23 januari 2017 | Mike Terhaar

icmpsh – Simple ICMP Reverse Shell

icmpsh – Simple ICMP Reverse Shell

source: darknet.org

icmpsh is a simple ICMP reverse shell with a win32 slave and a POSIX-compatible master in C, Perl or Python. The main advantage over the other similar open source tools is that it does not require administrative privileges to run onto the target machine.

[cmpsh - Simple ICMP Reverse Shell]

The tool is clean, easy and portable. The slave (client) runs on the target Windows machine, it is written in C and works on Windows only whereas the master (server) can run on any platform on the attacker machine as it has been implemented in C and Perl by and this port is in Python.


·       Open source software.

·       Client/server architecture.

·       The master is portable across any platform that can run either C, Perl or Python code.

·       The target system has to be Windows because the slave runs on that platform only for now.

·       The user running the slave on the target system does not require administrative privileges.

Running the master

The master is straight forward to use. There are no extra libraries required for the C and Python versions. The Perl master however, has the following dependencies:

·       IO::Socket

·       NetPacket::IP

·       NetPacket::ICMP

When running the master, don’t forget to disable ICMP replies by the OS. For example:

sysctl -w net.ipv4.icmp_echo_ignore_all=1

If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive commands send from the master.

Running the slave The slave comes with a few command line options as outlined below:

-t host :host ip address to send ping requests to. This option is mandatory!

-r   send a single test icmp request containing the string "Test1234" and then quit. This is for testing the connection.

-d milliseconds delay between requests in milliseconds

-o milliseconds timeout of responses in milliseconds. If a response has not received in time, the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit. The counter is set back to 0 if a response was received.

-b num             limit of blanks (unanswered icmp requests before quitting

-s bytes           maximal data buffer size in bytes

In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer.

You can download icmpsh here: https://github.com/commonexploits/icmpsh

Or read more here. http://www.darknet.org.uk/2017/01/icmpsh-simple-icmp-reverse-shell/

Lees meer

24 november 2016 | Mike Terhaar

GRATIS Penetration test

GRATIS Penetration test

Hoe? Volg de volgende stappen:

Like / Follow ons op LinkedIn / Google+ / Twitter / Facebook link is te vinden onderaan de site https://counterhack.nl  Vul vervolgens het contact formulier in en vermeld bij “Uw vraag” de beste reden waarom u deze test gratis moet krijgen. Voorbeeld kan zijn startende ondernemer.

Wij laten u snel weten wanneer de test start. Daarna ontvang u een rapport met een beschrijving van iedere bevinding en de oplossing in begrijpbare taal.

Waarom doen wij dit? Dit is onze bijdrage aan het veiliger maken van het internet en geven hiermee bedrijven de kans kosteloos te onderzoeken wat het nut is van een penetratie test. Daarnaast willen wij graag onze community en trouwe volgers uitbreiden om zo de informatie die wij delen voor een groter publiek toegankelijk te maken. En als laatste! Wij groeien graag mee met bedrijven en wellicht kunnen wij u dan als betalende klant verwelkomen.

We hebben geen idee wat het succes van deze actie is en wij behouden ons het recht voor om een selectie te maken of om uw verzoek af te wijzen.

Lees meer

15 november 2016 | Mike Terhaar

Humans still the weakest link

Humans still the weakest link

Stolen passwords integrated into the ultimate dictionary attack

Targeted password guessing turns out to be significantly easier than it should be, thanks to the online availability of personal information, leaked passwords associated with other accounts, and our tendency to incorporate personal data into our security codes.

How suprising! The human factor, we do all to avoid pain and gain pleasure. The pain to remember or to think of a unique and strong passwords.

We at #counterhack use these #password databases and combine them to our large fuzzlists for years and integrated them in our dictionary attack. Interested in our methods and penetration testing? We are active througout Europe and hired by many banks for our skills. 

Read the originele article here!

Lees meer

7 oktober 2016 | Mike Terhaar

BUG Bounty Hunting vs Penetration Test

BUG Bounty Hunting vs Penetration Test

Interested to know more about BUG hunting versus regular Penetration testing? We are! Please respond via twitter, facebook, linkedin and Google+ about your experiences.

Before we send out the message this is in short our vision, opinion and differences. We hope on a lot of responses so we truly know the value between bounty programs and regular penetration testing. Next we will share the outcome and experiences for any of us to learn and choose the right strategy.

  •  Bug Bounty hunting is only wise to do after a thourough penetration test otherwise you have no clue about the outcome or budget needed;
  • Penetration Test is more expensive? Depends on the price per vulnerability and the number of vulnerability;
  • Bounty programs allways reveals more vulerabilities due to the number of hunters;
  • please fill in the gaps by joining me at twitter @counterhack
Lees meer