@mgianarakis and me (@keith55) presented two new tools (metasploitHelper and nmap2nessus) at Blackhat Asia Arsenal in Singapore on 26th and 27th of March, 2015.
The tools were developed to help guys like us during vulnerability assessments and penetration tests.
Blog posts about the tools will be coming soon. Meanwhile, the information on the Github pages should be sufficient to get you started.
The tools are open source. Feel free to contribute to the projects. Thank you
– Impacket (svn checkout http://impacket.googlecode.com/svn/trunk/ impacket-read-only)
– Veil Evasion (git clone https://github.com/Veil-Framework/Veil-Evasion.git)
If you are working on a penetration test remotely, its sometimes hard to determine when the users start work or connect their laptops to the network.
winboxHunter is useful if you have managed to capture and cracked a bunch of NTLM credentails and want to run Metasploit against these windows boxes as and when they are connected to the network.
winboxHunter listens for NBNS broadcast packets so that when a new winBox is connected to the network, it will use the Impacket scripts (psexec.py and wmiexec.py) to push an executable onto the winBox and runs it.
In the background, winboxHunter runs Metasploit with payload handler (multi/handler) and listens for incoming connections from the winboxes.
You might want to modify autorunCmd.rc to specify the Metasploit commands you want to run on the pwned winbox upon connecting back to Metasploit.
See meterpreter.rc and autorunCmd.rc for more details.
If a host changes its IP address due to DHCP lease expiration, it will not attempt to exploit the winbox twice.
Format of password.txt
You only need to use one of the below 2 options
– You can either use your own meterpreter payload executable using the -e or –exe argument (payload=windows/meterpreter/reverse_https, rport=8443) or
– You can use the -n or –enableVeil argument to generate a meterpreter payload executable using Veil Evasion
You can run winboxHunter using the below sample command
ruby winboxHunter.rb -n -f password.txt -v
When you run winboxHunter, a linux screen with the name “msfscreen” will be created and msfconsole will be executed. You can connect to the screen via the below command
screen -dr msfscreen
The source code for winboxHunter can be found at https://github.com/milo2012/winboxHunter
- BeEF Project
- Captcha Cracking
- Client Side Attacks
- Featured Publications
- Intelligence Gathering
- iPhone Apps
- iPhone Espionage
- Location Tracking
- Misc Security
- Password Cracking
- Penetration Testing
- Pentest Scripts
- Post Exploitation
- Reversing Firmwares
- Social Engineering
- SQL Injection
- Web Application Testing
- RT @Dinosn: ROP & Heap Spray for a Reverse Shell in IE8 woumn.wordpress.com/2016/12/07/rop… 22 hours ago
- RT @securityshell: Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean https://t.co/utphgHv6… 1 day ago
- Here's 1.4 billion records from Have I been pwned for you to analyse flip.it/4PpPB4 2 days ago
- RT @binitamshah: Windows Kernel Exploitation : Write-What-Where : fuzzysecurity.com/tutorials/expD… cc @FuzzySec https://t.co/4YkgZxRehX 3 days ago
- RT @Dinosn: Rattler:Identifying and Exploiting DLL Preloading Vulnerabilities sensepost.com/blog/2016/ratt… 4 days ago
- RT @jedisct1: RT @singe: Neat trick, drop your payload in a file named CRYPTSP.dll in Downloads & most M$ installers will preload it if run… 5 days ago