β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Common WEB vulnerabilities and repair suggestions :
1) High-risk vulnerabilities include SQL injection vulnerabilities, XSS cross-site scripting vulnerabilities, source code leaks on pages, backup files on websites, files containing SVN information on websites, and arbitrary file read vulnerabilities in Resin on websites.
2) SQL injection vulnerability: The website program ignores the check of the SQL statement contained in the input string, which makes the SQL statement contained in the database mistakenly regarded as a legal SQL command and run, resulting in various sensitive data in the database being stolen, changed or delete.
3) XSS Cross-Site Scripting Vulnerability: The website program ignores the checking of special characters and strings (such as <>'"<script><iframe>onload) in the input string, allowing an attacker to trick users into visiting pages containing malicious JavaScript code , Causing malicious code to be executed in the userβs browser, resulting in the theft of the target userβs authority or the tampering of data.
4) Source code leakage on the page: The source code leakage on the page may lead to the disclosure of the key logic of the website service and the configured account password. Attackers can use this information to obtain website permissions more easily, leading to the website being hacked.
5) There are backup files on the website: There are backup files on the website, such as database backup files, website source code backup files, etc. Attackers can use this information to obtain website permissions more easily, leading to the website being hacked.
6) There is a file containing SVN information on the website: There is a file containing SVN information on the website, which is a private file of the version controller of the website source code, which contains the address of the SVN service, the private file name submitted, the SVN user name and other information. This information is helpful The attacker has a more comprehensive understanding of the structure of the website and provides help for the attacker to invade the website.
7) Resin arbitrary file reading vulnerability exists in the website: The website installed with certain versions of Resin server has a vulnerability that can read arbitrary files. Attackers can use this vulnerability to read any file content of the website server, causing the website to be hacked.
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Common WEB vulnerabilities and repair suggestions :
1) High-risk vulnerabilities include SQL injection vulnerabilities, XSS cross-site scripting vulnerabilities, source code leaks on pages, backup files on websites, files containing SVN information on websites, and arbitrary file read vulnerabilities in Resin on websites.
2) SQL injection vulnerability: The website program ignores the check of the SQL statement contained in the input string, which makes the SQL statement contained in the database mistakenly regarded as a legal SQL command and run, resulting in various sensitive data in the database being stolen, changed or delete.
3) XSS Cross-Site Scripting Vulnerability: The website program ignores the checking of special characters and strings (such as <>'"<script><iframe>onload) in the input string, allowing an attacker to trick users into visiting pages containing malicious JavaScript code , Causing malicious code to be executed in the userβs browser, resulting in the theft of the target userβs authority or the tampering of data.
4) Source code leakage on the page: The source code leakage on the page may lead to the disclosure of the key logic of the website service and the configured account password. Attackers can use this information to obtain website permissions more easily, leading to the website being hacked.
5) There are backup files on the website: There are backup files on the website, such as database backup files, website source code backup files, etc. Attackers can use this information to obtain website permissions more easily, leading to the website being hacked.
6) There is a file containing SVN information on the website: There is a file containing SVN information on the website, which is a private file of the version controller of the website source code, which contains the address of the SVN service, the private file name submitted, the SVN user name and other information. This information is helpful The attacker has a more comprehensive understanding of the structure of the website and provides help for the attacker to invade the website.
7) Resin arbitrary file reading vulnerability exists in the website: The website installed with certain versions of Resin server has a vulnerability that can read arbitrary files. Attackers can use this vulnerability to read any file content of the website server, causing the website to be hacked.
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦So is the SMS verification code really safe?
1) If it is safe, nothing is really safe, and SMS verification code is not the safest way to verify your identity. The reason why identity verification through SMS can grow wildly within a few years is that it is the lowest cost, easiest and most convenient verification method for secondary verification through SMS.
2) Another reason is that the popularity of mobile phones is also the easiest to be widely used by users. Accept, and the security level of SMS verification is relatively high.
3) Relatively speaking, the security of the secondary identity verification by SMS is relatively high. The difference is that due to the popularity of smart phones, the loopholes in the mobile phone system are also increasing, and the existence of various Trojan horses has led to the emergence of the security of identity verification by SMS. problem. But at present it is still a relatively safe verification method.
π¦What kind of threats are mobile SMS verification facing? What kind of response?
1) Since it is the era of smart phones, the biggest threat to mobile phone SMS verification is from SMS Trojans on smart platforms. This type of SMS Trojan horse sends short connection SMS to allow users to download and install the Trojan without their knowledge. When the Trojan horse is installed in the mobile phone, it will reset the userβs property-related application account password and intercept the SMS verification code. Reset the user's account.
2) This is a threat to the userβs SMS verification security, but because of the simplicity of writing, such Trojans have already formed a very complete industry chain. Make Trojans β sell Trojans β rent Trojans β conduct phishing scams β wash after success No. β Transfer of property . This is a huge industrial chain located underground, and because it has derived a series of industries,
3) I won't say much here. Of course, smart platforms have also issued corresponding policies to reduce the incidence of such thefts. For example, after the Android system version 4.4 has tightened the permissions for SMS, most of them still rely on users to increase their vigilance to prevent
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦So is the SMS verification code really safe?
1) If it is safe, nothing is really safe, and SMS verification code is not the safest way to verify your identity. The reason why identity verification through SMS can grow wildly within a few years is that it is the lowest cost, easiest and most convenient verification method for secondary verification through SMS.
2) Another reason is that the popularity of mobile phones is also the easiest to be widely used by users. Accept, and the security level of SMS verification is relatively high.
3) Relatively speaking, the security of the secondary identity verification by SMS is relatively high. The difference is that due to the popularity of smart phones, the loopholes in the mobile phone system are also increasing, and the existence of various Trojan horses has led to the emergence of the security of identity verification by SMS. problem. But at present it is still a relatively safe verification method.
π¦What kind of threats are mobile SMS verification facing? What kind of response?
1) Since it is the era of smart phones, the biggest threat to mobile phone SMS verification is from SMS Trojans on smart platforms. This type of SMS Trojan horse sends short connection SMS to allow users to download and install the Trojan without their knowledge. When the Trojan horse is installed in the mobile phone, it will reset the userβs property-related application account password and intercept the SMS verification code. Reset the user's account.
2) This is a threat to the userβs SMS verification security, but because of the simplicity of writing, such Trojans have already formed a very complete industry chain. Make Trojans β sell Trojans β rent Trojans β conduct phishing scams β wash after success No. β Transfer of property . This is a huge industrial chain located underground, and because it has derived a series of industries,
3) I won't say much here. Of course, smart platforms have also issued corresponding policies to reduce the incidence of such thefts. For example, after the Android system version 4.4 has tightened the permissions for SMS, most of them still rely on users to increase their vigilance to prevent
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦USA NUMBERS FOR SOCIAL MEDIA APPS :
UPDATED LIST
1) https://www.ring4.com/en/
2) https://www.numeroesim.com/
3) https://www.openphone.co/
4) https://talkroute.com/mobile-apps-ios-android/
5) https://www.vonage.com/personal/vonage-mobile-app?
6) https://sonetel.com/en/
7) https://www.virtualphone.com/
8) https://www.worldsim.com/virtual-phone-number?___store=usa
9) http://www.telosapp.com/
10) https://www.cloudsimapp.com/
11) https://www.line2.com/
12) https://www.burnerapp.com/ (GOOD FOR WHATSAPP)
13) https://apkpure.com/usa-free-number/com.usa.free.nu
14) https://2ndline-second-phone-number.en.softonic.com/android
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦USA NUMBERS FOR SOCIAL MEDIA APPS :
UPDATED LIST
1) https://www.ring4.com/en/
2) https://www.numeroesim.com/
3) https://www.openphone.co/
4) https://talkroute.com/mobile-apps-ios-android/
5) https://www.vonage.com/personal/vonage-mobile-app?
6) https://sonetel.com/en/
7) https://www.virtualphone.com/
8) https://www.worldsim.com/virtual-phone-number?___store=usa
9) http://www.telosapp.com/
10) https://www.cloudsimapp.com/
11) https://www.line2.com/
12) https://www.burnerapp.com/ (GOOD FOR WHATSAPP)
13) https://apkpure.com/usa-free-number/com.usa.free.nu
14) https://2ndline-second-phone-number.en.softonic.com/android
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Docker for beginers :
Docker is the world's leading software containerization platform. For different types of penetration testing , we can use Docker to create corresponding environments. With Docker containers, you can put the test environment on a USB flash drive or the cloud.
Β»What is Docker
1) Docker is an open source technology. In software containers, you can create, run, test, and deploy applications. Dcoker allows you to deploy applications quickly, reliably, and stably in any environment.
2) The container has the advantages of being portable, convenient and fast. Using Docker, we can create an image, and then create other environments on the basis of this image. For example, we downloaded Kali Linux as a basic container, but it didn't install the tools we need. We regard it as a basic container, install the required tools on it, and then save it as a new image without affecting the original image.
3) In other words, based on the original image, a container containing forensic tools and Web penetration testing tools can be created.
π¦Tools for web penetration testing
W3af-console
SQLMap
Arachni
Nikto
Websploit
Nmap
π¦About installation
The installation of Docker depends on the operating system you are using, but now we can find installation packages for most systems in the official warehouse.
example we use the OpenSuse system.
_0x4a0x72@pwned ~ sudo zypper se docker
S | Nome | Resumo | Tipo
β+ββββββββββ+βββββββββββββββββββββ+ββββ-
| docker | The Linux container runtime | pacote
_0x4a0x72@pwned ~ sudo zypper in docker
After the installation is successful, you must enable and start the service
_0x4a0x72@pwned ~ sudo systemctl enable docker
_0x4a0x72@pwned ~ sudo systemctl start docker
_0x4a0x72@pwned ~ sudo docker info
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Docker for beginers :
Docker is the world's leading software containerization platform. For different types of penetration testing , we can use Docker to create corresponding environments. With Docker containers, you can put the test environment on a USB flash drive or the cloud.
Β»What is Docker
1) Docker is an open source technology. In software containers, you can create, run, test, and deploy applications. Dcoker allows you to deploy applications quickly, reliably, and stably in any environment.
2) The container has the advantages of being portable, convenient and fast. Using Docker, we can create an image, and then create other environments on the basis of this image. For example, we downloaded Kali Linux as a basic container, but it didn't install the tools we need. We regard it as a basic container, install the required tools on it, and then save it as a new image without affecting the original image.
3) In other words, based on the original image, a container containing forensic tools and Web penetration testing tools can be created.
π¦Tools for web penetration testing
W3af-console
SQLMap
Arachni
Nikto
Websploit
Nmap
π¦About installation
The installation of Docker depends on the operating system you are using, but now we can find installation packages for most systems in the official warehouse.
example we use the OpenSuse system.
_0x4a0x72@pwned ~ sudo zypper se docker
S | Nome | Resumo | Tipo
β+ββββββββββ+βββββββββββββββββββββ+ββββ-
| docker | The Linux container runtime | pacote
_0x4a0x72@pwned ~ sudo zypper in docker
After the installation is successful, you must enable and start the service
_0x4a0x72@pwned ~ sudo systemctl enable docker
_0x4a0x72@pwned ~ sudo systemctl start docker
_0x4a0x72@pwned ~ sudo docker info
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Base64 Encode and Decode From Command Line :
how to use the base64 command to encode and decode the data in a string or a file ?
example We have performed the commands on Ubuntu 20.04 Focal Fossa system. However, you can also run the same commands on other Linux distributions. For running the commands, we have used the command line Terminal application, which can be accessed using the Ctrl+Alt+T keyboard shortcut.
A) Base64 Syntax
1) Here is the syntax for encoding using Base64:
base64 [OPTION] [FILE]
Options
Some of the command-line options that can be used with base64 command are:
-d or --decode
2) Use this option to decode a file or a string.
--help
Use this option to display help regarding the usage of base64.
-i, --ignore-garbage
Use this option while decoding to ignore non-alphabet characters
--version
Use this option to display version information
B) Encoding String
You can easily encode a string using the base64 command. For instance, to encode a sample text βWelcome to Linuxβ to base64, the command would be:
$ echo βWelcome to Linuxβ | base64
1) This command will encode the text in the string using base64 and print the encoded text to standard output
2) You can also save the encoded output to a file rather than printing to standard output using the redirection operator (>). The following command will encode the text and save the output to a file named βencodedfile.txt:
$ echo βWelcome to Linuxβ | base64 > encodedfile.txt
3) To view the encoded file, you can use the cat command:
$ cat encodedfile.txt
C) Decoding String
1) You can also decode the base64 encoded text using the βdecode or -d option. For instance to decode base64 encoded text βV2VsY29tZSB0byBMaW51eAo=β, the command would be:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 --decode
2) This command will decode the base64 encoded text and print the original text on the standard outpuT
3) You can also save the decoded output to a file rather than printing to standard output using the redirection operator (>). The following command will decode the encoded text and save the original text to a file named βdecodedfile.txt:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 βdecode > decodedfile.txt
E) Encoding Text File
The base64 command can also be used to encode a text file. For instance, to encode a text file named βtestfile.txtβ, the command would be:
$ base64 testfile.txt
unix forum
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Base64 Encode and Decode From Command Line :
how to use the base64 command to encode and decode the data in a string or a file ?
example We have performed the commands on Ubuntu 20.04 Focal Fossa system. However, you can also run the same commands on other Linux distributions. For running the commands, we have used the command line Terminal application, which can be accessed using the Ctrl+Alt+T keyboard shortcut.
A) Base64 Syntax
1) Here is the syntax for encoding using Base64:
base64 [OPTION] [FILE]
Options
Some of the command-line options that can be used with base64 command are:
-d or --decode
2) Use this option to decode a file or a string.
--help
Use this option to display help regarding the usage of base64.
-i, --ignore-garbage
Use this option while decoding to ignore non-alphabet characters
--version
Use this option to display version information
B) Encoding String
You can easily encode a string using the base64 command. For instance, to encode a sample text βWelcome to Linuxβ to base64, the command would be:
$ echo βWelcome to Linuxβ | base64
1) This command will encode the text in the string using base64 and print the encoded text to standard output
2) You can also save the encoded output to a file rather than printing to standard output using the redirection operator (>). The following command will encode the text and save the output to a file named βencodedfile.txt:
$ echo βWelcome to Linuxβ | base64 > encodedfile.txt
3) To view the encoded file, you can use the cat command:
$ cat encodedfile.txt
C) Decoding String
1) You can also decode the base64 encoded text using the βdecode or -d option. For instance to decode base64 encoded text βV2VsY29tZSB0byBMaW51eAo=β, the command would be:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 --decode
2) This command will decode the base64 encoded text and print the original text on the standard outpuT
3) You can also save the decoded output to a file rather than printing to standard output using the redirection operator (>). The following command will decode the encoded text and save the original text to a file named βdecodedfile.txt:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 βdecode > decodedfile.txt
E) Encoding Text File
The base64 command can also be used to encode a text file. For instance, to encode a text file named βtestfile.txtβ, the command would be:
$ base64 testfile.txt
unix forum
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack instagram via linux :
π»π΄π 'π π π π°π π :
1) git clone https://github.com/Ethical-H4CK3R/Instagram.git
this command will clone the entire program/script to your computer.
2) and now you need to chmod the file and open (go to) the directory of the program.
Type
> chmod -R 755 Instagram && cd Instagram
3) Now that we cloned the program/script, we now need to open the program.
> Type :
"ls"
to see what is inside the folder.
4) Now, as we know that there are three things inside the program/script folder, "Core", "README.md" and "instagram.py".
5) The executable program here is "instagram.py".
We need to execute the program. So type:
python instagram.py
6) For setup proxies https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/
7) for setup worldlist
https://www.youtube.com/watch?v=GUNA0THt4a4
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack instagram via linux :
π»π΄π 'π π π π°π π :
1) git clone https://github.com/Ethical-H4CK3R/Instagram.git
this command will clone the entire program/script to your computer.
2) and now you need to chmod the file and open (go to) the directory of the program.
Type
> chmod -R 755 Instagram && cd Instagram
3) Now that we cloned the program/script, we now need to open the program.
> Type :
"ls"
to see what is inside the folder.
4) Now, as we know that there are three things inside the program/script folder, "Core", "README.md" and "instagram.py".
5) The executable program here is "instagram.py".
We need to execute the program. So type:
python instagram.py
6) For setup proxies https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/
7) for setup worldlist
https://www.youtube.com/watch?v=GUNA0THt4a4
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Bitwise-01/Instagram-: Bruteforce attack for Instagram.
Bruteforce attack for Instagram. . Contribute to Bitwise-01/Instagram- development by creating an account on GitHub.
π¦FREE ANDROID SPYING APPLICATION :
Remote access to the complete database of the targeted device with full invisibility on targeted devices.
Remote access the LIVE SCREEN SHARING OF TARGETED DEVICE
Remotely access to WEB HISTORY(in processing)
Remotely MONITORING MULTIPLE DEVICES AT A TIME WITH
BETTER CONSOLE
REALTIME WEB CONSOLE FOR MONITORING AND CONTROLLING
BETTER UX/UI DESIGN EXPERIENCE
Β» https://github.com/ranaaditya/SPYZIER-APP
(open source)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Remote access to the complete database of the targeted device with full invisibility on targeted devices.
Remote access the LIVE SCREEN SHARING OF TARGETED DEVICE
Remotely access to WEB HISTORY(in processing)
Remotely MONITORING MULTIPLE DEVICES AT A TIME WITH
BETTER CONSOLE
REALTIME WEB CONSOLE FOR MONITORING AND CONTROLLING
BETTER UX/UI DESIGN EXPERIENCE
Β» https://github.com/ranaaditya/SPYZIER-APP
(open source)
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ranaaditya/SPYZIER-APP: Android spying app and Parental controller app.
Android spying app and Parental controller app. Contribute to ranaaditya/SPYZIER-APP development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create your own antivirus-malware detection tools & tutorials :
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.
* [HashCheck](https://github.com/gurnec/HashCheck) - Windows shell extension
to compute hashes with a variety of algorithms.
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
compare malware at a function level.
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
framework.
* [MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework
don't clone our tutorials
git
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create your own antivirus-malware detection tools & tutorials :
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.
* [HashCheck](https://github.com/gurnec/HashCheck) - Windows shell extension
to compute hashes with a variety of algorithms.
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
compare malware at a function level.
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
framework.
* [MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework
don't clone our tutorials
git
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - EmersonElectricCo/fsf: File Scanning Framework
File Scanning Framework. Contribute to EmersonElectricCo/fsf development by creating an account on GitHub.
WARNING! we receive many reports, some bad guys, use our profiles, names ! pictures or logos for a while & chatting peopleβs talking with Impersonation.
For chatting with undercode for support or help, dm admins in groups or go to social media only, or emails
Support@UndercodeTesting.com
Support@UndercodeNews.com
and thanks you.
For chatting with undercode for support or help, dm admins in groups or go to social media only, or emails
Support@UndercodeTesting.com
Support@UndercodeNews.com
and thanks you.