Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/banlisttemp): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 273

Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/banlist): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 277

Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/ips): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 281

Warning: Cannot modify header information - headers already sent by (output started at /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php:273) in /home/seclistu/public_html/wp-includes/feed-rss2.php on line 8
Spoofing/Spoofer – Security List Network™ http://seclist.us Wed, 25 Apr 2018 22:10:46 +0000 en-US hourly 1 Client Killer – bypass tool for internet cafe clients. http://seclist.us/client-killer-bypass-tool-for-internet-cafe-clients.html Mon, 20 Nov 2017 09:25:25 +0000 http://seclist.us/?p=15985 LEGAL DISCLAMER!

The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish  by law, this script was build to show how resource files can automate tasks.

Client Killer is A Net Cafe client bypass tool. Fully portable, powerful and super beefed up.
Complete with array scanners, B-E-A-utiful Flat UI, Stealth Spoofer, and a useful fail safe / panic mode system.

Feature:
– Targets process ID’s
– kills it then hijacks it like nothing happened.
– Auto Detection: Handy Cafe, Cafe Manila, Cafe Agent.
– Stealth Spoofer.

Client Killer

Usage and Download:

git clone https://github.com/tragenalpha/ck6 && cd ck6
cd Release
ck6.exe

Source: https://github.com/tragenalpha

]]>
The Social-Engineer Toolkit (SET) v7.4.5 Codename: ‘recharged’. http://seclist.us/the-social-engineer-toolkit-set-v7-4-5-codename-recharged.html Fri, 13 Jan 2017 21:44:43 +0000 http://seclist.us/?p=13149 Changelog The Social-Engineer Toolkit (SET) v7.4.5:
* update fasttrack wordlist (git suggestion)
* updated teensy codebase thanks to mikecjudge

The Social-Engineer Toolkit (SET) v7.4.5

Social-Engineering-Toolkit v7.4.4

social-engineer-toolkit v7.4.1

social-engineer-toolkit v7.4.1

The Social Engineering Toolkit v7.3.15

The Social Engineering Toolkit v7.3.15

::Main Menu::
* Social-Engineering Attacks:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) Wireless Access Point Attack Vector
8) QRCode Generator Attack Vector
9) Powershell Attack Vectors
10) SMS Spoofing Attack Vector
11) Third Party Modules

* Penetration Testing (Fast-Track):
1) Microsoft SQL Bruter
2) Custom Exploits
3) SCCM Attack Vector
4) Dell DRAC/Chassis Default Checker
5) RID_ENUM – User Enumeration Attack
6) PSEXEC Powershell Injection

* Third Party Modules
* Update the Social-Engineer Toolkit
* Update SET configuration

set v7.1

set v7.1

The Social Engineering Toolkit v7.0.6

The Social Engineering Toolkit v7.0.6

DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.

Features:
The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.

 menu:
1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Social-Engineer Toolkit
5) Update SET configuration
6) Help, Credits, and About

99) Exit the Social-Engineer Toolkit

Supported platforms
+ Linux
+ Mac OS X

Usage:

git clone https://github.com/trustedsec/social-engineer-toolkit && cd social-engineer-toolkit
python setup.py install
setoolkit

Update:
git pull origin master

sudo ./setup.py install
setoolkit

Source: https://github.com/trustedsec | Our  Post Before | v7.4.5.zip | v7.4.5.tar.gz

]]>
OSPTF – Open Source Penetration Test Framework. http://seclist.us/osptf-open-source-penetration-test-framework.html Tue, 06 Sep 2016 21:03:02 +0000 http://seclist.us/?p=11886 OSPTF – Open Source Penetration Test Framework. is a Based on Open Source Penetration Test Tools.
Requirements:
* All Linux
* Python ( Python 2 )
* Ruby ## Feature

Version:
+ (CUI VERSION)
+ (GUI BETA VERSION)

OSPTF ( CUI VERSION )

OSPTF ( CUI VERSION )

***** All Categories ******
1) Information Gathering
2) Vulnerability Analysis
3) Wireless Attacks
4) Web Applications
5) Sniffing & Spoofing
6) Maintaining Access
7) Reporting Tools
8) Exploitation Tools
9) Forensics Tools
10) Stress Testing
11) Password Attacks
12) Reverse Engineering
13) Hardware Hacking
14) Extra

::Information Gathering::
1) acccheck
2) ace-voip
3) Amap
4) Automater
5) bing-ip2hosts
6) braa
7) CaseFile
8) CDPSnarf
9) cisco-torch
10) Cookie Cadger
11) copy-router-config
12) DMitry
13) dnmap
14) dnsenum
15) dnsmap
16) DNSRecon
17) dnstracer
18) dnswalk
19) DotDotPwn
20) enum4linux
21) enumIAX
22) exploitdb
23) Fierce
24) Firewalk
25) fragroute
26) fragrouter
27) Ghost Phisher
28) GoLismero
29) goofile
30) lbd
31) Maltego Teeth
32) masscan
33) Metagoofil
34) Miranda
35) Nmap
36) ntop
37) p0f
38) Parsero
39) Recon-ng
40) SET
41) smtp-user-enum
42) snmpcheck
43) sslcaudit
44) SSLsplit
45) sslstrip
46) SSLyze
47) THC-IPV6
48) theHarvester
49) TLSSLed
50) twofi
51) URLCrazy
52) Wireshark
53) WOL-E
54) Xplico
55) iSMTP
56) InTrace
57) hping3

::Vulnerability Analysis tools::
1) BBQSQL
2) BED
3) cisco-auditing-tool
4) cisco-global-exploiter
5) cisco-ocs
6) cisco-torch
7) copy-router-config
8) commix
9) DBPwAudit
10) DoonaDot
11) DotPwn
12) Greenbone Security Assistant
13) GSD
14) HexorBase
15) Inguma
16) jSQL
17) Lynis
18) Nmap
19) ohrwurm
20) openvas-administrator
21) openvas-cli
22) openvas-manager
23) openvas-scanner
24) Oscanner
25) Powerfuzzer
26) sfuzz
27) SidGuesser
28) SIPArmyKnife
29) sqlmap
30) Sqlninja
31) sqlsus
32) THC-IPV6
33) tnscmd10g
34) unix-privesc-check
35) Yersinia

::Wireless Attacks::
1) Aircrack-ng
2) Asleap
3) Bluelog
4) BlueMaho
5) Bluepot
6) BlueRanger
7) Bluesnarfer
8) Bully
9) coWPAtty
10) crackle
11) eapmd5pass
12) Fern Wifi Cracker
13) Ghost Phisher
14) GISKismet
15) gr-scan
16) kalibrate-rtl
17) KillerBee
18) Kismet
19) mdk3
20) mfcuk
22) mfoc
23) mfterm
24) Multimon-NG
25) PixieWPS
26) Reaver
27) redfang
28) RTLSDR Scanner
29) Spooftooph
30) Wifi Honey
30) Wifitap
31) Wifite

::Forensic::
1) Binwalk
2) bulk-extractor
3) Capstone
4) chntpw
5) Cuckoo
6) dc3dd
7) ddrescue
8) DFF
9) diStorm3
10) Dumpzilla
11) extundelete
12) Foremost
13) Galleta
14) Guymager
15) iPhone Backup Analyzer
16) p0f
17) pdf-parser
18) pdfid
19) pdgmail
20) peepdf
21) RegRipper
22) Volatility
23) Xplico

Usage and download from git:

git clone https://github.com/zer0worm/OSPTF && cd OSPTF
python setup.py install

Source: https://github.com/zer0worm

]]>
Poof will spoof the location of your iOS device on Find my Friends and Find my iPhone to anywhere in the world! http://seclist.us/poof-will-spoof-the-location-of-your-ios-device-on-find-my-friends-and-find-my-iphone-to-anywhere-in-the-world.html Sat, 03 Sep 2016 02:04:49 +0000 http://seclist.us/?p=11866 Poof will spoof the location of your iOS device on Find my Friends and Find my iPhone to anywhere in the world!

Noted:
* Apple does not appear to store UDID information as of iOS 9, so currently, you have to manually enter the UDID of the device that you want to spoof location data for. If you do not have or do not want to use your appleID / password, you can also use a MobileMeAuthToken.
* Poof will spoof your location every 5 seconds until you terminate the program. You can run it in the background and forget about it, or run it 24/7 on a device that can always be powered on, like the Raspberry Pi. You can run poof for years without it locking you out of your account, due to the way that poof retrieves authentication tokens.

poof

poof

Dependencies:
+ Python 2.7.x
+ python module: urllib urllib2 getpass base64 plistlib traceback
+ apple ID

Use:

pip install urllib urllib2 getpass base64 plistlib traceback
git clone https://github.com/manwhoami/Poof && cd Poof
python poof.py

Source: https://github.com/manwhoami

]]>
BetterCap v1.5.8 – A complete, modular, portable and easily extensible MITM framework. http://seclist.us/bettercap-v1-5-8-a-complete-modular-portable-and-easily-extensible-mitm-framework.html Sat, 27 Aug 2016 05:43:06 +0000 http://seclist.us/?p=11809 Changelog Bettercap v1.5.8:
New Features
* New –log-http-response option.
* New –html-file PATH option.
* New –full-duplex option ( half duplex mode is now the default ).
* HTTP(S) logs from the proxy do not truncate urls to 50 characters anymore.

Fixes:
* Fixed InjectJS module bug which caused the HTML of the page to be broken in some circumstances.
* Fixed a bug which caused the HTTPS proxy not to work properly with wildcard domains.
* Fixed TeamViewer packets version parsing.
* Fixes #282: Inject modules fail on uppercase tags.
* Fixed a bug while changing/randomizing MAC address on Linux.

bettercap v1.5.8

bettercap v1.5.8

bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.
DEPENDS:
All dependencies will be automatically installed through the GEM system, in some case you might need to install some system dependency in order to make everything work:
sudo apt-get install ruby-dev libpcap-dev

HOW TO INSTALL:
Stable Release ( GEM ):
gem install bettercap

From Source:

Ubuntu/Debian/Kali:
sudo apt-get install ruby-dev libpcap-dev

Fedora/Centos/redhat
yum install ruby-dev libpcap-dev

git clone https://github.com/evilsocket/bettercap
cd bettercap
gem build bettercap.gemspec
sudo gem install bettercap*.gem

Update: 
bettercap --check-updates

Download : v1.5.8.tar.gz  | v1.5.8.zip
Source : http://www.bettercap.org/ | Our Post Before

]]>
ArpON “ARP handler inspection” v3.0-ng released. http://seclist.us/arpon-arp-handler-inspection-v3-0-ng-released.html Mon, 25 Jan 2016 07:35:38 +0000 http://seclist.us/?p=9819 IMPORTANT NOTICE:
Since ArpON 3.0-ng (next generation), ArpON has been rewritten from scratch, therefore all the old versions of ArpON (lower of 3.0-ng) are deprecated. Please upgrade all installations of ArpON and read carefully the documentation and the man page of ArpON.

ArpON -ARP handler inspection-3.0-ng

ArpON -ARP handler inspection-3.0-ng

ArpON (ARP handler inspection) is a Host-based solution that make the ARP standardized protocol secure in order to avoid the Man In The Middle (MITM) attack through the ARP spoofing, ARP cache poisoning or ARP poison routing attack.
This is possible using three kinds of anti ARP spoofing techniques:
+ SARPI (Static ARP Inspection) for the statically configured networks without DHCP;
+ DARPI (Dynamic ARP Inspection) for the dynamically configured networks with DHCP;
+ HARPI (Hybrid ARP Inspection) for the statically and dynamically configured networks with DHCP.
The goal of ArpON is therefore to provide a secure and efficient network daemon that provides the SARPI, DARPI and HARPI anti ARP spoofing technique, thus making the ARP standardized protocol secure from any foreign intrusion.

ArpON -ARP handler inspection-3.0-ng

ArpON -ARP handler inspection-3.0-ng

The features of ArpON are:
+ Free. ArpON is released under the BSD open source license. This means that you have total freedom to modify and use it with your system, even if it’s commercial.
+ Popular. ArpON is used as the network daemon by many users, both the network managers and academic researchers. ArpON is downloaded several hundred of times every month.
+ Tested and reliable. Many users have contributed over the years in testing ArpON on a wide range of Man In The Middle (MITM) attack tools through the ARP spoofing, ARP cache poisoning or ARP poison routing.
+ Easy to use. ArpON is distributed as a single tarball that once compiled, runs on every supported Operating System. You launch the executable, and from that moment the Operating System is able to avoid the Man In The Middle (MITM) attack through the ARP spoofing, ARP cache poisoning or ARP poison routing.
+ Multi-platform. Many developers have contributed over the years in porting ArpON on a wide range of GNU/Linux distributions.
+ Compatible and portable. ArpON is completely compatible with the ARP standardized protocol. ArpON is an network daemon that runs in user space, this also means that ArpON will be easily portable to other Operating Systems.
+ Well documented. The documentation of ArpON is easy and complete. The documentation contains the retrieving tutorial; the building tutorial; the installation tutorial; the user tutorial with many examples and scenarios; the development tutorial with the Activity diagrams of the SARPI, DARPI and HARPI anti ARP spoofing technique and with modular source code well commented; the bug report tutorial that takes you step-by-step through all of the features of ArpON.

Installation:

sudo apt-get install libnet1-dev
sudo apt-get install pthread
for more dependency read here http://arpon.sourceforge.net/documentation.html#11
wget http://sourceforge.net/projects/arpon/files/latest/download -O arpon.tar.gz 
wget http://sourceforge.net/projects/arpon/files/latest.md5/download -O latest.md5 
md5sum arpon.tar.gz | awk '{print $1}' > arpon.md5
mkdir arpon
tar -xvzf arpon.tar.gz -C arpon --strip-components=1

mkdir build
cd build
cmake ..
make
sudo make install

Source : http://arpon.sourceforge.net
Our Post Before

]]>
Potato – Windows privilege escalation through NTLM Relay and NBNS Spoofing. http://seclist.us/potato-windows-privilege-escalation-through-ntlm-relay-and-nbns-spoofing.html Sat, 16 Jan 2016 20:38:06 +0000 http://seclist.us/?p=9708 How it works?
Potato takes advantage of known issues in Windows to gain local privilege escalation, namely NTLM relay (specifically HTTP->SMB relay) and NBNS spoofing. Using the techniques outlined below, it is possible for an unprivileged user to gain “NT AUTHORITY\SYSYTEM” level access to a Windows host in default configurations.
The exploit consists of 3 main parts, all of which are somewhat configurable through command-line switches:

Potato - Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012

Potato – Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012

1. Local NBNS Spoofer
NBNS is a broadcast UDP protocol for name resolution commonly used in Windows environments. In penetration testing, we often sniff network traffic and respond to NBNS queries observed on a local network. For privilege escalation purposes, we can’t assume that we are able to sniff network traffic, so how can we accomplish NBNS spoofing?
If we can know ahead of time which host a target machine (in this case our target is 127.0.0.1) will be sending an NBNS query for, we can craft a response and flood the target host with NBNS responses (since it is a UDP protocol). One complication is that a 2-byte field in the NBNS packet, the TXID, must match in the request and response. We can overcome this by flooding quickly and iterating over all 65536 possible values.
In testing, this has proved to be 100% effective.

2. Fake WPAD Proxy Server
With the ability to spoof NBNS responses, we can target our NBNS spoofer at 127.0.0.1. We flood the target machine (our own machine) with NBNS response packets for the host “WPAD”, or “WPAD.DOMAIN.TLD”, and we say that the WPAD host has IP address 127.0.0.1.
At the same time, we run an HTTP server locally on 127.0.0.1. When it receives a request for “http://wpad/wpad.dat”, it responds with something like the following:

FindProxyForURL(url,host){
    if (dnsDomainIs(host, "localhost")) return "DIRECT";
    return "PROXY 127.0.0.1:80";}

This will cause all HTTP traffic on the target to be redirected through our server running on 127.0.0.1.
Interestingly, this attack when performed by even a low privilege user will affect all users of the machine. This includes administrators, and system accounts. See the screenshots “egoldstein_spoofing.png” and “dade_spoofed.png” for an example.

3. HTTP -> SMB NTLM Relay
With all HTTP traffic now flowing through a server that we control, we can do things like request NTLM authentication…
In the Potato exploit, all requests are redirected with a 302 redirect to “http://localhost/GETHASHESxxxxx”, where xxxxx is some unique identifier. Requests to “http://localhost/GETHASHESxxxxx” respond with a 401 request for NTLM authentication.
The NTLM credentials are relayed to the local SMB listener to create a new system service that runs a user-defined command. This command will run with “NT AUTHORITY\SYSTEM” privilege.

Mitigations:
Enabling “Extended Protection for Authentication” in Windows should stop NTLM relay attacks.
SMB Signing may also mitigate this type of attack, however this would require some more research on my part to confirm.

Off Broadcast NBNS Spoofing
Using the same NBNS spoofing technique as the Potato exploit, we can perform NBNS spoofing against any host for which we can talk to UDP 137. We simply need to send UDP packets quickly enough to sneak in a valid reply before the NBNS request times out.

Download : potato-master.zip
Source :https://github.com/breenmachine

]]>
arp-spoof ~ ARP-Spoofing tool written in Rust language. http://seclist.us/arp-spoof-arp-spoofing-tool-written-in-rust-language.html Wed, 06 Jan 2016 01:57:40 +0000 http://seclist.us/?p=9554 This tool allows intercepting Ipv4 traffic between two hosts on the same network. Typically between one machine and the internet gateway.arp-spoof

Features:
+ 1 to 1 route poisoning
+ save intercepted traffic as pcap file
+ automatic Ipv4 forwarding
Rust Crate Dependencies:
– pcap
– argparse
– nix
– time

TODO:
– implement n to m route poisoning
– remove –own parameter as soon as rust-pcap allows ip enumeration.

Usage:

git clone https://github.com/gcarq/arp-spoof && cd arp-spoof
cargo build 
cd arp-spoof/taget/debug
./arp-spoof -h (for print helper)

Note for arch Linux:
On Arch based Linux, install community/rust, community/cargo and core/libpcap. If not running as root, you need to set capabilities like so: sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin

Source : https://github.com/gcarq

]]>
WiFi-Pumpkin v0.71 released – Framework for Rogue Wi-Fi Access Point Attack. http://seclist.us/wifi-pumpkin-v0-71-released-framework-for-rogue-wi-fi-access-point-attack.html Wed, 30 Dec 2015 02:18:27 +0000 http://seclist.us/?p=9475 Changelog v0.71:
+ added update commits from repository
+ added QTableWidget filter (mac,ip,hostname) clients connected on AP.
+ added count of clients connected no AP.
+ changed name Tool Wifi-Pumpkin
+ locked dnsmasq support temporarily

wifipumpkin-v-0-7-1

wifipumpkin-v-0-7-1

WiFi-Pumpkin is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snooping on the traffic. can be used to capture of credentials of unsuspecting users by either snooping the communication by phishing.
Features
+ Rouge Wi-Fi Access Point
+ Deauth Clients AP
+ Probe Request Monitor
+ DHCP Starvation Attack
+ Crendentials Monitor
+ Windows Update Attack
+ Templates phishing
+ Partial bypass HSTS
+ Dump credentials phishing
+ Support airodump scan
+ Support mkd3 deauth
+ beef hook support
+ Report Logs html
+ Mac Changer
+ ARP Posion
+ DNS Spoof

Ubuntu/Kali 2.0/WifiSlax 4.11.1/Parrot 2.0.5:

git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
cd WiFi-Pumpkin
chmod +x installer.sh
./installer.sh --install

then
wifipumpkin (ubuntu)
wifi-pumpkin (kali 2.0)

Source : https://github.com/P0cL4bs

]]>
Arpy v3.15 – ARP MiTM Tool. http://seclist.us/arpy-v3-15-arp-mitm-tool.html Tue, 29 Dec 2015 19:01:45 +0000 http://seclist.us/?p=9469 Arpy is an easy-to-use ARP spoofing MiTM tool for Mac. It provides 3 targeted functions:
+ Packet Sniffing
+ Visited Domains
+ Visited Domains with Gource

arpy v3.15

arpy v3.15

Tested OS (to date):
+ Darwin 14.3.0 Darwin Kernel Version 14.3.0 (Mac OS X)
+ Kali 2.0, fedora & Ubuntu tls 14.04

Requirements:
– Python 2.7
– Gource
– Scapy

usage :

git clone https://github.com/ivanvza/arpy
cd arpy
sudo apt-get install gource (kali, Debian & Ubuntu)
yum install gource (for fedora)
pip install scapy

./arpy.py

source : https://github.com/ivanvza

]]>
Updates Inveigh is a Windows PowerShell LLMNR/NBNS spoofer. http://seclist.us/updates-inveigh-is-a-windows-powershell-llmnrnbns-spoofer.html Mon, 16 Nov 2015 09:19:17 +0000 http://seclist.us/?p=8910 Latest Change :
+ SMB relay fix: some hard coded packet data that needed to be dynamic.
+ Invoke-InveighRelay currently supports NTLMv2 HTTP to SMB relay with psexec style command execution.

Invoke-InveighRelay is the main Inveigh SMB relay function.

Invoke-InveighRelay is the main Inveigh SMB relay function.

Invoke is a Windows PowerShell LLMNR/NBNS spoofer with challenge/response capture over HTTP(S)/SMB and NTLMv2 HTTP to SMB relay.
DESCRIPTION:
Invoke is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions.

Module version of Inveigh

Module version of Inveigh

~ Parameter ~
.PARAMETER IP
Specify a specific local IP address for listening. This IP address will also be used for LLMNR/NBNS spoofing if the ‘SpoofIP’ parameter is not set.
.PARAMETER SpooferIP
Specify an IP address for LLMNR/NBNS spoofing. This parameter is only necessary when redirecting victims to another system.
.PARAMETER HTTP
Default = Enabled: Enable/Disable HTTP challenge/response capture.
.PARAMETER HTTPS
Default = Disabled: Enable/Disable HTTPS challenge/response capture. Warning, a cert will be installed in the local store and attached to port 443.
If the script does not exit gracefully, execute “netsh http delete sslcert ipport=0.0.0.0:443” and manually remove the certificate from “Local Computer\Personal” in the cert store.
.PARAMETER SMB
Default = Enabled: Enable/Disable SMB challenge/response capture. Warning, LLMNR/NBNS spoofing can still direct targets to the host system’s SMB server.
.PARAMETER LLMNR
Default = Enabled: Enable/Disable LLMNR spoofing.
.PARAMETER NBNS
Default = Disabled: Enable/Disable NBNS spoofing.
.PARAMETER NBNSTypes
Default = 20: Comma separated list of NBNS types to spoof. Types include 00 = Workstation Service, 03 = Messenger Service, 20 = Server Service, 1B = Domain Name
.PARAMETER Challenge
Default = Random: Specify a 16 character hex NTLM challenge for use with the HTTP listener. If left blank, a random challenge will be generated for each request.
.PARAMETER SMBRelay
Default = Disabled: Enable/Disable SMB relay.
.PARAMETER SMBRelayTarget
IP address of system to target for SMB relay.
.PARAMETER SMBRelayCommand
Command to execute on SMB relay target.
.PARAMETER SMBRelayUsernames
Default = All Usernames: Comma separated list of usernames to use for relay attacks. Accepts either just the username of domain\username format.
.PARAMETER SMBRelayAutoDisable
Default = Enable: Automaticaly disable SMB relay after a successful command execution on target.
.PARAMETER SMBRelayNetworkTimeout
Default = No Timeout: Set the duration in seconds that Inveigh will wait for a reply from the SMB relay target after each packet is sent.
.PARAMETER Repeat
Default = Enabled: Enable/Disable repeated LLMNR/NBNS spoofs to a victim system after one user challenge/response has been captured.
.PARAMETER ForceWPADAuth
Default = Enabled: Matches Responder option to Enable/Disable authentication for wpad.dat GET requests. Disabling can prevent browser login prompts.
.PARAMETER ConsolePrompt
Default = Enabled: Enable/Disable the console prompt.
.PARAMETER RunTime
Set the run time duration in minutes. Note that leaving the Inveigh console open will prevent Inveigh from exiting once the set run time is reached.
.PARAMETER ConsoleOutput
Default = Console Output Disabled: Enable/Disable realtime console output.
.PARAMETER FileOutput
Default = File Output Disabled: Enable/Disable realtime file output.
.PARAMETER OutputDir
Default = Working Directory: Set an output directory for log and capture files.
.PARAMETER ShowHelp
Default = Enabled: Enable/Disable the help messages at startup.

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer with challenge/response capture over HTTP/SMB

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer with challenge/response capture over HTTP/SMB

Notes:
– Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture.
– LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets.
– SMB challenge/response captures are performed by sniffing over the host system’s SMB service.
– HTTP challenge/response captures are performed with a dedicated listener.
– The local LLMNR/NBNS services do not need to be disabled on the host system.
– LLMNR/NBNS spoofer will point victims to host system’s SMB service, keep account lockout scenarios in mind.
– Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS.
– Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system.
– Output files will be created in current working directory.
– If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns.
– Code is proof of concept level and may not work under some scenarios.

Usage :
Obtain an elevated administrator or SYSTEM shell. If necessary, execute Set-ExecutionPolicy Unrestricted within PowerShell.
To execute with default settings:

Inveigh.ps1 -i localip

To execute with features enabled/disabled:

Inveigh.ps1 -i localip -LLMNR Y/N -NBNS Y/N -HTTP Y/N -SMB Y/N

Download: Master.zip  | Clone Url | Our Post Before
Source : https://github.com/Kevin-Robertson

]]>
MCfly is an interactive program that spoofs MAC addresses in a given interval. http://seclist.us/mcfly-is-an-interactive-program-that-spoofs-mac-addresses-in-a-given-interval.html Thu, 29 Oct 2015 13:45:22 +0000 http://seclist.us/?p=8730 MCfly is an interactive tool for Linux that spoofs MAC addresses in a given interval.mcfly
Script :

import uuid, re, random, os, subprocess, time, threading, sys, string
from colorama import init

###Colors###
init(autoreset=True)
white = '\x1B[37m';dgray = '\x1b[90m';DGRAY = '\x1b[100m';lred = '\x1b[91m';LRED = '\x1b[101m';lgreen = '\x1b[92m';LGREEN = '\x1b[102m';lyellow = '\x1b[93m';LYELLOW = '\x1b[103m';lblue = '\x1b[94m';LBLUE = '\x1b[104m';lmagenta = '\x1b[95m';LMAGENTA = '\x1b[105m';lcyan = '\x1b[96m';LCYAN = '\x1b[106m';lgray = '\x1b[97m';LGRAY = '\x1b[107m';BOLD = '\x1B[1m'

###Art###
print lyellow + '''
   ___           __         
  / _ )___ _____/ /__       
 / _  / _ `/ __/  '_/       
/____/\_,_/\__/_/\_\        
/_  __/__/_  __/ /  ___     
 / / / _ \/ / / _ \/ -_)    
/_/__\___/_/_/_//_/\__/     
  / __/_ __/ /___ _________ 
 / _// // / __/ // / __/ -_)
/_/  \_,_/\__/\_,_/_/  \__/ 
MCfly is an interactive program that spoofs 
MAC addresses in a given interval.
Author is not responsible to any damage caused
by this program
KittySec(C)                            
'''

###List of vendor MAC prefix
vendors = ['00:05:9A', '00:19:56', '00:02:B3', '00:00:C6', '00:11:11', '00:48:54'] 

def countdown(t):
	while t:	
	      	mins, secs = divmod(t, 60)
       		timeformat = '{:02d}:{:02d}'.format(mins, secs)
		sys.stdout.write(lmagenta + '\r' + '[info]' + white + ' Next spoof in: ' + str(timeformat).strip('\'\(\)') + ' seconds\r')
		sys.stdout.flush()
	       	time.sleep(1)
	        t -= 1
	       
def rand(size=2, chars=string.hexdigits):
	return str(''.join(random.choice(chars) for _ in range(size)))

def generateMAC():
	randomMAC = random.choice(vendors) + ':' + rand() + ':' + rand() + ':' + rand()
	return str(randomMAC).upper()

def spoofMAC(iface, interval):
	threading.Timer(interval, spoofMAC, [iface, interval]).start()
	try:
		#Parse ifconfig
		generatedMAC = generateMAC()
		cmd = 'ifconfig ' + str(iface) + ' hw ether ' + generatedMAC
		os.system(cmd)
		spoofedMAC = str(subprocess.check_output(['ifconfig'])).split('HWaddr')
		spoofedMAC = spoofedMAC[1].split(' ')
		spoofedMAC = spoofedMAC[1]
	
		#Check for successful spoofing
		if spoofedMAC.upper() == generatedMAC:
			print lgreen + '[+]' + ' Spoofed MAC address to ' + generatedMAC
			countdown(interval)
		else:
			print lred + '[-] There was an error'
	except Exception, e:
		print lred + '[-] Error ' + str(e)


originalMAC = str(':'.join(re.findall('..', '%012x' % uuid.getnode()))).upper()
print lmagenta + '[info] ' + white + 'Original MAC address is: ' + originalMAC

#List available interfaces
availIfaces = str(os.listdir('/sys/class/net/'))

#Take user input
iface = str(raw_input(lyellow + '[?] Choose interface: ' + availIfaces + '\n'))
interval = int(raw_input(lyellow + '[?] Each how many minutes would you like to spoof to a newer MAC address?\n'))
interval = interval * 60
spoofMAC(iface, interval)

Source : https://github.com/kittysec

]]>