The Script Community
The Script Community is for hacking enthusiasts to share their knowledge.
Disclaimer
We do not take responsibility for any damage, or legal issues, done with these files here at AT Products LLC, Ethical Hacking Society, The Script Community, CodingHome, or Noodle Hackerspace.
Use a virtual machine if it's a computer virus, and never open them on your physical machine. As a pre-caution, download them on your VM.
Resources
What do you want to know about today?
View normal formatLearning Resources
Learning Resources
Hacking Course - Network Penetration Testing HackTheBox TryHackMe E-Books Library of tools from Kali Linux OS W3schools freeCodeCamp CodeAcademy Course 1 Course 2Learning Resources
Python Basics
Comments
You can write text that the program will ignore by beginning the line with a #, this helps with reminding you what certain code does or for explaining purposes.
py
# This is a comment
Data Types
Variables can store data of different types, and different types can do different things.
Python has the following data types built-in by default, in these categories:
Text Type: str
Numeric Types: int, float, complex
Sequence Types: list, tuple, range
Mapping Type: dict
Set Types: set, frozenset
Boolean Type: bool
Binary Types: bytes, bytearray, memoryview
We will go more in-depth on some of these types in the next few paragraphs.
You can print the data type of a variable with the type() function:
py
x = 5
print(type(x))
Strings
Strings are surrounded by either single quotation marks, or double quotation marks.
py
x = "hello"
y = 'hello'
# single quotations and double quotation marks are the same
x == y # returns True
You can assign a multiline string to a variable by using three quotes:
py
x = """The FitnessGram Pacer test is a multistage aerobic capacity test that progressively gets more difficult as it continues. The 20 meter Pacer test will begin in 30 seconds."""
You can check the length of a string using the len() function:
py
x = "hello"
print(len(text)) # returns 5
Numbers
There are 2 primary, int and float
py
x = 2 # int
y = 2.8 # float
To verify the type of an object in Python, use the type() function:
py
print(type(x))
print(type(y))
Int, or integers, are whole numbers, positive or negative, without decimals.
Float is a number, positive or negative, containing one or more decimals.
Both strings and numbers are built-in data types.
JavaScript Basics
JavaScript Basics
Including JavaScript in an HTML Page
<script type="text/javascript">
//JS code goes here
</script>
Call an External JavaScript File
<script src="myscript.js"></script>
Including Comments
Single line comments - // Comment
Multi-line comments - /* comment here */
Variables
var, const, let
var — The most common variable. Can be reassigned but only accessed within a function. Variables defined with var move to the top when code is executed.
const — Can not be reassigned and not accessible before they appear within the code.
let — Similar to const, however, let variable can be reassigned but not re-declared.
Data Types
Numbers —var age = 23 Variables —
var xText (strings) —
var a = "init"Operations —
var b = 1 + 2 + 3True or fase statements —
var c = trueConstant numbers —
const PI = 3.14Objects —
var name = {firstName:"John", lastName:”Doe"}
Objects Example
var person = {
firstName:"John",
lastName:"Doe",
age:20,
nationality:"American"
};
HTML Basics
HTML Basics
Example Document
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>
<h1> This is a heading </h1>
<p> This is text </p>
<a href="https://example.com">This is a link</a>
<img src="at.png" width="99.99% alt="Example Image">
</body>
</html>
We gotta first lay down the very first thing to know. The <!DOCTYPE html> tag represents the Document Type and helps some browsers display correctly with your website, must only be used once. Some elements do need closing tag, like </center>.
The <head> tag is needed to represent the head of the website. The <body> tag is the same thing, but it's the body.
HTML Text
Some elements are meant to show text like <text>, and <p>.
<p> This is text </p>
HTML Headings
The <h> tag has 6 different sizes, from <h1> to <h6>.
1 is the hugest, to 6 is the smallest.
<h1> This is a heading </h1>
HTML Links
The <a> is a text element to represent links. Once clicked on the hyperlink, will redirect the user to a new link.
<a href="atproducts.tk">Example Website</a>
HTML Images
The <img> tag is to show a image. The width or height description can be used by pixels or percentages by displays. The alt tag shows up when the image doesn't load or can't load, it shows the description.
<img src="at.png" width="99.99% alt="Example Image">
OSINT
OSINT
Learn MoreSection by Nasus
Open source intelligence (OSINT) is the practice of collecting information from published or otherwise publicly available sources. This can be used to learn more about your targets
Reverse Image Lookup Mac Address Lookup EXIF Data Database Lookup IP Lookup Archive.orgDenial of Service
Denial of Service
Learn MoreDisclaimer
This section does not contain DDoS code. You have to distribute this code amongst a botnet for it to actually do damage. It only works against websites.
A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to render a computer or other device unavailable to its intended users by interrupting the device's normal functioning. DoS attacks typically function by overwhelming or flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of-service to addition users. A DoS attack is characterized by using a single computer to launch the attack.
A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from many distributed sources, such as a botnet DDoS attack.
Website HTTP Flooder
Passwords
Passwords
A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity.
A strong password should be minimum 8 characters long and consist of lowercase, uppercase, numbers and symbols
Password Generator (Python) haveibeenpwned (Python | Request) by Nasus
Nasus hasn't made a cracker yet, so he recommends Vanhauser's, and Openwall's.
ID Creation Time
ID Creation Time
Learn MoreSection by Nasus
Open source intelligence (OSINT) is the practice of collecting information from published or otherwise publicly available sources. This can be used to learn more about your targets
Reverse Image Lookup Mac Address Lookup EXIF Data Database Lookup IP Lookup Archive.orgKeylogging
Keylogging
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program.
Keylogger (Python | pynput) by Nasus
CУБΞЯC's Recommendations
Advanced Key Logger (Python) Decryptor (Python) Requirements (TXT) all by CУБΞЯC.
Nitrologging | Tokenlogging
Nitrologging | Tokenlogging
Try these links from CУБΞЯC and Nasus
Delgan MetaChris wodxgod It's Vichy KLDiscord Monst3red Alphalius's Rage BillyTheGoat356's Riot BillyTheGoat356's Plague BillyTheGoat356's Rage NotSaksh ECriminal Verlox KanekiWebDiscord Injector (WCBandit) Discord Token Stealer Malware Protection (ZaikoARD) Uvipen's ASCII Generator
Tutorial
Other Scripts
Other Scripts
Disclaimer
Note that an actual working key would take over a billion years to find.
Learning Resources
Phishing
Learn More Source Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted.
As of 2020, phishing is by far the most common attack performed by cybercriminals
Types of Phishing
Email Phishing
Most phishing messages are delivered by email, and are not personalized or targeted to a specific individual or company–this is termed "bulk" phishing
Spear Phishing
Spear phishing involves an attacker directly targeting a specific organization or person with tailored phishing communications. This is essentially the creation and sending of emails to a particular person to make the person think the email is legitimate. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.
<Whaling Phising
Whaling is a highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.
Watering Hole Attacks
Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected.
Clone Phishing
Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender.
SMS Phishing
SMS phishing or smishing is conceptually similar to email phishing, except attackers use cell phone text messages to deliver the "bait". Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message. The victim is then invited to provide their private data; often, credentials to other websites or services.
Voice Phishing
Attackers will dial a large quantity of telephone numbers and play automated recordings - often made using text to speech synthesizers - that make false claims of fraudulent activity on the victim's bank accounts or credit cards. The calling phone number will be spoofed to show the real number of the bank or institution impersonated. The victim is then directed to call a number controlled by the attackers, which will either automatically prompt them to enter sensitive information in order to "resolve" the supposed fraud, or connect them to a live person who will attempt to use social engineering to obtain information.
Google Dorking
Google Dorking
Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. Google dorking could also be used for OSINT (Open Source Intelligence). This can be used to find information that was made public on accident. You can find more information about your targets this way. This can be very entertaining: finding public cameras, password lists, peoples files and passwords, gov documents, admin panels, and much more.
Basics of Google Dorking
Learn More "search string" - web pages that contain the exact same string
string | string - between queries will return results for each string
site: wikipedia.org - search for certain words on a website
-site: wikipedia.org - do not show results for a website
inurl:"view.shtml" "Network Camera" - find network cameras
?intitle:index.of? mp3 artist_name - find mp3 files of songs
intitle:"index of" inurl:ftp - find exposed FTP servers
filetype:txt inurl:"email.txt" - email lists (Government emails can be found)
allintext:username filetype:log - find usernames and password logfiles
intitle:"Index of..etc" passwd - Linux machines with directory exposed
index of any-show-name - Find shows and movies for free
ethical hacking site:drive.google.com - Find free courses
index of software-name - Find free software
ext:log “Software: Microsoft Internet Information Services *.*” - Microsoft ISS server logs (online activity)
Wi-Fi Hacking
Wi-Fi Hacking
Learn MoreSection by Nasus
Wireshark is a network protocol analyzer used to capture traffic.
Putting your adapter in Monitor mode, or RFMON mode, allows a computer with a wireless network interface controller to monitor all traffic received on a wireless channel. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point
Buy a WiFi Adapter that supports Monitor Mode.
The most recommended brand is Alfa for WiFi Adapters.
Tools
Alla Network AWUS036NH & Alla Network 1000 mW AWUS036H.