β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦So Now The posted Tutorials :
1) ftp service-is Pure-FTPd really strong tutorial
2) Traditional proxy, transparent proxy, plug-gw
3) Apache reverse proxy, IP masquerading full
4) HOSTING BY UNDERCODE TUTORIAL FOR BEGINER (About httpd.config
5) BIN Crunchyroll
6) BIN SCRIBD
MORE COMING LATER ...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦So Now The posted Tutorials :
1) ftp service-is Pure-FTPd really strong tutorial
2) Traditional proxy, transparent proxy, plug-gw
3) Apache reverse proxy, IP masquerading full
4) HOSTING BY UNDERCODE TUTORIAL FOR BEGINER (About httpd.config
5) BIN Crunchyroll
6) BIN SCRIBD
MORE COMING LATER ...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Firewall in Network :
fb.com/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
> Firewall technology is an important element in network security. It is a barrier and a sentinel when communicating between the external network and the internal network. In addition to deeply understanding the types and working principles of firewall technology, as a network security manager, you should also be familiar with the configuration and maintenance of various common firewalls.At a minimum, you should know the simple configuration of the firewall:
1) Use of common personal firewall software;
2) ACL-based packet filtering firewall configuration (such as Windows-based IPSec configuration, Cisco router-based ACL configuration, etc.)
3) Firewall configuration (Ipchains / Iptables) based on Linux operating system;
4) ISA configuration;
5) Cisco PIX configuration;
6) Check Point firewall configuration;
7) VPN configuration based on Windows, Unix, Cisco router.Reference books: "Network Security and Firewall Technology", "Linux Firewall", "Advanced Firewall ISA Server 2000", "Cisco Access Table Configuration Guide", "Check Point NG Security Management", "Virtual Private Network (VPN) Refinement"
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Firewall in Network :
fb.com/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
> Firewall technology is an important element in network security. It is a barrier and a sentinel when communicating between the external network and the internal network. In addition to deeply understanding the types and working principles of firewall technology, as a network security manager, you should also be familiar with the configuration and maintenance of various common firewalls.At a minimum, you should know the simple configuration of the firewall:
1) Use of common personal firewall software;
2) ACL-based packet filtering firewall configuration (such as Windows-based IPSec configuration, Cisco router-based ACL configuration, etc.)
3) Firewall configuration (Ipchains / Iptables) based on Linux operating system;
4) ISA configuration;
5) Cisco PIX configuration;
6) Check Point firewall configuration;
7) VPN configuration based on Windows, Unix, Cisco router.Reference books: "Network Security and Firewall Technology", "Linux Firewall", "Advanced Firewall ISA Server 2000", "Cisco Access Table Configuration Guide", "Check Point NG Security Management", "Virtual Private Network (VPN) Refinement"
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 97 likes Β· 3 talking about this. Programming, Hacking,Security, Web & Applications Developpements, Fix Errors , Hosts, Server Security, Hacking Pentest, Phone softwares &...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Who can give a network security learning route-THEORICAL ?
twitter.com/UnderCodeNews
π¦ ππΌππ πππΈβπ :
> Decryption and encryptionSoftware
1) encryption and decryption is a fascinating field of research, and it can be closely integrated with almost any computer technology-cryptography, programming languages, operating systems, data structures.
2) Without encryption technology, any network security is a piece of paper.
3) The application of cryptography runs through the entire network security learning process.First look at the programs in your computer. Programs written in high-level languages ββare compiled into machine language and executed in the CPU, such as Visual C ++.
4) Because machine language and assembly language have a one-to-one correspondence, machine language can be converted into assembly language. This process is called disassembly. The assembly language may be more readable, so that you can analyze the program flow and analyze its functions. This process is decryption (commonly known as cracking). In other words, the foundation of decryption is based on the assembly language level, so if you want to get involved in this field, assembly language must be learned well.
5) After the assembly is learned, it is recommended to master Win32 programming.Learning to decrypt and encrypt is very tiring, it takes a lot of time, and it will often run into a wall.
6) No progress for three or five days is very common. There is no other secret except hard work and persistence. But mastering this technology can improve your debugging skills, understand other people's program ideas, and write better programs through tracking software.Reference books: "Windows Programming", "32-Bit Assembly Language Programming in the Windows Environment", "Cryptography",
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Who can give a network security learning route-THEORICAL ?
twitter.com/UnderCodeNews
π¦ ππΌππ πππΈβπ :
> Decryption and encryptionSoftware
1) encryption and decryption is a fascinating field of research, and it can be closely integrated with almost any computer technology-cryptography, programming languages, operating systems, data structures.
2) Without encryption technology, any network security is a piece of paper.
3) The application of cryptography runs through the entire network security learning process.First look at the programs in your computer. Programs written in high-level languages ββare compiled into machine language and executed in the CPU, such as Visual C ++.
4) Because machine language and assembly language have a one-to-one correspondence, machine language can be converted into assembly language. This process is called disassembly. The assembly language may be more readable, so that you can analyze the program flow and analyze its functions. This process is decryption (commonly known as cracking). In other words, the foundation of decryption is based on the assembly language level, so if you want to get involved in this field, assembly language must be learned well.
5) After the assembly is learned, it is recommended to master Win32 programming.Learning to decrypt and encrypt is very tiring, it takes a lot of time, and it will often run into a wall.
6) No progress for three or five days is very common. There is no other secret except hard work and persistence. But mastering this technology can improve your debugging skills, understand other people's program ideas, and write better programs through tracking software.Reference books: "Windows Programming", "32-Bit Assembly Language Programming in the Windows Environment", "Cryptography",
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE TESTING (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE TESTING (@UndercodeNews). πΈππ§πππππ & πΈππ¨ππͺπ€ ππ‘πππ₯ππ. Lebanon-North
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is Protocol layer security ?
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) Protocol layer securityProtocol layer security mainly involves content related to the TCP / IP layered model, including the working principles and characteristics of common protocols, defects, protection or alternative measures, and so on. There are many reasons why a system learns TCP / IP.
2) To properly implement firewall filtering, security administrators must have a deep understanding of the IP and TCP / UDP layers of TCP / IP, and hackers often use parts of the TCP / IP stack or to breach network security. So you must also understand these things clearly
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is Protocol layer security ?
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) Protocol layer securityProtocol layer security mainly involves content related to the TCP / IP layered model, including the working principles and characteristics of common protocols, defects, protection or alternative measures, and so on. There are many reasons why a system learns TCP / IP.
2) To properly implement firewall filtering, security administrators must have a deep understanding of the IP and TCP / UDP layers of TCP / IP, and hackers often use parts of the TCP / IP stack or to breach network security. So you must also understand these things clearly
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 updated topic > Create native Mac applications from command line scripts
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
>https://github.com/sveinbjornt/Platypus (official git)
>open term and type brew cask install platypus
π¦Features
1) Supports shell scripts, Python, Perl, Ruby, PHP, Swift, Expect, Tcl, AWK, JavaScript, AppleScript or any other user-specified interpreter
2) Apps can display graphical feedback of script execution as a progress bar, text window with script output, droplet, WebKit HTML rendering or status item menu
3) Apps support receiving dragged and dropped files or text snippets, which are then passed to the script as arguments
4) Apps can execute scripts with root privileges via the macOS Security Framework
5) Apps can register as handlers for URI schemes
6) Apps can be configured to run in the background (LSUIElement)
7)Set own application icon or select from presets
8) Set app's associated file types, identifier, version, author, etc.
9)Graphical interface for bundling support files with the script
10) Command line tool for automation and build process integration
"Profiles" can be used to save app configurations
11) Built-in script editor, or linking with external editor of choice
Extensive documentation and many built-in examples to help you get started
12) Fast, responsive native app written in Objective-C/Cocoa
π¦Tested by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 updated topic > Create native Mac applications from command line scripts
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
>https://github.com/sveinbjornt/Platypus (official git)
>open term and type brew cask install platypus
π¦Features
1) Supports shell scripts, Python, Perl, Ruby, PHP, Swift, Expect, Tcl, AWK, JavaScript, AppleScript or any other user-specified interpreter
2) Apps can display graphical feedback of script execution as a progress bar, text window with script output, droplet, WebKit HTML rendering or status item menu
3) Apps support receiving dragged and dropped files or text snippets, which are then passed to the script as arguments
4) Apps can execute scripts with root privileges via the macOS Security Framework
5) Apps can register as handlers for URI schemes
6) Apps can be configured to run in the background (LSUIElement)
7)Set own application icon or select from presets
8) Set app's associated file types, identifier, version, author, etc.
9)Graphical interface for bundling support files with the script
10) Command line tool for automation and build process integration
"Profiles" can be used to save app configurations
11) Built-in script editor, or linking with external editor of choice
Extensive documentation and many built-in examples to help you get started
12) Fast, responsive native app written in Objective-C/Cocoa
π¦Tested by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ xss vulnerabilities everyone should know by undercode :
> When reading materials about XSS, we usually see the classic <script> alert (1) </ script> as proof of this vulnerability (PoC-Proof of Concept). Although it is correct, it does not go beyond this range, which allows novices in the field to find more solutions to deal with this situation. Therefore, this is something everyone should know and be able to exploit the 7 XSS vulnerabilitiesare :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) At the beginning of the source code, there is an HTML comment with all the parameters used to trigger each case, and they apply to both GET and POST requests.
2) We can see that all cases are source-based, which means that the injection always appears in the source code retrieved by the HTTP response body. Independent of the types being reflected or stored, what matters here is the context in which they appear when displayed, so we will always use the reflected type as the main example. Some XSS flaws do not appear in the source code, and DOM-based flaws are not covered here.
> Remember to try the following example only in browsers without local XSS filtering (such as Mozilla Firefox ).
3) URL reflection
When the URL is reflected somehow in the source code, we can add our own XSS vector / payload to it. For PHP pages, you can use a slash (/) to add anything in the URL after the page name (no changes needed).
> check out undercode picture sended here
The leading label dash (">") needs to be used to break through the current label so that we can insert a new label.
>Although there are multiple reasons for using different languages ββ(reflection may also appear in path or URL parameters), for PHP, the reason is usually the global variable $ _SERVER ["PHP_SELF"] in the action field of the submit form
π¦ xss vulnerabilities everyone should know by undercode :
> When reading materials about XSS, we usually see the classic <script> alert (1) </ script> as proof of this vulnerability (PoC-Proof of Concept). Although it is correct, it does not go beyond this range, which allows novices in the field to find more solutions to deal with this situation. Therefore, this is something everyone should know and be able to exploit the 7 XSS vulnerabilitiesare :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) At the beginning of the source code, there is an HTML comment with all the parameters used to trigger each case, and they apply to both GET and POST requests.
2) We can see that all cases are source-based, which means that the injection always appears in the source code retrieved by the HTTP response body. Independent of the types being reflected or stored, what matters here is the context in which they appear when displayed, so we will always use the reflected type as the main example. Some XSS flaws do not appear in the source code, and DOM-based flaws are not covered here.
> Remember to try the following example only in browsers without local XSS filtering (such as Mozilla Firefox ).
3) URL reflection
When the URL is reflected somehow in the source code, we can add our own XSS vector / payload to it. For PHP pages, you can use a slash (/) to add anything in the URL after the page name (no changes needed).
> check out undercode picture sended here
The leading label dash (">") needs to be used to break through the current label so that we can insert a new label.
>Although there are multiple reasons for using different languages ββ(reflection may also appear in path or URL parameters), for PHP, the reason is usually the global variable $ _SERVER ["PHP_SELF"] in the action field of the submit form
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
π¦2) Simple HTMLi (HTML injection)
The simplest input is reflected directly in the code between or after existing tags. No need to escape or break anything, any simple XSS vector (such as <tag handler = jsCode>) will do the job.
3)Inline HTMLi
Almost as simple as the previous one, but preceded by a lowercase ">" to break the current label.
4) Inline HTMLi: no broken tags
When the input is placed in an HTML attribute and the filter condition is greater than the character (>), the current tag cannot be broken as in the previous case.
The simplest input is reflected directly in the code between or after existing tags. No need to escape or break anything, any simple XSS vector (such as <tag handler = jsCode>) will do the job.
3)Inline HTMLi
Almost as simple as the previous one, but preceded by a lowercase ">" to break the current label.
4) Inline HTMLi: no broken tags
When the input is placed in an HTML attribute and the filter condition is greater than the character (>), the current tag cannot be broken as in the previous case.
This will turn the value off and provide space for inserting the onmouseover event handler. Point to alert (1) followed by double slashes to comment out the hanging quotes. When the victim points the mouse to the affected input field, a js popup window will be triggered.
π¦ will posts some from our hacking video tutorial later on youtube (more detailed )
5) Js (JavaScript) block in HTMLi
The input sometimes falls into a javascript block, usually the value of some variable in the code. However, because HTML tags have priority in the browser's parsing, we can simply terminate the block and insert a new tag.
The input sometimes falls into a javascript block, usually the value of some variable in the code. However, because HTML tags have priority in the browser's parsing, we can simply terminate the block and insert a new tag.
6) Simple Js injection
If script tags were filtered in some way, the previous method would fail.
If script tags were filtered in some way, the previous method would fail.
7) Escaped Js Injection
In the former case, if you escape the quotes (responsible for the breakthrough of the variable value) with a backslash (\), the injection will not work (the syntax is invalid).
> That's it for today. Recently, two-way foil security launched a practical class for vulnerability mining
In the former case, if you escape the quotes (responsible for the breakthrough of the variable value) with a backslash (\), the injection will not work (the syntax is invalid).
> That's it for today. Recently, two-way foil security launched a practical class for vulnerability mining
π¦those xss vulnerabilities everyone should know