Forwarded from Backup Legal Mega
Warning: Your phone can be locked to a service provider FOREVER by doing this! If an invalid code is entered all five times, the menu will exit and be deactivated! Any further attempt to activate the NCK/NSCK lock Menu will result in the response "Not allowed"! However the NCK/NSCK lock can be recover through a direct clearing in the EEPROM.
Shortcut for Last Dialed call menu
If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key
stroke instead: First '0' then '#'.
Message Report
When you are writing a message, place at the start of it the code *0# and continue with your message. It's job is like nokias report. It gives you information about the sended message.
388
*#06# for checking the IMEI (International Mobile Equipment Identity)
*#0000# to reset the phones menu-language to English.
>*<<*<* for checking the firmware revision information (software release)
>*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.(298 entries)
>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.(160 entries?)
The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.
To activate/deactivate this lock one needs a special secret code that is not available to the end user. (not even to you... or is it ? in case please let me know!)
<< Lock to Network? if pressing yes you have 5 attempts to enter NCK.
<<< Lock to Network subset? if pressing yes you have 5 attempts to enter NSCK.
Warning: Your phone can be locked to a service provider FOREVER by doing this! If an invalid code is entered all five times,the menu will exit and be deactivated! Any further attempt to activate the NCK/NSCK lock Menu will result in the response "Not allowed"! However the NCK/NSCK lock can be recover through a direct clearing in the EEPROM.
Shortcut for Last Dialed call menu...
If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key
stroke instead: First '0' then '#'.
Access menu without Sim card ...
To access to the menu in your phone without having a card inside do the following: type 04*0000*0000*0000# When display say "Wrong Pin" press NO and you have access to the all menus: Info, Access, Settings, Calculator, Clock, Keylock On?,Mail, Phone book. NOTE if you try this on the GH688 your phone may stop at Keylock On? menu and youΒ΄ll have to take your battery out to turn the phone on again.
GA628
*#06# for checking the IMEI (International Mobile Equipment Identity)
*#0000# to reset the phones menu-language to English.
*#103# then YES Time and date will be shown.
>*<<*<* for checking the firmware revision information (software release)
>*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.(298 entries)
>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.(160 entries?)
The Service Provider (SP) Lock
The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.
To activate/deactivate this lock one needs a special secret code that is not available to the end user.
Here is how to activate the menu:
<< Lock to Network? if pressing yes you have 5 attempts to enter NCK.
Shortcut for Last Dialed call menu
If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key
stroke instead: First '0' then '#'.
Message Report
When you are writing a message, place at the start of it the code *0# and continue with your message. It's job is like nokias report. It gives you information about the sended message.
388
*#06# for checking the IMEI (International Mobile Equipment Identity)
*#0000# to reset the phones menu-language to English.
>*<<*<* for checking the firmware revision information (software release)
>*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.(298 entries)
>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.(160 entries?)
The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.
To activate/deactivate this lock one needs a special secret code that is not available to the end user. (not even to you... or is it ? in case please let me know!)
<< Lock to Network? if pressing yes you have 5 attempts to enter NCK.
<<< Lock to Network subset? if pressing yes you have 5 attempts to enter NSCK.
Warning: Your phone can be locked to a service provider FOREVER by doing this! If an invalid code is entered all five times,the menu will exit and be deactivated! Any further attempt to activate the NCK/NSCK lock Menu will result in the response "Not allowed"! However the NCK/NSCK lock can be recover through a direct clearing in the EEPROM.
Shortcut for Last Dialed call menu...
If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key
stroke instead: First '0' then '#'.
Access menu without Sim card ...
To access to the menu in your phone without having a card inside do the following: type 04*0000*0000*0000# When display say "Wrong Pin" press NO and you have access to the all menus: Info, Access, Settings, Calculator, Clock, Keylock On?,Mail, Phone book. NOTE if you try this on the GH688 your phone may stop at Keylock On? menu and youΒ΄ll have to take your battery out to turn the phone on again.
GA628
*#06# for checking the IMEI (International Mobile Equipment Identity)
*#0000# to reset the phones menu-language to English.
*#103# then YES Time and date will be shown.
>*<<*<* for checking the firmware revision information (software release)
>*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.(298 entries)
>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.(160 entries?)
The Service Provider (SP) Lock
The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.
To activate/deactivate this lock one needs a special secret code that is not available to the end user.
Here is how to activate the menu:
<< Lock to Network? if pressing yes you have 5 attempts to enter NCK.
Forwarded from Backup Legal Mega
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
These countries has been reported working:
IT (model: F16 HW: 5.2 SW: 2.1)
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Pin Outs
Numbered right to left, keypad up, battery down looking
1. Gnd
2. Pos
3. True data (TD) (input)
4. Complimentary data (CD) (input)
5. Return data (RD) (output)
6. Audio gnd
7. Audio out
8. Audioin
Motorola 8200
--------------
(Note: pause means the * key held in until box appears)
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.
De-activate RBS
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
These countries has been reported working:
ES, AU, NL, BE
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Pin Outs
Numbered right to left, keypad up, battery down looking
1. Audio Ground
2. V+
3. True data (TD) (input)
4. Downlink - Complimentary data (CD) (input)
5. Uplink - Return data (RD) (output)
6. GND
7. Audio Out - on/off
8. Audio In
9. Manual Test - ???
10. Battery Feedback
11. Antenna connector
Motorola 8400
-------------
(Note: pause means the * key held in until box appears)
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.
De-activate RBS
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
These countries has been reported working:
ES, AU, NL, BE
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Pin Outs
Numbered right to left, keypad up, battery down looking
1. Audio Ground
2. V+
3. True data (TD) (input)
4. Downlink - Complimentary data (CD) (input)
5. Uplink - Return data (RD) (output)
6. GND
7. Audio Out - on/off
8. Audio In
9. Manual Test - ???
10. Battery Feedback
11. Antenna connector
Motorola 8700
--------------
*#06# for checking the IMEI (International Mobile Equipment Identity)
Activate RBS
[pause] 0 [pause] [ok]
This only works with some versions of software.
These countries has been reported working:
IT (model: F16 HW: 5.2 SW: 2.1)
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Pin Outs
Numbered right to left, keypad up, battery down looking
1. Gnd
2. Pos
3. True data (TD) (input)
4. Complimentary data (CD) (input)
5. Return data (RD) (output)
6. Audio gnd
7. Audio out
8. Audioin
Motorola 8200
--------------
(Note: pause means the * key held in until box appears)
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.
De-activate RBS
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
These countries has been reported working:
ES, AU, NL, BE
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Pin Outs
Numbered right to left, keypad up, battery down looking
1. Audio Ground
2. V+
3. True data (TD) (input)
4. Downlink - Complimentary data (CD) (input)
5. Uplink - Return data (RD) (output)
6. GND
7. Audio Out - on/off
8. Audio In
9. Manual Test - ???
10. Battery Feedback
11. Antenna connector
Motorola 8400
-------------
(Note: pause means the * key held in until box appears)
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.
De-activate RBS
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
These countries has been reported working:
ES, AU, NL, BE
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Pin Outs
Numbered right to left, keypad up, battery down looking
1. Audio Ground
2. V+
3. True data (TD) (input)
4. Downlink - Complimentary data (CD) (input)
5. Uplink - Return data (RD) (output)
6. GND
7. Audio Out - on/off
8. Audio In
9. Manual Test - ???
10. Battery Feedback
11. Antenna connector
Motorola 8700
--------------
*#06# for checking the IMEI (International Mobile Equipment Identity)
Activate RBS
Forwarded from Backup Legal Mega
(Note: pause means the * key held in until box appears)
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.
De-activate RBS
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
These countries has been reported working:
AU, IT, SG, DE, ES, ZA
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Motorola CD 160
---------------
Press menu and type one of these numbers and press OK:
11 = Status Review
13 = Available Networks
14 = Preferred Networks
22 = Select Keypad Tones
25 = Require SIM Card PIN
26 = Language Selection
32 = Repetitive Timer
33 = Single Alert Timer
34 = Set IN-Call Display
35 = Show Call Timers
36 = Show Call Charges
37 = Call Charge Settings
38 = Reset All Timers
43 = Reset All Timers
45 = Show Last Call
46 = Total For All Calls
47 = Lifetime Timer
51 = Change Unlock Code
52 = Master Reset
53 = Master Clear (Warning!! May result in deleting the Message Editor!!!)
54 = New Security Code
55 = Automatic Lock
63 = Battery Saving Mode
Free call tip
1 Enter the phone number
2 Enter OK
3 Type *#06#
4 Press Button C
5 And finally press the button for power off.
You should now be able to talk without being billed.
Motorola CD 520
----------------
Press menu and type one of these numbers and press OK:
11 = Status Review
13 = Available Networks
14 = Preferred Networks
22 = Select Keypad Tones
25 = Require SIM Card PIN
26 = Language Selection
32 = Repetitive Timer
33 = Single Alert Timer
34 = Set IN-Call Display
35 = Show Call Timers
36 = Show Call Charges
37 = Call Charge Settings
38 = Reset All Timers
43 = Reset All Timers
45 = Show Last Call
46 = Total For All Calls
47 = Lifetime Timer
51 = Change Unlock Code
52 = Master Reset
53 = Master Clear (Warning!! May result in deleting the Message Editor!!!)
54 = New Security Code
55 = Automatic Lock
63 = Battery Saving Mode
Free call tip
1 Enter the phone number
2 Enter OK
3 Type *#06#
4 Press Button C
5 And finally press the button for power off.
You should now be able to talk without being billed.
Motorola d460
--------------
#06# for checking the IMEI (International Mobile Equipment Identity)
Activate RBS
(Note: pause means the * key held in until box appears)
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.
De-activate RBS
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Motorola V3688
---------------
#06# for checking the IMEI (International Mobile Equipment Identity)
Enhanced Full Rate Codec (EFR):
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.
De-activate RBS
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
These countries has been reported working:
AU, IT, SG, DE, ES, ZA
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Motorola CD 160
---------------
Press menu and type one of these numbers and press OK:
11 = Status Review
13 = Available Networks
14 = Preferred Networks
22 = Select Keypad Tones
25 = Require SIM Card PIN
26 = Language Selection
32 = Repetitive Timer
33 = Single Alert Timer
34 = Set IN-Call Display
35 = Show Call Timers
36 = Show Call Charges
37 = Call Charge Settings
38 = Reset All Timers
43 = Reset All Timers
45 = Show Last Call
46 = Total For All Calls
47 = Lifetime Timer
51 = Change Unlock Code
52 = Master Reset
53 = Master Clear (Warning!! May result in deleting the Message Editor!!!)
54 = New Security Code
55 = Automatic Lock
63 = Battery Saving Mode
Free call tip
1 Enter the phone number
2 Enter OK
3 Type *#06#
4 Press Button C
5 And finally press the button for power off.
You should now be able to talk without being billed.
Motorola CD 520
----------------
Press menu and type one of these numbers and press OK:
11 = Status Review
13 = Available Networks
14 = Preferred Networks
22 = Select Keypad Tones
25 = Require SIM Card PIN
26 = Language Selection
32 = Repetitive Timer
33 = Single Alert Timer
34 = Set IN-Call Display
35 = Show Call Timers
36 = Show Call Charges
37 = Call Charge Settings
38 = Reset All Timers
43 = Reset All Timers
45 = Show Last Call
46 = Total For All Calls
47 = Lifetime Timer
51 = Change Unlock Code
52 = Master Reset
53 = Master Clear (Warning!! May result in deleting the Message Editor!!!)
54 = New Security Code
55 = Automatic Lock
63 = Battery Saving Mode
Free call tip
1 Enter the phone number
2 Enter OK
3 Type *#06#
4 Press Button C
5 And finally press the button for power off.
You should now be able to talk without being billed.
Motorola d460
--------------
#06# for checking the IMEI (International Mobile Equipment Identity)
Activate RBS
(Note: pause means the * key held in until box appears)
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.
De-activate RBS
To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.
What's the use of RBS:
Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.
Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.
Motorola V3688
---------------
#06# for checking the IMEI (International Mobile Equipment Identity)
Enhanced Full Rate Codec (EFR):
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy ) :
π¦REQUIREMENTS :
Arduino Software
TeensyDuino
Linux udev rules
π¦INSTALLISATION & RUN :
1) Copy and paste the PaensyLib folder inside your Arduino\libraries
> git clone https://github.com/Screetsec/Brutal.git
2) cd Brutal
3) chmod +x Brutal.sh
4) sudo ./Brutal.sh or sudo su ./Brutal.sh
π¦Tested by undercode
> parrot-kali
> rooted termux
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy ) :
π¦REQUIREMENTS :
Arduino Software
TeensyDuino
Linux udev rules
π¦INSTALLISATION & RUN :
1) Copy and paste the PaensyLib folder inside your Arduino\libraries
> git clone https://github.com/Screetsec/Brutal.git
2) cd Brutal
3) chmod +x Brutal.sh
4) sudo ./Brutal.sh or sudo su ./Brutal.sh
π¦Tested by undercode
> parrot-kali
> rooted termux
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - screetsec/Brutal: Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HIDβ¦
Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,pow...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Process injections in action- examples :
1) DoublePulsar
An analysis of the kernel mode payload of the famous DoublePulsar code by F-Secure revealed that it utilizes a form of DLL injection to load a DLL into a target process (in this case, lsass.exe) using an Asynchronous Procedure Call (APC). It did not utilize the standard Windows API commands such as LoadLibrary and did not write the DLL to disk, making it stealthier.
2) Cobalt Strike
Cobalt Strike is a penetration testing software that was designed to execute targeted attacks and emulate post-exploitations actions of advanced threat actors through a listener called a beacon.
> Cobalt Strike commands such as keylogger, screenshot and so on were designed to be injected into another process for it to work. The listener is injected into a specific process (a personal favorite is explorer.exe because the process is always running in a GUI environment) and the keystroke logger will monitor all keystrokes via the infected process. It then reports them to the beacon console without writing to disk. This only stops when the process terminates or the keystroke logger job is terminated by the user.
3) Lazarus Group
The Lazarus Group (also known as βHidden Cobraβ) is a threat group headquartered in North Korea whose malicious activities span across multiple years, as far back as 2009. Since 2016, the group has been conducting βFASTCashβ attacks β stealing money from ATMs from target banks in Africa and Asia. The target bankβs network is compromised and a malware known as Trojan.Fashcash is deployed on the network.
> An analysis of the malware reveals that malicious Advanced Interactive eXecutive (βAIXβ) executable files are injected into legitimate processes on the payment application servers used in handling ATM transactions. The executable allows the group to monitor, intercept and generate responses to fraudulent transaction requests using fake ISO 8583 (standard used for financial transaction messaging) messages. This allows attempts to withdraw cash via an ATM to be successful.
4) APT41
APT41 is a threat group headquartered in China and known for carrying out Chinese state-sponsored espionage campaigns dating as far back as 2012.
π¦The group is known for its software supply chain attacks, where TTPs developed from accessing video game production environments are utilized. These TTPs are used to compromise software companies and malicious codes are injected into software updates distributed to victim organizations.
5) WINTERLOVE is a backdoor used by the group to load and execute remote code in a running process (e.g., iexplorer.exe) and can be used to enumerate system files and directories.
6) Mitigation/prevention
DLL injection is not necessarily a bad technique as many applications use it for legitimate purposes such as your Antivirus/Endpoint Detection and Response (βEDRβ)7 solutions which inject their own codes/agents into running processes in order to monitor the process and detect abnormal activities. Therefore, making it hard to detect especially since it runs under a legitimate process.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Process injections in action- examples :
1) DoublePulsar
An analysis of the kernel mode payload of the famous DoublePulsar code by F-Secure revealed that it utilizes a form of DLL injection to load a DLL into a target process (in this case, lsass.exe) using an Asynchronous Procedure Call (APC). It did not utilize the standard Windows API commands such as LoadLibrary and did not write the DLL to disk, making it stealthier.
2) Cobalt Strike
Cobalt Strike is a penetration testing software that was designed to execute targeted attacks and emulate post-exploitations actions of advanced threat actors through a listener called a beacon.
> Cobalt Strike commands such as keylogger, screenshot and so on were designed to be injected into another process for it to work. The listener is injected into a specific process (a personal favorite is explorer.exe because the process is always running in a GUI environment) and the keystroke logger will monitor all keystrokes via the infected process. It then reports them to the beacon console without writing to disk. This only stops when the process terminates or the keystroke logger job is terminated by the user.
3) Lazarus Group
The Lazarus Group (also known as βHidden Cobraβ) is a threat group headquartered in North Korea whose malicious activities span across multiple years, as far back as 2009. Since 2016, the group has been conducting βFASTCashβ attacks β stealing money from ATMs from target banks in Africa and Asia. The target bankβs network is compromised and a malware known as Trojan.Fashcash is deployed on the network.
> An analysis of the malware reveals that malicious Advanced Interactive eXecutive (βAIXβ) executable files are injected into legitimate processes on the payment application servers used in handling ATM transactions. The executable allows the group to monitor, intercept and generate responses to fraudulent transaction requests using fake ISO 8583 (standard used for financial transaction messaging) messages. This allows attempts to withdraw cash via an ATM to be successful.
4) APT41
APT41 is a threat group headquartered in China and known for carrying out Chinese state-sponsored espionage campaigns dating as far back as 2012.
π¦The group is known for its software supply chain attacks, where TTPs developed from accessing video game production environments are utilized. These TTPs are used to compromise software companies and malicious codes are injected into software updates distributed to victim organizations.
5) WINTERLOVE is a backdoor used by the group to load and execute remote code in a running process (e.g., iexplorer.exe) and can be used to enumerate system files and directories.
6) Mitigation/prevention
DLL injection is not necessarily a bad technique as many applications use it for legitimate purposes such as your Antivirus/Endpoint Detection and Response (βEDRβ)7 solutions which inject their own codes/agents into running processes in order to monitor the process and detect abnormal activities. Therefore, making it hard to detect especially since it runs under a legitimate process.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is the system shutdown/reboot attack technique?
1) System shutdown and reboot is something that everyone who has touched a PC is at least familiar with. Attackers can use this feature to cause interruption to system access or in furtherance of target system destruction.
2) For the most part, when attackers use this technique, they are not using the shutdown/reboot button located in the Windows Start menu (unless they are remoted into a system unbeknownst to the user) but rather use commands to shutdown/reboot. No matter which method is used, the result is the same β disrupting access to computer-based resources of target system users.
3) Attackers may incorporate this attack technique after other techniques are used to impact the target system, such as with the inhibit system recovery and disk structure wipe attacks. When system shutdown/reboot is used in this way, it is intended to quicken denial of system availability in order to support these previously used attack techniques β sort of like a supplementary attack technique. The system shutdown/reboot attack technique is useful for adversaries and can be frustrating for legitimate users (to say the least!).
π¦ The danger of abuse of system features :
1) Before we discuss the shutdown attack in any detail, we first should discuss what makes it so dangerous.
2) This attack technique is considered an abuse of system features technique. What this means is that the attacker or malicious hacker is leveraging the inherent features of the compromised system against itself. Unfortunately for compromised user systems, there is no counter-move to system shutdown/reboot because it is about as essential as information input through a keyboard or mouse.
@UndercodeTesting
> sourcewiki
1) System shutdown and reboot is something that everyone who has touched a PC is at least familiar with. Attackers can use this feature to cause interruption to system access or in furtherance of target system destruction.
2) For the most part, when attackers use this technique, they are not using the shutdown/reboot button located in the Windows Start menu (unless they are remoted into a system unbeknownst to the user) but rather use commands to shutdown/reboot. No matter which method is used, the result is the same β disrupting access to computer-based resources of target system users.
3) Attackers may incorporate this attack technique after other techniques are used to impact the target system, such as with the inhibit system recovery and disk structure wipe attacks. When system shutdown/reboot is used in this way, it is intended to quicken denial of system availability in order to support these previously used attack techniques β sort of like a supplementary attack technique. The system shutdown/reboot attack technique is useful for adversaries and can be frustrating for legitimate users (to say the least!).
π¦ The danger of abuse of system features :
1) Before we discuss the shutdown attack in any detail, we first should discuss what makes it so dangerous.
2) This attack technique is considered an abuse of system features technique. What this means is that the attacker or malicious hacker is leveraging the inherent features of the compromised system against itself. Unfortunately for compromised user systems, there is no counter-move to system shutdown/reboot because it is about as essential as information input through a keyboard or mouse.
@UndercodeTesting
> sourcewiki
π¦What is MITRE ATT&CK?
1) MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base β including cybersecurity.
2) To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use
1) MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base β including cybersecurity.
2) To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Real-world examples of system shutdown/reboot attack techniqu
Different attack groups and threats have used this attack technique in different ways, all toward the same end β interrupting system availability during the course of an attack.
1) APT37
This cyber-espionage group is suspected of being North Korea-based and has been around since 2012, with its targets being mainly in Asia. In their βAre you Happy?β campaign, they used a Master Boot Record (MBR) wiping technique followed by the command shutdown /r /t 1 to reboot target systems as the proverbial icing on the cake.
2) LockerGoga
LockerGoga is ransomware that has been wreaking havoc on industrial and manufacturing organizations in Europe. This relatively new ransomware has been observed shutting down infected systems. Because it targets high-stakes and critical infrastructure, shutdown is even more damaging than for non-critical infrastructure organizations.
4) NotPetya
Originally categorized as a type of ransomware, it appears that its attackers never planned on making the data it encrypts recoverable, making it more of a wiper malware. First spotted in June of 2017, NotPetya is known to reboot systems one hour after infection.
5) The problem with mitigation
As mentioned earlier in this article, this attack is an abuse of system features attack. Abuse of system features-based attacks cannot be effectively mitigated because they take advantage of legitimate, necessary features.
6) Detection of system shutdown/reboot
Unlike mitigation, system shutdown/reboot can be detected by a couple of methods. First, process monitoring should be used to monitor command line parameters involved in this attack technique and execution. Second, Windows event logs are capable of capturing evidence of this attack technique: monitor for Window event IDs 1074 and 6006.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Real-world examples of system shutdown/reboot attack techniqu
Different attack groups and threats have used this attack technique in different ways, all toward the same end β interrupting system availability during the course of an attack.
1) APT37
This cyber-espionage group is suspected of being North Korea-based and has been around since 2012, with its targets being mainly in Asia. In their βAre you Happy?β campaign, they used a Master Boot Record (MBR) wiping technique followed by the command shutdown /r /t 1 to reboot target systems as the proverbial icing on the cake.
2) LockerGoga
LockerGoga is ransomware that has been wreaking havoc on industrial and manufacturing organizations in Europe. This relatively new ransomware has been observed shutting down infected systems. Because it targets high-stakes and critical infrastructure, shutdown is even more damaging than for non-critical infrastructure organizations.
4) NotPetya
Originally categorized as a type of ransomware, it appears that its attackers never planned on making the data it encrypts recoverable, making it more of a wiper malware. First spotted in June of 2017, NotPetya is known to reboot systems one hour after infection.
5) The problem with mitigation
As mentioned earlier in this article, this attack is an abuse of system features attack. Abuse of system features-based attacks cannot be effectively mitigated because they take advantage of legitimate, necessary features.
6) Detection of system shutdown/reboot
Unlike mitigation, system shutdown/reboot can be detected by a couple of methods. First, process monitoring should be used to monitor command line parameters involved in this attack technique and execution. Second, Windows event logs are capable of capturing evidence of this attack technique: monitor for Window event IDs 1074 and 6006.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ EDU ACCOUNTS β
β
:
sandra.ley@asu.edu:sandraley:imap.asu.edu
jtodt@nd.edu:maddux:imap-mail.nd.edu
jtbarott@ncsu.edu:molly:imap.ncsu.edu
matthew-kimsey@utc.edu:kmznooga:imap-mail.utc.edu
jth97001@uconn.edu:celtic:imap.uconn.edu
jta5y7@umsl.edu:miller:imap.umsl.edu
[matthew-brown@utc.edu](http://matthew-brown@utc.edu/):7777777:imap-mail.utc.edu
matthew-sanders@utc.edu:mrsdb03:imap-mail.utc.edu
matthew-pewsey@utc.edu:timex441:imap-mail.utc.edu
jtd0717@ecu.edu:j599223:imap.ecu.edu
jtjohns@bgnet.bgsu.edu:footbal$:imap.bgnet.bgsu.edu
[johnkkim@usc.edu:carnekaitlynkeyes@aol.com](http://johnkkim@usc.edu:carnekaitlynkeyes@aol.com/):allison:imap.aol.com
makmoo11@ku.edu:wer:imap.ku.edu
coff0076@umn.edu:sashadog84:imap.umn.edu
matthew-palumbo@utc.edu:aug1987:imap-mail.utc.edu
mcuster1@utk.edu:gladiator4:imap.utk.edu
jtrogers@usc.edu:beinboy:imap-mail.usc.edu
matt\brammer@baylor.edu:chevelle:imap-mail.baylor.edu
mcgillk@udel.edu:3510:imap.udel.edu
matt_giadrosich@baylor.edu:matt420:imap-mail.baylor.edu
coffeyma@email.uc.edu:heather:imap.email.uc.edu
coffett@auburn.edu:island:imap-mail.auburn.edu
coffeya@uwec.edu:1tagger.:imap.uwec.edu
coffeya@msoe.edu:drunken :imap.msoe.edu
juagardn@indiana.edu:9th47th:imap.indiana.edu
coffeya@msoe.edu:drunken:imap.msoe.edu
coffeyc@mville.edu:decaf2:imap.mville.edu
π¦ lOGIN HERE > https://www.office.com/
> non cracked by us
sandra.ley@asu.edu:sandraley:imap.asu.edu
jtodt@nd.edu:maddux:imap-mail.nd.edu
jtbarott@ncsu.edu:molly:imap.ncsu.edu
matthew-kimsey@utc.edu:kmznooga:imap-mail.utc.edu
jth97001@uconn.edu:celtic:imap.uconn.edu
jta5y7@umsl.edu:miller:imap.umsl.edu
[matthew-brown@utc.edu](http://matthew-brown@utc.edu/):7777777:imap-mail.utc.edu
matthew-sanders@utc.edu:mrsdb03:imap-mail.utc.edu
matthew-pewsey@utc.edu:timex441:imap-mail.utc.edu
jtd0717@ecu.edu:j599223:imap.ecu.edu
jtjohns@bgnet.bgsu.edu:footbal$:imap.bgnet.bgsu.edu
[johnkkim@usc.edu:carnekaitlynkeyes@aol.com](http://johnkkim@usc.edu:carnekaitlynkeyes@aol.com/):allison:imap.aol.com
makmoo11@ku.edu:wer:imap.ku.edu
coff0076@umn.edu:sashadog84:imap.umn.edu
matthew-palumbo@utc.edu:aug1987:imap-mail.utc.edu
mcuster1@utk.edu:gladiator4:imap.utk.edu
jtrogers@usc.edu:beinboy:imap-mail.usc.edu
matt\brammer@baylor.edu:chevelle:imap-mail.baylor.edu
mcgillk@udel.edu:3510:imap.udel.edu
matt_giadrosich@baylor.edu:matt420:imap-mail.baylor.edu
coffeyma@email.uc.edu:heather:imap.email.uc.edu
coffett@auburn.edu:island:imap-mail.auburn.edu
coffeya@uwec.edu:1tagger.:imap.uwec.edu
coffeya@msoe.edu:drunken :imap.msoe.edu
juagardn@indiana.edu:9th47th:imap.indiana.edu
coffeya@msoe.edu:drunken:imap.msoe.edu
coffeyc@mville.edu:decaf2:imap.mville.edu
π¦ lOGIN HERE > https://www.office.com/
> non cracked by us
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best free office :
https://microsoft-us.evyy.net/c/221109/190407/3327?subId1=trd-8953582031285387000&u=https%3A%2F%2Fproducts.office.com%2Fen-us%2Foffice-online%2Fdocuments-spreadsheets-presentations-office-online
https://www.google.co.uk/docs/about/
https://www.freeoffice.com/
https://www.wps.com/
https://www.libreoffice.org/download/download/
https://www.polarisoffice.com/en/office
https://www.zoho.com/workplace/pricing.html
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best free office :
https://microsoft-us.evyy.net/c/221109/190407/3327?subId1=trd-8953582031285387000&u=https%3A%2F%2Fproducts.office.com%2Fen-us%2Foffice-online%2Fdocuments-spreadsheets-presentations-office-online
https://www.google.co.uk/docs/about/
https://www.freeoffice.com/
https://www.wps.com/
https://www.libreoffice.org/download/download/
https://www.polarisoffice.com/en/office
https://www.zoho.com/workplace/pricing.html
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Microsoft
Free Microsoft Office online, Word, Excel, PowerPoint, formerly Office Online
With Microsoft 365 for the web (formally Office 365) you can edit and share Word, Excel, PowerPoint, and OneNote files on your devices using a web browser.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 popular ide & code editor for android :
https://play.google.com/store/apps/details?id=com.aor.droidedit&hl=en > free
https://play.google.com/store/apps/details?id=xyz.iridiumion.enlightened > free
http://sololearn.com/
https://play.google.com/store/apps/details?id=com.foxdebug.acode >paid
https://play.google.com/store/apps/details?id=com.ashvin777.apps.jsitor&hl=en >paid
https://github.com/jecelyin/920-text-editor-v2 > free
https://spck.io/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 popular ide & code editor for android :
https://play.google.com/store/apps/details?id=com.aor.droidedit&hl=en > free
https://play.google.com/store/apps/details?id=xyz.iridiumion.enlightened > free
http://sololearn.com/
https://play.google.com/store/apps/details?id=com.foxdebug.acode >paid
https://play.google.com/store/apps/details?id=com.ashvin777.apps.jsitor&hl=en >paid
https://github.com/jecelyin/920-text-editor-v2 > free
https://spck.io/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Troubleshooting Slow Networks with Wireshark 956 MB
https://www.pluralsight.com/courses/troubleshooting-slow-networks-wireshark
>Download<
https://www.pluralsight.com/courses/troubleshooting-slow-networks-wireshark
>Download<
Pluralsight
Troubleshooting Slow Networks with Wireshark
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best Game Hacker Android Apps 2020 (No Root)
https://gamekiller.co/
https://sbgamehacker.net/
https://creehacks.net/
https://www.luckypatchers.com/
http://leoplaycard.info/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best Game Hacker Android Apps 2020 (No Root)
https://gamekiller.co/
https://sbgamehacker.net/
https://creehacks.net/
https://www.luckypatchers.com/
http://leoplaycard.info/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Advanced dork Search & Mass Exploit Scanner
> rooted termux/linux
π¦FEATURES :
Engines: Google apis cache Bing Ask Yandex Sogou Exalead Shodan
β Mass Dork Search
β Multiple instant scans.
β Mass Exploitation
β Use proxy.
β Random user agent.
β Random engine.
β Mass Extern commands execution.
β Exploits and issues search.
β XSS / SQLI / LFI / AFD scanner.
β Filter wordpress & Joomla sites.
β Wordpress theme and plugin detection.
β Find Admin page.
β Decode / Encode Base64 / MD5
β Ports scan.
β Collect IPs
β Collect E-mails.
β Auto detect errors.
β Auto detect forms.
β Auto detect Cms.
β Post data.
β Auto sequence repeater.
β Validation.
β Post and Get method
β IP Localisation
β Issues and Exploit search
β Interactive and Normal interface.
β And more...
π¦INSTALLISATION & RUN :
1) git clone https://github.com/AlisamTechnology/ATSCAN
2) cd ATSCAN
3) chmod +x ./atscan.pl
4) chmod +x ./install.sh
5) ./install.sh
6) Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan
β vERIFIED BY uNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Advanced dork Search & Mass Exploit Scanner
> rooted termux/linux
π¦FEATURES :
Engines: Google apis cache Bing Ask Yandex Sogou Exalead Shodan
β Mass Dork Search
β Multiple instant scans.
β Mass Exploitation
β Use proxy.
β Random user agent.
β Random engine.
β Mass Extern commands execution.
β Exploits and issues search.
β XSS / SQLI / LFI / AFD scanner.
β Filter wordpress & Joomla sites.
β Wordpress theme and plugin detection.
β Find Admin page.
β Decode / Encode Base64 / MD5
β Ports scan.
β Collect IPs
β Collect E-mails.
β Auto detect errors.
β Auto detect forms.
β Auto detect Cms.
β Post data.
β Auto sequence repeater.
β Validation.
β Post and Get method
β IP Localisation
β Issues and Exploit search
β Interactive and Normal interface.
β And more...
π¦INSTALLISATION & RUN :
1) git clone https://github.com/AlisamTechnology/ATSCAN
2) cd ATSCAN
3) chmod +x ./atscan.pl
4) chmod +x ./install.sh
5) ./install.sh
6) Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan
β vERIFIED BY uNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β