Luckystrike: An Malicious Office Document Generator!

Close on the heels of my earlier post about MicroSploit, the Microsoft Office Exploitation Toolkit, that was on the *NIX platform, this post is about Luckystrike, a malicious Microsoft Office malicious document generator on Microsoft’s very own Windows platform.

Luckystrike
Luckystrike – Malicious Office Document Generator

Continue reading “Luckystrike: An Malicious Office Document Generator!”

MicroSploit: The Office Exploitation Toolkit!

This is a short post about MicroSploit, an open source toolkit that helps you create custom office platform based backdoors using the Metasploit framework and the different payloads it supports.

Microsploit
Microsploit

It is a simple bash script that uses command line inputs and Zenity for creating GTK+ dialog boxes to accept additional input. As of now, MicroSploit supports the creation of backdoors for the following platforms:

  • MS12-027 MSCOMCTL ActiveX Buffer Overflow
  • Microsoft Office Word Malicious Macro Execution on Windows
  • Microsoft Office Word Malicious Macro Execution on Mac OS X (Python)
  • Apache OpenOffice Text Document Malicious Macro Execution on Windows (PSH)
  • Apache OpenOffice Text Document Malicious Macro Execution on Linux/OSX (Python)

The toolkit is Metasploit v4.14.0-dev compliant and since this is all done via Metaspoit, the following payloads are supported:

  • windows/shell_bind_tcp
  • windows/shell/reverse_tcp
  • windows/meterpreter/reverse_tcp
  • windows/meterpreter/reverse_tcp_dns
  • windows/meterpreter/reverse_http
  • windows/meterpreter/reverse_https
  • python/meterpreter/reverse_tcp
  • generic/shell_reverse_tcp
  • linux/x86/shell_reverse_tcp
  • linux/x86/meterpreter/reverse_tcp
  • osx/armle/shell_reverse_tcp
  • osx/ppc/shell_reverse_tcp
  • bsd/x86/shell/reverse_tcp
  • solaris/x86/shell_reverse_tcp

All in all this version, code named “Mario Bros” is easy to use and supported on operating systems such as Kali Linux, Parrot Security OS and  BackBox out of the box. You will have to install the necessary tools for this to work on your OS. This tool can also be customized to run other Metasploit supported client side attacks related to Adobe,  and other software’s easily.

Installing MicroSploit:

Start by checking out the GIT repository, browse to the directory created and run the following to access the tool:

chmod +x Microsploit && ./Microsploit

 

Invoke-Phant0m: The Windows Event Log Killer!

This short post is about Invoke-Phant0m, which “walks” thread stacks of the Event Log Service process (specifically svchost.exe), identifies them and kills Event Log Service Threads. This will render the system unable to collect system logs, while the Event Log Service appears to be running.

Invoke-Phant0m
Invoke-Phant0m

Invoke-Phant0m is an open source Microsoft Windows based event log killer in PowerShell that can help you hide your activities on a server post-exploitation. The only problem I see with this script is that it needs Administrative privileges to execute, but post exploitation this wont be true as you already might have those privileges or gain them and then run this script. A few more PowerShell related projects from the PenTestIT blog can be found here. It’s really encouraging to see PowerShell being used in so many projects and maybe tomorrow it will be added to other frameworks such as Nishang, etc.

Get Invoke-Phant0m:

You can get Invoke-Phant0m.ps1 from it’s GitHub page here.

howmanypeoplearearound: Detect People Around You!

This is a short post about howmanypeoplearearound, an open source tool in Python that can help you identify the number of people in the vicinity of your WiFi connection.

howmanypeoplearearound
howmanypeoplearearound

Continue reading “howmanypeoplearearound: Detect People Around You!”

Invoke-Obfuscation: A PowerShell Command & Script Obfuscator!

This is a short post about a cool PowerShell script – Invoke-Obfuscation that can help us a lot post exploitation. Why PowerShell? It is because, this shell and scripting language is already present on most modern Windows operating systems. It also has memory only execution capabilities that can help you evade anti-viruses and the likes, with almost no logging in the eventlog! Imagine if you are able to execute PowerSploit, obfuscating all your “stuff”!

Invoke-Obfuscation
Invoke-Obfuscation

Continue reading “Invoke-Obfuscation: A PowerShell Command & Script Obfuscator!”

SecretServerSecretStealer: Decrypt Thycotic Server Passwords!

Exciting things are being done in PowerShell now-a-days and it is becoming like Python. A good example is my last post about PivotAll. This post is about another such tool – SecretServerSecretStealer.

SecretServerSecretStealer
SecretServerSecretStealer

Continue reading “SecretServerSecretStealer: Decrypt Thycotic Server Passwords!”

List of Raspberry Pi DIY Projects for Anonymity!

If you stay in California and want to protect your privacy, or you want to circumvent internet censorship imposed by your government or simply want to stay anonymous on the wire chances are you use use TOR or use a anonymous, no-log-keeping VPN. This post lists a few Do-It-Yourself projects that involves not more than a Raspberry Pi to try and keep you anonymous. As always I will try to keep this post updated. Additionally, if you know of any projects that I may have missed, you sure can let me know!

Raspberry Pi
Raspberry Pi

Continue reading “List of Raspberry Pi DIY Projects for Anonymity!”