▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Finding open databases with Lampyre
t.me/undercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) For more flexible settings, you can use the Lampyre tool for Windows.
> https://lampyre.io/

2) After downloading the application, you must specify the mail and confirm your account. After starting in Online Mode, you need to click New Investidation, select the folder for storing the project and start working.

3) In the List of requests, select Shodan search. We enter the API key and our query in the Query field, which will allow us to find open databases.

> all:"mongodb server information" all:"metrics"
https://lampyre.io/

4) You can also specify additional parameters in the Shodan - 2 window. For example, country and port. We start using the “Execute” button. Next up are the results. For graphic display, select “Schema” -> ”Network”.

5) Lampyre can filter found queries using the ExploreDB: MongoDB built-in query . Select the necessary IPs, then right-click on the menu and specify ExploreDB: MongoDB.

6) Then we get all the requests in a convenient format. You can filter by database size and other parameters that are not in Shodan. Confirmation that the database is open is the parameter text , which has the status open. It is worth sorting the results by the Size and Count documents parameters , since the most interesting databases will contain the maximum number of records in the tables.

7) You can also notice that Lampyre supports working with ExploreDB: ElasticSearch. We do everything by analogy using the query:

> port:"9200" all:"elastic indices"

8) now you receive in a convenient form the ElasticSearch database. They can be viewed by clicking on the link in the “ http query top 500 “ column .

9) you receive in a convenient form the ElasticSearch database. They can be viewed by clicking on the link in the “ http query top 500 “ column .

10) As a result, you find an open database of some store where you can find the phone, date of creation, description, mail and some other interesting information.

11) You can use any manager convenient for you to work with the resulting databases. For example, for MongoDB, NoSQL Manager for MongoDB, Robo 3T, or Studio 3T for MongoDB is suitable. Consider, for example, one of the options.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Analyzing Databases Using Robo 3T for MongoDB
The choice fell on the free version of Robo 3T . Portable version takes about 15 mb and allows you to quickly connect to the desired database. After starting, see a window where you need to specify the IP address.
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Right-click and add using the Add button.

2) Specify the desired IP and click Save.

3) After a successful connection, see the database. If the connection has occurred, a new client will appear in the left pane as showing on your computer

4) So You can use any manager to work with the database. You can also process data from the command line. Despite the fact that Studio 3T for MongoDB has more functionality (which is available for a trial period of 30 days

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Microsoft Access?
Microsoft Access is a Database Management System offered by Microsoft. It uses the Microsoft Jet Database Engine and comes as a part of the Microsoft Office suite of application.

Microsoft Access offers the functionality of a database and the programming capabilities to create easy to navigate screens (forms).
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Database File:
It is a file which stores the entire database. The database file is saved to your hard drive or other storage devices.

2) Datatypes:
Datatypes are the properties of each field. Every field has one datatype like text, number, date, etc.

3) Table
A Table is an object which stores data in Row & Column format to store data.
A Table is usually related to other tables in the database file.
Each column must have Unique name
We can also define Primary Key in a table.

4) Query
Queries answer a question by selecting and sorting and filtering data based on search criteria.
Queries show a selection of data based on criteria (limitations) you provide.
Queries can pull from one or more related Tables and other Queries.
Types of Query can be SELECT, INSERT, UPDATE, DELETE.

5) Form
A form is a database object that you can use to create a user interface for a database application.
Forms help you to display live data from the table. It mainly used to ease the process of data entry or editing.

6) Report
A report is an object in desktop databases primarily used for formatting, calculating, printing, and summarizing selected data.
You can even customize the report's look and feel.

7) Macros
Macros are mini computer programming constructs. They allow you to set up commands and processes in your forms, like, searching, moving to another record, or running a formula.

8) Modules:
Modules are procedures(functions) which you can write using Visual Basic for Applications (VBA).

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MS Access Datatypes
MS Access common data types are listed below:
t.me/UNderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Type of Data Description Size
Short Text Text, including numbers which does not need calculation. (e.g., Mobile numbers). Up to 255 characters.

> Long Text This data type is used for lengthy text or alphanumeric data. Maximum 63, 999 characters.

> Number Numeric data type used for storing mathematical calculations. 1, 2, 4, 8, and 16 bytes.

> Date/Time Store Date/time for the years 100 through 9999. 8 bytes.

> Currency It allows you to store currency values and numeric data with one to four decimal places. 8 bytes.

> Auto Number Assign a unique number or assigned by Microsoft Access when any new record is created. Usually used as the primary key Four bytes (16 bytes if it is set as a Replication ID).

> Yes/No It only stores logical values Yes and No. 1 bit

>Attachment It stores files, such as digital photos. Multiple files can be attached per record. Up to 2 GB Data can be stored.

> OLE objects OLE objects can store audio, video, other Binary Large Objects. Up to 2 GB data can be stored.

>Hyperlink Text or combinations of text and numbers stored. That text is used as hyperlink address. Each part of a Hyperlink data type allows you to store a maximum 2048 characters.

> Calculated Helps you to create an expression that uses data from one or more fields. You can create an expression which uses data from one or more fields.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑dumps() method converts dictionary object of python into JSON string data format.
t.me/UndercOdeTesting

Now lets we perform our first encoding example with Python.

import json

x = {
"name": "Ken",
"age": 45,
"married": True,
"children": ("Alice","Bob"),
"pets": ['Dog'],
"cars": [
{"model": "Audi A1", "mpg": 15.1},
{"model": "Zeep Compass", "mpg": 18.1}
]
}
# sorting result in asscending order by keys:
sorted_string = json.dumps(x, indent=4, sort_keys=True)
print(sorted_string)

🦑Output:

{"person": {"name": "Kenn", "sex": "male", "age": 28}})
Let's create a JSON file of the dictionary using the same function dump()

# here we create new data_file.json file with write mode using file i/o operation
with open('json_file.json', "w") as file_write:
# write json data into file
json.dump(person_data, file_write)

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How get alot of Traffics to your sites
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Website design should not be intimidating. For verification, you can ask several friends who do not understand sites and understand, look at the site and evaluate. Gather people's opinions about what they like and what they don't like.

2) The layout of the site should be normal so that nothing and wherever it moves around and crawls. Check the site in several browsers will help you service BrowserShots .

3) Consider how you can interest visitors who have arrived, because of which they will have to stay on your site or come to you again. For example, make a service on your site, an interesting section, answers to questions, etc.

4) Create a feedback and feedback page. In general, make it possible for your visitors to leave you a message, because if someone does not like something, you will most likely be told this.

5) Give your site visitor the opportunity to subscribe to updates, so you can invite him again and again to your site.

6) It is necessary to achieve indexing of the site by search engines. The faster you do it, the better, since you’ll get into the search results faster and most likely you will get your first visitors from search engines faster.

7) Perform internal site optimization.

8) If your site supports RSS, then you need to add your site to feedburner. After adding your RSS to feedburner you need to do the following. Go to the Analyze tab, then go to FeedBurner Stat [PRO] and uncheck the line Item link clicks - optimize for. With this action, we made sure that all your links in RSS will now be direct to the site, thereby if someone plunders your RSS, then all links will be direct to you.

9) After your site is indexed, I recommend adding it to social bookmarks .
Also add your site to the site ratings: mail (paid registration) and rambler .

10) Add your site to rss aggregators.

11) Add your site to the ratings of sites (blogs).

12) Make a promotion on thematic forums, how to do it I wrote in a post - promotion using forums.


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Resource infection mechanisms for your sites:
twitter.com/UndercOdeTc

🦑 The site may become infected due to:

1) introducing a program whose purpose is to intercept access to the CMS , FTP protocols and then send them back (as a rule, the virus “enters” along with pirated software when downloading a file while visiting a site with viruses);

2) direct selection by attackers of the login characters, password set to enter the server, or CMS;

3) the possibility (due to the vulnerability of templates, plugins) to manage a site that is hosted on such popular engines as WordPress, Joomla;

4) the human factor (this may be negligence, or inexperience of the owner of the hosting, system administrator, transfer of confidential information to a third party, or its incorrect storage)

5) placement of counters, advertising (some viruses are able to use ad units, counter codes if they are provided by an unverified partner to penetrate the resource);

6) actions of site users who intentionally or inadvertently leave malicious content (this can be a downloaded file, link).

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Ways to prevent site infection:
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Following some guidelines by UndercOde will help to minimize the risk of infection or hacking.

1) Reliable storage of logins and passwords

2) Storage of all information regarding access to an account, admin panel, FTP, passwords to other programs can only be entrusted to password managers, for example, KeePass.

> The most vulnerable storage locations are: Total Commander, browsers, text files, FTP clients. It is necessary to periodically change the passwords, and after transferring them to third parties (for example, the webmaster) do this without fail. It is advisable not to set simple or too short passwords, it is better to create keys using a password generator.

3) Using the backup function

> Hosting providers often provide the ability to copy files, and caution is never superfluous. You need to regularly backup (3-4 times a month), this also applies to the local computer.

4) Using the secure FTP connection option

> Since the FTP protocol does not have protection, attackers can intercept files during transmission over the network. To maintain security, you must use protocol versions that have reliable protection against interception (SFTP or SSH).

5) Regular updating of CMS, server software

> If you use third-party CMS, you need to update them regularly. At the same time, you need to download extensions, as well as plugins necessary for the control panel to work (including other software) from reliable, preferably official sources. It is highly recommended not to download and then run suspicious files.

6) Installing an antivirus program

> All computers with access to the server must be equipped with a reliable antivirus program, which must be updated regularly.

7) Advertising from trusted partners

> Advertising blocks, counter codes, banners should be placed exclusively from partners who have proven their reliability.

8) Site security audit

> To reduce risks, you need to regularly monitor user activity in the admin panel, on the hosting (if they are available to several users), to quickly find out about possible attempts to hack the site. You also need to track the files that appear in the directives, to inspect the code. It is convenient to carry out such a procedure using a special service, for example, Yandex.Webmaster. Using the Security tab, you can see the time of checks, as well as use information about threats, virus pages detected by Yandex anti-virus program.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How it Works The Classic computer viruses :
t.me//UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) This category includes programs that distribute their copies to the resources of the local computer in order to:

2) the subsequent launch of your code with any user actions;
further implementation in other computer resources.
Unlike worms, viruses do not use network services to penetrate other computers. A copy of the virus gets to remote computers only if, for some reason, the infected object is activated on another computer, for

🦑example:

1) upon infection of accessible disks, the virus penetrated the files located on a network share;

2) the virus copied itself onto removable media or infected the files on it;

3) the user sent an email with the infected attachment.

4) Some viruses contain the properties of other types of malicious software, such as a backdoor procedure or a Trojan component to destroy information on a disk.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The most active mobile threats in December 2019
t.me/UNdercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) xHelper and Guerrilla are leaders in the ranking of mobile malware.
xHelper is a malicious Android application , active since March 2019, used to download other malicious applications and display ads . The application is able to hide itself from user and mobile anti-virus programs and reinstall itself if the user uninstalls it.

2) Guerilla is a clicker for Android that can interact with the remote control server , download additional malicious plugins and aggressively wind clicks on ads without the consent or knowledge of the user.

3) Hiddad - A modular backdoor for Android that provides superuser privileges for downloaded malware , and also helps implement it in system processes. He can access key security details built into the OS , which allows him to receive confidential user data .

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Most common vulnerabilities in December 2019:
t.me/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Remote command injection over HTTP was the most common vulnerability affecting 33% of organizations worldwide.

> The vulnerabilities “remote execution of MVPower DVR code” and “disclosure of information in the Git repository on a web server ” in the second and third places affected 32% and 29% of organizations, respectively.

2) Remote command injection over HTTP. Attackers remotely exploit this vulnerability by sending a special request to the victim. Successful exploitation will allow an attacker to execute arbitrary code on the victim’s device.

3) Remote code execution MVPower DVR. An MVPower DVR device has a remote code execution vulnerability. An attacker could use this vulnerability to execute arbitrary code on a vulnerable router using a specially crafted request.

4) Disclosure of information in the Git repository on a web server. A vulnerability was discovered in the Git Repository that could lead to the disclosure of account information.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

What is the RC4 cryptographic algorithm ?
t.me/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> RC4 (or ARC4) is the most frequently used stream cipher in cryptography; it is used in some of the most popular protocols such as transport layer security (TLS) or secure socket layer (SSL) to protect Internet traffic and wired equivalent privacy (WEP) to add wireless network security. Using WEP is not recommended in modern systems; however, some RC4-based systems are safe enough for common use.

1) The RC4 cryptography algorithm its full name is Rivest Cipher 4, taking 2) the alternative acronym RC for “Ron’s Code” which is used by RC2, RC5 and RC 6 encryption algorithms.

3) RC4 is part of the most commonly used encryption methods such as WEP, TKIP (WPA) for wireless cards and TLS. RC4’s substantial speed and simplicity are among the main factors that have helped it to be used in such a wide range of applications.

4) Implementing RC4 both in hardware and software is quite easy, requiring few resources to deliver high throughput

5) RC4 generates a pseudorandom stream of bytes (key stream) which is XOR added to the plain text for encryption. Deciphering the message is done in the same way.

6) To generate the key stream, the encryption algorithm has an internal secret state consisting of the following:

-A permutation of 256 bytes called S vector or simply "S";

-Two 8-bit index pointers: i and j; and

-The permutation is initialised with a variable-length key, usually 40-256 bits, using a key scheduling algorithm (KSA). Once key scheduling is done, the ciphering “key stream” is produced by means of a pseudo-random generation algorithm (PRGA).

7) RC4 uses two blocks for encryption: KSA and PRGA. The following is RC4’s pseudo-code:

/ * S = S VECTOR with fixed 256 bytes * /size

/ * K = VECTOR which contains the seed * /

/ * L = length of seed (IV length plus SK length) * /

/ * N = 256, S vector size * /

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WorldList Download sites :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

>https://www.mediafire.com/file/m7tjhgfd61lfeu4/BIG-WPA-LIST-1.rar/file
(@ official site wireshark)

>https://github.com/berzerk0/Probable-Wordlists

>https://www.mediafire.com/file/6botgtnsy0rjfj9/BIG-WPA-LIST-2.rar/file
(@ official site wireshark)

>https://www.wirelesshack.org/wpa-wpa2-word-list-dictionaries.html

> https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm

> http://ftp.icm.edu.pl/packages/wordlists/

POsted By UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEP encryption algorithm 100 reason why wep old & not recommended :
T.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) The cryptographic algorithm used by the WEP encryption method (and the TKIP encryption method used by WPA) is RC4, according to the standard, with 64-bit keys (the seed). These 64 bits consist of 24 bits for the initialisation vector (IV) plus 40-bit shared key (secret). The 40-bit shared key has to be distributed manually.

2) the initialisation vector is dynamically produced and should be different for every data frame. The initial IV goal was to encrypt 802.11 frames with different keys to prevent a potential attacker from capturing enough encrypted traffic with the same key and finally deducing the key.

3) new tools have been developed, such as BackTrack 2) and “Klein’s attack on RC4” have been expanded allowing an attacker to easily obtain the shared key in a few minutes, for example, as accomplished by the PTW attack

3) Both sides must know the secret key and the IV. The key is known by both sides since it is stored in the configuration of each network device; however, the IV is produced at one end and is sent in a frame to the other end.

4) WEP is encrypted via the following steps:

1- Calculate CRC-32 for 802.11 frame payload and concatenate the result (ICV);

2- Concatenate the 40-bit shared secret key to the 24-bit IV to form a 64-bit seed;

3- Input the seed obtained in step 2 into the RC4 pseudo-random number generator (PRNG) to generate a sequence of pseudo-random characters (called key stream) with a number of octets equal to the number of octets in step 1;

4- XOR the resulting characters from steps 1 and 3 to obtain the cipher-text; and

5- Send the IV (unencrypted) and the encrypted message within the IEEE 802.11 frame “frame body” field.

5) The decoding algorithm is similar to the previous one. As the other end will know the IV and the secret key then it will have the seed and can thus generate the key stream. XOR operation of encrypted received data with the key stream will unencrypt the message (payload and ICV). CRC is done. It should be noted that WEP has come to be considered unsafe

Posted By UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best Wifi Hack Tools :
fb.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Nmap - Nmap ("Network Mapper") is free open source . Utility for network research and security auditing. It was designed to quickly scan large networks, although it works great against individual hosts. Nmap uses raw IP packets in a new way to determine which hosts are available on the network, what services (application name and version) these hosts offer, which operating systems (and OS versions) they use, what type of packet filters / firewalls are used, and also dozens of other features. Nmap runs on most types of computers and is adapted to all operating systems.
> Official site - https://nmap.org/

2) Nikto - Nikto is an open source (GPL) web server scanner that performs comprehensive tests against web servers for several items, including over 3200 potentially dangerous files / CGIs, versions on more than 625 servers, and specific versions problems on more than 230 servers. Scan items and plugins are often updated and can be automatically updated (if necessary).

Offsite - https://cirt.net/Nikto2

3) THC-AMAP - AMAP is the next generation tool for scanning and testing for penetration into the network. It performs fast and reliable discovery of application protocols running on specific ports.

Offsite - http://www.thc.org/thc-amap/

4) Wireshark- . Wireshark is the world's most important network protocol analyzer. This allows you to see what is happening on your network at a microscopic level. . Wireshark is one of the best tools for network analysis [protocols], if not the best. With Wireshark, you can analyze the network to the greatest detail to see what happens. M You can use the Live to capture packets, deep inspection of hundreds of protocols, viewing and filtering.

Offsite - https://www.wireshark.org/download.html

5) THC-Hydra - The number one of the biggest security holes is passwords, as each hack shows a security password. Hydra is one of the best brute and security testing software that supports numerous attack protocols. New modules are easy to add, in addition, the program is reliable and fast.

Off. site - https://www.thc.org/thc-hydra/

6) Metasploit Framework - The Metasploit Framework is an advanced open source platform for developing, testing and using exploit code. This project originally began as a portable network game and has become a powerful tool for penetration testing, exploit development, and vulnerability research.

Offsite - https://www.metasploit.com/

7) Jhon The Ripper - John the Ripper is a popular password cracking tool that is most often used to perform dictionary attacks. John the Ripper accepts samples of text strings (from a text file referred to as a wordlist, available here, here or here, which contains popular and complex words found in a dictionary or password that were hacked earlier, are encrypted in the same way as a password ( including both the encryption algorithm and the key), and comparing the output with the encrypted string, this tool can also be used to make various changes to the dictionaries, including brute force and Rainbow attacks.

Off. site - http://www.openwall.com/john/

8) Aircrack-ng . - A set of Wi-Fi (wireless networks) is a legendary tool, because it is very effective when used in the right hands. For those entrusted with breaking into a network or auditing wireless networks, Aircrack-NG will be their best friend. If you are an ordinary hacker, you can crack the WEP protocol in a few minutes, and you should be skilled enough to be able to crack WPA / WPA2.

Off. site - http://www.aircrack-ng.org/

Written By UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑More Hacking Tools choosed by UndercOde:
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) OWASP Zed- This hacking and pentesting tool with a simple user interface finds vulnerabilities in web applications. His popularity is also due to the fact that he has great support and good resources. Using the “troubleshooting” program, you can use automatic scanners, as well as various tools that allow cyber specialists to manually detect security vulnerabilities. When used as a proxy server, it allows the user to control all traffic passing through it, including traffic using HTTPS. It can also be run in daemon mode, which is then controlled through the REST application programming interface. This cross-platform tool is written in Java and is available on all popular operating systems, including Microsoft Windows,

Of.site - https://www.owasp.org/

2) RainbowCrack - a computer program for quickly breaking hashes. It is an implementation of the technique of Philipp Oxlin faster time-memory trade-off. It allows you to create a base of pre-generated LanManager hashes, with which you can almost instantly crack almost any alphanumeric password.

Of.site - http://project-rainbowcrack.com/

3) Cain & Abel - Cain and Abel is a password recovery tool used primarily for Microsoft operating systems. This popular hacking tool allows the user to recover various passwords by listening to the network (capturing some data packets), cracking encrypted passwords using a dictionary, brute (Generating hash values ​​from words, and then Comparing the encrypted hash code with the created method, this method takes less time than using a dictionary) and attack analysis. Cain, as is often mentioned, can also record VoIP (Voice over IP, used to make calls over the Internet), decode hashed passwords, recover wireless network keys, and much more.

Of.st - http://www.oxid.it/cain.html

4) SuperScan - SuperScan is a powerful TCP port scanner, pinger, recognizer. SuperScan 4 (current version) is a completely rewritten update of the very popular port scanning tool for Windows, SUPERSCAN. With this program you can obtain information about entire ranges of IP addresses by scanning ports, determining host names, and pinging.

5) GFI LANguard Network Security Scanner - GFI LANguard NSS is a vulnerability management solution that scans the network and performs over 15,000 vulnerability assessments. It identifies all possible security threats and provides you with tools to fix and verify network security. GFI LANguard NSS has been recognized as the Leader in Commercial Security for Nmap Users for 2 consecutive years, and has been sold over 200,000 times!

6) Retina Network Scanner Security - Retina, recognized as the industry standard for vulnerability assessment, identifies known security vulnerabilities and helps prioritize threats for rehabilitation. With fast and accurate scans, users can protect their networks from even the most recent threats.

7) SamSpade - SamSpade provides a consistent graphical interface and implementation for many useful network query tasks. It was designed to track down spammers, but it can be useful for many other tasks — network research, administration, and security. It includes tools such as ping, NSLOOKUP, WHOIS, tracing, HTTP web browser, DNS zone transfer, SMTP relay check, website search and more.

8) Nessus - nessus is the most popular vulnerability scanner, used by more than 75,000 organizations around the world. Many of the world's largest organizations realize significant cost savings by using Nessus to test mission-critical business devices and enterprise applications.

9) N-Stealth - N-Stealth is a commercial web server security scanner. It is usually updated more often than free web crawlers.

10) IRPAS - Suite Internet Attack Routing Protocol - routing protocols that are used by routers to communicate with each other to deliver data, such as IP. While many enhancements have been made to security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication.

11) Solarwinds - Solarwinds contains network monitoring, detection and attack tools. Advanced security features, Internet security test .TCP Reset remotely displays all active sessions on the device, can decrypt and recover passwords. The port scanner allows testing open TCP ports through the address and port ranges.

12) CookieDigger - CookieDigger helps identify weak cookie generation and insecure session management using web applications. The tool works by collecting and analyzing cookies. Generates a report on whether important information such as username and password are included in cookie values.

Written By UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Cisco password anti-hacking
twitter.com/UnderCodeTc

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1> Router (config) # login block-for 100 attempts 5 within 50

2> Router (config) # login quiet-mode access-class myacl

3> Router (config) # login delay 10

4> Router (config) # login on-failure log

5> Router (config) # login on-success log

A) The first command must be entered before using any other login commands. For 100 seconds, it blocks any attempts to connect to the device, if within 50 seconds 5 failed registrations were made on the router.

> If there are addresses that should not be blocked (for example, administrative), then they are described by the login quiet-mode access-class command.

B) The login delay command determines the delay time before allowing re-registration. If it is not specified, then automatic delay will be carried out by the login block-for command for 1 second. The last 2 commands include registration of successful and unsuccessful attempts to connect to the router.

C) You can verify the registration subsystem settings by using the show login command. And the show login failures command shows all failed attempts to connect to the device.


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Code to get the names and ip of the servers associated with the sharepoint
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

PS Z: \> $ servers = Get-SPServer | where {$ _. role -ne "Invalid"}
PS Z: \> $ servers | select Name, Role, @ {Label = "IP Address"; Expression = {[System.Net.Dns] :: GetHostByName ($ _. Name) .AddressList.IPAddressToString}} | Format-table

🦑 Name Role IP Address

SPF1 Application 192.168.30.28
SPF1-2 Application 192.168.30.29



PS Z: \> $ servers = Get-SPServer
PS Z: \> $ servers | select Name, Role, @ {Label = "IP Address"; Expression = {[System.Net.Dns] :: GetHostByName ($ _. Name) .AddressList.IPAddressToString}} | Format-table

🦑 Name Role IP Address

DatabaseServer Invalid
db02 Invalid 192.168.30.8
FailOverServer Invalid
mail Invalid 192.168.30.13
secexch Invalid 192.168.30.14
SPF1 Application 192.168.30.28
SPF1-2 Application 192.168.30.29
SMirror Invalid 192.168.30.21

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Installation and simple configuration of yate in centos
Instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Downloaded wget http://voip.null.ro/tarballs/yate5/yate-5.4.0-1.src.rpm

2) the rpm -Uvh yate-5.4.0-1.src.rpm

3) Added "/ usr / local / lib" to the end of /etc/ld.so.conf

4) ldconfg

5) regfile.conf
Added by:
[100]
password = 001

[200]
password = 002

6) regexroute.conf
Corrected:
[default]
$ {username} ^ $ = -; error = noauth

7) / usr / local / bin / yate start
For debug, the launch option is: yate -vvvvvvv


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A simple introduction to the basics of OOP in python
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Code checked on version 3


Class members are called attributes, class functions are called methods, class fields are called properties.

-
Minimum class definition:
class A:
pass

Creating an instance of the class:
o = A ()

-
The method has an argument self:
class A:
def func (self, x):
return "arg self is:" + str (self) + "arg 2 is:" + str (x)


Calling a class method without instantiating: A.func (5,2)
'arg self is: 5arg 2 is: 2'

-
Classes can inherit from other classes:
class A (object):
def func (self):
return "Func in A "

class B (A):
pass

Calling the parent class method
o = B ()
o.func ()

-
Constructor and destructor (methods called when creating and deleting a class)
class A:
def init (self, p1, p2):
self.line = (p1, p2)
def del (self):
print ("The destructor deletes from memory:% s -% s "% self.line)

We create an instance, check the execution of the constructor, delete the instance
a = A ("s1", "s2")
a.line
del a

-
Encapsulation. Hidden attributes are defined using the Attribute name construct, direct access to them will be closed:
class A (object):
def __init (self):
self . i = 1
def set_i (self, x):
self . i = x
def get_i (self):
return self . i

Change hidden attribute
a = A ()
a.get_i ()
a.set_i (5)
a.get_i ()

-
Documentation of class
class A (object):
"" "Documentation" ""
pass

Documentation call
A . doc__
'Documentation'

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁