Bypass Application Whitelisting using msiexec.exe (Multiple Methods)

In our privious article, we had discussed on “Windows Applocker Policy – A Beginner’s Guide” as they defines the AppLocker rules for your application control policies and how to work with them. But Today you will learn how to bypass Applocker policies. In this post, we have block cmd.exe file using Windows applocker Policy and… Continue reading →
The post Bypass Application Whitelisting using msiexec.exe (Multiple Methods) appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/bypass-application-whitelisting-using-msiexec-exe-multiple-methods/

Get Reverse-shell via Windows one-liner

This article will help those who play with CTF challenges, because today we will discuss “Windows One- Liner” to use malicious commands such as power shell or rundll32 to get reverse shell of the Windows system. Generally, while abusing HTTP services or other programs, we get RCE vulnerability. This loophole allows you to remotely execute… Continue reading →
The post Get Reverse-shell via Windows one-liner appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/

Remot3d – An Simple Exploit for PHP Language

It’s easy to create a backdoor in an instant, the backdoor can be used in a remote process via a Linux terminal on the server that runs the PHP Language program.Made to bypass the system that is disabled on the server, especially for reading sensitive files that are /etc/passwdScreenshotsList of Remot3d FunctionsCreate backdoor for windows or linux servers (can run php file) Bypass disable function’s with imap_open vulnerability Bypass read file /etc/passwd with cURL or Unique Logic Script’s Generating Backdoor and can be remoted on Tools Some other fun stuff 🙂 Getting Startedgit clone https://github.com/KeepWannabe/Remot3dcd Remot3dchmod +x Remot3d.sh && ./Remot3d.shLinux operating systems we recommend :Linux mint (Ubuntu Based with Mate DE)ParrotBackTrackBackboxDracOSIbisLinuxUpdate Remot3dTo update remot3d go to your Remot3d folder and execute : git pull && chmod +x Remot3d.sh && ./Remot3d.shDownload Remot3d

Link: http://feedproxy.google.com/~r/PentestTools/~3/MfRDXGlJowM/remot3d-simple-exploit-for-php-language.html

Commix v2.7 – Automated All-in-One OS Command Injection And Exploitation Tool

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.RequirementsPython version 2.6.x or 2.7.x is required for running this program.InstallationDownload commix by cloning the Git repository:git clone https://github.com/commixproject/commix.git commixCommix comes packaged on the official repositories of the following Linux distributions, so you can use the package manager to install it!ArchStrikeBlackArch LinuxBackBoxKali LinuxParrot Security OSWeakerthan LinuxCommix also comes as a plugin, on the following penetration testing frameworks:TrustedSec’s Penetration Testers Framework (PTF)OWASP Offensive Web Testing Framework (OWTF)CTF-ToolsPentestBoxPenBoxKatoolinAptive’s Penetration Testing toolsHomebrew Tap – Pen Test Tools Supported PlatformsLinuxMac OS XWindows (experimental)UsageTo get a list of all options and switches use:python commix.py -hQ: Where can I check all the available options and switches?A: Check the ‘usage’ wiki page.Usage ExamplesQ: Can I get some basic ideas on how to use commix?A: Just go and check the ‘usage examples’ wiki page, where there are several test cases and attack scenarios.Upload ShellsQ: How easily can I upload web-shells on a target host via commix?A: Commix enables you to upload web-shells (e.g metasploit PHP meterpreter) easily on target host. For more, check the ‘upload shells’ wiki page.Modules DevelopmentQ: Do you want to increase the capabilities of the commix tool and/or to adapt it to our needs?A: You can easily develop and import our own modules. For more, check the ‘module development’ wiki page.Command Injection TestbedsQ: How can I test or evaluate the exploitation abilities of commix?A: Check the ‘command injection testbeds’ wiki page which includes a collection of pwnable web applications and/or VMs (that include web applications) vulnerable to command injection attacks.Exploitation DemosQ: Is there a place where I can check for demos of commix?A: If you want to see a collection of demos, about the exploitation abilities of commix, take a look at the ‘exploitation demos’ wiki page.Bugs and EnhancementsQ: I found a bug / I have to suggest a new feature! What can I do?A: For bug reports or enhancements, please open an issue here.Presentations and White PapersQ: Is there a place where I can find presentations and/or white papers regarding commix?A: For presentations and/or white papers published in conferences, check the ‘presentations’ wiki page.Download Commix

Link: http://feedproxy.google.com/~r/PentestTools/~3/mjOk7rQhp2Y/commix-v27-automated-all-in-one-os.html

Koadic – COM Command & Control Framework

Hello friends!! In this article we are introducing another most interesting tool “KOADIC – COM Command & Control” tool which is quite similar to Metasploit and Powershell Empire. So let’s began with its tutorial and check its functionality. Table of Content Introduction to Koadic Installation of Koadic Usage of Koaidc Koadic Stagers Privilege Escalation with… Continue reading →
The post Koadic – COM Command & Control Framework appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/koadic-com-command-control-framework/

Windows Applocker Policy – A Beginner’s Guide

Hello Friends!! This article is based on “Microsoft Windows – Applocker Policy” and this topic for System Administrator, defines the AppLocker rules for your application control policies and how to work with them. Table of Content Introduction to Applocker What is applocker Policy? Who Should Use AppLocker? What can your rules be based upon? Configure… Continue reading →
The post Windows Applocker Policy – A Beginner’s Guide appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/windows-applocker-policy-a-beginners-guide/

Interlace – Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support

Easily turn single threaded command line applications into fast, multi threaded application with CIDR and glob support.SetupInstall using:$ python3 setup.py installDependencies will then be installed and Interlace will be added to your path as interlace.Usage Argument Description -t Specify a target or domain name either in comma format, CIDR notation, or as an individual host. -tL Specify a list of targets or domain names -threads Specify the maximum number of threads to run at any one time (DEFAULT:5) -timeout Specify a timeout value in seconds for any one thread (DEFAULT:600) -c Specify a single command to execute over each target or domain -cL Specify a list of commands to execute over each target or domain -o Specify an output folder variable that can be used in commands as _output_ -p Specify a list of port variable that can be used in commands as _port_. This can be a single port, a comma delimited list, or use dash notation -rp Specify a real port variable that can be used in commands as _realport_ –no-cidr If set then CIDR notation in a target file will not be automatically be expanded into individual hosts. –no-color If set then any foreground or background colours will be stripped out –silent If set then only important information will be displayed and banners and other information will be redacted. -v If set then verbose output will be displayed in the terminal Further information regarding ports (-p) Example Notation Type 80 Single port 1-80 Dash notation, perform a command for each port from 1-80 80,443 Perform a command for both port 80, and port 443 Further information regarding targets (-t or -tL)Both -t and -tL will be processed the same. You can pass targets the same as you would when using nmap. This can be done using CIDR notation, dash notation, or a comma delimited list of targets. A single target list file can also use different notation types per line.Variable ReplacementsThe following varaibles will be replaced in commands at runtime: Variable Replacement _target_ Replaced with the expanded target list that the current thread is running against _host_ Works the same as _target_, can be used interchangably. _output_ Replaced with the output folder variable from interlace _port_ Replaced with the expanded port variable from interlace _realport_ Replaced with the real port variable from interlace Usage ExamplesRun Nikto Over Multiple SitesLet’s assume that you had a file targets.txt that had the following contents:bugcrowd.comhackerone.comYou could use interlace to run over any number of targets within this file using: bash➜ /tmp interlace -tL ./targets.txt -threads 5 -c “nikto –host _target_ > ./_target_-nikto.txt" -v==============================================Interlace v1.0 by Michael Skelton (@codingo_)==============================================[14:33:23] [THREAD] [nikto –host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue [14:33:23] [THREAD] [nikto –host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue This would run nikto over each host and save to a file for each target. Note that in the above example since we’re using the > operator so results won’t be fed back to the terminal, however this is desired functionality as otherwise we wouldn’t be able to attribute which target Nikto results were returning for.For applications where you desire feedback simply pass commands as you normally would (or use tee).Run Nikto Over Multiple Sites and PortsUsing the above example, let’s assume you want independant scans to be run for both ports 80 and 443 for the same targets. You would then use the following:➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto –host _target_:_port_ > ./_target_-_port_-nikto.txt" -p 80,443 -v==============================================Interlace v1.0 by Michael Skelton (@codingo_)==============================================[14:33:23] [THREAD] [nikto –host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue [14:33:23] [THREAD] [nikto –host bugcrowd.com:80 > ./hackerone.com-nikto.txt] Added to Queue [14:33:23] [THREAD] [nikto –host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue [14:33:23] [THREAD] [nikto –host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue Run a List of Commands against Target HostsOften with penetration tests there’s a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called commands.txt:nikto –host _target_:_port_ > _output_/_target_-nikto.txtsslscan _target_:_port_ > _output_/_target_-sslscan.txttestssl.sh _target_:_port_ > _output_/_target_-testssl.txtIf you were then given a target, example.com you could run each of these commands against this target using the following:interlace -t example.com -o ~/Engagements/example/ -cL ./commands.txt -p 80,443This would then run nikto, sslscan, and testssl.sh for both port 80 and 443 against example.com and save files into your engagements folder.CIDR notation with an application that doesn’t support itInterlace automatically expands CIDR notation when starting threads (unless the –no-cidr flag is passed). This allows you to pass CIDR notation to a variety of applications:To run a virtual host scan against every target within 192.168.12.0/24 using a direct command you could use:interlace -t 192.168.12.0/24 -c "vhostscan _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50This is despite VHostScan not having any inbuilt CIDR notation support. Since Interlace expands the notation before building a queue of threads, VHostScan for all intents is only receiving a list of direct IP addresses to scan.Glob notation with an application that doesn’t support itInterlace automatically expands glob ranges when starting threads. This allows you to pass glob ranges to a variety of applications:To run a virtual host scan against every target within 192.168.12.* using a direct command you could use:interlace -t 192.168.12.* -c "vhostscan _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50Yet again, VHostScan does not having any inbuilt glob range format support.Threading Support for an application that doesn’t support itRun a virtual host scan against each host in a file (target-lst.txt), whilst also limiting scans at any one time to 50 maximum threads.This could be done using a direct command:interlace -tL ./target-list.txt -c "vhostscan -t _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50Or, alternatively, to run the same command as above, but using a command file, this would be done using:interlace -cL ./vhosts-commands.txt -tL ./target-list.txt -threads 50 -o ~/scansThis presumes that the contents of the command file is:vhostscan -t $target -oN _output_/_target_-vhosts.txtThis would output a file for each target in the specified output folder. You could also run multiple commands simply by adding them into the command file.Auhors and ThanksOriginally written by Michael Skelton (codingo) and Sajeeb Lohani (sml555) with help from Charelle Collett (@Charcol0x89) for threading refactoring and overall appraoch, and Luke Stephens (hakluke) for testing and approach.Download Interlace

Link: http://feedproxy.google.com/~r/PentestTools/~3/WogS-qr4dno/interlace-easily-turn-single-threaded.html

SMB Penetration Testing (Port 445)

In this article, we will learn how to gain control over our victim’s PC through SMB Port. There are various ways to do it and let take time and learn all those, because different circumstances call for different measure. Table of Content Introduction to SMB Protocol Working of SMB Versions of Windows SMB SMB Protocol… Continue reading →
The post SMB Penetration Testing (Port 445) appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/smb-penetration-testing-port-445/

SMTP Log Poisioning through LFI to Remote Code Exceution

Hello friends!! Today we will be discussing on SMTP log poisoning. But before getting in details, kindly read our previous articles for “SMTP Lab Set-Up” and “Beginner Guide to File Inclusion Attack (LFI/RFI)” . Today you will see how we can exploit a web server by abusing SMTP services if the web server is vulnerable… Continue reading →
The post SMTP Log Poisioning through LFI to Remote Code Exceution appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/smtp-log-poisioning-through-lfi-to-remote-code-exceution/

SiteBroker – A Cross-Platform Python Based Utility For Information Gathering And Penetration Testing Automation!

A cross-platform python based utility for information gathering and penetration automation!OutputSitebroker’s Full OutputRequirementsPython (2.7.*)Python pipPython module requestsPython module coloramaPython module dnspythonPython module lxmlPython module bs4Install modulespip install -r requirements.txtTested onWindows 7/8/8.1Kali linux (2017.2)Download SiteBrokerYou can download the latest version of SiteBroker by cloning the GitHub repository.git clone https://github.com/Anon-Exploiter/SiteBrokerUpdatesChanged The Whole Script Into Python (Previously It Was Written In PHP)Exceptions Covered for both User Interrupting && Internel Issues!Removed NetCraft Module as We need to use selinium and phantomJS for it (Ultimately making script slow!)Changed the Problem Of Responce Code Of ‘200’ for most sites in Admin Panel Finder Module && Shell Finder ModuleChange-logAdded New Features For Reverse IP (Via HackerTarget && YouGetSignal)Added New Features For Crawling (Via Google, Bing && Manually With My Hands ;)Added New Method For Subdomains Scanning! (Takes Some Time Though :p)UsageInitializing Scriptpython SiteBroker.pyAdvanced UsageAuthor: Syed Umar Arfeen (An0n 3xPloiTeR)Usage: python SiteBroker.pyA cross-platform python based utility for information gathering and penetration automation!Options: 1). Cloudflare Bypass. 2). Website Crawler. |____ Google Based Crawling |____ Bing Based Crawling |____ Manually Crawling 3). Reverse IP. |____ YouGetSignal Based |____ HackerTarget’s API Based 4). Information Gathering. |____ Whois Lookup |____ BrowserSpy Report 5). Nameservers. 6). WebSite Speed. 7). Subdomains Scanner 8). Shell Finder. 9). Admin Panel Finder. 10). Grab Banner. 11). All Things. Example: python SiteBroker.pyScreenshotsDownload SiteBroker

Link: http://feedproxy.google.com/~r/PentestTools/~3/9uXfhpdgDLs/sitebroker-cross-platform-python-based.html