background preloader

Net

Facebook Twitter

HTTP Pass the Hash with Python « Neohapsis Labs. By: Ben Toews TL;DR: Pass the Hash HTTP NTLM Authentication with Python – python-ntlm - requests When assessing a Windows domain environment, the ability to “pass the hash” is invaluable.

HTTP Pass the Hash with Python « Neohapsis Labs

The technique was pioneered by Paul Ashton way back in ’97, and things have only gotten better since. Fortunately, we no longer need to patch Samba, but have reasonably functional tools like Pass-The-Hash Toolkit and msvctl. The general aproach of these tools is to not focus on writing PTH versions of every Windows functionality, but rather to allow you to run Windows commands as another user. On a recent enagement, I was attempting to access SharePoint sites using stolen hashes. I took the python-ntlm module, which allows for HTTP NTLM with urllib2, and added the ability to provide a hash instead of a password. So, what does all this let you do? Kheops2713/portsplit. Inquisb/icmpsh. NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account.

We wrote about this tool originally last year – NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials – and a new version just came out!

NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account

NfSpy has just been updated to support NFSv3, a more efficient and widespread protocol than the previous NFSv2. NfSpy is a FUSE filesystem written in Python that automatically changes UID and GID to give you full access to any file on an NFS share. Use it to mount an NFS export and act as the owner of every file and directory. NFS before version 4 is reliant upon host trust relationships for authentication. The NFS server trusts any client machines to authenticate users and assign the same user IDs (UIDS) that the shared filesystem uses. Features Use filehandles from packet captures instead of asking mountd.Hide from sysadmins by immediately “unmounting” while retaining accessSpecify port/protocol for NFS or Mountd if you don’t have access to the portmapper You can download NfSpy here: NfSpy.zip.

Mitmproxy version 0.7. Some Practical ARP Poisoning with Scapy, IPTables, and Burp « WebstersProdigy. ARP poisoning is a very old attack that you can use to get in the middle. A traditional focus of attacks like these is to gather information (whether that information is passwords, auth cookies, CSRF tokens, whatever) and there are sometimes ways to pull this off even against SSL sites (like SSL downgrades and funny domain names). One area I don’t think gets quite as much attention is using man in the middle as an active attack against flaws in various applications. Most of the information is available online, but the examples I’ve seen tend to be piecemeal and incomplete. Getting an HTTP proxy in the Middle In this example I’m going to use Backtrack, scapy, and Burp.

Here’s a quick (Linux only) script that does several things. 1) it sets up iptables to forward all traffic except destination ports 80 and 443, and it routes 80 and 443 locally 2) at a given frequency, it sends arp packets to a victim that tells the victim to treat it as the gateway IP. S Blog: SSH/HTTP(S) multiplexing with sshttp. Sebastian Krahmer (@steaIth, c-skills) made and released a nice SSH/HTTP(S) multiplexer: sshttp.

s Blog: SSH/HTTP(S) multiplexing with sshttp

Such a program is needed when you want to share your HTTP (or HTTPS) port with SSH to be able to use SSH when behind a network that only allows outbound connections to HTTP (or HTTPS) and does not bother to do protocol inspection. Learn more by reading the readme. Skypeproxy - peer2peer network tunneling tool. !!!

skypeproxy - peer2peer network tunneling tool

Skype@Microsoft says it will kill its Desktop API by end of 2013. Long Life SkypeAPI :'( !!! Most network administrators at work, university or school deny access to file sharing, instant messaging or social networks such as facebook or myspace with a firewall or proxy server. If you are constantly getting a message saying "Can't connect" or something similar, the service you are trying to connect to has probably been blocked by your network administrator. Wol-e - Wake on LAN Explorer. WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers.

wol-e - Wake on LAN Explorer

Patator – Multi Purpose Brute Forcing Tool. Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Patator – Multi Purpose Brute Forcing Tool

Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: They either do not work or are not reliable (false negatives several times in the past)They are slow (not multi-threaded or not testing multiple passwords within the same TCP connection)They lack very useful features that are easy to code in python (eg. interactive runtime) Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-force tools and are about to code your own small script because Patator will allow you to: Not write the same code over and overRun multi-threadedBenefit for useful features such as the interactive runtime commands, response logging, etc.

Currently it supports the following modules: The name “Patator” comes from this tv interview clip – patator You can download Patator v0.3 here: patator_v0.3.py. Xplico version 0.7.1. Divyekapoor/pyhttp-console - GitHub. Jkbr/httpie - GitHub. Htty/htty - GitHub. Cloudhead/http-console - GitHub. Httpry. Dumpster / jason / httpry core program httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic.

httpry

It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. Reaver-wps - Brute force attack against Wifi Protected Setup. Bonesi - BoNeSi - the DDoS Botnet Simulator. BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire.

bonesi - BoNeSi - the DDoS Botnet Simulator

It is designed to study the effect of DDoS attacks. What traffic can be generated? BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly configurable and rates, data volume, source IP addresses, URLs and other parameters can be configured. What makes it different from other tools? There are plenty of other tools out there to spoof IP addresses with UDP and ICMP, but for TCP spoofing, there is no solution. Where can I run BoNeSi? We highly recommend to run BoNeSi in a closed testbed environment. How does TCP Spoofing work? BoNeSi sniffs for TCP packets on the network interface and responds to all packets in order to establish TCP connections.

How good is the perfomance of BoNeSi? We focused very much on performance in order to simulate big botnets. Are BoNeSi attacks successful? Yes, they are very successful. Kyprizel.net.