Articles by "Pentest Tool"
Showing posts with label Pentest Tool. Show all posts

About GitHackTools: GitHackTools is a the best Hacking and PenTesting tools installer on the world. BruteDum can work with any Linux distros or Windows version if they support Python 3.



Features of GitHackTools

  • Friend-ly Command Line Interface
  • A huge number os hacking tools
  • Support Windows and Linux, or orther OS. Better support on Debian or Arch Linux
  • Move to orther category with 1 command
  • ...

GitHackTools installation on Linux
   You must install Python 3 and make first:

  • For Arch Linux and its distros: sudo pacman -S python3 make 
  • For Debian and its distros: sudo apt install python3 make 
     And then, open Terminal and enter this command:


GitHackTools installation on Windows


Download and runPython 3.7.x setup file from Python.org. On Install Python 3.7, enableAdd Python 3.7 to PATH 


Download and runGit setup file  from Git-scm.com and chooseUse Git from Windows Command Propmt. 

   After that, openPowerShellorCommand Propmt and enter these commands:


 If you don't want to install Git, you can download githacktools-master.zip, extract and use it.

GitHackTools screenshots
GitHackTools
GitHackTools Home page on Parrot Security OS
GitHackTools Home page on Manjaro KDE
GitHackTools Home page on Windows 10
GitHackTools
A2SV Installer on GitHackTools
GitHackTools
Metasploit Installer on GitHackTools


Note: This tool may not install well with some tools on some Linux distros. Please tell me about your problems on Issues. Thanks!
  • Add more tools.
  • Add more features and commands.
  • More friend-ly.
  • Fix bugs if they are exist.
  • (Help me please)



To-do list:
Mimikatz   (mimi katz) became an extremely effective attack tool against Windows clients, allowing to recover secure passwords, as well as password hashes in memory. Dubbed the Swiss Army knife of Windows credentialing tools as well as, Windows Credential Editor (WCE) of Hernán Ochoa .







Mimikatz, written for the first time by Frenchman Benjamin Delpy (akk gentilkiwi) in 2011, has greatly simplified and automated the collection of credentials in Windows systems. 

Mimikatz: cute cat


Mimikatz is an open source utility that allows you to view the credentials information of Windows lsass (Subsystem Service of the Local Security Authority) through its sekurlsa module that includes plain text passwords and Kerberos tickets that could then be used for attacks such as pass-the-hash and pass the ticket. Most antivirus tools will detect the presence of Mimikatz as a threat and eliminate it, but it may be interesting to test the security of the systems.

Mimikatz provides a large number of tools to collect and use Windows credentials on target systems, including recovery of clear text passwords, Lan Manager hashes and NTLM hashes, certificates and Kerberos tickets. The tools run with varying success in all versions of Windows from XP onwards, with somewhat limited functionality in Windows 8.1 and later.



It has also come to light as a component of two ransomware worms that have crossed Ukraine and have spread across Europe, Russia and the USA. US: Both NotPetya and BadRabbit ransomware used Mimikatz along with NSA-filtered tools to create automated attacks whose infections quickly saturated networks, with disastrous results. NotPetya alone led to the paralysis of thousands of computers at companies such as Maersk, Merck and FedEx, and is believed to have caused more than a billion dollars in damages.


WDigest


Mimikatz became for the first time a key asset for hackers thanks to its ability to exploit a dark Windows function called WDigest . That feature is designed to make it more convenient for corporate and government Windows users to test their identity to different applications on their network or on the web; It contains your authentication credentials in the memory and reuses them automatically, so you only have to enter your username and password once. While Windows keeps the copy of the user's password encrypted, it also saves a copy of the secret key to decrypt it in memory


In 2014, Microsoft responded to this security hole with a patch that allows system administrators to disable the " WDiges t" passwords so that they are not stored. This notice from Microsoft explains how to update a special registry entry.


HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ SecurityProviders \ WDigest




In Windows 8 and above, the default setting is to not store clear text passwords in lsass.



mimikatz comes in two flavors: x64 or Win32, depending on your version of Windows (32/64 bits). 
The flavor of Win32 can not access the 64-bit process memory (such as lsass), but it can open a 32-bit minidump in Windows 64 bits. Some operations need administrator privileges or system token, so consider the UAC of the Vista version. 


privilege :: debug 
inject :: process lsass.exe s 
ekurlsa.dll@getLogonPasswords 
sekurlsa :: logonpasswords

Modules of use of mimikatz with Metasploit



meterpreter > mimikatz_command -f fu ::
Module: 'fu' introuvable

Modules available: 
                - Standard
      crypto - Cryptographie et certificats
        hash - Hash
      system - Gestion système
     process - Manipulation des processus
      thread - Manipulation of threads
     service - Manipulation des services
   privilege - Manipulation des privilèges
      handle - Manipulation des handles
 impersonate - Manipulation tokens d'accès
     winmine - Manipulation du démineur
 minesweeper - Manipulation du démineur 7
       nogpo - Anti-gpo et patchs divers
     samdump - SAM Dump
      inject - Injecteur de librairies
          ts - Terminal Server
      divers - Fonctions diverses n'ayant pas encore assez de corps pour avoir leurs propres module
    sekurlsa - Dump des sessions courants for providers LSASS
         efs - Manipulations EFS


Modules of mimikatz





Technical characteristics (features)

  • Dump credentials from LSASS (Windows Local Security Account database)
  • MSV1.0: hashes & keys (dpapi)
  • Kerberos password, ekeys, tickets, & PIN
  • TsPkg (password)
  • WDigest (clear-text password)
  • LiveSSP (clear-text password)
  • SSP (clear-text password)
  • Generate Kerberos Golden Tickets (Kerberos TGT logon token ticket attack)
  • Generate Kerberos Silver Tickets (Kerberos TGS service ticket attack)
  • Export certificates and keys (even those not normally exportable).
  • Dump cached credentials
  • Stop event monitoring.
  • Bypass Microsoft AppLocker / Software Restriction Polcies
  • Patch Terminal Server
  • Basic GPO bypass
Yara rules for tool detection

LaZagne Project



The LaZagne project is an open source application used to recover many passwords stored on local computers. Many software products store access passwords using different techniques, from common plain text, through databases, APIs and proprietary algorithms. 

This tool was developed for the purpose of finding such passwords for the most commonly used software products. It currently supports 22 Windows programs and 12 Linux / Unix operating systems:



In the GitHub repository of the product there are more details about its use and alternatives to extend it.


An important precaution that we can take in our teams, to avoid the findings of programs like LaZagne is to clean up the traces of our activities, for example through a program like CCleaner (although it does not eliminate everything that LaZagne finds, if it does with everything related to the clues that remain of the use of Internet browsers for example). 
As in recent years ToolsWatch , a website to keep the arsenal of security and hacking tools updated, has published the top 10 of the most voted tools by its readers:






1. OWASP ZAP



OWASP ZAP (Zed Attack Proxy Project) is one of the best known tools for intrusion testing in web applications. ZAP offers automatic scanners that are easy to use, in order to verify if our web applications are safe. It also has a complete set of tools that will allow us to modify the intrusion tests and allow discovering vulnerabilities in a "manual" way. ToolsWatch readers have voted OWASP ZAP as the best security tool of the year 2015. You can visit the official website of OWASP ZAP where you will find tutorials of use.


2. Lynis



This open source tool allows to perform security audits, allows to evaluate the security measures applied to systems based on Unix and also on Linux. This application runs on the host itself where we want to evaluate security, so the security analysis is much broader than typical vulnerability scanners.



3. Haka



Haka is not a security tool, it is an open source language oriented to security that allows us to describe protocols and apply security policies while capturing traffic in real time, adapting to the circumstances.



4. Faraday


It is an integrated intrusion testing environment and is designed specifically for the distribution, indexing and analysis of data generated during the security audit process. This tool is capable of creating real-time graphs of captured traffic for analysis and also for further study.



5. BeEF


This well-known framework is responsible for the exploitation of web browsers, The Browser Exploitation Framework is able to control all victims by executing different types of payloads, it also allows to capture a large amount of valuable information such as the operating system used, the web browser, the IP address and also the cookies.



6. Burp Suite


This tool is also widely known in the world of security, is responsible for performing different security tests in web applications. It is in charge from the initial process, going through the analysis of the different attacks that can be carried out, and ending with the exploitation of the vulnerabilities found.





7. PeStudio



It is an application that performs an initial malware evaluation of any executable file, this tool allows you to analyze it without running the file, so we will not have any risk when analyzing a malicious file .





8. Nmap

The Swiss Army knife of network scanners, open source, free and widely used for the discovery of equipment, identification of services, versions of operating systems, open ports and even vulnerabilities in discovered services.





9. IDA


It is an interactive disassembler to perform reverse engineering , is programmed in C ++ and is compatible with major operating systems such as Microsoft Windows, Mac OS X and Linux.


10. OWASP Offensive (Web) Testing Framework


Finally, the security tool included in this TOP 10 is OWASP Offensive (Web) Testing Framework, a framework that is specifically responsible for gathering the best tools and making intrusion tests very efficient, automating the most repetitive tasks. This tool is written in python.




Results of 2014: 


  • 01 - Unhide (NEW)
  • 02 - OWASP ZAP - Zed Attack Proxy Project (-1?)
  • 03 - Lynis (+3?)
  • 04 - BeEF - The Browser Exploitation Framework (-2?)
  • 05 - OWASP Xenotix XSS Exploit Framework (0?)
  • 06 - PeStudio (-2?)
  • 07 - OWASP Offensive (Web) Testing Framework (NEW)
  • 08 - Brakeman (NEW)
  • 09 - WPScan (0?)
  • 10 - Nmap (NEW)


Results of 2013:



  • 01 - OWASP Zed Attack Proxy (ZAP)
  • 02 - BeEF (The Browser Exploitation Framework)
  • 03 - Burp Suite
  • 04 - PeStudio
  • 05 - OWASP Xenotix XSS Exploit Framework
  • 06 - Lynis
  • 07 - Recon-ng
  • 08 - Suricata
  • 09 - WPScan
  • 10 - O-Saft (OWASP SSL Advanced Forensic Tool)