Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- welcome to @NFAGov's
- ________________________
- < Frogeration HackSec. Guide >
- ------------------------
- \
- \
- ,=;%$%%$X%%%%;/%%%%;=,
- ,/$$+:- -:+$$/,
- :X$= =$X:
- ;M%. .%M;
- +#/ /#+
- ## M#
- H#, =;+/;, ,#X
- .HM- :@X+%H: .%M%- .M#. -M@.
- /#%. @#- ,H@--MH, .;@$- .%#+
- .$M; .+@X;, MM#@:/$X;. ;M$,
- =@H, ,:+%H#M%;- ,H@=
- .$#; -#H =#$
- %#; #M ;#%
- H#- ## -#H
- ;#+ ## +#;
- ;H+;;;;;;HH;;;;;;+H/
- =H#@HHHHHHHHHH@#H=
- =@#H%%%%%%%$HH@#@=
- =@#X%%%%%%%$M###@=
- =+%XHHX%+=
- ------------------------------------------------------------------------------------------
- Welcome to National Frog Agency's HackSec guide & arsenal for new-frogs.
- Altho we are 100% aware of, that a lot of you already know this, some might not;
- take wht you will frm it, mght learn something.
- lets begin, ye?
- [PRE-ASSUMPTION: UR ALRDY VPN'D/TOR'D UP.]
- -------------------------------------------------------------------------------------------
- $~SECT: THE NEW YOU; INSTALLING LINUX.
- --------------------------------------------------------------------------------------------
- **We'll start from the very basics, assuming ur fresh on a winblows box(lol).
- (you have several options, but we'll point out the widely known ones)
- ..alot of sections to cover, well save face by linking the og src..
- #1: Dual-boot Ubuntu w/ winblows(then procced to section: WELCM TO UBUNTU)
- https://www.tecmint.com/install-ubuntu-16-04-alongside-with-windows-10-or-8-in-dual-boot/
- --
- #2: USB INSTALL
- SRC: https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-windows
- '.
- '.
- #2-a) *RECMNDED*- During install of Ubuntu on your USB, you'll have a few diff. opts
- https://www.tecmint.com/wp-content/uploads/2016/04/Select-Ubuntu-16.04-Installation-Type.png
- '.0> CHOICE: ERASE DSK & INSTALL UBNTU.
- '.-> CHK 2 BOXES BELOW IT.
- This will ensure that your freshly installed linux distro is fully encrypted > secured via user set pwd on boot.
- .,
- #2-b) right before completing install you'll be asked to set login creds.
- http://i1-news.softpedia-static.com/images/news2/installing-ubuntu-16-04-lts-503593-11.jpg
- '.-> REQR MY PWD TO LOGIN
- '-> ENCRYPT HOME FLDR.
- #FINSHD: INSTALLING SECT > CONT: STORAGE & VBOX.
- --------------------------------------------------------------------------------------------
- $~SECT: OHAI THUR - WELCOME TO UBUNTU.
- (Now assuming you followed the SRC tutorials & our other instructions, the next few steps are a cinch!)
- --------------------------------------------------------------------------------------------
- **NOTE: TO MAINTAIN MAX. OPSEC; UBUNTU WILL ONLY BE USED AS A "FRONT".**
- [If infact you do need to store something on your main HD(Windows OR Linux), we HIGHLY recmnd VeraCrypt.
- '-https://veracrypt.codeplex.com/wikipage?title=Beginner%27s%20Tutorial]
- '
- *
- ;
- '.-STEPS:
- #1> DWNLD: VirtualBox.
- http://download.virtualbox.org/virtualbox/5.1.22/virtualbox-5.1_5.1.22-115126~Ubuntu~xenial_amd64.deb
- '.0> WHILEW INSTALLING: ENCRYT YOUR VDI-> http://www.techrepublic.com/article/how-to-encrypt-virtualbox-vms/
- #2> DWNLD: PAROTSEC OS [thsll be used as your main operating system via VB].
- '-DETS ON PSEC: https://www.parrotsec.org/features.fx
- '.-DL:http://superb-sea2.dl.sourceforge.net/project/parrotsecurity/iso/3.6/Parrot-full-3.6_amd64.iso
- #3> INSTALLING PSEC-OS ON ENCRYPTD VMACHINE(VBOX):
- '-:> https://docs.parrotsec.org/doku.php/install-in-a-virtual-machine
- *.
- '-GUEST ADTIONS: https://docs.parrotsec.org/doku.php/virtualbox-guest-additions
- #FINSHD: UNBTU SECTION > CONT: FROGS-STASH.
- -------------------------------------------------------------------------------------------
- $~SECT: OH U WNT SUM? - THE ARESNAL.
- --------------------------------------------------------------------------------------------
- Below you'll find breif section varying from tutorials(with the tool) to tools of all diff jobs
- ones that weve collctd thru out the swamp. most will have tuts while others will have the github with desc.
- (Most will be pre-installed inside of ParotOS)
- @SECT: TOOLS & TUTS.
- ########################
- 0> BASIC TUTS.
- ########################
- '-LRN THE BASICS:
- '-UNION SQLI: http://hackyshacky.com/blog/sql-injection-union-based-tutorial/
- '-ASP INJECTN: http://www.101hacker.com/2012/01/hacking-aspaspx-websites-sql-injecton.html
- '-XSS: https://breakthesecurity.cysecurity.org/2011/10/cross-site-scriptingxss-complete-tutorial-for-beginners-web-application-vulnerability.html
- *
- '-DEFACE: https://packetstormsecurity.com/files/download/125800/phpshellthroughsqli.pdf
- ########################
- ~0> THE TOOLS/TUTS
- ########################
- ~SQLMAP
- '-TUT: hthp://www.binarytides.com/sqlmap-hacking-tutorial/
- '-POSTSQLI: http://carnal0wnage.attackresearch.com/2011/03/sqlmap-with-post-requests.html
- '
- ,-*
- '--*0> FIREWALL BYPASS:,
- ************************************
- general Tamper testing:
- tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
- MSSQL:
- tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes
- MySQL:
- tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor
- ***********************************
- '-SQLSUS
- '-TUT: http://www.ehacking.net/2011/11/sqlsus-mysql-injection-tutorial.html
- ~BinGoo: Google-Dorker (check tut)
- '.-DL: https://github.com/Hood3dRob1n/BinGoo/
- '-TUT: https://github.com/Hood3dRob1n/BinGoo/blob/master/README.txt
- ~NMAP:
- '.-TUT: https://hackertarget.com/nmap-tutorial/
- '-NSE-TUT: https://nmap.org/book/nse-usage.html
- ~XSSYA: Cross Site Scripting Scanner & Vulnerability Confirmation
- '-DL: https://github.com/yehia-mamdouh/XSSYA-V-2.0
- '-TUT: https://github.com/yehia-mamdouh/XSSYA-V-2.0/blob/master/README.md
- ~WPSCAN:
- '-TUT: http://www.hackingtutorials.org/web-application-hacking/hack-a-wordpress-website-with-wpscan/
- ~CMS-MAP: CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
- '-DL: https://github.com/Dionach/CMSmap
- '-TUT: https://github.com/Dionach/CMSmap/blob/master/README.md
- #FINSHD: ARSENAL SECT > CONT: OUTRO + GOODBAG.
- -------------------------------------------------------------------------------------------
- $~SECT: SEE YUH & DNT FRGT YOUR GOODBAG.
- -------------------------------------------------------------------------------------------
- Well, just like the great pig from the loony-tunes once said...THAT'S ALL FOLKS :D
- we hope you learned a few things, if not then found some new tools to play with, if you guys enjoyed this - let us know;
- we will write some others on diff topics/subjs.
- DNT FRGT 2 FOLLOW: @NFAGOV
- Anndd, *drum roll*
- ~GOODIES: current script LIB of NFA.~
- '.-DL: goodie_bag.7z (47.93 MB)
- '-LINK: https://mirrorace.com/m/iauo
Add Comment
Please, Sign In to add comment