A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. This was assigned CVE-2018-20781 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20781). Fun fact it's still not fixed after GNOME Keyring 3.27.2 and still works as of 3.28.0.2-1ubuntu1.18.04.1.
Disclaimer:
All information contained in this site and all software provided by it are intended solely for the purpose of helping users to secure their online privacy from eventual cyberattacks. Such information and software do NOT constitute professional advice/services, are indicative and provided for educational use only. The site does not guarantee their accuracy or completeness. The use of such information and software for any purpose other than the abovementioned is strictly forbidden. The site and/or the site’s owner(s) hold no responsibility for any misuse of the above by third parties and reserve their rights to ban the access of users or take any legal action against users, should any misuse be noticed.
#mimipenguin #linux
...
https://www.youtube.com/watch?v=Qz5jJ_AmGwg
Traditional Diceware uses rolls of physical dice, this application uses a strong random number generator in place of the dice. A virtual dice is roled 5 times, and the 5 digit number used against a lookup table of words. 6 dice rolls gives you 6 random words which are easy for a human being to remember, yet have a high amount of entropy which makes them hard to crack.
Git Installation
clone the repo
$ git clone https://github.com/sameera-madushan/D...
change the working directory to Diceware-Password-Generator
$ cd Diceware-Password-Generator
Usage
usage: python dpg.py
https://www.kitploit.com/2019/05/vulmap-online-local-vulnerability.html
https://github.com/vulmon/Vulmap
Vulmap is an open source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also they can be used for privilege escalation by pentesters/red teamers.
Vulmap can be used to, scan vulnerabilities on localhost, see related exploits and download them. Scripts basically, scan localhost to gather installed software information and ask vulmon.com api if there are any vulnerabilies and exploits related with installed software. If vulnerabilities exist, Vulmap give CVE ID, risk score, vulnerability's detail link, if exists related exploit ids and exploit titles. Exploits can be downloaded with Vulmap also.
Main idea of Vulmap is getting real-time vulnerability data from Vulmon instead of relying of a local vulnerability database. Even the most recent vulnerabilies can be detected with this approach. Also its exploit download feature aids privilege escalation processes. Pentesters and red teamers can download exploits from Exploit DB from command prompt. To use this feature only thing needed is id of exploits.
Since most Linux installations have Python, Vulmap Linux is developed with Python while Vulmap Windows is developed with PowerShell to make it easy to run it on most Windows versions. Vulmap Linux is compatible with Python 2.x and dpkg package management system. Vulmap Windows is compatible with PowerShell v3 and higher.
Use below links to get detailed information about vulmap:
Vulmap Linux - Python script for Linux systems Attribuzione audio NCS (NoCopyrightSounds) https://www.youtube.com/channel/UC_aEa8K-EOJ3D6gOs7HcyNg
...
https://www.youtube.com/watch?v=rxHQLFW4CBM
https://github.com/bahaabdelwahed/killshot
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Why KillShot ?
You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot
This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe And Linux Log clear script To change the content of login paths Spider can help you to find parametre of the site and scan xss and sql
Linux Setup
git clone https://github.com/bahaabdelwahed/killshot
cd killshot
ruby setup.rb (if setup show any error just try to install the gems/tool manual )
ruby killshot.rb
Windows Setup
Download ruby for windows == https://rubyinstaller.org/downloads/
Download Cmder here == http://cmder.net/
Download Curl For 64/32 == https://curl.haxx.se/windows/
Download nmap == https://nmap.org/download.html
Enjoy !
...
https://www.youtube.com/watch?v=1-3UpgyMrTs