• DummiesHub believe in censorship free world
  • You will find here everything that can't find anywhere!
  • Sign Up Now!
Welcome, Guest
You have to register before you can post on our site.
Search Forums
Forum Statistics
 Members: 336
 Latest member: Speak With Style
 Forum threads: 90
 Forum posts: 126

Full Statistics
Online Users
There are currently 14 online users.
 0 Member(s) | 12 Guest(s)
Google, Yandex

Below are 5 skills which you have to improve before registering for OSCP
> Learn basic of Computer Network, Web application, and Linux
> Learn Bash and Python scripting
> Enumeration is key in OSCP lab, I repeat Enumeration is key in OSCP Lab and in real world too
> Download vulnerable VM machines from vulnhub
> Buffer Overflow (BOF) exploitation

Below are the free reference before registration of OSCP 
> https://www.cybrary.it/course/ethical-hacking/
> https://www.cybrary.it/course/web-applic...n-testing/
> https://www.cybrary.it/course/advanced-p...n-testing/
> https://www.offensive-security.com/metas...unleashed/
> https://www.cybrary.it/course/python/

Below are the reference for Buffer overflow and exploit developmet for OSCP
> http://www.fuzzysecurity.com/tutorials/expDev/1.html
> https://www.corelan.be/index.php/2009/07...overflows/

For Bash Scripting 
> http://www.tldp.org/LDP/Bash-Beginners-Guide/html/

Transferring Files from Linux to Windows & post-exploitation
> https://blog.ropnop.com/transferring-fil...o-windows/
> https://www.cybrary.it/course/post-explo...n-hacking/

Privilege Escalation:
> http://www.greyhathacker.net/?p=738
> http://www.fuzzysecurity.com/tutorials/16.html
> https://github.com/GDSSecurity/Windows-E...-Suggester
> http://pwnwiki.io/#!privesc/windows/index.md
> https://blog.g0tmi1k.com/2011/08/basic-l...scalation/
> https://github.com/rebootuser/LinEnum
> https://www.youtube.com/watch?v=PC_iMqiuIRQ
> https://www.adampalmer.me/iodigitalsec/2...and-linux/

Port redirection/tunneling
> https://chamibuddhika.wordpress.com/2012...explained/
> http://www.abatchy.com/search/label/Networking

Practise Lab online & offline --- Most of this lab help you to understand different attack and (privilege escaltion very very important for OSCP )
> http://overthewire.org/wargames/bandit/
> https://www.explainshell.com/
> https://www.vulnhub.com/?q=kioptrix&sort...sc&type=vm
> https://www.vulnhub.com/entry/fristileaks-13,133/
> https://www.vulnhub.com/entry/brainpan-1,51/ (Buffer overflow vm)
> https://www.vulnhub.com/entry/mr-robot-1,151/
> https://www.vulnhub.com/entry/hacklab-vulnix,48/
> https://www.vulnhub.com/entry/vulnos-2,147/
> https://www.vulnhub.com/entry/sickos-12,144/
> https://www.vulnhub.com/entry/devrandom-scream,47/
> https://www.vulnhub.com/entry/skytower-1,96/
> https://github.com/rapid7/metasploitable3/wiki


https://redteams.fr/mindmap/view.html?ur...scp.mymind

Visit https://t.me/dummieshub/197

Comment for latest link

Errors solved:
Win 10 version: 10.0.19041.662 or more
rdp wrapper listener state: listening (not supported windows 10)
rdp wrapper listener state not listening (fully supported)
rdpwrap "[10.0.19041.662]"

[Image: 6VwNX5p.png]

Follow strictly as mentioned in steps:

  1. Go to C:\Program Files\RDP Wrapper and run uninstall.bat, followed by install.bat for latest update with administrator privileges
  2. Run cmd as administrator and cd to C:\Program Files\RDP Wrapper
  3. net stop termservice
  4. Add following code at the end of rdpwrap.ini in C:\Program Files\RDP Wrapper and make sure there is and empty line at the end.
  5. net start termservice
  6. If It doesn't works try rebooting.
If it doesn't works comment with your OS version for latest configuration. 
Code:
 
[10.0.19041.662]
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=88E81
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=0CAE2
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=189D5
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1D50C
SLInitFunc.x64=New_CSLQuery_Initialize
[10.0.19041.662-SLInit]
bInitialized.x64 =106028
bServerSku.x64 =10602C
lMaxUserSessions.x64 =106030
bAppServerAllowed.x64 =106038
bRemoteConnAllowed.x64=106040
bMultimonAllowed.x64 =106044
ulMaxDebugSessions.x64=106048
bFUSEnabled.x64 =10604C

Code:
 
                                                      |\___/|        
              -=[ISSUE - NO 2]=-                     =) ^Y^ (=        
                   -=[OF]=-                           \  ^  /        
                                                       )=*=(          
______________________________ __ ____________ _     /     \        
|.-----.--.--.--.-----.-----.--|  |   ___ ___ _| ||   |     |        
||  _  |  |  |  |     |  -__|  _  |  | . |   | . ||  /| | | |\        
||_____|________|__|__|_____|_____|  |__,|_|_|___||  \| | |_|/\      
|  | |                                   ______   |__//_// ___/ __    
|  | |               .-----.--.--.-----.|      |.-----.--\_).--|  ||  
|  | |               |  -__|_   _|  _  ||  ||  ||__ --|  -__|  _  ||  
|  | |               |_____|__.__|   __||  ||  ||_____|_____|_____||  
|_/   \__________________________|__|___|  ||  |___________________|  
                                        |______|                      
------------------------.++-                                          
                       / y-                                          
                      /  y-                                          
---------------------/    s/----------------------.++-                
                    /       ys+-.        |\      / y-                
---------------\.../    /\      ys------/()/    /  y-                
                sy      \/    /'''\      \|    /    s/-              
------------------+-++s     /-----'           /        s+-.          
---------------------/s    /-------------\.../    /\      ys          
                      -y  s               sy      \/    /'''\        
-----------------------y s---------------------++s     /-----'        
----------------------++'             |\        /s    /              
-------------------------------------/()/        -y ys                
                                      \|         -y s                
-------------------------------------------------++'                  
                                                |_______________      
,_._._._._._._._,_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|   carders.cc  `\    
|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|      inj3ct0r   \  
                                  ~ Featuring ~ |       ettercap   \  
      _______________|                          |___________________\
    /´   exploit-db  |                          !                    
   /   backtrack     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _,_._._._._._._._,
  /  free-hack       |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
/___________________| ~ and ~                                        
                     !                                                
                                                                      
                      Out of the Blue                                
                            into the Black                            
,_._._._._._._._|____________________________________________________
|_|_|_|_|_|_|_|_|___________________________________________________/
    ~ INTRO ~   !
Greetings followers, welcome to the second issue of owned and exp0sed.
This file is encoded with UTF-8, so to view it properly use unicode.

For those who are reading and laughing with us:
We (your happy ninjas) wish you a


Code:
 
                                 ,                                    
                               _/^\_                                  
                              < hax >                                
                               /.-.\                                  
            * MERRY *          `/&\`                                  
                              ,@.*;@,                                
                             /_o.I %_\                                
                            (`'--:o([email protected];                              
                           /`;--.,__ `')                              
                          ;@`o % O,*`'`&\                            
                         (`'--)[email protected] ;o %'()\                            
        * NINJA *        /`;--._`''--._O'@;                          
                        /&*,()~o`;-.,_ `""`)                          
                        /`,@ ;+& () o*`;-';\                          
                        (`""--.,_0 +% @' &()\                        
                       /-.,_    ``''--....-'`)                        
                       /@%;o`:;'--,.__   __.'\                        
                      ;*,&(); @ % &^;~`"`o;@();                      
   * HAXMAS *         /(); o^~; & ()[email protected]*&`;&%O\                      
                      `"="==""==,,,.,="=="==="`                      
                   __.----.(\-''#####---...___...-----._              
                 '`         \)_`"""""`                                
                         .--' `)                                      
                       o(  )_-\                                      
                         `"""` `
After our first release we got wind of some strange rumours. So just
to be sure, we need to clarify some facts.

So, who are we? First, lets talk about some things we are not. We are
not an underground rival kiddy group. We are not a cyber mafia gang.
We are the watchmen, the hackers who quietly observe the scene. If any
skiddy community gets too big, we shut them down. If any lamer causes
too much trouble, we shut them down. If any group keeps fucking stuff
up, we stop them.

So, why are we doing this? Some people say that being a vigilanty is
wrong and that we are actually criminals. What can we say? This may be
true. But the way we see it, if your not part of the solution, your
part of the fucking problem. These idiots spread garbage across our
scene and that is why they got owned. We take pride in what is left of
the scene and we have serious problems with those who rape it.

That's why we do what MUST be done.

There are some things left we would like to say about carders.cc.
First of all, they came back online after they got rm'ed. In the first
issue we gave our word that we would make sure carders.cc would never
come back. Well, we delivered on that promise in this issue. And as
such carders.cc has once again been eliminated. Maybe this time they
will get the hint.

Also, Heise Security said that we were a rival group trying to
capitalize on the demise of carders.cc. Apparently they weren't happy
about our disclosure of the carders.cc database that included the
personal information of carders.cc victims. What Heise forgot was that
with this action, all the victims of carders.cc got the chance to
realize that they were victims of fraud. You can try to say that our
disclosure of the database put them at even greater risk of fraud but
we disagree. What is more risky? Having your information secretly on
an "underground" carding forum where it WILL be sold and used in
frauduelent activity? Or, having it released so that you can be
notified and take the appropriate action to mitigate the damage that
has been done? I know which option I'd rather have.

It is quite impressive how many people wrote about the Carders Hack
without even bothering to read the zine. It is hilarious to see how
the media works. Somebody writes an article, others copy information
from it, others copy from it again. If we take a shit in a bowl. Then
you eat that shit and puke it back into a different bowl for someone
else to eat then they do the same thing, what do you have? "Two
Journo's One Cup" is what you have. Fucking pathetic.

On the other hand, we'd like to thank Brian Krebs. Even if some of his
conclusions were way off the mark, he was still the first one to
report about carders.cc and nearly every other article was based on
Brian's work. At least you didn't eat shit and regurgitate it like the
rest Brian, keep up the good work.

Enough jibber jabber, let's get to business. You will soon realize
that our targets vary:

We owned ettercap because we were tired of people firing that shit up
and pretending to be a l33th4x0r sheep who think they are the greatest
hackerz with their ARP spoofing toolkitz.. If you have installed
ettercap in the last 5 years you may want to check yo shit (;p).

We owned offsec including backtrack and exploit-db because they are
fucking security "expert" maggots (oops s/m/f/) who just fail so hard
at security that we wonder why people really take their training
courses. We imagine it's like open mic night at the laughatorium.

We owned inj3ct0r because they are lameass wannabe milw0rm kids whose
sole purpose in life is to disclose XSS 0dayz in Joomla (RSnake
anyone?).

We owned carders.cc (AGAIN) because they are unable to learn from
their mistakes and keep spreading garbage around the underground.

We owned free-hack because they are developing into one of the
largest, most arrogant script-kiddie breeding grounds on the
intertubez.

POST REMOVED BY MEHEDI

POST DELETED BY MEHEDI

This 150$ thermal camera can be use to get the debit card or credit number of someone 1 minute after the person type his password. A simple tips to counter it. Is by always putting your fingers on every numbers so the thermal signature doesn't show the digit used from coldest to hottest. Back in the day thermal camera where 10 000$ and where a lot bigger so it's worrying.
[Image: Screenshot_20201021_134407.jpg]

Inspired by previous research on safecracking by Michał Zalewski, they thought it would be easier for a criminal to snoop on ATM PINs using a thermal (infrared) camera to detect residual heat from keypresses rather than current techniques using traditional video cameras.

[Image: thermalpin245.png]

Burp Bounty - Scan Check Builder

This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive.

Download releases: https://github.com/wagiro/BurpBounty/rel...ounty_v3.6


this is a play list to learn more about this Extension

load these profiles : https://github.com/wagiro/BurpBounty/tre.../profiles/

Also check :
https://securityonline.info/burp-bounty-...e-scanner/

Attify's (Pentester Academy) Android Pentesting Course 

Download :

https://drive.google.com/drive/folders/1...x_VpOChzZc

Lynda Android Malware Analysis

Topics include:
Installing the analysis tools on Mac and Windows
Viewing app resources
Decompiling applications
Analyzing permissions
Spyware types
Exfiltrated data, C2 servers, and strings

 Source :

https://www.lynda.com/Android-tutorials/...563-2.html


Download :

https://mega.nz/folder/CoJhAQTQ#AmEegH_cQGefqrIBXoWU0w

  • 1(current)
  • 2
  • 3
  • 4
  • 5
  • 9