Metasploit
Identifies potential exploits and provides ability to execute;
Netcat
Creates communication channels between two systems; Installed on linux, Install Nmap on windows to access ncat command; Put a system into listening state for remote connection later; Listening over ports; Remote connection to devices;
Impacket
Used to craft network packets and perform network exploitation tasks; From Github; Has builtin scripts; [MOST USEFUL AFTER ENUMERATING A LOGIN AND PASSWORD] EG SMBClient manipulation and renumeration; AD Directory user ID enumeration; Password Hash Enumeration; Exploit WMIExec;
CRACKMAPEXEC
Uses protocols (SMB, LDAP, WInRM, MSSQL) to collect information about a group of systems; Discover computers on a network; Dictionary Attacks; Retrieve SAM databases; Executable with hashes or passwords;
MSFVenom
Generate Custom Payloads; Reverse Connections; Send malware to systems that when executed will connect back your machine (The Listener); Once connected execute file system commands, networking commands, system commands (clear logs!), Keylogging, Screenshots, Webcam access, Elevate commands, and much more;
Hydra – Brute Force Passwords;
Responder – Poisoning Attacks; Retrieve Hashes;
John – CrackHashes;
hping – custom ping messages;
Leave a Reply