β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information
Termux-Linux
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£https://github.com/jimywork/djangohunter.git
2οΈβ£cd djangohunter
3οΈβ£pip install -r requirements.txt
(Those are requirements:
Shodan
Pyfiglet
Requests
BeautifulSoup)
4οΈβ£python3 djangohunter.py --key {shodan}
Dorks: 'DisallowedHost', 'KeyError', 'OperationalError', 'Page not found at /'
5οΈβ£More guide about usage :
> https://asciinema.org/a/210648
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information
Termux-Linux
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£https://github.com/jimywork/djangohunter.git
2οΈβ£cd djangohunter
3οΈβ£pip install -r requirements.txt
(Those are requirements:
Shodan
Pyfiglet
Requests
BeautifulSoup)
4οΈβ£python3 djangohunter.py --key {shodan}
Dorks: 'DisallowedHost', 'KeyError', 'OperationalError', 'Page not found at /'
5οΈβ£More guide about usage :
> https://asciinema.org/a/210648
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
jimywork/djangohunter
Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information. - jimywork/djangohunter
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hacker basic knowledge commonly used commands and shortcut keys :
*net user View user list
γγ
*net user username password/add add user
γγ*net user username password change user password
γγ
*net localgroup administrators username/add add user to management group
γγ*net user username/delete delete user
γγ*net user User name to view the basic situation of the
γγuser *net user user name/active:no disable the user
γγ*net user user name/active:yes enable the user
γγ*net share to view the computer IPC$ shared resources
γγ*net share share name to view the share
γγ*net share share name=path setting share. For example, net share c$=c:
γγ*net share share name/delete delete IPC$ share
γγ*net use View IPC$ connection status
γγ*net use //ip/ipc$Content$nbsp;"password" /user:"user name" ipc$
connection
γγ*net time //ip view the time on the remote computer
γγ*copy path: /filename//ip/share name to copy the file to the
computer connected to ipc$
γγ*net view ip view the shared resource on the computer
γγ*ftp Server address Enter FTP server
γγ*at View scheduled jobs on your computer
γγ*at //ip to view the scheduled job on the remote computer
γγ*at //ip time command (note the extra letter) Add a job on the
remote computer
γγ*at //ip scheduled job ID /delete Delete a scheduled job on the
remote computer
γγ*at //ip all /delete delete all scheduled jobs on the remote computer
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hacker basic knowledge commonly used commands and shortcut keys :
*net user View user list
γγ
*net user username password/add add user
γγ*net user username password change user password
γγ
*net localgroup administrators username/add add user to management group
γγ*net user username/delete delete user
γγ*net user User name to view the basic situation of the
γγuser *net user user name/active:no disable the user
γγ*net user user name/active:yes enable the user
γγ*net share to view the computer IPC$ shared resources
γγ*net share share name to view the share
γγ*net share share name=path setting share. For example, net share c$=c:
γγ*net share share name/delete delete IPC$ share
γγ*net use View IPC$ connection status
γγ*net use //ip/ipc$Content$nbsp;"password" /user:"user name" ipc$
connection
γγ*net time //ip view the time on the remote computer
γγ*copy path: /filename//ip/share name to copy the file to the
computer connected to ipc$
γγ*net view ip view the shared resource on the computer
γγ*ftp Server address Enter FTP server
γγ*at View scheduled jobs on your computer
γγ*at //ip to view the scheduled job on the remote computer
γγ*at //ip time command (note the extra letter) Add a job on the
remote computer
γγ*at //ip scheduled job ID /delete Delete a scheduled job on the
remote computer
γγ*at //ip all /delete delete all scheduled jobs on the remote computer
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WIN 10 SHORTCUT KEYS :
1οΈβ£ Use the shortcut keys of "Windows Explorer"
Purpose shortcut key
If the current selection is expanded, to collapse or select the parent folder left arrow
Fold the selected folder NUM LOCK + minus sign (-)
If the current selection is collapsed, to expand
or select the first subfolder right arrow to
expand All folders under the current selection NUM LOCK+*
Expand the selected folder NUM LOCK+Plus sign (+)
to switch between the left and right panes F6
3. Use the WINDOWS button
You can use the following shortcut keys from the Microsoft Natural Keyboard or any other compatible keyboard that contains the Windows logo key.
Purpose shortcut keys
Cycle through the buttons on the task bar WINDOWS+ TAB
displays "Find: All Files" WINDOWS+ F
displays "Find: Computer" CTRL+ WINDOWS+ F
displays "Help" WINDOWS+ F1
displays the "Run" command WINDOWS+ R
displays the "Start" menu WINDOWS
Display "System Properties" dialog box WINDOWS+ BREAK
Display "Windows Explorer" WINDOWS+ E
Minimize or restore all windows WINDOWS+ D
Undo Minimize all windows SHIFT+ WINDOWS+ M
2οΈβ£Use the shortcut keys of "My Computer" and "Windows Explorer"
Purpose shortcut key
Close the selected folder and all its parent
folders Hold down the SHIFT key and click the "Close button (only applicable to "My Computer")
to move backward to the previous view ALT+Left arrow
Move forward to the previous one View ALT+Right Arrow
View the previous folder BACKSPACE
Five, use the shortcut keys in the dialog box
Purpose shortcut key
Cancel current task ESC
If the current control is a button, click the button or if the current control is a check box, select or clear the check box or if the current control is an option button, click the option space bar
Click the corresponding command ALT + underlined letters
Click the selected button ENTER
Move backward on the option SHIFT + TAB Move backward
on the tab CTRL + SHIFT + TAB
Move forward
on the option TAB Move forward on the tab CTRL + TAB
If you select a folder in the "Save As" or "Open" dialog box, you want to open the previous folder BACKSPACE
in the "Save As" or "Open" dialog box, open "Save To" or "Review" F4
refresh "Save As" or "Open" Dialog F5
Six, use the "Desktop", "My Computer" and "Windows Explorer" shortcut keys
When selecting an item, you can use the following shortcut keys.
Shortcut key for purpose
Don't use the "AutoPlay"
function when inserting a disc. Hold down SHIFT to insert a CD-ROM to
copy files. Hold down CTRL to drag files.
Create a shortcut. Hold down CTRL+SHIFT and drag files
to delete an item immediately without putting it into SHIFT+ DELETE
"Recycle Bin"
displays "find: all files" F3
displays the shortcut menu of the project APPLICATION key
refreshes the contents of the window F5
renames the project F2
selects all projects CTRL+ A
View the properties of the project ALT+ENTER or ALT+double-click
to use the APPLICATION key for Microsoft Natural keyboard or other compatible keys with APPLICATION key
3οΈβ£Shortcut keys for Microsoft magnifier
The combination of the Windows logo key and other keys is used here.
Shortcut key purpose
Windows logo + PRINT SCREEN to copy the screen to the clipboard (including the mouse cursor)
Windows logo + SCROLL LOCK to copy the screen to the clipboard (excluding the mouse cursor)
Windows logo + PAGE UP to switch the reverse color.
Windows logo + PAGE DOWN switch to follow the mouse cursor
Windows logo + up arrow increases magnification
Windows logo + down arrow decreases magnification
Eight, use auxiliary shortcut keys
Purpose shortcut key
Toggle filter key switch Right SHIFT eight seconds
Toggle high contrast switch Left ALT+Left SHIFT+PRINT SCREEN
Toggle mouse key switch Left ALT+Left SHIFT+NUM LOCK
Toggle sticky key switch SHIFT key five times
Toggle switch key NUM LOCK for five seconds
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WIN 10 SHORTCUT KEYS :
1οΈβ£ Use the shortcut keys of "Windows Explorer"
Purpose shortcut key
If the current selection is expanded, to collapse or select the parent folder left arrow
Fold the selected folder NUM LOCK + minus sign (-)
If the current selection is collapsed, to expand
or select the first subfolder right arrow to
expand All folders under the current selection NUM LOCK+*
Expand the selected folder NUM LOCK+Plus sign (+)
to switch between the left and right panes F6
3. Use the WINDOWS button
You can use the following shortcut keys from the Microsoft Natural Keyboard or any other compatible keyboard that contains the Windows logo key.
Purpose shortcut keys
Cycle through the buttons on the task bar WINDOWS+ TAB
displays "Find: All Files" WINDOWS+ F
displays "Find: Computer" CTRL+ WINDOWS+ F
displays "Help" WINDOWS+ F1
displays the "Run" command WINDOWS+ R
displays the "Start" menu WINDOWS
Display "System Properties" dialog box WINDOWS+ BREAK
Display "Windows Explorer" WINDOWS+ E
Minimize or restore all windows WINDOWS+ D
Undo Minimize all windows SHIFT+ WINDOWS+ M
2οΈβ£Use the shortcut keys of "My Computer" and "Windows Explorer"
Purpose shortcut key
Close the selected folder and all its parent
folders Hold down the SHIFT key and click the "Close button (only applicable to "My Computer")
to move backward to the previous view ALT+Left arrow
Move forward to the previous one View ALT+Right Arrow
View the previous folder BACKSPACE
Five, use the shortcut keys in the dialog box
Purpose shortcut key
Cancel current task ESC
If the current control is a button, click the button or if the current control is a check box, select or clear the check box or if the current control is an option button, click the option space bar
Click the corresponding command ALT + underlined letters
Click the selected button ENTER
Move backward on the option SHIFT + TAB Move backward
on the tab CTRL + SHIFT + TAB
Move forward
on the option TAB Move forward on the tab CTRL + TAB
If you select a folder in the "Save As" or "Open" dialog box, you want to open the previous folder BACKSPACE
in the "Save As" or "Open" dialog box, open "Save To" or "Review" F4
refresh "Save As" or "Open" Dialog F5
Six, use the "Desktop", "My Computer" and "Windows Explorer" shortcut keys
When selecting an item, you can use the following shortcut keys.
Shortcut key for purpose
Don't use the "AutoPlay"
function when inserting a disc. Hold down SHIFT to insert a CD-ROM to
copy files. Hold down CTRL to drag files.
Create a shortcut. Hold down CTRL+SHIFT and drag files
to delete an item immediately without putting it into SHIFT+ DELETE
"Recycle Bin"
displays "find: all files" F3
displays the shortcut menu of the project APPLICATION key
refreshes the contents of the window F5
renames the project F2
selects all projects CTRL+ A
View the properties of the project ALT+ENTER or ALT+double-click
to use the APPLICATION key for Microsoft Natural keyboard or other compatible keys with APPLICATION key
3οΈβ£Shortcut keys for Microsoft magnifier
The combination of the Windows logo key and other keys is used here.
Shortcut key purpose
Windows logo + PRINT SCREEN to copy the screen to the clipboard (including the mouse cursor)
Windows logo + SCROLL LOCK to copy the screen to the clipboard (excluding the mouse cursor)
Windows logo + PAGE UP to switch the reverse color.
Windows logo + PAGE DOWN switch to follow the mouse cursor
Windows logo + up arrow increases magnification
Windows logo + down arrow decreases magnification
Eight, use auxiliary shortcut keys
Purpose shortcut key
Toggle filter key switch Right SHIFT eight seconds
Toggle high contrast switch Left ALT+Left SHIFT+PRINT SCREEN
Toggle mouse key switch Left ALT+Left SHIFT+NUM LOCK
Toggle sticky key switch SHIFT key five times
Toggle switch key NUM LOCK for five seconds
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Windows operating system shortcuts
π¦ALL WINDOWS SHORTCUTS BY UNDERCODE :
F1 displays the help content of the current program or windows.
F2 When you select a file, it means "rename"
F3 When you are on the desktop, open the "Find: All Files" dialog box
F10 or ALT activate the menu bar of the current program
windows key or CTRL+ESC to start Menu
CTRL+ALT+DELETE In win9x, open and close the program dialog
DELETE to delete the selected item, if it is a file, it will be put into the recycle bin
SHIFT+DELETE to delete the selected item, if it is a file, it will be directly deleted Instead of putting it in the recycle bin
CTRL+N Create a new file
CTRL+O Open the "Open File" dialog
CTRL+P Open the "Print" dialog
CTRL+S Save the currently operated file
CTRL+X Cut the selected item To the clipboard
CTRL+INSERT or CTRL+C Copy the selected items to the clipboard
SHIFT+INSERT or CTRL+V Paste in the clipboard What is the nose to
restore?
ALT+BACKSPACE or CTRL+Z Undo the previous operation
ALT +SHIFT+BACKSPACE Redo the operation that was canceled in the
previous step.
Windows key +M Minimize all open windows.
Windows key +CTRL+M will restore the size and position of the window before the last operation
Windows key +E Open Explorer
Windows key +F Open the "Find: All Files" dialog box
Windows key +R Open the "Run" dialog box
Windows key +BREAK Open the "System Properties" dialog box
Windows key +CTRL+F Open the "Find: Computer" dialog box
SHIFT+F10 or right-click to open the shortcut menu of the currently
active item
SHIFT Press and hold when inserting the CD , You can skip automatic CD
playback. Press and hold when opening the word, you can skip the self-
starting macro
ALT+F4 Close the current application
ALT+SPACEBAR Open the menu at the top left corner of the program
ALT+TAB Switch the current program
ALT+ESC Switch the current program
ALT+ENTER will The MSDOS window running under windows switches between the window and the full screen state.
PRINT SCREEN Copy the current screen to the clipboard as an image
ALT+PRINT SCREEN Copy the current active program window to the clipboard as an image
CTRL+F4 Close the current application The current text in the program
(as in word)
CTRL+F6 Switch to the next text in the current application (plus shift can jump to the previous window)
in IE:
ALT+RIGHT ARROW displays the previous page (forward key)
ALT+LEFT ARROW displays the next page (back key)
CTRL+TAB to switch between the frames on the page (plus shift reverse)
F5 refresh
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Windows operating system shortcuts
π¦ALL WINDOWS SHORTCUTS BY UNDERCODE :
F1 displays the help content of the current program or windows.
F2 When you select a file, it means "rename"
F3 When you are on the desktop, open the "Find: All Files" dialog box
F10 or ALT activate the menu bar of the current program
windows key or CTRL+ESC to start Menu
CTRL+ALT+DELETE In win9x, open and close the program dialog
DELETE to delete the selected item, if it is a file, it will be put into the recycle bin
SHIFT+DELETE to delete the selected item, if it is a file, it will be directly deleted Instead of putting it in the recycle bin
CTRL+N Create a new file
CTRL+O Open the "Open File" dialog
CTRL+P Open the "Print" dialog
CTRL+S Save the currently operated file
CTRL+X Cut the selected item To the clipboard
CTRL+INSERT or CTRL+C Copy the selected items to the clipboard
SHIFT+INSERT or CTRL+V Paste in the clipboard What is the nose to
restore?
ALT+BACKSPACE or CTRL+Z Undo the previous operation
ALT +SHIFT+BACKSPACE Redo the operation that was canceled in the
previous step.
Windows key +M Minimize all open windows.
Windows key +CTRL+M will restore the size and position of the window before the last operation
Windows key +E Open Explorer
Windows key +F Open the "Find: All Files" dialog box
Windows key +R Open the "Run" dialog box
Windows key +BREAK Open the "System Properties" dialog box
Windows key +CTRL+F Open the "Find: Computer" dialog box
SHIFT+F10 or right-click to open the shortcut menu of the currently
active item
SHIFT Press and hold when inserting the CD , You can skip automatic CD
playback. Press and hold when opening the word, you can skip the self-
starting macro
ALT+F4 Close the current application
ALT+SPACEBAR Open the menu at the top left corner of the program
ALT+TAB Switch the current program
ALT+ESC Switch the current program
ALT+ENTER will The MSDOS window running under windows switches between the window and the full screen state.
PRINT SCREEN Copy the current screen to the clipboard as an image
ALT+PRINT SCREEN Copy the current active program window to the clipboard as an image
CTRL+F4 Close the current application The current text in the program
(as in word)
CTRL+F6 Switch to the next text in the current application (plus shift can jump to the previous window)
in IE:
ALT+RIGHT ARROW displays the previous page (forward key)
ALT+LEFT ARROW displays the next page (back key)
CTRL+TAB to switch between the frames on the page (plus shift reverse)
F5 refresh
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦All Destination shortcut win 10 :
γγActivate the menu bar F10 in the program to
γγ
execute the corresponding command on the menu ALT + underlined letters on the menu γγclose the current window
γγin the multi-document interface program
γγCTRL + F4
close the current window or exit the program ALT + F4
γγcopy CTRL + C
γγcut CTRL + X
γγdelete DELETE
γγdisplay Help for the selected dialog box item F1
γγdisplays the system menu of the current window ALT+Spacebar
γγdisplays the shortcut menu of the selected item SHIFT+ F10
γγdisplays the "Start" menu CTRL+ ESC
γγdisplays the system of the multi-document interface program
γγmenu ALT+hyphen (-)
γγpastes CTR L+ V
γγSwitch to the last used window or
γγhold down ALT and then press TAB repeatedly,
γγswitch to another window ALT+TAB
γγundo CTRL+Z
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦All Destination shortcut win 10 :
γγActivate the menu bar F10 in the program to
γγ
execute the corresponding command on the menu ALT + underlined letters on the menu γγclose the current window
γγin the multi-document interface program
γγCTRL + F4
close the current window or exit the program ALT + F4
γγcopy CTRL + C
γγcut CTRL + X
γγdelete DELETE
γγdisplay Help for the selected dialog box item F1
γγdisplays the system menu of the current window ALT+Spacebar
γγdisplays the shortcut menu of the selected item SHIFT+ F10
γγdisplays the "Start" menu CTRL+ ESC
γγdisplays the system of the multi-document interface program
γγmenu ALT+hyphen (-)
γγpastes CTR L+ V
γγSwitch to the last used window or
γγhold down ALT and then press TAB repeatedly,
γγswitch to another window ALT+TAB
γγundo CTRL+Z
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LAN Intrusion Complete Edition by Undercode :
First declare:
γγ1. The scope of the intrusion only includes the local area network, if it is in the school, it can invade the entire campus network;
γγ2. The only thing that can be invaded is the existence of a weak password (the user name is administrator, etc., the password is blank), and port 139 is opened, But the machine without the firewall.
π¦γγIntrusion tools:
γγgenerally need to use three: NTscan metamorphic scanner, Recton-D free anti-killing version, DameWare mini Chinese version 4.5. (The first two tools antivirus software will report poison, it is recommended to temporarily turn off real-time antivirus antivirus software And encrypt the compressed packages of these two software to prevent being killed.)
π¦γγInvasion steps:
γγ1. Use "NTscan metamorphic scanner", fill in the IP range to be scanned in the IP, select "WMI scan" method, press After "Start", wait for the scan result.
γγ2. Use "Recton--D Special Edition" to
γγselect the "CMD command" item, and enter "net share C$=C:\" in "CMD:" to open the C drive sharing of the remote host. Change "C" to D, E, F, etc., you can open the sharing of D drive, E drive, F drive, etc. This sharing method is highly concealed, and it is completely shared, and will not appear on the other host. Hold the shared logo of the disk with one hand and enter "\\Party IP\C$" in the address bar to enter the other party's C drive.
γγSelect the "Telnet" item, enter the IP just scanned in the "Remote Host", remotely start the Telnet service, after successful, in the "CMD Options", execute the command: "net share ipc$", then execute: "net share admin$", and finally execute "net use \*.
γγ3. Use "DameWare Mini Chinese Version 4.5", click "DameWare Mini Remote Control" after installation, select the activation product in the "Help" item, enter the registration information, and after successful registration, enter the "Remote Connection" window, in the "Host" Fill in the IP address, click "Settings", click "Edit" in the "Service Installation Options", remove the "Notify when connecting" in the "Notification Dialog", and deselect none of the "Additional Settings". Remove "Enable User Options Menu" in User Options. After the settings are completed, you can click "Connect", click "OK" in the pop-up dialog box, after success, you can control other people's computers like operating your own machine, of course, you can also just choose to monitor the other party's screen. Note: If you don't register, a dialog box will pop up on the host to reveal your identity.
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LAN Intrusion Complete Edition by Undercode :
First declare:
γγ1. The scope of the intrusion only includes the local area network, if it is in the school, it can invade the entire campus network;
γγ2. The only thing that can be invaded is the existence of a weak password (the user name is administrator, etc., the password is blank), and port 139 is opened, But the machine without the firewall.
π¦γγIntrusion tools:
γγgenerally need to use three: NTscan metamorphic scanner, Recton-D free anti-killing version, DameWare mini Chinese version 4.5. (The first two tools antivirus software will report poison, it is recommended to temporarily turn off real-time antivirus antivirus software And encrypt the compressed packages of these two software to prevent being killed.)
π¦γγInvasion steps:
γγ1. Use "NTscan metamorphic scanner", fill in the IP range to be scanned in the IP, select "WMI scan" method, press After "Start", wait for the scan result.
γγ2. Use "Recton--D Special Edition" to
γγselect the "CMD command" item, and enter "net share C$=C:\" in "CMD:" to open the C drive sharing of the remote host. Change "C" to D, E, F, etc., you can open the sharing of D drive, E drive, F drive, etc. This sharing method is highly concealed, and it is completely shared, and will not appear on the other host. Hold the shared logo of the disk with one hand and enter "\\Party IP\C$" in the address bar to enter the other party's C drive.
γγSelect the "Telnet" item, enter the IP just scanned in the "Remote Host", remotely start the Telnet service, after successful, in the "CMD Options", execute the command: "net share ipc$", then execute: "net share admin$", and finally execute "net use \*.
γγ3. Use "DameWare Mini Chinese Version 4.5", click "DameWare Mini Remote Control" after installation, select the activation product in the "Help" item, enter the registration information, and after successful registration, enter the "Remote Connection" window, in the "Host" Fill in the IP address, click "Settings", click "Edit" in the "Service Installation Options", remove the "Notify when connecting" in the "Notification Dialog", and deselect none of the "Additional Settings". Remove "Enable User Options Menu" in User Options. After the settings are completed, you can click "Connect", click "OK" in the pop-up dialog box, after success, you can control other people's computers like operating your own machine, of course, you can also just choose to monitor the other party's screen. Note: If you don't register, a dialog box will pop up on the host to reveal your identity.
one allowed to clone our tutorials)@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦The following are the six major database attacks:
1. Strong (or non-strong) cracking of weak passwords or default usernames and passwords
2. Elevation of privileges
3. Exploitation of unused and unwanted database services and vulnerabilities in functions
4. Targeting unpatched database vulnerabilities
5.SQL injection
6. steal tape backup (unencrypted)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦The following are the six major database attacks:
1. Strong (or non-strong) cracking of weak passwords or default usernames and passwords
2. Elevation of privileges
3. Exploitation of unused and unwanted database services and vulnerabilities in functions
4. Targeting unpatched database vulnerabilities
5.SQL injection
6. steal tape backup (unencrypted)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Wifi Post Exploitation on Remote PC.pdf
4.6 MB
Wifi Post Exploitation on Remote PC
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is the A5 encryption algorithm?
1οΈβ£The A5 algorithm was developed by the French in 1989. It is a serial cipher algorithm mainly used in the GSM system. The A5 encryption algorithm is used to encrypt the communication connection from the mobile phone to the base station. The algorithm has three versions, A5/1, A5/2, and A5/3.
2οΈβ£ If not specified, the commonly referred to as A5 refers to Is A5/1. Regarding the issue of GSM encryption, some people believe that the security of passwords will hinder the promotion of GSM phones; others believe that the strength of the A5 encryption algorithm is too weak to resist eavesdropping by some intelligence agencies.
3οΈβ£A5 encryption algorithm is characterized by high efficiency, suitable for efficient implementation on hardware, and it can also pass known statistical tests.
4οΈβ£In short, the basic idea of ββthe A5 encryption algorithm is not a problem, and its execution efficiency is very high. But from the perspective of cryptography and security, this algorithm has many security problems
written by Undercode powered by wiki
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is the A5 encryption algorithm?
1οΈβ£The A5 algorithm was developed by the French in 1989. It is a serial cipher algorithm mainly used in the GSM system. The A5 encryption algorithm is used to encrypt the communication connection from the mobile phone to the base station. The algorithm has three versions, A5/1, A5/2, and A5/3.
2οΈβ£ If not specified, the commonly referred to as A5 refers to Is A5/1. Regarding the issue of GSM encryption, some people believe that the security of passwords will hinder the promotion of GSM phones; others believe that the strength of the A5 encryption algorithm is too weak to resist eavesdropping by some intelligence agencies.
3οΈβ£A5 encryption algorithm is characterized by high efficiency, suitable for efficient implementation on hardware, and it can also pass known statistical tests.
4οΈβ£In short, the basic idea of ββthe A5 encryption algorithm is not a problem, and its execution efficiency is very high. But from the perspective of cryptography and security, this algorithm has many security problems
written by Undercode powered by wiki
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Use and unneeded database services and features unused #vulnerabilities :
γ> An external attacker will look for weak database passwords, see its potential Is the victim running the listener function on their Oracle database? The listener can search out the network connection to the Oracle database, and can forward the connection, so that the link between the user and the database will be exposed.
> γγWith just a few Google hacking attacks, an attacker can search and find the listeners exposed on the database service. Markovich said, "Many customers do not set a password on the listener, so hackers can search for the string and find the listener active on the Web. I just searched and found that there are some things that can attract peopleβs attention, such as Government sites. This is indeed a big problem."
>γOther features, such as the hook between the operating system and the database, can expose the database to attackers. This hook can become a communication link to the database.
-When you link the library and write the program... that will become the interface with the database," you are exposing the database and may allow hackers to enter inside without authentication and authorization.
> Usually, the database administrator does not shut down unnecessary services. Julian said, "They just leave it alone. This design is outdated and management can't keep up. This is the easiest way to make it work. Unwanted services exist in the infrastructure, which will make your Vulnerabilities are exposed."The
> key is to keep the database features streamlined and install only what you have to use. Don't need anything else. Markovich said, "Any feature can be used to deal with you, so only install what you need. If you have not deployed a feature, you do not need to patch it later."
written @UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Use and unneeded database services and features unused #vulnerabilities :
γ> An external attacker will look for weak database passwords, see its potential Is the victim running the listener function on their Oracle database? The listener can search out the network connection to the Oracle database, and can forward the connection, so that the link between the user and the database will be exposed.
> γγWith just a few Google hacking attacks, an attacker can search and find the listeners exposed on the database service. Markovich said, "Many customers do not set a password on the listener, so hackers can search for the string and find the listener active on the Web. I just searched and found that there are some things that can attract peopleβs attention, such as Government sites. This is indeed a big problem."
>γOther features, such as the hook between the operating system and the database, can expose the database to attackers. This hook can become a communication link to the database.
-When you link the library and write the program... that will become the interface with the database," you are exposing the database and may allow hackers to enter inside without authentication and authorization.
> Usually, the database administrator does not shut down unnecessary services. Julian said, "They just leave it alone. This design is outdated and management can't keep up. This is the easiest way to make it work. Unwanted services exist in the infrastructure, which will make your Vulnerabilities are exposed."The
> key is to keep the database features streamlined and install only what you have to use. Don't need anything else. Markovich said, "Any feature can be used to deal with you, so only install what you need. If you have not deployed a feature, you do not need to patch it later."
written @UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
#Misc IMSI/Cellular Tools
https://github.com/Evrytania/LTE-Cell-Scanner
https://harrisonsand.com/imsi-catcher/
https://github.com/Oros42/IMSI-catcher
https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
#Misc IMSI/Cellular Tools
https://github.com/Evrytania/LTE-Cell-Scanner
https://harrisonsand.com/imsi-catcher/
https://github.com/Oros42/IMSI-catcher
https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Evrytania/LTE-Cell-Scanner: LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D,β¦
LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D, 20dB noise figure) - Evrytania/LTE-Cell-Scanner
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#HackersToday
> Ordinary hackers can complete a data attack in less than 10 seconds from entry to exit. This time is almost insufficient for database administrators even if they notice an intruder. Therefore, many database attacks were not noticed by the organization until the data was damaged for a long time.
> Strangely, according to the introduction of many experts, as the base of the "crown" of the enterprise, the database has not been properly secured in many enterprises. Malicious hackers are using very simple attack methods to enter the database, such as the use of weak passwords and imprecise configuration, and the use of unpatched known vulnerabilities.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#HackersToday
> Ordinary hackers can complete a data attack in less than 10 seconds from entry to exit. This time is almost insufficient for database administrators even if they notice an intruder. Therefore, many database attacks were not noticed by the organization until the data was damaged for a long time.
> Strangely, according to the introduction of many experts, as the base of the "crown" of the enterprise, the database has not been properly secured in many enterprises. Malicious hackers are using very simple attack methods to enter the database, such as the use of weak passwords and imprecise configuration, and the use of unpatched known vulnerabilities.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦## SS7/Telecom Specific
- D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov
- http://www.hackitoergosum.org/2010/HES2010-planglois-Attacking-SS7.pdf
- Getting in the SS7 kingdom: hard technology and disturbingly easy hacks= to get entry points in the walled garden
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦## SS7/Telecom Specific
- D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov
- http://www.hackitoergosum.org/2010/HES2010-planglois-Attacking-SS7.pdf
- Getting in the SS7 kingdom: hard technology and disturbingly easy hacks= to get entry points in the walled garden
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
W00t3k/Awesome-Cellular-Hacking
Awesome-Cellular-Hacking. Contribute to W00t3k/Awesome-Cellular-Hacking development by creating an account on GitHub.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interesting hacking #SIM Specific Attacks :
- Rooting SIM-cards
- The Most Expensive Lesson Of My Life: Details of SIM port hack
- Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stack (https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf)
- Hiding in Plain Signal:Physical Signal Overshadowing Attack on LTE
- LTE Security DisabledΓ’β¬βMisconfiguration in Commercial Network
- Shupeng-All-The-4G-Modules-Could-Be-Hacked
β 2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interesting hacking #SIM Specific Attacks :
- Rooting SIM-cards
- The Most Expensive Lesson Of My Life: Details of SIM port hack
- Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stack (https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf)
- Hiding in Plain Signal:Physical Signal Overshadowing Attack on LTE
- LTE Security DisabledΓ’β¬βMisconfiguration in Commercial Network
- Shupeng-All-The-4G-Modules-Could-Be-Hacked
β 2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner:
π¦Features
1) Works with Windows, Linux and OS X
2)Automatic Configuration
3) Automatic Update
4) Provides 8 different Local File Inclusion attack modalities:
/proc/self/environ
php://filter
php://input
/proc/self/fd
access log
phpinfo
data://
expect://
5) Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).
6) Tor proxy support
7) Reverse Shell for Windows, Linux and OS X
π¦REQUIRE :
>Python 2.7.x
>Python extra modules: termcolor, requests
>socks.py
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
CLONE https://github.com/D35m0nd142/LFISuite & GO DIR THEN
1οΈβ£Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.
2οΈβ£Reverse Shell
> When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port")
( any doubt check this vid https://www.youtube.com/watch?v=6sY1Skx8MBc )
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner:
π¦Features
1) Works with Windows, Linux and OS X
2)Automatic Configuration
3) Automatic Update
4) Provides 8 different Local File Inclusion attack modalities:
/proc/self/environ
php://filter
php://input
/proc/self/fd
access log
phpinfo
data://
expect://
5) Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).
6) Tor proxy support
7) Reverse Shell for Windows, Linux and OS X
π¦REQUIRE :
>Python 2.7.x
>Python extra modules: termcolor, requests
>socks.py
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
CLONE https://github.com/D35m0nd142/LFISuite & GO DIR THEN
1οΈβ£Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.
2οΈβ£Reverse Shell
> When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port")
( any doubt check this vid https://www.youtube.com/watch?v=6sY1Skx8MBc )
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - D35m0nd142/LFISuite: Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner - GitHub - D35m0nd142/LFISuite: Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
Forwarded from UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ discovering and attacking IoT devices based on web attacks by Undercode :
1οΈβ£The attack methods used are:
γ1-γDeceive the victim and induce them to visit the website controlled by the attacker.
γ2-γDiscover IoT devices on the victim's local network.
γ3-γControl devices through web-based attacks.
2οΈβ£Attack duration
1- Technically, this is not a new attack vector. The research report cited previous research and found that it takes an average of one minute for an attacker to use these attack vectors to obtain results. Strangely, the results of a famous study
2-γγ(What You Think You Know About the Web is Wrong) shows that 55% of users spend less than 15 seconds on the site. It seems that most users will not be affected by the IoT vulnerability.
γ3-γBut in studies conducted at Princeton University and the University of California, Berkeley, the researchers significantly shortened the duration of the attack. Researchers say that using the methods they discovered, they can discover and access devices on the local network faster than previous research. Except Chrome, because it caches DNS requests, if the TTL is below a certain threshold, the TTL is ignored. It should be noted that devices in the demilitarized zone (DMZ, internal network inside the firewall) are generally considered to be safe, because users assume that these devices cannot be accessed from outside. However, through the attack described here, the attacker can access the browser in the victim's internal network.
3οΈβ£Discover HTTP endpoints :
1-γThe researchers analyzed these devices by connecting them to the wireless access point of the Raspberry Pi. Observe and analyze the data packets sent and received from the device, and the data packets sent and received by the mobile application bound to each device. Through analysis, 35 GET request endpoints and 8 POST request endpoints were found. These endpoints are used to identify the IP address in the discovery phase.
γ2- Research phase
γγResearchers conduct research through two different stages, the discovery stage and the access stage:
3-γγThe goal of the discovery phase is to find Internet of Things devices containing HTML5 elements on the browser on the local network.
4-γγThe goal of the access phase is to use DNS rebinding and discovered IP addresses to access HTTP endpoints.
4οΈβ£ Discovery stage: Identify IoT devices
γ1-Use WebRTC to obtain the local IP address.
2-Send requests to all IP addresses in the IP range through port 81. Since port 81 is usually not occupied, the active device will immediately respond to a TCP RST packet. For inactive devices within the IP range, the request packet will time out.
3-Each active IP address receives requests for 35 GET endpoints collected using HTML5 at the initial stage. Based on the error message returned, the attack script will identify whether the IP address matches any of the seven devices.
4-The study plans to use three different operating systems (Windows 10,
MacOS, and Ubuntu) and four different browsers (Chrome, Firefox, Safari, MicrosoftEdge). However, only Chrome and Firefox are suitable for this research. Therefore, Safari and Edge browsers are not used, because according to (Web-based attack on the discovery and control of local IoT devices):
> On Safari, all FETCH requests timed out, causing the attack script to identify all IP addresses as inactive. On the Edge browser, the script can use the FETCH request to correctly identify the active IP address, but Edge does not disclose a detailed HTML5 error message, so the attack script cannot identify any device on the Edge.
5οΈβ£Access stage: control of IoT devices
1-The victim accesses the domain name (domain.tld) ββββββcontrolled by the attacker, and the browser executes the malicious JavaScript code found on the attacker's site. The domain name is still resolved to the attacker's server IP.
2-The malicious script requests another resource on domain.tld, which only exists on the attacker's server.
π¦ discovering and attacking IoT devices based on web attacks by Undercode :
1οΈβ£The attack methods used are:
γ1-γDeceive the victim and induce them to visit the website controlled by the attacker.
γ2-γDiscover IoT devices on the victim's local network.
γ3-γControl devices through web-based attacks.
2οΈβ£Attack duration
1- Technically, this is not a new attack vector. The research report cited previous research and found that it takes an average of one minute for an attacker to use these attack vectors to obtain results. Strangely, the results of a famous study
2-γγ(What You Think You Know About the Web is Wrong) shows that 55% of users spend less than 15 seconds on the site. It seems that most users will not be affected by the IoT vulnerability.
γ3-γBut in studies conducted at Princeton University and the University of California, Berkeley, the researchers significantly shortened the duration of the attack. Researchers say that using the methods they discovered, they can discover and access devices on the local network faster than previous research. Except Chrome, because it caches DNS requests, if the TTL is below a certain threshold, the TTL is ignored. It should be noted that devices in the demilitarized zone (DMZ, internal network inside the firewall) are generally considered to be safe, because users assume that these devices cannot be accessed from outside. However, through the attack described here, the attacker can access the browser in the victim's internal network.
3οΈβ£Discover HTTP endpoints :
1-γThe researchers analyzed these devices by connecting them to the wireless access point of the Raspberry Pi. Observe and analyze the data packets sent and received from the device, and the data packets sent and received by the mobile application bound to each device. Through analysis, 35 GET request endpoints and 8 POST request endpoints were found. These endpoints are used to identify the IP address in the discovery phase.
γ2- Research phase
γγResearchers conduct research through two different stages, the discovery stage and the access stage:
3-γγThe goal of the discovery phase is to find Internet of Things devices containing HTML5 elements on the browser on the local network.
4-γγThe goal of the access phase is to use DNS rebinding and discovered IP addresses to access HTTP endpoints.
4οΈβ£ Discovery stage: Identify IoT devices
γ1-Use WebRTC to obtain the local IP address.
2-Send requests to all IP addresses in the IP range through port 81. Since port 81 is usually not occupied, the active device will immediately respond to a TCP RST packet. For inactive devices within the IP range, the request packet will time out.
3-Each active IP address receives requests for 35 GET endpoints collected using HTML5 at the initial stage. Based on the error message returned, the attack script will identify whether the IP address matches any of the seven devices.
4-The study plans to use three different operating systems (Windows 10,
MacOS, and Ubuntu) and four different browsers (Chrome, Firefox, Safari, MicrosoftEdge). However, only Chrome and Firefox are suitable for this research. Therefore, Safari and Edge browsers are not used, because according to (Web-based attack on the discovery and control of local IoT devices):
> On Safari, all FETCH requests timed out, causing the attack script to identify all IP addresses as inactive. On the Edge browser, the script can use the FETCH request to correctly identify the active IP address, but Edge does not disclose a detailed HTML5 error message, so the attack script cannot identify any device on the Edge.
5οΈβ£Access stage: control of IoT devices
1-The victim accesses the domain name (domain.tld) ββββββcontrolled by the attacker, and the browser executes the malicious JavaScript code found on the attacker's site. The domain name is still resolved to the attacker's server IP.
2-The malicious script requests another resource on domain.tld, which only exists on the attacker's server.
Forwarded from UNDERCODE SECURITY
3-If the victim's local DNS cache is still resolved to the attacker's remote IP, the request for /hello.php will return the string "hello" and repeat step
4-But if the domain.tld in the victim's cache expires, a new DNS query will be sent to the attacker.
5-Finally, the local IP obtained from the discovery phase will be returned instead of the attacker's remote IP. /hello.php will not respond with the string "hello", but will use different content, such as a 404 error, which tells the malicious script The DNS rebinding attack has been successful.
6-Through this attack, the malicious script bypassed the browser's Same-Origin Policy and gained access to Web applications running on the device. Attackers can now perform restarts or start video/audio files on Google Chromecast, Google Home, smart TVs, and smart switch devices.
6οΈβ£How to prevent DNS rebinding attacks against IoT devices
1-Users can disable WebRTC on the browser and prevent the disclosure of private IP. The attacker will be able to discover the user's private IP by sending a request to all *.1 addresses (router addresses) within the private IP range.
2-The attacker assumes that all IP devices have the same IP range as the victim's PC. Users can assign IP addresses on another subnet (such as /16) by configuring the router's DHCP server.
3-Users can install dnsmasq to prevent DNS rebinding attacks by removing RFC 1918 addresses from DNS responses. Users can also use dnsmasq's OpenWRT router.
4-IoT vendors can control the Host header in requests sent to the Web interface. If there is no private IP that complies with RFC 1918, you can block access.
5-DNS providers can use mechanisms like dnswall to filter private IPs from DNS responses.
6-Browser vendors can develop extensions that restrict public network access to private IP ranges.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
4-But if the domain.tld in the victim's cache expires, a new DNS query will be sent to the attacker.
5-Finally, the local IP obtained from the discovery phase will be returned instead of the attacker's remote IP. /hello.php will not respond with the string "hello", but will use different content, such as a 404 error, which tells the malicious script The DNS rebinding attack has been successful.
6-Through this attack, the malicious script bypassed the browser's Same-Origin Policy and gained access to Web applications running on the device. Attackers can now perform restarts or start video/audio files on Google Chromecast, Google Home, smart TVs, and smart switch devices.
6οΈβ£How to prevent DNS rebinding attacks against IoT devices
1-Users can disable WebRTC on the browser and prevent the disclosure of private IP. The attacker will be able to discover the user's private IP by sending a request to all *.1 addresses (router addresses) within the private IP range.
2-The attacker assumes that all IP devices have the same IP range as the victim's PC. Users can assign IP addresses on another subnet (such as /16) by configuring the router's DHCP server.
3-Users can install dnsmasq to prevent DNS rebinding attacks by removing RFC 1918 addresses from DNS responses. Users can also use dnsmasq's OpenWRT router.
4-IoT vendors can control the Host header in requests sent to the Web interface. If there is no private IP that complies with RFC 1918, you can block access.
5-DNS providers can use mechanisms like dnswall to filter private IPs from DNS responses.
6-Browser vendors can develop extensions that restrict public network access to private IP ranges.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β