Month: December 2018

TUTORIALSpenetration testingHacking Tools

Penetration Testing on Group Policy Preferences

Hello Friends!! You might be aware of Group Policy Preferences in Windows Server 2008 that allows system administrators to set up specific configurations. It can be used to create username and encrypted password on machines. But do you know, that a normal user can elevate privilege to local administrator and probably compromise the security of the entire domain because passwords in preference items are not secured. Table of Content What is Group Policy Preferences? Why using GPP to create a user account is a…

TUTORIALSpenetration testingHacking Tools

Exploiting Jenkins Groovy Script Console in Multiple Ways

Hello Friends!! There were so many possibilities to exploit Jenikins however we were interested in Script Console because Jenkins has lovely Groovy script console that permits anyone to run arbitrary Groovy scripts inside the Jenkins master runtime. Table of Content Jenkin’s Groovy Script Console Metasploit groovy Groovy executing shell commands -I Groovy executing shell commands -II Jenkin’s Groovy Script Console Jenkins features a nice Groovy script console which allows one to run arbitrary Groovy scripts within the Jenkins master runtime or in the runtime…


Hack the Box: Nightmare Walkthrough

Today we are going to solve another CTF challenge “Nightmare”. It is a retired vulnerable lab presented by Hack the Box for helping pentester’s to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Intermediate Task: To find user.txt and root.txt file Note: Since these labs are online available therefore they have a static IP. The IP of Nightmare is Penetrating Methodology Network scanning (Nmap) Browsing IP address…

NEW TOOLSKitPloitMost Popular Hacking Tools

Top 20 Most Popular Hacking Tools in 2018

It is the end of the year and we bring you the most popular tools of 2018 in Kitploit, we ordered the 20 tools that had most visitors from March to December 2018.For professionals working in information security, many of this tools are the same ones the hackers are using, to understand the holes in your system, you have to be able to see it in the same way that your potential adversaries can see it.Topics of the tools focus on OSINT, Information Gathering,…

NEW TOOLSInformation GatheringShodanPenetration TestEmailsVisibilityEmailhunterInformation ExtractionOSINT Python

Infoga – Email OSINT

Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet. Installation$ git clone infoga$ cd infoga$ python install$ python infoga.pyUsage$ python --domain --source all --breach -v 2 --report ../nsa_gov.txt$ python --info --breach…


ThunderDNS – Tool To Forward TCP Traffic Over DNS Protocol

This tool can forward TCP traffic over DNS protocol. Non-compile clients + socks5 support.RunSetting up NS records on our domain:Please wait for clearing DNS-cache.Simple server run:python3 ./ --domain oversec.ruSimple server run (Dockerfile):docker run <imageid> -e DOMAIN='<domain>'Simple client run (Bash):bash ./ -d -n <clientname>Simple client run (PowerShell):PS:> ./ps_client.ps1 -domain -clientname <clientname>Show registered clients list:python3 ./ --dns --dns_port 9091 --clientsRun proxy:python3 ./ --dns --dns_port 9091 --socks5 --localport 9090 --client 1Video demonstrationDownload ThunderDNS

TUTORIALSpenetration testingHacking Tools

A Little Guide to SMB Enumeration

Enumeration is very essential phase of Penetration testing, because when a pentester established active connection with victim, then he try to retrieve as much as possible information of victim’s machine, which could be useful to exploit further. In this article, we had explore SMB enumeration using Kali Linux inbuilt command-line tools only. Table of Content Nmblookup nbtscan SMBMap Smbclient Rpcclient Nmap Enum4linux nmblookup nmblookup is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries.…

Kali LinuxTUTORIALSpenetration testingHacking Tools

Defend against Brute Force Attack with Fail2ban

Daily we hear some news related to cybercrime just, like, some malicious users or bots has successfully defaced some publicly accessible website or some services. As we always try to explain through our articles, how such types of activities are possible when system is weak configured or misconfigured. Therefore, it is important to build some security measures such as IDS/IPS within firewall to defend your server and clients while configuring it. In this article we will show, how you can protect your network from…