K8tools

K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection.

The framework distinguishes itself through its breadth of integrated capabilities, including a multi-protocol credential tester that checks username and password combinations across SSH, FTP, MySQL, and SMB services, along with port forwarding through compromised hosts to access internal services behind firewalls. It also provides UAC bypass via registry manipulation, a Windows privilege escalation toolkit that elevates processes from limited user to SYSTEM or Administrator, and USB keystroke injection attacks that program Teensy devices to simulate keyboard input on locked machines.

Beyond these core differentiators, the toolkit encompasses credential theft and cracking, internal network penetration testing, payload generation and obfuscation, remote code execution via exploits, and web application exploitation. It includes utilities for data encoding and decoding, live host discovery, subdomain enumeration, persistent backdoor deployment, web shell command execution, and password hash cracking, all accessible through local, command-line, or remote PowerShell execution methods.

Features

Penetration Testing Toolkits - An all-in-one collection of tools for network scanning, privilege escalation, password cracking, and exploit delivery.

Credential Theft and Cracking Suites - Extracts stored passwords, cookies, and hashes from compromised systems, then cracks them for unauthorized access.

Multi-Protocol Remote Crackers - Tests username and password combinations against SSH, FTP, MySQL, and SMB services to gain access.

Internal Network Penetration Testers - Scans, exploits, and moves laterally within a compromised internal network to gain access to additional systems.

Privilege Escalation Suites - Ships a set of utilities that elevate process rights from limited user to SYSTEM or Administrator using kernel and service exploits.

Vulnerability Exploitation Frameworks - Launches pre-built exploits against web applications, operating systems, and services.

Automated Exploit Execution - Delivers and executes pre-built exploit code against known vulnerabilities in services like Struts2 and SMB.

Scanner Modules - Provides a Ladon-based scanner that runs from PowerShell to discover hosts, scan ports, and execute post-exploitation commands.

Memory-Loaded Scanners - Loads a multi-function scanner into memory via PowerShell for command execution without disk writes.

Multi-Protocol Credential Testers - Tests username and password combinations across SSH, FTP, MySQL, and SMB services to identify weak authentication.

Remote Privilege Escalations - Runs privilege escalation tools directly from a remote shell or web shell.

Windows Privilege Escalation Suites - Elevates process privileges from limited user to SYSTEM or Administrator using kernel or service exploits.

Credential Extraction Utilities - Ships a utility that retrieves saved passwords, cookies, and history from browsers and local credential stores.

In-Memory Payload Execution - Downloads and runs obfuscated shellcode or PowerShell commands directly in memory to evade antivirus detection.

Payload Obfuscators - Creates encoded or obfuscated shellcode, PowerShell commands, or executables to evade antivirus detection.

Windows Privilege Escalations - Elevates a process from a limited user to SYSTEM or Administrator using kernel or service exploits on Windows.

UAC Bypasses - Suppresses UAC prompts to run administrative tools without user consent on Windows 7 through 10.

Remote System Exploitation - Delivers ready-to-compile exploit code for known vulnerabilities to gain initial access.

Port Scanning - Scans a user-specified list of ports on target hosts using the Ladon scanner.

Subdomain Enumeration - Enumerates subdomains of a target domain using a large dictionary to expand the attack surface.

MS17-010 Scanners - Scans a network range for systems vulnerable to the MS17-010 SMB exploit.

Password Cracking - Attempts to recover plaintext passwords from captured hashes using built-in cracking utilities.

Web Application Exploits - Identifies and exploits vulnerabilities in web applications, including SQL injection and deploying web shells.

Web Shell Executions - Runs system commands on a compromised server through a script embedded in a web page for remote control.

Remote Command Execution - Copies and runs commands or payloads on remote Windows and Linux hosts using standard management protocols.

Live Host Probes - Discovers active machines on a network segment without relying on open ports or firewall rules.

Remote Port Forwarding - Redirects traffic from one port to another on a remote machine to access internal services behind firewalls.

C2 Agent Persistence - Installs a remote control agent that maintains access through reverse shells, VNC, or custom listeners.

Remote Script Execution - Downloads and executes the Ladon scanner from a remote URL directly in memory without writing to disk.

USB Keystroke Injection Scripts - Programs a Teensy device to simulate keyboard input and execute payloads on locked Windows machines.

Browser Credential Extractions - Reads saved passwords, cookies, and history from browsers, VPN clients, and local credential stores.

Executable Payload Generations - Produces executable payloads for use in staged attacks or post-exploitation activities.

k8gegeK8tools

Features

Star history