Results 1 to 8 of 8

Thread: Hax0rBl0x - Cred Harvester

Threaded View

  1. #1
    Just burned their ISO
    Join Date
    Jan 2013
    Posts
    7

    Default Hax0rBl0x - Cred Harvester

    Ladies and Gentlemen,

    Myself and my counterpart Dopey would proudly like to announce our newest tool Hax0rBl0x - Cred Harvester. The Hax0rBl0x suite is going to be a fully featured suite of tools that will make different types of attacks quick and easy.

    NOTICE: THIS TOOL DOES NOT DO ANY MITM ATTACKS. A SEPARATE TOOL WILL BE RELEASED IN THE FUTURE TO ADDRESS MITM ATTACKS.

    Google Code: http://code.google.com/p/hax0rbl0x/downloads/list

    Download: http://hax0rbl0x.googlecode.com/file...rvester_1.1.sh

    Current tools in development:
    -Hax0rBl0x.sh: This is the main menu framwork that allows us to add more tools by simply dragging and dropping files.
    -Passive OS Fingerprinting (Beta): This is a passive scanner that will read information from passing packets to find OS, Browsers, Apps, Open Ports, Uptime, Host type, and Manufacturer of each host on the network.
    -Cred Harvester: This is a tool similar to Easy-Creds or YAMAS, but extremely polished to harvest creds, cookies, social security numbers, or credit card numbers from selected targets. The info is then displayed on an easy to read summary on screen and dumped into an easy to read report for further persusing. The programs launched are Ettercap, SSLStrip, Dsniff, Hamster & Ferret, NGREP, and URLSnarf.

    Feature List (Not all inclusive. Just what I could remember.)
    Exhaustive Sanity Check for Dependencies
    Easily select which programs you want to run together.
    Auto restart if a program crashes.
    All credentials are displayed on screen in near real time.

    To-do List:

    Change Log:
    ---Version 1.1---
    -Fixed a bug related to installing the SSLDefinitions. If the directory didn't already exist, it would error out.
    -Fixed a bug with updating. Even if the file didn't exist on the server, it would act as if it had succeeded.
    -Added in the ability to check for SSLDefinition updates.
    -Changed the way the program looked for updates for future compatibility with other programs.
    -Fixed a bug in the override option not working as intended.

    Known Issues:
    Sometimes SSLStrip will report as crashed, but it'll still be running. We have a workaround in place, so the impact of the bug is nil.

    Notes:
    Hamster and Ferret has had some reported issues with the version that's installed with BT 5. There is apparently an issue with the installed version working correctly with a 64 bit OS. So to remedy this issue, we just assume that your version is broken. Even if you have Hamster and Ferret installed, the program will report that it isn't and offer to install its own version. While we do give you the option to override this and execute the script anyways, it's in your best interest to let the script do its magic. Don't worry, if we find a version already installed where we want to install ours, we'll back it up!

    "Similar to Easy-Creds (although we had the idea prior to discovering the tool) we decided to have a simple script that would handle Ettercap, SSLStrip, DSniff, URLSnarf, Hamster & Ferret (Sidejacking attack), and NGREP. In addition to dumping the output to a nice log file automatically, we wanted to have a simple display showing real-time creds as they are captured. We were able to filter the output to prevent duplicate creds displaying, and wrote a simple filter wizard to only display real-time URLSnarf data that you ACTUALLY NEED to see right now. No data is left out of the final report (with multiple logging options) so you can still get everything you need, but see real-time only what you want.

    (As a side note, we also do not blanket wipe out IPTables or anything like that. Every check is done to attempt to keep your system the same as what it was, while only changing and cleaning up what's needed for whatever program you choose to load.)" - Dopey

    We also take lots of care to sanity check EVERYTHING. That means that at no point in time should you be able to cause the script not to run by forgetting to make a file or directory or install a dependency.

    The tool is in the final stages of being created, and we're almost ready for its debut. We are REALLY excited over this addition and we hope you guys are too! If you have any ideas, comments, or feedback we'd love to hear it!

    As a side note, these tools have all been tested on both Backtrack 5 R3, as well as on the RaspberryPi running PwnPi. We've made every effort to make efficiency our top priority due to the limited processing power of the Pi.

    Here are some pictures of the current version to whet your appetite.

    Sanity Menu:


    Main Menu:


    Loading the programs:


    Everything loaded and running:


    No shots of actual credentials being harvested yet. Those are being kept behind closed doors until our release. I'll go ahead and fill you in though, it looks good!
    Last edited by ShadowBlade72; 04-02-2013 at 10:09 AM.

Similar Threads

  1. Credential harvester Problem?
    By QuestionHere in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 11-08-2012, 12:56 PM
  2. Problem using SET with credential harvester...
    By zeus83 in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 09-09-2012, 05:33 AM
  3. The Harvester.py
    By exeption in forum BackTrack 5 Bugs
    Replies: 3
    Last Post: 04-03-2012, 02:01 PM
  4. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Experts Section
    Replies: 3
    Last Post: 06-28-2011, 09:40 PM
  5. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 05-31-2011, 08:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •