▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑BEST IP Camera CVE :


1) CVE-2020-3110 A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.


2) CVE-2020-11625 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from

3) CVE-2020-7057.
CVE-2020-11624 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors.

4) CVE-2020-11623 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable.

5) CVE-2019-9676 Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.

6) CVE-2019-7315 Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).

7) CVE-2019-18382 An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
CVE-2019-14458 VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.

5) CVE-2019-14457 VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.

cve dark wiki source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST IP Camera CVE

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the content on www.example.com/portal/login it's not allowed to be indexed by crawlers like Google, Bing, Yahoo... This is the way the administrator have to not share sensitive or private information with the search engines.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/behindthefirewalls/Parsero.git

2) cd Parsero

3) By using setup.py script

sudo setup.py install

4) By using pip3

sudo apt-get install python3-pip
sudo pip3 install parsero

5) In Kali Linux

sudo apt-get update
sudo apt-get install parsero

6) example usage :

root@kali:~# parsero -u www.example.com -sb

🦑compatible with termux

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

24/24 posts enjoy & share us ❤️👍🏻

T.me/UndercodeTesting

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 FACEBOOK HACKING :

🦑FEATURES :

Facebook friend info fetcher
Get ID from friend
Get ID friend from friend
Get group member ID
Get email friend
Get email friend from friend
Get a friend's phone number
Get a friend's phone number from friend
Mini Hack Facebook(Target)
Multi Bruteforce Facebook
Super Multi Bruteforce Facebook
BruteForce(Target)
Yahoo Checker
Bot Reactions Target Post
Bot Reactions group Post
BOT COMMENT Target Post
BOT COMMENT group Post
Mass delete Post
Mass accept friends
Mass delete friend
ACreate Post
Create Wordlist
Account Checker
See my group list
Profile Guard

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) $ git clone https://github.com/mkdirlove/FBTOOL

2) $ cd FBTOOL
USAGE

3) $ sudo python2 fbtool.py
or

$ python2 fbtool.py
or
$ sudo python2 fbtool-v2.py

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑APACHE CONFIGURATION :

[root@localhost opt]# tar zxvf apr-1.7.0.tar.gz -C /opt
[root@localhost opt]# tar zxvf apr-util-1.6.1.tar.gz -C /opt
[root@localhost opt]# tar zxvf httpd-2.4.25.tar.gz -C /opt
[root@localhost opt]# mv apr-1.7.0/ httpd-2.4.25/srclib/apr
[root@localhost opt]# mv apr-util-1.6.1/ httpd-2.4.25/srclib/apr-util
[root@localhost opt]# yum -y install gcc gcc-c++ make pcre-devel expat-devel perl

[root@localhost opt]# yum -y install zlib-devel /
[root@localhost httpd-2.4.25]# ./configure \
>--prefix=/usr/local/httpd \
>--enable-so--enable-rewrite\
>--enable-charset-lite\
>--enable-cgi
>--enable-deflate
[root@localhost httpd-2.4.25]#make
[root@localhost httpd-2.4.25]#make install
[root@localhost httpd-2.4.25]# cd /usr/local/
[root@localhost local]# cd httpd/
[root@localhost httpd]# cd conf/
[root@promote bin]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@promote bin]# ls /etc/init.d
functions httpd netconsole network README
[root@promote bin]# vim /etc/init.d
[root@promote bin]# vim /etc/init.d/httpd

#!/bin/sh
#description:Apache is a World Wide Web server

[root@promote local]# chkconfig --add httpd
[root@promote /]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf

[root@promote local]# cd /usr/local/httpd/conf

[root@promote conf]# vim httpd.conf

Listen 192.168.75.134:80 /
#Listen 80
#ServerName www.kgc.com:80 //

[root@promote /]# ln -s /usr/local/httpd//bin/* /usr/local/bin /

/usr/local/bin
[root@promote /]# ls /usr/local/httpd//bin
ab checkgid htcacheclean httxt2dbm
apachectl dbmmanage htdbm logresolve
apr-1-config envvars htdigest rotatelogs
apu-1-config envvars-std htpasswd
apxs fcgistarter httpd
[root@promote /]# service httpd start
httpd (pid 66785) already running

[root@promote /]# httpd -t
Syntax OK
[root@promote /]# netstat -ntap | grep 80
tcp 0 0 192.168.75.134:80 0.0.0.0:* LISTEN 66785/httpd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8031/dnsmasq
[root@promote /]#
[root@promote /]# iptables -F
[root@promote /]# setenforce 0

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑File Systems types :

A file system is a type of database used for storing, updating, and retrieving files or several numbers of files. It is a way in which files are archived logically and named for archiving and recovery. There are different types of File systems mentioned below :

Windows file system: Microsoft Windows uses only two types of FAT and NTFS.

1) FAT, which means ‘file allocation table’, is the simplest type of file system containing a boot sector, a file allocation table, and a simple storage space for storing files and folders. Recently, FAT came in FAT16, FAT12, and FAT32. FAT32 is compatible with Windows-based storage devices. Windows cannot create a FAT32 file system with a file bigger than 32 GB.

2) NTFS, abbreviation of “New Technology File System,” is now a default file system for files greater than 32 GB. Encryption and Access control are some main properties of this file system.
Linux file system: Linux is a widely used, open-source operating system, and was developed for testing and development. This OS was intended to use different file system concepts. In Linux, there are several types of file systems.

3) Ext2, Ext3, Ext4 – This is the local, or default, Linux file system. The root filesystem is generally mcapped to the entire Linux distribution. The Ext3 file system is an excellent update of the previously used Ext2 file system; it uses the transactional file writing operation. Ext4 is an extension file that supports Ext3 information and file attribution.

4) ReiserFS – The file system problem is solved by saving a lot of small files at once. There is a good laugh by the file manager, and the permission of the compatible file, the storage of the file code, the file contains metadata in the mode of not using the large file system due to its size.

5) XFS – The XFS file system works well and is widely used for file archiving. This file system type is popular on IRIX servers.


6) JFS – IBM developed this file system, and it has become a file system that is used on almost all Linux distributions

enjoy❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 FULL WIFI EXPLOIT-USING PYTHON3 SCAPY

✅VERIFIED BY UNDERCODE

https://pastebin.com/Jp4Pizbq

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best 2020 youtube downloader apps for android :

https://www.snaptubeapp.com/

https://instube.com/

https://www.yt3dl.net/

https://keepvid.com/

https://tubemate.net/

https://www.videoder.net/

https://play.google.com/store/apps/details?id=com.google.android.apps.youtube.mango

https://apkpure.com/youtube-downloader/com.tubeone3.ramzy

their is much more but those top working apps


🦑The best free YouTube downloader for windows

https://www.4kdownload.com/products/product-videodownloader


https://www.winxdvd.com/youtube-downloader/?__c=1

https://www.any-video-converter.com/products/for_video_free/?__c=1

https://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm

https://www.atube.me/


E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Researchers demonstrated 4 new variants of HTTP request smuggling attacks
#NEWS

> A new study identified four new variants of HTTP request smuggling attacks, which can target various commercial off-the-shelf Web servers and HTTP proxy servers.

> Amit Klein, vice president of security research at SafeBreach , presented the findings at the Black Hat security conference on August 5. He said this attack highlights that web servers and HTTP proxy servers are still vulnerable to HTTP request smuggling (even since the first record It has been 15 years since).

🦑What is HTTP request smuggling?

> HTTP request smuggling (or HTTP asynchronous) is a technique used to interfere with the way a website processes a sequence of HTTP requests received from one or more users.

> When the front-end server (load balancer or proxy) and the back-end server interpret the boundaries of HTTP requests in different ways, there are usually vulnerabilities related to HTTP request smuggling, so that bad actors can send (or "smuggle") obscure requests , This takes precedence over the next legitimate user request. Such asynchrony of requests can be used to hijack credentials, inject responses to users, or even steal data from victims' requests and leak information to servers controlled by the attacker.

#news
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Speed Up windows via registry :

A quick tweak to speed up Aero Peek.
Windows 7's Aero Peek lets you see the desktop when you move your mouse cursor over to the "show desktop" button at the end of the taskbar. The standard delay time for the Aero Peek preview is 500 milliseconds, or half a second. Here's how to speed it up:
(https://www.softpedia.com/get/System/OS-Enhancements/AeroPeek.shtml download )

1) Open the Registry Editor and go to HKEYCURRENTUSER > Software > Microsoft > Windows > CurrentVersion > Explorer > Advanced.

2) Right-click on the right pane and click New > DWORD (32-bit) Value. Name the new DWORD "DesktopLivePreviewHoverTime."

3) Double-click on DesktopLivePreviewHoverTime to open it. Under "Base," click Decimal and then enter the delay time (in milliseconds) in the "Value data" field. Click OK, and your Aero Peek time will be set. You can set the value to higher (a longer delay time) if you're activating it too often by accident, or to lower (a shorter delay time) if half a second is just too long.

4) Log off and log back on for the change to take effect.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LOOKING FOR BEST PHISHING SCRIPTS FOR HACK FCB-INSTA-TWITTER ,,,2020

https://github.com/DarkSecDevelopers/HiddenEye

https://github.com/suljot/shellphish

https://github.com/htr-tech/nexphisher

https://github.com/MuhammadSheehab/FB-Phishing

https://github.com/topics/phishing?l=html

https://getgophish.com/

http://phishing-server.com/

https://github.com/sptorg/sptoolkit

https://github.com/pentestgeek/phishing-frenzy

https://github.com/securestate/king-phisher

E N J O Y ❤️👍🏻
USE FOR LEARN
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Configure dns service ?

root@localhost /# yum -y install bind

root@localhost /# vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };

root@localhost /#vim /etc/named.rfc1912.zones
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };

root@localhost /# cd /var/named/

root@localhost named# cp -p named.localhost kgc.com.zone

root@localhost named# vim kgc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.75.134

root@localhost named#systemctl restart named


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

24/24 posts enjoy & share us ❤️👍🏻

T.me/UndercodeTesting