Tenth Crafter

Hashdb-Ida – HashDB API Hash Lookup Plugin For IDA Pro

HashDB IDA Plugin

Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service.

Adding New Hash Algorithms

The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes.

Using HashDB

HashDB can be used to look up strings that have been hashed in malware by right-clicking on the hash constant in the IDA disassembly view and launching the HashDB Lookup client.

Settings

Before the plugin can be used to look up hashes the HashDB settings must be configured. The settings window can be launched from the plugins menu Edit->Plugins->HashDB.


Hash Algorithms

Click Refresh Algorithms to pull a list of supported hash algorithms from the HashDB API, then select the algorithm used in the malware you are analyzing.

Optional XOR

There is also an option to enable XOR with each hash value as this is a common technique used by malware authors to further obfuscate hashes.

API URL

The default API URL for the HashDB Lookup Service is https://hashdb.openanalysis.net/. If you are using your own internal server this URL can be changed to point to your server.

Enum Name

When a new hash is identified by HashDB the hash and its associated string are added to an enum in IDA. This enum can then be used to convert hash constants in IDA to their corresponding enum name. The enum name is configurable from the settings in the event that there is a conflict with an existing enum.

Hash Lookup

Once the plugin settings have been configured you can right-click on any constant in the IDA disassembly window and look up the constant as a hash. The right-click also provides a quick way to set the XOR value if needed.

Bulk Import

If a hash is part of a module a prompt will ask if you want to import all the hashes from that module. This is a quick way to pull hashes in bulk. For example, if one of the hashes identified is Sleep from the kernel32 module, HashDB can then pull all the hashed exports from kernel32.


Algorithm Search

HashDB also includes a basic algorithm search that will attempt to identify the hash algorithm based on a hash value. The search will return all algorithms that contain the hash value, it is up to the analyst to decide which (if any) algorithm is correct. To use this functionality right-click on the hash constant and select HashDB Hunt Algorithm.



All algorithms that contain this hash will be displayed in a chooser box. The chooser box can be used to directly select the algorithm for HashDB to use. If Cancel is selected no algorithm will be selected.

Dynamic Import Address Table Hash Scanning

Instead of resolving API hashes individually (inline in code) some malware developers will create a block of import hashes in memory. These hashes are then all resolved within a single function creating a dynamic import address table which is later referenced in the code. In these scenarios the HashDB Scan IAT function can be used.



Simply select the import hash block, right-click and choose HashDB Scan IAT. HashDB will attempt to resolve each individual integer type (DWORD/QWORD) in the selected range.

Installing HashDB

Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA.
pip install requests

Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes!

Compatibility Issues

The HashDB plugin has been developed for use with the IDA 7+ and Python 3 it is not backwards compatible.

Now Get your Product's On your door step, shop with sajhiloCart.com to make your shopping easy.

Visit : Https://www.sajhilocart.com

Knary:-- A simple HTTP(S) and DNS Canary.

Knary is a canary token server that notifies a Slack/Discord/Teams/Lark channel (or other webhook) when incoming HTTP(S) or requests match a given or any of its subdomains. It also supports functionality useful in offensive engagements including subdomain blacklisting.
Why is this useful?
use canaries to be notified when someone (or something) attempts to interact with a server they control. The canaries help provide visibility over processes that were previously unknown. They can help find areas to probe for or vulnerabilities, disclose previously unknown servers, provide evidence of a device, or just announce someone interacting with your server.

knary - A simple HTTP(S) and DNS Canary knary is a canary token server that notifies a Slack/Discord/Teams/Lark channel (or other webhook) when incoming HTTP(S) or DNS requests match a given domain or any of its subdomains. It also supports functionality useful in offensive engagements including subdomain blacklisting.

COM-Code-Helper-Two IDAPython Scripts Help You To Reconstruct Microsoft COM (Component Object Model) Code

Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code Especially malware reversers will find this useful, as COM Code is still regularly found in malware. ClassAndInterfaceToNames.py This IDAPython script scans an idb file for class and interfaces UUIDs and creates the matching structure and its name. Make sure to copy interfaces.txt + classes.txt is in the same directory as ClassAndInterfaceToNames.py…...

https://tenthcrafter.com.np/blog/com-code-helper-two-idapython-scripts-help-you-to-reconstruct-microsoft-com-component-object-model-code

COM-Code-Helper-Two IDAPython Scripts Help You To Reconstruct Microsoft COM (Component Object Model) Code Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code Especially malware reversers will find this useful, as COM Code is still regularly found in malware.

BLACKMAMBA:-- C2/post-exploitation framework.

BlackMamba is a multi-client C2/post-exploitation framework with some spyware features. Powered by 3.8.6 and QT Framework.

Some of BlackMamba features are:-
1. Multi-Client - Supports multiple client connections at the same time.
2. Real-Time Communication Updates - Real-time communication and updates between the client and server.
3. Encrypted Communication - Almost all communications are encrypted, with exception of screen video streaming.
4. Screenshot Gathering - Get a real-time screenshot from the client.
5. Video Streaming - Watch in real-time the client screen............

BLACKMAMBA:-- C2/post-exploitation framework. BlackMamba is a multi client C2/post exploitation framework with some spyware features. Powered by Python 3.8.6 and QT Framework.

Attiny85:-- RubberDucky like payloads

DigiSpark Attiny85 poor man's !

For people who can't buy or are too cheap to buy RubberDucky, DigiSpark Attiny85 is the solution to their problems. Because it's possible to use it as thanks to "DigiKeyboard.h" it can be use as keyboard to send keystrokes to computer which can be use for pranking your people to creating a backdoor in target system.
Following is the list of :-

1. Wi-Fi password stealer: Grabs Windows saved Wi-Fi passwords and send them to your remote web server
2. Crasher: Various payloads for crashing windows
3. UAC Bypass: Different methods to bypass windows UAC
4. : Creates backdoor for later access
5. : For logging and sending typed keys
6. Windows Phisher: for windows credentials
7. Sam Dumper: Dump windows password files ( ) and send them to remote location
8. Payload Dropper: Download and execute files from internet

DigiSpark Attiny85 : Poor man's RubberDucky Poor man's RubberDucky

phpvuln :-
phpvuln is an open source OWASP pe*******on testing tool, written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e.
# command injection
# local/remote file inclusion
# SQL injection. Installation

You can download phpvuln by cloning the Git repository:
git clone Install the required PIP packages: python -m pip install -r requirements.txt

Phpvuln – Audit Tool To Find Common Vulnerabilities In PHP Source Code phpvuln is an open source OWASP pe*******on testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection.

Cypher – Crypto Cipher Encode Decode Hash

Cypher – Crypto Cipher Encode Decode Hash All in one tools for CRYPTOLOGY.

Available Premium Quality Digital Goods & Services.
Available Services :-
# Website Templates
# Websites Development Services
# Digital Goods
# Cyber Security Tools
# Professional Excel Files
# Application Source Codes
# Premium Websites Templates
# Network Infrastructure Designing & Development
# Python Scripts
# Graphics Assets & Services.

Hurry & Grab It. Opportunity Won't Last Long.

🚀 "Websites With Android App From 𝐍𝐏𝐑 5000/- Only."
🎉
Special Offer For Special Occasions, Hurry Up & Get Website Along With Android App ::

🛒 https://tenthcrafter.com
✅Android App Of Respect Site.
✅ Fully Mobile Responsive
✅ Clean & Modern Design
✅ Free SSL Certificate
✅ 24X7 Support Desk

Our Fields:-
✅. School management system
✅. Billing Software
✅. Assets Designing.
✅. Business Website
✅. eCommerce Website
✅. Entertainment Website
✅. Portfolio Website
✅. Media Website
✅. Educational Websites
✅. Non-profit Website
✅. Educational Website
✅. Blogs Website
✅ . Personal Website

Contact us for more details.

☎️ 9816333779 | 9842124684
💵 Payment via Esewa, Khalti, and Bank Transfer (also PayPal)
🛒Order today: https://tenthcrafter.com
"" Offer valid until This Festival Season.""

📢"सुलभ, सुरक्षित र सस्तो मुल्यमा वेबसाइट "

सुलभ, सुरक्षित र सस्तो मुल्यमा वेबसाइट बनाउन चाहनुहुन्छ ?? यदी चाहनुहुन्छ भने हामीलाई सम्झनुहोस, हामीसँग विश्वसनीय वेबसाइटहरू बनाउनुहोस् |
हाम्रो कुशल टीम तपाईलाई मद्दत गर्न तयार छ |

" Get Recognized By World By Your Site "
Build your Website with us, We use standard coding techniques latest and up to dated frameworks suitable for your needs, building beautiful, responsive and secure website is what we specialized in .

Type Websites We Offer :-
✅ 1. Business Website
✅ 2. eCommerce Website
✅ 3. Entertainment Website
✅ 4. Portfolio Website
✅ 5. Media Website
✅ 6. Educational Websites
✅ 7. Non-profit Website
✅ 8. Educational Website
✅ 9. Blogs Website
✅ 10. Personal Website
And Many More To Go.

आजै सम्पर्क गर्नुहोस
Price :- Starting From 5,000 /- Only
https://www.tenthcrafter.com
📩:[email protected]
📱: 9816333779
📱: 9842124684