Photos from National Cyber Security Services's post
WordPress-PT:-- #Exploiting #Wordpress #vulnerabilities discovered via #WPScan.
Objective: Find, #analyze, recreate, and #document five vulnerabilities affecting an old version of WordPress.
Setup:-
1. #VirtualBox - #Virtual #machine #manager.
2. #Kali #Linux - #Attack #OS of choice.
3. #WPDistillery - Creating a locally hosted Wordpress #site.
4. #WPScan - #Vulnerability #scanner.
1. CVE-2018-6390 - Denial Of Service Overflow (#DOS)
2. CVE-2015-5622 - Cross-Site Scripting (#XSS)
3. CVE-2017-9061 - Error in Upload when the file's too large
4. CVE 2015-5714 - Shortcode Tags
5. CVE 2017-6817 - Authenticated XSS in #Youtube #URL Embeds
#Download #Link:-
https://github.com/bryanvnguyen/WordPress-PT
WordPress-PT:-- #Exploiting #Wordpress #vulnerabilities discovered via #WPScan.
Objective: Find, #analyze, recreate, and #document five vulnerabilities affecting an old version of WordPress.
Setup:-
1. #VirtualBox - #Virtual #machine #manager.
2. #Kali #Linux - #Attack #OS of choice.
3. #WPDistillery - Creating a locally hosted Wordpress #site.
4. #WPScan - #Vulnerability #scanner.
1. CVE-2018-6390 - Denial Of Service Overflow (#DOS)
2. CVE-2015-5622 - Cross-Site Scripting (#XSS)
3. CVE-2017-9061 - Error in Upload when the file's too large
4. CVE 2015-5714 - Shortcode Tags
5. CVE 2017-6817 - Authenticated XSS in #Youtube #URL Embeds
#Download #Link:-
https://github.com/bryanvnguyen/WordPress-PT
Photos from National Cyber Security Services's post
XSRFProbe:-- The Prime Cross-Site Request Forgery (#CSRF) #Audit and #Exploitation #Toolkit.
#XSRFProbe is an #advanced Cross-Site Request Forgery (CSRF/ #XSRF) Audit and Exploitation Toolkit. Equipped with a #powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF #vulnerabilities, their related #bypasses and further generate (#maliciously) exploitable proof of concepts with each found vulnerability.
Features:-
1. Performs several types of checks before declaring an endpoint as #vulnerable.
2. Can detect several types of Anti-CSRF tokens in POST requests.
3. Works with a powerful crawler that features continuous crawling and scanning.
4. Out of the box support for custom #cookie values and generic headers.
5. Accurate Token-Strength Detection and Analysis using various #algorithms.
6. It can generate both normal as well as maliciously exploitable CSRF proof of concepts.
7. Well documented code and highly generalized #automated workflow.
8. The user is in control of everything whatever the scanner does.
9. Has a user-friendly interaction #environment with full verbose support.
10. Detailed logging system of errors, vulnerabilities, tokens, and other stuff.
#Download #Link:-
https://github.com/0xInfection/XSRFProbe
XSRFProbe:-- The Prime Cross-Site Request Forgery (#CSRF) #Audit and #Exploitation #Toolkit.
#XSRFProbe is an #advanced Cross-Site Request Forgery (CSRF/ #XSRF) Audit and Exploitation Toolkit. Equipped with a #powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF #vulnerabilities, their related #bypasses and further generate (#maliciously) exploitable proof of concepts with each found vulnerability.
Features:-
1. Performs several types of checks before declaring an endpoint as #vulnerable.
2. Can detect several types of Anti-CSRF tokens in POST requests.
3. Works with a powerful crawler that features continuous crawling and scanning.
4. Out of the box support for custom #cookie values and generic headers.
5. Accurate Token-Strength Detection and Analysis using various #algorithms.
6. It can generate both normal as well as maliciously exploitable CSRF proof of concepts.
7. Well documented code and highly generalized #automated workflow.
8. The user is in control of everything whatever the scanner does.
9. Has a user-friendly interaction #environment with full verbose support.
10. Detailed logging system of errors, vulnerabilities, tokens, and other stuff.
#Download #Link:-
https://github.com/0xInfection/XSRFProbe
Rucky:-- A simple to use #USB #HID #Rubber #Ducky LaunchPad for #Android.
A USB HID Rubber Ducky Script All-In-One tool.
#Download #Link:-
https://github.com/mayankmetha/Rucky
Rucky:-- A simple to use #USB #HID #Rubber #Ducky LaunchPad for #Android.
A USB HID Rubber Ducky Script All-In-One tool.
#Download #Link:-
https://github.com/mayankmetha/Rucky
A USB HID Rubber Ducky Script All-In-One tool.
#Download #Link:-
https://github.com/mayankmetha/Rucky
Rucky:-- A simple to use #USB #HID #Rubber #Ducky LaunchPad for #Android.
A USB HID Rubber Ducky Script All-In-One tool.
#Download #Link:-
https://github.com/mayankmetha/Rucky
Photos from National Cyber Security Services's post
TheFatRat:-- Updated new version
#TheFatrat a massive #exploiting tool!
Easy tool to generate #backdoor and easy tool to post-exploitation attacks like #browser attack and etc. This tool compiles a #malware with popular #payload and then the compiled malware can be executed on #windows, #android, #mac. The malware that created with this tool also has an ability to #bypass most #AV #software.
Features:-
1. Fully Automating #MSFvenom & #Metasploit.
2. Local or remote listener Generation.
3. Easily Make Backdoor by category Operating System.
4. Generate #payloads in Various formats.
5. Bypass anti-virus backdoors.
6. File pumper that you can use for increasing the size of your files.
7. The ability to detect external #IP & Interface address.
8. Automatically creates AutoRun files for #USB / CDROM exploitation.
#Download #Link:-
https://github.com/Screetsec/TheFatRat
TheFatRat:-- Updated new version
#TheFatrat a massive #exploiting tool!
Easy tool to generate #backdoor and easy tool to post-exploitation attacks like #browser attack and etc. This tool compiles a #malware with popular #payload and then the compiled malware can be executed on #windows, #android, #mac. The malware that created with this tool also has an ability to #bypass most #AV #software.
Features:-
1. Fully Automating #MSFvenom & #Metasploit.
2. Local or remote listener Generation.
3. Easily Make Backdoor by category Operating System.
4. Generate #payloads in Various formats.
5. Bypass anti-virus backdoors.
6. File pumper that you can use for increasing the size of your files.
7. The ability to detect external #IP & Interface address.
8. Automatically creates AutoRun files for #USB / CDROM exploitation.
#Download #Link:-
https://github.com/Screetsec/TheFatRat
Photos from National Cyber Security Services's post
Onex v0.1:-- Onex is a #hacking #tool installer and package manager for #hackers. Onex is a library of all hacking tools for Termux and other #Linux distributions. onex can install any third-party tool or any hacking tool for you.
"onex a hacking tools library." Onex is a #kali Linux hacking tools installer for #termux and other Linux distribution. It's a package manager for hackers. onex manages large numbers of hacking tools that can be installed on a single click. Using onex, you can install all hacking tools in Termux and other Linux based distributions. onex can install more than 370+ kali Linux hacking tools. use onex install [tool_name] command to install any hacking tool.
onex works on any of the following operating systems:-
1. #Android (Using the Termux App)
2. Linux (Linux Based Systems)
#Download #Link:-
https://github.com/rajkumardusad/onex
Onex v0.1:-- Onex is a #hacking #tool installer and package manager for #hackers. Onex is a library of all hacking tools for Termux and other #Linux distributions. onex can install any third-party tool or any hacking tool for you.
"onex a hacking tools library." Onex is a #kali Linux hacking tools installer for #termux and other Linux distribution. It's a package manager for hackers. onex manages large numbers of hacking tools that can be installed on a single click. Using onex, you can install all hacking tools in Termux and other Linux based distributions. onex can install more than 370+ kali Linux hacking tools. use onex install [tool_name] command to install any hacking tool.
onex works on any of the following operating systems:-
1. #Android (Using the Termux App)
2. Linux (Linux Based Systems)
#Download #Link:-
https://github.com/rajkumardusad/onex
InjuredAndroid:-- A #Vulnerable #Android #Application That Shows Simple Examples Of #Vulnerabilities In A #CTF Style.
Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.
Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.
#Download #Link:-
https://github.com/B3nac/InjuredAndroid
InjuredAndroid:-- A #Vulnerable #Android #Application That Shows Simple Examples Of #Vulnerabilities In A #CTF Style.
Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.
Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.
#Download #Link:-
https://github.com/B3nac/InjuredAndroid
Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.
Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.
#Download #Link:-
https://github.com/B3nac/InjuredAndroid
InjuredAndroid:-- A #Vulnerable #Android #Application That Shows Simple Examples Of #Vulnerabilities In A #CTF Style.
Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.
Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.
#Download #Link:-
https://github.com/B3nac/InjuredAndroid