Kage: Graphical User Interface for Metasploit

Kage is a GUI for Metasploit RCP servers. It is a good tool for beginners to understand the working of Metasploit as it generates payload and lets you interact with sessions. As this tool is on the process of developing, till now it only supports windows/meterpreter and android/meterpreter.  For it to work, you should have… Continue reading →
The post Kage: Graphical User Interface for Metasploit appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/kage-graphical-user-interface-for-metasploit/

Osmedeus – Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.How to useIf you have no idea what are you doing just type the command below or check out the Advance Usage./osmedeus.py -t example.comInstallationgit clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.shThis install only focus on Kali linux, check more install on Wiki pageFeaturesSubdomain Scan.Subdomain TakeOver Scan.Screenshot the target.Basic recon like Whois, Dig info.IP Discovery.CORS Scan.SSL Scan.Headers Scan.Port Scan.Vulnerable Scan.Seperate workspaces to store all scan output and details logging.REST API.SPA Web UI.Slack notifications.DemoScreenshotsContact@j3ssiejjjDownload Osmedeus

Link: http://feedproxy.google.com/~r/PentestTools/~3/DCeXRDXo4J0/osmedeus-fully-automated-offensive.html

Comprehensive Guide on Netcat

This article will provide you with the basic guide of Netcat and how to get a session from it using different methods. Table of Contents: Introduction Features Getting start with NC Connecting to a Server Fetching HTTP header Chatting Creating a Backdoor Verbose Mode Save Output to Disk Port Scanning TCP Delay Scan UDP Scan… Continue reading →
The post Comprehensive Guide on Netcat appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/comprehensive-guide-on-netcat/

Commando VM – The First of Its Kind Windows Offensive Distribution

Welcome to CommandoVM – a fully customized, Windows-based security distribution for penetration testing and red teaming.Installation (Install Script)RequirementsWindows 7 Service Pack 1 or Windows 1060 GB Hard Drive2 GB RAMInstructionsCreate and configure a new Windows Virtual MachineEnsure VM is updated completely. You may have to check for updates, reboot, and check again until no more remainTake a snapshot of your machine!Download and copy install.ps1 on your newly configured machine.Open PowerShell as an AdministratorEnable script execution by running the following command:Set-ExecutionPolicy UnrestrictedFinally, execute the installer script as follows:.\install.ps1You can also pass your password as an argument: .\install.ps1 -password The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.Installing a new packageCommando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:cinst githubStaying up to dateType the following command to update all of the packages to the most recent version:cup allInstalled ToolsActive Directory ToolsRemote Server Administration Tools (RSAT)SQL Server Command Line UtilitiesSysinternalsCommand & ControlCovenantPoshC2WMImplantWMIOpsDeveloper ToolsDepGitGoJavaPython 2Python 3 (default)Visual Studio 2017 Build Tools (Windows 10)Visual Studio CodeEvasionCheckPleaseDemiguiseDotNetToJScriptInvoke-CradleCrafterInvoke-DOSfuscationInvoke-ObfuscationInvoke-Phant0mNot PowerShell (nps)PS>AttackPSAmsiPafishmacroPowerLessShellPowerShdllStarFightersExploitationADAPE-ScriptAPI MonitorCrackMapExecCrackMapExecWinDAMPExchange-AD-PrivescFuzzySec’s PowerShell-SuiteFuzzySec’s Sharp-SuiteGenerate-MacroGhostPackRubeusSafetyKatzSeatbeltSharpDPAPISharpDumpSharpRoastSharpUpSharpWMIGoFetchImpacketInvoke-ACLPwnInvoke-DCOMInvoke-PSImageInvoke-PowerThIEfKali Binaries for WindowsLuckyStrikeMetaTwinMetasploitMr. Unikod3r’s RedTeamPowershellScriptsNetshHelperBeaconNishangOrcaPSReflectPowerLurkPowerPrivPowerSploitPowerUpSQLPrivExchangeRulerSharpExchangePrivSpoolSampleUACMEimpacket-examples-windowsvssownInformation GatheringADACLScannerADExplorerADOfflineADReconBloodHoundGet-ReconInfoGoWitnessNmapPowerViewDev branch includedSharpHoundSharpViewSpoolerScannerNetworking ToolsCitrix ReceiverOpenVPNProxycapPuTTYTelnetVMWare Horizon ClientVMWare vSphere ClientVNC-ViewerWinSCPWindumpWiresharkPassword AttacksASREPRoastCredNinjaDSInternalsGet-LAPSPasswordsHashcatInternal-MonologueInveighInvoke-TheHashKeeFarceKeeThiefLAPSToolkitMailSniperMimikatzMimikittenzRiskySPNSessionGopherReverse EngineeringDNSpyFlare-FlossILSpyPEviewWindbgx64dbgUtilities7zipAdobe ReaderAutoITCmderCyberChefGimpGreenshotHashcheckHexchatHxDKeepassMobaXtermMozilla ThunderbirdNeo4j Community EditionPidginProcess Hacker 2SQLite DB BrowserScreentogifShellcode LauncherSublime Text 3TortoiseSVNVLC Media PlayerWinraryEd Graph ToolVulnerability AnalysisEgress-AssessGrouper2zBangWeb ApplicationsBurp SuiteFiddlerFirefoxOWASP ZapWordlistsFuzzDBPayloadsAllTheThingsSecListsDownload Commando-Vm

Link: http://feedproxy.google.com/~r/PentestTools/~3/7vdMiUOLgeU/commando-vm-first-of-its-kind-windows.html

UPDATE: AutoSploit 3.0 – The New Year’s edition

PenTestIT RSS Feed
I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it’s subsequent update to AutoSploit 2.2. Recently, AutoSploit 3.0 was released. This post tries to describe the changes between the last release and the newest version as this release adds a number of features and bug fixes. This release is codeRead more about UPDATE: AutoSploit 3.0 – The New Year’s edition
The post UPDATE: AutoSploit 3.0 – The New Year’s edition appeared first on PenTestIT.

Link: http://pentestit.com/update-autosploit-3-0-the-new-years-edition/

OSX Exploitation with Powershell Empire

This article is another post in the empire series. In this article, we will learn OSX Penetration testing using empire. Table of Content Exploiting MAC Post Exploitation Phishing Privilege Escalation Sniffing Exploiting MAC Here I’m considering you know PowerShell Empire’s basics, therefore, we will create the listener first using the following commands: [crayon-5c931df0cb99c925497913/] Executing the… Continue reading →
The post OSX Exploitation with Powershell Empire appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/osx-exploitation-with-powershell-empire/

Remot3d v2.0 – Tool Created For Large Pentesters As Well As Just For The Pleasure Of Defacers To Control Server By Backdoors

Remot3d – A tool made to generate backdoor to control and exploit a server where the server runs the PHP (Hypertext Preprocessor) program.                Equipped with a backdoor that has been Obfuscated which means that 100% FUD (FULLY UNDETECTABLE) in other words can penetrate the firewall of a server because of its ignorance if it’s a Malware, Written in Shell Script Language or commonly known as BASH by a 16 year old teenager.ScreenshotsList of Remot3d FunctionsCreate backdoor for windows or linux servers (can run php file) Bypass disable function’s with imap_open vulnerability Bypass read file /etc/passwd with cURL or Unique Logic Script’s Generating Backdoor and can be remoted on Tools Some other fun stuff 🙂 Getting Startedgit clone https://github.com/KeepWannabe/Remot3dcd Remot3dsudo setup.sh && Remot3dLinux operating systems we recommend :Linux mint (Ubuntu Based with Mate DE)ParrotBackTrackBackboxDracOSIbisLinuxUpdate Remot3dTo update remot3d go to your Remot3d folder and execute : git pull && sudo setup.sh && Remot3dHelped by :- my god Allah SWT.- Bayu Fedra (https://github.com/bayufedra)- Ardhana Reky (https://github.com/ardzz)- Novran Fathir (https://github.com/panophan)- Ardhana Resky (https://github.com/Ardzz)- Hasanal Bulkiah (https://github.com/florienzh4x)- Agus Setya R (https://github.com/agussetyar)- Edo Maland (https://github.com/ScreetSec)- IndoXploit – ZeroByte.ID – Eldersc0de Family and Much more !Download Remot3d

Link: http://feedproxy.google.com/~r/PentestTools/~3/yLlm2OQbWtE/remot3d-v20-tool-created-for-large.html

Command & Control Tool: Pupy

In this article, we will learn to exploit Windows, Linux and Android with pupy command and control tool. Table of Content : Introduction Installation Windows Exploitation Windows Post Exploitation Linux Exploitation Linux Post Exploitation Android Exploitation Android Post Exploitation Introduction Pupy is a cross-platform, post exploitation tool as well as a multi-function RAT. It’s written… Continue reading →
The post Command & Control Tool: Pupy appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/command-control-tool-pupy/

Multiple Ways to Exploiting OSX using PowerShell Empire

In this article, we will learn multiple ways to how to hack OS X using empire. There are various stagers given in empire for the same and we use a few of them in our article. Method to attack OS X is similar to that of windows. For the beginner’s guide to pen-test OS X… Continue reading →
The post Multiple Ways to Exploiting OSX using PowerShell Empire appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/multiple-ways-to-exploiting-osx-using-powershell-empire/

Decker – Declarative Penetration Testing Orchestration Framework

Decker is a penetration testing orchestration framework. It leverages HashiCorp Configuration Language 2 (the same config language as Terraform) to allow declarative penetration testing as code, so your tests can be versioned, shared, reused, and collaborated on with your team or the community.Example of a decker config file:// variables are pulled from environment// ex: DECKER_TARGET_HOST// they will be available throughout the config files as var.*// ex: ${var.target_host}variable “target_host" { type = "string"}// resources refer to plugins// resources need unique names so plugins can be used more than once// they are declared with the form: ‘resource "plugin_name" "unique_name" {}’// their outputs will be available to others using the form unique_name.*// ex: nmap.443resource "nmap" "nmap" { host = "${var.target_host}" plugin_enabled = "true"}resource "sslscan" "sslscan" { host = "${var.target_host}" plugin_enabled = "${nmap.443 == "open"}"}Run a plugin for each item in a list:variable "target_host" { type = "string"}resource "nslookup" "nslookup" { dns_server = "8.8.4.4" host = "${var.target_host}"}resource "metasploit" "metasploit" { for_each = "${nslookup.ip_address}" exploit = "auxiliary/scanner/portscan/tcp" options = { RHOSTS = "${each.key}/32" INTERFACE = "eth0" }}Complex configuration combining for_each with nested values:variable "target_host" { type = "string"}resource "nslookup" "nslookup" { dns_server = "8.8.4.4" host = "${var.target_host}"}resource "nmap" "nmap" { for_each = "${nslookup.ip_address}" host = "${each.key}"}// for each IP, check if nmap found port 25 open.// if yes, run metasploit’s smtp_enum scannerresource "metasploit" "metasploit" { for_each = "${nslookup.ip_address}" exploit = "auxiliary/scanner/smtp/smtp_enum" options = { RHOSTS = "${each.key}" } plugin_enabled = "${nmap["${each.key}"].25 == "open"}"}Output formatsSeveral output formats are available and more than one can be selected at the same time.Setting DECKER_OUTPUTS_JSON or DECKER_OUTPUTS_XML to "true" will output json and xml formatted files respectively.Output .json files in addition to plain text: export DECKER_OUTPUTS_JSON="true"Output .xml files in addition to plain text: export DECKER_OUTPUTS_XML="true"Why the name decker?My friend Courtney came to the rescue when I was struggling to come up with a name and found decker in a SciFi word glossary… and it sounded cool.A future cracker; a software expert skilled at manipulating cyberspace, especially at circumventing security precautions.Running an example config with dockerTwo volumes are mounted:Directory named decker-reports where decker will output a file for each plugin executed. The file’s name will be {unique_resource_name}.report.txt.examples directory containing decker config files. Mounting this volume allows you to write configs locally using your favorite editor and still run them within the container.One environment variable is passed in:DECKER_TARGET_HOSTThis is referenced in the config files as {var.target_host}. Decker will loop through all environment variables named DECKER_*, stripping away the prefix and setting the rest to lowercase.docker run -it –rm \ -v "$(pwd)/decker-reports/":/tmp/reports/ \ -v "$(pwd)/examples/":/decker-config/ \ -e DECKER_TARGET_HOST=example.com \ stevenaldinger/decker:kali decker ./decker-config/example.hclWhen decker finishes running the config, look in ./decker-reports for the outputs.Running an example config without dockerYou’ll likely want to set the directory decker writes reports to with the DECKER_REPORTS_DIR environment variable.Something like this would be appropriate. Just make sure whatever you set it to is an existing directory.export DECKER_REPORTS_DIR="$HOME/decker-reports"You’ll also need to set a target host if you’re running one of the example config files.export DECKER_TARGET_HOST=""Then just run a config file. Change to the root directory of this repo and run:./decker ./examples/example.hclContributingContributions are very welcome and appreciated. See docs/contributions.md for guidelines.DevelopmentUsing docker for development is recommended for a smooth experience. This ensures all dependencies will be installed and ready to go.Refer to Directory Structure below for an overview of the go code.Quick Start(on host machine): make docker_build(on host machine): make docker_run (will start docker container and open an interactive bash session)(inside container): dep ensure -v(inside container): make build_all(inside container): make runInitialize git hooksRun make init to add a pre-commit script that will run linting and tests on each commit.Plugin DevelopmentDecker itself is just a framework that reads config files, determines dependencies in the config files, and runs plugins in an order that ensures plugins with dependencies on other plugins (output of one plugin being an input for another) run after the ones they depend on.The real power of decker comes from plugins. Developing a plugin can be as simple or as complex as you want it to be, as long as the end result is a .so file containing the compiled plugin code and a .hcl file in the same directory declaring the inputs the plugin is expecting a user to configure.The recommended way to get started with decker plugin development is by cloning the decker-plugin repository and following the steps in its documentation. It should only take you a few minutes to get a "Hello World" decker plugin running.Installing pluginsBy default, plugins are expected to be in a directory relative to wherever the decker binary is, at <decker binary>/internal/app/decker/plugins/<plugin name>/<plugin name>.so. Additional paths can be added by setting the DECKER_PLUGIN_DIRS environment variable. The default plugin path will still be used if DECKER_PLUGIN_DIRS is set.Example: export DECKER_PLUGIN_DIRS="/path/to/my/plugins:/additional/path/to/plugins"There should be an HCL file next to the .so file at <decker binary>/internal/app/decker/plugins/<plugin name>/<plugin name>.hcl that defines its inputs and outputs. Currently, only string, list, and map inputs are supported. Each input should have an input block that looks like this:input "my_input" { type = "string" default = "some default value"}Directory Structure.├── build│   ├── ci/│   └── package/├── cmd│   ├── decker│   │   └── main.go│   └── README.md├── deployments/├── docs/├── examples│   └── example.hcl├── githooks│   ├── pre-commit├── Gopkg.toml├── internal│   ├── app│   │   └── decker│   │   └── plugins│   │   ├── a2sv│   │   │   ├── a2sv.hcl│   │   │   ├── main.go│   │   │   └── README.md│   │   └── …│   │   ├── main.go│   │   ├── README.md│   │   └── xxx.hcl│   ├── pkg│   │   ├── dependencies/│   │   ├── gocty/│   │   ├── hcl/│   │   ├── paths/│   │   ├── plugins/│   │   └── reports/│   └── README.md├── LICENSE├── Makefile├── README.md└── scripts ├── build-plugins.sh └── README.mdcmd/decker/main.go is the driver. Its job is to parse a given config file, load the appropriate plugins based on the file’s resource blocks, and run the plugins with the specified inputs.examples has a couple example configurations to get you started with decker. If you use the kali docker image (stevenaldinger/decker:kali), all dependencies should be installed for all config files and things should run smoothly.internal/pkg is where most of the actual code is. It contains all the packages imported by main.go.dependencies is responsible for building the plugin dependency graph and returning a topologically sorted array that ensures plugins are run in a working order.gocty offers helpers for encoding and decoding go-cty values which are used to handle dynamic input types.hcl is responsible for parsing HCL files, including creating evaluation contexts that let blocks properly decode when they depend on other plugin blocks.paths is responsible for returning file paths for the decker binary, config files, plugin config files, and generated reports.plugins is responsible for determining if plugins are enabled and running them.reports is responsible for writing reports to the file system.internal/app/decker/plugins are modular pieces of code written as Golang plugins, implementing a simple interface that allows them to be loaded and called at run-time with inputs and outputs specified in the plugin’s config file (also in HCL). An example can be found at internal/app/decker/plugins/nslookup/nslookup.hcl.decker config files offer a declarative way to write penetration tests. The manifests are written in HashiCorp Configuration Language 2) and describe the set of plugins to be used in the test as well as their inputs.Download Decker

Link: http://feedproxy.google.com/~r/PentestTools/~3/v-JzhQO-i2Q/decker-declarative-penetration-testing.html