Menu
▾
▴
bug-fixes-release
[ Changelog ]
+ UPGRADE => msfcli replaced by msfconsole
+ INSTALL.sh => "added" netool toolkit Gnu Public License (GPL) display
+ INSTALL.sh => "added" build shortcut to toolkit -> gnome-desktop-item-edit
+ netool.sh => "added" file-selection GUI to ettercap -> zenity displays
+ priv8.sh => "added" MitM ROUTER phishing -> capture router credentials
+ priv8.sh => "added" adobe_flash_hacking_team_uaf -> exploit + mitm + dns_spoof
+ priv8.sh => "added" unicorn.py -> HTA drive-by URL payload execution
+ priv8.sh => "added" web_delivery msf module -> powershell/python payloads
+ priv8.sh => "added" Shellter PE injector (by kyREcon) binaries windows obfuscator
! priv8.sh => "bug-fix" ettercap IPV6 bug -> incorrect target selection /// ///
! priv8.sh => "bug-fix" host-a-file -> phishing webpages displays under MitM fixed
* priv8.sh => "improved" host-a-file attack -> zenity file-selection GUI added
* priv8.sh => "improved" windows payloads encoding (diferent msf encoders/interactions)
* priv8.sh => "improved" java.jar phishing -> deliver java payload using:
"phishing download webpage | Drive-by URL payload execution"
+ UPGRADE => msfpayload and msfencode replaced by msfvenom
+ UPGRADE => unicorn.py (meterpreter powershell by ReL1K)
+ netool.sh => "added" Resize terminal windows size (gnome terminal)
+ netool.sh => "added" nmap stealth scan (scan evading IDS logs)
+ priv8.sh => "added" missing 'google cast extension' phishing webpage
+ priv8.sh => "added" 'use host-a-file-attack' OR 'start a listenner'
module to all non-automated exploits.
* priv8.sh => "improved" android payload -> meterpreter or shell payloads
* priv8.sh => "improved" generate shellcode -> added "DLL" funtion
* priv8.sh => "improved" generate shellcode -> added "C-to-EXE" (Veil-Evasion)
* priv8.sh => "improved" backdooring EXE files -> added "BDF" module
* netool.sh => "improved" added zenity "Displays" * netool.sh => "improved" nmap scanner menu "Redesign/Improved" * netool.sh => "improved" scan WAN for hosts "port nmap.xml to msf db " + netool.sh => "added" access t00lkit database "store scans or notes" + netool.sh => "added" CLEAN_LOGS:YES "toolkit_config" + netool.sh => "added" CLEAN_HANDLERS:NO "toolkit_config" + netool.sh => "added" CLEAN_DATABASE:NO "toolkit_config" * priv8.sh => "improved" all listenners "post-exploitation module added" + priv8.sh => "added" handler.rc "store listenner settings" + priv8.sh => "added" C-Injector "Inject shellcode using C" + priv8.sh => "added" 3 new multi-handlers "listenners" "'Default Listenner, Post-auto.rc, AutoRunScript, Resource_files'" * INSTALL.sh => "improved" netool toolkit "Installer (Ubuntu|Kali)"
* INSTALL.sh => "added" installer of netool.sh toolkit
* netool.sh => 'improved' running scanner inurlbr.php from toolkit
* netool.sh => 'improved' better displays and small bugs fixed
+ netool.sh => 'added' DISPLAY_PUBLIC_IP:YES "toolkit_config"
+ netool.sh => 'added' MIGRATE_TO:wininit.exe "toolkit_config file"
Using the option 'post-exploitation' in rootsector module,
we now have the ability to chose a proccess to migrate.
* priv8.sh => 'improved' generate shellcode "new output -> shellcode.txt"
* priv8.sh => 'Improved' host a file attack "added fake java update webpage"
* priv8.sh => 'Improved' host a file attack "added fake missing plugin webpage"
* priv8.sh => 'Improved' Website keylooger "no need to edit index.html"
* priv8.sh => 'Improved' Clone WebSite > browser_autopwn "no need to edit index.html"
* priv8.sh => 'Improved' Clone website > java_applet "no need to edit index.html"
* priv8.sh => 'Improved' backdooring EXE files "keep template working"
keep template working (executable) OR just use the icon (.ico)
of the executable to be displayed in backdoor.exe generated.
+ netool.sh => 'added' INURLBR (webcrawler.php by cleiton) + netool.sh => 'added' 'toolkit_config' file (config settings in toolkit) + netool.sh => 'added' set variable for temp download folder (/tmp/evil) * netool.sh => 'Improved' toolkit update check function [GIT repo] * netool.sh => 'Improved' SET_AUTO_START_UPDATES (toolkit_config) * netool.sh => 'Improved' script display output [Text User Interface] - netool.sh => 'removed' dd0s javascript attack (ubuntuone website) + priv8.sh => 'added' 'host a file attack' automated exploit + priv8.sh => 'added' meterpreter powershell invocation payload [by ReL1K] * priv8.sh => 'Improved' script display output [Text User Interface] * priv8.sh => 'Improved' 'webshell.php' payload * priv8.sh => 'Improved' 'firefox_xpi_bootstrapped_addon' (added JavaScript AlertBox to phishing webpage).
+ netool.sh => 'Added' new version changelog screen info + netool.sh => 'Added' templates folder to change executables icons + netool.sh => 'Added' toolkit update check function [GIT repo] * netool.sh => 'Improved' script display output [Text User Interface] - netool.sh => 'Removed' 'metasploit auxiliary' modules + priv8.sh => 'Added' winrar_filename_spoofing automated exploit + priv8.sh => 'Added' firefox_xpi_bootstrapped_addon automated exploit * priv8.sh => 'Improved' post-exploitation 'persistence payload module * priv8.sh => 'Improved' windows/meterpreter payload encryption'
"general Display of information in the screen re-designed" * netool.sh => start and exit Display banner re-designed * priv8.sh => module as improved to display a more clean output * metasploit-auxiliary => Main menu re-designed "option:8" * fixed path to metasploit in some internal commands "core bugs" * priv8.sh => post-exploitation > persistence backdoor "added" * priv8.sh => generate a VBScript shellcode "Microsoft Word.doc - macro" * priv8.sh => Generating shellcode using Metasploit: "C,[J]avascript,[P]erl,rub[Y],[R]aw,[D]ll,[V]ba,e[X]e,[W]ar" * priv8.sh => Session hijacking [cookie hijacking] "1 - Steal cookies under [MITM] networking" "2 - Steal cookies Under [WAN] networking" "3 - Steal cookies Use our own webhosting" "4 - open cookie Logfile access the logfile" "now the framework does not ask for the input of username" echo -n "[+] {whoami}(your user name):"
[ netool.sh V3.4 - 24-nov-2013 ]
* netool.sh => nmap scanner > ping of dead [icmp-DoS] "added"
* netool.sh => metasploit auxiliary > linux hashdump "added"
* netool.sh => metasploit auxiliary > my-auxiliary.rb "updated"
* my-auxiliary.rb => write message on target desktop "added"
* my-auxiliary.rb => dump target hostsfile "added"
"The Module [priv8.sh] as improved to display a more clean output to the user"
"and now all automated exploits have a 'help menu' to describe the attack"
* priv8.sh => pdf backdoor "added"
* priv8.sh => post-exploitation > scraper "added"
"now all payloads [windows/meterpreter] as the option to enumerate just about everything".
[ netool.sh V3.3 - 24-set-2013 ]
* netool.sh => xss and webcrawler > menu "improved" * netool.sh => new path to installations "added/review" * netool.sh => share files on local lan "improved" * priv8.sh => now all payloads [windows/meterpreter] migrates to AUTHORITY/SYSTEM and the proccess chosen to migrate to is 'wininit.exe' (AUTHORITY/SYSTEM) * priv8.sh => mitm + dns-spoof + java_applet attack "added" * priv8.sh => Backdooring EXE Files "added" * priv8.sh => Print Spooler Exploit "added" * priv8.sh => start a lisenner (chose various payloads to send) "added" * root3.rb => sourcecod "review/updated" * my-auxiliary.rb => upgraded with new option'check if UAC its enabled' * my-auxiliary.rb => upgraded with new option'enumerate Recently logged on users'
