Forwarded from UNDERCODE NEWS
WARNING! Three unpatchable vulnerabilities in Adobe found in the Media Encoder tool
#Vulnerabilities
_
#Vulnerabilities
_
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FOR BEGINERS LINUX GIT SERVER SETUP :
A) First, you create a git user account and a .ssh directory for that user.
$ sudo adduser git
$ su git
$ cd
$ mkdir .ssh && chmod 700 .ssh
$ touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys
B) Next, you need to add some developer SSH public keys to the authorized_keys file for the git user. Letβs assume you have some trusted public keys and have saved them to temporary files. Again, the public keys look something like this:
$ cat /tmp/id_rsa.john.pub
C) You just append them to the git userβs authorized_keys file in its .ssh directory:
$ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys
Now, you can set up an empty repository for them by running git init with the --bare option, which initializes the repository without a working directory:
$ cd /srv/git
$ mkdir project.git
$ cd project.git
$ git init --bare
D) Initialized empty Git repository in /srv/git/project.git/
Then, John, Josie, or Jessica can push the first version of their project into that repository by adding it as a remote and pushing up a branch. Note that someone must shell onto the machine and create a bare repository every time you want to add a project. Letβs use gitserver as the hostname of the server on which youβve set up your git user and repository. If youβre running it internally, and you set up DNS for gitserver to point to that server, then you can use the commands pretty much as is (assuming that myproject is an existing project with files in it):
# on John's computer
$ cd myproject
$ git init
$ git add .
$ git commit -m 'Initial commit'
$ git remote add origin git@gitserver:/srv/git/project.git
$ git push origin master
E) At this point, the others can clone it down and push changes back up just as easily:
$ git clone git@gitserver:/srv/git/project.git
$ cd project
$ vim README
$ git commit -am 'Fix for README file'
$ git push origin master
With this method, you can quickly get a read/write Git server up and running for a handful of developers.
F) You should note that currently all these users can also log into the server and get a shell as the git user. If you want to restrict that, you will have to change the shell to something else in the /etc/passwd file.
You can easily restrict the git user account to only Git-related activities with a limited shell tool called git-shell that comes with Git. If you set this as the git user accountβs login shell, then that account canβt have normal shell access to your server. To use this, specify git-shell instead of bash or csh for that accountβs login shell. To do so, you must first add the full pathname of the git-shell command to /etc/shells if itβs not already there:
$ cat /etc/shells # see if git-shell is already in there. If not...
$ which git-shell # make sure git-shell is installed on your system.
$ sudo -e /etc/shells # and add the path to git-shell from last command
G) Now you can edit the shell for a user using chsh <username> -s <shell>:
$ sudo chsh git -s $(which git-shell)
Now, the git user can still use the SSH connection to push and pull Git repositories but canβt shell onto the machine. If you try, youβll see a login rejection like this:
$ ssh git@gitserver
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
H) Connection to gitserver closed.
At this point, users are still able to use SSH port forwarding to access any host the git server is able to reach.
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
sources unix/undercode/wiki
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FOR BEGINERS LINUX GIT SERVER SETUP :
A) First, you create a git user account and a .ssh directory for that user.
$ sudo adduser git
$ su git
$ cd
$ mkdir .ssh && chmod 700 .ssh
$ touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys
B) Next, you need to add some developer SSH public keys to the authorized_keys file for the git user. Letβs assume you have some trusted public keys and have saved them to temporary files. Again, the public keys look something like this:
$ cat /tmp/id_rsa.john.pub
C) You just append them to the git userβs authorized_keys file in its .ssh directory:
$ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys
Now, you can set up an empty repository for them by running git init with the --bare option, which initializes the repository without a working directory:
$ cd /srv/git
$ mkdir project.git
$ cd project.git
$ git init --bare
D) Initialized empty Git repository in /srv/git/project.git/
Then, John, Josie, or Jessica can push the first version of their project into that repository by adding it as a remote and pushing up a branch. Note that someone must shell onto the machine and create a bare repository every time you want to add a project. Letβs use gitserver as the hostname of the server on which youβve set up your git user and repository. If youβre running it internally, and you set up DNS for gitserver to point to that server, then you can use the commands pretty much as is (assuming that myproject is an existing project with files in it):
# on John's computer
$ cd myproject
$ git init
$ git add .
$ git commit -m 'Initial commit'
$ git remote add origin git@gitserver:/srv/git/project.git
$ git push origin master
E) At this point, the others can clone it down and push changes back up just as easily:
$ git clone git@gitserver:/srv/git/project.git
$ cd project
$ vim README
$ git commit -am 'Fix for README file'
$ git push origin master
With this method, you can quickly get a read/write Git server up and running for a handful of developers.
F) You should note that currently all these users can also log into the server and get a shell as the git user. If you want to restrict that, you will have to change the shell to something else in the /etc/passwd file.
You can easily restrict the git user account to only Git-related activities with a limited shell tool called git-shell that comes with Git. If you set this as the git user accountβs login shell, then that account canβt have normal shell access to your server. To use this, specify git-shell instead of bash or csh for that accountβs login shell. To do so, you must first add the full pathname of the git-shell command to /etc/shells if itβs not already there:
$ cat /etc/shells # see if git-shell is already in there. If not...
$ which git-shell # make sure git-shell is installed on your system.
$ sudo -e /etc/shells # and add the path to git-shell from last command
G) Now you can edit the shell for a user using chsh <username> -s <shell>:
$ sudo chsh git -s $(which git-shell)
Now, the git user can still use the SSH connection to push and pull Git repositories but canβt shell onto the machine. If you try, youβll see a login rejection like this:
$ ssh git@gitserver
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
H) Connection to gitserver closed.
At this point, users are still able to use SSH port forwarding to access any host the git server is able to reach.
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
sources unix/undercode/wiki
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEBSITES HACKING 2020 :
NekoBot | + shell checker Auto Exploiter With 500+ Exploit 2000+ Shell
f e a t u r e s :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [Revslider]
5- gravity-forms
6- userpro
7- wp-gdpr-compliance
8- wp-graphql
9- formcraft
10- Headway
11- Pagelines Plugin
12- WooCommerce-ProductAddons
13- CateGory-page-icons
14- addblockblocker
15- barclaycart
16- Wp 4.7 Core Exploit
17- eshop-magic
18- HD-WebPlayer
19- WP Job Manager
20- wp-miniaudioplayer
21- wp-support-plus
22- ungallery Plugin
23- WP User Frontend
24- Viral-options
25- Social Warfare
26- jekyll-exporter
27- cloudflare plugin
28- realia plugin
29- woocommerce-software
30- enfold-child Theme
31- contabileads plugin
32- prh-api plugin
33- dzs-videogallery plugin
34- mm-plugin
35- Wp-Install
36- Auto BruteForce
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
6- Com_facileforms
7- Com_Hdflvplayer
8- Com_Jbcatalog
9- Com_JCE
10- Com_jdownloads
11- Com_Joomanager
12- Com_Macgallery
13- Com_media
14- Com_Myblog
15- Com_rokdownloads
16- Com_s5_media_player
17- Com_SexyContactform
18- Joomla core 3.x RCE
19- Joomla core 3.x RCE [2019]
20 - Joomla Core 3.x Admin Takeover
21 - Auto BruteForce
22 - Com_b2jcontact
23 - Com_bt_portfolio
24 - Com_civicrm
25 - Com_extplorer
26 - Com_facileforms
27 - Com_FoxContent
28 - Com_jwallpapers
29 - Com_oziogallery
30 - Com_redmystic
31 - Com_simplephotogallery
32 - megamenu module
33 - mod_simplefileuploadv1
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal mailchimp
5- Drupal php-curl-class
6- BruteForce
7- Drupal SQL Add Admin
8- Drupal 7 RCE
9- bartik
10- Avatarafd Config
11- Drupal 8
12- Drupal Default UserPass
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- SMTP CRACKER
3- CV
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/tegal1337/NekoBotV1.git
2) cd NekoBot
3) run as python NekoBot.py
use for learn !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEBSITES HACKING 2020 :
NekoBot | + shell checker Auto Exploiter With 500+ Exploit 2000+ Shell
f e a t u r e s :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [Revslider]
5- gravity-forms
6- userpro
7- wp-gdpr-compliance
8- wp-graphql
9- formcraft
10- Headway
11- Pagelines Plugin
12- WooCommerce-ProductAddons
13- CateGory-page-icons
14- addblockblocker
15- barclaycart
16- Wp 4.7 Core Exploit
17- eshop-magic
18- HD-WebPlayer
19- WP Job Manager
20- wp-miniaudioplayer
21- wp-support-plus
22- ungallery Plugin
23- WP User Frontend
24- Viral-options
25- Social Warfare
26- jekyll-exporter
27- cloudflare plugin
28- realia plugin
29- woocommerce-software
30- enfold-child Theme
31- contabileads plugin
32- prh-api plugin
33- dzs-videogallery plugin
34- mm-plugin
35- Wp-Install
36- Auto BruteForce
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
6- Com_facileforms
7- Com_Hdflvplayer
8- Com_Jbcatalog
9- Com_JCE
10- Com_jdownloads
11- Com_Joomanager
12- Com_Macgallery
13- Com_media
14- Com_Myblog
15- Com_rokdownloads
16- Com_s5_media_player
17- Com_SexyContactform
18- Joomla core 3.x RCE
19- Joomla core 3.x RCE [2019]
20 - Joomla Core 3.x Admin Takeover
21 - Auto BruteForce
22 - Com_b2jcontact
23 - Com_bt_portfolio
24 - Com_civicrm
25 - Com_extplorer
26 - Com_facileforms
27 - Com_FoxContent
28 - Com_jwallpapers
29 - Com_oziogallery
30 - Com_redmystic
31 - Com_simplephotogallery
32 - megamenu module
33 - mod_simplefileuploadv1
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal mailchimp
5- Drupal php-curl-class
6- BruteForce
7- Drupal SQL Add Admin
8- Drupal 7 RCE
9- bartik
10- Avatarafd Config
11- Drupal 8
12- Drupal Default UserPass
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- SMTP CRACKER
3- CV
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/tegal1337/NekoBotV1.git
2) cd NekoBot
3) run as python NekoBot.py
use for learn !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - tegal1337/NekoBotV1: NekoBot | Auto Exploiter With 500+ Exploit 2000+ Shell
NekoBot | Auto Exploiter With 500+ Exploit 2000+ Shell - GitHub - tegal1337/NekoBotV1: NekoBot | Auto Exploiter With 500+ Exploit 2000+ Shell
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code.pdf
495.3 KB
Introduction
v4.8 of the dotnet framework uses Antimalware Scan Interface (AMSI) and Windows Lockdown Policy (WLDP) to block potentially unwanted software running from memory. WLDP will verify the digital signature of dynamic code while AMSI will scan for software that is either harmful or blocked by the administrator. This post documents three publiclyknown methods red teams currently use to bypass AMSI and one to bypass WLDP. The bypass methods described are somewhat generic and donβt require any special knowledge. If youβre reading this post anytime after June 2019, the methods may no longer work. The research shown here was conducted in collaboration with TheWover.
v4.8 of the dotnet framework uses Antimalware Scan Interface (AMSI) and Windows Lockdown Policy (WLDP) to block potentially unwanted software running from memory. WLDP will verify the digital signature of dynamic code while AMSI will scan for software that is either harmful or blocked by the administrator. This post documents three publiclyknown methods red teams currently use to bypass AMSI and one to bypass WLDP. The bypass methods described are somewhat generic and donβt require any special knowledge. If youβre reading this post anytime after June 2019, the methods may no longer work. The research shown here was conducted in collaboration with TheWover.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WIRELESS HACKING:
Dribble is a project I developed to play with my Raspberry Pie. The purpose of dribble is to stealing Wi-Fi passwords by exploiting web browser's cache. Dribble creates a fake Wi-Fi access point and waits for clients to connect to it. When clients connects, dribble intercepts every HTTP requests performed to JavaScript pages and injects a malicious JavaScipt code. The malicious JavaScript code is cached so that it persists when clients disconnect. When clients disconnect and reconnect back to their home router, the malicious JavaScript code activates, steals the Wi-Fi password from the router and send it back to the attacker.
Requirements:
hostapd
dnsmasq
node.js
bettercap
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Download and run
To run dribble, just download the repo and run it as root.
1) git clone https://github.com/rhaidiz/dribble
2) cd dribble
3) sudo ./dribble
Configuration
4) All the configuration you need is located in the config file:
# the internet interface
internet=eth0
# the wifi interface
phy=wlan0
# The ESSID
essid="TEST"
# collector
collector="http://rhaidiz.net/something"
# the routers' IPs
routerips=("192.168.0.1/24" "10.0.0.1/24")
# usernames dictionary
usernames="['admin', 'admin1', 'test']"
# passwords dictionaris
passwords="['admin', 'admin1', 'password']"
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WIRELESS HACKING:
Dribble is a project I developed to play with my Raspberry Pie. The purpose of dribble is to stealing Wi-Fi passwords by exploiting web browser's cache. Dribble creates a fake Wi-Fi access point and waits for clients to connect to it. When clients connects, dribble intercepts every HTTP requests performed to JavaScript pages and injects a malicious JavaScipt code. The malicious JavaScript code is cached so that it persists when clients disconnect. When clients disconnect and reconnect back to their home router, the malicious JavaScript code activates, steals the Wi-Fi password from the router and send it back to the attacker.
Requirements:
hostapd
dnsmasq
node.js
bettercap
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Download and run
To run dribble, just download the repo and run it as root.
1) git clone https://github.com/rhaidiz/dribble
2) cd dribble
3) sudo ./dribble
Configuration
4) All the configuration you need is located in the config file:
# the internet interface
internet=eth0
# the wifi interface
phy=wlan0
# The ESSID
essid="TEST"
# collector
collector="http://rhaidiz.net/something"
# the routers' IPs
routerips=("192.168.0.1/24" "10.0.0.1/24")
# usernames dictionary
usernames="['admin', 'admin1', 'test']"
# passwords dictionaris
passwords="['admin', 'admin1', 'password']"
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - rhaidiz/dribble: Stealing Wi-Fi passwords via browser's cache poisoning.
Stealing Wi-Fi passwords via browser's cache poisoning. - rhaidiz/dribble
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦GAME HACKING APPS FOR ANDROID :
https://xmodgames.download
https://hackerbot.net/software/444-hackerbot-download
https://sbgamehacker.download/apk/
https://creehack.net
https://gameguardian.net/download
https://gamecihworld.puzl.com
https://www.luckypatchers.com/lucky-patcher-6-0-7-apk/
http://leoplaycard.info
https://gamekiller.co
https://latestmodapks.com/download-freedom-apk-latest/
https://play.google.com/store/apps/details?id=com.acr.rootfilemanager&hl=en_IN
USE FOR OFFLINE GAMES (LEGAL) :)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦GAME HACKING APPS FOR ANDROID :
https://xmodgames.download
https://hackerbot.net/software/444-hackerbot-download
https://sbgamehacker.download/apk/
https://creehack.net
https://gameguardian.net/download
https://gamecihworld.puzl.com
https://www.luckypatchers.com/lucky-patcher-6-0-7-apk/
http://leoplaycard.info
https://gamekiller.co
https://latestmodapks.com/download-freedom-apk-latest/
https://play.google.com/store/apps/details?id=com.acr.rootfilemanager&hl=en_IN
USE FOR OFFLINE GAMES (LEGAL) :)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Techylist
Xmodgames - Download Xmod Apk For Android (Official)
People have been playing games like Clash of Clans, Minecraft, Clash Royale, Asphalt 8, Mortal Combat, etc. for such a long time that, most of them become dull. This is probably because the game is small or it is very hard after a certain level. So in suchβ¦
Forwarded from UNDERCODE NEWS
After fined Google 9.7 billion US dollars, the EU exaggerated Google: shopping search is not bad
#International
_
#International
_
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦all trusted websites 2020 for buying bitcoin :
https://bitcoin.org/en/buy
www.luno.com
www.coinbase.com
www.shakepay.com
www.altcointrader.co.za
Localbitcoin.com
www.belfrics.io
www.bitpesa.com
www.remitano.com
www.spectrocoin.com
www.flux.com
www.altcointrader.co.za
www.coinmama.com
www.cex.io
www.coinmama.com
www.altcointrader.co.za
www.golix.com
www.spectrocoin.com
www.luno.com
www.worldwidebitcoin.com
www.localbitcoins.com
https://bit2me.com/
www.blockchain.com
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦all trusted websites 2020 for buying bitcoin :
https://bitcoin.org/en/buy
www.luno.com
www.coinbase.com
www.shakepay.com
www.altcointrader.co.za
Localbitcoin.com
www.belfrics.io
www.bitpesa.com
www.remitano.com
www.spectrocoin.com
www.flux.com
www.altcointrader.co.za
www.coinmama.com
www.cex.io
www.coinmama.com
www.altcointrader.co.za
www.golix.com
www.spectrocoin.com
www.luno.com
www.worldwidebitcoin.com
www.localbitcoins.com
https://bit2me.com/
www.blockchain.com
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
bitcoin.org
Buy Bitcoin
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME FREE SMS APPLICATIONS :
http://www.chompsms.com/
https://play.google.com/store/apps/details?id=com.jb.gosms
http://www.handcent.com/
https://mightytext.net/
http://www.mysms.com/
https://play.google.com/store/apps/details?id=com.moez.QKSMS
http://www.textra.me/
textnow.com & textplus & nextplus...by watch videos..
verified from 1 month
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME FREE SMS APPLICATIONS :
http://www.chompsms.com/
https://play.google.com/store/apps/details?id=com.jb.gosms
http://www.handcent.com/
https://mightytext.net/
http://www.mysms.com/
https://play.google.com/store/apps/details?id=com.moez.QKSMS
http://www.textra.me/
textnow.com & textplus & nextplus...by watch videos..
verified from 1 month
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Chompsms
Chomp SMS - The antidote to boring texting...
An ultra-customizable alternative to your stock Android SMS / MMS app
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
#Web Hacking new
[Hack This Site!](https://www.hackthissite.org/) - a free, safe and legal training ground for hackers to test and expand their hacking skills
[Hack The Box](https://www.hackthebox.eu) - a free site to perform pentesting in a variety of different systems.
[Webhacking.kr](http://webhacking.kr/)
[0xf.at](https://0xf.at/) - a website without logins or ads where you can solve password-riddles (so called hackits).
[Gruyere](https://google-gruyere.appspot.com/)
[Others](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps)
https://github.com/Manisso/fsociety
https://github.com/sundowndev/hacker-roadmap
https://github.com/infoslack/awesome-web-hacking
https://github.com/LyleMi/Learn-Web-Hacking
https://github.com/nil0x42/phpsploit
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
#Web Hacking new
[Hack This Site!](https://www.hackthissite.org/) - a free, safe and legal training ground for hackers to test and expand their hacking skills
[Hack The Box](https://www.hackthebox.eu) - a free site to perform pentesting in a variety of different systems.
[Webhacking.kr](http://webhacking.kr/)
[0xf.at](https://0xf.at/) - a website without logins or ads where you can solve password-riddles (so called hackits).
[Gruyere](https://google-gruyere.appspot.com/)
[Others](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps)
https://github.com/Manisso/fsociety
https://github.com/sundowndev/hacker-roadmap
https://github.com/infoslack/awesome-web-hacking
https://github.com/LyleMi/Learn-Web-Hacking
https://github.com/nil0x42/phpsploit
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
www.hackthissite.org
HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.