5οΈβ£How to install Whonix ?
The file will be downloaded with the extension .ova of the form Whonix-XFCE - *. Ova . Run it with a double click - if you already have VirtualBox installed, this file will automatically open in it.
Just click the " Import " button
6οΈβ£What is Whonix-Gateway and Whonix-Workstation ?
1) Whonix-Gateway is a gateway. It is a specially configured Linux d>stribution that runs Tor, but cannot run applications. Purpose - to provide Internet access for Whonix-Workstation , that is, to be a gateway. Whonix-Workstation can work without Whonix-Gateway, but the workstation will not have Internet access.
2) Whonix-Workstation is a complete Linux operating system that can run applications. This OS also has special Internet settings - access to the global network is possible only through the Whonix-Gateway .
3) The settings of the Whonix-Gateway virtual machine can be left by default, since it is not very resource -intensive, and you can add resources to the Whonix-Workstation , in particular, RAM. To do this, right-click on Whonix-Workstation and click " Configure ".
4) Go to the " System " tab and increase the size of the " Main memory
]
The file will be downloaded with the extension .ova of the form Whonix-XFCE - *. Ova . Run it with a double click - if you already have VirtualBox installed, this file will automatically open in it.
Just click the " Import " button
6οΈβ£What is Whonix-Gateway and Whonix-Workstation ?
1) Whonix-Gateway is a gateway. It is a specially configured Linux d>stribution that runs Tor, but cannot run applications. Purpose - to provide Internet access for Whonix-Workstation , that is, to be a gateway. Whonix-Workstation can work without Whonix-Gateway, but the workstation will not have Internet access.
2) Whonix-Workstation is a complete Linux operating system that can run applications. This OS also has special Internet settings - access to the global network is possible only through the Whonix-Gateway .
3) The settings of the Whonix-Gateway virtual machine can be left by default, since it is not very resource -intensive, and you can add resources to the Whonix-Workstation , in particular, RAM. To do this, right-click on Whonix-Workstation and click " Configure ".
4) Go to the " System " tab and increase the size of the " Main memory
]
8οΈβ£How to check the reliability of Whonix "
> You can check your system for the disclosure of the real IP address, as well as for various types of leaks (for example, DNS leaks), for this we have compiled a list of " Services for finding IP address leaks ".
9οΈβ£ How to update programs in Whonix
To update all packages in the system, programs and the OS itself, run the command:
> sudo apt update && sudo apt dist-upgrade
πIt needs to be done from time to time in both the Whonix-Gateway and Whonix-Workstation.
> Updates, in addition to fixing bugs and adding new functions, may close identified vulnerabilities.
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
> You can check your system for the disclosure of the real IP address, as well as for various types of leaks (for example, DNS leaks), for this we have compiled a list of " Services for finding IP address leaks ".
9οΈβ£ How to update programs in Whonix
To update all packages in the system, programs and the OS itself, run the command:
> sudo apt update && sudo apt dist-upgrade
πIt needs to be done from time to time in both the Whonix-Gateway and Whonix-Workstation.
> Updates, in addition to fixing bugs and adding new functions, may close identified vulnerabilities.
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST VOICE CHANGER APPS FOR ANDROID :
1) https://play.google.com/store/apps/details?id=com.androidrocker.voicechanger
2) https://play.google.com/store/apps/details?id=com.baviux.voicechanger
3) https://apkpure.com/voice-changer-with-effects/com.baviux.voicechanger
4) https://apkpure.com/voice-changer/com.androidrocker.voicechanger
5) https://apkpure.com/best-voice-changer/com.scoompa.voicechanger
6) https://apkpure.com/voice-changer/com.e3games.voicechanger
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST VOICE CHANGER APPS FOR ANDROID :
1) https://play.google.com/store/apps/details?id=com.androidrocker.voicechanger
2) https://play.google.com/store/apps/details?id=com.baviux.voicechanger
3) https://apkpure.com/voice-changer-with-effects/com.baviux.voicechanger
4) https://apkpure.com/voice-changer/com.androidrocker.voicechanger
5) https://apkpure.com/best-voice-changer/com.scoompa.voicechanger
6) https://apkpure.com/voice-changer/com.e3games.voicechanger
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
Voice Changer - Apps on Google Play
Get robotic, alien, chipmunk, duck and other funny effects for your voice!
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ frequency scanning GUI for the OsmoSDR rtl-sdr library :
WORKING ON :
-Windows 7 (x86 and x64)
-Windows 8.1 (x64)
-Ubuntu 12.04 (x86)
-Ubuntu 12.10 (x64)
-Ubuntu 13.04 (x64)
-Ubuntu 14.04 (x64)
-OS X Snow Leopard
-OS X Mountain Lion
-Termux(root + requirements)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£UBUNTU :
1) Press CTRLALTT to open a command window and run the following command to install the libraries:
2)sudo apt-get install python python-wxgtk3.0 rtl-sdr
3)Install the software using:
4) sudo pip install -U rtlsdrscanner
Now you should be able to run the program:
5) python -m rtlsdrscanner
2οΈβ£FEDORA :
From the GNOME desktop start a new terminal. Type the following to install the libraries:
1) sudo dnf install python-matplotlib-wx rtl-sdr
Install the software using:
2) sudo pip install -U rtlsdrscanner
Now you should be able to run the program:
3)python -m rtlsdrscanner
3οΈβ£Arch Linux
From the GNOME desktop start a new terminal. Type the following to install the dependencies:
1) sudo pacman -S python2-matplotlib rtl-sdr
The install the application:
2) sudo pip install -U rtlsdrscanner
Now you should be able to run the program:
3) python -m rtlsdrscanner
4οΈβ£FOR WINDOWS :
https://eartoearoak.com/taxonomy/term/12
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ frequency scanning GUI for the OsmoSDR rtl-sdr library :
WORKING ON :
-Windows 7 (x86 and x64)
-Windows 8.1 (x64)
-Ubuntu 12.04 (x86)
-Ubuntu 12.10 (x64)
-Ubuntu 13.04 (x64)
-Ubuntu 14.04 (x64)
-OS X Snow Leopard
-OS X Mountain Lion
-Termux(root + requirements)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£UBUNTU :
1) Press CTRLALTT to open a command window and run the following command to install the libraries:
2)sudo apt-get install python python-wxgtk3.0 rtl-sdr
3)Install the software using:
4) sudo pip install -U rtlsdrscanner
Now you should be able to run the program:
5) python -m rtlsdrscanner
2οΈβ£FEDORA :
From the GNOME desktop start a new terminal. Type the following to install the libraries:
1) sudo dnf install python-matplotlib-wx rtl-sdr
Install the software using:
2) sudo pip install -U rtlsdrscanner
Now you should be able to run the program:
3)python -m rtlsdrscanner
3οΈβ£Arch Linux
From the GNOME desktop start a new terminal. Type the following to install the dependencies:
1) sudo pacman -S python2-matplotlib rtl-sdr
The install the application:
2) sudo pip install -U rtlsdrscanner
Now you should be able to run the program:
3) python -m rtlsdrscanner
4οΈβ£FOR WINDOWS :
https://eartoearoak.com/taxonomy/term/12
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Debugging Punycode-IDN tutorials & tools
#resources
>Remove hostnames larger than 63 characters (RFC 1035)
> other characters inadmissible by IDN
> convert domains with international characters (not ASCII) and used for homologous attacks to Punycode/IDNA format /
> https://docs.oracle.com/javase/tutorial/i18n/network/idn.html
>https://blog.arvixe.com/using-idn-conversion-tool-in-websitepanel/
> https://www.systutorials.com/docs/linux/man/1-idn/
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Debugging Punycode-IDN tutorials & tools
#resources
>Remove hostnames larger than 63 characters (RFC 1035)
> other characters inadmissible by IDN
> convert domains with international characters (not ASCII) and used for homologous attacks to Punycode/IDNA format /
> https://docs.oracle.com/javase/tutorial/i18n/network/idn.html
>https://blog.arvixe.com/using-idn-conversion-tool-in-websitepanel/
> https://www.systutorials.com/docs/linux/man/1-idn/
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
www.gnu.org
10 Invoking idn
Next: Emacs API, Previous: Examples, Up: Top [Contents][Index]
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top rated 2020 drivers updaters for windows :
>https://www.iobit.com/en/driver-booster.php
> https://drp.su/en
> https://www.snappy-driver-installer.org/
> https://www.drivethelife.com/free-drivers-download-utility.html
> https://www.driverscloud.com/en/start
> https://www.driveridentifier.com/download.php
> http://freedriverscout.com/startdownload/index.html
> https://www.drivereasy.com/
> http://devicedoctor.com/device-doctor-builds.php
> https://www.drvhub.net/
> https://www.drivermax.com/download.htm
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top rated 2020 drivers updaters for windows :
>https://www.iobit.com/en/driver-booster.php
> https://drp.su/en
> https://www.snappy-driver-installer.org/
> https://www.drivethelife.com/free-drivers-download-utility.html
> https://www.driverscloud.com/en/start
> https://www.driveridentifier.com/download.php
> http://freedriverscout.com/startdownload/index.html
> https://www.drivereasy.com/
> http://devicedoctor.com/device-doctor-builds.php
> https://www.drvhub.net/
> https://www.drivermax.com/download.htm
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Iobit
Driver Booster 13 Free: Official Free Driver Updater Tool for Windows 2025
The best free driver updater for Windows 11/10. Fully detect and update all your old drivers for graphics, USB, audio, display, network, printer, mouse, keyboard and scanner. Free check driver updates now.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top Active Blocklists :
- 280blocker
- ABPindo indonesianadblockrules
- Adaway
- adblockplus malwaredomains_full
- Anti-WebMiner
- anudeepND Blocklist (included: coinminer, adservers)
- BambenekConsulting
- betterwebleon dga-feed
- BlackJack8 iOSAdblockList (included: iOSAdblockList and Scam Websites, Crypto Miners and Fake new)
- Capitole - Direction du SystΓΒ¨me d'Information (DSI)
- Carl Spam
- cedia.org.ec (included: domains, immortal_domains)
- chadmayfield (included: porn_all, porn top)
- Cibercrime-Tracker
- cobaltdisco Google-Chinese-Results-Blocklist
- crazy-max WindowsSpyBlocker
- Dawsey21 List
- Disconnect.me (included: simple_ad, simple_malvertising, simple_tracking)
- dshield.org (included: Low, Medium, High)
- ethanr dns-blacklists
- firebog.net (included: AdguardDNS, Airelle-hrsk, Airelle-trc, BillStearns, Easylist, Easyprivacy, Kowabit, Prigent-Ads, Prigent-Malware, Prigent-Phishing, Shalla-mal, WaLLy3K)
- gfmaster adblock-korea
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top Active Blocklists :
- 280blocker
- ABPindo indonesianadblockrules
- Adaway
- adblockplus malwaredomains_full
- Anti-WebMiner
- anudeepND Blocklist (included: coinminer, adservers)
- BambenekConsulting
- betterwebleon dga-feed
- BlackJack8 iOSAdblockList (included: iOSAdblockList and Scam Websites, Crypto Miners and Fake new)
- Capitole - Direction du SystΓΒ¨me d'Information (DSI)
- Carl Spam
- cedia.org.ec (included: domains, immortal_domains)
- chadmayfield (included: porn_all, porn top)
- Cibercrime-Tracker
- cobaltdisco Google-Chinese-Results-Blocklist
- crazy-max WindowsSpyBlocker
- Dawsey21 List
- Disconnect.me (included: simple_ad, simple_malvertising, simple_tracking)
- dshield.org (included: Low, Medium, High)
- ethanr dns-blacklists
- firebog.net (included: AdguardDNS, Airelle-hrsk, Airelle-trc, BillStearns, Easylist, Easyprivacy, Kowabit, Prigent-Ads, Prigent-Malware, Prigent-Phishing, Shalla-mal, WaLLy3K)
- gfmaster adblock-korea
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Inactive Blocklists :
- CHEF-KOCH BarbBlock-filter-list
- hosts-file.net (included: ad_servers, emd, grm, hosts, psh)
- margevicius easylistlithuania
- Passwall SpamAssassin
- squidblacklist.org (included: dg-ads, dg-malicious.acl)
- UrlBlacklist
β git 2020
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Inactive Blocklists :
- CHEF-KOCH BarbBlock-filter-list
- hosts-file.net (included: ad_servers, emd, grm, hosts, psh)
- margevicius easylistlithuania
- Passwall SpamAssassin
- squidblacklist.org (included: dg-ads, dg-malicious.acl)
- UrlBlacklist
β git 2020
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
WPA+WPA2-ENTERPRISE Best Practice Guide.pdf
36 KB
WPA+WPA2-ENTERPRISE Best Practice Guide #requested :)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FOR BEGINERS INSTALL UBUNTU 2020 ON ANDROID :
(TERMUX)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pkg install proot wget
2) mkdir -p ~/jails/ubuntu
3) cd ~/jails/ubuntu
4)wget https://raw.githubusercontent.com/Neo-Oli/termux-ubuntu/master/ubuntu.sh
5) bash ubuntu.sh
6) bash jails/ubuntu/start-ubuntu.sh
7) unminimize
8) apt install git net-tools curl
ENJOYβ€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FOR BEGINERS INSTALL UBUNTU 2020 ON ANDROID :
(TERMUX)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pkg install proot wget
2) mkdir -p ~/jails/ubuntu
3) cd ~/jails/ubuntu
4)wget https://raw.githubusercontent.com/Neo-Oli/termux-ubuntu/master/ubuntu.sh
5) bash ubuntu.sh
6) bash jails/ubuntu/start-ubuntu.sh
7) unminimize
8) apt install git net-tools curl
ENJOYβ€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
NEW UPDATE LAZYMUX 2020 TERMUX :
1-apt install python git
2-git clone https://github.com/Gameye98/Lazymux
3-cd Lazymux
4-python lazymux.py
1-apt install python git
2-git clone https://github.com/Gameye98/Lazymux
3-cd Lazymux
4-python lazymux.py
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST 2020 IDE ANDROID APPS :
> https://apkpure.com/dcoder-compiler-ide-code-programming-on-mobile/com.paprbit.dcoder
> https://play.google.com/store/apps/details?id=ch.tanapro.JavaIDEdroid
> https://play.google.com/store/apps/details?id=air.JavaEditor
> https://play.google.com/store/apps/details?id=com.aor.droidedit&feature=also_installed
>https://play.google.com/store/apps/details?id=com.paprbit.dcoder
>https://play.google.com/store/apps/details?id=twig.nguyen.codepeeker.pro
> https://play.google.com/store/apps/details?id=com.aide.ui
> https://play.google.com/store/apps/details?id=com.majosoft.anacode
> https://play.google.com/store/apps/details?id=com.henrythompson.quoda
> https://play.google.com/store/apps/details?id=com.duy.compiler.javanide
ENJOYβ€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST 2020 IDE ANDROID APPS :
> https://apkpure.com/dcoder-compiler-ide-code-programming-on-mobile/com.paprbit.dcoder
> https://play.google.com/store/apps/details?id=ch.tanapro.JavaIDEdroid
> https://play.google.com/store/apps/details?id=air.JavaEditor
> https://play.google.com/store/apps/details?id=com.aor.droidedit&feature=also_installed
>https://play.google.com/store/apps/details?id=com.paprbit.dcoder
>https://play.google.com/store/apps/details?id=twig.nguyen.codepeeker.pro
> https://play.google.com/store/apps/details?id=com.aide.ui
> https://play.google.com/store/apps/details?id=com.majosoft.anacode
> https://play.google.com/store/apps/details?id=com.henrythompson.quoda
> https://play.google.com/store/apps/details?id=com.duy.compiler.javanide
ENJOYβ€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
APKPure.com
Dcoder, Compiler IDE :Code & Programming on mobile for Android - APK Download
Download Dcoder, Compiler IDE :Code & Programming on mobile apk 4.0.178 for Android. Dcoder compiler: a mobile coding IDE to build projects, code & learn algorithms
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Debian 10.5 released, fixing the "BootHole" security vulnerability :
βͺοΈnews
> Debian 10.5 has been released. This is the fifth stable update of Debian 10 "Buster", which fixes some security issues and bugs.
βͺοΈVulnerability :
One of the most noteworthy is that this version provides the necessary patches to solve the recent GRUB2 UEFI SecureBoot "BootHole" security vulnerability. Therefore, BootHole should be able to be resolved in Debian 10.5, and there will be no startup problems that still plagued some RHEL/CentOS users after mitigating the vulnerability.
βͺοΈFix :
In addition to solving the BootHole problem, Debian 10.5 also updated the ClamAV antivirus software, file-roller security fixes and other minor fixes, used encrypted Debian signature keys for fwupdate and other software packages, and repaired HTTPS support in Jigdo Issues, upgrade Linux 4.19 kernel support, fix multiple cross-site scripting issues in PHP Horde, and multiple other fixes.
βͺοΈdetails & download :
For details, please check https://www.debian.org/News/2020/20200801 to
download the list of mirror sites https://www.debian.org/mirror/list
#News
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Debian 10.5 released, fixing the "BootHole" security vulnerability :
βͺοΈnews
> Debian 10.5 has been released. This is the fifth stable update of Debian 10 "Buster", which fixes some security issues and bugs.
βͺοΈVulnerability :
One of the most noteworthy is that this version provides the necessary patches to solve the recent GRUB2 UEFI SecureBoot "BootHole" security vulnerability. Therefore, BootHole should be able to be resolved in Debian 10.5, and there will be no startup problems that still plagued some RHEL/CentOS users after mitigating the vulnerability.
βͺοΈFix :
In addition to solving the BootHole problem, Debian 10.5 also updated the ClamAV antivirus software, file-roller security fixes and other minor fixes, used encrypted Debian signature keys for fwupdate and other software packages, and repaired HTTPS support in Jigdo Issues, upgrade Linux 4.19 kernel support, fix multiple cross-site scripting issues in PHP Horde, and multiple other fixes.
βͺοΈdetails & download :
For details, please check https://www.debian.org/News/2020/20200801 to
download the list of mirror sites https://www.debian.org/mirror/list
#News
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Enable RDP Server on a One System
1οΈβ£First, we need a system with RDP enabled. If you are using this in your lab, enable one Windows machine's RDP server. Go to Control Panel then System and Security. Below the System section, you will see "Allow remote access". Click there.
2οΈβ£Next, click on the "Allow Remote Assistance connections to this computer" and click "Apply."
3οΈβ£Step 2Install Cain on Windows System
> You should have Cain and Abel installed on your attack system. I have it on my Windows 7 system that I will be using to attack RDP on another Windows 7 system. In this case, we will not be using BackTrack as Cain and Abel is one of the few hacking tools developed originally for Windows and has never been ported to Linux.
4οΈβ£Cain and Abel, besides being a great password cracking tool (albeit a bit slow) is probably the best MiTM tool on the marketβand it is free!
5οΈβ£Step 3Use ARP Scan on Systems with Cain
Now that we have Cain and Abel running on our attack system and RDP server enabled on another, we need to do an ARP scan. In this way, we will find all the systems on the network by sending out ARP requests and the systems on the network will respond with their IP address and MAC addresses. Choose a range that is appropriate for your target network.
6οΈβ£Step 4ARP Poison
Next, now that know all the machines, IP addresses and MAC addresses on the network from the ARP scan, we are in a position to be able to poison the ARP. We poison the ARP so that our attack system sits between the RDP server and the RDP client. In this way, all of either machine's traffic must travel through our attack machine.
7οΈβ£Click on the Sniffer button on Cain, then select the Sniffer tab, then select the Hosts tab at the bottom, then click on the blue + on the top menu, select the Radio button, select the target IP range, and click OK.
8οΈβ£Step 5Choose the Server and Client You Want to Poison
Select the APR button at the bottom next to the hosts tab you used above, press the blue + button, select the targets, and press OK.
9οΈβ£Step 6Connect RDP Client to the RDP Server
Now, we wait for the RDP client to connect to the RDP server. This is likely to happen when an individual calls tech support and tech support needs to configure and demonstrate something on their machine. As you might guess, this requires some patience. When they do, we can then intercept its traffic.
π Step 7Intercept Traffic
With our Cain and Abel MiTM attack in place, all of the traffic between the RDP server and the RDP client will pass through our attack system.
1οΈβ£1οΈβ£Cain and Abel is now capturing the entire session and saving it into a file named in the far right column. We can now right click on that filename and choose View to open the decrypted file in Notepad.
1οΈβ£2οΈβ£Step 8Search for Traffic
Now that all the traffic on the RDP connect is traveling through our attack system, we can search for traffic of interest to us.
1οΈβ£3οΈβ£Ideally, we want the sysadmin password for RDP. If we can find the sysadmin password for RDP, we will likely be able to use RDP on any of the network's machines as usually the sysadmin will set up RDP with the same password on every system for convenience.
1οΈβ£4οΈβ£Even better, many sysadmin use the same password to remote into client machines as they use on their system and other accounts. This means that when we capture this password we may own the entire domain and network!
1οΈβ£5οΈβ£To find any keys pressed in the hexadecimal file capture, use the Find feature in Notepad to search for "key pressed". This will find each of the keystrokes, one-by-one, of any keystrokes entered by the sysadmin including their password. This is tedious work, but you will be rewarded with a pot-of-gold for your patience!
enjoyβ€οΈππ»
wiki source
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Enable RDP Server on a One System
1οΈβ£First, we need a system with RDP enabled. If you are using this in your lab, enable one Windows machine's RDP server. Go to Control Panel then System and Security. Below the System section, you will see "Allow remote access". Click there.
2οΈβ£Next, click on the "Allow Remote Assistance connections to this computer" and click "Apply."
3οΈβ£Step 2Install Cain on Windows System
> You should have Cain and Abel installed on your attack system. I have it on my Windows 7 system that I will be using to attack RDP on another Windows 7 system. In this case, we will not be using BackTrack as Cain and Abel is one of the few hacking tools developed originally for Windows and has never been ported to Linux.
4οΈβ£Cain and Abel, besides being a great password cracking tool (albeit a bit slow) is probably the best MiTM tool on the marketβand it is free!
5οΈβ£Step 3Use ARP Scan on Systems with Cain
Now that we have Cain and Abel running on our attack system and RDP server enabled on another, we need to do an ARP scan. In this way, we will find all the systems on the network by sending out ARP requests and the systems on the network will respond with their IP address and MAC addresses. Choose a range that is appropriate for your target network.
6οΈβ£Step 4ARP Poison
Next, now that know all the machines, IP addresses and MAC addresses on the network from the ARP scan, we are in a position to be able to poison the ARP. We poison the ARP so that our attack system sits between the RDP server and the RDP client. In this way, all of either machine's traffic must travel through our attack machine.
7οΈβ£Click on the Sniffer button on Cain, then select the Sniffer tab, then select the Hosts tab at the bottom, then click on the blue + on the top menu, select the Radio button, select the target IP range, and click OK.
8οΈβ£Step 5Choose the Server and Client You Want to Poison
Select the APR button at the bottom next to the hosts tab you used above, press the blue + button, select the targets, and press OK.
9οΈβ£Step 6Connect RDP Client to the RDP Server
Now, we wait for the RDP client to connect to the RDP server. This is likely to happen when an individual calls tech support and tech support needs to configure and demonstrate something on their machine. As you might guess, this requires some patience. When they do, we can then intercept its traffic.
π Step 7Intercept Traffic
With our Cain and Abel MiTM attack in place, all of the traffic between the RDP server and the RDP client will pass through our attack system.
1οΈβ£1οΈβ£Cain and Abel is now capturing the entire session and saving it into a file named in the far right column. We can now right click on that filename and choose View to open the decrypted file in Notepad.
1οΈβ£2οΈβ£Step 8Search for Traffic
Now that all the traffic on the RDP connect is traveling through our attack system, we can search for traffic of interest to us.
1οΈβ£3οΈβ£Ideally, we want the sysadmin password for RDP. If we can find the sysadmin password for RDP, we will likely be able to use RDP on any of the network's machines as usually the sysadmin will set up RDP with the same password on every system for convenience.
1οΈβ£4οΈβ£Even better, many sysadmin use the same password to remote into client machines as they use on their system and other accounts. This means that when we capture this password we may own the entire domain and network!
1οΈβ£5οΈβ£To find any keys pressed in the hexadecimal file capture, use the Find feature in Notepad to search for "key pressed". This will find each of the keystrokes, one-by-one, of any keystrokes entered by the sysadmin including their password. This is tedious work, but you will be rewarded with a pot-of-gold for your patience!
enjoyβ€οΈππ»
wiki source
β β β Uππ»βΊπ«Δπ¬πβ β β β