For Any Suggessions or any Missed Tutorials,... leave a message @UndercodePosts
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆResearchers detect StrandHogg 2.0 vulnerability in low version systems such as Android 9.0 โ ๏ธ
1) Promon researchers have just exposed a StrandHogg 2.0 privilege escalation vulnerability that affects low-level systems such as Android 9.0. If it is used by a hacker, all users' applications will be tainted by it. Promon notified Google of the CVE-2020-0096 security vulnerability, and the search giant has been downgraded to "critical". Fortunately, the vulnerability has not been widely exploited in the wild. But after today โs disclosure, tens of millions of Android device users will become more vulnerable.
2) The Promon announcement pointed out that the vulnerability allowed malicious applications to obtain an assumed legal identity while completely hiding themselves.
3) Once a malicious application is installed on the device, users can be infected with personal data such as text messages, photos, login credentials, tracking GPS movements, call logs, and listening to users through cameras and microphones.
๐ฆPromon said that Google had received the vulnerability disclosure notice on December 4, 2019, which means that the search giant has five months to fix the vulnerability before it is exposed to the public
4) It should be noted that StrandHogg 2.0 is more complex than the first-generation vulnerabilities, making it difficult to be detected by anti-virus and security scanners.
5) End users need to be careful not to install Android apps from untrusted sources that are never known, so as not to be affected by such malicious attacks.
@UndercodeTesting
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆResearchers detect StrandHogg 2.0 vulnerability in low version systems such as Android 9.0 โ ๏ธ
1) Promon researchers have just exposed a StrandHogg 2.0 privilege escalation vulnerability that affects low-level systems such as Android 9.0. If it is used by a hacker, all users' applications will be tainted by it. Promon notified Google of the CVE-2020-0096 security vulnerability, and the search giant has been downgraded to "critical". Fortunately, the vulnerability has not been widely exploited in the wild. But after today โs disclosure, tens of millions of Android device users will become more vulnerable.
2) The Promon announcement pointed out that the vulnerability allowed malicious applications to obtain an assumed legal identity while completely hiding themselves.
3) Once a malicious application is installed on the device, users can be infected with personal data such as text messages, photos, login credentials, tracking GPS movements, call logs, and listening to users through cameras and microphones.
๐ฆPromon said that Google had received the vulnerability disclosure notice on December 4, 2019, which means that the search giant has five months to fix the vulnerability before it is exposed to the public
4) It should be noted that StrandHogg 2.0 is more complex than the first-generation vulnerabilities, making it difficult to be detected by anti-virus and security scanners.
5) End users need to be careful not to install Android apps from untrusted sources that are never known, so as not to be affected by such malicious attacks.
@UndercodeTesting
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ WIth this android 9.0 bug-andd many others cve
> we already tracked many -|anonymous hackers ๐
> we already tracked many -|anonymous hackers ๐
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆDomain information mining architecture based on graph embedding
1) Based on massive security big data, undercode has in-depth research in knowledge graph, graph calculation and other aspects. In the application of graph neural network, the embedding and determination of domain name nodes based on multiple types of graph structures are realized.
2) The following figure is the main structure currently embedded in the domain name intelligence map. First of all, according to the relationship between the domain name and other entities, construct a homogenous relationship diagram of the domain name, then train the graph embedding representation of the domain name based on the graph embedding technology, and finally, according to the specific needs, combine other dimensions of data to achieve the corresponding tasks.
3) The embedding implementation of the homogeneous domain name map based on the sample download relationship is described in detail below :
๐ฆDomain information mining architecture based on graph embedding
1) Based on massive security big data, undercode has in-depth research in knowledge graph, graph calculation and other aspects. In the application of graph neural network, the embedding and determination of domain name nodes based on multiple types of graph structures are realized.
2) The following figure is the main structure currently embedded in the domain name intelligence map. First of all, according to the relationship between the domain name and other entities, construct a homogenous relationship diagram of the domain name, then train the graph embedding representation of the domain name based on the graph embedding technology, and finally, according to the specific needs, combine other dimensions of data to achieve the corresponding tasks.
3) The embedding implementation of the homogeneous domain name map based on the sample download relationship is described in detail below :
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆSquid's configuration file is very large, but users can modify the corresponding options according to their actual situation, do not need to configure all options. Here are a few commonly used options.
1. http-port
defines the port where Squid listens for HTTP client connection requests. The default is 3128, or 80 if HTTPD acceleration mode is used. You can specify multiple ports, but all specified ports must be on one command line.
2. cachemem
specifies the ideal memory value that Squid can use. It is recommended to be set to 1/3 of the memory.
3. cachedir Directory-Name Mbytes Level1 Level2
specifies the size and directory structure of the swap space that Squid uses to store objects. You can use the following formula to estimate the number of subdirectories required by the system.
Known quantity:
DS = total available swap space (in KB) / number of swap spaces
OS = average size of each object = 20k
NO = average number of objects stored in each secondary subdirectory = 256
unknown amount:
4.
Objects with maximumobjectsize greater than this value will not be stored. If you want to increase access speed, reduce this value; if you want to maximize bandwidth savings and reduce costs, increase this value.
5. dnsnameservers
defines the name servers used by Squid for domain name resolution.
6. ACL
defines the access control list. The definition syntax is:
acl aclname acltype string ...
acl aclname acltype "file" ...
7๏ผhttpaccess
allows or prohibits certain types of users to access based on an access control list.
@UndercodeTesting
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆSquid's configuration file is very large, but users can modify the corresponding options according to their actual situation, do not need to configure all options. Here are a few commonly used options.
1. http-port
defines the port where Squid listens for HTTP client connection requests. The default is 3128, or 80 if HTTPD acceleration mode is used. You can specify multiple ports, but all specified ports must be on one command line.
2. cachemem
specifies the ideal memory value that Squid can use. It is recommended to be set to 1/3 of the memory.
3. cachedir Directory-Name Mbytes Level1 Level2
specifies the size and directory structure of the swap space that Squid uses to store objects. You can use the following formula to estimate the number of subdirectories required by the system.
Known quantity:
DS = total available swap space (in KB) / number of swap spaces
OS = average size of each object = 20k
NO = average number of objects stored in each secondary subdirectory = 256
unknown amount:
4.
Objects with maximumobjectsize greater than this value will not be stored. If you want to increase access speed, reduce this value; if you want to maximize bandwidth savings and reduce costs, increase this value.
5. dnsnameservers
defines the name servers used by Squid for domain name resolution.
6. ACL
defines the access control list. The definition syntax is:
acl aclname acltype string ...
acl aclname acltype "file" ...
7๏ผhttpaccess
allows or prohibits certain types of users to access based on an access control list.
@UndercodeTesting
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆAnonymous browsers 2020 list :
https://www.torproject.org/
https://u.is/en/download.html
www.waterfox.net
https://www.srware.net/iron/
https://www.comodo.com/home/browsers-toolbars/
https://brave.com/
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆAnonymous browsers 2020 list :
https://www.torproject.org/
https://u.is/en/download.html
www.waterfox.net
https://www.srware.net/iron/
https://www.comodo.com/home/browsers-toolbars/
https://brave.com/
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆD-TECT - Pentesting the Modern Web
> linux
๐ฆFeatures:
Sub-domain Scanning
Port Scanning
Wordpress Scanning
Wordpress Username Enumeration
Wordpress Backup Grabbing
Sensitive File Detection
Same-Site Scripting Scanning
Click Jacking Detection
Powerful XSS vulnerability scanning
SQL Injection vulnerability scanning
User-Friendly UI
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ :
git clone https://github.com/bibortone/D-Tech.git
cd D-Tech
python d-tect.py
โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆD-TECT - Pentesting the Modern Web
> linux
๐ฆFeatures:
Sub-domain Scanning
Port Scanning
Wordpress Scanning
Wordpress Username Enumeration
Wordpress Backup Grabbing
Sensitive File Detection
Same-Site Scripting Scanning
Click Jacking Detection
Powerful XSS vulnerability scanning
SQL Injection vulnerability scanning
User-Friendly UI
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ :
git clone https://github.com/bibortone/D-Tech.git
cd D-Tech
python d-tect.py
โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆNatural Light Portrait Retouching in Photoshop - Start to Finish โ-1.11 GB
https://www.skillshare.com/classes/Natural-Light-Portrait-Retouching-in-Photoshop-Start-to-Finish/481503066
>Download<
https://www.skillshare.com/classes/Natural-Light-Portrait-Retouching-in-Photoshop-Start-to-Finish/481503066
>Download<
Skillshare
Natural Light Portrait Retouching in Photoshop - Start to Finish | Marcin Mikus | Skillshare
Wellcome to the retouching class - in which the main subject is natural light outdoor portrait retouching. In fact this class is going to give you much more, a...
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆEasy way to brute-force web directory
> rooted termux/linux
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ :
1) git clone https://github.com/abaykan/CrawlBox.git
> pip install -r requirements.txt
2) python crawlbox.py -h -v -w WORDLIST url
positional arguments:
url specific target url, like domain.com
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-w WORDLIST specific path to wordlist file
-d DELAY add delay between requests
โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆEasy way to brute-force web directory
> rooted termux/linux
๐ฆ๐โ๐๐๐ธ๐๐๐๐๐ธ๐๐๐โ & โ๐โ :
1) git clone https://github.com/abaykan/CrawlBox.git
> pip install -r requirements.txt
2) python crawlbox.py -h -v -w WORDLIST url
positional arguments:
url specific target url, like domain.com
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-w WORDLIST specific path to wordlist file
-d DELAY add delay between requests
โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆLearning DaVinci Resolve 16 โ-2.65 GB
https://www.lynda.com/DaVinci-Resolve-tutorials/Learning-DaVinci-Resolve-16/2820131-2.html
>Download<
https://www.lynda.com/DaVinci-Resolve-tutorials/Learning-DaVinci-Resolve-16/2820131-2.html
>Download<
LinkedIn
Learning DaVinci Resolve 16 Online Class | LinkedIn Learning, formerly Lynda.com
Learn the fundamentals of editing, color correcting, mixing, and rendering video in DaVinci Resolve 16.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆYou may not realize it, but your computer and your car have something in common: they both need regular maintenance. No, you don't need to change your computer's oil. But you should be updating your software, keeping your antivirus subscription up to date, and checking for spyware. Read on to learn what you can do to help improve your computer's security.
๐ฆGetting started
Here are some basics maintenance tasks you can do today to start improving your computer's security. Be sure you make these part of your ongoing maintenance as well.
Sign up for software update e-mail notices. Many software companies will send you e-mail whenever a software update is available. This is particularly important for your operating system (e.g., Microsoft VV!|VD0VV$ยฎ or Macintosh), your antivirus program, and your firewall.
Register your software. If you still have registration forms for existing software, send them in. And be sure to register new software in the future. This is another way for the software manufacturer to alert you when new updates are available.
Install software updates immediately.
When you get an update notice, download the update immediately and install it. (Remember, downloading and installing are two separate tasks.)
An ounce of prevention
A few simple steps will help you keep your files safe and clean.
Step 1: Update your software
Step 2: Backup your files
Step 3: Use antivirus software and keep it updated
Step 4: Change your passwords
๐ฆDeveloping ongoing maintenance practices
Now that you've done some ground work, it's time to start moving into longer term maintenance tasks. These are all tasks that you should do today (or as soon as possible) to get started. But for best results, make these a part of a regular maintenance schedule. We recommend setting aside time each week to help keep your computer secure.
Back up your files. Backing up your files simply means creating a copy of your computer files that you can use in the event the originals are lost. (Accidents can happen.) To learn more read our tips for backing up information.
Scan your files with up to date antivirus software. Use your antivirus scan tool regularly to search for potential computer viruses and worms. Also, check your antivirus program's user manual to see if you can schedule an automatic scan of your computer. To learn more, read our tips for reducing your virus risk
.
Change your passwords. Using the same password increases the odds that someone else will discover it. Change all of your passwords regularly (we recommend monthly) to reduce your risk. Also, choose your passwords carefully. To learn more, read our tips for creating stronger passwords
.
๐ฆMaking a schedule
One of the best ways to help protect your computer is to perform maintenance regularly. To help you keep track, we suggest making a regular "appointment" with your computer. Treat it like you would any other appointment. Record it in your datebook or online calendar, and if you cannot make it, reschedule. Remember, you are not only helping to improve your computer, you are also helping to protect your personal information.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆYou may not realize it, but your computer and your car have something in common: they both need regular maintenance. No, you don't need to change your computer's oil. But you should be updating your software, keeping your antivirus subscription up to date, and checking for spyware. Read on to learn what you can do to help improve your computer's security.
๐ฆGetting started
Here are some basics maintenance tasks you can do today to start improving your computer's security. Be sure you make these part of your ongoing maintenance as well.
Sign up for software update e-mail notices. Many software companies will send you e-mail whenever a software update is available. This is particularly important for your operating system (e.g., Microsoft VV!|VD0VV$ยฎ or Macintosh), your antivirus program, and your firewall.
Register your software. If you still have registration forms for existing software, send them in. And be sure to register new software in the future. This is another way for the software manufacturer to alert you when new updates are available.
Install software updates immediately.
When you get an update notice, download the update immediately and install it. (Remember, downloading and installing are two separate tasks.)
An ounce of prevention
A few simple steps will help you keep your files safe and clean.
Step 1: Update your software
Step 2: Backup your files
Step 3: Use antivirus software and keep it updated
Step 4: Change your passwords
๐ฆDeveloping ongoing maintenance practices
Now that you've done some ground work, it's time to start moving into longer term maintenance tasks. These are all tasks that you should do today (or as soon as possible) to get started. But for best results, make these a part of a regular maintenance schedule. We recommend setting aside time each week to help keep your computer secure.
Back up your files. Backing up your files simply means creating a copy of your computer files that you can use in the event the originals are lost. (Accidents can happen.) To learn more read our tips for backing up information.
Scan your files with up to date antivirus software. Use your antivirus scan tool regularly to search for potential computer viruses and worms. Also, check your antivirus program's user manual to see if you can schedule an automatic scan of your computer. To learn more, read our tips for reducing your virus risk
.
Change your passwords. Using the same password increases the odds that someone else will discover it. Change all of your passwords regularly (we recommend monthly) to reduce your risk. Also, choose your passwords carefully. To learn more, read our tips for creating stronger passwords
.
๐ฆMaking a schedule
One of the best ways to help protect your computer is to perform maintenance regularly. To help you keep track, we suggest making a regular "appointment" with your computer. Treat it like you would any other appointment. Record it in your datebook or online calendar, and if you cannot make it, reschedule. Remember, you are not only helping to improve your computer, you are also helping to protect your personal information.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ How can I protect myself against viruses?
There is one fool-proof positive method. Never run any program that
isn't already on your computer and never use anybody else's disks.
Unfortunately, that is practical. So what is the next best thing?
๐ฆ๐๐๐ฃ'๐ข ๐ข๐ฃ๐๐ก๐ฃ:
รพ Backups - Make frequent backups of the files on your hard disk.
Remember that at any given moment you may lose your entire hard
drive and its contents. Do you have backups of all your important
files? Things like Phone directories and passwords are especially
hard to get back. So be prepared for the worst.
รพ Rescue Disk - Many programs such as TBAV and Norton Utilities will
allow you to create a 'rescue disk', which is a floppy disk that
can be booted from in an emergency. On this disk will be stored a
copy of important system info that could be very hard, if not
impossible to come up with manually. This includes a copy of the
partition table, Master Boot Record (MBR), CMOS settings, and other
important system info.
Also on this disk, you should store utilities that can be used to
detect, clean, and remove viruses from your hard disk. This disk
should be write-protected, and should be updated any time you
make changes to your system.
รพ Knowledge - Keeping yourself well-informed about how viruses work,
any new viruses, and that kind of info is very important. Most of
the computer using public is entirely ignorant when it comes to
viruses. By readin this article, you have already made a big step
at reducing your odds of being hit by a virus.
รพ AV Software - There are plenty of good Anti-Virus programs
available on the market. Most of the good ones are usually
shareware or freeware. Some are commercial. Many of the commercial
ones are lousy, too. Using some of the less effective virus
software can provide a false sense of security.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ How can I protect myself against viruses?
There is one fool-proof positive method. Never run any program that
isn't already on your computer and never use anybody else's disks.
Unfortunately, that is practical. So what is the next best thing?
๐ฆ๐๐๐ฃ'๐ข ๐ข๐ฃ๐๐ก๐ฃ:
รพ Backups - Make frequent backups of the files on your hard disk.
Remember that at any given moment you may lose your entire hard
drive and its contents. Do you have backups of all your important
files? Things like Phone directories and passwords are especially
hard to get back. So be prepared for the worst.
รพ Rescue Disk - Many programs such as TBAV and Norton Utilities will
allow you to create a 'rescue disk', which is a floppy disk that
can be booted from in an emergency. On this disk will be stored a
copy of important system info that could be very hard, if not
impossible to come up with manually. This includes a copy of the
partition table, Master Boot Record (MBR), CMOS settings, and other
important system info.
Also on this disk, you should store utilities that can be used to
detect, clean, and remove viruses from your hard disk. This disk
should be write-protected, and should be updated any time you
make changes to your system.
รพ Knowledge - Keeping yourself well-informed about how viruses work,
any new viruses, and that kind of info is very important. Most of
the computer using public is entirely ignorant when it comes to
viruses. By readin this article, you have already made a big step
at reducing your odds of being hit by a virus.
รพ AV Software - There are plenty of good Anti-Virus programs
available on the market. Most of the good ones are usually
shareware or freeware. Some are commercial. Many of the commercial
ones are lousy, too. Using some of the less effective virus
software can provide a false sense of security.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆCracking Zip Password Files FULL METHODE 3 :)
๐ฆ Tut On Cracking Zip Password Files..
What is FZC? FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it)
๐ฆ๐๐๐ฃ'๐ข ๐ข๐ฃ๐๐ก๐ฃ:
1) FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords.
2) FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use
> the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.
3) FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
4) FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from
@UndercodeTesting telegram . There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.
5) Now that you have a good wordlist, just get FZC working on the locked zip file, grab a drink, lie down and wait... and wait... and wait...and have good thoughts like "In wordlist mode I'm gonna get the password in minutes" or something like this... you start doing all this and remember "Hey this guy started with all this bullshit and didn't say how I can start a wordlist attack!..." So please wait just a little more, read this tutorial 'till the end and you can do all this "bullshit".
6) We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$โฌh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
7) If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.
8) Now that we've gone through all the theoretical stuff, let's get to the actual commands.
๐ฆCracking Zip Password Files FULL METHODE 3 :)
๐ฆ Tut On Cracking Zip Password Files..
What is FZC? FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it)
๐ฆ๐๐๐ฃ'๐ข ๐ข๐ฃ๐๐ก๐ฃ:
1) FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords.
2) FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use
> the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.
3) FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
4) FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from
@UndercodeTesting telegram . There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.
5) Now that you have a good wordlist, just get FZC working on the locked zip file, grab a drink, lie down and wait... and wait... and wait...and have good thoughts like "In wordlist mode I'm gonna get the password in minutes" or something like this... you start doing all this and remember "Hey this guy started with all this bullshit and didn't say how I can start a wordlist attack!..." So please wait just a little more, read this tutorial 'till the end and you can do all this "bullshit".
6) We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$โฌh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
7) If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.
8) Now that we've gone through all the theoretical stuff, let's get to the actual commands.
--------------------------------------------------------------------------------
Bruteforce
--------------------------------------------------------------------------------
The command line you'll need to use for using brute force is:
fzc -mb -nzFile.zip -lChr Lenght -cType of chars
Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)
For Chr Lenght you can use 4 kind of switches...
-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...
For the Type of chars we have 5 switches they are:
-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers
Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:
fzc -mb -nzTest.zip -l4-7 -ca1
This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.
hint
You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.
--------------------------------------------------------------------------------
Wordlis
--------------------------------------------------------------------------------
Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.
fzc -mwMode number -nzFile.zip -nwWordlist
Where:
Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.
You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like
fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+
FZC would just start reading at line 50 and would just read with length >= to 9.
Example:
If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:
fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50
--------------------------------------------------------------------------------
Resuming
--------------------------------------------------------------------------------
Bruteforce
--------------------------------------------------------------------------------
The command line you'll need to use for using brute force is:
fzc -mb -nzFile.zip -lChr Lenght -cType of chars
Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)
For Chr Lenght you can use 4 kind of switches...
-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...
For the Type of chars we have 5 switches they are:
-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers
Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:
fzc -mb -nzTest.zip -l4-7 -ca1
This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.
hint
You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.
--------------------------------------------------------------------------------
Wordlis
--------------------------------------------------------------------------------
Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.
fzc -mwMode number -nzFile.zip -nwWordlist
Where:
Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.
You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like
fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+
FZC would just start reading at line 50 and would just read with length >= to 9.
Example:
If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:
fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50
--------------------------------------------------------------------------------
Resuming
--------------------------------------------------------------------------------