
[In]Seguridad Informática => Bugs y Exploits => Mensaje iniciado por: Mayk0 en Junio 15, 2013, 02:44:04 PM

Título: Netool.sh V3.0 - Priv8 exploits
Publicado por: Mayk0 en Junio 15, 2013, 02:44:04 PM

[ netool.sh V3.0 r00tsect0r priv8 automated exploit's ]
'this tutorial will focus on exploiting remote/local target's '
'this version (netool.sh V3.0) will be released in 01-jul-2013'...

netool.sh is a script in bash to automate frameworks like Nmap,Driftnet,SSLstrip and ettercap MITM attacks also uses macchanger to decoy scans, then uses nmap to search for a specified port open in external lan storing a log file under [opensource/logs] folder.

this script makes it easy tasks such as SNIFFING, MITM, SSLsniff, retrieve metadata from target website, DoS attacks inside the external/local network, can also perform TCP/UDP packets manipulation using etter.filters, see/change your mac address, change my PC hostname, also as the hability of capture pictures of webbrowser surfing on the target machine under MITM attack, performs a vuln scan to target website using websecurify addon or using "webcrawler.py" script, also uses [msfpayload+msfencode+msfcli] to have remote control of target machine, also came with [root3.rb] meterpreter ruby auxiliary script,and a module for install/edit the meterpreter script and upgrade metasploit database automatic, search for target geolocation, search for admin login page, website directorys,webshells.php planted on website,common file upload vulns scanner (LFI), search for xss vuln websites (dorking)...
' Please read my WIKI for installation process '

Show Local Connections
Nmap Scanner menu
-> sub-menu
-> Ping target
-> Show my Ip address
-> See/change mac address
-> change my PC hostname
-> Scan Local network
-> Scan external lan for hosts
-> Scan a list of targets (list.txt)
-> Scan remote host for vulns
-> Execute Nmap command
-> Search for target geolocation
Open router config
Ip tracer whois
DDoS java Script
Retrieve metadata
Exploitation Target menu
-> sub-menu
-> Make/encode payloads [metasploit]
-> Install/edit [root3.rb] script
-> Start a listener [metasploit]
r00tsect0r priv8 automated exploits
-> sub-menu
-> package.deb backdoor
-> fakeupdate.exe [dns-spoof+mitm+phishing]
-> clone website target [iframe phishing attack]
-> clone website login page [phishing+keylooging]
-> windows.exe payload
-> mac osx payload
-> linux payload
-> java signed applet [multi-operative systems exploit]
-> webshell.php [webshell.php backdoor]
Config ettercap
Launch MITM
show URLs visited
Sniff remote pics
Sniff SSL passwords
DoS attack {local}
Compile etter.filters
execute ettercap filter
-> sub-menu
-> Agressive Directory Scanner
-> Fast Directory Scanner
-> Admin Page Finder
-> WebShell.php Scanner
-> File Upload Scanner (LFI)
-> Retrieve target headers
-> Website Scraping
-> Dork for XSS vuln websites
d. delete lock folders
a. about netool
q. quit

Relevant links:
Home:[ http://sourceforge.net/projects/netoolsh/?source=navbar ]
Wiki: [ hhttp://sourceforge.net/p/netoolsh/wiki/netool.sh%20script%20project/ ]
report bugs: [ http://sourceforge.net/p/netoolsh/discussion/general/thread/928a3086/?limit=50#2ac6 ]
Download [ netool.sh ] for backtrack-distros: [ http://sourceforge.net/projects/netoolsh/files/opensource%20%28backtrack%29.tar.gz/download ]
vid tuto "install on backtrack": [ http://www.youtube.com/watch?v=aabaHBEKZN0 ]
' this project is still under development, new modules and upgrades wiil be add in the future '

[ r00tsect0r ]