S2 Dynamic Tracer And Decompiler For Gdb

Decompiling is very useful for understanding srtipped binaries, most dissasemblers like IDA or Hopper have a plugin for decompiling binaries, generating a c like pseudocode.

Static analysis, is very useful in most of cases, specially when the binary is not so big, or when you just have an address where to start to analyze. But some algorithms will be learned in less time by dynamic analysis like tracing or debugging.

In cookiemonsters team, we are working on several tracers with different focus, but all of them mix the concept of tracing and decompiling to generate human-readable traces.

S2 is my tracer & decompiler plugin for gdb, very useful for ctfs.

Some of the features are:

- signed/unsigned detecion
- conditional pseudocode (if)
- syscall resolution
- unroll bucles
- used registers values
- mem states
- strings
- logging

The code:

https://bitbucket.org/sha0coder/gdb_automatization/

Related word

1. Hacking Code
2. Libros Hacking
3. Body Hacking
4. Hacking Day
5. Hacking Wifi
6. Clases De Hacker
7. 101 Hacking
8. Hacking Forums
9. Wifi Hacking
10. El Mejor Hacker Del Mundo
11. Hacking Books
12. Un Hacker
13. Growth Hacking Ejemplos
14. White Hacking

OWASP ZAP RELEASES V2.8.0 WITH THE HEADS UP DISPLAY

OWASP ZAP RELEASES V2.8.0 WITH THE HEADS UP DISPLAY
Heads Up Display simplifies and improves vulnerability testing for developers

London, England, 20 June 2019. OWASP™ ZAP (Open Web Application Security Project™  Zed Attack Proxy) has released a new version of its leading ZAP Project which now includes an innovative Heads Up Display (HUD) bringing security information and functionality right into the browser. Now software developers can interactively test the reliability and security of their applications in real time while controlling a wide variety of features designed to test the quality of their software.

ZAP is a free, easy to use integrated penetration testing tool. With the addition of the Heads Up Display, ZAP can be used by security professionals and developers of all skill levels to quickly and more easily find security vulnerabilities in their applications. Given the unique and integrated design of the Heads Up Display, developers and functional testers who might be new to security testing will find ZAP an indispensable tool to build secure software.

The latest version of ZAP can be downloaded from https://www.owasp.org/index.php/ZAP  The full release notes are available at https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_8_0.

In addition to being the most popular free and open source security tools available, ZAP is also one of the most active with hundreds of volunteers around the globe continually improving and enhancing its features. ZAP provides automated scanners as well as a set of tools that allows new users and security professionals to manually identify security vulnerabilities. ZAP has also been translated into over 25 languages including French, Italian, Dutch, Turkish and Chinese. 

Simon Bennetts, OWASP ZAP Project Leader commented: "This is a really important release for the project team and developers who want to build great and secure applications. The HUD is a completely new interface for ZAP and one that is unique in the industry. It shows that open source projects continue to create high-quality, new and exciting tools that deliver real value to the market - and at no cost to users." 

"ZAP is the Foundation's most popular software tool," said Mike McCamon interim executive director of the OWASP Foundation. McCamon continued, "For nearly two decades OWASP continues to be a great destination for innovators to host, develop, and release software that will secure the web. Simon and the entire ZAP community deserves great recognition for their continued devotion to open source excellence."

For further information please contact:
Simon Bennetts, OWASP ZAP Project Leader: simon.bennetts@owasp.org  or Mike McCamon, Interim Executive Director, mike.mccamon@owasp.com

More information

1. Hacking Virus
2. Hacking Madrid
3. Aprender Seguridad Informatica

Removing Windows OS Passwords With CHNTPW On Kali Linux

After Some Requests, I made this tutorial on How to Remove Windows Passwords
So First of all lets' see which tool we are going to use

[UPDATE] If you are having any kinda problem with this method on windows 8/8.1 then try this method

Changing Windows 8/8.1 Password with CHNTPW

If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorial

Cracking Windows 8/8.1 passwords with Mimikatz

Tool Name:- chntpw
Tool Description: Obviously its' going to be what the man page of tool says: "chntpw is a utility to view some information and change user passwords in a Windows NT/2000 SAM userdatabase file,  usually  located  at  \WINDOWS\system32\config\SAM on the  Windows file system. It is not necessary to know the old passwords to reset them.  In addition it contains a simple registry editor  (same  size  data writes) and hex-editor with which the information contained in a registry file can be browsed and modified."

Attack Requirements:
1. Physical Access to victims Computer.
2. A live bootable pendrive of Kali Linux.
    (Download Kali Linux)

So Lets' get started:
Step 1: Mounting the drive containing Windows OS-> This one is easy ain't it? Well so that you might not have forgotten how to do it, I'll type the syntax:
ntfs-3g /dev/sda1 /media/win
Note that 'sda1' in above command is the partition on which Windows OS is installed yours can be different. To check yours simply type fdisk -l which will list your all partitions and then check by yourself on which partition your Windows OS is installed. If you can't get it this way then don't worry I'm still here well then you can try doing it in 'GUI' way. Click on Applications > Accessories > Disk Utility then select victims' hard disk and see on which partition Windows OS is installed. If Windows Partition is installed on any other partition then replace 'sda1' in the above command with that which you found e,g 'sda2''. Also note that if there is no such directory as 'win' (mentioned in above command) in your /media folder then you must create one which is simple just type mkdir /media/win this command will make win folder in media folder on which you'll mount victim's Windows OS (It is not necessary that it's name be 'win' you can use any name).
Step 2: OK after successfully mounting Victim's Windows OS now you need to move there but wait not only there instead very much deep in there. You need to move to config folder which is located in System32 folder (Note that it is Capital 'S' in windows 7 & 8). You can move there using this command:-
cd /media/win/Windows/System32/config/ (On Windows 7 & 8)
or
cd /media/win/WINDOWS/system32/config/ (On Windows XP and those before it)
Step 3: Now is the most tough part of game (only if tough means easy :) ). Now as when you are inside the config directory type the following command to see the list of users available on Victim's Machine:
chntpw -l SAM (remember it is ell not 1)

note the name of user whose password you want to clear.
Step 4: Oh man our happy journey is coming to an end now. Follow the upcoming steps to blast Victim's Windows OS password:
type the command:
chntpw -u <username> SAM

Note: <username> here is the name of user you noted in the above step.
it will display different options before you.
type 1 and hit enter
type y and hit enter


Voola you busted Victim's password now turn off Kali and Open Victim's Windows OS without knowing His/Her Password. Bad Bad Bad...

For More Info on chntpw type this in your terminal:
man chntpw
This will display Manual Page of chntpw...

Happy Cracking... :)
Don't forget to read the Disclaimer

Related articles

• Hacking Ético Curso
• Hacking Smart Tv
• Que Es Hacking Etico
• Hacking News