AttifyOS: IoT Devices Testing Distribution!

PenTestIT RSS Feed
Distributions such as Kali Linux make it easier for us to carry out our penetration tests, vulnerability assessments, digital forensics gigs and wireless assessments. However, there are very few tools on such distributions that help you test the security of Internet of Things (IoT) devices as it needs bit of a customization. We now have AttifyOS toRead more about AttifyOS: IoT Devices Testing Distribution!
The post AttifyOS: IoT Devices Testing Distribution! appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/aut9y00XHZg/

CHAOS Framework – Generate Payloads and Control Remote Machines

CHAOS Framework allows generate payloads and controls remote machines.DISCLAIMERThe use of the CHAOS Framework is COMPLETE RESPONSIBILITY of the END-USER. Developer assumes NO liability and is NOT responsible for any misuse or damage caused by this program.FEATURESWindows Remote ControlDownload FileUpload FilePersistenceOpen Url RemotelyGet Operating System NameRun Fork BombTESTED ON Kali Linux – ROLLING EDITIONUSAGEYou need Golang and UPX package installed!Install Prerequisites# apt install golang upx-ucl -yCloninggit clone https://github.com/tiagorlampert/CHAOS.gitRunningcd CHAOSgo run CHAOS.goNote: CHAOS has a delay of 70 seconds to bypass most of the antivirus and sandboxes.VIDEO DEMONSTRATIONDon’t submit to VirusTotal or other scanning service. :3Download CHAOS

Link: http://feedproxy.google.com/~r/PentestTools/~3/s05rMZfNheg/chaos-framework-generate-payloads-and.html

Beginner Guide to Meterpreter (Part 1)

Metasploit is a security project or we can say a framework provided to us in order to run exploit code in the target’s PC. Metasploit in current scenario includes more than 1600 exploits. It has more than 420 payloads right now which includes command shell, Meterpreter etc. Meterpreter is generated only when the session is… Continue reading →
The post Beginner Guide to Meterpreter (Part 1) appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/beginner-guide-meterpreter-part-1/

Beginner Guide to SQL Injection Boolean Based (Part 2)

Their so many ways to hack the database using SQL injection as we had seen in our previous tutorial Error based attack, login formed based attack and many more different type of attack in order to retrieve information from inside database. In same way today we will learn a new type of SQL injection attack… Continue reading →
The post Beginner Guide to SQL Injection Boolean Based (Part 2) appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/beginner-guide-sql-injection-boolean-based-part-2/

WSUXploit: A Weaponized WSUS Exploit Script!

PenTestIT RSS Feed
Internal network exploitation is a completely different ballgame all together. Many resources are trusted by default and security restrictions are minimal in most cases. One such resource which lacks security restrictions is the Microsoft Windows Server Update Services (WSUS). I have seen internal networks which lack SSL protection, because it is “not needed” for internalRead more about WSUXploit: A Weaponized WSUS Exploit Script!
The post WSUXploit: A Weaponized WSUS Exploit Script! appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/y_YUyjYcQF4/

AQUATONE – A Tool for Domain Flyovers

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.InstallationDependenciesAQUATONE depends on Node.js and NPM package manager for its web page screenshotting capabilities. Follow this guide for Installation instructions.You will also need a newer version of Ruby installed. If you plan to use AQUATONE in Kali Linux, you are already set up with this. If not, it is recommended to install Ruby with RVM.Finally, the tool itself can be installed with the following command in a terminal:$ gem install aquatoneIMPORTANT: AQUATONE’s screenshotting capabilities depend on being run on a system with a graphical desktop environment. It is strongly recommended to install and run AQUATONE in a Kali linux virtual machine. I will not provide support or bug fixing for other systems than Kali Linux.UsageDiscoveryThe first stage of an AQUATONE assessment is the discovery stage where subdomains are discovered on the target domain using open sources, services and the more common dictionary brute force approach:$ aquatone-discover –domain example.comaquatone-discover will find the target’s nameservers and shuffle DNS lookups between them. Should a lookup fail on the target domain’s nameservers, aquatone-discover will fall back to using Google’s public DNS servers to maximize discovery. The fallback DNS servers can be changed with the –fallback-nameservers option:$ aquatone-discover –domain example.com –fallback-nameservers 87.98.175.85,5.9.49.12Tuningaquatone-discover will use 5 threads as default for concurrently performing DNS lookups. This provides reasonable performance but can be tuned to be more or less aggressive with the –threads option:$ aquatone-discover –domain example.com –threads 25Hammering a DNS server with failing lookups can potentially be picked up by intrusion detection systems, so if that is a concern for you, you can make aquatone-discover a bit more stealthy with the –sleep and –jitter options. –sleep accepts a number of seconds to sleep between each DNS lookup while –jitter accepts a percentage of the –sleep value to randomly add or subtract to or from the sleep interval in order to break the sleep pattern and make it less predictable.$ aquatone-discover –domain example.com –sleep 5 –jitter 30Please note that setting the –sleep option will force the thread count to one. The –jitter option will only be considered if the –sleep option has also been set.API keysSome of the passive collectors will require API keys or similar credentials in order to work. Setting these values can be done with the –set-key option:$ aquatone-discover –set-key shodan o1hyw8pv59vSVjrZU3Qaz6ZQqgM91ihQAll keys will be saved in ~/aquatone/.keys.yml.ResultsWhen aquatone-discover is finished, it will create a hosts.txt file in the ~/aquatone/ folder, so for a scan of example.com it would be located at ~/aquatone/example.com/hosts.txt. The format will be a comma-separated list of hostnames and their IP, for example:example.com,93.184.216.34www.example.com,93.184.216.34secret.example.com,93.184.216.36cdn.example.com,192.0.2.42…In addition to the hosts.txt file, it will also generate a hosts.json which includes the same information but in JSON format. This format might be preferable if you want to use the information in custom scripts and tools. hosts.json will also be used by the aquatone-scan and aquatone-gather tools.See aquatone-discover –help for more options.ScanningThe scanning stage is where AQUATONE will enumerate the discovered hosts for open TCP ports that are commonly used for web services:$ aquatone-scan –domain example.comThe –domain option will look for hosts.json in the domain’s AQUATONE assessment directory, so in the example above it would look for ~/aquatone/example.com/hosts.json. This file should be present if aquatone-discover –domain example.com has been run previously.PortsBy default, aquatone-scan will scan the following TCP ports: 80, 443, 8000, 8080 and 8443. These are very common ports for web services and will provide a reasonable coverage. Should you want to specifiy your own list of ports, you can use the –ports option:$ aquatone-scan –domain example.com –ports 80,443,3000,8080Instead of a comma-separated list of ports, you can also specify one of the built-in list aliases:small: 80, 443medium: 80, 443, 8000, 8080, 8443 (same as default)large: 80, 81, 443, 591, 2082, 2095, 2096, 3000, 8000, 8001, 8008, 8080, 8083, 8443, 8834, 8888, 55672huge: 80, 81, 300, 443, 591, 593, 832, 981, 1010, 1311, 2082, 2095, 2096, 2480, 3000, 3128, 3333, 4243, 4567, 4711, 4712, 4993, 5000, 5104, 5108, 5280, 5281, 5800, 6543, 7000, 7396, 7474, 8000, 8001, 8008, 8014, 8042, 8069, 8080, 8081, 8083, 8088, 8090, 8091, 8118, 8123, 8172, 8222, 8243, 8280, 8281, 8333, 8337, 8443, 8500, 8834, 8880, 8888, 8983, 9000, 9043, 9060, 9080, 9090, 9091, 9200, 9443, 9800, 9981, 11371, 12443, 16080, 18091, 18092, 20720, 55672Example:$ aquatone-scan –domain example.com –ports largeTuningLike aquatone-discover, you can make the scanning more or less aggressive with the –threads option which accepts a number of threads for concurrent port scans. The default number of threads is 5.$ aquatone-scan –domain example.com –threads 25As aquatone-scan is performing port scanning, it can obviously be picked up by intrusion detection systems. While it will attempt to lessen the risk of detection by randomising hosts and ports, you can tune the stealthiness more with the –sleep and –jitter options which work just like the similarly named options for aquatone-discover. Keep in mind that setting the –sleep option will force the number of threads to one.ResultsWhen aquatone-scan is finished, it will create a urls.txt file in the ~/aquatone/<domain> directory, so for a scan of example.com it would be located at ~/aquatone/example.com/urls.txt. The format will be a list of URLs, for example:http://example.com/https://example.com/http://www.example.com/https://www.example.com/http://secret.example.com:8001/https://secret.example.com:8443/http://cdn.example.com/https://cdn.example.com/…This file can be loaded into other tools such as EyeWitness.aquatone-scan will also generate a open_ports.txt file, which is a comma-separated list of hosts and their open ports, for example:93.184.216.34,80,44393.184.216.34,8093.184.216.36,80,443,8443192.0.2.42,80,8080…See aquatone-scan –help for more options.GatheringThe final stage is the gathering part where the results of the discovery and scanning stages are used to query the discovered web services in order to retrieve and save HTTP response headers and HTML bodies, as well as taking screenshots of how the web pages look like in a web browser to make analysis easier. The screenshotting is done with the Nightmare.js Node.js library. This library will be installed automatically if it’s not present in the system.$ aquatone-gather –domain example.comaquatone-gather will look for hosts.json and open_ports.txt in the given domain’s AQUATONE assessment directory and request and screenshot every IP address for each domain name for maximum coverage.TuningLike aquatone-discover and aquatone-scan, you can make the gathering more or less aggressive with the –threads option which accepts a number of threads for concurrent requests. The default number of threads is 5.$ aquatone-gather –domain example.com –threads 25As aquatone-gather is interacting with web services, it can be picked up by intrusion detection systems. While it will attempt to lessen the risk of detection by randomising hosts and ports, you can tune the stealthiness more with the –sleep and –jitter options which work just like the similarly named options for aquatone-discover. Keep in mind that setting the –sleep option will force the number of threads to one.ResultsWhen aquatone-gather is finished, it will have created several directories in the domain’s AQUATONE assessment directory:headers/: Contains text files with HTTP response headers from each web pagehtml/: Contains text files with HTML response bodies from each web pagescreenshots/: Contains PNG images of how each web page looks like in a browserreport/ Contains report files in HTML displaying the gathered information for easy analysisDownload AQUATONE

Link: http://feedproxy.google.com/~r/PentestTools/~3/U2WbUREyKK0/aquatone-tool-for-domain-flyovers.html

PPEE: A Professional PE File Explorer!

PenTestIT RSS Feed
There are a lot of Portable Executable (PE) file explorers in the market – both professional and free. Most of them have similar features but only some of them play well on Microsoft Windows as well as *NIX platform. One such tool that is quickly becoming my favourite is PPEE short for Professional PE FileRead more about PPEE: A Professional PE File Explorer!
The post PPEE: A Professional PE File Explorer! appeared first on PenTestIT.

Link: http://pentestit.com/ppee-professional-pe-file-explorer/

Gitrob – Reconnaissance Tool for GitHub Organizations

Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.Looking for sensitive information in GitHub repositories is not a new thing, it has been known for a while that things such as private keys and credentials can be found with GitHub’s search functionality, however, Gitrob makes it easier to focus the effort on a specific organization.Installation1. RubyGitrob is written in Ruby and requires at least version 1.9.3 or above. To check which version of Ruby you have installed, simply run ruby –version in a terminal.Should you have an older version installed, it is very easy to upgrade and manage different versions with the Ruby Version Manager (RVM). Please see the RVM website for installation instructions.2. RubyGemsGitrob is packaged as a Ruby gem to make it easy to install and update. To install Ruby gems you’ll need the RubyGems tool installed. To check if you have it already, type gem in a Terminal. If you got it already, it is recommended to do a quick gem update –system to make sure you have the latest and greatest version. In case you don’t have it installed, download it from here and follow the simple installation instructions.3. PostgreSQLGitrob uses a PostgreSQL database to store all the collected data. If you are setting up Gitrob in the Kali linux distribution you already have it installed, you just need to make sure it’s running by executing service postgresql start and install a dependency with apt-get install libpq-dev in a terminal. Here’s an excellent guide on how to install PostgreSQL on a Debian based Linux system. If you are setting up Gitrob on a Mac, the easiest way to install PostgreSQL is with Homebrew. Here’s a guide on how to install PostgreSQL with Homebrew.3.1 PostgreSQL user and databaseYou need to set up a user and a database in PostgreSQL for Gitrob. Execute the following commands in a terminal:sudo su postgres # Not necessary on Mac OS Xcreateuser -s gitrob –pwpromptcreatedb -O gitrob gitrobYou now have a new PostgreSQL user with the name gitrob and with the password you typed into the prompt. You also created a database with the name gitrob which is owned by the gitrob user.4. GitHub access tokensGitrob works by querying the GitHub API for interesting information, so you need at least one access token to get up and running. The easiest way is to create a Personal Access Token. Press the Generate new token button and give the token a description. If you intend on using Gitrob against organizations you’re not a member of you don’t need to give the token any scopes, as we will only be accessing public data. If you intend to run Gitrob against your own organization, you’ll need to check the read:org scope to get full coverage.If you plan on using Gitrob extensively or against a very large organization, it might be necessary to have multiple access tokens to avoid running into rate limiting. These access tokens will have to be from different user accounts.5. GitrobWith all the previous steps completed, you can now finally install Gitrob itself with the following command in a terminal:gem install gitrobThis will install the Gitrob Ruby gem along with all its dependencies. Congratulations!6. Configuring GitrobGitrob needs to know how to talk to the PostgreSQL database as well as what access token to use to access the GitHub API. Gitrob comes with a convenient configuration wizard which can be invoked with the following command in a terminal:gitrob configureThe configuration wizard will ask you for the information needed to set up Gitrob. All the information is saved to ~/.gitrobrc and yes, Gitrob will be looking for this file too, so watch out!UsageAnalyzing organizations and usersAnalyzing organizations and users is the main feature of Gitrob. The analyze command accepts an arbitrary amount of organization and user logins, which will be bundled into an assessment:gitrob analyze acme,johndoe,janedoeMixing organizations and users is convenient if you know that a certain user is part of an organization but they do not have their membership public.When the assessment is finished, the analyze command will automatically start up the web server to present the results. This can be avoided by adding the –no-server option to the command.See gitrob help analyze for more options.Running Gitrob against custom GitHub Enterprise installationsGitrob can analyze organizations and users on custom GitHub Enterprise installations instead of the official GitHub site. The analyze command takes several options to control this:gitrob analyze johndoe –site=https://github.acme.com –endpoint=https://github.acme.com/api/v3 –access-tokens=token1,token2See gitrob help analyze for more options.Starting the Gitrob web serverThe Gitrob web server can be started with the server command:gitrob serverBy default, the server will listen on localhost:9393. This can, of course, all be controlled:gitrob server –bind-address=0.0.0.0 –port=8000See for gitrob help servermore options.Adding custom signaturesIf you want to look for files that are specific to your organisation or projects, it is easy to add custom signatures.When Gitrob starts it looks for a file at ~/.gitrobsignatures which it expects to be a JSON document with signatures that follow the same structure as the main signatures.json file. Here is an example:[ { “part": "filename", "type": "match", "pattern": "otr.private_key", "caption": "Pidgin OTR private key", "description": null }]This signature instructs Gitrob to flag files where the filename exactly matches otr.private_key. The caption and description are used in the web interface when displaying the findings.Signature keyspart: Can be one of:path: The complete file pathfilename: Only the filenameextension: Only the file extensiontype: Can be one of:match: Simple match of part and patternregex: Regular expression matching of part and patternpattern: The value or regular expression to match withcaption: A short description of the findingdescription: More detailed description if needed (set to null if not).Have a look at the main signatures.json file for more examples of signatures.Download Gitrob

Link: http://feedproxy.google.com/~r/PentestTools/~3/N5QSNNtvy50/gitrob-reconnaissance-tool-for-github.html

Use Metasploit on WAN without Port Forwarding

In all of my previous Metasploit articles or…

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Link: http://feedproxy.google.com/~r/ehacking/~3/zfYmEwuCsro/use-metasploit-on-wan-without-port.html