Linux Privilege Escalation via Automated Script

We all know that, after compromising the victim’s machine we have a low-privileges shell that we want to escalate into a higher-privileged shell and this process is known as Privilege Escalation. Today in this article we will discuss what comes under privilege escalation and how an attacker can identify that low-privileges shell can be escalated… Continue reading →
The post Linux Privilege Escalation via Automated Script appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/linux-privilege-escalation-via-automated-script/

Meterpreter File System Commands Cheatsheet

Hey Friends! Did you know that meterpreter is known as Hacker’s Swiss Army Knife!! Well! Know you do. Meterpreter, a highly developed payload that can be extended dynamically, is known to be Hacker’s Swiss Army Knife. It uses reflective DLL injection technique to further compromise the target after attack. Meterpreter is known to influence the functionality of Metasploit… Continue reading →
The post Meterpreter File System Commands Cheatsheet appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/meterpreter-file-system-commands-cheatsheet/

RouterSploit v3.4.0 – Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:exploits – modules that take advantage of identified vulnerabilitiescreds – modules designed to test credentials against network servicesscanners – modules that check if a target is vulnerable to any exploitpayloads – modules that are responsible for generating payloads for various architectures and injection pointsgeneric – modules that perform generic attacksInstallationRequirementsRequired:futurerequestsparamikopysnmppycryptoOptional:bluepy – bluetooth low energyInstallation on Kali Linuxapt-get install python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on Ubuntu 18.04 & 17.10sudo add-apt-repository universesudo apt-get install git python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on OSXgit clone https://www.github.com/threat9/routersploitcd routersploitsudo python3 -m pip install -r requirements.txtpython3 rsf.pyRunning on Dockergit clone https://www.github.com/threat9/routersploitcd routersploitdocker build -t routersploit .docker run -it –rm routersploitUpdateUpdate RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.cd routersploitgit pullDownload Routersploit

Link: http://www.kitploit.com/2018/10/routersploit-v340-exploitation.html

Comprehensive Guide to Gobuster Tool

Hello Friend!! Today we are going demontrate URLs and DNS brute force attack for extracting Directtories and files from inside URLs and subdomains from DNS by using “Gobuster-tool”. Table of Content Introuction & Installation Using Wordlist for Directory Brute-Force Obtaining Full Path for a directory or file Hide Status Code Verbose Mode Identify Content Length… Continue reading →
The post Comprehensive Guide to Gobuster Tool appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/comprehensive-guide-to-gobuster-tool/

UPDATED VERSION: RouterSploit 3.4.0

PenTestIT RSS Feed
RouterSploit 3.4.0, the long awaited router exploitation framework update is out guys! This release includes some really cool features and updates such as using pycryptodome from pycryptoand newer exploitation modules! Read on for the improvements. What is RouterSploit? The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of the followingRead more about UPDATED VERSION: RouterSploit 3.4.0
The post UPDATED VERSION: RouterSploit 3.4.0 appeared first on PenTestIT.

Link: http://pentestit.com/updated-version-routersploit-3-4-0/

Evilginx v2.0 – Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.DisclaimerThis work is merely a demonstration of what adept attackers can do. It is the defender’s responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.VideoSee evilginx2 in action here:Evilginx 2 – Next Generation of Phishing 2FA Tokens from breakdev.org on Vimeo.Write-upIf you want to learn more about this phishing technique, I’ve published an extensive blog post about evilginx2 here:https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokensInstallationYou can either use a precompiled binary package for your architecture or you can compile evilginx2 from source.You will need an external server where you’ll host your evilginx2 installation. I personally recommend Digital Ocean and if you follow my referral link, you will get an extra $10 to spend on servers for free.Evilginx runs very well on the most basic Debian 8 VPS.Installing from sourceIn order to compile from source, make sure you have installed GO of version at least 1.10.0 (get it from here) and that $GOPATH environment variable is set up properly (def. $HOME/go).After installation, add this to your ~/.profile, assuming that you installed GO in /usr/local/go:export GOPATH=$HOME/goexport PATH=$PATH:/usr/local/go/bin:$GOPATH/binThen load it with source ~/.profiles.Now you should be ready to install evilginx2. Follow these instructions:sudo apt-get install git makego get -u github.com/kgretzky/evilginx2cd $GOPATH/src/github.com/kgretzky/evilginx2makeYou can now either run evilginx2 from local directory like:sudo ./bin/evilginx -p ./phishlets/or install it globally:sudo make installsudo evilginxInstructions above can also be used to update evilginx2 to the latest version.Installing with DockerYou can launch evilginx2 from within Docker. First build the container:docker build . -t evilginx2Then you can run the container:docker run -it -p 53:53/udp -p 80:80 -p 443:443 evilginx2Phishlets are loaded within the container at /app/phishlets, which can be mounted as a volume for configuration.Installing from precompiled binary packagesGrab the package you want from here and drop it on your box. Then do:unzip .zip -d <package_name>cd <package_name>If you want to do a system-wide install, use the install script with root privileges:chmod 700 ./install.shsudo ./install.shsudo evilginxor just launch evilginx2 from the current directory (you will also need root privileges):chmod 700 ./evilginxsudo ./evilginxUsageIMPORTANT! Make sure that there is no service listening on ports TCP 443, TCP 80 and UDP 53. You may need to shutdown apache or nginx and any service used for resolving DNS that may be running. evilginx2 will tell you on launch if it fails to open a listening socket on any of these ports.By default, evilginx2 will look for phishlets in ./phishlets/ directory and later in /usr/share/evilginx/phishlets/. If you want to specify a custom path to load phishlets from, use the -p <phishlets_dir_path> parameter when launching the tool.Usage of ./evilginx: -debug Enable debug output -developer Enable developer mode (generates self-signed certificates for all hostnames) -p string Phishlets directory pathYou should see evilginx2 logo with a prompt to enter commands. Type help or help <command> if you want to see available commands or more detailed information on them.Getting startedTo get up and running, you need to first do some setting up.At this point I assume, you’ve already registered a domain (let’s call it yourdomain.com) and you set up the nameservers (both ns1 and ns2) in your domain provider’s admin panel to point to your server’s IP (e.g. 10.0.0.1):ns1.yourdomain.com = 10.0.0.1ns2.yourdomain.com = 10.0.0.1Set up your server’s domain and IP using following commands:config domain yourdomain.comconfig ip 10.0.0.1Now you can set up the phishlet you want to use. For the sake of this short guide, we will use a LinkedIn phishlet. Set up the hostname for the phishlet (it must contain your domain obviously):phishlets hostname linkedin my.phishing.hostname.yourdomain.comAnd now you can enable the phishlet, which will initiate automatic retrieval of LetsEncrypt SSL/TLS certificates if none are locally found for the hostname you picked:phishlets enable linkedinYour phishing site is now live. Think of the URL, you want the victim to be redirected to on successful login and get the phishing URL like this (victim will be redirected to https://www.google.com):phishlets get-url linkedin https://www.google.comRunning phishlets will only respond to tokenized links, so any scanners who scan your main domain will be redirected to URL specified as redirect_url under config. If you want to hide your phishlet and make it not respond even to valid tokenized phishing URLs, use phishlet hide/unhide <phishlet> command.You can monitor captured credentials and session cookies with:sessionsTo get detailed information about the captured session, with the session cookie itself (it will be printed in JSON format at the bottom), select its session ID:sessions <id>The captured session cookie can be copied and imported into Chrome browser, using EditThisCookie extension.Important! If you want evilginx2 to continue running after you log out from your server, you should run it inside a screen session.Download Evilginx2

Link: http://feedproxy.google.com/~r/PentestTools/~3/MZwD9sSUDgw/evilginx-v20-standalone-man-in-middle.html

imR0T – Send A Message To Your Whatsapp Contact And Protect Your Text By Encrypting And Decrypting (ROT13)

imR0T: Send a quick message with simple text encryption to your whatsapp contact and protect your text by encrypting and decrypting, basically in ROT13 with new multi encryption based algorithm on ASCII and Symbols Substitution.How To UseIt’s simple:# Clone this repositorygit clone https://github.com/Screetsec/imR0T.git# Go into the repositorycd imR0T# Permission Acceschmod +x imR0T# Run the app./imR0TCommand Linehelp: A standard command displaying help.imR0T╺─╸[ cli ] > help | |_ Options:[arguments] help |:| show this message show |:| show all modules from this tools list style |:| show list style use |:| use a module, ex : use [ID] options |:| show module options run |:| Execute the module set |:| Set a value back |:| Back to main clear |:| Clear window ls |:| list directory content cat |:| read file/standard input pwd |:| print name of current/working director exit |:| Exit programConfigurationBefore using feature send message to your whatsapp contact with text encryption. you must config file inconf/whatsapp.confand add your api key# Getting API :# Register in here https://www.apiwha.com/# Use your mail or temp mail 😛 # Setup API KEY# Example : # – api=”CA6DSQ3CLPC6FCQ3CLPC6F"api=""Demo VideoDownload imR0T

Link: http://feedproxy.google.com/~r/PentestTools/~3/xr9d3A7N8RI/imr0t-send-message-to-your-whatsapp.html

Comprehensive Guide to Dirb Tool

In this article, we are focusing on transient directory using Kali Linux tool DIRB and trying to find hidden files and directories within a web server. A path traversal attack is also known as “directory traversal” aims to access files and directories that are stored outside the web root folder. By manipulating variables with reference… Continue reading →
The post Comprehensive Guide to Dirb Tool appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/comprehensive-guide-to-dirb-tool/

ANDRAX – The First And Unique Penetration Testing Platform For Android Smartphones

ANDRAX The first and unique Penetration Testing platform for Android smartphonesWhat is ANDRAXANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!Why is Android so powerful?Simple, everyone has a smartphone and spends all the time with it! We have the possibility to camouflage easily in the middle of everyone, the processor architecture of most Android smartphones is ARM a modern and robust architecture extremely superior to the rest, With touch screens we can run the tools with great agility and take advantage of the graphical interface of Android, we can get in almost anywhere with our smartphones…In technical terms, ANDRAX and NetHunter should never be compared, ANDRAX is a penetration testing platform for Android smartphones and NetHunter is just a Debian emulator running with chroot.Termux is not our enemy, Termux is an application that allows installation of many Linux packages using a Debian environment running natively on Android.ANDRAX and Termux have a similar development, ANDRAX and Termux share many libs and GNU/Linux resources.But Termux is not a penetration testing platform, it’s software to bring basic tools found in a Debian environment. Penetration tests are not something basic! But advanced techniques that involve advanced tools and a advanced environment to conduct good tests!So you can install many tools manually in Termux but it would be extremely difficult to optimize and configure them to take 100% of the required potential for penetration testing.Termux runs without root privileges and this makes it very difficult to use advanced tools. Features and ToolsTool listInformation GatheringWhoisBind DNS toolsDnsreconRaccoonDNS-CrackerFirewalkScanningNmap – Network MapperMasscanSSLScanAmapPacket CraftingHping3NpingScapyHexinjectNcatSocatNetwork HackingARPSpoofBettercapMITMProxyEvilGINX2WebSite Hacking0d1nWapiti3Recon-NGPHPSploitPhotonXSSerCommixSQLMapPayloadmaskAbernathY-XSSPassword HackingHydraNcrackJohn The RipperCRUNCHWireless HackingVMP Evil APAircrack-NG ToolsCowpattyMDK3ReaverExploitationMetaSploit FrameworkRouterSploit FrameworkGetsploitOWASP ZSCRop-TOOLMore…Advanced TerminalAdvanced and Professional terminal emulator for Hacking!Dynamic Categories Overlay (DCO)Beautiful tools category system Advanced IDEComplete support for many programming languagesInformation GatheringTools for initial informations about the targetScanningTools for second stage: ScanningPacket CraftingTools to craft network packetsNetwork HackingTools for network hackingWebSite HackingTools for WebSite and WebApps HackingPassword HackingTools to break passwordsWireless HackingTools for Wireless HackingExploitationTools for Dev and launch exploitsMore info in official site.Download ANDRAX

Link: http://feedproxy.google.com/~r/PentestTools/~3/aFUTP3UzC5o/andrax-first-and-unique-penetration.html

DarkSpiritz – A Penetration Testing Framework For UNIX Systems

What is DarkSpiritz?Created by the SecTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as “Roxysploit". You may be familiar with this framework and if you are then it will help you with DarkSpiritz. DarkSpiritz also works like another pentesting framework known as Metasploit. If you know how to use metasploit setting up and working with DarkSpiritz will be a breeze. Inside the program itself you will find a lot of help and documentation on plugins or you can head to our wiki here. If you need any help feel free to contact us at sectel.team@protonmail.com.Getting StartedClone the repository with git:git clone https://github.com/DarkSpiritz/DarkSpiritz.gitDarkSpiritz wiki available hereTo install DarkSpiritz clone the github repo and run:sudo python installer.pyThis will download all necessary modules for DarkSpiritz. Once you run this you will be able to run:python main.pyfrom within the same directory as DarkSpiritz.You will see a start-up screen. This screen will display things like commands and configuration settings. You can set configuration settings inside the config.xml file itself or through commands in the DarkSpiritz shell.Features:These are features that DarkSpiritz Team prides themself on based on this program:Real Time Updating of ConfigurationNever a need to restart the program even when adding plugins or editing them.Easy to use UXMulti-functionalityScreenshots:Download DarkSpiritz

Link: http://feedproxy.google.com/~r/PentestTools/~3/b4RKOuo6W4s/darkspiritz-penetration-testing.html