β β β Uππ»βΊπ«6π¬πβ β β β
π¦Obfuscated JavaScript is slower!
#FastTips
>Minimized code: it downloads faster from the server, as it has a smaller size, the runtime (performance) is the same as the code in the original version.
>Obfuscated code: it usually has a larger size and is almost always slower (by tens of percent), because in addition to the main function, the related actions are performed to run the code.
>So, minimized code: itβs easy to restore to its original form, performance does not drop.
> Obfuscated code: (very) difficult to restore to its original form, code performance drops. You can add self-defense and debugging protection to obfuscated code, as well as meaningless pieces of code that will greatly complicate its analysis.
Conclusion: obfuscate only the code that you want to protect. That is, it makes sense to obfuscate your code, but it makes no sense to obfuscate the code of popular JavaScript libraries, which are already publicly available in their original form.
written by undercode
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Obfuscated JavaScript is slower!
#FastTips
>Minimized code: it downloads faster from the server, as it has a smaller size, the runtime (performance) is the same as the code in the original version.
>Obfuscated code: it usually has a larger size and is almost always slower (by tens of percent), because in addition to the main function, the related actions are performed to run the code.
>So, minimized code: itβs easy to restore to its original form, performance does not drop.
> Obfuscated code: (very) difficult to restore to its original form, code performance drops. You can add self-defense and debugging protection to obfuscated code, as well as meaningless pieces of code that will greatly complicate its analysis.
Conclusion: obfuscate only the code that you want to protect. That is, it makes sense to obfuscate your code, but it makes no sense to obfuscate the code of popular JavaScript libraries, which are already publicly available in their original form.
written by undercode
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How to install Obfuscator JavaScript GUI ?
Installing Obfuscator JavaScript web interface on Kali Linux
sudo apt remove cmdtest
sudo apt install npm
sudo npm install -g yarn
sudo npm cache clean -f
sudo npm install -g n
sudo n stable
git clone https://github.com/javascript-obfuscator/javascript-obfuscator-ui
cd javascript-obfuscator-ui/
yarn
npm run updatesemantic
npm run webpack:dev
node server.js
After that, the web interface will be available at http: // localhost: 3000 /
π¦Installing the Obfuscator JavaScript Web Interface on BlackArch
sudo pacman -S npm yarn
git clone https://github.com/javascript-obfuscator/javascript-obfuscator-ui
cd javascript-obfuscator-ui/
yarn
npm run updatesemantic
npm run webpack:dev
node server.js
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How to install Obfuscator JavaScript GUI ?
Installing Obfuscator JavaScript web interface on Kali Linux
sudo apt remove cmdtest
sudo apt install npm
sudo npm install -g yarn
sudo npm cache clean -f
sudo npm install -g n
sudo n stable
git clone https://github.com/javascript-obfuscator/javascript-obfuscator-ui
cd javascript-obfuscator-ui/
yarn
npm run updatesemantic
npm run webpack:dev
node server.js
After that, the web interface will be available at http: // localhost: 3000 /
π¦Installing the Obfuscator JavaScript Web Interface on BlackArch
sudo pacman -S npm yarn
git clone https://github.com/javascript-obfuscator/javascript-obfuscator-ui
cd javascript-obfuscator-ui/
yarn
npm run updatesemantic
npm run webpack:dev
node server.js
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - javascript-obfuscator/javascript-obfuscator-ui: A web UI to the JavaScript Obfuscator node.js package.
A web UI to the JavaScript Obfuscator node.js package. - javascript-obfuscator/javascript-obfuscator-ui
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Creating Backdoors on Android APK: backdoor-apk
1οΈβ£download apk
2οΈβ£apk-a backdoor - is a shell script that simplifies the process of adding a backdoor in any file APK for All Android . Users of this shell script must have a working knowledge of Linux , Bash , Metasploit , Apktool , Android SDK , smali, etc. This shell script is provided as is without any warranty and is intended for educational purposes only.
3οΈβ£A recompiled APK will be found in the original / dist directory. Install the APK on a compatible Android device, launch it and process the meterpreter connection through the generated resource script: msfconsole -r backdoor-apk.rc
enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Creating Backdoors on Android APK: backdoor-apk
1οΈβ£download apk
2οΈβ£apk-a backdoor - is a shell script that simplifies the process of adding a backdoor in any file APK for All Android . Users of this shell script must have a working knowledge of Linux , Bash , Metasploit , Apktool , Android SDK , smali, etc. This shell script is provided as is without any warranty and is intended for educational purposes only.
3οΈβ£A recompiled APK will be found in the original / dist directory. Install the APK on a compatible Android device, launch it and process the meterpreter connection through the generated resource script: msfconsole -r backdoor-apk.rc
enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Phishing Assistant Hemingway
#FastTips
1οΈβ£This tool was created to simplify phishing campaigns. He is not trying to solve problems with relaying or SMTP reputation, but rather, to allow a pentester or a red team member to create a phishing campaign with a ready-made server for phishing. We also assume that if you are dealing with anti-phishing components, you have already converted your rules.
2οΈβ£ download https://github.com/ytisf/hemingway
3οΈβ£Using Hemingway
At the moment, Hemingway will not receive configuration files from the user; rather, it will work with the template. For example, the example.conf file in confs is available. However, the configuration file is not only the required files, but also the sampleconf folder.
[server]
address: 192.168.10.80
port: 25
maxconnections: 3
phish
addressescsv: sampleconf / addresses.csv
htmlbody: sampleconf / body.html
txtbody: sampleconf / body.txt
subject: What are you doing here?
attachments: sampleconf / body.html, sampleconf / body.txt
4οΈβ£This file is pretty straight forward and advanced. This gives Hemingway all the necessary information for a phishing campaign. Which files you need to attach (separated by the ',' symbol which means as many files as you want), email subject and body HTML and TXT.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Phishing Assistant Hemingway
#FastTips
1οΈβ£This tool was created to simplify phishing campaigns. He is not trying to solve problems with relaying or SMTP reputation, but rather, to allow a pentester or a red team member to create a phishing campaign with a ready-made server for phishing. We also assume that if you are dealing with anti-phishing components, you have already converted your rules.
2οΈβ£ download https://github.com/ytisf/hemingway
3οΈβ£Using Hemingway
At the moment, Hemingway will not receive configuration files from the user; rather, it will work with the template. For example, the example.conf file in confs is available. However, the configuration file is not only the required files, but also the sampleconf folder.
[server]
address: 192.168.10.80
port: 25
maxconnections: 3
phish
addressescsv: sampleconf / addresses.csv
htmlbody: sampleconf / body.html
txtbody: sampleconf / body.txt
subject: What are you doing here?
attachments: sampleconf / body.html, sampleconf / body.txt
4οΈβ£This file is pretty straight forward and advanced. This gives Hemingway all the necessary information for a phishing campaign. Which files you need to attach (separated by the ',' symbol which means as many files as you want), email subject and body HTML and TXT.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - ytisf/hemingway: hemingway is a simple and easy to use spear phishing helper.
hemingway is a simple and easy to use spear phishing helper. - ytisf/hemingway
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Malicious file intelligence: fileintel
#FastTips
1οΈβ£ This is a tool used to collect various intelligence sources for a specific file. Fileintel is written in a modular way, so new intelligence sources can be easily added. Files are identified by the hash of the file (MD5, SHA1, SHA256).
2οΈβ£The output is in CSV format and sent to STDOUT, so the data can be saved or transferred to another program. Because the output is in CSV format, spreadsheets such as Excel systems or databases can easily import data. This works with Python v2, but it should also work with Python v3. If you find that this does not work with Python v3, send an error message.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Malicious file intelligence: fileintel
#FastTips
1οΈβ£ This is a tool used to collect various intelligence sources for a specific file. Fileintel is written in a modular way, so new intelligence sources can be easily added. Files are identified by the hash of the file (MD5, SHA1, SHA256).
2οΈβ£The output is in CSV format and sent to STDOUT, so the data can be saved or transferred to another program. Because the output is in CSV format, spreadsheets such as Excel systems or databases can easily import data. This works with Python v2, but it should also work with Python v3. If you find that this does not work with Python v3, send an error message.
3οΈβ£download https://github.com/keithjjones/fileintel
4οΈβ£$ pip install -r requirements.txt
>Some issues were discovered with the stock version of Python on Mac OSX ( http://stackoverflow.com/questions/31649390/python-requests-ssl-handshake-failure ). You may need to install the query library security part using the following command:
$ pip install requests [security]
5οΈβ£$ python fileintel.py myconfigfile.conf myhashes.txt -a> myoutput.csv
enjoyβ€οΈππ»@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SCANNERS & SECURITY
> top malware scanners :
#fAStTips
VirusTotal (Requires network I / O and a public API key, throttled when necessary) http://www.virustotal.com
NSRL database http://www.nsrl.nist.gov/Downloads.htm
ThreatCrowd (Requires network I / O, throttled when necessary) http://www.threatcrowd.org
OTX by AlienVault (Requires network I / O and API key) https://otx.alienvault.com
ThreatExpert (Requires Network I / O) http://www.threatexpert.com/
β β β Uππ»βΊπ«6π¬πβ β β β
π¦SCANNERS & SECURITY
> top malware scanners :
#fAStTips
VirusTotal (Requires network I / O and a public API key, throttled when necessary) http://www.virustotal.com
NSRL database http://www.nsrl.nist.gov/Downloads.htm
ThreatCrowd (Requires network I / O, throttled when necessary) http://www.threatcrowd.org
OTX by AlienVault (Requires network I / O and API key) https://otx.alienvault.com
ThreatExpert (Requires Network I / O) http://www.threatexpert.com/
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SCANNERS & SECURITY
> top malware scanners :
#fAStTips
VirusTotal (Requires network I / O and a public API key, throttled when necessary) http://www.virustotal.com
NSRL database http://www.nsrl.nist.gov/Downloads.htm
ThreatCrowd (Requires network I / O, throttled when necessary) http://www.threatcrowd.org
OTX by AlienVault (Requires network I / O and API key) https://otx.alienvault.com
ThreatExpert (Requires Network I / O) http://www.threatexpert.com/
β β β Uππ»βΊπ«6π¬πβ β β β
π¦SCANNERS & SECURITY
> top malware scanners :
#fAStTips
VirusTotal (Requires network I / O and a public API key, throttled when necessary) http://www.virustotal.com
NSRL database http://www.nsrl.nist.gov/Downloads.htm
ThreatCrowd (Requires network I / O, throttled when necessary) http://www.threatcrowd.org
OTX by AlienVault (Requires network I / O and API key) https://otx.alienvault.com
ThreatExpert (Requires Network I / O) http://www.threatexpert.com/
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HOST YOUR OWN VIRUSTOTAL
> FREE OPEN SOURCES. API FOR EACH ONE :
>VirusTotal Python Library https://github.com/blacktop/virustotal-api
>The NSRL Database http://www.nsrl.nist.gov/Downloads.htmhttps://blog.didierstevens.com/2015/09/01/nsrl-py-using-the-reference-data-set-of- the-national-software-reference-library /
>ThreatCrowd Python Library https://github.com/threatcrowd/ApiV2https://github.com/jheise/threatcrowd_api
> Python OTX Library https://github.com/AlienVault-Labs/OTX-Python-SDKhttps://otx.alienvault.com/api/
>ThreatExpertScrape using BeautifulSoup https://www.crummy.com/software/BeautifulSoup/bs4/doc Web requests using the request library http://docs.python-requests.org/en/master/http://www.threatexpert .com /
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦HOST YOUR OWN VIRUSTOTAL
> FREE OPEN SOURCES. API FOR EACH ONE :
>VirusTotal Python Library https://github.com/blacktop/virustotal-api
>The NSRL Database http://www.nsrl.nist.gov/Downloads.htmhttps://blog.didierstevens.com/2015/09/01/nsrl-py-using-the-reference-data-set-of- the-national-software-reference-library /
>ThreatCrowd Python Library https://github.com/threatcrowd/ApiV2https://github.com/jheise/threatcrowd_api
> Python OTX Library https://github.com/AlienVault-Labs/OTX-Python-SDKhttps://otx.alienvault.com/api/
>ThreatExpertScrape using BeautifulSoup https://www.crummy.com/software/BeautifulSoup/bs4/doc Web requests using the request library http://docs.python-requests.org/en/master/http://www.threatexpert .com /
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - blacktop/virustotal-api: Virus Total Public/Private/Intel API
Virus Total Public/Private/Intel API. Contribute to blacktop/virustotal-api development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦hack fcb/insta/ssh/ftp
> Bruteforce Server Module: brut3k1t
β οΈbrut3k1t is a bruteforce server module that supports dictionary lookup attacks for multiple protocols. Current and completed protocols that are already supported:
>ssh
>ftp
>smtp
>Xmpp
>instagram
>facebook
In the future, it is planned to implement various protocols and services (including Twitter, Facebook, Instagram).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/ex0dus-0x/brute.git
2οΈβ£DEPENCIES :
argparse - Used to parse command line arguments
paramiko - Used to work with SSH connections and authentication
ftplib - Used for working with FTP connections and authentication
smtplib - Used to work with SMTP (email) connections and authentication
fbchat - Used to connect to Facebook
selenium - Used for web bonding that is used with Instagram (and later on Twitter)
xmppy - used for XMPP connections ... and much more in the future
3οΈβ£cd / path / to / brut3k1t
4οΈβ£Enter python brut3k1t -h and this will bring up a help menu..
π¦Examples of using:
Hacking an SSH server running on 192.168.1.3 using root and wordlist.txt as a wordlist.
python brut3k1t.py -s ssh -a 192.168.1.3 -u root -w wordlist.txt
The program will automatically set the port to 22, but if it is different, specify -p mark.
Hacking test@gmail.com email with wordlist.txt on port 25 with a 3 second delay. For email, you must use the SMTP server address. For example, for Gmail = smtp.gmail.com. You can research this question with Google.
python brut3k1t.py -s smtp -a smtp.gmail.com -u test@gmail.com -w wordlist.txt -p 25 -d 3
Hacking Facebook is a real challenge as you will need a target user ID, not a username.
python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt
Hacking Instagram with the username test with wordlist wordlist.txt, as well as with a 5 second delay
python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦hack fcb/insta/ssh/ftp
> Bruteforce Server Module: brut3k1t
β οΈbrut3k1t is a bruteforce server module that supports dictionary lookup attacks for multiple protocols. Current and completed protocols that are already supported:
>ssh
>ftp
>smtp
>Xmpp
In the future, it is planned to implement various protocols and services (including Twitter, Facebook, Instagram).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/ex0dus-0x/brute.git
2οΈβ£DEPENCIES :
argparse - Used to parse command line arguments
paramiko - Used to work with SSH connections and authentication
ftplib - Used for working with FTP connections and authentication
smtplib - Used to work with SMTP (email) connections and authentication
fbchat - Used to connect to Facebook
selenium - Used for web bonding that is used with Instagram (and later on Twitter)
xmppy - used for XMPP connections ... and much more in the future
3οΈβ£cd / path / to / brut3k1t
4οΈβ£Enter python brut3k1t -h and this will bring up a help menu..
π¦Examples of using:
Hacking an SSH server running on 192.168.1.3 using root and wordlist.txt as a wordlist.
python brut3k1t.py -s ssh -a 192.168.1.3 -u root -w wordlist.txt
The program will automatically set the port to 22, but if it is different, specify -p mark.
Hacking test@gmail.com email with wordlist.txt on port 25 with a 3 second delay. For email, you must use the SMTP server address. For example, for Gmail = smtp.gmail.com. You can research this question with Google.
python brut3k1t.py -s smtp -a smtp.gmail.com -u test@gmail.com -w wordlist.txt -p 25 -d 3
Hacking Facebook is a real challenge as you will need a target user ID, not a username.
python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt
Hacking Instagram with the username test with wordlist wordlist.txt, as well as with a 5 second delay
python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
ex0dus-0x/brute
Crowd-sourced bruteforce / credential stuffing engine built for security professionals - ex0dus-0x/brute
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AMAZING FEATURES :
1οΈβ£FirePhish is a complete phishing framework for managing all types of phishing activities. It allows you to track individual phishing campaigns, send emails and much more. Features will continue to be expanded to include website spoofing , click tracking, and advanced notification options.
2οΈβ£FirePhish URL Prefix This is the most important property that should be used immediately after you install FirePhish. This property changes the FirePhish URL from something like βhttp://domain.com/β to βhttp://domain.com/cant/guess/this/β
Phishing Campaigns FirePhish allows you to create large phishing campaigns that send emails over any period of time that you would like. You just give him an βEmail Templateβ, βUser Target Listβ and a mailing schedule, and he will take care of the rest.
3οΈβ£Email Simple Sending Sometimes, all you want to do is send one simple phishing email without the hassle of creating everything you need for the campaign. FirePhish lets you do this!
4οΈβ£Checking Email Configuration Checks Checking if all DNS records are configured correctly to exclude spam filters can be a lot of trouble. Fortunately, FirePhish did a configuration check. It will analyze A records, MX records, and SPF records to make sure they are configured correctly so that you can start sending emails.
5οΈβ£Activity Logs Tracking all activity is extremely important for pentesting and especially for phishing exercises. FirePhish has the great ability to register in all applications. You can track other users and specifically determine which emails were sent and when all actions were completed.
6οΈβ£Fast Replacement Sometimes you want to put down a server that has been heavily affected by a phishing campaign and create a new server. The worst part about all this is that you can lose all the data associated with this first server! FirePhish has a simple import / export function that allows you to quickly export all the data from one FirePhish server and import it to the new FirePhish server. He creates new systems and easily demolishes old systems. All information is transmitted, including activity logs .
7οΈβ£User Management FirePhish allows you to create new accounts for all the people who work with you on phishing. You can also track all their activity through the activity log. All users have the same permission level. No user access control.
π¦download
https://github.com/Raikia/FiercePhish/wiki
> Recommended Prerequisites
Get a domain name to send email
<This condition is optional, but we strongly recommend that you do so. Phishing campaigns in which you use an active domain that you do not own are extremely susceptible to spam filtering (if the domain SPF record is configured incorrectly). The best way to conduct a phishing campaign is to purchase a common domain that can trick someone (βyourfilehost.comβ) or a domain that closely resembles an existing one (βmicrosoft-secure.comβ).
π¦System requirements
Linux
PHP> = 5.5.9
OpenSSL PHP Extension
PDO PHP Extension
Mbstring PHP Extension
Tokenizer PHP Extension
Rewrite php extension
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦AMAZING FEATURES :
1οΈβ£FirePhish is a complete phishing framework for managing all types of phishing activities. It allows you to track individual phishing campaigns, send emails and much more. Features will continue to be expanded to include website spoofing , click tracking, and advanced notification options.
2οΈβ£FirePhish URL Prefix This is the most important property that should be used immediately after you install FirePhish. This property changes the FirePhish URL from something like βhttp://domain.com/β to βhttp://domain.com/cant/guess/this/β
Phishing Campaigns FirePhish allows you to create large phishing campaigns that send emails over any period of time that you would like. You just give him an βEmail Templateβ, βUser Target Listβ and a mailing schedule, and he will take care of the rest.
3οΈβ£Email Simple Sending Sometimes, all you want to do is send one simple phishing email without the hassle of creating everything you need for the campaign. FirePhish lets you do this!
4οΈβ£Checking Email Configuration Checks Checking if all DNS records are configured correctly to exclude spam filters can be a lot of trouble. Fortunately, FirePhish did a configuration check. It will analyze A records, MX records, and SPF records to make sure they are configured correctly so that you can start sending emails.
5οΈβ£Activity Logs Tracking all activity is extremely important for pentesting and especially for phishing exercises. FirePhish has the great ability to register in all applications. You can track other users and specifically determine which emails were sent and when all actions were completed.
6οΈβ£Fast Replacement Sometimes you want to put down a server that has been heavily affected by a phishing campaign and create a new server. The worst part about all this is that you can lose all the data associated with this first server! FirePhish has a simple import / export function that allows you to quickly export all the data from one FirePhish server and import it to the new FirePhish server. He creates new systems and easily demolishes old systems. All information is transmitted, including activity logs .
7οΈβ£User Management FirePhish allows you to create new accounts for all the people who work with you on phishing. You can also track all their activity through the activity log. All users have the same permission level. No user access control.
π¦download
https://github.com/Raikia/FiercePhish/wiki
> Recommended Prerequisites
Get a domain name to send email
<This condition is optional, but we strongly recommend that you do so. Phishing campaigns in which you use an active domain that you do not own are extremely susceptible to spam filtering (if the domain SPF record is configured incorrectly). The best way to conduct a phishing campaign is to purchase a common domain that can trick someone (βyourfilehost.comβ) or a domain that closely resembles an existing one (βmicrosoft-secure.comβ).
π¦System requirements
Linux
PHP> = 5.5.9
OpenSSL PHP Extension
PDO PHP Extension
Mbstring PHP Extension
Tokenizer PHP Extension
Rewrite php extension
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Domain
Domain Names, Site Builder, Hosting, and More | Domain.com
Finding and buying the perfect domain is as easy as 1-2-3 with Domain.com. We'll even help get you online with our DIY and Pro site builder and marketing tools.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WeeMan - Python HTTP phishing server
>Creates a fake html page.
>Waiting for customers.
>Captures data (POST).
>Tries to force the client to go to the original page.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
>Archlinux sudo pacman -S python2-beautifulsoup4
>Ubuntu / Linuxmint sudo apt-get install python-bs4
>Fedora <22 sudo yum install python-beautifulsoup4
>Fedora> = 22 sudo dnf install python-beautifulsoup4
For another operating system: sudo pip install beautifulsoup4 Starting the server server:
>For port 80, you need to run Weeman as root!
>Cloning host (Ex: www.social-networks.local)
set url
>The Weeman port of the server will listen to
>set port 2020
> Run the server
run
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦WeeMan - Python HTTP phishing server
>Creates a fake html page.
>Waiting for customers.
>Captures data (POST).
>Tries to force the client to go to the original page.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
>Archlinux sudo pacman -S python2-beautifulsoup4
>Ubuntu / Linuxmint sudo apt-get install python-bs4
>Fedora <22 sudo yum install python-beautifulsoup4
>Fedora> = 22 sudo dnf install python-beautifulsoup4
For another operating system: sudo pip install beautifulsoup4 Starting the server server:
>For port 80, you need to run Weeman as root!
>Cloning host (Ex: www.social-networks.local)
set url
>The Weeman port of the server will listen to
>set port 2020
> Run the server
run
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Metasploit team releases exploit for BlueKeep vulnerability
#news
> The developers of the Metasploit project introduced a module designed to exploit the BlueKeep vulnerability affecting the Microsoft Windows operating system.
>Recall we are talking about the vulnerability CVE-2019-0708 that affects Remote Desktop Services in older versions of Windows (Windows XP, Windows 2003, Windows 7, Windows Server 2008 and Windows Server 2008 R2). As Microsoft explained, the bug is βworm-likeβ, that is, it allows malware to spread from computer to computer, just like the WannaCry malware spread around the world in 2017. Although the manufacturer fixed the problem back in May of this year, according to BinaryEdge, about 700 thousand systems are still vulnerable to this attack.
>Although previously various security experts have already issued PoC codes to exploit the problem (they had a number of limitations), this exploit allows you to remotely execute arbitrary code.
>It is worth noting that the developers have added a number of restrictions. In particular, at present, the module is launched only in manual mode (that is, operation requires user interaction) and is not suitable for automated attacks. In addition, the exploit works only on 64-bit versions of Windows 7 and Windows 2008 R2.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Metasploit team releases exploit for BlueKeep vulnerability
#news
> The developers of the Metasploit project introduced a module designed to exploit the BlueKeep vulnerability affecting the Microsoft Windows operating system.
>Recall we are talking about the vulnerability CVE-2019-0708 that affects Remote Desktop Services in older versions of Windows (Windows XP, Windows 2003, Windows 7, Windows Server 2008 and Windows Server 2008 R2). As Microsoft explained, the bug is βworm-likeβ, that is, it allows malware to spread from computer to computer, just like the WannaCry malware spread around the world in 2017. Although the manufacturer fixed the problem back in May of this year, according to BinaryEdge, about 700 thousand systems are still vulnerable to this attack.
>Although previously various security experts have already issued PoC codes to exploit the problem (they had a number of limitations), this exploit allows you to remotely execute arbitrary code.
>It is worth noting that the developers have added a number of restrictions. In particular, at present, the module is launched only in manual mode (that is, operation requires user interaction) and is not suitable for automated attacks. In addition, the exploit works only on 64-bit versions of Windows 7 and Windows 2008 R2.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Reverse_Engineering_WannaCry_Ransomware_using_Ghidra_β_Finding_the.pdf
5.2 MB
RANSOMWARE TUTORIAL
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hacker organization Keeper tracking: invaded 570 home appliance business websites for more than 7 million yuan in three years
#News
> The hacker group "Keeper" stated that it was responsible for the data breaches of more than 570 online e-commerce websites in the past three years. The hacker's trick to prevent it is to invade the background of the mall, modify the source code, embed malicious scripts, record the details of the payment card of the shopper when paying, and so on.
>This type of cyber attack is also called "web skimming/e-skimming" (web looting). In a report released today by threat intelligence company Gemini Advisory, the Keeper organization has already committed these cybercrimes at least in April 2017, and is still at large.
> Gemini said the company tracked the hacker's activities. This is mainly because the organization's back-end server uses the same control panel to facilitate the management of payment card details collected from the e-commerce platform.
> Through the identification of the background panel, Gemini tracked all historical activities of Keeper. These include the location of the back-end panel in the past, malicious URLs used to build hacker basic settings, and malicious scripts that Keeper inserts into online stores.
> Gemini said that many of the 570 e-commerce platforms attacked by hackers are small and medium-sized. According to Amazon's Alexa traffic ranking, Gemini said that the vast majority of stores operate on a small scale. However, Keeper will also launch attacks on some large e-commerce platforms. The following is a list of the top e-commerce platforms that have been attacked.
π¦Hacker organization Keeper tracking: invaded 570 home appliance business websites for more than 7 million yuan in three years
#News
> The hacker group "Keeper" stated that it was responsible for the data breaches of more than 570 online e-commerce websites in the past three years. The hacker's trick to prevent it is to invade the background of the mall, modify the source code, embed malicious scripts, record the details of the payment card of the shopper when paying, and so on.
>This type of cyber attack is also called "web skimming/e-skimming" (web looting). In a report released today by threat intelligence company Gemini Advisory, the Keeper organization has already committed these cybercrimes at least in April 2017, and is still at large.
> Gemini said the company tracked the hacker's activities. This is mainly because the organization's back-end server uses the same control panel to facilitate the management of payment card details collected from the e-commerce platform.
> Through the identification of the background panel, Gemini tracked all historical activities of Keeper. These include the location of the back-end panel in the past, malicious URLs used to build hacker basic settings, and malicious scripts that Keeper inserts into online stores.
> Gemini said that many of the 570 e-commerce platforms attacked by hackers are small and medium-sized. According to Amazon's Alexa traffic ranking, Gemini said that the vast majority of stores operate on a small scale. However, Keeper will also launch attacks on some large e-commerce platforms. The following is a list of the top e-commerce platforms that have been attacked.
>According to background data retrieval, Keeper collected details of approximately 184,000 payment cards from July 2018 to April 2019. In the report shared today, Gemini estimates that the organization has collected information on nearly 700,000 payment cards.
>The report states: "Given the current dark web median price of each damaged Card Not Present (CNP) card is $10, the group may have obtained up to 700 by stealing and selling damaged payment cards throughout its life cycle. More than ten thousand dollars in income."
#news
β β β Uππ»βΊπ«6π¬πβ β β β
>The report states: "Given the current dark web median price of each damaged Card Not Present (CNP) card is $10, the group may have obtained up to 700 by stealing and selling damaged payment cards throughout its life cycle. More than ten thousand dollars in income."
#news
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦crackle cracks BLE Encryption (AKA Bluetooth Smart).
crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.
With the STK and LTK, all communications between the master and the slave can be decrypted.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£download or clone https://github.com/mikeryan/crackle
2οΈβ£In Crack TK mode, crackle requires a PCAP file that contains a BLE pairing event. The best way to generate such a file is to use an Ubertooth to capture a pairing event between a master and a slave.
3οΈβ£To check if your PCAP file contains all the necessary packets, run crackle with the -i option:
> crackle -i <file.pcap>
4οΈβ£crackle will analyze each connection in the input file and output the results of its analysis to stdout. If you have all the components of a pairing conversation, the output will look like this:
> Analyzing connection 0:
xx:xx:xx:xx:xx:xx (public) -> yy:yy:yy:yy:yy:yy (p
.........
5οΈβ£To decrypt all packets, add the -o option:
> crackle -i <file.pcap> -o <output.pcap>
π¦FOR MORE INFO https://github.com/mikeryan/crackle/blob/master/FAQ.md
> https://lacklustre.net/bluetooth/crackle-sample.tgz
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦crackle cracks BLE Encryption (AKA Bluetooth Smart).
crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.
With the STK and LTK, all communications between the master and the slave can be decrypted.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£download or clone https://github.com/mikeryan/crackle
2οΈβ£In Crack TK mode, crackle requires a PCAP file that contains a BLE pairing event. The best way to generate such a file is to use an Ubertooth to capture a pairing event between a master and a slave.
3οΈβ£To check if your PCAP file contains all the necessary packets, run crackle with the -i option:
> crackle -i <file.pcap>
4οΈβ£crackle will analyze each connection in the input file and output the results of its analysis to stdout. If you have all the components of a pairing conversation, the output will look like this:
> Analyzing connection 0:
xx:xx:xx:xx:xx:xx (public) -> yy:yy:yy:yy:yy:yy (p
.........
5οΈβ£To decrypt all packets, add the -o option:
> crackle -i <file.pcap> -o <output.pcap>
π¦FOR MORE INFO https://github.com/mikeryan/crackle/blob/master/FAQ.md
> https://lacklustre.net/bluetooth/crackle-sample.tgz
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - mikeryan/crackle: Crack and decrypt BLE encryption
Crack and decrypt BLE encryption. Contribute to mikeryan/crackle development by creating an account on GitHub.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦TOR SERVER MANUA INSTALL :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install torctl on Kali Linux
1) sudo apt install tor macchanger secure-delete
2) git clone https://github.com/BlackArch/torctl
3) cd torctl
4) sudo mv service/* /etc/systemd/system/
5) Sudo mv bash-completion/torctl /usr/share/bash-completion/completions/torctl
6) sed -i 's/start_service iptables//' torctl
7) sed -i 's/TOR_UID="tor"/TOR_UID="debian-tor"/' torctl
8) sudo mv torctl /usr/bin/torctl
9) cd .. && rm -rf torctl/
10) torctl --help
11) Install torctl in BlackArch
12) sudo pacman -S torctl
13) To find out your current IP, do:
> torctl ip
14) To start Tor as a transparent proxy:
15) sudo torctl start
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦TOR SERVER MANUA INSTALL :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install torctl on Kali Linux
1) sudo apt install tor macchanger secure-delete
2) git clone https://github.com/BlackArch/torctl
3) cd torctl
4) sudo mv service/* /etc/systemd/system/
5) Sudo mv bash-completion/torctl /usr/share/bash-completion/completions/torctl
6) sed -i 's/start_service iptables//' torctl
7) sed -i 's/TOR_UID="tor"/TOR_UID="debian-tor"/' torctl
8) sudo mv torctl /usr/bin/torctl
9) cd .. && rm -rf torctl/
10) torctl --help
11) Install torctl in BlackArch
12) sudo pacman -S torctl
13) To find out your current IP, do:
> torctl ip
14) To start Tor as a transparent proxy:
15) sudo torctl start
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - BlackArch/torctl: Script to redirect all traffic through tor network including dns queries for anonymizing entire system
Script to redirect all traffic through tor network including dns queries for anonymizing entire system - BlackArch/torctl