Pentesting WIKI
So I started working on a wiki to drop occasional oneliners and examples that I’ve come across that are useful. It’s a work in progress and any suggestions are welcome.
bhafsec.com/wiki/
So I started working on a wiki to drop occasional oneliners and examples that I’ve come across that are useful. It’s a work in progress and any suggestions are welcome.
bhafsec.com/wiki/
rcrypt is a Windows PE binary crypter (a type of packer) written by Rage that has a bunch of features and makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many other Avs.
Writeup
Release
Utilite Pro is a quad core ARM cortex-A9 machine with up to 4 GB of RAM, up to 512 GB mSATA SSD, HDMI and DVI-D output, dual (2x) 1GB nics, a built in wireless card and 4 USB ports. The guys from OffSec show you how to build your Arm image to run on it. Not too bad for a $200 dropbox that you can use on site during pentests.
Just a little tool that will BSOD a machine vulnerable to MS12-020. Tested on XP sp3 & Win2k3 Sp2. Download ::HERE::
This is a program illwill made in assembly that does a reverse Caller ID lookup. Just type or paste the number in the box and press ‘lookup’, if it finds any data it’ll display it on the screen above. Works with some cell phone numbers too.
Download it ::HERE::
Added a program I made a few years ago that simulates phone box tones
(DTMF, Blue, red,orange,silver,etc…)
Download it our ::files section::
Started working on re-adding files to the files section, this will include programs and assembly source code from our past programs...
Just submitted my first attempt to write something for Metasploit @ dev.metasploit.com. It jacks victim’s bitcoin wallets on windows boxes and sends them back to attacker on meterpreter. saves wallet in your loot folder, on windows it would be %userprofile%\.msf3\loot on nix it would be /root/.msf3/loot
RobinHood is a simple program in assembler that steal’s the victim’s BitCoin wallet.dat and uploads it to an FTP server. You need to assemble the source yourself, get it ::HERE::
Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can basically own a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc....