โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆVirus Total API Maltego Transform Set For Canari-
- New tool
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃ Requires Canari https://github.com/allfro/canari/tree/c90ed9f0f0fb5075358d7a1a4c1080aac3d4e6bc
, specifically this branch/version
2๏ธโฃ Install Malformity https://github.com/digital4rensics/Malformity
3๏ธโฃsudo python setup.py install
4๏ธโฃcanari create-profile ripVT
5๏ธโฃImport generated ripVT.mtz
6๏ธโฃImport entities stored at:
src/ripVT/resources/external/entities.mtz
7๏ธโฃCopy src/ripVT/resources/etc/ripVT.conf to ~/.canari/
Pivot
7๏ธโฃPivots
๐ฆFEATURES :
Multiple unique entities enable forward & reverse searches. Unique graphically-distinguished icons.
Search (Phrase Entity) ->
Generic Search
Behavioral
Engines
ITW
Generic
Hash -> Download to Repository
Hash -> VT File Report ->
Behavioral (Copied Files, Deleted, Downloaded, Moved, Mutex, Network, Opened, Read, Replaced, Written)
Imphash
Cert / Certs
Compile Time
Detections
Exports / Imports
File Names
In-The-Wild (ITW) Locations
Parents (Dropped / Created By)
PE Resources
PE Sections
SSDEEP
Similar-To
Domain -> VT Domain Report ->
Undetected/Detected Communicating Samples
Undetected/Detected Domain-Embedding Samples
Undetected/Detected Domain-Downloaded Samples
PCAP
Domain Resolutions
Siblings
Subdomains
Detected URLs
IP Address -> VT IP Report
Undetected/Detected Communicating Samples
Undetected/Detected Domain-Embedding Samples
Undetected/Detected Domain-Downloaded Samples
PCAP
Domain Resolutions
Siblings
Subdomains
Detected URLs
Detections ->
Search Detection Name (Engine Included)
Search Detection Name (No Engine
Cuckoo -> (Report ID)
Report -> Network
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆVirus Total API Maltego Transform Set For Canari-
- New tool
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃ Requires Canari https://github.com/allfro/canari/tree/c90ed9f0f0fb5075358d7a1a4c1080aac3d4e6bc
, specifically this branch/version
2๏ธโฃ Install Malformity https://github.com/digital4rensics/Malformity
3๏ธโฃsudo python setup.py install
4๏ธโฃcanari create-profile ripVT
5๏ธโฃImport generated ripVT.mtz
6๏ธโฃImport entities stored at:
src/ripVT/resources/external/entities.mtz
7๏ธโฃCopy src/ripVT/resources/etc/ripVT.conf to ~/.canari/
Pivot
7๏ธโฃPivots
๐ฆFEATURES :
Multiple unique entities enable forward & reverse searches. Unique graphically-distinguished icons.
Search (Phrase Entity) ->
Generic Search
Behavioral
Engines
ITW
Generic
Hash -> Download to Repository
Hash -> VT File Report ->
Behavioral (Copied Files, Deleted, Downloaded, Moved, Mutex, Network, Opened, Read, Replaced, Written)
Imphash
Cert / Certs
Compile Time
Detections
Exports / Imports
File Names
In-The-Wild (ITW) Locations
Parents (Dropped / Created By)
PE Resources
PE Sections
SSDEEP
Similar-To
Domain -> VT Domain Report ->
Undetected/Detected Communicating Samples
Undetected/Detected Domain-Embedding Samples
Undetected/Detected Domain-Downloaded Samples
PCAP
Domain Resolutions
Siblings
Subdomains
Detected URLs
IP Address -> VT IP Report
Undetected/Detected Communicating Samples
Undetected/Detected Domain-Embedding Samples
Undetected/Detected Domain-Downloaded Samples
PCAP
Domain Resolutions
Siblings
Subdomains
Detected URLs
Detections ->
Search Detection Name (Engine Included)
Search Detection Name (No Engine
Cuckoo -> (Report ID)
Report -> Network
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - allfro/canari at c90ed9f0f0fb5075358d7a1a4c1080aac3d4e6bc
Local and Remote Maltego Rapid Transform Development Framework - GitHub - allfro/canari at c90ed9f0f0fb5075358d7a1a4c1080aac3d4e6bc
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆIntel processor reveals two new SGX vulnerabilities attackers can easily extract sensitive data :
1) While Intel is working to eliminate the negative effects of multiple processor vulnerabilities, security researchers at the three universities once again relentlessly exposed two other flaws in the SGX software protection extension instructions.
2) For attackers, this allows them to extract sensitive data fairly easily. Fortunately, new issues can be fixed through active remedies, and there is currently no evidence that new vulnerabilities have been exploited in the wild.
3) Researchers from three universities in Michigan, Amsterdam, Netherlands, and Adelaide, Australia disclosed that attackers can use the multi-core architecture to work to gain access to sensitive data on infected systems.
4) It has developed corresponding attack methods for the two vulnerabilities, and gave proofs of concept for SGAxe and CrossTalk.
5) The former appears to be an advanced version of the CacheOut attack exposed earlier this year, and hackers can extract content from the CPU's L1 cache.
6) The researchers explained that SGAxe is a failed attempt by Intel to mitigate the bypass attack against the software protection extension (SGX). As a dedicated area on the CPU, SGX originally intended to ensure the integrity and confidentiality of the code and data being processed.
7) With the help of a transient execution attack, a hacker can essentially recover the encryption key stored in the SGX area and use it to decrypt the long storage area to obtain the machine's EPID key. The latter is used to ensure the security of transactions, such as financial transactions and DRM-protected content.
8) As for the second CrossTalk vulnerability, which is a derivative of Microarchitecture Data Sampling (MDS), it can attack data processed by the Line Fill Buffer (LBF) of the CPU.
9) t originally wanted to provide a "staging buffer" for CPU core access, but hackers were able to use specially-made software running on a separate core to destroy the software code and data private key that protected it.
10) It is reported that the new vulnerability affects many Intel processors released from 2015 to 2019, including some Xeon E3 SKUs (E5 and E7 series have been proven to be resistant to this new type of attack).
11) Intel said in a June security bulletin that only a very small number of people can launch these attacks in a laboratory environment, and there are currently no reports of exploits in the wild.
12) Even so, the company will still release microcode updates as soon as possible, while invalidating previously issued certification keys.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆIntel processor reveals two new SGX vulnerabilities attackers can easily extract sensitive data :
1) While Intel is working to eliminate the negative effects of multiple processor vulnerabilities, security researchers at the three universities once again relentlessly exposed two other flaws in the SGX software protection extension instructions.
2) For attackers, this allows them to extract sensitive data fairly easily. Fortunately, new issues can be fixed through active remedies, and there is currently no evidence that new vulnerabilities have been exploited in the wild.
3) Researchers from three universities in Michigan, Amsterdam, Netherlands, and Adelaide, Australia disclosed that attackers can use the multi-core architecture to work to gain access to sensitive data on infected systems.
4) It has developed corresponding attack methods for the two vulnerabilities, and gave proofs of concept for SGAxe and CrossTalk.
5) The former appears to be an advanced version of the CacheOut attack exposed earlier this year, and hackers can extract content from the CPU's L1 cache.
6) The researchers explained that SGAxe is a failed attempt by Intel to mitigate the bypass attack against the software protection extension (SGX). As a dedicated area on the CPU, SGX originally intended to ensure the integrity and confidentiality of the code and data being processed.
7) With the help of a transient execution attack, a hacker can essentially recover the encryption key stored in the SGX area and use it to decrypt the long storage area to obtain the machine's EPID key. The latter is used to ensure the security of transactions, such as financial transactions and DRM-protected content.
8) As for the second CrossTalk vulnerability, which is a derivative of Microarchitecture Data Sampling (MDS), it can attack data processed by the Line Fill Buffer (LBF) of the CPU.
9) t originally wanted to provide a "staging buffer" for CPU core access, but hackers were able to use specially-made software running on a separate core to destroy the software code and data private key that protected it.
10) It is reported that the new vulnerability affects many Intel processors released from 2015 to 2019, including some Xeon E3 SKUs (E5 and E7 series have been proven to be resistant to this new type of attack).
11) Intel said in a June security bulletin that only a very small number of people can launch these attacks in a laboratory environment, and there are currently no reports of exploits in the wild.
12) Even so, the company will still release microcode updates as soon as possible, while invalidating previously issued certification keys.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆPractice Your Skills :
> WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
> This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃ git clone https://github.com/WebGoat/WebGoat.git
2๏ธโฃ-run-using-docker
> docker run -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf
3๏ธโฃWebGoat will be located at: http://127.0.0.1:8080/WebGoat WebWolf will be located at: http://127.0.0.1:9090/WebWolf
Important:
> Choose the correct timezone, so that the docker container and your host are in the same timezone. As it important for the validity of JWT tokens used in certain exercises.
4๏ธโฃUsing docker stack deploy
> Another way to deply WebGoat and WebWolf in a more advanced way is to use a compose-file in a docker stack deploy. You can define which containers should run in which combinations and define all of this in a yaml file. An example of such a file is: goat-with-reverseproxy.yaml
5๏ธโฃThis sets up an nginx webserver as reverse proxy to WebGoat and WebWolf. You can change the timezone by adjusting the value in the yaml file.
6๏ธโฃdocker stack init
> docker stack deploy --compose-file goat-with-reverseproxy.yaml webgoatdemo
7๏ธโฃAdd the following entries in your local hosts file:
127.0.0.1 www.webgoat.local www.webwolf.localhost
You can use the overall start page: http://www.webgoat.local or:
8๏ธโฃWebGoat will be located at: http://www.webgoat.local/WebGoat
WebWolf will be located at: http://www.webwolf.local/WebWolf
Important:
> the current directory on your host will be mapped into the container for keeping state.
๐ฆAnother way :
Standalone
1๏ธโฃDownload the latest WebGoat and WebWolf release from https://github.com/WebGoat/WebGoat/releases
java -jar webgoat-server-8.1.0.jar [--server.port=8080] [--server.address=localhost]
java -jar webwolf-8.1.0.jar [--server.port=9090] [--server.address=localhost]
The latest version of WebGoat needs Java 11 or above. By default WebGoat and WebWolf start on port 8080 and 9090 with --server.port you can specify a different port. With server.address you can bind it to a different address (default localhost)
๐ฆOr
> Run from the sources
1๏ธโฃPrerequisites:
-Java 11
-Maven > 3.2.1
-Your favorite IDE
-Git, or Git support in your IDE
2๏ธโฃOpen a command shell/window:
git clone git@github.com:WebGoat/WebGoat.git
Now let's start by compiling the project.
3๏ธโฃcd WebGoat
4๏ธโฃgit checkout <<branch_name>>
mvn clean install
5๏ธโฃNow we are ready to run the project. WebGoat 8.x is using Spring-Boot.
mvn -pl webgoat-server spring-boot:run
... you should be running webgoat on localhost:8080/WebGoat momentarily
6๏ธโฃTo change IP address add the following variable to WebGoat/webgoat-container/src/main/resources/application.properties file
>server.address=x.x.x.x
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆPractice Your Skills :
> WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
> This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃ git clone https://github.com/WebGoat/WebGoat.git
2๏ธโฃ-run-using-docker
> docker run -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf
3๏ธโฃWebGoat will be located at: http://127.0.0.1:8080/WebGoat WebWolf will be located at: http://127.0.0.1:9090/WebWolf
Important:
> Choose the correct timezone, so that the docker container and your host are in the same timezone. As it important for the validity of JWT tokens used in certain exercises.
4๏ธโฃUsing docker stack deploy
> Another way to deply WebGoat and WebWolf in a more advanced way is to use a compose-file in a docker stack deploy. You can define which containers should run in which combinations and define all of this in a yaml file. An example of such a file is: goat-with-reverseproxy.yaml
5๏ธโฃThis sets up an nginx webserver as reverse proxy to WebGoat and WebWolf. You can change the timezone by adjusting the value in the yaml file.
6๏ธโฃdocker stack init
> docker stack deploy --compose-file goat-with-reverseproxy.yaml webgoatdemo
7๏ธโฃAdd the following entries in your local hosts file:
127.0.0.1 www.webgoat.local www.webwolf.localhost
You can use the overall start page: http://www.webgoat.local or:
8๏ธโฃWebGoat will be located at: http://www.webgoat.local/WebGoat
WebWolf will be located at: http://www.webwolf.local/WebWolf
Important:
> the current directory on your host will be mapped into the container for keeping state.
๐ฆAnother way :
Standalone
1๏ธโฃDownload the latest WebGoat and WebWolf release from https://github.com/WebGoat/WebGoat/releases
java -jar webgoat-server-8.1.0.jar [--server.port=8080] [--server.address=localhost]
java -jar webwolf-8.1.0.jar [--server.port=9090] [--server.address=localhost]
The latest version of WebGoat needs Java 11 or above. By default WebGoat and WebWolf start on port 8080 and 9090 with --server.port you can specify a different port. With server.address you can bind it to a different address (default localhost)
๐ฆOr
> Run from the sources
1๏ธโฃPrerequisites:
-Java 11
-Maven > 3.2.1
-Your favorite IDE
-Git, or Git support in your IDE
2๏ธโฃOpen a command shell/window:
git clone git@github.com:WebGoat/WebGoat.git
Now let's start by compiling the project.
3๏ธโฃcd WebGoat
4๏ธโฃgit checkout <<branch_name>>
mvn clean install
5๏ธโฃNow we are ready to run the project. WebGoat 8.x is using Spring-Boot.
mvn -pl webgoat-server spring-boot:run
... you should be running webgoat on localhost:8080/WebGoat momentarily
6๏ธโฃTo change IP address add the following variable to WebGoat/webgoat-container/src/main/resources/application.properties file
>server.address=x.x.x.x
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application
WebGoat is a deliberately insecure application. Contribute to WebGoat/WebGoat development by creating an account on GitHub.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆFREE SPYWARES POPULAR 2020 :
- Spyeye - Script To Generate Win32 .Exe File To Take Screenshots
- Words Scraper - Selenium Based Web Scraper To Generate Passwords List
- JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS
- Astsu - A Network Scanner Tool
- Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
- Recox - Master Script For Web Reconnaissance
- Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS
- GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules
- Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)
- Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters
- Inshackle - Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc
- GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More
- Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers
- Enumy - Linux Post Exploitation Privilege Escalation Enumeration
- Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
- Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management
- ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending
- ANDRAX v5R NH-Killer - Penetration Testing on Android
- DroidFiles - Get Files From Android Directories
- Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec
Pipelines
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆFREE SPYWARES POPULAR 2020 :
- Spyeye - Script To Generate Win32 .Exe File To Take Screenshots
- Words Scraper - Selenium Based Web Scraper To Generate Passwords List
- JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS
- Astsu - A Network Scanner Tool
- Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
- Recox - Master Script For Web Reconnaissance
- Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS
- GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules
- Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)
- Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters
- Inshackle - Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc
- GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More
- Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers
- Enumy - Linux Post Exploitation Privilege Escalation Enumeration
- Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
- Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management
- ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending
- ANDRAX v5R NH-Killer - Penetration Testing on Android
- DroidFiles - Get Files From Android Directories
- Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec
Pipelines
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
KitPloit - PenTest & Hacking Tools
Spyeye - Script To Generate Win32 .Exe File To Take Screenshots
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆCollects information from an email and shows results in a nice visual interface.
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃgit clone https://gitlab.com/kennbroorg/iKy.git
2๏ธโฃcd $IKY_CLONE/install/iKyEasyInstall
3๏ธโฃ./iKyEasyInstall.sh # At some point the script will request credentials for sudo
โ Verified on :
-kali
-ubuntu
๐ฆKali - ubuntu video tutorial
> https://gitlab.com/kennbroorg/iKy/-/wikis/Videos/Installations
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆCollects information from an email and shows results in a nice visual interface.
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃgit clone https://gitlab.com/kennbroorg/iKy.git
2๏ธโฃcd $IKY_CLONE/install/iKyEasyInstall
3๏ธโฃ./iKyEasyInstall.sh # At some point the script will request credentials for sudo
โ Verified on :
-kali
-ubuntu
๐ฆKali - ubuntu video tutorial
> https://gitlab.com/kennbroorg/iKy/-/wikis/Videos/Installations
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitLab
Kenn Brothers Org / iKy ยท GitLab
OSINT Project. Collect information from a mail. Gather. Profile. Timeline.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ2020 Hijack services that relies on QR Code Authentication :
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃgit clone https://github.com/thelinuxchoice/ohmyqr
2๏ธโฃcd ohmyqr
3๏ธโฃbash ohmyqr.sh
๐ฆHow it Works ?
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the โLogin with QR codeโ feature as a secure way to login into accounts. In a nutshell, the victim scans the attackerโs QR code which results in session hijacking.
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ2020 Hijack services that relies on QR Code Authentication :
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃgit clone https://github.com/thelinuxchoice/ohmyqr
2๏ธโฃcd ohmyqr
3๏ธโฃbash ohmyqr.sh
๐ฆHow it Works ?
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the โLogin with QR codeโ feature as a secure way to login into accounts. In a nutshell, the victim scans the attackerโs QR code which results in session hijacking.
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆNetwork configuration-Prevent users from browsing using external proxies by Undercode :
Some background knowledge:
1๏ธโฃ HTTP/1.0 protocol defines web server and When the client uses a proxy, in the
HTTP request and response headers, use Via: to identify the proxy server used to prevent the
server loop;
2๏ธโฃ snort is an open source IDS (intrusion detection system) that can be used Host or network IDS. With many IDS
rules, it can perform pattern recognition and matching on the captured (ip, tcp, udp, icmp) packets, and can generate corresponding records.
3๏ธโฃ libnet is open source software that can be used as a network protocol/packet generator.
4๏ธโฃ The TCP/IP network is a packet-switched network.
5๏ธโฃ Snort also has the function of generating IP packets using the libnet library. You can interrupt the TCP connection by issuing a TCP_RESET packet.
๐ฆ Prerequisites:
1๏ธโฃSnort runs on the route (linux) or through the port mirror function of the switch, runs on the same
network segment of the route
๐ฆ Implementation:
1๏ธโฃ compile snort with flexresp(flex response) feature
2๏ธโฃ Define snort rules:
alert tcp $HOME_NET any <> $EXTER_NET 80 (msg:"block proxy"; uricontent:"Via:"; resp: rst_all;)
๐ฆ Effect:
> Internal network users can browse external websites normally.
> If the internal userโs browser is configured with an external proxy, the
HTTP REQUEST and RESPONSE headers will include Via: ... characters, and snort rules will capture this connection, and then
> Send RST packets to client and server sockets. In this way, the TCP connection is terminated.
Written by Undercode
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆNetwork configuration-Prevent users from browsing using external proxies by Undercode :
Some background knowledge:
1๏ธโฃ HTTP/1.0 protocol defines web server and When the client uses a proxy, in the
HTTP request and response headers, use Via: to identify the proxy server used to prevent the
server loop;
2๏ธโฃ snort is an open source IDS (intrusion detection system) that can be used Host or network IDS. With many IDS
rules, it can perform pattern recognition and matching on the captured (ip, tcp, udp, icmp) packets, and can generate corresponding records.
3๏ธโฃ libnet is open source software that can be used as a network protocol/packet generator.
4๏ธโฃ The TCP/IP network is a packet-switched network.
5๏ธโฃ Snort also has the function of generating IP packets using the libnet library. You can interrupt the TCP connection by issuing a TCP_RESET packet.
๐ฆ Prerequisites:
1๏ธโฃSnort runs on the route (linux) or through the port mirror function of the switch, runs on the same
network segment of the route
๐ฆ Implementation:
1๏ธโฃ compile snort with flexresp(flex response) feature
2๏ธโฃ Define snort rules:
alert tcp $HOME_NET any <> $EXTER_NET 80 (msg:"block proxy"; uricontent:"Via:"; resp: rst_all;)
๐ฆ Effect:
> Internal network users can browse external websites normally.
> If the internal userโs browser is configured with an external proxy, the
HTTP REQUEST and RESPONSE headers will include Via: ... characters, and snort rules will capture this connection, and then
> Send RST packets to client and server sockets. In this way, the TCP connection is terminated.
Written by Undercode
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ2020 updated Reverse Tunneling made easy for pentesters, by pentesters
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃcd
2๏ธโฃgit clone https://github.com/sysdream/ligolo
3๏ธโฃcd ligolo
4๏ธโฃmake dep
5๏ธโฃGenerate self-signed TLS certificates (will be placed in the certs folder)
make certs TLS_HOST=example.com
NOTE: You can also use your own certificates by using the TLS_CERT make option when calling build. Example: make build-all TLS_CERT=certs/mycert.pem.
6๏ธโฃBuild
make build-all
> 3.2. (or) For the current architecture
make build
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ2020 updated Reverse Tunneling made easy for pentesters, by pentesters
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃcd
go env GOPATH/src2๏ธโฃgit clone https://github.com/sysdream/ligolo
3๏ธโฃcd ligolo
4๏ธโฃmake dep
5๏ธโฃGenerate self-signed TLS certificates (will be placed in the certs folder)
make certs TLS_HOST=example.com
NOTE: You can also use your own certificates by using the TLS_CERT make option when calling build. Example: make build-all TLS_CERT=certs/mycert.pem.
6๏ธโฃBuild
make build-all
> 3.2. (or) For the current architecture
make build
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - sysdream/ligolo: Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/ - sysdream/ligolo
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆA fast, modern, zero-conf load balancing HTTP(S) router for deploying microservices:
๐ฆFEATURES :
>Access Logging - customizable access logs
>Access Control - route specific access control
>Certificate Stores - dynamic certificate stores like file system, HTTP server, Consul and Vault
>Compression - GZIP compression for HTTP responses
>Docker Support - Official Docker image, Registrator and Docker Compose example
>Dynamic Reloading - hot reloading of the routing table without downtime
>Graceful Shutdown - wait until requests have completed before shutting down
>HTTP Header Support - inject some HTTP headers into upstream requests
>HTTPS Upstreams - forward requests to HTTPS upstream servers
>Metrics Support - support for Graphite, StatsD/DataDog and Circonus
>PROXY Protocol Support - support for HA Proxy PROXY protocol for inbound requests (use for Amazon ELB)
>Path Stripping - strip prefix paths from incoming requests
>Server-Sent Events/SSE - support for Server-Sent Events/SSE
>TCP Proxy Support - raw TCP proxy support
>TCP-SNI Proxy Support - forward TLS connections based on hostname without re-encryption
>Traffic Shaping - forward N% of traffic upstream without knowing the number of instances
>Web UI - web ui to examine the current routing table
>Websocket Support - websocket support
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
Install from source, binary, Docker or Homebrew.
# go 1.9 or higher is required
1๏ธโฃget github.com/fabiolb/fabio (>= go1.9)
2๏ธโฃbrew install fabio (OSX/macOS stable)
brew install --devel fabio (OSX/macOS devel)
3๏ธโฃdocker pull fabiolb/fabio (Docker)
https://github.com/fabiolb/fabio/releases (pre-built binaries)
4๏ธโฃRegister your service in consul.
5๏ธโฃMake sure that each instance registers with a unique ServiceID and a service name without spaces.
6๏ธโฃRegister a health check in consul as described here.
7๏ธโฃBy default fabio only watches services which have a passing health check, unless overriden with registry.consul.service.status.
8๏ธโฃRegister one urlprefix- tag per host/path prefix it serves, e.g.:
#HTTP/S examples
urlprefix-/css # path route
urlprefix-i.com/static # host specific path route
urlprefix-mysite.com/ # host specific catch all route
urlprefix-/foo/bar strip=/foo # path stripping (forward '/bar' to upstream)
urlprefix-/foo/bar proto=https # HTTPS upstream
urlprefix-/foo/bar proto=https tlsskipverify=true # HTTPS upstream and self-signed cert
#TCP examples
urlprefix-:3306 proto=tcp # route external port 3306
Make sure the prefix for HTTP routes contains at least one slash (/).
9๏ธโฃSee the full list of options in the Documentation.
๐Start fabio without a config file (assuming a running consul agent on localhost:8500) Watch the log output how fabio picks up the route to your service. Try starting/stopping your service to see how the routing table changes instantly.
> Send all your HTTP traffic to fabio on port 9999. For TCP proxying see TCP proxy.
Done
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆA fast, modern, zero-conf load balancing HTTP(S) router for deploying microservices:
๐ฆFEATURES :
>Access Logging - customizable access logs
>Access Control - route specific access control
>Certificate Stores - dynamic certificate stores like file system, HTTP server, Consul and Vault
>Compression - GZIP compression for HTTP responses
>Docker Support - Official Docker image, Registrator and Docker Compose example
>Dynamic Reloading - hot reloading of the routing table without downtime
>Graceful Shutdown - wait until requests have completed before shutting down
>HTTP Header Support - inject some HTTP headers into upstream requests
>HTTPS Upstreams - forward requests to HTTPS upstream servers
>Metrics Support - support for Graphite, StatsD/DataDog and Circonus
>PROXY Protocol Support - support for HA Proxy PROXY protocol for inbound requests (use for Amazon ELB)
>Path Stripping - strip prefix paths from incoming requests
>Server-Sent Events/SSE - support for Server-Sent Events/SSE
>TCP Proxy Support - raw TCP proxy support
>TCP-SNI Proxy Support - forward TLS connections based on hostname without re-encryption
>Traffic Shaping - forward N% of traffic upstream without knowing the number of instances
>Web UI - web ui to examine the current routing table
>Websocket Support - websocket support
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
Install from source, binary, Docker or Homebrew.
# go 1.9 or higher is required
1๏ธโฃget github.com/fabiolb/fabio (>= go1.9)
2๏ธโฃbrew install fabio (OSX/macOS stable)
brew install --devel fabio (OSX/macOS devel)
3๏ธโฃdocker pull fabiolb/fabio (Docker)
https://github.com/fabiolb/fabio/releases (pre-built binaries)
4๏ธโฃRegister your service in consul.
5๏ธโฃMake sure that each instance registers with a unique ServiceID and a service name without spaces.
6๏ธโฃRegister a health check in consul as described here.
7๏ธโฃBy default fabio only watches services which have a passing health check, unless overriden with registry.consul.service.status.
8๏ธโฃRegister one urlprefix- tag per host/path prefix it serves, e.g.:
#HTTP/S examples
urlprefix-/css # path route
urlprefix-i.com/static # host specific path route
urlprefix-mysite.com/ # host specific catch all route
urlprefix-/foo/bar strip=/foo # path stripping (forward '/bar' to upstream)
urlprefix-/foo/bar proto=https # HTTPS upstream
urlprefix-/foo/bar proto=https tlsskipverify=true # HTTPS upstream and self-signed cert
#TCP examples
urlprefix-:3306 proto=tcp # route external port 3306
Make sure the prefix for HTTP routes contains at least one slash (/).
9๏ธโฃSee the full list of options in the Documentation.
๐Start fabio without a config file (assuming a running consul agent on localhost:8500) Watch the log output how fabio picks up the route to your service. Try starting/stopping your service to see how the routing table changes instantly.
> Send all your HTTP traffic to fabio on port 9999. For TCP proxying see TCP proxy.
Done
โ git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - fabiolb/fabio: Consul Load-Balancing made simple
Consul Load-Balancing made simple. Contribute to fabiolb/fabio development by creating an account on GitHub.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆWIFI HACKING TOOLS 2020 POPULLAR
๐ฆ Hak5's Wi-Fi Pineapple
Fully-integrated Wi-Fi man-in-the-middle platform and rogue access point.
[Site](https://www.wifipineapple.com/)
Wiki
๐ฆ Aircrack-ng
Complete suite of tools to monitor, capture, export, attack and crack wireless
networks.
[Site](https://www.aircrack-ng.org/)
๐ฆ Airsnort
Site
๐ฆ Kismet
Useful for troubleshooting Wi-Fi networks. Detects hidden networks.
[Site](https://www.kismetwireless.net/)
๐ฆKismac-ng
Network stumbling tool that works on Mac OS X and features support for built-in
WLAN NICs on some Macs.
Site
๐ฆFern WiFi Cracker
Automated cracking and nice monitoring capabilities. Very easy to use.
[Site](http://www.fern-pro.com/)
๐ฆCowpatty
Features offline dictionary cracking for WPA networks.
Site
๐ฆ Ghost Phisher
Tool designed around sniffing passwords with an AP emulator, DHCP/DNS/HTTP
server and logging to a built-in database.
[Site](https://github.com/savio-code/ghost-phisher)
# Online Wireless Resources
๐ฆWigle.net
Consolidated location and information of wireless networks world-wide in a
centralized database--queried and updated via web app, native clients and
mobile applications.
Site
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆWIFI HACKING TOOLS 2020 POPULLAR
๐ฆ Hak5's Wi-Fi Pineapple
Fully-integrated Wi-Fi man-in-the-middle platform and rogue access point.
[Site](https://www.wifipineapple.com/)
Wiki
๐ฆ Aircrack-ng
Complete suite of tools to monitor, capture, export, attack and crack wireless
networks.
[Site](https://www.aircrack-ng.org/)
๐ฆ Airsnort
Site
๐ฆ Kismet
Useful for troubleshooting Wi-Fi networks. Detects hidden networks.
[Site](https://www.kismetwireless.net/)
๐ฆKismac-ng
Network stumbling tool that works on Mac OS X and features support for built-in
WLAN NICs on some Macs.
Site
๐ฆFern WiFi Cracker
Automated cracking and nice monitoring capabilities. Very easy to use.
[Site](http://www.fern-pro.com/)
๐ฆCowpatty
Features offline dictionary cracking for WPA networks.
Site
๐ฆ Ghost Phisher
Tool designed around sniffing passwords with an AP emulator, DHCP/DNS/HTTP
server and logging to a built-in database.
[Site](https://github.com/savio-code/ghost-phisher)
# Online Wireless Resources
๐ฆWigle.net
Consolidated location and information of wireless networks world-wide in a
centralized database--queried and updated via web app, native clients and
mobile applications.
Site
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Hak5
WiFi Pineapple
The industry standard WiFi pentest platform has evolved. Equip your red team with the WiFi Pineappleยฎ Mark VII. Newly refined. Enterprise ready.