NFA/CFS HackSec Guide & Goodies.

1.  
2. welcome to @NFAGov's
3. ________________________
4. < Frogeration HackSec. Guide >
5. ------------------------
6. \
7. \
8. ,=;%$%%$X%%%%;/%%%%;=,
9. ,/$$+:- -:+$$/,
10. :X$= =$X:
11. ;M%. .%M;
12. +#/ /#+
13. ## M#
14. H#, =;+/;, ,#X
15. .HM- :@X+%H: .%M%- .M#. -M@.
16. /#%. @#- ,H@--MH, .;@$- .%#+
17. .$M; .+@X;, MM#@:/$X;. ;M$,
18. =@H, ,:+%H#M%;- ,H@=
19. .$#; -#H =#$
20. %#; #M ;#%
21. H#- ## -#H
22. ;#+ ## +#;
23. ;H+;;;;;;HH;;;;;;+H/
24. =H#@HHHHHHHHHH@#H=
25. =@#H%%%%%%%$HH@#@=
26. =@#X%%%%%%%$M###@=
27. =+%XHHX%+=
28. ------------------------------------------------------------------------------------------
29. Welcome to National Frog Agency's HackSec guide & arsenal for new-frogs.
30. Altho we are 100% aware of, that a lot of you already know this, some might not;
31. take wht you will frm it, mght learn something.
32.  
33. lets begin, ye?
34. [PRE-ASSUMPTION: UR ALRDY VPN'D/TOR'D UP.]
35. -------------------------------------------------------------------------------------------
36. $~SECT: THE NEW YOU; INSTALLING LINUX.
37. --------------------------------------------------------------------------------------------
38. **We'll start from the very basics, assuming ur fresh on a winblows box(lol).
39. (you have several options, but we'll point out the widely known ones)
40. ..alot of sections to cover, well save face by linking the og src..
41.  
42.  
43. #1: Dual-boot Ubuntu w/ winblows(then procced to section: WELCM TO UBUNTU)
44. https://www.tecmint.com/install-ubuntu-16-04-alongside-with-windows-10-or-8-in-dual-boot/
45. --
46. #2: USB INSTALL
47. SRC: https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-windows
48. '.
49. '.
50. #2-a) *RECMNDED*- During install of Ubuntu on your USB, you'll have a few diff. opts
51. https://www.tecmint.com/wp-content/uploads/2016/04/Select-Ubuntu-16.04-Installation-Type.png
52. '.0> CHOICE: ERASE DSK & INSTALL UBNTU.
53. '.-> CHK 2 BOXES BELOW IT.
54. This will ensure that your freshly installed linux distro is fully encrypted > secured via user set pwd on boot.
55. .,
56. #2-b) right before completing install you'll be asked to set login creds.
57. http://i1-news.softpedia-static.com/images/news2/installing-ubuntu-16-04-lts-503593-11.jpg
58. '.-> REQR MY PWD TO LOGIN
59. '-> ENCRYPT HOME FLDR.
60.  
61. #FINSHD: INSTALLING SECT > CONT: STORAGE & VBOX.
62. --------------------------------------------------------------------------------------------
63. $~SECT: OHAI THUR - WELCOME TO UBUNTU.
64. (Now assuming you followed the SRC tutorials & our other instructions, the next few steps are a cinch!)
65. --------------------------------------------------------------------------------------------
66.  
67. **NOTE: TO MAINTAIN MAX. OPSEC; UBUNTU WILL ONLY BE USED AS A "FRONT".**
68. [If infact you do need to store something on your main HD(Windows OR Linux), we HIGHLY recmnd VeraCrypt.
69. '-https://veracrypt.codeplex.com/wikipage?title=Beginner%27s%20Tutorial]
70. '
71. *
72. ;
73. '.-STEPS:
74. #1> DWNLD: VirtualBox.
75. http://download.virtualbox.org/virtualbox/5.1.22/virtualbox-5.1_5.1.22-115126~Ubuntu~xenial_amd64.deb
76. '.0> WHILEW INSTALLING: ENCRYT YOUR VDI-> http://www.techrepublic.com/article/how-to-encrypt-virtualbox-vms/
77.  
78. #2> DWNLD: PAROTSEC OS [thsll be used as your main operating system via VB].
79. '-DETS ON PSEC: https://www.parrotsec.org/features.fx
80. '.-DL:http://superb-sea2.dl.sourceforge.net/project/parrotsecurity/iso/3.6/Parrot-full-3.6_amd64.iso
81.  
82. #3> INSTALLING PSEC-OS ON ENCRYPTD VMACHINE(VBOX):
83. '-:> https://docs.parrotsec.org/doku.php/install-in-a-virtual-machine
84. *.
85. '-GUEST ADTIONS: https://docs.parrotsec.org/doku.php/virtualbox-guest-additions
86.  
87. #FINSHD: UNBTU SECTION > CONT: FROGS-STASH.
88. -------------------------------------------------------------------------------------------
89. $~SECT: OH U WNT SUM? - THE ARESNAL.
90. --------------------------------------------------------------------------------------------
91. Below you'll find breif section varying from tutorials(with the tool) to tools of all diff jobs
92. ones that weve collctd thru out the swamp. most will have tuts while others will have the github with desc.
93. (Most will be pre-installed inside of ParotOS)
94.  
95. @SECT: TOOLS & TUTS.
96. ########################
97. 0> BASIC TUTS.
98. ########################
99. '-LRN THE BASICS:
100. '-UNION SQLI: http://hackyshacky.com/blog/sql-injection-union-based-tutorial/
101. '-ASP INJECTN: http://www.101hacker.com/2012/01/hacking-aspaspx-websites-sql-injecton.html
102. '-XSS: https://breakthesecurity.cysecurity.org/2011/10/cross-site-scriptingxss-complete-tutorial-for-beginners-web-application-vulnerability.html
103. *
104. '-DEFACE: https://packetstormsecurity.com/files/download/125800/phpshellthroughsqli.pdf
105. ########################
106. ~0> THE TOOLS/TUTS
107. ########################
108. ~SQLMAP
109. '-TUT: hthp://www.binarytides.com/sqlmap-hacking-tutorial/
110. '-POSTSQLI: http://carnal0wnage.attackresearch.com/2011/03/sqlmap-with-post-requests.html
111. '
112. ,-*
113. '--*0> FIREWALL BYPASS:,
114. ************************************
115. general Tamper testing:
116. tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
117. MSSQL:
118. tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes
119. MySQL:
120. tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor
121. ***********************************
122.  
123. '-SQLSUS
124. '-TUT: http://www.ehacking.net/2011/11/sqlsus-mysql-injection-tutorial.html
125.  
126. ~BinGoo: Google-Dorker (check tut)
127. '.-DL: https://github.com/Hood3dRob1n/BinGoo/
128. '-TUT: https://github.com/Hood3dRob1n/BinGoo/blob/master/README.txt
129.  
130. ~NMAP:
131. '.-TUT: https://hackertarget.com/nmap-tutorial/
132. '-NSE-TUT: https://nmap.org/book/nse-usage.html
133.  
134. ~XSSYA: Cross Site Scripting Scanner & Vulnerability Confirmation
135. '-DL: https://github.com/yehia-mamdouh/XSSYA-V-2.0
136. '-TUT: https://github.com/yehia-mamdouh/XSSYA-V-2.0/blob/master/README.md
137.  
138. ~WPSCAN:
139. '-TUT: http://www.hackingtutorials.org/web-application-hacking/hack-a-wordpress-website-with-wpscan/
140.  
141. ~CMS-MAP: CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
142. '-DL: https://github.com/Dionach/CMSmap
143. '-TUT: https://github.com/Dionach/CMSmap/blob/master/README.md
144.  
145. #FINSHD: ARSENAL SECT > CONT: OUTRO + GOODBAG.
146. -------------------------------------------------------------------------------------------
147. $~SECT: SEE YUH & DNT FRGT YOUR GOODBAG.
148. -------------------------------------------------------------------------------------------
149. Well, just like the great pig from the loony-tunes once said...THAT'S ALL FOLKS :D
150.  
151. we hope you learned a few things, if not then found some new tools to play with, if you guys enjoyed this - let us know;
152. we will write some others on diff topics/subjs.
153.  
154. DNT FRGT 2 FOLLOW: @NFAGOV
155.  
156. Anndd, *drum roll*
157.  
158. ~GOODIES: current script LIB of NFA.~
159. '.-DL: goodie_bag.7z (47.93 MB)
160. '-LINK: https://mirrorace.com/m/iauo