DFSCoerce – PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method

PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method (and probably more but am lazy and its just PoC 😛 ). Documentation: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/95a506a8-cae6-4c42-b19d-9c1ed1223979 Inspired by: PetitPotam (@topotam77) https://github.com/topotam/PetitPotam ShadowCoerce (@topotam77 and @_nwodtuhs) https://github.com/ShutdownRepo/ShadowCoerce SpoolSample (@tifkin_) https://github.com/leechristensen/SpoolSample Download DFSCoerce

NTLMRecon – Enumerate Information From NTLM Authentication Enabled Web Endpoints

A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an entire CIDR range or combination ofRead More

Nosferatu – Lsass NTLM Authentication Backdoor

Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process, and will begin hooking authentication WinAPI calls. The targeted function is MsvpPasswordValidate(), located in NtlmShared.dll. In the pursuit of not being detected, the hooked function will call the original function and allow for the normal flow of authentication. OnlyRead More

Raider – Web Authentication Testing Framework

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don’t provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it orRead More

Ssh-Mitm – Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulation

ssh-mitm is an intercepting (mitm) proxy server for security audits. Redirect/mirror Shell to another ssh client supported in 0.2.8 Replace File in SCP supported in 0.2.6 Replace File in SFTP supported in 0.2.3 Transparent proxy support in 0.2.2! – intercepting traffic to other hosts is now possible when using arp spoofing or proxy is usedRead More

Carnivore – Tool For Assessing On-Premises Microsoft Servers Authentication Such As ADFS, Skype, Exchange, And RDWeb

Carnivore is an assessment tool for Skype for Business, Exchange, ADFS, and RDWeb servers as well as some O365 functionality. Carnivore includes some new post-authentication Skype for Business functionality. Released as open source by NCC Group Plc – https://www.nccgroup.com/ Developed by Chris Nevin, [email protected] https://www.github.com/nccgroup/carnivore Released under the AGPL license https://www.github.com/nccgroup/carnivore/license Carnivore – V.1.0.4 MicrosoftRead More

OhMyQR – Hijack Services That Relies On QR Code Authentication

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.Features: Port ForwardingRead More

NTLMRecon – A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints

Note that the tool is still under development. Things may break anytime – hence, beta! A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains.NTLMRecon is built with flexibilty in mind. Need to run reconRead More

X