spoilerwall - Avoid being scanned by spoiling movies on all your ports!

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Firewall? How about Fire'em'all! Stop spending thousand of dollars on big teams that you don't need! Just fire up the Spoilers Server and that's it!

Movie Spoilers DB + Open Ports + Pure Evil = Spoilerwall

Set your own:

1. Clone this repo

$ git clone git@github.com:infobyte/spoilerwall.git

2. Edit the file server-spoiler.py and set the HOST and PORT variables.
   
3. Run the server
   

$ python2 server-spoiler.py

The server will listen on the selected port (8080 by default). Redirect incoming TCP traffic in all ports to this service by running:

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1:65535 -j DNAT --to-destination {HOST}:{PORT}

Change {HOST} and {PORT} for the values set in step (2). Also, if the traffic is redirected to localhost, run:

sysctl -w net.ipv4.conf.eth0.route_localnet=1

Using this config, an nmap scan will show every port as open and a spoiler for each one.
View the live demo running in spoilerwall.faradaysec.com

~ ❯❯❯ telnet spoilerwall.faradaysec.com 23

Trying 138.197.196.144...

Connected to spoilerwall.faradaysec.com.

Escape character is '^]'.

Gummo

Fucked up people killing cats after a tornado

Connection closed by foreign host.

Browse in Shodan (but beware of the Spoilers!):
https://www.shodan.io/host/138.197.196.144
Be careful in your next CTF - you never know when the spoilers are coming!

Download spoilerwall

Read More

Pwntools - CTF Framework And Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.

from pwn import *
context(arch = 'i386', os = 'linux')

r = remote('exploitme.example.com', 31337)
# EXPLOIT CODE GOES HERE
r.send(asm(shellcraft.sh()))
r.interactive()

Documentation
Our documentation is available at docs.pwntools.com
To get you started, we've provided some example solutions for past CTF challenges in our write-ups repository.

Installation
pwntools is best supported on 64-bit Ubuntu 12.04 and 14.04, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.). Python 2.7 is required.
Most of the functionality of pwntools is self-contained and Python-only. You should be able to get running quickly with

apt-get update
apt-get install python2.7 python-pip python-dev git libssl-dev libffi-dev build-essential
pip install --upgrade pip
pip install --upgrade pwntools

However, some of the features (assembling/disassembling foreign architectures) require non-Python dependencies. For more information, see the complete installation instructions here.

Download Pwntools

Read More

shootback - a reverse TCP tunnel let you access target behind NAT or firewall

shootback is a reverse TCP tunnel let you access target behind NAT or firewall
Consumes less than 1% CPU and 8MB memory under 800 concurrency.
slaver is single file and only depends on python(2.7/3.4+) standard library.

How it works

Typical Scene

1. Access company/school computer(no internet IP) from home
2. Make private network/site public.
3. Help private network penetration.
4. Help CTF offline competitions.
5. Connect to device with dynamic IP, such as ADSL

Getting started

1. requirement:
   • Master: Python3.4+, OS independent
   • Slaver: Python2.7/3.4+, OS independent
   • no external dependencies, only python std lib
2. download git clone https://github.com/aploium/shootback
3. (optional) if you need a single-file slaver.py, run python3 build_singlefile_slaver.py
4. run these command
   

   # master listen :10000 for slaver, :10080 for you
   python3 master.py -m 0.0.0.0:10000 -c 127.0.0.1:10080
   
   # slaver connect to master, and use example.com as tunnel target
   # ps: you can use python2 in slaver, not only py3
   python3 slaver.py -m 127.0.0.1:10000 -t example.com:80
   
   # doing request to master
   curl -v -H "host: example.com" 127.0.0.1:10080
   # -- some HTML content from example.com --
   # -- some HTML content from example.com --
   # -- some HTML content from example.com --

5. a more reality example:
   assume your master is 22.33.44.55 (just like the graph above)
   

   # slaver_local_ssh <---> slaver <--> master(22.33.44.55) <--> You
   
   # ---- master ----
   python3 master.py -m 0.0.0.0:10000 -c 0.0.0.0:10022
   
   # ---- slaver ----
   python(or python3) slaver.py -m 22.33.44.55:10000 -t 127.0.0.1:22
   
   # ---- YOU ----
   ssh 22.33.44.55 -p 10022

6. for more help, please see python3 master.py --help and python3 slaver.py --help
   

Tips

1. run in daemon:
   nohup python(or python3) slaver.py -m host:port -t host:port -q &
   or:
   

   # screen is a linux command
   screen
   python(or python3) slaver.py -m host:port -t host:port
   # press  ctrl-a d  to detach screen
   # and if necessary, use "screen -r" to reattach

2. ANY service using TCP is shootback-able. HTTP/FTP/Proxy/SSH/VNC/...
   
3. shootback itself just do the transmission job, do not handle encrypt or proxy.
   however you can use a 3rd party proxy (eg: shadowsocks) as slaver target.
   for example:
   shadowsocks_server<-->shootback_slaver<-->shootback_master<-->shadowsocks_client(socks5)
   

Warning

1. in windows, due to the limit of CPython select.select() , shootback can NOT handle more than 512 concurrency, you may meet
   ValueError: too many file descriptors in select()
   If you have to handle such high concurrency in windows, Anaconda-Python3 is recommend, it's limit in windows is 2048

Performance

1. in my laptop of intel I7-4710MQ, win10 x64:
   • 1.6Gbits/s of loopback transfer (using iperf), with about 5% CPU occupation.
   • 800 thread ApacheBench, with less than 1% CPU and 8MB memory consume

Download shootback

Read More