▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ALL YOU NEED TO KNOW ABOUT AMPLIFICATION IN DDOS :
t.me/UndercodeTesting

🦑 Vulnerability details

> About DDoS amplification :

1) As an attacker, you need to forge IP. Send a request for sea, quantity, and forged sources. The computer room (firewallrules and uRPF) without BCP38.

2) As a reflection service , two conditions need to be met. First, the udp protocol, which is easy to enlarge, is running on it. That is, using udp or improperly designed udp services can meet certain conditions, and the response packet is much larger than the request packet. Second, the agreement or service has certain use on the Internet, such as dns, ntp and other basic services.

3) Victims, due to the intention of ddos, the victims are generally 金, games, politics and other goals, or for the purpose of destruction, dazzling skills and so on.

🦑About Memcrashed :

1) Since Memcache monitors both TCP and UDP, it naturally meets the reflective DDoS conditions.

2) Memcache is established as an enterprise application, and its business characteristics ensure a high upload bandwidth.

3) Memcache can interact without authentication.
Many users monitor service errors during compilation and installation 0.0.0.0, and do not configure iptables rules or cloud security tenant configuration.

🦑Attack process :

Scan all network port services.
Perform fingerprint identification to obtain unauthenticated Memcache.
Filter all reflective UDP Memcache.
Insert the data state for reflection.

🦑 Attack effect : As previously stated by the 360 ​​Information Security Department 0kee Team in the community, the highest single transmission can be achieved 816200, and the lowest382099

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RSA ATTACKs :
twitter.com/UndercodeNews

A ) It enables you to test the RSA public key to understand the described vulnerability.

> currently supports the following main formats:

X509 certificate, DER encoding, one * .der, * .crt per file
X509 certificate, PEM encoding, more per file, * .pem
RSA PEM encode private key, public key, more per file, * .pem (must have correct title ----- BEGIN RSA ...)
SSH public key, * .pub, starting with "ssh-rsa", one per line
ASC encoded PGP keys, * .pgp, * .asc. Each file is more and must have the correct title ---- BEGIN PGP ...
APK android application, * .apk
One module * .txt for each line of text file, the module can be a) base64 coded number, b) hex coded number, c) decimal coded
JSON file with modulus, one record per line, supporting certificate with key "cert" with key "certificate" / key "mod" with certificate array (int, base64, hex, dec encoding support), base64 Encode DER.
LDIFF file-LDAP database dump. Any field ending in "; binary" will try to decode to X509 certificate
Java Key Store file (JKS). Try to use an empty password and some common ones, use --jks-pass-file to specify more passwords
PKCS7 signature and user certificate

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RSA key security vulnerability detection tool
> kali-parrot-ubuntu...
t.me/UndercodeTesting

🦑 INSTALLISATION & RUN :

> Clone https://github.com/crocs-muni/roca
1) Pip installation

> Install with pip (install all dependencies)

2) pip install roca-detect
Local installation

3) Execute in the root folder of the package:

pip install --upgrade --find-links=. .
rely

4) You may need to install other dependencies, so pip you can install encryption packages, for example.

🦑 CentOS / RHEL：

> sudo yum install python-devel python-pip gcc gcc-c++ make automake

> autoreconf libtool openssl-devel libffi-devel dialog

🦑 Ubuntu的：

sudo apt-get install python-pip python-dev build-essential libssl-dev libffi-dev swig
usage

🦑 Basic usage of printing:


1) If installed with pip / manually
roca-detect --help

2) Without installation (can miss dependencies)
python fingerprint/detect.py

3) The test tool accepts multiple file names / directories as input parameters. It returns a report showing how many files have been fingerprinted (and which files).

🦑 Example:

Run recursively on all SSH keys and known_hosts:

$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2020 13:39:21 [51272] INFO Records tested: 92
2020 13:39:21 [51272] INFO .. PEM certs :. . . 0
202013:39:21 [51272] INFO .. DER certs :. . . 0
2020 13:39:21 [51272] INFO .. RSA key files: . 16
...

🦑 PGP key

1) To test your PGP key, you can export it from your email client or download it from the PGP key server, for example https://pgp.mit.edu/

2) You can also use the gpg command line utility to export your public key:

gpg --armor --export your@email.com > mykey.asc

🦑 ADVANCED CASES

1) The detection tool extracts displayable keyword information:

> roca-detect.py --dump --flatten --indent ~/.ssh/
Advanced installation method

2) Virtual environment
It is generally recommended to create a new python virtual environment for the project:

virtualenv ~/pyenv
source ~/pyenv/bin/activate
pip install --upgrade pip
pip install --upgrade --find-links=. .
Separate Python 2.7.13

3) It will not work with lower Python versions. Use to pyenv install a new Python version. It downloads the Python source internally and installs it ~/.pyenv.


git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
exec $SHELL
pyenv install ..v
pyenv local ..v

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 BIGGEST LIST OF TERMUX SCRIPTS

- [Tishna](https://github.com/haroonawanofficial/Tishna-Automated-Web-Application-Hacker) - Complete Automated pentest framework for Servers, Application Layer to Web Security. :star:44
- [seeker](https://github.com/thewhiteh4t/seeker) - Accurately Locate Smartphones using Social Engineering. :star:661
- [ANDRAX](https://andrax.thecrackertechnology.com/download) - ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution! :star:222
- [findomain](https://github.com/Edu4rdSHL/findomain) - The fastest and cross-platform subdomain enumerator, don't waste your time. :star:822
- [ReconCobra](https://github.com/haroonawanofficial/ReconCobra) - Complete Automated pentest framework for Information Gathering. :star:53
- [HttpLiveProxyGrabber](https://github.com/04x/HttpLiveProxyGrabber) - Best Proxy Grabber Tool!. :star:5
- [instagramCracker](https://github.com/04x/instagramCracker) - Full Speed Instagram Cracker. :star:45
- [ToolB0x](https://github.com/04x/ToolB0x) - Hacking Tools :zap:. :star:9
- [TekDefense-Automater](https://github.com/1aN0rmus/TekDefense-Automater) - Automater - IP URL and MD5 OSINT Analysis. :star:402
- [BruteX](https://github.com/1N3/BruteX) - Automatically brute force all services running on a target.. :star:687
- [Findsploit](https://github.com/1N3/Findsploit) - Find exploits in local and online databases instantly. :star:940
- [ReverseAPK](https://github.com/1N3/ReverseAPK) - Quickly analyze and reverse engineer Android packages. :star:314
- [Sn1per](https://github.com/1N3/Sn1per) - Automated pentest framework for offensive security experts. :star:3123
- [noisy](https://github.com/1tayH/noisy) - Simple random DNS, HTTP/S internet traffic noise generator. :star:978
- [LITEDDOS](https://github.com/4L13199/LITEDDOS) - This Tool Is Supporting For DDOS Activities, The Way Is Typing Command : $ python2 islddos.py <ip> <port> <packet> example: $python2 islddos.py 104.27.190.77 8080 100 IP target: 104.27.190.77 port: 8080 packet:100 Made In indonesia Indonesia Security Lite. :star:21
- [LITESPAM](https://github.com/4L13199/LITESPAM) - Berisi Tools Spammer Dengan Berbagai Macam jenis Dengan Limit Tinggi Bahkan Unlimited. :star:65
- [hakkuframework](https://github.com/4shadoww/hakkuframework) - Hakku Framework penetration testing. :star:171
- [BeeLogger](https://github.com/4w4k3/BeeLogger) - Generate Gmail Emailing Keyloggers to Windows.. :star:474
- [KnockMail](https://github.com/4w4k3/KnockMail) - Verify if email exists. :star:47
- [Umbrella](https://github.com/4w4k3/Umbrella) - A Phishing Dropper designed to Pentest.. :star:157
- [mfterm](https://github.com/4ZM/mfterm) - Terminal for working with Mifare Classic 1-4k Tags. :star:94
- [djangohunter](https://github.com/hackatnow/djangohunter) - Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.. :star:194
- [shodanwave](https://github.com/hackatnow/shodanwave) - Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera. . :star:162
- [WebXploiter](https://github.com/a0xnirudh/WebXploiter) - WebXploiter - An OWASP Top 10 Security scanner !. :star:30
- [CrawlBox](https://github.com/abaykan/CrawlBox) - Easy way to brute-force web directory.. :star:93
- [TrackOut](https://github.com/abaykan/TrackOut) - Simple Python IP Tracker. :star:12
- [sslcaudit](https://github.com/abbbe/sslcaudit) - No description provided :star:17
- [Sublist3r](https://github.com/aboul3la/Sublist3r) - Fast subdomains enumeration tool for penetration testers. :star:4116
- [doork](https://github.com/AeonDave/doork) - Passive Vulnerability Auditor. :star:106
- [sir](https://github.com/AeonDave/sir) - Skype Ip Resolver. :star:6
- [xl-py](https://github.com/anggialberto/xl-py) - No description provided :star:24
- [netdiscover](https://github.com/alexxy/netdiscover) - netdiscover. :star:188

- [ATSCAN](https://github.com/AlisamTechnology/ATSCAN) - Advanced dork Search & Mass Exploit Scanner. :star:573
- [fuxploider](https://github.com/almandin/fuxploider) - File upload vulnerability scanner and exploitation tool.. :star:1380
- [ipwn](https://github.com/altjx/ipwn) - No description provided :star:108
- [w3af](https://github.com/andresriancho/w3af) - w3af: web application attack and audit framework, the open source web vulnerability scanner.. :star:2947
- [AndroBugs_Framework](https://github.com/AndroBugs/AndroBugs_Framework) - AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.. :star:705
- [roxysploit](https://github.com/andyvaikunth/roxysploit) - A Hackers framework. :star:12
- [PadBuster](https://github.com/AonCyberLabs/PadBuster) - Automated script for performing Padding Oracle attacks. :star:450
- [capstone](https://github.com/aquynh/capstone) - Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.. :star:3923
- [wirespy](https://github.com/aress31/wirespy) - Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).. :star:206
- [lscript](https://github.com/arismelachroinos/lscript) - The LAZY script will make your life easier, and of course faster.. :star:1847
- [ADB-Toolkit](https://github.com/ASHWIN990/ADB-Toolkit) - ADB-Toolkit V2 for easy ADB tricks with many perks in all one. ENJOY!. :star:12
- [Hunner](https://github.com/b3-v3r/Hunner) - Hacking framework. :star:109
- [Termux-Styling-Shell-Script](https://github.com/BagazMukti/Termux-Styling-Shell-Script) - Unofficial Termux Styling [ Bash ]. :star:2
- [killshot](https://github.com/bahaabdelwahed/killshot) - A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner. :star:133
- [admin-panel-finder](https://github.com/bdblackhat/admin-panel-finder) - A Python Script to find admin panel of a site. :star:49
- [beef](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project. :star:4631
- [Parsero](https://github.com/behindthefirewalls/Parsero) - Parsero | Robots.txt audit tool. :star:109
- [bettercap](https://github.com/bettercap/bettercap) - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.. :star:6448
- [bleachbit](https://github.com/bleachbit/bleachbit) - BleachBit system cleaner for Windows and Linux. :star:683
- [trape](https://github.com/jofpin/trape) - People tracker on the Internet: OSINT analysis and research tool by Jose Pino. :star:4439
- [gcat](https://github.com/byt3bl33d3r/gcat) - A PoC backdoor that uses Gmail as a C&C server. :star:1108
- [wfdroid-termux](https://github.com/bytezcrew/wfdroid-termux) - Android Terminal Web-Hacking Tools. :star:9
- [fbht](https://github.com/chinoogawa/fbht) - Facebook Hacking Tool. :star:313
- [netattack](https://github.com/chrizator/netattack) - A simple python script to scan and attack wireless networks.. :star:90
- [netattack2](https://github.com/chrizator/netattack2) - An advanced network scan and attack script based on GUI. 2nd version of no-GUI netattack. . :star:256
- [AUXILE](https://github.com/CiKu370/AUXILE) - Auxile Framework. :star:11
- [hash-generator](https://github.com/CiKu370/hash-generator) - beautiful hash generator. :star:0
- [hasher](https://github.com/CiKu370/hasher) - Hash cracker with auto detect hash. :star:20
- [ko-dork](https://github.com/CiKu370/ko-dork) - A simple vuln web scanner. :star:14
- [OSIF](https://github.com/CiKu370/OSIF) - Open Source Information Facebook. :star:290
- [WifiBruteCrack](https://github.com/cinquemb/WifiBruteCrack) - Program to attempt to brute force all wifi networks in range of a device, and return a possible set of networks to connect to and the password,. :star:18