bkcrack - Crack legacy zip encryption with Biham and Kocher's known plaintext attack.

  •        88

Crack legacy zip encryption with Biham and Kocher's known plaintext attack. Get the latest version from the git repository.

https://github.com/kimci86/bkcrack

Tags
Implementation
License
Platform

   




Related Projects

Mac Crack Attack

  •    Objective-C

Mac Crack Attack is a port of Crack Attack to the Mac OS X platform. Crack Attack is based on the Super Nintendo classic Tetris Attack. Mac Crack Attack is a fast paced quot;Tetris-likequot; game for one or two players (networked)

keyshuffling - Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain

  •    TeX

We demonstrate an attack on the secure bootchain of the Nintendo 3DS in order to gain early code execution. The attack utilizes the block shuffling vulnerability of the ECB cipher mode to rearrange keys in the Nintendo 3DS's encrypted keystore. Because the shuffled keys will deterministically decrypt the encrypted firmware binary to incorrect plaintext data and execute it, and because the device's memory contents are kept between hard reboots, it is possible to reliably reach a branching instruction to a payload in memory. This payload, due to its execution by a privileged processor and its early execution, is able to extract the hash of hardware secrets necessary to decrypt the device's encrypted keystore and set up a persistent exploit of the system. Information in this article (especially the keyshuffling vulnerability) is original, independent work unless cited otherwise. Note that the keyshuffling vulnerability detailed here is the same one documented publicly by much of this team including "stuckpixel" (also known as "dark_samus") on sites such as 3DBrew. Additionally, note that the persistence vulnerability detailed here is the same one documented publicly as "arm9loaderhax" by "plutoo", "derrek", and "smea" at the 2015 32c3 conference.

wifi-cracking - Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat 🖧

  •    

Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat. This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network's security or break into one nearby. The attack outlined below is entirely passive (listening only, nothing is broadcast from your computer) and it is impossible to detect provided that you don't actually use the password that you crack. An optional active deauthentication attack can be used to speed up the reconnaissance process and is described at the end of this document.

WPA2-HalfHandshake-Crack - This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP

  •    Python

Conventional WPA2 attacks work by listening for a handshake between client and Access Point. This full fourway handshake is then used in a dictonary attack. This tool is a Proof of Concept to show it is not necessary to have the Access Point present. A person can simply listen for WPA2 probes from any client withen range, and then throw up an Access Point with that SSID. Though the authentication will fail, there is enough information in the failed handshake to run a dictionary attack against the failed handshake.

ssh-mitm - SSH man-in-the-middle tool

  •    Shell

This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk. Of course, the victim's SSH client will complain that the server's key has changed. But because 99.99999% of the time this is caused by a legitimate action (OS re-install, configuration change, etc), many/most users will disregard the warning and continue on.


WebSploit Framework

  •    

WebSploit Framework

naive-hashcat - Crack password hashes without the fuss :cat2:

  •    C

Crack password hashes without the fuss. Naive hashcat is a plug-and-play script that is pre-configured with naive, emperically-tested, "good enough" parameters/attack types. Run hashcat attacks using ./naive-hashcat.sh without having to know what is going on "under the hood". DISCLAIMER: This software is for educational purposes only. This software should not be used for illegal activity. The author is not responsible for its use. Don't be a dick.

krackattacks-scripts

  •    C

This project contains scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2. For details behind this attack see our website and the research paper. Remember that our scripts are not attack scripts! You require network credentials in order to test if an access point or client is affected by the attack.

opensesame - OpenSesame attacks wireless garages and can open most fixed-code garages and gates in seconds using a Mattel toy

  •    C++

OpenSesame is a device that can wirelessly open virtually any fixed-code garage door in seconds, exploiting a new attack I've discovered on wireless fixed-pin devices. Using a child's toy from Mattel. Prevention: If you are using a gate or garage which uses "fixed codes", to prevent this type of attack, ensure you upgrade to a system which clearly states that it's using rolling codes, hopping codes, Security+ or Intellicode. These are not foolproof from attack, but do prevent the OpenSesame attack along with traditional brute forcing attacks. Suggested vendors: current products from LiftMaster and Genie.

fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery

  •    PHP

FuzzDB was created to increase the likelihood of causing and identifying conditions of security interest through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. Attack Patterns - FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, http header crlf injections, SQL injection, NoSQL injection, and more. For example, FuzzDB catalogs 56 patterns that can potentially be interpreted as a null byte and contains lists of commonly used methods such as "get, put, test," and name-value pairs than trigger debug modes.

PlainText - gets rid of unwanted formatting

  •    CSharp

Tired of getting unwanted text formatting when you click Ctrl-V? Using PlainText you can copy text from any application and paste as unformatted text with just a simple keyboard shortcut. Just the same as if you had pasted to Notepad and copied from there.

Mu Plaintext Format For Music Notation

  •    

Yet another human-readable plaintext music notation language. Somewhat similar to ABC and also Guido. Empty lines divide blocks of music, and every line is for one voice. Blocks can be repeated and merged to simplify structured composing.

http - Event-driven, streaming plaintext HTTP and secure HTTPS server for ReactPHP.

  •    PHP

Event-driven, streaming plaintext HTTP and secure HTTPS server for ReactPHP. This is an HTTP server which responds with Hello World! to every request.

socket - Async, streaming plaintext TCP/IP and secure TLS socket server and client connections for ReactPHP

  •    PHP

Async, streaming plaintext TCP/IP and secure TLS socket server and client connections for ReactPHP. The socket library provides re-usable interfaces for a socket-layer server and client based on the EventLoop and Stream components. Its server component allows you to build networking servers that accept incoming connections from networking clients (such as an HTTP server). Its client component allows you to build networking clients that establish outgoing connections to networking servers (such as an HTTP or database client). This library provides async, streaming means for all of this, so you can handle multiple concurrent connections without blocking.

icebreaker - Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment

  •    PowerShell

Break the ice with that cute Active Directory environment over there. When you're cold and alone staring in at an Active Directory party but don't possess even a single AD credential to join the fun, this tool's for you. Sequentially automates 5 internal network attacks against Active Directory to deliver you plaintext credentials. Use the --auto option to automatically acquire domain admin privileges after gaining a foothold.

BozoCrack - A silly & effective MD5 cracker in Ruby

  •    Ruby

BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results. It works way better than it ever should.

Wireless Attack Toolkit (WAT)

  •    Python

A push-button wireless hacking and Man-in-the-Middle attack toolkit

XSS Attack

  •    

This tool will simulate an attack on your database and update up to 5000 rows in every table and replace your strings in your database with random XSS attacks. Just imagine a malicious user had direct access to your database and tried to to his best to XSS attack your site.

scrypt - A Ruby gem with native C extension for the scrypt password hashing algorithm.

  •    C

The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt. The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.