▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Run Kali Linux XFCE-desk :
Install XFCE

1) step to install XFCE and run it in Kali Linux. Enter the following command to install XFCE.

$ sudo apt install xfce4

2) Install XRDP
XRDP provides an easy remote desktop experience. It is open-source but does not work for Microsoft Windows.

$ sudo apt install xrdp

3) After installation, issue the following command to continue the procedure.

$ sudo /etc/init.d/xrdp start

4) Connect to Kali Linux
For this purpose, you can use the remote desktop connection that usually comes with the windows. Next, enter your user name and password.

5) Possible Problem
If port 3380 is active, rather than port 3389, you may encounter an error that says that your computer is not able to connect to another console.

6) Change the Port
First, open the XRDP configuration file and type the following command to change the port.

$ sudo nano /etc/xrdp/xrdp.ini

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/j3ssie/Osmedeus

2) cd Osmedeus

3) ./install.sh

4) ./osmedeus.py -t example.com

5) # normal routine
./osmedeus.py -t example.com
./osmedeus.py -T list_of_target.txt

# normal routine but slow speed on all moddule
./osmedeus.py -t example.com --slow 'all'

# normal routine but exclude some modules
./osmedeus.py -t example.com -x 'linkfinding,dirb'

# direct mode examples
./osmedeus.py -m subdomain -t example.com
./osmedeus.py -m portscan -i "1.2.3.4/24"

./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -w result_folder

# direct list mode examples
./osmedeus.py -m portscan -I list_of_targets.txt
./osmedeus.py -m portscan,vulnscan -I list_of_targets.txt
./osmedeus.py -m screen -I list_of_targets.txt -w result_folder

# report mode
./osmedeus.py -t example.com --report list
./osmedeus.py -t example.com --report export
./osmedeus.py -t example.com --report sum
./osmedeus.py -t example.com --report short
./osmedeus.py -t example.com --report full

🦑F E A T U R E S :

Subdomain Scan.
Subdomain TakeOver Scan.
Screenshot the target.
Basic recon like Whois, Dig info.
Web Technology detection.
IP Discovery.
CORS Scan.
SSL Scan.
Wayback Machine Discovery.
URL Discovery.
Headers Scan.
Port Scan.
Vulnerable Scan.
Seperate workspaces to store all scan output and details logging.
REST API.
Slack notific React Web UI.
Support Continuous Scan.
ations.
Easily view report from commnad line.

enjoy❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SQL injection vulnerability solutions:

1. The key to solving SQL injection vulnerabilities is to strictly check all data input from users and use the principle of least privilege for database configuration

2. All query statements use the parameterized query interface provided by the database, and the parameterized statements use parameters instead of embedding user input variables into the SQL statement.

3. The special characters ('"\<>&*; etc.) entering the database are escaped or coded.

4. Confirm the type of each data. For example, numeric data must be numeric, and the storage field in the database must correspond to int type.

5. The length of the data should be strictly regulated to prevent the relatively long SQL injection statement from being executed correctly to a certain extent.

6. The coding of each data layer of the website is unified. It is recommended to use UTF-8 coding. Inconsistent upper and lower coding may cause some filtering models to be bypassed.

7. Strictly restrict the operation authority of the website user's database, and provide this user with only the authority that can satisfy his work, thereby minimizing the harm of the injection attack to the database.

8. Avoid websites displaying SQL error messages, such as type errors, field mismatches, etc., to prevent attackers from using these error messages to make some judgments.

9. Before the website is released, it is recommended to use some professional SQL injection detection tools to detect and patch these SQL injection vulnerabilities in time.

ENJOY ❤️👍🏻
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

1) !address List all memory segments in the process with their permissions and memory type. This is similar to the Memory Map in x64dbg.

2) !address [virtual address] List information about the memory segment that contains the virtual address. For example !address 400000 would show information about the section that contains address 0x40000. This is a quick way to find the start and end of a memory segment if you want to dump it.
.writemem [file name] [start address] [end address] Dump memory range to file. For example, .writemem C:

3) \dump.bin 400000 401000 would dump memory starting at 0x40000 and ending at 0x401000 to the dump.bin file.
eb [address] [byte] Enter one byte into memory at the address. For example, eb 400000 0xff would change the byte at address 0x400000 to 0xff. For a full list of enter commands (string, word, etc.) see the Microsoft docs here.

#full with video

🦑Detailed Proxies Lists :

https://pastebin.com/UHthr8WD

Support & Share ❤️👍🏻


T.me/UndercodeTesting

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑X Attacker Tool, Website Vulnerability Scanner & Auto Exploiter

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

on termux install :

1) git clone https://github.com/Moham3dRiahi/XAttacker.git

2) cd XAttacker

3) chmod +x termux-install.sh

4) bash termux-install.sh

🦑Installation Windows alt tag

1) Download Perl

2) Download XAttacker

3) Extract XAttacker into Desktop

4) Open CMD and type the following commands:

5) cd Desktop/XAttacker-master/

6) perl XAttacker.pl

🦑SOME FEATURES :

blocktestimonial Exploit
• Rightnow Theme Exploit
• Konzept Exploit
• Omni Secure Files Exploit
• Pitchprint Exploit
• Satoshi Exploit
• Pinboard Exploit
• Barclaycart Exploit
• Com Facileforms Exploit
• Com Jwallpapers Exploit
• Com Extplorer Exploit
• Com Rokdownloads Exploit
• Com Sexycontactform Exploit
• Com Jbcatalog Exploit
• Com Blog Exploit
• Com Foxcontact Exploit
• Drupal Geddon Exploit


@UndercodeTesting
✅verified
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Whatsapp is down now for some Contries

Follow last news t.me/UndercodeNews

another fresh proxies list

https://pastebin.com/eGYcUPPn

#requested full with pictures

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑3 ways to encrypt emails

> There are currently three common mail encryption methods:

1️⃣The first type: use symmetric encryption algorithm to encrypt mail

Symmetric encryption algorithm is an earlier encryption algorithm with mature technology. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm to make it a complex encrypted ciphertext and send it out. After receiving the ciphertext, if the recipient wants to interpret the original text, it needs to decrypt the ciphertext using the used encryption key and the inverse algorithm of the same algorithm to restore it to a readable plaintext.

2️⃣The second type: use PKI/CA certification to encrypt encrypted mail

Most of the current email encryption systems are based on this encryption method. PKI (Public Key Infrastructure) refers to the public key infrastructure, and CA (Certificate Authority) refers to the certification center.Therefore, people collectively referred to as "PKI/CA".. The registration center is responsible for reviewing the true identity of the certificate applicant. After the review is passed, it is responsible for uploading user information to the certification center through the network, and the certification center is responsible for the final certification processing. The revocation and renewal of the certificate also needs to be submitted by the registration agency to the certification center for processing. In general, the certification center is oriented to each registration center, and the registration center is oriented to the end user, and the registration agency is the intermediate channel between the user and the certification center. The management of public key certificates is a complex system. his encryption method is only suitable for enterprises, organizations and some high-end users. Because of the trouble to obtain CA certificates and cumbersome exchanges, this type of email encryption mode has been difficult to popularize.

3️⃣The third type: the use of identity-based password technology for email encryption

In order to simplify the key management problem of the traditional public key cryptosystem, in 1984, A. Shamir, an Israeli scientist and one of the inventors of the well-known RSA system, proposed the idea of ​​identity-based cryptography: the user’s public identity information (such as e-mail addresses) , IP address, name..., etc.) as the user's public key, and the user's private key is generated by a trusted center called the private key generator. In the following two decades, the design of identity-based cryptosystems has become a hot research field in cryptography


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME GOOD HACKING RESOURCES

1. Setup lab with bWAPP – https://www.youtube.com/watch? v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

2. Set up Burp Suite – https://www.youtube.com/watch? v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2


3. Congure Firefox and add certicate – https://www.youtube.com/watch? v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

4. Mapping and scoping website – https://www.youtube.com/watch?v=H_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

5. Spidering – https://www.youtube.com/watch? v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5

6. Active and passive scanning – https://www.youtube.com/watch? v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

7. Scanner options and demo – https://www.youtube.com/watch?v=gANi4Kt7ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

8. Introduction to password security – https://www.youtube.com/watch? v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8

9. Intruder – https://www.youtube.com/watch? v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9

10. Intruder attack types – https://www.youtube.com/watch? v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

11. Payload settings – https://www.youtube.com/watch?v=5GpdlbtL1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁