1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen


Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming.

Installation (Install Script)

Requirements
  • Windows 7 Service Pack 1 or Windows 10
  • 60 GB Hard Drive
  • 2 GB RAM

Recommended
  • Windows 10
  • 80+ GB Hard Drive
  • 4+ GB RAM
  • 2 network adapters
  • Enable Virtualization support for VM

Instructions
  1. Create and configure a new Windows Virtual Machine
  • Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain
  • Take a snapshot of your machine!
  • Download and copy install.ps1 on your newly configured machine.
  • Open PowerShell as an Administrator
  • Enable script execution by running the following command:
    • Set-ExecutionPolicy Unrestricted
  • Finally, execute the installer script as follows:
    • .\install.ps1
    • You can also pass your password as an argument: .\install.ps1 -password <password>
The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.

Installing a new package
Commando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:
cinst github

Staying up to date
Type the following command to update all of the packages to the most recent version:
cup all

Installed Tools

Active Directory Tools
  • Remote Server Administration Tools (RSAT)
  • SQL Server Command Line Utilities
  • Sysinternals

Command & Control
  • Covenant
  • PoshC2
  • WMImplant
  • WMIOps

Developer Tools
  • Dep
  • Git
  • Go
  • Java
  • Python 2
  • Python 3 (default)
  • Ruby
  • Ruby Devkit
  • Visual Studio 2017 Build Tools (Windows 10)
  • Visual Studio Code

Evasion
  • CheckPlease
  • Demiguise
  • DefenderCheck
  • DotNetToJScript
  • Invoke-CradleCrafter
  • Invoke-DOSfuscation
  • Invoke-Obfuscation
  • Invoke-Phant0m
  • Not PowerShell (nps)
  • PS>Attack
  • PSAmsi
  • Pafishmacro
  • PowerLessShell
  • PowerShdll
  • StarFighters

Exploitation
  • ADAPE-Script
  • API Monitor
  • CrackMapExec
  • CrackMapExecWin
  • DAMP
  • EvilClippy
  • Exchange-AD-Privesc
  • FuzzySec's PowerShell-Suite
  • FuzzySec's Sharp-Suite
  • Generate-Macro
  • GhostPack
    • Rubeus
    • SafetyKatz
    • Seatbelt
    • SharpDPAPI
    • SharpDump
    • SharpRoast
    • SharpUp
    • SharpWMI
  • GoFetch
  • Impacket
  • Invoke-ACLPwn
  • Invoke-DCOM
  • Invoke-PSImage
  • Invoke-PowerThIEf
  • Juicy Potato
  • Kali Binaries for Windows
  • LuckyStrike
  • MetaTwin
  • Metasploit
  • Mr. Unikod3r's RedTeamPowershellScripts
  • NetshHelperBeacon
  • Nishang
  • Orca
  • PSReflect
  • PowerLurk
  • PowerPriv
  • PowerSploit
  • PowerUpSQL
  • PrivExchange
  • RottenPotatoNG
  • Ruler
  • SharpClipHistory
  • SharpExchangePriv
  • SharpExec
  • SpoolSample
  • SharpSploit
  • UACME
  • impacket-examples-windows
  • vssown
  • Vulcan

Information Gathering
  • ADACLScanner
  • ADExplorer
  • ADOffline
  • ADRecon
  • BloodHound
  • dnsrecon
  • FOCA
  • Get-ReconInfo
  • GoBuster
  • GoWitness
  • NetRipper
  • Nmap
  • PowerView
    • Dev branch included
  • SharpHound
  • SharpView
  • SpoolerScanner
  • Watson

Networking Tools
  • Citrix Receiver
  • OpenVPN
  • Proxycap
  • PuTTY
  • Telnet
  • VMWare Horizon Client
  • VMWare vSphere Client
  • VNC-Viewer
  • WinSCP
  • Windump
  • Wireshark

Password Attacks
  • ASREPRoast
  • CredNinja
  • DomainPasswordSpray
  • DSInternals
  • Get-LAPSPasswords
  • Hashcat
  • Internal-Monologue
  • Inveigh
  • Invoke-TheHash
  • KeeFarce
  • KeeThief
  • LAPSToolkit
  • MailSniper
  • Mimikatz
  • Mimikittenz
  • RiskySPN
  • SessionGopher

Reverse Engineering
  • DNSpy
  • Flare-Floss
  • ILSpy
  • PEview
  • Windbg
  • x64dbg

Utilities
  • 7zip
  • Adobe Reader
  • AutoIT
  • Cmder
  • CyberChef
  • Explorer Suite
  • Gimp
  • Greenshot
  • Hashcheck
  • Hexchat
  • HxD
  • Keepass
  • MobaXterm
  • Mozilla Thunderbird
  • Neo4j Community Edition
  • Notepad++
  • Pidgin
  • Process Hacker 2
  • SQLite DB Browser
  • Screentogif
  • Shellcode Launcher
  • Sublime Text 3
  • TortoiseSVN
  • VLC Media Player
  • Winrar
  • yEd Graph Tool

Vulnerability Analysis
  • AD Control Paths
  • Egress-Assess
  • Grouper2
  • NtdsAudit
  • PwndPasswordsNTLM
  • zBang

Web Applications
  • Burp Suite
  • Fiddler
  • Firefox
  • OWASP Zap
  • Subdomain-Bruteforce
  • Wfuzz

Wordlists
  • FuzzDB
  • PayloadsAllTheThings
  • SecLists
  • Probable-Wordlists
  • RobotsDisallowed

Changelog:
1.3 - June 28 2019
1.2 - May 31 2019
1.1 - April 30 2019
1.0.2 - April 10 2019
  • Added missing 'seclists.fireeye' package to packages.json #38
1.0.1 - March 31 2019
  • Used https instead of http to install boxstarter #10


...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution






Ähnliche Beiträge

  • 1. A look at Azure&#8217;s automated machine learning capabilities vom 297.85 Punkte ic_school_black_18dp
    The automated machine learning capability in Azure Machine Learning service allows data scientists, analysts, and developers to build machine learning models with high scalability, efficiency, and productivity all while sustaining model quality. Automat
  • 2. Command Injection Payload List vom 294.02 Punkte ic_school_black_18dp
    Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers
  • 3. Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution vom 274.19 Punkte ic_school_black_18dp
    Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming.Installation (Install Script)Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Recommended Windows 10 80+ G
  • 4. Microsoft Azure portal May 2019 update vom 194.12 Punkte ic_school_black_18dp
    This month is packed with updates on the Azure portal, including enhancements to the user experience, resource configuration, management tools and more. Sign in to the Azure portal now and see for yourself everything that’s new. Download the Azu
  • 5. Microsoft Azure portal May 2019 update vom 194.12 Punkte ic_school_black_18dp
    This month is packed with updates on the Azure portal, including enhancements to the user experience, resource configuration, management tools and more. Sign in to the Azure portal now and see for yourself everything that’s new. Download the Azu
  • 6. Azure.Source &#8211; Volume 61 vom 171.11 Punkte ic_school_black_18dp
    Microsoft Connect(); 2018 On Tuesday, December 4th, Microsoft Connect(); 2018 provided a full day of developer-focused content—including updates on Azure and Visual Studio, keynotes, demos, and real-time coding with experts. Scott Guthrie’s keyno
  • 7. Most Important Mobile Application Penetration Testing Cheat sheet with Tools & Resources for Security Professionals vom 169.16 Punkte ic_school_black_18dp
    The Mobile Application Penetration testing cheat sheet was created to provide a collection of high value information on specific mobile application penetration testing topics and checklist, which is mapped OWASP Mobile Risk Top 10 for conducting Penetr
  • 8. AI, Machine Learning and Data Science Roundup: December 2018 vom 162.8 Punkte ic_school_black_18dp
    A monthly roundup of news about Artificial Intelligence, Machine Learning and Data Science. This is an eclectic collection of interesting blog posts, software announcements and data applications from Microsoft and elsewhere that I've noted over the pas
  • 9. OSCP Goldmine (not clickbait) vom 160.98 Punkte ic_school_black_18dp
    Introduction Welcome to the OSCP resource gold mine. Compilation of resources I used/read/bookmarked in 2017 during the OSCP course… Google-Fu anyone? This was originally created on my GitBook but I decided to port it on my blog. This my way of
  • 10. Using Visual Studio for Cross Platform C++ Development Targeting Windows and Linux vom 144.11 Punkte ic_school_black_18dp
    A great strength of C++ is the ability to target multiple platforms without sacrificing performance. If you are using the same codebase for multiple targets, then CMake is the most common solution for building your software. You can use Visual Studio fo
  • 11. UACME - Defeating Windows User Account Control vom 139.54 Punkte ic_school_black_18dp
    Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10 (client, some methods however works on server version too). Admin account with UAC set on default settings required. UsageRun executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See "Run examples" below for more info.F
  • 12. Three things to know about Azure Machine Learning Notebook VM vom 135.45 Punkte ic_school_black_18dp
    Data scientists have a dynamic role. They need environments that are fast and flexible while upholding their organization’s security and compliance policies. Data scientists working on machine learning projects need a flexible environment to run experiments, train models, iterate models, and innovate in. They want to focus on building, training, and deploying m