bug-fixes-release

pedro ubuntu


[ Changelog ]

[netool.sh V4.6]

+ UPGRADE     => msfcli replaced by msfconsole
+ INSTALL.sh  => "added" netool toolkit Gnu Public License (GPL) display
+ INSTALL.sh  => "added" build shortcut to toolkit -> gnome-desktop-item-edit
+ netool.sh   => "added" file-selection GUI to ettercap -> zenity displays
+ priv8.sh    => "added" MitM ROUTER phishing -> capture router credentials
+ priv8.sh    => "added" adobe_flash_hacking_team_uaf -> exploit + mitm + dns_spoof
+ priv8.sh    => "added" unicorn.py -> HTA drive-by URL payload execution
+ priv8.sh    => "added" web_delivery msf module -> powershell/python payloads
+ priv8.sh    => "added" Shellter PE injector (by kyREcon) binaries windows obfuscator

! priv8.sh    => "bug-fix" ettercap IPV6 bug -> incorrect target selection /// ///
! priv8.sh    => "bug-fix" host-a-file -> phishing webpages displays under MitM fixed
* priv8.sh    => "improved" host-a-file attack -> zenity file-selection GUI added 
* priv8.sh    => "improved" windows payloads encoding (diferent msf encoders/interactions)
* priv8.sh    => "improved" java.jar phishing -> deliver java payload using:
                 "phishing download webpage | Drive-by URL payload execution"




[netool.sh V4.5]

 + UPGRADE     =>  msfpayload and msfencode replaced by msfvenom
 + UPGRADE     =>  unicorn.py (meterpreter powershell by ReL1K)
 + netool.sh   => "added" Resize terminal windows size (gnome terminal)
 + netool.sh   => "added" nmap stealth scan (scan evading IDS logs)
 + priv8.sh    => "added" missing 'google cast extension' phishing webpage
 + priv8.sh    => "added" 'use host-a-file-attack' OR 'start a listenner'
                    module to all non-automated exploits.

 * priv8.sh    => "improved" android payload -> meterpreter or shell payloads
 * priv8.sh    => "improved" generate shellcode -> added "DLL" funtion
 * priv8.sh    => "improved" generate shellcode -> added "C-to-EXE" (Veil-Evasion)
 * priv8.sh    => "improved" backdooring EXE files -> added "BDF" module




[netool.sh V4.4]

  * netool.sh  => "improved" added zenity "Displays"
  * netool.sh  => "improved" nmap scanner menu "Redesign/Improved"
  * netool.sh  => "improved" scan WAN for hosts "port nmap.xml to msf db "
  + netool.sh  => "added" access t00lkit database "store scans or notes"
  + netool.sh  => "added" CLEAN_LOGS:YES "toolkit_config"
  + netool.sh  => "added" CLEAN_HANDLERS:NO "toolkit_config"
  + netool.sh  => "added" CLEAN_DATABASE:NO "toolkit_config"

  * priv8.sh   => "improved" all listenners "post-exploitation module added"
  + priv8.sh   => "added" handler.rc "store listenner settings"
  + priv8.sh   => "added" C-Injector "Inject shellcode using C"
  + priv8.sh   => "added" 3 new multi-handlers "listenners"
  "'Default Listenner, Post-auto.rc, AutoRunScript, Resource_files'"

  * INSTALL.sh => "improved" netool toolkit "Installer (Ubuntu|Kali)"




[netool.sh V4.3]

  * INSTALL.sh => "added" installer of netool.sh toolkit

  * netool.sh  => 'improved' running scanner inurlbr.php from toolkit
  * netool.sh  => 'improved' better displays and small bugs fixed
  + netool.sh  => 'added' DISPLAY_PUBLIC_IP:YES "toolkit_config"
  + netool.sh  => 'added' MIGRATE_TO:wininit.exe "toolkit_config file"
                  Using the option 'post-exploitation' in rootsector module,
                  we now have the ability to chose a proccess to migrate.

  * priv8.sh  => 'improved' generate shellcode "new output -> shellcode.txt" 
  * priv8.sh  => 'Improved' host a file attack "added fake java update webpage"
  * priv8.sh  => 'Improved' host a file attack "added fake missing plugin webpage"
  * priv8.sh  => 'Improved' Website keylooger "no need to edit index.html"
  * priv8.sh  => 'Improved' Clone WebSite > browser_autopwn "no need to edit index.html"
  * priv8.sh  => 'Improved' Clone website > java_applet "no need to edit index.html"
  * priv8.sh  => 'Improved' backdooring EXE files "keep template working"
                  keep template working (executable) OR just use the icon (.ico)
                  of the executable to be displayed in backdoor.exe generated.




[netool.sh V4.2]

  + netool.sh => 'added' INURLBR (webcrawler.php by cleiton)
  + netool.sh => 'added' 'toolkit_config' file (config settings in toolkit)
  + netool.sh => 'added' set variable for temp download folder (/tmp/evil)
  * netool.sh => 'Improved' toolkit update check function [GIT repo]
  * netool.sh => 'Improved' SET_AUTO_START_UPDATES (toolkit_config)
  * netool.sh => 'Improved' script display output [Text User Interface]
  - netool.sh => 'removed' dd0s javascript attack (ubuntuone website)

  + priv8.sh  => 'added' 'host a file attack' automated exploit
  + priv8.sh  => 'added' meterpreter powershell invocation payload [by ReL1K]
  * priv8.sh  => 'Improved' script display output [Text User Interface]
  * priv8.sh  => 'Improved' 'webshell.php' payload
  * priv8.sh  => 'Improved' 'firefox_xpi_bootstrapped_addon'
                 (added JavaScript AlertBox to phishing webpage).




[netool.sh V4.1]

  + netool.sh => 'Added' new version changelog screen info
  + netool.sh => 'Added' templates folder to change executables icons
  + netool.sh => 'Added' toolkit update check function [GIT repo]
  * netool.sh => 'Improved' script display output [Text User Interface]
  - netool.sh => 'Removed' 'metasploit auxiliary' modules

  + priv8.sh  => 'Added' winrar_filename_spoofing automated exploit
  + priv8.sh  => 'Added' firefox_xpi_bootstrapped_addon automated exploit
  * priv8.sh  => 'Improved' post-exploitation 'persistence payload module
  * priv8.sh  => 'Improved' windows/meterpreter payload encryption'




[netool.sh V4.0 04-abr-2014]

    "general Display of information in the screen re-designed"
  * netool.sh => start and exit Display banner re-designed
  * priv8.sh  => module as improved to display a more clean output
  * metasploit-auxiliary => Main menu re-designed "option:8"

  * fixed path to metasploit in some internal commands "core bugs"
  * priv8.sh  => post-exploitation > persistence backdoor "added"
  * priv8.sh  => generate a VBScript shellcode "Microsoft Word.doc - macro"
  * priv8.sh  => Generating shellcode using Metasploit:
    "C,[J]avascript,[P]erl,rub[Y],[R]aw,[D]ll,[V]ba,e[X]e,[W]ar"

  * priv8.sh  => Session hijacking [cookie hijacking]
   "1 - Steal cookies             under [MITM] networking"
   "2 - Steal cookies             Under [WAN] networking" 
   "3 - Steal cookies             Use our own webhosting"
   "4 - open cookie Logfile       access the logfile"

   "now the framework does not ask for the input of username"
    echo -n "[+] {whoami}(your user name):"




[ netool.sh V3.4 - 24-nov-2013 ]

  * netool.sh => nmap scanner > ping of dead [icmp-DoS] "added"
  * netool.sh => metasploit auxiliary > linux hashdump "added"
  * netool.sh => metasploit auxiliary > my-auxiliary.rb "updated"

  * my-auxiliary.rb => write message on target desktop "added"
  * my-auxiliary.rb => dump target hostsfile "added"

  "The Module [priv8.sh] as improved to display a more clean output to the user"
  "and now all automated exploits have a 'help menu' to describe the attack"

  * priv8.sh  => pdf backdoor "added"
  * priv8.sh  => post-exploitation > scraper "added"
    "now all payloads [windows/meterpreter] as the option to enumerate just about everything".




[ netool.sh V3.3 - 24-set-2013 ]

  * netool.sh => xss and webcrawler > menu "improved"
  * netool.sh => new path to installations "added/review"
  * netool.sh => share files on local lan "improved"

  * priv8.sh  => now all payloads [windows/meterpreter] migrates to AUTHORITY/SYSTEM and the proccess chosen to migrate to is 'wininit.exe' (AUTHORITY/SYSTEM)
  * priv8.sh  => mitm + dns-spoof + java_applet attack "added"
  * priv8.sh  => Backdooring EXE Files "added"
  * priv8.sh  => Print Spooler Exploit "added" 
  * priv8.sh  => start a lisenner (chose various payloads to send) "added"

  * root3.rb        => sourcecod "review/updated"
  * my-auxiliary.rb => upgraded with new option'check if UAC its enabled'
  * my-auxiliary.rb => upgraded with new option'enumerate Recently logged on users'