Hack facb theorical.pdf
373.1 KB
How to Hack into Facebook without being a Hacker
Forwarded from UNDERCODE NEWS
Megazone Cloud and MS Korea signed a partnership to support corporate digital transformation.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hacking PHP 4.4 Sites In 20 Seconds
Step 1 β Search for them
Yep,make a Google dork to find sites running Apache and PHP Its quite easy.
Step 2 β Scan them
Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.
Now just login using port 2000 ie -
http://www.website.com:2000
and you will be comfortably login into admin page like this -
You will login with port 2000 into website - rdhacker.blogspot.com
Step 3 β Hack them
Now in the fields,you have to type -
username β admin
password β aβ or 1=1 or βb
domain - aβ or 1=1 or βb
Inject the fields qith these values - rdhacker.blogspot.com
and press go,you will login into admin
and you have hacked into admin - EXAMPLE SITE....com
voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.
from prohack forum
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hacking PHP 4.4 Sites In 20 Seconds
Step 1 β Search for them
Yep,make a Google dork to find sites running Apache and PHP Its quite easy.
Step 2 β Scan them
Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.
Now just login using port 2000 ie -
http://www.website.com:2000
and you will be comfortably login into admin page like this -
You will login with port 2000 into website - rdhacker.blogspot.com
Step 3 β Hack them
Now in the fields,you have to type -
username β admin
password β aβ or 1=1 or βb
domain - aβ or 1=1 or βb
Inject the fields qith these values - rdhacker.blogspot.com
and press go,you will login into admin
and you have hacked into admin - EXAMPLE SITE....com
voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.
from prohack forum
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Fujitsuβs βfourth optionβ for S / 4HANA migration, what will change from the conventional method
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST APPS FOR MANAGE SIM CARD FROM PHONE :
https://play.google.com/store/apps/details?id=com.keesadens.SIMcardToolManager
https://play.google.com/store/apps/details?id=com.coolcraftstudio.simcardcopypro
https://play.google.com/store/apps/details?id=com.igorlazunna.android.simcardreader
https://play.google.com/store/apps/details?id=ice.andrea.contactmanager&hl=en&gl=US
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST APPS FOR MANAGE SIM CARD FROM PHONE :
https://play.google.com/store/apps/details?id=com.keesadens.SIMcardToolManager
https://play.google.com/store/apps/details?id=com.coolcraftstudio.simcardcopypro
https://play.google.com/store/apps/details?id=com.igorlazunna.android.simcardreader
https://play.google.com/store/apps/details?id=ice.andrea.contactmanager&hl=en&gl=US
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
SIM Tool Manager - Apps on Google Play
SIM Tool Manager is a tool for managing sim card numbers.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
New Vulnerabilities in VMware products could allow an attacker to exploit the installed system.
#Vulnerabilities
#Vulnerabilities
UNDERCODE COMMUNITY
Wifi Hacking Course https://www.mediafire.com/file/s5a6kp8602qhii6/Wifi_Hacking_Course_by_dedsec.rar/file
they ban those youtube videos in 1 h well
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MITM ATTACK:
[bettercap](https://github.com/evilsocket/bettercap)
A complete, modular, portable and easily extensible MITM framework
[CopyCat](https://github.com/compewter/CopyCat)
CopyCat is a Node.js based universal MITM web server. Used with DNS spoofing or another redirect attack, this server will act as a MITM for web traffic between the victim and a real server.
[dnschef](https://github.com/iphelix/dnschef)
DNSChef - DNS proxy for Penetration Testers and Malware Analysts
[dnsmitm](https://github.com/SySS-Research/dns-mitm)
A minimal DNS service that can provide spoofed replies
[Ettercap](https://github.com/Ettercap/ettercap)
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
[FakeDns](https://github.com/Crypt0s/FakeDns)
A regular-expression based python MITM DNS server with support for DNS Rebinding attacks
[hyperfox](https://github.com/malfunkt/hyperfox)
HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation
[mallory](https://github.com/intrepidusgroup/mallory)
An extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway
[MITMf](https://github.com/byt3bl33d3r/MITMf)
Framework for Man-In-The-Middle attacks
[mitmproxy](https://github.com/mitmproxy/mitmproxy)
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers
[node-http-mitm-proxy](https://github.com/joeferner/node-http-mitm-proxy)
HTTP Man In The Middle (MITM) Proxy written in node.js
[postgres-mitm](https://github.com/thusoy/postgres-mitm)
Test whether your Postgres connections are vulnerable to MitM attacks
[tiny-mitm-proxy](https://github.com/floyd-fuh/tiny-mitm-proxy)
Probably one of the smallest SSL MITM proxies you can make
[Seth](https://github.com/SySS-Research/Seth)
Perform a MitM attack and extract clear text credentials from RDP connections
[ssh-mitm](https://github.com/jtesta/ssh-mitm)
SSH man-in-the-middle tool
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MITM ATTACK:
[bettercap](https://github.com/evilsocket/bettercap)
A complete, modular, portable and easily extensible MITM framework
[CopyCat](https://github.com/compewter/CopyCat)
CopyCat is a Node.js based universal MITM web server. Used with DNS spoofing or another redirect attack, this server will act as a MITM for web traffic between the victim and a real server.
[dnschef](https://github.com/iphelix/dnschef)
DNSChef - DNS proxy for Penetration Testers and Malware Analysts
[dnsmitm](https://github.com/SySS-Research/dns-mitm)
A minimal DNS service that can provide spoofed replies
[Ettercap](https://github.com/Ettercap/ettercap)
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
[FakeDns](https://github.com/Crypt0s/FakeDns)
A regular-expression based python MITM DNS server with support for DNS Rebinding attacks
[hyperfox](https://github.com/malfunkt/hyperfox)
HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation
[mallory](https://github.com/intrepidusgroup/mallory)
An extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway
[MITMf](https://github.com/byt3bl33d3r/MITMf)
Framework for Man-In-The-Middle attacks
[mitmproxy](https://github.com/mitmproxy/mitmproxy)
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers
[node-http-mitm-proxy](https://github.com/joeferner/node-http-mitm-proxy)
HTTP Man In The Middle (MITM) Proxy written in node.js
[postgres-mitm](https://github.com/thusoy/postgres-mitm)
Test whether your Postgres connections are vulnerable to MitM attacks
[tiny-mitm-proxy](https://github.com/floyd-fuh/tiny-mitm-proxy)
Probably one of the smallest SSL MITM proxies you can make
[Seth](https://github.com/SySS-Research/Seth)
Perform a MitM attack and extract clear text credentials from RDP connections
[ssh-mitm](https://github.com/jtesta/ssh-mitm)
SSH man-in-the-middle tool
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - evilsocket/bettercap: DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap - evilsocket/bettercap
Forwarded from UNDERCODE NEWS
"Apple tax" has made concessions again, and Apple allows developers to receive free of charge until June next year
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
Unlimited Tethering (TERMUX-LINUX-WINDOWS)
Updated
Bypass tethering caps or throttling on cell phone unlimited data plans. Potentially cancel your internet and route your whole home though your unlimited data plan.
βUnlimited data plan
βAbility to hotspot your phone
βComputer or Router
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) Download Termux app, install openssh on it, make sure you have python2 as well and simlink the python2 command to python.
βpkg install python2
βpy2_path=$(which python2)
βpy_path=${py2_path%/*}/python
βln -s "$py2_path" "$py_path"
2) Configure authentication as explained here for SSH. If you don't already have a keypair it explains how to set up an ssh keypair and use it to authenticate to your phone from a PC. I personally used my existing SSH public key and made a folder / file ~/.ssh/authorized_keys on Termux and dropped it in there with something like curl "https://github.com/rifi2k.keys" > ~/.ssh/authorized_keys if you already have your public keys on github .
3) Hotspot your phone.
Run ifconfig inside Termux to get your current tethering local IP. It will be the only 192.x.x.x spit out and generally for andriod will be ending in 192.x.43.x. Save this.
4) Run sshd -dD inside Termux which starts an openssh server in debug mode to audit traffic. Your looking to see something like this as output from the above command.
debug1: Bind to port 8022 on ::.
Server listening on :: port 8022.
debug1: Bind to port 8022 on 0.0.0.0.
Server listening on 0.0.0.0 port 8022.
5) Now pop onto a PC and connect it to your hotspot.
Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into our saved IP address and port from earlier 192.x.43.x:8022 or similar.
6) You can use ssh which would look something like this.
If you want to use OpenSSH on Windows my recommendation would be Chocolatey package manager. https://gitlab.com/DarwinJS/ChocoPackages/tree/master/openssh
TERMUX_USER="u0_a249"
TERMUX_IP="192.x.43.x"
TERMUX_PORT="8022"
LOCAL_SOCKS_PORT="8123"
ssh -D $LOCAL_SOCKS_PORT -fqgN $TERMUX_USER@$TERMUX_IP -p $TERMUX_PORT
TERMUX_USER would be your username on the Termux app. TERMUX_IP would be the IP you got from ifconfig in Termux. TERMUX_PORT would be the port sshd is using in Termux. LOCAL_SOCKS_PORT would be the port you want to use for your local proxy.
7) So then once you run the above ssh command you need to configure a system wide or application specific Socks Proxy which would be proxying all traffic to 127.0.0.1 for the Socks Host and whatever LOCAL_SOCKS_PORT is from above for the Socks Port.
I use sshuttle which already handles most of the gotchas with tcp over tcp etc. and which also has a solution for Windows and linux. Also sshuttle generally handles setting up the Socks Proxy for you. A command for sshuttle might look like this.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Unlimited Tethering (TERMUX-LINUX-WINDOWS)
Updated
Bypass tethering caps or throttling on cell phone unlimited data plans. Potentially cancel your internet and route your whole home though your unlimited data plan.
βUnlimited data plan
βAbility to hotspot your phone
βComputer or Router
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) Download Termux app, install openssh on it, make sure you have python2 as well and simlink the python2 command to python.
βpkg install python2
βpy2_path=$(which python2)
βpy_path=${py2_path%/*}/python
βln -s "$py2_path" "$py_path"
2) Configure authentication as explained here for SSH. If you don't already have a keypair it explains how to set up an ssh keypair and use it to authenticate to your phone from a PC. I personally used my existing SSH public key and made a folder / file ~/.ssh/authorized_keys on Termux and dropped it in there with something like curl "https://github.com/rifi2k.keys" > ~/.ssh/authorized_keys if you already have your public keys on github .
3) Hotspot your phone.
Run ifconfig inside Termux to get your current tethering local IP. It will be the only 192.x.x.x spit out and generally for andriod will be ending in 192.x.43.x. Save this.
4) Run sshd -dD inside Termux which starts an openssh server in debug mode to audit traffic. Your looking to see something like this as output from the above command.
debug1: Bind to port 8022 on ::.
Server listening on :: port 8022.
debug1: Bind to port 8022 on 0.0.0.0.
Server listening on 0.0.0.0 port 8022.
5) Now pop onto a PC and connect it to your hotspot.
Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into our saved IP address and port from earlier 192.x.43.x:8022 or similar.
6) You can use ssh which would look something like this.
If you want to use OpenSSH on Windows my recommendation would be Chocolatey package manager. https://gitlab.com/DarwinJS/ChocoPackages/tree/master/openssh
TERMUX_USER="u0_a249"
TERMUX_IP="192.x.43.x"
TERMUX_PORT="8022"
LOCAL_SOCKS_PORT="8123"
ssh -D $LOCAL_SOCKS_PORT -fqgN $TERMUX_USER@$TERMUX_IP -p $TERMUX_PORT
TERMUX_USER would be your username on the Termux app. TERMUX_IP would be the IP you got from ifconfig in Termux. TERMUX_PORT would be the port sshd is using in Termux. LOCAL_SOCKS_PORT would be the port you want to use for your local proxy.
7) So then once you run the above ssh command you need to configure a system wide or application specific Socks Proxy which would be proxying all traffic to 127.0.0.1 for the Socks Host and whatever LOCAL_SOCKS_PORT is from above for the Socks Port.
I use sshuttle which already handles most of the gotchas with tcp over tcp etc. and which also has a solution for Windows and linux. Also sshuttle generally handles setting up the Socks Proxy for you. A command for sshuttle might look like this.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitLab
openssh Β· master Β· DarwinJS / ChocoPackages Β· GitLab
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦APPS & TIPS FOR VIEWS & SUBSC YOUTUBE :
https://play.google.com/store/apps/details?id=com.viewgrip.viewgripapp&hl=en&gl=US
(VIEWS)
https://play.google.com/store/apps/details?id=com.fairware.viralmyvideo&hl=en&gl=US
(VIEWS)
https://github.com/mayurkadampro/YouTube-SubBot
(BOT FOR SUBSC)
Part 1 Youtube Subscriber Python Bot - https://youtu.be/xXXryQw6CYc
Part 2 Youtube Subscriber Python Bot - https://youtu.be/M_ZauWVzWKc
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦APPS & TIPS FOR VIEWS & SUBSC YOUTUBE :
https://play.google.com/store/apps/details?id=com.viewgrip.viewgripapp&hl=en&gl=US
(VIEWS)
https://play.google.com/store/apps/details?id=com.fairware.viralmyvideo&hl=en&gl=US
(VIEWS)
https://github.com/mayurkadampro/YouTube-SubBot
(BOT FOR SUBSC)
Part 1 Youtube Subscriber Python Bot - https://youtu.be/xXXryQw6CYc
Part 2 Youtube Subscriber Python Bot - https://youtu.be/M_ZauWVzWKc
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
ViewGrip β Boost Views & Subs - Apps on Google Play
Boost your videos fast! Get views & subscribers now with the ViewGrip app!
Forwarded from UNDERCODE NEWS
Thousands of employees return to Beeline: The operator refused to outsource communication networks.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Pentest with java..
Leshan provides libraries which help people to develop their own Lightweight M2M server and client.
The project also provides a client, a server and a bootstrap server demonstration as an example of the Leshan API and for testing purpose.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) Get and run the last binary of our demo server :
wget https://ci.eclipse.org/leshan/job/leshan/lastSuccessfulBuild/artifact/leshan-server-demo.jar
java -jar ./leshan-server-demo.jar
2) Get and run the last binary of our demo client :
wget https://ci.eclipse.org/leshan/job/leshan/lastSuccessfulBuild/artifact/leshan-client-demo.jar
java -jar ./leshan-client-demo.jar
3) Get and run the last binary of our bootstrap demo server :
wget https://ci.eclipse.org/leshan/job/leshan/lastSuccessfulBuild/artifact/leshan-bsserver-demo.jar
java -jar ./leshan-bsserver-demo.jar
βΉοΈ : All the demos have a --help option.
π¦Compile Leshan & Run Demos
4) Get sources :
#using ssh
git clone git@github.com:eclipse/leshan.git
or
#using https
5) git clone https://github.com/eclipse/leshan.git
Compile it, by running in leshan root folder :
6) mvn clean install
7) Run demo server:
java -jar leshan-server-demo/target/leshan-server-demo-*-SNAPSHOT-jar-with-dependencies.jar
8) Connect on Leshan demo UI: http://localhost:8080
Leshan server Demo provides a very simple UI to get the list of connected clients and interact with clients resources.
9) Now you can register a LWM2M client by running our client demo:
java -jar leshan-client-demo/target/leshan-client-demo-*-SNAPSHOT-jar-with-dependencies.jar
or trying the Eclipse Wakaama test client.
10) You can also try our bootstrap demo server:
java -jar leshan-bsserver-demo/target/leshan-bsserver-demo-*-SNAPSHOT-jar-with-dependencies.jar
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Pentest with java..
Leshan provides libraries which help people to develop their own Lightweight M2M server and client.
The project also provides a client, a server and a bootstrap server demonstration as an example of the Leshan API and for testing purpose.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) Get and run the last binary of our demo server :
wget https://ci.eclipse.org/leshan/job/leshan/lastSuccessfulBuild/artifact/leshan-server-demo.jar
java -jar ./leshan-server-demo.jar
2) Get and run the last binary of our demo client :
wget https://ci.eclipse.org/leshan/job/leshan/lastSuccessfulBuild/artifact/leshan-client-demo.jar
java -jar ./leshan-client-demo.jar
3) Get and run the last binary of our bootstrap demo server :
wget https://ci.eclipse.org/leshan/job/leshan/lastSuccessfulBuild/artifact/leshan-bsserver-demo.jar
java -jar ./leshan-bsserver-demo.jar
βΉοΈ : All the demos have a --help option.
π¦Compile Leshan & Run Demos
4) Get sources :
#using ssh
git clone git@github.com:eclipse/leshan.git
or
#using https
5) git clone https://github.com/eclipse/leshan.git
Compile it, by running in leshan root folder :
6) mvn clean install
7) Run demo server:
java -jar leshan-server-demo/target/leshan-server-demo-*-SNAPSHOT-jar-with-dependencies.jar
8) Connect on Leshan demo UI: http://localhost:8080
Leshan server Demo provides a very simple UI to get the list of connected clients and interact with clients resources.
9) Now you can register a LWM2M client by running our client demo:
java -jar leshan-client-demo/target/leshan-client-demo-*-SNAPSHOT-jar-with-dependencies.jar
or trying the Eclipse Wakaama test client.
10) You can also try our bootstrap demo server:
java -jar leshan-bsserver-demo/target/leshan-bsserver-demo-*-SNAPSHOT-jar-with-dependencies.jar
β β β Uππ»βΊπ«Δπ¬πβ β β β