-
Notifications
You must be signed in to change notification settings - Fork 271
/
Copy pathCHANGELOG
146 lines (142 loc) · 8.53 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
0.5.6.1
- Added Invoke-PosRatHttps in the extras directory.
0.5.6
- Added "Reverse TCP Shell" under the Execute category.
- Added "Reverse UDP Shell" under the Execute category.
- Added "Reverse ICMP Shell" under the Execute category.
- Added "Reverse HTTPS Shell" under the Execute category.
- Added "Reverse HTTP Shell" under the Execute category.
- Fixed a bug in "Dump passwords in plain".
- Added a standard disclaimer.
0.5.5
- Added new category of attacks "Drop Files"
- Added "Drop a MS Word File" under Drop Files category.
- Added "Drop a MS Excel File" under Drop Files category.
- Added "Drop a CHM (Compiled HTML Help) file" under Drop Files category.
- Added "Drop a Shortcut (.LNK) file" under Drop Files category.
- Added "Drop a JAR file" under Drop Files category.
- Fixed a bug where function call for "Code Execution using DNS TXT queries" had a typo.
- Improvements to "Code Execution using DNS TXT queries", Rogue AP and "DNS TXT Backdoor".
0.5.4
- Fixed hash corruption bug in "Hashdump and Exfiltrate" payload.
- Changes to Compression and Encoding for some payloads.
- Fixed a bug in lsa_secrets script in extras directory.
0.5.3
- Added Gupt Backdoor for Windows under Backdoor menu.
0.5.2
- Bug fix in wlan_key.ino
- Changes in compress_encode method in exfilmethodsdefs.
0.5.1
- Bug fix in the Windows/Misc/Speak payload.
- Bug fix in Windows/Manage/"Add an Admin user" payload.
0.5.0
- Added Execute Shellcode for Windows (under Execution menu).
- Added "Dump passwords in plain" for Windows (under Gather menu).
- Added "Copy SAM (VSS)" for Windows (under Gather menu).
- Added "Dump Process Memory" for Windows (under Gather menu).
- Added "Dump Windows Vault Credentials" for Windows (under Gather menu).
- Added "Add a user and Enable Powershell Remoting" for Windows (under Manage menu).
- Added support for Gems bundler.
- Added more banners of Kautilya.
- Fixed a bug where Kautilya was not closing output files.
0.4.6
- Added Get Screenshots Windows payload.
0.4.5.3
- Minor changes in compress_encode method in exfilmethodsdefs.
- Powershell scripts in extras directory should now be run with dot sourcing. See help of the scripts.
- Minor improvements in DNS TXT Backdoor.
- Added Invoke-Encode.ps1 to the extras directory. Use it for DNS TXT Backdoor and for other encoding needs.
0.4.5.2
- Bug fixes in Rogue AP, Powershell Code Exec, Download_exec and Force Connect Wifi.
0.4.5.1
- Minor changes to help of Rogue AP payload.
- Command to generate shellcode for Rogue AP added to payloadgen.txt in extras directory.
0.4.5
- Bug fixes and improvements in Time Based Exec. It now supports exfiltration and could be stopped remotely.
- Less lines of code for HTTP Backdoor and Download Execute PS.
- HTTP Backdoor, Download Execute PS, Hashdump and Exfiltrate and Dump LSA Secrets now execute the downloaded script in memory.
- Shortened parameters passed to powershell.exe when the scripts are called. Thus, saving the time in "typing" by HID.
- Added two new exfiltration options, POST requests and DNS TXT records.
- Username and password for exfiltration would be asked only if you select gmail or pastebin.
- Tinypaste as an option for exfiltration has been removed.
- Payloads have been made more modular which results in smaller size.
- Reboot Persistence has been added to HTTP Backdoor and DNS TXT Backdoor.
- Menu redesign.
- Bug fix in Dump LSA Secrets payload.
- Added ./extras/Decode.ps1. Use this to decode data exfiltrated by HTTP Backdoor and DNS TXT Backdoor.
- Added ./extras/Remove-Persistence.ps1. Use this to remove persistence by Keylogger, HTTP Backdoor and DNS TXT Backdoor.
- Kautilya could be run on Windows if win32console gem is installed.
0.4.4
- Added "Download and Execute Powershell Script" windows payload.
- Added "Remove Update" windows payload.
- Added "LSA Secrets" windows payload.
- Updated "DNS TXT Backdoor". It is much more easy to use now.
- Renamed Wait for Command to HTTP Backdoor
- HTTP Backdoor now keeps running till the stopstring is matched.
- An option has been added for no exfiltration of data. Choose 0 when Kautilya asks for exfil option.
0.4.3
- Names of various payloads have been changed, mostly to remove pastebin from the name.
- Shortened variables names and powershell cmdlets names in many payloads. Payloads are "typed" much faster by HID now.
- Fixed a bug on Get Target Credentials payload.
- Fixed a bug in DNS TXT Backdoor.
- Hashdump payload now uses TokenDuplication and does not schedules a task on the target, this means the payload is faster now.
- New communication options added to various payloads which exports data to pastebin/gmail/tinypaste.
- Posts to pastebin now use HTTPS.
0.4.2
- Added bit of code which adjusts the payloads for Teensy++ 2.0 and Teensy 3.0
0.4.1
- Added Base64toString and StringtoBase64 scripts in the extras directory to be used with DNS TXT Backdoor and other payloads.
- PowerShell scripts in extras directory are now Get-Help compatible.
0.4.0
- Added Peensy functionality which means reliable execution of payloads and measured delays when the device is connected.
- Added "DNS TXT Backdoor" payload for Windows.
- Fixed a small bug in Rogue AP payload. The SSID key was not masked previously.
- Credentials payload now validates both local and AD crdentials. If creds entered could not be validated locally or at AD, credential prompt is shown again.
- Fixed a major bug in Time Based Execution payload. Embarrassingly, "echo" was missing from various lines of the payload, making it ineffective.
- Added osx_payloadgen.txt to the extras directory. It was somehow missed in 0.3.0
- Fixed a small bug in Information Gather payload.
- Added sniffer.ps1 to the extras directory.
- Minor changes in Tracking Target Connectivity payload.
- Removed Chrome RDP Payload. Was not really useful.
- Removed Uninstall payload till next release.
0.3.0
- Fixed a minor bug in "code execution using powershell" payload.
- An exception is added to Windows firewall for bind shell in "Rogue AP" payload
- Fixed a major bug in "Connect to Hotspot and Execute code". The SSID key was being stored in encrypted format which doesn't work (Windows seem to encrypt WLAN keys using some machine specific key). Now the key is stored in plain and WLAN profile import works on other systems too.
- Fixed a bug in "Hashdump and upload to pastebin" payload. The powershell command was being called from the dumpaste.vbs script without bypassing executionpolicy. This means password hashes were being dumped but not pasted to pastebin..
- Removed TYPESPEED from every payload which was being used as good luck mark and was borrowed from SET :)
- Implemented Left + Enter as a method to say yes to UAC prompt, previously it was Alt + Y. Thanks to Paul who commented this on my blog.
- Increased the delay at the beginning to 25 seconds.
- Replaced the older "linux_codeexec.ino" (which had hardcoded shellcode) with proper file.
- Minor improvements in some lonux payload. Files written to disk are now written in /tmp.
- Added "Get Target Credentials" payload for Windows.
- Added "DNS TXT Code Execution" payload for Windows.
- Added "Tracking Target Connectivity" payload for Windows.
- Added "Speak" payload for Windows.
- Added "Wait for Command" payload for Windows.
- Added "DNS TXT Code Execution" for Linux.
- Added "Perl Reverse Shell (MSF)" for Linux.
- Added payloads for Mac OS X, tested on OS X Lion runnning on a VMWare.
- Added "Download and Execute" for OS X.
- Added "DNS TXT Code Execution" for OS X.
- Added "Perl Reverse Shell (MSF)" from OS X
- Added "Ruby Reverse Shell (MSF)" for OS X
0.2.2
- Keylogger for Windows is somewhat improved now, the keylogging starts after the keypaste code now thus showing less garbage after parsing.
- Keylog script now logs a key every 40 millisecond in place of 10 milliseconds. Seems more sane.
- Passwords are now masked.
- Silly but serious bug: Data pasted to pastebin was not private but unlisted (api_private_paste=1), changed it to 2 (private paste).
0.2.1
- Smaller command window and blue font on black background while "typing" for more stealth
- Some bug fixes in enable rdp, linux download exec and some other payloads
0.2.0
- Added "Download and Execute" payload for Linux
- Added "Reverse Shells using built in tools" payload for Linux
- Added "Code Execution" payload for Linux
- Added "Connect to Hotspot and Execute code" payload for Windows
- Added "Code Execution using Powershell" payload for Windows
- Added "Time based paylaod execution" payload for Windows
- Added "WLAN keys dump" payload for Windows
- Rogue AP payload now opens up a meterpreter bind on the victim machine
- Minor changes to Main Menu
0.1.0 Initial Release