RootHelper - A Bash Script That Downloads And Unzips Scripts That Will Aid With Privilege Escalation On A Linux System

RootHelper

Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads four scripts. Two enumeration shellscripts and two exploit suggesters, one written in perl and the other one in python.

The credits for the scripts it fetches go to the original authors.

Priv-Esc scripts

LinEnum  

Shellscript that enumerates the system configuration.

unix-privesc-check  

Shellscript that enumerates the system configuration and runs some privilege escalation checks as well.

linuxprivchecker  

A python implementation to suggest exploits particular to the system that's been compromised.

Linux_Exploit_Suggester  

A perl script that that does the same as the one mentioned above.

Usage

To use the script you will need to get it on the system you've compromised, from there you can simply run it and it will show you the options available and an informational message regarding the options. For clarity i will post it below as well.

The 'Help' option displays this informational message.    The 'Download' option fetches the relevant files and places them in the /tmp/ directory.    The option 'Download and unzip' downloads all files and extracts the contents of zip archives to their individual subdirectories respectively, please  note; if the 'mkdir' command is unavailable however, the operation will not succeed and the 'Download' option should be used instead    The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.  

Credits for the other scripts go to their original authors.

https://github.com/rebootuser/LinEnum
https://github.com/PenturaLabs/Linux_Exploit_Suggester
http://www.securitysift.com/download/linuxprivchecker.py
https://github.com/pentestmonkey/unix-privesc-check

Download Roothelper

Read More

Antitrust - (Ameaça Virtual)

A computer programmer's dream job at a hot Portland-based firm turns nightmarish when he discovers his boss has a secret and ruthless means of dispatching anti-trust problems.

By OffensiveSec

Read More

Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks

“Kill Chain” is a unified console with an anonymizer that will perform these stages of attacks:


º Reconnaissance 
º Weaponization 
º Delivery 
º Exploit 
º Installation 
º Command & Control 
º And Actions 

Dependant tool sets are:

1) Tor -- For the console build in anonymizer.
2) Set -- Social-Engineer Toolkit (SET), attacks against humans.
3) OpenVas -- Vulnerability scanning and vulnerability management.
4) Veil-Evasion -- Generate metasploit payloads bypass anti-virus.
5) Websploit -- WebSploit Advanced MITM Framework.
6) Metasploit -- Executing exploit code against target.
7) WiFite -- Automated wireless auditor, designed for Linux.

Download Killchain

Read More

squitch pentest – A simple and small pentesting linux distro

Features

º ubuntu based
º gnome 2 desktop
º kernel 3.0.0.15
º pentesting tools

Download squitch

Read More

CAINE 7.0 - DeepSpace 64bit

CAINE (Computer Aided INvestigative Environment) is a Linux distribution specifically designed for digital forensics. It is based on Ubuntu.

The latest edition is CAINE 7, code-named DeepSpace. It is based on Ubuntu 14.04 LTS and, therefore, UEFI and Secure Boot ready.

It comes with some new features, including booting into a read-only mode whereby all block devices are not writable, and a VNC server and client that allows remote control of a Caine 7 installation.

This post offers screenshots from a test installation of CAINE 7 in a virtual environment.

This is the installation boot menu. If you want to install CAINE in a virtual environment (using VirtualBox) on Ubuntu, select the Boot Live in safe graphics mode. Booting using the default will only give you a garbled display.

Download CAINE 7.0

Read More

F.H.C - FORENSIC LIVE CD IMAGER

Forensic Hard Copy, is a Linux distribution, bootable CD (LiveCD), exclusively created to automate and speed up the copy of the storage devices. These procedures of copy are commonly in use in computer forensics. In computer science is orthodox practice, acquire data from the offending media in order to protect them from any alteration or damage, then later analyze the identical copy. The project was created to meet the operational needs of the police involved in investigations, the technical consultants (CTU) and part IT(CTU), ensuring the durability and the use of evidence in computer science criminal trial.


Has been used open source software, open-source scripts and to give all users the ability to understand, if necessary, the actual operation of the software in the process of copying or image acquisition. The process has been automated through a script-wizard that guides you step by step in the copy of a support. The new release has a 2.6.32 kernel which has a wide compatibility with controllers and disks. The recognition is done through media connections IDE, SATA, Firewire and USB, so you can also copy data to external media to the machine being analyzed.

Download F.H.C

Read More

OWASP - Droid Fusion

OWASP Droid Fusion is a platform for android mobile or any other mobile for doing Malware Analysis, Development, Application Pentesting and Forensics. You can use it in any mobile security research, and if you have Droid Fusion, you don’t need to worry about finding tools. There are more then 60 tools and scripts and it is free.

Tool Features

º SBFlash
º Heimdall CLI
º Heimdall Gui
º Fastboot

Android Exploitation

º Mercury
º Android Framework For Exploitation
º Smartphone Pentest Framework
º Metasploit

Pentest Application

º Burpsuite
º Wireshark
º Zap
º Ettermap
º W3af
º Zenmap

Device Forensic

º Aflogical
º Dc 3dd
º iPhone Backup Analyzer
º Scalpel
º Sleuthkit

Miscellaneous

º Android Kitchen
º Android Bruteforce
º iPhone Bruteforce
º Fastboot
º HconSTF
º Arduino IDE
º Record my desktop

Download Droid Fusion

Read More

Android Pentest Tools - Bugtroid

Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools (PRO) for pentesting and forensics through its Smarthphone or tablet. It has a menu categorized according to the nature of the tool may find


º Anonymity
º Search People
º Audit for frequencies 802.11 (Wireless and Bluetooth)
º Mapping Networks
º Remote
º DDOS
º Sniffers
º Pentesting
º Security
º Examiner
º Web Analysis
º Cryptography
º Brute Force
º Antivirus
º System

From the application menu you can:


º Check the information on the tool.
º Install the application.
º Uninstall the Application.
º Run the Application (PRO)


Also paragraph settings available, which will serve to manage and install certain requirements for the proper functioning of the tools as well as other fnciones:


º Set wallpaper
º Install the minimum requirements for running the tools
º Install shortcuts on the desktop (PRO)
º Install shortcuts Console (PRO)
º Installation of interpreters: Perl, Python, Ruby, PHP and Mysql (PRO)

Download Bugtroid

Read More

SPF - Smartphone Pentest Framework

The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool, designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices.

SPF is an on going project with plans in the works for support for additional devices, more modules in each attack vector category, integration with existing tools such as Metasploit and SET, etc.

Download SPF

Read More