Kali Linux 2018.2 Release – The Best Penetration Testing Distribution

This Kali release is the first to include the Linux 4.15 kernel, which includes the x86 and x64 fixes for the much-hyped Spectre and Meltdown vulnerabilities. It also includes much better support for AMD GPUs and support for AMD Secure Encrypted Virtualization, which allows for encrypting virtual machine memory such that even the hypervisor can’t access it.Easier Metasploit Script AccessIf you spend any significant amount of time writing exploits, you are undoubtedly familiar with the various Metasploit scripts that are available, such as pattern_create, pattern_offset, nasm_shell, etc. You are likely also aware that all of these helpful scripts are tucked away under /usr/share/metasploit-framework/tools/exploit/, which makes them more than a little difficult to make use of. Fortunately, as of metasploit-framework_4.16.34-0kali2, you can now make use of all these scripts directly as have been included links to all of them in the PATH, each of them prepended with msf-.root@kali:~# msf-Upgrade to Kali Linux 2018.2If you already have a Kali installation you’re happy with, you can easily upgrade in place as follows.root@kali:~# apt update && apt full-upgradeMore info.Download Kali Linux 2018.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/7MbNeev8qQM/kali-linux-20182-release-best.html

UPDATE: Kali Linux 2018.2 Release!

PenTestIT RSS Feed
Second Kali Linux update of this year and this time, it is about the latest Kali Linux 2018.2 release! The last release was made available recently in the month of February. This new release includes all patches, fixes, updates, and improvements since the last release – Kali Linux 2018.1, including the shiny new Linux kernel version 4.15, whichRead more about UPDATE: Kali Linux 2018.2 Release!
The post UPDATE: Kali Linux 2018.2 Release! appeared first on PenTestIT.

Link: http://pentestit.com/update-kali-linux-2018-2-release/

Goddi (Go Dump Domain Info) – Dumps Active Directory Domain Information

Based on work from Scott Sutherland (@_nullbind), Antti Rantasaari, Eric Gruber (@egru), Will Schroeder (@harmj0y), and the PowerView authors.InstallUse the executables in the releases section. If you want to build it yourself, make sure that your go environment is setup according to the Go setup doc. The goddi package also uses the below package.go get gopkg.in/ldap.v2WindowsTested on Windows 10 and 8.1 (go1.10 windows/amd64).LinuxTested on Kali Linux (go1.10 linux/amd64).umount, mount, and cifs-utils need to be installed for mapping a share for GetGPPapt-get updateapt-get install -y mount cifs-utilsmake sure nothing is mounted at /mnt/goddi/make sure to run with sudoRunWhen run, will default to using TLS (tls.Client method) over 636. On Linux, make sure to run with sudo.username: Target user. Required parameter.password: Target user’s password. Required parameter.domain: Full domain name. Required parameter.dc: DC to target. Can be either an IP or full hostname. Required parameter.startTLS: Use to StartTLS over 389.unsafe: Use for a plaintext connection.PS C:\Users\Administrator\Desktop> .\godditest-windows-amd64.exe -username=testuser -password=”testpass!" -domain="test.local" -dc="dc.test.local" -unsafe[i] Begin PLAINTEXT LDAP connection to ‘dc.test.local’…[i] PLAINTEXT LDAP connection to ‘dc.test.local’ successful…[i] Begin BIND…[i] BIND with ‘testuser’ successful…[i] Begin dump domain info…[i] Domain Trusts: 1 found[i] Domain Controllers: 1 found[i] Users: 12 found [*] Warning: keyword ‘pass’ found! [*] Warning: keyword ‘fall’ found![i] Domain Admins: 4 users found[i] Enterprise Admins: 1 users found[i] Forest Admins: 0 users found[i] Locked Users: 0 found[i] Disabled Users: 2 found[i] Groups: 45 found[i] Domain Sites: 1 found[i] Domain Subnets: 0 found[i] Domain Computers: 17 found[i] Deligated Users: 0 found[i] Users with passwords not set to expire: 6 found[i] Machine Accounts with passwords older than 45 days: 18 found[i] Domain OUs: 8 found[i] Domain Account Policy found[i] Domain GPOs: 7 found[i] FSMO Roles: 3 found[i] SPNs: 122 found[i] LAPS passwords: 0 found[i] GPP enumeration starting. This can take a bit…[i] GPP passwords: 7 found[i] CSVs written to ‘csv’ directory in C:\Users\Administrator\Desktop[i] Execution took 1.4217256s…[i] Exiting…FunctionalityStartTLS and TLS (tls.Client func) connections supported. Connections over TLS are default. All output goes to CSVs and are created in /csv/ in the current working directory. Dumps:Domain users. Also searches Description for keywords and prints to a seperate csv ex. "Password" was found in the domain user description.Users in priveleged user groups (DA, EA, FA).Users with passwords not set to expire.User accounts that have been locked or disabled.Machine accounts with passwords older than 45 days.Domain Computers.Domain Controllers.Sites and Subnets.SPNs and includes csv flag if domain admin (a flag to note SPNs that are DAs in the SPN CSV output).Trusted domain relationships.Domain Groups.Domain OUs.Domain Account Policy.Domain deligation users.Domain GPOs.Domain FSMO roles.LAPS passwords.GPP passwords. On Windows, defaults to mapping Q. If used, will try another mapping until success R, S, etc… On Linux, /mnt/goddi is used.Download Goddi

Link: http://feedproxy.google.com/~r/PentestTools/~3/ajEhSarnuSE/goddi-go-dump-domain-info-dumps-active.html

CHAOS Framework v2.0 – Generate Payloads And Control Remote Windows Systems

CHAOS allow generate payloads and control remote Windows systems.DisclaimerThis project was created only for learning purpose.THIS SOFTWARE IS PROVIDED “AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.FeaturesReverse ShellDownload FileUpload FileScreenshotKeyloggerPersistenceOpen URL RemotelyGet Operating System NameRun Fork BombTested On Kali Linux – ROLLING EDITIONHow To Use# Install dependencies (You need Golang and UPX package installed)$ apt install golang xterm git upx-ucl -y# Clone this repository$ git clone https://github.com/tiagorlampert/CHAOS.git# Get and install external imports (requirement to screenshot)$ go get github.com/kbinani/screenshot && go get github.com/lxn/win$ go install github.com/kbinani/screenshot && go install github.com/lxn/win# Maybe you will see the message "package github.com/lxn/win: build constraints exclude all Go files".# It’s occurs because the libraries are to windows systems, but it necessary to build the payload.# Go into the repository$ cd CHAOS# Run$ go run CHAOS.goVideoDownload CHAOS

Link: http://feedproxy.google.com/~r/PentestTools/~3/4yPrMOaG3KY/chaos-framework-v20-generate-payloads.html

Converto – Installing Kali Linux On VPS Server

Installing Kali Linux On VPS Server.Steps For Installing :-1.sudo apt-get update2.sudo apt-get install git3.git clone https://github.com/developerkunal/Converto.git4.cd Converto.5.chmod +x converto.sh./converto.sh Type 1 For Install Type 2 For Exit Press 1 and EnterNow choose the desired option.Press Y .Now Select Yes.Now Select install the package maintainer’s version And Press Enter.Now again Select install the package maintainer’s version And Press Enter. Now Choose the appropriate Metapackages you want to install . 1. Kali Linux base system 2. Kali Linux – all packages 3. Kali Linux forensic tools 4. Kali Linux complete system 5. Kali Linux GPU tools 6. Kali Linux Nethunter tools 7. Kali Linux password cracking tools 8. Kali Linux RFID tools 9. Kali Linux SDR tools 10. Kali Linux Top 10 tools 11. Kali Linux VoIP tools 12. Kali Linux webapp assessment tools 13. Kali Linux wireless tools Select option 2 (Kali Linux – all packages install) (Recommended).Select Language for the layout matching the keyboard (i am Selecting English.)Select No.Select Yes.Press Right Arrow Key, and Press Enter .Select Yes.Press Enter If Not Want to add any Users. Select From inetd. Press Enter. Now Kali Linux is Successfully Installed.Optional Step for installing VNC.Steps :-Choose You VNC Type you want to install (Graphical VNC Recommended)Now Enter The Password for the VNC Connection and also re-enter the password for verification.Optional : Press Y if you want a view only password (In view only password, The one having the password will only have the permission to view the screen.)Commands to Start and Stop The VNC ServerTO start a VNC Serverroot@kali:~# vncserver(It always start on Port 1)To stop a VNC Serverroot@kali:~# vncserver -kill :1Example IP in VNC Viewer : Converto

Link: http://feedproxy.google.com/~r/PentestTools/~3/AdahdEYEPyQ/converto-installing-kali-linux-on-vps.html

Comprehensive Guide to SSH Tunnelling

Basically tunnelling is process which allows data sharing or communication between two different networks privately. Tunnelling is normally perform through encapsulating the private network data and protocol information inside the public network broadcast units so that the private network protocol information visible to the public network as data.  SSH Tunnel:  Tunneling is the concept to encapsulate the… Continue reading →
The post Comprehensive Guide to SSH Tunnelling appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/comprehensive-guide-to-ssh-tunnelling/

Ethereum, Kali Linux, & Creepy Alexa – Application Security Weekly #8

In the news, Amazon admits Alexa is creepily laughing at people and is working on a fix, Ethereum fixes serious ‘eclipse’ flaw that could be exploited by any kid, Kali Linux is now an app in the Windows Store, & more on this episode of Application Security Weekly! Full Show NotesVisit our website: http://securityweekly.com Follow […]
The post Ethereum, Kali Linux, & Creepy Alexa – Application Security Weekly #8 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/ejLGxHMup8M/

6 Ways to Hack VNC Login Password

In this article, we will learn how to gain control over our victim’s PC through 5900 Port use for VNC service. There are various ways to do it and let take time and learn all those because different circumstances call for different measure.  Let’s starts!!  xHydra  This is the graphical version to apply dictionary attack… Continue reading →
The post 6 Ways to Hack VNC Login Password appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/6-ways-to-hack-vnc-login-password/

Spawn TTY Shell using Msfvenom (One Liner Payload)

Hello friends!! Today you will learn how to spawn a TTY reverse shell through netcat by using single line payload which is also known as stagers exploit that comes in metasploit. Basically there are two types of terminal TTYs and PTs. TTYs are Linux/Unix shell which is hardwired terminal on a serial connection connected to… Continue reading →
The post Spawn TTY Shell using Msfvenom (One Liner Payload) appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/spawn-tty-shell-using-msfvenom-one-liner-payload/

6 Ways to Hack PostgresSQL Login

In this article, we will learn how to gain control over our victim’s PC through 5432 Port use for Postgres service. There are various ways to do it and let take time and learn all those because different circumstances call for different measure.  Let’s starts!!  Hydra Hydra is often the tool of choice. It can… Continue reading →
The post 6 Ways to Hack PostgresSQL Login appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/6-ways-to-hack-postgressql-login/