News Ticker

Latest Posts

Clrinject - Injects C# EXE Or DLL Assembly Into Every CLR Runtime And AppDomain Of Another Process

- Wednesday, October 10, 2018 No Comments

Injects C# EXE or DLL Assembly into any CLR runtime and AppDomain of another process. The injected assembly can then access static instances of the injectee process's classes and therefore affect it's internal state.

Usage
clrinject-cli.exe -p <processId/processName> -a <assemblyFile>
Opens process with id <processId> or name <processName>, inject <assemblyFile> EXE and execute Main method.

Additional options
  • -e Enumerates all loaded CLR Runtimes and created AppDomains.
  • -d <#> Inject only into <#>-th AppDomain. If no number or zero is specified, assembly is injected into every AppDomain.
  • -i <namespace>.<className>Create an instance of class <className> from namespace <namespace>.

Examples

Usage examples
  • clrinject-cli.exe -p victim.exe -e
    (Enumerate Runtimes and AppDomains from victim.exe)
  • clrinject-cli.exe -p 1234 -a "C:\Path\To\invader.exe" -d 2
    (Inject invader.exe into second AppDomain from process with id 1234)
  • clrinject-cli.exe -p victim.exe -a "C:\Path\To\invader.dll" -i "Invader.Invader"
    (Create instance of Invader inside every AppDomain in victim.exe)
  • clrinject-cli64.exe -p victim64.exe -a "C:\Path\To\invader64.exe"
    (Inject x64 assembly into x64 process)

Injectable assembly example
Following code can be compiled as C# executable and then injected into a PowerShell process. This code accessees static instances of internal PowerShell classes to change console text color to green.
using System;
using System.Reflection;

using Microsoft.PowerShell;
using System.Management.Automation.Host;

namespace Invader
{
    class Invader
    {
        static void Main(string[] args)
        {
            try
            {
                var powerShellAssembly = typeof(ConsoleShell).Assembly;
                var consoleHostType = powerShellAssembly.GetType("Microsoft.PowerShell.ConsoleHost");
                var consoleHost = consoleHostType.GetProperty("SingletonInstance", BindingFlags.Static | BindingFlags.NonPublic).GetValue(null);

                var ui = (PSHostUserInterface)consoleHostType.GetProperty("UI").GetValue(consoleHost);
                ui.RawUI.ForegroundColor = ConsoleColor.Green;
            }
            catch (Exception e)
            {
                Console.WriteLine(e.ToString());
            }
        }
    }
}
Injection command:
clrinject-cli64.exe -p powershell.exe -a "C:\Path\To\invader64.exe"

Result:


Note: Tools ini belum kami uji, jika ada pertanyaan silahkan kunjungi langsung link di bawah ini.

ANDRAX - The First And Unique Penetration Testing Platform For Android Smartphones

- Tuesday, October 9, 2018 No Comments

ANDRAX The first and unique Penetration Testing platform for Android smartphones
What is ANDRAX
ANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!
Why is Android so powerful?
Simple, everyone has a smartphone and spends all the time with it! We have the possibility to camouflage easily in the middle of everyone, the processor architecture of most Android smartphones is ARM a modern and robust architecture extremely superior to the rest, With touch screens we can run the tools with great agility and take advantage of the graphical interface of Android, we can get in almost anywhere with our smartphones...
In technical terms, ANDRAX and NetHunter should never be compared, ANDRAX is a penetration testing platform for Android smartphones and NetHunter is just a Debian emulator running with chroot.
Termux is not our enemy, Termux is an application that allows installation of many Linux packages using a Debian environment running natively on Android.
ANDRAX and Termux have a similar development, ANDRAX and Termux share many libs and GNU/Linux resources.
But Termux is not a penetration testing platform, it's software to bring basic tools found in a Debian environment. Penetration tests are not something basic! But advanced techniques that involve advanced tools and a advanced environment to conduct good tests!
So you can install many tools manually in Termux but it would be extremely difficult to optimize and configure them to take 100% of the required potential for penetration testing.
Termux runs without root privileges and this makes it very difficult to use advanced tools. 

Features and Tools

Tool list

Information Gathering

  • Whois
  • Bind DNS tools
  • Dnsrecon
  • Raccoon
  • DNS-Cracker
  • Firewalk

Scanning

  • Nmap - Network Mapper
  • Masscan
  • SSLScan
  • Amap


Packet Crafting

  • Hping3
  • Nping
  • Scapy
  • Hexinject
  • Ncat
  • Socat


Network Hacking

  • ARPSpoof
  • Bettercap
  • MITMProxy
  • EvilGINX2


WebSite Hacking

  • 0d1n
  • Wapiti3
  • Recon-NG
  • PHPSploit
  • Photon
  • XSSer
  • Commix
  • SQLMap
  • Payloadmask
  • AbernathY-XSS


Password Hacking

  • Hydra
  • Ncrack
  • John The Ripper
  • CRUNCH


Wireless Hacking

  • VMP Evil AP
  • Aircrack-NG Tools
  • Cowpatty
  • MDK3
  • Reaver


Exploitation

  • MetaSploit Framework
  • RouterSploit Framework
  • Getsploit
  • OWASP ZSC
  • Rop-TOOL

More...

Advanced Terminal

Advanced and Professional terminal emulator for Hacking!


Dynamic Categories Overlay (DCO)

Beautiful tools category system 





Advanced IDE

Complete support for many programming languages




Information Gathering

Tools for initial informations about the target







Scanning

Tools for second stage: Scanning





Packet Crafting

Tools to craft network packets







Network Hacking

Tools for network hacking





WebSite Hacking

Tools for WebSite and WebApps Hacking












Password Hacking

Tools to break passwords





Wireless Hacking

Tools for Wireless Hacking






Exploitation

Tools for Dev and launch exploits








More info in official site.