▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑root escalation (OLD CVE, SO USEFUL FOR NOW)
#PROTIPS :

This sample is rewritten based on the open source RUN_ROOT_SHELL, which can root all devices before October 2015, mainly using the following vulnerabilities to raise rights:

(1) CVE-2012-4220

Affected devices: Android2.3～4.2

The Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver diagcharcore.c used has an integer overflow vulnerability in its implementation. By passing specially crafted input to diagcharioctl, remote attackers can use this vulnerability to execute arbitrary code or cause a denial of service.

(2) /dev/graphics/fb0

mmap vulnerability in fb0 device (triggering parameter FBIOGETFSCREENINFO)

(3) /dev/hdcp

mmap vulnerabilities in hdcp devices

(4) CVE-2013-6282

Affected version: linux kernel 3.2.1, Linux kernel 3.2.2, Linux kernel 3.2.13

The Linux kernel lacks access permission checks for getuser/putuser on ARM. Local attackers can use this vulnerability to read and write kernel memory and gain privilege escalation.

(5) /dev/msmacdb

Qualcomm device vulnerability

(6) CVE-2013-2595

/dev/msmcamera/config0 Qualcomm device MMAP vulnerability.

(7) CVE-2013-2094

Affected version: devices with PERFEVENT enabled before linux kernel 3.8.9

By exploiting this vulnerability, local users can obtain the highest system privileges through the perfeventopen system call.

(8) CVE-2015-3636

pingpong This vulnerability is a Use-After-Free vulnerability in the ping socket of the Linux kernel.

(9) CVE-2014-3153

The vulnerability exploits the RELOCK and REQUEUE vulnerabilities in the three functions futexrequeue, futexlockpi, and futexwaitrequeuepi, resulting in data modification on the kernel stack.

After the device is successfully upgraded, the decrypted image will be implanted in the /system/priv-app directory and named AndroidDaemonFrame.apk, and libgodlikelib.so will be implanted in the /system/lib directory. The following figure escalates rights and implants malicious files into the system directory.

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Detailed fresh Proxies List :


https://pastebin.com/rCJzEeBE

#full with pictures

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#fastTips What's the best way to stay anonymous on Parrot linux or Kali Linux, if you wanted to hack with it?

1) Use Proxychains if you’re using command line tools :

haad/proxychains
https://github.com/haad/proxychains

2) If you’re going to use a browser use tor bundle browser:

Tor Browser
https://www.torproject.org/projects/torbrowser.html.en

3) you can also use Anonsurf:
https://github.com/Und3rf10w/kali-anonsurf

Und3rf10w/kali-anonsurf

Anonsurf works for both if you want to use command line tools or normal browser.

4) If you want to change your mac address use macchanger, you can use this command to install it:

> sudo apt install macchanger.

I would recommend you to use Tails because it’s a live distro less chances of getting caught and if you’re going to hack it use public wifi.

enjoy❤️👍🏻
(wiki resources)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Generating a HTML Link to a Named Route :

1) Use the HTML::linkRoute() method.

The only required argument is the first one, the name of the route.

{{ HTML::linkRoute('login') }}

2) Depending on your app/routes.php file, this may output something like.

<a href="http://your.url/user/login">http://your.url/user/login</a>
If you don’t have a route with the name specified, an error will get generated.

3) You can pass a second argument to specify the title to display.

{{ HTML::linkRoute('login', 'Sign In') }}

4)This produces something similar to the following (based on routes.php).

<a href="http://your.url/user/login">Sign In</a>

5) If you’re route takes parameters, then you must pass a third argument.

{{ HTML::linkRoute('items.show', 'Show item #4', array(4)) }}

6) The output could look something like below.

<a href="http://your.url/items/4">Show item #4</a>

7) You can specify an array as the fourth parameter. This array should contain any additional attributes to apply to the anchor tag.

{{ HTML::linkRoute('login', 'Sign In', array(), array('class' => 'btn')) }}
Now the anchor tag has a class attribute.

<a href="http://your.url/user/login" class="btn">Sign In</a>

enjoy❤️👍🏻
(wiki sources)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑web hacking :

-Real platform independence. Tested on Windows, Linux, *BSD and OS X.

-No native library dependencies. All of the framework has been written in pure Python.

-Good performance when compared with other frameworks written in Python and other scripting languages.

-Very easy to use.

-Plugin development is extremely simple.

-The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester...

-Integration with standards: CWE, CVE and OWASP.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) apt-get install python2.7 python2.7-dev python-pip

2) python-docutils git perl nmap sslscan

3) cd /opt

4) git clone https://github.com/golismero/golismero.git

5) cd golismero

6) pip install -r requirements.txt

7) pip install -r requirements_unix.txt

8) ln -s ${PWD}/golismero.py /usr/bin/golismero
exit

9) If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:

10) mkdir ~/.golismero

11) touch ~/.golismero/user.conf

12) chmod 600 ~/.golismero/user.conf

13) nano ~/.golismero/user.conf

14) At the editor, add the following sections to the file, as appropriate:

[shodan:Configuration]
apikey = <INSERT YOUR SHODAN API KEY HERE>

[openvas]
host = <INSERT THE OPENVAS HOST HERE>
user = <INSERT THE OPENVAS USERNAME HERE>
*password = <INSERT THE OPENVAS PASSWORD HERE>

FOR MAC GO TO : https://github.com/golismero/golismero

enjoy❤️👍🏻
✅git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

commands & pictures

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings

F E A T U R E S :

Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).

Having clean/simple/lightweight/intuitive architecture-neutral API.

Provide details on disassembled instruction (called “decomposer” by others).

Provide semantics of the disassembled instruction, such as list of implicit registers read & written.

Implemented in pure C language, with lightweight bindings for D, Clojure, F#, Common Lisp, Visual Basic, PHP, PowerShell, Emacs, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal & Vala (ready either in main code, or provided externally by the community).

Native support for all popular platforms: Windows, Mac OSX, iOS, Android, Linux, *BSD, Solaris, etc.

Thread-safe by design.

Special support for embedding into firmware or OS kernel.

High performance & suitable for malware analysis (capable of handling various X86 malware tricks).


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/aquynh/capstone.git

2) Compile from source

On *nix (such as MacOSX, Linux, *BSD, Solaris):

- To compile for current platform, run:

$ ./make.sh

- On 64-bit OS, run the command below to cross-compile Capstone for 32-bit binary:

$ ./make.sh nix32



3) Install Capstone on *nix

To install Capstone, run:

$ sudo ./make.sh install

For FreeBSD/OpenBSD, where sudo is unavailable, run:

$ su; ./make.sh install

Users are then required to enter root password to copy Capstone into machine
system directories.

Afterwards, run ./tests/test* to see the tests disassembling sample code.


NOTE: The core framework installed by "./make.sh install" consist of
following files:

/usr/include/capstone/arm.h
/usr/include/capstone/arm64.h
/usr/include/capstone/capstone.h
/usr/include/capstone/evm.h
/usr/include/capstone/m680x.h
/usr/include/capstone/m68k.h
/usr/include/capstone/mips.h
/usr/include/capstone/mos65xx.h
/usr/include/capstone/platform.h
/usr/include/capstone/ppc.h
/usr/include/capstone/sparc.h
/usr/include/capstone/systemz.h
/usr/include/capstone/tms320c64x.h
/usr/include/capstone/x86.h
/usr/include/capstone/xcore.h
/usr/lib/libcapstone.a
/usr/lib/libcapstone.so (for Linux/*nix), or /usr/lib/libcapstone.dylib (OSX)



4) Cross-compile for Windows from *nix

To cross-compile for Windows, Linux & gcc-mingw-w64-i686 (and also gcc-mingw-w64-x86-64
for 64-bit binaries) are required.

- To cross-compile Windows 32-bit binary, simply run:

$ ./make.sh cross-win32

- To cross-compile Windows 64-bit binary, run:

$ ./make.sh cross-win64

Resulted files libcapstone.dll, libcapstone.dll.a & tests/test*.exe can then
be used on Windows machine.



5) Cross-compile for iOS from Mac OSX.

To cross-compile for iOS (iPhone/iPad/iPod), Mac OSX with XCode installed is required.

- To cross-compile for ArmV7 (iPod 4, iPad 1/2/3, iPhone4, iPhone4S), run:
$ ./make.sh ios_armv7

- To cross-compile for ArmV7s (iPad 4, iPhone 5C, iPad mini), run:
$ ./make.sh ios_armv7s

- To cross-compile for Arm64 (iPhone 5S, iPad mini Retina, iPad Air), run:
$ ./make.sh ios_arm64

- To cross-compile for all iDevices (armv7 + armv7s + arm64), run:
$ ./make.sh ios

Resulted files libcapstone.dylib, libcapstone.a & tests/test* can then
be used on iOS devices.


6) Cross-compile for Android

To cross-compile for Android (smartphone/tablet), Android NDK is required.
NOTE: Only ARM and ARM64 are currently supported.

$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm
or
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm64

enjoy❤️👍🏻
✅git topic
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to list docker containers :

As you know, Docker is an echo system where you can create or run containers. It is an absolutely free and open-source tool that makes it simpler for you to create, deploy and run your applications using the containers. Containers are small and lightweight alternatives to Virtual Machines that use the host operating system. It allows you to run your application in an isolated environment.

1) If you are a system administrator and responsible for managing Docker, then you may need to know how to list Docker containers. There are several ways to list Docker containers in Linux.

2) In this tutorial, we will show you how to list Docker containers with several examples.

3) List All Docker Containers
If you want to list all Docker containers in your system, including running Docker container and stopped Docker containers, there are several commands you can list them as shown below:

docker container list -a
Or

docker container ls -a
Or

docker container ps -a
Or

docker ps -a

4) You should see all running and stopped Docker containers in the following output:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
592b9fe9f478 drupal "docker-php-entrypoi…" 3 minutes ago Exited (0) About a minute ago mystifying_cartwright
9392aab37f99 wordpress "docker-entrypoint.s…" 5 minutes ago Up 5 minutes 0.0.0.0:8081->80/tcp wpcontainer
bcbc64840b0a mariadb "docker-entrypoint.s…" 6 minutes ago Up 6 minutes 3306/tcp wordpressdb
3e5cddafb61d technosoft2000/calibre-web:v1.1.9 "/bin/bash -c /init/…" 19 hours ago Up 19 hours 0.0.0.0:8082->8083/tcp calibre-web
[/cc
<h3>A brief explanation of each column is shown below:</h3>
<strong>Container ID:</strong> A unique identification of the container.
<strong>Imag:</strong> Docker image name that used to create the container.
<strong>Command:</strong> The name of the command that runs after starting the container.
<strong>Created:</strong> Display container creation time.
<strong>Status:</strong> Display the running status of the container.
<strong>Ports: </strong>Shows the open port.
<strong>Names:</strong> Container name.

5) If you want to list only stopped Docker containers in your system, run the following command:
[cc lang="bash" width="700" escaped="true"]
docker ps --filter "status=exited"
You should see the following output:

6)CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
592b9fe9f478 drupal "docker-php-entrypoi…" 4 minutes ago Exited (0)

> mystifying_cartwright

7) List All Running Docker Containers
If you want to list only running Docker containers in your system, there are several commands to list them.

8) To list all Running Docker containers, run one of the following commands:

docker container ls
Or

docker container list
Or

docker container ps
Or

docker ps

9) You should see all running Docker containers in the following output:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9392aab37f99 wordpress "docker-entrypoint.s…" 6 minutes ago Up 6 minutes 0.0.0.0:8081->80/tcp wpcontainer
bcbc64840b0a mariadb "docker-entrypoint.s…" 7 minutes ago Up 7 minutes 3306/tcp wordpressdb
3e5cddafb61d technosoft2000/calibre-web:v1.1.9 "/bin/bash -c /init/…" 19 hours ago Up 19 hours 0.0.0.0:8082->8083/tcp calibre-web
If you want to list the only ID of the running Docker container, run the following command:

docker container ls -q

10) You should see the following output:

9392aab37f99
bcbc64840b0a
3e5cddafb61d
List All Docker Containers by Size
You can also list all running Docker container with the size of each container

11) For example, list and view the size of the all running Docker containers, run the following command:

docker container list -s

12) You should see all running Docker containers with size column, as shown below:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
9392aab37f99 wordpress "docker-entrypoint.s…" 7 minutes ago Up 7 minutes 0.0.0.0:8081->80/tcp wpcontainer 2B (virtual 543MB)
bcbc64840b0a mariadb "docker-entrypoint.s…" 7 minutes ago Up 7 minutes 3306/tcp wordpressdb 2B (virtual 407MB)
3e5cddafb61d technosoft2000/calibre-web:v1.1.9 "/bin/bash -c /init/…" 19 hours ago Up 19 hours 0.0.0.0:8082->8083/tcp calibre-web 103MB (virtual 406MB)

13) You can also list and view the size of the all running and stopped containers with the following command:

docker container ls -as
You should see the following output:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
592b9fe9f478 drupal "docker-php-entrypoi…" 5 minutes ago Exited (0) 3 minutes ago mystifying_cartwright 0B (virtual 495MB)
9392aab37f99 wordpress "docker-entrypoint.s…" 7 minutes ago Up 7 minutes 0.0.0.0:8081->80/tcp wpcontainer 2B (virtual 543MB)
bcbc64840b0a mariadb "docker-entrypoint.s…" 8 minutes ago Up 8 minutes 3306/tcp wordpressdb 2B (virtual 407MB)
3e5cddafb61d technosoft2000/calibre-web:v1.1.9 "/bin/bash -c /init/…" 19 hours ago Up 19 hours 0.0.0.0:8082->8083/tcp calibre-web 103MB (virtual 406MB

✅linux forum
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IS HACKING COMPUTER VIA PORT POSSIBLE ?

What is a port?

The port is a way for the computer to communicate with the outside, and the computer needs it to communicate with the outside world. The server uses different ports to provide different services, so only one IP address is needed to receive different data packets. Because of the port, when a data packet arrives at the computer, it knows which data packet to send to which service program. Therefore, through different ports, the computer and the outside world can communicate without interference. Simply put, a port is like a door. Only when we open this door can the computer communicate with the outside world. All data must pass through the door to enter our system. For example, the well-known "Shockwave" and "Magic Wave" viruses spread through ports 139 and 445, while the famous Trojan "Glacier" controls our computer through port 7626. Therefore, as long as we understand some ports commonly used by virus and Trojan horses and close them, we can avoid many virus and Trojan horse attacks.

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hackers can transmit malicious images through Paypal

PayPal resolved a vulnerability that could be used by hackers to insert malicious images into payment pages.

Security researcher Aditya K Sood found that the URL of the payment page set by PayPal users contained a parameter named "image_url". The value of this parameter can be replaced by a URL that points to an image hosted on a remote server. This situation can allow attackers to use third-party vendors’ PayPal payment pages to spread malicious images. Sood proved the existence of the vulnerability by displaying arbitrary images on the vendor's payment page, but he believes that attackers may spread or exploit the malware hidden in the images.

Cybercriminals have always used innocuous-looking image files to hide malware. This technique has been used by the developers of the Lurk downloader, Neverquest malware, Stegoloader information stealer, and a Brazilian Trojan that was recently analyzed by Kaspersky.

Sood pointed out, “This is an insecure design because PayPal allows remote users to inject their own images into the components that PayPal uses for customer transactions. In other words, can an attacker spread malware or Utilization? The answer is yes. Some utilization technologies can achieve this goal."

Attackers can exploit this vulnerability by allowing unverified users to click on specially programmed links. The fact that the URL is hosted on paypal.com increases the likelihood that the victim will open the link.

This vulnerability was reported to PayPal in January, but was only fixed this month. PayPal initially stated that the report was not eligible for a bug reward, but then the company decided to fix the bug and awarded Sood a $1,000 reward.

Sood believes this is a high-risk issue, and he is dissatisfied with PayPal's disagreement with his assessment. PayPal responded that the attack scenario described by Sood is unlikely to happen because there are easier ways to spread malware, and that the company is actively scanning for malicious content.


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁