• DummiesHub believe in censorship free world
  • You will find here everything that can't find anywhere!
  • Sign Up Now!
Welcome, Guest
You have to register before you can post on our site.
Search Forums
Forum Statistics
 Members: 316
 Latest member: Makemyaccounts
 Forum threads: 90
 Forum posts: 126

Full Statistics
Online Users
There are currently 26 online users.
 0 Member(s) | 24 Guest(s)
Bing, Google

Below are 5 skills which you have to improve before registering for OSCP
> Learn basic of Computer Network, Web application, and Linux
> Learn Bash and Python scripting
> Enumeration is key in OSCP lab, I repeat Enumeration is key in OSCP Lab and in real world too
> Download vulnerable VM machines from vulnhub
> Buffer Overflow (BOF) exploitation

Below are the free reference before registration of OSCP 
> https://www.cybrary.it/course/ethical-hacking/
> https://www.cybrary.it/course/web-applic...n-testing/
> https://www.cybrary.it/course/advanced-p...n-testing/
> https://www.offensive-security.com/metas...unleashed/
> https://www.cybrary.it/course/python/

Below are the reference for Buffer overflow and exploit developmet for OSCP
> http://www.fuzzysecurity.com/tutorials/expDev/1.html
> https://www.corelan.be/index.php/2009/07...overflows/

For Bash Scripting 
> http://www.tldp.org/LDP/Bash-Beginners-Guide/html/

Transferring Files from Linux to Windows & post-exploitation
> https://blog.ropnop.com/transferring-fil...o-windows/
> https://www.cybrary.it/course/post-explo...n-hacking/

Privilege Escalation:
> http://www.greyhathacker.net/?p=738
> http://www.fuzzysecurity.com/tutorials/16.html
> https://github.com/GDSSecurity/Windows-E...-Suggester
> http://pwnwiki.io/#!privesc/windows/index.md
> https://blog.g0tmi1k.com/2011/08/basic-l...scalation/
> https://github.com/rebootuser/LinEnum
> https://www.youtube.com/watch?v=PC_iMqiuIRQ
> https://www.adampalmer.me/iodigitalsec/2...and-linux/

Port redirection/tunneling
> https://chamibuddhika.wordpress.com/2012...explained/
> http://www.abatchy.com/search/label/Networking

Practise Lab online & offline --- Most of this lab help you to understand different attack and (privilege escaltion very very important for OSCP )
> http://overthewire.org/wargames/bandit/
> https://www.explainshell.com/
> https://www.vulnhub.com/?q=kioptrix&sort...sc&type=vm
> https://www.vulnhub.com/entry/fristileaks-13,133/
> https://www.vulnhub.com/entry/brainpan-1,51/ (Buffer overflow vm)
> https://www.vulnhub.com/entry/mr-robot-1,151/
> https://www.vulnhub.com/entry/hacklab-vulnix,48/
> https://www.vulnhub.com/entry/vulnos-2,147/
> https://www.vulnhub.com/entry/sickos-12,144/
> https://www.vulnhub.com/entry/devrandom-scream,47/
> https://www.vulnhub.com/entry/skytower-1,96/
> https://github.com/rapid7/metasploitable3/wiki


https://redteams.fr/mindmap/view.html?ur...scp.mymind

Visit https://t.me/dummieshub/197

Comment for latest link

Errors solved:
Win 10 version: 10.0.19041.662 or more
rdp wrapper listener state: listening (not supported windows 10)
rdp wrapper listener state not listening (fully supported)
rdpwrap "[10.0.19041.662]"

[Image: 6VwNX5p.png]

Follow strictly as mentioned in steps:

  1. Go to C:\Program Files\RDP Wrapper and run uninstall.bat, followed by install.bat for latest update with administrator privileges
  2. Run cmd as administrator and cd to C:\Program Files\RDP Wrapper
  3. net stop termservice
  4. Add following code at the end of rdpwrap.ini in C:\Program Files\RDP Wrapper and make sure there is and empty line at the end.
  5. net start termservice
  6. If It doesn't works try rebooting.
If it doesn't works comment with your OS version for latest configuration. 
Code:
 
[10.0.19041.662]
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=88E81
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=0CAE2
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=189D5
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1D50C
SLInitFunc.x64=New_CSLQuery_Initialize
[10.0.19041.662-SLInit]
bInitialized.x64 =106028
bServerSku.x64 =10602C
lMaxUserSessions.x64 =106030
bAppServerAllowed.x64 =106038
bRemoteConnAllowed.x64=106040
bMultimonAllowed.x64 =106044
ulMaxDebugSessions.x64=106048
bFUSEnabled.x64 =10604C

Code:
 
                                                      |\___/|        
              -=[ISSUE - NO 2]=-                     =) ^Y^ (=        
                   -=[OF]=-                           \  ^  /        
                                                       )=*=(          
______________________________ __ ____________ _     /     \        
|.-----.--.--.--.-----.-----.--|  |   ___ ___ _| ||   |     |        
||  _  |  |  |  |     |  -__|  _  |  | . |   | . ||  /| | | |\        
||_____|________|__|__|_____|_____|  |__,|_|_|___||  \| | |_|/\      
|  | |                                   ______   |__//_// ___/ __    
|  | |               .-----.--.--.-----.|      |.-----.--\_).--|  ||  
|  | |               |  -__|_   _|  _  ||  ||  ||__ --|  -__|  _  ||  
|  | |               |_____|__.__|   __||  ||  ||_____|_____|_____||  
|_/   \__________________________|__|___|  ||  |___________________|  
                                        |______|                      
------------------------.++-                                          
                       / y-                                          
                      /  y-                                          
---------------------/    s/----------------------.++-                
                    /       ys+-.        |\      / y-                
---------------\.../    /\      ys------/()/    /  y-                
                sy      \/    /'''\      \|    /    s/-              
------------------+-++s     /-----'           /        s+-.          
---------------------/s    /-------------\.../    /\      ys          
                      -y  s               sy      \/    /'''\        
-----------------------y s---------------------++s     /-----'        
----------------------++'             |\        /s    /              
-------------------------------------/()/        -y ys                
                                      \|         -y s                
-------------------------------------------------++'                  
                                                |_______________      
,_._._._._._._._,_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|   carders.cc  `\    
|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|      inj3ct0r   \  
                                  ~ Featuring ~ |       ettercap   \  
      _______________|                          |___________________\
    /´   exploit-db  |                          !                    
   /   backtrack     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _,_._._._._._._._,
  /  free-hack       |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
/___________________| ~ and ~                                        
                     !                                                
                                                                      
                      Out of the Blue                                
                            into the Black                            
,_._._._._._._._|____________________________________________________
|_|_|_|_|_|_|_|_|___________________________________________________/
    ~ INTRO ~   !
Greetings followers, welcome to the second issue of owned and exp0sed.
This file is encoded with UTF-8, so to view it properly use unicode.

For those who are reading and laughing with us:
We (your happy ninjas) wish you a


Code:
 
                                 ,                                    
                               _/^\_                                  
                              < hax >                                
                               /.-.\                                  
            * MERRY *          `/&\`                                  
                              ,@.*;@,                                
                             /_o.I %_\                                
                            (`'--:o([email protected];                              
                           /`;--.,__ `')                              
                          ;@`o % O,*`'`&\                            
                         (`'--)[email protected] ;o %'()\                            
        * NINJA *        /`;--._`''--._O'@;                          
                        /&*,()~o`;-.,_ `""`)                          
                        /`,@ ;+& () o*`;-';\                          
                        (`""--.,_0 +% @' &()\                        
                       /-.,_    ``''--....-'`)                        
                       /@%;o`:;'--,.__   __.'\                        
                      ;*,&(); @ % &^;~`"`o;@();                      
   * HAXMAS *         /(); o^~; & ()[email protected]*&`;&%O\                      
                      `"="==""==,,,.,="=="==="`                      
                   __.----.(\-''#####---...___...-----._              
                 '`         \)_`"""""`                                
                         .--' `)                                      
                       o(  )_-\                                      
                         `"""` `
After our first release we got wind of some strange rumours. So just
to be sure, we need to clarify some facts.

So, who are we? First, lets talk about some things we are not. We are
not an underground rival kiddy group. We are not a cyber mafia gang.
We are the watchmen, the hackers who quietly observe the scene. If any
skiddy community gets too big, we shut them down. If any lamer causes
too much trouble, we shut them down. If any group keeps fucking stuff
up, we stop them.

So, why are we doing this? Some people say that being a vigilanty is
wrong and that we are actually criminals. What can we say? This may be
true. But the way we see it, if your not part of the solution, your
part of the fucking problem. These idiots spread garbage across our
scene and that is why they got owned. We take pride in what is left of
the scene and we have serious problems with those who rape it.

That's why we do what MUST be done.

There are some things left we would like to say about carders.cc.
First of all, they came back online after they got rm'ed. In the first
issue we gave our word that we would make sure carders.cc would never
come back. Well, we delivered on that promise in this issue. And as
such carders.cc has once again been eliminated. Maybe this time they
will get the hint.

Also, Heise Security said that we were a rival group trying to
capitalize on the demise of carders.cc. Apparently they weren't happy
about our disclosure of the carders.cc database that included the
personal information of carders.cc victims. What Heise forgot was that
with this action, all the victims of carders.cc got the chance to
realize that they were victims of fraud. You can try to say that our
disclosure of the database put them at even greater risk of fraud but
we disagree. What is more risky? Having your information secretly on
an "underground" carding forum where it WILL be sold and used in
frauduelent activity? Or, having it released so that you can be
notified and take the appropriate action to mitigate the damage that
has been done? I know which option I'd rather have.

It is quite impressive how many people wrote about the Carders Hack
without even bothering to read the zine. It is hilarious to see how
the media works. Somebody writes an article, others copy information
from it, others copy from it again. If we take a shit in a bowl. Then
you eat that shit and puke it back into a different bowl for someone
else to eat then they do the same thing, what do you have? "Two
Journo's One Cup" is what you have. Fucking pathetic.

On the other hand, we'd like to thank Brian Krebs. Even if some of his
conclusions were way off the mark, he was still the first one to
report about carders.cc and nearly every other article was based on
Brian's work. At least you didn't eat shit and regurgitate it like the
rest Brian, keep up the good work.

Enough jibber jabber, let's get to business. You will soon realize
that our targets vary:

We owned ettercap because we were tired of people firing that shit up
and pretending to be a l33th4x0r sheep who think they are the greatest
hackerz with their ARP spoofing toolkitz.. If you have installed
ettercap in the last 5 years you may want to check yo shit (;p).

We owned offsec including backtrack and exploit-db because they are
fucking security "expert" maggots (oops s/m/f/) who just fail so hard
at security that we wonder why people really take their training
courses. We imagine it's like open mic night at the laughatorium.

We owned inj3ct0r because they are lameass wannabe milw0rm kids whose
sole purpose in life is to disclose XSS 0dayz in Joomla (RSnake
anyone?).

We owned carders.cc (AGAIN) because they are unable to learn from
their mistakes and keep spreading garbage around the underground.

We owned free-hack because they are developing into one of the
largest, most arrogant script-kiddie breeding grounds on the
intertubez.

There are actually lots of web sites and dozens of books on the way to prepare and execute an electronic mail marketing campaign. However, the primary aspect to any a success method is surely having a big sufficient listing to email list humans. This articles tries to deal with this problem with the aid of using giving our readers doable and pro processes on constructing a big and possible electronic mail listing.
Underlying Principles
No Matter what approach you choose, maximum will now no longer achieve success until you observe the subsequent principles.
Principle 1: Provide Value
For maximum humans, an electronic email list deal with is handled withinside the identical regard as a telecellsmartphone variety or deal with. People surely do now no longer want to launch their personal statistics with ease specially withinside the on line environment. 
[Image: Email-Database.gif]
You can conquer this herbal hesitation If you provide some thing of fee in return. Offering some thing does not imply a tangible or financial good. Quite some educational research and commercial enterprise advertising studies on net utilization have proven that humans log on for 2 simple reasons; to research or to communication. Offering precious statistics or content material can effortlessly be your carrot to unlocking big volumes of electronic email listcontacts.
Principle 2: Keep it easy and clean
If you need to construct a big electronic email list. Keep it easy and clean to sign on. Many entrepreneurs make the error of accumulating an excessive amount of statistics. Usually a call and electronic mail deal with works fine. Your subscription container isn't always intended to be advertising studies. Some entrepreneurs ask for statistics which includes age, occupation, sex, etc. But preserve in thoughts he extra fields someone has to fill out, the much less probable they're to finish it.
Principle 3: Assure Privacy
The maximum often mentioned cause for hesitation while giving out electronic email list addresses is junk mail. (Surprisingly beforehand of identification theft.) Overcome this hesitation with the aid of using posting a privateness notice. A easy word which includes "Your privateness is crucial to us. We will in no way promote or reveal the email list deal with and statistics you offer with us" will result in extra emails collected.

Email advertising is a great manner to marketplace your on line enterprise. It's less expensive and if finished nicely can show pretty lucrative. There are some matters you will want to do not forget, however, in case you're going to efficaciously construct and keep your email listing. What measures achievement? Some would possibly say that obtaining as many emails as feasible as quick as feasible is a degree of achievement. That can be proper, however they may want to be the proper email addresses in your e-email list. Without a excessive excellent email list  your achievement providence can also additionally lose momentum quite quick. If you hold observe some e-mail primary constructing listing secrets, however, you ought to be capable of degree your achievement via way of means of the quantity of emails in your e-mail listing, the duration of time the ones people stay active, and maximum of all what number of stay interested by your company. 
[Image: Email-Database.gif]
Staying prepared is, as with maximum each issue of your life, a important a part of achievement. If you've got got numerous distinctive on line interests, you will need to make certain your email lists are segmented appropriately. If you've got got one enterprise that sells flora, for example, and any other that sells vehicle parts, you will need to make sure whilst preventing to scent the flora one recipient is not receiving an e-mail approximately a first-rate car element sale on their iPhone. It is going with out announcing that the opposite can be brutal - now no longer a quite picture. Keeping your e-mail listing segmented in step with your email  listing members' regions of hobby is a first-rate advertising e-mail listing approach.
Building your listing is of path the muse of each listing advertising approach or even in case your listing is large, you will need to make sure to hold the emails coming in. The fine of e-mail entrepreneurs lose emails, both via way of means of email list deal with changes, spamming, blocking off and the feared unsubscribing.

This 150$ thermal camera can be use to get the debit card or credit number of someone 1 minute after the person type his password. A simple tips to counter it. Is by always putting your fingers on every numbers so the thermal signature doesn't show the digit used from coldest to hottest. Back in the day thermal camera where 10 000$ and where a lot bigger so it's worrying.
[Image: Screenshot_20201021_134407.jpg]

Inspired by previous research on safecracking by Michał Zalewski, they thought it would be easier for a criminal to snoop on ATM PINs using a thermal (infrared) camera to detect residual heat from keypresses rather than current techniques using traditional video cameras.

[Image: thermalpin245.png]

Burp Bounty - Scan Check Builder

This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive.

Download releases: https://github.com/wagiro/BurpBounty/rel...ounty_v3.6


this is a play list to learn more about this Extension

load these profiles : https://github.com/wagiro/BurpBounty/tre.../profiles/

Also check :
https://securityonline.info/burp-bounty-...e-scanner/

Attify's (Pentester Academy) Android Pentesting Course 

Download :

https://drive.google.com/drive/folders/1...x_VpOChzZc

Lynda Android Malware Analysis

Topics include:
Installing the analysis tools on Mac and Windows
Viewing app resources
Decompiling applications
Analyzing permissions
Spyware types
Exfiltrated data, C2 servers, and strings

 Source :

https://www.lynda.com/Android-tutorials/...563-2.html


Download :

https://mega.nz/folder/CoJhAQTQ#AmEegH_cQGefqrIBXoWU0w

  • 1(current)
  • 2
  • 3
  • 4
  • 5
  • 9