β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Rules For Applying Zone-Based Policy Firewall !!
- Router network interfacesΓ’β¬β’ membership in zones is subject to several rules that govern interface behavior, as is the traffic moving between zone member interfaces:
- A zone must be configured before interfaces can be assigned to the zone.
- An interface can be assigned to only one security zone.
- All traffic to and from a given interface is implicitly blocked when the interface is assigned to a zone, except traffic to and from other interfaces in the same zone, and traffic to any interface on the router.
- Traffic is implicitly allowed to flow by default among interfaces that are members of the same zone.
- In order to permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.
- The self zone is the only exception to the default deny all policy. All traffic to any router interface is allowed until traffic is explicitly denied.
- Traffic cannot flow between a zone member interface and any interface that is not a zone member. Pass, inspect, and drop actions can only be applied between two zones.
- Interfaces that have not been assigned to a zone function as classical router ports and might still use classical stateful inspection/CBAC configuration.
- If it is required that an interface on the box not be part of the zoning/firewall policy. It might still be necessary to put that interface in a zone and configure a pass all policy (sort of a dummy policy) between that zone and any other zone to which traffic flow is desired.
- From the preceding it follows that, if traffic is to flow among all the interfaces in a router, all the interfaces must be part of the zoning model (each interface must be a member of one zone or another).
- The only exception to the preceding deny by default approach is the traffic to and from the router, which will be permitted by default. An explicit policy can be configured to restrict such traffic.
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Rules For Applying Zone-Based Policy Firewall !!
- Router network interfacesΓ’β¬β’ membership in zones is subject to several rules that govern interface behavior, as is the traffic moving between zone member interfaces:
- A zone must be configured before interfaces can be assigned to the zone.
- An interface can be assigned to only one security zone.
- All traffic to and from a given interface is implicitly blocked when the interface is assigned to a zone, except traffic to and from other interfaces in the same zone, and traffic to any interface on the router.
- Traffic is implicitly allowed to flow by default among interfaces that are members of the same zone.
- In order to permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.
- The self zone is the only exception to the default deny all policy. All traffic to any router interface is allowed until traffic is explicitly denied.
- Traffic cannot flow between a zone member interface and any interface that is not a zone member. Pass, inspect, and drop actions can only be applied between two zones.
- Interfaces that have not been assigned to a zone function as classical router ports and might still use classical stateful inspection/CBAC configuration.
- If it is required that an interface on the box not be part of the zoning/firewall policy. It might still be necessary to put that interface in a zone and configure a pass all policy (sort of a dummy policy) between that zone and any other zone to which traffic flow is desired.
- From the preceding it follows that, if traffic is to flow among all the interfaces in a router, all the interfaces must be part of the zoning model (each interface must be a member of one zone or another).
- The only exception to the preceding deny by default approach is the traffic to and from the router, which will be permitted by default. An explicit policy can be configured to restrict such traffic.
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Virus Total API Maltego Transform Set For Canari-
- New tool
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£ Requires Canari https://github.com/allfro/canari/tree/c90ed9f0f0fb5075358d7a1a4c1080aac3d4e6bc
, specifically this branch/version
2οΈβ£ Install Malformity https://github.com/digital4rensics/Malformity
3οΈβ£sudo python setup.py install
4οΈβ£canari create-profile ripVT
5οΈβ£Import generated ripVT.mtz
6οΈβ£Import entities stored at:
src/ripVT/resources/external/entities.mtz
7οΈβ£Copy src/ripVT/resources/etc/ripVT.conf to ~/.canari/
Pivot
7οΈβ£Pivots
π¦FEATURES :
Multiple unique entities enable forward & reverse searches. Unique graphically-distinguished icons.
Search (Phrase Entity) ->
Generic Search
Behavioral
Engines
ITW
Generic
Hash -> Download to Repository
Hash -> VT File Report ->
Behavioral (Copied Files, Deleted, Downloaded, Moved, Mutex, Network, Opened, Read, Replaced, Written)
Imphash
Cert / Certs
Compile Time
Detections
Exports / Imports
File Names
In-The-Wild (ITW) Locations
Parents (Dropped / Created By)
PE Resources
PE Sections
SSDEEP
Similar-To
Domain -> VT Domain Report ->
Undetected/Detected Communicating Samples
Undetected/Detected Domain-Embedding Samples
Undetected/Detected Domain-Downloaded Samples
PCAP
Domain Resolutions
Siblings
Subdomains
Detected URLs
IP Address -> VT IP Report
Undetected/Detected Communicating Samples
Undetected/Detected Domain-Embedding Samples
Undetected/Detected Domain-Downloaded Samples
PCAP
Domain Resolutions
Siblings
Subdomains
Detected URLs
Detections ->
Search Detection Name (Engine Included)
Search Detection Name (No Engine
Cuckoo -> (Report ID)
Report -> Network
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Virus Total API Maltego Transform Set For Canari-
- New tool
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£ Requires Canari https://github.com/allfro/canari/tree/c90ed9f0f0fb5075358d7a1a4c1080aac3d4e6bc
, specifically this branch/version
2οΈβ£ Install Malformity https://github.com/digital4rensics/Malformity
3οΈβ£sudo python setup.py install
4οΈβ£canari create-profile ripVT
5οΈβ£Import generated ripVT.mtz
6οΈβ£Import entities stored at:
src/ripVT/resources/external/entities.mtz
7οΈβ£Copy src/ripVT/resources/etc/ripVT.conf to ~/.canari/
Pivot
7οΈβ£Pivots
π¦FEATURES :
Multiple unique entities enable forward & reverse searches. Unique graphically-distinguished icons.
Search (Phrase Entity) ->
Generic Search
Behavioral
Engines
ITW
Generic
Hash -> Download to Repository
Hash -> VT File Report ->
Behavioral (Copied Files, Deleted, Downloaded, Moved, Mutex, Network, Opened, Read, Replaced, Written)
Imphash
Cert / Certs
Compile Time
Detections
Exports / Imports
File Names
In-The-Wild (ITW) Locations
Parents (Dropped / Created By)
PE Resources
PE Sections
SSDEEP
Similar-To
Domain -> VT Domain Report ->
Undetected/Detected Communicating Samples
Undetected/Detected Domain-Embedding Samples
Undetected/Detected Domain-Downloaded Samples
PCAP
Domain Resolutions
Siblings
Subdomains
Detected URLs
IP Address -> VT IP Report
Undetected/Detected Communicating Samples
Undetected/Detected Domain-Embedding Samples
Undetected/Detected Domain-Downloaded Samples
PCAP
Domain Resolutions
Siblings
Subdomains
Detected URLs
Detections ->
Search Detection Name (Engine Included)
Search Detection Name (No Engine
Cuckoo -> (Report ID)
Report -> Network
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - allfro/canari at c90ed9f0f0fb5075358d7a1a4c1080aac3d4e6bc
Local and Remote Maltego Rapid Transform Development Framework - GitHub - allfro/canari at c90ed9f0f0fb5075358d7a1a4c1080aac3d4e6bc
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Intel processor reveals two new SGX vulnerabilities attackers can easily extract sensitive data :
1) While Intel is working to eliminate the negative effects of multiple processor vulnerabilities, security researchers at the three universities once again relentlessly exposed two other flaws in the SGX software protection extension instructions.
2) For attackers, this allows them to extract sensitive data fairly easily. Fortunately, new issues can be fixed through active remedies, and there is currently no evidence that new vulnerabilities have been exploited in the wild.
3) Researchers from three universities in Michigan, Amsterdam, Netherlands, and Adelaide, Australia disclosed that attackers can use the multi-core architecture to work to gain access to sensitive data on infected systems.
4) It has developed corresponding attack methods for the two vulnerabilities, and gave proofs of concept for SGAxe and CrossTalk.
5) The former appears to be an advanced version of the CacheOut attack exposed earlier this year, and hackers can extract content from the CPU's L1 cache.
6) The researchers explained that SGAxe is a failed attempt by Intel to mitigate the bypass attack against the software protection extension (SGX). As a dedicated area on the CPU, SGX originally intended to ensure the integrity and confidentiality of the code and data being processed.
7) With the help of a transient execution attack, a hacker can essentially recover the encryption key stored in the SGX area and use it to decrypt the long storage area to obtain the machine's EPID key. The latter is used to ensure the security of transactions, such as financial transactions and DRM-protected content.
8) As for the second CrossTalk vulnerability, which is a derivative of Microarchitecture Data Sampling (MDS), it can attack data processed by the Line Fill Buffer (LBF) of the CPU.
9) t originally wanted to provide a "staging buffer" for CPU core access, but hackers were able to use specially-made software running on a separate core to destroy the software code and data private key that protected it.
10) It is reported that the new vulnerability affects many Intel processors released from 2015 to 2019, including some Xeon E3 SKUs (E5 and E7 series have been proven to be resistant to this new type of attack).
11) Intel said in a June security bulletin that only a very small number of people can launch these attacks in a laboratory environment, and there are currently no reports of exploits in the wild.
12) Even so, the company will still release microcode updates as soon as possible, while invalidating previously issued certification keys.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Intel processor reveals two new SGX vulnerabilities attackers can easily extract sensitive data :
1) While Intel is working to eliminate the negative effects of multiple processor vulnerabilities, security researchers at the three universities once again relentlessly exposed two other flaws in the SGX software protection extension instructions.
2) For attackers, this allows them to extract sensitive data fairly easily. Fortunately, new issues can be fixed through active remedies, and there is currently no evidence that new vulnerabilities have been exploited in the wild.
3) Researchers from three universities in Michigan, Amsterdam, Netherlands, and Adelaide, Australia disclosed that attackers can use the multi-core architecture to work to gain access to sensitive data on infected systems.
4) It has developed corresponding attack methods for the two vulnerabilities, and gave proofs of concept for SGAxe and CrossTalk.
5) The former appears to be an advanced version of the CacheOut attack exposed earlier this year, and hackers can extract content from the CPU's L1 cache.
6) The researchers explained that SGAxe is a failed attempt by Intel to mitigate the bypass attack against the software protection extension (SGX). As a dedicated area on the CPU, SGX originally intended to ensure the integrity and confidentiality of the code and data being processed.
7) With the help of a transient execution attack, a hacker can essentially recover the encryption key stored in the SGX area and use it to decrypt the long storage area to obtain the machine's EPID key. The latter is used to ensure the security of transactions, such as financial transactions and DRM-protected content.
8) As for the second CrossTalk vulnerability, which is a derivative of Microarchitecture Data Sampling (MDS), it can attack data processed by the Line Fill Buffer (LBF) of the CPU.
9) t originally wanted to provide a "staging buffer" for CPU core access, but hackers were able to use specially-made software running on a separate core to destroy the software code and data private key that protected it.
10) It is reported that the new vulnerability affects many Intel processors released from 2015 to 2019, including some Xeon E3 SKUs (E5 and E7 series have been proven to be resistant to this new type of attack).
11) Intel said in a June security bulletin that only a very small number of people can launch these attacks in a laboratory environment, and there are currently no reports of exploits in the wild.
12) Even so, the company will still release microcode updates as soon as possible, while invalidating previously issued certification keys.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Practice Your Skills :
> WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
> This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£ git clone https://github.com/WebGoat/WebGoat.git
2οΈβ£-run-using-docker
> docker run -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf
3οΈβ£WebGoat will be located at: http://127.0.0.1:8080/WebGoat WebWolf will be located at: http://127.0.0.1:9090/WebWolf
Important:
> Choose the correct timezone, so that the docker container and your host are in the same timezone. As it important for the validity of JWT tokens used in certain exercises.
4οΈβ£Using docker stack deploy
> Another way to deply WebGoat and WebWolf in a more advanced way is to use a compose-file in a docker stack deploy. You can define which containers should run in which combinations and define all of this in a yaml file. An example of such a file is: goat-with-reverseproxy.yaml
5οΈβ£This sets up an nginx webserver as reverse proxy to WebGoat and WebWolf. You can change the timezone by adjusting the value in the yaml file.
6οΈβ£docker stack init
> docker stack deploy --compose-file goat-with-reverseproxy.yaml webgoatdemo
7οΈβ£Add the following entries in your local hosts file:
127.0.0.1 www.webgoat.local www.webwolf.localhost
You can use the overall start page: http://www.webgoat.local or:
8οΈβ£WebGoat will be located at: http://www.webgoat.local/WebGoat
WebWolf will be located at: http://www.webwolf.local/WebWolf
Important:
> the current directory on your host will be mapped into the container for keeping state.
π¦Another way :
Standalone
1οΈβ£Download the latest WebGoat and WebWolf release from https://github.com/WebGoat/WebGoat/releases
java -jar webgoat-server-8.1.0.jar [--server.port=8080] [--server.address=localhost]
java -jar webwolf-8.1.0.jar [--server.port=9090] [--server.address=localhost]
The latest version of WebGoat needs Java 11 or above. By default WebGoat and WebWolf start on port 8080 and 9090 with --server.port you can specify a different port. With server.address you can bind it to a different address (default localhost)
π¦Or
> Run from the sources
1οΈβ£Prerequisites:
-Java 11
-Maven > 3.2.1
-Your favorite IDE
-Git, or Git support in your IDE
2οΈβ£Open a command shell/window:
git clone git@github.com:WebGoat/WebGoat.git
Now let's start by compiling the project.
3οΈβ£cd WebGoat
4οΈβ£git checkout <<branch_name>>
mvn clean install
5οΈβ£Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.
mvn -pl webgoat-server spring-boot:run
... you should be running webgoat on localhost:8080/WebGoat momentarily
6οΈβ£To change IP address add the following variable to WebGoat/webgoat-container/src/main/resources/application.properties file
>server.address=x.x.x.x
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Practice Your Skills :
> WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
> This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£ git clone https://github.com/WebGoat/WebGoat.git
2οΈβ£-run-using-docker
> docker run -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf
3οΈβ£WebGoat will be located at: http://127.0.0.1:8080/WebGoat WebWolf will be located at: http://127.0.0.1:9090/WebWolf
Important:
> Choose the correct timezone, so that the docker container and your host are in the same timezone. As it important for the validity of JWT tokens used in certain exercises.
4οΈβ£Using docker stack deploy
> Another way to deply WebGoat and WebWolf in a more advanced way is to use a compose-file in a docker stack deploy. You can define which containers should run in which combinations and define all of this in a yaml file. An example of such a file is: goat-with-reverseproxy.yaml
5οΈβ£This sets up an nginx webserver as reverse proxy to WebGoat and WebWolf. You can change the timezone by adjusting the value in the yaml file.
6οΈβ£docker stack init
> docker stack deploy --compose-file goat-with-reverseproxy.yaml webgoatdemo
7οΈβ£Add the following entries in your local hosts file:
127.0.0.1 www.webgoat.local www.webwolf.localhost
You can use the overall start page: http://www.webgoat.local or:
8οΈβ£WebGoat will be located at: http://www.webgoat.local/WebGoat
WebWolf will be located at: http://www.webwolf.local/WebWolf
Important:
> the current directory on your host will be mapped into the container for keeping state.
π¦Another way :
Standalone
1οΈβ£Download the latest WebGoat and WebWolf release from https://github.com/WebGoat/WebGoat/releases
java -jar webgoat-server-8.1.0.jar [--server.port=8080] [--server.address=localhost]
java -jar webwolf-8.1.0.jar [--server.port=9090] [--server.address=localhost]
The latest version of WebGoat needs Java 11 or above. By default WebGoat and WebWolf start on port 8080 and 9090 with --server.port you can specify a different port. With server.address you can bind it to a different address (default localhost)
π¦Or
> Run from the sources
1οΈβ£Prerequisites:
-Java 11
-Maven > 3.2.1
-Your favorite IDE
-Git, or Git support in your IDE
2οΈβ£Open a command shell/window:
git clone git@github.com:WebGoat/WebGoat.git
Now let's start by compiling the project.
3οΈβ£cd WebGoat
4οΈβ£git checkout <<branch_name>>
mvn clean install
5οΈβ£Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.
mvn -pl webgoat-server spring-boot:run
... you should be running webgoat on localhost:8080/WebGoat momentarily
6οΈβ£To change IP address add the following variable to WebGoat/webgoat-container/src/main/resources/application.properties file
>server.address=x.x.x.x
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application
WebGoat is a deliberately insecure application. Contribute to WebGoat/WebGoat development by creating an account on GitHub.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦FREE SPYWARES POPULAR 2020 :
- Spyeye - Script To Generate Win32 .Exe File To Take Screenshots
- Words Scraper - Selenium Based Web Scraper To Generate Passwords List
- JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS
- Astsu - A Network Scanner Tool
- Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
- Recox - Master Script For Web Reconnaissance
- Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS
- GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules
- Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)
- Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters
- Inshackle - Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc
- GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More
- Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers
- Enumy - Linux Post Exploitation Privilege Escalation Enumeration
- Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
- Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management
- ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending
- ANDRAX v5R NH-Killer - Penetration Testing on Android
- DroidFiles - Get Files From Android Directories
- Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec
Pipelines
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦FREE SPYWARES POPULAR 2020 :
- Spyeye - Script To Generate Win32 .Exe File To Take Screenshots
- Words Scraper - Selenium Based Web Scraper To Generate Passwords List
- JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS
- Astsu - A Network Scanner Tool
- Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
- Recox - Master Script For Web Reconnaissance
- Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS
- GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules
- Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)
- Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters
- Inshackle - Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc
- GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More
- Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers
- Enumy - Linux Post Exploitation Privilege Escalation Enumeration
- Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
- Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management
- ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending
- ANDRAX v5R NH-Killer - Penetration Testing on Android
- DroidFiles - Get Files From Android Directories
- Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec
Pipelines
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
KitPloit - PenTest & Hacking Tools
Spyeye - Script To Generate Win32 .Exe File To Take Screenshots
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Collects information from an email and shows results in a nice visual interface.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://gitlab.com/kennbroorg/iKy.git
2οΈβ£cd $IKY_CLONE/install/iKyEasyInstall
3οΈβ£./iKyEasyInstall.sh # At some point the script will request credentials for sudo
β Verified on :
-kali
-ubuntu
π¦Kali - ubuntu video tutorial
> https://gitlab.com/kennbroorg/iKy/-/wikis/Videos/Installations
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Collects information from an email and shows results in a nice visual interface.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://gitlab.com/kennbroorg/iKy.git
2οΈβ£cd $IKY_CLONE/install/iKyEasyInstall
3οΈβ£./iKyEasyInstall.sh # At some point the script will request credentials for sudo
β Verified on :
-kali
-ubuntu
π¦Kali - ubuntu video tutorial
> https://gitlab.com/kennbroorg/iKy/-/wikis/Videos/Installations
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitLab
Kenn Brothers Org / iKy Β· GitLab
OSINT Project. Collect information from a mail. Gather. Profile. Timeline.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Hijack services that relies on QR Code Authentication :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/thelinuxchoice/ohmyqr
2οΈβ£cd ohmyqr
3οΈβ£bash ohmyqr.sh
π¦How it Works ?
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the βLogin with QR codeβ feature as a secure way to login into accounts. In a nutshell, the victim scans the attackerβs QR code which results in session hijacking.
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Hijack services that relies on QR Code Authentication :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/thelinuxchoice/ohmyqr
2οΈβ£cd ohmyqr
3οΈβ£bash ohmyqr.sh
π¦How it Works ?
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the βLogin with QR codeβ feature as a secure way to login into accounts. In a nutshell, the victim scans the attackerβs QR code which results in session hijacking.
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Network configuration-Prevent users from browsing using external proxies by Undercode :
Some background knowledge:
1οΈβ£ HTTP/1.0 protocol defines web server and When the client uses a proxy, in the
HTTP request and response headers, use Via: to identify the proxy server used to prevent the
server loop;
2οΈβ£ snort is an open source IDS (intrusion detection system) that can be used Host or network IDS. With many IDS
rules, it can perform pattern recognition and matching on the captured (ip, tcp, udp, icmp) packets, and can generate corresponding records.
3οΈβ£ libnet is open source software that can be used as a network protocol/packet generator.
4οΈβ£ The TCP/IP network is a packet-switched network.
5οΈβ£ Snort also has the function of generating IP packets using the libnet library. You can interrupt the TCP connection by issuing a TCP_RESET packet.
π¦ Prerequisites:
1οΈβ£Snort runs on the route (linux) or through the port mirror function of the switch, runs on the same
network segment of the route
π¦ Implementation:
1οΈβ£ compile snort with flexresp(flex response) feature
2οΈβ£ Define snort rules:
alert tcp $HOME_NET any <> $EXTER_NET 80 (msg:"block proxy"; uricontent:"Via:"; resp: rst_all;)
π¦ Effect:
> Internal network users can browse external websites normally.
> If the internal userβs browser is configured with an external proxy, the
HTTP REQUEST and RESPONSE headers will include Via: ... characters, and snort rules will capture this connection, and then
> Send RST packets to client and server sockets. In this way, the TCP connection is terminated.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Network configuration-Prevent users from browsing using external proxies by Undercode :
Some background knowledge:
1οΈβ£ HTTP/1.0 protocol defines web server and When the client uses a proxy, in the
HTTP request and response headers, use Via: to identify the proxy server used to prevent the
server loop;
2οΈβ£ snort is an open source IDS (intrusion detection system) that can be used Host or network IDS. With many IDS
rules, it can perform pattern recognition and matching on the captured (ip, tcp, udp, icmp) packets, and can generate corresponding records.
3οΈβ£ libnet is open source software that can be used as a network protocol/packet generator.
4οΈβ£ The TCP/IP network is a packet-switched network.
5οΈβ£ Snort also has the function of generating IP packets using the libnet library. You can interrupt the TCP connection by issuing a TCP_RESET packet.
π¦ Prerequisites:
1οΈβ£Snort runs on the route (linux) or through the port mirror function of the switch, runs on the same
network segment of the route
π¦ Implementation:
1οΈβ£ compile snort with flexresp(flex response) feature
2οΈβ£ Define snort rules:
alert tcp $HOME_NET any <> $EXTER_NET 80 (msg:"block proxy"; uricontent:"Via:"; resp: rst_all;)
π¦ Effect:
> Internal network users can browse external websites normally.
> If the internal userβs browser is configured with an external proxy, the
HTTP REQUEST and RESPONSE headers will include Via: ... characters, and snort rules will capture this connection, and then
> Send RST packets to client and server sockets. In this way, the TCP connection is terminated.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 updated Reverse Tunneling made easy for pentesters, by pentesters
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£cd
2οΈβ£git clone https://github.com/sysdream/ligolo
3οΈβ£cd ligolo
4οΈβ£make dep
5οΈβ£Generate self-signed TLS certificates (will be placed in the certs folder)
make certs TLS_HOST=example.com
NOTE: You can also use your own certificates by using the TLS_CERT make option when calling build. Example: make build-all TLS_CERT=certs/mycert.pem.
6οΈβ£Build
make build-all
> 3.2. (or) For the current architecture
make build
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 updated Reverse Tunneling made easy for pentesters, by pentesters
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£cd
go env GOPATH/src2οΈβ£git clone https://github.com/sysdream/ligolo
3οΈβ£cd ligolo
4οΈβ£make dep
5οΈβ£Generate self-signed TLS certificates (will be placed in the certs folder)
make certs TLS_HOST=example.com
NOTE: You can also use your own certificates by using the TLS_CERT make option when calling build. Example: make build-all TLS_CERT=certs/mycert.pem.
6οΈβ£Build
make build-all
> 3.2. (or) For the current architecture
make build
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - sysdream/ligolo: Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/ - sysdream/ligolo
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A fast, modern, zero-conf load balancing HTTP(S) router for deploying microservices:
π¦FEATURES :
>Access Logging - customizable access logs
>Access Control - route specific access control
>Certificate Stores - dynamic certificate stores like file system, HTTP server, Consul and Vault
>Compression - GZIP compression for HTTP responses
>Docker Support - Official Docker image, Registrator and Docker Compose example
>Dynamic Reloading - hot reloading of the routing table without downtime
>Graceful Shutdown - wait until requests have completed before shutting down
>HTTP Header Support - inject some HTTP headers into upstream requests
>HTTPS Upstreams - forward requests to HTTPS upstream servers
>Metrics Support - support for Graphite, StatsD/DataDog and Circonus
>PROXY Protocol Support - support for HA Proxy PROXY protocol for inbound requests (use for Amazon ELB)
>Path Stripping - strip prefix paths from incoming requests
>Server-Sent Events/SSE - support for Server-Sent Events/SSE
>TCP Proxy Support - raw TCP proxy support
>TCP-SNI Proxy Support - forward TLS connections based on hostname without re-encryption
>Traffic Shaping - forward N% of traffic upstream without knowing the number of instances
>Web UI - web ui to examine the current routing table
>Websocket Support - websocket support
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install from source, binary, Docker or Homebrew.
# go 1.9 or higher is required
1οΈβ£get github.com/fabiolb/fabio (>= go1.9)
2οΈβ£brew install fabio (OSX/macOS stable)
brew install --devel fabio (OSX/macOS devel)
3οΈβ£docker pull fabiolb/fabio (Docker)
https://github.com/fabiolb/fabio/releases (pre-built binaries)
4οΈβ£Register your service in consul.
5οΈβ£Make sure that each instance registers with a unique ServiceID and a service name without spaces.
6οΈβ£Register a health check in consul as described here.
7οΈβ£By default fabio only watches services which have a passing health check, unless overriden with registry.consul.service.status.
8οΈβ£Register one urlprefix- tag per host/path prefix it serves, e.g.:
#HTTP/S examples
urlprefix-/css # path route
urlprefix-i.com/static # host specific path route
urlprefix-mysite.com/ # host specific catch all route
urlprefix-/foo/bar strip=/foo # path stripping (forward '/bar' to upstream)
urlprefix-/foo/bar proto=https # HTTPS upstream
urlprefix-/foo/bar proto=https tlsskipverify=true # HTTPS upstream and self-signed cert
#TCP examples
urlprefix-:3306 proto=tcp # route external port 3306
Make sure the prefix for HTTP routes contains at least one slash (/).
9οΈβ£See the full list of options in the Documentation.
πStart fabio without a config file (assuming a running consul agent on localhost:8500) Watch the log output how fabio picks up the route to your service. Try starting/stopping your service to see how the routing table changes instantly.
> Send all your HTTP traffic to fabio on port 9999. For TCP proxying see TCP proxy.
Done
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A fast, modern, zero-conf load balancing HTTP(S) router for deploying microservices:
π¦FEATURES :
>Access Logging - customizable access logs
>Access Control - route specific access control
>Certificate Stores - dynamic certificate stores like file system, HTTP server, Consul and Vault
>Compression - GZIP compression for HTTP responses
>Docker Support - Official Docker image, Registrator and Docker Compose example
>Dynamic Reloading - hot reloading of the routing table without downtime
>Graceful Shutdown - wait until requests have completed before shutting down
>HTTP Header Support - inject some HTTP headers into upstream requests
>HTTPS Upstreams - forward requests to HTTPS upstream servers
>Metrics Support - support for Graphite, StatsD/DataDog and Circonus
>PROXY Protocol Support - support for HA Proxy PROXY protocol for inbound requests (use for Amazon ELB)
>Path Stripping - strip prefix paths from incoming requests
>Server-Sent Events/SSE - support for Server-Sent Events/SSE
>TCP Proxy Support - raw TCP proxy support
>TCP-SNI Proxy Support - forward TLS connections based on hostname without re-encryption
>Traffic Shaping - forward N% of traffic upstream without knowing the number of instances
>Web UI - web ui to examine the current routing table
>Websocket Support - websocket support
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install from source, binary, Docker or Homebrew.
# go 1.9 or higher is required
1οΈβ£get github.com/fabiolb/fabio (>= go1.9)
2οΈβ£brew install fabio (OSX/macOS stable)
brew install --devel fabio (OSX/macOS devel)
3οΈβ£docker pull fabiolb/fabio (Docker)
https://github.com/fabiolb/fabio/releases (pre-built binaries)
4οΈβ£Register your service in consul.
5οΈβ£Make sure that each instance registers with a unique ServiceID and a service name without spaces.
6οΈβ£Register a health check in consul as described here.
7οΈβ£By default fabio only watches services which have a passing health check, unless overriden with registry.consul.service.status.
8οΈβ£Register one urlprefix- tag per host/path prefix it serves, e.g.:
#HTTP/S examples
urlprefix-/css # path route
urlprefix-i.com/static # host specific path route
urlprefix-mysite.com/ # host specific catch all route
urlprefix-/foo/bar strip=/foo # path stripping (forward '/bar' to upstream)
urlprefix-/foo/bar proto=https # HTTPS upstream
urlprefix-/foo/bar proto=https tlsskipverify=true # HTTPS upstream and self-signed cert
#TCP examples
urlprefix-:3306 proto=tcp # route external port 3306
Make sure the prefix for HTTP routes contains at least one slash (/).
9οΈβ£See the full list of options in the Documentation.
πStart fabio without a config file (assuming a running consul agent on localhost:8500) Watch the log output how fabio picks up the route to your service. Try starting/stopping your service to see how the routing table changes instantly.
> Send all your HTTP traffic to fabio on port 9999. For TCP proxying see TCP proxy.
Done
β git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - fabiolb/fabio: Consul Load-Balancing made simple
Consul Load-Balancing made simple. Contribute to fabiolb/fabio development by creating an account on GitHub.