Iris – WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations

Iris WinDbg extension performs basic detection of common Windows exploit mitigations (32 and 64 bits).The checks implemented, as can be seen in the screenshot above, are (for the loaded modules):DynamicBaseASLRDEPSEHSafeSEHCFGRFGGSAppContainerIf you don’t know the meaning of some of the keywords above use google, you’ll find better explanations than the ones I could give you.SetupTo “install", copy iris.dll into the winext folder for WinDbg (for x86 and x64).WinDbg 10.0.xxxxxUnless you installed the debug tools in a non standard path you’ll find the winext folder at:C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winextOr, for 32 bits:C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winextWinDbg PreviewUnless you installedcopied WinDbg preview install folder into a non standard location you’ll have it in a folder with a name close to the one below (depending on the installed version):C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1906.12001.0_neutral__9wekib2d8acweFor 64 bits copy iris.dll into amd64\winext or into x86\winext for 32 bits.Load the extensionAfter the steps above, just load the extension with .load iris and run !iris.help to see the available command(s).0:002> .load iris[+] Iris WinDbg Extension Loaded0:002> !iris.helpIRIS WinDbg Extension (rui@deniable.org). Available commands: help = Shows this help modules = Display exploit mitigations for all loaded modules.RunningAs shown in the screenshot above, just run: !iris.modules or simply !modules.WarningDon’t trust blindly on the results, some might not be accurate. I pretty much used as reference PE-bear parser, winchecksec, Process Hacker, and narly. Thank you to all of them.I put this together in a day to save some time during a specific assignment. It worked for me but it hasn’t been thoroughly tested. You have been warned, use at your own risk.I’ll be updating and maintining this, so any issues you may find please let me know. I plan to add a few more mitigations later.ReferencesBesides the references mentioned before, if you want to write your own extension (or contribute to this one) the Advanced Windows Debugging book and the WinDbg SDK are your friends.Download Iris

Link: http://feedproxy.google.com/~r/PentestTools/~3/ddVv17Euevs/iris-windbg-extension-to-perform-basic.html

5 Best Free Photoshop Alternatives You Need to Know

Photoshop is the best photo editing software. There are many other photo editing software available but, no other software can reach up to it. Most of the professional photo editors use Photoshop.  The only thing people hate about Photoshop is that it is a premium software and costs too much. Not all computer users can […] More
The post 5 Best Free Photoshop Alternatives You Need to Know appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/fd1fmJVH4sM/5-best-free-alternate-to-photoshop.html

Top 5 Free Windows Password Recovery Tools

Windows is the most popular operating system that also allows users to keep their system locked by adding a password. But what if you forgot the password and there is nothing that you can do to remember the password? In this case, you need a tool that can crack the password or help you in […] More
The post Top 5 Free Windows Password Recovery Tools appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/8sWAE5vX0PU/free-windows-password-recovery.html

AbsoluteZero – Python APT Backdoor

This project is a Python APT backdoor, optimized for Red Team Post Exploitation Tool, it can generate binary payload or pure python source. The final stub uses polymorphic encryption to give a first obfuscation layer to itself.DeploymentAbsoluteZero is a complete software written in Python 2.7 and works both on Windows and Linux platforms, in order to make it working you need to have Python 2.7 installed and then using ‘pip’ install the requirements.txt file. Remember that to compile binaries for Windows you have to run the entire software a Microsoft platform seen that pyinstaller doesn’t allow cross-platform compiling without using vine.Make sure that Python installation folder is set on ‘C:/Python27’ to avoid binary compiling troubles.Download AbsoluteZero

Link: http://feedproxy.google.com/~r/PentestTools/~3/4A8E633X560/absolutezero-python-apt-backdoor.html

SQLMap v1.3.8 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.FeaturesFull support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.InstallationYou can download the latest tarball by clicking here or latest zipball by clicking here.Preferably, you can download sqlmap by cloning the Git repository:git clone –depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-devsqlmap works out of the box with Python version 2.6.x and 2.7.x on any platform.UsageTo get a list of basic options and switches use:python sqlmap.py -hTo get a list of all options and switches use:python sqlmap.py -hhYou can find a sample run here. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user’s manual.DemoLinksHomepage: http://sqlmap.orgDownload: .tar.gz or .zipCommits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atomIssue tracker: https://github.com/sqlmapproject/sqlmap/issuesUser’s manual: https://github.com/sqlmapproject/sqlmap/wikiFrequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQTwitter: @sqlmapDemos: http://www.youtube.com/user/inquisb/videosScreenshots: https://github.com/sqlmapproject/sqlmap/wiki/ScreenshotsTranslationsBulgarianChineseCroatianFrenchGreekIndonesianItalianJapanesePortugueseSpanishTurkishDownload SQLMap v1.3.8

Link: http://feedproxy.google.com/~r/PentestTools/~3/tXw2LTJ-djQ/sqlmap-v138-automatic-sql-injection-and.html

Commando VM v2.0 – The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM – a fully customizable, Windows-based security distribution for penetration testing and red teaming.For detailed install instructions or more information please see our blogInstallation (Install Script)RequirementsWindows 7 Service Pack 1 or Windows 1060 GB Hard Drive2 GB RAMRecommendedWindows 1080+ GB Hard Drive4+ GB RAM2 network adaptersEnable Virtualization support for VM REQUIRED FOR KALI OR DOCKERInstructionsStandard installCreate and configure a new Windows Virtual MachineEnsure VM is updated completely. You may have to check for updates, reboot, and check again until no more remainTake a snapshot of your machine!Download and copy install.ps1 on your newly configured machine.Open PowerShell as an AdministratorEnable script execution by running the following command: Set-ExecutionPolicy UnrestrictedFinally, execute the installer script as follows: .\install.ps1You can also pass your password as an argument: .\install.ps1 -password The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.Custom installDownload the zip from https://github.com/fireeye/commando-vm into your Downloads folder.Decompress the zip and edit the ${Env:UserProfile}\Downloads\commando-vm-master\commando-vm-master\profile.json file by removing tools or adding tools in the “packages” section. Tools are available from our package list or from the chocolatey repository.Open an administrative PowerShell window and enable script execution. Set-ExecutionPolicy Unrestricted -fChange to the unzipped project directory. cd ${Env:UserProfile}\Downloads\commando-vm-master\commando-vm-master\Execute the install with the -profile_file argument. .\install.ps1 -profile_file .\profile.jsonFor more detailed instructions about custom installations, see our blogInstalling a new packageCommando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:cinst githubStaying up to dateType the following command to update all of the packages to the most recent version:cup allInstalled ToolsActive Directory ToolsRemote Server Administration Tools (RSAT)SQL Server Command Line UtilitiesSysinternalsCommand & ControlCovenantPoshC2WMImplantWMIOpsDeveloper ToolsDepGitGoJavaPython 2Python 3 (default)RubyRuby DevkitVisual Studio 2017 Build Tools (Windows 10)Visual Studio CodeDockerAmassSpiderFootEvasionCheckPleaseDemiguiseDefenderCheckDotNetToJScriptInvoke-CradleCrafterInvoke-DOSfuscationInvoke-ObfuscationInvoke-Phant0mNot PowerShell (nps)PS>AttackPSAmsiPafishmacroPowerLessShellPowerShdllStarFightersExploitationADAPE-ScriptAPI MonitorCrackMapExecCrackMapExecWinDAMPEvilClippyExchange-AD-PrivescFuzzySec’s PowerShell-SuiteFuzzySec’s Sharp-SuiteGenerate-MacroGhostPack RubeusSafetyKatzSeatbeltSharpDPAPISharpDumpSharpRoastSharpUpSharpWMIGoFetchImpacketInvoke-ACLPwnInvoke-DCOMInvoke-PSImageInvoke-PowerThIEfJuicy PotatoKali Binaries for WindowsLuckyStrikeMetaTwinMetasploitMr. Unikod3r’s RedTeamPowershellScriptsNetshHelperBeaconNishangOrcaPSReflectPowerLurkPowerPrivPowerSploitPowerUpSQLPrivExchangeRottenPotatoNGRulerSharpClipHistorySharpExchangePrivSharpExecSpoolSampleSharpSploitUACMEimpacket-examples-windowsvssownVulcanInformation GatheringADACLScannerADExplorerADOfflineADReconBloodHounddnsreconFOCAGet-ReconInfoGoBusterGoWitnessNetRipperNmapPowerView Dev branch includedSharpHoundSharpViewSpoolerScannerWatsonKali Linuxkali-linux-defaultkali-linux-xfceVcXsrvNetworking ToolsCitrix ReceiverOpenVPNProxycapPuTTYTelnetVMWare Horizon ClientVMWare vSphere ClientVNC-ViewerWinSCPWindumpWiresharkPassword AttacksASREPRoastCredNinjaDomainPasswordSprayDSInternalsGet-LAPSPasswordsHashcatInternal-MonologueInveighInvoke-TheHashKeeFarceKeeThiefLAPSToolkitMailSniperMimikatzMimikittenzRiskySPNSessionGopherReverse EngineeringDNSpyFlare-FlossILSpyPEviewWindbgx64dbgUtilities7zipAdobe ReaderAutoITCmderCyberChefExplorer SuiteGimpGreenshotHashcheckHexchatHxDKeepassMobaXtermMozilla ThunderbirdNeo4j Community EditionNotepad++PidginProcess Hacker 2SQLite DB BrowserScreentogifShellcode LauncherSublime Text 3TortoiseSVNVLC Media PlayerWinraryEd Graph ToolVulnerability AnalysisAD Control PathsEgress-AssessGrouper2NtdsAuditPwndPasswordsNTLMzBangWeb ApplicationsBurp SuiteFiddlerFirefoxOWASP ZapSubdomain-BruteforceWfuzzWordlistsFuzzDBPayloadsAllTheThingsSecListsProbable-WordlistsRobotsDisallowedLegal NoticeThis download configuration script is provided to assist penetration testersin creating handy and versatile toolboxes for offensive engagements. It provides a convenient interface for them to obtain a useful set of pentesting Tools directly from their original sources. Installation and use of this script is subject to the Apache 2.0 License. You as a user of this script must review, accept and comply with the licenseterms of each downloaded/installed package listed below. By proceeding with theinstallation, you are accepting the license terms of each package, andacknowledging that your use of each package will be subject to its respectivelicense terms.List of package licenses:http://technet.microsoft.com/en-us/sysinternals/bb469936https://github.com/stufus/ADOffline/blob/master/LICENCE.mdhttps://github.com/HarmJ0y/ASREPRoast/blob/master/LICENSEhttps://github.com/BloodHoundAD/BloodHound/blo b/master/LICENSE.mdhttps://github.com/Arvanaghi/CheckPlease/blob/master/LICENSEhttps://github.com/cobbr/Covenant/blob/master/LICENSEhttps://github.com/byt3bl33d3r/CrackMapExec/blob/master/LICENSEhttps://github.com/Raikia/CredNinja/blob/master/LICENSEhttps://github.com/MichaelGrafnetter/DSInternals/blob/master/LICENSE.mdhttps://github.com/tyranid/DotNetToJScript/blob/master/LICENSEhttps://github.com/FortyNorthSecurity/Egress-Assess/blob/master/LICENSEhttps://github.com/cobbr/Elite/blob/master/LICENSEhttps://github.com/GoFetchAD/GoFetch/blob/master/LICENSE.mdhttp://www.gnu.org/licenses/gpl.htmlhttps://github.com/Kevin-Robertson/Inveigh/blob/master/LICENSE.mdhttps://github.com/danielbohannon/Invoke-CradleCrafter/blob/master/LICENSEhttps://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/LICENSEhttps://github.com/danielbohannon/Invoke-Obfuscation/blob/master/LICENSEhttps://github.com/Kevin-Robertson/Invoke -TheHash/blob/master/LICENSE.mdhttps://github.com/denandz/KeeFarce/blob/master/LICENSEhttps://github.com/HarmJ0y/KeeThief/blob/master/LICENSEhttps://github.com/gentilkiwi/mimikatzhttps://github.com/nettitude/PoshC2/blob/master/LICENSEhttps://github.com/Mr-Un1k0d3r/PowerLessShell/blob/master/LICENSE.mdhttps://github.com/G0ldenGunSec/PowerPriv/blob/master/LICENSEhttps://github.com/p3nt4/PowerShdll/blob/master/LICENSE.mdhttps://github.com/FuzzySecurity/PowerShell-Suite/blob/master/LICENSEhttps://github.com/PowerShellMafia/PowerSploit/blob/master/LICENSEhttps://github.com/PowerShellMafia/PowerSploit/blob/master/LICENSEhttps://github.com/dirkjanm/PrivExchange/blob/master/LICENSEhttps://github.com/Mr-Un1k0d3r/RedTeamPowershellScripts/blob/master/LICENSE.mdhttps://github.com/cyberark/RiskySPN/blob/master/LICENSE.mdhttps://github.com/GhostPack/Rubeus/blob/master/LICENSEhttps://github.com/GhostPack/SafetyKatz/blob/mas ter/LICENSEhttps://github.com/NickeManarin/ScreenToGif/blob/master/LICENSE.txthttps://github.com/GhostPack/Seatbelthttps://github.com/danielmiessler/SecLists/blob/master/LICENSEhttps://github.com/Arvanaghi/SessionGopherhttps://github.com/GhostPack/SharpDPAPI/blob/master/LICENSEhttps://github.com/GhostPack/SharpDump/blob/master/LICENSEhttps://github.com/tevora-threat/SharpView/blob/master/LICENSEhttps://github.com/GhostPack/SharpRoast/blob/master/LICENSEhttps://github.com/GhostPack/SharpUp/blob/master/LICENSEhttps://github.com/GhostPack/SharpWMI/blob/master/LICENSEhttps://github.com/leechristensen/SpoolSample/blob/master/LICENSEhttps://github.com/vletoux/SpoolerScanner/blob/master/LICENSEhttp://www.sublimetext.com/eulahttps://github.com/HarmJ0y/TrustVisualizer/blob/master/LICENSEhttps://github.com/hfiref0x/UACME/blob/master/LICENSE.mdhttps://github.com/FortyNorthSecurity/WMIOps/blob/master/LICENSEhtt ps://github.com/FortyNorthSecurity/WMImplant/blob/master/LICENSEhttp://www.adobe.com/products/eulas/pdfs/Reader10_combined-20100625_1419.pdfhttp://www.rohitab.com/apimonitorhttp://www.autoitscript.com/autoit3/docs/license.htmhttps://portswigger.net/burphttp://www.citrix.com/buy/licensing/agreements.htmlhttps://github.com/cmderdev/cmder/blob/master/LICENSEhttps://github.com/nccgroup/demiguise/blob/master/LICENSE.txthttp://www.telerik.com/purchase/license-agreement/fiddlerhttps://www.mozilla.org/en-US/MPL/2.0/https://github.com/fireeye/flare-flosshttps://github.com/fuzzdb-project/fuzzdb/blob/master/_copyright.txthttps://www.gimp.org/about/https://www.google.it/intl/en/chrome/browser/privacy/eula_text.htmlhttps://github.com/sensepost/gowitness/blob/master/LICENSE.txthttps://github.com/hashcat/hashcat/blob/master/docs/license.txthttps://www.gnu.org/licenses/gpl-2.0.htmlhttps://mh-nexus.de/en/hxd/license .phphttps://github.com/SecureAuthCorp/impacket/blob/master/LICENSEhttps://github.com/SecureAuthCorp/impacket/blob/master/LICENSEhttps://www.kali.org/about-us/http://keepass.info/help/v2/license.htmlhttps://github.com/putterpanda/mimikittenzhttp://mobaxterm.mobatek.net/license.htmlhttp://neo4j.com/open-source-project/https://github.com/samratashok/nishang/blob/master/LICENSEhttps://svn.nmap.org/nmap/COPYINGhttps://github.com/Ben0xA/nps/blob/master/LICENSEhttps://openvpn.net/index.php/license.htmlhttps://www.microsoft.com/en-us/servicesagreement/https://github.com/joesecurity/pafishmacro/blob/master/LICENSEhttps://hg.pidgin.im/pidgin/main/file/f02ebb71b5e3/COPYINGhttp://www.proxycap.com/eula.pdfhttp://www.chiark.greenend.org.uk/~sgtatham/putty/licence.htmlhttps://support.microsoft.com/en-us/gp/mats_eulahttps://raw.githubusercontent.com/sqlitebrowser/sqlitebrowser/master/LICENSEhttp://technet .microsoft.com/en-us/sysinternals/bb469936http://www.mozilla.org/en-US/legal/eula/thunderbird.htmlhttp://www.videolan.org/legal.htmlhttp://www.vmware.com/download/eula/universal_eula.htmlhttps://www.vmware.com/help/legal.htmlhttps://www.realvnc.com/legal/https://code.visualstudio.com/Licensehttp://go.microsoft.com/fwlink/?LinkID=251960http://opensource.org/licenses/BSD-3-Clausehttps://winscp.net/docs/licensehttp://www.gnu.org/copyleft/gpl.htmlhttps://github.com/x64dbg/x64dbg/blob/development/LICENSEhttps://www.yworks.com/products/yed/license.htmlhttp://www.apache.org/licenses/LICENSE-2.0https://github.com/Dionach/NtdsAudit/blob/master/LICENSEhttps://github.com/ANSSI-FR/AD-control-paths/blob/master/LICENSE.txthttps://github.com/OJ/gobuster/blob/master/LICENSEhttps://github.com/xmendez/wfuzz/blob/master/LICENSEhttps://github.com/dafthack/DomainPasswordSpray/blob/master/LICENSEhttps://github. com/nettitude/PoshC2_Python/blob/master/LICENSEhttps://github.com/ElevenPaths/FOCA/blob/master/LICENSE.txthttps://github.com/ohpe/juicy-potato/blob/master/LICENSEhttps://github.com/NytroRST/NetRipper/blob/master/LICENSE.TXThttps://github.com/unixrox/prebellico/blob/master/LICENSE.mdhttps://github.com/rasta-mouse/Watson/blob/master/LICENSE.txthttps://github.com/berzerk0/Probable-Wordlists/blob/master/License.txthttps://github.com/cobbr/SharpSploit/blob/master/LICENSEDownload Commando-Vm

Link: http://feedproxy.google.com/~r/PentestTools/~3/qfDDkq3fmTU/commando-vm-v20-first-full-windows.html