Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by sunjester

  1. there is no need to download the file, its just an HTML file with a google custom search. below is the source. however I suggest getting your own API key for free rather than using the key in this source. https://pastr.io/raw/pMNV2g
  2. Introduction Like all my other tutorials this will be done within Ubuntu. Malshare is a website that allows you to share malware analysis reports and malware information in general. There are plenty of places like this on the internet such as virustotal and Jotti's and many many more. Malshare gives you 1,000 calls in a 24 hour period. You can also visit their Github page to follow issues. To login to this website you will need to register an API key and put it in the box in the top right of the page. Exploring the Malshare API You can view their existing documentation and REST API on their website. As you can see from the image below the API offers JSON and raw outputs. Each call is made with your API key. You can register for a key right here. From the API documentation we can write a class pretty easily. Object Orientation The whole philosophy for creating software is to make lives easier. When you write classes you need to keep in mind that object oriented programming is for code reuse. You want to write your code in such a way that you aren't rewriting it over and over again. Too many times people write code that they copy and paste over and over again when in fact they can simply write a class or a method/function. So below is a section of the class I started writing while reading the documentation. <?php class Malshare { private $api_key; private $output; //make a new malshare function __construct($key) { $this->api_key = $key; } //make a call to the API function makeCall() { } ///api.php?api_key=[API_KEY]&action=getlist function listHashes() { } The code above (unfinished) was written before I even did any planning whatsoever. Just because the API is short doesn't mean we don't need some kind of proper planning. You don't really want to rewrite code (called refactoring) over and over again. For example, I wrote some email marketing software in 2001 and it is still functioning to this day with being refactored once, when Google deprecated their old search API and started using the Custom Search API. The point is, I am going to write a function for each endpoint in the API but the code can still be refactored. For example, you could refactor these two methods into one with little effect. ///api.php?api_key=[API_KEY]&action=getlist function listHashesJson() { } ///api.php?api_key=[API_KEY]&action=getlistraw function listHashesRaw() { } Making the Call You can make calls to external sources in PHP in a few different ways. My favorite way is with CURL. However, these endpoints work just fine with a more simple way, file_get_contents(). This method has been around since PHP4 and it doesn't look like it's going away any time soon. Like they say in software, let's keep it simple. SO the call method will accept our complete API url and spit out the return data, like shown below. $mal = new Malshare("6d9b0d--------------------------------2b5d9742a3"); $jsonHashes = $mal->listHashesJson(); die(var_dump($jsonHashes)); Uploading FIles Down the list a bit on the API documentation page there is an option to upload a file. However, we have only been downloading data from the Malshare website. We can't use our usual function file_get_contents() for this, so we are going to use CURL. You can check your CURL version with the --version flag/argument. (xenial)[email protected]:/var/www/html/malshare$ curl --version curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets If you read the CURL manpage you can see that the -F option is for uploading the file using the FormData field like their API needs. The image below is a screenshot of the manpage for CURL. The data field they want is called upload, and using it in a single CURL command (POST data) is simple, you can see that below as well. curl -F "[email protected]" "https://malshare.com/api.php?api_key=6d9b0d0236-----------5d9742a3&action=upload" The return value is a hash of the file, which you can use to check with the earlier API methods we implemented in the Malshare class. However, executing this command in PHP is a bit different. You could probably just exec() the command and pull the results but it's much better to break it out into PHP code. Conclusion This is a simple tutorial on how to integrate the Malshare.com API into a PHP class. You can view the complete class on my github page.
  3. Introduction In this article we will be creating objects and demonstrating inheritance. If you do not know how to create a class in PHP then this tutorial may not be for you. The base class is sometimes called the super class. In PHP the extend keyword is used to inherit from another class. You can also inherit from a class that is being inherited from another class. UML Showing object inheritance in UML is pretty simple, its a line from the base class to the child class, the arrow is an outline and not solid, as pictured below. The Car class is inheriting the base class, Vehicle. Classes Our classes will be based on vehicles. The base class will be Vehicle. We can create other classes and inherit the methods/functions of the base class. The above UML is converted into PHP (below) to show how the inheritance works. class Vehicle { public $color; function changeColor($c) { $this->color = $c; } } class Car extends Vehicle { } The Car class above will automatically have a color variable/attribute. You can use the changeColor method from the base class to set the color of the Car class. $car = new Car(); $car->changeColor("red"); Overloading You can add your own method in the child class to overload the original method in the base class. class Car extends Vehicle { function changeColor($c) { $this->color = "new color, ".$c; } } References https://www.ibm.com/developerworks/rational/library/content/RationalEdge/sep04/bell/index.html https://www.draw.io/ http://php.net/manual/en/language.oop5.inheritance.php https://en.wikipedia.org/wiki/Inheritance_(object-oriented_programming)
  4. So now, let's see how we can add capture to checkers with regex and with some other libraries. The way I like to do it is with regular expressions since it almost never needs an external library attached to the project. But Hulu makes its pretty easy with their API endpoints and JSON responses Hulu So we want to "capture" data about the account after we know a valid account. The page to capture hulu info is on https://secure.hulu.com/account. Below is a screenshot from a basic Hulu account, this is what we will be capturing. With Hulu you need to grab the CSRF token before you can login and grab the right cookies. Hulu will send a request from the login page to https://secure.hulu.com/api/3.0/generate_csrf_value?for_hoth=true&path=/v2/web/password/authenticate to grab a CSRF token. If you grab your cookies from the browser you will be able to use those to grab a csrf. Here is my curl request: curl --header "Host: secure.hulu.com" --header "Upgrade-Insecure-Requests: 1" --header "User-Agent: Mozilla/5.0 (X11; CrOS x86_64 11647.104.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.88 Safari/537.36" --header "Referer: https://secure.hulu.com/account" --header "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -v --cookie-jar newcookie 'https://secure.hulu.com/api/3.0/generate_csrf_value?for_hoth=true&path=/v2/web/password/authenticate' And here is the response, with the CSRF token Our cookies will be saved in the cookiejar, we can use this file (newcookie) to use the CSRF token. Hulu API Json There is an easier way to get Hulu account info, that's by using their API. You can check subscriptions using the following endpoint: which will return something like... {"alert":null,"lastChargeDate":"04/01/19","hasBillingHistory":true,"monthlyDue":{"basePlan":{"items":[{"name":"Hulu","price":{"amount":"$5.99","frequency":"/mo","duration":null},"message":null,"items":null}],"link":{"linkText":"Manage","href":"/account/addons"},"message":null,"id":1},"addOns":{"items":[{"name":"None Added"}],"link":{"linkText":"Manage","href":"/account/addons#addons-section"},"message":null},"recurringTotal":{"name":"Monthly Recurring Total","price":{"amount":"$5.99","frequency":"/mo","duration":null}}},"nextCharge":{"nextChargeDate":"05/01/19","nextChargeAmount":{"amount":"$6.36","frequency":null,"duration":null},"items":[{"name":"Hulu","price":{"amount":"$5.99","frequency":null,"duration":null},"message":"05/01 - 06/01","items":null},{"name":"Tax","price":{"amount":"$0.37","frequency":null,"duration":null},"items":null}],"hasTax":true},"cancelLink":null,"canPauseSubscription":true,"canCancelSubscription":true,"canRetryCharge":false,"isFullVip":false,"isLimitedVip":false,"isTimeLimitedVip":false} As you can see, all the account subscription info is in there. You will need to authenticate yourself using the method above, then send the request with the correct cookie jar to the API endpoint. Other endpoints include... https://www.hulu.com/api/v1/csrf https://www.hulu.com/api/v1/account https://www.hulu.com/api/v1/payment (this endpoint has email and payment method, paypal/cc) https://secure.hulu.com/api/3.0/subscriber/check_user_subscription_info (to see if the account is valid or overdue payments)
  5. Regular expressions can be a very useful tool in your arsenal when creating hacking tools. You should use regular expressions when split just won't cut it. You would normally use String.Split when there is only one occurrence of a string in the block your searching. Regular expressions is great for finding specific strings in a block of text, and it can be MUCH faster. You can use Regex101 to help create your regular expression, it's what I normally use. I will go over a short intro to help get you started when creating a regular expression. Match a single digit \d Match multiple digits \d+ Match X amount of digits (if you want 3 digits; {3}) \d{x} Match a single character \w Match any character or digit . Match any digit or character multiple times .+ Match zero or more ? So as an example, let's open the cracked.to website and view the source. We are going to use them as an example on how to scrape stuff. Let's scrape usernames and ID's. Around line 2955 you will start to see the usernames So copy that and paste it into the bottom textbox on regex101. The top box is where we will begin to write our regex. Each entry is an anchor link which has the username and their ID. <a href="https://cracked.to/member.php?action=profile&uid=103683" title="17MOD1997">17MOD1997</a> In the top box put the following expression member[.]php[?]action=profile&uid=(\d+)"" title=""[a-zA-Z0-9&_\.-]+?"">([a-zA-Z0-9&_\.-]+?)<\/a> Which should match that user (if they are logged in) On the right in the image above you can see that we matched it. However, we only matched that one entry and we want them all. So now, let's replace the name and id with a regular expression. member[.]php[?]action=profile&uid=(\d+)" title=".+?">(.+?)<\/a> So now let's turn this into something we can use in C#. You will need to include the RegularExpression namespace (https://docs.microsoft.com/en-us/dotnet/api/system.text.regularexpressions?view=netframework-4.7.2). You can do that by adding the following line to the head of your code using System.Text.RegularExpressions; We are going to read a text file that has the source of the main cracked.to website, so we don't leave a footprint on their site while working with the regular expression demo. You can download the source I am using here (https://pastr.io/raw/NehxTX). We can read the file using the File.ReadAllLines() method. We will need to add the System.IO namespace for this. string src = File.ReadAllLines("testsrc"); So now let's apply our expression to the file we read above. Since the file we are using as a test is much different than how the source looks in your browser (in my case, Chrome) we are going to have to change our expression. Below is the image of the block of text on which we are going to use the expression. Create a new Regex Object Regex r = new Regex(@"https:\/\/cracked[.]to\/member[.]php[?]action=profile&amp;uid=(\d+)&quot; title=&quot;([a-zA-Z0-9&_\.-]+)&quot;&gt;&lt;span"); Get the matches with MatchCollection MatchCollection mc = r.Matches(src); Now we can loop through the matches in the MatchCollection, showing the capture groups. The capture groups is the data in parenthesis in the regular expression. foreach(Match m in mc) { Console.WriteLine("ID: " + m.Groups[1].Value + " \t Name: " + m.Groups[2].Value); }
  6. Introduction HackTheBox (HTB) is a very well known and excellent place to hone and sharpen your skills as a hacker and reverse engineer (cracker). Like all the other tutorials by me (and my team, Square Software), this will be focused on using, installing and working in Ubuntu (a Debian based Linux). Invite Code To join this marvelous network of VPN's and become a great hacker and make some new friends (and enemies) you will need need an invite code. This invite code is hacked and not given (although I'm sure you can Google for it). I suggest trying to find it for yourself, otherwise, you're not really becoming a hacker. It's simple, just look around, poke, read, etc. OpenVPN You will need to install OpenVPN if it's not already installed. (xenial)[email protected]:$ sudo apt-get install openvpn Starting OpenVPN with Credentials You can visit the Access page to get your credentials for signing into the HTB OpenVPN. On this page you will see two sections, the one on the right gives a description on how to initiate the connection to HTB and a file to download and use with OpenVPN. You should be able to visit this link and get your connection file (after you have logged in). Once you log in, refresh the stats box on the left of the access page and you should now see a green check next to the "Connected" setting. Your First Box On the left hand side, in the menu, there is a link that says machines. Under this link you will see a list of machines that are active, retired, unreleased, etc. Click on the Active link to get a list of machines you can currently hack. If you are a beginner you will want to look for difficulties where the green is in the front, if you are more advanced, the red in the back of the graph are for you. Let's start with the one called Active (which may not be in the list when you are reading this), but it's in the image above. You can see that it's IP is Just like in a real-world scenario, let's find some open ports with nmap. We already know it's a Windows machine from looking at the stats in the list. Below is my first go-to scan for finding initial ports and information about a server. (xenial)[email protected]:~$ nmap -sV -vv What to Do So what exactly are you supposed to do? You pwn the box, that's it. When you have root/admin access you will go back to HTB and click on the machine you are inside, in our case it's called Active. At the top of the graph you will see a few boxes, one says Own User and another says Own Root. Clicking on one of these will open a modal window with instructions.
  7. Introduction Password hashes can be very challenging to crack. I see a lot of people online who just don't understand how password hashes work or even how they are made. I will use the PHP interactive shell in some cases during the tutorial. I will try to add as many links throughout the tutorial for extra research and reading. Hash Identification One of the most important parts for cracking a hash is identifying what type of hash you have. The JTR website (openwall) has a nice list of hashes that can help you identify what type of hash you have, https://openwall.info/wiki/john/sample-hashes. It is important to be able to recognize hashes. I am a fan of regular expressions so let's do some regex and see if we can make something that identifies (or attempts to identify) hashes. We'll start with an easy one, MD5, which will also match the first 32 characters of SHA-1 ([0-9a-zA-Z]{32})\b SHA-1 is always 160 bits, 40 characters ([0-9a-zA-Z]{40})\b BCrypt \$2y\$.{56} One-Way Hashing MD5 is a widely used one-way hashing function. One-way hashes are difficult to crack. When you hash a string, with MD5 for example, you take two inputs and get one output. In 2008 the CCC showed us that they could use collision checking to forge new SSL certificates. Since then, Verisign does not generate SSL certificates with MD5. This is a flaw in the MD5 one-way hashing algorithm. There is another kind of "collision" checking that is pretty basic and is used by most "md5 cracking" websites. That is to generate a hash of a known word and check it against the hash the user is trying to crack. The problem with this brute force method is the same as other brute force methods, it's fucking time consuming. Salts When you create an MD5 password hash you probably want to do it with a salt. A salt is like a special code/passphrase to add that extra layer of protection to the hash. If you hash a password with a salt, chances are, that unless a person has the hash and the salt, it won't be cracked. I'm not saying it can't be cracked. The PHP password_hash function automatically generates a random salt if you don't provide one. There are different ways to use salts but one way is to just append the salt to the password or the hash and hash it again. Below is some PHP code that uses a salt to change the MD5 of the password. Typically you would store the salts out of your web directory or in a different database to prevent hackers from cracking password hashes. Also, in the example I use the word 'haha' as the salt, you should use a random string of characters. php > $salt='haha'; php > echo md5($salt.'password'); 2ea2cc5eb47e586063f472eb0a4b718e php > echo md5('password'); 5f4dcc3b5aa765d61d8327deb882cf99 Generating Hashes Let's see what kind of hashes PHP can make for us and what they look like. MD5 php > echo md5('hello world'); 5eb63bbbe01eeed093cb22bb8f5acdc3 SHA1 php > echo sha1('hello world'); 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed PHP password_hash with bcrypt php > echo password_hash('hello world', PASSWORD_BCRYPT); $2y$10$9s0RLal7aReKjMfo4.l1y.1SaOXkWWEEAMOonA9kAOX4wTgOI8dRG PHP password_hash by default php > echo password_hash('hello world', PASSWORD_DEFAULT); $2y$10$FojyTgEdUx6sU7e1eYU4a.hf1QfhbRaXafITOR80hbHYi.84UF2Ay In Python, to generate and print an MD5 hash you can use hashlib. (xenial)[email protected]:~$ python Python 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import hashlib >>> hash = hashlib.md5(str.encode('password')) >>> print hash.hexdigest() 5f4dcc3b5aa765d61d8327deb882cf99 Simple Collision Cracking I have been in arguments with people who think that because a hash appears to be an MD5 hash, makes it an MD5 hash. This isn't the case for all hashes. Let's say we have a password, password. We can hash that thing as much as we want with other algorithms and then hash it with MD5. People who don't understand how it was originally hashed will just think it's some strong password that can't be cracked. It's password for christ sake, it can be cracked. You can crack it open if you know HOW it was created in the first place. Some people want you to crack a hash but can't even tell you what software it came from. For example, let's hash up the password hash a few different ways. php > echo sha1(md5('password')); 55c3b5386c486feb662a0785f340938f518d547f Above we have wrapped the md5 in a SHA1. To crack the password we cant simply check it with a sha1() php function, using a hash collision as stated before. We would need to use sha1(md5()), since that was how it was created. Below is a sample function to show how you would construct something like that. <?php //return true/1 if the word we give it is the password function crackPass($hash, $word) { return sha1(md5($word)) == $hash ? true:false; } echo crackPass("55c3b5386c486feb662a0785f340938f518d547f", "password")."\n"; ?> And running it in the terminal would give you.. (xenial)[email protected]:/var/www/html$ php crack.php 1 You can do some research on your own and dive into some open software forums and see how they hash their passwords. Most use BCrypt now and not just regular MD5, a topic here for MyBB shows the hashing algorithm for MyBB 1.x. So the code above you could simply change it to accommodate for the salt and different way they hashed their password, and you have created yourself a MyBB 1.x password cracker. It's neat to learn. Cracking Hashes with JTR The best password cracker I have ever used is JohnTheRipper. I have been using this software for over 10 years, maybe 15? I forget. The point is, it works. You can find all kinds of guides for using it on many different websites and forums. Basically you will create a file with your password hashes in it, then feed it to John. You don't have to supply a username if you don't want, and you don't even have to supply a wordlist if you don't want. At the time of writing this JTR is in version 1.8. You can see some commands below for download, unzipping and installing john, from source. Download wget https://www.openwall.com/john/j/john-1.8.0.tar.xz Unzip tar -xvf john-1.8.0.tar.xz Install sudo make GENERIC When you install john it will go through a benchmark and depending on the speed of your processor(s), it can be fast or slow. If you want the jumbo version of JTR you can get it from Github. I recommend this version. Below is how to clone it into a new repo. git clone https://github.com/magnumripper/JohnTheRipper.git Once you clone it, move into the src directory and build it with the following commands, as stated in the documentation. sudo ./configure && make -s clean && make -sj4 After you have cloned it and built it you can start cracking hashes immediately, however I suggest giving it a benchmark. If you are cracking a list of MD5's, this is probably the version you want. You can get started by using the following command (changing the filenames of course). (xenial)[email protected]:~/Downloads/JohnTheRipper/run$ ./john -wordlist=password.lst -format=raw-md5 /home/sunjester/Downloads/passwords.txt Using default input encoding: UTF-8 Loaded 1 password hash (Raw-MD5 [MD5 128/128 SSE4.1 4x3]) Warning: no OpenMP support for this hash type, consider --fork=2 Press 'q' or Ctrl-C to abort, almost any other key for status password (admin) 1g 0:00:00:00 DONE (2018-12-05 13:54) 25.00g/s 4800p/s 4800c/s 4800C/s 123456..knight Use the "--show --format=Raw-MD5" options to display all of the cracked passwords reliably Session completed and you can view the cracked passwords for that file like this.. ./john -format=raw-md5 -show /home/sunjester/Downloads/passwords.txt
  8. using System; using System.IO; using System.Net; using System.Text; using System.Text.RegularExpressions; class Token { public static void Main() { WebRequest req = WebRequest.Create("https://www.noip.com/login"); ((HttpWebRequest)req).UserAgent = "underwurld/101"; WebResponse res = req.GetResponse(); Stream data = res.GetResponseStream(); StreamReader rdr = new StreamReader(data); string html = rdr.ReadToEnd(); res.Close(); Regex rptrn = new Regex(@"csrf-token\""\scontent=\""(.+?)\"""); MatchCollection mc = rptrn.Matches(html); Console.WriteLine(mc[0].Groups[1].Value); } } Example (xenial)[email protected]:~/Downloads/$ mono token.exe cyotiribeheDaip0HgiTlIbdqiktYnRsBSSMg3uE (xenial)[email protected]:~/Downloads/$ mono token.exe YMDrgPVqPmNUgGvQqyk8nZWp3Zw3u4lON2xDuutM
  9. #!/bin/bash #sunjester if [ $# -eq 0 ] then echo "No username supplied" exit 1 fi echo "checking for username: "[email protected] RED=`tput setaf 1` GRN=`tput setaf 2` RST=`tput sgr0` sites=( "https://www.facebook.com" "https://www.instagram.com" "https://www.twitter.com" "https://www.youtube.com/user" "https://www.reddit.com/user" "https://www.pinterest.com" "https://www.github.com" "https://www.patreon.com" ) for site in "${sites[@]}" do res=$(curl -Is $site"/"[email protected]"/" >social;head -n1 social) code=`echo $res|cut -d' ' -f2` case $code in 200) echo $GRN $site"/"[email protected]"/" $RST ;; 404) echo $RED $site"/"[email protected]"/" $RST ;; 301) echo $GRN $site"/"[email protected]"/" $RST ;; 405) echo $RED $site"/"[email protected]"/" $RST ;; esac done rm social
  10. CREATOR --- sunjester https://sunjester.mindhackers.org/ ABOUT --- someone wanted a direct file download, someone else called me stupid when I posted anonfile.com as the solution. INSTRUCTIONS --- you simply call the script with the anonfile.com link ./anon.sh https://anonfile.com/T6J9j6seb9/Workspace_1_003_png DOWNLOAD --- https://anonfile.com/jd05Mbseb7/anon_zip

About us

3rdWorld.cc is a cracking forum community that suits the purpose of everyone. We offer paid program for free, cracking tools, combolists, marketplace and many more. You can also expand on knowledge and participate in active discussions.