▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 penetrated two layers of NAT
> SSH direction tunnel connection tutorial :
instagram.com/UndercodeTesting


> This means that B actively initiates an SSH tunnel from B to A, and forwards port 6766 of A to port B. As long as the tunnel is not closed, this forwarding is effective. Only need to visit A's 6766 port to connect to B in reverse.

🦑 𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋

First establish an SSH tunnel on B, and forward port 6766 of A to port 22 of B:

1) B $ ssh -p 22 -qngfNTR 6766: localhost: 22 usera@a.site
Then use 6766 on A to reverse SSH to B

2) A $ ssh -p 6766 userb @ localhost
The thing to do is actually that simple.



Tunnel maintenance

Stability maintenance


3) Unfortunately, the SSH connection will be closed overtime. If the connection is closed and the tunnel cannot be maintained, then A cannot use the reverse tunnel to penetrate the NAT where B is located. Therefore, we need a solution to provide a stable To the tunnel.

4) One of the easiest methods is autossh. This software will automatically establish an SSH tunnel after timeout, which solves the problem of tunnel stability. If you use Arch Linux, you can obtain it like this:

> $ sudo pacman -S autossh


5) The following does something similar on B, except that the tunnel will be maintained by autossh:

> B $ autossh -p 22 -M 6777 -NR 6766: localhost: 22 usera@a.site

6) The port specified by the -M parameter is used to monitor the status of the tunnel, regardless of port forwarding.

> Then you can access B through port 6766 on A:

7) A $ ssh -p 6766 user @ localhost
Automatic tunnel establishment
However, this has another problem. If B restarts the tunnel, it will disappear. Then there needs to be a means autossh to establish an SSH tunnel every time B starts . One idea is to make the service very natural, then it will be given in systemd a solution under the program.

"Punch"

8) The reason why the title starts so because I think this thing is a bit similar to UDP hole punching, that is, through a machine on the public network, let two machines located behind their respective NAT can establish SSH connection.

9) The following demonstrates how to use SSH reverse tunnel to connect C to B.

10) First edit the configuration file on A , and turn on the switch:sshd/etc/ssh/sshd_configGatewayPorts

> GtaewayPorts yes
Then restart ssh

> A $ sudo systemct1 restart sshd

11) Then on B, modify the autossh command used previously:

12) B $ autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' user@a.site
After that, connect to B on C using A's 6766 port SSH:

> C $ ssh -p 6766 user@a.site
At this point you have easily penetrated two layers of NAT


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Result : penetrated two layers of NAT
t.me/UndercodeTesting

The final solution
Integrating the aforementioned, the final solution is as follows:

1) First turn on the GatewayPorts switch of sshd on A, and restart sshd.

2) Then create a new user autossh on B. According to the idea of minimizing permissions, the autossh service handout on B runs as an autossh user, avoiding security issues as much as possible:

> B $ sudo useradd -m autossh
> B $ sudo passwd autossh

3) Next, create an SSH key for autossh user on B and upload it to A:

>1 B $ su-autossh B
2 $ ssh-keygen -t; rsa '-C' autossh @ B '
3 B $ ssh-copy-id user@a.site
Note that the key should not be set with a password , that is ssh-keygen , do not enter extra characters despite the carriage return while running the command.

🦑 Then create a service file called with autossh user rights on B. Write the following text to the file and set the permission to 644:autossh/lib/systemd/system/autossh.service

1 [Unit]
2 Description = Auto SSH Tunnel
3 After = network-online.target
4 [Service]
5 User = autossh
6 Type = simple
7 ExecStart = / bin / autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' usera@a.site -i /home/autossh/.ssh/id_rsa
8 ExecReload = / bin / kill -HUP $ MAINPID
9 KillMode = process
10 Restart = always
11 [Install]
12 WantedBy = multi-user.target
13 WantedBy = graphical.target
Setting network-online.target on B takes effect:

1 B $ systemctl enable NetworkManager-wait-online
If you use systemd-networkd, you need to restart the service should be systemd-networkd-wait-online. Then set the service to start automatically:

1 B $ systemctl enable autossh
If you want, you can start it immediately after this:

1 B $ systemctl start autossh
Then you can use this reverse tunnel on A to penetrate the NAT SSH where B is located to connect to B:

1 C $ ssh -p 6766 user @ localhost
Or connect directly to C through C through two layers of NAT SSH:

1 C $ ssh -p 6766 user@a.site
If you are familiar with ssh, you can use this tunnel to do more things, for example, you can specify dynamic port forwarding when you connect in the reverse direction:

1 C $ ssh -p 6766 -qngfNTD 7677 user@site.a
Joining C is the computer in your home, A is your VPS, and B is your company's computer. If you do as above, then after the browser port is set to the sock4 local (localhost) proxy of 7677, you can see the company's web page on the browser at home.


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁



🦑DDOS TUTORIAL 2020
instagram.com/UnDERCODETesting


A ) types of ddos :

> Volume-based attacks,

> Protocol attacks

> Application layer attacks

B) Following are the methods of doing DDoS attacks:

> UDP flood

> ICMP (Ping) flood

> SYN flood

> Ping of Death

> Slowloris

>NTP Amplification

>HTTP flood

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Most Popular Top DDoS Attack Tools In 2020
T.me/UndercodeTesting

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) HULK It generates unique and obscure traffic It may fail in hiding the identity. Traffic coming through HULK can be blocked.
https://github.com/grafov/hulk

2) Tor’s Hammer Apache & IIS server Running the tool through the Tor network will have an added advantage as it hides your identity.
https://sourceforge.net/projects/torshammer/

3) Slowloris Send authorized HTTP traffic to the server As it makes the attack at a slow rate, traffic can be easily detected as abnormal and can be blocked.
https://github.com/gkbrk/slowloris

4) LOIC UDP, TCP, and HTTP requests to the server HIVEMIND mode will allow you to control remote LOIC systems. With the help of this, you can control other computers in Zombie network.
https://sourceforge.net/projects/loic/

5) XOIC DoS attack with TCP or HTTP or UDP or ICMP message Attack made using XOIC can be easily detected and blocked
https://sourceforge.net/directory/?q=xoic

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 TO PREVENT DDOS NOW

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑POPULAR 2020 SOLUTION FOR PREVENT DDOS
T.me/UndercodeTesting

> SolarWinds provides a Security Event Manager that is effective mitigation and prevention software to stop the DDoS Attack.

> It will monitor the event logs from a wide range of sources for detecting and preventing DDoS activities.

🦑 download :
> https://www.solarwinds.com/security-event-manager/use-cases/ddos-attack?CMP=BIZ-RVW-SWTH-DDoSAttackTools-SEM-UC-Q120

🦑FEATURES :

> Centralized log collection and normalization

> Automated threat detection and response

> Integrated compliance reporting tools

> Intuitive dashboard and user interface

> Built-in file integrity monitoring

> Simple and affordable licensing

🦑Their is much more plugins free can use as another tools ...

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 HOW TO SETUP YOUR WINDOWS 7> 10 AS a hacking one ?
fb.com/UndercodeTesting

🦑 REQUIREMENTS :

1) DOWNLOAD :
https://sourceforge.net/projects/pentestbox/files/PentestBox-with-Metasploit-v2.2.exe/download

2) Installed here is C: / PentestBox / by default

> Files to download

> ruby (2.3.3) [32-bit]: https://dl.bintray.com/oneclick/rubyinstaller/ruby-2.3.3-i386-mingw32.7z

> msf: git clone https://github.com/rapid7/metasploit-framework.git

> ruby_devkit: http://dl.bintray.com/oneclick/rubyinstaller/DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe

> WpdPack: http://www.winpcap.org/install/bin/WpdPack_4_1_2.zip

> Replace ruby, delete the original C: \ PentestBox \ base \ ruby file and replace the file

3) ruby_devkit delete the original file

Open DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe and extract it to C: \ PentestBox \ base \ ruby_devkit

Replace msf


🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) [Common path:

ruby:% Pentestbox% \ base \ ruby

ruby_devkit:% Pentestbox% \ base \ ruby_devkit

msf:% Pentestbox% \ bin \ metasploit-framework

ruby 2.2.6p396 (2016-11-15 revision 56800) [i386-mingw32]

]


2) hen execute ruby -v and you will see:

ruby 2.3.3p222 (2016-11-21 revision 56859) [i386-mingw32]


3) Then we update the gem and change the domestic source

Run gem update --system

> [If ssl is wrong, execute gem sources --add https://gems.ruby-china.org/ --remove https://rubygems.org/

If it still doesn't work, replace https with http

gem sources --add http://gems.ruby-china.org/ --remove https://rubygems.org/

】

> gem sources -l ### Checking the current source is enough.

> gem sources --u update source cache


4) Install the bundle ...

gem install bundler

gem install bundle

> bundle config mirror.https: //rubygems.org https://gems.ruby-china.org #Execute this and replace the source of bunlde ... If you encounter ssl, the same solution as above

Update of msf ...

5) First of all, go to the directory of msf .... First, go to the directory of msf .... execute

bundle update

bundle install

[If the error is reported, proceed to the next step. Skip without error]

6) NOW you need to unzip WpdPack to the c drive directory

7) Then modify the extconf.rb file located in% Pentestbox% \ base \ ruby \ lib \ ruby \ gems \ 2.3.0 \ gems \ pcaprub-0.12.4 \ ext \ pcaprub_c, and add two lines of code between pcap_libdir and have_library:

$ CFLAGS = "-I # {pcap_includedir}"

$ LDFLAGS = "-L # {pcap_libdir}"

8) Then execute gem install pcaprub -v '0.12.4' and there will be no problem

9) Since WpdPack is on the C drive by default, it is inconvenient as a penetration test box.

10) The WpdPack path here can be modified. Copy the WpdPack folder unzipped to the C drive to the PentestBox directory.

11) Open extconf.rb under C: \ PentestBox \ base \ ruby \ lib \ ruby \ gems \ 2.3.0 \ gems \ pcaprub-0.12.4 \ ext \ pcaprub_c directory

12) Continue to execute bundle install Continue to execute bundle install [Time is a little long, process ,,,, wait slowly] After the
installation is complete, running msfconsole will cause bcrypt errors. We also need to execute the command:

gem uninstall bcrypt

gem uninstall bcrypt-ruby


13) Execute again

gem install bcrypt --platform = ruby

14) You're done. Win7 64-bit runs perfectly and supports win10 64-bit.

> [In addition: when opening msfconsole, a few lines of error may be reported as shown below]

15) At this time, we only need to modify the C: / PentestBox / base / ruby b / ruby / gems / 2.3.0 / gems / rbnacl-4.0.2 b / rbnacl / sodium ersion.rb file on the error prompt . Just comment out the number of lines reported with errors.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Note:

> If you are a win10 system, the error message "Not an internal or external command" may appear after typing the command. At this time, you need to modify the properties of cmd.

> Use the old console

> and restart the software.

> Pro-test PentestBox operating platform: win7 X64 / win10 X64

🦑 Setup your windows as as hacking system by Undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ALL YOU NEED TO KNOW ABOUT AMPLIFICATION IN DDOS :
t.me/UndercodeTesting

🦑 Vulnerability details

> About DDoS amplification :

1) As an attacker, you need to forge IP. Send a request for sea, quantity, and forged sources. The computer room (firewallrules and uRPF) without BCP38.

2) As a reflection service , two conditions need to be met. First, the udp protocol, which is easy to enlarge, is running on it. That is, using udp or improperly designed udp services can meet certain conditions, and the response packet is much larger than the request packet. Second, the agreement or service has certain use on the Internet, such as dns, ntp and other basic services.

3) Victims, due to the intention of ddos, the victims are generally 金, games, politics and other goals, or for the purpose of destruction, dazzling skills and so on.

🦑About Memcrashed :

1) Since Memcache monitors both TCP and UDP, it naturally meets the reflective DDoS conditions.

2) Memcache is established as an enterprise application, and its business characteristics ensure a high upload bandwidth.

3) Memcache can interact without authentication.
Many users monitor service errors during compilation and installation 0.0.0.0, and do not configure iptables rules or cloud security tenant configuration.

🦑Attack process :

Scan all network port services.
Perform fingerprint identification to obtain unauthenticated Memcache.
Filter all reflective UDP Memcache.
Insert the data state for reflection.

🦑 Attack effect : As previously stated by the 360 ​​Information Security Department 0kee Team in the community, the highest single transmission can be achieved 816200, and the lowest382099

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RSA ATTACKs :
twitter.com/UndercodeNews

A ) It enables you to test the RSA public key to understand the described vulnerability.

> currently supports the following main formats:

X509 certificate, DER encoding, one * .der, * .crt per file
X509 certificate, PEM encoding, more per file, * .pem
RSA PEM encode private key, public key, more per file, * .pem (must have correct title ----- BEGIN RSA ...)
SSH public key, * .pub, starting with "ssh-rsa", one per line
ASC encoded PGP keys, * .pgp, * .asc. Each file is more and must have the correct title ---- BEGIN PGP ...
APK android application, * .apk
One module * .txt for each line of text file, the module can be a) base64 coded number, b) hex coded number, c) decimal coded
JSON file with modulus, one record per line, supporting certificate with key "cert" with key "certificate" / key "mod" with certificate array (int, base64, hex, dec encoding support), base64 Encode DER.
LDIFF file-LDAP database dump. Any field ending in "; binary" will try to decode to X509 certificate
Java Key Store file (JKS). Try to use an empty password and some common ones, use --jks-pass-file to specify more passwords
PKCS7 signature and user certificate

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RSA key security vulnerability detection tool
> kali-parrot-ubuntu...
t.me/UndercodeTesting

🦑 INSTALLISATION & RUN :

> Clone https://github.com/crocs-muni/roca
1) Pip installation

> Install with pip (install all dependencies)

2) pip install roca-detect
Local installation

3) Execute in the root folder of the package:

pip install --upgrade --find-links=. .
rely

4) You may need to install other dependencies, so pip you can install encryption packages, for example.

🦑 CentOS / RHEL：

> sudo yum install python-devel python-pip gcc gcc-c++ make automake

> autoreconf libtool openssl-devel libffi-devel dialog

🦑 Ubuntu的：

sudo apt-get install python-pip python-dev build-essential libssl-dev libffi-dev swig
usage

🦑 Basic usage of printing:


1) If installed with pip / manually
roca-detect --help

2) Without installation (can miss dependencies)
python fingerprint/detect.py

3) The test tool accepts multiple file names / directories as input parameters. It returns a report showing how many files have been fingerprinted (and which files).

🦑 Example:

Run recursively on all SSH keys and known_hosts:

$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2020 13:39:21 [51272] INFO Records tested: 92
2020 13:39:21 [51272] INFO .. PEM certs :. . . 0
202013:39:21 [51272] INFO .. DER certs :. . . 0
2020 13:39:21 [51272] INFO .. RSA key files: . 16
...

🦑 PGP key

1) To test your PGP key, you can export it from your email client or download it from the PGP key server, for example https://pgp.mit.edu/

2) You can also use the gpg command line utility to export your public key:

gpg --armor --export your@email.com > mykey.asc

🦑 ADVANCED CASES

1) The detection tool extracts displayable keyword information:

> roca-detect.py --dump --flatten --indent ~/.ssh/
Advanced installation method

2) Virtual environment
It is generally recommended to create a new python virtual environment for the project:

virtualenv ~/pyenv
source ~/pyenv/bin/activate
pip install --upgrade pip
pip install --upgrade --find-links=. .
Separate Python 2.7.13

3) It will not work with lower Python versions. Use to pyenv install a new Python version. It downloads the Python source internally and installs it ~/.pyenv.


git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
exec $SHELL
pyenv install ..v
pyenv local ..v

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁