β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack wifi git topic :
> WireSpy enables the automation of various WiFi attacks to conduct Man-In-The-Middle-Attacks (MITMAs).
π¦FEATURES :
1-Capture victims' traffic.
2-MAC address spoofing.
3-Set-up honeypot and evil twin attacks.
4-Show the list of in range access points.
5-Wireless adapter|card|dongle power amplification.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½
1) git clone https://github.com/aress31/wirespy
2) cd wirespy
3) $ chmod +x wirespy.sh
4) Run the script with root privileges:
$ sudo ./wirespy.sh
β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack wifi git topic :
> WireSpy enables the automation of various WiFi attacks to conduct Man-In-The-Middle-Attacks (MITMAs).
π¦FEATURES :
1-Capture victims' traffic.
2-MAC address spoofing.
3-Set-up honeypot and evil twin attacks.
4-Show the list of in range access points.
5-Wireless adapter|card|dongle power amplification.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½
1) git clone https://github.com/aress31/wirespy
2) cd wirespy
3) $ chmod +x wirespy.sh
4) Run the script with root privileges:
$ sudo ./wirespy.sh
β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - aress31/wirespy: Framework designed to automate various wireless networks attacks (the project was presented on Pentesterβ¦
Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017). - aress31/wirespy
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Speed ββoptimization-Detailed network configuration file for tuning the performance of LINUX network by undercode :
1) In "Debugging Tools for Tuning Linux Network Performance", we introduced route , Netstat, tcpdump three network tuning test tools and their achievable functions. In this article, we will focus on the contents of the network configuration files to help you understand these files.
/etc/modules.conf file
2) This configuration file defines the parameter information of various modules that need to be loaded at startup. Here we mainly focus on the configuration of the network card. In order to reduce the problems that may occur during startup, the Linux kernel will not automatically detect multiple network cards. For a system that does not compile the driver of the network card into the kernel but dynamically loads it as a module, if multiple network cards need to be installed, the corresponding configuration should be made in the "modules.conf" file. If the device driver is compiled as a module (kernel module): for PCI devices, the module will automatically detect all devices that have been installed on the system; for ISA cards, you need to provide the module with an IO address so that the module knows where Look for the card, the information is provided in "/etc/conf.modules".
3) For example, we have two 3c509 cards with ISA bus, one IO address is 0x300 and the other is 0x320. Edit the "modules.conf" file as follows:
alias eth0 3c509
alias eth1 3c509
options 3c509 io=0x300,0x320
4) For PCI cards, you only need the alias command to associate ethN with the appropriate driver module name, and the IO address of the PCI card will be automatically Detected. For PCI cards, edit the "modules.conf" file as follows:
alias eth0 3c905
alias eth1 3c905
5) If the driver has been compiled into the kernel: the PCI detection program at system startup will automatically find all related network cards. The ISA card can also be automatically detected, but in some cases, the ISA card still needs to do the following configuration work: add configuration information in "/etc/lilo.conf", the method is to start the parameters through the LILO program The information is passed to the kernel. For the ISA card, edit the "lilo.conf" file and add the following content:
append=" ether="0,0,eth0 ether="0,0,eth1"
/etc/sysconfig/network-scripts/ifcfg-ethN file
6) in In RedHat, the configuration file of the system network device is saved in "/etc/sysconfig/network-scripts" In the directory, ifcfg-eth0 contains the configuration information of the first network card, ifcfg-eth1 contains the configuration information of the second network card, etc. If you want to manually modify the network address or add a new network interface on a new interface, you can modify the corresponding File (ifcfg-ethN) or create a new file to achieve.
DEVICE=name name indicates the name of the physical device
IPADDR=addr addr indicates the IP address assigned to the card
NETMASK=mask mask indicates the network mask
NETWORK=addr addr indicates the network address
BROADCAST=addr addr indicates the broadcast address
ONBOOT=yes/no Whether to activate the card
none: no need to start the protocol
bootp: use bootp protocol
dhcp: Use dhcp protocol
USERCTL=yes/no to allow non-root users to control the device
/etc/resolv.conf file
7) This file is a configuration file used by a domain name resolver (resolver, a library that resolves IP addresses based on host name), Examples are as follows:
search domainname.com
nameserver 208.164.186.1
nameserver 208.164.186.2
8) "search domainname.com" means that when a host name that does not include a full domain name is provided, add the suffix of domainname.com after the host name; "nameserver" Indicates that the host specified by this address is the domain name server when resolving the domain name. The domain name server is queried in the order of appearance in the file.
/etc/host.conf file
π¦Speed ββoptimization-Detailed network configuration file for tuning the performance of LINUX network by undercode :
1) In "Debugging Tools for Tuning Linux Network Performance", we introduced route , Netstat, tcpdump three network tuning test tools and their achievable functions. In this article, we will focus on the contents of the network configuration files to help you understand these files.
/etc/modules.conf file
2) This configuration file defines the parameter information of various modules that need to be loaded at startup. Here we mainly focus on the configuration of the network card. In order to reduce the problems that may occur during startup, the Linux kernel will not automatically detect multiple network cards. For a system that does not compile the driver of the network card into the kernel but dynamically loads it as a module, if multiple network cards need to be installed, the corresponding configuration should be made in the "modules.conf" file. If the device driver is compiled as a module (kernel module): for PCI devices, the module will automatically detect all devices that have been installed on the system; for ISA cards, you need to provide the module with an IO address so that the module knows where Look for the card, the information is provided in "/etc/conf.modules".
3) For example, we have two 3c509 cards with ISA bus, one IO address is 0x300 and the other is 0x320. Edit the "modules.conf" file as follows:
alias eth0 3c509
alias eth1 3c509
options 3c509 io=0x300,0x320
4) For PCI cards, you only need the alias command to associate ethN with the appropriate driver module name, and the IO address of the PCI card will be automatically Detected. For PCI cards, edit the "modules.conf" file as follows:
alias eth0 3c905
alias eth1 3c905
5) If the driver has been compiled into the kernel: the PCI detection program at system startup will automatically find all related network cards. The ISA card can also be automatically detected, but in some cases, the ISA card still needs to do the following configuration work: add configuration information in "/etc/lilo.conf", the method is to start the parameters through the LILO program The information is passed to the kernel. For the ISA card, edit the "lilo.conf" file and add the following content:
append=" ether="0,0,eth0 ether="0,0,eth1"
/etc/sysconfig/network-scripts/ifcfg-ethN file
6) in In RedHat, the configuration file of the system network device is saved in "/etc/sysconfig/network-scripts" In the directory, ifcfg-eth0 contains the configuration information of the first network card, ifcfg-eth1 contains the configuration information of the second network card, etc. If you want to manually modify the network address or add a new network interface on a new interface, you can modify the corresponding File (ifcfg-ethN) or create a new file to achieve.
DEVICE=name name indicates the name of the physical device
IPADDR=addr addr indicates the IP address assigned to the card
NETMASK=mask mask indicates the network mask
NETWORK=addr addr indicates the network address
BROADCAST=addr addr indicates the broadcast address
ONBOOT=yes/no Whether to activate the card
none: no need to start the protocol
bootp: use bootp protocol
dhcp: Use dhcp protocol
USERCTL=yes/no to allow non-root users to control the device
/etc/resolv.conf file
7) This file is a configuration file used by a domain name resolver (resolver, a library that resolves IP addresses based on host name), Examples are as follows:
search domainname.com
nameserver 208.164.186.1
nameserver 208.164.186.2
8) "search domainname.com" means that when a host name that does not include a full domain name is provided, add the suffix of domainname.com after the host name; "nameserver" Indicates that the host specified by this address is the domain name server when resolving the domain name. The domain name server is queried in the order of appearance in the file.
/etc/host.conf file
9) This file specifies how to resolve the host name. Linux uses the parser library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host.conf":
order bind, hosts
γγmulti on
γγospoof on
10) "order bind, hosts" specifies the order of the host name query, here it is specified that DNS is used to resolve the domain name, and then query "/etc/ hosts" file (or vice versa).
"Multi on" specifies whether the host specified in the "/etc/hosts" file can have multiple addresses, and hosts with multiple IP addresses are generally called multi-hole hosts.
"Nospoof on" means that IP address spoofing of the server is not allowed. IP spoofing is a means of attacking the security of the system, by disguising the IP address as another computer to gain the trust of other computers.
/etc/hosts file
11) When the machine starts, before the DNS can be queried, the machine needs to look up some host name to IP address matches. The matching information is stored in the /etc/hosts file. In the absence of a domain name server, all network programs on the system resolve the IP address corresponding to a host name by querying the file.
The following is an example of the "/etc/hosts" file:
γγIP Address Hostname Alias
γγ127.0.0.1 Localhost Gate.openarch.com
γγ208.164.186.1 gate.openarch.com Gate
γγ..........................................
The leftmost column is Host IP information, the middle column is the host name. Any subsequent columns are aliases for that host. Once the network configuration file of the machine is configured, the network should be restarted for the modification to take effect. Use the following command to restart the network: /etc/rc.d/init.d/network restart.
/etc/inetd.conf file
12) As we all know, as a server, the more service ports are opened, the more difficult it is to guarantee the security and stability of the system. Therefore, the server that provides specific services should open the ports necessary to provide the service as much as possible, and close the services that are not related to the server service. For example: a machine that is a www and ftp server should only open ports 80 and 25, and Other unrelated services such as finger auth and other services are turned off to reduce system vulnerabilities.
13) Inetd, also known as a "super server", is a daemon that monitors some network requests. It calls corresponding service processes to process connection requests based on network requests. inetd.conf is the configuration file of inetd. The inetd.conf file tells inetd which network ports to monitor and which services to start for each port. When using Linux in any network environment, the first thing to do is to understand what services the server will provide. Those services that are not needed should be banned, and it is best to uninstall them, so that hackers will have fewer opportunities to attack the system. Check the "/etc/inetd.conf" file to see what services inetd provides. Use the method of adding a comment (add a # at the beginning of a line) to prohibit any unnecessary services, and then send a SIGHUP signal to the inetd process:
Step 1: Change the file permissions to 600.
[root@deep]# chmod 600 /etc/inetd.conf
Β· Step 2: Make sure that the owner of the file is root.
γ
[root@deep]# stat /etc/inetd.conf
Β· Step 3: Edit the "inetd.conf" file (vi /etc/inetd.conf) to prohibit all unnecessary services, such as: ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc. If you think certain services are useful, you can not ban them.
Β· Step 4: After changing the "inetd.conf" file, don't forget to send a SIGHUP signal (killall -HUP inetd) to the inetd process.
γ[root@deep /root]# killall -HUP inetd
Β· Step 5: In order to ensure the security of the "inetd.conf" file, you can use chattr command to make it unchangeable. To make the file unchangeable, just use the following command:
[root@deep]# chattr +i /etc/inetd.conf The
order bind, hosts
γγmulti on
γγospoof on
10) "order bind, hosts" specifies the order of the host name query, here it is specified that DNS is used to resolve the domain name, and then query "/etc/ hosts" file (or vice versa).
"Multi on" specifies whether the host specified in the "/etc/hosts" file can have multiple addresses, and hosts with multiple IP addresses are generally called multi-hole hosts.
"Nospoof on" means that IP address spoofing of the server is not allowed. IP spoofing is a means of attacking the security of the system, by disguising the IP address as another computer to gain the trust of other computers.
/etc/hosts file
11) When the machine starts, before the DNS can be queried, the machine needs to look up some host name to IP address matches. The matching information is stored in the /etc/hosts file. In the absence of a domain name server, all network programs on the system resolve the IP address corresponding to a host name by querying the file.
The following is an example of the "/etc/hosts" file:
γγIP Address Hostname Alias
γγ127.0.0.1 Localhost Gate.openarch.com
γγ208.164.186.1 gate.openarch.com Gate
γγ..........................................
The leftmost column is Host IP information, the middle column is the host name. Any subsequent columns are aliases for that host. Once the network configuration file of the machine is configured, the network should be restarted for the modification to take effect. Use the following command to restart the network: /etc/rc.d/init.d/network restart.
/etc/inetd.conf file
12) As we all know, as a server, the more service ports are opened, the more difficult it is to guarantee the security and stability of the system. Therefore, the server that provides specific services should open the ports necessary to provide the service as much as possible, and close the services that are not related to the server service. For example: a machine that is a www and ftp server should only open ports 80 and 25, and Other unrelated services such as finger auth and other services are turned off to reduce system vulnerabilities.
13) Inetd, also known as a "super server", is a daemon that monitors some network requests. It calls corresponding service processes to process connection requests based on network requests. inetd.conf is the configuration file of inetd. The inetd.conf file tells inetd which network ports to monitor and which services to start for each port. When using Linux in any network environment, the first thing to do is to understand what services the server will provide. Those services that are not needed should be banned, and it is best to uninstall them, so that hackers will have fewer opportunities to attack the system. Check the "/etc/inetd.conf" file to see what services inetd provides. Use the method of adding a comment (add a # at the beginning of a line) to prohibit any unnecessary services, and then send a SIGHUP signal to the inetd process:
Step 1: Change the file permissions to 600.
[root@deep]# chmod 600 /etc/inetd.conf
Β· Step 2: Make sure that the owner of the file is root.
γ
[root@deep]# stat /etc/inetd.conf
Β· Step 3: Edit the "inetd.conf" file (vi /etc/inetd.conf) to prohibit all unnecessary services, such as: ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc. If you think certain services are useful, you can not ban them.
Β· Step 4: After changing the "inetd.conf" file, don't forget to send a SIGHUP signal (killall -HUP inetd) to the inetd process.
γ[root@deep /root]# killall -HUP inetd
Β· Step 5: In order to ensure the security of the "inetd.conf" file, you can use chattr command to make it unchangeable. To make the file unchangeable, just use the following command:
[root@deep]# chattr +i /etc/inetd.conf The
"i" attribute file cannot be changed: it cannot be deleted or renamed, and this file cannot be created Cannot write data to this file. Only the system administrator can set and clear this attribute. If you want to change the inetd.conf file, you must first clear the flag that does not allow changes:
[root@deep]# chattr -i /etc/inetd.conf
but for things like sendmail, Named, www and other services, because they are not like finger, telnet and other services, when the request comes, the inet daemon starts the corresponding process to provide services, but runs as a daemon when the system starts. For redhat linux, a linuxconfig command is provided, through which you can interactively set whether to run related services at startup under the graphical interface. You can also use commands to set whether to start a service at startup, such as: [root@deep]# chkconfig -level 35 named off.
/etc/hosts.allow file
However, if telnet, ftp and other services are shut down together, it is very inconvenient for the administrator to need remote management. Linux provides another more flexible and effective method to limit the service request users, so that on the basis of ensuring security, trusted users can use various services. Linux provides a program called TCP wrapper. This program is installed by default in most releases. With TCP wrapper you can restrict access to certain services mentioned earlier. And the TCP wrapper log file records all attempts to access your system. By viewing the log of the program through the last command, the administrator can know who has or attempted to connect to your system.
In the /etc directory, there are two files: hosts.deny hosts.allow By configuring these two files, you can specify which machines can use these services and which can not use these services.
/etc/services file
The correspondence between port numbers and standard services is defined in detail in RFC 1700 "Assigned Numbers". The "/etc/services" file enables the server and client programs to convert the name of the service into a port number. This table exists on every host and its file name is "/etc/services". Only the "root" user has the authority to modify this file, and under normal circumstances this file is not necessary to modify, because this file already contains the port number corresponding to the commonly used services. In order to improve security, we can add protection to this file to avoid unauthorized deletion and change. To protect this file, use the following command:
[root@deep]# chattr +i /etc/services
/etc/securetty file The
"/etc/securetty" file allows you to specify that the "root" user can log in from that TTY device. The login program (usually "/bin/login") needs to read the "/etc/securetty" file. Its format is: the listed tty devices are allowed to log in, and comments or those that do not exist in this file do not allow root login.
/etc/inittab file
Comment out a line in the file to disable Control-Alt-Delete from shutting down the computer. If the server is not placed in a safe place, this is very important.
Edit the inittab file (vi /etc/inittab) and change this line:
γca::ctrlaltdel:/sbin/shutdown -t3 -r now
to:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Use the following command to make the changes take effect:
[root@deep]# /sbin/init q
/etc/rc.d/init.d/
/etc/rc. The script under d/init.d/ mainly contains the script program to start the service. There is no need for the average user to know the contents of the script file. So the permissions of these script files should be changed.
γγ[root@deep]# chmod -R 700 /etc/rc.d/init.d/*
This way, only root can read, write, and execute scripts in this directory.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
[root@deep]# chattr -i /etc/inetd.conf
but for things like sendmail, Named, www and other services, because they are not like finger, telnet and other services, when the request comes, the inet daemon starts the corresponding process to provide services, but runs as a daemon when the system starts. For redhat linux, a linuxconfig command is provided, through which you can interactively set whether to run related services at startup under the graphical interface. You can also use commands to set whether to start a service at startup, such as: [root@deep]# chkconfig -level 35 named off.
/etc/hosts.allow file
However, if telnet, ftp and other services are shut down together, it is very inconvenient for the administrator to need remote management. Linux provides another more flexible and effective method to limit the service request users, so that on the basis of ensuring security, trusted users can use various services. Linux provides a program called TCP wrapper. This program is installed by default in most releases. With TCP wrapper you can restrict access to certain services mentioned earlier. And the TCP wrapper log file records all attempts to access your system. By viewing the log of the program through the last command, the administrator can know who has or attempted to connect to your system.
In the /etc directory, there are two files: hosts.deny hosts.allow By configuring these two files, you can specify which machines can use these services and which can not use these services.
/etc/services file
The correspondence between port numbers and standard services is defined in detail in RFC 1700 "Assigned Numbers". The "/etc/services" file enables the server and client programs to convert the name of the service into a port number. This table exists on every host and its file name is "/etc/services". Only the "root" user has the authority to modify this file, and under normal circumstances this file is not necessary to modify, because this file already contains the port number corresponding to the commonly used services. In order to improve security, we can add protection to this file to avoid unauthorized deletion and change. To protect this file, use the following command:
[root@deep]# chattr +i /etc/services
/etc/securetty file The
"/etc/securetty" file allows you to specify that the "root" user can log in from that TTY device. The login program (usually "/bin/login") needs to read the "/etc/securetty" file. Its format is: the listed tty devices are allowed to log in, and comments or those that do not exist in this file do not allow root login.
/etc/inittab file
Comment out a line in the file to disable Control-Alt-Delete from shutting down the computer. If the server is not placed in a safe place, this is very important.
Edit the inittab file (vi /etc/inittab) and change this line:
γca::ctrlaltdel:/sbin/shutdown -t3 -r now
to:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Use the following command to make the changes take effect:
[root@deep]# /sbin/init q
/etc/rc.d/init.d/
/etc/rc. The script under d/init.d/ mainly contains the script program to start the service. There is no need for the average user to know the contents of the script file. So the permissions of these script files should be changed.
γγ[root@deep]# chmod -R 700 /etc/rc.d/init.d/*
This way, only root can read, write, and execute scripts in this directory.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Speed ββoptimization-Detailed network configuration file for tuning the performance of LINUX network by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Popular ways in 2020 for hack gmail :
> Keylogger
> backdoor
> cookies
> reverse engeneer
>social engeneer 40% luck
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Popular ways in 2020 for hack gmail :
> Keylogger
> backdoor
> cookies
> reverse engeneer
>social engeneer 40% luck
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is TCP Wrappers
1) does not encrypt data, it has a logging system and can control who can access your system.
2) It wraps some other binary files in inted, such as telnet and ftp.
3) The system uses TCP Wrappers to monitor incoming connections, records all requests, and compares with the access control list. If the connection is allowed, TCP Wrappers will call the actual binary file to connect, such as the telnet service; if rejected, the connection will be disconnected
written by Undercode
π¦What is TCP Wrappers
1) does not encrypt data, it has a logging system and can control who can access your system.
2) It wraps some other binary files in inted, such as telnet and ftp.
3) The system uses TCP Wrappers to monitor incoming connections, records all requests, and compares with the access control list. If the connection is allowed, TCP Wrappers will call the actual binary file to connect, such as the telnet service; if rejected, the connection will be disconnected
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦DIFFERENCE BETWEEN Exploit-Payload-Shellcode :
1) Exploit - An exploit is the means by which an attacker, or penetration tester for that matter, takes advantage of a vulnerability within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never expected. Common exploits include buffer overflows, web application vulnerabilities (such as SQL injection), and configuration errors.
2) Payload - A payload is a custom code that attacker want the system to execute and that is to be selected and delivered by the Framework. For example, a reverse shell is a payload that creates a connection from the target machine back to the attacker as a Windows command prompt, whereas a bind shell is a payload that βbindsβ a command prompt to a listening port on the target machine, which the attacker can then connect. A payload could also be something as simple as a few commands to be executed on the target operating system.
3) Shellcode - Shellcode is basically a list of carefully crafted commands that can be executed once the code is injected into a running application. Itβs a series of instructions used as a payload when exploiting a vulnerability. Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the set of instructions have been performed by the target machine, hence the name.
source wiki
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦DIFFERENCE BETWEEN Exploit-Payload-Shellcode :
1) Exploit - An exploit is the means by which an attacker, or penetration tester for that matter, takes advantage of a vulnerability within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never expected. Common exploits include buffer overflows, web application vulnerabilities (such as SQL injection), and configuration errors.
2) Payload - A payload is a custom code that attacker want the system to execute and that is to be selected and delivered by the Framework. For example, a reverse shell is a payload that creates a connection from the target machine back to the attacker as a Windows command prompt, whereas a bind shell is a payload that βbindsβ a command prompt to a listening port on the target machine, which the attacker can then connect. A payload could also be something as simple as a few commands to be executed on the target operating system.
3) Shellcode - Shellcode is basically a list of carefully crafted commands that can be executed once the code is injected into a running application. Itβs a series of instructions used as a payload when exploiting a vulnerability. Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the set of instructions have been performed by the target machine, hence the name.
source wiki
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β