Search the Community

BetterBackdoor A backdoor is a tool used to gain remote access to a machine. Typically, backdoor utilities such as NetCat have 2 main functions: to pipe remote input into cmd or bash and output the response. This is useful, but it is also limited. BetterBackdoor overcomes these limitations by including the ability to inject keystrokes, get screenshots, transfer files, and many other tasks. Features BetterBackdoor can create and control a backdoor. This created backdoor can: Run Command Prompt commands Run PowerShell scripts Run DuckyScripts to inject keystrokes Exfiltrate files based on the extension Exfiltrate Microsoft Edge and WiFi passwords Send and receive files to and from the victim’s computer Start a KeyLogger Get a screenshot of the victim’s computer Get text copied to victim’s clipboard Get contents from a victim’s file (cat) This backdoor uses a client and server socket connection to communicate. The attacker starts a server and the victim connects to this server as a client. Once a connection is established, commands can be sent to the client in order to control the backdoor. To create the backdoor, BetterBackdoor: Creates ‘run.jar’, the backdoor jar file, and copied it to directory ‘backdoor’. Appends a text file containing the server’s IPv4 address to ‘run.jar’. If desired, copies a Java Runtime Environment to ‘backdoor’ and creates batch file ‘run.bat’ for running the backdoor in the packaged Java Runtime Environment. To start the backdoor on a victim PC, transfer all files from the directory ‘backdoor’ onto a victim PC. If a JRE is packaged with the backdoor, execute run.bat, otherwise execute run.jar. This will start the backdoor on the victim’s PC. Once running, to control the backdoor you must return to BetterBackdoor and run option 1 at the start while connected to the same WiFi network as the victim’s computer. Changelog v1.13.1 Updated documentation Changed package name Fixed a bug with removing files [hide][Hidden Content]]

Introduction King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. Its flexible architecture allows you the full control over both emails and server content. “King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.” Features: Fully open source means there’s no limits on use Run multiple phishing campaigns simultaneously View detailed graphs regarding the campaign results Send email with embedded images for a more legitimate appearance Optional Two-Factor authentication Highly flexible to accommodate different phishing goals Powerful template system using the Jinja2 engine Ability to capture credentials SMS alerts regarding campaign status Web page cloning capabilities Integrated Sender Policy Framework (SPF) checks Easy installation without setting up an additional web server Geo location of phishing visitors Send email with calendar invitations Plugin support for extending both the Client/Server Fixed broken references to start_process Fixed a KeyError when creating a campaign for the first time (see: #365) Updated SQLAlchemy and Jinja2 libraries for security patches [HIDE][Hidden Content]]