β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cracking tips with hashcat github:
catCracking RAR archive password
To extract the hash, run a command like this:
rar2john > rar.tmp
For example, the path to the file /mnt/disk_d/Share/test/file.rar , then the command is as follows:
rar2john /mnt/disk_d/Share/test/file.rar > rar.tmp
The hash will be extracted in the John format, this format is unsuitable for Hashcat, so run the following command:
cat rar.tmp | grep -E -o '(\$RAR3\$[^:]+)|(\$rar5\$.*)' > rar.hash
It will clear the hash of unwanted lines and store the hash in a file format Hashcat rar.hash .
But that's not all - there are several versions of RAR. Therefore, we need to correctly determine the type of your hash. You can open the rar.hash file with any text editor or run the following command to print the first 8 characters of the hash:
head -c 8 rar.hash
If the hash string starts with:
$RAR3$*0*
So this is RAR3-hp, hash number: 12500
If the hash string starts with:
$rar5$16$
So this is RAR5, hash number: 13000
If the hash string starts with:
$RAR3$*1*
So this is RAR3-p (Uncompressed), hash number: 23700
If the hash string starts with:
$RAR3$*1*
So this is RAR3-p (Compressed), hash number: 23800
ATTENTION : RAR3-p (Uncompressed) and RAR3-p (Compressed) have the SAME hash beginnings, I don't know how to distinguish them. The only embodiment - taste hashcat run command indicating the type of hash 23700 , and then 23800 . In this case, if you specified the hash type incorrectly, then an error will be displayed immediately. Error example:
Hashfile '/home/mial/rar.hash' on line 1 ($RAR3$...91201eb0007c76714cbb328b2acfc*33): Salt-value exception
No hashes loaded.
If you get errors about missing modules like:
/usr/share/hashcat/modules/module_23700.so: cannot open shared object file: No such file or directory
/usr/share/hashcat/modules/module_23800.so: cannot open shared object file: No such file or directory
This means that your version of Hashcat does not yet support hashes with numbers 23700 and 23800 and you need to update the program to the latest version. Currently, this support is only present in the beta version of Hashcat, which you can download from the official website: https://hashcat.net/beta/
Cracking the 7z archive password
To extract the hash, run a command like this:
7z2john > 7z.tmp
The hash will be extracted in the John format, this format is unsuitable for Hashcat, so run the following command:
cat 7z.tmp | grep -E -o '\$7z\$.*' > 7z.hash
It will clear the hash of unwanted lines and store the hash in a file format Hashcat 7z.hash .
Hash number: 11600
Cracking MS Office password: Word (.DOCX file) and other office files
To extract the hash, run a command like this:
office2john > office.tmp
To prepare the hash, run the command:
cat office.tmp | grep -E -o '\$office\$.*' > office.hash
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cracking tips with hashcat github:
catCracking RAR archive password
To extract the hash, run a command like this:
rar2john > rar.tmp
For example, the path to the file /mnt/disk_d/Share/test/file.rar , then the command is as follows:
rar2john /mnt/disk_d/Share/test/file.rar > rar.tmp
The hash will be extracted in the John format, this format is unsuitable for Hashcat, so run the following command:
cat rar.tmp | grep -E -o '(\$RAR3\$[^:]+)|(\$rar5\$.*)' > rar.hash
It will clear the hash of unwanted lines and store the hash in a file format Hashcat rar.hash .
But that's not all - there are several versions of RAR. Therefore, we need to correctly determine the type of your hash. You can open the rar.hash file with any text editor or run the following command to print the first 8 characters of the hash:
head -c 8 rar.hash
If the hash string starts with:
$RAR3$*0*
So this is RAR3-hp, hash number: 12500
If the hash string starts with:
$rar5$16$
So this is RAR5, hash number: 13000
If the hash string starts with:
$RAR3$*1*
So this is RAR3-p (Uncompressed), hash number: 23700
If the hash string starts with:
$RAR3$*1*
So this is RAR3-p (Compressed), hash number: 23800
ATTENTION : RAR3-p (Uncompressed) and RAR3-p (Compressed) have the SAME hash beginnings, I don't know how to distinguish them. The only embodiment - taste hashcat run command indicating the type of hash 23700 , and then 23800 . In this case, if you specified the hash type incorrectly, then an error will be displayed immediately. Error example:
Hashfile '/home/mial/rar.hash' on line 1 ($RAR3$...91201eb0007c76714cbb328b2acfc*33): Salt-value exception
No hashes loaded.
If you get errors about missing modules like:
/usr/share/hashcat/modules/module_23700.so: cannot open shared object file: No such file or directory
/usr/share/hashcat/modules/module_23800.so: cannot open shared object file: No such file or directory
This means that your version of Hashcat does not yet support hashes with numbers 23700 and 23800 and you need to update the program to the latest version. Currently, this support is only present in the beta version of Hashcat, which you can download from the official website: https://hashcat.net/beta/
Cracking the 7z archive password
To extract the hash, run a command like this:
7z2john > 7z.tmp
The hash will be extracted in the John format, this format is unsuitable for Hashcat, so run the following command:
cat 7z.tmp | grep -E -o '\$7z\$.*' > 7z.hash
It will clear the hash of unwanted lines and store the hash in a file format Hashcat 7z.hash .
Hash number: 11600
Cracking MS Office password: Word (.DOCX file) and other office files
To extract the hash, run a command like this:
office2john > office.tmp
To prepare the hash, run the command:
cat office.tmp | grep -E -o '\$office\$.*' > office.hash
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Collaboration between Aion Defense and Exavis to reduce the possibility of network access security.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hnap0wn-HACK D-LINK WIFI
The Hnap0wn tool was introduced 10 years ago. This is an exploit to bypass administrative login for HNAP-enabled D-Link routers.
Now it can be downloaded from the following links (the versions are not identical! In this tutorial I use the first one):
1) https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
2) https://web.archive.org/web/20140727021850/http://www.sourcesec.com/Lab/hnap0wn.tar.gz
3) Download and unpack from the command line:
a) mkdir hnap0wn
b) cd hnap0wn
c) wget https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
d) tar xvzf 11101.tar.gz
e) This tool allows you to check if there is a vulnerability that allows you to perform actions without specifying a password, as well as view information from a device using a password or without a password if the device is vulnerable.
f) In the xml folder that comes with this program, there are several .xml files to do typical things.
Example command:
g) ./hnap0wn 172.24.98.25:8080 xml/GetWLanSecurity.xml
There is a result, but I think you cannot read XML files without formatting on the fly. T
How to format XML on the command line " and use one of the utilities it provides. I will be using xmllint ( libxml2-utils package on Debian or libxml2 on Arch Linux).
To have Hnap0wn output valid XML, open the hnap0wn file :
gedit ./hnap0wn
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hnap0wn-HACK D-LINK WIFI
The Hnap0wn tool was introduced 10 years ago. This is an exploit to bypass administrative login for HNAP-enabled D-Link routers.
Now it can be downloaded from the following links (the versions are not identical! In this tutorial I use the first one):
1) https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
2) https://web.archive.org/web/20140727021850/http://www.sourcesec.com/Lab/hnap0wn.tar.gz
3) Download and unpack from the command line:
a) mkdir hnap0wn
b) cd hnap0wn
c) wget https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
d) tar xvzf 11101.tar.gz
e) This tool allows you to check if there is a vulnerability that allows you to perform actions without specifying a password, as well as view information from a device using a password or without a password if the device is vulnerable.
f) In the xml folder that comes with this program, there are several .xml files to do typical things.
Example command:
g) ./hnap0wn 172.24.98.25:8080 xml/GetWLanSecurity.xml
There is a result, but I think you cannot read XML files without formatting on the fly. T
How to format XML on the command line " and use one of the utilities it provides. I will be using xmllint ( libxml2-utils package on Debian or libxml2 on Arch Linux).
To have Hnap0wn output valid XML, open the hnap0wn file :
gedit ./hnap0wn
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
130 hijacked celebrity accounts, the whole picture of the unknown Twitter hack.
#CyberAttacks #Leaks
#CyberAttacks #Leaks
Forwarded from UNDERCODE NEWS
A vacuum cleaning robot can manipulate a lidar sensor and turn it into a tapping device.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Configuring network implants based on cheap SBC single board computers:
#fASTtIPS
1) Now there is a possibility of creating various hacking devices based on single-board computers that are connected to target routers. This is done without the knowledge of system administrators, which subsequently allows an attacker to conduct remote network attacks from anywhere in the world.
2) Network implants are miniature Raspberry Pi devices that can be discreetly connected to routers, hubs, servers, and other IT equipment. Similar to the Hak5's LAN Turtle gadget, it requires a physical connection of the interfaces to interconnect with the global and local network in which other computers operate. This eliminates the need to enable port forwarding, as well as change firewall security settings, since this equipment automatically synchronizes with the Internet via remote access (RAT), allowing a hacker to manage entire domains as an administrator.
3) Typically a $ 200 off-the-shelf Lan Turtle device is used for these purposes, but we'll show you how you can get the same functionality using a cheap single board Raspberry Pi PC.
4) The SBC discussed in this article is Orange Pi Zero, although there are many analogues. The device has a small computing power with 512 Mb of RAM and a Cortex-A7 processor, but this will be enough to carry out middleman attacks (MITM), Nmap scans and brute-force passwords while creating a Wi-Fi access point , managed over a remote connection in the anonymous Tor network.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Configuring network implants based on cheap SBC single board computers:
#fASTtIPS
1) Now there is a possibility of creating various hacking devices based on single-board computers that are connected to target routers. This is done without the knowledge of system administrators, which subsequently allows an attacker to conduct remote network attacks from anywhere in the world.
2) Network implants are miniature Raspberry Pi devices that can be discreetly connected to routers, hubs, servers, and other IT equipment. Similar to the Hak5's LAN Turtle gadget, it requires a physical connection of the interfaces to interconnect with the global and local network in which other computers operate. This eliminates the need to enable port forwarding, as well as change firewall security settings, since this equipment automatically synchronizes with the Internet via remote access (RAT), allowing a hacker to manage entire domains as an administrator.
3) Typically a $ 200 off-the-shelf Lan Turtle device is used for these purposes, but we'll show you how you can get the same functionality using a cheap single board Raspberry Pi PC.
4) The SBC discussed in this article is Orange Pi Zero, although there are many analogues. The device has a small computing power with 512 Mb of RAM and a Cortex-A7 processor, but this will be enough to carry out middleman attacks (MITM), Nmap scans and brute-force passwords while creating a Wi-Fi access point , managed over a remote connection in the anonymous Tor network.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
π¦Security Awareness Campaigns (Lite)
Lite version of Security Awareness Campaigns training
Basic Security Aspects covered in an awareness campaign
4.1 rating
https://www.udemy.com/course/security-awareness-campaigns/
Lite version of Security Awareness Campaigns training
Basic Security Aspects covered in an awareness campaign
4.1 rating
https://www.udemy.com/course/security-awareness-campaigns/
Udemy
Free Cybersecurity Tutorial - Security Awareness Campaigns (Lite)
This is the "lite" version of Security Awareness Campaigns and is meant to give you an idea of the full course. - Free Course
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Reverse Engineering Tools
The following are some of the most popular reverse engineering tools. HOWEVER! GO TO THE REVERSE ENGINEERING SECTION(https://github.com/The-Art-of-Hacking/art-of-hacking/blob/master/reverse_engineering/README.md) for more references.
* Ghidra(https://ghidra-sre.org/) - a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate
* Interactive Disassembler (IDA Pro)(https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free(https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
* WDK/WinDbg(https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.
* OllyDbg(http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis.
* Radare2(http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework.
* x64dbg(http://x64dbg.com/) - Open source x64/x32 debugger for windows.
* Immunity Debugger(http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware.
* Evan's Debugger(http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
* Medusa(https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler.
* plasma(https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Reverse Engineering Tools
The following are some of the most popular reverse engineering tools. HOWEVER! GO TO THE REVERSE ENGINEERING SECTION(https://github.com/The-Art-of-Hacking/art-of-hacking/blob/master/reverse_engineering/README.md) for more references.
* Ghidra(https://ghidra-sre.org/) - a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate
* Interactive Disassembler (IDA Pro)(https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free(https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
* WDK/WinDbg(https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.
* OllyDbg(http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis.
* Radare2(http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework.
* x64dbg(http://x64dbg.com/) - Open source x64/x32 debugger for windows.
* Immunity Debugger(http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware.
* Evan's Debugger(http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
* Medusa(https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler.
* plasma(https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
h4cker/reverse_engineering/README.md at master Β· The-Art-of-Hacking/h4cker
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), ar...
Forwarded from UNDERCODE NEWS
New Vulnerability BigBlueButton allow a user to vote more than once in a single poll.
#Vulnerabilities
#Vulnerabilities
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is HTTP Basic and Digest Authentication
two types of authentication are quite different. The algorithm of authentication through the web login form is approximately the following:
1) the user enters data into a web page and they are transmitted, usually by the POST method to the web server
2) the web server passes the received data to the web application
3) the web application compares the submitted credentials with those stored in the database
4) if the username and password are correct, then a token (token) of any kind is sent to the user, which makes it possible to distinguish the user, and the web browser is instructed to save it in cookies
5) the web browser stores this token in a cookie
the site also remembers the token and the user to whom it is assigned
6) on each subsequent request, the web browser sends, among other HTTP headers, and the token from the cookie
now the website verifies not the login and password, but the token from the cookies - if it matches, then this is an authorized user and he can be shown content restricted for access
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is HTTP Basic and Digest Authentication
two types of authentication are quite different. The algorithm of authentication through the web login form is approximately the following:
1) the user enters data into a web page and they are transmitted, usually by the POST method to the web server
2) the web server passes the received data to the web application
3) the web application compares the submitted credentials with those stored in the database
4) if the username and password are correct, then a token (token) of any kind is sent to the user, which makes it possible to distinguish the user, and the web browser is instructed to save it in cookies
5) the web browser stores this token in a cookie
the site also remembers the token and the user to whom it is assigned
6) on each subsequent request, the web browser sends, among other HTTP headers, and the token from the cookie
now the website verifies not the login and password, but the token from the cookies - if it matches, then this is an authorized user and he can be shown content restricted for access
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
