9/02/2011 03:16:00 PM
K.D
What is winAUTOPWN?
winAUTOPWN is a minimal Interactive Exploit Framework which acts as a frontend for quick systems vulnerability exploitation. It is a collection of remote exploits using which one can compromise vulnerable systems. winAUTOPWN takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi-threaded portscan for TCP ports 1 to 65535. Open ports are then recognized and exploits applicable to those ports are executed with the aim of gaining a remote shell or the ability to run remote commands in certain cases.
Concisely, WINDOWS AUTOPWN or winAUTOPWN is an auto (hacking) shell gaining tool.
Besides the above, winAUTOPWN can also be used as an efficiency testing tool for Intrusion Detection Systems (IDS) and Web Application Filters (WAF). winAUTOPWN has a vast repository of exploits for various Operating systems like Microsoft Windows, Apple MAC OSX, Linux (various), BSD systems as well as for well-known services and daemon software. winAUTOPWN also contains a massive database of Shell Upload Vulnerability, Remote File Inclusion and Remote Command Execution exploits. These can be fired one after the other instantly and this can aide is checking if the WAF is preventing / alerting accordingly against such threats or no. Similarly shell aiming exploits too can be fired up in a row to test the strength and effectiveness of IDS and IPS
winAUTOPWN also has a BSD based cousin called bsdAUTOPWN. bsdAUTOPWN is a just like winAUTOPWN but is not an exact recompilation of winAUTOPWN. It has been written from scratch for and on FreeBSD OS to match the power and functionality offered by the Operating System. Like winAUTOPWN, even bsdAUTOPWN has a multi-threaded portscan feature and it too detects open ports and attempts to exploit them accordingly using the available exploits in the arsenal. We’ll come to a detailed discussion about bsdAUTOPWN later.
Why winAUTOPWN?
winAUTOPWN is the only framework available on the Internet to date which maintains the exploit style and the exploit writer’s credits and, many times, the exploits completely intact. Besides that, the exploit is used just the way it is without changing any major functionality. Shellcodes or the impact making part of the exploit is many times changed from default “calculator launching code” to a remote TCP port binding shellcode. Also hardcoded hindrances like IP addresses, ports; URLs, etc. are removed to suit automation.
winAUTOPWN is a quick and small interface which is regularly updated with recent exploits available both in the wild as well as those released by the vendors themselves. winAUTOPWN is the only available exploit Framework which will ask you nothing but the least details about your target. You do not have to worry about which exploit to try onto which open port. Let winAUTOPWN handle it for you.
Although this may sound like child’s play – with a script kiddie attitude, winAUTOPWN can be used in a both blind attacking as well as in a smart strategized approach. It has features to test only a few customized (user-written/selected) exploits and/or even a few selective pre-loaded exploits according to the open ports the attacker wishes too use. This makes it more than just a script-kiddie tool wherein if you have already understood your target setup, you have the liberty to test your expertise by firing only the closest exploits which are promising, which may get you quickly in, thus making you faster than most blind script kiddies.
