Viproy - VoIP Penetration Testing and Exploitation Kit

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.

Current Version and Updates
Current version: 4.1 (Requires ruby 2.1.X and Metasploit Framework Github Repo)
Pre-installed repo: https://github.com/fozavci/metasploit-framework-with-viproy

Homepage of Project
http://viproy.com

Talks

Black Hat USA 2016 - VoIP Wars: The Phreakers Awaken
https://www.slideshare.net/fozavci/voip-wars-the-phreakers-awaken
https://www.youtube.com/watch?v=rl_kp5UZKlw

DEF CON 24 - VoIP Wars: The Live Workshop
To be added later

Black Hat Europe 2015 - VoIP Wars: Destroying Jar Jar Lync
http://www.slideshare.net/fozavci/voip-wars-destroying-jar-jar-lync-unfiltered-version
https://youtu.be/TMdiXYzY8qY

DEF CON 23 - The Art of VoIP Hacking Workshop Slide Deck
http://www.slideshare.net/fozavci/the-art-of-voip-hacking-defcon-23-workshop
https://youtu.be/hwDD7K9oXeI

Black Hat USA 2014 / DEF CON 22 - VoIP Wars: Attack of the Cisco Phones
https://www.youtube.com/watch?v=hqL25srtoEY

DEF CON 21 - VoIP Wars: Return of the SIP
https://www.youtube.com/watch?v=d6cGlTB6qKw

Attacking SIP/VoIP Servers Using Viproy
https://www.youtube.com/watch?v=AbXh_L0-Y5A

Current Testing Modules

• SIP Register
• SIP Invite
• SIP Message
• SIP Negotiate
• SIP Options
• SIP Subscribe
• SIP Enumerate
• SIP Brute Force
• SIP Trust Hacking
• SIP UDP Amplification DoS
• SIP Proxy Bounce
• Skinny Register
• Skinny Call
• Skinny Call Forward
• CUCDM Call Forwarder
• CUCDM Speed Dial Manipulator
• MITM Proxy TCP
• MITM Proxy UDP
• Cisco CDP Spoofer
• Boghe VoIP Client INVITE PoC Exploit (New)
• Boghe VoIP Client MSRP PoC Exploit (New)
• SIP Message with INVITE Support (New)
• Sample SIP SDP Fuzzer (New)
• MSRP Message Tester with SIP INVITE Support (New)
• Sample MSRP Message Fuzzer with SIP INVITE Support (New)
• Sample MSRP Message Header Fuzzer with SIP INVITE Support (New)

Documentation

Installation
Copy "lib" and "modules" folders' content to Metasploit root directory.
Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) should contains the following lines
require 'msf/core/auxiliary/sip'
require 'msf/core/auxiliary/skinny'
require 'msf/core/auxiliary/msrp'

Usage of SIP Modules
https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md

Usage of Skinny Modules
https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md

Usage of Auxiliary Viproy Modules
https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md

Download Viproy

Read More

PoshC2 - Powershell C2 Server and Implants

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework. PowerShell was chosen as the base language as it provides all of the functionality and rich features required without needing to introduce multiple languages to the framework.

Requires only Powershell v2 on both server and client

C2 Server

Implant Handler

Quick Install
powershell -exec bypass -c "IEX (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/nettitude/PoshC2/master/C2-Installer.ps1')"

Team Server
Create one PoshC2 team server and allow multiple red teamers to connect using the C2 Viewer and Implant Handler

Download PoshC2

Read More

OverThruster - HID Attack Payload Generator For Arduinos

OverThruster is a tool to generate sketches for Arduinos when used as an HID Attack. It was designed around devices with the ATMEGA32U4 chip, like the CJMCU-BEETLE, or the new LilyGo "BadUSB" devices popping up on ebay and aliexpress that look like USB sticks but contain an Arduino. I wrote this because the few other tools out there that do similar don't have as many customization options like the UAC Bypass options or the notification bubble options. I wanted to create something that could quickly generate a custom payload and that did not require anything extra to be install beyond the standard Python libraries and the Arduino IDE. I also wrote this to get better at Python. This is my first release of anything, so expect problems.

Requirements

• An Arduino that supports keyboard emulation
• Python 2.7 (Python 3 version is coming)
• Arduino IDE: https://www.arduino.cc/en/Main/Software
• NicoHood's HID: https://github.com/NicoHood/HID/ (This can be installed straight from the Arduino IDE from the menu: Sketch->.Include Library->manage Libraries and search for "HID-Project")

Use

1. start by launching OverThruster.py
2. Select the target's OS
3. Select the specific payload
4. Fill in the required settings
5. Generate the .ino file
6. Open the .ino file in the Arduino IDE
7. Flash the sketch to your Arduino device

Notes

1. After flashing the payload, the Arduino IDE will disconnect the Arduino, then it will automatically reconnect, and deliver the payload. Be ready for characters to suddenly be typed to the screen; I recommend having notepad or similar open and focused when you flash the sketch
2. OverThruster currently drops the .ino file and the Metasploit .rc file in the working directory, so look for them there.
3. For the UAC Bypass techniques, timing is key. Older devices will open the Terminal with Admin rights at a slower speed, and therefore you may need to adjust the delay() in the BypassUAC functions in the sketch
4. This is just the beginning. Many more payloads, features, options and additions are coming.
5. Please contribute if you have something to add.

Download OverThruster

Read More

TheFatRat v1.8 - Easy Tool For Generate Backdoor with Msfvenom

What is TheFatRat ??

An easy tool to generate backdoor with msfvenom (a part from metasploit framework) and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .



Automating metasploit functions

• Checks for metasploit service and starts if not present
  
• Easily craft meterpreter reverse_tcp payloads for Windows, Linux, Android and Mac and another
  
• Start multiple meterpreter reverse_tcp listners
  
• Fast Search in searchsploit
  
• Bypass AV
  
• File pumper
  
• Create backdoor with another techniq
  
• Autorunscript for listeners ( easy to use )
  
• Drop into Msfconsole
  
• Some other fun stuff :)
  

Autorun Backdoor

• Autorun work if the victim disabled uac ( user acces control ) or low uac ( WINDOWS )
• What is uac ? you can visit ( http://www.digitalcitizen.life/uac-why-you-should-never-turn-it-off )
• I have also created 3 AutoRun files
• Simply copy these files to a CD or USB
• You can change the icon autorun file or exe in folder icon ( replace your another ico and replace name with autorun.ico )

HOW CHANGE THE ICONS ?

• Copy your icon picture to folder /TheFatrat/icons
• Change the name into autorun.ico
• And Replace
• Done

Changelog
Be sure to check out the [Changelog] and Read CHANGELOG.md

Getting Started

1. git clone https://github.com/Screetsec/TheFatRat.git
2. cd TheFatRat/setup
3. chmod +x setup.sh && ./setup.sh

How it works

• Extract The lalin-master to your home or another folder
• chmod +x fatrat
• chmod +x powerfull.sh
• And run the tools ( ./fatrat )
• Easy to Use just input your number

Requirements

• A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux )
  
• Must install metasploit framework
  

READ

• if prog.c file to large when create backdoor with powerfull.sh , you can use prog.c.backup and create another backup when you running option 2

Tutorial ?

• Screetsec Channel : https://www.youtube.com/channel/UCpK9IXzLMfVFp9NUfDzxFfw
• Udate thefatrat v1.8 https://youtu.be/6skLV6zPnec?list=PLbyfDadg3caj6nc3KBk375lKWDOjiCmb8
• file Pumper in linux with fatrat https://youtu.be/rHuh5DJ476M?list=PLbyfDadg3caj6nc3KBk375lKWDOjiCmb8
• Kali linux 2016.2 | Setup FatRat and Bypass Windows 10 : https://www.youtube.com/watch?v=mkfKSCxvPec
• Embed Backdoor Apk Andoird : https://www.youtube.com/watch?v=bZg3gPuLvgs&feature=youtu.be
• Create Backdoor Php and Reconnect With TheFatRat : https://www.youtube.com/watch?v=gfS55fjd8Fg
• THEFATRAT:BACKDOOR CREATOR & BYPASS ANTIVIRUS AND INSTALL. : https://www.youtube.com/watch?v=C4YHVKPw6Zo
• Exploit Windows 7/8/10 using Thefatrat ( option 2 ) : https://www.youtube.com/watch?v=-WbKOxIl_f4
• How to hack android device with FatRat on kali linux 2 : https://www.youtube.com/watch?v=yUuwnu-NUXE
• Kali Linux Tools - TheFatRat Tool For Generate Backdoor with MsfVenom : https://www.youtube.com/watch?v=7PMfPbrM0o4
• FUD 100 % Backdoor With TheFatRat pt.1 [ PwnWinds ] [ Bypass Antivirus ] : https://www.youtube.com/watch?v=8lJBwclFwJI
• FUD 100 % Backdoor With TheFatRat pt.2 [ PwnWinds ] [ Bypass Antivirus ] : https://www.youtube.com/watch?v=t7E6DZPhLLk&t=17s
• FUD 100 % Backdoor With TheFatRat pt.3 [ PwnWinds ] [ Bypass Antivirus ] : https://www.youtube.com/watch?v=wCzsD6vt9CQ
• TheFatrat Backdoor Undetectable by Antivirus Kali linux part 3 : https://www.youtube.com/watch?v=wuOCDn0NvWc
• 1000 % FUD Backdoor with TheFatRat Tool : https://www.youtube.com/watch?v=vPXWv0jaBEQ
• How To Use TheFatRat To Create Backdoor In Kali Rolling [FUD 100%] : https://www.youtube.com/watch?v=26tSOuPcpZk
• Backdoor (Virus) 100% Indetectable | TheFatRat : https://www.youtube.com/watch?v=26tSOuPcpZk
• Backdooring Android with TheFatRat Tool- Kali Linux Tutorial : https://www.youtube.com/watch?v=1SQW9lujjT8
• Hacking Windows using TheFatRat + Apache2 Server + Ettercap + Metasploit on Kali Linux 2016.2 https://www.youtube.com/watch?v=FlXMslSjnGw
• ALL VIDEO IN HERE : https://www.youtube.com/results?search_query=thefatrat+backdoor

BUG ?

• Submit new issue
• pm me
• Hey sup ? do you want ask about all my tools ? you can join me in telegram.me/offscreetsec

Credits

• Thanks to allah and Screetsec [ Edo -maland- ]
• Dracos Linux from Scratch Indonesia ( Penetration os ) Thanksyou , you can see in http://dracos-linux.org/
• Offensive Security for the awesome OS ( http://www.offensive-security.com/ )
• http://www.kali.org/ "
  
• Jack Wilder admin in http://www.linuxsec.org
• source for c program https://github.com/rsmudge
• And another open sources tool in github
• Uptodate new tools hacking visit http://www.kitploit.com

Download TheFatRat

Read More

MeterSSH - Meterpreter over SSH

As penetration testers, it’s crucial to identify what types of attacks are detected and what’s not. After running into a recent penetration test with a next generation firewall, most analysis has shifted away from the endpoints and more towards network analysis. While there needs to be a mixture of both, MeterSSH demonstrates how easy it is to circumvent a lot of these signature based “next generation” product lines.

MeterSSH is an easy way to inject native shellcode into memory and pipe anything over SSH to the attacker machine through an SSH tunnel and all self contained into one single Python file. Python can easily be converted to an executable using pyinstaller or py2exe.

MeterSSH is easy – simply edit the meterssh.py file and add your SSH server IP, port, username, and password and run the script. It will spawn meterpreter through memory injection (in this case a windows/meterpreter/bind_tcp) and bind to port 8021. Paramiko (python SSH module) is used to tunnel meterpreter over 8021 and back to the attacker and all communications tucked within that SSH tunnel.

Features

1. Meterpreter over SSH
2. Ability to configure different IP's, addresses, etc. without the need to ever change the shellcode.
3. Monitor for the SSH connection and automatically spawn the shell

Download MeterSSH

Read More

Viproy v2.0 - VoIP Penetration Testing and Exploitation Kit

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.

Current testing modules:

• SIP Register
• SIP Invite
• SIP Message
• SIP Negotiate
• SIP Options
• SIP Subscribe
• SIP Enumerate
• SIP Brute Force
• SIP Trust Hacking
• SIP UDP Amplification DoS
• SIP Proxy Bounce
• Skinny Register
• Skinny Call
• Skinny Call Forward
• VOSS Call Forwarder (September 2014)
• VOSS Speed Dial Manipulator (September 2014)
• MITM Proxy TCP
• MITM Proxy UDP
• Cisco CDP Spoofer

Download Viproy

Read More

Maligno - Penetration Testing Tool that Serves Metasploit Payloads

Maligno is an open source penetration testing tool that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changelog: Metasploit multi-host support, socks4a server support (metasploit), last resort redirection for invalid requests and hosts out of scope, automatic client code obfuscation, delayed client payload execution, automatic metasploit resource file generation. 

Features

• Encrypted communications: Maligno is a web server which communicates via HTTP or HTTPS with the clients. Communications are encrypted with AES and encoded with Base64 both for HTTP and HTTPS. Encryption and encoding parameters can be configured. Clients do NOT validate the server certificate by default.
• On the fly shellcode generation – per session mode: Maligno will generate shellcode while starting up, and it will cache it for later use. Maligno will serve the cached shellcode to all clients that request it during the session. Maligno will maintain a cache for each configured Metasploit payload. The cache is removed when Maligno is shut down.
• Multi-payload support: You may configure Maligno with several Metasploit payloads. Clients can request different payloads to the server. Payloads are referred by an index, which is passed as a GET parameter. Such parameter can be also configured.
• Multi-server support: Maligno can run on a single server with Metasploit or in separate machines. Clients will connect to Maligno, and Maligno will generate shellcode that points to a pre-configured Metasploit multi-handler.
• SOCKS4a proxy support: Maligno helps you starting a Metasploit auxiliary socks4a proxy, which can be used with payloads such as reverse_https_proxy. This will allow you to send all your traffic through your Maligno server, in case of having a multi-server environment.
• Scope definition: Maligno allows you to define single IP addresses or ranges. This will ensure that your shellcode is served only to machines involved in your pentest. You may also use a wildcard in order to accept ANY address.
• Last resort redirection: Maligno will redirect hosts out of scope, or hosts sending invalid requests, to a configured URL.
• Client code generator and pseudorandom obfuscator: Maligno comes with a script that will generate and obfuscate (pseudorandomly) client code ready for use, based on your server configuration.
• Delayed client execution: Maligno clients use a basic random execution delay, which attempts to bypass AV-sandboxes.
• Metasploit resource file generator: Maligno generates MSF resource files based on your configuration, which can be used with msfconsole right away.

Download Maligno

Read More

Shellter - A Dynamic ShellCode Injector

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created.

It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections, adding an extra section with RWE access,and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application.

Click here to read more.

Download Shellter

Read More

Liffy - Local File Inclusion Exploitation Tool

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension called 'expect'.

For those unfamiliar I've included some links that highlight the usage of these techniques in LFI exploitation.

Exploitation

Once you have found an local file inclusion vulnerability, you simply point liffy at its location and select which technique you want to use.

./liffy --url http://target/vuln/file.php?= --data

The tool will create a PHP Meterpreter payload using msfpayload and drop it into your /tmp directory. It will then attempt to use the PHP wrapper to download the generated shell which you should have hosted by either using Node or Python's HTTP web servers.

http-server /tmp -p 8000

If all this works you should see a GET request to your shell, which is then downloaded to the working directory on the target webserver. From there a Metasploit resource file is created for you to spawn up a listening handler for inbound connections from the reverse PHP Meterpreter.

msfconsole -r php_listener.rc

Now you simply curl the location of your webshell and you should get see a new Meterpreter session spawn

curl --silent http://target/vuln/7ka0tqsq.php

Download Liffy

Read More

Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)

• A checker (site and tool) for CVE-2014-0160: https://github.com/FiloSottile/Heartbleed
• ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ
• SSL Server Test https://www.ssllabs.com/ssltest/index.html
• Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files
• Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
• Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249
• Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1
• Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160
• Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

Read More

[pMap v1.10] Passive Discovery, Scanning, and Fingerprinting

Discovery, Scanning, and Fingerprinting via Broadcast and Multicast Traffic

Features

• Reveals open TCP and UDP ports
• Uses UDP, mDNS, and SSDP to identify PCs, NAS, Printers, Phones, Tablets, CCTV, DVR, and Others
• Device Type, Make, and Model
• Operating Systems and Version
• Service Versions and Configuration
• Stand-Alone (Nmap-like output) or Agent Mode (SYSLOG)
• Metasploit Script Included

Download pMap v1.10

Read More

[autosploit] Scripts that combine Nmap and Metasploit

Scripts that will combine Metasploit and Nmap without using Lua.

Download autosploit

Read More

[Veil v1.2] A Payload Generator to Bypass Antivirus

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.

Veil was designed to run on Kali Linux, but should function on any system capable of executing python scripts. Simply call Veil from the command line, and follow the menu to generate a payload. Upon creating the payload, veil will ask if you would like the payload file to be converted into an executable by Pyinstaller or Py2Exe.

If using Pyinstaller, Veil will convert your payload into an executable within Kali.

If using Py2Exe, Veil will create three files:

• payload.py - The payload file
• setup.py - Required file for Py2Exe
• runme.bat - Batch script for compiling the payload into a Windows executable

Move all three files onto your Windows machine with Python installed. All three files should be placed in the root of the directory Python was installed to (likely C:\Python27). Run the batch script to convert the Python script into an executable format.

Place the executable file on your target machine through any means necessary and don't get caught!

Download Veil v1.2

Read More

[Viproy] VoIP Penetration Testing Kit

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports.

Project Page : http://adf.ly/145rtj

Download Viproy

Read More