Thursday, March 29, 2018

All Versions of .Net Offline Installer / Full Setup / Direct Download links

All Versions of .Net Offline Installer / Full Setup / Direct Download links

.Net Framework 2.0 offline installerDownload 32 Bit VersionDownload 64 Bit version
.Net Framework 3.0 SP1  Full SetupDownload 32 Bit VersionDownload 64 Bit version
.Net Framework 3.5 offline installerDownload 32 Bit VersionDownload 64 Bit version
.Net Framework 3.5 SP1 offline installerDownload 32 Bit VersionDownload 64 Bit version
.Net Framework 4.0 offline installerDownload 32 Bit VersionDownload 64 Bit version
.Net Framework 4.5 offline installerDownload 32 Bit VersionDownload 64 Bit version
.Net Framework 4.5.2 offline installerDownload 32 Bit VersionDownload 64 Bit version
.net 4.6 Offline InstallerDownload 32bitDownload 64bit
.net 4.6.1 Offline InstallerDownload 32bitDownload 64bit
.net 4.6.2 Offline InstallerDownload 32bitDownload 64bit
.net 4.7 Offline InstallerDownload 32bitDownload 64bit

Version of Microsoft Visual Studio Redistributable offline installers

Version of Microsoft Visual Studio Redistributable32Bit64BitARM
Download Microsoft Visual C++ Redistributable Offline Installer 2005DownloadDownloadN/A
Download Microsoft Visual C++ Redistributable Offline Installer 2008DownloadDownloadN/A
Download Microsoft Visual C++ Redistributable Offline Installer 2010DownloadDownloadN/A
Download Microsoft Visual C++ Redistributable Offline Installer 2012DownloadDownloadDownload
Download Microsoft Visual C++ Redistributable Offline Installer 2013DownloadDownloadDownload
Download Microsoft Visual C++ Redistributable Offline Installer 2015DownloadDownloadN/A
Download Microsoft Visual C++ Redistributable Offline Installer 2017DownloadDownloadN/A

Monday, March 19, 2018

oci_connect ORA-24408: could not generate unique server group name

The 11g instant client requires a /etc/hosts file entry for your hostname pointing to 127.0.0.1. The normal "localhost" entry is not sufficient on it's own.
Assuming your host name is foomachine, there are two places you'll need to check:
In /etc/hosts, make sure you have any entry like - add it if it's not there:
127.0.0.1   foomachine
And also make sure the /etc/sysconfig/network file also has HOSTNAME=foomachine

Tuesday, March 13, 2018

vim: switch to tabs view

 :tab sball
switch between tabs:

gt or :tabn           "    go to next tab
gT or :tabp or :tabN  "    go to previous tab

Monday, February 26, 2018

microsoft sql server bruteforce

nmap -p 445 --script ms-sql-brute --script-args mssql.instance-all,userdb=customuser.txt,passdb=custompass.txt <host>

nmap -p 1433 --script ms-sql-brute --script-args userdb=customuser.txt,passdb=custompass.txt <host>

Windows version table

Windows version table

Operating System     Version Number

Windows 1.0                    1.04
Windows 2.0                    2.11
Windows 3.0                    3
Windows NT 3.1                 3.10.528
Windows for Workgroups 3.11    3.11
Windows NT Workstation 3.5     3.5.807
Windows NT Workstation 3.51    3.51.1057
Windows 95                     4.0.950
Windows NT Workstation 4.0     4.0.1381
Windows 98                     4.1.1998
Windows 98 Second Edition      4.1.2222
Windows Me                     4.90.3000
Windows 2000 Professional      5.0.2195
Windows XP                     5.1.2600
Windows Vista                  6.0.6000
Windows 7                      6.1.7600
Windows 8.1                    6.3.9600
Windows 10                     10.0.10240

Wednesday, January 3, 2018

retrieve lots of passwords stored on a local computer

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.

https://github.com/AlessandroZ/LaZagne

Monday, December 25, 2017

suricata Error: datalink type 65535 not yet supported in module DecodeAFP solution

 <Error> - [ERRCODE: SC_ERR_DATALINK_UNIMPLEMENTED(38)] - Error: datalink type 65535 not yet supported in module DecodeAFP

Solution:

Edit suricata-4.0.3/src/source-af-packet.c. I changed default datalink type to raw. I solved my problem.

suricata-4.0.3/src/source-af-packet.c:

   2295 TmEcode DecodeAFP(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
   2296 {
   2297     SCEnter();
   2298     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
   2299 
   2300     /* XXX HACK: flow timeout can call us for injected pseudo packets
   2301      *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */
   2302     if (p->flags & PKT_PSEUDO_STREAM_END)
   2303         return TM_ECODE_OK;
   2304 
   2305     /* update counters */
   2306     DecodeUpdatePacketCounters(tv, dtv, p);
   2307 
   2308     /* If suri has set vlan during reading, we increase vlan counter */
   2309     if (p->vlan_idx) {
   2310         StatsIncr(tv, dtv->counter_vlan);
   2311     }
   2312 
   2313     /* call the decoder */
   2314     switch (p->datalink) {
   2315         case LINKTYPE_ETHERNET:
   2316             DecodeEthernet(tv, dtv, p,GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
   2317             break;
   2318         case LINKTYPE_LINUX_SLL:
   2319             DecodeSll(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
   2320             break;
   2321         case LINKTYPE_PPP:
   2322             DecodePPP(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
   2323             break;
   2324         case LINKTYPE_RAW:
   2325             DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
   2326             break;
   2327         case LINKTYPE_NULL:
   2328             DecodeNull(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
   2329             break;
   2330         default:
   2331 //            SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "Error: datalink type %" PRId32 " not yet supported in module DecodeAFP", p->datalink);
   2332 //            DecodePPP(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
   2333             DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
   2334 //            DecodeEthernet(tv, dtv, p,GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
   2335             break;
   2336     }


Monday, December 4, 2017

Stack overflows: possible return addresses

English Windows XP SP 2 User32.dll:
JMP ESP 0x77db41bc
English Windows XP SP 1 User32.dll:
JMP ESP 0x77d718fc
English Windows 2003 SP0 and SP1 User32.dll:
JMP ESP 0x77d74adc
English Windows 2000 SP 4 User32.dll:
JMP ESP 0x77e3c256
French Windows XP Pro SP2:
JMP ESP 0x77d8519f
German/Italian/Dutch/Polish Windows XP SP2:
JMP ESP 0x77d873a0
Spainish Windows XP Pro SP2:
JMP ESP 0x77d9932f
French/Italian/German/Polish/Dutch Windows 2000 Pro SP4:
JMP ESP 0x77e04c29
French/Italian/Chineese Windows 2000 Server SP4:
JMP ESP 0x77df4c29


Thursday, November 9, 2017

Linux Privilege Escalation Scripts


LinEnum
http://www.rebootuser.com/?p=1758
This tool is great at running through a heap of things you should check on a Linux system in the post exploit process. This include file permissions, cron jobs if visible, weak credentials etc. The first thing I run on a newly compromised system.

LinuxPrivChecker
http://www.securitysift.com/download/linuxprivchecker.py
This is a great tool for once again checking a lot of standard things like file permissions etc. The real gem of this script is the recommended privilege escalation exploits given at the conclusion of the script. This is a great starting point for escalation.

g0tmi1k’s Blog
http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Not so much a script as a resource, g0tmi1k’s blog post here has led to so many privilege escalations on Linux system’s it’s not funny. Would definitely recommend trying out everything on this post for enumerating systems.

windows file sharing operations

list all active connections:

net use

remove all active connections:

net use * /delete

remove specific connection

net use \\<ip>\<share> /delete

add connection

net use \\<ip>\<share> /user:domain/username <password> /persistent:yes

make symbolic link for file share

mklink /d c:\temp\<localpath> \\<ip>\<share>

Sunday, October 15, 2017

php reverse shell

Remote file inclusion açıkları için kullanabileceğiniz bir araç.

http://pentestmonkey.net/tools/web-shells/php-reverse-shell

netcat ile dinlediğiniz bir porta geri dönüş yapması için 'python -m SimpleHTTPServer 80' ile servis ederek erişim sağlayabilirsiniz.

Friday, September 29, 2017

Thursday, September 7, 2017

SEP: how can we detect 'application and device control feature' enabled on a sep client machine

Aşağıda bu kontrolü yapabileceğiniz birden fazla yöntem paylaşıyorum. İstediğiniz şekilde sonuç alamazsanız uygun zamanınızda beraber gözatabiliriz.

1.

Kurulum paketinizde yer alan setAid.ini dosyada yer alan;

"DCMain=1"

Application Control and Device Control yükleneceği anlamına gelir bu şekilde kontrol edebilirsiniz.

Örnek ekran görüntüleri:

Setup paketimi extract ettiğimdeki dosya içeriği:




2.

Diğer bir yöntem olarak aşağıdaki logları analiz ederek bunu tespit edebilirsiniz.

Monitors -> Logs -> Application and Device Control,

Monitors -> Logs -> Log type: Application and Device Control -> Advanced Settings -> Event Type: Application Control Driver -> View Log


3.

sc query sysplant

komutu ile application and device control tarafından kullanılan servis durumunu sorgulayabilirsiniz.

Örnek:


Tuesday, September 5, 2017

Komut satırından ram model ve hız bilgileri öğrenme

Windows komut satırından memory'ye ilişkin detay bilgiler öğrenme:

wmic MemoryChip get BankLabel, Capacity, MemoryType, TypeDetail, Speed
BankLabel  Capacity    MemoryType  Speed  TypeDetail
BANK 0     4294967296  24          1600   128
BANK 2     4294967296  24          1600   128

https://msdn.microsoft.com/en-us/library/windows/desktop/aa394347(v=vs.85).aspx

Monday, September 4, 2017

bWAPP: insecure web application testing box


bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.
It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.
What makes bWAPP so unique? Well, it has over 100 web vulnerabilities!
It covers all major known web bugs, including all risks from the OWASP Top 10 project.