β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IS HACKING COMPUTER VIA PORT POSSIBLE ?
What is a port?
The port is a way for the computer to communicate with the outside, and the computer needs it to communicate with the outside world. The server uses different ports to provide different services, so only one IP address is needed to receive different data packets. Because of the port, when a data packet arrives at the computer, it knows which data packet to send to which service program. Therefore, through different ports, the computer and the outside world can communicate without interference. Simply put, a port is like a door. Only when we open this door can the computer communicate with the outside world. All data must pass through the door to enter our system. For example, the well-known "Shockwave" and "Magic Wave" viruses spread through ports 139 and 445, while the famous Trojan "Glacier" controls our computer through port 7626. Therefore, as long as we understand some ports commonly used by virus and Trojan horses and close them, we can avoid many virus and Trojan horse attacks.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IS HACKING COMPUTER VIA PORT POSSIBLE ?
What is a port?
The port is a way for the computer to communicate with the outside, and the computer needs it to communicate with the outside world. The server uses different ports to provide different services, so only one IP address is needed to receive different data packets. Because of the port, when a data packet arrives at the computer, it knows which data packet to send to which service program. Therefore, through different ports, the computer and the outside world can communicate without interference. Simply put, a port is like a door. Only when we open this door can the computer communicate with the outside world. All data must pass through the door to enter our system. For example, the well-known "Shockwave" and "Magic Wave" viruses spread through ports 139 and 445, while the famous Trojan "Glacier" controls our computer through port 7626. Therefore, as long as we understand some ports commonly used by virus and Trojan horses and close them, we can avoid many virus and Trojan horse attacks.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hackers can transmit malicious images through Paypal
PayPal resolved a vulnerability that could be used by hackers to insert malicious images into payment pages.
Security researcher Aditya K Sood found that the URL of the payment page set by PayPal users contained a parameter named "image_url". The value of this parameter can be replaced by a URL that points to an image hosted on a remote server. This situation can allow attackers to use third-party vendorsβ PayPal payment pages to spread malicious images. Sood proved the existence of the vulnerability by displaying arbitrary images on the vendor's payment page, but he believes that attackers may spread or exploit the malware hidden in the images.
Cybercriminals have always used innocuous-looking image files to hide malware. This technique has been used by the developers of the Lurk downloader, Neverquest malware, Stegoloader information stealer, and a Brazilian Trojan that was recently analyzed by Kaspersky.
Sood pointed out, βThis is an insecure design because PayPal allows remote users to inject their own images into the components that PayPal uses for customer transactions. In other words, can an attacker spread malware or Utilization? The answer is yes. Some utilization technologies can achieve this goal."
Attackers can exploit this vulnerability by allowing unverified users to click on specially programmed links. The fact that the URL is hosted on paypal.com increases the likelihood that the victim will open the link.
This vulnerability was reported to PayPal in January, but was only fixed this month. PayPal initially stated that the report was not eligible for a bug reward, but then the company decided to fix the bug and awarded Sood a $1,000 reward.
Sood believes this is a high-risk issue, and he is dissatisfied with PayPal's disagreement with his assessment. PayPal responded that the attack scenario described by Sood is unlikely to happen because there are easier ways to spread malware, and that the company is actively scanning for malicious content.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hackers can transmit malicious images through Paypal
PayPal resolved a vulnerability that could be used by hackers to insert malicious images into payment pages.
Security researcher Aditya K Sood found that the URL of the payment page set by PayPal users contained a parameter named "image_url". The value of this parameter can be replaced by a URL that points to an image hosted on a remote server. This situation can allow attackers to use third-party vendorsβ PayPal payment pages to spread malicious images. Sood proved the existence of the vulnerability by displaying arbitrary images on the vendor's payment page, but he believes that attackers may spread or exploit the malware hidden in the images.
Cybercriminals have always used innocuous-looking image files to hide malware. This technique has been used by the developers of the Lurk downloader, Neverquest malware, Stegoloader information stealer, and a Brazilian Trojan that was recently analyzed by Kaspersky.
Sood pointed out, βThis is an insecure design because PayPal allows remote users to inject their own images into the components that PayPal uses for customer transactions. In other words, can an attacker spread malware or Utilization? The answer is yes. Some utilization technologies can achieve this goal."
Attackers can exploit this vulnerability by allowing unverified users to click on specially programmed links. The fact that the URL is hosted on paypal.com increases the likelihood that the victim will open the link.
This vulnerability was reported to PayPal in January, but was only fixed this month. PayPal initially stated that the report was not eligible for a bug reward, but then the company decided to fix the bug and awarded Sood a $1,000 reward.
Sood believes this is a high-risk issue, and he is dissatisfied with PayPal's disagreement with his assessment. PayPal responded that the attack scenario described by Sood is unlikely to happen because there are easier ways to spread malware, and that the company is actively scanning for malicious content.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Bypassing AMSI via COM Server Hijacking.pdf
769.2 KB
Bypassing AMSI via COM Server Hijacking Microsoftβs Antimalware Scan Interface (AMSI) was introduced in Windows 10 as a standard interface that provides the ability for AV engines to apply signatures to buers both in memory and on disk. This gives AV products the ability to βhookβ right before script interpretation, meaning that any obfuscation or encryption has gone through their respective deobfuscation and decryption routines. If desired, you can read more on AMSI here and here. This post will highlight a way to bypass AMSI by hijacking the AMSI COM server, analyze how Microsoft xed it in build #16232 and then how to bypass that x.
FULL METHODE
FULL METHODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications..->
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
On Debian-based systems (ex: Ubuntu), run:
1) sudo apt-get install python3-pycurl python3-bs4
2) python3-geoip python3-gi python3-cairocffi
3) python3-selenium firefoxdriver
βOn other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium
π¦XSSer runs on many platforms. It requires Python (3.x) and the following libraries:
- python3-pycurl - Python bindings to libcurl (Python 3)
- python3-bs4 - error-tolerant HTML parser for Python 3
- python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
- python3-gi - Python 3 bindings for gobject-introspection libraries
- python3-cairocffi - cffi-based cairo bindings for Python (Python3)
- python3-selenium - Python3 bindings for Selenium
- firefoxdriver - Firefox WebDriver support
check picture and this git link for more usage
https://github.com/epsylon/xsser
β git topic
use for learn
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications..->
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
On Debian-based systems (ex: Ubuntu), run:
1) sudo apt-get install python3-pycurl python3-bs4
2) python3-geoip python3-gi python3-cairocffi
3) python3-selenium firefoxdriver
βOn other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium
π¦XSSer runs on many platforms. It requires Python (3.x) and the following libraries:
- python3-pycurl - Python bindings to libcurl (Python 3)
- python3-bs4 - error-tolerant HTML parser for Python 3
- python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
- python3-gi - Python 3 bindings for gobject-introspection libraries
- python3-cairocffi - cffi-based cairo bindings for Python (Python3)
- python3-selenium - Python3 bindings for Selenium
- firefoxdriver - Firefox WebDriver support
check picture and this git link for more usage
https://github.com/epsylon/xsser
β git topic
use for learn
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - epsylon/xsser: Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilitiesβ¦
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. - epsylon/xsser
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#Methode MySQL Row Count: How to get the number of rows in MySQL :
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#Methode MySQL Row Count: How to get the number of rows in MySQL :
To get the number of rows in one table, you use the COUNT (*) statement in SELECT like this:enjoyβ€οΈππ»
SELECT
COUNT (*)
FROM
table_name;
2) For example, to get the number of rows in the grayex table in the sample database, use the following statement:
SELECT
COUNT (*)
FROM
andreyex;
+ ---------- +
| COUNT (*) |
+ ---------- +
| 35 |
+ ---------- +
1 row in set (0.01 sec)
4) Getting the number of MySQL rows in two or more tables, to get the number of rows across multiple tables, you use the UNION statement to combine the result sets returned by each individual SELECT statement.
5) For example, to get the number of rows of gray and trainings tables in one query, use the following statement.
SELECT
'andreyex' tablename,
COUNT (*) rows
FROM
andreyex
UNION
SELECT
'trainings' tablename,
COUNT (*) rows
FROM
trainings;
+ ----------- + ------ +
| tablename | rows |
+ ----------- + ------ +
| andreyex | 34 |
| trainings | 451 |
+ ----------- + ------ +
2 rows in set (0.01 sec)
6) Getting the number of MySQL rows of all tables in a specific database, to get the row count of all tables in a specific database like classicmodels you use the following steps:
First, get all the table names in the database
Second, create an SQL statement that includes all SELECT COUNT (*) FROM table_name statements for all UNION delimited tables.
Third, execute the SQL statement using the prepared statement
First, to get all the table names in a database, you query the following from the information_schema database:
SELECT
table_name
FROM
information_schema.tables
WHERE
table_schema = 'classicmodels'
AND table_type = 'BASE TABLE';
+ -------------- +
| TABLE_NAME |
+ -------------- +
| andreyex |
| trainings |
| sites |
+ -------------- +
3 rows in set (0.02 sec)
Second, to build the SQL statement, we use the GROUP_CONCAT and CONCAT functions as follows:
SELECT
CONCAT (GROUP_CONCAT (CONCAT ('SELECT \' ',
table_name,
'\' table_name, COUNT (*) rows FROM ',
table_name)
SEPARATOR 'UNION'),
'ORDER BY table_name')
INTO @sql
FROM
table_list;
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 new update faraday - Collaborative Penetration Test and Vulnerability Management Platform
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) download https://github.com/infobyte/faraday/releases
2) Install postgresql >= 9.6 (locally or in a remote server). In order to install PostgreSQL, you can run the following command:
$ sudo apt install postgresql
3) After the installation is completed, verify that PostgreSQL version is higher or equal than 9.6 by running:
$ psql -c "SELECT version()" postgres
4) Go to your Download directory and run the following command:
$ sudo apt install ./yourInstallFileName.deb
5) If PostgreSQL is running in a remote machine please follow these instructions. If, instead, it is running locally, simply run:
$ sudo faraday-manage initdb
6) Start Faraday's server by running:
$ systemctl start faraday-server
7) To know how to run Faraday's multiple commands, please follow this link.
https://github.com/infobyte/faraday/wiki/How-to-run-Faraday
β git topic
use for learn
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 new update faraday - Collaborative Penetration Test and Vulnerability Management Platform
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) download https://github.com/infobyte/faraday/releases
2) Install postgresql >= 9.6 (locally or in a remote server). In order to install PostgreSQL, you can run the following command:
$ sudo apt install postgresql
3) After the installation is completed, verify that PostgreSQL version is higher or equal than 9.6 by running:
$ psql -c "SELECT version()" postgres
4) Go to your Download directory and run the following command:
$ sudo apt install ./yourInstallFileName.deb
5) If PostgreSQL is running in a remote machine please follow these instructions. If, instead, it is running locally, simply run:
$ sudo faraday-manage initdb
6) Start Faraday's server by running:
$ systemctl start faraday-server
7) To know how to run Faraday's multiple commands, please follow this link.
https://github.com/infobyte/faraday/wiki/How-to-run-Faraday
β git topic
use for learn
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
Releases Β· infobyte/faraday
Open Source Vulnerability Management Platform. Contribute to infobyte/faraday development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#webhacking another Wordpress XMLRPC System Multicall Brute Force Exploit :
HOW IT WORK'S ?
This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit.git
2) ./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 username2 username3...
THAT'S ALL :)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#webhacking another Wordpress XMLRPC System Multicall Brute Force Exploit :
HOW IT WORK'S ?
This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit.git
2) ./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 username2 username3...
THAT'S ALL :)
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - 1N3/Wordpress-XMLRPC-Brute-Force-Exploit: Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield - 1N3/Wordpress-XMLRPC-Brute-Force-Exploit