▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to Install Nginx on Ubuntu :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Install Nginx on Your Ubuntu Server

Nginx is available in the Ubuntu package repositories simple. First, update the apt cache with the following command:

sudo apt update

and install Nginx by issuing:

sudo apt install nginx

Once the installation is completed Nginx will be automatically started.
You can make sure that Nginx service is running with the following command:

sudo systemctl status nginx

The output should look like below:

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-03-31 01:50:44 CDT; 8s ago
Main PID: 716 (nginx)
CGroup: /system.slice/nginx.service
├─716 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
├─717 nginx: worker process
├─718 nginx: worker process
├─719 nginx: worker process
└─720 nginx: worker process

2) Open Firewall Ports

If you are using ufw you need to open HTTP port 80 and/or HTTPS port 433. Ufw comes with profiles based on the default ports of most common daemons and programs.

To open both Nginx ports run the following command:

sudo ufw allow 'Nginx Full'

To verify the change run:

sudo ufw status

The output should look like below:

Status: active

To Action From
-- ------ ----
Nginx Full ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)

You can now open your browser, enter your server IP address into your browser address bar and you should see the default Nginx page.

3) Managing Nginx Service

You can manage the Nginx service same as any other systemd unit.

Start the nginx service with the following command:

sudo systemctl start nginx

Stop the service with:

sudo systemctl stop nginx

Restart the service with:

sudo systemctl restart nginx

Check the status of the service with:

sudo systemctl status nginx

Enable the service on system boot with:

sudo systemctl enable nginx

Disable the service on system boot with:

sudo systemctl disable nginx

4) Create a New Server Block

The default Nginx installation will have one server block enabled with a document root set to /var/www/html.
In this guide, we will create a new server block for the domain example.com and set the document root to /var/www/example.com.

First, create the domain document root with the following command:

sudo mkdir -p /var/www/example.com

and then create an index.html file with the following content:

sudo vim /var/www/example.com/index.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>example.com</title>
</head>
<body>
<h1>example.com server block</h1>
</body>
</html>

Next, create a new server block with the following content:

sudo vim /etc/nginx/sites-available/example.com.conf

server {
listen 80;
listen [::]:80;

server_name example.com www.example.com;

root /var/www/example.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

Activate the server block by creating a symbolic link :

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf

5) Restart Nginx

Test the Nginx configuration and restart nginx:

sudo nginx -t
sudo systemctl restart nginx

6) Now if you enter example.com into your browser address bar you should see example.com server block.

this post Powered by Wiki
Tested by UndercOde on Lastest Version of Ubuntu
e n j o y
@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Securing ubuntu server System
Setting up the Firewall
instagram.com/UnderCodeTesting

🦑 Reference: "IPTables :

1) Linux has a built-in Firewall called netfilter, which works via the iptables tool. It uses 3 so-called iptables:

the filter table for filtering the IP packets,
the nat table for network address translation, and
the mangle table for modifying the IP packets.

2) Each table contains a set of chains. Each chain has rules.

3) For the filter table, there are 3 chains (of rules): INPUT (applied to incoming packets), OUTPUT (applied to the outgoing packets), and FORWARD (applied to incoming packets destined for another system). You can list all the current filter rules via the following command:

$ sudo iptables -L // -L to list the current filtering rules.
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
// The filter table has 3 chains with no rules

4) The iptables tool is complex. But, we are only concerned about the incoming IP packets, i.e., the INPUT chain of the filter table. To setup incoming packet-filtering via Webmin:

5) Goto "Webmin" ⇒ "Networking" ⇒ "Linux Firewall" ⇒ Select the option "Allow all traffic" and check "Enable firewall at boot time" ⇒ "Setup Firewall".

6) Select the iptable "Packet filtering (filter)". On a fresh installation, there shall be no rules under all the 3 chains: INPUT, OUTPUT and FORWARD.
}
7) Add the following rules, which are necessary for proper operations of the network interface.

8) Under "Incoming packets (INPUT)":
"Add Rule" ⇒ Set "Action to take" to "Accept" ⇒ For "Connection states", select "Equals" for both "Established" and "Related" ⇒ "Create".

9) This rule is necessary to allow incoming packets that are part of an already established IP connection. We will set the rules for new connection later.

10 ) The corresponding Unix command is:

$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
// -A INPUT: append this rule to the INPUT chain
// -m conntrack:
// -ctstate ESTABLISHED,RELATED: connection state
// -j ACCEPT: accept the packet


11) "Add Rule" ⇒ Set "Action to take" to "Accept" ⇒ For "Network protocol", select "Equals" for "ICMP" ⇒ "Create".

12) This rule allows incoming packets for ICMP diagnostics such as ping and traceroute.

13) "Add Rule" ⇒ Set "Action to take" to "Accept" ⇒ For "Incoming interface", select "Equals" for "lo" (local) ⇒ "Create".

14) This rule allows incoming packets for local loopback interface (or, localhost).

15)Next, create rules for each of the protocol services that are permitted to access the server. This depends on your specific environment.
Under "Incoming packets (INPUT)":

16) To allow incoming SSH connection, which runs on TCP port 22 by default: "Add Rule" ⇒ Set "Action to take" to "Accept" ⇒ For "Network protocol", select "Equals" for "TCP" ⇒ For "Destination TCP or UDP port", select "Equals" and set "Port(s)" to 22 ⇒ For "Connection states", select "Equals" for "NEW".

17) The corresponding Unix command is:

$ sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
// -A INPUT: append this rule to INPUT chain
// -p tcp: network protocol of tcp
// --dport ssh: ssh default port number (22)
// -j ACCEPT: accept the packet

18) To allow incoming Webmin connection, which runs on TCP port 10000 by default: repeat the above, but choose port 10000.


19) Similarly, you can allow incoming connection for services such as HTTP (default on TCP port 80), HTTPS (default on TCP port 443), Usermin (default on TCP port 20000) Samba (UDP Ports 137-139, TCP ports 137, 139 and 445), PhpMyAdmin (...) ...

20) Finally, set the INPUT chain's default policy to drop packets that don't match any rules.

21) Select "Default action" to "Drop", and click "Set Default Action To" button.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Speed ​​optimization-enable hard disk DMA support Enabling hard-ssd disk DMA support
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> DMA support is not enabled after the anonymous system is installed. In order to improve efficiency, you can enable it.

1) /etc/rc.d/rc.local Add a line / sbin / hdparm -d1 -c3 -m16 / dev / hda
If your hard disk supports ATA33, you can add -X66, ATA66 is -X68.

2) For example, ATA66 is: / sbin / hdparm -d1 -X68 -c3 -m16 / dev / hda
We can use hdparm -Tt / dev / hda to test the effect before and after joining.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Malware collection gd list by UNdercOde
pinterest.com/Undercode_Testing

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Capture and collect your own samples

1) Conpot -ICS / SCADA Honeypot

2) Cowrie -Kippo-based SSH honeypot

3) Dionaea -Honeypot to catch malware

4) Glastopf -Web Application Honeypot

5) Honeyd -Create a virtual honeypot

6) HoneyDrive -Linux distribution for honeypot packages
Mnemosyne -Honeypot data standardization supported by Dinoaea

7) Thug -Low-interaction honeypot for investigating malicious websites
Malware Sample Library

🦑 Collect malware samples for analysis

1) Clean MX -Real-time database of malware and malicious domains

2 )Contagio -Collection of recent malware samples and analysis

3) Exploit Database -Exploit and shellcode samples

4) Malshare -A large library of malicious samples obtained on malicious websites.

5) MalwareDB -Malware sample library

6) Open Malware Project -Sample Information and Download

7)-Ragpicker -A plugin based on the malware crawler.

8) the Zoo -Real-time malicious sample library for analysts

9) Tracker h3x -Agregator's malware tracking and download address
V
10) iruSign -Database of malware detected by anti-virus programs other than ClamAV

11) VirusShare -Malware library

12) VX Vault -Active Collection of Malware Samples

13) Zeltser's Sources -List of malware sample sources compiled by Lenny Zeltser

14) Zeus Source Code -Zeus source code leaked in 2011

🦑 Will write tutorial for each one

written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑To run an external (third party, copied) "WORKING" php script : On Termux
Twitter.com/UndercodeNews
After installing php

1) Pkg updates

2) Sudo pkg install php

3) save your (executable) script.php in /storage/
example : in /storage/emulated/0/Documents/...FULL...PATH.../
(and other files.txt used by the script, if necessary)


4) Then in Termux App,
>
cd /storage/emulated/0/Documents/...FULL...PATH.../
>
php script.php

5) BUT ... before,
"It is necessary to grant storage permission for Termux on [your device with] Android 6 and higher.
Use 'Settings>Apps>Termux>Permissions>Storage' and set to true."

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 malwares Setup 2020
An SSH Honeypot >Cowrie is a medium interaction SSH and Telnet honeypot, which can log brute force attacks and an attacker’s shell interaction
pinterest.com/Undercode_Testing

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Change the Port You’ll Use to Administer the Server
Cowrie will be listening for SSH connections on port 22. You’ll want to configure the SSH service to listen on a different port for you to connect to and administer the server.

2)sudo vi /etc/ssh/sshd_config
Under # What ports, IPs and protocols we listen for, change the port number to 3393 or your preferred port number.

3) Write your changes and quit vi.
Ctrl + C

4) Restart the SSH service.

5) service ssh restart

6) By running the command below, you can see that the server is now listening for connections on port 3393.

7) netstat -tan

> Proto Recv-Q Send-Q Local Address Foreign Address State
tcp0 0 0.0.0.0:3393 0.0.0.0:* LISTEN

🦑 Install and Configure Cowrie

1) Download updated package lists.

> sudo apt-get update

2) Install Cowrie’s dependencies.

> sudo apt-get install python2.7 git virtualenv libmpfr-dev libssl-dev libmpc-dev libffi-dev build-essential libpython-dev python-pip

3) Add a new user named, cowrie.

4) sudo adduser — disabled-password cowrie

5) Switch to the new user, cowrie

> sudo su — cowrie

6) Navigate to the home directory of user, cowrie, and clone the cowrie git repository.
> git clone https://github.com/micheloosterhof/cowrie.git

7) Create a new Python virtual environment for cowrie.

8) cd cowrie

9) virtualenv cowrie-env

10) Activate the virtual environment.

> source cowrie-env/bin/activate

11) The terminal will display (cowrie-env) before the username, cowrie.

12) Install pycrypto, Crypto and other requirements.

13) pip install pycrypto Crypto
(cowrie-env)$ pip install -r requirements.txt

14) Generate a key for the cowrie instance.

15) cd data
ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key
cd ..

16) export PYTHONPATH=/home/cowrie/cowrie
Additional Cowrie Configuration

17) Make a copy of the config file for your new cowrie instance.

18) cd /home/cowrie/cowrie/

19) cp cowrie.cfg.dist cowrie.cfg
vi ./cowrie.cfg

20) Set the hostname in the configuration file to a server name of your choice. E.g. fileserver4

21) Change the Port to listen for incoming SSH connections to port 22.

22) Write your changes and quit vi.
Ctrl + C
:wq

23) Enable authbind in cowrie’s start.sh file.
sudo vi /home/cowrie/cowrie/start.sh

Change line 2 to read:
AUTHBIND_ENABLED=yes

24) sudo apt-get install authbind

25) sudo touch /etc/authbind/byport/22

26) sudo chown cowrie /etc/authbind/byport/22

27) sudo chmod 777 /etc/authbind/byport/22

🦑 Start Cowrie

1) Execute the following commands to start Cowrie.

2) sudo su cowrie

3) cd /home/cowrie/cowrie/
source cowrie-env/bin/activate

4) ./start.sh

5) Verify cowrie is listening on port 22 by running the command below.
netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN

6) Execute the following command to stop Cowrie.
./stop.sh

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Usefull Tools for IDS / IPS / Host IDS / Host IPS 2020
instagram.com/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Snort - Snort is a free, open source intrusion prevention system (NIPS) and network intrusion detection system (NIDS), created by Martin Roche Snort is currently under development. Sourcefire, founded by Roesch and CTO. In 2009, Snort entered the OpenWork InfoWorld Hall of

2) Fame as one of the “greatest [open source] software samples of all time”.

3) Bro - Bro is a powerful network analysis infrastructure that is very different from the typical IDS you may know.

4) OSSEC - Integrated HIDS open source. Not for the faint of heart. It takes a little to understand how this works. Performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time notification, and an active response. It works on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX, and Windows. Lots of reasonable documentation. Sweet spot - medium to large deployment.

5) Suricata - Suricata is a high-performance mechanism for monitoring
network IDS, IPS and network security. Open Source and belongs to the public non-profit foundation Open Foundation Security Foundation (OISF). Suricata was developed by OISF and its suppliers.

6) Security Onion - Security Onion is a Linux distribution for intrusion detection, network security monitoring and log management. It is based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert,

7) Snorby, ELSA, Xplico, NetworkMiner and many other security tools. The easy-to-use installation wizard allows you to create an army of distributed sensors for your enterprise in minutes!

8) sshwatch - IPS for SSH is similar to DenyHosts written in Python. It can also collect information about an attacker during an attack in a log.

9) Stealth - Check file integrity, which leaves virtually no residue. The controller starts from another computer, which makes it difficult for an attacker to know that the file system is checked at certain pseudorandom intervals via SSH. Highly recommended for small to medium deployments.

11) AIEngine - AIEngine is an interactive / programmable next-generation Python / Ruby / Java / Lua package checker with training capabilities without any human intervention, NIDS (network intrusion detection) System) functionality, DNS domain classification, network collector, network forensics and much more.

12) Denyhosts - Prevent SSH dictionary attacks and brute force attacks.
Fail2Ban - scans log files and performs actions at IP addresses that show malicious behavior.

13) SSHGuard - a service security software in addition to SSH written in C
Lynis is an open source security audit tool for Linux / Unix.

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 COMMUN VIRUS-MALWARES 2020 top
twitter.com/UndercodeNews

1) Damn Simple Honeypot (DSHP) - Honeypot framework with pluggable handlers.

2) NOVA - uses honeypots as detectors, looks like a complete system.

3) OpenFlow Honeypot (OFPot) - Redirects traffic for unused IP addresses to a honeypot built on POX.

4) OpenCanary - A modular and decentralized honeypot daemon that runs several Canary versions of services and warns when (ab) is in use.
low- ciscoasa_honeypot Honeypot for a Cisco ASA that can detect CVE-2018-0101, DoS vulnerabilities, and remote code execution.
miniprint - Honeypot mid-interaction printer.

🦑 Botnet C2 Tools

1) Hale - Botnet management and control monitor.

2) dnsMole - analyzes DNS traffic and potentially detects botnet commands and monitors server activity, as well as infected hosts.

3) IPv6 attack detection tool

ipv6 attack detector is a Google Summer of Code 2012 project supported by the Honeynet Project.
dynamic code toolkit

4)Frida - Add JavaScript to explore native applications on Windows, Mac, Linux, iOS, and Android.
A tool for converting a site into server decoys

5) HIHAT - Convert arbitrary PHP applications to high-level Honeypots web interfaces.
malware collector

6) Kippo-Malware is a Python script that downloads all malicious files stored as URLs in the Kippo SSH honeypot database.
Distributed Deployment Sensor

7) Modern Honey Network - Multiple snort and honeypot sensor management, uses a network of virtual machines, small SNORT installations, hidden dioneas and a centralized server for management.

🦑Network analysis tool

1) Tracexploit - play network packets.

2) Anonymizer Journal

3) LogAnon - Anonymous logging library that helps ensure anonymous logs are consistent between logs and network captures.
Low-interaction Honeypot (router back door)

4) Honeypot-32764 - Honeypot for the back door of the router (TCP 32764).

5) WAPot - Honeypot that can be used to monitor traffic directed to home routers.

6) Honeynet Farm Traffic Redirector

Honeymole - Deploying multiple sensors that redirect traffic to a centralized collection of honey pots.

7) HTTPS Proxy

mitmproxy - allows you to intercept, verify, modify and play traffic flows.

🦑System hardware

1) Sysdig - An open-source system-level study allows you to record the status and activity of a system from a running GNU / Linux instance, and then save, filter, and analyze the results.

2) Fibratus - A tool for researching and tracking the Windows kernel.
Honeypot for malware distribution via USB

3) Ghost-usb - Honeypot for malware spreading through USB storage devices.

🦑 Data collection

1) Kippo2MySQL - Extracts some very simple statistics from Kippo text log files and inserts them into a MySQL database.

2) Kippo2ElasticSearch is a Python script for transferring data from the

3) Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).

4) Passive Network Audit Framework Parser

[Passive Network Audit Infrastructure (pnaf)] ( https://github.com/jusafing/pnaf ) is a platform that combines several passive and automated analysis methods to provide an assessment of the security of network platforms.

🦑 VM monitoring and tools

1) Antivmdetect - Script to create templates for use with VirtualBox to make VM detection more difficult.

2) VMCloak - Automatically create a virtual machine and mask for a cuckoo sandbox.
[vmitools] ( http://libvmi.com/ ) is a C library with Python bindings that makes it easy to track the low-level details of a running virtual machine.

🦑 binary debugger

1) Hexgolems - the server part of the debugger Pint - the server part of the debugger and the LUA shell for the PIN code.

2) Hexgolems - external interface of the debugger Schem - external interface of the debugger.

ALL THOSE AVAIBLE AT GITHUB WILL WROTE SOME TUTORIALS FOR those
Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Deface topic script Deface is a library that allows you to customize HTML (ERB, Haml and Slim) views in a Rails application without editing the underlying view.

> It allows you to easily target html & erb elements as the hooks for customization using CSS selectors as supported by Nokogiri. Rails plugin that allows you to customize ERB views in a Rails application without editing the underlying view updated in 2019
http://pinterest.com/Undercode_testing

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) on linux os clone https://github.com/spree/deface

2) go dir

3) Ensure that your layout views include doctype, html, head and body tags in a single file, as Nokogiri will create such elements if it detects any of these tags have been incorrectly nested.

4) Parsing will fail and result in invalid output if ERB blocks are responsible for closing an HTML tag that was opened normally, i.e. don't do this: &lt;div <%= ">" %>

5) Gems or Spree Extensions that add overrides to your application will load them in the order they are added to your Gemfile.

6) Applying an override to a view that contains invalid markup (which, occasionally happens in Spree views) can break rendering that would normally pass a browser's own permissive rendering. This is because the nokogiri library takes it upon itself to correct the issue, which doesn't happen prior to applying deface. Sometimes that correction changes the rendering of the view in an unintended manner, appearing to break it. The easiest way to tell if this is the cause of an issue for you is to put your view into http://deface.heroku.com/ and diff the output with the html which rails renders without your override. If you see a difference in the structure of the html, you may have invalid markup in your view which nokogiri is correcting for you. See Spree issue #1789 for an example of what may be wrong in a view.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 The Best Antiviruses for Linux in 2020:
twitter.com/UNDERCODEnews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Bitdefender GravityZone Business Security – Best for Businesses
www.bitdefender.com

2) Comodo Antivirus for Linux – Best for Home Users
> https://www.comodo.com/home/internet-security/antivirus-for-linux.php

3) ESET NOD32 Antivirus for Linux – Best for New Linux Users (Home)
> www.eset.com

4) Kaspersky Endpoint Security for Linux – Best for Hybrid IT Environments (Business)
> https://me-en.kaspersky.com/small-business-security?redef=1&THRU&reseller=me-en_meta-ksos_acq_ona_sem_bra_onl_b2c__psrch_______&utm_source=google&utm_medium=branded&utm_campaign=ksos-15&ksid=fb29975b-4f58-4bce-8b22-1697c3e77cf9&ksprof_id=434&ksaffcode=305783&ksdevice=c&kschadid=214581515961&kschname=google&kpid=Google|822220295|45727109471|214581515961|kwd-299077543916|c&gclid=EAIaIQobChMIhonei-jG5wIVSdHeCh0nPwlREAAYAiAAEgLYPvD_BwE

5) recommended for ubunto servers- sofos antivirus
> https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Topic 2019-2020 termux scripts: configurable prompt builder for Bash and ZSH
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

a) Termux

>< apt update

> apt install gbt

b) Arch Linux

> yaourt -S gbt

> Or install gbt-git if you would like to run the latest greatest from the master branch.

🦑 CentOS/RHEL
Packages hosted by Packagecloud):

echo '[gbt]
name=GBT YUM repo
baseurl=https://packagecloud.io/gbt/release/el/7/$basearch
gpgkey=https://packagecloud.io/gbt/release/gpgkey
https://packagecloud.io/gbt/release/gpgkey/gbt-release-4C6E79EFF45439B6.pub.gpg
gpgcheck=1
repo_gpgcheck=1' | sudo tee /etc/yum.repos.d/gbt.repo >/dev/null
sudo yum install gbt
Use the exact repository definition from above for all RedHat-based distribution regardless its version.

🦑 Ubuntu/Debian/kali

> Packages hosted by Packagecloud):

1) curl -L https://packagecloud.io/gbt/release/gpgkey | sudo apt-key add -

2) echo 'deb https://packagecloud.io/gbt/release/ubuntu/ xenial main' |

3) sudo tee /etc/apt/sources.list.d/gbt.list >/dev/null

4) sudo apt-get update

5) sudo apt-get install gbt

6) Use the exact repository definition from above for all Debian-based distribution regardless its version.

🦑 Mac
Using Homebrew:

1) brew tap jtyr/repo

2) brew install gbt

3) Or install gbt-git if you would like to run the latest greatest from the master branch.

E N J O Y
@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux-Webpentest... tool
> txtool is made to help you for easly pentesting in termux,
t.me/UndercOdeTesting

1) git clone https://github.com/kuburan/txtool.git

2) cd txtool

3) apt install python2

4) ./install.py

5) Mtxtool

@UndercOdeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑2020 all Android Cve - VULNERABILITIES TO GAIN ACCESS ON ANY ANDROID :
twitter.com/UndercodeNews

> CVE References Type Severity Updated AOSP versions

1) CVE-2020-0014 A-128674520 EoP High 8.0, 8.1, 9, 10

2) CVE-2020-0015 A-139017101 EoP High 8.0, 8.1, 9, 10

3) CVE-2019-2200 A-67319274 EoP High 10

4) CVE-2020-0017 A-123232892 [2] ID High 8.0, 8.1, 9, 10

5) CVE-2020-0018 A-139945049 ID High 8.0, 8.1, 9, 10

6) CVE-2020-0020 A-143118731 ID High 10

7) CVE-2020-0021 A-141413692 [2] [3] DoS High 10

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Let s Start with First Android Vulnerabilitie :
instagram.com/UndercodeTesting

🦑 CVE-2020-0014 A-128674520 EoP High 8.0, 8.1, 9, 10 :

1) RESTRICT AUTOMERGE
Make toasts non-clickable

2) Since enforcement was only on client-side, in Toast class, an app could

3) use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.

🦑This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.

Test: atest CtsWindowManagerDeviceTestCases:ToastTest
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:

1) Observe click events are logged without this CL.

2) Observer click events are not logged with this CL.

Bug: 128674520

Change-Id: Ic36585bc4f186e0224f5b687c49c0b3d9266838c
(cherry picked from commit b81f269ae2afb446b9d4a909fc2bcf038af00c41)

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVE-2020-0015 A-139017101 EoP High 8.0, 8.1, 9, 10
Android bug details :
instagram.com/UndercodeTesting

1) KeyChain: Do not allow hiding Cert Install dialog

2) Do not allow apps to float a window on top of the certificate
installation / naming dialog.

3) This obscures the CA certificate installation dialog and could be used
to trick a user into installing a CA certificate.

4) This is fixed by adding the HIDE_NON_SYSTEM_OVERLAY_WINDOWS system
flag when the activity is created (onCreate), so that another activity
starting in the foreground would not be able to obscure the dialog.

Bug: 139017101
Test: Manual, with an app that floats a window.
Change-Id: Iff8e678743c3883cf1f7f64390097a768ca00856
(cherry picked from commit afdacb2ec4c5cdc2fb2a9943fa5b48100f4725c8)


@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NOW ANDROID SYSTEM BUGS SUCH BLUETOOTH-SOFTWARE BUGS ANDROID 7-8-9
twitter.com/UndercodeNews



🦑 CVE References Type Severity Updated AOSP versions


1) CVE-2020-0022 A-143894715 DoS Moderate 10

> GAP: Correct the continuous pkt length in l2cap

L2cap continuous pkt length wrongly calculated in
reassembly logic when remote sends more data
than expected.

Wrong pkt length leading to memory corruption

Hence the Correct the continuous pkt length in
l2cap reassembly logic.

Bug: 135239489
Bug: 143894715
CRs-Fixed: 2434229
Test: make and internal testing
Change-Id: I758d9e31465b99e436b9b1841320000f08186c97
Merged-In: I758d9e31465b99e436b9b1841320000f08186c97
(cherry picked from commit 337bd4579453bd6bf98ff519de3ac1019cd30d28)
(cherry picked from commit 602f4b44fe30ec8b225e1cee5f96817607d93e5a)


2) RCE Critical 8.0, 8.1, 9
CVE-2020-0023 A-145130871 ID Critical 10
>Enforce BLUETOOTH_PRIVILEGED in setPhonebookAccessPermission

Bug: 145130871
Test: POC
Merged-In: Ib4985e18de9f6695acc371da78deb240d42671f1
Change-Id: I3b8897166e223179fcbcf8c7a64e0c4d4ca974ef
(cherry picked from commit 8d1e8979f56acfe477bd3b84994a716a8391a8eb)


3) CVE-2020-0005 A-141552859 EOP High 8.0, 8.1, 9, 10

4) CVE-2020-0026 A-140419401 EoP High 8.0, 8.1, 9, 10

5) CVE-2020-0027 A-144040966 EoP High 8.0, 8.1, 9, 10

6) CVE-2020-0028 A-122652057 [2] ID High 9

🦑hope after all those and more bugs coming for android, may you figured out the meaning of: ''NOTHING SAFE''

🦑For any doubt feel free to ask us

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is X-Helper Virus ? and why is dangerous ?
twitter.com/UndercodeTesting
🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) xHelper is an Android malware that was detected by security vendor Malwarebytes in May 2019. This is a covert malware removal program. Even after the user restores the factory settings, the malware will be re-infected, causing continuous trouble to users around the world.

2) Malwarebytes' security researchers have been studying the threat, and in a recent blog post, the team stated that, although it has not been clear how the malware reinstalls itself, they have indeed found sufficient information about how it operates. Information to permanently delete it and prevent xHelper from reinstalling itself after a factory reset.

3) According to the Malwarebytes team, xHelper found a way to use a process in the Google Play Store app to trigger a reinstall. With a special directory created on the device, xHelper can hide its Android application package (APK) on disk. Unlike apps, their directories and files remain on Android mobile devices even after a factory reset. Therefore, the device will continue to be infected until the directories and files are deleted.

4) Malwarebytes explained in its analysis of the malware, "Google Play is not infected with malware. However, certain events in Google Play triggered a re-infection-it could be something is being stored. In addition, some things may Google Play acts as a smoke screen, disguising itself as a source of malware installation, when it actually comes from elsewhere. "

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Method to remove xHelper Virus :
fb.com/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

It is worth noting that the following removal steps rely on the user to install the Malwarebytes app for Android, but the app is free to use.

> The specific deletion steps are as follows:

1) Install a file manager from Google PLAY, which can search for files and directories.

2) Amelia uses ASTRO's File Manager.

3) Disable Google PLAY temporarily to stop reinfection.

4) Go to Settings> Apps> Google Play Store

5) Press the disable button to run a scan in Malwarebytes for Android to remove xHelper and other malware.

6) Manual uninstallation can be difficult, but the names to look for in the Application information are fireway, xhelper, and Settings (only if two settings applications are displayed). Open the file manager and search for anything that starts with com.mufc .
If found, note the last modified date.

> Pro tip: Sort by date in file manager
7) In ASTRO's file manager, you can delete everything starting with com.mufc sorted by date under view settings . And anything with the same date (except for core directories such as Download):

8) now Re-enable Google PLAY

9) Go to Settings> Apps> Google Play Store

10) Press the enable button

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Intranet penetration using SSH reverse tunnel FULL BY UndercOde :
twitter.com/Undercodenews

1) No matter it is infiltration or in the open air, intranet penetration is an important link. We and our assigned intranet IP cannot be accessed through the extranet. SSH reverse tunnel for intranet penetration.

2) Suppose machines A and B, A has a public IP, and B is behind NAT and has no available port forwarding. Now I want to initiate an SSH connection to B from A. Because B is behind the NAT, there is no such combination of public IP + port available , so A cannot penetrate NAT. This article deals with this situation. Also encountered by most people.

3) Let's first assume the following machines:

Machine code Machine position address Account ssh / sshd port Do you need to run sshd
A Public network a.site usera twenty two Yes
B Behind NAT localhost userb twenty two Yes
C Behind NAT localhost userc twenty two no
SSH direction tunnel connection

4) This method refers to the active establishment of an SSH tunnel from B to A, which forwards port 6766 of A to port B. As long as the tunnel is not closed, this forwarding is effective. You only need to access A's 6766 port to connect to B in reverse.

🦑 First establish an SSH tunnel on B, and forward port 6676 of A to port 22 of B:

1) B $ ssh -p 22 -qngfNTR 6766: localhost: 22 usera@a.site
Then use 6766 reverse SSH to B on A

2) A $ ssh -p 6766 userb @ localhost
The thing to do is actually that simple.

3) Maintenance of the tunnel

Stability maintenance
> Unfortunately, the SSH connection will be closed overtime. If the connection is closed and the tunnel cannot be maintained, then A cannot use the reverse tunnel to penetrate B's NAT. Therefore, we need a solution to provide a stable SSH To the tunnel.

4) One of the easiest methods is autossh. This software will automatically establish an SSH tunnel after a timeout. This solves the problem of tunnel stability. If you use Arch Linux, you can get it like this:

> $ sudo pacman -S autossh


5) Let's do something similar on B before, except that the tunnel will be maintained by autossh:

> $ autossh -p 22 -M 6777 -NR 6766: localhost: 22 usera@a.site
The port specified by the -M parameter is used to monitor the status of the tunnel and has nothing to do with port forwarding.

6) Then you can access B on port 6766 on A:

> $ ssh -p 6766 user @ localhost

7) Automatic tunnel establishment
However, there is another problem. If B restarts the tunnel, it will disappear. Then there needs to be a means autossh to establish an SSH tunnel each time B starts . One idea is to make the service very natural, then it will be given in systemd a solution under the program.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁