SOLDIERX.COM Nobody Can Stop Information Insemination

Overview:
PowerUp is a powershell tool to assist with local privilege escalation on Windows systems. It contains several methods to identify and abuse vulnerable services, as well as DLL hijacking opportunities, vulnerable registry settings, vulnerable schtasks, and more.

Note:
This tool is now a part of the veil framework's power tools suite.

Overview:
This tool is first an LLMNR and NBT-NS responder, it will answer to *specific* NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only answers to File Server Service request, which is for SMB. The concept behind this, is to target our answers, and be stealthier on the network. This also helps to ensure that we don’t break legitimate NBT-NS behavior. You can set the -r option to 1 via command line if you want this tool to answer to the Workstation Service request name suffix.

Tutorials:
https://www.trustwave.com/Resources/SpiderLabs-Blog/Owning-Windows-Netwo...
https://www.trustedsec.com/july-2013/wpad-man-in-the-middle-clear-text-p...

Overview:
Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (for instance NMB, SMB1-3 and MS-DCERPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.

Featured Protocols:
Ethernet, Linux "Cooked" capture.
IP, TCP, UDP, ICMP, IGMP, ARP. (IPv4 and IPv6)
NMB and SMB1/2/3 (high-level implementations).
DCE/RPC versions 4 and 5, over different transports: UDP (version 4 exclusively), TCP, SMB/TCP, SMB/NetBIOS and HTTP.
Portions of the following DCE/RPC interfaces: Conv, DCOM (WMI, OAUTH), EPM, SAMR, SCMR, RRP, SRVSC, LSAD, LSAT, WKST, NRPC.

Extra Information:
The examples folders have many pre-built tools that can be used for various things such as pass the hash, dumping domain hashes, and golden ticket.

Teensy Penetration Testing Payload
===================================

This Teensy sketch demonstrates the use of NUM / Scroll / CAPS Lock LEDs to communicate
back and forth between a Windows computer and the Teensy. Using this method, we can "check"
for success on execution of scripts, and get the Teensy to react accordingly.

peensy.ino
-----------
Requires a Teensy with a soldered SD, and optional DIP switch. More details about this can be
found here - http://www.offensive-security.com/offsec/advanced-teensy-penetration-tes....
Make sure to choose: Tools-> USB Type -> Disk (SD Card) for the SD to kick in as a USB Storage device.

peensy-stand-alone.ino
-----------------------
Will work on an unmodified Teensy. We simply stripped out all the SD card and DIP switch relevant code.

utils/teensy-payload-split.sh
-----------------------------
Crude bash script to convert binary files for transfer from the Teensy SD to Windows, using echo commands.
This utility should only be used when you are not mounting the SD Storage as a USB Storage device.
File transfer rate is at around 22 kb/minute. A 100k byte file could take around 5 minutes to be transferred.

Note: This peensy code has been cannibalized from multiple sources, including and not limited to :

-- Social Engineering Toolkit
-- Kautilya
-- IronGeeks PHUKD library
-- Various resources on the net.

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.

Core:
Automated Crawler and Vulnerability Scanner
Consistent UI
Website Crawler
Intercepting Proxy
SSL MITM
Content Analysis
Extensibility through a Powerful Javascript Module API
Customizable alerts
Database and Shared Data Model

Modules:
Cross Site Scripting (XSS)
SQL Injection
Directory Traversal
URL Injection
Error Detection
File Uploads
Sensitive Data Discovery

LFI ExplOiter is an open source penetration testing tool that automates the process of detecting and exploiting Local FIle Inclusion.

ExploitPack, an open source GPLv3 licensed bundle of scripts with an easy to use GUI and a SID IDE; it’s built on JAVA and Python.
ExploitPack uses SWT and it is integrated as part of the Eclipse plug-in API, for standalone application development it is best to develop against the SWT standalone download.

Bricks is a deliberately vulnerable web application built on PHP and MySQL.
The project focuses on variations of commonly seen application security vulnerabilities and exploits.
Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).
The mission is to 'break the bricks' and thus learn the various aspects of web application security.

License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?

Project Leader(s):
Abhi M Balakrishnan

Get UWAMP. There are three options:
Exe/Install: Around 20 MB and has an installer. It can be installed just like installing any other software.
Portable RAR: Around 30 MB, portable. No installation needed, just extract and run. 7-Zip is a good software for handling RAR files.
Portable ZIP: Around 55 MB, portable. No installation needed, just extract and run.

Download Bricks and extract it.
Copy the bricks folder into the UwAmp\www directory.
Run uWAMP.exe and Start running the server.
Create a new database for Bricks:
Click on the PHPMyAdmin button on the UWAMP interface, or go to http:///mysql/ on browser.
Any name can be used for database. For example: bricks. Fill up the name and click on Create button.
Click on the www Site button on the UWAMP interface, or go to http:///bricks/ on browser.
Bricks will redirect automatically to http:///bricks/config/.
Fill in the configuration details:
Database username: root
Database password: root in uWAMP. Keep it blank in the xase of XAMPP
Database name: bricks
Database host: localhost
Show executed commands: checked by default
Click on Submit button and a file, LocalSettings.php, will get downloaded. Place this file in the UwAmp\www directory.