β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ I want to set my Slackware Linux as a server, so that others can connect to my Linux host via modem dial-up. What should I do? Especially how to make my modem answer the dial?
1) Add this line in /etc/inittab:
d1:345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1
(assuming your modem is on the second serial port)
Note that the redhat is The mingetty cannot be used for this purpose, you can
download mgetty from freesoft.cei.gov.cn to use.
2) if you have the modem will switch you can set it to answer calls, if there is no switch
to check its manual to find out what is AT command set (I do not have modem manual)
to set up this command in / etc /rc.d/rc.local will do.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ I want to set my Slackware Linux as a server, so that others can connect to my Linux host via modem dial-up. What should I do? Especially how to make my modem answer the dial?
1) Add this line in /etc/inittab:
d1:345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1
(assuming your modem is on the second serial port)
Note that the redhat is The mingetty cannot be used for this purpose, you can
download mgetty from freesoft.cei.gov.cn to use.
2) if you have the modem will switch you can set it to answer calls, if there is no switch
to check its manual to find out what is AT command set (I do not have modem manual)
to set up this command in / etc /rc.d/rc.local will do.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from WEB UNDERCODE - PRIVATE
SQLite3 Injection.pdf
98.7 KB
A few months ago I found an SQL injection vulnerability in an enterprisey webapp's help system. Turns out this was stored in a separate database - in SQLite. I had a Google around and could find very little information about exploiting SQLI with SQLite as the backend.. so I went on a hunt, and found some neat tricks
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NEW UPDATE (last month) -ALL IN ONE :
HACKTRONIAN Menu :
Information Gathering
Password Attacks
Wireless Testing
Exploitation Tools
Sniffing & Spoofing
Web Hacking
Private Web Hacking
Post Exploitation
Install The HACKTRONIAN
Information Gathering:
Nmap
Setoolkit
Port Scanning
Host To IP
wordpress user
CMS scanner
XSStrike
Dork - Google Dorks Passive Vulnerability Auditor
Scan A server's Users
Crips
Password Attacks:
Cupp
Ncrack
Wireless Testing:
reaver
pixiewps
Fluxion
Exploitation Tools:
ATSCAN
sqlmap
Shellnoob
commix
FTP Auto Bypass
jboss-autopwn
Sniffing & Spoofing:
Setoolkit
SSLtrip
pyPISHER
SMTP Mailer
Web Hacking:
Drupal Hacking
Inurlbr
Wordpress & Joomla Scanner
Gravity Form Scanner
File Upload Checker
Wordpress Exploit Scanner
Wordpress Plugins Scanner
Shell and Directory Finder
Joomla! 1.5 - 3.4.5 remote code execution
Vbulletin 5.X remote code execution
BruteX - Automatically brute force all services running on a target
Arachni - Web Application Security Scanner Framework
Private Web Hacking:
Get all websites
Get joomla websites
Get wordpress websites
Control Panel Finder
Zip Files Finder
Upload File Finder
Get server users
SQli Scanner
Ports Scan (range of ports)
ports Scan (common ports)
Get server Info
Bypass Cloudflare
Post Exploitation:
Shell Checker
POET
Weeman
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Installation in Linux :
This Tool Must Run As ROOT !!!
1) git clone https://github.com/thehackingsage/hacktronian.git
2) cd hacktronian
3) chmod +x install.sh
4) ./install.sh
That's it.. you can execute tool by typing hacktronian
Installation in Android :
1) Open Termux
2) pkg install git
3) pkg install python
4) git clone https://github.com/thehackingsage/hacktronian.git
5) cd hacktronian
6) chmod +x hacktronian.py
7) python2 hacktronian.py
β git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NEW UPDATE (last month) -ALL IN ONE :
HACKTRONIAN Menu :
Information Gathering
Password Attacks
Wireless Testing
Exploitation Tools
Sniffing & Spoofing
Web Hacking
Private Web Hacking
Post Exploitation
Install The HACKTRONIAN
Information Gathering:
Nmap
Setoolkit
Port Scanning
Host To IP
wordpress user
CMS scanner
XSStrike
Dork - Google Dorks Passive Vulnerability Auditor
Scan A server's Users
Crips
Password Attacks:
Cupp
Ncrack
Wireless Testing:
reaver
pixiewps
Fluxion
Exploitation Tools:
ATSCAN
sqlmap
Shellnoob
commix
FTP Auto Bypass
jboss-autopwn
Sniffing & Spoofing:
Setoolkit
SSLtrip
pyPISHER
SMTP Mailer
Web Hacking:
Drupal Hacking
Inurlbr
Wordpress & Joomla Scanner
Gravity Form Scanner
File Upload Checker
Wordpress Exploit Scanner
Wordpress Plugins Scanner
Shell and Directory Finder
Joomla! 1.5 - 3.4.5 remote code execution
Vbulletin 5.X remote code execution
BruteX - Automatically brute force all services running on a target
Arachni - Web Application Security Scanner Framework
Private Web Hacking:
Get all websites
Get joomla websites
Get wordpress websites
Control Panel Finder
Zip Files Finder
Upload File Finder
Get server users
SQli Scanner
Ports Scan (range of ports)
ports Scan (common ports)
Get server Info
Bypass Cloudflare
Post Exploitation:
Shell Checker
POET
Weeman
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Installation in Linux :
This Tool Must Run As ROOT !!!
1) git clone https://github.com/thehackingsage/hacktronian.git
2) cd hacktronian
3) chmod +x install.sh
4) ./install.sh
That's it.. you can execute tool by typing hacktronian
Installation in Android :
1) Open Termux
2) pkg install git
3) pkg install python
4) git clone https://github.com/thehackingsage/hacktronian.git
5) cd hacktronian
6) chmod +x hacktronian.py
7) python2 hacktronian.py
β git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - thehackingsage/hacktronian: Tools for Pentesting
Tools for Pentesting. Contribute to thehackingsage/hacktronian development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST Hacking #Tools :
* [nudge4j](https://github.com/lorenzoongithub/nudge4j) - Java tool to let the browser talk to the JVM
* [IDA](https://www.hex-rays.com/products/ida/) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
* [OllyDbg](http://www.ollydbg.de/) - A 32-bit assembler level analysing debugger for Windows
* [x64dbg](http://x64dbg.com/) - An open-source x64/x32 debugger for Windows
* [dex2jar](https://github.com/pxb1988/dex2jar) - Tools to work with Android .dex and Java .class files
* [JD-GUI](http://jd.benow.ca/) - A standalone graphical utility that displays Java source codes of Γ’β¬Ε.classΓ’β¬ files
* [procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - A modern open-source Java decompiler
* [androguard](https://code.google.com/p/androguard/) - Reverse engineering, malware and goodware analysis of Android applications
* [JAD](http://varaneckas.com/jad/) - JAD Java Decompiler (closed-source, unmaintained)
* [dotPeek](https://www.jetbrains.com/decompiler/) - a
free-of-charge .NET decompiler from JetBrains
* [ILSpy](https://github.com/icsharpcode/ILSpy/) - an open-source .NET assembly browser and decompiler
* [dnSpy](https://github.com/0xd4d/dnSpy) - .NET assembly editor, decompiler, and debugger
* [de4dot](https://github.com/0xd4d/de4dot) - .NET deobfuscator and unpacker.
* [antinet](https://github.com/0xd4d/antinet) - .NET anti-managed debugger and anti-profiler code
* [UPX](http://upx.sourceforge.net/) - the Ultimate Packer for eXecutables
* [radare2](https://github.com/radare/radare2) - A portable reversing framework
* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
* [Hopper](https://www.hopperapp.com) - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
* [ScratchABit](https://github.com/pfalcon/ScratchABit) - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST Hacking #Tools :
* [nudge4j](https://github.com/lorenzoongithub/nudge4j) - Java tool to let the browser talk to the JVM
* [IDA](https://www.hex-rays.com/products/ida/) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
* [OllyDbg](http://www.ollydbg.de/) - A 32-bit assembler level analysing debugger for Windows
* [x64dbg](http://x64dbg.com/) - An open-source x64/x32 debugger for Windows
* [dex2jar](https://github.com/pxb1988/dex2jar) - Tools to work with Android .dex and Java .class files
* [JD-GUI](http://jd.benow.ca/) - A standalone graphical utility that displays Java source codes of Γ’β¬Ε.classΓ’β¬ files
* [procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - A modern open-source Java decompiler
* [androguard](https://code.google.com/p/androguard/) - Reverse engineering, malware and goodware analysis of Android applications
* [JAD](http://varaneckas.com/jad/) - JAD Java Decompiler (closed-source, unmaintained)
* [dotPeek](https://www.jetbrains.com/decompiler/) - a
free-of-charge .NET decompiler from JetBrains
* [ILSpy](https://github.com/icsharpcode/ILSpy/) - an open-source .NET assembly browser and decompiler
* [dnSpy](https://github.com/0xd4d/dnSpy) - .NET assembly editor, decompiler, and debugger
* [de4dot](https://github.com/0xd4d/de4dot) - .NET deobfuscator and unpacker.
* [antinet](https://github.com/0xd4d/antinet) - .NET anti-managed debugger and anti-profiler code
* [UPX](http://upx.sourceforge.net/) - the Ultimate Packer for eXecutables
* [radare2](https://github.com/radare/radare2) - A portable reversing framework
* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
* [Hopper](https://www.hopperapp.com) - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
* [ScratchABit](https://github.com/pfalcon/ScratchABit) - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - lorenzoongithub/nudge4j: Get inside your JVM
Get inside your JVM. Contribute to lorenzoongithub/nudge4j development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner :
F E A T U R E S :
Works with Windows, Linux and OS X
Automatic Configuration
Automatic Update
Provides 8 different Local File Inclusion attack modalities:
/proc/self/environ
php://filter
php://input
/proc/self/fd
access log
phpinfo
data://
expect://
Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).
Tor proxy support
Reverse Shell for Windows, Linux and OS X
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/D35m0nd142/LFISuite
2) cd LFISuite
run lfisuite.py as python
3) When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port").
Video: https://www.youtube.com/watch?v=6sY1Skx8MBc
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner :
F E A T U R E S :
Works with Windows, Linux and OS X
Automatic Configuration
Automatic Update
Provides 8 different Local File Inclusion attack modalities:
/proc/self/environ
php://filter
php://input
/proc/self/fd
access log
phpinfo
data://
expect://
Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).
Tor proxy support
Reverse Shell for Windows, Linux and OS X
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/D35m0nd142/LFISuite
2) cd LFISuite
run lfisuite.py as python
3) When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port").
Video: https://www.youtube.com/watch?v=6sY1Skx8MBc
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - D35m0nd142/LFISuite: Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner - GitHub - D35m0nd142/LFISuite: Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 RANSOMWARE :
F E A T U R E S :
Generate a ransomware payload
With or without GUI payload
FUD (Fully Undetectable by Anti-Virus)
Works on Windows, MacOS and Linux
Super fast encryption with PyCrypto
Compile to EXE, APP or Unix/Linux executable
Custom icon for your EXE payload
Receive keys of victims
Decrypt files
Demo mode (payload won't encrypt anything)
Fullscreen mode (Warning takes over the screen)
Custom warning message for your victim
Custom image in your payload
Ghost mode (Rename by adding .DEMON extention instead of encrypting the files)
Multiple encryption methods
Select file extentions to target
Decide if payload should self-destruct (Console mode feature only)
Decide wich drive to target for encryption (working directory)
Verified server access through port forwarding VPN
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/leonv024/RAASNet.git
2) pip3 install -r requirements.txt
3) python3 RAASNet.py
4) On Linux, you might need to install these packages:
sudo apt install python3-tk python3-pil python3-pil.imagetk
5)Testing connection with remote server:
# Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989
6) python3 test_socket.py
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 RANSOMWARE :
F E A T U R E S :
Generate a ransomware payload
With or without GUI payload
FUD (Fully Undetectable by Anti-Virus)
Works on Windows, MacOS and Linux
Super fast encryption with PyCrypto
Compile to EXE, APP or Unix/Linux executable
Custom icon for your EXE payload
Receive keys of victims
Decrypt files
Demo mode (payload won't encrypt anything)
Fullscreen mode (Warning takes over the screen)
Custom warning message for your victim
Custom image in your payload
Ghost mode (Rename by adding .DEMON extention instead of encrypting the files)
Multiple encryption methods
Select file extentions to target
Decide if payload should self-destruct (Console mode feature only)
Decide wich drive to target for encryption (working directory)
Verified server access through port forwarding VPN
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/leonv024/RAASNet.git
2) pip3 install -r requirements.txt
3) python3 RAASNet.py
4) On Linux, you might need to install these packages:
sudo apt install python3-tk python3-pil python3-pil.imagetk
5)Testing connection with remote server:
# Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989
6) python3 test_socket.py
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β