13) Adding additional controls.
Only the simplest possibilities are described above. If you're willing to pay a little, you can click on the icon to access the Gateway Store. Here, with a one-time purchase, you can expand the possibilities of remote control. Some of the features are free, such as Apple Music Control, Podcasts, Screenshot, VLC and Force Quit.
14) Once you've added these features, you'll see them on the home screen of the System Control app on your Mac. You can click on the Blocks icon at the top to view them in a short list. There you can change the order of the commands. After that click "Finish" and close the settings.
15) Give Gateway Desktop additional permissions
We will not describe how each control or Block works. It must be said that some of them require additional permissions on the Mac computer. In particular, system events for automation, which controls interface elements by simulating keyboard and mouse actions.
The first time you encounter these applications, you will be prompted for access on your Mac. You need to click OK. Access permission can be seen under System Preferences> Security & Privacy> Privacy> Automation. Once you've given permission once, it should work for future Blocks too.
15) Momentous Studios does not store your data and requests. The developers say this information is stored locally on user devices.
Gateway's only drawback is that the iPhone and Mac must be on the same wireless network. If you want to get remote access away from home, this is not yet possible with the Gateway. Hopefully, SSH (Secure Shell) will appear in the future for access from an application on an iPhone. Until then, you can use Chrome Remote Desktop, which turns your iPhone into a mouse and trackpad for your Mac if it's running the client.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Only the simplest possibilities are described above. If you're willing to pay a little, you can click on the icon to access the Gateway Store. Here, with a one-time purchase, you can expand the possibilities of remote control. Some of the features are free, such as Apple Music Control, Podcasts, Screenshot, VLC and Force Quit.
14) Once you've added these features, you'll see them on the home screen of the System Control app on your Mac. You can click on the Blocks icon at the top to view them in a short list. There you can change the order of the commands. After that click "Finish" and close the settings.
15) Give Gateway Desktop additional permissions
We will not describe how each control or Block works. It must be said that some of them require additional permissions on the Mac computer. In particular, system events for automation, which controls interface elements by simulating keyboard and mouse actions.
The first time you encounter these applications, you will be prompted for access on your Mac. You need to click OK. Access permission can be seen under System Preferences> Security & Privacy> Privacy> Automation. Once you've given permission once, it should work for future Blocks too.
15) Momentous Studios does not store your data and requests. The developers say this information is stored locally on user devices.
Gateway's only drawback is that the iPhone and Mac must be on the same wireless network. If you want to get remote access away from home, this is not yet possible with the Gateway. Hopefully, SSH (Secure Shell) will appear in the future for access from an application on an iPhone. Until then, you can use Chrome Remote Desktop, which turns your iPhone into a mouse and trackpad for your Mac if it's running the client.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to hack web browsers with BeEF :
1) Launch BeEF
BeEF is built into Kali Linux and can be run as a service and accessed through a web browser on your computer (localhost). So let's start by launching Kali and then BeEF. Go to Applications -> Kali Linux -> System Services -> BeEF -> beef start.
2) Open your browser and go to BeEF
The BeEF server is accessed through any browser on our local web server (127.0.0.1) on port 3000. To access its authentication page, follow the link:
http: // localhost: 3000 / ui / authentication
The default credentials are "beef" for username and password.
3) Fine! You are now successfully logged into BeEF and are ready to start using this powerful web browser hacking platform.
Note that in the screenshot below, our local browser 127.0.0.1 appeared in the left pane βHooked Browsersβ after clicking on the demo page link. BeEF also displays the Getting Started window on the right side.
4) View browser details
If we click on the local browser, it will show several tabs with information on the right, including the "Details" window, where you can get all the details about our browser. Since we are using the Iceweasel browser built into Kali, which is built on Firefox, it shows that it is a Firefox browser.
It also shows the version number (24), the platform (Linux i686), any components (Flash, websockets), and additional information that we can use in subsequent web application hacks.
5) Browser hijacking
The key to success with BeEF is browser hijacking. This means that we need a victim to visit the vulnerable web application. The code injected into the "captured" browser will then respond to commands from the BeEF server. And from there we can do a number of malicious things on the victim's computer.
BeEF has a JavaScript file called "hook.js" and if we can get the victim to execute it in a vulnerable web application, we will "hijack" their browser we'll look at several ways to hijack the victim's browser.
6) Running commands in the browser
Now that we have hijacked the victim's browser, we can use a large number of built-in commands that can be executed from the victim's browser. Below are just a few examples, but there are actually many more.
> Get visited domains
> Get visited urls
> Webcam
> Get all cookies
> Capture Google Contacts
> Screenshot
7) When this command is executed, the Adobe Flash dialog box appears on the user's screen: "Allow Webcam?" If he clicks "Allow", the browser will start sending you pictures from the victim's machine.
Of course, you can change the query text, so be creative. For example, you can set up a button to display: βYou just won the lottery! Click here to claim your winnings! " or βYour software is out of date. Click here to update and protect your computer. " Messages like this can prompt the victim to click on the button.
8) Receiving cookies
Once we take over the browser, we have almost unlimited possibilities for what we can do. If we want to get the victim's cookies, then we can go to "Chrome Extensions" and select "Get All Cookies"
9) When we click on the "Execute" button in the lower right corner, it will start collecting all cookies from the browser. Obviously, after you have all the user's cookies, you will most likely also have access to all of their websites.
BeEF is an extraordinary and powerful tool for using web browsers. In addition to what we showed you here, it can also be used for attacks against the operating system. We'll be using it and other tools in our new series on hacking web, mobile, and Facebook, so be sure to come back!
USE FOR LEARN !!!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to hack web browsers with BeEF :
1) Launch BeEF
BeEF is built into Kali Linux and can be run as a service and accessed through a web browser on your computer (localhost). So let's start by launching Kali and then BeEF. Go to Applications -> Kali Linux -> System Services -> BeEF -> beef start.
2) Open your browser and go to BeEF
The BeEF server is accessed through any browser on our local web server (127.0.0.1) on port 3000. To access its authentication page, follow the link:
http: // localhost: 3000 / ui / authentication
The default credentials are "beef" for username and password.
3) Fine! You are now successfully logged into BeEF and are ready to start using this powerful web browser hacking platform.
Note that in the screenshot below, our local browser 127.0.0.1 appeared in the left pane βHooked Browsersβ after clicking on the demo page link. BeEF also displays the Getting Started window on the right side.
4) View browser details
If we click on the local browser, it will show several tabs with information on the right, including the "Details" window, where you can get all the details about our browser. Since we are using the Iceweasel browser built into Kali, which is built on Firefox, it shows that it is a Firefox browser.
It also shows the version number (24), the platform (Linux i686), any components (Flash, websockets), and additional information that we can use in subsequent web application hacks.
5) Browser hijacking
The key to success with BeEF is browser hijacking. This means that we need a victim to visit the vulnerable web application. The code injected into the "captured" browser will then respond to commands from the BeEF server. And from there we can do a number of malicious things on the victim's computer.
BeEF has a JavaScript file called "hook.js" and if we can get the victim to execute it in a vulnerable web application, we will "hijack" their browser we'll look at several ways to hijack the victim's browser.
6) Running commands in the browser
Now that we have hijacked the victim's browser, we can use a large number of built-in commands that can be executed from the victim's browser. Below are just a few examples, but there are actually many more.
> Get visited domains
> Get visited urls
> Webcam
> Get all cookies
> Capture Google Contacts
> Screenshot
7) When this command is executed, the Adobe Flash dialog box appears on the user's screen: "Allow Webcam?" If he clicks "Allow", the browser will start sending you pictures from the victim's machine.
Of course, you can change the query text, so be creative. For example, you can set up a button to display: βYou just won the lottery! Click here to claim your winnings! " or βYour software is out of date. Click here to update and protect your computer. " Messages like this can prompt the victim to click on the button.
8) Receiving cookies
Once we take over the browser, we have almost unlimited possibilities for what we can do. If we want to get the victim's cookies, then we can go to "Chrome Extensions" and select "Get All Cookies"
9) When we click on the "Execute" button in the lower right corner, it will start collecting all cookies from the browser. Obviously, after you have all the user's cookies, you will most likely also have access to all of their websites.
BeEF is an extraordinary and powerful tool for using web browsers. In addition to what we showed you here, it can also be used for attacks against the operating system. We'll be using it and other tools in our new series on hacking web, mobile, and Facebook, so be sure to come back!
USE FOR LEARN !!!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to download maps to work in Google Maps offline:
1) Turn on location services
Before you start downloading maps, you need to make sure that location services are enabled. On Android, they are accessed in two ways. This can be done through system settings using search and through the quick settings panel. There may be a Location tile.
Make sure the Google Maps app has access to location services. To do this, open Settings> Apps> Google Maps> Permissions> Location. Activate the switch or select "Allow in any mode" or "Allow only while using the app" if you have Android 10 or newer.
2) On iPhone, open Settings> Privacy> Location Services. On the next page, make sure the main switch is on. Select "Google Maps" and set "Always" or "Only when using this app."
3) Enable download via mobile internet (optional)
To download the route using the mobile Internet, open Google Maps and the side menu in them. Click Offline Maps, then the gear-shaped icon in the upper right corner. Click on "Download Settings" and "Via Wi-Fi or Mobile Network". On iOS, under βWhen to download sites offlineβ, select βVia Wi-Fi or Mobile Networkβ.
4) Download the desired route
Now everything is ready to download maps for offline work. On Android, open the Maps application and you can type your destination in the search or specify by long pressing on the map. In the lower right corner, click Route.
When the route is laid, click on the black banner to download a copy of the map with all the objects on it.
5) If you have an iPhone or don't see a black banner on Android, the process of downloading maps is more complicated. Open Google Maps and click on the hamburger menu in the upper left corner. Select "Offline Maps" and on the "Custom Site".
6) The maximum card size is about 1.7 GB. If the preview gives a higher value, you need to use the zoom. When you have selected a section of the map for offline access, click Download.
7) Using and accessing downloaded maps
When you need a route on the downloaded map and there is no mobile Internet, open the "Maps" application. The required map with streets, businesses and other objects will be displayed inside.
As long as you stay within the boundaries of the downloaded section of the map, you get a full-fledged application even without Internet access. Search and direction will work, but there will be no directions for walking, cycling, traffic information on the roads.
8) Update downloaded maps every month
The shelf life of each offline card is one month. If you don't update it, you won't be able to access it without the Internet. This is done to save space on your smartphone and so that you do not use an outdated map.
Updating offline maps is easy. Click the hamburger menu in the upper left corner of the Maps app and select Offline Maps on Android or Offline Lots on iPhone. Select the downloaded site, click "Update" on the next screen. After that, access will remain for the next month.
9)Some important data, such as information about road repairs and accidents, are not available without Internet access. Offline maps are only needed in case of poor connection or complete lack of Internet access, but it is not recommended to use them on an ongoing basis.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to download maps to work in Google Maps offline:
1) Turn on location services
Before you start downloading maps, you need to make sure that location services are enabled. On Android, they are accessed in two ways. This can be done through system settings using search and through the quick settings panel. There may be a Location tile.
Make sure the Google Maps app has access to location services. To do this, open Settings> Apps> Google Maps> Permissions> Location. Activate the switch or select "Allow in any mode" or "Allow only while using the app" if you have Android 10 or newer.
2) On iPhone, open Settings> Privacy> Location Services. On the next page, make sure the main switch is on. Select "Google Maps" and set "Always" or "Only when using this app."
3) Enable download via mobile internet (optional)
To download the route using the mobile Internet, open Google Maps and the side menu in them. Click Offline Maps, then the gear-shaped icon in the upper right corner. Click on "Download Settings" and "Via Wi-Fi or Mobile Network". On iOS, under βWhen to download sites offlineβ, select βVia Wi-Fi or Mobile Networkβ.
4) Download the desired route
Now everything is ready to download maps for offline work. On Android, open the Maps application and you can type your destination in the search or specify by long pressing on the map. In the lower right corner, click Route.
When the route is laid, click on the black banner to download a copy of the map with all the objects on it.
5) If you have an iPhone or don't see a black banner on Android, the process of downloading maps is more complicated. Open Google Maps and click on the hamburger menu in the upper left corner. Select "Offline Maps" and on the "Custom Site".
6) The maximum card size is about 1.7 GB. If the preview gives a higher value, you need to use the zoom. When you have selected a section of the map for offline access, click Download.
7) Using and accessing downloaded maps
When you need a route on the downloaded map and there is no mobile Internet, open the "Maps" application. The required map with streets, businesses and other objects will be displayed inside.
As long as you stay within the boundaries of the downloaded section of the map, you get a full-fledged application even without Internet access. Search and direction will work, but there will be no directions for walking, cycling, traffic information on the roads.
8) Update downloaded maps every month
The shelf life of each offline card is one month. If you don't update it, you won't be able to access it without the Internet. This is done to save space on your smartphone and so that you do not use an outdated map.
Updating offline maps is easy. Click the hamburger menu in the upper left corner of the Maps app and select Offline Maps on Android or Offline Lots on iPhone. Select the downloaded site, click "Update" on the next screen. After that, access will remain for the next month.
9)Some important data, such as information about road repairs and accidents, are not available without Internet access. Offline maps are only needed in case of poor connection or complete lack of Internet access, but it is not recommended to use them on an ongoing basis.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to remotely install applications on an Android smartphone ?
1) Open the Play Store in a browser
If you have a link to the app, you can follow it in a browser on any device and then go to step 3.
It usually starts with visiting the Play Store through the device's browser. If it's an iPhone or Mac, you can use the Safari browser. The store link looks like play.google.com/store.
2) Find the app page in the store
You can jump directly to the application you want if you have a link to the page. Alternatively, you can search the store by name. It is possible to filter search results. For example, select only apps in a tab in the left menu. You can click "See More" next to the "Applications" section in the search results.
3) Remote installation of the application
Click on the "Install" button. If the app is already installed on the device, this is reported. You need to sign in to your Google account, which is used on the Android device.
If you are already signed in and you are not using this Android device, you can change your account by clicking on your profile picture in the upper right corner.
4) You will see a list of Android devices associated with this account, including tablets and Android TVs. If the currently selected device is not where you will install the application, click on the name of the desired device in the drop-down menu. After selecting, click "Continue".
5) If this is the first time you do this, a window will appear asking when authorization is required. Whichever option you choose, a password is always required for a remote installation. You can also add the need to enter a password when shopping.
Select the option you want and click Save. After the download is complete, a message appears that the application is being installed
6) Return to your smartphone and the installation of the application will begin. The duration depends on the connection speed.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to remotely install applications on an Android smartphone ?
1) Open the Play Store in a browser
If you have a link to the app, you can follow it in a browser on any device and then go to step 3.
It usually starts with visiting the Play Store through the device's browser. If it's an iPhone or Mac, you can use the Safari browser. The store link looks like play.google.com/store.
2) Find the app page in the store
You can jump directly to the application you want if you have a link to the page. Alternatively, you can search the store by name. It is possible to filter search results. For example, select only apps in a tab in the left menu. You can click "See More" next to the "Applications" section in the search results.
3) Remote installation of the application
Click on the "Install" button. If the app is already installed on the device, this is reported. You need to sign in to your Google account, which is used on the Android device.
If you are already signed in and you are not using this Android device, you can change your account by clicking on your profile picture in the upper right corner.
4) You will see a list of Android devices associated with this account, including tablets and Android TVs. If the currently selected device is not where you will install the application, click on the name of the desired device in the drop-down menu. After selecting, click "Continue".
5) If this is the first time you do this, a window will appear asking when authorization is required. Whichever option you choose, a password is always required for a remote installation. You can also add the need to enter a password when shopping.
Select the option you want and click Save. After the download is complete, a message appears that the application is being installed
6) Return to your smartphone and the installation of the application will begin. The duration depends on the connection speed.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google
Android Apps on Google Play
Enjoy millions of the latest Android apps, games, music, movies, TV, books, magazines & more. Anytime, anywhere, across your devices.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Termux root packages manual install :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/termux/termux-root-packages
2) cd termux-root-packages
3) If you want to build a package with the docker container run
./start-builder.sh ./build-package.sh name-of-package
4) You might have to run the command as root, if you have not configured docker to be run as your user.
5) To build outside the docker container you can run
> git submodule update --init
6) ./termux-packages/build-package.sh ../packages/package-to-build)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Termux root packages manual install :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/termux/termux-root-packages
2) cd termux-root-packages
3) If you want to build a package with the docker container run
./start-builder.sh ./build-package.sh name-of-package
4) You might have to run the command as root, if you have not configured docker to be run as your user.
5) To build outside the docker container you can run
> git submodule update --init
6) ./termux-packages/build-package.sh ../packages/package-to-build)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - termux/termux-root-packages: Termux packages that are only usable by root users.
Termux packages that are only usable by root users. - termux/termux-root-packages
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 UPDATED LIST BEST VOICE CHANGERS FOR IOS & ANDROID :
https://apps.apple.com/ua/app/robovox-voice-changer/id584847250
https://play.google.com/store/apps/details?id=com.mikrosonic.RoboVoxLite
https://play.google.com/store/apps/details?id=app.call.changer.voice.recorder
https://apps.apple.com/app/prank-voice-changer-plus/id1385337974?l=en
https://play.google.com/store/apps/details?id=com.baviux.voicechanger&hl=en_US
https://apps.apple.com/app/funny-call/id392640258
https://play.google.com/store/apps/details?id=piper.app.maniya.callvoicechanger
https://apps.apple.com/us/app/funcall-voice-changer-rec/id775837930
https://play.google.com/store/apps/details?id=com.fun.funcalls
https://apps.apple.com/app/bendybooth-face-voice-changer/id1054793717
https://play.google.com/store/apps/details?id=com.iapp.livefacefilters
https://apps.apple.com/app/voice-changer-sound-recorder/id1006625490
https://play.google.com/store/apps/details?id=com.androidrocker.voicechanger&hl=en
https://apps.apple.com/us/app/celebrity-voice-changer-face/id1111710488
https://play.google.com/store/apps/details?id=com.CelebrityVoiceChanger.best.voice.fx.funny.lite
https://apps.apple.com/us/app/voice-changer-sound-effects/id649637699
https://play.google.com/store/apps/details?id=com.bagon.voicechanger
https://apps.apple.com/app/sound-blaster-voicefx/id714636639
https://play.google.com/store/apps/details?id=com.mobzapp.voicefx
https://apps.apple.com/ng/app/voice-changer-plus/id339440515
https://play.google.com/store/apps/details?id=com.e3games.voicechanger&hl=en_GB
https://apps.apple.com/us/app/voice-changer-change-
tones/id1028313523
https://play.google.com/store/apps/details?id=com.wondershare.voicechanger
https://apps.apple.com/us/app/change-voice-with-audio-effects/id1189261977
https://play.google.com/store/apps/details?id=studio.onepixel.voicechanger
https://apps.apple.com/us/app/voice-changer/id680063805
https://play.google.com/store/apps/details?id=com.androbaby.voicechanger&hl=en_GB
https://apps.apple.com/us/app/voice-changer-app-soundboard-effects-for-vine/id910447989
https://play.google.com/store/apps/details?id=com.tct.soundrecorder
E N J O Y :)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 UPDATED LIST BEST VOICE CHANGERS FOR IOS & ANDROID :
https://apps.apple.com/ua/app/robovox-voice-changer/id584847250
https://play.google.com/store/apps/details?id=com.mikrosonic.RoboVoxLite
https://play.google.com/store/apps/details?id=app.call.changer.voice.recorder
https://apps.apple.com/app/prank-voice-changer-plus/id1385337974?l=en
https://play.google.com/store/apps/details?id=com.baviux.voicechanger&hl=en_US
https://apps.apple.com/app/funny-call/id392640258
https://play.google.com/store/apps/details?id=piper.app.maniya.callvoicechanger
https://apps.apple.com/us/app/funcall-voice-changer-rec/id775837930
https://play.google.com/store/apps/details?id=com.fun.funcalls
https://apps.apple.com/app/bendybooth-face-voice-changer/id1054793717
https://play.google.com/store/apps/details?id=com.iapp.livefacefilters
https://apps.apple.com/app/voice-changer-sound-recorder/id1006625490
https://play.google.com/store/apps/details?id=com.androidrocker.voicechanger&hl=en
https://apps.apple.com/us/app/celebrity-voice-changer-face/id1111710488
https://play.google.com/store/apps/details?id=com.CelebrityVoiceChanger.best.voice.fx.funny.lite
https://apps.apple.com/us/app/voice-changer-sound-effects/id649637699
https://play.google.com/store/apps/details?id=com.bagon.voicechanger
https://apps.apple.com/app/sound-blaster-voicefx/id714636639
https://play.google.com/store/apps/details?id=com.mobzapp.voicefx
https://apps.apple.com/ng/app/voice-changer-plus/id339440515
https://play.google.com/store/apps/details?id=com.e3games.voicechanger&hl=en_GB
https://apps.apple.com/us/app/voice-changer-change-
tones/id1028313523
https://play.google.com/store/apps/details?id=com.wondershare.voicechanger
https://apps.apple.com/us/app/change-voice-with-audio-effects/id1189261977
https://play.google.com/store/apps/details?id=studio.onepixel.voicechanger
https://apps.apple.com/us/app/voice-changer/id680063805
https://play.google.com/store/apps/details?id=com.androbaby.voicechanger&hl=en_GB
https://apps.apple.com/us/app/voice-changer-app-soundboard-effects-for-vine/id910447989
https://play.google.com/store/apps/details?id=com.tct.soundrecorder
E N J O Y :)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Making it Rain shells in Kubernetes
180.7 KB
THIS WILL HELP YOU TO CREATE YOUR OWN SHELL :
Following on from the last post in this series lets setup a rather more ambitious set ofreverse shells when attacking a Kubernetes cluster.The scenario here is that weβve got the ability to create a daemonset object in atarget Kubernetes cluster and weβd like to have shells on every node in the clusterwhich have the Docker socket exposed, so we can get a root shell on every node inthe cluster.To do this weβll need something thatβll easily handle multiple incoming shells, so weβllturn to the Metasploit Framework and specifically, exploit/multi/handler
Following on from the last post in this series lets setup a rather more ambitious set ofreverse shells when attacking a Kubernetes cluster.The scenario here is that weβve got the ability to create a daemonset object in atarget Kubernetes cluster and weβd like to have shells on every node in the clusterwhich have the Docker socket exposed, so we can get a root shell on every node inthe cluster.To do this weβll need something thatβll easily handle multiple incoming shells, so weβllturn to the Metasploit Framework and specifically, exploit/multi/handler
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FOR WHATSAPP + USERS AND OUTDATED ONE
-- LAST WHATSAPP CVE :
> The real history aboutCVE-2019-3568 Detail
1) This vulnerability has been modified since it was last analyzed by the NVD.
2) It is awaiting reanalysis which may result in further changes to the information provided.
> Current Description
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
π¦CVE-2020-1894
A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.
> CVE-2020-1891
A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.
> CVE-2020-1890
A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.
> CVE-2020-1889
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.
> CVE-2020-1886
A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.
> CVE-2019-11928
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.
#wiki + whatsapp
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FOR WHATSAPP + USERS AND OUTDATED ONE
-- LAST WHATSAPP CVE :
> The real history aboutCVE-2019-3568 Detail
1) This vulnerability has been modified since it was last analyzed by the NVD.
2) It is awaiting reanalysis which may result in further changes to the information provided.
> Current Description
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
π¦CVE-2020-1894
A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.
> CVE-2020-1891
A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.
> CVE-2020-1890
A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.
> CVE-2020-1889
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.
> CVE-2020-1886
A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.
> CVE-2019-11928
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.
#wiki + whatsapp
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB HACKING
WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.
F E A T U R E S :
Brute Force via API, not login form bypassing some forms of protection
Can automatically upload an interactive shell
Can be used to spawn a full featured reverse shell
Dumps WordPress password hashes
Can backdoor authentication function for plaintext
password collection
Inject BeEF hook into all pages
Pivot to meterpreter if needed
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/n00py/WPForce.git
2) cd WPForce
3) python wpforce.py -i usr.txt -w pass.txt -u "http://www.[website].com"
4) python wpforce.py -i for all commands
use for learn !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB HACKING
WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.
F E A T U R E S :
Brute Force via API, not login form bypassing some forms of protection
Can automatically upload an interactive shell
Can be used to spawn a full featured reverse shell
Dumps WordPress password hashes
Can backdoor authentication function for plaintext
password collection
Inject BeEF hook into all pages
Pivot to meterpreter if needed
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/n00py/WPForce.git
2) cd WPForce
3) python wpforce.py -i usr.txt -w pass.txt -u "http://www.[website].com"
4) python wpforce.py -i for all commands
use for learn !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - n00py/WPForce: Wordpress Attack Suite
Wordpress Attack Suite. Contribute to n00py/WPForce development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦POPULAR CRACKING TOOLS :
https://wpscan.org/
https://nmap.org/
https://cisofy.com/lynis/
https://www.aircrack-ng.org/
https://github.com/vanhauser-thc/THC-Archive
https://www.wireshark.org/
https://github.com/rapid7/metasploit-framework
https://gitlab.com/kalilinux/packages/skipfish/
https://www.paterva.com/web7/buy/maltego-clients.php
https://www.tenable.com/try
https://portswigger.net/burp
https://github.com/iBotPeaches/Apktool
http://sqlmap.org/
https://www.snort.org/#get-started
https://www.sleuthkit.org/autopsy/
https://github.com/securestate/king-phisher
https://gitlab.com/kalilinux/packages/nikto/
https://github.com/tomac/yersinia
https://www.trustedsec.com/social-engineer-toolkit-set/
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦POPULAR CRACKING TOOLS :
https://wpscan.org/
https://nmap.org/
https://cisofy.com/lynis/
https://www.aircrack-ng.org/
https://github.com/vanhauser-thc/THC-Archive
https://www.wireshark.org/
https://github.com/rapid7/metasploit-framework
https://gitlab.com/kalilinux/packages/skipfish/
https://www.paterva.com/web7/buy/maltego-clients.php
https://www.tenable.com/try
https://portswigger.net/burp
https://github.com/iBotPeaches/Apktool
http://sqlmap.org/
https://www.snort.org/#get-started
https://www.sleuthkit.org/autopsy/
https://github.com/securestate/king-phisher
https://gitlab.com/kalilinux/packages/nikto/
https://github.com/tomac/yersinia
https://www.trustedsec.com/social-engineer-toolkit-set/
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
WPScan
WPScan CLI Scanner Install + User Guide
The WPScan CLI tool is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.