Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      0x1

      Conformer v0.6.1

      1 post in this topic

      Hidden Content

        Give reaction to this post to see the hidden content.

      Conformer is a penetration testing tool, mostly used for external assessments to perform password based attacks against common webforms. 
      Conformer was created from a need for password guessing against new web forms, without having to do prior burp work each time, and wanting to automate such attacks. 
      Conformer is modular with many different parameters and options that can be customized to make for a powerful attack. Conformer has been used in countless assessments to obtain valid user credentials for accessing the internal environment through VPN, other internal resources or data to further the assessment.

      About Mikhail Burshteyn

      Mikhail Burshteyn is a security consultant at CDW, performing Penetration Tests. Mikhail currently performs External, Internal, Wireless, and Social Engineering assessments, testing the capabilities for wide range of clients and industries. He is interested in research in various security topics, including Networking, Web Apps, and Active Directory.

      Key features:

          Basic Detection of Web Portals
          Modular

      •         SonicWallVOffice (SonicWall Virtual Office)
      •         CiscoSSLVPN
      •         Netscaler (Citrix Netscaler)
      •         OWA (Versions 2013/2016)
      •         Gmail (mail.google.com)
      •         Office365 (outlook.office.com)
      •         PaloAlto (GlobalProtect VPN)
      •         SharePoint (Not Office365 integrated)
      •         XenMobile
      •         AUTO (Autodetect module) (Can't be used with disable_check flag)
      •         SMB (Windows Auth. / supports NT Hash)

          Password=Username option
          Combo File option
          Threading

          Non-standard Ports
          Log and Debug files
          modules and parameters are case insensitive.
          Additional Parameters can be added besides username and password.

      Syntax

      Hidden Content

        Give reaction to this post to see the hidden content.

      Conformer at a bare minimum needs to be provided a host, username/file, password/file and module

      Ex.
      conformer.sh outlook.office.com ~/path/to/username/file Password1 Office365
      conformer.sh 192.168.10.5 testuser Password1 SMB

      Each Conformer module has a function that performs a basic check if the webpage has the portal password guessing is attempted on, (this can be bypassed with the "disable_check" parameter, should be used if basic check is wrong and falls to identify the portal as correct.)

      Ex. 
      # In this example, conformer is being used against google.com with the CiscoSSLVPN, the expected reply is that the portal is not compatible.
      conformer.sh google.com testuser Password1 CiscoSSLVPN
      Either not a CiscoSSLVPN portal, or not compatible version.
      Exiting...

      Download && Source :

      Hidden Content

        Give reaction to this post to see the hidden content.

      • Like 6

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this