Forwarded from UNDERCODE SECURITY
FULL GUIDE ABOUT REMOVING THE DISKDRIVE MALWARES AND TYPES
Forwarded from UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to use the system's own command to get manual antivirus
It is better to use your own tools to hang up the virus yourself than the installed software. That is to use the system's own command to get the manual antivirus. The specific steps are as follows:
1οΈβ£Before you start, remember to be prepared-use TaskList to back up the system process
2οΈβ£New viruses have learned to use processes to hide themselves, so we better back up the computer's process list when the system is normal. Of course, it is best to back up without running any programs when you first enter Windows. You can find the process that may be a virus by comparing the process list.
π¦At the command prompt, enter:
TaskList /fo:csv>g:zc.csv
The function of the above command is to output the current process list to the "zc.csv" file in csv format, g: is the disk you want to save to, you can open the file with Excel.
Second, when you do it yourself, you must be eye-catching-use FC to compare process list files
If you feel that your computer is abnormal, or you know that there is a recent virus, it is necessary to check it.
Enter the command prompt and enter the following commands:
TaskList /fo:csv>g:yc.csv
Generate a list of yc.csv files for the current process, then enter:
FC g: \ zccsv g: \ yc.csy
After you press Enter, you can see the difference between the front and back list files. Through comparison, it is found that the computer has an additional process named "Winion0n.exe" (here, this process is used as an example) that is not "Winionon.exe".
3οΈβ£ When making judgments, keep in mind that the evidence is solid-use Netstat to view open ports
How to judge whether such a suspicious process is a virus? According to the fact that most viruses (especially Trojan horses) will be connected via ports to spread viruses, you can check the port occupancy.
π¦At the command prompt, enter:
Netstat -ano
The meaning of the parameters is as follows:
a: Display all the port information to establish a connection with the host
n: Display the PID code of the open port process
o: Display address and port information in digital format
After you press Enter, you can see all the open ports and external connection processes. Here, a process with a PID of 1756 (this example) is the most suspicious. Its status is "ESTABLISHED". You can know that this process is " Winion0n" through the task manager. ".exe", by checking the network program running on this machine, you can judge that this is an illegal connection!
4οΈβ£The meaning of the connection parameters is as follows:
LISTENINC: indicates that it is in the listening state, that is, the port is open, waiting for connection, but has not been connected, only the service port of the TCP protocol can be in the LISTENINC state.
ESTABLISHED means to establish a connection.
Indicates that the two machines are communicating.
TIME-WAIT means to end the connection.
It means that the port has been accessed once, but the access is over. It is used to judge whether there is an external computer connected to the machine.
5οΈβ£When you start antivirus, you must be cruel-use NTSD to terminate the process
Although I know that "Winion0n.exe" is an illegal process, many virus processes cannot be terminated by the task manager. What should I do?
Enter the following commands at the command prompt:
ntsd βc qp 1756
After you press Enter, you can successfully end the virus process.
Tip: "1756" is the PID value of the process. If you don't know the ID of the process, open the task manager and click "View β Select Columns β Check the PID (process identifier)".
NTSD can forcibly terminate all processes except Sytem, ββSMSS.EXE, CSRSS.EXE.
π¦How to use the system's own command to get manual antivirus
Computer users are most afraid of some viruses. Although various anti-virus software is installed on our computers, they cannot resist the malicious intrusion of viruses. The following editors teach you how to use your own tools to hang the virus yourself. Come take a look#Malwares guide -
It is better to use your own tools to hang up the virus yourself than the installed software. That is to use the system's own command to get the manual antivirus. The specific steps are as follows:
1οΈβ£Before you start, remember to be prepared-use TaskList to back up the system process
2οΈβ£New viruses have learned to use processes to hide themselves, so we better back up the computer's process list when the system is normal. Of course, it is best to back up without running any programs when you first enter Windows. You can find the process that may be a virus by comparing the process list.
π¦At the command prompt, enter:
TaskList /fo:csv>g:zc.csv
The function of the above command is to output the current process list to the "zc.csv" file in csv format, g: is the disk you want to save to, you can open the file with Excel.
Second, when you do it yourself, you must be eye-catching-use FC to compare process list files
If you feel that your computer is abnormal, or you know that there is a recent virus, it is necessary to check it.
Enter the command prompt and enter the following commands:
TaskList /fo:csv>g:yc.csv
Generate a list of yc.csv files for the current process, then enter:
FC g: \ zccsv g: \ yc.csy
After you press Enter, you can see the difference between the front and back list files. Through comparison, it is found that the computer has an additional process named "Winion0n.exe" (here, this process is used as an example) that is not "Winionon.exe".
3οΈβ£ When making judgments, keep in mind that the evidence is solid-use Netstat to view open ports
How to judge whether such a suspicious process is a virus? According to the fact that most viruses (especially Trojan horses) will be connected via ports to spread viruses, you can check the port occupancy.
π¦At the command prompt, enter:
Netstat -ano
The meaning of the parameters is as follows:
a: Display all the port information to establish a connection with the host
n: Display the PID code of the open port process
o: Display address and port information in digital format
After you press Enter, you can see all the open ports and external connection processes. Here, a process with a PID of 1756 (this example) is the most suspicious. Its status is "ESTABLISHED". You can know that this process is " Winion0n" through the task manager. ".exe", by checking the network program running on this machine, you can judge that this is an illegal connection!
4οΈβ£The meaning of the connection parameters is as follows:
LISTENINC: indicates that it is in the listening state, that is, the port is open, waiting for connection, but has not been connected, only the service port of the TCP protocol can be in the LISTENINC state.
ESTABLISHED means to establish a connection.
Indicates that the two machines are communicating.
TIME-WAIT means to end the connection.
It means that the port has been accessed once, but the access is over. It is used to judge whether there is an external computer connected to the machine.
5οΈβ£When you start antivirus, you must be cruel-use NTSD to terminate the process
Although I know that "Winion0n.exe" is an illegal process, many virus processes cannot be terminated by the task manager. What should I do?
Enter the following commands at the command prompt:
ntsd βc qp 1756
After you press Enter, you can successfully end the virus process.
Tip: "1756" is the PID value of the process. If you don't know the ID of the process, open the task manager and click "View β Select Columns β Check the PID (process identifier)".
NTSD can forcibly terminate all processes except Sytem, ββSMSS.EXE, CSRSS.EXE.
Forwarded from UNDERCODE SECURITY
6οΈβ£ after determining the virus, we must eliminate the roots-search out the original file of the virus
For the "Winion0n.exe" file that has been judged to be a virus file, search for "all local partitions" and "search system folders and hidden files and folders" to find the file's hiding place and delete it.
However, only the main file of the virus is deleted in this way. By looking at its attributes, it searches again according to its file creation date and size, finds its associates and deletes them.
If you are not sure which files are its relatives, search the Internet for virus information for help.
7οΈβ£ Be sure to clean the battlefield after removing the virus
Although manually repairing the registry deletes the virus files, the virus will leave garbage keys in the registry, and the garbage needs to be removed.
1. Use reg export backup to start automatically.
Since there are many self-starting keys, it is inconvenient to manually search for viruses when they are found.
Here use reg export+batch command to backup.
Start Notepad and enter the following command:
reg export HKLM\software\Microsoft\Windows\
CurrentVersion\Run fo:\hklmrun.reg
reg export HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run f:\hklcu.reg
reg export HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run hklml.reg
Note: Only a few common key values ββββare listed here. For other key values, please refer to the above method.
Then save it as ziqidong.bat and run it at the command prompt, you can back up all the self-starting keys to the corresponding reg file, and then enter:
copy f:\*.reg ziqidong.txt
For the "Winion0n.exe" file that has been judged to be a virus file, search for "all local partitions" and "search system folders and hidden files and folders" to find the file's hiding place and delete it.
However, only the main file of the virus is deleted in this way. By looking at its attributes, it searches again according to its file creation date and size, finds its associates and deletes them.
If you are not sure which files are its relatives, search the Internet for virus information for help.
7οΈβ£ Be sure to clean the battlefield after removing the virus
Although manually repairing the registry deletes the virus files, the virus will leave garbage keys in the registry, and the garbage needs to be removed.
1. Use reg export backup to start automatically.
Since there are many self-starting keys, it is inconvenient to manually search for viruses when they are found.
Here use reg export+batch command to backup.
Start Notepad and enter the following command:
reg export HKLM\software\Microsoft\Windows\
CurrentVersion\Run fo:\hklmrun.reg
reg export HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run f:\hklcu.reg
reg export HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run hklml.reg
Note: Only a few common key values ββββare listed here. For other key values, please refer to the above method.
Then save it as ziqidong.bat and run it at the command prompt, you can back up all the self-starting keys to the corresponding reg file, and then enter:
copy f:\*.reg ziqidong.txt
Forwarded from UNDERCODE SECURITY
π¦The role of the command is to output all the backed up reg files to "ziqidong.txt", so that if a virus is found to add a self-starting item, the self-starting value is exported with the last time. Use the FC command introduced above to compare the two txt files before and after, Can quickly find new self-starting items.
1οΈβ£Use reg delete to delete the newly added self-starting key.
For example: through the above method in [HKER_CURRENT_USER\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run], find a "Logon" self-starting item, the startup program is "c:\windows\winlogon.exe", now enter the following command to delete the virus self-starting key value:
reg delete HKLM\software\Microssoft\Windows\
CurrentVersion\Run /f
2οΈβ£ Use reg import to restore the registry.
Reg de-lete delete is the entire RUN key value, now you can use the backup reg file to restore, enter the following command to quickly restore the registry: reg import f:\hklmrun.reg
3οΈβ£The above introduces several system commands for manual antivirus. In fact, as long as these commands are used well, we can basically kill most of the viruses. Of course, we must do backup work normally.
#Tip: The above operations can also be operated manually in the registry editor, but the REG command has the advantage that even if the registry editor is disabled by a virus, you can use the above commands to export/delete/import operations at a faster speed fast!
4οΈβ£bundled wooden mark-FIND
The above introduces the use of system commands to kill and kill general viruses, and the following introduces a "FIND" command to detect bundled Trojans.
It is believed that many networms have encountered bundled wooden knives. These "wolves with sheepskins" are often hiding behind pictures, FLASH, and even music files.
When we opened these files, although what was displayed in the current window was indeed a picture (or playing FLASH), the abominable Trojan was already quietly running in the background.
#Forexample, recently I received a super girl wallpaper from my friends from QQ, but when I opened the picture, I found that the picture had been opened with the "Picture and Fax Viewer", but the hard disk indicator kept flashing.
Obviously, when I open the picture, there are unknown programs running in the background.
Now use the FIND command to check whether the picture is bundled with a Trojan, and type:
FIND /c /I "This program" g:\chaonv.jpe.exe where:
g:\chaonv.jpe.exe indicates the file to be detected
The prompt returned by the FIND command is "___G:CHAONV.EXE: 2", which indicates that "G:, CHAONV.EXE" does indeed bundle other files.
Because of the detection of the FIND command: if it is an EXE file, the return value should be "1" under normal circumstances; if it is an unexecutable file, the return value should be "0" under normal circumstances, and other results should be noted.
π¦Tip: In fact, many bundled Trojans use Windows' default "hide file extensions of known types" to confuse us, such as "chaonv.jpe.exe" in this example, because this file uses the icon of the JPG file, it is fooled.
Open "My Computer", click "Tools β Folder Options", "Click" and "View", remove the check mark in front of "Hide file extensions of known types" to see the true face of "Wolf".
#Summary
Finally, let's summarize the process of manual poisoning:
Use TSKLIST to back up the process list β find the virus through the FC comparison file β use NETSTAT to determine the process β use FIND to terminate the process β search to find the virus and delete it β use the REG command to repair the registry.
In this way, from discovering viruses, deleting viruses, and repairing the registry, have you completed the entire manual virus detection and antivirus process, have you learned? For more exciting tutorials, please pay attention to Script House!
FULL MALWARE GUIDE WRITTEN BY UNDERCODE
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1οΈβ£Use reg delete to delete the newly added self-starting key.
For example: through the above method in [HKER_CURRENT_USER\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run], find a "Logon" self-starting item, the startup program is "c:\windows\winlogon.exe", now enter the following command to delete the virus self-starting key value:
reg delete HKLM\software\Microssoft\Windows\
CurrentVersion\Run /f
2οΈβ£ Use reg import to restore the registry.
Reg de-lete delete is the entire RUN key value, now you can use the backup reg file to restore, enter the following command to quickly restore the registry: reg import f:\hklmrun.reg
3οΈβ£The above introduces several system commands for manual antivirus. In fact, as long as these commands are used well, we can basically kill most of the viruses. Of course, we must do backup work normally.
#Tip: The above operations can also be operated manually in the registry editor, but the REG command has the advantage that even if the registry editor is disabled by a virus, you can use the above commands to export/delete/import operations at a faster speed fast!
4οΈβ£bundled wooden mark-FIND
The above introduces the use of system commands to kill and kill general viruses, and the following introduces a "FIND" command to detect bundled Trojans.
It is believed that many networms have encountered bundled wooden knives. These "wolves with sheepskins" are often hiding behind pictures, FLASH, and even music files.
When we opened these files, although what was displayed in the current window was indeed a picture (or playing FLASH), the abominable Trojan was already quietly running in the background.
#Forexample, recently I received a super girl wallpaper from my friends from QQ, but when I opened the picture, I found that the picture had been opened with the "Picture and Fax Viewer", but the hard disk indicator kept flashing.
Obviously, when I open the picture, there are unknown programs running in the background.
Now use the FIND command to check whether the picture is bundled with a Trojan, and type:
FIND /c /I "This program" g:\chaonv.jpe.exe where:
g:\chaonv.jpe.exe indicates the file to be detected
The prompt returned by the FIND command is "___G:CHAONV.EXE: 2", which indicates that "G:, CHAONV.EXE" does indeed bundle other files.
Because of the detection of the FIND command: if it is an EXE file, the return value should be "1" under normal circumstances; if it is an unexecutable file, the return value should be "0" under normal circumstances, and other results should be noted.
π¦Tip: In fact, many bundled Trojans use Windows' default "hide file extensions of known types" to confuse us, such as "chaonv.jpe.exe" in this example, because this file uses the icon of the JPG file, it is fooled.
Open "My Computer", click "Tools β Folder Options", "Click" and "View", remove the check mark in front of "Hide file extensions of known types" to see the true face of "Wolf".
#Summary
Finally, let's summarize the process of manual poisoning:
Use TSKLIST to back up the process list β find the virus through the FC comparison file β use NETSTAT to determine the process β use FIND to terminate the process β search to find the virus and delete it β use the REG command to repair the registry.
In this way, from discovering viruses, deleting viruses, and repairing the registry, have you completed the entire manual virus detection and antivirus process, have you learned? For more exciting tutorials, please pay attention to Script House!
FULL MALWARE GUIDE WRITTEN BY UNDERCODE
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE SECURITY
MALWARE & DRIVES MALWARE GUIDES BY UNDERCODE
Forwarded from UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HACK WIFI VIA LINUX GOOD 2020 SCRIPT :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£sudo apt-get update && apt-get install git
2οΈβ£sudo git clone https://github.com/ankit0183/Wifi-Hacking
3οΈβ£cd Wifi-Hacking/
4οΈβ£sudo python3 Wifi-Hacking.py
π¦FEATURES :
1)Start monitor mode
2)Stop monitor mode
3)Scan Networks
4)Getting Handshake
5)Create wordlist
6)Install Wireless tools
7)WPS Networks attacks
8)Scan for WPS Networks
9)Crack Handshake with rockyou.txt
10)Crack Handshake with wordlist
11)Crack Handshake without wordlist
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HACK WIFI VIA LINUX GOOD 2020 SCRIPT :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£sudo apt-get update && apt-get install git
2οΈβ£sudo git clone https://github.com/ankit0183/Wifi-Hacking
3οΈβ£cd Wifi-Hacking/
4οΈβ£sudo python3 Wifi-Hacking.py
π¦FEATURES :
1)Start monitor mode
2)Stop monitor mode
3)Scan Networks
4)Getting Handshake
5)Create wordlist
6)Install Wireless tools
7)WPS Networks attacks
8)Scan for WPS Networks
9)Crack Handshake with rockyou.txt
10)Crack Handshake with wordlist
11)Crack Handshake without wordlist
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ankit0183/Wifi-Hacking: Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securitiesβ¦
Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES) - ankit0183/Wifi-Hacking
Forwarded from UNDERCODE SECURITY
π¦ GUYS JOIN OUR FACEBOOK GROUPS :
- fb.com/groups/UndercodeTesting (private- no adds )
- fb.com/groups/UndercodeCommunity ( ADDS ALLOWED- YOUTUBE- GOOD LINK- - SELLING NOT ALLOWED E N J O Y )
- fb.com/groups/UndercodeTesting (private- no adds )
- fb.com/groups/UndercodeCommunity ( ADDS ALLOWED- YOUTUBE- GOOD LINK- - SELLING NOT ALLOWED E N J O Y )
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to get NordVPN for free- from NORDVPN.COM OFFICIAL
There are two ways to access some form of NordVPN for free or at a too-good-to-be-true discount, and both are a bad deal:
1οΈβ£#NordVPN crack
If youβre here, chances are youβve been looking for a NordVPN crack. Well, before you go ahead and download it, check out what our security analysts found inside some of these βcrackedβ copies of NordVPN:
1) Root access viruses/malware: Reputable websites donβt host stolen, cracked copies of NordVPN or other software if they can help it. Instead, youβll be downloading a file from some anonymous mirror or server, or from a link someone gave you on a forum. This is the perfect way to deliver a virus.
Once youβre downloading a file from random online sources, thereβs very little thatβll help you (click here to learn about different hacking methods). Even antivirus software canβt identify 100% of viruses (especially if the hacker wrote their own unique virus). If antiviruses recognize the threat, you may be reassured by the file hoster: βItβs just a false positive because of how the crack works, donβt worry, itβs not a virus.β Sure. You know what they say β thereβs a sucker born every minute! Malware can be very damaging to your system β click here to find out about the different types.
2) Adware: If youβre lucky, youβll download some adware instead of a virus. Instead of stealing your identity, theyβll simply fill your computer with ads. Some adware injects ads into your browser and every site you visit, while other adware programs can inject ads into your entire device. Imagine getting annoying pop-ups on your desktop! These types of programs also usually slow down your computer.
3) Random software: This find was actually a puzzling one for our security analysts. They found some cracked NordVPN downloads that sent them clean versions of other programs when they were downloaded. One NordVPN crack download actually sent them Adobe Flash Player
2οΈβ£Stolen NordVPN accounts for sale
Thatβs what youβre buying β but whatβs the problem?
1) You donβt know how long the account will work. You arenβt forming a new subscription, youβre simply intruding upon someone elseβs already-active subscription. If you paid the hacker for a 3-year subscription and find that there are only 2 years and 3 months left, tough luck β the hacker already has your money. Go ahead and ask for a refund. Weβll wait.
2) You can lose the account at any time. When you pay for the account, all you get are its current username and password. Most vendors will warn you that you shouldnβt change these. Thatβs because if you do, youβll also make it impossible for the actual owner to connect. They will then be able to restore access to their account by contacting customer support, changing their password and rendering your purchase useless. You are completely at their mercy. The account is yours to use only as long as the real owner doesnβt change the password.
3) You wonβt be able to use as many devices on it. Each NordVPN account supports up to six devices, but things can get crowded when thereβs more than one user on an account.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to get NordVPN for free- from NORDVPN.COM OFFICIAL
There are two ways to access some form of NordVPN for free or at a too-good-to-be-true discount, and both are a bad deal:
1οΈβ£#NordVPN crack
If youβre here, chances are youβve been looking for a NordVPN crack. Well, before you go ahead and download it, check out what our security analysts found inside some of these βcrackedβ copies of NordVPN:
1) Root access viruses/malware: Reputable websites donβt host stolen, cracked copies of NordVPN or other software if they can help it. Instead, youβll be downloading a file from some anonymous mirror or server, or from a link someone gave you on a forum. This is the perfect way to deliver a virus.
Once youβre downloading a file from random online sources, thereβs very little thatβll help you (click here to learn about different hacking methods). Even antivirus software canβt identify 100% of viruses (especially if the hacker wrote their own unique virus). If antiviruses recognize the threat, you may be reassured by the file hoster: βItβs just a false positive because of how the crack works, donβt worry, itβs not a virus.β Sure. You know what they say β thereβs a sucker born every minute! Malware can be very damaging to your system β click here to find out about the different types.
2) Adware: If youβre lucky, youβll download some adware instead of a virus. Instead of stealing your identity, theyβll simply fill your computer with ads. Some adware injects ads into your browser and every site you visit, while other adware programs can inject ads into your entire device. Imagine getting annoying pop-ups on your desktop! These types of programs also usually slow down your computer.
3) Random software: This find was actually a puzzling one for our security analysts. They found some cracked NordVPN downloads that sent them clean versions of other programs when they were downloaded. One NordVPN crack download actually sent them Adobe Flash Player
2οΈβ£Stolen NordVPN accounts for sale
Thatβs what youβre buying β but whatβs the problem?
1) You donβt know how long the account will work. You arenβt forming a new subscription, youβre simply intruding upon someone elseβs already-active subscription. If you paid the hacker for a 3-year subscription and find that there are only 2 years and 3 months left, tough luck β the hacker already has your money. Go ahead and ask for a refund. Weβll wait.
2) You can lose the account at any time. When you pay for the account, all you get are its current username and password. Most vendors will warn you that you shouldnβt change these. Thatβs because if you do, youβll also make it impossible for the actual owner to connect. They will then be able to restore access to their account by contacting customer support, changing their password and rendering your purchase useless. You are completely at their mercy. The account is yours to use only as long as the real owner doesnβt change the password.
3) You wonβt be able to use as many devices on it. Each NordVPN account supports up to six devices, but things can get crowded when thereβs more than one user on an account.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HACK GMAIL/INSTAGRAM BRUTEFORCE
> PHISHING ALSO IN ONE TOOL :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
π¦SUPPORT :
Kali Linux
Cyborg
Parrot
BackTrack
Backbox
β Git POPULAR sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HACK GMAIL/INSTAGRAM BRUTEFORCE
> PHISHING ALSO IN ONE TOOL :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/xHak9x/Hak9Tools.git5οΈβ£CHOOSE OPTIONS VIA NUMBERS EASY AND SIMPLE
2οΈβ£cd Hak9Tools
3οΈβ£chmod +x hak9tools.sh
4οΈβ£./hak9tools.sh
π¦SUPPORT :
Kali Linux
Cyborg
Parrot
BackTrack
Backbox
β Git POPULAR sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦from few days Multi-stage APT attack uses C2 function to reduce Cobalt Strike
#UndercodeNews
1οΈβ£Multi-stage APT attack uses C2 function to reduce Cobalt Strike
2οΈβ£On June 10, we found a malicious Word document disguised as a resume, which used template injection to delete a Net Loader. This is a part of what we think is an APT attack. In the final stage, the threat actor uses Cobalt Strike's C2 feature to download the final payload and perform C2 communication.
3οΈβ£The attack was particularly smart because of its evasion skills. As we observe, there is an intentional delay in executing the payload from the malicious Word macro. In addition, by hiding the shell code in a harmless JavaScript and loading it without touching the disk, APT can further prevent security detection.
@UndercodeNews
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦from few days Multi-stage APT attack uses C2 function to reduce Cobalt Strike
#UndercodeNews
1οΈβ£Multi-stage APT attack uses C2 function to reduce Cobalt Strike
2οΈβ£On June 10, we found a malicious Word document disguised as a resume, which used template injection to delete a Net Loader. This is a part of what we think is an APT attack. In the final stage, the threat actor uses Cobalt Strike's C2 feature to download the final payload and perform C2 communication.
3οΈβ£The attack was particularly smart because of its evasion skills. As we observe, there is an intentional delay in executing the payload from the malicious Word macro. In addition, by hiding the shell code in a harmless JavaScript and loading it without touching the disk, APT can further prevent security detection.
@UndercodeNews
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Cloud Security 2020 Topic Resources :
* [Cloud Security Resources from AWS](https://aws.amazon.com/security/security-resources)
* [Penetration Testing in Microsoft Azure](https://docs.microsoft.com/en-us/azure/security/azure-security-pen-testing)
* [Penetration Testing in AWS](https://aws.amazon.com/security/penetration-testing)
* [Penetration Testing in Google Cloud Platform](https://cloud.google.com/security/overview)
* [Google Cloud Security Center](https://cloud.google.com/security)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Cloud Security 2020 Topic Resources :
* [Cloud Security Resources from AWS](https://aws.amazon.com/security/security-resources)
* [Penetration Testing in Microsoft Azure](https://docs.microsoft.com/en-us/azure/security/azure-security-pen-testing)
* [Penetration Testing in AWS](https://aws.amazon.com/security/penetration-testing)
* [Penetration Testing in Google Cloud Platform](https://cloud.google.com/security/overview)
* [Google Cloud Security Center](https://cloud.google.com/security)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Amazon
Cloud Security Learning Resources - Amazon Web Services (AWS)
To learn more about cloud security on the AWS Cloud infrastructure, browse through our developer documents, whitepapers and tutorials here.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦General trend to share file permission management software, company internal file sharing, enterprise shared file solution
>Background of enterprise shared file management
At present, there are usually the following measures for setting access rights for shared files and managing access to shared files in enterprise LANs:
1οΈβ£File access permission control based on the local account of the Windows server operating system. The specific implementation method is: set a shared file on a Windows server operating system, the file system type is ntfs, and then configure the corresponding access rights of the local account to the shared file. When other computers on the LAN access the shared file, you need to enter the server local account to log in first Access, and then control their access to shared files.
2οΈβ£ File access permission control based on Windows domain users. Set the shared file on a server, the file system type is ntfs, and then set the corresponding permissions of the domain account to access different shared files through the domain controller. When the user accesses the shared file, enter the domain account to log in, and then control their access to the shared file .
3οΈβ£By adding a file sharing proxy server between the user computer and the file sharing server, the user computer connects to the file sharing proxy server, the file sharing proxy server connects to the file sharing server, and the file sharing proxy server implements the user computer to file Access control of files in the shared server.
Although through the above methods, you can control the access permissions of Windows server shared files. However, with the increasing number of important confidential documents and key data of enterprises, higher requirements are put on the protection of server file data. The original technical methods have been unable to meet the protection of enterprises to protect these important files and key data, especially when these files are accessed by LAN users in the form of shared files, how to protect the security of these file data has become an important aspect of enterprise network management.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦General trend to share file permission management software, company internal file sharing, enterprise shared file solution
>Background of enterprise shared file management
At present, there are usually the following measures for setting access rights for shared files and managing access to shared files in enterprise LANs:
1οΈβ£File access permission control based on the local account of the Windows server operating system. The specific implementation method is: set a shared file on a Windows server operating system, the file system type is ntfs, and then configure the corresponding access rights of the local account to the shared file. When other computers on the LAN access the shared file, you need to enter the server local account to log in first Access, and then control their access to shared files.
2οΈβ£ File access permission control based on Windows domain users. Set the shared file on a server, the file system type is ntfs, and then set the corresponding permissions of the domain account to access different shared files through the domain controller. When the user accesses the shared file, enter the domain account to log in, and then control their access to the shared file .
3οΈβ£By adding a file sharing proxy server between the user computer and the file sharing server, the user computer connects to the file sharing proxy server, the file sharing proxy server connects to the file sharing server, and the file sharing proxy server implements the user computer to file Access control of files in the shared server.
Although through the above methods, you can control the access permissions of Windows server shared files. However, with the increasing number of important confidential documents and key data of enterprises, higher requirements are put on the protection of server file data. The original technical methods have been unable to meet the protection of enterprises to protect these important files and key data, especially when these files are accessed by LAN users in the form of shared files, how to protect the security of these file data has become an important aspect of enterprise network management.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TOPIC 2020 Free admin dashboard template based on Bootstrap 4
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£ DOWNLOAD : https://github.com/ColorlibHQ/AdminLTE/releases
2οΈβ£Command Line
> Via NPM
npm install admin-lte@^3.0 --save
> Via Yarn
yarn add admin-lte@^3.0
> Via Composer
composer require "almasaeed2010/adminlte=~3.0"
> Via Git
git clone https://github.com/ColorlibHQ/AdminLTE.gitAdminLTE can be installed using multiple methods. Pick your favorite method from the list below. Please be sure to check the dependencies section before continuing.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TOPIC 2020 Free admin dashboard template based on Bootstrap 4
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£ DOWNLOAD : https://github.com/ColorlibHQ/AdminLTE/releases
2οΈβ£Command Line
> Via NPM
npm install admin-lte@^3.0 --save
> Via Yarn
yarn add admin-lte@^3.0
> Via Composer
composer require "almasaeed2010/adminlte=~3.0"
> Via Git
git clone https://github.com/ColorlibHQ/AdminLTE.gitAdminLTE can be installed using multiple methods. Pick your favorite method from the list below. Please be sure to check the dependencies section before continuing.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
Releases Β· ColorlibHQ/AdminLTE
AdminLTE - Free admin dashboard template based on Bootstrap 5 - ColorlibHQ/AdminLTE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦7 NETWORK SECURITY TIPS BY UNDERCODE
#Secure before hacked !
1. The log file inside the operating system is an important clue to detect whether there is a network intrusion. Of course, this assumes that your logfile is not damaged by the intruder. If you have a server connected directly to the Internet with a dedicated line, this means your IP The address is permanently fixed. You will find that many people make telnet/ftp login attempts to your system, try to run #more /var/log/secure | grep refused to check.
2. Limit the number of programs with the SUID permission flag. Programs with the permission flag run as root, which is a potential security hole. Of course, some programs must have the flag, like the passwd program.
3. BIOS security. Set the BIOS password and modify the boot sequence to prevent the system from booting from the floppy disk.
4. User password. User passwords are a basic starting point for Linux security. The user passwords used by many people are simple'passwords, which is equivalent to opening the door to intruders, although theoretically there are no user passwords that cannot be confirmed, as long as there are enough Time and resources are available. A good user password is a string of characters that only he can easily remember and understand, and never write it anywhere.
5. /etc/exports file. If you use the NFS network file system service, then make sure that your /etc/exports has the most restrictive access permission settings, which means do not use any wildcards, do not allow root write permissions, and mount into a read-only file system. Edit the file /etc/exports and add: for example:
γγ/dir/to/export host1.mydomain.com(ro,root_squash)
γγ/dir/to/export host2.mydomain.com(ro,root_squash)
γγ/dir/to/export is the directory you want to output, host.mydomain.com Is the machine name for logging into this directory, ro means mount as a read-only system, and root_squash prohibits root from writing to this directory.
γγIn order for the above changes to take effect, run /usr/sbin/exportfs -a
6. Make sure that the owner of /etc/inetd.conf is root and the file permissions are set to 600.
[root@deep]# chmod 600 /etc/inetd.conf
ENSURE that the owner is root.
[root@deep]# stat /etc/inetd.conf
File: "/etc/inetd.conf"
Size: 2869 Filetype: Regular File
Mode: (0600/-rw-------) Uid: (0/ root) Gid: (0/ root)
Device: 8,6 Inode: 18219 Links: 1
Access: Wed Sep 22 16:24: 16 1999(00000.00:10:44)
Modify: Mon Sep 20 10:22:44 1999(00002.06:12:16)
Change:Mon Sep 20 10:22:44 1999(00002.06:12:16)
Edit /etc/inetd.conf to prohibit the following services:
ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop -3, finger, auth, etc. unless you really want to use it. Especially prohibit those r commands. If you use ssh/scp, then you can also disable telnet/ftp.
For the changes to take effect, run #killall -HUP inetd You can also run #chattr +i /etc/inetd.conf to make the file unchangeable. Only root can unlock it, use the command #chattr -i /etc/inetd.conf
7. TCP_WRAPPERS
By default, Redhat Linux allows all requests. Using TCP_WRAPPERS to enhance the security of your site is a handy effort. You can put
"ALL: ALLβ to /etc/hosts.deny to prohibit all requests, and then put those explicitly allowed requests to /etc/hosts.allow, such as:
sshd: 192.168.1.10/255.255.255.0 gate.openarch.com
to the IP address 192.168.1.10 and the host name gate.openarch.com allow connection via ssh. After the configuration is complete, use tcpdchk to check
[root@deep]# tcpdchk
tcpchk is a TCP_Wrapper configuration check tool that checks your tcp wrapper configuration and reports any potential/existing problems found.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦7 NETWORK SECURITY TIPS BY UNDERCODE
#Secure before hacked !
1. The log file inside the operating system is an important clue to detect whether there is a network intrusion. Of course, this assumes that your logfile is not damaged by the intruder. If you have a server connected directly to the Internet with a dedicated line, this means your IP The address is permanently fixed. You will find that many people make telnet/ftp login attempts to your system, try to run #more /var/log/secure | grep refused to check.
2. Limit the number of programs with the SUID permission flag. Programs with the permission flag run as root, which is a potential security hole. Of course, some programs must have the flag, like the passwd program.
3. BIOS security. Set the BIOS password and modify the boot sequence to prevent the system from booting from the floppy disk.
4. User password. User passwords are a basic starting point for Linux security. The user passwords used by many people are simple'passwords, which is equivalent to opening the door to intruders, although theoretically there are no user passwords that cannot be confirmed, as long as there are enough Time and resources are available. A good user password is a string of characters that only he can easily remember and understand, and never write it anywhere.
5. /etc/exports file. If you use the NFS network file system service, then make sure that your /etc/exports has the most restrictive access permission settings, which means do not use any wildcards, do not allow root write permissions, and mount into a read-only file system. Edit the file /etc/exports and add: for example:
γγ/dir/to/export host1.mydomain.com(ro,root_squash)
γγ/dir/to/export host2.mydomain.com(ro,root_squash)
γγ/dir/to/export is the directory you want to output, host.mydomain.com Is the machine name for logging into this directory, ro means mount as a read-only system, and root_squash prohibits root from writing to this directory.
γγIn order for the above changes to take effect, run /usr/sbin/exportfs -a
6. Make sure that the owner of /etc/inetd.conf is root and the file permissions are set to 600.
[root@deep]# chmod 600 /etc/inetd.conf
ENSURE that the owner is root.
[root@deep]# stat /etc/inetd.conf
File: "/etc/inetd.conf"
Size: 2869 Filetype: Regular File
Mode: (0600/-rw-------) Uid: (0/ root) Gid: (0/ root)
Device: 8,6 Inode: 18219 Links: 1
Access: Wed Sep 22 16:24: 16 1999(00000.00:10:44)
Modify: Mon Sep 20 10:22:44 1999(00002.06:12:16)
Change:Mon Sep 20 10:22:44 1999(00002.06:12:16)
Edit /etc/inetd.conf to prohibit the following services:
ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop -3, finger, auth, etc. unless you really want to use it. Especially prohibit those r commands. If you use ssh/scp, then you can also disable telnet/ftp.
For the changes to take effect, run #killall -HUP inetd You can also run #chattr +i /etc/inetd.conf to make the file unchangeable. Only root can unlock it, use the command #chattr -i /etc/inetd.conf
7. TCP_WRAPPERS
By default, Redhat Linux allows all requests. Using TCP_WRAPPERS to enhance the security of your site is a handy effort. You can put
"ALL: ALLβ to /etc/hosts.deny to prohibit all requests, and then put those explicitly allowed requests to /etc/hosts.allow, such as:
sshd: 192.168.1.10/255.255.255.0 gate.openarch.com
to the IP address 192.168.1.10 and the host name gate.openarch.com allow connection via ssh. After the configuration is complete, use tcpdchk to check
[root@deep]# tcpdchk
tcpchk is a TCP_Wrapper configuration check tool that checks your tcp wrapper configuration and reports any potential/existing problems found.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 TOPIC get Facebook data, and some Facebook bots, and extra tools found on Facebook Toolkit ++.
π¦FEATURES :
Get Access Token β get access token your facebook account
Account Information β view your account information
Dump ID β retrieve all your friend's ID data
Dump Email β retrieve all your friend's Email data
Dump Name β retrieve all your friend's Name data
Dump Birthday β retrieve all your friend's Birthday data
Dump Gender β retrieve all your friend's Gender data
Dump Location β retrieve all your friend's Location data
Dump URL Profile β retrieve all your friend's url profile data
Dump Mobile Number β retrieve all your friend's mobile number data
Dump Religion β retrieve all your friend's religion data
Dump Username β retrieve all your friend's username data
Dump Bio β retrieve all your friend's bio data
Dump About β retrieve all your friend's about data
Filter Yahoo Mail β separate all Yahoo e-mails [yahoo.com]
Yahoo Mail Validation β validate all Yahoo e-mails
Clean Result β clean the result folder
Delete ALL Post β clean all your posts
Unfriend ALL β clean all your friends
Confirmation ALL β confirm all friend requests
Confirmation ALL [Male] β confirm all friend requests based on male sex
Confirmation ALL [Female] β onfirm all friend requests based on female sex
View Data β see your friends data based on your username or ID
Dump ID Member Group β retrieve all ID member on group database
Dump Username Profile Member Group β retrieve all username member on group database
Dump URL Profile Member Group β retrieve all url profile member on group database
Brute Force ID β brute force your friends by ID
Brute Force ID Member Group β brute force Member Group by ID
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
TERMUX -LINUX
1οΈβ£pkg install php
2οΈβ£pkg install curl
3οΈβ£pkg update
4οΈβ£git clone https://github.com/warifp/FacebookToolkit
5οΈβ£Enough to execute the command :
php run.php
Cek list menu tools, use the command :
php run.php -m
Cek author, use the command :
php run.php -a
Cek version, use the command :
php run.php -v
Cek update, use the command :
php run.php -u
and help, use the command :
php run.php -h
β Git 2020 sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 TOPIC get Facebook data, and some Facebook bots, and extra tools found on Facebook Toolkit ++.
π¦FEATURES :
Get Access Token β get access token your facebook account
Account Information β view your account information
Dump ID β retrieve all your friend's ID data
Dump Email β retrieve all your friend's Email data
Dump Name β retrieve all your friend's Name data
Dump Birthday β retrieve all your friend's Birthday data
Dump Gender β retrieve all your friend's Gender data
Dump Location β retrieve all your friend's Location data
Dump URL Profile β retrieve all your friend's url profile data
Dump Mobile Number β retrieve all your friend's mobile number data
Dump Religion β retrieve all your friend's religion data
Dump Username β retrieve all your friend's username data
Dump Bio β retrieve all your friend's bio data
Dump About β retrieve all your friend's about data
Filter Yahoo Mail β separate all Yahoo e-mails [yahoo.com]
Yahoo Mail Validation β validate all Yahoo e-mails
Clean Result β clean the result folder
Delete ALL Post β clean all your posts
Unfriend ALL β clean all your friends
Confirmation ALL β confirm all friend requests
Confirmation ALL [Male] β confirm all friend requests based on male sex
Confirmation ALL [Female] β onfirm all friend requests based on female sex
View Data β see your friends data based on your username or ID
Dump ID Member Group β retrieve all ID member on group database
Dump Username Profile Member Group β retrieve all username member on group database
Dump URL Profile Member Group β retrieve all url profile member on group database
Brute Force ID β brute force your friends by ID
Brute Force ID Member Group β brute force Member Group by ID
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
TERMUX -LINUX
1οΈβ£pkg install php
2οΈβ£pkg install curl
3οΈβ£pkg update
4οΈβ£git clone https://github.com/warifp/FacebookToolkit
5οΈβ£Enough to execute the command :
php run.php
Cek list menu tools, use the command :
php run.php -m
Cek author, use the command :
php run.php -a
Cek version, use the command :
php run.php -v
Cek update, use the command :
php run.php -u
and help, use the command :
php run.php -h
β Git 2020 sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - warifp/FacebookToolkit: a tool to get Facebook data, and some Facebook bots, and extra tools found on Facebook Toolkitβ¦
a tool to get Facebook data, and some Facebook bots, and extra tools found on Facebook Toolkit ++. - warifp/FacebookToolkit
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦FASTEST WAY TRACKING IP ADRESS FOR NOOBS :
-Termux Linux new release :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
apt update
apt install git -y
git clone https://github.com/rajkumardusad/IP-Tracer.git
cd IP-Tracer
chmod +x install
sh install or ./install
How to use IP-Tracer
trace -m to track your own ip address.
trace -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1
trace for more information.
OR
ip-tracer -m to track your own ip address.
ip-tracer -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1
β git 2020 sources
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦FASTEST WAY TRACKING IP ADRESS FOR NOOBS :
-Termux Linux new release :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
apt update
apt install git -y
git clone https://github.com/rajkumardusad/IP-Tracer.git
cd IP-Tracer
chmod +x install
sh install or ./install
How to use IP-Tracer
trace -m to track your own ip address.
trace -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1
trace for more information.
OR
ip-tracer -m to track your own ip address.
ip-tracer -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1
β git 2020 sources
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - rajkumardusad/IP-Tracer: Track any ip address with IP-Tracer. IP-Tracer is developed for Linux and Termux. you can retrieveβ¦
Track any ip address with IP-Tracer. IP-Tracer is developed for Linux and Termux. you can retrieve any ip address information using IP-Tracer. - GitHub - rajkumardusad/IP-Tracer: Track any ip addr...
π¦NETFLIX CHECKER ON GITHUB
https://github.com/AbdeslemSmahi/NetflixChecker
π¦Features:
Python 3.x
Simple readable code
Mass Accounts checker
Combolist support
HTTP Proxy Support
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
https://github.com/AbdeslemSmahi/NetflixChecker
π¦Features:
Python 3.x
Simple readable code
Mass Accounts checker
Combolist support
HTTP Proxy Support
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - AbdeslemSmahi/NetflixChecker: a mass account Netflix checker using Proxy
a mass account Netflix checker using Proxy. Contribute to AbdeslemSmahi/NetflixChecker development by creating an account on GitHub.