Posh-SecModule

This module is a PowerShell v3 only module at the moment. The module is a collection of functions that I have found usefull in my day to day work as a security professional. The functions are broken in to functionality:

  • Discovery: Perform network discovery.
  • Parse: Parsers for Nmap, DNSRecon and other type of output files from security tools.
  • PostExploitation: Functions to help in performing post exploitation tasks.
  • Registry: Collection of functions for manipulating the registry in remote hosts using WMI.
  • Nessus: Collection of assemblies and functions for automating the Nessus Vulnerability Scanner.
  • Utilities: General purpose functions.
  • Audit: Functions that may be usful when performing audit of systems.
  • Database: Functions that are useful when interacting with databases.
  • Shodan: Functions for doing discovery using Shodan using a valid API key.
  • VirusTotal: Functions for Interacting with Virus Total using a valid API key.
  • Metasploit: Functions for automating Metasploit Framework and the comercial version using the XMLRPC API.

Download:

iex (New-Object Net.WebClient).DownloadString(„https://gist.github.com/darkoperator/6404266/raw/982cae410fc41f6c64e69d91fc3dda777554f241/gistfile1.ps1“)

More information:

https://github.com/darkoperator/Posh-SecMod

 

Norse

http://map.ipviking.com/

Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors. At a glance, one can see which countries are aggressors or targets at the moment, using which type of attacks (services-ports).

Hovering over the ATTACK ORIGINS, ATTACK TARGETS, or ATTACK TYPES will highlight just the attacks emanating from that country or over that service-port respectively. Hovering over any bubble on the map, will highlight only the attacks from that location and type. Press S to toggle table sizes.

Norse exposes its threat intelligence via high-performance, machine-readable APIs in a variety of forms. Norse also provides products and solutions that assist organizations in protecting and mitigating cyber attacks.

norse

Variables que se utilizan en los RFI

Variables que se utilizan en los RFI:

 
Consulta para sacar las variables:

 

Vulnerabilidad explotada WebDAV

Si intentamos acceder a una carpeta protegida con „Autenticación de Windows integrada“ y no conocemos el usuario y el password obtenemos esta respuesta del servidor:

 
Y en el servidor obtenemos esta entrada:

 
Explotando la vulnerabilidad en WebDAV, obtenemos acceso:

 
Logramos ver el contenido de password.txt.

Para explotar la vulnerabilidad hemos modificado Cadaver.