r0t1v r0t1

Caution

This guide is out of date, follow the new guide here: https://flipper.wiki/mifareclassic/

MIFARE Classic

Here are the steps to follow in order to read your cards. Your goal is to find as many keys as possible. The keys unlock sections of your card for the Flipper to read them - you must have a card. Once you read enough sections, you can use an emulated or cloned card at the original card reader to unlock it (sometimes even without finding all of the keys!).

Important

Major update coming in first update following OFW 1.0.0 (ETA: mid to late September) which overhauls and simplifies this process:

Google dork cheatsheet

Search filters

Filter	Description	Example
allintext	Searches for occurrences of all the keywords given.	`allintext:"keyword"`
intext	Searches for the occurrences of keywords all at once or one at a time.	`intext:"keyword"`
inurl	Searches for a URL matching one of the keywords.	`inurl:"keyword"`
allinurl	Searches for a URL matching all the keywords in the query.	`allinurl:"keyword"`
intitle	Searches for occurrences of keywords in title all or one.	`intitle:"keyword"`

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

Red Team Phishing with Gophish

This guide will help you set up a red team phishing infrastructure as well as creating, perform and evaluate a phishing campaign. This is the basic lifecycle of your phishingn campaign:

+---------------------+
|Get Hardware         |   Order / setup a vServer
+---------------------+
+---------------------+
|Setup                |   Install Gophish & Mail Server
+---------------------+

#Wireless Penetration Testing Cheat Sheet

##WIRELESS ANTENNA

Open the Monitor Mode

root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up

	'''
	Title: SSHtranger Things
	Author: Mark E. Haase <mhaase@hyperiongray.com>
	Homepage: https://www.hyperiongray.com
	Date: 2019-01-17
	CVE: CVE-2019-6111, CVE-2019-6110
	Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
	Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1

	We have nicknamed this "SSHtranger Things" because the bug is so old it could be

	#!/usr/bin/env python3

	#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
	#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
	# ./check_hashes.py <hash_dump>

	import argparse
	import re

	parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")

	#!/bin/bash
	# Usage : ./scanio.sh <save file>
	# Example: ./scanio.sh cname_list.txt

	# Premium
	function ech() {
	spinner=( "\|" "/" "-" "\\" )
	while true; do
	for i in ${spinner[@]}; do
	echo -ne "\r[$i] $1"

	#
	# TO-DO: set \|DESTINATIONURL\| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
	#
	# Note this version requires Apache 2.4+
	#
	# Save this file into something like /etc/apache2/redirect.rules.
	# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
	#
	# Include /etc/apache2/redirect.rules
	#

	using System;
	using System.Net;
	using System.Diagnostics;
	using System.Reflection;
	using System.Configuration.Install;
	using System.Runtime.InteropServices;

	/*
	Author: Casey Smith, Twitter: @subTee
	License: BSD 3-Clause