β β β Uππ»βΊπ«6π¬πβ β β β
π¦HttpLiveProxyGrabber termux-linux
#ToolsforNoobs
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
π¦HttpLiveProxyGrabber termux-linux
#ToolsforNoobs
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/04x/HttpLiveProxyGrabber.gitβ β β ο½ππ»βΊπ«Δπ¬πβ β β β
2οΈβ£cd HttpLiveProxyGrabber
3οΈβ£python2 ProxGrab.py
4οΈβ£Choose options via numbers
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some of the vulnerabilities in a web application that contains DVWA;
#FastTips :
1οΈβ£Brute force : Brute force HTTP form login page; used to test brute force password attack tools and shows the insecurity of weak passwords.
2οΈβ£Execution (implementation) of commands : Execution of commands at the operating system level.
3οΈβ£Cross-Site Request Forgery (CSRF): Allows the attacker to change the application administrator password.
4οΈβ£File Inclusion : Allows an βattackerβ to attach remote / local files to a web application.
5οΈβ£SQL injection: Allows an βattackerβ to inject SQL expressions into HTTP from the input field; DVWA includes blind and error-based SQL injection.
Insecure file upload : Allows an βattackerβ to upload malicious files to a web server.
6οΈβ£Cross Site Scripting (XSS) : Attacker can embed its scripts in a web application / database. DVWA includes mirrored and stored XSS.
7οΈβ£Easter eggs: revealing full paths, authentication bypass, and some others.
Homepage: http://dvwa.co.uk/
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some of the vulnerabilities in a web application that contains DVWA;
#FastTips :
1οΈβ£Brute force : Brute force HTTP form login page; used to test brute force password attack tools and shows the insecurity of weak passwords.
2οΈβ£Execution (implementation) of commands : Execution of commands at the operating system level.
3οΈβ£Cross-Site Request Forgery (CSRF): Allows the attacker to change the application administrator password.
4οΈβ£File Inclusion : Allows an βattackerβ to attach remote / local files to a web application.
5οΈβ£SQL injection: Allows an βattackerβ to inject SQL expressions into HTTP from the input field; DVWA includes blind and error-based SQL injection.
Insecure file upload : Allows an βattackerβ to upload malicious files to a web server.
6οΈβ£Cross Site Scripting (XSS) : Attacker can embed its scripts in a web application / database. DVWA includes mirrored and stored XSS.
7οΈβ£Easter eggs: revealing full paths, authentication bypass, and some others.
Homepage: http://dvwa.co.uk/
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Forwarded from Free Premium Accounts Telegram Channel - Netflix - Spotify
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Free Premium Accounts Telegram Channel - Netflix - Spotify
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Free Premium Accounts Telegram Channel - Netflix - Spotify
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from UNDERCODE SECURITY
β β β Uππ»βΊπ«6π¬πβ β β β
π¦IMPORTANT FOR IMAGE PAYLOADs a real trick #ForExperts Bypassing CSP using polyglot JPEGs :
π¦THE CHALLENGE :
> James challenged me to see whether a JavaScript / JPEG polyglot could be created. Doing so will allow me to bypass CSP on almost every website that hosts images posted from the same domain.
>I happily took up the task, and began to analyze the structure. A current non-ASCII JavaScript vector 0xFF 0xD8 0xFF 0xE0 is the first four Bits. The next two bytes then specify the JPEG header length. If we use the bytes 0x2F 0x2A as header frequency, as you might guess we have a non-ASCII variable followed by a multi-line JavaScript comment. We then have to pad out the JPEG header to the length of 0x2F2A with nulls. Here's what it looks like:
3οΈβ£Next we need to close the comment on JavaScript, I edited the last four bytes of the image data before the image marker ends. This is what the file end looks like:
4οΈβ£Nice so our JPEG polyglot is here, actually not yet. When using a UTF-8 character set for the text it corrupts our polyglot when it is used as a file, it works well if you do not require a charset except on Firefox! On MDN it does not say that the charset attribute is provided by the script but does. So you need to specify the ISO-8859-1 charset on the script tag to get the script to work
> It's worth noting that the polyglot JPEG works on Safari, Firefox, Edge and IE11. Chrome sensibly does not execute the image as JavaScript.
π¦The code to execute the image as JavaScript is as follows:
6οΈβ£The smallest starting byte I could find was 0x9 (a tab character) followed by 0x3A (a colon) which results in a combined hex value of 0x093A (2362) that shaves a lot of bytes from our file and creates a valid non-ASCII JavaScript label statement, followed by a variable using the JFIF identifier. Then I place a forward slash 0x2F instead of the NULL character at the end of the JFIF identifier and an asterisk as the version number. Here's what the hex looks like:
Share usβ€οΈππ»
powered by wiki & written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦IMPORTANT FOR IMAGE PAYLOADs a real trick #ForExperts Bypassing CSP using polyglot JPEGs :
π¦THE CHALLENGE :
> James challenged me to see whether a JavaScript / JPEG polyglot could be created. Doing so will allow me to bypass CSP on almost every website that hosts images posted from the same domain.
>I happily took up the task, and began to analyze the structure. A current non-ASCII JavaScript vector 0xFF 0xD8 0xFF 0xE0 is the first four Bits. The next two bytes then specify the JPEG header length. If we use the bytes 0x2F 0x2A as header frequency, as you might guess we have a non-ASCII variable followed by a multi-line JavaScript comment. We then have to pad out the JPEG header to the length of 0x2F2A with nulls. Here's what it looks like:
FF D8 FF E0 2F 2A 4A 46 49 46 00 01 01 01 00 48 00 48 00 00 00 00 00 00 00 00 00 00....1οΈβ£Inside a JPEG comment we can close the JavaScript comment and create an assignment for our non-ASCII JavaScript variable followed by our payload, then create another multi-line comment at the end of the JPEG comment.
FF FE 00 1C 2A 2F 3D 61 6C 65 72 74 28 22 42 75 72 70 20 72 6F 63 6B 73 2E 22 29 3B 2F 2A2οΈβ£0xFF 0xFE is the comment header 0x00 0x1C specifies the length of the comment then the rest is our JavaScript payload which is of course */=alert("Burp rocks.")/*
3οΈβ£Next we need to close the comment on JavaScript, I edited the last four bytes of the image data before the image marker ends. This is what the file end looks like:
2A 2F 2F 2F FF D90xFF 0xD9 is the end of image marker.
4οΈβ£Nice so our JPEG polyglot is here, actually not yet. When using a UTF-8 character set for the text it corrupts our polyglot when it is used as a file, it works well if you do not require a charset except on Firefox! On MDN it does not say that the charset attribute is provided by the script but does. So you need to specify the ISO-8859-1 charset on the script tag to get the script to work
> It's worth noting that the polyglot JPEG works on Safari, Firefox, Edge and IE11. Chrome sensibly does not execute the image as JavaScript.
π¦The code to execute the image as JavaScript is as follows:
<script charset="ISO-8859-1" src="http://portswigger-labs.net/polyglot/jpeg/xss.jpg"></script>5οΈβ£I tried to post this image as a photo of the phpBB profile but it does have restrictions. There is a limit on file size of 6k and a fixed resolution of 90x90. By cropping, I reduced the size of the logo and pondered how I could reduce the JPEG data.In the JPEG header I use /* which in hex is 0x2F and 0x2A, combined 0x2F2A which results in a length of 12074 which is a lot of padding and will result in a graphic far too big to fit as a profile picture. Looking at the ASCII table I tried to find a combination of characters that would be valid JavaScript and reduce the amount of padding required in the JPEG header whilst still being recognised as a valid JPEG file.
6οΈβ£The smallest starting byte I could find was 0x9 (a tab character) followed by 0x3A (a colon) which results in a combined hex value of 0x093A (2362) that shaves a lot of bytes from our file and creates a valid non-ASCII JavaScript label statement, followed by a variable using the JFIF identifier. Then I place a forward slash 0x2F instead of the NULL character at the end of the JFIF identifier and an asterisk as the version number. Here's what the hex looks like:
FF D8 FF E0 09 3A 4A 46 49 46 2F 2A7οΈβ£Now we continue the rest of the JPEG header then pad with NULLs and inject our JavaScript payload:
FF D8 FF E0 09 3A 4A 46 49 46 2F 2A 01 01 00 48 00 48 00 00 00 00 00 00 00 ... (padding more nulls) 2A 2F 3D 61 6C 65 72 74 28 22 42 75 72 70 20 72 6F 63 6B 73 2E 22 29 3B 2F 2A8οΈβ£If you allow users to upload JPEGs, these uploads are on the same domain as your app, and your CSP allows script from "self", you can bypass the CSP using a polyglot JPEG by injecting a script and pointing it to that image.
Share usβ€οΈππ»
powered by wiki & written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Carding : 2020- find Breached Credit Cards Information
> THE TOOL SEARCH IN breached credit card details avaliable on the following 17 Websites:-
* cl1p.net
* dpaste
* dumpz.org
* hastebin
* ideone
* pastebin
* pw.fabian-fingerle.de
* gist.github.com
* heypasteit.com
* ivpaste.com
* mysticpaste.com
* paste.org.ru
* paste2.org
* sebsauvage.net/paste/
* slexy.org
* squadedit.com
* wklej.se
* textsnip.com
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
Kali L
Ubuntu
Nethunter
> This tool is a Proof of Concept and is for Educational Purposes Only.
Share usβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Carding : 2020- find Breached Credit Cards Information
> THE TOOL SEARCH IN breached credit card details avaliable on the following 17 Websites:-
* cl1p.net
* dpaste
* dumpz.org
* hastebin
* ideone
* pastebin
* pw.fabian-fingerle.de
* gist.github.com
* heypasteit.com
* ivpaste.com
* mysticpaste.com
* paste.org.ru
* paste2.org
* sebsauvage.net/paste/
* slexy.org
* squadedit.com
* wklej.se
* textsnip.com
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
git clone https://github.com/itsmehacker/CardPwn.git
2οΈβ£cd CardPwn
3οΈβ£pip3 install -r requirements.txt
π¦Tested OnKali L
Ubuntu
Nethunter
> This tool is a Proof of Concept and is for Educational Purposes Only.
Share usβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
2020 exploit windscribe.txt
566 B
Windscribe 1.83 - 'WindscribeService' Unquoted Service Path
β β β Uππ»βΊπ«6π¬πβ β β β
π¦httptunnel is free software :
>This can be useful for users behind restrictive firewalls. If WWW
access is allowed through an HTTP proxy, it's possible to use
httptunnel and, say, telnet or PPP to connect to a computer outside
the firewall.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
At host REMOTE, start hts like this:
hts -F localhost:23 8888 (set up httptunnel server to listen on port 8888 and forward to localhost:23)
2) start httptunnel client:
At host LOCAL, start htc like this:
htc -F 2323 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 (set up httptunnel client to forward localhost:2323 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000)
3) or, if using a buffering HTTP proxy:
htc -F 2323 -P PROXY_ADDRESS:8000 -B 48K REMOTE_IP:8888
4) Now you can do this at host LOCAL:
telnet localhost 2323 (telnet in to REMOTE_IP:8888 via your httptunnel you just configured above on port localhost:2323)
...and you will hopefully get a login prompt from host REMOTE_IP.
Debugging:
5) For debug output, add -Dn to the end of a command, where n is the level of debug output you'd like to see, with 0 meaning no debug messages at all, and 5 being the highest level (verbose).
Β»ex: htc -F 10001 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 -D5 will show verbose debug output (level 5 debugging) while setting up an httptunnel client to forward localhost:10001 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000
5οΈβ£Example sites :
> https://sergvergara.files.wordpress.com/2011/04/http_tunnel.pdf - excellent httptunnel tutorial, examples, & info
> http://sebsauvage.net/punching/ - another excellent example
> https://daniel.haxx.se/docs/sshproxy.html - more useful info
> http://neophob.com/2006/10/gnu-httptunnel-v33-windows-binaries/ - httptunnel Win32 binaries (dl)
> Google search for "http tunnel v3.3" - brings up lots of good links to httptunnel (this search seems to work better than searching for "httptunnel" alone since the latter brings up many generic search results or results pertaining to other tools)
β Topic git
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦httptunnel is free software :
>This can be useful for users behind restrictive firewalls. If WWW
access is allowed through an HTTP proxy, it's possible to use
httptunnel and, say, telnet or PPP to connect to a computer outside
the firewall.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
git clone https://github.com/larsbrinkhoff/httptunnel.git
2οΈβ£cd httptunnel
3οΈβ£./autogen.sh
4οΈβ£ some examples:
1) start httptunnel server:At host REMOTE, start hts like this:
hts -F localhost:23 8888 (set up httptunnel server to listen on port 8888 and forward to localhost:23)
2) start httptunnel client:
At host LOCAL, start htc like this:
htc -F 2323 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 (set up httptunnel client to forward localhost:2323 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000)
3) or, if using a buffering HTTP proxy:
htc -F 2323 -P PROXY_ADDRESS:8000 -B 48K REMOTE_IP:8888
4) Now you can do this at host LOCAL:
telnet localhost 2323 (telnet in to REMOTE_IP:8888 via your httptunnel you just configured above on port localhost:2323)
...and you will hopefully get a login prompt from host REMOTE_IP.
Debugging:
5) For debug output, add -Dn to the end of a command, where n is the level of debug output you'd like to see, with 0 meaning no debug messages at all, and 5 being the highest level (verbose).
Β»ex: htc -F 10001 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 -D5 will show verbose debug output (level 5 debugging) while setting up an httptunnel client to forward localhost:10001 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000
5οΈβ£Example sites :
> https://sergvergara.files.wordpress.com/2011/04/http_tunnel.pdf - excellent httptunnel tutorial, examples, & info
> http://sebsauvage.net/punching/ - another excellent example
> https://daniel.haxx.se/docs/sshproxy.html - more useful info
> http://neophob.com/2006/10/gnu-httptunnel-v33-windows-binaries/ - httptunnel Win32 binaries (dl)
> Google search for "http tunnel v3.3" - brings up lots of good links to httptunnel (this search seems to work better than searching for "httptunnel" alone since the latter brings up many generic search results or results pertaining to other tools)
β Topic git
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Hacking Topic 2020 #Platforms :
- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)
Share usβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Hacking Topic 2020 #Platforms :
- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)
Share usβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
YesWeHack
Global Bug Bounty & Vulnerability Management Platform | YesWeHack
Explore YesWeHack, leading global Bug Bounty & Vulnerability Management Platform. Connect with tens of thousands of ethical hackers worldwide to uncover vulnerabilities in your websites, mobile apps, and digital infrastructure, bolstering your cyber defenceβ¦
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Bug Bounty Tutorials & practice sources 2020 :
- How to Become a Successful Bug Bounty Hunter
- Researcher Resources - How to become a Bug Bounty Hunter
- Bug Bounties 101
- The life of a bug bounty hunter
- Awsome list of bugbounty cheatsheets
- Getting Started - Bug Bounty Hunter Methodology
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Bug Bounty Tutorials & practice sources 2020 :
- How to Become a Successful Bug Bounty Hunter
- Researcher Resources - How to become a Bug Bounty Hunter
- Bug Bounties 101
- The life of a bug bounty hunter
- Awsome list of bugbounty cheatsheets
- Getting Started - Bug Bounty Hunter Methodology
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
HackerOne
How to Become a Successful Bug Bounty Hunter
Anyone with computer skills and high degree of curiosity can become a successful finder of vulnerabilities. Hereβs how I started.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦ Available Bug Bounty Programs
- 123Contact Form
- 99designs
- Abacus
- Acquia
- ActiveCampaign
- ActiveProspect
- Adobe
- AeroFS
- Airbitz
- Airbnb
- Algolia
- Altervista
- Altroconsumo
- Amara
- Amazon Web Services
- Amazon.com
- ANCILE Solutions Inc.
- Anghami
- ANXBTC
- Apache httpd
- Appcelerator
- Apple
- Apptentive
- Aptible
- Ardour
- Arkane
- ARM mbed
- Asana
- ASP4all
- AT&T
- Atlassian
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦ Available Bug Bounty Programs
- 123Contact Form
- 99designs
- Abacus
- Acquia
- ActiveCampaign
- ActiveProspect
- Adobe
- AeroFS
- Airbitz
- Airbnb
- Algolia
- Altervista
- Altroconsumo
- Amara
- Amazon Web Services
- Amazon.com
- ANCILE Solutions Inc.
- Anghami
- ANXBTC
- Apache httpd
- Appcelerator
- Apple
- Apptentive
- Aptible
- Ardour
- Arkane
- ARM mbed
- Asana
- ASP4all
- AT&T
- Atlassian
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
123FormBuilder
Security Acknowledgements
Security Acknowledgements We encourage people who find security issues on our platform to immediately report them to our Customer Care Team.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦EXPLOIT COURSES & TUTORIALS 2020 :
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/
https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/
https://www.corelan.be/index.php/2010/03/27/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion/
https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/
https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/
https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/
https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/
https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/
https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/
https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/
https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/
https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/
ENJOY
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦EXPLOIT COURSES & TUTORIALS 2020 :
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/
https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/
https://www.corelan.be/index.php/2010/03/27/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion/
https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/
https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/
https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/
https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/
https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/
https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/
https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/
https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/
https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/
ENJOY
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Corelan Team
Exploit writing tutorial part 1 : Stack Based Overflows | Corelan Cybersecurity Research
Last friday (july 17th 2009), somebody (nick)named βCrazy_Hackerβ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability reportβ¦
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Topic Linux tools + functions :
[Belkasoft Evidence Center](https://belkasoft.com/ec)
The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, memory dumps, iOS, Blackberry and Android backups, UFED, JTAG and chip-off dumps.
CimSweep - Suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
[CIRTkit](https://github.com/byt3smith/CIRTKit) - CIRTKit is not just a collection of tools, but also a framework to aid in the ongoing unification of Incident Response and Forensics investigation processes.
Cyber Triage - Cyber Triage remotely collects and analyzes endpoint data to help determine if it is compromised. ItΓ’β¬β’s agentless approach and focus on ease of use and automation allows companies to respond without major infrastructure changes and without a team of forensics experts. Its results are used to decide if the system should be erased or investigated further.
[Digital Forensics Framework](http://www.arxsys.fr/discover/) - Open Source computer forensics platform built on top of a dedicated Application Programming Interface (API). DFF proposes an alternative to the aging digital forensics solutions used today. Designed for simple use and automation, the DFF interface guides the user through the main steps of a digital investigation so it can be used by both professional and non-expert to quickly and easily conduct a digital investigations and perform incident response.
Doorman - osquery fleet manager that allows remote management of osquery configurations retrieved by nodes. It takes advantage of osquery's TLS configuration, logger, and distributed read/write endpoints, to give administrators visibility across a fleet of devices with minimal overhead and intrusiveness.
[Envdb](https://github.com/mephux/envdb) - Envdb turns your production, dev, cloud, etc environments into a database cluster you can search usingΓ osqueryΓ as the foundation. It wraps the osquery process with a (cluster) node agent that can communicate back to a central location.
Falcon Orchestrator - Extendable Windows-based application that provides workflow automation, case management and security response functionality.
[GRR Rapid Response](https://github.com/google/grr) - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, [PowerGRR](https://github.com/swisscom/PowerGRR) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Kolide Fleet - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Kolide delivers fast answers to big questions.
[Limacharlie](https://github.com/refractionpoint/limacharlie) - Endpoint security platform composed of a collection of small projects all working together that gives you a cross-platform (Windows, OSX, Linux, Android and iOS) low-level environment for managing and pushing additional modules into memory to extend its functionality.
MozDef - Automates the security incident handling process and facilitate the real-time activities of incident handlers.
Enjoy β€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Topic Linux tools + functions :
[Belkasoft Evidence Center](https://belkasoft.com/ec)
The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, memory dumps, iOS, Blackberry and Android backups, UFED, JTAG and chip-off dumps.
CimSweep - Suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
[CIRTkit](https://github.com/byt3smith/CIRTKit) - CIRTKit is not just a collection of tools, but also a framework to aid in the ongoing unification of Incident Response and Forensics investigation processes.
Cyber Triage - Cyber Triage remotely collects and analyzes endpoint data to help determine if it is compromised. ItΓ’β¬β’s agentless approach and focus on ease of use and automation allows companies to respond without major infrastructure changes and without a team of forensics experts. Its results are used to decide if the system should be erased or investigated further.
[Digital Forensics Framework](http://www.arxsys.fr/discover/) - Open Source computer forensics platform built on top of a dedicated Application Programming Interface (API). DFF proposes an alternative to the aging digital forensics solutions used today. Designed for simple use and automation, the DFF interface guides the user through the main steps of a digital investigation so it can be used by both professional and non-expert to quickly and easily conduct a digital investigations and perform incident response.
Doorman - osquery fleet manager that allows remote management of osquery configurations retrieved by nodes. It takes advantage of osquery's TLS configuration, logger, and distributed read/write endpoints, to give administrators visibility across a fleet of devices with minimal overhead and intrusiveness.
[Envdb](https://github.com/mephux/envdb) - Envdb turns your production, dev, cloud, etc environments into a database cluster you can search usingΓ osqueryΓ as the foundation. It wraps the osquery process with a (cluster) node agent that can communicate back to a central location.
Falcon Orchestrator - Extendable Windows-based application that provides workflow automation, case management and security response functionality.
[GRR Rapid Response](https://github.com/google/grr) - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, [PowerGRR](https://github.com/swisscom/PowerGRR) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Kolide Fleet - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Kolide delivers fast answers to big questions.
[Limacharlie](https://github.com/refractionpoint/limacharlie) - Endpoint security platform composed of a collection of small projects all working together that gives you a cross-platform (Windows, OSX, Linux, Android and iOS) low-level environment for managing and pushing additional modules into memory to extend its functionality.
MozDef - Automates the security incident handling process and facilitate the real-time activities of incident handlers.
Enjoy β€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - mattifestation/CimSweep: CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident responseβ¦
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. - GitHub - mattifestation/CimSweep: C...
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Process #Dump Tools 2020
[Microsoft User Mode Process Dumper](http://www.microsoft.com/en-us/download/details.aspx?id=4060) - Dumps any running Win32 processes memory image on the fly.
PMDump - Tool that lets you dump the memory contents of a process to a file without stopping the process.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Process #Dump Tools 2020
[Microsoft User Mode Process Dumper](http://www.microsoft.com/en-us/download/details.aspx?id=4060) - Dumps any running Win32 processes memory image on the fly.
PMDump - Tool that lets you dump the memory contents of a process to a file without stopping the process.
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦2020 bulk_extractor :
Computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. Because of ignoring the file system structure, the program distinguishes itself in terms of speed and thoroughness.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
1οΈβ£ make gitfixup # brings every submodule to master
CXXFLAGS="-fsanitize=address" ./configure # Runs with ASan (requires clang & libasan to be installed)
2οΈβ£- Run -E with all of the scanners one-by-one with ASan to find scanner-specific bugs. Currently there seems to be a bug in email in the histogram generation process and in scanhex
3οΈβ£To keep bulkextractor and its submodules current with the latest code on GitHub, type:
4οΈβ£ cd to the bulkextractor directory
5οΈβ£make pull
π¦Compiling Notes
1οΈβ£ bulkextractor builds with the GNU auto tools.
2οΈβ£We recommend compiling bulkextractor with -O3 and that is the
> default. You can disable all optimization flags by specifying the
configure option --with-noopt.
βfor more usage https://github.com/simsong/bulk\extractor/wiki/Installing-bulk_extractor
Share usβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦2020 bulk_extractor :
Computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. Because of ignoring the file system structure, the program distinguishes itself in terms of speed and thoroughness.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
git clone https://github.com/simsong/bulk_extractor.git
2οΈβ£cd bulk_extractor
3οΈβ£ ./configure
4οΈβ£make
5οΈβ£make install
π¦For windows :: http://digitalcorpora.org/downloads/bulk_extractorπ¦Try using ASan:
2οΈβ£click to install :))
1οΈβ£ make gitfixup # brings every submodule to master
CXXFLAGS="-fsanitize=address" ./configure # Runs with ASan (requires clang & libasan to be installed)
2οΈβ£- Run -E with all of the scanners one-by-one with ASan to find scanner-specific bugs. Currently there seems to be a bug in email in the histogram generation process and in scanhex
3οΈβ£To keep bulkextractor and its submodules current with the latest code on GitHub, type:
4οΈβ£ cd to the bulkextractor directory
5οΈβ£make pull
π¦Compiling Notes
1οΈβ£ bulkextractor builds with the GNU auto tools.
2οΈβ£We recommend compiling bulkextractor with -O3 and that is the
> default. You can disable all optimization flags by specifying the
configure option --with-noopt.
βfor more usage https://github.com/simsong/bulk\extractor/wiki/Installing-bulk_extractor
Share usβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β