logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

IT Security Nachrichten vom | Direktlink: feedproxy.google.com Nachrichten Bewertung


Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming.

Installation (Install Script)

Requirements
  • Windows 7 Service Pack 1 or Windows 10
  • 60 GB Hard Drive
  • 2 GB RAM

Recommended
  • Windows 10
  • 80+ GB Hard Drive
  • 4+ GB RAM
  • 2 network adapters
  • Enable Virtualization support for VM

Instructions
  1. Create and configure a new Windows Virtual Machine
  • Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain
  • Take a snapshot of your machine!
  • Download and copy install.ps1 on your newly configured machine.
  • Open PowerShell as an Administrator
  • Enable script execution by running the following command:
    • Set-ExecutionPolicy Unrestricted
  • Finally, execute the installer script as follows:
    • .\install.ps1
    • You can also pass your password as an argument: .\install.ps1 -password <password>
The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.

Installing a new package
Commando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:
cinst github

Staying up to date
Type the following command to update all of the packages to the most recent version:
cup all

Installed Tools

Active Directory Tools
  • Remote Server Administration Tools (RSAT)
  • SQL Server Command Line Utilities
  • Sysinternals

Command & Control
  • Covenant
  • PoshC2
  • WMImplant
  • WMIOps

Developer Tools
  • Dep
  • Git
  • Go
  • Java
  • Python 2
  • Python 3 (default)
  • Ruby
  • Ruby Devkit
  • Visual Studio 2017 Build Tools (Windows 10)
  • Visual Studio Code

Evasion
  • CheckPlease
  • Demiguise
  • DefenderCheck
  • DotNetToJScript
  • Invoke-CradleCrafter
  • Invoke-DOSfuscation
  • Invoke-Obfuscation
  • Invoke-Phant0m
  • Not PowerShell (nps)
  • PS>Attack
  • PSAmsi
  • Pafishmacro
  • PowerLessShell
  • PowerShdll
  • StarFighters

Exploitation
  • ADAPE-Script
  • API Monitor
  • CrackMapExec
  • CrackMapExecWin
  • DAMP
  • EvilClippy
  • Exchange-AD-Privesc
  • FuzzySec's PowerShell-Suite
  • FuzzySec's Sharp-Suite
  • Generate-Macro
  • GhostPack
    • Rubeus
    • SafetyKatz
    • Seatbelt
    • SharpDPAPI
    • SharpDump
    • SharpRoast
    • SharpUp
    • SharpWMI
  • GoFetch
  • Impacket
  • Invoke-ACLPwn
  • Invoke-DCOM
  • Invoke-PSImage
  • Invoke-PowerThIEf
  • Juicy Potato
  • Kali Binaries for Windows
  • LuckyStrike
  • MetaTwin
  • Metasploit
  • Mr. Unikod3r's RedTeamPowershellScripts
  • NetshHelperBeacon
  • Nishang
  • Orca
  • PSReflect
  • PowerLurk
  • PowerPriv
  • PowerSploit
  • PowerUpSQL
  • PrivExchange
  • RottenPotatoNG
  • Ruler
  • SharpClipHistory
  • SharpExchangePriv
  • SharpExec
  • SpoolSample
  • SharpSploit
  • UACME
  • impacket-examples-windows
  • vssown
  • Vulcan

Information Gathering
  • ADACLScanner
  • ADExplorer
  • ADOffline
  • ADRecon
  • BloodHound
  • dnsrecon
  • FOCA
  • Get-ReconInfo
  • GoBuster
  • GoWitness
  • NetRipper
  • Nmap
  • PowerView
    • Dev branch included
  • SharpHound
  • SharpView
  • SpoolerScanner
  • Watson

Networking Tools
  • Citrix Receiver
  • OpenVPN
  • Proxycap
  • PuTTY
  • Telnet
  • VMWare Horizon Client
  • VMWare vSphere Client
  • VNC-Viewer
  • WinSCP
  • Windump
  • Wireshark

Password Attacks
  • ASREPRoast
  • CredNinja
  • DomainPasswordSpray
  • DSInternals
  • Get-LAPSPasswords
  • Hashcat
  • Internal-Monologue
  • Inveigh
  • Invoke-TheHash
  • KeeFarce
  • KeeThief
  • LAPSToolkit
  • MailSniper
  • Mimikatz
  • Mimikittenz
  • RiskySPN
  • SessionGopher

Reverse Engineering
  • DNSpy
  • Flare-Floss
  • ILSpy
  • PEview
  • Windbg
  • x64dbg

Utilities
  • 7zip
  • Adobe Reader
  • AutoIT
  • Cmder
  • CyberChef
  • Explorer Suite
  • Gimp
  • Greenshot
  • Hashcheck
  • Hexchat
  • HxD
  • Keepass
  • MobaXterm
  • Mozilla Thunderbird
  • Neo4j Community Edition
  • Notepad++
  • Pidgin
  • Process Hacker 2
  • SQLite DB Browser
  • Screentogif
  • Shellcode Launcher
  • Sublime Text 3
  • TortoiseSVN
  • VLC Media Player
  • Winrar
  • yEd Graph Tool

Vulnerability Analysis
  • AD Control Paths
  • Egress-Assess
  • Grouper2
  • NtdsAudit
  • PwndPasswordsNTLM
  • zBang

Web Applications
  • Burp Suite
  • Fiddler
  • Firefox
  • OWASP Zap
  • Subdomain-Bruteforce
  • Wfuzz

Wordlists
  • FuzzDB
  • PayloadsAllTheThings
  • SecLists
  • Probable-Wordlists
  • RobotsDisallowed

Changelog:
1.3 - June 28 2019
1.2 - May 31 2019
1.1 - April 30 2019
1.0.2 - April 10 2019
  • Added missing 'seclists.fireeye' package to packages.json #38
1.0.1 - March 31 2019
  • Used https instead of http to install boxstarter #10


...

Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution






➤ Ähnliche Beiträge

  • 1.

    Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

    vom 491.38 Punkte ic_school_black_18dp
    Welcome to CommandoVM - a fully customizable, Windows-based security distribution for penetration testing and red teaming.For detailed install instructions or more information please see our blogInstallation (Install Script)Requirements Windows 7 Servic
  • 2.

    Azure infrastructure as a service (IaaS) for every workload

    vom 291.75 Punkte ic_school_black_18dp
    This week at Microsoft Ignite, we announced several important additions to our Azure infrastructure as a service (IaaS) portfolio. Many companies, including GEICO, H&R Block, and CONA Services, rely on Azure to run a very diverse set of business-critical workloads,
  • 3.

    Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

    vom 282.18 Punkte ic_school_black_18dp
    Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming.Installation (Install Script)Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Recommended Windows 10 80+
  • 4.

    A look at Azure&#8217;s automated machine learning capabilities

    vom 268.34 Punkte ic_school_black_18dp
    The automated machine learning capability in Azure Machine Learning service allows data scientists, analysts, and developers to build machine learning models with high scalability, efficiency, and productivity all while sustaining model quality. Automa
  • 5.

    Automated machine learning and MLOps with Azure Machine Learning

    vom 258.44 Punkte ic_school_black_18dp
    Azure Machine Learning is the center for all things machine learning on Azure, be it creating new models, deploying models, managing a model repository, or automating the entire CI/CD pipeline for machine learning. We recently made some amazing announcements on
  • 6.

    Command Injection Payload List

    vom 252.06 Punkte ic_school_black_18dp
    Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP header
  • 7.

    Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

    vom 203.36 Punkte ic_school_black_18dp
    Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be
  • 8.

    Azure Machine Learning—ML for all skill levels

    vom 189.65 Punkte ic_school_black_18dp
    Enterprises today are adopting artificial intelligence (AI) at a rapid pace to stay ahead of their competition, deliver innovation, improve customer experiences, and grow revenue. AI and machine learning applications are ushering in a new era of transformation ac
  • 9.

    Leverage Azure premium file shares for high availability of data

    vom 184.29 Punkte ic_school_black_18dp
    This post was co-authored by Mike Emard Principal Program Manager, Azure Storage.  SQL Server on Azure virtual machines brings cloud agility, elasticity, and scalability benefits to SQL Server workloads. SQL virtual machine offers full control o
  • 10.

    Microsoft Azure portal May 2019 update

    vom 183.13 Punkte ic_school_black_18dp
    This month is packed with updates on the Azure portal, including enhancements to the user experience, resource configuration, management tools and more. Sign in to the Azure portal now and see for yourself everything that’s new. Download the Az
  • 11.

    Microsoft Azure portal May 2019 update

    vom 183.13 Punkte ic_school_black_18dp
    This month is packed with updates on the Azure portal, including enhancements to the user experience, resource configuration, management tools and more. Sign in to the Azure portal now and see for yourself everything that’s new. Download the Az
  • 12.

    Azure.Source &#8211; Volume 61

    vom 159.07 Punkte ic_school_black_18dp
    Microsoft Connect(); 2018 On Tuesday, December 4th, Microsoft Connect(); 2018 provided a full day of developer-focused content—including updates on Azure and Visual Studio, keynotes, demos, and real-time coding with experts. Scott Guthrie’s keyn