PRINT
PRINT
SEND MAIL
SEND MAIL

Category: NTLM

Windows10

Black Window 10 v2 (codename: Polemos)

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system and…

Debian

Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

DistributedFireworkNEW TOOLSNTLMPenetration TestRDPRed TeamSocial EngineeringTLS

Firework – Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it.This tool may be used as part of a penetration test or red team exercise to create a .wcx payload (and associated feed) that if clicked on could be used to:Phish for credentials - NetNTLM hashes will be sent…

ExchangeRelayXJSONNEW TOOLSNTLMOWASMBWebserver

ExchangeRelayX – An NTLM Relay Tool To The EWS Endpoint For On-Premise Exchange Servers (Provides An OWA For Hackers)

Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with access to the user's mailbox and contacts.BackgroundReleased at Defcon26. View the background on the tool, the core issues being exploited, and a recorded demo here: install -r requirements.txtUsage./exchangeRelayx.py -t XML…

Exchange ServicesHiddenNBNSNEW TOOLSNTLMNtlmRelayToEWSSMB

NtlmRelayToEWS – Ntlm Relay Attack To Exchange Web Services

ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS). It spawns an SMBListener on port 445 and an HTTPListener on port 80, waiting for incoming connection from the victim. Once the victim connects to one of the listeners, an NTLM negociation occurs and is relayed to the target EWS server.Obviously this tool does NOT implement the whole EWS API, so only a handful of services are implemented that can be useful in some attack scenarios. I might be adding…

Active DirectoryJavaScriptLogonTracerNEW TOOLSNTLM

LogonTracer – Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log

Investigate malicious logon by visualizing and analyzing Windows active directory event logs.ConceptLogonTracer associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used.This tool can visualize the following event id related to Windows logon based on this research.4624: Successful logon4625: Logon failure4768: Kerberos Authentication (TGT Request)4769: Kerberos Service Ticket (ST Request)4776: NTLM Authentication4672: Assign special privilegesMore…

MacNetBIOSNetwork ProtocolsNEW TOOLSNTLMProtocols

Impacket – Collection Of Python Classes For Working With Network Protocols

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself.Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.The following protocols…