This course is designed to teach students the basic, but essential, concepts of Powershell to advanced Powershell for penetration testing from both a Windows machine and a Linux machine using frameworks such as PowerSploit, Nishang, and Powershell Empire.
This article is an excerpt taken from the book Advanced Infrastructure Penetration Testing written by Chiheb Chebbi. In this book, you will learn advanced penetration testing techniques that will help you exploit databases, web and application servers, switches or routers, Docker, VLAN, VoIP, and VPN.
nishang – PowerShell For Penetration Testing
Download Zip: https://vittuv.com/2vFhCn
Nishang is an open source framework and collection of powerful PowerShell scripts and payloads that you can use during penetration testing audit, post exploitation phase or other stages of offensive security auditing. Nishang is useful during various phases of a security auditing process and has many scripts categorized into logical categories such as information gathering, scanning, privilege elevation etc. [ -penetration-testing-framework-nishang]
After cloning the repository into a local directory, subdirectories are available for the various objectives of a penetration test. Within the subdirectories are PowerShell applications with concrete tasks and, in the client section, scripts for creating Excel (XLS), HTML Application (HTA), or Compiled HTML Help (CHM) file types with integrated malware. The comprehensive approach makes Nishang a good introduction to penetration testing with PowerShell. With no complex requirements for the test lab, access is facilitated.
Tunneling with ICMP involves setting up a sender and a receiver that listen for ICMP traffic. The receiver then leverages the data of each packet to send/receive instructions or move information. In this article, I will review the Nishang framework, which is a common set of tools used for generating a PowerShell-based reverse shell over ICMP.The GitHub page for Nishang houses instructions for setting up the client, server, and the ICMP tunnel. Nishang was originally developed for benign penetration testing and most of the setup instructions focus on that use case. When using NetMon, however, you are probably more interested in the malicious use of the tool!
Assuming you have successfully created both rules without syntax errors, you can begin testing your rules. To test your rules, you need to start an ICMP session with tunneling. If you have the time and environment to set up a Nishang sample, you can generate your own traffic. You might also want to enlist the services of your favorite penetration tester!
It is for both. The language basics and PowerShell programming, which form almost half of the course, are covered with patiently and keeping in mind students with no or very little prior programming experience. During the part where application of PowerShell in penetration testing is discussed, the course gathers speed and even expert users will learn new concepts and applications of Offensive PowerShell.
BSODomizer HD is an open source, FPGA-based, covert electronic device that injects and captures HDMI signals. Currently a proof-of-concept design, this much anticipated follow-up to the original BSODomizer released in 2008 (www.bsodomizer.com) improves on the graphics interception and triggering features, and can capture screenshots of any non-HDCP target up to 1080p resolution. Uses of the tool include penetration testing, video display calibration, mischievous acts, or as a reference design for exploration into the mystical world of FPGAs.Co-developed by Joe Grand (aka Kingpin) of Grand Idea Studio and Zoz of Cannytrophic Design.
FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. FakeNet-NG was inspired by the original FakeNet tool developed by Andrew Honig and Michael Sikorski. FakeNet-NG implements all the old features and many new ones; plus, it is open source and designed to run on modern versions of Windows. FakeNet-NG allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware's functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG's configurable interception engine and modular framework highly useful when testing application's specific functionality and prototyping PoCs. During the tool session attendees will learn the following practical skills: Use FakeNet-NG to mimic common protocols like HTTP, SSL, DNS, SMTP, etc.
Configure FakeNet-NG's listeners and interception engine to defeat malware and target specific application functionality.
Perform interception on the analysis, secondary or gateway hosts.
Use process tracking functionality to identify which processes are generating malicious network activity and dynamically launch services in order to interact with a process and capture all of its network traffic.
How to use FakeNet-NG's detailed logging and PCAP capture capabilities.
Quickly develop a custom protocol listener using FakeNet-NG's modular architecture. (Includes live malware demo).
Bring your Windows analysis Virtual Machine for the demo. The hands-on section of this session will analyze real world malware samples to tease out network-based signatures as well as demonstrate how it can be used to perform security assessments of thick client applications. The challenges start at a basic level and progress until you dive into how to extend FakeNet-NG by writing modules in Python.
Nearly every penetration test begins the same way; run a NMAP scan, review the results, choose interesting services to enumerate and attack, and perform post-exploitation activities. What was once a fairly time consuming manual process, is now automated! Automated Penetration Testing Toolkit (APT2) is an extendable modular framework designed to automate common tasks performed during penetration testing. APT2 can chain data gathered from different modules together to build dynamic attack paths. Starting with a NMAP scan of the target environment, discovered ports and services become triggers for the various modules which in turn can fire additional triggers. Have FTP, Telnet, or SSH? APT2 will attempt common authentication. Have SMB? APT2 determines what OS and looks for shares and other information. Modules include everything from enumeration, scanning, brute forcing, and even integration with Metasploit. Come check out how APT2 will save you time on every engagement.
DET aims to provide a framework to assist with exfiltrating data using either one or several channels. Social media has become extremely popular in recent attacks such as HammerToss, campaign uncovered by FireEye in July 2015. Several tools are also publicly available allowing you to remotely access computers through "legitimate" services such as Gmail (GCat) or Twitter (Twittor). Often gaining access to a network is just the first step for a targeted attacker. Once inside, the goal is to go after sensitive information and exfiltrate it to servers under their control. To prevent this from occuring, a whole industry has popped up with the aim of stopping exfiltration attacks. However, often these are expensive and rarely work as expected. With this in mind, I created the Data Exfiltration Toolkit (DET) to help both penetration testers testing deployed security devices and those admins who've installed and configured them, to ensure they are working as expected and detecting when sensitive data is leaving the network.
FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. FakeNet-NG was inspired by the original FakeNet tool developed by Andrew Honig and Michael Sikorski. FakeNet-NG implements all the old features and many new ones; plus, it is open source and designed to run on modern versions of Windows. FakeNet-NG allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware's functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG's configurable interception engine and modular framework highly useful when testing application's specific functionality and prototyping PoCs. During the tool session attendees will learn the following practical skills: Use FakeNet-NG to mimic common protocols like HTTP, SSL, DNS, SMTP, etc.
Configure FakeNet-NG's listeners and interception engine to defeat malware and target specific application functionality.
Perform interception on the analysis, secondary or gateway hosts.
Use process tracking functionality to identify which processes are generating malicious network activity and dynamically launch services in order to interact with a process and capture all of its network traffic.
How to use FakeNet-NG's detailed logging and PCAP capture capabilities.
Quickly develop a custom protocol listener using FakeNet-NG's modular architecture. (Includes live malware demo).
Bring your Windows analysis Virtual Machine for the demo. The hands-on section of this session will analyze real world malware samples to tease out network-based signatures as well as demonstrate how it can be used to perform security assessments of thick client applications. The challenges start at a basic level and progress until you dive into how to extend FakeNet-NG by writing modules in Python. 2ff7e9595c
Comments