Wednesday, February 13, 2013

Nishang 0.2.5 Released: Get WLAN keys in plain, Remove update and bug fixes.

This is a short & quick post about Nishang 0.2.5. Two new payloads which are borrowed from other sources (and went unnoticed for months lying in one of my VMs) have been added:

1. Get-WLAN-Keys dumps WLAN keys in clear text, handy!!. The code is borrowed from this code by Jan Egil Ring. An elevated shell is required to dump the keys.

2. Remove-Update could be used to remove all updates, all security updates or a particular update from a target machine. The script calls wusa.exe to do so. This is based on this post by Trevor Sullivan. This payload could be useful to re-introduce a patched vulnerability (an easy way of backdooring a system). Administrator access is required to remove most updates.

Also, some stupid bugs with Credentials payload hav been fixed. This payload has been bugging me (or I am bugging it :P) from the first release of Nishang. I hope to bring some peace to it.

The Nishang repo has been updated. Please update your repos.

Changelog:
0.2.5
- Added Get-WLAN-Keys payload.
- Added Remove-Update payload.
- Fixed help in Credentials.ps1
- Minor changes in Donwload_Execute and Information_Gather.

Please send feedbacks and questions my way. Hope this would be useful.

3 comments:

  1. Would you be able to help me?
    I am trying to use your keyloger.ps1 but it is not uploading to pastebin i have use the infomationgather.ps1 and this works...

    Any ideas?

    ReplyDelete
  2. I will try

    1. Do you see key.log in the current user's temp folder?
    2. Can you see jobs created (visible only in same powershell session)
    3. Try using different pastebin account, pastebin enforces a limit to number of pastes per day. A better version of the keylogger which supports gmail would be released in few days.

    Please let me know if this helps.

    ReplyDelete
  3. Thank you for the enlightening post. I found it very informative. I hope the others will think so too. Looking forward to more posts like this from you.

    Penetration Testing

    ReplyDelete