Search the Community

Showing results for tags 'pentest'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 5 results

  1. How can someone use Powershell Empire for attacks over the internet? Do you need a server? Also can someone create a Veil-Evasion payload and then get a connection in Empire? It would be great if someone could use it outside of the network because Privilege Escalation is way easier than it is with Metasploit! Furthermore are there any tools for Post-Exploitation other than Metasploit , Powersploit? Any suggestions would be appreciated!
  2. Hello, I'm working as pentester freelancer. The company that hired me has to perform annually at least one external and one internal pentest of its web application (they have an e-commerce service). They have to obey a set of compliance rules to ensure that they will keep a maturity security level. To keep this level of maturity security, an external audit company has to identify and verify if these pentests were executed. Note that this means that the external audit company does not have to know which vulnerabilities were found, but they have to be sure that tests were made. Pentests's reports that I found on the internet (from SANS, offensive security, PCI) and that I used on my previous works do not serve for this purpose. I say this because they have descriptions about vulnerabilidades, detailed evidences from their existence (with screenshots, network's captures) to prove their existence. Note that these types of reports are not what I need to generate, since I just need to generate a document proving that I executed the pentest. Would you have any suggestions for me to generate this new kind of document? Is there any auditing tool that could be used for this end? Would you suggests another approach?
  3. Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that help users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way! Check out the Faraday project in Github. Two years ago we published our first community version consisting mainly of what we now know as the Faraday Client and a very basic Web UI. Over the years we introduced some pretty radical changes, but nothing like what you are about to see - we believe this is a turning point for the platform, and we are more than happy to share it with all of you. Without further ado we would like to introduce you to Faraday 2.0! https://github.com/infobyte/faraday/releases/tag/v2.0 This release, presented at Black Hat Arsenal 2016, spins around our four main goals for this year: * Faraday Server - a fundamental pillar for Faraday's future. Some of the latest features in Faraday required a server that could step between the client and CouchDB, so we implemented one! It still supports a small amount of operations but it was built thinking about performance. Which brings us to objective #2... * Better performance - Faraday will now scale as you see fit. The new server allows to have huge workspaces without a performance slowdown. 200k hosts? No problem! * Deprecate QT3 - the QT3 interface has been completely erased, while the GTK one presented some versions ago will be the default interface from now on. This means no more problems with QT3 non-standard packages, smooth OSX support and a lighter Faraday Client for everyone. * Licenses - managing a lot of products is time consuming. As you may already know we've launched Faraday's own App Store https://appstore.faradaysec.com/ where you can get all of your favourite tools (Burp suite, IDA Debugger, etc) whether they're open source or commercial ones. But also, in order to keep your licenses up to date and never miss an expiry date we've built a Licenses Manager inside Faraday. Our platform now stores the licenses of third party products so you can easily keep track of your licenses while monitoring your pentest. With this new release we can proudly say we already met all of this year's objectives, so now we have more than four months to polish the details. Some of the features released in this version are quite basic, and we plan to extend them in the next few iterations. Changes: * Improved executive report generation performance. * Totally removed QT3, GTK is now the only GUI. * Added Faraday Server. * Added some basic APIs to Faraday Server. * Deprecated FileSystem databases: now Faraday works exclusively with Faraday Server and CouchDB. * Improved performance in web UI. * Added licenses management section in web UI. * Fixed bug when deleting objects from Faraday Web. * Fixed bug when editing services in the web UI. * Fixed bug where icons were not copied to the correct directory on initialization. * Added a button to go to the Faraday Web directly from GTK. * Fixed bug where current workspace wouldn't correspond to selected workspace on the sidebar on GTK. * Fixed bug in 'Refresh Workspace' button on GTK. * Fixed bug when searching for a non-existent workspace in GTK. * Fixed bug where Host Sidebar and Status Bar information wasn't correctly updated on GTK. * Fixed sqlmap plugin. * Fixed metasploit plugin. We hope you enjoy it, and let us know if you have any questions or comments. https://www.faradaysec.com https://github.com/infobyte/faraday https://twitter.com/faradaysec
  4. Disclaimer: This script is intended for LEGAL purposes ONLY. By downloading the following material you agree that the intended use of the previously mentioned is for LEGAL and NON-MALICIOUS purposes ONLY. This means while gaining client side exploits, you have the correct documentation and permissions to do so in accordance with all US and International laws and regulations. Nor I nor any associates at Hak5 condone misuse of this code or its features. Responsibility Disclosure: Hak5 has no affiliation with this code base. This code is not reviewed or verified by Hak5; therefore they do not take any responsibility for any of this code and its functionality. If you are paranoid (good!) - then look over the code yourself to be safe. Description This script is intended to increase attack vector consistency and stability by automating the process. For penetration testers, the most important thing is having a stable and well prepared attack vector - because you only get one chance. This script provides exactly that, a way to prepare and automate advanced and complex attack vectors in the lab, and then use them in the field. Compatibility / Troubleshooting Script Requirements: Pineapple [MK4 3.0.0] [MK5 1.0.0] - Debian based Linux. Tested Configuration: Pineapple MK5 1.0.0, Crunchbang Linux | Kali Linux Battery - Pineapple (Router: wlan0 | ICS: wlan1) -> Alfa (DeAuth) Attacker IPs: (2 man red-team) - 172.16.42.2 172.16.42.3 Configuration Picture: Setting up the Script: Open up jasagerPwn in your favorite text editor. Look over all the variables in this file and read my comments; they should clearly explain what is what.Adjust the variables based on your pineapple setup. If anything is unclear, feel free to ask me and I can clarify. After you setup the script, connect to a stable internet connection and run the script - this will prompt you to install dependencies. This will take a few minutes, after that is completed you can connect to the pineapples network (either via wireless or ethernet) and relaunch the script. Thats it. You should be able to use the attack modules. Dependencies Installation: Dependencies will attempt to install automatically if they are not detected on your system, f this fails for you - please look at the src/system_modules/dependencies.sh and just install it yourself. I've tested installation processes on Debian, Crunchbang, and Kali Linux. Infusion dependencies are also required for attack modules. Please refer to the list of attack modules below and their corresponding "Requirements". Included Attack Vector Modules browserPwn - Redirect LAN to Metasloits auxiliary module browser_autopwn. This will be detected by AV. Victim Support: Mac OSX, Windows, Linux. Requirements: Metasploit, DNSSpoof Infusion browserPwn iFrame - Inject an invisible iFrame into the victims browsing session that points to metasploit browser_autopwn. Victim Support: Mac OSX, Windows, Linux. Requirements: Metasploit, Strip-N-Inject Infusion ​BeEf - Inject a BeEf JavaScript hook transparently into victims browsing sessions. This is a form of Man-in-the-browser and will not be detected by AV.​Victim Support: Mac OSX, Windows, Linux Requirements: Strip-N-Inject Infusion Fake Update - Redirect LAN to a realistic fake update page with a [custom] payload download. Victim Support: Mac OSX, Windows. Requirements: Metasploit, DNSSpoof Infusion Click Jacking - Hijack the entire DOM with an injected <div>. No matter where you click, it downloads a payload. Victim Support: Mac OSX, Windows. Requirements: Metasploit, Strip-N-Inject Infusion Java Applet Injection - Transparently injects an OS agnostic java applet into the victims browsing session. Victim Support: Mac OSX, Windows, Linux. Requirements: Metasploit, Strip-N-Inject Infusion Java Applet Redirect - Redirects users to a Java page with an OS agnostic java applet payload. Victim Support: Mac OSX, Windows, Linux. Requirements: Metasploit, DNSSpoof Infusion SSLStrip - Remove SSL from the victims connections and sniff credentials. Victim Support: Mac OSX, Windows, Linux. Requirements: SSLStrip Infusion Aireplay-ng [local] - DoS APs and try to make them join yours via custom aireplay-ng script on the attacker machine. This script will run aireplay-ng against the AP broadcast, note that this works best if you are closer to the AP than the client MDK3 [local] - Deauths nearby clients from their APs and try to make them join yours via MDK3 from the attacker machine. This script will run MDK3 to deauthenticate clients from an AP directly note that this works best if you are close to the clients. As a result, this will have slightly better average range effectiveness. Included Payloads (w/ Source & Documentation) I have included some of my most successful and efficient payloads for your use. One for Mac OSX, and one for Windows - both will completely bypass signature based anti-virus and most behavioral HIPS as well. Apple_MacOSX_Update.pkg Description: This is 4 lines of BASH stuck in an apple postinstall script. No signature AV can ever detect this because it uses system commands and contains no binaries in the package. This will spawn 2 root shells to the following addresses: 172.16.42.2 6446 172.16.42.3 6446 Persistence: It will also add a persistent backdoor that will spawn these 2 every 3 minutes (sudo crontab -l) Metasploit Listener: use exploit/multi/handler set PAYLOAD generic/shell_reverse_tcp set LHOST 0.0.0.0 set LPORT 6446 set ExitOnSession false set AutoRunScript "" exploit -j powershell-https.exe Description: This is an implementation of "Invoke-Shellcode" from Matthew Graeber's PowerSploit modules. It was stripped down then minified and implemented into a standalone python script then compiled into an executable. It is not detect at the time of this writing. If the signature becomes detected, just make a new one. This will spawn 2 meterpreter shells to the following addresses: 172.16.42.2 587 172.16.42.3 587 Persistence: It will also add a persistent backdoor to Windows that will these 2 shells every 3 minutes (schtasks /query /tn winupdate) Metasploit Listener: use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_https set LHOST 0.0.0.0 set LPORT 587 set SessionCommunicationTimeout 0 set ExitOnSession false set EXITFUNC process set AutoRunScript "" exploit -j shellcode-tcp.exe Description: This is a windows meterpreter shell that was encoded into base 64, embedded into a python script that preforms basic shellcode execution, and then compiled into an executable. It is not detect at the time of this writing. If the signature becomes detected, just make a new one with some random data in it. This will spawn 2 meterpreter shells to the following addresses: 172.16.42.2 587 172.16.42.3 587 Persistence: It will also add a persistent backdoor to Windows that will these 2 shells every 3 minutes (schtasks /query /tn winupdate) Metasploit Listener: use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 0.0.0.0 set LPORT 587 set ExitOnSession false set EXITFUNC thread set AutoRunScript "migrate -f -k" exploit -j Included Resources I have included a few resources that I find useful on pentests with the pineapple. Metasploit Scripts: These are resource scripts that can be executed from msfconsole or in meterpreter. Creates a nice way to automate post-exploitation at your fingertips. In order to run them use "resource resources/metaspoit_scripts/file_collector.rc". file_collector.rc: Automatically search for documents on the system and download them. enum_app_data.rc: Enumerate passwords and other data from browsers, putty, etc. keylog_recorder.rc: Start a keylogger that will poll and automatically collect keystokes. You can use this then CTRL+Z to background the session. mimikatz.rc: Dump cleartext passwords from memory. Hashses are great, but why deal with cracking when they are sitting in memory in clear text? payload_inject.rc: Inject a meterpreter session into explorer.exe. This is like "duplicate" but you can send it to your red-team and not ever drop a binary on the system. listeners.rc: This is useful for the other members of the red-team not running JasagerPwn. They can just "msfconsole -r listeners.rc" and be ready to receive shells web_clone.sh: This is a simple wget command that I love to use to clone websites for phishing. It will put everything into a single index.html file.Note: If you're preforming a MITM attack then you need to download all the resources that are hot-linked in index.html and then modify them to local, relative paths. This can be tedious but is what I have used to do every template in JasagerPwn airdrop-ng: This was an airdrop-ng attack module that I made before MDK3. I think MDK3 works better so I took it out and plopped it here. Developing Attack Modules This script was created in a modular architecture, allowing for relatively simple expansion of attack vectors. Use the "attack_module_example.sh" located in the resources directory for an example reference. There are just a few requirements when developing the modules: If you're making a local de-authentication module - use "deauth" or "dos" in the description string. You must have a "start_myname" and "stop_myname" function in that format (myname is arbitrary). You must have a unique "title", "description", and "bindings" variables. I recommend editing the src/system_modules/utility.sh - cleanup() function to cleanup after your module. Module Submission: If you develop an attack module that you would like to have added into JasagerPwn, that is great! Just let me know and send me the code. If its a good idea; I'll code review it and add it into the script. Questions / Problems Google Code: https://code.google.com/p/jasagerpwn-reborn/ Bug Submission: https://code.google.com/p/jasagerpwn-reborn/issues/entry Changelog: https://code.google.com/p/jasagerpwn-reborn/source/list Questions: Feel free to ask here or in IRC (irc.hak5.org #pineapple). Download / Update Download via Subversion (sudo apt-get install subversion): svn checkout http://jasagerpwn-reborn.googlecode.com/svn/trunk/ jasagerPwn-Reborn Update Script to Latest Revision: ./jasagerPwn -u Enjoy!
  5. Hi all, Just a quick post about certs. Im new to Security so thinking about doing Offensive Security course but need to save up ha ha. I am currently a sys admin/devops and want to move into pen testing as thats where I have wanted to be for a long time. Anyone else here done any similar certs? if so what was your experience, was it useful to do etc?