A Simple API Monitor

This is a simple Windbg script to monitor common Win32 API calls and display the strings, IPs, Ports, Registry keys passed to the APIs. The Win32 API is huge and I have used common APIs used by programs and malware. I coded this for fun 🙂

Usage: ApiMon.wds run; g;

You can remove APIs as you wish to minimize the output or you can add any API you desire. For example
bp DLLName!APIName @"$$>a<${$arg0} APIName FileNamePtr

bp kernelbase!CreateFileA @"$$>a<${$arg0} CreateFileA 1";

This is a sample output that uses CreateProcess API.

This is from running netcat.

Download: https://github.com/OsandaMalith/ApiMon

Assault Cube Trainer

I recently wanted to explore the world of game hacking, which involves some cool reverse engineering tricks. This is a trainer written in C++.
Simply uses WriteProcessMemory to write the values into memory of the game.

Download game: https://assault.cubers.net/download.html

Download trainer: https://github.com/OsandaMalith/GameHacking/blob/master/AssaultCube/Hack.7z

IP Obfuscator

A simple tool to convert the IP to different obfuscated forms written in C by me 🙂 I just wrote this for fun. You may use this when it comes bypassing application filters and much more 🙂

View post on imgur.com

IP address of http://google.lk :
Other forms you can write the same IP:

[+] http://3735397211

LFi Freak – An Automated File Inclusion Exploiter

I am sure you know about exploiting file inclusion vulnerabilities. In file inclusion situations in common we can read files arbitrarily in the system or remotely depending on the permissions. In PHP environments commonly we poison the log files or inject malicious PHP into the user agent header and load the “/proc/self/environ” file. However when we encounter file inclusion situations in PHP environments we can use the in-built PHP wrappers to make our exploitations much easier or perhaps bypass existing filters.

There are lot of LFI exploitation tools available but I’ve written this tool mainly focusing on the usage of “php://input”, “php://filter” and “data://” methods.  Even though the title explicitly conveys “LFI Freak” this can be used for RFI vulnerabilities as well. This tool is written in Python 2.7 and I have included binaries for both Windows and Linux systems. If you are running from the source or want to modify this, you need the BeautifulSoup library.

Here is a small walkthrough of the features of the tool.

To test for local or remote file inclusions you can use the option one “Automated testing”. I am using DVWA in here. To test this tool create a small vulnerable file.
[code language=”php”]
echo "File included: ".$_REQUEST["page"]."<br>";
$file = $_REQUEST["page"];
include $file;

Wi-Fi Hash Decrypter

View post on imgur.com

My previous tool needs admin privileges. I thought of writing two applications, one application for dumping the encrypted hashes from the system and another for decrypting the hashes. Since CryptUnprotectData() function needs a local system account run the decrypter application using PsExec. I have written a batch file for it. (more…)