Tuesday, 15 July 2014

Dumping Cleartext login Credentials with Mimikatz

Mimikatz is a tool that can dump clear text passwords from memory.


Click here to Download Mimikatz

In modern Windows systems where UAC is in place we will need to bypass it with the use of the metasploit post exploitation module bypassuac (post/windows/escalate/bypassuac) for execute Mimikatz.


Posted by at No comments:
Labels: , ,

Monday, 14 July 2014

Nmap Firewalk Script


it's usefull for discover firewall rules using an IP TTL expiration technique known as firewalking.

Example Usage

nmap --script=firewalk --traceroute <host>
nmap --script=firewalk --traceroute --script-args=firewalk.max-retries=1 <host>
nmap --script=firewalk --traceroute --script-args=firewalk.probe-timeout=400ms <host>
nmap --script=firewalk --traceroute --script-args=firewalk.max-probed-ports=7 <host>

Download : Nmap Firewalk Script


Posted by at No comments:
Labels: , , ,

Sunday, 13 July 2014

Best Meterpreter Script



getcountermeasure

Getcountermeasure is an automated script Disable security measures such as antivirus, firewall, and more.

Command : run getcountermeasure


winenum

Winenum script is used to dump tokens, hashes and more

Command : run winenum

getgui

getgui script is used to enable RDP on a target system.

Command : run getgui -e


killav

Killav used to disable most antivirus programs.

Command : run killav
gettelnet

gettelnet script is used to enable telnet on the victim.

Command : run gettelnet -e

hostedit

Hostedit Meterpreter script is used to edit host file of windows

Command : run hostedit

checkvm

Checkvm used to see if you exploited a virtual machine

Command : run checkvm

screenspy

screenspy used to take screenshot of remote pc.

Command : run screenspy

keylogrecorder

keylogrecorder used to start keylogger in victim pc.

Command : run keylogrecorder

metsvc

used to make permanent backdoor
Posted by at No comments:
Labels: ,

Saturday, 12 July 2014

keimpx – SMB Credential Scanner


keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

  1. Combination of user / plain-text password.
  2. Combination of user / NTLM hash.
  3. Combination of user / NTLM logon session token.

    If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

    1. Spawn an interactive command prompt.
    2. Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
    3. Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
    4. List users details, domains and password policy.



      Posted by at No comments:
      Labels: ,
      Subscribe to: Comments (Atom)