Archive

Archive for the ‘Misc Security’ Category

winboxHunter

August 27, 2014 Leave a comment

Prerequisites:

- Python2.7
- Impacket (svn checkout http://impacket.googlecode.com/svn/trunk/ impacket-read-only)
- Ruby
- Veil Evasion (git clone https://github.com/Veil-Framework/Veil-Evasion.git)

Description:

If you are working on a penetration test remotely, its sometimes hard to determine when the users start work or connect their laptops to the network.

winboxHunter is useful if you have managed to capture and cracked a bunch of NTLM credentails and want to run Metasploit against these windows boxes as and when they are connected to the network.

winboxHunter listens for NBNS broadcast packets so that when a new winBox is connected to the network, it will use the Impacket scripts (psexec.py and wmiexec.py) to push an executable onto the winBox and runs it.

In the background, winboxHunter runs Metasploit with payload handler (multi/handler) and listens for incoming connections from the winboxes.

You might want to modify autorunCmd.rc to specify the Metasploit commands you want to run on the pwned winbox upon connecting back to Metasploit.

See meterpreter.rc and autorunCmd.rc for more details.

If a host changes its IP address due to DHCP lease expiration, it will not attempt to exploit the winbox twice.

Format of password.txt

domain/username password

Instructions:

Meterpreter executable

You only need to use one of the below 2 options

- You can either use your own meterpreter payload executable using the -e or –exe argument (payload=windows/meterpreter/reverse_https, rport=8443) or

- You can use the -n or –enableVeil argument to generate a meterpreter payload executable using Veil Evasion
You can run winboxHunter using the below sample command

ruby winboxHunter.rb -n -f password.txt -v

When you run winboxHunter, a linux screen with the name “msfscreen” will be created and msfconsole will be executed. You can connect to the screen via the below command

screen -dr msfscreen

The source code for winboxHunter can be found at https://github.com/milo2012/winboxHunter

Script to detect and patch client software

October 14, 2009 1 comment

Attackers are focusing more on client side attacks nowadays.

Some IT organizations do not have the resources to patch client side software like Adobe Acrobat Readers, Quicktime, Flash Player, Java Runtime and etc.

However, it is important to check and patch these client software as it is hard to determine that a client machine is compromised until its too late.

This is the reason why I have written this script.  Administrators can use this with their logon scripts to detect outdated client software on the users’ machines and patch them.

Let me know if you have any suggestions or comments about this script.

http://pastebin.com/f516a3187

Categories: Misc Security

Securely Wiping HDD

September 27, 2009 4 comments

I heard from many security consultants that the best way to ‘destroy’ a HDD data other than drilling a hole into the centre of the HDD is to
1.  Encrypt the entire HDD with a random key string
2. Wiping it with DoD standard

I have written this python script which automates the process.

You can find the script at http://pastebin.com/fa324359

What I have done is to put this script in ubuntu and then use remastersys to create a bootable ISO.

This way, you can burn the ISO and pop the disc to any computers to wipe out the data.

Categories: Misc Security
Follow

Get every new post delivered to your Inbox.