▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is HNAP ?

Home Network Administration Protocol (HNAP) - Home Network Administration Protocol is a proprietary network protocol invented by Pure Networks, Inc. and acquired by Cisco Systems, which allows you to identify, configure and manage network devices. HNAP is based on SOAP.

This protocol appeared in 2007 and can be considered as a direct competitor to UPnP. Notable users of this protocol were Cisco and D-Link. However, both stopped using this protocol in 2012 and 2016, respectively. That is, yes, new devices no longer support this protocol, but the old routers are still there.

Especially noteworthy is that this feature is often hidden from the admin panel, making it impossible to disable it. If your router still supports HNAP, this probably means your router needs to be replaced.

Beginning in January 2010, vulnerabilities were discovered in several D-Link network devices, in which HNAP authentication could be bypassed.


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

multiple zero day vulnerabilities in the Treck TCP/IP stack that is widely used in embedded and IoT devices.

2020 METHODES FOR HACK GMAIL

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Email injection :

1) E-mail injection is a security loophole, which is widely present in Internet email receiving and sending applications. This is similar to email injection and HTTP header injection. Similar to SQL injection attacks, this type of vulnerability is a common type of vulnerability that occurs when one programming language is embedded in another, such as MYSQL embedded in PHP.

2) When a form that can submit data to a web application is added to a web page, malicious users may use the MIME format to add additional information to the message to be sent (POST/GET), such as a new recipient list or A completely different message body. Because the MIME format uses carriage returns to separate the information in the data packet (there is a newline character between each line in the HTTP packet, and there are two newline characters between POST and HTTP HEADER), submit the form data by adding a carriage return ( It can be easily done using some plug-ins of FB), which allows a simple message board to be used to send thousands of messages. Similarly, a spammer can use this tactic to maliciously send a large number of anonymous messages.

3) Email injection is a type of attack against the built-in mail function of PHP. It allows malicious attackers to inject any email header fields, BCC, CC, subject, etc., and it allows hackers to send spam from the victim's mail server by injection. For this reason, this type of attack is called email injection, or spam in the form of mail. This vulnerability is not limited to PHP. It may affect any application that receives messages from the user UI and sends email messages. The main reason for this kind of attack is improper user input verification or the application has no verification and filtering mechanism at all.

For codes and Examples :
https://github.com/TDA/EMailInjectionVuln

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free Online Analyzers

AndroTotal

Appknox - not free

AVC UnDroid

Virustotal - max 128MB

Fraunhofer App-ray - not free

AppCritique - Upload your Android APKs and receive comprehensive free security assessments.

NowSecure Lab Automated - Enterprise tool for mobile app security testing both Android and iOS mobile apps. Lab Automated features dynamic and static analysis on real devices in the cloud to return results in minutes. Not free

AMAaaS - Free Android Malware Analysis Service. A baremetal service features static and dynamic analysis for Android applications. A product of MalwarePot.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

TODAY TOPICS :

Vulnserver tutorial pdf
https://t.me/UnderCodeTesting/11781

How to properly protect sysctl on Linux from spoofing and Syn-flooding ?
https://t.me/UnderCodeTesting/11782

Course Fundamentals of Computer Hacking :
4.3 rating free
https://t.me/UnderCodeTesting/11783

Kubernetes hacking and Security
https://t.me/UnderCodeTesting/11784

How to manage Ethernet card using ethtool command
https://t.me/UnderCodeTesting/11785

Gmail Hacking-bruteforce + proxies (use spoof ip to avoid two-factor)
https://t.me/UnderCodeTesting/11786

some good proxies list /sock5
https://t.me/UnderCodeTesting/11788
https://pastebin.com/BDCXaWeY

MojoAuto (mojoAuto.cgi mojo) Blind SQL Injection Exploit
https://t.me/UnderCodeTesting/11790

Verified by Undercode, vulnerability allow to hack many chinese websites
A Warning for peoples for securing themself
https://t.me/UnderCodeTesting/11793

Tons of courses 🌹
https://t.me/UnderCodeTesting/11794

Wi-Fi rainbow table generator
https://t.me/UnderCodeTesting/11795

What is HNAP ?
https://t.me/UnderCodeTesting/11796

2020 HACK WITH RIPPLE
multiple zero day vulnerabilities in the Treck TCP/IP stack that is widely used in embedded and IoT devices.
https://t.me/UnderCodeTesting/11798

GMAIL BRUTEFORCE
https://t.me/UnderCodeTesting/11799

Email injection
https://t.me/UnderCodeTesting/11800

Free Online Analyzers
https://t.me/UnderCodeTesting/11801

ENJOY❤️👍🏻
USE FOR LEARN ! & SECURE OURSELF

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New mobile phone battery is dangerous to charge for 12 hours in the first three times :
#Tip

>< How to choose a safe and reliable battery and how to use the mobile phone battery correctly to reduce accidents?
　　
> When buying a mobile phone or changing the battery of a mobile phone, the shopping guide lady will repeatedly ask: charge the battery of the mobile phone for the first three times and charge it for 12 hours, which can extend the service life. In fact, this kind of mobile phone battery usage method is very incorrect, which can easily lead to danger. Mobile phone batteries, no matter how old or new, just need to be fully charged. If it is charged for twelve hours, the possibility of explosion will greatly increase.
　　
> This also reminds us that we should stop as soon as the battery is fully charged when charging the mobile phone battery. This is often ignored by consumers. Normally charging the mobile phone, as long as two to four hours is enough. The habit of many consumers is to charge when sleeping at night and stop charging when they wake up the next day. In this way, the mobile phone battery far exceeds the normal charging time. Get up in the morning and take the cell phone battery that is being charged. We can obviously feel that the temperature of the cell phone battery is much higher. This is a dangerous sign.
　　
> In order to prevent the occurrence of mobile phone battery explosion accidents, the most credible is to use original batteries. At present, there are a lot of unqualified fake and shoddy mobile phone batteries on the market, and the price is relatively cheap. Many consumers prefer to choose cheap "counterfeit batteries" when changing batteries. This creates hidden dangers for mobile phone battery accidents. Experts suggest that even if you change the battery of your mobile phone, it is best to buy the original manufacturer's mobile phone battery at a regular store.
　　
> In addition, high temperature occasions, violent impact, and direct connection of the positive and negative poles of the mobile phone battery with conductors, etc., can easily cause the mobile phone battery to explode.
　　
> Not afraid of ten thousand, just in case. Now mobile phones have become a must-have for us to carry around, and in many cases are inseparable. The correct choice and use of mobile phone batteries, avoid accidents, and build a safety line of defense for our lives are the wishes of every consumer.
　　
>Finally, give consumers a warm reminder: try not to put the mobile phone directly in your pocket, so that even if an accident occurs, there will be a buffer zone to avoid possible injuries.


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑run postfix with smtp authentication (sasldb) in a docker container. TLS and OpenDKIM support are optional.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) clone https://github.com/catatnight/docker-postfix

2) cd docker-postfix

3) Create postfix container with smtp authentication

$ sudo docker run -p 25:25 \
-e maildomain=mail.example.com -e smtp_user=user:pwd \
--name postfix -d catatnight/postfix
4) # Set multiple user credentials: -e smtp_user=user1:pwd1,user2:pwd2,...,userN:pwdN
Enable OpenDKIM: save your domain key .private in /path/to/domainkeys

$ sudo docker run -p 25:25 \
-e maildomain=mail.example.com -e smtp_user=user:pwd \
-v /path/to/domainkeys:/etc/opendkim/domainkeys \
--name postfix -d catatnight/postfix

5) Enable TLS(587): save your SSL certificates .key and .crt to /path/to/certs

$ sudo docker run -p 587:587 \
-e maildomain=mail.example.com -e smtp_user=user:pwd \
-v /path/to/certs:/etc/postfix/certs \
--name postfix -d catatnight/postfix

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK ANY LINUX :

F E A T U R E S :


QEMU emulation.
Currently supporting x86_64, i386, arm, mips, aarch64.
Small images built w/ buildroot.
Radare2 based static analysis.
Dynamic (behavioral) analysis using SystemTap kernel modules - captured syscalls, openfiles, process trees.
Network statistics and analysis of DNS, HTTP, Telnet and IRC communication.
Endpoints analysis and blacklists configuration.
Scaled with celery and RabbitMQ.
REST API | frontend.
Extensible through sub-analysis modules and custom images.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) $ git clone https://github.com/danieluhricek/lisa

2) $ cd lisa
Build.
# docker-compose build

3) Run the sandbox (default location: http://localhost:4242).
# docker-compose up

🦑Configuration
MaxMind GeoLite2
Sign up to get your API key. Use API key in docker-compose.yml build args section.

.
.
worker:
image: lisa-worker
build:
context: .
dockerfile: ./docker/worker/Dockerfile
args:
maxmind_key: YOUR_KEY
volumes:
- "./data/storage:/home/lisa/data/storage"

MORE CONFIG

https://github.com/danieluhricek/LiSa

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁