β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#Hacking A Sponge minecraft server plugin for second factor authentication:
1) SpongeCommon introduced a bug for not capturing the inventory changes on crafting with number press usage. This allows inventory item duplication in combination with FlexibleLogin if the user is not logged in. Sponge fixed in the mentioned above build and commit. So you should update your server version. If that's not possible, FlexibleLogin 0.18.1 includes a workaround. Alternative you could remove the inventory until the player logs in.
2) FlexibleLogin had an incorrect permission check for using the change password command. This allowed unauthorized players to use the command. There is no known usage that this was actively used.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) download:
https://github.com/games647/FlexibleLogin/releases
2) https://www.youtube.com/watch?v=wpYc0hfbL24
3) User Commands
User commands:
/reg /register <password> <password> - Registers using a specific password
/register - Generates your secret code for TOTP
/changepw /cp /changepassword <password> <password> - Changes your current password
/log /l /login <password|code> - Login using your password or time based code
/logout - Logs you out
/mail /setemail - Sets your mail address
/forgot /forgotpassword - Sends a recovery mail to the mail address
/unregister <uuid|name> - delete an account
Admin commands: (you can use /flexiblelogin as an alias)
/fl <reload|rl> - reloads the config
/fl forcelogin <name> - Force login the user
/fl <accounts|acc> <name|ip> - Get list of user accounts
/fl <unregister|unreg> <name|uuid|--all> - Deletes the account of a user or all using the -a flag
/fl <register|reg> <name|uuid> <pass> - Register the user with a specific password
/fl <resetpw|resetpassword> <name> - Sets a new temp password for a new user
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#Hacking A Sponge minecraft server plugin for second factor authentication:
1) SpongeCommon introduced a bug for not capturing the inventory changes on crafting with number press usage. This allows inventory item duplication in combination with FlexibleLogin if the user is not logged in. Sponge fixed in the mentioned above build and commit. So you should update your server version. If that's not possible, FlexibleLogin 0.18.1 includes a workaround. Alternative you could remove the inventory until the player logs in.
2) FlexibleLogin had an incorrect permission check for using the change password command. This allowed unauthorized players to use the command. There is no known usage that this was actively used.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) download:
https://github.com/games647/FlexibleLogin/releases
2) https://www.youtube.com/watch?v=wpYc0hfbL24
3) User Commands
User commands:
/reg /register <password> <password> - Registers using a specific password
/register - Generates your secret code for TOTP
/changepw /cp /changepassword <password> <password> - Changes your current password
/log /l /login <password|code> - Login using your password or time based code
/logout - Logs you out
/mail /setemail - Sets your mail address
/forgot /forgotpassword - Sends a recovery mail to the mail address
/unregister <uuid|name> - delete an account
Admin commands: (you can use /flexiblelogin as an alias)
/fl <reload|rl> - reloads the config
/fl forcelogin <name> - Force login the user
/fl <accounts|acc> <name|ip> - Get list of user accounts
/fl <unregister|unreg> <name|uuid|--all> - Deletes the account of a user or all using the -a flag
/fl <register|reg> <name|uuid> <pass> - Register the user with a specific password
/fl <resetpw|resetpassword> <name> - Sets a new temp password for a new user
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
Releases Β· games647/FlexibleLogin
A Sponge minecraft server plugin for second factor authentication - games647/FlexibleLogin
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Catch bad SQL queries :
#Hacking
1) download https://github.com/burrito-brothers/shiba
2) Install in a Rails / ActiveRecord project using bundler. Note: this gem is not designed to be run on production. It should be required after minitest/rspec.
# Gemfile
3) gem 'shiba', :group => :test, :require => 'shiba/setup'
If your application lazy loads gems, you will to manually require it.
# config/environments/test.rb or test/test_helper.rb
require 'shiba/setup
4) To get started, try out shiba locally. To verify shiba is actually running, you can run your tests with SHIBA_DEBUG=true.
# Install
bundle
# Run some tests using to generate a SQL report
5) rake test:functional
rails test test/controllers/users_controller_test.rb
SHIBA_DEBUG=true ruby test/controllers/users_controller_test.rb
# 1 problematic query detected
# Report available at /tmp/shiba-explain.log-1550099512
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Catch bad SQL queries :
#Hacking
1) download https://github.com/burrito-brothers/shiba
2) Install in a Rails / ActiveRecord project using bundler. Note: this gem is not designed to be run on production. It should be required after minitest/rspec.
# Gemfile
3) gem 'shiba', :group => :test, :require => 'shiba/setup'
If your application lazy loads gems, you will to manually require it.
# config/environments/test.rb or test/test_helper.rb
require 'shiba/setup
4) To get started, try out shiba locally. To verify shiba is actually running, you can run your tests with SHIBA_DEBUG=true.
# Install
bundle
# Run some tests using to generate a SQL report
5) rake test:functional
rails test test/controllers/users_controller_test.rb
SHIBA_DEBUG=true ruby test/controllers/users_controller_test.rb
# 1 problematic query detected
# Report available at /tmp/shiba-explain.log-1550099512
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - burrito-brothers/shiba: Catch bad SQL queries before they cause problems in production
Catch bad SQL queries before they cause problems in production - GitHub - burrito-brothers/shiba: Catch bad SQL queries before they cause problems in production
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#Hacking A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
F E A T U R E S :
Send/Receive UDP Packets with ICMP/FakeTCP/UDP headers
ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. In ICMP header mode,udp2raw works like an ICMP tunnel.
UDP headers are also supported. In UDP header mode, it behaves just like a normal UDP tunnel, and you can just make use of the other features (such as encryption, anti-replay, or connection stalization).
Simulated TCP with Real-time/Out-of-Order Delivery
In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates a few TCP options such as: MSS, sackOk, TS, TS_ack, wscale. Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/wangyu-/udp2raw-tunnel.git
2) cd udp2raw-tunnel
3) # Run at server side:
./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp -a
4) Run at client side
./udp2raw_amd64 -c -l0.0.0.0:3333 -r44.55.66.77:4096 -k "passwd" --raw-mode faketcp -a
run as client : ./this_program -c -l local_listen_ip:local_port -r server_address:server_port [options]
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
common options,these options must be same on both side:
--raw-mode <string> avaliable values:faketcp(default),udp,icmp
-k,--key <string> password to gen symetric key,default:"secret key"
--cipher-mode <string> avaliable values:aes128cbc(default),xor,none
--auth-mode <string> avaliable values:hmac_sha1,md5(default),crc32,simple,none
-a,--auto-rule auto add (and delete) iptables rule
-g,--gen-rule generate iptables rule then exit,so that you can copy and
add it manually.overrides -a
--disable-anti-replay disable anti-replay,not suggested
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#Hacking A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
F E A T U R E S :
Send/Receive UDP Packets with ICMP/FakeTCP/UDP headers
ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. In ICMP header mode,udp2raw works like an ICMP tunnel.
UDP headers are also supported. In UDP header mode, it behaves just like a normal UDP tunnel, and you can just make use of the other features (such as encryption, anti-replay, or connection stalization).
Simulated TCP with Real-time/Out-of-Order Delivery
In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates a few TCP options such as: MSS, sackOk, TS, TS_ack, wscale. Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/wangyu-/udp2raw-tunnel.git
2) cd udp2raw-tunnel
3) # Run at server side:
./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp -a
4) Run at client side
./udp2raw_amd64 -c -l0.0.0.0:3333 -r44.55.66.77:4096 -k "passwd" --raw-mode faketcp -a
run as client : ./this_program -c -l local_listen_ip:local_port -r server_address:server_port [options]
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
common options,these options must be same on both side:
--raw-mode <string> avaliable values:faketcp(default),udp,icmp
-k,--key <string> password to gen symetric key,default:"secret key"
--cipher-mode <string> avaliable values:aes128cbc(default),xor,none
--auth-mode <string> avaliable values:hmac_sha1,md5(default),crc32,simple,none
-a,--auto-rule auto add (and delete) iptables rule
-g,--gen-rule generate iptables rule then exit,so that you can copy and
add it manually.overrides -a
--disable-anti-replay disable anti-replay,not suggested
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - wangyu-/udp2raw: A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps youβ¦
A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment) - wangyu-/udp2raw
β β β Uππ»βΊπ«Δπ¬πβ β β β
Updated ! Windows hacking :
#Hacking
New Update Gives you one-liners that aids in penetration testing operations, privilege escalation and more :
F E A T U R E S :
It's designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/listallcapabilities and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc...
Automation
You can automatically copy the liner you want to clipboard with command copy <liner> instead of using use <liner> and then copying it which saves a lot of time, of course, if you merged it with the following features.
As you may noticed, you can use a resource file from command-line arguments before starting the framework itself or send commands directly.
Inside the framework you can use makerc command like in Metasploit but this time it only saves the correct important commands.
There are history and resource commands so you don't need to exit the framework.
You can execute as many commands as you want at the same time by splitting them with semi-colon.
Searching for any liner here is so easy and accurate, you can search for a liner by its name, function, description, author who added the liner to the framework or even the liner itself.
You can add your own liners by following these steps to create a liner as a python file. After that you can make a Pull request with it then it will be added in the framework and credited with your name of course π.
The ability to reload the database if you added any liner without restarting the framework.
You can add any platform to the liners database just by making a folder in liners folder and creating a ".liner" file there.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) Using pip (The best way to install on any OS):
2) pip install one-lin3r
one-lin3r -h
3) Using pacman on Black Arch or any arch-based with black Arch repos:
sudo pacman -S one-lin3r
πΈInstalling it from GitHub:
1) For windows on cmd with administrator rights : (After downloading ZIP and unzip it)
2) python -m pip install ./One-Lin3r-master --user
one-lin3r -h
3) For Linux Debian-based distros. (Ex: Kali, Ubuntu..):
4) git clone https://github.com/D4Vinci/One-Lin3r.git
5) sudo apt install libncurses5-dev
sudo pip3 install ./One-Lin3r --user
one-lin3r -h
Β» For the rest Linux distros.:
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
H O W T O U S E ?>
usage: one-lin3r -h -r R -x X -q
optional arguments:
-h, --help show this help message and exit
-r Execute a resource file (history file).
-x Execute a specific command (use ; for multiples).
-q Quiet mode (no banner).
β β β Uππ»βΊπ«Δπ¬πβ β β β
Updated ! Windows hacking :
#Hacking
New Update Gives you one-liners that aids in penetration testing operations, privilege escalation and more :
F E A T U R E S :
It's designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/listallcapabilities and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc...
Automation
You can automatically copy the liner you want to clipboard with command copy <liner> instead of using use <liner> and then copying it which saves a lot of time, of course, if you merged it with the following features.
As you may noticed, you can use a resource file from command-line arguments before starting the framework itself or send commands directly.
Inside the framework you can use makerc command like in Metasploit but this time it only saves the correct important commands.
There are history and resource commands so you don't need to exit the framework.
You can execute as many commands as you want at the same time by splitting them with semi-colon.
Searching for any liner here is so easy and accurate, you can search for a liner by its name, function, description, author who added the liner to the framework or even the liner itself.
You can add your own liners by following these steps to create a liner as a python file. After that you can make a Pull request with it then it will be added in the framework and credited with your name of course π.
The ability to reload the database if you added any liner without restarting the framework.
You can add any platform to the liners database just by making a folder in liners folder and creating a ".liner" file there.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) Using pip (The best way to install on any OS):
2) pip install one-lin3r
one-lin3r -h
3) Using pacman on Black Arch or any arch-based with black Arch repos:
sudo pacman -S one-lin3r
πΈInstalling it from GitHub:
1) For windows on cmd with administrator rights : (After downloading ZIP and unzip it)
2) python -m pip install ./One-Lin3r-master --user
one-lin3r -h
3) For Linux Debian-based distros. (Ex: Kali, Ubuntu..):
4) git clone https://github.com/D4Vinci/One-Lin3r.git
5) sudo apt install libncurses5-dev
sudo pip3 install ./One-Lin3r --user
one-lin3r -h
Β» For the rest Linux distros.:
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
H O W T O U S E ?>
usage: one-lin3r -h -r R -x X -q
optional arguments:
-h, --help show this help message and exit
-r Execute a resource file (history file).
-x Execute a specific command (use ; for multiples).
-q Quiet mode (no banner).
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Undetected. Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
#Hacking
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
β’ DOWNLOAD : https://github.com/aydinnyunus/Keylogger
β’Set your own MAIL and PASSWORD on "keylogger.py".
β’Run keylogger.py on Target Computer
β’Every 10 seconds,You Get the Data from the Target Computer
β’If Target finds the Code and Open the File for Want to Learn your MAIL and Password The Program DELETE itself.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Undetected. Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
#Hacking
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
β’ DOWNLOAD : https://github.com/aydinnyunus/Keylogger
β’Set your own MAIL and PASSWORD on "keylogger.py".
β’Run keylogger.py on Target Computer
β’Every 10 seconds,You Get the Data from the Target Computer
β’If Target finds the Code and Open the File for Want to Learn your MAIL and Password The Program DELETE itself.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - aydinnyunus/Keylogger: Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail. - aydinnyunus/Keylogger