0xalwayslucky / pentesting-tools Goto Github PK

2.0 2.0 1.0 155 KB

collection of public tools & my own

Shell 1.39% Python 96.76% PowerShell 1.86%

pentesting-tools's Introduction

0xalwayslucky :: ~ >> ./exploit.py
[+] attacking /dev/brain
[+] target vulnerable
[+] authentication bypassed
[+] dumping interests
[*] binary exploitation
[*] network security
[*] web application security
[*] active directory security
[*] linux & windows privilege escalation
Traceback (most recent call last):
  File "<exploit.py>", line 278, in <module>
IndexError: list index out of range

0xalwayslucky :: ~ >> vim exploit.py
___________________________________________________________________________________________________________________
exploit.py ______________________________________________________________________________________________ < buffers
1 #!/usr/bin/env python3
2 from pwn import *

pentesting-tools's People

Contributors

Stargazers

Watchers

Forkers

ua-solsen

pentesting-tools's Issues

brutesmb.sh

false positives when NT_STATUS_IO_TIMEOUT

do_connect: Connection to 10.10.10.248 failed (Error NT_STATUS_IO_TIMEOUT)
[+] Valid credentials: abc, abc

redo ldap3client.py

use cmd for interactive shell
use argparse for parsing arguments
implement laps password dumping
implement msDS-ManagedPassword dumping
redo query/add/modify/changeuser

generate public tool list for windows

same as bash just with powershell

merge methodtesting.py, discover_params.py and discover_hosts.py into discover.py

use argparse
maybe add count for parameters to test e.g. 2 parameters with value x

smbpwn.py Error occurs while reading from remote(104) / [Errno 32] Broken pipe

    def bf_user_pass(self, username, password):
        try:
            self.session.login(username, password)   # <-- here
            print(f'{username}:{password}')
        except SessionError as se:
        ...

when using smbrute the -default option, in some cases when the guest session is disabled this might pass and result in a false positive and Error 32 Broken pipe on the next try (next username/password) as of right now I am unsure how to fix this, since I can't come up with an efficient way to tell if the session is still valid other than making another request to the server which would essentially double the amount of requests made (each username + password = 2 requests instead of 1, to determine if session is still up)

output

guest:
Error occurs while reading from remote(104)
[Errno 32] Broken pipe
[Errno 32] Broken pipe
[Errno 32] Broken pipe
[Errno 32] Broken pipe
...

what is even more weird, is that if the username and password guest:<empty> come from a text document (e.g. via bf_userlist_passlist) the credentials are printed as valid (as false positive, same as with -default), but other trys for that username are skipped ant it will be proceeded with the next username instead of crashing the connection.

output

...
jlg:ljkdflg
jlg:lkjgfdl;
jlg:ljk
guest:
hans:admin
hans:
hans:administrator
...

depending on how common this will become i'll fix it or not

methodtesting.py

ability to read pathes from file (e.g. feroxbuster/gobuster/dirbuster) not implemented yet

xp_cmdshell.py

implement interactive mode with sqsh for xp_cmdshell

no new connection each command

ldap3client.py

comment todos;
get better understanding of how add/modify ldap works

discover_hosts.py

first run always prints false positives, fix this
add support for self signed certs

xp_cmdshell.py

need better way to implement powershell access

escaping with quotes n that is crappy (submitting \ leads to error since " will be escaped) -> not properly built

support domain name
support kerbauth
add list shares functionality (eventually even with automatic brute-force/checknull functionality)
smbexec