Nytro Posted August 13, 2015 Report Share Posted August 13, 2015 Description NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipper was released at Defcon 23, Las Vegas, Nevada. Abstract The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application.https://github.com/NytroRST 2 8 Quote Link to comment Share on other sites More sharing options...
mrreboot Posted August 15, 2015 Report Share Posted August 15, 2015 Quote Link to comment Share on other sites More sharing options...
luca123 Posted August 16, 2015 Report Share Posted August 16, 2015 Unul e @Nytro recunoscut pentru actele sale legale de vitejie Quote Link to comment Share on other sites More sharing options...
Speed123 Posted October 8, 2015 Report Share Posted October 8, 2015 Frumos proiect , keep working ! Quote Link to comment Share on other sites More sharing options...
Nytro Posted October 8, 2015 Author Report Share Posted October 8, 2015 Thanks. Nu mai merge pe Chrome, insa l-am fixat, dar nu e pus pe GitHub. O sa ii fac update, am mai lucrat la el, dar trebuie sa imi pun o licenta ceva, sa nu am probleme daca il folosesc altii in mod "urat". Quote Link to comment Share on other sites More sharing options...
Nytro Posted March 16, 2016 Author Report Share Posted March 16, 2016 Updated: https://github.com/NytroRST/NetRipper Changelog Version 1.0.1: Updated project to Visual Studio 2015 Added support for "dynamic" function signatures Updated support for Chrome (tested with Chrome 49) Thread-safe Win32 API hooking 3 Quote Link to comment Share on other sites More sharing options...
Nytro Posted March 18, 2016 Author Report Share Posted March 18, 2016 Version 1.0.2: Added support for SecureCRT 7.3 Added basic support for "__thiscall" https://github.com/NytroRST/NetRipper 2 Quote Link to comment Share on other sites More sharing options...
Nytro Posted August 17, 2017 Author Report Share Posted August 17, 2017 Am adaugat suport pentru x64: https://github.com/NytroRST/NetRipper Cine ar putea sa teseze daca e totul OK? 2 Quote Link to comment Share on other sites More sharing options...
Nytro Posted September 23, 2017 Author Report Share Posted September 23, 2017 NetRipper has now support for Chrome x64 SSL Hook (last) version https://github.com/NytroRST/NetRipper/ Quote Link to comment Share on other sites More sharing options...
Nytro Posted October 29, 2017 Author Report Share Posted October 29, 2017 Am adaugat suport pentru Chrome 62. 3 Quote Link to comment Share on other sites More sharing options...
Che Posted October 30, 2017 Report Share Posted October 30, 2017 On 8/14/2015 at 12:09 AM, Nytro said: NetRipper was released at Defcon 23, Las Vegas, Nevada. 19 hours ago, Nytro said: Am adaugat suport pentru Chrome 62. Tu esti autorul proiectului ? Ai fost pana in Las Vegas, Nevada ? Felicitari ! 1 Quote Link to comment Share on other sites More sharing options...
Nytro Posted October 30, 2017 Author Report Share Posted October 30, 2017 Da, acolo l-am prezentat, mersi. Momentan, din cand in cand mai lucrez la el. Daca aveti sugestii, sau daca are probleme, puteti posta aici si ma ocup cand am timp de ele. 4 Quote Link to comment Share on other sites More sharing options...
em20346 Posted October 30, 2017 Report Share Posted October 30, 2017 Felicitari ! 1 1 3 Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 14, 2018 Author Report Share Posted June 14, 2018 Added support for PCAP files: https://github.com/NytroRST/NetRipper 3 Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 16, 2018 Author Report Share Posted June 16, 2018 NetRipper - Added support for Chrome 67 (32 and 64 bits) https://github.com/NytroRST/NetRipper 2 Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 19, 2018 Author Report Share Posted June 19, 2018 NetRipper - Added support for cross-compilation on Linux - https://github.com/NytroRST/NetRipper 3 Quote Link to comment Share on other sites More sharing options...
Nytro Posted November 28, 2018 Author Report Share Posted November 28, 2018 NetRipper - Added support for Chrome 70 x64 https://github.com/NytroRST/NetRipper 1 Quote Link to comment Share on other sites More sharing options...
Nytro Posted November 29, 2018 Author Report Share Posted November 29, 2018 NetRipper - Added support for Slack x64 https://github.com/NytroRST/NetRipper Quote Link to comment Share on other sites More sharing options...
Nytro Posted December 2, 2018 Author Report Share Posted December 2, 2018 NetRipper - Added support for Opera and SecureCRT https://github.com/NytroRST/NetRipper Quote Link to comment Share on other sites More sharing options...
gigiRoman Posted December 12, 2018 Report Share Posted December 12, 2018 @Nytro te-au incorporat astia in crackmapexec https://github.com/byt3bl33d3r/CrackMapExec https://www.bleepingcomputer.com/news/security/seedworm-spy-gang-stores-malware-on-github-keeps-up-with-infosec-advances/ 2 Quote Link to comment Share on other sites More sharing options...
Nytro Posted December 12, 2018 Author Report Share Posted December 12, 2018 Da, e in CrackMapExec, insa nu i-a mai facut update de o gramada de timp. L-am cunoscut pe byt3bl33d3r la BlackHat Asia, e super de treaba, a zis ca o sa ii faca update, dar probabil a uitat. Poate ii mai aduc eu aminte. Este si in PTF, dar la fel, nu e updated https://github.com/trustedsec/ptf/tree/master/modules/windows-tools 3 Quote Link to comment Share on other sites More sharing options...
Nytro Posted April 26, 2020 Author Report Share Posted April 26, 2020 NetRipper intercepteaza acum traficul de la Google Chrome, Slack si Github Desktop - ultimele versiuni. https://github.com/NytroRST/NetRipper 1 4 Quote Link to comment Share on other sites More sharing options...
Active Members vatman32 Posted May 3, 2020 Active Members Report Share Posted May 3, 2020 (edited) NetRipper combinat cu celebra tehnica ARP Spoofing cumva... toate datele dintr-o retea is pe tava? Sau delirez eu si-mi scapa ceva? Edited May 3, 2020 by vatman32 Quote Link to comment Share on other sites More sharing options...
Nytro Posted May 3, 2020 Author Report Share Posted May 3, 2020 Nop, e necesar sa ruleze pe masina care timite/primeste trafic. Doar la nivel de retea, daca se verifica certificatele cum trebuie, nu se poate face nimic. Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 4, 2020 Author Report Share Posted June 4, 2020 Am adaugat suport (partial) pentru monitorizare procese si auto-injectare in ele (Self Reflective). Trebuie sa il fac stabil si configurabil. https://github.com/NytroRST/NetRipper 2 Quote Link to comment Share on other sites More sharing options...