A CTF web challenge about making screenshots. It is inspired by a bug found in real life. The challenge was created by @LiveOverflow for https://cscg.de/. Watch the video writeup here: https://www.youtube.com/watch?v=FCjMoPpOPYI Run the challenge To run the challenge you have to install docker-compose: docker-compose up Once the servicses are running, you should be able toRead More
Eyeballer is meant for large-scope network penetration tests where you need to find “interesting” targets from a huge set of web-based hosts. Go ahead and use your favorite screenshotting tool like normal (EyeWitness or GoWitness) and then run them through Eyeballer to tell you what’s likely to contain vulnerabilities, and what isn’t. Example Labels Old-LookingRead More
Depix is a tool for recovering passwords from pixelized screenshots. This implementation works on pixelized images that were created with a linear box filter. In this article I cover background information on pixelization and similar research. Example python depix.py -p images/testimages/testimage3_pixels.png -s images/searchimages/debruinseq_notepad_Windows10_closeAndSpaced.png -o output.png Usage Cut out the pixelated blocks from the screenshot asRead More
A new tool for collecting RDP, web and VNC screenshots all in one place This tool is still a work-in-progress and should be mostly usable but is not yet complete. Please file any bugs or feature requests as GitHub issues Caveats Web screenshotting relies on Chromium or Google Chrome being installed Motivation Since Eyewitness recentlyRead More
Capture user screenshots using shortcut file (Bypass SmartScreen/Defender). Suport Multi-monitor Legal disclaimer:Usage of ScreenSpy for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this programInstall gitRead More
Script to generate Win32 .exe file to take screenshots every ~10 seconds. Features: Works on WAN: Port Forwarding by Serveo.net Fully Undetectable (FUD) -> Don’t Upload to virustotal.com! Legal disclaimer:Usage of SpyEye for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws.Read More
