β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best free DNS servers of 2020 :
OpenDNS
208.67.222.222
Owned by Cisco, OpenDNS has two free options: Family Shield and Home. Family Shield is good for parents who want to make sure their kids canβt access inappropriate content. Home focuses on internet safety and performance.
Cloudflare
1.1.1.1
The βfastest DNS resolver on Earth,β Cloudflareβs free DNS service has:
Unmetered mitigation of DDoS
Global CDN
Shared SSL certificate
Three-page rules
Unlimited bandwidth
1.1.1.1 with Warp
1.1.1.1
A Cloudflare subproduct, 1.1.1.1 with Warp is designed for mobile devices. When you download the app on your smartphone or tablet, it βreplaces the connection between your phone and the internet with a modern, optimized, protocol.β They also pledge to never sell your data.
Google Public DNS
8.8.8.8
Googleβs own DNS product is also free. It focuses on βspeed, security, and validity of results.β It only offers DNS resolution and caching β there is no site-blocking with Public DNS.
Comodo Secure DNS
8.26.56.26
Comodo Secure DNSβs cloud-based Dome Shield Gold package is free (up to 300,000 monthly DNS requests). This gets you:
Protection against malicious domain requests and IP responses
Security from advanced threats like phishing, malware, malicious sites, botnets, C&C callback events, spyware, drive-by-downloads, XXS-injected sites, cookie stealing, anonymizers, TOR encrypted files and web attacks
Multi-location, multi-user and the ability to control network protection remotely
Block pages and domain filtering
Mobile apps
Reporting
Off-network protection
Quad9
9.9.9.9
Quad9 emphasizes security, privacy and performance β the company was founded on the goal to make the internet safer for everyone. It blocks malicious domains, phishing and malware while maintaining your anonymity. Quad9 is constantly expanding to new regions. Right now, it comes in at No. 6 on the DNS Performance Analytics and Comparison ratings.
Verisign Public DNS
64.6.65.6
Verisign touts its superior stability and security features, plus the fact that they donβt sell user data to any third-party companies or for selling/targeting ads.
OpenNIC
13.239.157.177
At its core, OpenNIC is an attempt to combat censorship. Volunteer-run, this free DNS server makes the entire web accessible to everyone. They also prevent βDNS hijackingβ which is when an ISP takes over commonly mistyped URLs.
UncensoredDNS
91.239.100.100
Completely run and funded by founder Thomas Steen Rasmussen, UncensoredDNS is based in Denmark. Itβs a great option for those local to FreeDNS, complete with security features, performance enhancement and reliability.
CleanBrowsing
185.228.168.168
Both free and paid versions of CleanBrowsing are available. The free DNS server focuses on privacy, especially for households with children. It comes with three free filters and blocks most adult content.
Yandex DNS
77.88.8.7
This Russia-based option has a whole list of features:
Performance β Gets you faster access to the web
Protection β Blocks malware and bots
Content filtering β Prohibits access to adult content
UltraRecursive DNS
156.154.70.1
Neustarβs UltraRecursive DNS is also a well-rounded option. It offers performance enhancement with quick query resolution and a reliable infrastructure. It also blocks malware, malicious websites, phishing, spyware and bots (plus DDoS protection). Itβll also block inappropriate or adult content.
Alternate DNS
198.101.242.72
Sick of seeing so many ads online? Alternate DNS is the solution for you. They maintain a database of known ad-serving domains and send a null response to block ads before they connect to your network.
AdGuard DNS
176.103.130.130
AdGuard DNS also focuses on ad blocking. It also blocks counters, malicious websites, and adult content.
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best free DNS servers of 2020 :
OpenDNS
208.67.222.222
Owned by Cisco, OpenDNS has two free options: Family Shield and Home. Family Shield is good for parents who want to make sure their kids canβt access inappropriate content. Home focuses on internet safety and performance.
Cloudflare
1.1.1.1
The βfastest DNS resolver on Earth,β Cloudflareβs free DNS service has:
Unmetered mitigation of DDoS
Global CDN
Shared SSL certificate
Three-page rules
Unlimited bandwidth
1.1.1.1 with Warp
1.1.1.1
A Cloudflare subproduct, 1.1.1.1 with Warp is designed for mobile devices. When you download the app on your smartphone or tablet, it βreplaces the connection between your phone and the internet with a modern, optimized, protocol.β They also pledge to never sell your data.
Google Public DNS
8.8.8.8
Googleβs own DNS product is also free. It focuses on βspeed, security, and validity of results.β It only offers DNS resolution and caching β there is no site-blocking with Public DNS.
Comodo Secure DNS
8.26.56.26
Comodo Secure DNSβs cloud-based Dome Shield Gold package is free (up to 300,000 monthly DNS requests). This gets you:
Protection against malicious domain requests and IP responses
Security from advanced threats like phishing, malware, malicious sites, botnets, C&C callback events, spyware, drive-by-downloads, XXS-injected sites, cookie stealing, anonymizers, TOR encrypted files and web attacks
Multi-location, multi-user and the ability to control network protection remotely
Block pages and domain filtering
Mobile apps
Reporting
Off-network protection
Quad9
9.9.9.9
Quad9 emphasizes security, privacy and performance β the company was founded on the goal to make the internet safer for everyone. It blocks malicious domains, phishing and malware while maintaining your anonymity. Quad9 is constantly expanding to new regions. Right now, it comes in at No. 6 on the DNS Performance Analytics and Comparison ratings.
Verisign Public DNS
64.6.65.6
Verisign touts its superior stability and security features, plus the fact that they donβt sell user data to any third-party companies or for selling/targeting ads.
OpenNIC
13.239.157.177
At its core, OpenNIC is an attempt to combat censorship. Volunteer-run, this free DNS server makes the entire web accessible to everyone. They also prevent βDNS hijackingβ which is when an ISP takes over commonly mistyped URLs.
UncensoredDNS
91.239.100.100
Completely run and funded by founder Thomas Steen Rasmussen, UncensoredDNS is based in Denmark. Itβs a great option for those local to FreeDNS, complete with security features, performance enhancement and reliability.
CleanBrowsing
185.228.168.168
Both free and paid versions of CleanBrowsing are available. The free DNS server focuses on privacy, especially for households with children. It comes with three free filters and blocks most adult content.
Yandex DNS
77.88.8.7
This Russia-based option has a whole list of features:
Performance β Gets you faster access to the web
Protection β Blocks malware and bots
Content filtering β Prohibits access to adult content
UltraRecursive DNS
156.154.70.1
Neustarβs UltraRecursive DNS is also a well-rounded option. It offers performance enhancement with quick query resolution and a reliable infrastructure. It also blocks malware, malicious websites, phishing, spyware and bots (plus DDoS protection). Itβll also block inappropriate or adult content.
Alternate DNS
198.101.242.72
Sick of seeing so many ads online? Alternate DNS is the solution for you. They maintain a database of known ad-serving domains and send a null response to block ads before they connect to your network.
AdGuard DNS
176.103.130.130
AdGuard DNS also focuses on ad blocking. It also blocks counters, malicious websites, and adult content.
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AdGuard exposes 295 malicious Chrome extensions that hijack Google and Bing search results
> AdGuard, an ad blocking solution company, pointed out that it recently discovered 295 malicious Chrome extensions. Its characteristic is to hijack the search results of Google and Bing and insert advertisements in them. It is reported that AdGuard employees are researching a series of methods to find fake ad blocking extensions from Googleβs official Chrome web store, and also found some malicious extensions posing as weather forecast widgets or screenshot tools.
> Most of the malicious extensions (245/295) found by AdGuard are fairly simple utilities. Apart from applying a custom background for Chromeβs "New Tab Page", there is no additional use.
However, in the technical analysis shared with ZDNet, AdGuard stated that it found malicious code loaded from the fly-analytics.com domain in all these malicious extensions, and the follow-up was to secretly inject ads into the search results of Google and Bing. .
π¦ormat: extension ID extension name
β flbcjbhgomclbhlchggbmnpekhfeacim, "ScreenShot & Screen Capture Elite"
β aadmpgppfacognoeobmheghfiibdplcf, "Kawaii Wallpaper HD Custom New Tab"
β abgfholnofpihncfdmombecmohpkojdb, βShadow Of The Tomb Raider Wallpaper New Tabβ
β aciloeifdphkogbpagikkpiecbjkmedn, "Kpop SHINee Wallpapers HD New Tab"
β acmgemnaochmalgkipbamjddcplkdmjm, "Tokyo Ghoul Wallpaper HD Custom New Tab"
β addpbbembilhmnkjpenjgcgmihlcofja, "Mega Man Wallpaper HD Custom New Tab"
β adfjcmhegakkhojnallobfjbhenbkopj, βWeather forecast for Chromeβ’β
β aeklcpmgaadjpglhjmcidlekijpnmdhc, "Kpop Blackpink Wallpaper HD Custom New Tab"
β afifalglopajkmdkgnphpfkmgpgdngfj, βKpop Red Velvet HD NewTab Themesβ
β agldjlpmeladgadoikdbndmeljpmnajl, "Tumblr Wallpapers Wallpaper HD Custom New Tab"
β ahmmgfhcokekfofjdndgmkffifklogbo, "season 6 fortnite HD Wallpapers NewTab"
β aippaajbmefpjeajhgaahmicdpgepnnm, "Unicorn Wallpaper HD Custom New Tab"
β akdpobnbjepjbnjklkkbdafemhnbfldj, "My Hero Academia Wallpaper HD Custom New Tab"
β akhiflcfcbnheaofcaflofbmnkmjlnno, βCs Go Wallpaper HD Custom New Tabβ
β aklklkifmplgnobmieahildcfble AMD b, "Super Junior Wallpapers Eunhyuk"
β alppaffmlaefpmopolgpkgmncopkbbep, "Boku No Hero Academia Wallpaper HD New Tab"
β amdnpfcpjglkdfcigaccfgmlmdepdpeo, "D.Gray-man Backgrounds New Tab"
β aomepndmhbbklcjcknnhdabaaofahjcj, "Super Cars β Sports Cars Wallpaper HD New Tab"
β badbchbijjjadlpjkkhmefaghggjjeha, βLil Pump HD New Tabβ
β bbbdfjdplonnggfjjbjhggobffkggnkm, "3D Wallpaper HD Custom New Tab"
β bbdldenhkjcoikalkfkgolomdpnncofc, "Snowman & Gingerbread New Tab Constellations"
β bcdjcbgogdomoebdcbniaifnacjbglil, βGucci Tab Themes HD Bapeβ
β bcepmajicjlaoleoljbpaemkfghohmib, βBulldogs Tabβ
β bdbablmeheiahecklheciomhmkplcoml, "Kobe Bryant β Black Mamba New Tab Themes HD"
β bfeecodfffgkdedfhmgbfindokikafid, "GTA 5 Grand Theft Auto"
β bhifimmocncplbnikchffepggmofkake, "Bangtan Boys Wallpaper HD Custom New Tab"
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AdGuard exposes 295 malicious Chrome extensions that hijack Google and Bing search results
> AdGuard, an ad blocking solution company, pointed out that it recently discovered 295 malicious Chrome extensions. Its characteristic is to hijack the search results of Google and Bing and insert advertisements in them. It is reported that AdGuard employees are researching a series of methods to find fake ad blocking extensions from Googleβs official Chrome web store, and also found some malicious extensions posing as weather forecast widgets or screenshot tools.
> Most of the malicious extensions (245/295) found by AdGuard are fairly simple utilities. Apart from applying a custom background for Chromeβs "New Tab Page", there is no additional use.
However, in the technical analysis shared with ZDNet, AdGuard stated that it found malicious code loaded from the fly-analytics.com domain in all these malicious extensions, and the follow-up was to secretly inject ads into the search results of Google and Bing. .
π¦ormat: extension ID extension name
β flbcjbhgomclbhlchggbmnpekhfeacim, "ScreenShot & Screen Capture Elite"
β aadmpgppfacognoeobmheghfiibdplcf, "Kawaii Wallpaper HD Custom New Tab"
β abgfholnofpihncfdmombecmohpkojdb, βShadow Of The Tomb Raider Wallpaper New Tabβ
β aciloeifdphkogbpagikkpiecbjkmedn, "Kpop SHINee Wallpapers HD New Tab"
β acmgemnaochmalgkipbamjddcplkdmjm, "Tokyo Ghoul Wallpaper HD Custom New Tab"
β addpbbembilhmnkjpenjgcgmihlcofja, "Mega Man Wallpaper HD Custom New Tab"
β adfjcmhegakkhojnallobfjbhenbkopj, βWeather forecast for Chromeβ’β
β aeklcpmgaadjpglhjmcidlekijpnmdhc, "Kpop Blackpink Wallpaper HD Custom New Tab"
β afifalglopajkmdkgnphpfkmgpgdngfj, βKpop Red Velvet HD NewTab Themesβ
β agldjlpmeladgadoikdbndmeljpmnajl, "Tumblr Wallpapers Wallpaper HD Custom New Tab"
β ahmmgfhcokekfofjdndgmkffifklogbo, "season 6 fortnite HD Wallpapers NewTab"
β aippaajbmefpjeajhgaahmicdpgepnnm, "Unicorn Wallpaper HD Custom New Tab"
β akdpobnbjepjbnjklkkbdafemhnbfldj, "My Hero Academia Wallpaper HD Custom New Tab"
β akhiflcfcbnheaofcaflofbmnkmjlnno, βCs Go Wallpaper HD Custom New Tabβ
β aklklkifmplgnobmieahildcfble AMD b, "Super Junior Wallpapers Eunhyuk"
β alppaffmlaefpmopolgpkgmncopkbbep, "Boku No Hero Academia Wallpaper HD New Tab"
β amdnpfcpjglkdfcigaccfgmlmdepdpeo, "D.Gray-man Backgrounds New Tab"
β aomepndmhbbklcjcknnhdabaaofahjcj, "Super Cars β Sports Cars Wallpaper HD New Tab"
β badbchbijjjadlpjkkhmefaghggjjeha, βLil Pump HD New Tabβ
β bbbdfjdplonnggfjjbjhggobffkggnkm, "3D Wallpaper HD Custom New Tab"
β bbdldenhkjcoikalkfkgolomdpnncofc, "Snowman & Gingerbread New Tab Constellations"
β bcdjcbgogdomoebdcbniaifnacjbglil, βGucci Tab Themes HD Bapeβ
β bcepmajicjlaoleoljbpaemkfghohmib, βBulldogs Tabβ
β bdbablmeheiahecklheciomhmkplcoml, "Kobe Bryant β Black Mamba New Tab Themes HD"
β bfeecodfffgkdedfhmgbfindokikafid, "GTA 5 Grand Theft Auto"
β bhifimmocncplbnikchffepggmofkake, "Bangtan Boys Wallpaper HD Custom New Tab"
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to learn software reverse engineering skills :
1) In reverse analysis, many people will go to the Internet to learn tutorials such as shelling, and will teach you where to place a breakpoint. After pressing F7, F8, F9 a few times, you will reach the designated position and right-click to shell. This series The operation is the accumulation of years of experience of the master.
- You may have learned this simplest solution, but you do not understand the specific principles. The first person to propose a solution needs to walk through the various pits of this shell to form this so-called skill. It is to save time and labor costs, repeat the work countless times without affecting the quality of the solution.
2) As far as the confrontation industry is concerned, there is no chance. If you can rub your opponent on the ground, you will win. Similarly, many times we only see the glamorous side of security analysts, and only see the patch and attack in the last few seconds, but we donβt know that the analyst has been tortured by this shell and debugging. Repeatedly lying in the pit can finally solve it. . Therefore, what confronts the test is human willfulness and basic skills.
π °οΈWillfulness: Supported by Belief
π ±οΈBasic skills: write code, read code
3) Basic skills are very important. There are a lot of tutorials on the Internet, such as learning to shell out in three days and anti-debugging in two days, but we need basic skills. For example, during the reverse analysis of minesweeping, there are also many tutorials about OllyDbg.
4) They explain in detail what each function does. These functions can actually be learned briefly. What we need to do is to make the code of the disassembly window shown in in @UndercodeTesting next this chat
. It's OK to understand. These automated tools may not be very familiar, but work efficiency is slower; but from another perspective, if you can use every function and shortcut in the OD tool, but the code in the disassembly window is not understandable, then you will use it. ? Therefore, everyone's attention should be placed on the disassembly window.
written
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to learn software reverse engineering skills :
1) In reverse analysis, many people will go to the Internet to learn tutorials such as shelling, and will teach you where to place a breakpoint. After pressing F7, F8, F9 a few times, you will reach the designated position and right-click to shell. This series The operation is the accumulation of years of experience of the master.
- You may have learned this simplest solution, but you do not understand the specific principles. The first person to propose a solution needs to walk through the various pits of this shell to form this so-called skill. It is to save time and labor costs, repeat the work countless times without affecting the quality of the solution.
2) As far as the confrontation industry is concerned, there is no chance. If you can rub your opponent on the ground, you will win. Similarly, many times we only see the glamorous side of security analysts, and only see the patch and attack in the last few seconds, but we donβt know that the analyst has been tortured by this shell and debugging. Repeatedly lying in the pit can finally solve it. . Therefore, what confronts the test is human willfulness and basic skills.
π °οΈWillfulness: Supported by Belief
π ±οΈBasic skills: write code, read code
3) Basic skills are very important. There are a lot of tutorials on the Internet, such as learning to shell out in three days and anti-debugging in two days, but we need basic skills. For example, during the reverse analysis of minesweeping, there are also many tutorials about OllyDbg.
4) They explain in detail what each function does. These functions can actually be learned briefly. What we need to do is to make the code of the disassembly window shown in in @UndercodeTesting next this chat
. It's OK to understand. These automated tools may not be very familiar, but work efficiency is slower; but from another perspective, if you can use every function and shortcut in the OD tool, but the code in the disassembly window is not understandable, then you will use it. ? Therefore, everyone's attention should be placed on the disassembly window.
written
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Page Admin Disclosure _ Facebook Bug Bounty 2019.pdf
645.1 KB
Page Admin Disclosure _ Facebook Bug Bounty 2019
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST IP Camera CVE :
1) CVE-2020-3110 A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.
2) CVE-2020-11625 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from
3) CVE-2020-7057.
CVE-2020-11624 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors.
4) CVE-2020-11623 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable.
5) CVE-2019-9676 Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.
π¦BEST IP Camera CVE :
1) CVE-2020-3110 A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.
2) CVE-2020-11625 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from
3) CVE-2020-7057.
CVE-2020-11624 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors.
4) CVE-2020-11623 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable.
5) CVE-2019-9676 Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.
6) CVE-2019-7315 Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).
7) CVE-2019-18382 An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
CVE-2019-14458 VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
5) CVE-2019-14457 VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
cve dark wiki source
β β β Uππ»βΊπ«Δπ¬πβ β β β
7) CVE-2019-18382 An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
CVE-2019-14458 VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
5) CVE-2019-14457 VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
cve dark wiki source
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the content on www.example.com/portal/login it's not allowed to be indexed by crawlers like Google, Bing, Yahoo... This is the way the administrator have to not share sensitive or private information with the search engines.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/behindthefirewalls/Parsero.git
2) cd Parsero
3) By using setup.py script
sudo setup.py install
4) By using pip3
sudo apt-get install python3-pip
sudo pip3 install parsero
5) In Kali Linux
sudo apt-get update
sudo apt-get install parsero
6) example usage :
root@kali:~# parsero -u www.example.com -sb
π¦compatible with termux
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the content on www.example.com/portal/login it's not allowed to be indexed by crawlers like Google, Bing, Yahoo... This is the way the administrator have to not share sensitive or private information with the search engines.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/behindthefirewalls/Parsero.git
2) cd Parsero
3) By using setup.py script
sudo setup.py install
4) By using pip3
sudo apt-get install python3-pip
sudo pip3 install parsero
5) In Kali Linux
sudo apt-get update
sudo apt-get install parsero
6) example usage :
root@kali:~# parsero -u www.example.com -sb
π¦compatible with termux
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - behindthefirewalls/Parsero: Parsero | Robots.txt audit tool
Parsero | Robots.txt audit tool. Contribute to behindthefirewalls/Parsero development by creating an account on GitHub.
-dev-random - Useful WinDbg Resources.pdf
3.2 MB
-dev-random
- Useful WinDbg Resources
full with pictures
- Useful WinDbg Resources
full with pictures
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 FACEBOOK HACKING :
π¦FEATURES :
Facebook friend info fetcher
Get ID from friend
Get ID friend from friend
Get group member ID
Get email friend
Get email friend from friend
Get a friend's phone number
Get a friend's phone number from friend
Mini Hack Facebook(Target)
Multi Bruteforce Facebook
Super Multi Bruteforce Facebook
BruteForce(Target)
Yahoo Checker
Bot Reactions Target Post
Bot Reactions group Post
BOT COMMENT Target Post
BOT COMMENT group Post
Mass delete Post
Mass accept friends
Mass delete friend
ACreate Post
Create Wordlist
Account Checker
See my group list
Profile Guard
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) $ git clone https://github.com/mkdirlove/FBTOOL
2) $ cd FBTOOL
USAGE
3) $ sudo python2 fbtool.py
or
$ python2 fbtool.py
or
$ sudo python2 fbtool-v2.py
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 FACEBOOK HACKING :
π¦FEATURES :
Facebook friend info fetcher
Get ID from friend
Get ID friend from friend
Get group member ID
Get email friend
Get email friend from friend
Get a friend's phone number
Get a friend's phone number from friend
Mini Hack Facebook(Target)
Multi Bruteforce Facebook
Super Multi Bruteforce Facebook
BruteForce(Target)
Yahoo Checker
Bot Reactions Target Post
Bot Reactions group Post
BOT COMMENT Target Post
BOT COMMENT group Post
Mass delete Post
Mass accept friends
Mass delete friend
ACreate Post
Create Wordlist
Account Checker
See my group list
Profile Guard
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) $ git clone https://github.com/mkdirlove/FBTOOL
2) $ cd FBTOOL
USAGE
3) $ sudo python2 fbtool.py
or
$ python2 fbtool.py
or
$ sudo python2 fbtool-v2.py
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - mkdirlove/FBTOOL: All in one Facebook hacking tool for noobz.
All in one Facebook hacking tool for noobz. Contribute to mkdirlove/FBTOOL development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦APACHE CONFIGURATION :
[root@localhost opt]# tar zxvf apr-1.7.0.tar.gz -C /opt
[root@localhost opt]# tar zxvf apr-util-1.6.1.tar.gz -C /opt
[root@localhost opt]# tar zxvf httpd-2.4.25.tar.gz -C /opt
[root@localhost opt]# mv apr-1.7.0/ httpd-2.4.25/srclib/apr
[root@localhost opt]# mv apr-util-1.6.1/ httpd-2.4.25/srclib/apr-util
[root@localhost opt]# yum -y install gcc gcc-c++ make pcre-devel expat-devel perl
[root@localhost opt]# yum -y install zlib-devel /
[root@localhost httpd-2.4.25]# ./configure \
>--prefix=/usr/local/httpd \
>--enable-so--enable-rewrite\
>--enable-charset-lite\
>--enable-cgi
>--enable-deflate
[root@localhost httpd-2.4.25]#make
[root@localhost httpd-2.4.25]#make install
[root@localhost httpd-2.4.25]# cd /usr/local/
[root@localhost local]# cd httpd/
[root@localhost httpd]# cd conf/
[root@promote bin]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@promote bin]# ls /etc/init.d
functions httpd netconsole network README
[root@promote bin]# vim /etc/init.d
[root@promote bin]# vim /etc/init.d/httpd
#!/bin/sh
#description:Apache is a World Wide Web server
[root@promote local]# chkconfig --add httpd
[root@promote /]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
[root@promote local]# cd /usr/local/httpd/conf
[root@promote conf]# vim httpd.conf
Listen 192.168.75.134:80 /
#Listen 80
#ServerName www.kgc.com:80 //
[root@promote /]# ln -s /usr/local/httpd//bin/* /usr/local/bin /
/usr/local/bin
[root@promote /]# ls /usr/local/httpd//bin
ab checkgid htcacheclean httxt2dbm
apachectl dbmmanage htdbm logresolve
apr-1-config envvars htdigest rotatelogs
apu-1-config envvars-std htpasswd
apxs fcgistarter httpd
[root@promote /]# service httpd start
httpd (pid 66785) already running
[root@promote /]# httpd -t
Syntax OK
[root@promote /]# netstat -ntap | grep 80
tcp 0 0 192.168.75.134:80 0.0.0.0:* LISTEN 66785/httpd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8031/dnsmasq
[root@promote /]#
[root@promote /]# iptables -F
[root@promote /]# setenforce 0
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦APACHE CONFIGURATION :
[root@localhost opt]# tar zxvf apr-1.7.0.tar.gz -C /opt
[root@localhost opt]# tar zxvf apr-util-1.6.1.tar.gz -C /opt
[root@localhost opt]# tar zxvf httpd-2.4.25.tar.gz -C /opt
[root@localhost opt]# mv apr-1.7.0/ httpd-2.4.25/srclib/apr
[root@localhost opt]# mv apr-util-1.6.1/ httpd-2.4.25/srclib/apr-util
[root@localhost opt]# yum -y install gcc gcc-c++ make pcre-devel expat-devel perl
[root@localhost opt]# yum -y install zlib-devel /
[root@localhost httpd-2.4.25]# ./configure \
>--prefix=/usr/local/httpd \
>--enable-so--enable-rewrite\
>--enable-charset-lite\
>--enable-cgi
>--enable-deflate
[root@localhost httpd-2.4.25]#make
[root@localhost httpd-2.4.25]#make install
[root@localhost httpd-2.4.25]# cd /usr/local/
[root@localhost local]# cd httpd/
[root@localhost httpd]# cd conf/
[root@promote bin]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@promote bin]# ls /etc/init.d
functions httpd netconsole network README
[root@promote bin]# vim /etc/init.d
[root@promote bin]# vim /etc/init.d/httpd
#!/bin/sh
#description:Apache is a World Wide Web server
[root@promote local]# chkconfig --add httpd
[root@promote /]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
[root@promote local]# cd /usr/local/httpd/conf
[root@promote conf]# vim httpd.conf
Listen 192.168.75.134:80 /
#Listen 80
#ServerName www.kgc.com:80 //
[root@promote /]# ln -s /usr/local/httpd//bin/* /usr/local/bin /
/usr/local/bin
[root@promote /]# ls /usr/local/httpd//bin
ab checkgid htcacheclean httxt2dbm
apachectl dbmmanage htdbm logresolve
apr-1-config envvars htdigest rotatelogs
apu-1-config envvars-std htpasswd
apxs fcgistarter httpd
[root@promote /]# service httpd start
httpd (pid 66785) already running
[root@promote /]# httpd -t
Syntax OK
[root@promote /]# netstat -ntap | grep 80
tcp 0 0 192.168.75.134:80 0.0.0.0:* LISTEN 66785/httpd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8031/dnsmasq
[root@promote /]#
[root@promote /]# iptables -F
[root@promote /]# setenforce 0
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦File Systems types :
A file system is a type of database used for storing, updating, and retrieving files or several numbers of files. It is a way in which files are archived logically and named for archiving and recovery. There are different types of File systems mentioned below :
Windows file system: Microsoft Windows uses only two types of FAT and NTFS.
1) FAT, which means βfile allocation tableβ, is the simplest type of file system containing a boot sector, a file allocation table, and a simple storage space for storing files and folders. Recently, FAT came in FAT16, FAT12, and FAT32. FAT32 is compatible with Windows-based storage devices. Windows cannot create a FAT32 file system with a file bigger than 32 GB.
2) NTFS, abbreviation of βNew Technology File System,β is now a default file system for files greater than 32 GB. Encryption and Access control are some main properties of this file system.
Linux file system: Linux is a widely used, open-source operating system, and was developed for testing and development. This OS was intended to use different file system concepts. In Linux, there are several types of file systems.
3) Ext2, Ext3, Ext4 β This is the local, or default, Linux file system. The root filesystem is generally mcapped to the entire Linux distribution. The Ext3 file system is an excellent update of the previously used Ext2 file system; it uses the transactional file writing operation. Ext4 is an extension file that supports Ext3 information and file attribution.
4) ReiserFS β The file system problem is solved by saving a lot of small files at once. There is a good laugh by the file manager, and the permission of the compatible file, the storage of the file code, the file contains metadata in the mode of not using the large file system due to its size.
5) XFS β The XFS file system works well and is widely used for file archiving. This file system type is popular on IRIX servers.
6) JFS β IBM developed this file system, and it has become a file system that is used on almost all Linux distributions
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦File Systems types :
A file system is a type of database used for storing, updating, and retrieving files or several numbers of files. It is a way in which files are archived logically and named for archiving and recovery. There are different types of File systems mentioned below :
Windows file system: Microsoft Windows uses only two types of FAT and NTFS.
1) FAT, which means βfile allocation tableβ, is the simplest type of file system containing a boot sector, a file allocation table, and a simple storage space for storing files and folders. Recently, FAT came in FAT16, FAT12, and FAT32. FAT32 is compatible with Windows-based storage devices. Windows cannot create a FAT32 file system with a file bigger than 32 GB.
2) NTFS, abbreviation of βNew Technology File System,β is now a default file system for files greater than 32 GB. Encryption and Access control are some main properties of this file system.
Linux file system: Linux is a widely used, open-source operating system, and was developed for testing and development. This OS was intended to use different file system concepts. In Linux, there are several types of file systems.
3) Ext2, Ext3, Ext4 β This is the local, or default, Linux file system. The root filesystem is generally mcapped to the entire Linux distribution. The Ext3 file system is an excellent update of the previously used Ext2 file system; it uses the transactional file writing operation. Ext4 is an extension file that supports Ext3 information and file attribution.
4) ReiserFS β The file system problem is solved by saving a lot of small files at once. There is a good laugh by the file manager, and the permission of the compatible file, the storage of the file code, the file contains metadata in the mode of not using the large file system due to its size.
5) XFS β The XFS file system works well and is widely used for file archiving. This file system type is popular on IRIX servers.
6) JFS β IBM developed this file system, and it has become a file system that is used on almost all Linux distributions
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE HACKING
π¦2020 FULL WIFI EXPLOIT-USING PYTHON3 SCAPY
β VERIFIED BY UNDERCODE
https://pastebin.com/Jp4Pizbq
β VERIFIED BY UNDERCODE
https://pastebin.com/Jp4Pizbq
Pastebin
2020 full wifi exploit - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best 2020 youtube downloader apps for android :
https://www.snaptubeapp.com/
https://instube.com/
https://www.yt3dl.net/
https://keepvid.com/
https://tubemate.net/
https://www.videoder.net/
https://play.google.com/store/apps/details?id=com.google.android.apps.youtube.mango
https://apkpure.com/youtube-downloader/com.tubeone3.ramzy
their is much more but those top working apps
π¦The best free YouTube downloader for windows
https://www.4kdownload.com/products/product-videodownloader
https://www.winxdvd.com/youtube-downloader/?__c=1
https://www.any-video-converter.com/products/for_video_free/?__c=1
https://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm
https://www.atube.me/
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best 2020 youtube downloader apps for android :
https://www.snaptubeapp.com/
https://instube.com/
https://www.yt3dl.net/
https://keepvid.com/
https://tubemate.net/
https://www.videoder.net/
https://play.google.com/store/apps/details?id=com.google.android.apps.youtube.mango
https://apkpure.com/youtube-downloader/com.tubeone3.ramzy
their is much more but those top working apps
π¦The best free YouTube downloader for windows
https://www.4kdownload.com/products/product-videodownloader
https://www.winxdvd.com/youtube-downloader/?__c=1
https://www.any-video-converter.com/products/for_video_free/?__c=1
https://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm
https://www.atube.me/
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Researchers demonstrated 4 new variants of HTTP request smuggling attacks
#NEWS
> A new study identified four new variants of HTTP request smuggling attacks, which can target various commercial off-the-shelf Web servers and HTTP proxy servers.
> Amit Klein, vice president of security research at SafeBreach , presented the findings at the Black Hat security conference on August 5. He said this attack highlights that web servers and HTTP proxy servers are still vulnerable to HTTP request smuggling (even since the first record It has been 15 years since).
π¦What is HTTP request smuggling?
> HTTP request smuggling (or HTTP asynchronous) is a technique used to interfere with the way a website processes a sequence of HTTP requests received from one or more users.
> When the front-end server (load balancer or proxy) and the back-end server interpret the boundaries of HTTP requests in different ways, there are usually vulnerabilities related to HTTP request smuggling, so that bad actors can send (or "smuggle") obscure requests , This takes precedence over the next legitimate user request. Such asynchrony of requests can be used to hijack credentials, inject responses to users, or even steal data from victims' requests and leak information to servers controlled by the attacker.
#news
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Researchers demonstrated 4 new variants of HTTP request smuggling attacks
#NEWS
> A new study identified four new variants of HTTP request smuggling attacks, which can target various commercial off-the-shelf Web servers and HTTP proxy servers.
> Amit Klein, vice president of security research at SafeBreach , presented the findings at the Black Hat security conference on August 5. He said this attack highlights that web servers and HTTP proxy servers are still vulnerable to HTTP request smuggling (even since the first record It has been 15 years since).
π¦What is HTTP request smuggling?
> HTTP request smuggling (or HTTP asynchronous) is a technique used to interfere with the way a website processes a sequence of HTTP requests received from one or more users.
> When the front-end server (load balancer or proxy) and the back-end server interpret the boundaries of HTTP requests in different ways, there are usually vulnerabilities related to HTTP request smuggling, so that bad actors can send (or "smuggle") obscure requests , This takes precedence over the next legitimate user request. Such asynchrony of requests can be used to hijack credentials, inject responses to users, or even steal data from victims' requests and leak information to servers controlled by the attacker.
#news
β β β Uππ»βΊπ«Δπ¬πβ β β β