▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is PostgreSQL ? (@ wikipedia)


> PostgreSQL is a general purpose and object-relational database management system, the most advanced open source database system. PostgreSQL was developed based on POSTGRES 4.2 at Berkeley Computer Science Department, University of California.

>PostgreSQL was designed to run on UNIX-like platforms. However, PostgreSQL was then also designed to be portable so that it could run on various platforms such as Mac OS X, Solaris, and Windows.

>PostgreSQL is free and open source software. Its source code is available under PostgreSQL license, a liberal open source license. You are free to use, modify and distribute PostgreSQL in any form.

>PostgreSQL requires very minimum maintained efforts because of its stability. Therefore, if you develop applications based on PostgreSQL, the total cost of ownership is low in comparison with other database management systems.

🦑Features:

> User-defined types

> Table inheritance

> Sophisticated locking mechanism

> Foreign key referential integrity

> Views, rules, subquery

🦑Official Download Link:

>https://www.postgresql.org/

> Nested transactions (savepoints)

> Multi-version concurrency control (MVCC)

> Asynchronous replication


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best IKE Scanner Original Tool


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

Termux-root/Kali/Debian/Parrot

1) git clone https://github.com/royhills/ike-scan

2) cd ike-scan

3) autoreconf --install to generate a viable ./configure file

4) Run ./configure or ./configure --with-openssl to use the OpenSSL libraries

5) Run make to build the project

6) Run make check to verify that everything works as expected

7) Run make install

8) ike-scan -h

🦑Features:

1) Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan.

2) Fingerprinting Determine which IKE implementation the hosts are using, and in some cases determine the version of software that they are running. This is done in two ways: firstly by UDP backoff fingerprinting which involves recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns; and secondly by Vendor ID fingerprinting which compares Vendor ID payloads from the VPN servers against known vendor id patterns.

3) Transform Enumeration Find which transform attributes are supported by the VPN server for IKE Phase-1 (e.g. encryption algorithm, hash algorithm etc.).

4) User Enumeration For some VPN systems, discover valid VPN usernames.

5) Pre-Shared Key Cracking Perform offline dictionary or brute-force password cracking for IKE Aggressive Mode with Pre-Shared Key authentication. This uses ike-scan to obtain the hash and other parameters, and psk-crack (which is part of the ike-scan package) to perform the cracking

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BugBounty in Linkedln How I was able to bypass Open Redirection Protection


1) Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain

2)Example a site contain vulparan parameter indicates where to send user upon successful login.

> If website doesn’t validate the “vulparam” parameter value to make sure that target web page is legitimate and intended, attacker could manipulate that parameter to send a victim to a fake page crafted by attacker

3) Now simply changing the “url” value to any malicious site won’t work

> As you can see there is an extra parameter “urlHash” which looks like some hash value for the URL to which the user getting redirected so if “urlHash” value is the actual valid hash value for the “url” then only successful redirection will take place.

> One thing was clear till now basic techniques were not going to do anything good and then I went back to the raw request to find some help —

🦑 “How about changing the referer header value and see whether the validation working there?”

4) So I quickly jumped into it and changed the header value to some other domains and [face palm] still no luck. :/ .

Let’s give one more try , searched for LinkedIn android app referer and found the following link-

> https://github.com/snowplow/referer-parser/issues/131 and there came across LinkedIn android referer value as “ android-app://com.linkedin.android” . I used the referer value in the “referer” header field and the rest As show in pictures will sendNext

5) Successful redirection and yeah finally I managed to bypass the Open redirection protection of LinkedIn
e n j o y


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂
🦑All in one 2020 recon, scanning,
parsing, and creating malicious payloads and listeners with Metasploit. For use with Kali Linux
and the Penetration Testers Framework (PTF).


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:
1) git clone https://github.com/leebaird/discover /opt/discover/
> All scripts must be ran from this location.

2) cd /opt/discover/

3) chmod 777 update.sh

4) ./update.sh


🦑RECON
1. Domain
2. Person
3. Parse salesforce

🦑SCANNING
4. Generate target list
5. CIDR
6. List
7. IP, range, or domain
8. Rerun Nmap scripts and MSF aux

🦑WEB
9. Insecure direct object reference
10. Open multiple tabs in Firefox
11. Nikto
12. SSL

🦑MISC
13. Parse XML
14. Generate a malicious payload
15. Start a Metasploit listener


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑How to create a fake AP and sniff data.



🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:
1) git clone https://github.com/xdavidhu/mitmAP

2) cd mitmAP

3) python mitmAP.py

🦑How it Works:

1) SSLstrip2 for HSTS bypass

2) Image capture with Driftnet

3) TShark for command line .pcap capture

🦑Features:

> SSLstrip2

> Driftnet

> Tshark

> Full featured access point, with configurable speed limit

> mitmproxy

> Wireshark

> DNS Spoofing

> Saving results to file

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑2019 tool that discovers valid subdomains for websites.

> Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:
1) git clone https://github.com/projectdiscovery/subfinder/releases/

2) Download .tar

3) tar -xzvf subfinder-linux-amd64.tar

4) mv subfinder-linux-amd64 /usr/bin/subfinder

5)subfinder

🦑If you want to build it yourself, you can go get the repo

> go get -v github.com/projectdiscovery/subfinder/cmd/subfinder

> If you wish to upgrade the package you can use:

> go get -u -v github.com/projectdiscovery/subfinder/cmd/subfinder


🦑Running:

1) If you are using docker, you need to first create your directory structure holding subfinder configuration file. After modifying the default config.yaml file, you can run:

2) mkdir $HOME/.config/subfinder

3) cp config.yaml $HOME/.config/subfinder/config.yaml

4) nano $HOME/.config/subfinder/config.yaml

5) docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it ice3man/subfinder -d freelancer.com

🦑How To Use:

1) Running Subfinder

To run the tool on a target, just use the following command.

2) subfinder -d freelancer.com

This will run the tool against freelancer.com. There are a number of configuration options that you can pass along with this command. The verbose switch (-v) can be used to display verbose information.

[CERTSPOTTER] www.fi.freelancer.com
[DNSDUMPSTER] hosting.freelancer.com
[DNSDUMPSTER] support.freelancer.com
[DNSDUMPSTER] accounts.freelancer.com
[DNSDUMPSTER] phabricator.freelancer.com
[DNSDUMPSTER] cdn1.freelancer.com
[DNSDUMPSTER] t1.freelancer.com
[DNSDUMPSTER] wdc.t1.freelancer.com
[DNSDUMPSTER] dal.t1.freelancer.com

The -o command can be used to specify an output file.

> subfinder -d freelancer.com -o output.txt


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑fsstat displays the details associated with a file system. The output of this command is file system specific. At a minimum, the range of meta-data values (inode numbers) and content units (blocks or clusters) are given. Also given are details from the Super Block, such as mount times and and features. For file systems that use groups (FFS and EXT2FS), the layout of each group is listed.

>For a FAT file system, the FAT table is displayed in a condensed format. Note that the data is in sectors and not in clusters.


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Its kali pre-installed tool

2) To Run

> fsstat [-f fstype ] [-i imgtype] [-o imgoffset] [-b dev_sector_size] [-tvV] image [images]


🦑Commands :
-t type
Print the file system type only.
-f fstype
Specify the file system type. Use ’-f list’ to list the supported file system types. If not given, autodetection methods are used.
-i imgtype
Identify the type of image file, such as raw. Use ’-i list’ to list the supported types. If not given, autodetection methods are used.
-o imgoffset
The sector offset where the file system starts in the image.
-b dev_sector_size
The size, in bytes, of the underlying device sectors. If not given, the value in the image format is used (if it exists) or 512-bytes is assumed.
-v
Verbose output of debugging statements to stderr
-V
Display version


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Simple Termux(root) /Kali/parrot tools To scan port , Brute force protocol Service ,scan website , exploit system , exploit sql injection website and also have other characteristics


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/joker25000/DZGEN

2) The installation the tool

3) cd DZGEN

4) chmod +x DZGEN

5) ./DZGEN

6) Run DZGEN tool in terminal

> DZGEN

🦑Tested By UnderCode

> kali

> debian


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Understand before attack how it works

> How do hackers or remote attackers obtain the WPA or WPA2 Handshake from a wireless access point easily?


1) Communication Negotiation

When the connection is first established between two modems, the negotiation of communication restrictions and boundaries occurs for a brief period of time. Afterwards, the infamous "squealing" noise that people hear from old, dial-up modems sporting speaker outputs (it's a sound that modifies its pitch a hundred times every second) once the connection has been successfully made is the aural manifestation of two modems engaging in the handshake process. Thereafter, once everything has been agreed upon in regards to parameters, they're (the parameters) are used to offer streamlined information transmission over the channel as a function of its capacity and quality.

🦑Free High Quality WiFi

Although handshakes are more often than not what hackers need to capture in order to gain unauthorized access to systems and networks—or at the very least, get free, high-quality WiFi superior to those found in coffee shops and libraries—it's a necessary and unavoidable step to ensuring smooth connections from two otherwise different and normally mismatched systems. In turn, a Wired Protected Access or WPA handshake to keep intruders or unauthorized users from accessing the network (e.g., a four-way Temporal Key Integrity Protocol or TKIP handshake, with TKIP referring to one of many encryption algorithms that WPA supports).

🦑WPA Handshake Exploit

As for using WPA handshakes as exploits for security breaches, there are a variety of methods suited for this hacking task. Any hacker who wants to capture a four-way TKIP handshake without any help will probably have to observe Internet traffic for hours-on-end, patiently stalking for a client to link to a network. As easier way to capture handshakes for hacking purposes involves the use of a hacking tool called Aircrack-ng and forced deauthentication of a connected client PC in order to make him reconnect back up to the server exactly when you want him to connect.

🦑Authentication Capture

Ironically enough, it's during the procedure wherein the encrypted WPA key is re-exchanged that a connection is most vulnerable for hacker attack—the very process needed to protect a network can open it up to attack, like barging into a house while someone is in the middle of bolting the locks on his doors. Once the full authentication handshake has been captured from the client and an access point, the hacker can easily decrypt the information behind the handshake, thus allowing him the key to access the previously impenetrable network.



▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Massive wave of account hijacks hits YouTube creators



> Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already. The list includes channels such as Built [Instagram post, YouTube channel], Troy Sowers [Instagram post, YouTube channel], MaxtChekVids [YouTube channel], PURE Function [Instagram post, YouTube Support post, YouTube channel], and Musafir [Instagram post, YouTube channel].

🦑How They Attack?

1) Coordinated campaign bypassed 2FA

> The account hacks are the result of a coordinated campaign that consisted of messages luring users to phishing sites, where hackers logged account credentials.

> According to a channel owner who managed to recover their account before this article's publication and received additional information from YouTube's staff, we got some insight into how the full attack chain might have gone down.

2) Hackers use phishing emails to lure victims on fake Google login pages, where they collect users' account credentials

3) Hackers break into Google accounts

4) Hackers re-assign popular channels to new owners

5) Hackers change the channel's vanity URL, giving the original account owner and his followers the impression that their account had been deleted.

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(og)
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Topic termux/kali onex is a hacking tool installer and package manager for hackers. Onex is a library of all hacking tools for Turmex and other Linux distributions. onex can install any third party tool or any hacking tool for you.
instagram.com/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) apt update

2) apt install git

3) git clone https://github.com/Rajkumrdusad/onex.git

4) chmod +x onex/install

5) sh onex/install if not work than use ./onex/install

6) onex -h or onex help for help.

🦑Options :

> onex install [tool_name] install any tool.

> onex -i [tool_name] install any tool.

> onex search [tool_name] search any tool.

> onex -s [tool_name] search any tool.

> onex list list all tools.

> onex list -a list all tools.

> onex -l list all tools.

> onex -l -a list all tools.

> onex help get help.

> onex -h get help.

type

> onex star: to start onex menu mode.

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(og)
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑
Zero-Day Code Injection and Persistence Technique Full by UndercOde:
t.me/UnderCodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

DoubleAgent is a new Zero-Day technique for injecting code and maintaining persistence on a machine (i.e. auto-run).

DoubleAgent can exploit:

> Every Windows version (Windows XP to Windows 10)

> Every Windows architecture (x86 and x64)

> Every Windows user (SYSTEM/Admin/etc.)

> Every target process, including privileged processes (OS/Antivirus/etc.)

> patched windows 8 and higher

1) git clone https://github.com/Cybellum/DoubleAgent

2) cd DoubleAgent

3) Build the main solution twice, once in x86 and once in x64. This step is crucial as it creates both x86 and x64 versions of DoubleAgentDll.dll which is required in order to perform a successful installation.

4) Copy the entire bin folder to the target machine.
Execute the installer:

Usage: DoubleAgent.exe install\uninstall\repair process_name

e.g. DoubleAgent.exe install cmd.exe

🦑ATTACK VECTOR :

1) Attacking Antivirus & Next Generation Antivirus – Taking full control of any antivirus by injecting code into it while bypassing all of its self-protection mechanism. The attack has been verified and works on all the major antiviruses including but not limited to: Avast, AVG, Avira, Bitdefender, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Norton, Panda, Quick Heal and Trend Micro. For more details, checkout our Taking Full Control Over Your Antivirus article.

2) Installing Persistent Malware – Installing malware that can “survive” reboots and are automatically executed once the operating system boots.

3) Hijacking Permissions – Hijacking the permissions of an existing trusted process to perform malicious operations in disguise of the trusted process. e.g. Exfiltrating data, C&C communication, lateral movement, stealing and encrypting sensitive data.

4) Altering Process Behavior – Modifying the behavior of the process. e.g. Installing backdoors, weakening encryption algorithms, etc.

5) Attacking Other Users/Sessions – Injecting code to processes of other users/sessions (SYSTEM/Admin/etc.).

WELL DONE !~


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HOW ADD NEW BRIDGE TO TOR BROWSER TESTED



1) Once the bridge is running, find its bridge line. For obfs4, the bridge line is in the file <datadir>/pt_state/obfs4_bridgeline.txt.

2) You need to insert the external IP/port, and the fingerprint from the file <datadir>/fingerprint.

3) File a new ticket that contains the bridge line.
Component: Applications/Tor Browser
Keywords: tbb-bridges

4) Make a pull request at https://github.com/OpenObservatory/ooni-resources that adds the new bridge's IP/port to the file bridge_reachability/tor-bridges-ip-port.csv. (This will cause OONI to start testing the reachability of the new bridge.)

Thats all!

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm)
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Install ADB & FastBoot Tools in Termux!
2019
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

A) Silent installation:

1) Copy and paste the following command in Termux to silently install Tools:

> apt update > /dev/null 2>&1 && apt --assume-yes install wget > /dev/null

2) wget https://github.com/MasterDevX/Termux-ADB/raw/master/

3) InstallTools.sh -q && bash InstallTools.sh

B) Common installation:

1) Copy and paste the following command in Termux to install Tools with logs output:

> apt update && apt install wget && wget https://github.com/MasterDevX/Termux-ADB/raw/master/InstallTools.sh && bash InstallTools.sh

🦑Tested

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm)
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Compress / Decompress Brawl Stars SC files on Windows / Linux / Android!
instagram.com/UnderCodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

> On Windows:

1) Download Python 3.5 or newer version from official page.
>https://www.python.org/downloads/

2) Install Python. While Installing, enable such parameters as "Add Python to PATH", "Install pip", "Install py launcher", "Associate files with Python" and "Add Python to environment variables".

3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases

4) Execute "Init.py" file to install required modules and create workspace directories.

🦑On Linux:

1) Open Terminal and install Python by executing following command:

2) sudo apt-get update && sudo apt-get install python3 python3-pip

3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases

4) Execute "Init.py" file to install required modules and create workspace directories.

🦑 On Android:

1) Download and install PyDroid app from Google Play.
> https://play.google.com/store/apps/details?id=ru.iiec.pydroid3

2) Open PyDroid and wait until Python installs.

3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases


4) In PyDroid open and execute "Init.py" file to install required modules and create workspace directories.


🦑 How to use

> To compile SC:

1) Put folders with texture name and .png files inside them in the "In-Decompressed-SC" directory and execute "SC-Encode.py" script. After the process will be finished, your .sc files will appear in "Out-Compressed-SC" folder.

2) To decompile SC:

> Put .sc files in the "In-Compressed-SC" directory and execute "SC-Decode.py" script. After the process will be finished, your .png files will appear in "Out-Decompressed-SC" folder.

🦑Tested By undercOde

> win server essentiel

> android 8.0

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑IP Spoofing FULL :

The term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system.
T.me/UnderCodeTesting
🦑Why it works ?
IP-Spoofing works because trusted services only rely on network address based authentication. Since IP is easily duped, address forgery is not difficult.
The main reason is security weakness in the TCP protocol known as sequence number prediction.

🦑How it works ?
To completely understand how ip spoofing can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.

🦑Internet Protocol (IP) :
It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.

> Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field.

🦑Transmission Control Protocol (TCP) :
It is the connection-oriented, reliable transport protocol in the TCP/IP suite. Connection-oriented simply means that the two hosts participating in a discussion must first establish a connection via the 3-way handshake (SYN-SYN/ACK-ACK). Reliability is provided by data sequencing and acknowledgement. TCP assigns sequence numbers to every segment and acknowledges any and all data segments recieved from the other end.


> As you can see above, the first 12 bytes of the TCP packet, which contain port and sequencing information.

> TCP sequence numbers can simply be thought of as 32-bit counters. They range from 0 to 4,294,967,295. Every byte of data exchanged across a TCP connection (along with certain flags) is sequenced. The sequence number field in the TCP header will contain the sequence number of the *first* byte of data in the TCP segment. The acknowledgement number field in the TCP header holds the value of next *expected* sequence number, and also acknowledges *all* data up through this ACK number minus one.

> TCP packets can be manipulated using several packet crafting softwares available on the internet.

🦑The Attack
IP-spoofing consists of several steps. First, the target host is choosen. Next, a pattern of trust is discovered, along with a trusted host. The trusted host is then disabled, and the target's TCP sequence numbers are sampled. The trusted host is impersonated, the sequence numbers guessed, and a connection attempt is made to a service that only requires address-based authentication. If successful, the attacker executes a simple command to leave a backdoor.

> Spoofing can be implemented by different ways as given below -

🦑Non-Blind Spoofing :- This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately.

🦑Blind Spoofing :- Here the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers.

🦑Usage :


IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – Denial of Service attacks, or DoS.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ITWSV- Integrated Tool for Web Security Vulnerability.
ITWSV is automated penetration testing tool which performs information gathering, auditing and reporting.
Instagram.com/UndercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/penetrate2hack/ITWSV.git

2) cd ITWSV

3) chmod +x start.sh

4) chmod +x update.sh (only if required)

5) ./start.sh

🦑FEATURES :
• WHOIS
• DNSWALK
• FIERCE
• DNSRecon
• DNSenum
• NMAP
• DMitry
• theHarvester
• LBD
• SSLScan
• SSLYze
• WhatWeb
• Automater
• Grabber
• Parsero
• Uniscan
• Metagoofil
• A2SV
• WPScan
• Droopescan
• WPSeku
• XssPy
• Spaghetti
• sublist3r
• WAFW00F
• nslookup
• nslookup
• dirsearch
• OWASP Joomscan
• Spaghetti
• Globuster
• Grabber

🦑TESTED ON :

> PARROT

> DEBIAN

> KALI


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Malicious Scanner Script 2019 websites bug
twitter.com/UndercodeNews


> At first glance, you notice a curl request to a hacked Russian website, along with a list of 14 typical filenames of the adminer script:

1) _adminer.php

2) ad.php

3) adminer-4.2.5-en.php

4) adminer-4.2.5-mysql.php

5) adminer-4.2.5.php

6) adminer-4.3.0-en.php

7) adminer-4.3.0-mysql-en.php

8) adminer-4.3.0-mysql.php

9) adminer-4.3.0.php

10) adminer-4.3.1-en.php

11) adminer-4.3.1-mysql-en.php

12) adminer-4.3.1-mysql.php

13) adminer-4.3.1.php

14) Adminer.php

🦑SO WHAT THIS SCRIPT CAN DO ?

Batches of Domain Names:

> When we made a curl request to that Russian site, it returned a list of 10,000 domain names.

Except for the alphabetical order of the list, there was no apparent pattern in the way the list was compiled. The sites used all kinds of CMSs that were hosted on different servers.

> When we made another request to that URL, it returned a new list of 10,000 domain names. Again, the list was alphabetically sorted – this time, the new list began where the first one left off.

The same happened on each subsequent request.


🦑Estimating Scan Coverage

> This way, request by request, this single script can receive a significant number of domain names. Let’s estimate this number.

> A typical batch of 10 thousand domains consists of domains that begin with the same letter. The difference between #1 and #10,000 might only appear in the 4th letter

>Overall, the script returned over 300,000 domains that began with letter
“b”.

🦑WILL SEND IT LATER ON UNDERCODE TESTING ENGLISH GROUPES
AFTER few nessasary tests

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Does the Scanner Works in websites ?
t.me/UNdercOdeTesting


> Now let’s see how these large lists of domains are being processed. First of all, we know that the scanner script requests them in chunks of 10,000 domains. That’s quite a big number when you need to make requests to external websites.

> As you might recall, for each domain the script needs to probe 14 adminer filenames. This means there are 140,000 requests per batch (or around 100 million requests per campaign.). Of course, you can’t expect a script to complete such a large task in one go.

🦑 To work around this, the scanner uses the following approach:

1) It saves the list of 140,000 URLs in the “s” file and the current position in that list in the “c” file.

2) The script reads URL from position “c” and then makes requests for up to 3,000 seconds (50 minutes). To do it, they have the following setting:

> and this condition:

if((time()-$t)>3000){ exit(); }

3) To speed things up, the script makes 20 asynchronous requests at once using the “curl_multi_…” function, instead of regular curl.

4) Once a batch of 20 requests is complete, the script makes another 20 requests and repeats this routine until the execution time runs out.

5) Every 100 requests, a new position in the list is saved in the “c” file so that next time when the attackers activate the script it will start where it left off.

written by M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm)
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Proxy Service-Access Control by URL in Squid\

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> The method of access control in Squid through the URL of the visited site:

> In Squid, you can It is convenient to perform access control through the URL of the visited site. An example is as follows:

> Suppose you want to prevent users from accessing all sites with sex in the URL. You can do this:

1) Define a new acl via dstdom_regex. In this example we assume that this new acl is called badrul:
acl badurl dstdom_regex sex

2) Add the corresponding access control items. It should be noted that because Squid checks the legality of access one by one, you must add
http_access deny items (that is, prohibited items) before http_acces allow
to ensure that Squid can Check the project. For example:
http_access deny badurl
http_access allow all
http_access deny ...
and so on.

3) In this way, when the URL of the user accessing the site contains the word xxx, Squid will prohibit their access and give an error message of forbidden access.


Written by Under Code
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Configuration -del Domain Name Service-Setting up DNS server on Linux UnderCode Tutorial :
instagram.com/UnderCodeTesting
🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) As we all know, the DNS system used on the Internet was bind4, and
bind8 is the latter version of bind4. And bind4 compared, bind8 better, managers

2) can more fully control its behavior, but the difference between the two is still very large, changing
not only the format, you can have a lot of new concepts. The statements available in bind8 are logging,
options, zone, acl, key, trusted-keys, server, controls, include.

3) The instructions in it can be in the format of c, c ++, or shell / perl. I would like to introduce major
primary, secondary domain name server method of basic configuration to work with bind8 (they are on the internet

🦑 two kinds of domain name servers used mainly), if interested can refer to a deeper understanding of man and

> RFC 882, RFC 883 , RFC 973, RFC 974, RFC 1033, RFC 1034, RFC1035,

> RFC 1123, RFC 2308 "Name Server Operations Guide for BIND".


🦑 Necessary conditions for the master DNS server to work properly:

1) Install the bind8 software, which is available in many unix distributions You can find it in version,

2) Several required configuration files:
named.conf
named.ca
named.local
mater file (that is, the zone file

in bind4) Among these configuration files, the most important is named.conf. Under / etc,
it is the default startup file when named is started. A typical The named.conf file includes at least
options, and zones. For example:

options {
directory "/ var / named";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};

"." Zone in {
type hint;
File "the named.ca";
};

Zone "99.cn.net" in {
type Master;
File "db.99.cn.net";
};

3) in it, options to define the path of the master file is stored, corresponds to a certain
field, here will find the named data files, require a wwwexmaple site..net if the request,
the named will arrive at / var / named find db.99 .cn. net this file, find the ip of www.examplesite ...net.

4) zone define a domain, such as 99.cn.net this field, type type custom domain name server, master
stated that this is a primary domain name server, the first zone is defined as a local server to send back its own domain
master server, will address 127.0 .0.1 mapping to localhost, in almost all types of domain name servers where
you can see all this domain. The second zone is used to define a cache initialization file, in named.net

> contain at least the name and address (these root servers will change) root servers in general named.ca do not need to
modify, named.local in just Modify the domain and contacts in the SOA record. (Some books say
that the NS record in named.local is a display, but I suggest it is better to have this sentence) file defines
the master file of the domain 99.cn.net . The following is the content of this master file:


@ IN SOA ns .your.domain. Root.your.domain. (
1999110901; Serial Number
10800; Refresh after 3 hours
3600; Retry after 1 hour
3600000; Expire after 6 weeks
86400); Minimum TTL of 1 day

@ IN NS ns.your.domain .
localhost IN A 127.0.0.1
www IN A 202.98.xxy.xy

🦑 Here @ defines the current domain, that is, your.domain, IN defines that this is an Internet-

1) type record, SOA (start of authority) marks the beginning of an authorized domain, and ns.your.domain.
Is the server that created the domain, you can use the primary domain name server, root.your.domain. custom contact,
after the root. is in the email @, brackets and a few numbers define several parameters related to this field, the unit

2) is seconds, the first four parameters secondary domain name server for updated master file, which; the latter is explained, Serial
Number the secondary domain name server for the primary domain name server to determine whether to update the master file, so if
you have a secondary domain name server, you should modify the master file after each modify this sequence number, so that the secondary domain name