β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How Password Tracking to Protect Against Hacks Works in iOS 14 ?
1) Monitoring passwords in Safari
If iCloud Keychain is configured to automatically enter passwords in mobile apps and web apps, Safari will alert you of cracked passwords when you visit the site. If you use iCloud Keychain to automatically enter logins and passwords on sites in this browser, after logging in, the browser will warn you about the need to change the password on the site:
>βThis password appeared in a data breach, which increases the risk of this account being compromised. You must change your password immediately. "
βThe iPhone can create a complex password for you. Do you want to change the password for [site name] "?
2) If you click on the "Change password on the site" button, a window will open in the "Passwords" menu in the system settings. Here you can enter and change the password on the site or use the "Forgot your password?" Command, depending on the options available on the site. iCloud Keychain will help you choose a strong password.
If the site has an option to sign in with an Apple account, it is suggested that you do just that instead of having iCloud Keychain automatically generate a password. Your Apple ID will be used to sign in to your account. This will limit the amount of information the site collects about you.
3) Monitoring passwords in settings
If you don't want to wait for a warning about vulnerable passwords from Safari, for which you need to sign in to your account on the site, you can open system preferences and see security recommendations. This way you can take action before it's too late. It's also useful if you store passwords in the iCloud Keychain but don't use it for automatic data entry, so you won't get warnings in Safari.
Open the "Passwords" section in the system settings. Or you can tell Siri to "Open Passwords." Use Face ID, Touch ID, or PIN to sign in.
4) After logging into your account, you will see an option to auto-complete passwords. Here you can choose iCloud Keychain or another password manager like LastPass to automatically enter your username and password. Below this option and before the list of accounts, you will see security recommendations. Open them up.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How Password Tracking to Protect Against Hacks Works in iOS 14 ?
1) Monitoring passwords in Safari
If iCloud Keychain is configured to automatically enter passwords in mobile apps and web apps, Safari will alert you of cracked passwords when you visit the site. If you use iCloud Keychain to automatically enter logins and passwords on sites in this browser, after logging in, the browser will warn you about the need to change the password on the site:
>βThis password appeared in a data breach, which increases the risk of this account being compromised. You must change your password immediately. "
βThe iPhone can create a complex password for you. Do you want to change the password for [site name] "?
2) If you click on the "Change password on the site" button, a window will open in the "Passwords" menu in the system settings. Here you can enter and change the password on the site or use the "Forgot your password?" Command, depending on the options available on the site. iCloud Keychain will help you choose a strong password.
If the site has an option to sign in with an Apple account, it is suggested that you do just that instead of having iCloud Keychain automatically generate a password. Your Apple ID will be used to sign in to your account. This will limit the amount of information the site collects about you.
3) Monitoring passwords in settings
If you don't want to wait for a warning about vulnerable passwords from Safari, for which you need to sign in to your account on the site, you can open system preferences and see security recommendations. This way you can take action before it's too late. It's also useful if you store passwords in the iCloud Keychain but don't use it for automatic data entry, so you won't get warnings in Safari.
Open the "Passwords" section in the system settings. Or you can tell Siri to "Open Passwords." Use Face ID, Touch ID, or PIN to sign in.
4) After logging into your account, you will see an option to auto-complete passwords. Here you can choose iCloud Keychain or another password manager like LastPass to automatically enter your username and password. Below this option and before the list of accounts, you will see security recommendations. Open them up.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
What has to be done nowadays? Similar diagnostics for non-vulnerability and penetration checking
#Analytiques
#Analytiques
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to determine which services to restart on a Linux system:
1) Use the needrestart utility to determine which services need to be restarted after an upgrade.
2) Install the needrestart utility.
$ sudo apt install needrestart
3) Let's display the summary using the command line.
$ sudo needrestart --help
needrestart 3.4 - Restart daemons after library updates.
4) Check what needs to be restarted using convenient output:
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-8-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 3
NEEDRESTART-SVC: exim4.service
NEEDRESTART-SVC: postgresql@11-main.service
5) Verify what needs to be restarted using human-readable output (requires user interaction).
$ sudo needrestart -u NeedRestart :: UI :: stdio -rl
6) Restart the services.
$ sudo needrestart -u NeedRestart :: UI :: stdio -ra
7) Again, check if you need to restart.
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-8-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 3
8) Reboot your operating system and check if you need to restart.
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-9-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 1
9) $ sudo needrestart -u NeedRestart :: UI :: stdio -rl
Scanning processes ...
Scanning linux images ...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to determine which services to restart on a Linux system:
1) Use the needrestart utility to determine which services need to be restarted after an upgrade.
2) Install the needrestart utility.
$ sudo apt install needrestart
3) Let's display the summary using the command line.
$ sudo needrestart --help
needrestart 3.4 - Restart daemons after library updates.
4) Check what needs to be restarted using convenient output:
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-8-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 3
NEEDRESTART-SVC: exim4.service
NEEDRESTART-SVC: postgresql@11-main.service
5) Verify what needs to be restarted using human-readable output (requires user interaction).
$ sudo needrestart -u NeedRestart :: UI :: stdio -rl
6) Restart the services.
$ sudo needrestart -u NeedRestart :: UI :: stdio -ra
7) Again, check if you need to restart.
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-8-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 3
8) Reboot your operating system and check if you need to restart.
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-9-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 1
9) $ sudo needrestart -u NeedRestart :: UI :: stdio -rl
Scanning processes ...
Scanning linux images ...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Demonstration experiment of search and reservation of work facilities will start in January next year, NTT Com and other three parties.
#international
#international
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦# οΈβ£ What is HMAC (Hach-based Message Authentication Code) ?
A message is data, text, image, or whatever we want to authenticate.
The message is verified for authenticity with the key by hashing them.
2) Key
The key is used by both parties to authenticate the message.
As stated earlier, the message and the key are used together and the hash value is calculated.
3) Hash function
The hash function is used to compute a hash value that is unique.
The hash function can be sha1, sha256, or use a different algorithm.
4) Encryption and Hashing. Difference and application
π¦How to create an HMAC using OpenSSL ?
We can use the OpenSSL tool to generate some HMAC or hash value.
We will use the echo and openssl commands.
We will also use sha256 as our hash algorithm.
We will provide data or messages to the HMAC and then haveh it using the -hmac switch and mysecretkey as shown :
$ echo -n "secretmessage.txt" | openssl dgst -sha256 -hmac "mysecretkey"
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦# οΈβ£ What is HMAC (Hach-based Message Authentication Code) ?
Hach-based Message Authentication Code or HMAC is used to authenticate a message using hash functions.1) Message
Message authentication is an important mechanism in cybersecurity and is used to authenticate a message.
There are different ways and mechanisms for message authentication.
A message is data, text, image, or whatever we want to authenticate.
The message is verified for authenticity with the key by hashing them.
2) Key
The key is used by both parties to authenticate the message.
As stated earlier, the message and the key are used together and the hash value is calculated.
3) Hash function
The hash function is used to compute a hash value that is unique.
The hash function can be sha1, sha256, or use a different algorithm.
4) Encryption and Hashing. Difference and application
π¦How to create an HMAC using OpenSSL ?
We can use the OpenSSL tool to generate some HMAC or hash value.
We will use the echo and openssl commands.
We will also use sha256 as our hash algorithm.
We will provide data or messages to the HMAC and then haveh it using the -hmac switch and mysecretkey as shown :
$ echo -n "secretmessage.txt" | openssl dgst -sha256 -hmac "mysecretkey"
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ WORDPRESS HACKING PDFs AND VIDEOS :
https://secure360.org/wp-content/uploads/2018/05/Hacking-WordPress_S360-TC-2018_Bob-Weiss.pdf
https://owasp.org/www-pdf-archive//Dan_Catalin_VASILE_-_Hacking_the_Wordpress_EcoSystem.pdf
https://blogsitestudio.com/wp-content/uploads/woocommerce_uploads/2017/04/Secure-Your-WordPress-Website-1491859920.pdf
https://www.youtube.com/watch?v=0UfPkYH6Da4
23 MIN
https://www.youtube.com/watch?v=l77AgiphUQo
2h
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ WORDPRESS HACKING PDFs AND VIDEOS :
https://secure360.org/wp-content/uploads/2018/05/Hacking-WordPress_S360-TC-2018_Bob-Weiss.pdf
https://owasp.org/www-pdf-archive//Dan_Catalin_VASILE_-_Hacking_the_Wordpress_EcoSystem.pdf
https://blogsitestudio.com/wp-content/uploads/woocommerce_uploads/2017/04/Secure-Your-WordPress-Website-1491859920.pdf
https://www.youtube.com/watch?v=0UfPkYH6Da4
23 MIN
https://www.youtube.com/watch?v=l77AgiphUQo
2h
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODER
Blackview Tab 8E: the economic alternative to the iPad, on offer for Christmas.
#Updates
MORE INFO - https://undercodenews.com/blackview-tab-8e-the-economic-alternative-to-the-ipad-on-offer-for-christmas/09/12/2020/
#Updates
MORE INFO - https://undercodenews.com/blackview-tab-8e-the-economic-alternative-to-the-ipad-on-offer-for-christmas/09/12/2020/
UNDERCODE COMMUNITY
KB4-CON2019-12WaystoHack2FA.pdf
12 Ways to Hack 2FA
Forwarded from UNDERCODE NEWS
Huge lawsuit against Facebook: 48 states in the US are demanding that it be forced to disband.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hijacking tutorial:
1) First, we will need to gear up for the attack:
Open up the Ettercap utility in Kali Linux. To work with it in a GUI, open up a terminal and type:
$ ettercap -G
The Ettercap GUI window will be displayed. Go to the menu and select βsniff>unisniff,β as shown in the following window:
2) Next, open up a new terminal without closing the other one, and type the following command:
$ ifconfig
3) After entering the above command, you will see your default network interface. Now, copy it and select it in the Ettercap menu.
With that done, click the βhostβ button in the menu and select the βscan for hostβ option. Then, wait until the scan is finished.
4) The results will be displayed . From the submenu, click on the MITM tab and select βARP poisoning.β
Next, instruct the machine using the options tab that has just popped up. Enable the βsniff remote networkβ option by checking the box next to it.
5) Then, hit the start button from the menu to the attack. Your machine will now engage in sniffing for any systems connected to your remote network.
Now that the ettercap has been primed for the attack, leave it running in the background and proceed to launch the Ferret tool.
6) Start the Ferret plugin
To launch the Ferret plugin, open up a new terminal and type the following syntax, then hit Enter:
$ ferret -i eth0
You have now successfully launched the ferret tool, as well. Next, we will minimize this window and fire up the Hamster plugin.
7) Launch Hamster
Start Hamster by typing the following into a new command terminal:
$ hamster
This will listen to the loopback IP, which, in our case, is [IP address] and [port number]
8) Next, fire up the web browser and type the port number and the loopback IP in its URL terminal to set up the web interface for Hamster:
With the Hamster utility prepared, we must now configure the adapters. Go to the options in the browserβs menu and click on βeth0,β and wait until the browser comes up with some results:
9) Examine the results carefully once they pop up. You will see a whole bunch of IP addresses, including your own.
10) Next, we will select the target IP address in the Hamster web interface
11) See the Victimβs Web History
You can click on each of the recorded cookies to see what is going on in the sessions, which websites were accessed, the userβs private chat logs, file transfer history, etc. You can extract a lot of information here, as you are likely to have a lot of cookies.
Mess around and see what you can get your hands on. And remember, everything that you can do on the system that you are pen-testing here, a hacker can do as well, which goes to show how prone a system can be to such simple attacks.
Reference linuxforo
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hijacking tutorial:
1) First, we will need to gear up for the attack:
Open up the Ettercap utility in Kali Linux. To work with it in a GUI, open up a terminal and type:
$ ettercap -G
The Ettercap GUI window will be displayed. Go to the menu and select βsniff>unisniff,β as shown in the following window:
2) Next, open up a new terminal without closing the other one, and type the following command:
$ ifconfig
3) After entering the above command, you will see your default network interface. Now, copy it and select it in the Ettercap menu.
With that done, click the βhostβ button in the menu and select the βscan for hostβ option. Then, wait until the scan is finished.
4) The results will be displayed . From the submenu, click on the MITM tab and select βARP poisoning.β
Next, instruct the machine using the options tab that has just popped up. Enable the βsniff remote networkβ option by checking the box next to it.
5) Then, hit the start button from the menu to the attack. Your machine will now engage in sniffing for any systems connected to your remote network.
Now that the ettercap has been primed for the attack, leave it running in the background and proceed to launch the Ferret tool.
6) Start the Ferret plugin
To launch the Ferret plugin, open up a new terminal and type the following syntax, then hit Enter:
$ ferret -i eth0
You have now successfully launched the ferret tool, as well. Next, we will minimize this window and fire up the Hamster plugin.
7) Launch Hamster
Start Hamster by typing the following into a new command terminal:
$ hamster
This will listen to the loopback IP, which, in our case, is [IP address] and [port number]
8) Next, fire up the web browser and type the port number and the loopback IP in its URL terminal to set up the web interface for Hamster:
With the Hamster utility prepared, we must now configure the adapters. Go to the options in the browserβs menu and click on βeth0,β and wait until the browser comes up with some results:
9) Examine the results carefully once they pop up. You will see a whole bunch of IP addresses, including your own.
10) Next, we will select the target IP address in the Hamster web interface
11) See the Victimβs Web History
You can click on each of the recorded cookies to see what is going on in the sessions, which websites were accessed, the userβs private chat logs, file transfer history, etc. You can extract a lot of information here, as you are likely to have a lot of cookies.
Mess around and see what you can get your hands on. And remember, everything that you can do on the system that you are pen-testing here, a hacker can do as well, which goes to show how prone a system can be to such simple attacks.
Reference linuxforo
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
