Tag: abuse
abuseipdb.com – ip list
by zitstif on Nov.04, 2019, under Blacklists, Posts
Here is a list of known ‘malicious’ IPs from abuseipdb.com. It is updated daily. It’s in a list/plaintext format that should be easy to integrate.
http://zitstif.no-ip.org/badips.txt
Sha256sum:
http://zitstif.com/badipsHash.txt
http://zitstif.no-ip.org/badipsHash.txt
#Update 11/10/2019
Here are a list of offending IPs that have targeted my honeypot I have setup. This will be updated daily as well:
http://zitstif.com/badIpsHoney.txt
http://zitstif.no-ip.org/badIpsHoney.txt
Sha256sum:
http://zitstif.com/badIpsHoneyHash.txt
http://zitstif.no-ip.org/badIpsHoneyHash.txt
#Update 11/13/2019
Here’s another list of IPs that have offended the WAF I use:
http://zitstif.no-ip.org/WAFips.txt
Sha256sum:
http://zitstif.com/WAFipsHash.txt
http://zitstif.no-ip.org/WAFipsHash.txt
#Update 11/20/2019
Here’s a great post that has a bunch of lists that can be used:
https://docs.danami.com/juggernaut/user-guide/ip-block-lists
#Update 11/26/2019
Another great resource:
http://www.covert.io/threat-intelligence/
#Update 11/30/2019
Here’s another list of IPs from abuse.ch:
http://zitstif.com/abuseChlist.txt
http://zitstif.no-ip.org/abuseChlist.txt
Sha256sum:
http://zitstif.com/abuseCHhash.txt
http://zitstif.no-ip.org/abuseCHhash.txt
#Update 12/2/2019
Black Hat Direcory – Wall of shame list:
http://zitstif.com/BlackHatDirlist.txt
http://zitstif.no-ip.org/BlackHatDirlist.txt
Sha256sum:
http://zitstif.com/BlackHatDirhash.txt
http://zitstif.no-ip.org/BlackHatDirhash.txt
#Update 10/25/2020
Scamalytics Ips
http://zitstif.com/scamIps.txt
http://zitstif.no-ip.org/scamIps.txt
Sha256sum:
http://zitstif.com/scamIpshash.txt
http://zitstif.no-ip.org/scamIpshash.txt
#Update 07/17/2022
http://zitstif.com/crowdsecips.txt
http://zitstif.no-ip.org/crowdsecips.txt
Sha256sum:
http://zitstif.com/crowdsecipsHash.txt
http://zitstif.no-ip.org/crowdsecipsHash.txt
#Update 01/25/2023
http://zitstif.com/zitSSH_honey.txt
http://zitstif.no-ip.org/zitSSH_honey.txt
Sha256sum:
http://zitstif.com/zitSSH_honey_hash.txt
http://zitstif.no-ip.org/zitSSH_honey_hash.txt
#Update 3/12/2023
http://zitstif.com/zitSSH_honey2.txt
http://zitstif.no-ip.org/zitSSH_honey2.txt
Sha256sum:
http://zitstif.com/zitSSH_honey_hash2.txt
http://zitstif.no-ip.org/zitSSH_honey_hash2.txt
Meterpreter script – rogueap.rb – Abusing Windows Virtual Wireless NIC Feature
by zitstif on Oct.08, 2011, under Meterpreter Scripts, Posts
I found myself inspired by Vivek Ramachandran‘s videos, I thought I would take the honor in creating the simple meterpreter script that basically does what you see in the third installation of the Swse Addendum videos.
When I watched the third video I thought to myself, “This shouldn’t be too difficult to do”. From my perception, I think that Vivek was kind of hinting that he might have wanted to see someone in the info-sec community create a meterpreter script that does what you see in this video. I was glad to do this. 🙂
For penetration testers, this script means that they can now more easily setup rogue wireless access points by utilizing this script, that utilizes the soft ap feature that is implemented into Windows 7 and Windows 2008.
If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using my script, one could essentially automate deploying a series of rogue ap points throughout a domain. This would be kind of like a network worm.
If you’re curious about automating Metasploit, please see:
My script gives the end user the option if they want to install the meterpreter service on the victim computer. I thought that giving this option would be ideal for if the victim computer ends up rebooting. If you were just to deploy the soft AP and run a binding payload, the binding payload most likely wouldn’t survive a reboot.
The script is available here:
http://zitstif.no-ip.org/meterpreter/rogueap.rb
http://zitstif.no-ip.org/meterpreter/rogueap.txt
If you have any issues and you need help, feel free to contact me. Additionally, don’t hesitate to modify the script if you need/want to do so.