Pantheon - Insecure Camera Parser

Pantheon is a GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras.

Functionalities

Pantheon allows users to execute an API crawler. There was original functionality without the use of any API's (like Insecam), but Google TOS kept getting in the way of the original scraping mechanism.

Installation

1. git clone https://github.com/josh0xA/Pantheon.git
2. cd Pantheon
3. pip3 install -r requirements.txt
   Execution: python3 pantheon.py

• Note: I will later add a GUI installer to make it fully indepenent of a CLI

Windows

• You can just follow the steps above or download the official package here.
• Note, the PE binary of Pantheon was put together using pyinstaller, so Windows Defender might get a bit upset.

Ubuntu

• First, complete steps 1, 2 and 3 listed above.
  
• chmod +x distros/ubuntu_install.sh
• ./distros/ubuntu_install.sh

Debian and Kali Linux

• First, complete steps 1, 2 and 3 listed above.
  
• chmod +x distros/debian-kali_install.sh
• ./distros/debian-kali_install.sh

MacOS

• The regular installation steps above should suffice. If not, open up an issue.

Usage

(Enter) on a selected IP:Port to establish a Pantheon webview of the camera. (Use this at your own risk)

(Left-click) on a selected IP:Port to view the geolocation of the camera.
(Right-click) on a selected IP:Port to view the HTTP data of the camera (Ctrl+Left-click for Mac).

Adjust the map as you please to see the markers.

• Also note that this app is far from perfect and not every link that shows up is a live-feed, some are login pages (Do NOT attempt to login).
  

Ethical Notice

The developer of this program, Josh Schiavone, is not resposible for misuse of this data gathering tool. Pantheon simply provides information that can be indexed by any modern search engine. Do not try to establish unauthorized access to live feeds that are password protected - that is illegal. Furthermore, if you do choose to use Pantheon to view a live-feed, do so at your own risk. Pantheon was developed for educational purposes only. For further information, please visit: https://joshschiavone.com/panth_info/panth_ethical_notice.html

Licence

MIT License
Copyright (c) Josh Schiavone

Nim-Shell - Reverse Shell That Can Bypass Windows Defender Detection

Reverse shell that can bypass windows defender detection

$ apt install nim

Compilation

nim c -d:mingw --app:gui nimshell.nim

Change the IP address and port number you want to listen to in the nimshell.nim file according to your device.

and listen

 $ nc -nvlp 4444

Tiny_Tracer - A Pin Tool For Tracing API Calls Etc

A Pin Tool for tracing:

• API calls, including parameters of selected functions
• selected instructions: RDTSC, CPUID, INT
• inline system calls, including parameters of selected syscalls
• transition between sections of the traced module (helpful in finding OEP of the packed module)

Bypasses the anti-tracing check based on RDTSC.

Generates a report in a .tag format (which can be loaded into other analysis tools):

RVA;traced event

i.e.

345c2;section: .text
58069;called: C:\Windows\SysWOW64\kernel32.dll.IsProcessorFeaturePresent
3976d;called: C:\Windows\SysWOW64\kernel32.dll.LoadLibraryExW
3983c;called: C:\Windows\SysWOW64\kernel32.dll.GetProcAddress
3999d;called: C:\Windows\SysWOW64\KernelBase.dll.InitializeCriticalSectionEx
398ac;called: C:\Windows\SysWOW64\KernelBase.dll.FlsAlloc
3995d;called: C:\Windows\SysWOW64\KernelBase.dll.FlsSetValue
49275;called: C:\Windows\SysWOW64\kernel32.dll.LoadLibraryExW
4934b;called: C:\Windows\SysWOW64\kernel32.dll.GetProcAddress
...

How to build

On Windows

To compile the prepared project you need to use Visual Studio >= 2012. It was tested with Intel Pin 3.28.
Clone this repo into \source\tools that is inside your Pin root directory. Open the project in Visual Studio and build. Detailed description available here.
To build with Intel Pin < 3.26 on Windows, use the appropriate legacy Visual Studio project.

On Linux

For now the support for Linux is experimental. Yet it is possible to build and use Tiny Tracer on Linux as well. Please refer tiny_runner.sh for more information. Detailed description available here.

Usage

 Details about the usage you will find on the project's Wiki.

WARNINGS

• In order for Pin to work correctly, Kernel Debugging must be DISABLED.
• In install32_64 you can find a utility that checks if Kernel Debugger is disabled (kdb_check.exe, source), and it is used by the Tiny Tracer's .bat scripts. This utilty sometimes gets flagged as a malware by Windows Defender (it is a known false positive). If you encounter this issue, you may need to exclude the installation directory from Windows Defender scans.
• Since the version 3.20 Pin has dropped a support for old versions of Windows. If you need to use the tool on Windows < 8, try to compile it with Pin 3.19.

Questions? Ideas? Join Discussions!

AD_Enumeration_Hunt - Collection Of PowerShell Scripts And Commands That Can Be Used For Active Directory (AD) Penetration Testing And Security Assessment

Description

Welcome to the AD Pentesting Toolkit! This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment. The scripts cover various aspects of AD enumeration, user and group management, computer enumeration, network and security analysis, and more.

The toolkit is intended for use by penetration testers, red teamers, and security professionals who want to test and assess the security of Active Directory environments. Please ensure that you have proper authorization and permission before using these scripts in any production environment.

Everyone is looking at what you are looking at; But can everyone see what he can see? You are the only difference between them… By Mevlânâ Celâleddîn-i Rûmî

Features

• Enumerate and gather information about AD domains, users, groups, and computers.
• Check trust relationships between domains.
• List all objects inside a specific Organizational Unit (OU).
• Retrieve information about the currently logged-in user.
• Perform various operations related to local users and groups.
• Configure firewall rules and enable Remote Desktop (RDP).
• Connect to remote machines using RDP.
• Gather network and security information.
• Check Windows Defender status and exclusions configured via GPO.
• ...and more!

Usage

1. Clone the repository or download the scripts as needed.
2. Run the PowerShell script using the appropriate PowerShell environment.
3. Follow the on-screen prompts to provide domain, username, and password when required.
4. Enjoy exploring the AD Pentesting Toolkit and use the scripts responsibly!

Disclaimer

The AD Pentesting Toolkit is for educational and testing purposes only. The authors and contributors are not responsible for any misuse or damage caused by the use of these scripts. Always ensure that you have proper authorization and permission before performing any penetration testing or security assessment activities on any system or network.

License

This project is licensed under the MIT License. The Mewtwo ASCII art is the property of Alperen Ugurlu. All rights reserved.

Cyber Security Consultant

Alperen Ugurlu

Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase

Anti Forensics Tool For Red Teamers, Used For Erasing Some Footprints In The Post Exploitation Phase.

Reduces Payload Burnout And Increases Detection Countdown. Can Be Used To Test The capabilities of Your Incident Response / Forensics Teams.

Capabilities

• Unloading Sysmon Driver.
• Gutmann Method File Shredding.
• USNJrnl Disabler.
• Prefetch Disabler.
• Log Eraser and Event log Disabler.
• User Assist Update Time Disabler.
• Access Time Disabler.
• Clear Recent Items
• Clear Shim Cache
• Clear RecentFileCache
• Clear ShellBag
• Delete Windows Defender Quarantine Files
• File Melting Capabilities.

Important Update

Added:

• Clear Recent Items
• Clear Shim Cache
• Clear RecentFileCache
• Clear ShellBag
• Clear Quanatine Files

TODO

• USNJRnl Execution On All Disk Drives.

• Unallocated Space ReWriting.

• A Bit of Polishing.

Credits

https://github.com/Naranbataar/Corrupt

https://github.com/LloydLabs/delete-self-poc

https://github.com/OsandaMalith/WindowsInternals/blob/master/Unload_Minifilter.c

https://stackoverflow.com/users/15168/jonathan-leffler

https://github.com/GiovanniDicanio/WinReg

PowerMeUp - A Small Library Of Powershell Scripts For Post Exploitation That You May Need Or Use!

This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not be responsible for your actions. Also this reverse shell currently is not detected by Windows Defender. If you want to use this make sure to detup a Digital Ocean VPS and have the script connect back there or your C2. Happy Hacking!

Key Features

• Reverse Shell
  • Simply Change The IP & Port & Let It Do Its Magic
• Blue Screen Of Death (BSOD)
  • Basically will call winit.exe and give a blue screen and shutdown the computer
• Disable Windows Defender (Needs Admin Priv Of Course)
• Get Computer Information
• Disable Input (Needs Admin Priv)
• Disable Monitor
• Exclude File Extensions (Needs Admin Priv)
• Exclude Folder (Needs Admin Priv)
• Exclude Process (Needs Admin Priv)
• Get USB History
• GPS Location (Gets The Lat & Long Then Performs A Reverse GEO Lookup & Spits Out The Exact Address)
• Grab Wifi Credentials
• Ifconfig
• List Antivirus Running
• List External IP
• Logoff
• Mayham Window Popup
• Send A Message Box
• Network Scan (Internall Scan The Network For Open Ports & IPs)
• Restart
• Rickroll
• Scare Window
• Screenshot The Screen
• Syatem Time
• Webcam List

How To Use

To run this application, you'll need the powerreverse.ps1 file executed on target pc.

# Install This Repository
$ Download The Code By Pressing Download ZIP

# Clone this repository
$ git clone https://github.com/ItsCyberAli/PowerMeUp.git

# Take One Of The Functions Like This & Copy Paste Into PowerReverse
$ You Will See The Screenshot Below Has The PowerReverse file and inside I added the BSOD.ps1 function
that I copy pasted inside of the powerreverse.ps1 so that we can call & use it when we execute on target PC.
You can mix & match what features you want in the reverse shell just make sure there is no references right above the function call 
it will say references and if it says 0 you are fine if it says 1 or more simply change the function name. When reverse shell
executes and you want to execute a specific feature simply call the function name and in our case inside the VPS sim   ply type bsod 
and it will execute it or whateber you named the function!


# Change The LHOST & LPORT Inside Of The PowerReverse File
$LHOST = "YOUR C2 IP"
$LPORT = #Your Port Without Quotations

# Start A Netcat Listener Or Your Own Implementation Of A Listener On VPS Or C2 & Enjoy!
$ nc -l -p <port you chose> (Just A Netcat Listener In Your VPS Not Needed If You Use Another Method!)

Download

You can download the code from the top right, it will give you all the code needed in a ZIP file.

Reach Me Here

If you want to discuss any topics or need some help I am very active and can get back to you within 24 hours or less And Setup A Date & Time To Help With Whatever It Is You Need, I Am Also Open To Collab On Projects I Feel Are Worth My Time And Of My Interest As Well!!

• Twitter @ItsCyberAli
• GitHub @ItsCyberAli