Aug 13, 2015

Tools: Metasploit AV Evasion

Metasploit payload generator that avoids most Anti-Virus products.
Released as open source by NCC Group Plc -
Developed by Daniel Compton, daniel dot compton at nccgroup dot com


Aug 12, 2015

Tools: CredCrack - A fast and stealthy credential harvester

CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials in memory and in the clear without ever touching disk. Upon obtaining credentials, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumerate share access and yes, it is threaded!  CredCrack has been tested and runs with the tools found natively in Kali Linux. CredCrack solely relies on having PowerSploit's "Invoke-Mimikatz.ps1" under the /var/www directory. Download Invoke-Mimikatz Here


Aug 11, 2015

Tools: pcap-burp - Pcap importer for Burp

This project provides a Burp Suite extension for importing and passively scanning Pcap/Pcapng files with Burp. It can be used in cases where a HTTP client does not support proxying but it would be useful to scan, inspect or replay the HTTP traffic using Burp.


Aug 10, 2015

Howto: create python to post Facebook

1. Create user in facebook

2. Create Facebook application (Advance Setup)

3. Setup name and Namespace

4. Got App ID, API Version, App Secret

5. Got the access token with choose permission what you want it can do.

6. Go to My App -> your application -> Status & Review -> New Submission -> Specific permission that you want it can do

7. Upgrade python-request module
# pip install --upgrade requests
# pip-2.7 install --upgrade requests

8. Use the code
# coding: utf-8

import facebook
import requests

oauth_access_token = 'XXXXXXXXXXXXXXXXXXXX'
graph = facebook.GraphAPI(oauth_access_token)

###### Try get friends list of account
profile = graph.get_object("me")
friends = graph.get_connections("me", "friends")
friend_list = [friend['name'] for friend in friends['data']]
print friend_list

groups = graph.get_object("me/groups")

###### Try post in wall
#graph.put_wall_post(message="Hello World")