- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑ackers Target Smart Homes & 7 Tips to Protect Yours ?
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> All of these smart devices are really networked computers in addition to what they traditionally are: refrigerators, light bulbs, televisions, cat litter boxes, dog feeders, cameras, garage door openers, door locks

> In other words, connected appliances can be hacked into like any other website or computer, and most of them are behind poorly secured consumer-grade home routers.

🦑which smart devices are most at risk and why ?

1) Most vulnerable: Outdoor devices with embedded computers that support little or no security protocols. For example, garage door openers, wireless doorbells and smart sprinklers are all examples of devices that may be easily accessible to someone driving down the street with a computer or other Wi-Fi transmitter.

2) Second most vulnerable: “Inside-the-home devices that can be controlled through an app from a smartphone or PC such as smart bulbs, smart switches, security cameras, baby monitors, smart door locks, smart thermostats, and personal home assistants,” says Dr. Anwar. “These devices rely on weak security tokens and may be hacked due to weaknesses in the communication protocols used, configuration settings or vulnerable entry-points left open by the vendor for maintenance.”


3) Less likely to be attacked: Home appliances like refrigerators and ovens are the least likely to be attacked, but it can happen.


@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑Help Hackproof Your Devices: Smart Home Safety Tips :
(t.me/UnderCodeTestingOfficial)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Weigh the vulnerabilities vs. the benefits.

Unfortunately, it is always worth remembering that there is no IT infrastructure that can be 100% secured. The only thing we can do is seek to reduce the risk. Therefore, when designing a smart home system, it is worth analyzing what is important to us

2) Create a secure Wi-Fi network.

> Purchase a router from a reputable brand and follow the manufacturer’s instructions to change the name of the network and default password.

> Choose a network name that doesn’t automatically give away your location or personal details. Consider also hiding your network from view, an option which can usually be found in the router’s settings menu.

> It’s also possible to create a second Wi-Fi network specifically for your smart home devices.

> Many routers allow you to create multiple networks, each with their own name and password.

> This way, hacking your IoT device will confine an attacker to that network and keeping it segregated from where you do your banking and store your sensitive information. It’s also a good idea to set up a Guest network for visitors’ smartphones and computers, where they can’t see or access your IoT devices.

3) Don’t underestimate the importance of your passwords.

> old-fashioned password system is the main line of defense protecting our most high-tech devices.

> Take your passwords seriously> Whenever you get a new device, change the default password immediately. Otherwise, the password to your Wi-Fi router or security camera might be just a Google search away.

> Use unique, hard to guess passwords with several characters, numbers and letters on all of your devices. A password manager like LastPass can help you remember them all more conveniently

4) Register every new device with the manufacturer and keep them up to date

5) Consider professional installation.

> Remember that the leading home security providers offer professional installation with great built-in smart home integration.

> Technicians can handle any necessary hardwiring for you and answer all of your questions about more advanced security measures

6) Unplug devices that aren’t in use

7) Factory reset devices before getting rid of them

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑Install ADB & FastBoot Tools in Termux :
(instagram.com/UnderCodeTestingCompany)

🦑How to install

A) Silent installation:

> Copy and paste the following command in Termux to silently install Tools:

> apt update > /dev/null 2>&1 && apt --assume-yes install wget > /dev/null 2>&1 && wget https://github.com/MasterDevX/Termux-ADB/raw/master/InstallTools.sh -q && bash InstallTools.sh

B) Common installation:

> Copy and paste the following command in Termux to install Tools with logs output:


> apt update && apt install wget && wget https://github.com/MasterDevX/Termux-ADB/raw/master/InstallTools.sh && bash InstallTools.sh

🦑How to uninstall

A) Silent uninstallation:

> Copy and paste the following command in Termux to silently remove Tools:

> apt update > /dev/null 2>&1 && apt --assume-yes install wget > /dev/null 2>&1 && wget https://github.com/MasterDevX/Termux-ADB/raw/master/RemoveTools.sh -q && bash RemoveTools.sh

B) Common uninstallation:

> Copy and paste the following command in Termux to remove Tools with logs output:

> apt update && apt install wget && wget https://github.com/MasterDevX/Termux-ADB/raw/master/RemoveTools.sh && bash RemoveTools.sh

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑TOP EXPLPOITED Bugs 2019 Dangerous//
Twitter.com/UnderCodeTC

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) WordPress Plainview Activity Monitor 20161228 Remote Command Execution -

> WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability. Vulnerable plugin version: 20161228 and possibly prior. Fixed plugin version: 20180826.


2) Debian Security Advisory 4578-1 - Debian Linux Security Advisory 4578-1 -

> Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed.

3) axTLS 2.1.5 Denial Of Service - Multiple denial of service vulnerabilities have been discovered and disclosed in the axTLS library versions 2.1.5 and below.

4) OwnCloud 8.1.8 Username Disclosure - OwnCloud version 8.1.8 suffers from a username disclosure vulnerability.

5) Bash 5.0 Patch 11 Privilege Escalation - An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

6) Online Inventory Manager 3.2 Cross Site Scripting - Online Inventory Manager version 3.2 suffers from a persistent cross site scripting vulnerability.

7) Ubuntu Security Notice USN-4204-1 - Ubuntu Security Notice 4204-1 - Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.

8) Debian Security Advisory 4577-1 - Debian Linux Security Advisory 4577-1 - Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.

9) SpotAuditor 5.3.2 Denial Of Service - SpotAuditor version 5.3.2 Name and Key proof of concept denial of service exploits.

10) Mersive Solstice 2.8.0 Remote Code Execution - Mersive Solstice version 2.8.0 suffers from a remote code execution vulnerability.

11) The zero-day Exploite Hack Wa Like a Pro Via Simple Atumating 2 Big Scripts -2019 patched now

12) The Ios Exploite-easy Jailbreak Any device Doesn t matter wich ios Version...

Written By Steave(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

what is Unixware?
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> UnixWare is an x86, Unix-based operating system originally released by Univel; a company jointly owned by AT&T and Novell. It is primarily used on servers and is rarely run on desktop computers.

> Its design focuses on high levels of reliability, scalability, and security. UnixWare contains a large amount of open source software components, including X11, BIND, sendmail, DHCP, Perl, and Tcl.

Written by @ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑Roguehostapd is a fork of hostapd, the famous user space software access point. It provides Python ctypes bindings and a number of additional attack features. It was primarily developed for use in the in phishing ap
(instagram.com/UnderCodeTestingCompany)

🦑INSTALLISATION & RUN:

> TERMUX ROOT OR ANY LINUX

1) git clone https://github.com/wifiphisher/roguehostapd.git

2) cd roguehostapd

3) python setup.py install

4) shell

5) python run.py -i wlan0 -ssid

6) Use wlan0 for spawning the WPA2/WPA rogue AP with passhrase 12345678

shell
> python run.py -i wlan0 -ssid haha -kA

7) Use wlan0 for spawning the OPEN rogue AP supporting the KARMA attack

🦑More:

Short form | Long form | Explanation |
| :----------: | :---------: | :-----------: |
|-h | --help| show this help message and exit |
|-ssid SSID| --ssid SSID| Select the ssid for the spawn rogue AP|
|-c CHANNEL| --channel CHANNEL| Select the channel number for the spawn rogue AP|
|-bI BEACON_INT| --beacon_int BEACON_INT| Define the beacon interval in milliseconds for the spawn rogue AP|
|-i INTERFACE| --interface INTERFACE| Select the interface for the spawn rogue AP. Example: -i wlan0|
|-pK WPA_PASSPHRASE| --wpa_passphrase WPA_PASSPHRASE| Define the password for the spawn rogue AP.|
|-kA|| Enabling the KARMA attack|
|-dV|--debug-verbose| Enabling the verbose debug log|
|-K|--key_data|Include key data in debug messages|
|-t|--timestamp|Include timestamps in some debug messages|
|-v|--version|Show hostapd version|

Written by @ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑 A fake implementation of AWS SNS to test against Tested :
t.me/UnderCodeTestingOfficial

🦑INSTALLISATION & RUN:

There are 2 ways of running FakeSNS, as a gem, or as plain Rack app. The first is easy, the latter is more flexible.

A) As a gem:

1) git clone https://github.com/yourkarma/fake_sns

2) cd fake_sns

3) gem install fake_sns

4) fake_sns -p 9292

5) To configure AWS-SDK to send messages here:

AWS.config(
use_ssl: false,
sns_endpoint: "0.0.0.0",
sns_port: 9292,
)

🦑 Command line options:

1) Store the database somewhere else: --database FILENAME or specify an in memory database that will be lost: --database :memory:


2) To get a YAML representation of all the data known to FakeSNS, do a GET request to the root path:

> curl -X GET http://localhost:9292/

3) To change the database, submit the contents you got from the previous step, augment it and submit it as the body of a PUT request:

> curl -X GET http://localhost:9292/ -o my-data.yml
vim my-data.yml

> curl -X PUT --data @my-data.yml http://localhost:9292/

4) To reset the entire database, send a DELETE request:

> curl -X DELETE http://localhost:9292/

5) To send ALL the messages stored in the queue, you can send a post request:

> curl -X POST http://localhost:9292/drain

6) You can also just send a single message:

> curl -X POST http://localhost:9292/drain/:message_id

7) Currently, only HTTP/HTTPS and SQS endpoints are working. You'll need to pass AWS config (in JSON format) for the SQS integration to work. See [FakeSNS] [fake_sns] for more information.

> curl \
-X POST \
--data '{"aws_config": {"use_ssl": false, "sqs_endpoint": "localhost", "sqs_port": 4789, "secret_access_key": "xxx", "access_key_id": "yyy"}}' \
http://localhost:9292/drain

🦑ENJOY

Written by @ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -


Written by @ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑HOW PROTECT YOUR LIinux Server FROM HACK:
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Nothing safe 100% but some tricks make you more secure:

1) update && upgrade the all packages on the server;

2) Install ufw - plain firewall;

3) close all server's ports besides SSH, HTTP(s) ports;

4) Install and config fail2ban utility. It helps to analyze the /var/log/auth.log and ban some IPs if they make some wrong activity;

5) change sshd config to accept the authorization only by private key.


🦑What if Your linux server is infected ?

your server is infected, and you need to know how to research and clean it.

> The best way - recreating the VPS.

> From their dashboard, it is possible to recreate (drop and create new) VPS with the same IP in one click.

> After that on local PC, was generated SSH keys with an ssh-keygen utility (is a part of standard OpenSSH package).

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑BEST OS FOR SERVER HOST:
T.me/iosDeveloppers

🦑We will start this list with maybe the most well known Os till less:

1) Ubuntu Server

2) Debian can be configured till host or persoanl uses & Hosts

3) Fedora

4) Microsoft Windows Server recommended and used by undercOde

5) CentOS Server

6) Red Hat Enterprise Linux Server

7) Unix Server

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑Types of Attacks against Web Servers:
t.me/UnderCodeTestingOfficial

1) Directory traversal attacks

> This type of attacks exploits bugs in the web server to gain unauthorized access to files and folders that are not in the public domain. Once the attacker has gained access, they can download sensitive information, execute commands on the server or install malicious software.

2) Denial of Service Attacks

> With this type of attack, the web server may crash or become unavailable to the legitimate users.

3) Domain Name System Hijacking

> With this type of attacker, the DNS setting are changed to point to the attacker’s web server. All traffic that was supposed to be sent to the web server is redirected to the wrong one.

4) Sniffing

> Unencrypted data sent over the network may be intercepted and used to gain unauthorized access to the web server.

5) Phishing

> With this type of attack, the attack impersonates the bsites and directs traffic to the fake website. Unsuspecting users may be tricked into submitting sensitive data such as login details, credit card numbers, etc.

6) Pharming

> With this type of attack, the attacker compromises the Domain Name System (DNS) servers or on the user computer so that traffic is directed to a malicious site.

7) Defacement

> With this type of attack, the attacker replaces the organization’s website with a different page that contains the hacker’s name, images and may include background music and messages not recommended

Written by ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑 Lists of games can be hacked with game gardian
t.me/IOsDeveloppers

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Kingsman: The Secret Service
https://play.google.com/store/apps/details?id=com.yesgnome.kingsman

2) Demon hunt 2: the legend of archer
https://play.google.com/store/apps/details?id=com.ycgame.acrherGlory

3) Dragon's Blade
https://play.google.com/store/apps/details?id=com.natemonster.dragonsblade

4) Knight of Pen and Paper 2
https://play.google.com/store/apps/details?id=com.paradoxplaza.kopp2

5) Dead Ahead: Zombie Warfare
https://play.google.com/store/apps/details?id=com.mobirate.DeadAheadTactics

6) Stickman Legends - Ninja Hero: Knight, Shooter RPG
https://play.google.com/store/apps/details?id=com.zitga.ninja.stickman.legends

7) Kingdom Quest: Crimson Warden
https://play.google.com/store/apps/details?id=com.mmde.crimsonwarden1

8) DemonSouls (Action RPG)
https://play.google.com/store/apps/details?id=com.nova.DemonSouls

9) Linear Quest
https://play.google.com/store/apps/details?id=com.llgroup.linearquest

10) Merchants of Space: Galactic Outpost Strategy
https://play.google.com/store/apps/details?id=com.possiblegames.outpost

11) Mystic Guardian : Old School Action RPG
https://play.google.com/store/apps/details?id=com.buffstudio.mysticguardian

12) Spaceship V
https://play.google.com/store/apps/details?id=com.nsouls.spaceshipv

13) Space STG II - Death Rain
https://play.google.com/store/apps/details?id=org.ovh.grzegorzaeSTG2

14) Space City: building game
https://play.google.com/store/apps/details?id=com.spheregamestudios.spacecity

15) Caves (Roguelike)
https://play.google.com/store/apps/details?id=thirty.six.dev.underworld

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑 generate random wordlist for brutefocre attacks
(instagram.com/UnderCodeTestingCompany)

🦑INSTALLISATION & RUN:

$ apt-get update -y

$ apt-get upgrade -y

$ pkg install python -y

$ pkg install python2 -y

$ pkg install git -y

$ pip install requests

$ pip install random

$ ls

$ git clone https://github.com/noob-hackers/lazybee

$ ls

$ cd lazybee

$ ls

$ python2 lazybee.py

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑WHAT IS Application service provider (ASP)
(t.me/UnderCodeTestingOfficial)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:


> application service provider (ASP)

WhatIs.com

> An application service provider (ASP) is a company that offers individuals or enterprises access to applications and related services over the internet.

> The term has largely been replaced by software as a service (SaaS) provider, although in some parts of the world, companies use the two labels interchangeably.

>Once referred to as "apps-on-tap," ASP services became an important alternative, not only for individuals and smaller companies with low budgets for information technology, but also for larger companies exploring the idea of outsourcing their information technology (IT) infrastructure around the turn of the century.

> Early ASPs focused on delivering specialized applications that were expensive to install and maintain.

> Essentially, the model required the ASP customer to purchase the software and then pay a provider to host it.

🦑Difference between ASP and SaaS delivery models?

> In an ASP delivery model, the customer typically purchases software and pays an ASP to host and maintain it. In contrast, SaaS vendors manage the software they have developed on their own.

> Traditional ASPs used a single-tenant architecture and software clients had to be installed on the end users' computers. In contrast, SaaS providers use a multi-tenant architecture that allows an application to be accessed through a web browser and serve multiple users and businesses.

>Customers who still need providers that will host specific, customized applications or off-the-shelf applications in a secure data center, may still choose to look for an application service provider.

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

————𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊———-

AFTER THIS ARTICLE IAM SURE THAT YOU WILL TAKE AS WARNING <<NOTHING ANONYMOUS 100%>>
WHY TOR ISNT ANONYMOUS
T.me/UnderCodeTestingOfficial)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃

1) Exit Nodes Can Be Sniffed:

> when you use Tor, your Internet traffic is routed through Tor’s network and goes through several randomly selected relays before exiting the Tor network.

> Tor is designed so that it is theoretically impossible to know which computer actually requested the traffic. Your computer may have initiated the connection or it may just be acting as a relay, relaying that encrypted traffic to another Tor node....

> Tor network and connect to Google’s servers. The last Tor node, where your traffic leaves the Tor network and enters the open Internet, can be monitored. This node where traffic exits the Tor network is known as an “exit node” or “exit relay.”

>When using Tor, be sure to use encrypted (HTTPS) websites for anything sensitive. Bear in mind that your traffic could be monitored – not just by governments, but by malicious people looking for private data.

2) JavaScript, Plug-ins, and Other Applications Can Leak Your IP:

> preconfigured with secure settings. JavaScript is disabled, plug-ins can’t run, and the browser will warn you if you attempt to download a file and open it on another app
but if you’re trying to hide your IP, you don’t want to use JavaScript. Your browser’s JavaScript engine, plug-ins like Adobe Flash, and external applications like Adobe Reader or even a video player could all potentially “leak” your real IP address to a website that tries to acquire it.

3) Running an Exit Node Puts You At Risk

> you should think twice before running an exit relay, which is a place where Tor traffic comes out of the anonymous network and connects to the open Internet. If criminals use Tor for illegal things and the traffic comes out of your exit relay, that traffic will be traceable to your IP address and you may get a knock on your door and your computer equipment confiscated

4) THIS is a problem for both Tor’s users and exit node operators. In addition, the software that runs on our computers wasn’t designed to hide our IP addresses, which results in risks when doing anything beyond viewing plain HTML pages in the Tor browser.

@ Mr. botnet(tm)
___ —————
𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊

——————𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊—————-

🦑Facebook Hack Box Termux / Linux/ Windows
Instagram.com/UnderCodeTestingCompany

🦑INSTALL & RUN:

> For Debien Based Systems

1) sudo apt-get install git

2) git clone https://github.com/m4rktn/xsmash

3) cd xsmash

4) python2 xsmash.py
For Termux

5) apt-get install python2 git

6) git clone https://github.com/m4rktn/xsmash && cd xsmash

7) python2 xsmash.py


🦑 For Windows

1) Install Python2.7 From https://www.python.org/downloads/

2) Go To https://github.com/m4rktn/xsmash And Download In ".zip" Format

3) Extract xsmash-master.zip

4) Just Click In Xsmash.py


@ MR.Botnet
—————𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊—————

————-𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊————

🦑IAM WONDERING AS MANY HACKERS DONT KNOW EXACTLY WHAT IS ZERO-DAY EXPLOITE :
(T.me/UnderCodeTestingOfficial)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃

> The term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released.

> So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed and perhaps already exploited by hackers.

> Once the vulnerability becomes publicly known, the vendor has to work quickly to fix the issue to protect its users.
But the software vendor may fail to release a patch before hackers manage to exploit the security hole. That’s known as a zero-day attack.

@MR. botNet
—————𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊——————

—————𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊—————

🦑FEW STEPS TO PROTECT 90% AGAINST ZERO-DAY NEW EXPLOITE
Facebook.com/UnderCodeTestingCompanie


🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Never install unnecessary software: each software installed on your system is a window of entry for a potential Zero Day. It’s recommended that you review the list of software once in a while and uninstall those that you no longer use.

2) Keep updated: the software that you keep should always be updated to the latest version.

3) Use a reliable firewall: if it is impossible to detect a malware that comes from an unknown vulnerability, maybe we could detect a suspicious connection and stop it before it’s too late

4) Keep software and security patches up to date by downloading the latest software releases and updates. Installing security patches fixes bugs that the previous version may have missed.

5) Establish safe and effective personal online security habits.

6) Configure security settings for your operating system, internet browser, and security software.

7) Install a proactive and comprehensive security software to help block known and unknown threats to vulnerabilities.

@ Mr. botnet(tm)
—————-𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊——————

—————𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊—————-

🦑DIFFERENCE BETWEEN PROTOCOLES BY UndercOde:
T.me/UnderCodeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Communication protocols are, by definition, sets of rules that govern the formats and interactions between communicating parties. These rules may be implicit and informal, as in typical everyday social interactions between people. But electronics, and digital computers especially, require things to be far more explicit and formalized in order for reliable communication to occur.

🦑A Standard in this context is an attempt to resolve an area of potential misunderstanding or disagreement. Communication protocols are one of many areas that standards may apply to. A notable set of standards that are not communication protocols, for example, are the SI weight and measurement standards. These provide a fixed reference to which you can compare any given quantity in order to measure it in a way that will be unambiguous to everyone with access to the standard, or a reasonable approximation of it.

> ACommunication Protocol Standard is therefore a formalization of the rules of a communication protocol such that those with access to the standard can (ideally) unambiguously determine whether any particular attempt at communication complies with those rules. Just as comparing a particular mass of metal against the SI standard kilogram will determine how close the mass is to a kilogram, comparing a particular protocol implementation against a protocol standard will determine whether it is truly following that protocol according to the standard. When all parties are properly following the protocol as formalized in the standard, it is (again, ideally) guaranteed to result in the level of communication that the protocol was designed to accommodate.

🦑A Communication Protocol Specification is a means by which the rules and formats of a communication protocol can be described at a formal level, and it is often part of (indeed, the largest part of) a communication protocol standard. While the purpose of a standard is to create a means to determine whether something is truly an instance of the standardized thing, the purpose of a specification is to define exactly what the thing is in the case where the thing is defined by rules and formats, as a communication protocol is. An unambiguous definition of what something is can be used both to create a new instance of that thing and to determine whether an existing thing is an instance of the thing being defined.

> So a specification can be used as a standard, but being a standard also carries the weight of some social agreement that there is value in complying with the specification well enough for multiple implementations to have some assurance of working together. The parties interested in this agreement work together to form a Standards Body in order to define the standards that they will agree on for the purpose of their desire to be able to rely on compliance to a protocol. Without the presence of this social agreement and the standards body by which the standards are produced, protocol specifications aren't generally considered to constitute standards, though well-defined specifications definitely have the potential to be used as standards.

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
—————𝖀𝖓D𝖊𝖗𝕮𝖔D𝖊——————-

- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑HOW To Break Username And Password Browser Logins for Major MODEMS router by 𝖀𝖓d𝖊𝖗𝕮𝖔d𝖊:
T.me/UnderCodeTestingOfficial

🦑🅻🅴🆃🆂 🆂🆃🅰🆁🆃:

A) FIND THE GATEWAY:

simply layout a few different possibilities:

1) Checking out the network settings from the OS's Settings panels

2) Using ipconfig on Windows and ifconfig on Unix machines from the terminal

3) Use Fuzzer as a Target Discovery tool. This fiddle will help you out
Or arp-scan to sccan ip
Then Opem Ip (Default getway in browser)

B) GATHER SOME TRAFFIC

a good way to start would be exploring the router's web server for something beyond what meets the eye.

2) For this reason use HTTPView and have analysed the traffic from one attempted log-in.

> applied some filters to get rid of the media and styling responses from the server

C) ANALYZING THE RESULTS AND FIRST EXPLOIT

1> It is safe to ignore all the jQuery files as well as the language files or at the very least don't start your search there.

2> working in Chrome, Can t analyse the responses straight from HTTPView, so I need to replicate the request in Rest and do analysis there. There is this interesting bit that have found in the

/menu.html file:

3> Take a closer look at lines 228 and 247. Although, the definition of the readCookie function is missing, it is safe to assume that it reads a cookie and userData is the name of that cookie.

4> Example From line 247 we can deduce that the value of cookie should be root, if we want to see interesting things happening.
To exploit this, use the Chrome Extension EditThisCookie

E) SCANNING THE ROUTER AS ROOT:

> scan is the better option.

For this, I will use Scanner with the userData=root cookie already set.

> In addiotion, enable the 'Directed Scan' option in the Co-pilot tab so that Scanner relies as its input

>Once Scanner has started, navigate to 5-10 pages on the router that require you to be logged in such as /basicSetup.html and /basicDHCP.html and let the tool do its job. After the transactions have stopped coming in, you can analyse the results for interesting findings.

F) COMPLETE CONTROL:

> DocsisConfigFile.xml is usually the file that contains a bunch of useful information about the router's configuration

> it contains plenty of interesting information including a username and password in plain text that I can confirm work without a problem.

FULL ACCESS GAINED!

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -