Ubuntu users tools

 

To hidden (no initial list at login)

sudo vi /var/lib/AccountsService/users/cloud

SystemAccount=true #change this from false to true

References:

[1] add user https://linoxide.com/usr-mgmt/give-normal-user-root-privileges/

[2] hidden user https://swatij.me/hacks/ubuntu/hide-user-from-login-screen-in-ubuntu-14-04.html

Security topics

Resources:
[1]  https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers
[2]  WebService https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service
[3] Scanner https://github.com/zerosum0x0/CVE-2019-0708
[4] Source bluekeep https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
[5] Twitter https://twitter.com/zerosum0x0

Linux Discover Teamviewer id

$sudo grep -n id /home/user/.local/share/teamviewer14/logfiles/TeamViewer14_Logfile.log

$whereis teamviewer
$/usr/bin/teamviewer help
$/usr/bin/teamviewer info #for get id too

$/usr/bin/teamviewer daemon stop
$/usr/bin/teamviewer setup
$/usr/bin/teamviewer daemon status
$/usr/bin/teamviewer daemon start

References:
[1] http://www.tonisoto.com/2013/07/launching-teamviewer-remotely-throught-ssh/

Call using Internet (Brasil - Perú)

https://www.poptox.com/Peru
https://www.spytox.com/whose-number-is-calling-me

Yellow dots, Microdots, how to discover

Resources

1) Tutorial http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html
2) DocuColor Tracking Dot Decode Guide https://w2.eff.org/Privacy/printers/docucolor

Wireless Security

References:

1. airbase-ng http://lifehacker.com/how-to-hack-your-own-network-and-beef-up-its-security-w-1649785071

Running Wireshark over Ubuntu 14.04

After  installation, execute next steps:

1) sudo dpkg-reconfigure wireshark-common
2) sudo chmod +x /usr/bin/dumpcap
3) sudo setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_DAC_OVERRIDE+eip /usr/bin/dumpcap


Reference:
[1] https://ask.wireshark.org/questions/16343/install-wireshark-on-ubuntu
[2] http://askubuntu.com/questions/348712/there-are-no-interfaces-on-which-a-capture-can-be-done

SSH Tunneling

$ssh -D 127.0.0.1:8080 -l <user> <Server> -p <22|2222>

$ssh -[N]D 5555 -l <user> <Server> -p <22|2222> 

N Doesn't work in some servers, then remove it.

Firefox Setting

1. Open firefox settings, search for "SOCKS" and open the Network Proxy settings

2. Select "Manual proxy configuration"

3. Enter localhost for the SOCKS host, 9999 for the port, and SOCKS v5 selected. Click "OK" to save it.

use http://www.whatismyip.org/ for verify new ip

References:

[1] https://gist.github.com/brentjanderson/6ed800376e53746d2d28ba7b6bdcdc12 (rev 2024)
[2] http://www.planetb.ca/2010/08/how-to-create-an-ssh-tunnel-with-putty-and-stay-anonymous-on-a-network/

 

 

 

 

 

 

 

 

 

 

When you don't access to Windows (Reset Password)

Option 1:

copy c:/windows/system32/sethc.exe to c:/ (backup)
copy c:/windows/system32/cmd.exe c:/windows/system32/sethc.exe
--when you restart, push shift key for 5 second, and put.

c:>net user

Option 2:
#mount /dev/sdax  /mnt/windowsc    (mount windows partition using linux)
#cd /mnt/windowsc/Windows/System32/config
#chntpw -l SAM  (for list users)
#chntpw -u SAM (for options)





References:

[1] https://4sysops.com/archives/forgot-the-administrator-password-the-sticky-keys-trick/

[2] http://www.howtogeek.com/howto/windows-vista/change-your-forgotten-windows-password-with-the-linux-system-rescue-cd/

IP over DNS

References:

[1] iodine http://code.kryo.se/iodine/

How to remove Bill Gates botnet (Fedora)

1) identify and kill process running
 #top
 #killall cupsdd
 . . .

2) verify crontab

#ss -t (show current socket connections)
#crontab -l (list entries)
#crontab -e (edit current)
#crontab -r (remove all entries)

3) remove calls from start scripts
#vi /etc/rc.local   (here anotate entries )
#vi /etc/init.d
#rm /etc/*.lock  (bill.lock and gates.lock)
4) remove physical files
  atddd, cupsdd, cupsddh,ksapdd, kysadd,sksapdd, skysapdd

References

[1] http://lpages.info/billgates-linux-botnet/
[2] https://isc.sans.edu/forums/diary//17282
[3] crontab https://help.1and1.com/hosting-c37630/scripts-and-programming-languages-c85099/cron-jobs-c37727/delete-a-cron-job-a757264.html

Wireless Tools (Audit)

Audit the pre-shared key (PSK)
http://www.wirelessdefence.org/Contents/coWPAttyMain.htm

RF Power Table (xdBm to xmW)
http://www.ipass.net/teara/dbm.html

Transport Layer Protection - ASP.NET

Tools:
[1] asafaweb.com

References:
[1] OWASP Top 10 for .NET developers part 9: Insufficient Transport Layer Protection 
      http://www.troyhunt.com/2011/11/owasp-top-10-for-net-developers-part-9.html
[2] ASP.NET session hijacking with Google and ELMAH
      http://www.troyhunt.com/2012/01/aspnet-session-hijacking-with-google.html
[3] Ramping up ASP.NET session security
      http://www.dotnetnoob.com/2013/07/ramping-up-aspnet-session-security.html

Asp.Net Insecure Session Cookie Handling Vulnerability

Add next code in c:\inetpub\wwwroot\web.config


    <system.web>
      <httpCookies
             httpOnlyCookies="true"
             requireSSL="true" />
    </system.web>


References:
[1] http://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont
[2] http://forums.asp.net/t/1756774.aspx
[3] http://www.enterprisenetworkingplanet.com/netsecur/ten-tips-to-make-your-ssl-secure.html
[4] https://www.owasp.org/index.php/HttpOnly
[5] http://xss.cx/examples/dork/programming/ssl-cookie-without-secure-flag-set-example.html#1.7

C# Windows Services and Logs

References:

[1] http://www.codeproject.com/Articles/14353/Creating-a-Basic-Windows-Service-in-C
[1.1]  http://www.codeproject.com/Articles/3990/Simple-Windows-Service-Sample
[2] http://blog.themobilebrand.com/technology/tutorial-building-a-windows-service-application/
[3] http://www.c-sharpcorner.com/UploadFile/mahesh/window_service11262005045007AM/window_service.aspx

[4] C# log4net http://www.eyecatch.no/blog/2012/08/logging-with-log4net-in-c-sharp/
[5] C# log4net http://www.codeproject.com/Questions/377372/Log4net-not-working-No-Logs-created

[6] Windows event log http://msdn.microsoft.com/en-us/library/6s7642se.aspx

Resolve/Prevent Reflected XSS All Clients on (ASP.NET MVC)

Resources
[1] http://www.slideshare.net/denimgroup/xss-remediation
[2] https://www.owasp.org/index.php/Reviewing_Code_for_Cross-site_scripting
[3] Event 1046 - Cross-Site Scripting Filter http://msdn.microsoft.com/en-us/library/dd565647%28v=vs.85%29.aspx
[4] http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx
[5] http://msdn.microsoft.com/en-us/magazine/hh708755.aspx
[6] Microsoft Web Protection Library http://wpl.codeplex.com/

Alternative Browsers Based on Mozilla Firefox

Portable browsers
http://portableapps.com/apps/internet

Browsers based on firefox

[1] http://www.howtogeek.com/108608/6-alternative-browsers-based-on-mozilla-firefox/

Reniec/Dni

Reniec verificar DNI
https://cel.reniec.gob.pe/valreg/valreg.do

libpcap training

send package using libpcap
http://www.microhowto.info/howto/send_an_arbitrary_ethernet_frame_using_libpcap.html

DNS Spoofing
http://networkprojects.googlecode.com/svn-history/r2/trunk/

Remove backdoor

>netstat -ao  (locate reference to unknow addres, for example
    ovh.net

>taskkill /pid pid

remove from register with regedit

aditional if your clock doesn't work

net stop w32time
w32tm /unregister [ignore error message]
w32tm /unregister [enter a second time]
w32tm /register
reg add hklm\system\currentcontrolset\services\w32time\parameters\ /v NtpServer /t reg_sz /d time.nist.gov /f
net start w32time
w32tm /resync

The default polling time for updating the clock's time is only once every 7 days. This is why the clock gets off by so much (e.g. seconds if not many minutes) until it's the 7th day for your clock to automatically update again. Only then is the clock accurate, but it immediately starts losing time again until it updates in 7 more days. The sources for updating the clock are deadly accurate (NIST = National Institute of Standards and Technology), but the problem is that it doesn't update itself often enough. Here's the fix:

On the XP system change the update (polling time) intervals by doing the following:

1. Type “regedit” in Run located in Start
2. Navigate to the following key in the left pane:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpC lient.
3. In the right pane, double click the entry called SpecialPollInterval.
4. In the Base section of the Edit DWord Value dialog box, click the Decimal option button.
5. Enter the desired interval in seconds (3600 = 1 hour, 1800 = 30 minutes, 86400 = 24 hours, and so forth).
6. Click OK and close the registry editor.


(Originally set at 604,800 seconds, which equals 7 days, or once every week. I have set mine to 1,800 seconds, which updates my clock once every 30 minutes. My clock is never more than a few seconds off...