Phish domain user credentials with CredsLeaker with Powershell

CredsLeaker is a powershell script that phishes information from the user. It will popup a user authentication box – The script will check the details against the domain controller until it has valid credentials.  Normally this screen is pretty common in a domain scenario and the user may have seen this box before. Once CredsLeaker … Read morePhish domain user credentials with CredsLeaker with Powershell

Deauth wireless clients and scan for hosts easily with NETATTACK 2

NETATTACK 2 is a python script that scans and attacks local and wireless networks. Everything is super easy because of the GUI that makes it unnecessary to remember commands and parameters. Check out the GitHub page for this project by clicking here.. FUNCTIONS SCAN-FUNCTIONS Scan for Wi-Fi networks Scan for local hosts in your network … Read moreDeauth wireless clients and scan for hosts easily with NETATTACK 2

Enumerate usernames on a domain with no permissions

RidRelay is a python script to enumerate usernames on a domain where you have no permissions at all. It is a quick and easy way to get domain usernames while on an internal network. RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It … Read moreEnumerate usernames on a domain with no permissions

Spoofing file extensions with the Unicode Character ‘RIGHT-TO-LEFT OVERRIDE’ (U+202E)

One of the more interesting things Windows does is support for Right-To-Left characters. This can be a useful tool to hide the real file extension of a document. By simply inserting the unicode character U+202E you can partially reverse the file name of a document and hide it’s real extension. This website allows you to … Read moreSpoofing file extensions with the Unicode Character ‘RIGHT-TO-LEFT OVERRIDE’ (U+202E)

Remotely stealing windows credentials with WordSteal

Microsoft Word has the ability to include images from remote locations. This is an undocumented feature but was found used by malware creators to include images through http for statistics. We can also include remote files to a SMB server and the victim will authenticate with his logins credentials. This is very useful during a … Read moreRemotely stealing windows credentials with WordSteal

Retrieve domain password hashes with Mimikatz

Mimikatz is a windows security tool that can be used to extract passwords from Windows/Windows Servers. One way of doing this manually is extracting the information from the NTDS.DIT file, which is the Active Directory database. This can be tricky to extract, as it’s current open and generally inaccessible whilst the server is running. This … Read moreRetrieve domain password hashes with Mimikatz

Using Steganography to hide data in images

Steganography is the hiding of a secret message within an ordinary message and the extraction of it at its destination. Steganography takes cryptography a step farther by hiding an encrypted message so that no one suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted data. There are a few … Read moreUsing Steganography to hide data in images