Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACKING PRACTICAL TUTORIALS :
Mid-Course Capstone
Cracking Hashes with Hashcat: https://youtu.be/eq097dEB8Sw
Introduction to Exploit Development (Buffer Overflows)
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Vulnserver: http://www.thegreycorner.com/p/vulnserver.html
Attacking Active Directory: Initial Attack Vectors
mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
Attacking Active Directory: Post-Compromise Attacks
Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/
Mimikatz: https://github.com/gentilkiwi/mimikatz
Active Directory Security Blog: https://adsecurity.org/
Harmj0y Blog: http://blog.harmj0y.net/
Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab
Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab
eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/
(from git)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACKING PRACTICAL TUTORIALS :
Mid-Course Capstone
Cracking Hashes with Hashcat: https://youtu.be/eq097dEB8Sw
Introduction to Exploit Development (Buffer Overflows)
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Vulnserver: http://www.thegreycorner.com/p/vulnserver.html
Attacking Active Directory: Initial Attack Vectors
mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
Attacking Active Directory: Post-Compromise Attacks
Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/
Mimikatz: https://github.com/gentilkiwi/mimikatz
Active Directory Security Blog: https://adsecurity.org/
Harmj0y Blog: http://blog.harmj0y.net/
Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab
Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab
eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/
(from git)
β β β Uππ»βΊπ«Δπ¬πβ β β β
YouTube
Cracking Linux Password Hashes with Hashcat
In this video, we will cover how to use Hashcat to crack Linux hashes.
Hashcat: https://hashcat.net/hashcat/
Timestamps:
0:06 - Introduction
0:45 - Reviewing the /etc/passwd file
1:48 - Reviewing the /etc/shadow file
4:05 - Using unshadow to combine passwdβ¦
Hashcat: https://hashcat.net/hashcat/
Timestamps:
0:06 - Introduction
0:45 - Reviewing the /etc/passwd file
1:48 - Reviewing the /etc/shadow file
4:05 - Using unshadow to combine passwdβ¦
Forwarded from DailyCVE
Forwarded from UNDERCODE NEWS
Update 27.20.100.9126 of the Intel graphics driver launches and addresses errors in 10th and 11th generation nuclear displays.
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to create a password for basic authentication of HTTP users ?
Install the apache2-utils package.
$ sudo apt install apache2-utils
Let's create an empty file to hold the HTTP account information.
$ sudo touch /etc/nginx/snippets/statistics.htpasswd
You can use htpasswd to create a file to store your HTTP account information, but I am opposed as this solution is error prone.
Let's display the encrypted password for user username on standard output.
$ echo "password" | htpasswd -i -n username
username: $ apr1 $ Qzu3mckE $ xiu7cvijFfWTqha / AEQhE1
Add or update your HTTP account information.
$ echo "stats" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
$ echo "stats-" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Updating password for user stats
Let's check the password for a specific HTTP user.
$ echo "stats-" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
Password for user stats correct.
$ echo "stats" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
password verification failed
Remove a specific HTTP user.
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
Deleting password for user stats
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
User stats not found
Rewrite HTTP account information. You end up with one HTTP account.
$ echo "stats" | sudo htpasswd -i -c /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to create a password for basic authentication of HTTP users ?
Install the apache2-utils package.
$ sudo apt install apache2-utils
Let's create an empty file to hold the HTTP account information.
$ sudo touch /etc/nginx/snippets/statistics.htpasswd
You can use htpasswd to create a file to store your HTTP account information, but I am opposed as this solution is error prone.
Let's display the encrypted password for user username on standard output.
$ echo "password" | htpasswd -i -n username
username: $ apr1 $ Qzu3mckE $ xiu7cvijFfWTqha / AEQhE1
Add or update your HTTP account information.
$ echo "stats" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
$ echo "stats-" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Updating password for user stats
Let's check the password for a specific HTTP user.
$ echo "stats-" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
Password for user stats correct.
$ echo "stats" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
password verification failed
Remove a specific HTTP user.
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
Deleting password for user stats
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
User stats not found
Rewrite HTTP account information. You end up with one HTTP account.
$ echo "stats" | sudo htpasswd -i -c /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
Dailycve
Windows ipv6 stack CVE-2020-16898 | CVE
Details:
Microsoft revealed an incredibly significant flaw in the Windows IPv6 stack on October 13, which allows an attacker to send maliciously designed packets to a remote device to potentially run arbitrary code. The proof-of-concept shared with representativesβ¦
Microsoft revealed an incredibly significant flaw in the Windows IPv6 stack on October 13, which allows an attacker to send maliciously designed packets to a remote device to potentially run arbitrary code. The proof-of-concept shared with representativesβ¦
Forwarded from UNDERCODE NEWS
Check Point: 25% jump in cyber attacks on medical institutions in Israel at the end of 2020.
#CyberAttacks
#CyberAttacks
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦List of Websites Giving free RDP/VPS
http://vpswala.org/
http://ohosti.com/vpshosting.php
https://gratisvps.net/
https://my.letscloud.io/sign-up/
https://developer.rackspace.com/
https://www.vultr.com/
https://www.ionos.com/
https://www.cloudsigma.com/
https://www.digitalocean.com/
http://ezywatch.com/freevps/
https://yellowcircle.net/
https://www.ctl.io/free-trial/
https://www.ihor.ru/
https://www.neuprime.com/l_vds3.php
https://www.skysilk.com/
https://sadd.io/
https://www.apponfly.com/en/
Source Redit
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦List of Websites Giving free RDP/VPS
http://vpswala.org/
http://ohosti.com/vpshosting.php
https://gratisvps.net/
https://my.letscloud.io/sign-up/
https://developer.rackspace.com/
https://www.vultr.com/
https://www.ionos.com/
https://www.cloudsigma.com/
https://www.digitalocean.com/
http://ezywatch.com/freevps/
https://yellowcircle.net/
https://www.ctl.io/free-trial/
https://www.ihor.ru/
https://www.neuprime.com/l_vds3.php
https://www.skysilk.com/
https://sadd.io/
https://www.apponfly.com/en/
Source Redit
β β β Uππ»βΊπ«Δπ¬πβ β β β
VPSWala
Free VPS | 8GB RAM Windows/Linux Servers | NVMe SSD | Full Root Access
Launch your Free VPS instantly! β 100% Free Forever β 8GB RAM Windows/Linux β NVMe SSD Storage β Full Root Access β No Credit Card Required β 24/7 Support. Deploy enterprise-grade infrastructure in 60 seconds.
Forwarded from UNDERCODE NEWS
Why user companies should get a cloud "driver's license"
#International
#International
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Newsletter wordpress CVE-2020-35933, XSS:
https://dailycve.com/newsletter-wordpress-cve-2020-35933-xss
https://dailycve.com/newsletter-wordpress-cve-2020-35933-xss
β β β Uππ»βΊπ«Δπ¬πβ β β β
All about SS7 HACKING + GUIDE :
SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7, GTP (3G), Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Version 1: SS7
SigPloit will initially start with SS7 vulnerabilities providing the messages used to test the below attacking scenarios
A- Location Tracking
B- Call and SMS Interception
C- Fraud
Version 2: GTP
This Version will focus on the data roaming attacks that occur on the IPX/GRX interconnects.
Version 3: Diameter
This Version will focus on the attacks occurring on the LTE roaming interconnects using Diameter as the signaling protocol.
Version 4: SIP
This is Version will be concerned with SIP as the signaling protocol used in the access layer for voice over LTE(VoLTE) and IMS infrastructure. Also, SIP will be used to encapsulate SS7 messages (ISUP) to be relayed over VoIP providers to SS7 networks taking advantage of SIP-T protocol, a protocol extension for SIP to provide intercompatability between VoIP and SS7 networks
Version 5: Reporting
This last Version will introduce the reporting feature. A comprehensive report with the tests done along with the recommendations provided for each vulnerability that has been exploited.
BETA Version of SigPloit will have the Location Tracking attacks of the SS7 phase 1
Installation and requirements
Β»The requirements for this project are:
1) Python 2.7
2) Java version 1.7 +
3) sudo apt-get install lksctp-tools
4) Linux machine
https://github.com/SigPloiter/SigPloit
5) To run use
cd SigPloit
6) sudo pip2 install -r requirements.txt
7) python sigploit.py
β β β Uππ»βΊπ«Δπ¬πβ β β β
All about SS7 HACKING + GUIDE :
SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7, GTP (3G), Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Version 1: SS7
SigPloit will initially start with SS7 vulnerabilities providing the messages used to test the below attacking scenarios
A- Location Tracking
B- Call and SMS Interception
C- Fraud
Version 2: GTP
This Version will focus on the data roaming attacks that occur on the IPX/GRX interconnects.
Version 3: Diameter
This Version will focus on the attacks occurring on the LTE roaming interconnects using Diameter as the signaling protocol.
Version 4: SIP
This is Version will be concerned with SIP as the signaling protocol used in the access layer for voice over LTE(VoLTE) and IMS infrastructure. Also, SIP will be used to encapsulate SS7 messages (ISUP) to be relayed over VoIP providers to SS7 networks taking advantage of SIP-T protocol, a protocol extension for SIP to provide intercompatability between VoIP and SS7 networks
Version 5: Reporting
This last Version will introduce the reporting feature. A comprehensive report with the tests done along with the recommendations provided for each vulnerability that has been exploited.
BETA Version of SigPloit will have the Location Tracking attacks of the SS7 phase 1
Installation and requirements
Β»The requirements for this project are:
1) Python 2.7
2) Java version 1.7 +
3) sudo apt-get install lksctp-tools
4) Linux machine
https://github.com/SigPloiter/SigPloit
5) To run use
cd SigPloit
6) sudo pip2 install -r requirements.txt
7) python sigploit.py
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - SigPloiter/SigPloit: SigPloit: Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
SigPloit: Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP - SigPloiter/SigPloit
Forwarded from DailyCVE
Dailycve
Lms app crash bug error | CVE
Details:
The LMS app integrates h, the Hypothesis client, Via 3, and Via, so you will need to set up development environments for each of those before you can develop the LMS app.
The LMS app crashes if you post to its /welcome endpoint with missing params.β¦
The LMS app integrates h, the Hypothesis client, Via 3, and Via, so you will need to set up development environments for each of those before you can develop the LMS app.
The LMS app crashes if you post to its /welcome endpoint with missing params.β¦
Forwarded from UNDERCODE NEWS
