hackerbrother

Learn Penetration Testing And Ethical Hacking Online.

facebook

  • Facebook
  • Popular Posts

    Showing posts with label Pentest Tool. Show all posts
    Showing posts with label Pentest Tool. Show all posts
    GitHackTools - The best Hacking and PenTesting tools installer on the world


    About GitHackTools: GitHackTools is a the best Hacking and PenTesting tools installer on the world. BruteDum can work with any Linux distros or Windows version if they support Python 3.



    Features of GitHackTools

    • Friend-ly Command Line Interface
    • A huge number os hacking tools
    • Support Windows and Linux, or orther OS. Better support on Debian or Arch Linux
    • Move to orther category with 1 command
    • ...

    GitHackTools installation on Linux
       You must install Python 3 and make first:

    • For Arch Linux and its distros: sudo pacman -S python3 make 
    • For Debian and its distros: sudo apt install python3 make 
         And then, open Terminal and enter this command:


    GitHackTools installation on Windows


    Download and runPython 3.7.x setup file from Python.org. On Install Python 3.7, enableAdd Python 3.7 to PATH 


    Download and runGit setup file  from Git-scm.com and chooseUse Git from Windows Command Propmt. 

       After that, openPowerShellorCommand Propmt and enter these commands:


     If you don't want to install Git, you can download githacktools-master.zip, extract and use it.

    GitHackTools screenshots
    GitHackTools
    GitHackTools Home page on Parrot Security OS
    GitHackTools Home page on Manjaro KDE
    GitHackTools Home page on Windows 10
    GitHackTools
    A2SV Installer on GitHackTools
    GitHackTools
    Metasploit Installer on GitHackTools


    Note: This tool may not install well with some tools on some Linux distros. Please tell me about your problems on Issues. Thanks!
    • Add more tools.
    • Add more features and commands.
    • More friend-ly.
    • Fix bugs if they are exist.
    • (Help me please)



    To-do list:
    Continue Reading
    mimikatz: hacking tool for windows

    Mimikatz   (mimi katz) became an extremely effective attack tool against Windows clients, allowing to recover secure passwords, as well as password hashes in memory. Dubbed the Swiss Army knife of Windows credentialing tools as well as, Windows Credential Editor (WCE) of Hernán Ochoa .







    Mimikatz, written for the first time by Frenchman Benjamin Delpy (akk gentilkiwi) in 2011, has greatly simplified and automated the collection of credentials in Windows systems. 

    Mimikatz: cute cat


    Mimikatz is an open source utility that allows you to view the credentials information of Windows lsass (Subsystem Service of the Local Security Authority) through its sekurlsa module that includes plain text passwords and Kerberos tickets that could then be used for attacks such as pass-the-hash and pass the ticket. Most antivirus tools will detect the presence of Mimikatz as a threat and eliminate it, but it may be interesting to test the security of the systems.

    Mimikatz provides a large number of tools to collect and use Windows credentials on target systems, including recovery of clear text passwords, Lan Manager hashes and NTLM hashes, certificates and Kerberos tickets. The tools run with varying success in all versions of Windows from XP onwards, with somewhat limited functionality in Windows 8.1 and later.



    It has also come to light as a component of two ransomware worms that have crossed Ukraine and have spread across Europe, Russia and the USA. US: Both NotPetya and BadRabbit ransomware used Mimikatz along with NSA-filtered tools to create automated attacks whose infections quickly saturated networks, with disastrous results. NotPetya alone led to the paralysis of thousands of computers at companies such as Maersk, Merck and FedEx, and is believed to have caused more than a billion dollars in damages.


    WDigest


    Mimikatz became for the first time a key asset for hackers thanks to its ability to exploit a dark Windows function called WDigest . That feature is designed to make it more convenient for corporate and government Windows users to test their identity to different applications on their network or on the web; It contains your authentication credentials in the memory and reuses them automatically, so you only have to enter your username and password once. While Windows keeps the copy of the user's password encrypted, it also saves a copy of the secret key to decrypt it in memory


    In 2014, Microsoft responded to this security hole with a patch that allows system administrators to disable the " WDiges t" passwords so that they are not stored. This notice from Microsoft explains how to update a special registry entry.


    HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ SecurityProviders \ WDigest




    In Windows 8 and above, the default setting is to not store clear text passwords in lsass.



    mimikatz comes in two flavors: x64 or Win32, depending on your version of Windows (32/64 bits). 
    The flavor of Win32 can not access the 64-bit process memory (such as lsass), but it can open a 32-bit minidump in Windows 64 bits. Some operations need administrator privileges or system token, so consider the UAC of the Vista version. 


    privilege :: debug 
    inject :: process lsass.exe s 
    ekurlsa.dll@getLogonPasswords 
    sekurlsa :: logonpasswords

    Modules of use of mimikatz with Metasploit



    meterpreter > mimikatz_command -f fu ::
    Module: 'fu' introuvable
    
    Modules available: 
                    - Standard
          crypto - Cryptographie et certificats
            hash - Hash
          system - Gestion système
         process - Manipulation des processus
          thread - Manipulation of threads
         service - Manipulation des services
       privilege - Manipulation des privilèges
          handle - Manipulation des handles
     impersonate - Manipulation tokens d'accès
         winmine - Manipulation du démineur
     minesweeper - Manipulation du démineur 7
           nogpo - Anti-gpo et patchs divers
         samdump - SAM Dump
          inject - Injecteur de librairies
              ts - Terminal Server
          divers - Fonctions diverses n'ayant pas encore assez de corps pour avoir leurs propres module
        sekurlsa - Dump des sessions courants for providers LSASS
             efs - Manipulations EFS


    Modules of mimikatz





    Technical characteristics (features)

    • Dump credentials from LSASS (Windows Local Security Account database)
    • MSV1.0: hashes & keys (dpapi)
    • Kerberos password, ekeys, tickets, & PIN
    • TsPkg (password)
    • WDigest (clear-text password)
    • LiveSSP (clear-text password)
    • SSP (clear-text password)
    • Generate Kerberos Golden Tickets (Kerberos TGT logon token ticket attack)
    • Generate Kerberos Silver Tickets (Kerberos TGS service ticket attack)
    • Export certificates and keys (even those not normally exportable).
    • Dump cached credentials
    • Stop event monitoring.
    • Bypass Microsoft AppLocker / Software Restriction Polcies
    • Patch Terminal Server
    • Basic GPO bypass
    Yara rules for tool detection

    LaZagne Project



    The LaZagne project is an open source application used to recover many passwords stored on local computers. Many software products store access passwords using different techniques, from common plain text, through databases, APIs and proprietary algorithms. 

    This tool was developed for the purpose of finding such passwords for the most commonly used software products. It currently supports 22 Windows programs and 12 Linux / Unix operating systems:



    In the GitHub repository of the product there are more details about its use and alternatives to extend it.


    An important precaution that we can take in our teams, to avoid the findings of programs like LaZagne is to clean up the traces of our activities, for example through a program like CCleaner (although it does not eliminate everything that LaZagne finds, if it does with everything related to the clues that remain of the use of Internet browsers for example). 
    Continue Reading
    The 10 best security tools of 2019 for pentest

    As in recent years ToolsWatch , a website to keep the arsenal of security and hacking tools updated, has published the top 10 of the most voted tools by its readers:






    1. OWASP ZAP



    OWASP ZAP (Zed Attack Proxy Project) is one of the best known tools for intrusion testing in web applications. ZAP offers automatic scanners that are easy to use, in order to verify if our web applications are safe. It also has a complete set of tools that will allow us to modify the intrusion tests and allow discovering vulnerabilities in a "manual" way. ToolsWatch readers have voted OWASP ZAP as the best security tool of the year 2015. You can visit the official website of OWASP ZAP where you will find tutorials of use.


    2. Lynis



    This open source tool allows to perform security audits, allows to evaluate the security measures applied to systems based on Unix and also on Linux. This application runs on the host itself where we want to evaluate security, so the security analysis is much broader than typical vulnerability scanners.



    3. Haka



    Haka is not a security tool, it is an open source language oriented to security that allows us to describe protocols and apply security policies while capturing traffic in real time, adapting to the circumstances.



    4. Faraday


    It is an integrated intrusion testing environment and is designed specifically for the distribution, indexing and analysis of data generated during the security audit process. This tool is capable of creating real-time graphs of captured traffic for analysis and also for further study.



    5. BeEF


    This well-known framework is responsible for the exploitation of web browsers, The Browser Exploitation Framework is able to control all victims by executing different types of payloads, it also allows to capture a large amount of valuable information such as the operating system used, the web browser, the IP address and also the cookies.



    6. Burp Suite


    This tool is also widely known in the world of security, is responsible for performing different security tests in web applications. It is in charge from the initial process, going through the analysis of the different attacks that can be carried out, and ending with the exploitation of the vulnerabilities found.





    7. PeStudio



    It is an application that performs an initial malware evaluation of any executable file, this tool allows you to analyze it without running the file, so we will not have any risk when analyzing a malicious file .





    8. Nmap

    The Swiss Army knife of network scanners, open source, free and widely used for the discovery of equipment, identification of services, versions of operating systems, open ports and even vulnerabilities in discovered services.





    9. IDA


    It is an interactive disassembler to perform reverse engineering , is programmed in C ++ and is compatible with major operating systems such as Microsoft Windows, Mac OS X and Linux.


    10. OWASP Offensive (Web) Testing Framework


    Finally, the security tool included in this TOP 10 is OWASP Offensive (Web) Testing Framework, a framework that is specifically responsible for gathering the best tools and making intrusion tests very efficient, automating the most repetitive tasks. This tool is written in python.




    Results of 2014: 


    • 01 - Unhide (NEW)
    • 02 - OWASP ZAP - Zed Attack Proxy Project (-1?)
    • 03 - Lynis (+3?)
    • 04 - BeEF - The Browser Exploitation Framework (-2?)
    • 05 - OWASP Xenotix XSS Exploit Framework (0?)
    • 06 - PeStudio (-2?)
    • 07 - OWASP Offensive (Web) Testing Framework (NEW)
    • 08 - Brakeman (NEW)
    • 09 - WPScan (0?)
    • 10 - Nmap (NEW)


    Results of 2013:



    • 01 - OWASP Zed Attack Proxy (ZAP)
    • 02 - BeEF (The Browser Exploitation Framework)
    • 03 - Burp Suite
    • 04 - PeStudio
    • 05 - OWASP Xenotix XSS Exploit Framework
    • 06 - Lynis
    • 07 - Recon-ng
    • 08 - Suricata
    • 09 - WPScan
    • 10 - O-Saft (OWASP SSL Advanced Forensic Tool)
    Continue Reading