Sahmara Info

You might have harvested many things upto now but what we are going to harvest today is something bad :) Requirements: A Linux box (I'm using Kali Linux ) theharvester program (already available in Kali Linux) So what does theharvester harvest? Well it harvests email addresses. theharvester is an Information gathering tool. If you want a list of emails to spam you can get that easily from theharvester tool and go on Spamming (I'm joking its illegal). It's a security tool that helps you in pentesting an organization (as always it can be used for evil as well). You can gather emails from an organization and look for potential victims to attack or use brute-force techniques to get their passwords or Social Engineer them into doing something that will let you compromise some or all systems in the organization. Uhh there are so many things that you can do when you have access to someone's email address. OK stop talking and start doing. Fire up a termi...

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter. When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there. When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz) Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way: We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way. If b is contr...

An HTTP Request Smuggling / Desync testing tool written in Python 3 IMPORTANT This tool does not guarantee no false-positives or false-negatives. Just because a mutation may report OK does not mean there isn't a desync issue, but more importantly just because the tool indicates a potential desync issue does not mean there definitely exists one. The script may encounter request processors from large entities (i.e. Google/AWS/Yahoo/Akamai/etc..) that may show false positive results. Installation git clone https://github.com/defparam/smuggler.git cd smuggler python3 smuggler.py -h Example Usage Single Host: python3 smuggler.py -u <URL> List of hosts: cat list_of_hosts.txt | python3 smuggler.py Options usage: smuggler.py [-h] [-u URL] [-v VHOST] [-x] [-m METHOD] [-l LOG] [-q] [-t TIMEOUT] [--no-color] [-c CONFIGFILE] optional arguments: -h, --help show this help message and exit -u URL, --url URL Target URL with ...