.[0–255].1 https://jsfiddle.net/49n5oLj7/
  3. Maze: Newsmaze[.]top mazenews[.]top dnspexdevfbct2agyu3oxrmhm4ggf4ec6iwpnlb3kwb2rigrtuz3sayd[.]onion DoppelPaymer: doppleleaks[.]info doppleshare[.]top hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad[.]onion REvil: dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd[.]onion Nemty: zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad[.]onion Nemty[.]top Nemty2[.]top Nefilim: hxt254aygrsziejn[.]onion Sekhmet: rlmuybcg5h5gaatr[.]onion Clop: ekbgzchl6x2ias37[.]onion Ragnar: p6o7m73ujalhgkiv[.]onion Snatch: snatch24uldhpwrm[.]onion snatchwezarcr27t[.]onion snatch6brk4nfczg[.]onion snatchh5ssxiorrn[.]onion snatch2q72f2wjff[.]onion snatch6rpvi7yy4t[.]onion mydatassuperhero [.] com mydatasuperhero[.]com
  4. Source: https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/ There are only a couple of default system-signed executables that let you download a file from a Web Server, and every security product and threat hunter specifically looks for them for signs of misuse or abuse by threat actors. While the usage of LOLBins[1] in the wild has been extensively written about[2,3], uncovering novel ones helps security practitioners and researchers alike prevent abuse of these native tools. In this post, we share details of a new binary that can be used as a stealthy downloader instead of the widely-leveraged – and monitored – certutil[4]. The binary desktopimgdownldr.exe, located in system32 folder in Windows 10, is originally used to set lock screen or desktop background image as part of Personalization CSP[5]. Therefore, it can be run as a standard user like this:
  5. Please use escrow for all deals with unverified vendors!
  6. Example of penetration test report: https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
  7. Please use escrow for services which are note verified! Escrow is free.
  8. Servers are HQ and bulletproof, best on market!
  9. https://ired.team/memory-forensics/process-environment-block
  10. https://blog.kowalczyk.info/articles/pefileformat.html
  11. DLL Injection is one of those things I've always sort of knew about but never actually implemented. Probably because I never *really* needed to. I'm not a big gamer and not really into the malware side of security. Actually, the only times I ever need to inject into a running process is during exploitation/post exploitation and Metasploit has spoiled me too much http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
  12. FireEye Mandiant red team consultants perform objectives-based assessments that emulate real cyber attacks by advanced and nation state attackers across the entire attack lifecycle by blending into environments and observing how employees interact with their workstations and applications. Assessments like this help organizations identify weaknesses in their current detection and response procedures so they can update their existing security programs to better deal with modern threats. Full article: https://www.fireeye.com/blog/threat-research/2019/04/finding-weaknesses-before-the-attackers-do.html
  13. For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you’d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn’t exist. As security researchers, every one of us has probably spent hours customizing a Windows working environment at least once and we all use the same tools, utilities, and techniques during customer engagements. Therefore, maintaining a custom environment while keeping all our tool sets up-to-date can be a monotonous chore for all. Recognizing that, we have created a Windows distribution focused on supporting penetration testers and red teamers. Commando VM uses Boxstarter, Chocolatey, and MyGet packages to install all of the software, and delivers many tools and utilities to support penetration testing. This list includes more than 140 tools, including: Nmap Wireshark Covenant Python Go Remote Server Administration Tools Sysinternals Mimikatz Burp-Suite x64dbg Hashcat https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html https://github.com/fireeye/commando-vm
  14. [email protected], very known scammer, dont do any deals with this one.
  15. @GangbangEr you are welcome to visit our tutorials section! We will post more stuff soon. Stay tuned.
×