dazzleUP – A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. dazzleUP detects the following vulnerabilities.Exploit ChecksThe first feature of dazzleUP is that it uses Windows Update Agent API instead of WMI (like others) when finding missing patches. dazzleUP checks the following vulnerabilities. DCOM/NTLM Reflection (Rotten/Juicy Potato)Read More

TrustJack – Yet Another PoC For Hijacking DLLs in Windows

Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windowsBlogpost: https://redteamer.tips/?p=108To be used with a cmd that does whatever the F you want, for a dll that pops cmd, https://github.com/jfmaes/CMDLL. check the list in wietze’s site to check how you should call your dll.will automatically create c:Windows System32 and drop your dll and chosen binary in there, followed by execution.Read More

WiFi Passview v4.0 – An Open Source Batch Script Based WiFi Passview For Windows!

WiFi Passview is an open-source batch script-based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview software such as webpassview and mailpassview. Visit WikiDisclaimer: WiFi Passview is NOT designed for malicious use! Please use this program responsibly!HowRead More

X64Dbg – An Open-Source X64/X32 Debugger For Windows

An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog!Screenshots Installation & Usage Download a snapshot from GitHub, SourceForge orRead More

Debotnet – A Tiny Portable Tool For Controlling Windows 10’s Many Privacy-Related Settings And Keep Your Personal Data Private

A free and portable tool for controlling Windows 10’s many privacy-related settings and keep your personal data private. Your preparation for the Net!The Windows 10 default privacy settings leave a lot to be desired when it comes to protecting you and your private information. Whenever I set up a new computer or update a currentRead More

UsoDllLoader – Windows – Weaponizing Privileged File Writes With The Update Session Orchestrator Service

2020-06-06 Update: this trick no longer works on the latest builds of Windows 10 Insider Preview. This means that, although it still works on the mainstream version of Windows 10, you should expect it to be patched in the coming months. DescriptionThis PoC shows a technique that can be used to weaponize privileged file writeRead More

JSshell – A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell – a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, …This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell – a tool to get a JavaScript shell with XSSRead More

Hidden-Cry – Windows Crypter/Decrypter Generator With AES 256 Bits Key

Windows Crypter/Decrypter Generator with AES 256 bits key Features: Works on WAN: Port Forwarding by Serveo.net Fully Undetectable (FUD) -> Don’t Upload to virustotal.com! Legal disclaimer:Usage of Hidden-Cry for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liabilityRead More

Evilreg – Reverse Shell Using Windows Registry Files (.Reg)

Reverse shell using Windows Registry file (.reg). Features: Reverse TCP Port Forwarding using Ngrok.io Requirements: Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signup Your authtoken is available on your dashboard: https://dashboard.ngrok.com Install your auhtoken: ./ngrok authtoken <YOUR_AUTHTOKEN> Target must reboot/re-login after installing the .reg file Legal disclaimer:Usage of Evilreg for attacking targets without priorRead More

Lockphish – A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it’s the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer:Usage of Lockphish for attacking targets without prior mutualRead More

X