Tag: metasploit

Windows10

Black Window 10 v2

November 12, 2018 January 8, 2019by D4RkN

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

December 5, 2018by Black Hat Sec

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil is current under support by @ChrisTruncerSoftware Requirements:The following OSs are officially supported:Debian 8+Kali Linux Rolling 2018.1+The following OSs are likely able to run Veil:Arch LinuxBlackArch LinuxDeepin 15+ElementaryFedora 22+Linux MintParrot SecurityUbuntu 15.10+SetupKali's Quick Installapt -y install veil/usr/share/veil/config/setup.sh --force --silentGit's Quick InstallNOTE:Installation must be done with superuser privileges. If you are not using the root account (as default with Kali Linux), prepend commands with sudo or change to the root user before…

Anonymous FTP ⁄ Arachni ⁄ Discover ⁄ Kali Linux ⁄ LDAP ⁄ NEW TOOLS ⁄ Nikto ⁄ Nmap ⁄ Nmap Scripts ⁄ Scan ⁄ Sn1per

Sn1per v6.0 – Automated Pentest Framework For Offensive Security Experts

November 24, 2018by Black Hat Sec

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.SN1PER PROFESSIONAL FEATURES:Professional reporting interfaceSlideshow for all gathered screenshotsSearchable and sortable DNS, IP and open port databaseCategorized host reportsQuick links to online recon tools and Google hacking queriesPersonalized notes field for each hostDEMO VIDEO:SN1PER COMMUNITY FEATURES: Automatically collects basic…

BlobRunner ⁄ C++ ⁄ Debug ⁄ NEW TOOLS

BlobRunner – Quickly Debug Shellcode Extracted During Malware Analysis

November 4, 2018by Black Hat Sec

BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis.BlobRunner allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort.To use BlobRunner, you can download the compiled executable from the releases page or build your own using the steps below.BuildingBuilding the executable is straight forward and relatively painless.RequirementsDownload and install Microsoft Visual C++ Build Tools or Visual StudioBuild StepsOpen…

DarkSpiritz ⁄ Mac ⁄ NEW TOOLS ⁄ Penetration Test Framework ⁄ penetration testing ⁄ Penetration Testing Framework ⁄ Pentesting Framework ⁄ Testing Framework

DarkSpiritz v2.0 – A Penetration Testing Framework For Linux, MacOS, And Windows Systems

October 31, 2018by Black Hat Sec

A penetration testing framework for Linux and Windows systems.What is DarkSpiritz?Created by the SynTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as "Roxysploit". You may be familiar with this framework and if you are then it will help you with DarkSpiritz. DarkSpiritz also works like another pentesting framework known as Metasploit. If you know how…

Hacking Tool ⁄ Mac ⁄ Metasploit Web Delivery ⁄ NEW TOOLS ⁄ PasteJacker ⁄ PasteJacking ⁄ penetration testing ⁄ Python3 ⁄ Social Engineering Attacks ⁄ Web Hacking ⁄ Windows Hacking

PasteJacker – Add PasteJacking To Web-Delivery Attacks

October 28, 2018by Black Hat Sec

The main purpose of the tool is automating (PasteJacking/Clipboard poisoning/whatever you name it) attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there's no tool doing this job the right way.Now while this attack depends on what the user will paste, imagine adding this attack to Metasploit web delivery module.See this simple scenario to make things clear:The target opens an HTML page served by the tool and this page has…

DarkSpiritz ⁄ NEW TOOLS ⁄ Penetration Test Framework ⁄ penetration testing ⁄ Penetration Testing Framework ⁄ Pentest Tool ⁄ Testing Framework

DarkSpiritz – A Penetration Testing Framework For UNIX Systems

October 4, 2018by Black Hat Sec

What is DarkSpiritz?Created by the SecTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as "Roxysploit". You may be familiar with this framework and if you are then it will help you with DarkSpiritz. DarkSpiritz also works like another pentesting framework known as Metasploit. If you know how to use metasploit setting up and working with…

Injection tool ⁄ JavaScript ⁄ Metasploit Framework ⁄ NEW TOOLS ⁄ Node.js ⁄ NodeXP ⁄ Penetration Test

NodeXP – Detection and Exploitation Tool for Node.js Services

October 1, 2018by Black Hat Sec

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!Getting Started - Installation & UsageDownload NodeXP by cloning the Git repository:git clone get a list of all options run:python2.7 nodexp -hExamples for POST and GET cases accordingly:python2.7 nodexp.py --url="" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py --url="" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blindpython2.7 nodexp.py --url="[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py --url="[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blindDisclaimerThe tool’s purpose is strictly academic and was developed in order…

penetration testing ⁄ TUTORIALS

Multiple Ways to Bypass UAC using Metasploit

September 16, 2018by Black Hat Sec

Hello friends!! Today we are shading light on User Account Control shortly known as UAC. We will also look how it can potentially protect you from malicious software and ignoring UAC prompt can trouble your system. Table of content Introduction to UAC What is UAC? Working of UAC 5 ways to Bypass UAC Windows Escalate UAC Protection Bypass Windows Escalate UAC Protection Bypass (In Memory Injection) Windows UAC Protection Bypass (Via FodHelper Registry Key) Windows Escalate UAC Protection Bypass (Via Eventvwr Registry Key) Windows…

BIND ⁄ Hershell ⁄ Mac ⁄ NEW TOOLS ⁄ Socat ⁄ TLS

Hershell – Simple TCP reverse shell written in Go

September 13, 2018by Black Hat Sec

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception.Supported OS are:WindowsLinuxMac OSFreeBSD and derivativesWhy ?Although meterpreter payloads are great, they are sometimes spotted by AV products.The goal of this project is to get a simple reverse shell, which can work on multiple systems,How ?Since it's written in Go, you can cross compile the source for the desired architecture.Building the payloadTo simplify things, you can use the…