Phish domain user credentials with CredsLeaker with Powershell

CredsLeaker is a powershell script that phishes information from the user. It will popup a user authentication box – The script will check the details against the domain controller until it has valid credentials.  Normally this screen is pretty common in a domain scenario and the user may have seen this box before. Once CredsLeaker … Read morePhish domain user credentials with CredsLeaker with Powershell

Deauth wireless clients and scan for hosts easily with NETATTACK 2

NETATTACK 2 is a python script that scans and attacks local and wireless networks. Everything is super easy because of the GUI that makes it unnecessary to remember commands and parameters. Check out the GitHub page for this project by clicking here.. FUNCTIONS SCAN-FUNCTIONS Scan for Wi-Fi networks Scan for local hosts in your network … Read moreDeauth wireless clients and scan for hosts easily with NETATTACK 2

Perform Wireless WPA MITM attacks using Fluxion

Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It’s compatible with the latest release of Kali (rolling). The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases. You can check out the GitHub page for this project by clicking here. How … Read morePerform Wireless WPA MITM attacks using Fluxion

Enumerate usernames on a domain with no permissions

RidRelay is a python script to enumerate usernames on a domain where you have no permissions at all. It is a quick and easy way to get domain usernames while on an internal network. RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It … Read moreEnumerate usernames on a domain with no permissions

Easily bypass MAC address filtering on WiFi

MAC Address filtering is included in all modern routers and access points. Normally you would think this is a secure way of stopping people connecting to your network? Using Kali Linux and the Aircrack/Airomon suite it only takes a few second to get around this. Start by launching the airodump utility to see wireless networks … Read moreEasily bypass MAC address filtering on WiFi

Cracking WPS Enabled WPA/WPA2 networks with Reaver

Wi-Fi Protected Setup (WPS; originally, Wi-Fi Simple Config) is a network security standard to create a secure wireless home network. Created by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to … Read moreCracking WPS Enabled WPA/WPA2 networks with Reaver

Microsoft CVE-2017-8759: .NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts … Read moreMicrosoft CVE-2017-8759: .NET Framework Remote Code Execution Vulnerability

Phishing a WiFi password from users using wifiphisher and a Rouge AP

Official website: wifiphisher.org GitHub: Wifiphisher GitHub Wifiphisher is an effective rogue Access Point framework used by hundreds of Wi-Fi hackers everyday. It is free and open source software currently available for Linux. Wifiphisher is a security tool that performs Wi-Fi automatic association attacks to force wireless clients to unknowingly connect to an attacker-controlled Access Point. … Read morePhishing a WiFi password from users using wifiphisher and a Rouge AP

Silently execute a PowerShell script with a C# application

One way of avoiding detection of your payloads is to embed your Powershell payload into a semi-legitimate executable. You can create an executable that for example, would launch Microsoft Office or Google Chrome and use the exact same icon. Using this method, you can act as a middle-man. Upon execution of the application it would … Read moreSilently execute a PowerShell script with a C# application

Spoofing file extensions with the Unicode Character ‘RIGHT-TO-LEFT OVERRIDE’ (U+202E)

One of the more interesting things Windows does is support for Right-To-Left characters. This can be a useful tool to hide the real file extension of a document. By simply inserting the unicode character U+202E you can partially reverse the file name of a document and hide it’s real extension. This website allows you to … Read moreSpoofing file extensions with the Unicode Character ‘RIGHT-TO-LEFT OVERRIDE’ (U+202E)