Menu
▾
▴
bug-fixes-release
[ Changelog ]
+ UPGRADE => msfcli replaced by msfconsole
+ INSTALL.sh => "added" netool toolkit Gnu Public License (GPL) display
+ INSTALL.sh => "added" build shortcut to toolkit -> gnome-desktop-item-edit
+ netool.sh => "added" file-selection GUI to ettercap -> zenity displays
+ priv8.sh => "added" MitM ROUTER phishing -> capture router credentials
+ priv8.sh => "added" adobe_flash_hacking_team_uaf -> exploit + mitm + dns_spoof
+ priv8.sh => "added" unicorn.py -> HTA drive-by URL payload execution
+ priv8.sh => "added" web_delivery msf module -> powershell/python payloads
+ priv8.sh => "added" Shellter PE injector (by kyREcon) binaries windows obfuscator
! priv8.sh => "bug-fix" ettercap IPV6 bug -> incorrect target selection /// ///
! priv8.sh => "bug-fix" host-a-file -> phishing webpages displays under MitM fixed
* priv8.sh => "improved" host-a-file attack -> zenity file-selection GUI added
* priv8.sh => "improved" windows payloads encoding (diferent msf encoders/interactions)
* priv8.sh => "improved" java.jar phishing -> deliver java payload using:
"phishing download webpage | Drive-by URL payload execution"
+ UPGRADE => msfpayload and msfencode replaced by msfvenom
+ UPGRADE => unicorn.py (meterpreter powershell by ReL1K)
+ netool.sh => "added" Resize terminal windows size (gnome terminal)
+ netool.sh => "added" nmap stealth scan (scan evading IDS logs)
+ priv8.sh => "added" missing 'google cast extension' phishing webpage
+ priv8.sh => "added" 'use host-a-file-attack' OR 'start a listenner'
module to all non-automated exploits.
* priv8.sh => "improved" android payload -> meterpreter or shell payloads
* priv8.sh => "improved" generate shellcode -> added "DLL" funtion
* priv8.sh => "improved" generate shellcode -> added "C-to-EXE" (Veil-Evasion)
* priv8.sh => "improved" backdooring EXE files -> added "BDF" module
* netool.sh => "improved" added zenity "Displays"
* netool.sh => "improved" nmap scanner menu "Redesign/Improved"
* netool.sh => "improved" scan WAN for hosts "port nmap.xml to msf db "
+ netool.sh => "added" access t00lkit database "store scans or notes"
+ netool.sh => "added" CLEAN_LOGS:YES "toolkit_config"
+ netool.sh => "added" CLEAN_HANDLERS:NO "toolkit_config"
+ netool.sh => "added" CLEAN_DATABASE:NO "toolkit_config"
* priv8.sh => "improved" all listenners "post-exploitation module added"
+ priv8.sh => "added" handler.rc "store listenner settings"
+ priv8.sh => "added" C-Injector "Inject shellcode using C"
+ priv8.sh => "added" 3 new multi-handlers "listenners"
"'Default Listenner, Post-auto.rc, AutoRunScript, Resource_files'"
* INSTALL.sh => "improved" netool toolkit "Installer (Ubuntu|Kali)"
* INSTALL.sh => "added" installer of netool.sh toolkit
* netool.sh => 'improved' running scanner inurlbr.php from toolkit
* netool.sh => 'improved' better displays and small bugs fixed
+ netool.sh => 'added' DISPLAY_PUBLIC_IP:YES "toolkit_config"
+ netool.sh => 'added' MIGRATE_TO:wininit.exe "toolkit_config file"
Using the option 'post-exploitation' in rootsector module,
we now have the ability to chose a proccess to migrate.
* priv8.sh => 'improved' generate shellcode "new output -> shellcode.txt"
* priv8.sh => 'Improved' host a file attack "added fake java update webpage"
* priv8.sh => 'Improved' host a file attack "added fake missing plugin webpage"
* priv8.sh => 'Improved' Website keylooger "no need to edit index.html"
* priv8.sh => 'Improved' Clone WebSite > browser_autopwn "no need to edit index.html"
* priv8.sh => 'Improved' Clone website > java_applet "no need to edit index.html"
* priv8.sh => 'Improved' backdooring EXE files "keep template working"
keep template working (executable) OR just use the icon (.ico)
of the executable to be displayed in backdoor.exe generated.
+ netool.sh => 'added' INURLBR (webcrawler.php by cleiton)
+ netool.sh => 'added' 'toolkit_config' file (config settings in toolkit)
+ netool.sh => 'added' set variable for temp download folder (/tmp/evil)
* netool.sh => 'Improved' toolkit update check function [GIT repo]
* netool.sh => 'Improved' SET_AUTO_START_UPDATES (toolkit_config)
* netool.sh => 'Improved' script display output [Text User Interface]
- netool.sh => 'removed' dd0s javascript attack (ubuntuone website)
+ priv8.sh => 'added' 'host a file attack' automated exploit
+ priv8.sh => 'added' meterpreter powershell invocation payload [by ReL1K]
* priv8.sh => 'Improved' script display output [Text User Interface]
* priv8.sh => 'Improved' 'webshell.php' payload
* priv8.sh => 'Improved' 'firefox_xpi_bootstrapped_addon'
(added JavaScript AlertBox to phishing webpage).
+ netool.sh => 'Added' new version changelog screen info
+ netool.sh => 'Added' templates folder to change executables icons
+ netool.sh => 'Added' toolkit update check function [GIT repo]
* netool.sh => 'Improved' script display output [Text User Interface]
- netool.sh => 'Removed' 'metasploit auxiliary' modules
+ priv8.sh => 'Added' winrar_filename_spoofing automated exploit
+ priv8.sh => 'Added' firefox_xpi_bootstrapped_addon automated exploit
* priv8.sh => 'Improved' post-exploitation 'persistence payload module
* priv8.sh => 'Improved' windows/meterpreter payload encryption'
"general Display of information in the screen re-designed"
* netool.sh => start and exit Display banner re-designed
* priv8.sh => module as improved to display a more clean output
* metasploit-auxiliary => Main menu re-designed "option:8"
* fixed path to metasploit in some internal commands "core bugs"
* priv8.sh => post-exploitation > persistence backdoor "added"
* priv8.sh => generate a VBScript shellcode "Microsoft Word.doc - macro"
* priv8.sh => Generating shellcode using Metasploit:
"C,[J]avascript,[P]erl,rub[Y],[R]aw,[D]ll,[V]ba,e[X]e,[W]ar"
* priv8.sh => Session hijacking [cookie hijacking]
"1 - Steal cookies under [MITM] networking"
"2 - Steal cookies Under [WAN] networking"
"3 - Steal cookies Use our own webhosting"
"4 - open cookie Logfile access the logfile"
"now the framework does not ask for the input of username"
echo -n "[+] {whoami}(your user name):"
[ netool.sh V3.4 - 24-nov-2013 ]
* netool.sh => nmap scanner > ping of dead [icmp-DoS] "added"
* netool.sh => metasploit auxiliary > linux hashdump "added"
* netool.sh => metasploit auxiliary > my-auxiliary.rb "updated"
* my-auxiliary.rb => write message on target desktop "added"
* my-auxiliary.rb => dump target hostsfile "added"
"The Module [priv8.sh] as improved to display a more clean output to the user"
"and now all automated exploits have a 'help menu' to describe the attack"
* priv8.sh => pdf backdoor "added"
* priv8.sh => post-exploitation > scraper "added"
"now all payloads [windows/meterpreter] as the option to enumerate just about everything".
[ netool.sh V3.3 - 24-set-2013 ]
* netool.sh => xss and webcrawler > menu "improved"
* netool.sh => new path to installations "added/review"
* netool.sh => share files on local lan "improved"
* priv8.sh => now all payloads [windows/meterpreter] migrates to AUTHORITY/SYSTEM and the proccess chosen to migrate to is 'wininit.exe' (AUTHORITY/SYSTEM)
* priv8.sh => mitm + dns-spoof + java_applet attack "added"
* priv8.sh => Backdooring EXE Files "added"
* priv8.sh => Print Spooler Exploit "added"
* priv8.sh => start a lisenner (chose various payloads to send) "added"
* root3.rb => sourcecod "review/updated"
* my-auxiliary.rb => upgraded with new option'check if UAC its enabled'
* my-auxiliary.rb => upgraded with new option'enumerate Recently logged on users'
