Full OSCP

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NGINUX TIPS :

1) Enable Nginx acquisition module

2) filebeat modules enable nginx

3) Edit Nginx collection configuration
vi modules.d/nginx.yml


- module: nginx
access:
enabled: true
var.paths: ["/data/access.log*"]
error:
enabled: true
var.paths: ["/data/error.log*"]
- module: nginx
access:
enabled: true
var.paths: ["/data/access.log*"]
error:
enabled: true
var.paths: ["/data/error.log*"]
Set Filebeat to create Index Pattern and Dashboard on Kibana
filebeat setup

4) Restart Filebeat to take effect
docker restart filebeat


🦑1) Create a storage volume to facilitate the joint mounting of Nginx and Filebeat containers

> docker volume create nginx-log-volume

2) Start the Nginx container and map the storage volume to the log directory

docker run -d --name nginx -p 80:80 -v nginx-log-volume:/var/log/nginx nginx:latest

3) Enter the container to modify the configuration
docker exec -it nginx /bin/bash

4) In the container environment, the default log will be input to stdout, so cancel this setting and specify the file
unlink /var/log/nginx/access.log
unlink /var/log/nginx/error.log
touch /var/log/nginx/access.log /var/log/nginx/error.log
nginx -s reload

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 the server code, the server binds the local IP and port to monitor access:


package udp;

import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetSocketAddress;

/
* UDP
*/
public class UdpServerSocket {

private byte[] buffer = new byte[1024];
private static DatagramSocket ds = null;
private DatagramPacket packet = null;
private InetSocketAddress socketAddress = null;

/

*/
public static void main(String[] args) throws Exception {
String serverHost = "127.0.0.1";
int serverPort = 3344;
UdpServerSocket udpServerSocket = new UdpServerSocket(serverHost,
serverPort);
while (true) {
udpServerSocket.receive();
udpServerSocket.response;
}
}

/
*/
public UdpServerSocket(String host, int port) throws Exception );
}

socketAddress = new InetSocketAddress(host, port);
ds = new DatagramSocket(socketAddress);
System.out.println( */

public final String receive() throws IOException {
packet = new DatagramPacket(buffer, buffer.length);
ds.receive(packet);
String info = new String(packet.getData(), 0, packet.getLength());
System.out.println("xy：" + info);
return info;
}

/
*/
public final void response(String info) throws IOException {
System.out.println(xy : " + packet.getAddress().getHostAddress()
+ ",口：" + packet.getPort());
DatagramPacket dp = new DatagramPacket(buffer, buffer.length, packet
.getAddress(), packet.getPort());
dp.setData(info.getBytes());
ds.send(dp);
}
}

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Websites bugs scanners online :

https://sitecheck.sucuri.net/

https://wpsec.com/

https://hackertarget.com/wordpress-security-scan/

http://www.scanwp.com/

https://wploop.com/wordpress-security-online-scanner/

https://quttera.com/

https://pentest-tools.com/network-vulnerability-scanning/ghost-scanner






▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

LIST OF SMARTPHONES VULNERABLES TO WANNCRY :

Galaxy Note 2
Galaxy Tab S2
Lg g4
Galaxy S7
Xiaomi Mi 4i
Galaxy S4
Galaxy Note 4
ZTE x500
Galaxy Note 3
Galaxy Tab 2
Oppo N3
Galaxy Note 5
Vivo X6 plus
Nexus 5
Nexus 5X
Galaxy Note Edge
Asus Zenfone 2
Galaxy A5
LenovoS90
OppoR7 plus
Xiaomi Redmi
Lenovo A8504

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Network security
#FastTips
is essentially the information security on the network. In a broad sense, all relevant technologies and theories related to the confidentiality, integrity, availability, authenticity and controllability of information on the network are the field of network security research. Ensuring the information security of the network system is the goal of network security. Information security includes two aspects: the security of information storage and the security of information transmission. Information storage security refers to the security of information in a static storage state, such as whether it will be used without authorization, etc. The transmission security of information refers to the safety of information in the dynamic transmission process. In order to ensure the security of network information transmission, there are the following issues:

　　(1) The monitoring of information on the network
　　(2) The impersonation of the user's identity
　　(3) The tampering of information on the network
　　(4) The denial of the information sent
　　(5) The retransmission of the information

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to find all files with 777 permissions on Linux


Correct file permissions are the most important part of managing your Linux system.

1) The file with 777 resolution is open for everyone to read and write.

2) Any user logged in can write to this file.

3) This can be very dangerous for your system.

In some cases, you may need to use 777 permissions, for example for a log file, etc.

But in most cases we don't need this.


A) find /path/to/dir -perm 777
The -perm command line parameter is used with the find command to find files based on rights.

You can use any permissions instead of 777 to search for files with only these permissions.

For example, to search for all files with privileges 777 in the home directory of the logged in user, type:

find $HOME -perm 777
The above command will search all files and directories with privileges 777 in the specified directory.

B) But if you do not want to include directories in this list, specify the type using the -type command line parameter :


> The command will only search for files with privileges 777 in the / var / www directory.
find /var/www -perm 777 -type f
To search only directories, enter:

find /var/www -perm 777 -type d
Hopefully this guide will help you find permissions based files and secure your Linux / Unix system.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Installing adblocker list for dnscrypt proxy
Here is a small bash script to download and update the list.

The code:

#! / bin / bash
DEST = "/ etc / dnscrypt-proxy / blacklist.txt"
#
# Blocks both adware + malware
# See for other lists https://github.com/StevenBlack/hosts
SRC = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
TMP_B_FILE = "$ (mktemp)"
TMP_B_FILE_SORTED = "$ (mktemp)"
wget --timeout = 10 --tries = 5 -qO- "$ {SRC}" | grep -Ev "(localhost)" | grep -Ev "#" | sed -E "s / (0.0.0.0 | 127.0.0.1 | 255.255.255.255) //" >> "$ {TMP_B_FILE}"
awk '/ ^ [^ #] / {print $ 1}' "$ {TMP_B_FILE}" | sort -u> "$ {TMP_B_FILE_SORTED}"
cp -f "$ {TMP_B_FILE_SORTED}" "$ DEST"
rm -f "$ {TMP_B_FILE}" "$ {TMP_B_FILE_SORTED}"
Running the script:
# ./update-adblocker.sh
Checking the list:
# more /etc/dnscrypt-proxy/blacklist.txt
Be sure to run the update-adblocker.sh script daily to get an updated list of hosts.
Add a new cron job like this:
@daily /path/to/update-adblocker.sh
Besides ads and malware , you can block fake news , gambling, porn, and social media !
How to enable dnscrypt proxy service
Use the systemctl command to enable the dnscrypt-proxy service on Linux:

$ sudo systemctl enable dnscrypt-proxy
Service start:
$ sudo systemctl start dnscrypt-proxy
Service check:
$ sudo systemctl status dnscrypt-proxy

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to fix and prevent DNS leaks?

There are several easy methods to fix DNS leaks. Again, the most efficient option is to choose a reliable VPN provider that does not keep logs of DNS server usage. The VPN should force all traffic to pass through its own servers instead of outsiders, including your ISP's. This prevents data leakage.

1) Use custom VPN apps whenever possible. Manually configuring your VPN connection and DNS settings increases the risk of DNS leaks if you don't fully understand what you are doing.

> Sometimes you need to enable DNS leak protection in your VPN app settings. This forces DNS queries to go through the VPN provider's DNS servers.

2) As usual, you need to use the VPN switch to prevent traffic from reaching your ISP if the VPN connection is lost.

If DNS leaks continue, notify your VPN provider. This will allow technicians to find the cause and fix it. If this doesn't work, choose another VPN service.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LIST OF VULNERABLES HOSTING AGAINST CARDERS :

3nt.com
NovoGara.com
abusehosting.ru
admintek.net
agava.ru
asiapacific-it.com
asiapacifichosting.com
avk-com.ru
beotel.net
berihoster.ru
borneo.kg
cinipac.com
cloud.volia.com
comsats.net.pk
dedicado.com.uy
deltahost.com
dis.telecom.kz
doclerweb.com
ecatel.co.uk
en.datasource.ch
en.hostsolutions.ro
en.ukrtelecom.ua
en.uplink.hu
eng.deninet.net
freehost.com.ua
hc.ru
hosting.nic.ru
hosting.tel.ru
hosting.tongacable.net
hosting.turk.net
hosting.ua
hostparatuvida.com
infiumhost.com
innovahosting.net
insacom.cl
iprosrv.com
ironservers.cl
ispcompania.com
ispserver.com
itools.mn
ixam-hosting.com
knownsrv.com
kras.host
laceibanetsociety.com
latinoserver.com
lfait.com
libertyvps.net
libyanspider.com
magicnet.md
melbicom.net
mycloud.by
natro.com
netassist.ua
netbrella.net
netengi.com
netplace.ru
networksdelmanana.com
nexlinx.net.pk
nexus.pk
online.tm
ouriran.com
planetahost.ru
privatelayer.com
pro-managed.com
ptclcloud.com.pk
pttrs.net
pw-service.com
radore.com
renter.ru
rx-name.ua
semele.com.tr
seohosting.com.tr
shinjiru.com
space.kz
swedehost.net
swedendedicated.com
tchile.com
tehnodom.com

!!!
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Bug Letsencrypt CAA :

According to Let's Encrypt's announcement, when a certificate request contains N domain names that required a CAA revalidation, Boulder (CA software) would pick one domain name and validate it N times.

In practice, this means that if a subscriber verified a domain name during X, and the CAA records for that domain during X allowed Let's Encrypt to be issued, that subscriber could issue a certificate containing that domain name up to X + 30 days, even if anyone I later set up CAA records for this domain name that prohibit issuing Let's Encrypt.

This bug was confirmed by the Let Encrypt team on February 29, 2020.

1) Let's take a look at how to check if a website domain is affected by the Letsencrypt CAA Rechecking vulnerability.

🦑How to check if your domain is not affected by the CAA LetsEncrypt revalidation error
To check if your domain is affected by the CAA revalidation error on any Unix-like systems, run:

$ curl -XPOST -d 'fqdn = www.example.com' https://unboundtest.com/caaproblem/checkhost

2) Replace www.example.com with your domain name.

If you see output as shown below, it means your domain is not affected!

3) The certificate currently available on www.example.com is OK. It is not one of the certificates affected by the Let's Encrypt CAA rechecking problem. Its serial number is 0fd078dd48f1a2bd4d0f2ba96b6038fe0000
If your domain is affected, the message will look like this:
The certificate currently available on www.example.com needs renewal because it is affected by the Let's Encrypt CAA rechecking problem. Its serial number is 0fd078dd48f1a2bd4d0f2ba96b6038fe0000. See your ACME client documentation for instructions on how to renew a certificate.
Alternatively, you can use the following online tool to check if your domain is affected by this threat.
https://checkhost.unboundtest.com/

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑mobile apps security

1) Make sure your application is free of vulnerabilities.
The most dangerous threat to an application is its own vulnerabilities and flaws.

Make sure there are no known vulnerabilities in your application.

It can be as a web application, mobile application, or desktop application, and the vulnerability remediation will help prevent threats.

2) Consider testing the security of your application before shipping it to production.
To eliminate the vulnerability, you can conduct security testing of your applications.

Security testing doesn't slow down the development process.

Security testing helps you find and fix vulnerabilities in your application, as well as make your applications more efficient.

Therefore, consider checking the security of your applications before going into production.

3) Bug Bounty program
Many large companies such as Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft are organizing Bug Bounty programs to identify vulnerabilities in their applications.

This program enables your organization to find and fix bugs before they become known to the public or known hackers.

This way you can prevent incidents.


4) Train your organization on application security best practices.
You can also protect your apps by educating your employees about their security.

Knowledge of cybersecurity can help your organization counter the threats of your applications.

5) Use an automatic scanner to keep the application secure.
Scanning your entire application is also a good security measure.

Consider using an automated scanner to scan that will run tests daily.

You can also use vulnerability scanning tools that are automated.

Vulnerability scanning tools will search your applications for vulnerabilities such as cross-site scripting, SQL injection, command injection, path traversal, etc.

6) Think Before Using Open Source In Your Application
open source can be vulnerable.

Thus, using open source code in your application can leave your applications vulnerable to cyber attacks.

So think twice before using open source in your application.

Riskemy.com says, "Just one line of tainted code can destroy an entire site."

7) Consider encrypting your application source code.
Source code encryption ensures that an attacker cannot gain access to the source code of your applications.

8) Penetration testing also helps protect your applications
Penetration testing is also a pentest.

Penetration testing is useful for protecting cybercriminal applications.

Penetration testing is the practice of discovering vulnerabilities in a computer system, network, or web application that an attacker could exploit.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑let's take a look at some of the popular bug bounty platforms.

1) Hackerone
Among boug bounty programs, Hackerone is a leader when it comes to accessing hackers, creating your reward programs, disseminating information and evaluating contributions.
You can use Hackerone in two ways: use the platform to collect vulnerability reports and write them yourself, or let Hackerone do the hard work (sorting).
Triaging is the process of reporting vulnerabilities, testing them, and communicating with hackers.

2) Bugcrowd
Bugcrowd offers several security assessment solutions, one of which is Bug Bounty.

It provides a SaaS solution that seamlessly integrates into your existing software lifecycle and makes it easy to run a successful bug-finding program.

You can choose a private bug-fighting program that involves multiple hackers, or a public one that collects thousands of sources.

3) SafeHats
If you work in a business and don't feel comfortable publishing your bug bounty program - and at the same time need more attention than a regular bug-reward platform can offer - SafeHats is your safest bet.
Dedicated security consultant, detailed hacker profiles, invite-only participation - all provided based on your needs and the maturity of your security model.

4) intigriti
Intigriti is a comprehensive bug bounty platform that connects you with White Hat hackers, whether you want to run a private or public program.

There are many generous things for hackers to get rich a little.
Depending on the size of the company and the industry, it is possible to hunt for bugs from 1,000 to 20,000 euros.


5) Synack
Synack seems to be one of those market exceptions that break the mold and end up doing something massive.
Their Hack the Pentagon security program was a major event that led to the discovery of several critical vulnerabilities.
So if you are looking for not only error detection but also top-notch security guidance and training, Synack is the place for you.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

sock5 proxies

https://pastebin.com/m6k8wdVC

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DNS FILTERING :

Benefits of using DNS filtering

1) There are many benefits to using DNS filtering for you and your family.

You've probably already tried this technique, but here's some more things you need to know:

2) Provides safe internet browsing
Using DNS filtering means blocking malicious sites that could potentially steal your personal information.

🦑Some other threats:

Ransomware
Phishing
Spyware
Virus s
Malicious software
You can avoid all of the above risks simply by applying a DNS filter.
Protects your data
We all have important data on your devices, and most of the time we don't use backups.

3) If you also do, you risk losing all your data if you visit dangerous Internet sources.

Luckily, the following software will take care of this for you.

Protects your device
Regardless of whether you are browsing websites from your phone, tablet or computer, visiting malicious websites can harm your device.

Some websites can install viruses on your device remotely, which can spoil functionality and make it partially useless.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ios Exploits :

Assetsd Type Confusion
lio_listio iOS 11.4.1 bug
libsqlite3 Infoleak -not yet-
libsqlite3 Memory Corruption -not yet-
Webkit Bug
Kernel Denial of Service
AFC (Apple File Conduit) Infoleak

https://github.com/rhaym-jailbreak/Exploits

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Requirements for the attacked router
Not all routers are suitable for the attacks in question, and old or highly secure equipment creates even more connection problems that sometimes cannot be established at all, for example, if the server cabinet is locked. Therefore, there are a number of specific conditions that must be met for the implementation of the task:

1) Free USB port: connecting power from the router itself via USB may be an ideal solution, but in our test we used a 3350 mAh self-contained battery, which allowed the

2) Orange Pi Zero to work uninterruptedly for 10 hours under medium to heavy load.

3) Available Ethernet port: to carry out an attack, you will need a free network connector on the router, but in large networks all RJ-45s are busy, so here it is preferable to use Orange Pi R1 with two connected Ethernet interfaces, which allow unauthorized connection to network devices by an intermediary method ( MITM).

4) Working DHCP Service: This component, which works in almost all network infrastructures, is required to automatically obtain an IP address for the Orange Pi Zero. However, institutions with a high level of information security, such as, for example, banks, may use complex static network configurations that can be used only after passing authentication, but such cases are beyond the scope of our publication, so we will not consider them for now.



@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. All the information we have so far is included in this page.

https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails