🦑 After This Tutorial
Are able to -take some ideas about firewalls and configurations ..
E N J O Y B Y U N D E R C O D E

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Network and Web Pentest Automation Framework
twitter.com/UndercOdeTC

> Features

🦑Pentest Toolbox management

1) Selection of Tools: Compilation of 50+ open-source tools & scripts, from various sources.

2) Docker-based: Application packaged in a Docker image running Kali OS, available on Docker Hub.

3) Ready-to-use: All tools and dependencies installed, just pull the Docker image and run a fresh container.

4) Updates made easy: Easily keep the whole toolbox up-to-date by running only one command.

5) Easy Customization: Easily add/remove tools from a simple configuration file.

6) Network Infrastructure Security Assessment
Many supported Services: Target most common TCP/UDP services (HTTP, FTP, SSH, SMB, Oracle, MS-SQL, MySQL, PostgreSQL, VNC, etc.).
Combine Power of Tools: Each security check is performed by a tool from the toolbox. Attacks are performed by chaining security checks.

7) Context Awareness: Security checks to run are selected and adapted according to the context of the target (i.e. detected technologies, credentials, vulnerabilities, etc.).

8) Reconnaissance: Automatic fingerprinting (product detection) of targeted services is performed.

9) CVE Lookup: When product names and their versions are detected, a vulnerability lookup is performed on online CVE databases (using Vulners & CVE Details).

10) Vulnerability Scanning: Automatically check for common vulnerabilities and attempt to perform some exploitations (auto-pwn).

11) Brute-force Attack: Automatically check for default/common credentials on the service and perform dictionnary attack if necessary.

12) Wordlists are optimized according to the targeted services.
Post-authentication Testing: Automatically perform some post-exploitation checks when valid credentials have been found.
Web Security Assessment

13) Large Focus on HTTP: More than 60 different security checks targeting HTTP supported for now.

14) Web Technologies Detection: Fingerprinting engine based on Wappalyzer is run prior to security checks, allowing to detect: Programming language, Framework, JS library, CMS, Web & Application Server.

15) Server Exploitation: Automatically scan and/or exploit most critical vulnerabilities (e.g. RCE) on web and application servers (e.g. JBoss, Tomcat, Weblogic, Websphere, Jenkins, etc.).

16) CMS Vulnerability Scanning: Automatically run vulnerability scanners on most common CMS (Wordpress, Drupal, Joomla, etc.).

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Pull Jok3r Docker Image:

> sudo docker pull koutto/jok3r

2) Run fresh Docker container:

> sudo docker run -i -t --name jok3r-container -w /root/jok3r -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --shm-size 2g --net=host koutto/jok3r

3) To re-run a stopped container:

> sudo docker start -i jok3r-container

4) To open multiple shells inside the container:

> sudo docker exec -it jok3r-container bash

5) To re-run a stopped container:

>sudo docker start -i jok3r-container

6) To open multiple shells inside the container:

> sudo docker exec -it jok3r-container bash

7)Show all the tools in the toolbox:

> python3 jok3r.py toolbox --show-all

8) Install all the tools in the toolbox (already done in Docker container):

> python3 jok3r.py toolbox --install-all --auto

9) Update all the tools in the toolbox and prompt each time to check update:

> python3 jok3r.py toolbox --update-all

10) Update all the tools in the toolbox without any prompt:

> python3 jok3r.py toolbox --update-all --auto

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 TIS Firewall Toolkit (FWTK)

the difference between the 4.2 TIS Firewall Toolkit and SOCKS by UndercOde :
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) job of installing a firewall. These software are basically the same as SOCKS software, but the design strategy is different

> SOCKS using a set of Internet-related software performs all work, and TIS for each wish to use
a firewall utility provides a software. To illustrate the difference between the two, take world wide
web and Telnet as examples! In SOCKS, set a configuration file and a

2) After a daemon, both telnet and WWW can start to work, and other functions that have not been closed can also work

3) However, in TIS, you must set up separate configuration files and daemons for both WWW and telnet. After this
is set, the other functions are still unable to use the internet, unless you also make the relevant settings for these functions.

4) If a function (eg talk) no daemon, though there are "" plug-in "" daemon is available, but it is not
as flexible as other tools, but also easy to set. This may seem trivial, but it makes a big difference. Provided
comparison can be freely set when the SOCKS. If you set the SOCKS server is not perfect, from the internal network can be called up
with the original it does not intend to provide the internet functionality.

5) Such as the use of TIS, it can only be called from within the network system management
functions provided to you. SOCKS is easy to set up, easy to edit, and flexible. To ensure control by the
user within the protected network, the TIS higher security. But Both provide absolute protection, no outside
law to enter.


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to create a fake AP and sniff data With Kali-Parrot-updated 2019 ?
Pinterest.com/UndercOdeOfficial

🦑features:
SSLstrip2
Driftnet
Tshark
Full featured access point, with configurable speed limit
mitmproxy
Wireshark
DNS Spoofing

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/xdavidhu/mitmAP

2) cd mitmAP

3) python3 mitmAP.py

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 kernel editor- full Tutorial by Underc0de

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) Firstly Linux version to reinstall the Linux system (I used RedHat 3.0.3, after which are examples of this
version will prevail). The fewer the system software installed, the less problems and vulnerabilities, because these problems and vulnerability
problems on the system will be safe, so long as the minimum amount sufficient to install the software can be.

2) Selection of a stable
set of core. My system uses the Linux 2.0.14 kernel. So this file is set up with this kernel

3) As the basis. Re-edit the kernel based on the appropriate options. If you have not read
too Kernel HOWTO, Ethernet HOWTO and NET-
🦑 HOWTO, this time may wish to use this opportunity to read a
reading these HOWTO. Following are the network related settings in 'make config'.

> In General setup
Set Networking Support to ON

<> In Networking Options

1) Set Network firewalls to ON

Set TCP / IP Networking to ON

2) Set IP forwarding / gatewaying to OFF (unless you want to use IP filtering )

3) Set IP Firewalling to ON

4) Set IP firewall packet loggin to ON (not required, it is better to set it)

5) Set IP: masquerading to OFF (outside the scope of this article)

6) Set IP: accounting to ON

7) Set IP: tunneling to OFF

8) Set IP: aliasing to OFF.

9) Set IP: PC / TCP compatibility mode to OFF

10) Set IP: Reverse ARP to OFF

11) Set Drop source routed frames to ON

🦑 Network device support under item

1) Network device support is provided to the ON

2) Dummy net driver support is provided to the ON

3) disposed Ethernet (10 or 100Mbit) to the ON

4) Select the network card

is now re-edited and re-install the kernel, Restart. The network card should be displayed in the startup prompt. If you

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To set two network cards, and network adress via firewalls ?
T.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

> PC if two network cards, most likely need to add a line in /etc/lilo.conf profile, indicating two
IRQ and address of the network card. In my machine, the added line of lilo.conf file is as follows:
append = "" ether = 12,0x300, eth0 ether = 15,0x340, eth1 ""

> Setting Network Addresses

1) Since the Internet is not going to let any of its own into the network of
any part, so the network does not require the actual URL. Stay in the Internet in a number of network addresses allows
free to use, because somehow need to address its own network, and these can not enter Internet addresses, stir
muddy globally. So you might choose these addresses. In these addresses, 192.168.2.XXX is retained in the
address, and therefore to use these addresses for illustration.

2) Because the proxy server is on two networks at the same time, it can send data from both sides in the middle.

199.1.2.10 ______ 192.168.2.1
_ _ | | / _____________
| / / | | | / | |
Internet ------------- | Firewall | -------- ----------- | Workstation |
_ / _ / _ / _ / | _____ | | __________ |

3) If you want to set a filtering firewall, you can still use these URLs, but you must use IP masquerading. After this
type of setting, the firewall will transfer the data packet, and attach the actual IP address sent to the Internet. In the network card
Internet end (outer end) of the first set the real IP address of the Ethernet card in the end provided
is 192.168.2.1.

4) This is the IP address of the proxy / gateway for this computer. Protected within all other network
computers can be selected in any 192.168.2.xxx as the address (from 192.168.2.2
to 192.168.2.254). In RedHat Linux,
an ifcfg-eth1 file must be added to the / etc / sysconfig / network-scripts directory, so that the
network and routing table can be set through this file during startup . The parameters of ifcfg-eth1 can be set as follows:
#! / bin / sh
# >>> Device type: ethernet
# >>> Variable declarations:
DEVICE = eth1
IPADDR = 192.168.2.1
NETMASK = 255.255.255.0
NETWORK = 192.168.2.0
BROADCAST = 192.168.2.255
GATEWAY = 199.1.2.10
ONBOOT = yes
# >>> End variable declarations You

5) can try these parameters to make the modem and ISP automatically connect. May wish to look at the ipup-ppp file. The data unit and
connected to the Internet, ISP assigns the IP address when connecting the outer end.

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Information gathering:
> Parrot-Kali Linux operating system provides some tools that can help users organize and organize the data of the target host, so that users get better late reconnaissance
twitter.com/UndercOdeTC

🦑 tools as follows:

Enumeration service

Test network range;

Identify active hosts and view open ports;

System fingerprint identification;

Service fingerprint identification;

Other means of information collection;

Use Maltego to collect information;

Draw a network diagram.

🦑so lets start Those Tutorials on Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 DNS enum tool DNSenum- for info gathring :
fb.com/UndercOdeTestingCompany

1) DNSenum is a very powerful tool for collecting domain name information.

2) It can guess possible domain names through Google or dictionary files, and perform reverse query on a network segment.

3) it can not only query website host address information, domain name server and mail exchange records, but also perform axfr requests on the domain name server, and then obtain extended domain name information through Google scripts, extract subdomain names and query, finally calculate class C addresses and execute whois Query, perform a reverse query, and write the address segment to a file.

4) This section will introduce checking DNS enumeration using DNSenum tool. Execute the following command in the terminal:
root@kali:~# dnsenum --enum benet.com
dnsenum.pl VERSION:

Warning: can't load Net::Whois::IP module, whois queries disabled.
----- benet.com -----
Host's addresses:
__________________
benet.com. 86400 IN A 192.168.41.131
benet.com. 86400 IN A 127.0.0.1
Name Servers:
______________
benet.com. 86400 IN A 127.0.0.1
benet.com. 86400 IN A 192.168.41.131
www.benet.com. 86400 IN A 192.168.41.131
Mail (MX) Servers:
___________________
mail.benet.com. 86400 IN A 192.168.41.2

> Trying Zone Transfers and getting Bind Versions:
The output shows detailed information about the DNS service.

> These include host addresses, domain name service addresses, and mail service addresses. If you are lucky, you can also see a regional transmission.

> When using the DNSenum tool to check DNS enumeration, you can use some additional options of dnsenum as shown below.

--threads [number]: Sets the number of users running multiple processes simultaneously.

-r: Allows the user to enable recursive queries.

-d: Allows the user to set the number of time delays (in seconds) between WHOIS requests.

-o: Allows the user to specify the output location.

-w: Allow users to enable WHOIS requests.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SNMP Enumeration Tool Snmpwalk - information gathering :
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) Snmpwalk is an SNMP application.

2) It uses the SNMP GETNEXT request to query all specified OID (object identification in SNMP) tree information and display it to the user. This section will demonstrate the use of the Snmpwalk tool.
[Example 4-1] Use the Snmpwalk command to test the Windows host.

🦑 The execution command is as follows:
root@kali:~# snmpwalk -c public 192.168.41.138 -v 2c
iso.3.6.1.2.1.1.1.0 = STRING: "Hardware: x86 Family 6 Model 42 Stepping 7 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.311.1.1.3.1.1
iso.3.6.1.2.1.1.3.0 = Timeticks: (49046) 0:08:10.46
iso.3.6.1.2.1.1.4.0 = ""
iso.3.6.1.2.1.1.5.0 = STRING: "WIN-RKPKQFBLG6C"
iso.3.6.1.2.1.1.6.0 = ""
iso.3.6.1.2.1.1.7.0 = INTEGER: 76
iso.3.6.1.2.1.2.1.0 = INTEGER: 19
iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.1.3 = INTEGER: 3
iso.3.6.1.2.1.2.2.1.1.4 = INTEGER: 4
iso.3.6.1.2.1.2.2.1.1.5 = INTEGER: 5
iso.3.6.1.2.1.2.2.1.1.6 = INTEGER: 6
……
iso.3.6.1.2.1.2.2.1.1.16 = INTEGER: 16
iso.3.6.1.2.1.2.2.1.1.17 = INTEGER: 17
iso.3.6.1.2.1.2.2.1.1.18 = INTEGER: 18
iso.3.6.1.2.1.2.2.1.1.19 = INTEGER: 19
iso.3.6.1.2.1.2.2.1.2.1 = Hex-STRING: 53 6F 66 74 77 61 72 65 20 4C 6F 6F 70 62 61 63
6B 20 49 6E 74 65 72 66 61 63 65 20 31 00
iso.3.6.1.2.1.2.2.1.2.2 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 53 53
54 50 29 00
iso.3.6.1.2.1.2.2.1.2.3 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 4C 32
54 50 29 00
iso.3.6.1.2.1.2.2.1.2.4 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 50 50
……
iso.3.6.1.2.1.55.1.8.1.5.11.16.254.128.0.0.0.0.0.0.149.194.132.179.177.254.120.40 = INTEGER: 1
iso.3.6.1.2.1.55.1.8.1.5.12.16.254.128.0.0.0.0.0.0.0.0.94.254.192.168.41.138 = INTEGER: 1
iso.
iso.3.6.1.2.1.55.1.9.0 = Gauge32: 9
iso.3.6.1.2.1.55.1.10.0 = Counter32: 0

3) The above output shows all the information on the Windows host 192.168.41.138.

4) Users can also use the snmpwalk command to enumerate the installed software.

> The execution command is as follows:
root@kali:~# snmpwalk -c public 192.168.41.138 -v 1 | grep ftp
The output is as follows:
iso.3.6.1.2.1.25.4.2.1.5.3604 = STRING: "-k ftpsvc"

5) The output indicates that the 192.168.41.138 host has the ftp package installed.

6) The Snmpwalk tool can also be used to enumerate the TCP ports opened on the target host. The execution command is as follows:
root@kali:~# snmpwalk -c public 192.168.41.138 -v 1 | grep tcpConnState | cut -d "." -f6 | sort -nu
21
25
80
443

7) The output shows the ports opened by the host 192.168.41.138. Such as 21, 25, 80, and 443, a total of 4 port numbers are opened.

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Scapy- info gathering-kali-parrot :

1) Scapy is a powerful interactive packet processing tool, packet generator, network scanner, network discovery tool and packet sniffing tool.

2) It provides multiple types of functions such as interactively generating data packets or data packet collections, operating on data packets, sending data packets, packet sniffing, response and feedback matching. .

3) Use Scapy to implement multi-line parallel trace routing function.

🦑 Start the Scapy tool. The execution command is shown below.

1) root@kali:~# scapy

INFO: Can't import python gnuplot wrapper . Won't be able to plot.
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)
>>>

When you see the >>> prompt, it means that the scapy command is successfully logged in.

2) Use the sr () function to send and receive data packets. The execution command is as follows:

>>> ans,unans=sr(IP(dst="www.undercodetestsite.com/30",ttl=(1,6))/TCP())

3) Begin emission:
.****Finished to send 24 packets.
………***************…………………………………..^C #Ctrl+C
Received 70 packets, got 19 answers, remaining 5 packets
After executing the above command, it will automatically establish a connection with www.undercodetestsite.com After a few minutes of execution, use Ctrl + C to terminate receiving packets. From the output information, you can see that 70 data packets were received, 19 response packets were obtained, and 5 packets were retained.

4) View the packet sending situation in the form of a table. The execution command is as follows:

>>> ans.make_table(lambda(s,r):(s.dst,s.ttl,r.src))

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How To Use Nmap to Identify Active Hosts
The previous section introduced the concepts and functions of the Nmap tool. Use this tool now to test active hosts on a network.
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) Use Nmap to see if a host is online. The execution command is as follows:

> root@kali:~# nmap -sP 192.168.41.136

2) Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 17:54 CST
Nmap scan report for www.benet.com (192.168.41.136)

Host is up (0.00028s latency).

MAC Address: 00:0C:29:31:02:17 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

From the output information, you can see the domain name, online and

MAC address of the host 192.168.41.136.

Users can also use Nping (Nmap kit) to view, can get more detailed

🦑information. The execution command is as follows:

> root@kali:~# nping --echo-client "public" echo.nmap.org

> Starting Nping 0.6.40 ( http://nmap.org/nping ) at 2014-04-21 17:53 CST

> SENT (1.6030s) ICMP [192.168.41.234 > 74.207.244.221 Echo request (type=8/code=0) id=45896 seq=1] IP [ttl=64 id=1270 iplen=28 ]
RCVD (1.7971s) ICMP [74.207.244.221 > 192.168.41.234 Echo reply (type=0/code=0) id=45896 seq=1] IP [ttl=128 id=64157 iplen=28 ]
SENT (2.6047s) ICMP [192.168.41.234 > 74.207.244.221 Echo request (type=8/code=0) id=45896 seq=2] IP [ttl=64 id=1270 iplen=28 ]
RCVD (2.6149s) ICMP [74.207.244.221 > 192.168.41.234 Echo reply (type=0/code=0) id=45896 seq=1] IP [ttl=128 id=64159 iplen=28 ]
SENT (3.6289s) ICMP [192.168.41.234 > 74.207.244.221 Echo request (type=8/code=0) id=45896 seq=3] IP [ttl=64 id=1270 iplen=28 ]
RCVD (3.6322s) ICMP [74.207.244.221 > 192.168.41.234 Echo reply (type=0/code=0) id=45896 seq=1] IP [ttl=128 id=64161 iplen=28 ]

> SENT (5.6454s) ICMP [192.168.41.234 > 74.207.244.221 Echo request (type=8/code=0) id=45896 seq=5] IP [ttl=64 id=1270 iplen=28 ]
RCVD (5.6455s) ICMP [74.207.244.221 > 192.168.41.234 Echo reply (type=0/code=0) id=45896 seq=1] IP [ttl=128 id=64164 iplen=28 ]
Max rtt: 193.736ms | Min rtt: 0.042ms | Avg rtt: 70.512ms
Raw packets sent: 5 (140B) | Rcvd: 11 (506B) | Lost: 0 (0.00%)| Echoed: 0 (0B)

> Nping done: 1 IP address pinged in 6.72 seconds

🦑 The output information shows the data sent when connected to the echo.nmap.org website, such as the time of sending the packet, the time of receiving, the TTL value, and the round trip time.
The user can also send some hexadecimal data to the specified port, as shown below:

> root@kali:~# nping -tcp -p 445 -data AF56A43D 192.168.41.136
Starting Nping 0.6.40 ( http://nmap.org/nping ) at 2014-04-21 17:58 CST
SENT (0.0605s) TCP 192.168.41.234:14647 > 192.168.41.136:445 S ttl=64 id=54933 iplen=44 seq=3255055782 win=1480
RCVD (0.0610s) TCP 192.168.41.136:445 > 192.168.41.234:14647 RA ttl=64 id=0 iplen=40 seq=0 win=0
SENT (1.0617s) TCP 192.168.41.234:14647 > 192.168.41.136:445 S ttl=64 id=54933 iplen=44 seq=3255055782 win=1480
RCVD (1.0620s) TCP 192.168.41.136:445 > 192.168.41.234:14647 RA ttl=64 id=0 iplen=40 seq=0 win=0

🦑The output information shows the TCP transmission process between 192.168.41.234 and the target system 192.168.41.136. Some common network layer attacks are simulated by sending data packets to the designated ports to verify the defense of the target system against these tests.

E N J O Y
Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Setting ProxyChains full by Underc0de:
twitter.com/UndercOdeTc

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) ProxyChains is a proxy tool for Linux and other Unices. It can make any program go online through a proxy, allow TCP and DNS to pass through a proxy tunnel, support HTTP, SOCKS4 and SOCKS5 proxy servers, and can configure multiple proxies.

2) ProxyChains forcibly connects the specified application through a user-defined proxy list, and directly disconnects the receiver and the sender.

3) This section describes how to set up ProxyChains.

🦑 The specific steps for setting ProxyChains are shown below.

1) Open the ProxyChains configuration file. The execution command is as follows:

> root@Kali:~# vi /etc/proxychains.conf

2) After executing the above command, the contents of the open file are as follows:
# proxychains.conf VER 3.1

# HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
#
# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
#dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
#random_chain
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see chain_len) from the list.
# this option is good to test your IDS :)
The output is the content of the proxychains.conf file. Due to space reasons, only some of them are listed here.

3) Cancel the comment character in front of dynamic_chain in proxychains.conf file. The configuration item to be modified is the bold part above, as shown below:
dynamic_chain

4) Add some proxy servers to the list (at the end of the proxychains.conf file), as shown below:
# ProxyList format
# type host port [user pass]
# (values separated by 'tab' or 'blank')
#
#
Examples:

socks5 192.168.67.78 1080 lamer secret
http 192.168.89.3 8080 justu hidden
# socks4 192.168.1.49 1080
# http 192.168.39.93 8080
#
#
# proxy types: http, socks4, socks5
# ( auth types supported: "basic"-http "user/pass"-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 9050
socks5 98.206.2.3 1893
socks5 76.22.86.170 1658
-- 插入 --
The bold part in the above information is the added proxy server.

5) Resolve the target host through the user's connection agent. The execution command is as follows:

> root@kali:~# proxyresolv www.target.com
By default, when you execute the proxyresolv command, you may see that the command does not find an error message.

6) Because proxyresolv is stored in the / usr / lib / proxychains3 / directory, it cannot be executed. proxyresolv will be called by proxychains, so put these two files in a directory like / usr / bin. The execution command is as follows:

> root@kali:~# cp /usr/lib/proxychains3/proxyresolv /usr/bin/
After executing the above command, the proxyresolv command can be executed.

7) Run ProxyChains through the application that the user wants to use, for example, start msfconsole. The execution command is as follows:
root@kali:~# proxychains msfconsole
ProxyChains-3.1 (http://proxychains.sf.net)
|DNS-request| 0.0.0.0
|S-chain|-<>-127.0.0.1:9050-<--timeout
|DNS-response|: 0.0.0.0 is not exist
, ,
/ \
((---,,,---))
(_) O O (_)_________
\ _ / |\
o_o \ M S F | \
\ _____ | *
||| WW |||
||| |||

Tired of typing 'set RHOSTS'? Click & pwn with Metasploit Pro
-- type 'go_pro' to launch it now.

=[ metasploit v4.7.0-2013082802 [core:4.7 api:1.0]
+ -- --=[ 1161 exploits - 641 auxiliary - 180 post
+ -- --=[ 310 payloads - 30 encoders - 8 nops

msf >
8) After executing the above command, if you see the msf> prompt, it means that msfconsole started successfully. Indicates that ProxyChains is successfully set.

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Directory Encryption-kali linux :

A directory encryption tool TrueCrypt is provided in Kali.
> This tool is an open source green encryption volume encryption software, which does not need to generate any files to create a virtual disk on the hard disk.
pinterest.com/UnderCodeOfficial

> Users can access by the drive letter, so the files on the virtual disk are automatically encrypted, and they need to be decrypted with a password.
> TrueCrypt provides a variety of encryption algorithms, including AES, Serpent, Twofish, AES-Twofish, and AES-Twofish-Serpent. This section will introduce the use of TrueCrypt tools.


🦑 Create encrypted directory
Use TrueCrypt tool to encrypt the directory. The specific operation steps are shown below.

1) Start TrueCrypt tool. Execute the following command in the terminal:

> root@kali:~# truecrypt

> After executing the above command, the interface shown
2) Click the Create Volume button on this interface, and the interface shown

3) In this interface, choose to create a volume container. Here, select the default Create an encrypted file container option and click the Next button

4) Specifying a new TrueCrypt volume

> Specify a name and location for the new volume on this interface. The volume name created here is CryptVolume, and it is stored in the / root directory. Then click the "Save" button

5) Volume Location

> In this interface, you can see the name and location of the volume created earlier. Then click the Next button

6) Encryption Options

Select the encryption algorithm in this interface, here select the default encryption algorithm AES, and then click Next button

7) Volume Size

> Specify the volume size as 10GB on this interface, and then click the Next button

8) Volume Password

> Enter a volume password on this interface, and then click the Next button

9) Warning message

> The interface prompts that the password set is too short, and the recommended size is 20 characters. If you confirm that you want to use the password, click the "Yes" button, and the interface shown

10) Format Options

Select the file system type on this interface. The default is FAT. The tool also supports Linux Ext2, Linux EXt3, and Linux Ext4 file types. Select Linux Ext4 here and click the Next button.

11) Cross-Platform Support

<> This interface selects a platform for mounting the volume.
> mount the volume only on Linux. Click the Next button to display the interface

12) Volume Format

Now you want to format the volume created earlier. At this time, click the Format button

13) Format process

The interface displays the formatted progress, speed, and time. After the process is finished a prompt message appear

14) TrueCrypt volume created successfully

it means that the TrueCrypt volume was created successfully. At this point, click the "OK" button

15) Volume Created

At this point, the TrueCrypt volume is created. If you want to create another TrueCrypt volume, click the Next button. Otherwise click the Exit button. After clicking the Exit button, you will return to the interface

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 What is Vulnerability Scanning ?
t.me/UndercOdeTesting

1) A vulnerability scanner is a program that automatically finds and discovers security vulnerabilities in computers, information systems, networks, and applications.

2) It detects the target system through the network, generates data to the target system, and matches the feedback data with its own vulnerability signature database, and then lists the security vulnerabilities existing on the target system. Vulnerability scanning is an indispensable method to ensure system and network security.

3) In the face of Internet intrusion, if users can find security vulnerabilities through network scanning as early as possible according to the specific application environment, and take appropriate measures to repair them in a timely manner. It can effectively prevent the occurrence of intrusion events.

4) Since the work is relatively boring, we can implement it with some convenient tools, such as Nessus and OpenVAS.
Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Install and configure Nessus :

> In order to locate vulnerabilities on the target system, Nessus relies on the format of feeds to implement vulnerability checks. Nessus official website provides two versions: Home Edition and Professional Edition.

1) Home Edition: Home Edition is for non-commercial or personal use.

> The home version is more suitable for personal use and can be used in non-professional environments.

2) Professional: Professional is for commercial use. It includes support or additional features such as wireless concurrent connections.

> This section uses the home version of Nessus to introduce its installation.

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Download the Nessus software package. Nessus's official download address is http://www.tenable.com/products/nessus/select-your-operating-system .

2) Enter the address in the browser, and the interface will shown

3) Nessus download interface

> Under Download Nessus on the left side of the interface, click Linux and choose to download the Nessus-5.2.6- debian6_i386.deb package

4) Receiving a license

> Click the Agree button on this interface and the download will start. Then save the downloaded package to the location you want to save.

> After downloading the Nessus software package, you can now install the tool. The execution command is as follows:

> root@kali:~# dpkg -i Nessus-5.2.6-debian6_i386.deb
Selecting previously unselected package nessus.

5) All plugins loaded

- You can start nessusd by typing /etc/init.d/nessusd start
- Then go to https://kali:8834/ to configure your scanner

> If you see a similar output message above, the Nessus software package is successfully installed. Nessus will be installed by default in the / opt / nessus directory.

6) Start Nessus. The execution command is as follows:
root@kali:~# /etc/init.d/nessusd start

$Starting Nessus

7) Plug-in program

private: Only you can use this policy to scan.

shared: Other users can also use this policy to scan.

8) This interface displays all plug-in programs, and all are started by default. In this interface,

> you can click the Disable All button to disable all launched plug-in programs. Then specify the plug-in programs that need to be started, such as the Debian Local Security Checks and Default Unix Accounts plug-in programs

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁