tutorial

2024-05-27

Ip Info Collect

Tutorial:

https://stackoverflow.com/questions/24678308/how-to-find-location-with-ip-address-in-python

To obtain IP of ourselves, we can visit:

1 2	curl https://api.ipify.org

To get geo info of our IP, visit:

1 2	curl https://ipinfo.io \| jq .country

TO get geo info of any IP, use:

https://pypi.org/project/IP2Location/

https://ip2location-python.readthedocs.io/en/latest/quickstart.html

2023-02-15

Setup Ssh Server On Windows, Enable Key Based Authentication To Windows Ssh Server

tutorial

change the sshd config

append the client’s public key to “authorized_keys” and “administrators_authorized_keys”

restart the service

2023-01-05

Install Neo4J As Systemd Service

save this under /lib/systemd/system/neo4j.service

[Unit]
Description=Neo4j Graph Database
Documentation=http://docs.neo4j.org
[Service]
Type=simple
ExecStart=/usr/bin/neo4j console
ExecStop=/usr/bin/neo4j stop
Restart=on-failure
[Install]
WantedBy=multi-user.target

2022-07-11

Zeroday Ai, Hacking Assistant: 0Dai

zeroday ai, hacking assistant: 0dai

免杀 av evasion

https://github.com/fdx-xdf/darkPulse

https://www.shellterproject.com/

别动不动就想日站收集信息熟悉工具做好能做到的把一路学到的经验总结下来

trufflehug find credentials from open sources

stryker: wifi hacking tool includes dust attack, pin attack

found multiple websites on lonely planet tourist guide of america (all over the place!)

oneforall subdomain finder

hack in one including:

Anonymously Hiding Tools
Information gathering tools
Wordlist Generator
Wireless attack tools
SQL Injection Tools
Phishing attack tools
Web Attack tools
Post exploitation tools
Forensic tools
Payload creation tools
Exploit framework
Reverse engineering tools
DDOS Attack Tools
Remote Administrator Tools (RAT)
XSS Attack Tools
Steganograhy tools
Vulnerablities Scanner
IOT Tools
Other tools

all defense tool: 半/全自动化利用工具, 信息收集工具, 漏洞利用工具, 内网渗透工具, 运维&甲方&防守方工具, 安全资料整理

botnet ips are detected by some websites like URLHaus. there’s a tendency to use common passwords to bruteforce the credential for such botnets, such as inori miral cnc scraper, l4tt/Botnet-Reaper. setting botnets by yourself has advantage of connecting to machines without public ip.

MHDDoS best ddos tool (someone may make living on that), providing multiple WAF bypass techniques (what about Akamai?)

although sqlmap is somehow out-of-date (wracked by WAF, unable to exploit latest nodedb library), there is a tendency to combine subdirectory/url collector like subfinder with it like codewatchorg/sqlipy and zt2/sqli-hunter, automate the exploitation. search for sql injection (deep/machine learning) in github for latest tools and wiki.

undetectable credential stealer created by psauxxx. is it coincidence?

psauxx (twitter) created multiple accounts on github. the original one （in archive) is deactivated, now named as l4tt. vulnnr (auto exploiter) has some tutorials from geekforgeeks and xploitlab (linked to other interesting tools), and is renamed as uscan. search for vulnnr in github and there is a favourite hack tool collection

socialfish clone website and collect credentials (phishing) with web controller interfaces

sploitus search for latest sploits and POC-code (usually after patching is done)

bearSG 符合国人习惯的社工密码生成器 java开发自带GUI

cupper 社工密码生成器

社会工程工具列表是security list的一部分其中推荐独立开发者怎么赚钱 (有免费API接口介绍但是有的站已经没了) -> 国内独立开发者项目列表 -> bufpay 免签支付 (需要按月交费)

内容包括：

虚拟身份
钓鱼框架
网站克隆
邮件伪造
服务密码爆破
测试字典集
密码破解还原
在线密码破解

mosint email osint

payloadallthethings (40k stars!) by swisskyrepo

openai written phishing and directory bruteforcing

ghunt google osint

scarecrow payload generator targeting win 10-11

scarecrow cobalt strike plugin

cryptographic related python libraries gmpy2 pycryptodome libnum yafu rsa-wiener-attack RsaCtfTool

ciphery auto decryption

pwntools used by fmyy and more doc

angr to reverse engineer binaries, mostly in ctf? docs

angr ctf use cases: case 1 case 2

angr ctf reverse binaries and print “good job”

angr ctf build binaries from source

defcon ctf quals 2021 ooo

factordb.com find prime numbers, decomposition for rsa

reverse shell generator while shellcode cannot have null bytes, you need to xor your things with tool or assembly.

挖0day 或者利用现成漏洞 fuzzers for kali

kali tools

blackarch tools

all in one hacking tool

villainbackdoorgenerator

don’t aim big, aim small. things like bilibili password database dump, or some Intel internal data leak, are done by professional hackers on professional hardware. some corp will even attempt to retaliate like nvidia. you have been warned.

To exploit zerodays, you need rasp, aka ‘is my application doing something undefined/unexpected?’

利用公共WiFi 比如用WiFi炮连接远处的WiFi 控制云端的攻击服务器

黑客第一步是找目标（CTF可能不会教你怎么找目标白帽也不会因为目标很单一）不管漏洞存不存在目标究竟是个啥目标是人（联系方式？）还是机器（URL？）还是AI （验证码？）怎么交互（可能）是什么漏洞以及采取什么攻击措施都得先把目标罗列清楚可以借助搜索引擎 fofa漏洞搜索邮箱信息社交软件的信息木马跟踪他人的信息大多数人访问的信息爬虫信息监控本地软件访问网络的记录或者直接随便扫描存到数据库里面

第二步就是交互利用漏洞装后门控制目标比如挖矿继续收集网站信息密码信息 cookies 继续散播病毒拓展攻击面

第三步持久作战持续提高反侦查意识学习收集信息工具提高黑客能力利用各种方法比如社会工程学利用匿名账号或者免费邮箱账号传播带木马的免费应用程序病毒邮件坚持就是胜利

https://github.com/mikaelkall/HackingAllTheThings

https://github.com/akenofu/HackAllTheThings

memory editing, game hacking:

https://github.com/qb-0/pyMeow

https://github.com/srounet/Pymem

mirai botnet

defcon for news, intro, wiki

infocon for software, code, wordlists

mec mass exploiting