Forwarded from Backup Legal Mega
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ A simple TCP spoofing attack :
#git source
Technical Details
~~~~~~~~~~~~~~~~~
The problem occurs when particular network daemons accept connections
with source routing enabled, and proceed to disable any source routing
options on the connection. The connection is allowed to continue, however
the reverse route is no longer used. An example attack can launched against
the in.rshd daemon, which on most systems will retrieve the socket options
via getsockopt() and then turn off any dangerous options via setsockopt().
π¦An example attack follows.
Host A is the trusted host
Host B is the target host
Host C is the attacker
Host C initiates a source routed connection to in.rshd on host B, pretending
to be host A.
Host C spoofing Host A <SYN> --> Host B in.rshd
Host B receives the initial SYN packet, creates a new PCB (protocol
control block) and associates the route with the PCB. Host B responds,
using the reverse route, sending back a SYN/ACK with the sequence number.
Host C spoofing Host A <-- <SYN/ACK> Host B in.rshd
Host C responds, still spoofing host A, acknowledging the sequence number.
Source routing options are not required on this packet.
Host C spoofing Host A <ACK> --> Host B in.rshd
We now have an established connection, the accept() call completes, and
control is now passed to the in.rshd daemon. The daemon now does IP
options checking and determines that we have initiated a source routed
connection. The daemon now turns off this option, and any packets sent
thereafter will be sent to the real host A, no longer using the reverse
route which we have specified. Normally this would be safe, however the
attacking host now knows what the next sequence number will be. Knowing
this sequence number, we can now send a spoofed packet without the source
routing options enabled, pretending to originate from Host A, and our
command will be executed.
π¦In some conditions the flooding of a port on the real host A is required
if larger ammounts of data are sent, to prevent the real host A from
responding with an RST. This is not required in most cases when performing
this attack against in.rshd due to the small ammount of data transmitted.
It should be noted that the sequence number is obtained before accept()
has returned and that this cannot be prevented without turning off source
routing in the kernel.
π¦As a side note, we're very lucky that TCP only associates a source route with
a PCB when the initial SYN is received. If it accepted and changed the ip
options at any point during a connection, more exotic attacks may be possible.
These could include hijacking connections across the internet without playing
a man in the middle attack and being able to bypass IP options checking
imposed by daemons using getsockopt(). Luckily *BSD based TCP/IP stacks will
not do this, however it would be interesting to examine other implementations.
Impact
~~~~~~
The impact of this attack is similar to the more complex TCP sequence
number prediction attack, yet it involves fewer steps, and does not require
us to 'guess' the sequence number. This allows an attacker to execute
arbitrary commands as root, depending on the configuration of the target
system. It is required that trust is present here, as an example, the use
of .rhosts or hosts.equiv files.
π¦ A simple TCP spoofing attack :
#git source
Technical Details
~~~~~~~~~~~~~~~~~
The problem occurs when particular network daemons accept connections
with source routing enabled, and proceed to disable any source routing
options on the connection. The connection is allowed to continue, however
the reverse route is no longer used. An example attack can launched against
the in.rshd daemon, which on most systems will retrieve the socket options
via getsockopt() and then turn off any dangerous options via setsockopt().
π¦An example attack follows.
Host A is the trusted host
Host B is the target host
Host C is the attacker
Host C initiates a source routed connection to in.rshd on host B, pretending
to be host A.
Host C spoofing Host A <SYN> --> Host B in.rshd
Host B receives the initial SYN packet, creates a new PCB (protocol
control block) and associates the route with the PCB. Host B responds,
using the reverse route, sending back a SYN/ACK with the sequence number.
Host C spoofing Host A <-- <SYN/ACK> Host B in.rshd
Host C responds, still spoofing host A, acknowledging the sequence number.
Source routing options are not required on this packet.
Host C spoofing Host A <ACK> --> Host B in.rshd
We now have an established connection, the accept() call completes, and
control is now passed to the in.rshd daemon. The daemon now does IP
options checking and determines that we have initiated a source routed
connection. The daemon now turns off this option, and any packets sent
thereafter will be sent to the real host A, no longer using the reverse
route which we have specified. Normally this would be safe, however the
attacking host now knows what the next sequence number will be. Knowing
this sequence number, we can now send a spoofed packet without the source
routing options enabled, pretending to originate from Host A, and our
command will be executed.
π¦In some conditions the flooding of a port on the real host A is required
if larger ammounts of data are sent, to prevent the real host A from
responding with an RST. This is not required in most cases when performing
this attack against in.rshd due to the small ammount of data transmitted.
It should be noted that the sequence number is obtained before accept()
has returned and that this cannot be prevented without turning off source
routing in the kernel.
π¦As a side note, we're very lucky that TCP only associates a source route with
a PCB when the initial SYN is received. If it accepted and changed the ip
options at any point during a connection, more exotic attacks may be possible.
These could include hijacking connections across the internet without playing
a man in the middle attack and being able to bypass IP options checking
imposed by daemons using getsockopt(). Luckily *BSD based TCP/IP stacks will
not do this, however it would be interesting to examine other implementations.
Impact
~~~~~~
The impact of this attack is similar to the more complex TCP sequence
number prediction attack, yet it involves fewer steps, and does not require
us to 'guess' the sequence number. This allows an attacker to execute
arbitrary commands as root, depending on the configuration of the target
system. It is required that trust is present here, as an example, the use
of .rhosts or hosts.equiv files.
Forwarded from Backup Legal Mega
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦all beep codes
Standard Original IBM POST Error Codes
Code Description
1 short beep System is OK
2 short beeps POST Error - error code shown on screen No beep Power supply or system board problem Continuous beep Power supply, system board, or keyboard problem Repeating short beeps Power supply or system board problem
1 long, 1 short beep System board problem
1 long, 2 short beeps Display adapter problem (MDA, CGA)
1 long, 3 short beeps Display adapter problem (EGA)
3 long beeps 3270 keyboard card
IBM POST Diagnostic Code Descriptions
Code Description
100 - 199 System Board
200 - 299 Memory
300 - 399 Keyboard
400 - 499 Monochrome Display
500 - 599 Colour/Graphics Display
600 - 699 Floppy-disk drive and/or Adapter
700 - 799 Math Coprocessor
900 - 999 Parallel Printer Port
1000 - 1099 Alternate Printer Adapter
1100 - 1299 Asynchronous Communication Device, Adapter, or Port
1300 - 1399 Game Port
1400 - 1499 Colour/Graphics Printer
1500 - 1599 Synchronous Communication Device, Adapter, or Port
1700 - 1799 Hard Drive and/or Adapter
1800 - 1899 Expansion Unit (XT)
2000 - 2199 Bisynchronous Communication Adapter
2400 - 2599 EGA system-board Video (MCA)
3000 - 3199 LAN Adapter
4800 - 4999 Internal Modem
7000 - 7099 Phoenix BIOS Chips
7300 - 7399 3.5" Disk Drive
8900 - 8999 MIDI Adapter
11200 - 11299 SCSI Adapter
21000 - 21099 SCSI Fixed Disk and Controller
21500 - 21599 SCSI CD-ROM System
AMI BIOS Beep Codes
Code Description
1 Short Beep System OK
2 Short Beeps Parity error in the first 64 KB of memory
3 Short Beeps Memory failure in the first 64 KB
4 Short Beeps Memory failure in the first 64 KB Operational of memory
or Timer 1 on the motherboard is not functioning
5 Short Beeps The CPU on the motherboard generated an error
6 Short Beeps The keyboard controller may be bad. The BIOS cannot switch to protected mode
7 Short Beeps The CPU generated an exception interrupt
8 Short Beeps The system video adapter is either missing, or its memory is faulty
9 Short Beeps The ROM checksum value does not match the value encoded in the BIOS
10 Short Beeps The shutdown register for CMOS RAM failed
11 Short Beeps The external cache is faulty
1 Long, 3 Short Beeps Memory Problems
1 Long, 8 Short Beeps Video Card Problems
Phoenix BIOS Beep Codes
Note - Phoenix BIOS emits three sets of beeps, separated by a brief pause.
Code Description
1-1-3 CMOS read/write failure
1-1-4 ROM BIOS checksum error
1-2-1 Programmable interval timer failure
1-2-2 DMA initialisation failure
1-2-3 DMA page register read/write failure
1-3-1 RAM refresh verification failure
1-3-3 First 64k RAM chip or data line failure
1-3-4 First 64k RAM odd/even logic failure
1-4-1 Address line failure first 64k RAM
1-4-2 Parity failure first 64k RAM
2 β __ Faulty Memory
3-1-_ Faulty Motherboard
3-2-4 Keyboard controller Test failure
3-3-4 Screen initialisation failure
3-4-1 Screen retrace test failure
3-4-2 Search for video ROM in progress
4-2-1 Timer tick interrupt in progress or failure
4-2-2 Shutdown test in progress or failure
4-2-3 Gate A20 failure
4-2-4 Unexpected interrupt in protected mode
4-3-1 RAM test in progress or failure>ffffh
4-3-2 Faulty Motherboard
4-3-3 Interval timer channel 2 test or failure
4-3-4 Time of Day clock test failure
4-4-1 Serial port test or failure
4-4-2 Parallel port test or failure
4-4-3 Math coprocessor test or failure
Low 1-1-2 System Board select failure
Low 1-1-3 Extended CMOS RAM failure
#git sources
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦all beep codes
Standard Original IBM POST Error Codes
Code Description
1 short beep System is OK
2 short beeps POST Error - error code shown on screen No beep Power supply or system board problem Continuous beep Power supply, system board, or keyboard problem Repeating short beeps Power supply or system board problem
1 long, 1 short beep System board problem
1 long, 2 short beeps Display adapter problem (MDA, CGA)
1 long, 3 short beeps Display adapter problem (EGA)
3 long beeps 3270 keyboard card
IBM POST Diagnostic Code Descriptions
Code Description
100 - 199 System Board
200 - 299 Memory
300 - 399 Keyboard
400 - 499 Monochrome Display
500 - 599 Colour/Graphics Display
600 - 699 Floppy-disk drive and/or Adapter
700 - 799 Math Coprocessor
900 - 999 Parallel Printer Port
1000 - 1099 Alternate Printer Adapter
1100 - 1299 Asynchronous Communication Device, Adapter, or Port
1300 - 1399 Game Port
1400 - 1499 Colour/Graphics Printer
1500 - 1599 Synchronous Communication Device, Adapter, or Port
1700 - 1799 Hard Drive and/or Adapter
1800 - 1899 Expansion Unit (XT)
2000 - 2199 Bisynchronous Communication Adapter
2400 - 2599 EGA system-board Video (MCA)
3000 - 3199 LAN Adapter
4800 - 4999 Internal Modem
7000 - 7099 Phoenix BIOS Chips
7300 - 7399 3.5" Disk Drive
8900 - 8999 MIDI Adapter
11200 - 11299 SCSI Adapter
21000 - 21099 SCSI Fixed Disk and Controller
21500 - 21599 SCSI CD-ROM System
AMI BIOS Beep Codes
Code Description
1 Short Beep System OK
2 Short Beeps Parity error in the first 64 KB of memory
3 Short Beeps Memory failure in the first 64 KB
4 Short Beeps Memory failure in the first 64 KB Operational of memory
or Timer 1 on the motherboard is not functioning
5 Short Beeps The CPU on the motherboard generated an error
6 Short Beeps The keyboard controller may be bad. The BIOS cannot switch to protected mode
7 Short Beeps The CPU generated an exception interrupt
8 Short Beeps The system video adapter is either missing, or its memory is faulty
9 Short Beeps The ROM checksum value does not match the value encoded in the BIOS
10 Short Beeps The shutdown register for CMOS RAM failed
11 Short Beeps The external cache is faulty
1 Long, 3 Short Beeps Memory Problems
1 Long, 8 Short Beeps Video Card Problems
Phoenix BIOS Beep Codes
Note - Phoenix BIOS emits three sets of beeps, separated by a brief pause.
Code Description
1-1-3 CMOS read/write failure
1-1-4 ROM BIOS checksum error
1-2-1 Programmable interval timer failure
1-2-2 DMA initialisation failure
1-2-3 DMA page register read/write failure
1-3-1 RAM refresh verification failure
1-3-3 First 64k RAM chip or data line failure
1-3-4 First 64k RAM odd/even logic failure
1-4-1 Address line failure first 64k RAM
1-4-2 Parity failure first 64k RAM
2 β __ Faulty Memory
3-1-_ Faulty Motherboard
3-2-4 Keyboard controller Test failure
3-3-4 Screen initialisation failure
3-4-1 Screen retrace test failure
3-4-2 Search for video ROM in progress
4-2-1 Timer tick interrupt in progress or failure
4-2-2 Shutdown test in progress or failure
4-2-3 Gate A20 failure
4-2-4 Unexpected interrupt in protected mode
4-3-1 RAM test in progress or failure>ffffh
4-3-2 Faulty Motherboard
4-3-3 Interval timer channel 2 test or failure
4-3-4 Time of Day clock test failure
4-4-1 Serial port test or failure
4-4-2 Parallel port test or failure
4-4-3 Math coprocessor test or failure
Low 1-1-2 System Board select failure
Low 1-1-3 Extended CMOS RAM failure
#git sources
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LINUX BEGINERS TIPS :
NOTE: DUE TO THE MANY DIFFERENT
VERSIONS OF UNIX (BERKLEY UNIX,
BELL SYSTEM III, AND SYSTEM V
THE MOST POPULAR) MANY COMMANDS
FOLLOWING MAY/MAY NOT WORK. I HAVE
WRITTEN THEM IN SYSTEM V ROUTINES.
UNIX/XENIX OPERATING SYSTEMS WILL
BE CONSIDERED IDENTICAL SYSTEMS BELOW.
HOW TO TELL IF/IF NOT YOU ARE ON A
UNIX SYSTEM: UNIX SYSTEMS ARE QUITE
COMMON SYSTEMS ACROSS THE COUNTRY.
THEIR SECURITY APPEARS AS SUCH:
LOGIN; (OR LOGIN;)
PASSWORD:
WHEN HACKING ON A UNIX SYSTEM IT IS
BEST TO USE LOWERCASE BECAUSE THE UNIX
SYSTEM COMMANDS ARE ALL DONE IN LOWER-
CASE.
LOGIN; IS A 1-8 CHARACTER FIELD. IT IS
USUALLY THE NAME (I.E. JOE OR FRED)
OF THE USER, OR INITIALS (I.E. J.JONES
OR F.WILSON). HINTS FOR LOGIN NAMES
CAN BE FOUND TRASHING THE LOCATION OF
THE DIAL-UP (USE YOUR CN/A TO FIND
WHERE THE COMPUTER IS).
PASSWORD: IS A 1-8 CHARACTER PASSWORD
ASSIGNED BY THE SYSOP OR CHOSEN BY THE
USER.
COMMON DEFAULT LOGINS
--------------------------
LOGIN; PASSWORD:
ROOT ROOT,SYSTEM,ETC..
SYS SYS,SYSTEM
DAEMON DAEMON
UUCP UUCP
TTY TTY
TEST TEST
UNIX UNIX
BIN BIN
ADM ADM
WHO WHO
LEARN LEARN
UUHOST UUHOST
NUUCP NUUCP
IF YOU GUESS A LGIN NAME AND YOU ARE
NOT ASKED FOR A PASSWORD, AND HAVE
ACCESSED TO THE SYSTEM, THEN YOU HAVE
WHAT IS KNOWN AS A NON-GIFTED ACCOUNT.
IF YOU GUESS A CORRECT LOGIN AND PASS-
WORD, THEN YOU HAVE A USER ACCOUNT.
AND, IF YOU GUESS THE ROOT PASSWORD,
THEN YOU HAVE A "SUPER-USER" ACCOUNT.
ALL UNIX SYSTEMS HAVE THE FOLLOWING
INSTALLED TO THEIR SYSTEM:
ROOT, SYS, BIN, DAEMON, UUCP, ADM
ONCE YOU ARE IN THE SYSTEM, YOU WILL
GET A PROMPT. COMMON PROMPTS ARE:
$
%
#
BUT CAN BE JUST ABOUT ANYTHING THE
SYSOP OR USER WANTS IT TO BE.
THINGS TO DO WHEN YOU ARE IN: SOME
OF THE COMMANDS THAT YOU MAY WANT TO
TRY FOLLOW BELOW:
WHO IS ON (SHOWS WHO IS CURRENTLY
LOGGED ON THE SYSTEM.)
WRITE NAME (NAME IS THE PERSON YOU
WISH TO CHAT WITH)
TO EXIT CHAT MODE TRY CTRL-D.
EOT=END OF TRANSFER.
LS -A (LIST ALL FILES IN CURRENT
DIRECTORY.)
DU -A (CHECKS AMOUNT OF MEMORY
YOUR FILES USE;DISK USAGE)
CD\NAME (NAME IS THE NAME OF THE
SUB-DIRECTORY YOU CHOOSE)
CD\ (BRINGS YOUR HOME DIRECTORY
TO CURRENT USE)
CAT NAME (NAME IS A FILENAME EITHER
A PROGRAM OR DOCUMENTATION
YOUR USERNAME HAS WRITTEN)
MOST UNIX PROGRAMS ARE WRITTEN
IN THE C LANGUAGE OR PASCAL
SINCE UNIX IS A PROGRAMMERS'
ENVIRONMENT.
ONE OF THE FIRST THINGS DONE ON THE
SYSTEM IS PRINT UP OR CAPTURE (IN A
BUFFER) THE FILE CONTAINING ALL USER
NAMES AND ACCOUNTS. THIS CAN BE DONE
BY DOING THE FOLLOWING COMMAND:
CAT /ETC/PASSWD
IF YOU ARE SUCCESSFUL YOU WILL A LIST
OF ALL ACCOUNTS ON THE SYSTEM. IT
SHOULD LOOK LIKE THIS:
ROOT:HVNSDCF:0:0:ROOT DIR:/:
JOE:MAJDNFD:1:1:JOE COOL:/BIN:/BIN/JOE
HAL::1:2:HAL SMITH:/BIN:/BIN/HAL
THE "ROOT" LINE TELLS THE FOLLOWING
INFO :
LOGIN NAME=ROOT
HVNSDCF = ENCRYPTED PASSWORD
0 = USER GROUP NUMBER
0 = USER NUMBER
ROOT DIR = NAME OF USER
/ = ROOT DIRECTORY
IN THE JOE LOGIN, THE LAST PART
"/BIN/JOE " TELLS US WHICH DIRECTORY
IS HIS HOME DIRECTORY (JOE) IS.
IN THE "HAL" EXAMPLE THE LOGIN NAME IS
FOLLOWED BY 2 COLONS, THAT MEANS THAT
THERE IS NO PASSWORD NEEDED TO GET IN
USING HIS NAME.
#git sources
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LINUX BEGINERS TIPS :
NOTE: DUE TO THE MANY DIFFERENT
VERSIONS OF UNIX (BERKLEY UNIX,
BELL SYSTEM III, AND SYSTEM V
THE MOST POPULAR) MANY COMMANDS
FOLLOWING MAY/MAY NOT WORK. I HAVE
WRITTEN THEM IN SYSTEM V ROUTINES.
UNIX/XENIX OPERATING SYSTEMS WILL
BE CONSIDERED IDENTICAL SYSTEMS BELOW.
HOW TO TELL IF/IF NOT YOU ARE ON A
UNIX SYSTEM: UNIX SYSTEMS ARE QUITE
COMMON SYSTEMS ACROSS THE COUNTRY.
THEIR SECURITY APPEARS AS SUCH:
LOGIN; (OR LOGIN;)
PASSWORD:
WHEN HACKING ON A UNIX SYSTEM IT IS
BEST TO USE LOWERCASE BECAUSE THE UNIX
SYSTEM COMMANDS ARE ALL DONE IN LOWER-
CASE.
LOGIN; IS A 1-8 CHARACTER FIELD. IT IS
USUALLY THE NAME (I.E. JOE OR FRED)
OF THE USER, OR INITIALS (I.E. J.JONES
OR F.WILSON). HINTS FOR LOGIN NAMES
CAN BE FOUND TRASHING THE LOCATION OF
THE DIAL-UP (USE YOUR CN/A TO FIND
WHERE THE COMPUTER IS).
PASSWORD: IS A 1-8 CHARACTER PASSWORD
ASSIGNED BY THE SYSOP OR CHOSEN BY THE
USER.
COMMON DEFAULT LOGINS
--------------------------
LOGIN; PASSWORD:
ROOT ROOT,SYSTEM,ETC..
SYS SYS,SYSTEM
DAEMON DAEMON
UUCP UUCP
TTY TTY
TEST TEST
UNIX UNIX
BIN BIN
ADM ADM
WHO WHO
LEARN LEARN
UUHOST UUHOST
NUUCP NUUCP
IF YOU GUESS A LGIN NAME AND YOU ARE
NOT ASKED FOR A PASSWORD, AND HAVE
ACCESSED TO THE SYSTEM, THEN YOU HAVE
WHAT IS KNOWN AS A NON-GIFTED ACCOUNT.
IF YOU GUESS A CORRECT LOGIN AND PASS-
WORD, THEN YOU HAVE A USER ACCOUNT.
AND, IF YOU GUESS THE ROOT PASSWORD,
THEN YOU HAVE A "SUPER-USER" ACCOUNT.
ALL UNIX SYSTEMS HAVE THE FOLLOWING
INSTALLED TO THEIR SYSTEM:
ROOT, SYS, BIN, DAEMON, UUCP, ADM
ONCE YOU ARE IN THE SYSTEM, YOU WILL
GET A PROMPT. COMMON PROMPTS ARE:
$
%
#
BUT CAN BE JUST ABOUT ANYTHING THE
SYSOP OR USER WANTS IT TO BE.
THINGS TO DO WHEN YOU ARE IN: SOME
OF THE COMMANDS THAT YOU MAY WANT TO
TRY FOLLOW BELOW:
WHO IS ON (SHOWS WHO IS CURRENTLY
LOGGED ON THE SYSTEM.)
WRITE NAME (NAME IS THE PERSON YOU
WISH TO CHAT WITH)
TO EXIT CHAT MODE TRY CTRL-D.
EOT=END OF TRANSFER.
LS -A (LIST ALL FILES IN CURRENT
DIRECTORY.)
DU -A (CHECKS AMOUNT OF MEMORY
YOUR FILES USE;DISK USAGE)
CD\NAME (NAME IS THE NAME OF THE
SUB-DIRECTORY YOU CHOOSE)
CD\ (BRINGS YOUR HOME DIRECTORY
TO CURRENT USE)
CAT NAME (NAME IS A FILENAME EITHER
A PROGRAM OR DOCUMENTATION
YOUR USERNAME HAS WRITTEN)
MOST UNIX PROGRAMS ARE WRITTEN
IN THE C LANGUAGE OR PASCAL
SINCE UNIX IS A PROGRAMMERS'
ENVIRONMENT.
ONE OF THE FIRST THINGS DONE ON THE
SYSTEM IS PRINT UP OR CAPTURE (IN A
BUFFER) THE FILE CONTAINING ALL USER
NAMES AND ACCOUNTS. THIS CAN BE DONE
BY DOING THE FOLLOWING COMMAND:
CAT /ETC/PASSWD
IF YOU ARE SUCCESSFUL YOU WILL A LIST
OF ALL ACCOUNTS ON THE SYSTEM. IT
SHOULD LOOK LIKE THIS:
ROOT:HVNSDCF:0:0:ROOT DIR:/:
JOE:MAJDNFD:1:1:JOE COOL:/BIN:/BIN/JOE
HAL::1:2:HAL SMITH:/BIN:/BIN/HAL
THE "ROOT" LINE TELLS THE FOLLOWING
INFO :
LOGIN NAME=ROOT
HVNSDCF = ENCRYPTED PASSWORD
0 = USER GROUP NUMBER
0 = USER NUMBER
ROOT DIR = NAME OF USER
/ = ROOT DIRECTORY
IN THE JOE LOGIN, THE LAST PART
"/BIN/JOE " TELLS US WHICH DIRECTORY
IS HIS HOME DIRECTORY (JOE) IS.
IN THE "HAL" EXAMPLE THE LOGIN NAME IS
FOLLOWED BY 2 COLONS, THAT MEANS THAT
THERE IS NO PASSWORD NEEDED TO GET IN
USING HIS NAME.
#git sources
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:
> For all windows Verisions mostly ...
Windows key + R = Run menu
This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer
ALT + Tab = Switch between windows
ALT, Space, X = Maximize window
CTRL + Shift + Esc = Task Manager
Windows key + Break = System properties
Windows key + F = Search
Windows key + D = Hide/Display all windows
CTRL + C = copy
CTRL + X = cut
CTRL + V = paste
Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.
Keyboard Shortcuts
Alt and Esc Switch between running applications
Alt and letter Select menu item by underlined letter
Ctrl and Esc Open Program Menu
Ctrl and F4 Close active document or group windows (does not work with some applications)
Alt and F4 Quit active application or close current window
Alt and - Open Control menu for active document
Ctrl] Lft., Rt. arrow Move cursor forward or back one word
Ctrl] Up, Down arrow Move cursor forward or back one paragraph
F1 Open Help for active application
Windows+M Minimize all open windows
Shift+Windows+M Undo minimize all open windows
Windows+F1 Open Windows Help
Windows+Tab Cycle through the Taskbar buttons
Windows+Break Open the System Properties dialog box
#git sources
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:
> For all windows Verisions mostly ...
Windows key + R = Run menu
This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer
ALT + Tab = Switch between windows
ALT, Space, X = Maximize window
CTRL + Shift + Esc = Task Manager
Windows key + Break = System properties
Windows key + F = Search
Windows key + D = Hide/Display all windows
CTRL + C = copy
CTRL + X = cut
CTRL + V = paste
Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.
Keyboard Shortcuts
Alt and Esc Switch between running applications
Alt and letter Select menu item by underlined letter
Ctrl and Esc Open Program Menu
Ctrl and F4 Close active document or group windows (does not work with some applications)
Alt and F4 Quit active application or close current window
Alt and - Open Control menu for active document
Ctrl] Lft., Rt. arrow Move cursor forward or back one word
Ctrl] Up, Down arrow Move cursor forward or back one paragraph
F1 Open Help for active application
Windows+M Minimize all open windows
Shift+Windows+M Undo minimize all open windows
Windows+F1 Open Windows Help
Windows+Tab Cycle through the Taskbar buttons
Windows+Break Open the System Properties dialog box
#git sources
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A small Tutorials-ex & -course on exploiting and defending neural networks :
π»π΄π 'π π π π°π π :
2020 repo with 2,2k stars :
π¦ The exercises :
0 - Last Layer Attack
1 - Backdooring
2 - Extracting Information
3 - Brute Forcing
4 - Neural Overflow
5 - Malware Injection
6 - Neural Obfuscation
7 - Bug Hunting
8 - GPU Attack
π¦Download :
> https://github.com/Kayzaks/HackingNeuralNetworks
π¦Required & Packages :
1οΈβ£ Keras: Installing Keras can be tricky. We refer to the official installation guide at https://keras.io/#installation and suggest TensorFlow as a backend (using the GPU-enabled version, if one is available on the machine).
2οΈβ£NumPy, SciPy and scikit-image: NumPy and SciPy are excellent helper packages, which are used throughout all exercises. Following the official SciPy instructions should also install NumPy https://www.scipy.org/install.html. We will also need to install scikit-image for image loading and saving: https://scikit-image.org/docs/stable/install.html.
3οΈβ£PyCuda: PyCuda is required for the GPU-based attack exercise. If no nVidia GPU is available on the machine, this can be skipped. https://wiki.tiker.net/PyCuda/Installation
NLTK: NLTK provides functionalities for natural language processing and is very helpful for some of the exercises. https://www.nltk.org/install.html
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A small Tutorials-ex & -course on exploiting and defending neural networks :
π»π΄π 'π π π π°π π :
2020 repo with 2,2k stars :
π¦ The exercises :
0 - Last Layer Attack
1 - Backdooring
2 - Extracting Information
3 - Brute Forcing
4 - Neural Overflow
5 - Malware Injection
6 - Neural Obfuscation
7 - Bug Hunting
8 - GPU Attack
π¦Download :
> https://github.com/Kayzaks/HackingNeuralNetworks
π¦Required & Packages :
1οΈβ£ Keras: Installing Keras can be tricky. We refer to the official installation guide at https://keras.io/#installation and suggest TensorFlow as a backend (using the GPU-enabled version, if one is available on the machine).
2οΈβ£NumPy, SciPy and scikit-image: NumPy and SciPy are excellent helper packages, which are used throughout all exercises. Following the official SciPy instructions should also install NumPy https://www.scipy.org/install.html. We will also need to install scikit-image for image loading and saving: https://scikit-image.org/docs/stable/install.html.
3οΈβ£PyCuda: PyCuda is required for the GPU-based attack exercise. If no nVidia GPU is available on the machine, this can be skipped. https://wiki.tiker.net/PyCuda/Installation
NLTK: NLTK provides functionalities for natural language processing and is very helpful for some of the exercises. https://www.nltk.org/install.html
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Kayzaks/HackingNeuralNetworks: A small course on exploiting and defending neural networks
A small course on exploiting and defending neural networks - Kayzaks/HackingNeuralNetworks
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Memory Imaging Tools 2020- manage and more-opensources codes :
[Belkasoft Live RAM Capturer](http://belkasoft.com/ram-capturer) - A tiny free forensic tool to reliably extract the entire content of the computerΓ’β¬β’s volatile memory Γ’β¬β even if protected by an active anti-debugging or anti-dumping system
Linux Memory Grabber - A script for dumping Linux memory and creating Volatility profiles.
[Magnet RAM Capture](https://www.magnetforensics.com/free-tool-magnet-ram-capture/) - Magnet RAM Capture is a free imaging tool designed to capture the physical memory of a
suspectΓ’β¬β’s computer. Supports recent versions of Windows
OSForensics - OSForensics can acquire live memory on 32bit and 64bit systems. A dump of an individual processΓ’β¬β’s memory space or physical memory dump can be done
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Memory Imaging Tools 2020- manage and more-opensources codes :
[Belkasoft Live RAM Capturer](http://belkasoft.com/ram-capturer) - A tiny free forensic tool to reliably extract the entire content of the computerΓ’β¬β’s volatile memory Γ’β¬β even if protected by an active anti-debugging or anti-dumping system
Linux Memory Grabber - A script for dumping Linux memory and creating Volatility profiles.
[Magnet RAM Capture](https://www.magnetforensics.com/free-tool-magnet-ram-capture/) - Magnet RAM Capture is a free imaging tool designed to capture the physical memory of a
suspectΓ’β¬β’s computer. Supports recent versions of Windows
OSForensics - OSForensics can acquire live memory on 32bit and 64bit systems. A dump of an individual processΓ’β¬β’s memory space or physical memory dump can be done
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - halpomeranz/lmg: Script for automating Linux memory capture and analysis
Script for automating Linux memory capture and analysis - halpomeranz/lmg
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TOP HACKING SOURCES :
#Rogue BTS & CDMA/GSM Traffic Impersonation and Interception
- How to create an Evil LTE Twin/LTE Rogue BTS
How to setup a 4G/LTE Evil Twin Base Station using srsLTE and a USRP SDR device.
- How To Build Your Own Rogue GSM BTS For Fun and Profit
"In this blog post IΓ’β¬β’m going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking Γ’β¬Β¦ yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception."
- Practical attacks against GSM networks: Impersonation
"Impersonating a cellular base station with SDR: With the flexibility, relative low cost of Software Defined Radio (SDR) and abundance of open source projects that emulate a cell tower, successfully impersonating a GSM Base Station (BTS) is not a difficult task these days."
- Building a Portable GSM BTS Using BladeRF/PI
"I was always amazed when I read articles published by some hackers related to GSM technology. However, playing with GSM technologies was not cheap until the arrival of Software Defined Radios (SDRs), besides not being something easy to be implemented."
- rtl.sdr.com Tutorial-Analyzing GSM with-Airprobe and Wireshark "The RTL-SDR software defined radio can be used to analyze cellular phone GSM signals, using Linux based tools GR-GSM (or Airprobe) and Wireshark. This tutorial shows how to set up these tools for use with the RTL-SDR."
- Traffic Interception for Penetration Testing Engagements "Within the penetration testing domain quite often we have to deal with different technologies and devices. ItΓ’β¬β’s important to cover all aspects of connectivity of a device being tested which is why we have built a GSM/GPRS interception capability. There are a number of different devices and systems that make use of GSM/GPRS, non-exhaustively we commonly see:"
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TOP HACKING SOURCES :
#Rogue BTS & CDMA/GSM Traffic Impersonation and Interception
- How to create an Evil LTE Twin/LTE Rogue BTS
How to setup a 4G/LTE Evil Twin Base Station using srsLTE and a USRP SDR device.
- How To Build Your Own Rogue GSM BTS For Fun and Profit
"In this blog post IΓ’β¬β’m going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking Γ’β¬Β¦ yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception."
- Practical attacks against GSM networks: Impersonation
"Impersonating a cellular base station with SDR: With the flexibility, relative low cost of Software Defined Radio (SDR) and abundance of open source projects that emulate a cell tower, successfully impersonating a GSM Base Station (BTS) is not a difficult task these days."
- Building a Portable GSM BTS Using BladeRF/PI
"I was always amazed when I read articles published by some hackers related to GSM technology. However, playing with GSM technologies was not cheap until the arrival of Software Defined Radios (SDRs), besides not being something easy to be implemented."
- rtl.sdr.com Tutorial-Analyzing GSM with-Airprobe and Wireshark "The RTL-SDR software defined radio can be used to analyze cellular phone GSM signals, using Linux based tools GR-GSM (or Airprobe) and Wireshark. This tutorial shows how to set up these tools for use with the RTL-SDR."
- Traffic Interception for Penetration Testing Engagements "Within the penetration testing domain quite often we have to deal with different technologies and devices. ItΓ’β¬β’s important to cover all aspects of connectivity of a device being tested which is why we have built a GSM/GPRS interception capability. There are a number of different devices and systems that make use of GSM/GPRS, non-exhaustively we commonly see:"
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Medium
How to create an EVIL LTE Twin
Be very careful when playing with any cellular bands. Denial of service attacks can have devastating and sometimes jail worthyβ¦