β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π« A look at how credit card information can be stolen and how to keep you safe :
1) Cloning maps
Making a cloned credit card is the easiest way for a thief to spend someone else's money.
All they have to do is temporarily access your credit card (often in fractions of a minute) and program it onto another prepaid card.
The cloned cards can then be sold on the darknet, usually through cryptocurrency.
Many of these stolen cards resemble real cards, and the attention to detail is mind-boggling.
2) Skimming cards
Breathing in the neck of credit card cloning, ATM skimming is one of the most common ways to get credit and debit card data.
It typically uses magnetic stripe cards rather than chip and pin code cards, but as the story suggests, thieves can also install a mini camera on the skimmer to capture the pin number.
3) Formjacking
The digital equivalent of ATM skimming, "formjacking" is a term Symantec uses to refer to hackers who steal credit card information from checkout pages on websites.
They usually install malicious software, usually JavaScript code, to remove credit card numbers.
Cryptojacking is another similar term that refers to the withdrawal of cryptocurrency details.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π« A look at how credit card information can be stolen and how to keep you safe :
1) Cloning maps
Making a cloned credit card is the easiest way for a thief to spend someone else's money.
All they have to do is temporarily access your credit card (often in fractions of a minute) and program it onto another prepaid card.
The cloned cards can then be sold on the darknet, usually through cryptocurrency.
Many of these stolen cards resemble real cards, and the attention to detail is mind-boggling.
2) Skimming cards
Breathing in the neck of credit card cloning, ATM skimming is one of the most common ways to get credit and debit card data.
It typically uses magnetic stripe cards rather than chip and pin code cards, but as the story suggests, thieves can also install a mini camera on the skimmer to capture the pin number.
3) Formjacking
The digital equivalent of ATM skimming, "formjacking" is a term Symantec uses to refer to hackers who steal credit card information from checkout pages on websites.
They usually install malicious software, usually JavaScript code, to remove credit card numbers.
Cryptojacking is another similar term that refers to the withdrawal of cryptocurrency details.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How secure your credit card ?
1) To prevent credit card cloning, try not to transfer your credit card to another person unless it is an emergency.
Many restaurants, clubs and bars now have desktop payment terminals.
Change your PIN regularly and keep track of small unaccounted charges on your credit card with SMS alerts or alerts from the bank app on your phone.
Many thieves initially made small spending with a cloned credit card in order to make a big purchase later.
This gives you at least a lower risk for this problem.
2) To avoid card skimming, you can try to detect fraudulent devices using a mobile app.
But no amount of prevention works better than the above-described tracking of unauthorized transactions and frequent changing of the PIN number.
3) Since most form theft attacks use malicious script, you must βkillβ it during validation with script blockers.
In Firefox use NoScript, and in Chrome you can use an extension called Script Blocker.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How secure your credit card ?
1) To prevent credit card cloning, try not to transfer your credit card to another person unless it is an emergency.
Many restaurants, clubs and bars now have desktop payment terminals.
Change your PIN regularly and keep track of small unaccounted charges on your credit card with SMS alerts or alerts from the bank app on your phone.
Many thieves initially made small spending with a cloned credit card in order to make a big purchase later.
This gives you at least a lower risk for this problem.
2) To avoid card skimming, you can try to detect fraudulent devices using a mobile app.
But no amount of prevention works better than the above-described tracking of unauthorized transactions and frequent changing of the PIN number.
3) Since most form theft attacks use malicious script, you must βkillβ it during validation with script blockers.
In Firefox use NoScript, and in Chrome you can use an extension called Script Blocker.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is FTP and what port does it use?
1) FTP or File Transfer Protocol is one of the oldest protocols and should probably be removed.
2) FTP is primarily intended for transferring large files, with the ability to resume downloads if they are interrupted.
3)The FTP server can be accessed in two different ways: anonymous access and standard login.
4)They are both basically the same, except that anonymous access does not require an active user login, while standard login does.
5)However, this is the big problem with FTP - user credentials are transmitted in clear text, which means that anyone listening over the wire can eavesdrop on the credentials extremely easily.
6)Two competing FTP implementations that solve this problem are SFTP (FTP over SSH) and FTPS (FTP over SSL). FTP uses TCP ports 20 and 21.
#FastTips
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is FTP and what port does it use?
1) FTP or File Transfer Protocol is one of the oldest protocols and should probably be removed.
2) FTP is primarily intended for transferring large files, with the ability to resume downloads if they are interrupted.
3)The FTP server can be accessed in two different ways: anonymous access and standard login.
4)They are both basically the same, except that anonymous access does not require an active user login, while standard login does.
5)However, this is the big problem with FTP - user credentials are transmitted in clear text, which means that anyone listening over the wire can eavesdrop on the credentials extremely easily.
6)Two competing FTP implementations that solve this problem are SFTP (FTP over SSH) and FTPS (FTP over SSL). FTP uses TCP ports 20 and 21.
#FastTips
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π You don't have permission to access / on this serverβ ?
1) HTTP Error 403 - Forbidden
2) Forbidden: You don't have permission to access [directory] on this server
3) 403 Forbidden
Access Denied You don't have permission to access
403 forbidden request forbidden by administrative rules
π¦So what causes these errors?
The '403 error' occurs for the following main reasons:
1) Incorrect file / directory permissions
This error can be caused due to incorrect file / folder permissions in the webroot directory.
If the default file permissions are not configured to give users access to the website's files, the chances of this error appearing in your web browser are high.
2) Incorrect configuration of Apache configuration files
This error can also be related to incorrect configuration of one of the Apache configuration files.
It could be an invalid parameter that was included by mistake, or missing directives in the config file.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π You don't have permission to access / on this serverβ ?
1) HTTP Error 403 - Forbidden
2) Forbidden: You don't have permission to access [directory] on this server
3) 403 Forbidden
Access Denied You don't have permission to access
403 forbidden request forbidden by administrative rules
π¦So what causes these errors?
The '403 error' occurs for the following main reasons:
1) Incorrect file / directory permissions
This error can be caused due to incorrect file / folder permissions in the webroot directory.
If the default file permissions are not configured to give users access to the website's files, the chances of this error appearing in your web browser are high.
2) Incorrect configuration of Apache configuration files
This error can also be related to incorrect configuration of one of the Apache configuration files.
It could be an invalid parameter that was included by mistake, or missing directives in the config file.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Fix '403 Forbidden Error' :
If you encounter this error, here are some steps you can take to fix it.
1) Configure file permissions and ownership of the webroot directory
Incorrect file permissions and directory ownership are known to restrict access to site files .
Therefore, first, make sure the file permissions are recursively assigned to the webroot directory as shown below.
The webroot directory must always have EXECUTE permissions and the index.html file must have READ permissions.
$ sudo chmod -R 775 / path / to / webroot / directory
Also, set up the owner of the directory as shown below:
$ sudo chown -R user: group / path / to / webroot / directory
Where user is the normal logged in user and the group is www-data or apache.
Finally, restart the Apache web server for the changes to take effect.
$ sudo systemctl restart apache2
If that doesn't solve the problem, go to the next step:
2) Configure directives in the main Apache config file
Make sure you have this block of code in your main Apache config file /etc/apache2/apache2.conf:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory / usr / share>
AllowOverride None
Require all granted
</Directory>
<Directory / var / www />
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Save and exit and then restart Apache.
If you are using Apache on RHEL / CentOS systems, make sure to relax access to the / var / www directory in the main Apache configuration file /etc/httpd/conf/httpd.conf.
<Directory "/ var / www">
AllowOverride None
Require all granted
</Directory>
Then save all changes and restart Apache.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Fix '403 Forbidden Error' :
If you encounter this error, here are some steps you can take to fix it.
1) Configure file permissions and ownership of the webroot directory
Incorrect file permissions and directory ownership are known to restrict access to site files .
Therefore, first, make sure the file permissions are recursively assigned to the webroot directory as shown below.
The webroot directory must always have EXECUTE permissions and the index.html file must have READ permissions.
$ sudo chmod -R 775 / path / to / webroot / directory
Also, set up the owner of the directory as shown below:
$ sudo chown -R user: group / path / to / webroot / directory
Where user is the normal logged in user and the group is www-data or apache.
Finally, restart the Apache web server for the changes to take effect.
$ sudo systemctl restart apache2
If that doesn't solve the problem, go to the next step:
2) Configure directives in the main Apache config file
Make sure you have this block of code in your main Apache config file /etc/apache2/apache2.conf:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory / usr / share>
AllowOverride None
Require all granted
</Directory>
<Directory / var / www />
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Save and exit and then restart Apache.
If you are using Apache on RHEL / CentOS systems, make sure to relax access to the / var / www directory in the main Apache configuration file /etc/httpd/conf/httpd.conf.
<Directory "/ var / www">
AllowOverride None
Require all granted
</Directory>
Then save all changes and restart Apache.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Protecting your Linux servers from SYN attacks and IP spoofing isn't as difficult as you might think.
Let's take a look at this with examples.
!) Sysctl allows you to make changes to a running Linux kernel.
This utility reads and modifies various kernel attributes such as version number, maximum limits, and a number of security parameters.
2) The sysctl system also helps prevent attacks such as SYN floods and IP spoofing.
3) It also logs some types of suspicious packets - spoofed packets, source routed packets, and forwarded packets.
4) You can change kernel parameters at run time using the sysctl command, or you can make changes to the system configuration file to make these changes more permanent.
5) I want to show you how you can protect sysctl by quickly editing the config file.
π¦This configuration will be as follows:
1) Disable IP forwarding
2) Disable packet forwarding
3) Disable accepting ICMP redirects
4) Enable protection against incorrect error messages
Your not allowed to clone our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Protecting your Linux servers from SYN attacks and IP spoofing isn't as difficult as you might think.
Let's take a look at this with examples.
!) Sysctl allows you to make changes to a running Linux kernel.
This utility reads and modifies various kernel attributes such as version number, maximum limits, and a number of security parameters.
2) The sysctl system also helps prevent attacks such as SYN floods and IP spoofing.
3) It also logs some types of suspicious packets - spoofed packets, source routed packets, and forwarded packets.
4) You can change kernel parameters at run time using the sysctl command, or you can make changes to the system configuration file to make these changes more permanent.
5) I want to show you how you can protect sysctl by quickly editing the config file.
π¦This configuration will be as follows:
1) Disable IP forwarding
2) Disable packet forwarding
3) Disable accepting ICMP redirects
4) Enable protection against incorrect error messages
Your not allowed to clone our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦XSS bypass technology XSS insertion bypass some ways summary :
We conducted XSS inspections friendly, and occasionally popped up a small pop-up window. Among them, we summarized some XSS insertion methods that may be used at ordinary times, which is convenient for us to conduct quick inspections in the future, and also provides certain ideas. Among them, XSS has reflection, storage, and DOM. Three categories, as for the specific similarities and differences of each category, this article does not make an academic introduction, directly introduces the actual insertion method
0x00 preface
We conducted XSS inspections friendly, and occasionally popped up a small pop-up window. Among them, we summarized some XSS insertion methods that may be used at ordinary times, which is convenient for us to conduct quick inspections in the future, and also provides certain ideas. Among them, XSS has reflection, storage, and DOM. There are three categories. As for the specific similarities and differences of each category, this article does not make an academic introduction, but directly introduces the actual insertion method.
Four super basic bypass methods.
1) converted to ASCII
Example: the original script <script> alert ( 'I love F4ck') </ script>
by conversion into:
<Script> the String.fromCharCode (97, 108, 101, 114, 1 16, 40 , 8216, 73, 32, 108, 111, 118, 101, 32, 70, 52, 99, 107, 8217, 41) </script>
2) Convert to HEX (hexadecimal)
example: the original script is < script>alert('I love F4ck')</script>
Through conversion, it becomes:
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%2018 %49%20%6c%6f%76%65%20%46%34%63%6b%2019%29%3c%2f%73%63%72%69%70%74%3e
3) The size of the conversion script write
examples: The original script <script> alert ( 'I love F4ck') </ script>
converted to: <sCRIPT> ALERT ( 'Love F4ck the I') </ sCRIPT>
4) increased closing tag ">
examples: the original script Is <script>alert('I love F4ck')</script>
converted to: "><script>alert('I love F4ck')</script>
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦XSS bypass technology XSS insertion bypass some ways summary :
We conducted XSS inspections friendly, and occasionally popped up a small pop-up window. Among them, we summarized some XSS insertion methods that may be used at ordinary times, which is convenient for us to conduct quick inspections in the future, and also provides certain ideas. Among them, XSS has reflection, storage, and DOM. Three categories, as for the specific similarities and differences of each category, this article does not make an academic introduction, directly introduces the actual insertion method
0x00 preface
We conducted XSS inspections friendly, and occasionally popped up a small pop-up window. Among them, we summarized some XSS insertion methods that may be used at ordinary times, which is convenient for us to conduct quick inspections in the future, and also provides certain ideas. Among them, XSS has reflection, storage, and DOM. There are three categories. As for the specific similarities and differences of each category, this article does not make an academic introduction, but directly introduces the actual insertion method.
Four super basic bypass methods.
1) converted to ASCII
Example: the original script <script> alert ( 'I love F4ck') </ script>
by conversion into:
<Script> the String.fromCharCode (97, 108, 101, 114, 1 16, 40 , 8216, 73, 32, 108, 111, 118, 101, 32, 70, 52, 99, 107, 8217, 41) </script>
2) Convert to HEX (hexadecimal)
example: the original script is < script>alert('I love F4ck')</script>
Through conversion, it becomes:
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%2018 %49%20%6c%6f%76%65%20%46%34%63%6b%2019%29%3c%2f%73%63%72%69%70%74%3e
3) The size of the conversion script write
examples: The original script <script> alert ( 'I love F4ck') </ script>
converted to: <sCRIPT> ALERT ( 'Love F4ck the I') </ sCRIPT>
4) increased closing tag ">
examples: the original script Is <script>alert('I love F4ck')</script>
converted to: "><script>alert('I love F4ck')</script>
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
cheatsheetseries.owasp.org
XSS Filter Evasion - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create randomly insecure VMs :
SecGen is developed and tested on Ubuntu Linux. In theory, SecGen should run on Mac or Windows, if you have all the required software installed.
R E Q U I R E M E N T S :
You will need to install the following:
>Ruby (development): https://www.ruby-lang.org/en/
>Vagrant: http://www.vagrantup.com/
>Virtual Box: https://www.virtualbox.org/
>Puppet: http://puppet.com/
> Packer: https://www.packer.io/
> ImageMagick: https://www.imagemagick.org/
> And the required Ruby Gems (including Nokogiri and Librarian-puppet)
On Ubuntu (16.04) these commands will get you up and running
Install all the required packages:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
# install a recent version of vagrant
1) wget https://releases.hashicorp.com/vagrant/1.9.8/vagrant_1.9.8_x86_64.deb
2) sudo apt install ./vagrant_1.9.8_x86_64.deb
# install other required packages via repos
3) sudo apt-get install ruby-dev zlib1g-dev liblzma-dev build-essential patch virtualbox ruby-bundler imagemagick libmagickwand-dev exiftool libpq-dev libcurl4-openssl-dev libxml2-dev graphviz graphviz-dev libpcap0.8-dev git
4) Copy SecGen to a directory of your choosing, such as /home/user/bin/SecGen
Then install gems:
5) cd /home/user/bin/SecGen
bundle install
6) To use the Windows basesboxes you will need to install Packer. Use the following command:
curl -SL https://releases.hashicorp.com/packer/1.3.2/
8) packer_1.3.2_linux_amd64.zip -o packer_1.3.2_linux_amd64.zip
unzip packer_1.3.2_linux_amd64.zip
9) sudo mv packer /usr/local/
sudo bash -c 'echo "export PATH=\"\$PATH:/usr/local/\"" >> /etc/environment'
10) sudo vagrant plugin install winrm
11) sudo vagrant plugin install winrm-fs
12) Copy SecGen to a directory of your choosing, such as /home/user/bin/SecGen
13) Then install gems:
cd /home/user/bin/SecGen
bundle install
14) To use the Windows basesboxes you will need to install Packer. Use the following command:
15) curl -SL https://releases.hashicorp.com/packer/1.3.2/packer_1.3.2_linux_amd64.zip -o packer_1.3.2_linux_amd64.zip
16) unzip packer_1.3.2_linux_amd64.zip
17) sudo mv packer /usr/local/
18) sudo bash -c 'echo "export PATH=\"\$PATH:/usr/local/\"" >> /etc/environment'
19) sudo vagrant plugin install winrm
20) sudo vagrant plugin install winrm-fs
21) ruby secgen.rb run
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create randomly insecure VMs :
SecGen is developed and tested on Ubuntu Linux. In theory, SecGen should run on Mac or Windows, if you have all the required software installed.
R E Q U I R E M E N T S :
You will need to install the following:
>Ruby (development): https://www.ruby-lang.org/en/
>Vagrant: http://www.vagrantup.com/
>Virtual Box: https://www.virtualbox.org/
>Puppet: http://puppet.com/
> Packer: https://www.packer.io/
> ImageMagick: https://www.imagemagick.org/
> And the required Ruby Gems (including Nokogiri and Librarian-puppet)
On Ubuntu (16.04) these commands will get you up and running
Install all the required packages:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
# install a recent version of vagrant
1) wget https://releases.hashicorp.com/vagrant/1.9.8/vagrant_1.9.8_x86_64.deb
2) sudo apt install ./vagrant_1.9.8_x86_64.deb
# install other required packages via repos
3) sudo apt-get install ruby-dev zlib1g-dev liblzma-dev build-essential patch virtualbox ruby-bundler imagemagick libmagickwand-dev exiftool libpq-dev libcurl4-openssl-dev libxml2-dev graphviz graphviz-dev libpcap0.8-dev git
4) Copy SecGen to a directory of your choosing, such as /home/user/bin/SecGen
Then install gems:
5) cd /home/user/bin/SecGen
bundle install
6) To use the Windows basesboxes you will need to install Packer. Use the following command:
curl -SL https://releases.hashicorp.com/packer/1.3.2/
8) packer_1.3.2_linux_amd64.zip -o packer_1.3.2_linux_amd64.zip
unzip packer_1.3.2_linux_amd64.zip
9) sudo mv packer /usr/local/
sudo bash -c 'echo "export PATH=\"\$PATH:/usr/local/\"" >> /etc/environment'
10) sudo vagrant plugin install winrm
11) sudo vagrant plugin install winrm-fs
12) Copy SecGen to a directory of your choosing, such as /home/user/bin/SecGen
13) Then install gems:
cd /home/user/bin/SecGen
bundle install
14) To use the Windows basesboxes you will need to install Packer. Use the following command:
15) curl -SL https://releases.hashicorp.com/packer/1.3.2/packer_1.3.2_linux_amd64.zip -o packer_1.3.2_linux_amd64.zip
16) unzip packer_1.3.2_linux_amd64.zip
17) sudo mv packer /usr/local/
18) sudo bash -c 'echo "export PATH=\"\$PATH:/usr/local/\"" >> /etc/environment'
19) sudo vagrant plugin install winrm
20) sudo vagrant plugin install winrm-fs
21) ruby secgen.rb run
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
www.ruby-lang.org
Ruby Programming Language
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A simple way for others to prompt for an empty number when they call your phone:
γγWhen you don't want to be annoyed by others and are embarrassed to turn off the phone, it is a good idea to let others call your phone to prompt an empty number. Here is a way to make your mobile phone become an empty number at any time. It is very simple Friends in need can make a note... Enter **21*999999# in the standby mode and press the dial button~ OK You're done~! Don't be in this state
1) When you don't want to be annoyed by others and are embarrassed to turn off the phone, it is a good idea to let others call your phone to prompt an empty number. Here is a way to make your mobile phone become an empty number at any time. It is very simple Friends in need can make a note...
γγ
2) Enter **21*999999# in the standby mode and press the dial button~ OK Youβre done~!
γγ
3) In this state, if someone calls you, itβs empty and you wonβt receive a call.
γγ
4) Preliminary judgment is that most mobile phones can be
γγ
Note: Since all models have not been tested, the success rate cannot be guaranteed.
γγ
5) Remind this state even if it is turned off Power also will not cancel
γγthe code number to cancel the empty state is the same as above ## 21 # enter the
γγ
6) last remind remember to finish off state so as not to cause delay in releasing the empty No.
γγ
this principle probably use call forwarding to achieve, but do not answer incoming calls There is no charge if you pass, so this method will not waste your phone bill...
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A simple way for others to prompt for an empty number when they call your phone:
γγWhen you don't want to be annoyed by others and are embarrassed to turn off the phone, it is a good idea to let others call your phone to prompt an empty number. Here is a way to make your mobile phone become an empty number at any time. It is very simple
1) When you don't want to be annoyed by others and are embarrassed to turn off the phone, it is a good idea to let others call your phone to prompt an empty number. Here is a way to make your mobile phone become an empty number at any time. It is very simple
γγ
2) Enter **21*999999# in the standby mode and press the dial button~ OK Youβre done~!
γγ
3) In this state, if someone calls you, itβs empty and you wonβt receive a call.
γγ
4) Preliminary judgment is that most mobile phones can be
γγ
Note: Since all models have not been tested, the success rate cannot be guaranteed.
γγ
5) Remind this state even if it is turned off Power also will not cancel
γγthe code number to cancel the empty state is the same as above ## 21 # enter the
γγ
6) last remind remember to finish off state so as not to cause delay in releasing the empty No.
γγ
this principle probably use call forwarding to achieve, but do not answer incoming calls There is no charge if you pass, so this method will not waste your phone bill...
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE HACKING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RCE Flaw ATTACK in Popular LibreOffice and OpenOffice Programs :
1) The attack relies on exploiting a directory traversal vulnerability, identified as CVE-2018-16858, to automatically launch a specific software-related python library using a hidden onmouseover event.
2) To exploit this vulnerability, InfΓΌhr created an ODT file with a white hyperlink (so it cannot be seen) that contains an "onmouseover" event to trick the victim into running a locally available python file on their system when placing the mouse anywhere. to an invisible hyperlink.
3) According to the researcher, a python file named "pydoc.py", which is part of LibreOffice's native Python interpreter, accepts arbitrary commands in one of its parameters and executes them through the command line or system console.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RCE Flaw ATTACK in Popular LibreOffice and OpenOffice Programs :
1) The attack relies on exploiting a directory traversal vulnerability, identified as CVE-2018-16858, to automatically launch a specific software-related python library using a hidden onmouseover event.
2) To exploit this vulnerability, InfΓΌhr created an ODT file with a white hyperlink (so it cannot be seen) that contains an "onmouseover" event to trick the victim into running a locally available python file on their system when placing the mouse anywhere. to an invisible hyperlink.
3) According to the researcher, a python file named "pydoc.py", which is part of LibreOffice's native Python interpreter, accepts arbitrary commands in one of its parameters and executes them through the command line or system console.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to manually remove viruses that use image hijacking technology :
1) Recently, a userβs computer was infected with a virus. Several windows popped up when booting up, and he couldnβt shut it down. He could only wait for the memory to run out and finally crashed. In fact, he just formatted partition c and reinstalled the system. There is a virus phenomenon.
At least two pieces of information can be obtained from the above phenomenon:
1-The virus will spread through automatic broadcasting;
2- The virus may use image hijacking.
π¦Failure phenomenon :
1) Check the faulty machine, when restarting, it is natural to think of booting to safe mode with command line. Run regedit , the result fails. msconfig also fails. I changed regedit.exe to regedit.com, but it also failed. I did not continue to try to change another name. Restart the computer and enter the normal mode, want to see the specific poisoning phenomenon.
2) After logging in to the desktop, I found that a program similar to Notepad kept opening a small dialog box. The speed was so fast that it was too late to close, and the task manager couldn't be called. Take out my anti-virus U disk immediately, which includes ProcessExplorer, Bingblade, and Sreng. It was found that the anti-virus U disk did not start successfully. Double-clicking the ice blade/Sreng all failed.
3) Then, double-click ProcessExplorer on the U disk, and see the three processes with the notepad icon at a glance, try to end one of them, and the program will restart immediately after the end. It seems that direct KILL process is not enough. If it doesn't work, just use the freeze process, select these three processes, right-click, and select Suspend process in the process properties. The virus will no longer pop up a new dialog box, and it is easy to kill it.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to manually remove viruses that use image hijacking technology :
1) Recently, a userβs computer was infected with a virus. Several windows popped up when booting up, and he couldnβt shut it down. He could only wait for the memory to run out and finally crashed. In fact, he just formatted partition c and reinstalled the system. There is a virus phenomenon.
At least two pieces of information can be obtained from the above phenomenon:
1-The virus will spread through automatic broadcasting;
2- The virus may use image hijacking.
π¦Failure phenomenon :
1) Check the faulty machine, when restarting, it is natural to think of booting to safe mode with command line. Run regedit , the result fails. msconfig also fails. I changed regedit.exe to regedit.com, but it also failed. I did not continue to try to change another name. Restart the computer and enter the normal mode, want to see the specific poisoning phenomenon.
2) After logging in to the desktop, I found that a program similar to Notepad kept opening a small dialog box. The speed was so fast that it was too late to close, and the task manager couldn't be called. Take out my anti-virus U disk immediately, which includes ProcessExplorer, Bingblade, and Sreng. It was found that the anti-virus U disk did not start successfully. Double-clicking the ice blade/Sreng all failed.
3) Then, double-click ProcessExplorer on the U disk, and see the three processes with the notepad icon at a glance, try to end one of them, and the program will restart immediately after the end. It seems that direct KILL process is not enough. If it doesn't work, just use the freeze process, select these three processes, right-click, and select Suspend process in the process properties. The virus will no longer pop up a new dialog box, and it is easy to kill it.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Rack protection in harsh environments
Consider the following rack features to ensure the performance and longevity of your mission-critical equipment:
Filters : dust is the main culprit; this could block the fans and vents and cause overheating. Built-in filters trap dust and keep it away from equipment inside the rack.
Ventilation : Even air-conditioned rooms can heat up quickly if they contain switches and servers. Look for racks with fans and ventilation that maintain airflow from the front to the back to prevent heat from being recirculated back to the equipment.
Sealing : Doors, grommets, and cable ducts are all rack vulnerabilities through which moisture and debris can enter the equipment. Racks should cover these points securely.
Accessibility : Where space is limited, shelving should ideally be designed to provide accessibility, such as front and rear reversible doors. They must also have security features that deny access to unauthorized users and protect equipment from tampering and theft.
Durable : Steel-framed racks can best protect against falling objects, collisions, and even shock and vibration from surrounding equipment.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Rack protection in harsh environments
Consider the following rack features to ensure the performance and longevity of your mission-critical equipment:
Filters : dust is the main culprit; this could block the fans and vents and cause overheating. Built-in filters trap dust and keep it away from equipment inside the rack.
Ventilation : Even air-conditioned rooms can heat up quickly if they contain switches and servers. Look for racks with fans and ventilation that maintain airflow from the front to the back to prevent heat from being recirculated back to the equipment.
Sealing : Doors, grommets, and cable ducts are all rack vulnerabilities through which moisture and debris can enter the equipment. Racks should cover these points securely.
Accessibility : Where space is limited, shelving should ideally be designed to provide accessibility, such as front and rear reversible doors. They must also have security features that deny access to unauthorized users and protect equipment from tampering and theft.
Durable : Steel-framed racks can best protect against falling objects, collisions, and even shock and vibration from surrounding equipment.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β