β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Shell script
I'll use the following shell script to illustrate the idea.
Nothing fancy, it will display the available disk space on a specific server and partition.
#! / usr / bin / env bash
# Display available disk space on specific server and partition
# default parameters
default_bastion = ""
default_busername = ""
default_server = "localhost"
default_username = "milosz"
default_partition = "/ srv"
# nextcloud server
nextcloud_server = "nextcloud.local"
nextcloud_partition = "/ data"
# dokuwiki server
dokuwiki_bastion = "bastion.example.org"
dokuwiki_busername = "bouncer"
dokuwiki_server = "192.0.2.10"
dokuwiki_username = "dokuwiki"
dokuwiki_partition = "/ wiki"
# kolab server
kolab_bastion = "bastion.example.org"
kolab_busername = "bouncer"
kolab_server = "192.0.2.20"
kolab_username = "monitoring"
kolab_partition = "/"
# get defined servers / applications
applications = "$ ((set -o posix; set) | awk -F '=' '/ _server / {split ($ 1, array," _ "); print array [1]}' | grep -v default)"
# get defined attributes
attributes = "$ ((set -o posix; set) | awk -F '=' '/ default_ / {split ($ 1, array," _ "); print array [2]}')"
for application in $ applications; do
# define attributes for server / application
for attribute in $ attributes; do
application_attribute = "$ {application} _ $ {attribute}"
default_attribute = "default _ $ {attribute}"
if [-n "$ {! application_attribute}"]; then
eval "$ {attribute}" = "$ {! application_attribute}"
else
eval "$ {attribute}" = "$ {! default_attribute}"
fi
done
# perform an action
if [-n "$ bastion"]; then
bastion_param = "- J $ {busername} @ $ {bastion}"
else
bastion_param = ""
fi
echo -n "$ server:"
ssh $ bastion_param $ server -l $ username "bash -c 'df -h --output = avail $ partition | sed 1d'"
done
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Shell script
I'll use the following shell script to illustrate the idea.
Nothing fancy, it will display the available disk space on a specific server and partition.
#! / usr / bin / env bash
# Display available disk space on specific server and partition
# default parameters
default_bastion = ""
default_busername = ""
default_server = "localhost"
default_username = "milosz"
default_partition = "/ srv"
# nextcloud server
nextcloud_server = "nextcloud.local"
nextcloud_partition = "/ data"
# dokuwiki server
dokuwiki_bastion = "bastion.example.org"
dokuwiki_busername = "bouncer"
dokuwiki_server = "192.0.2.10"
dokuwiki_username = "dokuwiki"
dokuwiki_partition = "/ wiki"
# kolab server
kolab_bastion = "bastion.example.org"
kolab_busername = "bouncer"
kolab_server = "192.0.2.20"
kolab_username = "monitoring"
kolab_partition = "/"
# get defined servers / applications
applications = "$ ((set -o posix; set) | awk -F '=' '/ _server / {split ($ 1, array," _ "); print array [1]}' | grep -v default)"
# get defined attributes
attributes = "$ ((set -o posix; set) | awk -F '=' '/ default_ / {split ($ 1, array," _ "); print array [2]}')"
for application in $ applications; do
# define attributes for server / application
for attribute in $ attributes; do
application_attribute = "$ {application} _ $ {attribute}"
default_attribute = "default _ $ {attribute}"
if [-n "$ {! application_attribute}"]; then
eval "$ {attribute}" = "$ {! application_attribute}"
else
eval "$ {attribute}" = "$ {! default_attribute}"
fi
done
# perform an action
if [-n "$ bastion"]; then
bastion_param = "- J $ {busername} @ $ {bastion}"
else
bastion_param = ""
fi
echo -n "$ server:"
ssh $ bastion_param $ server -l $ username "bash -c 'df -h --output = avail $ partition | sed 1d'"
done
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HOW FIX 80% errors of Android Studio:
1) Close Android Studio Go to C:
\Users\UserName.android and rename the folder:
β’ build-cache to build-cache_old
2) Go to C:\Users\UserName.AndroidStudio3.2\system and rename these folders:
β’ caches to caches_old
β’ compiler to compiler_old
β’ compile-server to compile-server_old
β’ conversion to conversion_old
β’ external_build_system to external_build_system_old
β’ frameworks to frameworks_old
β’ gradle to gradle_old
β’ resource_folder_cache to resource_folder_cache_old
3) Open the Android Studio and open your project again.
Voila!
don't copy our tutorials
(Unix forums)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HOW FIX 80% errors of Android Studio:
1) Close Android Studio Go to C:
\Users\UserName.android and rename the folder:
β’ build-cache to build-cache_old
2) Go to C:\Users\UserName.AndroidStudio3.2\system and rename these folders:
β’ caches to caches_old
β’ compiler to compiler_old
β’ compile-server to compile-server_old
β’ conversion to conversion_old
β’ external_build_system to external_build_system_old
β’ frameworks to frameworks_old
β’ gradle to gradle_old
β’ resource_folder_cache to resource_folder_cache_old
3) Open the Android Studio and open your project again.
Voila!
don't copy our tutorials
(Unix forums)
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Data encryption principle :
1) We will build an efficient certificateless signcryption scheme. Because the unrecognizable paradigm encryption and signature scheme is converted into a combined certificate protocol, we use an extended traditional signcryption method to use a certificateless key verification mechanism to pair and verify the associated public key with an identity-based technology.
2) The traditional cryptographic system calculates the corresponding public key according to the user's choice of private key paradigm, and submits it to the certification authority, which verifies their identity and issues a certificate to connect these identities and public keys. Dasein creating a certified infrastructure requires digital certificate management (also known as public key infrastructure, or PKI) that may prove to be cumbersome to maintain. The concept of identity-based (IB) cryptography introduced by Shamir is trying to reduce the burden of PKI. In IB encryption, the private key is not selected by the user, but issued by a trusted authority called the Key Generation Bureau (KGB) or Trusted Authority (TA) and the public key is replaced by an arbitrary string representing the userβs identity, Avoid the need for certificates completely. On the other hand, it has the disadvantage of implicitly establishing a key custodian because the KGB has the ability to recover confidential information from any user.
3) We follow a rather unique method and design a certificateless signcryption method. Instead of combining the same identity-based encryption method with the identity-based encryption method, and transform the result into a certificate-free protocol, we extend the certificate encryption method with the traditional signature scheme, but avoid using the certificate and the latter component to use identity-based Technology to verify the public verification key.
4) Certificateless public key cryptosystem is a new type of public key cryptosystem proposed on the basis of identity-based public key cryptosystem. It not only maintains the advantages of identity-based public key cryptosystems that do not require the use of public key certificates, but also better solves its inherent key escrow problem. Signcryption combines public key encryption and digital signature together. It can complete the two functions of public key encryption and digital signature at the same time in a reasonable logical step, and its calculation and communication cost are lower than the traditional "signature first" After encryption" mode.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Data encryption principle :
1) We will build an efficient certificateless signcryption scheme. Because the unrecognizable paradigm encryption and signature scheme is converted into a combined certificate protocol, we use an extended traditional signcryption method to use a certificateless key verification mechanism to pair and verify the associated public key with an identity-based technology.
2) The traditional cryptographic system calculates the corresponding public key according to the user's choice of private key paradigm, and submits it to the certification authority, which verifies their identity and issues a certificate to connect these identities and public keys. Dasein creating a certified infrastructure requires digital certificate management (also known as public key infrastructure, or PKI) that may prove to be cumbersome to maintain. The concept of identity-based (IB) cryptography introduced by Shamir is trying to reduce the burden of PKI. In IB encryption, the private key is not selected by the user, but issued by a trusted authority called the Key Generation Bureau (KGB) or Trusted Authority (TA) and the public key is replaced by an arbitrary string representing the userβs identity, Avoid the need for certificates completely. On the other hand, it has the disadvantage of implicitly establishing a key custodian because the KGB has the ability to recover confidential information from any user.
3) We follow a rather unique method and design a certificateless signcryption method. Instead of combining the same identity-based encryption method with the identity-based encryption method, and transform the result into a certificate-free protocol, we extend the certificate encryption method with the traditional signature scheme, but avoid using the certificate and the latter component to use identity-based Technology to verify the public verification key.
4) Certificateless public key cryptosystem is a new type of public key cryptosystem proposed on the basis of identity-based public key cryptosystem. It not only maintains the advantages of identity-based public key cryptosystems that do not require the use of public key certificates, but also better solves its inherent key escrow problem. Signcryption combines public key encryption and digital signature together. It can complete the two functions of public key encryption and digital signature at the same time in a reasonable logical step, and its calculation and communication cost are lower than the traditional "signature first" After encryption" mode.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to create your own service What Is My IP :
#FastTips
1) Python, Web Hosting and PHP
For this tutorial, we are going to use Python and assume we already have our own web hosting environment.
2) This is necessary as we need our own online server that will return our external IP address.
π¦Python
1) The Python code you see below will get the page that was set as 'URL', and then it will filter out the H1 header and the end of the H1 header, just like between the header HTML, we will output the external IP address.
import requests
url = 'https://UndercodeNews.com/getip.php'
r = requests.get(url)
r.text
ip = r.text.split('<h1>')[1].split('</h1>')[0]
print(ip)
π¦Web hosting
In your web hosting environment, you will need to host a PHP file containing some code, this code will return the page as shown in the picture below.
For example, in Apache, you would need to store content in the following directory:
/var/www/html/getip.php
#FastTips
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to create your own service What Is My IP :
#FastTips
1) Python, Web Hosting and PHP
For this tutorial, we are going to use Python and assume we already have our own web hosting environment.
2) This is necessary as we need our own online server that will return our external IP address.
π¦Python
1) The Python code you see below will get the page that was set as 'URL', and then it will filter out the H1 header and the end of the H1 header, just like between the header HTML, we will output the external IP address.
import requests
url = 'https://UndercodeNews.com/getip.php'
r = requests.get(url)
r.text
ip = r.text.split('<h1>')[1].split('</h1>')[0]
print(ip)
π¦Web hosting
In your web hosting environment, you will need to host a PHP file containing some code, this code will return the page as shown in the picture below.
For example, in Apache, you would need to store content in the following directory:
/var/www/html/getip.php
#FastTips
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is a DNS leak and why it mattersπ¨βοΈ
1) When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network.
2) If any traffic flows outside of a secure connection to the network, any adversary controlling your traffic will be able to register your activity.
3) DNS or Domain Name System is used to translate domain names such as www.privacyinternational.org into numeric IP addresses, for example. 123.123.123.123, which are required to route data packets on the Internet.
4) Whenever your computer needs to contact a server on the Internet, for example when you enter a URL in your browser, your computer contacts the DNS server and asks for an IP address.
5) Most ISPs assign their customers a DNS server that they control and use to log and record your online activities.
6) Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer over the anonymity network.
7) DNS leaks pose a serious privacy threat as an anonymous network can provide a false sense of security while personal data is leaked.
8) If you are concerned about DNS leaks, you should also understand DNS transparent proxy technology to ensure that the solution you choose preserves your privacy.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is a DNS leak and why it mattersπ¨βοΈ
1) When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network.
2) If any traffic flows outside of a secure connection to the network, any adversary controlling your traffic will be able to register your activity.
3) DNS or Domain Name System is used to translate domain names such as www.privacyinternational.org into numeric IP addresses, for example. 123.123.123.123, which are required to route data packets on the Internet.
4) Whenever your computer needs to contact a server on the Internet, for example when you enter a URL in your browser, your computer contacts the DNS server and asks for an IP address.
5) Most ISPs assign their customers a DNS server that they control and use to log and record your online activities.
6) Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer over the anonymity network.
7) DNS leaks pose a serious privacy threat as an anonymous network can provide a false sense of security while personal data is leaked.
8) If you are concerned about DNS leaks, you should also understand DNS transparent proxy technology to ensure that the solution you choose preserves your privacy.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IMPORTANT 2020 HACKING TOOLS :'
Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
Shell Spawning (TTY Shell Spawning)
XSS Payloads
Basic SQLi payloads
Local file inclusion payloads (LFI)
Base64 Encoder / Decoder
Hash Generator (MD5, SHA1, SHA256, SHA512)
Useful Linux commands (Port Forwarding, SUID)
RSS Feed (Exploit DB and Cisco Security Advisories)
CVE Search Engine
Various method of data exfiltration and download from a remote machine
Download: https://github.com/LasCC/Hack-Tools
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IMPORTANT 2020 HACKING TOOLS :'
Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
Shell Spawning (TTY Shell Spawning)
XSS Payloads
Basic SQLi payloads
Local file inclusion payloads (LFI)
Base64 Encoder / Decoder
Hash Generator (MD5, SHA1, SHA256, SHA512)
Useful Linux commands (Port Forwarding, SUID)
RSS Feed (Exploit DB and Cisco Security Advisories)
CVE Search Engine
Various method of data exfiltration and download from a remote machine
Download: https://github.com/LasCC/Hack-Tools
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - LasCC/HackTools: The all-in-one browser extension for offensive security professionals π
The all-in-one browser extension for offensive security professionals π - LasCC/HackTools
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST HACKING TERMS:
Delete process record.
Alternative Process Implementation.
Redirecting data using Trojans.
Redirection and Disadvantages of Tripwire.
Driver for redirection.
Hiding files and directories.
Binary code fix.
"Keyhole" in the program.
Installing patches in the Windows NT kernel to block the entire security system.
Hardware virus.
Read and write operations for non-volatile memory.
Read and write operations for memory embedded in critical devices
CIH virus.
EEPROM memory and synchronization.
EEPROM memory on Ethernet network adapters.
Serial or parallel EEPROM.
How hardware burns out.
Manufacturers.
Discovery of devices using the CFI specification.
Identifying Devices Using ID or JEDEC ID Mode.
Low-level disk access.
Read / write operations for the master boot record (MBR).
Data corruption in CD images.
Adding network access to the driver.
Using the NDIS Library.
Putting the interface in promiscuous mode.
Finding the correct network adapter.
Using boron tags to keep a hacker safe.
Adding an interactive command interpreter.
Interrupts.
Interrupt request architecture.
Intercept interrupt.
The riddle of the programmable interrupt controller.
Registration of keystrokes.
Program for registering keystrokes in Linux-system.
Keystroke logger for Windows NT / / XP.
Keyboard controller.
Enhanced Hacking Toolkits.
Using the Hacking Toolkit as a Debugger.
Disable Windows system file protection.
Direct writing of data to physical memory.
Kernel buffer overflow.
"Infection" of the kernel image.
Redirecting execution.
Cracking Toolkit Discovery.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST HACKING TERMS:
Delete process record.
Alternative Process Implementation.
Redirecting data using Trojans.
Redirection and Disadvantages of Tripwire.
Driver for redirection.
Hiding files and directories.
Binary code fix.
"Keyhole" in the program.
Installing patches in the Windows NT kernel to block the entire security system.
Hardware virus.
Read and write operations for non-volatile memory.
Read and write operations for memory embedded in critical devices
CIH virus.
EEPROM memory and synchronization.
EEPROM memory on Ethernet network adapters.
Serial or parallel EEPROM.
How hardware burns out.
Manufacturers.
Discovery of devices using the CFI specification.
Identifying Devices Using ID or JEDEC ID Mode.
Low-level disk access.
Read / write operations for the master boot record (MBR).
Data corruption in CD images.
Adding network access to the driver.
Using the NDIS Library.
Putting the interface in promiscuous mode.
Finding the correct network adapter.
Using boron tags to keep a hacker safe.
Adding an interactive command interpreter.
Interrupts.
Interrupt request architecture.
Intercept interrupt.
The riddle of the programmable interrupt controller.
Registration of keystrokes.
Program for registering keystrokes in Linux-system.
Keystroke logger for Windows NT / / XP.
Keyboard controller.
Enhanced Hacking Toolkits.
Using the Hacking Toolkit as a Debugger.
Disable Windows system file protection.
Direct writing of data to physical memory.
Kernel buffer overflow.
"Infection" of the kernel image.
Redirecting execution.
Cracking Toolkit Discovery.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to install Apache mod_cloudflare on Debian ?
1) Cloudflare is the most popular service provider as a network provider.
This also includes DNS, DDoS protection and website security.
Cloudflare works as a reverse proxy server.
2) Once website traffic is routed through the Cloudflare network, the backend server does not know the visitor's actual IP address.
As a result, you will see the cloudflare IP address in the Apache logs.
3) Now the question is how to get the real IP of the visitor in the logs, and not the IP of Cloudflare.
To solve this problem, cloudflare provides an Apache module to get the real IP addresses of visitors and register them.
4) This guide will help you enable Apache mod_cloudflare module on Debian system.
It will register the IP address of the real visitor in the Apache access logs.
5) Installing Apache mod_cloudflare on Debian
Cloudflare provides an official module for Apache server to capture real IP address.
6) Add GPG - Open Terminal and run the following commands to enable adding the gpg key to your system.
7) sudo apt install curl
8) curl -C - https://pkg.cloudflare.com/pubkey.gpg | sudo apt-key add -
9) Add PPA - then add cloudflare repository to your debian system
10) echo "deb http://pkg.cloudflare.com/
11) Install the package - then update the Apt cache and install the libapache2-mod-cloudflare package on your Ubuntu system.
12) sudo apt update
13) sudo apt install libapache2-mod-cloudflare
14) Press "Y" to confirm the request during installation.
15) Restart Apache
16) After the installation is complete, restart the Apache2 service and check the active modules using the following commands.
17) sudo systemctl restart apache2
It's all.
18) The Apache server now logs the visitor's real IP address.
sudo apache2ctl -M
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to install Apache mod_cloudflare on Debian ?
1) Cloudflare is the most popular service provider as a network provider.
This also includes DNS, DDoS protection and website security.
Cloudflare works as a reverse proxy server.
2) Once website traffic is routed through the Cloudflare network, the backend server does not know the visitor's actual IP address.
As a result, you will see the cloudflare IP address in the Apache logs.
3) Now the question is how to get the real IP of the visitor in the logs, and not the IP of Cloudflare.
To solve this problem, cloudflare provides an Apache module to get the real IP addresses of visitors and register them.
4) This guide will help you enable Apache mod_cloudflare module on Debian system.
It will register the IP address of the real visitor in the Apache access logs.
5) Installing Apache mod_cloudflare on Debian
Cloudflare provides an official module for Apache server to capture real IP address.
6) Add GPG - Open Terminal and run the following commands to enable adding the gpg key to your system.
7) sudo apt install curl
8) curl -C - https://pkg.cloudflare.com/pubkey.gpg | sudo apt-key add -
9) Add PPA - then add cloudflare repository to your debian system
10) echo "deb http://pkg.cloudflare.com/
lsb_release -cs main" | sudo tee /etc/apt/sources.list.d/cloudflare.list 11) Install the package - then update the Apt cache and install the libapache2-mod-cloudflare package on your Ubuntu system.
12) sudo apt update
13) sudo apt install libapache2-mod-cloudflare
14) Press "Y" to confirm the request during installation.
15) Restart Apache
16) After the installation is complete, restart the Apache2 service and check the active modules using the following commands.
17) sudo systemctl restart apache2
It's all.
18) The Apache server now logs the visitor's real IP address.
sudo apache2ctl -M
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to test SSH connection with a remote host ?
1) Using bash's timeout utility to test the SSH connection
The / usr / bin / timeout utility is installed by default on most distributions that come with the coreutils rpm on Linux
2) Check if coreutils is installed on your server
# rpm -q coreutils
coreutils-8.22-24.el7.x86_64
We can use this utility to test the SSH connection by checking the status of port 22.
Syntax:
# timeout <value> bash -c "</ dev / tcp / <server> / <port>"
3) Here server2 is my target host, I will execute the command with a timeout value of 5s on port 22
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
4) If the output status is 0 it means the test ssh connection was successful
# echo $?
0
5) Or if you get " connection refused " with a non-zero output state, then the test SSH connection failed
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
bash: connect: Connection refused
bash: /dev/tcp/10.10.10.10/22: Connection refused
# echo $?
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22
# cat /tmp/check_connectivity.sh
#! / bin / bash
server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout
timeout $ connect_timeout bash -c "</ dev / tcp / $ server / $ port"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to test SSH connection with a remote host ?
1) Using bash's timeout utility to test the SSH connection
The / usr / bin / timeout utility is installed by default on most distributions that come with the coreutils rpm on Linux
2) Check if coreutils is installed on your server
# rpm -q coreutils
coreutils-8.22-24.el7.x86_64
We can use this utility to test the SSH connection by checking the status of port 22.
Syntax:
# timeout <value> bash -c "</ dev / tcp / <server> / <port>"
3) Here server2 is my target host, I will execute the command with a timeout value of 5s on port 22
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
4) If the output status is 0 it means the test ssh connection was successful
# echo $?
0
5) Or if you get " connection refused " with a non-zero output state, then the test SSH connection failed
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
bash: connect: Connection refused
bash: /dev/tcp/10.10.10.10/22: Connection refused
# echo $?
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22
# cat /tmp/check_connectivity.sh
#! / bin / bash
server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout
timeout $ connect_timeout bash -c "</ dev / tcp / $ server / $ port"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack ssh methode
use telnet to test the SSH connection ?
1) Telnet is another very handy tool for checking port status.
/ usr / bin / telnet is provided by the telnet rpm package which is part of the default repositories and you don't need any third party repository to install
Check if telnet is installed
# rpm -q telnet
telnet-0.17-65.el7_8.x86_64
π¦Syntax
# telnet <server> <port>
2) But since our ultimate goal is automation, we'll set up the syntax like this:
# echo quit | telnet <server> <port> 2> / dev / null | egrep -qi Connected
3) Let's use this to test SSH connection on Linux.
If we see grep output " Connected " then port 22 is available and SSH connection is possible
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
0
Reverse option:
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
1
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22
# cat /tmp/check_connectivity.sh
#! / bin / bash
server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout
echo quit | telnet $ server $ port 2> / dev / null | egrep -qi "Connected"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack ssh methode
use telnet to test the SSH connection ?
1) Telnet is another very handy tool for checking port status.
/ usr / bin / telnet is provided by the telnet rpm package which is part of the default repositories and you don't need any third party repository to install
Check if telnet is installed
# rpm -q telnet
telnet-0.17-65.el7_8.x86_64
π¦Syntax
# telnet <server> <port>
2) But since our ultimate goal is automation, we'll set up the syntax like this:
# echo quit | telnet <server> <port> 2> / dev / null | egrep -qi Connected
3) Let's use this to test SSH connection on Linux.
If we see grep output " Connected " then port 22 is available and SSH connection is possible
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
0
Reverse option:
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
1
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22
# cat /tmp/check_connectivity.sh
#! / bin / bash
server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout
echo quit | telnet $ server $ port 2> / dev / null | egrep -qi "Connected"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to audit NoSQL for vulnerabilities?
(SQL injection is one of the popular attack methods, but it is applied not only in SQL (relational database), but also in NoSQL (non-SQL or also known as non-relational database))/
A) NoSQLMap
NoSQLMap is a tiny open source Python-based utility capable of auditing for misconfiguration and automating injection attacks.
It currently supports the following databases.
1) MongoDB
2) CouchDB
3) Redis
4) Cassandra
5) To install NoSQLMap you need the Git module, Python and Setuptools, which you can install below using Ubuntu example.
-apt-get install python
-apt-get install python-setuptools
-After installing Python, follow the instructions to install NoSQLMAP.
-git clone https://github.com/codingo/NoSQLMap.git
-python setup.py install
-After that, you can run ./nosqlmap.py from the cloned GIT directory:
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
π¦You need to set a goal by going to option 1 before testing.
Mongoaudit
7) As the name suggests, it is MongoDB specific.
Mongoaudit is good for performing a penetration test to find bugs, misconfigurations, and potential risks.
It is tested against many best practices, including the following.
8) Is MongoDB running on default port and HTTP interface enabled
9) Is the base secured with TLS, authentication
10) Authentication Method
11) CRUD operations
12) for install
You can use pip command.
pip install mongoaudit
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to audit NoSQL for vulnerabilities?
(SQL injection is one of the popular attack methods, but it is applied not only in SQL (relational database), but also in NoSQL (non-SQL or also known as non-relational database))/
A) NoSQLMap
NoSQLMap is a tiny open source Python-based utility capable of auditing for misconfiguration and automating injection attacks.
It currently supports the following databases.
1) MongoDB
2) CouchDB
3) Redis
4) Cassandra
5) To install NoSQLMap you need the Git module, Python and Setuptools, which you can install below using Ubuntu example.
-apt-get install python
-apt-get install python-setuptools
-After installing Python, follow the instructions to install NoSQLMAP.
-git clone https://github.com/codingo/NoSQLMap.git
-python setup.py install
-After that, you can run ./nosqlmap.py from the cloned GIT directory:
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
π¦You need to set a goal by going to option 1 before testing.
Mongoaudit
7) As the name suggests, it is MongoDB specific.
Mongoaudit is good for performing a penetration test to find bugs, misconfigurations, and potential risks.
It is tested against many best practices, including the following.
8) Is MongoDB running on default port and HTTP interface enabled
9) Is the base secured with TLS, authentication
10) Authentication Method
11) CRUD operations
12) for install
You can use pip command.
pip install mongoaudit
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - codingo/NoSQLMap: Automated NoSQL database enumeration and web application exploitation tool.
Automated NoSQL database enumeration and web application exploitation tool. - codingo/NoSQLMap