β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to quickly remove the Trojan horse virus in the system ?
relatively file-bundled. The DLL insertion Trojan is more advanced, with no process, no ports, etc. It is difficult for ordinary people to notice. Therefore, the removal steps are relatively complicated.
1) End the Trojan horse process.
Since this type of Trojan horse is embedded in other processes, it does not generate specific items in the process viewer. If we find that our system is abnormal, we need to judge whether it has been hit DLL Trojan.
Here we use the IceSword tool. After running the program, it will automatically detect the running process of the system. Right-click on the suspicious process and select "Module Information" in the pop-up menu. You can view all DLL modules in the pop-up window. At this time, if you find an item of unknown origin, you can select it, and then click the "Uninstall" button to delete it from the process. For some stubborn processes, we will also click the "Forced Release" button, and then use the address in the "Module File Name" column to delete them directly in the folder.
2) Finding suspicious DLL modules
As general users are not familiar with the calling of DLL files, it is difficult to determine which DLL module is suspicious. In this way, ECQ-PS (Super Process King) can come in handy.
3) After running the software, you can see all the processes in the current system in the middle list. After double-clicking one of the processes, you can display detailed information in the "All Modules" tab of the window including the module name , Version and manufacturer, and time of creation, etc. The manufacturer and creation time information is more important. If it is a critical system process such as "svchost.exe", but the result is a module from an unknown manufacturer, the module must be faulty. In addition, if the manufacturer is Microsoft, but the creation time is different from that of other DLL modules, it may also be a DLL Trojan.
4) In addition, we can also directly switch to the "Suspicious Module" option, the software will automatically scan the suspicious files in the module and display them in the list. Double-click the suspicious DLL module in the scan result list to see the process of calling this module. Generally, each DLL file is called by multiple processes. If this DLL file is only called by this process, it may also be a DLL Trojan. Click the "Forced Delete" button to delete the DLL Trojan from the process.
5) Thorough Rootkit detection It is
impossible for anyone to check the ports, registry, files, and services in the system all the time to see if the Trojan is hidden. At this time I can use some special tools for detection.
π¦1.Rootkit Detector clears Rootkit
Rootkit Detector is a rootkit detection and removal tool that can detect multiple rootkits under Windows, including the famous hxdef.100.
The method is very simple, run the program name "rkdetector.exe" directly under the command line. After the program runs, it will automatically complete a list of hidden items detection in the system, find out the Rootkit programs and services that are running in the system, mark them in red to remind them, and try to clear them.
2. Powerful Knlps
In contrast, Knlps is more powerful, it can specify the end of the running Rootkit program. When in use, enter the "knlps.exe-l" command under the command line, and all the hidden rootkit processes in the system and the corresponding process PID numbers will be displayed. After finding the rootkit process, you can use the "-k" parameter to delete it. For example, the process of "svch0st.exe" has been found, and the PID number is "3908", you can enter the command "knlps.exe -k 3908" to terminate the process.
3. Fourth, the detection of cloned accounts
strictly speaking, it is no longer a backdoor Trojan. But he also created an account with administrator rights in the system, but what we are viewing is a member of the Guest group, which is very easy to paralyze the administrator.
π¦How to quickly remove the Trojan horse virus in the system ?
relatively file-bundled. The DLL insertion Trojan is more advanced, with no process, no ports, etc. It is difficult for ordinary people to notice. Therefore, the removal steps are relatively complicated.
1) End the Trojan horse process.
Since this type of Trojan horse is embedded in other processes, it does not generate specific items in the process viewer. If we find that our system is abnormal, we need to judge whether it has been hit DLL Trojan.
Here we use the IceSword tool. After running the program, it will automatically detect the running process of the system. Right-click on the suspicious process and select "Module Information" in the pop-up menu. You can view all DLL modules in the pop-up window. At this time, if you find an item of unknown origin, you can select it, and then click the "Uninstall" button to delete it from the process. For some stubborn processes, we will also click the "Forced Release" button, and then use the address in the "Module File Name" column to delete them directly in the folder.
2) Finding suspicious DLL modules
As general users are not familiar with the calling of DLL files, it is difficult to determine which DLL module is suspicious. In this way, ECQ-PS (Super Process King) can come in handy.
3) After running the software, you can see all the processes in the current system in the middle list. After double-clicking one of the processes, you can display detailed information in the "All Modules" tab of the window including the module name , Version and manufacturer, and time of creation, etc. The manufacturer and creation time information is more important. If it is a critical system process such as "svchost.exe", but the result is a module from an unknown manufacturer, the module must be faulty. In addition, if the manufacturer is Microsoft, but the creation time is different from that of other DLL modules, it may also be a DLL Trojan.
4) In addition, we can also directly switch to the "Suspicious Module" option, the software will automatically scan the suspicious files in the module and display them in the list. Double-click the suspicious DLL module in the scan result list to see the process of calling this module. Generally, each DLL file is called by multiple processes. If this DLL file is only called by this process, it may also be a DLL Trojan. Click the "Forced Delete" button to delete the DLL Trojan from the process.
5) Thorough Rootkit detection It is
impossible for anyone to check the ports, registry, files, and services in the system all the time to see if the Trojan is hidden. At this time I can use some special tools for detection.
π¦1.Rootkit Detector clears Rootkit
Rootkit Detector is a rootkit detection and removal tool that can detect multiple rootkits under Windows, including the famous hxdef.100.
The method is very simple, run the program name "rkdetector.exe" directly under the command line. After the program runs, it will automatically complete a list of hidden items detection in the system, find out the Rootkit programs and services that are running in the system, mark them in red to remind them, and try to clear them.
2. Powerful Knlps
In contrast, Knlps is more powerful, it can specify the end of the running Rootkit program. When in use, enter the "knlps.exe-l" command under the command line, and all the hidden rootkit processes in the system and the corresponding process PID numbers will be displayed. After finding the rootkit process, you can use the "-k" parameter to delete it. For example, the process of "svch0st.exe" has been found, and the PID number is "3908", you can enter the command "knlps.exe -k 3908" to terminate the process.
3. Fourth, the detection of cloned accounts
strictly speaking, it is no longer a backdoor Trojan. But he also created an account with administrator rights in the system, but what we are viewing is a member of the Guest group, which is very easy to paralyze the administrator.
Here is a new account clone detection tool LP_Check, which can check out the cloned users in the system clearly!
The use of LP_Check is extremely simple. After the program runs, it will compare and check the user accounts and permissions in the registry and "Account Manager". You can see that the program has detected a problem with the Guest account just now, and a red triangle is displayed in the list. Highlight it, then we can open the user management window to delete it.
> Through the introduction, I believe that the system can be restored more safely, but if you want to completely avoid Trojan horses, you still need to understand its basic knowledge.
ENJOYβ€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
The use of LP_Check is extremely simple. After the program runs, it will compare and check the user accounts and permissions in the registry and "Account Manager". You can see that the program has detected a problem with the Guest account just now, and a red triangle is displayed in the list. Highlight it, then we can open the user management window to delete it.
> Through the introduction, I believe that the system can be restored more safely, but if you want to completely avoid Trojan horses, you still need to understand its basic knowledge.
ENJOYβ€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Analysis of attacks against well-known aerospace and military companies:
> Vulnerability-r3d3-1024x512
At the end of last year, we discovered attacks against aerospace and military companies in Europe and the Middle East. The attacks were very active from September 2019 to December 2019. Through in-depth investigations of the two affected European companies, we have conducted in-depth understanding of their attack activities and discovered malicious software that has never been recorded before.
> analyze the specific circumstances of the attack. The complete analysis report can be viewed in the white paper "Operational Perception: Targeted Attacks against European Aerospace and Military Companies . "
> Based on a related malware sample named Inception.dll, we call these attacks "operational awareness" and found that these attacks are highly targeted.
> In order to endanger the target, the attackers use attractive fake job opportunities as a guise. After gaining trust, customized multi-level malware and modified open source tools were deployed. In addition, it also adopts a "survival on land" strategy, abuses legitimate tools and operating system functions, and uses a variety of techniques to avoid detection (including code signing, regular recompilation of malware, and fraud by pretending to be a legitimate company).
> Our investigation revealed that the main target of the operation was espionage. However, in a case investigated, it was found that the attacker tried to monetize access to the victim's email account through a commercial email compromise attack (BEC). Although we did not find strong evidence linking the attack with known threat actors, we found some clues that may be connected to the Lazarus Group (including targeting, development environment, and technical analysis used).
written by Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Analysis of attacks against well-known aerospace and military companies:
> Vulnerability-r3d3-1024x512
At the end of last year, we discovered attacks against aerospace and military companies in Europe and the Middle East. The attacks were very active from September 2019 to December 2019. Through in-depth investigations of the two affected European companies, we have conducted in-depth understanding of their attack activities and discovered malicious software that has never been recorded before.
> analyze the specific circumstances of the attack. The complete analysis report can be viewed in the white paper "Operational Perception: Targeted Attacks against European Aerospace and Military Companies . "
> Based on a related malware sample named Inception.dll, we call these attacks "operational awareness" and found that these attacks are highly targeted.
> In order to endanger the target, the attackers use attractive fake job opportunities as a guise. After gaining trust, customized multi-level malware and modified open source tools were deployed. In addition, it also adopts a "survival on land" strategy, abuses legitimate tools and operating system functions, and uses a variety of techniques to avoid detection (including code signing, regular recompilation of malware, and fraud by pretending to be a legitimate company).
> Our investigation revealed that the main target of the operation was espionage. However, in a case investigated, it was found that the attacker tried to monetize access to the victim's email account through a commercial email compromise attack (BEC). Although we did not find strong evidence linking the attack with known threat actors, we found some clues that may be connected to the Lazarus Group (including targeting, development environment, and technical analysis used).
written by Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Solution to the U Disk Ripper Virus Unable to Delete:
#FastTips
At the moment of a mouse click, traffic flows through layers of nodes in the user system, and rushes to the remote server under the guidance of the route. The short-to-hand combat during this journey is often the most intense. Hijackers are often ambushing at all nodes where traffic may pass through, and the means of traffic hijacking
> are also endless, from homepage configuration tampering, hosts hijacking, process hook, startup hijacking, LSP injection , Browser plug-in hijacking, http proxy filtering, kernel data packet hijacking, bootkit, etc. are constantly being updated. Perhaps the story of traffic hijacking has already begun from the moment it is turned on
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Solution to the U Disk Ripper Virus Unable to Delete:
#FastTips
At the moment of a mouse click, traffic flows through layers of nodes in the user system, and rushes to the remote server under the guidance of the route. The short-to-hand combat during this journey is often the most intense. Hijackers are often ambushing at all nodes where traffic may pass through, and the means of traffic hijacking
> are also endless, from homepage configuration tampering, hosts hijacking, process hook, startup hijacking, LSP injection , Browser plug-in hijacking, http proxy filtering, kernel data packet hijacking, bootkit, etc. are constantly being updated. Perhaps the story of traffic hijacking has already begun from the moment it is turned on
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦There are 8 main ways to stay away from spam easily:
1. Use a mail filtering system
This should be a common method for many people, and large mail service providers will also provide such services, but it is still not precise enough.
2. Use a virus filtering system
A lot of spam emails use Trojan horse viruses. If you keep the virus out, the related spam emails will not be able to take advantage.
3. Protect your email address
Itβs best to separate mailboxes for different purposes. Register for unimportant website forums and the like. You can apply for a "Got Box". You donβt expose your email address everywhere. There is still little chance for spam to find you through guessing. of.
4. Test who is "throwing garbage" to you
If you suspect that some sites are sending you spam, you can use a different mailbox to register and try it, and block it after finding the source.
5. What to do after receiving spam
Do not open it first, because it may contain a virus, and then return the letter, which may make some spam servers think that your mailbox is no longer available.
6. Unsubscribe (Opt-out) letters
A bill in the United States is that users can opt-out for any commercial mail, and the company sending the commercial mail must clearly indicate that the mail is commercial or advertising in nature, and provide the recipient to opt-out Ways, including replyable addresses or accessible websites. Once the email sender receives the user's opt-out request, he must respond within 10 days and stop sending emails to the user. It may not work in China...
7. Pay attention to the registered name of the mail
One way to stay away from spam is to choose a suitable username. Many people like to use their own names or addresses like aaa123, which can be easily deciphered by the dictionary.
8. Keep away from dangerous areas
According to statistics, the three types of sites with the most mail viruses are gambling, gaming, and adult sites. Pay special attention to these sites.
The above 8 methods teach you the principles of spam easily. I hope everyone can refer to and learn together.
enjoyβ€οΈππ»
written by Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦There are 8 main ways to stay away from spam easily:
1. Use a mail filtering system
This should be a common method for many people, and large mail service providers will also provide such services, but it is still not precise enough.
2. Use a virus filtering system
A lot of spam emails use Trojan horse viruses. If you keep the virus out, the related spam emails will not be able to take advantage.
3. Protect your email address
Itβs best to separate mailboxes for different purposes. Register for unimportant website forums and the like. You can apply for a "Got Box". You donβt expose your email address everywhere. There is still little chance for spam to find you through guessing. of.
4. Test who is "throwing garbage" to you
If you suspect that some sites are sending you spam, you can use a different mailbox to register and try it, and block it after finding the source.
5. What to do after receiving spam
Do not open it first, because it may contain a virus, and then return the letter, which may make some spam servers think that your mailbox is no longer available.
6. Unsubscribe (Opt-out) letters
A bill in the United States is that users can opt-out for any commercial mail, and the company sending the commercial mail must clearly indicate that the mail is commercial or advertising in nature, and provide the recipient to opt-out Ways, including replyable addresses or accessible websites. Once the email sender receives the user's opt-out request, he must respond within 10 days and stop sending emails to the user. It may not work in China...
7. Pay attention to the registered name of the mail
One way to stay away from spam is to choose a suitable username. Many people like to use their own names or addresses like aaa123, which can be easily deciphered by the dictionary.
8. Keep away from dangerous areas
According to statistics, the three types of sites with the most mail viruses are gambling, gaming, and adult sites. Pay special attention to these sites.
The above 8 methods teach you the principles of spam easily. I hope everyone can refer to and learn together.
enjoyβ€οΈππ»
written by Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PREMIUM PROXIES SUPER FRESH 1 MINUTES :
96.9.77.71 8080 1 min ago
4208 ms 12% (96) kh Cambodia - Phnom Penh Elite
81.201.60.130 80 11 min ago
1351 ms 98% (110) cz Czech Republic - Pilsen Elite
89.212.164.206 80 11 min ago
738 ms 54% (44) si Slovenia - Koper Elite
52.179.231.206 80 12 min ago
679 ms 98% (295) us United States - Boydton Elite
51.254.237.77 3129 12 min ago
2327 ms 60% (102) nl Netherlands Elite
46.250.171.31 8080 12 min ago
668 ms 36% (123) pl Poland - Poznan Elite
23.101.2.247 81 13 min ago
636 ms 28% (192) hk Hong Kong - Central Elite
194.88.104.136 8888 13 min ago
605 ms 90% (52) nl Netherlands Elite
194.88.104.164 8888 13 min ago
599 ms 90% (52) nl Netherlands Elite
194.88.104.64 8888 13 min ago
587 ms 90% (52) nl Netherlands Elite
20.43.156.109 80 13 min ago
1120 ms 85% (123) sg Singapore - Singapore Elite
20.44.193.208 80 13 min ago
1178 ms 85% (105) sg Singapore - Singapore Elite
20.43.156.27 80 13 min ago
1112 ms 83% (128) sg Singapore - Singapore Elite
194.88.104.62 8888 13 min ago
607 ms 91% (57) nl Netherlands Elite
178.33.251.230 3129 13 min ago
1957 ms 63% (82) fr France Elite
181.118.167.104 80 13 min ago
1198 ms 98% (267) cl Chile - Santiago Elite
188.165.141.114 3129 13 min ago
2051 ms 63% (146) fi Finland Elite
178.128.211.134 6868 13 min ago
740 ms 7% (65) sg Singapore Elite
144.217.101.245 3129 13 min ago
706 ms 65% (70) ca Canada - Beauharnois Elite
18.132.3.81 80 13 min ago
565 ms 34% (32) us United States Elite
171.244.19.212 8080 13 min ago
1110 ms 100% (40) vn Vietnam - Hanoi Elite
103.216.51.210 8191 14 min ago
2086 ms 85% (103) kh Cambodia - Phnom Penh Elite
52.149.152.236 80 14 min ago
278 ms 33% (53) us United States - Washington Elite
102.67.19.132 8080 14 min ago
4053 ms 7% (56) ng Nigeria - Lagos Elite
118.126.105.133 83 16 min ago
1357 ms 100% (1) cn China - Beijing Elite
159.8.114.37 8123 17 min ago
1821 ms 63% (218) fr France - Clichy Elite
120.79.186.104 8118 20 min ago
1950 ms 16% (183) cn China - Hangzhou Elite
95.38.14.3 8080 43 min ago
4009 ms 21% (102) ir Iran Elite
88.99.10.254 1080 43 min ago
3523 ms 62% (113) de Germany Elite
88.99.10.252 1080 43 min ago
3571 ms 64% (93) de Germany Elite
88.99.10.255 1080 43 min ago
3364 ms 71% (119) de Germany Elite
88.99.10.253 1080 43 min ago
3425 ms 67% (109) de Germany Elite
82.200.233.4 3128 1 hour ago
4388 ms 50% (231) kz Kazakhstan Elite
85.10.219.102 1080 1 hour ago
3363 ms 50% (144) de Germany Elite
85.10.219.103 1080 1 hour ago
3426 ms 46% (136) de Germany Elite
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PREMIUM PROXIES SUPER FRESH 1 MINUTES :
96.9.77.71 8080 1 min ago
4208 ms 12% (96) kh Cambodia - Phnom Penh Elite
81.201.60.130 80 11 min ago
1351 ms 98% (110) cz Czech Republic - Pilsen Elite
89.212.164.206 80 11 min ago
738 ms 54% (44) si Slovenia - Koper Elite
52.179.231.206 80 12 min ago
679 ms 98% (295) us United States - Boydton Elite
51.254.237.77 3129 12 min ago
2327 ms 60% (102) nl Netherlands Elite
46.250.171.31 8080 12 min ago
668 ms 36% (123) pl Poland - Poznan Elite
23.101.2.247 81 13 min ago
636 ms 28% (192) hk Hong Kong - Central Elite
194.88.104.136 8888 13 min ago
605 ms 90% (52) nl Netherlands Elite
194.88.104.164 8888 13 min ago
599 ms 90% (52) nl Netherlands Elite
194.88.104.64 8888 13 min ago
587 ms 90% (52) nl Netherlands Elite
20.43.156.109 80 13 min ago
1120 ms 85% (123) sg Singapore - Singapore Elite
20.44.193.208 80 13 min ago
1178 ms 85% (105) sg Singapore - Singapore Elite
20.43.156.27 80 13 min ago
1112 ms 83% (128) sg Singapore - Singapore Elite
194.88.104.62 8888 13 min ago
607 ms 91% (57) nl Netherlands Elite
178.33.251.230 3129 13 min ago
1957 ms 63% (82) fr France Elite
181.118.167.104 80 13 min ago
1198 ms 98% (267) cl Chile - Santiago Elite
188.165.141.114 3129 13 min ago
2051 ms 63% (146) fi Finland Elite
178.128.211.134 6868 13 min ago
740 ms 7% (65) sg Singapore Elite
144.217.101.245 3129 13 min ago
706 ms 65% (70) ca Canada - Beauharnois Elite
18.132.3.81 80 13 min ago
565 ms 34% (32) us United States Elite
171.244.19.212 8080 13 min ago
1110 ms 100% (40) vn Vietnam - Hanoi Elite
103.216.51.210 8191 14 min ago
2086 ms 85% (103) kh Cambodia - Phnom Penh Elite
52.149.152.236 80 14 min ago
278 ms 33% (53) us United States - Washington Elite
102.67.19.132 8080 14 min ago
4053 ms 7% (56) ng Nigeria - Lagos Elite
118.126.105.133 83 16 min ago
1357 ms 100% (1) cn China - Beijing Elite
159.8.114.37 8123 17 min ago
1821 ms 63% (218) fr France - Clichy Elite
120.79.186.104 8118 20 min ago
1950 ms 16% (183) cn China - Hangzhou Elite
95.38.14.3 8080 43 min ago
4009 ms 21% (102) ir Iran Elite
88.99.10.254 1080 43 min ago
3523 ms 62% (113) de Germany Elite
88.99.10.252 1080 43 min ago
3571 ms 64% (93) de Germany Elite
88.99.10.255 1080 43 min ago
3364 ms 71% (119) de Germany Elite
88.99.10.253 1080 43 min ago
3425 ms 67% (109) de Germany Elite
82.200.233.4 3128 1 hour ago
4388 ms 50% (231) kz Kazakhstan Elite
85.10.219.102 1080 1 hour ago
3363 ms 50% (144) de Germany Elite
85.10.219.103 1080 1 hour ago
3426 ms 46% (136) de Germany Elite
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NMAP TIPS :
#FastTips
> The NMAP script engine is the most powerful and flexible feature of NMAP. It allows users to write simple scripts to automate various network tasks, basically these scripts are written in lua language. Usually NMAP script engine can do many things, such as:
1) Network discovery
This is the basic function of NMAP. Examples include finding the whois information of the target domain name, querying the ownership of the target ip on ARIN, RIPE, or APNIC, finding open ports, SNMP query and listing available NFS/SMB/RPC shares and services .
2) Vulnerability detection
When a new vulnerability is discovered, you want to quickly scan the network to identify vulnerable systems before intruders. Although NMAP is not a comprehensive vulnerability scanner, NSE is powerful enough to handle demanding vulnerability checks. Many vulnerable scripts are already available, and more scripts are planned.
3) Backdoor detection
Many attackers and some automated worms will leave back doors so that they can be re-entered later. Some of them can be detected by NMAP based on regular expressions.
4) Exploit
As a scripting language, NSE can even exploit vulnerabilities, not just find them. The ability to add custom attack scripts may be valuable to some people (especially penetration testers), but it is not intended to develop NMAP into something like the metasploit framework.
5) Do not Ping
The -PN option instructs NMAP to skip the default discovery check and perform a full port scan of the target. This is very useful when scanning hosts protected by firewalls that prevent ping probes.
Syntax: NMAP -PN target
6) Ping scan only
The option -sP tells NMAP to ping only the host. It is very useful when you want to detect which of a batch of IP addresses are reachable. By specifying a specific target, you can get more information, such as the MAC address.
Command: NMAP -sP target
7) TCP SYN scan
Before we start, we must know what a SYN packet is.
Basically a syn package is used to initiate a connection between two hosts.
Send a SYN packet to the target system in TCP SYN ping and listen for the response. This alternative discovery method is useful for hosts that are configured to block standard ICMP ping messages.
8) TCP Ack Ping scan
This type of scan will only scan acknowledgement (ACK) packets.
Option -PA performs TCP Ack Ping scan on the specified host.
Command: NAMP -PA target
9) UDP Ping scan
Option -P performs UDP Ack Ping scan on the specified host
10) ICMP Echo ping
Option -PE will perform ICMP (Internet Control Message Protocol) echo Ping to the specified host.
Command: NMAP -PE target
11) ICMP address mask ping
Option -PM performs ICMP address mask ping.
Command: nmap --PM target
12) List scan
The option -sL will display a list and perform a reverse DNS lookup for the specified IP address.
Syntax: NMAP -sL target
#FastTips
ENJOYβ€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
The -PS option performs TCP SYN Ping.
Command: NMAP -PS host
π¦NMAP TIPS :
#FastTips
> The NMAP script engine is the most powerful and flexible feature of NMAP. It allows users to write simple scripts to automate various network tasks, basically these scripts are written in lua language. Usually NMAP script engine can do many things, such as:
1) Network discovery
This is the basic function of NMAP. Examples include finding the whois information of the target domain name, querying the ownership of the target ip on ARIN, RIPE, or APNIC, finding open ports, SNMP query and listing available NFS/SMB/RPC shares and services .
2) Vulnerability detection
When a new vulnerability is discovered, you want to quickly scan the network to identify vulnerable systems before intruders. Although NMAP is not a comprehensive vulnerability scanner, NSE is powerful enough to handle demanding vulnerability checks. Many vulnerable scripts are already available, and more scripts are planned.
3) Backdoor detection
Many attackers and some automated worms will leave back doors so that they can be re-entered later. Some of them can be detected by NMAP based on regular expressions.
4) Exploit
As a scripting language, NSE can even exploit vulnerabilities, not just find them. The ability to add custom attack scripts may be valuable to some people (especially penetration testers), but it is not intended to develop NMAP into something like the metasploit framework.
5) Do not Ping
The -PN option instructs NMAP to skip the default discovery check and perform a full port scan of the target. This is very useful when scanning hosts protected by firewalls that prevent ping probes.
Syntax: NMAP -PN target
6) Ping scan only
The option -sP tells NMAP to ping only the host. It is very useful when you want to detect which of a batch of IP addresses are reachable. By specifying a specific target, you can get more information, such as the MAC address.
Command: NMAP -sP target
7) TCP SYN scan
Before we start, we must know what a SYN packet is.
Basically a syn package is used to initiate a connection between two hosts.
Send a SYN packet to the target system in TCP SYN ping and listen for the response. This alternative discovery method is useful for hosts that are configured to block standard ICMP ping messages.
8) TCP Ack Ping scan
This type of scan will only scan acknowledgement (ACK) packets.
Option -PA performs TCP Ack Ping scan on the specified host.
Command: NAMP -PA target
9) UDP Ping scan
Option -P performs UDP Ack Ping scan on the specified host
10) ICMP Echo ping
Option -PE will perform ICMP (Internet Control Message Protocol) echo Ping to the specified host.
Command: NMAP -PE target
11) ICMP address mask ping
Option -PM performs ICMP address mask ping.
Command: nmap --PM target
12) List scan
The option -sL will display a list and perform a reverse DNS lookup for the specified IP address.
Syntax: NMAP -sL target
#FastTips
ENJOYβ€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
The -PS option performs TCP SYN Ping.
Command: NMAP -PS host
Forwarded from Backup Legal Mega
mega.nz
741.35 MB folder on MEGA
485 files and 29 subfolders
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Change PHP's default Fastcgi mode to ISAPI mode (only run in Windows environment)
#FastTips
1) Download the ZIP file package of PHP, the download address is http://www.php.net (note that the version must correspond)
2) Copy the php4isapi.dll in the sapi directory to the c:\php directory
3) Enter the virtual host "Website Management"-"Virtual Host" of the management platform--In the server settings, modify the PHP mapping to change the original:
.php,C:\PHP\php.exe,5,GET,HEAD,POST,TRACE|
Change Into:
.php,C:\PHP\php4isapi.dll,5,GET,HEAD,POST,TRACE|
4) (Required only for IIS 6) Open the IIS manager, click Web service extension, click the properties of php, "Required File"---Timing--Select "C:\PHP\php4isapi.dll", after confirming, PHP can call.
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Change PHP's default Fastcgi mode to ISAPI mode (only run in Windows environment)
#FastTips
1) Download the ZIP file package of PHP, the download address is http://www.php.net (note that the version must correspond)
2) Copy the php4isapi.dll in the sapi directory to the c:\php directory
3) Enter the virtual host "Website Management"-"Virtual Host" of the management platform--In the server settings, modify the PHP mapping to change the original:
.php,C:\PHP\php.exe,5,GET,HEAD,POST,TRACE|
Change Into:
.php,C:\PHP\php4isapi.dll,5,GET,HEAD,POST,TRACE|
4) (Required only for IIS 6) Open the IIS manager, click Web service extension, click the properties of php, "Required File"---Timing--Select "C:\PHP\php4isapi.dll", after confirming, PHP can call.
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
π¦Mega Hack Pack
Size: 10.41Gb
Covers all basics of Ethical Hacking .
And how to use all the tools used in Hacking.
https://mega.nz/folder/ZNRUmara#N9cVWXDMj37Tp3IXCyyfIQ
enjoy β€οΈππ»
Size: 10.41Gb
Covers all basics of Ethical Hacking .
And how to use all the tools used in Hacking.
https://mega.nz/folder/ZNRUmara#N9cVWXDMj37Tp3IXCyyfIQ
enjoy β€οΈππ»
mega.nz
File folder on MEGA
Forwarded from Backup Legal Mega
π¦2019-2020 new courses
> Digital Marketing Course
https://mega.nz/#F!WRF03CiQ!KbUdZ4-soCKnZuDZdSe6kA
Facebook Ads Mastery
https://mega.nz/#F!eBdmlI5B!aPhgq4AoczuSLTgaBEx5dQ
Google AdWords Mastery
https://mega.nz/#F!fcdwAKrJ!b1y5bqP-wHHN6VsEiIAFSw
Product Lunch Mastery Courses
https://mega.nz/#F!WBc0maaJ!nRh0aA2RSE6Gc4ZGEfDeig
SEO Mastery Course
https://mega.nz/#F!GIVwRQZI!uejDFuFM4h7nwO4_2S-Mgg
Social Media Mastery Course
https://mega.nz/#F!3VVkhQxY!g5igIfUSlgdtX_H3eRtZpw
Zaiper Mastery Course
https://mega.nz/#F!PEMEFSSC!c14Gmzw9qlnggDhCOnKzDA
NITESH AARYA SEO COURSE
https://drive.google.com/drive/folders/1Ya2deWGyUUSRqUJDmlDJuGX5DV0ZeBzj
SEO MAFIA 1.0
https://drive.google.com/file/d/1aBTr16zusISBgLd65_G6fU4--3bWA35x/view
SEO MAFIA 2.0(2020)
https://drive.google.com/drive/folders/1u4eEEziKpXw_dJm4FZrcOLIfKUuVE4wP
SEO King Courses
https://drive.google.com/drive/folders/1tDaUqSJttbbXtzJC96ls68hfDupRS0ai
> Digital Marketing Course
https://mega.nz/#F!WRF03CiQ!KbUdZ4-soCKnZuDZdSe6kA
Facebook Ads Mastery
https://mega.nz/#F!eBdmlI5B!aPhgq4AoczuSLTgaBEx5dQ
Google AdWords Mastery
https://mega.nz/#F!fcdwAKrJ!b1y5bqP-wHHN6VsEiIAFSw
Product Lunch Mastery Courses
https://mega.nz/#F!WBc0maaJ!nRh0aA2RSE6Gc4ZGEfDeig
SEO Mastery Course
https://mega.nz/#F!GIVwRQZI!uejDFuFM4h7nwO4_2S-Mgg
Social Media Mastery Course
https://mega.nz/#F!3VVkhQxY!g5igIfUSlgdtX_H3eRtZpw
Zaiper Mastery Course
https://mega.nz/#F!PEMEFSSC!c14Gmzw9qlnggDhCOnKzDA
NITESH AARYA SEO COURSE
https://drive.google.com/drive/folders/1Ya2deWGyUUSRqUJDmlDJuGX5DV0ZeBzj
SEO MAFIA 1.0
https://drive.google.com/file/d/1aBTr16zusISBgLd65_G6fU4--3bWA35x/view
SEO MAFIA 2.0(2020)
https://drive.google.com/drive/folders/1u4eEEziKpXw_dJm4FZrcOLIfKUuVE4wP
SEO King Courses
https://drive.google.com/drive/folders/1tDaUqSJttbbXtzJC96ls68hfDupRS0ai
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now