Neet News

22 November 2016

Changes / Added features

• Installation Support fixes for installation on Kali and Debian 8 Stable.
• OpenVAS The only OpenVAS component used by Neet is openvas-libraries. In certain circumstances (if it found remnants of OpenVAS installed elsewhere on the system), the openvas-libraries build process would fail trying to include dependencies on existing or partially missing components. This has now been fixed. OpenVAS libraries build on Kali, Debian 8 and Mint 17/18.
• Winexe This now builds successfully on Kali, Debian 8 and Mint 17/18.

21 November 2016

Changes / Added features

• Routing: Improved route detection when using VPNs.

17 November 2016

Further Distro Support
Ubuntu 16.04 is now supported, as are Linux Mint 17(.x) releases. As yet, Mint 18 is not truly supported as the libopenvasnasl packages have been removed from the Mint 18 repos, and neet uses this to run some NASL scripts. So, on Mint 18, you'll be missing some patch checks.

Changes / Added features

• SSH: This now uses Medusa instead of Patator.py for account brute-forcing. It will also now brute-force Windows machines too.
• HTTP/S: Added Dirb to the HTTP checks. You can specify which wordlists you want dirb to use by adding the line:
  module.http.dirb.wordlist=NEET/common.txt
  to your neet config file. The string NEET will automatically be replaced by the path to the dirb resource files in the neet installation. You can repeat this config option multiple times to get dirb to run multiple files (sequentially, in the order they appear in the config file). By default, the files are in /opt/neet/resources/dirb/. You can of course specify files from somewhere else completely: module.http.dirb.wordlist=/home/user/files/lists/mylist.txt
  
• TLS/SSL Services: testssl.sh will be run against these services.

Outstanding Issues

• Exploitation: Rapid7's removal of the msfcli utility means that Neet's exploitation capability is drastically reduced until I port the exploitation commands to msfconsole. I'll try and do this in the run up to Christmas (2016!).
• Samba: Some distributions (notably Linux Mint) have an issue with their Samba clients which means that Neet can't determine the OS of the remote host. If you're affected, this can be fixed by adding the following line to your /etc/samba/smb.conf file:
  client max protocol = SMB3

22 September 2014

• Neet-update in versions up to and including 1.1.11 were affected by a change in the GitHub page layout. The script parsed the GitHub HTML to discover the latest version of each package repository. Those versions of Neet-update no longer work.
  As a fix, you can manually download and extract the tarball for the latest release of the Neet repository and, as root, copy the content/install/githubVersion script to the /opt/neet/core/ directory, replacing the existing script. Neet-update will then work properly, using the GitHub API to discover version information.
  Thanks to Simon Clow for reporting this.

07 August 2014

• You can now install your own configuration files in $HOME/.neet/neet.conf and/or $HOME/.neet/vce.conf. If either exists, it will will be used instead of the default version found in /opt/neet/etc/. This allows you to preserve your own configuration across updates to the neet core, which normally overwrites the default config files. Thanks to Simon Fletcher for the suggestion.

• Some modules were not flagging guessed credentials as a vulnerability (although they were recording the guessed credentials in the credential manager). This was a bug introduced by the migration to the credential manager. Thanks to Simon Fletcher for reporting this.
  The affected modules were Oracle, FTP, LDAP and SSH. All have now been fixed.

05 August 2014

A few updates have been made over the last couple of months, although this page hasn't been updated each time. The changes include a few bug fixes, some cool new features in hivedump, and the addition of the uber useful credential manager.

• It's now OK to run Neet in a path which contains spaces.
• A couple of updates to the installer on Ubuntu and support for 14.04 (thank you Simon Fletcher).
• Removed all trace of Hydra - it's now been fully replaced by Medusa.
• Windows tools needing credentials (hivedump, gethash, mimikatz) now cope with blank passwords (thank you Luke Gogolkiewicz).
• NFS timings adjusted for reliability. Also, now defaults to NFSv3 for mounting remote exports.
• Misc improvements to the neet shell aliases.

• Hivedump will now retrieve the SAM, SYSTEM and SECURITY registry hives from a remote machine, and extract the credentials locally. It will also automatically retrieve NTDS.dit from Domain Controllers using the Volume Shadow Copy service, and will locally extract the hashes from the retrieved copy. Getting hashes, LSA credentials and cached credentials from Windows servers couldn't be easier or safer. In the neet shell run hivedump with no arguments for usage. Outside neetsh, give the full path /opt/neet/neetsh/hivedump.
• Credential manager is a very comprehensive manager for passwords and credentials. You can manually add credentials you find (be they hashes, username/password combos, passwords), and sort and retrieve them using specified criteria. For example, you could retrieve just the user accounts for a particular domain, or just Oracle passwords, and export them in CVS format (or other formats). You can import pwdump files (from hivedump), or import arbitrary CVS-style password lists (you can specify the format on the command line). The accounts command is used to access the credential store. Use accounts -h or accounts --help for very comprehensive usage instructions and a set of 22 examples of usage. Neet modules which perform account password checks now use this manager (via the API, which you can use to integrate your own code with the credential manager) for password storage. Read more here.

03 May 2014

Updates to three repos, to add a couple of essential features to iShellSQL.

• Added --enable and --disable options to iShellSQL to provide control of xp_cmdshell. Also modified etc/vce.conf so that exploitation via the neet shell uses this option by default.
• Minor updates to documentation

• Added --enable and --disable options to iShellSQL to provide control of xp_cmdshell.
• Added /opt/neet/core to the Perl module search paths in iShellSQL and SQLaddaccount files.

• Fix to gethash, hashdump and mimikatz aliases

30th April 2014

• Added the Warnings.Firewall parameter to the config file so the warnings about your iptables firewall can be permanently inhibited should you so choose (not necessarily a good idea!).
• Updates to documentation, mainly the inclusion of the new github pages.

• Fixed a configuration error that prevented Nikto from running. This was introduced during the recent restructure of Neet, and was a result of incorrect file paths in nikto.conf.

• The LDAP module now checks for default credentials, which are listed in /opt/neet/resources/modules/LDAP/defaultCredentials - add your own as you see fit. Thank you to Simon Clow for the suggestion.
• The SMTP module copes better with rogue servers now and has better false-positive detection.

• Added columnar output to the svc command in the neet shell, so you don't have to put up with a really long single-column list on busy networks.
• Fixed the testshares command so it works in both global and host mode.
• The socket (and sock) aliases now return just the socket(!) and don't include the protocol or any extraneous slashes. Thank you to Rob Gilchrist for the bug report.

Just run neet-update or neet --update to obtain these updates. Don't forget that if you're behind a proxy you'll need to export the HTTPS_PROXY environment variable (HTTPS_PROXY=ip.ad.dr.ess:port) for wget to connect to GitHub.

29th April 2014

These spanking new GitHub pages will be the primary source of news about Neet and, from Neet version 1.1.4, will also comprise the user guide instead of the current TiddlyWiki. All HTML documentation will remain in the /opt/neet/doc/ directory, whilst the man pages will continue to be installed to your system's global man page location.

17th April 2014

The latest release of Neet, 1.1.3, incorporates a pretty big change to the overall distribution architecture, which now sees Neet components split into several distinct repositories. This allows users to obtain incremental updates to specific components without necessitating a full download/reinstall cycle for everything in Neet. For example, updates to the Neet Shell can be downloaded and seamlessly installed using only a few Kb of bandwidth, whereas previously this would have required the entire 55Mb+ installer to be manually unpacked and installed, in the process causing any existing Neet installation to be removed.

The new neet-update utility, which can also be called with neet --update, will check the GitHub repositories for new updates to each component bundle. For bundles that have changed, the latest release will be downloaded, extracted and installed without further user interaction.

Although it has been split across several Git repo's, a full install of Neet contains the same components as previous versions, albeit with a slightly revised filesystem layout. From a user's point of view the installation process is the same as previous versions, and you will only need to download and extract the latest Neet release. Once the core has been installed, the latest releases of the other repositories will automatically be downloaded and installed by neet-update, so an Internet connection will be required at that stage. HTTP proxies are supported using WGET's native support.

In this release, Neet's core functionality remains the same, and three of my previously-separate tools have been incorporated into the Neet Shell:

• Gethash - retrieve SAM and Cached Hashes from Windows hosts
• Mimikatz - Run Mimikatz on remote hosts
• Hivedump - Retrieve SAM, SYSTEM and SECURITY registry hives, plus NTDS.dit from Domain Controllers.

A major packaging bug was also fixed in this release, where the NASL scripts used for checking Windows and Unix vulnerabilities were somehow omitted from the Git repo. This would have prevented discovery (and therefore exploitation) of some important older vulnerabilities in Windows and Solaris platforms. I apologise if this has impacted any of your testing.