β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦NETWORK ATTACKs & How works For beginers by Undercode
t.me/UndercodeTesting
1) Illegal use of wireless network: Campus wireless network often happens to send advertising letters, infringing intellectual property rights; and the hacker's favorite wireless network is a wireless network that does not require certification, such as school teachers and students often set up by themselves Wireless network, and using a wireless network access point that has not changed the factory settings at all, can easily be used by hackers to do illegal things. Finally, the teachers and students who set up the wireless network access point are the ones behind it.
2) Eavesdropping (Eavesdropping): Eavesdropping refers to intruders monitoring wireless network communication content and using the eavesdropping content to obtain the victim's personal information such as account / password; the most common example is to steal the victim's login account when logging in to the wireless network password.
3) Traffic Analysis: Traffic analysis is to analyze the traffic, content, and behavior of wireless network communications. Through the analysis of communication content or traffic, you can obtain considerable data on the target network, such as: server address, Communication mode, etc.
4) Masquerade: Masquerade refers to an attacker setting up an illegally disguised wireless network system to deceive users. For example, an attacker can set a wireless network identification code (SSID, Service Set Identifier) ββthat requires authentication, such as disguising the wireless network ntu system of NTU campus, after defrauding the victim βs account account password, log in to the school and use the account account password Any system certified.
5) Replay: Replay means that the attacker will resend some communication content (such as authentication information) intercepted from the wireless network to deceive the wireless network authentication system.
6) Message Modification: Message modification refers to an attacker adding, deleting, or changing the content of wireless network communications.
7) Denial of service: Denial of service is probably the most familiar attack method. Attackers use various possible methods (ICMP flooding, UDP flooding, etc.) to prevent users and administrators from obtaining system resources. And services. However, the bandwidth of wireless network users is much lower than that of back-end wired devices, so when encountering a service denial attack, other users who are using wireless networks will not easily notice. However, there is another type of service blocking attack that exploits IP protocol vulnerabilities. For example, the attacker acts as a DHCP server to allow the user to obtain an incorrect IP when requesting an IP. Another example is when the attacker tells the user to attack via ARP (Address Resolution Protocol). The user's computer is the default gateway (Default Gateway). At this time, the user's traffic goes to the attacker's computer, and the victim cannot use the wireless network.
8) Man-in-the-middle attack: refers to an attacker who can act as a man-in- the-middle, allowing communication between the two ends to pass through him, and reading, inserting, and changing the transmission without the knowledge of both ends of the communication message.
γWRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦NETWORK ATTACKs & How works For beginers by Undercode
t.me/UndercodeTesting
1) Illegal use of wireless network: Campus wireless network often happens to send advertising letters, infringing intellectual property rights; and the hacker's favorite wireless network is a wireless network that does not require certification, such as school teachers and students often set up by themselves Wireless network, and using a wireless network access point that has not changed the factory settings at all, can easily be used by hackers to do illegal things. Finally, the teachers and students who set up the wireless network access point are the ones behind it.
2) Eavesdropping (Eavesdropping): Eavesdropping refers to intruders monitoring wireless network communication content and using the eavesdropping content to obtain the victim's personal information such as account / password; the most common example is to steal the victim's login account when logging in to the wireless network password.
3) Traffic Analysis: Traffic analysis is to analyze the traffic, content, and behavior of wireless network communications. Through the analysis of communication content or traffic, you can obtain considerable data on the target network, such as: server address, Communication mode, etc.
4) Masquerade: Masquerade refers to an attacker setting up an illegally disguised wireless network system to deceive users. For example, an attacker can set a wireless network identification code (SSID, Service Set Identifier) ββthat requires authentication, such as disguising the wireless network ntu system of NTU campus, after defrauding the victim βs account account password, log in to the school and use the account account password Any system certified.
5) Replay: Replay means that the attacker will resend some communication content (such as authentication information) intercepted from the wireless network to deceive the wireless network authentication system.
6) Message Modification: Message modification refers to an attacker adding, deleting, or changing the content of wireless network communications.
7) Denial of service: Denial of service is probably the most familiar attack method. Attackers use various possible methods (ICMP flooding, UDP flooding, etc.) to prevent users and administrators from obtaining system resources. And services. However, the bandwidth of wireless network users is much lower than that of back-end wired devices, so when encountering a service denial attack, other users who are using wireless networks will not easily notice. However, there is another type of service blocking attack that exploits IP protocol vulnerabilities. For example, the attacker acts as a DHCP server to allow the user to obtain an incorrect IP when requesting an IP. Another example is when the attacker tells the user to attack via ARP (Address Resolution Protocol). The user's computer is the default gateway (Default Gateway). At this time, the user's traffic goes to the attacker's computer, and the victim cannot use the wireless network.
8) Man-in-the-middle attack: refers to an attacker who can act as a man-in- the-middle, allowing communication between the two ends to pass through him, and reading, inserting, and changing the transmission without the knowledge of both ends of the communication message.
γWRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ penetrated two layers of NAT
> SSH direction tunnel connection tutorial :
instagram.com/UndercodeTesting
> This means that B actively initiates an SSH tunnel from B to A, and forwards port 6766 of A to port B. As long as the tunnel is not closed, this forwarding is effective. Only need to visit A's 6766 port to connect to B in reverse.
π¦ ππΌπ'π πππΈβπ
First establish an SSH tunnel on B, and forward port 6766 of A to port 22 of B:
1) B $ ssh -p 22 -qngfNTR 6766: localhost: 22 usera@a.site
Then use 6766 on A to reverse SSH to B
2) A $ ssh -p 6766 userb @ localhost
The thing to do is actually that simple.
Tunnel maintenance
Stability maintenance
3) Unfortunately, the SSH connection will be closed overtime. If the connection is closed and the tunnel cannot be maintained, then A cannot use the reverse tunnel to penetrate the NAT where B is located. Therefore, we need a solution to provide a stable To the tunnel.
4) One of the easiest methods is autossh. This software will automatically establish an SSH tunnel after timeout, which solves the problem of tunnel stability. If you use Arch Linux, you can obtain it like this:
> $ sudo pacman -S autossh
5) The following does something similar on B, except that the tunnel will be maintained by autossh:
> B $ autossh -p 22 -M 6777 -NR 6766: localhost: 22 usera@a.site
6) The port specified by the -M parameter is used to monitor the status of the tunnel, regardless of port forwarding.
> Then you can access B through port 6766 on A:
7) A $ ssh -p 6766 user @ localhost
Automatic tunnel establishment
However, this has another problem. If B restarts the tunnel, it will disappear. Then there needs to be a means autossh to establish an SSH tunnel every time B starts . One idea is to make the service very natural, then it will be given in systemd a solution under the program.
"Punch"
8) The reason why the title starts so because I think this thing is a bit similar to UDP hole punching, that is, through a machine on the public network, let two machines located behind their respective NAT can establish SSH connection.
9) The following demonstrates how to use SSH reverse tunnel to connect C to B.
10) First edit the configuration file on A , and turn on the switch:sshd/etc/ssh/sshd_configGatewayPorts
> GtaewayPorts yes
Then restart ssh
> A $ sudo systemct1 restart sshd
11) Then on B, modify the autossh command used previously:
12) B $ autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' user@a.site
After that, connect to B on C using A's 6766 port SSH:
> C $ ssh -p 6766 user@a.site
At this point you have easily penetrated two layers of NAT
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ penetrated two layers of NAT
> SSH direction tunnel connection tutorial :
instagram.com/UndercodeTesting
> This means that B actively initiates an SSH tunnel from B to A, and forwards port 6766 of A to port B. As long as the tunnel is not closed, this forwarding is effective. Only need to visit A's 6766 port to connect to B in reverse.
π¦ ππΌπ'π πππΈβπ
First establish an SSH tunnel on B, and forward port 6766 of A to port 22 of B:
1) B $ ssh -p 22 -qngfNTR 6766: localhost: 22 usera@a.site
Then use 6766 on A to reverse SSH to B
2) A $ ssh -p 6766 userb @ localhost
The thing to do is actually that simple.
Tunnel maintenance
Stability maintenance
3) Unfortunately, the SSH connection will be closed overtime. If the connection is closed and the tunnel cannot be maintained, then A cannot use the reverse tunnel to penetrate the NAT where B is located. Therefore, we need a solution to provide a stable To the tunnel.
4) One of the easiest methods is autossh. This software will automatically establish an SSH tunnel after timeout, which solves the problem of tunnel stability. If you use Arch Linux, you can obtain it like this:
> $ sudo pacman -S autossh
5) The following does something similar on B, except that the tunnel will be maintained by autossh:
> B $ autossh -p 22 -M 6777 -NR 6766: localhost: 22 usera@a.site
6) The port specified by the -M parameter is used to monitor the status of the tunnel, regardless of port forwarding.
> Then you can access B through port 6766 on A:
7) A $ ssh -p 6766 user @ localhost
Automatic tunnel establishment
However, this has another problem. If B restarts the tunnel, it will disappear. Then there needs to be a means autossh to establish an SSH tunnel every time B starts . One idea is to make the service very natural, then it will be given in systemd a solution under the program.
"Punch"
8) The reason why the title starts so because I think this thing is a bit similar to UDP hole punching, that is, through a machine on the public network, let two machines located behind their respective NAT can establish SSH connection.
9) The following demonstrates how to use SSH reverse tunnel to connect C to B.
10) First edit the configuration file on A , and turn on the switch:sshd/etc/ssh/sshd_configGatewayPorts
> GtaewayPorts yes
Then restart ssh
> A $ sudo systemct1 restart sshd
11) Then on B, modify the autossh command used previously:
12) B $ autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' user@a.site
After that, connect to B on C using A's 6766 port SSH:
> C $ ssh -p 6766 user@a.site
At this point you have easily penetrated two layers of NAT
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Result : penetrated two layers of NAT
t.me/UndercodeTesting
The final solution
Integrating the aforementioned, the final solution is as follows:
1) First turn on the GatewayPorts switch of sshd on A, and restart sshd.
2) Then create a new user autossh on B. According to the idea of minimizing permissions, the autossh service handout on B runs as an autossh user, avoiding security issues as much as possible:
> B $ sudo useradd -m autossh
> B $ sudo passwd autossh
3) Next, create an SSH key for autossh user on B and upload it to A:
>1 B $ su-autossh B
2 $ ssh-keygen -t; rsa '-C' autossh @ B '
3 B $ ssh-copy-id user@a.site
Note that the key should not be set with a password , that is ssh-keygen , do not enter extra characters despite the carriage return while running the command.
π¦ Then create a service file called with autossh user rights on B. Write the following text to the file and set the permission to 644:autossh/lib/systemd/system/autossh.service
1 [Unit]
2 Description = Auto SSH Tunnel
3 After = network-online.target
4 [Service]
5 User = autossh
6 Type = simple
7 ExecStart = / bin / autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' usera@a.site -i /home/autossh/.ssh/id_rsa
8 ExecReload = / bin / kill -HUP $ MAINPID
9 KillMode = process
10 Restart = always
11 [Install]
12 WantedBy = multi-user.target
13 WantedBy = graphical.target
Setting network-online.target on B takes effect:
1 B $ systemctl enable NetworkManager-wait-online
If you use systemd-networkd, you need to restart the service should be systemd-networkd-wait-online. Then set the service to start automatically:
1 B $ systemctl enable autossh
If you want, you can start it immediately after this:
1 B $ systemctl start autossh
Then you can use this reverse tunnel on A to penetrate the NAT SSH where B is located to connect to B:
1 C $ ssh -p 6766 user @ localhost
Or connect directly to C through C through two layers of NAT SSH:
1 C $ ssh -p 6766 user@a.site
If you are familiar with ssh, you can use this tunnel to do more things, for example, you can specify dynamic port forwarding when you connect in the reverse direction:
1 C $ ssh -p 6766 -qngfNTD 7677 user@site.a
Joining C is the computer in your home, A is your VPS, and B is your company's computer. If you do as above, then after the browser port is set to the sock4 local (localhost) proxy of 7677, you can see the company's web page on the browser at home.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Result : penetrated two layers of NAT
t.me/UndercodeTesting
The final solution
Integrating the aforementioned, the final solution is as follows:
1) First turn on the GatewayPorts switch of sshd on A, and restart sshd.
2) Then create a new user autossh on B. According to the idea of minimizing permissions, the autossh service handout on B runs as an autossh user, avoiding security issues as much as possible:
> B $ sudo useradd -m autossh
> B $ sudo passwd autossh
3) Next, create an SSH key for autossh user on B and upload it to A:
>1 B $ su-autossh B
2 $ ssh-keygen -t; rsa '-C' autossh @ B '
3 B $ ssh-copy-id user@a.site
Note that the key should not be set with a password , that is ssh-keygen , do not enter extra characters despite the carriage return while running the command.
π¦ Then create a service file called with autossh user rights on B. Write the following text to the file and set the permission to 644:autossh/lib/systemd/system/autossh.service
1 [Unit]
2 Description = Auto SSH Tunnel
3 After = network-online.target
4 [Service]
5 User = autossh
6 Type = simple
7 ExecStart = / bin / autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' usera@a.site -i /home/autossh/.ssh/id_rsa
8 ExecReload = / bin / kill -HUP $ MAINPID
9 KillMode = process
10 Restart = always
11 [Install]
12 WantedBy = multi-user.target
13 WantedBy = graphical.target
Setting network-online.target on B takes effect:
1 B $ systemctl enable NetworkManager-wait-online
If you use systemd-networkd, you need to restart the service should be systemd-networkd-wait-online. Then set the service to start automatically:
1 B $ systemctl enable autossh
If you want, you can start it immediately after this:
1 B $ systemctl start autossh
Then you can use this reverse tunnel on A to penetrate the NAT SSH where B is located to connect to B:
1 C $ ssh -p 6766 user @ localhost
Or connect directly to C through C through two layers of NAT SSH:
1 C $ ssh -p 6766 user@a.site
If you are familiar with ssh, you can use this tunnel to do more things, for example, you can specify dynamic port forwarding when you connect in the reverse direction:
1 C $ ssh -p 6766 -qngfNTD 7677 user@site.a
Joining C is the computer in your home, A is your VPS, and B is your company's computer. If you do as above, then after the browser port is set to the sock4 local (localhost) proxy of 7677, you can see the company's web page on the browser at home.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦DDOS TUTORIAL 2020
instagram.com/UnDERCODETesting
A ) types of ddos :
> Volume-based attacks,
> Protocol attacks
> Application layer attacks
B) Following are the methods of doing DDoS attacks:
> UDP flood
> ICMP (Ping) flood
> SYN flood
> Ping of Death
> Slowloris
>NTP Amplification
>HTTP flood
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦DDOS TUTORIAL 2020
instagram.com/UnDERCODETesting
A ) types of ddos :
> Volume-based attacks,
> Protocol attacks
> Application layer attacks
B) Following are the methods of doing DDoS attacks:
> UDP flood
> ICMP (Ping) flood
> SYN flood
> Ping of Death
> Slowloris
>NTP Amplification
>HTTP flood
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Most Popular Top DDoS Attack Tools In 2020
T.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
1) HULK It generates unique and obscure traffic It may fail in hiding the identity. Traffic coming through HULK can be blocked.
https://github.com/grafov/hulk
2) Torβs Hammer Apache & IIS server Running the tool through the Tor network will have an added advantage as it hides your identity.
https://sourceforge.net/projects/torshammer/
3) Slowloris Send authorized HTTP traffic to the server As it makes the attack at a slow rate, traffic can be easily detected as abnormal and can be blocked.
https://github.com/gkbrk/slowloris
4) LOIC UDP, TCP, and HTTP requests to the server HIVEMIND mode will allow you to control remote LOIC systems. With the help of this, you can control other computers in Zombie network.
https://sourceforge.net/projects/loic/
5) XOIC DoS attack with TCP or HTTP or UDP or ICMP message Attack made using XOIC can be easily detected and blocked
https://sourceforge.net/directory/?q=xoic
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Most Popular Top DDoS Attack Tools In 2020
T.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
1) HULK It generates unique and obscure traffic It may fail in hiding the identity. Traffic coming through HULK can be blocked.
https://github.com/grafov/hulk
2) Torβs Hammer Apache & IIS server Running the tool through the Tor network will have an added advantage as it hides your identity.
https://sourceforge.net/projects/torshammer/
3) Slowloris Send authorized HTTP traffic to the server As it makes the attack at a slow rate, traffic can be easily detected as abnormal and can be blocked.
https://github.com/gkbrk/slowloris
4) LOIC UDP, TCP, and HTTP requests to the server HIVEMIND mode will allow you to control remote LOIC systems. With the help of this, you can control other computers in Zombie network.
https://sourceforge.net/projects/loic/
5) XOIC DoS attack with TCP or HTTP or UDP or ICMP message Attack made using XOIC can be easily detected and blocked
https://sourceforge.net/directory/?q=xoic
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦POPULAR 2020 SOLUTION FOR PREVENT DDOS
T.me/UndercodeTesting
> SolarWinds provides a Security Event Manager that is effective mitigation and prevention software to stop the DDoS Attack.
> It will monitor the event logs from a wide range of sources for detecting and preventing DDoS activities.
π¦ download :
> https://www.solarwinds.com/security-event-manager/use-cases/ddos-attack?CMP=BIZ-RVW-SWTH-DDoSAttackTools-SEM-UC-Q120
π¦FEATURES :
> Centralized log collection and normalization
> Automated threat detection and response
> Integrated compliance reporting tools
> Intuitive dashboard and user interface
> Built-in file integrity monitoring
> Simple and affordable licensing
π¦Their is much more plugins free can use as another tools ...
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦POPULAR 2020 SOLUTION FOR PREVENT DDOS
T.me/UndercodeTesting
> SolarWinds provides a Security Event Manager that is effective mitigation and prevention software to stop the DDoS Attack.
> It will monitor the event logs from a wide range of sources for detecting and preventing DDoS activities.
π¦ download :
> https://www.solarwinds.com/security-event-manager/use-cases/ddos-attack?CMP=BIZ-RVW-SWTH-DDoSAttackTools-SEM-UC-Q120
π¦FEATURES :
> Centralized log collection and normalization
> Automated threat detection and response
> Integrated compliance reporting tools
> Intuitive dashboard and user interface
> Built-in file integrity monitoring
> Simple and affordable licensing
π¦Their is much more plugins free can use as another tools ...
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ HOW TO SETUP YOUR WINDOWS 7> 10 AS a hacking one ?
fb.com/UndercodeTesting
π¦ REQUIREMENTS :
1) DOWNLOAD :
https://sourceforge.net/projects/pentestbox/files/PentestBox-with-Metasploit-v2.2.exe/download
2) Installed here is C: / PentestBox / by default
> Files to download
> ruby (2.3.3) [32-bit]: https://dl.bintray.com/oneclick/rubyinstaller/ruby-2.3.3-i386-mingw32.7z
> msf: git clone https://github.com/rapid7/metasploit-framework.git
> ruby_devkit: http://dl.bintray.com/oneclick/rubyinstaller/DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe
> WpdPack: http://www.winpcap.org/install/bin/WpdPack_4_1_2.zip
> Replace ruby, delete the original C: \ PentestBox \ base \ ruby file and replace the file
3) ruby_devkit delete the original file
Open DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe and extract it to C: \ PentestBox \ base \ ruby_devkit
Replace msf
π¦ πβπππΈπππππΈπππβ & βπβ :
1) [Common path:
ruby:% Pentestbox% \ base \ ruby
ruby_devkit:% Pentestbox% \ base \ ruby_devkit
msf:% Pentestbox% \ bin \ metasploit-framework
ruby 2.2.6p396 (2016-11-15 revision 56800) [i386-mingw32]
]
2) hen execute ruby -v and you will see:
ruby 2.3.3p222 (2016-11-21 revision 56859) [i386-mingw32]
3) Then we update the gem and change the domestic source
Run gem update --system
> [If ssl is wrong, execute gem sources --add https://gems.ruby-china.org/ --remove https://rubygems.org/
If it still doesn't work, replace https with http
gem sources --add http://gems.ruby-china.org/ --remove https://rubygems.org/
γ
> gem sources -l ### Checking the current source is enough.
> gem sources --u update source cache
4) Install the bundle ...
gem install bundler
gem install bundle
> bundle config mirror.https: //rubygems.org https://gems.ruby-china.org #Execute this and replace the source of bunlde ... If you encounter ssl, the same solution as above
Update of msf ...
5) First of all, go to the directory of msf .... First, go to the directory of msf .... execute
bundle update
bundle install
[If the error is reported, proceed to the next step. Skip without error]
6) NOW you need to unzip WpdPack to the c drive directory
7) Then modify the extconf.rb file located in% Pentestbox% \ base \ ruby \ lib \ ruby \ gems \ 2.3.0 \ gems \ pcaprub-0.12.4 \ ext \ pcaprub_c, and add two lines of code between pcap_libdir and have_library:
$ CFLAGS = "-I # {pcap_includedir}"
$ LDFLAGS = "-L # {pcap_libdir}"
8) Then execute gem install pcaprub -v '0.12.4' and there will be no problem
9) Since WpdPack is on the C drive by default, it is inconvenient as a penetration test box.
10) The WpdPack path here can be modified. Copy the WpdPack folder unzipped to the C drive to the PentestBox directory.
11) Open extconf.rb under C: \ PentestBox \ base \ ruby \ lib \ ruby \ gems \ 2.3.0 \ gems \ pcaprub-0.12.4 \ ext \ pcaprub_c directory
12) Continue to execute bundle install Continue to execute bundle install [Time is a little long, process ,,,, wait slowly] After the
installation is complete, running msfconsole will cause bcrypt errors. We also need to execute the command:
gem uninstall bcrypt
gem uninstall bcrypt-ruby
13) Execute again
gem install bcrypt --platform = ruby
14) You're done. Win7 64-bit runs perfectly and supports win10 64-bit.
> [In addition: when opening msfconsole, a few lines of error may be reported as shown below]
15) At this time, we only need to modify the C: / PentestBox / base / ruby b / ruby / gems / 2.3.0 / gems / rbnacl-4.0.2 b / rbnacl / sodium ersion.rb file on the error prompt . Just comment out the number of lines reported with errors.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ HOW TO SETUP YOUR WINDOWS 7> 10 AS a hacking one ?
fb.com/UndercodeTesting
π¦ REQUIREMENTS :
1) DOWNLOAD :
https://sourceforge.net/projects/pentestbox/files/PentestBox-with-Metasploit-v2.2.exe/download
2) Installed here is C: / PentestBox / by default
> Files to download
> ruby (2.3.3) [32-bit]: https://dl.bintray.com/oneclick/rubyinstaller/ruby-2.3.3-i386-mingw32.7z
> msf: git clone https://github.com/rapid7/metasploit-framework.git
> ruby_devkit: http://dl.bintray.com/oneclick/rubyinstaller/DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe
> WpdPack: http://www.winpcap.org/install/bin/WpdPack_4_1_2.zip
> Replace ruby, delete the original C: \ PentestBox \ base \ ruby file and replace the file
3) ruby_devkit delete the original file
Open DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe and extract it to C: \ PentestBox \ base \ ruby_devkit
Replace msf
π¦ πβπππΈπππππΈπππβ & βπβ :
1) [Common path:
ruby:% Pentestbox% \ base \ ruby
ruby_devkit:% Pentestbox% \ base \ ruby_devkit
msf:% Pentestbox% \ bin \ metasploit-framework
ruby 2.2.6p396 (2016-11-15 revision 56800) [i386-mingw32]
]
2) hen execute ruby -v and you will see:
ruby 2.3.3p222 (2016-11-21 revision 56859) [i386-mingw32]
3) Then we update the gem and change the domestic source
Run gem update --system
> [If ssl is wrong, execute gem sources --add https://gems.ruby-china.org/ --remove https://rubygems.org/
If it still doesn't work, replace https with http
gem sources --add http://gems.ruby-china.org/ --remove https://rubygems.org/
γ
> gem sources -l ### Checking the current source is enough.
> gem sources --u update source cache
4) Install the bundle ...
gem install bundler
gem install bundle
> bundle config mirror.https: //rubygems.org https://gems.ruby-china.org #Execute this and replace the source of bunlde ... If you encounter ssl, the same solution as above
Update of msf ...
5) First of all, go to the directory of msf .... First, go to the directory of msf .... execute
bundle update
bundle install
[If the error is reported, proceed to the next step. Skip without error]
6) NOW you need to unzip WpdPack to the c drive directory
7) Then modify the extconf.rb file located in% Pentestbox% \ base \ ruby \ lib \ ruby \ gems \ 2.3.0 \ gems \ pcaprub-0.12.4 \ ext \ pcaprub_c, and add two lines of code between pcap_libdir and have_library:
$ CFLAGS = "-I # {pcap_includedir}"
$ LDFLAGS = "-L # {pcap_libdir}"
8) Then execute gem install pcaprub -v '0.12.4' and there will be no problem
9) Since WpdPack is on the C drive by default, it is inconvenient as a penetration test box.
10) The WpdPack path here can be modified. Copy the WpdPack folder unzipped to the C drive to the PentestBox directory.
11) Open extconf.rb under C: \ PentestBox \ base \ ruby \ lib \ ruby \ gems \ 2.3.0 \ gems \ pcaprub-0.12.4 \ ext \ pcaprub_c directory
12) Continue to execute bundle install Continue to execute bundle install [Time is a little long, process ,,,, wait slowly] After the
installation is complete, running msfconsole will cause bcrypt errors. We also need to execute the command:
gem uninstall bcrypt
gem uninstall bcrypt-ruby
13) Execute again
gem install bcrypt --platform = ruby
14) You're done. Win7 64-bit runs perfectly and supports win10 64-bit.
> [In addition: when opening msfconsole, a few lines of error may be reported as shown below]
15) At this time, we only need to modify the C: / PentestBox / base / ruby b / ruby / gems / 2.3.0 / gems / rbnacl-4.0.2 b / rbnacl / sodium ersion.rb file on the error prompt . Just comment out the number of lines reported with errors.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
π¦ Note:
> If you are a win10 system, the error message "Not an internal or external command" may appear after typing the command. At this time, you need to modify the properties of cmd.
> Use the old console
> and restart the software.
> Pro-test PentestBox operating platform: win7 X64 / win10 X64
> If you are a win10 system, the error message "Not an internal or external command" may appear after typing the command. At this time, you need to modify the properties of cmd.
> Use the old console
> and restart the software.
> Pro-test PentestBox operating platform: win7 X64 / win10 X64
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ALL YOU NEED TO KNOW ABOUT AMPLIFICATION IN DDOS :
t.me/UndercodeTesting
π¦ Vulnerability details
> About DDoS amplification :
1) As an attacker, you need to forge IP. Send a request for sea, quantity, and forged sources. The computer room (firewallrules and uRPF) without BCP38.
2) As a reflection service , two conditions need to be met. First, the udp protocol, which is easy to enlarge, is running on it. That is, using udp or improperly designed udp services can meet certain conditions, and the response packet is much larger than the request packet. Second, the agreement or service has certain use on the Internet, such as dns, ntp and other basic services.
3) Victims, due to the intention of ddos, the victims are generally ι, games, politics and other goals, or for the purpose of destruction, dazzling skills and so on.
π¦About Memcrashed :
1) Since Memcache monitors both TCP and UDP, it naturally meets the reflective DDoS conditions.
2) Memcache is established as an enterprise application, and its business characteristics ensure a high upload bandwidth.
3) Memcache can interact without authentication.
Many users monitor service errors during compilation and installation 0.0.0.0, and do not configure iptables rules or cloud security tenant configuration.
π¦Attack process :
Scan all network port services.
Perform fingerprint identification to obtain unauthenticated Memcache.
Filter all reflective UDP Memcache.
Insert the data state for reflection.
π¦ Attack effect : As previously stated by the 360 ββInformation Security Department 0kee Team in the community, the highest single transmission can be achieved 816200, and the lowest382099
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ALL YOU NEED TO KNOW ABOUT AMPLIFICATION IN DDOS :
t.me/UndercodeTesting
π¦ Vulnerability details
> About DDoS amplification :
1) As an attacker, you need to forge IP. Send a request for sea, quantity, and forged sources. The computer room (firewallrules and uRPF) without BCP38.
2) As a reflection service , two conditions need to be met. First, the udp protocol, which is easy to enlarge, is running on it. That is, using udp or improperly designed udp services can meet certain conditions, and the response packet is much larger than the request packet. Second, the agreement or service has certain use on the Internet, such as dns, ntp and other basic services.
3) Victims, due to the intention of ddos, the victims are generally ι, games, politics and other goals, or for the purpose of destruction, dazzling skills and so on.
π¦About Memcrashed :
1) Since Memcache monitors both TCP and UDP, it naturally meets the reflective DDoS conditions.
2) Memcache is established as an enterprise application, and its business characteristics ensure a high upload bandwidth.
3) Memcache can interact without authentication.
Many users monitor service errors during compilation and installation 0.0.0.0, and do not configure iptables rules or cloud security tenant configuration.
π¦Attack process :
Scan all network port services.
Perform fingerprint identification to obtain unauthenticated Memcache.
Filter all reflective UDP Memcache.
Insert the data state for reflection.
π¦ Attack effect : As previously stated by the 360 ββInformation Security Department 0kee Team in the community, the highest single transmission can be achieved 816200, and the lowest382099
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β