▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑In the authentication scheme implemented using SMB or SMB2 messages, regardless of what kind of authentication dialect will be used (LM, LMv2, NTLM, NTLM2, NTLMv2), the authentication process proceeds as follows:
#WindowsServer

1️⃣The client tries to establish a connection with the server and sends a request in which it informs the server in which dialects it is able to authenticate, for example: LM, NTLM, NTLM2, NTLMv2. Therefore, the dialect of LMv2 authentication between the client and server is excluded.

2️⃣The server from the dialect list received from the client (by default) selects the most secure dialect (for example, NTLMv2), then sends a response to the client.

3️⃣The client, having decided on the dialect of authentication, tries to access the server and sends a request to NEGOTIATE-MESSAGE.

4️⃣The server receives a request from the client and sends it a response CHALLENGEMESSAGE, which contains a random sequence of 8 bytes. It is called Server Challenge.

5️⃣The client, having received the Server Challenge sequence from the server, encrypts this sequence with its password, and then sends the server an AUTHENTICATEMESSAGE response that contains 24 bytes.

6️⃣When the server receives the response, it performs the same encryption operation of the Server Challenge sequence as the client performed. Then, comparing your results with the response from the client, on the basis of a match, allows or denies access.

Share us❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is NBT-NS ?
#WindowsServer

> NBT-NS is NetBIOS-NS , i.e. NetBIOS Name Service.
The NetBIOS Name Service is one of three NetBIOS services: a name service (NetBIOS-NS) for registering and resolving names.

> To start sessions or distribute datagrams, the application must register its NetBIOS name using the name service. NetBIOS names are 16 octets in length and vary by implementation.

> Often the 16th octet, called the NetBIOS suffix, indicates the type of resource and can be used to tell other applications which type of service the system offers. In NBT, the name service runs on UDP port 137 (TCP port 137 can also be used, but is rarely used).

🦑NetBIOS name service primitives:

1️⃣Add name - Register a NetBIOS name.

2️⃣Add group name - Register the NetBIOS name of the group.

3️⃣Delete name - Unregisters the NetBIOS name or group name.

4️⃣Find name - Search for a NetBIOS name on the network.


NetBIOS name resolution is not supported by Microsoft for Internet Protocol Version 6 (IPv6).

Share us❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑There are two ways to redirect traffic for this attack on the local network:

#FastTips

➕ARP spoofing . During this attack, the computer of the attacker sends out false messages to the ARP packet that the MAC address of the router is the MAC address of the computer of the attacker. As a result, computers on the local network start sending network packets through the attacker's computer. This is a universal option that is suitable in all cases.

➕DNS spoofing . The point is in replacing answers to DNS queries, as a result, the victim's computer will receive the wrong IP addresses for the requested hosts. This option is suitable only if the connection to the remote SSH server is performed by the host name, for example:

<font style="vertical-align: inherit;"><font style="vertical-align: inherit;">ssh root@web.site</font></font>

 command)

> DNS spoofing can be performed during a man-in-the-middle attack, or using a fraudulent DNS server (in this case, the IP address of the fraudulent DNS server will need to be set in the router or on the victim’s computer .

Share us❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to intercept SSH password ??

#FastTips

The SSH protocol allows you to connect to another computer to execute commands on it and transfer files. SSH uses strong encryption, so the transmitted network traffic cannot be decrypted or modified.

🦑In SSH, you can use two methods to enter the remote computer:

1️⃣enter user password on the remote system

2️⃣public key authentication

🦑If you are logged in with a password, you can imagine the following attack scenario:

1️⃣user traffic is redirected to the attacking machine

2️⃣the attacker monitors attempts to connect to the SSH server and redirects them to its SSH server

3️⃣The attacker's SSH server is configured, firstly, to keep a log of all entered data, including the user's password, and, secondly, send commands to the legitimate SSH server to which the user wants to connect, to execute them, and then return the results to the legitimate user

🦑The SSH MITM tool consists of several components:

1️⃣modified ssh server

2️⃣auxiliary scripts to perform related actions: detect SSH connections, ARP spoofing and traffic sniffing, port forwarding.

In The following operation, SSH MITM uses the following tools (make sure that they are installed on your system):

> tshark ( Wireshark command-line version )

> ettercap (used only for ARP spoofing, so you can use arpspoof instead )

> nmap

> iptables

(avaible pre installed on major of Linux os-)

Share us❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑#ExpertTip -if you have a fast server VPN Connection Must Be :


1️⃣The source port is bits 0-15. This is the packet source port that describes where the response packet should be sent. It can actually be set to zero if the port value is not applicable. For example, sometimes we do not need a response packet, then the packet can be installed on the zero port of the source. In most implementations, it is set to some port number.

2️⃣Destination port - bits 16-31. The destination port of the packet. This is required for all packets, unlike the packet source port.
As with the TCP protocol, one of the standard ports is usually used for the server (for example, port 53 for DNS servers), and the source port is selected arbitrarily for each connection, usually these are port numbers with a large number (tens of thousands).

3️⃣Length - bits 32-47. The length field indicates the length of the entire packet in octets, including the header and parts of the data. The shortest packet possible can be 8 octets long.
A field specifying the length of the entire datagram (header and data) in bytes. The minimum length is equal to the length of the header - 8 bytes. Theoretically, the maximum field size is 65535 bytes for a UDP datagram (8 bytes per header and 65527 per data). The actual limit for data length when using IPv4 is 65507 (in addition to 8 bytes per UDP header, another 20 by IP header is required).

4️⃣The checksum is bits 48-63. The checksum is the same checksum as in the TCP header, except that it contains a different data set. In other words, this is in addition to the sum of the extra parts of the IP header, the entire UDP header, UDP data, and the padding at the end when necessary.

>The checksum field is used to check the header and data for errors. If the sum is not generated by the transmitter, then the field is filled with zeros. This field is optional for IPv4.

Share us❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑How spam facebook message ?

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣pkg install update

2️⃣pkg install upgrade

3️⃣pkg install git

4️⃣pkg install python2

5️⃣pip2 install --upgrade pip

6️⃣git clone https://github.com/errorBrain/spamchat.git

7️⃣cd Spamchat

8️⃣pip2 install -r requirements.txt

9️⃣python2 messenger.py

🔟setup message 

Share us❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑HttpLiveProxyGrabber termux-linux
#ToolsforNoobs

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/04x/HttpLiveProxyGrabber.git

2️⃣cd HttpLiveProxyGrabber

3️⃣python2 ProxGrab.py

4️⃣Choose options via numbers 

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Some of the vulnerabilities in a web application that contains DVWA;
#FastTips :

1️⃣Brute force : Brute force HTTP form login page; used to test brute force password attack tools and shows the insecurity of weak passwords.

2️⃣Execution (implementation) of commands : Execution of commands at the operating system level.

3️⃣Cross-Site Request Forgery (CSRF): Allows the attacker to change the application administrator password.

4️⃣File Inclusion : Allows an “attacker” to attach remote / local files to a web application.

5️⃣SQL injection: Allows an “attacker” to inject SQL expressions into HTTP from the input field; DVWA includes blind and error-based SQL injection.
Insecure file upload : Allows an “attacker” to upload malicious files to a web server.

6️⃣Cross Site Scripting (XSS) : Attacker can embed its scripts in a web application / database. DVWA includes mirrored and stored XSS.

7️⃣Easter eggs: revealing full paths, authentication bypass, and some others.
Homepage: http://dvwa.co.uk/


Share us❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

#Promotion FREE PRO ACCOUNTS


SOME SHITS SELL THOSE 🤣🤣

@PremiumHostTG

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑IMPORTANT FOR IMAGE PAYLOADs a real trick #ForExperts Bypassing CSP using polyglot JPEGs :

🦑THE CHALLENGE :

> James challenged me to see whether a JavaScript / JPEG polyglot could be created. Doing so will allow me to bypass CSP on almost every website that hosts images posted from the same domain.

>I happily took up the task, and began to analyze the structure. A current non-ASCII JavaScript vector 0xFF 0xD8 0xFF 0xE0 is the first four Bits. The next two bytes then specify the JPEG header length. If we use the bytes 0x2F 0x2A as header frequency, as you might guess we have a non-ASCII variable followed by a multi-line JavaScript comment. We then have to pad out the JPEG header to the length of 0x2F2A with nulls. Here's what it looks like:

FF D8 FF E0 2F 2A 4A 46 49 46 00 01 01 01 00 48 00 48 00 00 00 00 00 00 00 00 00 00....

1️⃣Inside a JPEG comment we can close the JavaScript comment and create an assignment for our non-ASCII JavaScript variable followed by our payload, then create another multi-line comment at the end of the JPEG comment.

FF FE 00 1C 2A 2F 3D 61 6C 65 72 74 28 22 42 75 72 70 20 72 6F 63 6B 73 2E 22 29 3B 2F 2A

2️⃣0xFF 0xFE is the comment header 0x00 0x1C specifies the length of the comment then the rest is our JavaScript payload which is of course */=alert("Burp rocks.")/*

3️⃣Next we need to close the comment on JavaScript, I edited the last four bytes of the image data before the image marker ends. This is what the file end looks like:

2A 2F 2F 2F FF D9

0xFF 0xD9 is the end of image marker.

4️⃣Nice so our JPEG polyglot is here, actually not yet. When using a UTF-8 character set for the text it corrupts our polyglot when it is used as a file, it works well if you do not require a charset except on Firefox! On MDN it does not say that the charset attribute is provided by the script but does. So you need to specify the ISO-8859-1 charset on the script tag to get the script to work

> It's worth noting that the polyglot JPEG works on Safari, Firefox, Edge and IE11. Chrome sensibly does not execute the image as JavaScript.

🦑The code to execute the image as JavaScript is as follows:

<script charset="ISO-8859-1" src="http://portswigger-labs.net/polyglot/jpeg/xss.jpg"></script>

5️⃣I tried to post this image as a photo of the phpBB profile but it does have restrictions. There is a limit on file size of 6k and a fixed resolution of 90x90. By cropping, I reduced the size of the logo and pondered how I could reduce the JPEG data.In the JPEG header I use /* which in hex is 0x2F and 0x2A, combined 0x2F2A which results in a length of 12074 which is a lot of padding and will result in a graphic far too big to fit as a profile picture. Looking at the ASCII table I tried to find a combination of characters that would be valid JavaScript and reduce the amount of padding required in the JPEG header whilst still being recognised as a valid JPEG file.

6️⃣The smallest starting byte I could find was 0x9 (a tab character) followed by 0x3A (a colon) which results in a combined hex value of 0x093A (2362) that shaves a lot of bytes from our file and creates a valid non-ASCII JavaScript label statement, followed by a variable using the JFIF identifier. Then I place a forward slash 0x2F instead of the NULL character at the end of the JFIF identifier and an asterisk as the version number. Here's what the hex looks like:

FF D8 FF E0 09 3A 4A 46 49 46 2F 2A

7️⃣Now we continue the rest of the JPEG header then pad with NULLs and inject our JavaScript payload:

FF D8 FF E0 09 3A 4A 46 49 46 2F 2A 01 01 00 48 00 48 00 00 00 00 00 00 00 ... (padding more nulls) 2A 2F 3D 61 6C 65 72 74 28 22 42 75 72 70 20 72 6F 63 6B 73 2E 22 29 3B 2F 2A

8️⃣If you allow users to upload JPEGs, these uploads are on the same domain as your app, and your CSP allows script from "self", you can bypass the CSP using a polyglot JPEG by injecting a script and pointing it to that image.

Share us❤️👍🏻
powered by wiki & written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Support & Share :

T.me/UndercodeTesting
T.me/UndercodeHacking
T.me/UndercodeSecurity

:)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Carding : 2020- find Breached Credit Cards Information


> THE TOOL SEARCH IN breached credit card details avaliable on the following 17 Websites:-

* cl1p.net
* dpaste
* dumpz.org
* hastebin
* ideone
* pastebin
* pw.fabian-fingerle.de
* gist.github.com
* heypasteit.com
* ivpaste.com
* mysticpaste.com
* paste.org.ru
* paste2.org
* sebsauvage.net/paste/
* slexy.org
* squadedit.com
* wklej.se
* textsnip.com

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/itsmehacker/CardPwn.git

2️⃣cd CardPwn

3️⃣pip3 install -r requirements.txt

🦑Tested On

Kali L
Ubuntu
Nethunter

> This tool is a Proof of Concept and is for Educational Purposes Only.


Share us❤️👍🏻
✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁